From 77f7b4a522cf2dd522a64a86b32dee245f1cfd6f Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Wed, 28 Aug 2019 12:37:45 -0700
Subject: [PATCH 01/31] Add account suspension features

This renders all requests for that user's posts, collections and related
ActivityPub endpoints with 404 responses.

While suspended, users may not create or edit posts or collections.

User status is listed in the admin user page

Admin view of user details shows status and now has a button to activate
or suspend a user.
---
 account.go                          | 29 +++++++-----
 activitypub.go                      | 40 ++++++++++++++++
 admin.go                            | 34 ++++++++++++--
 collections.go                      | 34 +++++++++++++-
 database.go                         | 51 ++++++++++++++++----
 errors.go                           |  5 +-
 feed.go                             | 14 +++++-
 invites.go                          | 13 +++--
 migrations/migrations.go            |  2 +
 migrations/v3.go                    | 29 ++++++++++++
 pad.go                              | 22 +++++++--
 posts.go                            | 73 +++++++++++++++++++++++++++--
 read.go                             | 14 +++---
 routes.go                           |  8 ++--
 schema.sql                          |  1 +
 sqlite.sql                          |  3 +-
 templates/edit-meta.tmpl            |  4 ++
 templates/pad.tmpl                  |  6 ++-
 templates/user/admin/users.tmpl     |  5 ++
 templates/user/admin/view-user.tmpl | 32 +++++++++++++
 templates/user/settings.tmpl        |  6 +++
 users.go                            |  1 +
 webfinger.go                        | 11 ++++-
 23 files changed, 381 insertions(+), 56 deletions(-)
 create mode 100644 migrations/v3.go

diff --git a/account.go b/account.go
index 1cf259be..49700b45 100644
--- a/account.go
+++ b/account.go
@@ -13,6 +13,13 @@ package writefreely
 import (
 	"encoding/json"
 	"fmt"
+	"html/template"
+	"net/http"
+	"regexp"
+	"strings"
+	"sync"
+	"time"
+
 	"github.com/gorilla/mux"
 	"github.com/gorilla/sessions"
 	"github.com/guregu/null/zero"
@@ -22,12 +29,6 @@ import (
 	"github.com/writeas/web-core/log"
 	"github.com/writeas/writefreely/author"
 	"github.com/writeas/writefreely/page"
-	"html/template"
-	"net/http"
-	"regexp"
-	"strings"
-	"sync"
-	"time"
 )
 
 type (
@@ -1011,14 +1012,16 @@ func viewSettings(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 
 	obj := struct {
 		*UserPage
-		Email    string
-		HasPass  bool
-		IsLogOut bool
+		Email     string
+		HasPass   bool
+		IsLogOut  bool
+		Suspended bool
 	}{
-		UserPage: NewUserPage(app, r, u, "Account Settings", flashes),
-		Email:    fullUser.EmailClear(app.keys),
-		HasPass:  passIsSet,
-		IsLogOut: r.FormValue("logout") == "1",
+		UserPage:  NewUserPage(app, r, u, "Account Settings", flashes),
+		Email:     fullUser.EmailClear(app.keys),
+		HasPass:   passIsSet,
+		IsLogOut:  r.FormValue("logout") == "1",
+		Suspended: fullUser.Suspended,
 	}
 
 	showUserPage(w, "settings", obj)
diff --git a/activitypub.go b/activitypub.go
index 997609d6..c10838dc 100644
--- a/activitypub.go
+++ b/activitypub.go
@@ -80,6 +80,14 @@ func handleFetchCollectionActivities(app *App, w http.ResponseWriter, r *http.Re
 	if err != nil {
 		return err
 	}
+	suspended, err := app.db.IsUserSuspended(c.OwnerID)
+	if err != nil {
+		log.Error("fetch collection inbox: get owner: %v", err)
+		return ErrInternalGeneral
+	}
+	if suspended {
+		return ErrCollectionNotFound
+	}
 	c.hostName = app.cfg.App.Host
 
 	p := c.PersonObject()
@@ -105,6 +113,14 @@ func handleFetchCollectionOutbox(app *App, w http.ResponseWriter, r *http.Reques
 	if err != nil {
 		return err
 	}
+	suspended, err := app.db.IsUserSuspended(c.OwnerID)
+	if err != nil {
+		log.Error("fetch collection inbox: get owner: %v", err)
+		return ErrInternalGeneral
+	}
+	if suspended {
+		return ErrCollectionNotFound
+	}
 	c.hostName = app.cfg.App.Host
 
 	if app.cfg.App.SingleUser {
@@ -158,6 +174,14 @@ func handleFetchCollectionFollowers(app *App, w http.ResponseWriter, r *http.Req
 	if err != nil {
 		return err
 	}
+	suspended, err := app.db.IsUserSuspended(c.OwnerID)
+	if err != nil {
+		log.Error("fetch collection inbox: get owner: %v", err)
+		return ErrInternalGeneral
+	}
+	if suspended {
+		return ErrCollectionNotFound
+	}
 	c.hostName = app.cfg.App.Host
 
 	accountRoot := c.FederatedAccount()
@@ -204,6 +228,14 @@ func handleFetchCollectionFollowing(app *App, w http.ResponseWriter, r *http.Req
 	if err != nil {
 		return err
 	}
+	suspended, err := app.db.IsUserSuspended(c.OwnerID)
+	if err != nil {
+		log.Error("fetch collection inbox: get owner: %v", err)
+		return ErrInternalGeneral
+	}
+	if suspended {
+		return ErrCollectionNotFound
+	}
 	c.hostName = app.cfg.App.Host
 
 	accountRoot := c.FederatedAccount()
@@ -238,6 +270,14 @@ func handleFetchCollectionInbox(app *App, w http.ResponseWriter, r *http.Request
 		// TODO: return Reject?
 		return err
 	}
+	suspended, err := app.db.IsUserSuspended(c.OwnerID)
+	if err != nil {
+		log.Error("fetch collection inbox: get owner: %v", err)
+		return ErrInternalGeneral
+	}
+	if suspended {
+		return ErrCollectionNotFound
+	}
 	c.hostName = app.cfg.App.Host
 
 	if debugging {
diff --git a/admin.go b/admin.go
index fe19ad5a..dc8580d2 100644
--- a/admin.go
+++ b/admin.go
@@ -13,16 +13,17 @@ package writefreely
 import (
 	"database/sql"
 	"fmt"
+	"net/http"
+	"runtime"
+	"strconv"
+	"time"
+
 	"github.com/gogits/gogs/pkg/tool"
 	"github.com/gorilla/mux"
 	"github.com/writeas/impart"
 	"github.com/writeas/web-core/auth"
 	"github.com/writeas/web-core/log"
 	"github.com/writeas/writefreely/config"
-	"net/http"
-	"runtime"
-	"strconv"
-	"time"
 )
 
 var (
@@ -229,6 +230,31 @@ func handleViewAdminUser(app *App, u *User, w http.ResponseWriter, r *http.Reque
 	return nil
 }
 
+func handleAdminToggleUserSuspended(app *App, u *User, w http.ResponseWriter, r *http.Request) error {
+	vars := mux.Vars(r)
+	username := vars["username"]
+	if username == "" {
+		return impart.HTTPError{http.StatusFound, "/admin/users"}
+	}
+
+	userToToggle, err := app.db.GetUserForAuth(username)
+	if err != nil {
+		log.Error("failed to get user: %v", err)
+		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user from username: %v", err)}
+	}
+	if userToToggle.Suspended {
+		err = app.db.SetUserSuspended(userToToggle.ID, false)
+	} else {
+		err = app.db.SetUserSuspended(userToToggle.ID, true)
+	}
+	if err != nil {
+		log.Error("toggle user suspended: %v", err)
+		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not toggle user suspended: %v")}
+	}
+	// TODO: invalidate sessions
+	return impart.HTTPError{http.StatusFound, fmt.Sprintf("/admin/user/%s#status", username)}
+}
+
 func handleViewAdminPages(app *App, u *User, w http.ResponseWriter, r *http.Request) error {
 	p := struct {
 		*UserPage
diff --git a/collections.go b/collections.go
index aee74f7f..95dd8086 100644
--- a/collections.go
+++ b/collections.go
@@ -379,6 +379,7 @@ func newCollection(app *App, w http.ResponseWriter, r *http.Request) error {
 	}
 
 	var userID int64
+	var err error
 	if reqJSON && !c.Web {
 		accessToken = r.Header.Get("Authorization")
 		if accessToken == "" {
@@ -395,6 +396,14 @@ func newCollection(app *App, w http.ResponseWriter, r *http.Request) error {
 		}
 		userID = u.ID
 	}
+	suspended, err := app.db.IsUserSuspended(userID)
+	if err != nil {
+		log.Error("new collection: get user: %v", err)
+		return ErrInternalGeneral
+	}
+	if suspended {
+		return ErrUserSuspended
+	}
 
 	if !author.IsValidUsername(app.cfg, c.Alias) {
 		return impart.HTTPError{http.StatusPreconditionFailed, "Collection alias isn't valid."}
@@ -724,6 +733,15 @@ func handleViewCollection(app *App, w http.ResponseWriter, r *http.Request) erro
 		return err
 	}
 
+	suspended, err := app.db.IsUserSuspended(c.OwnerID)
+	if err != nil {
+		log.Error("view collection: get owner: %v", err)
+		return ErrInternalGeneral
+	}
+
+	if suspended {
+		return ErrCollectionNotFound
+	}
 	// Serve ActivityStreams data now, if requested
 	if strings.Contains(r.Header.Get("Accept"), "application/activity+json") {
 		ac := c.PersonObject()
@@ -824,6 +842,10 @@ func handleViewCollectionTag(app *App, w http.ResponseWriter, r *http.Request) e
 		return err
 	}
 
+	if u.Suspended {
+		return ErrCollectionNotFound
+	}
+
 	page := getCollectionPage(vars)
 
 	c, err := processCollectionPermissions(app, cr, u, w, r)
@@ -916,7 +938,6 @@ func existingCollection(app *App, w http.ResponseWriter, r *http.Request) error
 	if reqJSON && !isWeb {
 		// Ensure an access token was given
 		accessToken := r.Header.Get("Authorization")
-		u = &User{}
 		u.ID = app.db.GetUserID(accessToken)
 		if u.ID == -1 {
 			return ErrBadAccessToken
@@ -928,6 +949,16 @@ func existingCollection(app *App, w http.ResponseWriter, r *http.Request) error
 		}
 	}
 
+	suspended, err := app.db.IsUserSuspended(u.ID)
+	if err != nil {
+		log.Error("existing collection: get user suspended status: %v", err)
+		return ErrInternalGeneral
+	}
+
+	if suspended {
+		return ErrUserSuspended
+	}
+
 	if r.Method == "DELETE" {
 		err := app.db.DeleteCollection(collAlias, u.ID)
 		if err != nil {
@@ -940,7 +971,6 @@ func existingCollection(app *App, w http.ResponseWriter, r *http.Request) error
 	}
 
 	c := SubmittedCollection{OwnerID: uint64(u.ID)}
-	var err error
 
 	if reqJSON {
 		// Decode JSON request
diff --git a/database.go b/database.go
index 34c5234d..150a74f9 100644
--- a/database.go
+++ b/database.go
@@ -296,7 +296,7 @@ func (db *datastore) CreateCollection(cfg *config.Config, alias, title string, u
 func (db *datastore) GetUserByID(id int64) (*User, error) {
 	u := &User{ID: id}
 
-	err := db.QueryRow("SELECT username, password, email, created FROM users WHERE id = ?", id).Scan(&u.Username, &u.HashedPass, &u.Email, &u.Created)
+	err := db.QueryRow("SELECT username, password, email, created, suspended FROM users WHERE id = ?", id).Scan(&u.Username, &u.HashedPass, &u.Email, &u.Created, &u.Suspended)
 	switch {
 	case err == sql.ErrNoRows:
 		return nil, ErrUserNotFound
@@ -308,6 +308,23 @@ func (db *datastore) GetUserByID(id int64) (*User, error) {
 	return u, nil
 }
 
+// IsUserSuspended returns true if the user account associated with id is
+// currently suspended.
+func (db *datastore) IsUserSuspended(id int64) (bool, error) {
+	u := &User{ID: id}
+
+	err := db.QueryRow("SELECT suspended FROM users WHERE id = ?", id).Scan(&u.Suspended)
+	switch {
+	case err == sql.ErrNoRows:
+		return false, ErrUserNotFound
+	case err != nil:
+		log.Error("Couldn't SELECT user password: %v", err)
+		return false, err
+	}
+
+	return u.Suspended, nil
+}
+
 // DoesUserNeedAuth returns true if the user hasn't provided any methods for
 // authenticating with the account, such a passphrase or email address.
 // Any errors are reported to admin and silently quashed, returning false as the
@@ -347,7 +364,7 @@ func (db *datastore) IsUserPassSet(id int64) (bool, error) {
 func (db *datastore) GetUserForAuth(username string) (*User, error) {
 	u := &User{Username: username}
 
-	err := db.QueryRow("SELECT id, password, email, created FROM users WHERE username = ?", username).Scan(&u.ID, &u.HashedPass, &u.Email, &u.Created)
+	err := db.QueryRow("SELECT id, password, email, created, suspended FROM users WHERE username = ?", username).Scan(&u.ID, &u.HashedPass, &u.Email, &u.Created, &u.Suspended)
 	switch {
 	case err == sql.ErrNoRows:
 		// Check if they've entered the wrong, unnormalized username
@@ -370,7 +387,7 @@ func (db *datastore) GetUserForAuth(username string) (*User, error) {
 func (db *datastore) GetUserForAuthByID(userID int64) (*User, error) {
 	u := &User{ID: userID}
 
-	err := db.QueryRow("SELECT id, password, email, created FROM users WHERE id = ?", u.ID).Scan(&u.ID, &u.HashedPass, &u.Email, &u.Created)
+	err := db.QueryRow("SELECT id, password, email, created, suspended FROM users WHERE id = ?", u.ID).Scan(&u.ID, &u.HashedPass, &u.Email, &u.Created, &u.Suspended)
 	switch {
 	case err == sql.ErrNoRows:
 		return nil, ErrUserNotFound
@@ -1624,7 +1641,11 @@ func (db *datastore) GetMeStats(u *User) userMeStats {
 }
 
 func (db *datastore) GetTotalCollections() (collCount int64, err error) {
-	err = db.QueryRow(`SELECT COUNT(*) FROM collections`).Scan(&collCount)
+	err = db.QueryRow(`
+	SELECT COUNT(*) 
+	FROM collections c
+	LEFT JOIN users u ON u.id = c.owner_id
+	WHERE u.suspended = 0`).Scan(&collCount)
 	if err != nil {
 		log.Error("Unable to fetch collections count: %v", err)
 	}
@@ -1632,7 +1653,11 @@ func (db *datastore) GetTotalCollections() (collCount int64, err error) {
 }
 
 func (db *datastore) GetTotalPosts() (postCount int64, err error) {
-	err = db.QueryRow(`SELECT COUNT(*) FROM posts`).Scan(&postCount)
+	err = db.QueryRow(`
+	SELECT COUNT(*)
+	FROM posts p
+	LEFT JOIN users u ON u.id = p.owner_id
+	WHERE u.Suspended = 0`).Scan(&postCount)
 	if err != nil {
 		log.Error("Unable to fetch posts count: %v", err)
 	}
@@ -2341,17 +2366,17 @@ func (db *datastore) GetAllUsers(page uint) (*[]User, error) {
 		limitStr = fmt.Sprintf("%d, %d", (page-1)*adminUsersPerPage, adminUsersPerPage)
 	}
 
-	rows, err := db.Query("SELECT id, username, created FROM users ORDER BY created DESC LIMIT " + limitStr)
+	rows, err := db.Query("SELECT id, username, created, suspended FROM users ORDER BY created DESC LIMIT " + limitStr)
 	if err != nil {
-		log.Error("Failed selecting from posts: %v", err)
-		return nil, impart.HTTPError{http.StatusInternalServerError, "Couldn't retrieve user posts."}
+		log.Error("Failed selecting from users: %v", err)
+		return nil, impart.HTTPError{http.StatusInternalServerError, "Couldn't retrieve all users."}
 	}
 	defer rows.Close()
 
 	users := []User{}
 	for rows.Next() {
 		u := User{}
-		err = rows.Scan(&u.ID, &u.Username, &u.Created)
+		err = rows.Scan(&u.ID, &u.Username, &u.Created, &u.Suspended)
 		if err != nil {
 			log.Error("Failed scanning GetAllUsers() row: %v", err)
 			break
@@ -2388,6 +2413,14 @@ func (db *datastore) GetUserLastPostTime(id int64) (*time.Time, error) {
 	return &t, nil
 }
 
+func (db *datastore) SetUserSuspended(id int64, suspend bool) error {
+	_, err := db.Exec("UPDATE users SET suspended = ? WHERE id = ?", suspend, id)
+	if err != nil {
+		return fmt.Errorf("failed to update user suspended status: %v", err)
+	}
+	return nil
+}
+
 func (db *datastore) GetCollectionLastPostTime(id int64) (*time.Time, error) {
 	var t time.Time
 	err := db.QueryRow("SELECT created FROM posts WHERE collection_id = ? ORDER BY created DESC LIMIT 1", id).Scan(&t)
diff --git a/errors.go b/errors.go
index 0092b7fe..fa7304f2 100644
--- a/errors.go
+++ b/errors.go
@@ -11,8 +11,9 @@
 package writefreely
 
 import (
-	"github.com/writeas/impart"
 	"net/http"
+
+	"github.com/writeas/impart"
 )
 
 // Commonly returned HTTP errors
@@ -46,6 +47,8 @@ var (
 
 	ErrUserNotFound      = impart.HTTPError{http.StatusNotFound, "User doesn't exist."}
 	ErrUserNotFoundEmail = impart.HTTPError{http.StatusNotFound, "Please enter your username instead of your email address."}
+
+	ErrUserSuspended = impart.HTTPError{http.StatusForbidden, "Account is suspended, contact the administrator."}
 )
 
 // Post operation errors
diff --git a/feed.go b/feed.go
index dd82c33f..353b1b96 100644
--- a/feed.go
+++ b/feed.go
@@ -12,12 +12,13 @@ package writefreely
 
 import (
 	"fmt"
+	"net/http"
+	"time"
+
 	. "github.com/gorilla/feeds"
 	"github.com/gorilla/mux"
 	stripmd "github.com/writeas/go-strip-markdown"
 	"github.com/writeas/web-core/log"
-	"net/http"
-	"time"
 )
 
 func ViewFeed(app *App, w http.ResponseWriter, req *http.Request) error {
@@ -34,6 +35,15 @@ func ViewFeed(app *App, w http.ResponseWriter, req *http.Request) error {
 	if err != nil {
 		return nil
 	}
+
+	suspended, err := app.db.IsUserSuspended(c.OwnerID)
+	if err != nil {
+		log.Error("view feed: get user: %v", err)
+		return ErrInternalGeneral
+	}
+	if suspended {
+		return ErrCollectionNotFound
+	}
 	c.hostName = app.cfg.App.Host
 
 	if c.IsPrivate() || c.IsProtected() {
diff --git a/invites.go b/invites.go
index 561255f0..93b82b49 100644
--- a/invites.go
+++ b/invites.go
@@ -12,15 +12,16 @@ package writefreely
 
 import (
 	"database/sql"
+	"html/template"
+	"net/http"
+	"strconv"
+	"time"
+
 	"github.com/gorilla/mux"
 	"github.com/writeas/impart"
 	"github.com/writeas/nerds/store"
 	"github.com/writeas/web-core/log"
 	"github.com/writeas/writefreely/page"
-	"html/template"
-	"net/http"
-	"strconv"
-	"time"
 )
 
 type Invite struct {
@@ -77,6 +78,10 @@ func handleCreateUserInvite(app *App, u *User, w http.ResponseWriter, r *http.Re
 	muVal := r.FormValue("uses")
 	expVal := r.FormValue("expires")
 
+	if u.Suspended {
+		return ErrUserSuspended
+	}
+
 	var err error
 	var maxUses int
 	if muVal != "0" {
diff --git a/migrations/migrations.go b/migrations/migrations.go
index 70e4b7b0..de3f4874 100644
--- a/migrations/migrations.go
+++ b/migrations/migrations.go
@@ -13,6 +13,7 @@ package migrations
 
 import (
 	"database/sql"
+
 	"github.com/writeas/web-core/log"
 )
 
@@ -57,6 +58,7 @@ func (m *migration) Migrate(db *datastore) error {
 var migrations = []Migration{
 	New("support user invites", supportUserInvites),             // -> V1 (v0.8.0)
 	New("support dynamic instance pages", supportInstancePages), // V1 -> V2 (v0.9.0)
+	New("support users suspension", supportUserSuspension),      // V2 -> V3 ()
 }
 
 // CurrentVer returns the current migration version the application is on
diff --git a/migrations/v3.go b/migrations/v3.go
new file mode 100644
index 00000000..c7c00a92
--- /dev/null
+++ b/migrations/v3.go
@@ -0,0 +1,29 @@
+/*
+ * Copyright © 2019 A Bunch Tell LLC.
+ *
+ * This file is part of WriteFreely.
+ *
+ * WriteFreely is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, included
+ * in the LICENSE file in this source code package.
+ */
+
+package migrations
+
+func supportUserSuspension(db *datastore) error {
+	t, err := db.Begin()
+
+	_, err = t.Exec(`ALTER TABLE users ADD COLUMN suspended ` + db.typeBool() + ` DEFAULT '0' NOT NULL`)
+	if err != nil {
+		t.Rollback()
+		return err
+	}
+
+	err = t.Commit()
+	if err != nil {
+		t.Rollback()
+		return err
+	}
+
+	return nil
+}
diff --git a/pad.go b/pad.go
index 1545b4f8..8a54b76f 100644
--- a/pad.go
+++ b/pad.go
@@ -11,12 +11,13 @@
 package writefreely
 
 import (
+	"net/http"
+	"strings"
+
 	"github.com/gorilla/mux"
 	"github.com/writeas/impart"
 	"github.com/writeas/web-core/log"
 	"github.com/writeas/writefreely/page"
-	"net/http"
-	"strings"
 )
 
 func handleViewPad(app *App, w http.ResponseWriter, r *http.Request) error {
@@ -34,9 +35,10 @@ func handleViewPad(app *App, w http.ResponseWriter, r *http.Request) error {
 	}
 	appData := &struct {
 		page.StaticPage
-		Post  *RawPost
-		User  *User
-		Blogs *[]Collection
+		Post      *RawPost
+		User      *User
+		Blogs     *[]Collection
+		Suspended bool
 
 		Editing        bool        // True if we're modifying an existing post
 		EditCollection *Collection // Collection of the post we're editing, if any
@@ -51,6 +53,10 @@ func handleViewPad(app *App, w http.ResponseWriter, r *http.Request) error {
 		if err != nil {
 			log.Error("Unable to get user's blogs for Pad: %v", err)
 		}
+		appData.Suspended, err = app.db.IsUserSuspended(appData.User.ID)
+		if err != nil {
+			log.Error("Unable to get users suspension status for Pad: %v", err)
+		}
 	}
 
 	padTmpl := app.cfg.App.Editor
@@ -121,12 +127,18 @@ func handleViewMeta(app *App, w http.ResponseWriter, r *http.Request) error {
 		EditCollection *Collection // Collection of the post we're editing, if any
 		Flashes        []string
 		NeedsToken     bool
+		Suspended      bool
 	}{
 		StaticPage: pageForReq(app, r),
 		Post:       &RawPost{Font: "norm"},
 		User:       getUserSession(app, r),
 	}
 	var err error
+	appData.Suspended, err = app.db.IsUserSuspended(appData.User.ID)
+	if err != nil {
+		log.Error("view meta: get user suspended status: %v", err)
+		return ErrInternalGeneral
+	}
 
 	if action == "" && slug == "" {
 		return ErrPostNotFound
diff --git a/posts.go b/posts.go
index 2f3606f1..2d648083 100644
--- a/posts.go
+++ b/posts.go
@@ -380,6 +380,16 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
 		}
 	}
 
+	suspended, err := app.db.IsUserSuspended(ownerID.Int64)
+	if err != nil {
+		log.Error("view post: get collection owner: %v", err)
+		return ErrInternalGeneral
+	}
+
+	if suspended {
+		return ErrPostNotFound
+	}
+
 	// Check if post has been unpublished
 	if content == "" {
 		gone = true
@@ -496,6 +506,15 @@ func newPost(app *App, w http.ResponseWriter, r *http.Request) error {
 	} else {
 		userID = app.db.GetUserID(accessToken)
 	}
+	suspended, err := app.db.IsUserSuspended(userID)
+	if err != nil {
+		log.Error("new post: get user: %v", err)
+		return ErrInternalGeneral
+	}
+	if suspended {
+		return ErrUserSuspended
+	}
+
 	if userID == -1 {
 		return ErrNotLoggedIn
 	}
@@ -508,7 +527,7 @@ func newPost(app *App, w http.ResponseWriter, r *http.Request) error {
 	var p *SubmittedPost
 	if reqJSON {
 		decoder := json.NewDecoder(r.Body)
-		err := decoder.Decode(&p)
+		err = decoder.Decode(&p)
 		if err != nil {
 			log.Error("Couldn't parse new post JSON request: %v\n", err)
 			return ErrBadJSON
@@ -554,7 +573,6 @@ func newPost(app *App, w http.ResponseWriter, r *http.Request) error {
 
 	var newPost *PublicPost = &PublicPost{}
 	var coll *Collection
-	var err error
 	if accessToken != "" {
 		newPost, err = app.db.CreateOwnedPost(p, accessToken, collAlias, app.cfg.App.Host)
 	} else {
@@ -662,6 +680,15 @@ func existingPost(app *App, w http.ResponseWriter, r *http.Request) error {
 		}
 	}
 
+	suspended, err := app.db.IsUserSuspended(userID)
+	if err != nil {
+		log.Error("existing post: get user: %v", err)
+		return ErrInternalGeneral
+	}
+	if suspended {
+		return ErrUserSuspended
+	}
+
 	// Modify post struct
 	p.ID = postID
 
@@ -856,11 +883,20 @@ func addPost(app *App, w http.ResponseWriter, r *http.Request) error {
 		ownerID = u.ID
 	}
 
+	suspended, err := app.db.IsUserSuspended(ownerID)
+	if err != nil {
+		log.Error("add post: get user: %v", err)
+		return ErrInternalGeneral
+	}
+	if suspended {
+		return ErrUserSuspended
+	}
+
 	// Parse claimed posts in format:
 	// [{"id": "...", "token": "..."}]
 	var claims *[]ClaimPostRequest
 	decoder := json.NewDecoder(r.Body)
-	err := decoder.Decode(&claims)
+	err = decoder.Decode(&claims)
 	if err != nil {
 		return ErrBadJSONArray
 	}
@@ -950,13 +986,22 @@ func pinPost(app *App, w http.ResponseWriter, r *http.Request) error {
 		userID = u.ID
 	}
 
+	suspended, err := app.db.IsUserSuspended(userID)
+	if err != nil {
+		log.Error("pin post: get user: %v", err)
+		return ErrInternalGeneral
+	}
+	if suspended {
+		return ErrUserSuspended
+	}
+
 	// Parse request
 	var posts []struct {
 		ID       string `json:"id"`
 		Position int64  `json:"position"`
 	}
 	decoder := json.NewDecoder(r.Body)
-	err := decoder.Decode(&posts)
+	err = decoder.Decode(&posts)
 	if err != nil {
 		return ErrBadJSONArray
 	}
@@ -992,6 +1037,7 @@ func pinPost(app *App, w http.ResponseWriter, r *http.Request) error {
 
 func fetchPost(app *App, w http.ResponseWriter, r *http.Request) error {
 	var collID int64
+	var ownerID int64
 	var coll *Collection
 	var err error
 	vars := mux.Vars(r)
@@ -1007,12 +1053,22 @@ func fetchPost(app *App, w http.ResponseWriter, r *http.Request) error {
 			return err
 		}
 		collID = coll.ID
+		ownerID = coll.OwnerID
 	}
 
 	p, err := app.db.GetPost(vars["post"], collID)
 	if err != nil {
 		return err
 	}
+	suspended, err := app.db.IsUserSuspended(ownerID)
+	if err != nil {
+		log.Error("fetch post: get owner: %v", err)
+		return ErrInternalGeneral
+	}
+
+	if suspended {
+		return ErrPostNotFound
+	}
 
 	p.extractData()
 
@@ -1270,6 +1326,15 @@ func viewCollectionPost(app *App, w http.ResponseWriter, r *http.Request) error
 	}
 	c.hostName = app.cfg.App.Host
 
+	suspended, err := app.db.IsUserSuspended(c.OwnerID)
+	if err != nil {
+		log.Error("view collection post: get owner: %v", err)
+		return ErrInternalGeneral
+	}
+
+	if suspended {
+		return ErrPostNotFound
+	}
 	// Check collection permissions
 	if c.IsPrivate() && (u == nil || u.ID != c.OwnerID) {
 		return ErrPostNotFound
diff --git a/read.go b/read.go
index 3bc91c71..e7d1e55d 100644
--- a/read.go
+++ b/read.go
@@ -13,6 +13,12 @@ package writefreely
 import (
 	"database/sql"
 	"fmt"
+	"html/template"
+	"math"
+	"net/http"
+	"strconv"
+	"time"
+
 	. "github.com/gorilla/feeds"
 	"github.com/gorilla/mux"
 	stripmd "github.com/writeas/go-strip-markdown"
@@ -20,11 +26,6 @@ import (
 	"github.com/writeas/web-core/log"
 	"github.com/writeas/web-core/memo"
 	"github.com/writeas/writefreely/page"
-	"html/template"
-	"math"
-	"net/http"
-	"strconv"
-	"time"
 )
 
 const (
@@ -62,7 +63,8 @@ func (app *App) FetchPublicPosts() (interface{}, error) {
 	rows, err := app.db.Query(`SELECT p.id, alias, c.title, p.slug, p.title, p.content, p.text_appearance, p.language, p.rtl, p.created, p.updated
 	FROM collections c
 	LEFT JOIN posts p ON p.collection_id = c.id
-	WHERE c.privacy = 1 AND (p.created >= ` + app.db.dateSub(3, "month") + ` AND p.created <= ` + app.db.now() + ` AND pinned_position IS NULL)
+	LEFT JOIN users u ON u.id = p.owner_id
+	WHERE c.privacy = 1 AND (p.created >= ` + app.db.dateSub(3, "month") + ` AND p.created <= ` + app.db.now() + ` AND pinned_position IS NULL) AND u.suspended = 0
 	ORDER BY p.created DESC`)
 	if err != nil {
 		log.Error("Failed selecting from posts: %v", err)
diff --git a/routes.go b/routes.go
index 724c5320..e7014cd5 100644
--- a/routes.go
+++ b/routes.go
@@ -11,13 +11,14 @@
 package writefreely
 
 import (
+	"net/http"
+	"path/filepath"
+	"strings"
+
 	"github.com/gorilla/mux"
 	"github.com/writeas/go-webfinger"
 	"github.com/writeas/web-core/log"
 	"github.com/writefreely/go-nodeinfo"
-	"net/http"
-	"path/filepath"
-	"strings"
 )
 
 // InitStaticRoutes adds routes for serving static files.
@@ -143,6 +144,7 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router {
 	write.HandleFunc("/admin", handler.Admin(handleViewAdminDash)).Methods("GET")
 	write.HandleFunc("/admin/users", handler.Admin(handleViewAdminUsers)).Methods("GET")
 	write.HandleFunc("/admin/user/{username}", handler.Admin(handleViewAdminUser)).Methods("GET")
+	write.HandleFunc("/admin/user/{username}", handler.Admin(handleAdminToggleUserSuspended)).Methods("POST")
 	write.HandleFunc("/admin/pages", handler.Admin(handleViewAdminPages)).Methods("GET")
 	write.HandleFunc("/admin/page/{slug}", handler.Admin(handleViewAdminPage)).Methods("GET")
 	write.HandleFunc("/admin/update/config", handler.AdminApper(handleAdminUpdateConfig)).Methods("POST")
diff --git a/schema.sql b/schema.sql
index b3fae97a..3a797363 100644
--- a/schema.sql
+++ b/schema.sql
@@ -225,6 +225,7 @@ CREATE TABLE IF NOT EXISTS `users` (
   `password` char(60) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL,
   `email` varbinary(255) DEFAULT NULL,
   `created` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `suspended` tinyint(1) NOT NULL DEFAULT 0,
   PRIMARY KEY (`id`),
   UNIQUE KEY `username` (`username`)
 ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
diff --git a/sqlite.sql b/sqlite.sql
index 90989ed5..920ffeda 100644
--- a/sqlite.sql
+++ b/sqlite.sql
@@ -214,7 +214,8 @@ CREATE TABLE IF NOT EXISTS `users` (
   username TEXT NOT NULL UNIQUE,
   password TEXT NOT NULL,
   email TEXT DEFAULT NULL,
-  created DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+  created DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  suspended INTEGER NOT NULL DEFAULT 0
 );
 
 -- --------------------------------------------------------
diff --git a/templates/edit-meta.tmpl b/templates/edit-meta.tmpl
index 8d96b15e..6707e68e 100644
--- a/templates/edit-meta.tmpl
+++ b/templates/edit-meta.tmpl
@@ -269,6 +269,10 @@
 		<script src="/js/h.js"></script>
 		<script>
 function updateMeta() {
+	if ({{.Suspended}}) {
+		alert('Your account is currently supsended, editing posts is disabled.');
+		return
+	}
 	document.getElementById('create-error').style.display = 'none';
 	var $created = document.getElementById('created');
 	var dateStr = $created.value.trim();
diff --git a/templates/pad.tmpl b/templates/pad.tmpl
index 914d921f..4be311e2 100644
--- a/templates/pad.tmpl
+++ b/templates/pad.tmpl
@@ -131,8 +131,12 @@
 		{{else}}var canPublish = true;{{end}}
 		var publishing = false;
 		var justPublished = false;
-
+		var suspended = {{.Suspended}};
 		var publish = function(content, font) {
+			if (suspended === true) {
+				alert("Your account is currently suspended, posting is disabled.");
+				return;
+			}
 			{{if and (and .Post.Id (not .Post.Slug)) (not .User)}}
 			if (!token) {
 				alert("You don't have permission to update this post.");
diff --git a/templates/user/admin/users.tmpl b/templates/user/admin/users.tmpl
index b59104c8..bcd3728f 100644
--- a/templates/user/admin/users.tmpl
+++ b/templates/user/admin/users.tmpl
@@ -11,12 +11,17 @@
 			<th>User</th>
 			<th>Joined</th>
 			<th>Type</th>
+			<th>Status</th>
 		</tr>
 		{{range .Users}}
 		<tr>
 			<td><a href="/admin/user/{{.Username}}">{{.Username}}</a></td>
 			<td>{{.CreatedFriendly}}</td>
 			<td style="text-align:center">{{if .IsAdmin}}Admin{{else}}User{{end}}</td>
+			<td style="text-align:center">
+				<a 
+				href="/admin/user/{{.Username}}#status"
+				title="View or change account status">{{if .Suspended}}suspended{{else}}active{{end}}</a></td>
 		</tr>
 		{{end}}
 	</table>
diff --git a/templates/user/admin/view-user.tmpl b/templates/user/admin/view-user.tmpl
index 2a74e5b5..a3d96d5b 100644
--- a/templates/user/admin/view-user.tmpl
+++ b/templates/user/admin/view-user.tmpl
@@ -7,6 +7,24 @@ table.classy th {
 h3 {
 	font-weight: normal;
 }
+td.active-suspend {
+	display: flex;
+	align-items: center;
+}
+
+td.active-suspend > input[type="submit"] {
+	margin-left: auto;
+	margin-right: 5%;
+}
+
+@media only screen and (max-width: 500px) {
+	td.active-suspend {
+		flex-wrap: wrap;
+	}
+	td.active-suspend > input[type="submit"] {
+		margin: auto;
+	}
+}
 </style>
 <div class="snug content-container">
 	{{template "admin-header" .}}
@@ -38,6 +56,20 @@ h3 {
 			<th>Last Post</th>
 			<td>{{if .LastPost}}{{.LastPost}}{{else}}Never{{end}}</td>
 		</tr>
+		<tr>
+			<form action="/admin/user/{{.User.Username}}" method="POST">
+				<a id="status"/>
+				<th>Status</th>
+				{{if .User.Suspended}}
+				<td class="active-suspend"><p>User is currently Suspended</p><input type="submit" value="Activate"/></td>
+				{{else}}
+				<td class="active-suspend">
+					<p>User is currently Active</p>
+					<input class="danger" type="submit" value="Suspend" {{if .User.IsAdmin}}disabled{{end}}/>
+				</td>
+				{{end}}
+			</form>
+		</tr>
 	</table>
 
 	<h2>Blogs</h2>
diff --git a/templates/user/settings.tmpl b/templates/user/settings.tmpl
index fd204a55..822d0916 100644
--- a/templates/user/settings.tmpl
+++ b/templates/user/settings.tmpl
@@ -12,6 +12,12 @@ h3 { font-weight: normal; }
 		{{range .Flashes}}<li class="urgent">{{.}}</li>{{end}}
 	</ul>{{end}}
 
+	{{if .Suspended}}
+	<div class="alert info">
+		<p>This account is currently suspended.</p>
+		<p>Please contact the instance administrator to discuss reactivation.</p>
+	</div>
+	{{end}}
 	{{ if .IsLogOut }}
 	<div class="alert info">
 		<p class="introduction">Please add an <strong>email address</strong> and/or <strong>passphrase</strong> so you can log in again later.</p>
diff --git a/users.go b/users.go
index d5e9a91c..e8be2525 100644
--- a/users.go
+++ b/users.go
@@ -59,6 +59,7 @@ type (
 		HasPass    bool        `json:"has_pass"`
 		Email      zero.String `json:"email"`
 		Created    time.Time   `json:"created"`
+		Suspended  bool        `json:"suspended"`
 
 		clearEmail string `json:"email"`
 	}
diff --git a/webfinger.go b/webfinger.go
index c95d88eb..19116c6e 100644
--- a/webfinger.go
+++ b/webfinger.go
@@ -11,11 +11,12 @@
 package writefreely
 
 import (
+	"net/http"
+
 	"github.com/writeas/go-webfinger"
 	"github.com/writeas/impart"
 	"github.com/writeas/web-core/log"
 	"github.com/writeas/writefreely/config"
-	"net/http"
 )
 
 type wfResolver struct {
@@ -37,6 +38,14 @@ func (wfr wfResolver) FindUser(username string, host, requestHost string, r []we
 		log.Error("Unable to get blog: %v", err)
 		return nil, err
 	}
+	suspended, err := wfr.db.IsUserSuspended(c.OwnerID)
+	if err != nil {
+		log.Error("webfinger find user: check is suspended: %v", err)
+		return nil, err
+	}
+	if suspended {
+		return nil, wfUserNotFoundErr
+	}
 	c.hostName = wfr.cfg.App.Host
 	if wfr.cfg.App.SingleUser {
 		// Ensure handle matches user-chosen one on single-user blogs

From aa9efc7b37219066ac767049b1c77e2d52fbc634 Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Thu, 3 Oct 2019 13:41:50 -0700
Subject: [PATCH 02/31] allow admin to reset user passwords

this adds a new button when viewing a user as an admin, that will
generate and store a new password for the user
---
 admin.go                            | 58 +++++++++++++++++++++++++----
 routes.go                           |  1 +
 templates/user/admin/view-user.tmpl | 45 +++++++++++++++++++++-
 3 files changed, 95 insertions(+), 9 deletions(-)

diff --git a/admin.go b/admin.go
index fdbb82f4..5b3acab9 100644
--- a/admin.go
+++ b/admin.go
@@ -16,12 +16,14 @@ import (
 	"net/http"
 	"runtime"
 	"strconv"
+	"strings"
 	"time"
 
 	"github.com/gorilla/mux"
 	"github.com/writeas/impart"
 	"github.com/writeas/web-core/auth"
 	"github.com/writeas/web-core/log"
+	"github.com/writeas/web-core/passgen"
 	"github.com/writeas/writefreely/appstats"
 	"github.com/writeas/writefreely/config"
 )
@@ -167,25 +169,34 @@ func handleViewAdminUser(app *App, u *User, w http.ResponseWriter, r *http.Reque
 
 	p := struct {
 		*UserPage
-		Config  config.AppCfg
-		Message string
-
-		User     *User
-		Colls    []inspectedCollection
-		LastPost string
-
-		TotalPosts int64
+		Config      config.AppCfg
+		Message     string
+		OwnUserPage bool
+
+		User        *User
+		Colls       []inspectedCollection
+		LastPost    string
+		NewPassword string
+		TotalPosts  int64
 	}{
 		Config:  app.cfg.App,
 		Message: r.FormValue("m"),
 		Colls:   []inspectedCollection{},
 	}
 
+	flashes, _ := getSessionFlashes(app, w, r, nil)
+	for _, flash := range flashes {
+		if strings.HasPrefix(flash, "SUCCESS: ") {
+			p.NewPassword = strings.TrimPrefix(flash, "SUCCESS: ")
+		}
+	}
+
 	var err error
 	p.User, err = app.db.GetUserForAuth(username)
 	if err != nil {
 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user: %v", err)}
 	}
+	p.OwnUserPage = u.ID == p.User.ID
 	p.UserPage = NewUserPage(app, r, u, p.User.Username, nil)
 	p.TotalPosts = app.db.GetUserPostsCount(p.User.ID)
 	lp, err := app.db.GetUserLastPostTime(p.User.ID)
@@ -230,6 +241,37 @@ func handleViewAdminUser(app *App, u *User, w http.ResponseWriter, r *http.Reque
 	return nil
 }
 
+func handleAdminResetUserPass(app *App, u *User, w http.ResponseWriter, r *http.Request) error {
+	vars := mux.Vars(r)
+	username := vars["username"]
+	if username == "" {
+		return impart.HTTPError{http.StatusFound, "/admin/users"}
+	}
+	// Generate new random password since none supplied
+	pass := passgen.New()
+	hashedPass, err := auth.HashPass([]byte(pass))
+	if err != nil {
+		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not create password hash: %v", err)}
+	}
+
+	userIDVal := r.FormValue("user")
+	log.Info("ADMIN: Changing user %s password", userIDVal)
+	id, err := strconv.Atoi(userIDVal)
+	if err != nil {
+		return impart.HTTPError{http.StatusBadRequest, fmt.Sprintf("Invalid user ID: %v", err)}
+	}
+
+	err = app.db.ChangePassphrase(int64(id), true, "", hashedPass)
+	if err != nil {
+		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not update passphrase: %v", err)}
+	}
+	log.Info("ADMIN: Successfully changed.")
+
+	addSessionFlash(app, w, r, fmt.Sprintf("SUCCESS: %s", pass), nil)
+
+	return impart.HTTPError{http.StatusFound, fmt.Sprintf("/admin/user/%s", username)}
+}
+
 func handleViewAdminPages(app *App, u *User, w http.ResponseWriter, r *http.Request) error {
 	p := struct {
 		*UserPage
diff --git a/routes.go b/routes.go
index 0113e935..003b7d17 100644
--- a/routes.go
+++ b/routes.go
@@ -144,6 +144,7 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router {
 	write.HandleFunc("/admin", handler.Admin(handleViewAdminDash)).Methods("GET")
 	write.HandleFunc("/admin/users", handler.Admin(handleViewAdminUsers)).Methods("GET")
 	write.HandleFunc("/admin/user/{username}", handler.Admin(handleViewAdminUser)).Methods("GET")
+	write.HandleFunc("/admin/user/{username}", handler.Admin(handleAdminResetUserPass)).Methods("POST")
 	write.HandleFunc("/admin/pages", handler.Admin(handleViewAdminPages)).Methods("GET")
 	write.HandleFunc("/admin/page/{slug}", handler.Admin(handleViewAdminPage)).Methods("GET")
 	write.HandleFunc("/admin/update/config", handler.AdminApper(handleAdminUpdateConfig)).Methods("POST")
diff --git a/templates/user/admin/view-user.tmpl b/templates/user/admin/view-user.tmpl
index 2a74e5b5..211297d6 100644
--- a/templates/user/admin/view-user.tmpl
+++ b/templates/user/admin/view-user.tmpl
@@ -7,12 +7,32 @@ table.classy th {
 h3 {
 	font-weight: normal;
 }
+input.copy-text {
+	text-align: center;
+	    font-size: 1.2em;
+	    color: #555;
+	margin-left: 1rem;
+}
+button[type="submit"].danger {
+	padding-left: 2rem;
+	padding-right: 2rem;
+}
 </style>
 <div class="snug content-container">
 	{{template "admin-header" .}}
 
 	<h2 id="posts-header">{{.User.Username}}</h2>
-
+	{{if .NewPassword}}<p class="alert success">New password for user <strong>{{.User.Username}}</strong> is
+		<input
+		type="text"
+		class="copy-text"
+		value="{{.NewPassword}}"
+		onfocus="if (this.select) this.select(); else this.setSelectionRange(0, this.value.length);"
+		readonly />
+		<br/><br/>
+		You must share this new password with the user, this is the only time it will be displayed.
+		</p>
+	{{end}}
 	<table class="classy export">
 		<tr>
 			<th>No.</th>
@@ -38,6 +58,21 @@ h3 {
 			<th>Last Post</th>
 			<td>{{if .LastPost}}{{.LastPost}}{{else}}Never{{end}}</td>
 		</tr>
+		<tr>
+			<th>Password</th>
+			<td>
+				{{if not .OwnUserPage}}
+					<form id="reset-form" action="/admin/user/{{.User.Username}}" method="post" autocomplete="false">
+					<input type="hidden" name="user" value="{{.User.ID}}"/>
+					<button
+					class="danger"
+					type="submit">Reset</button>
+				</form>
+				{{else}}
+				<a href="/me/settings" title="Go to reset password page">Change your password</a>
+				{{end}}
+			</td>
+		</tr>
 	</table>
 
 	<h2>Blogs</h2>
@@ -83,5 +118,13 @@ h3 {
 	{{end}}
 </div>
 
+<script type="text/javascript">
+	form = document.getElementById("reset-form");
+	form.addEventListener('submit', function(e) {
+		e.preventDefault();
+		agreed = confirm("Really reset password for {{.User.Username}}?\nYou will have to record and share the new password with them.");
+		if (agreed === true) { form.submit();}
+	});
+</script>
 {{template "footer" .}}
 {{end}}

From f85f0751a3a7480bc29450cf42a4360c31ff3083 Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Fri, 25 Oct 2019 12:04:24 -0700
Subject: [PATCH 03/31] address PR comments

- update error messages to be correct
- move suspended message into template and include for other pages
- check suspended status on all relevant pages and show message if
logged in user is suspended.
- fix possible nil pointer error
- remove changes to db schema files
- add version comment to migration
- add UserStatus type with UserActive and UserSuspended
- change database table to use status column instead of suspended
- update toggle suspended handler to be toggle status in prep for
possible future inclusion of further user statuses
---
 account.go                            | 29 ++++++++++++++++++++++++++-
 activitypub.go                        | 10 ++++-----
 admin.go                              | 13 ++++++------
 collections.go                        | 26 +++++++++++++-----------
 database.go                           | 29 ++++++++++++++-------------
 invites.go                            |  2 +-
 migrations/migrations.go              |  2 +-
 migrations/v3.go                      |  4 ++--
 posts.go                              | 22 +++++++++++---------
 read.go                               |  2 +-
 routes.go                             |  2 +-
 schema.sql                            |  1 -
 sqlite.sql                            |  3 +--
 templates.go                          | 12 +++++++----
 templates/chorus-collection-post.tmpl |  3 +++
 templates/chorus-collection.tmpl      |  3 +++
 templates/collection-post.tmpl        |  3 +++
 templates/collection-tags.tmpl        |  3 +++
 templates/collection.tmpl             |  3 +++
 templates/password-collection.tmpl    |  3 +++
 templates/post.tmpl                   |  3 +++
 templates/user/admin/users.tmpl       |  2 +-
 templates/user/admin/view-user.tmpl   |  4 ++--
 templates/user/articles.tmpl          |  3 +++
 templates/user/collection.tmpl        |  3 +++
 templates/user/collections.tmpl       |  3 +++
 templates/user/include/suspended.tmpl |  6 ++++++
 templates/user/settings.tmpl          |  9 +++------
 templates/user/stats.tmpl             |  3 +++
 users.go                              |  9 ++++++++-
 30 files changed, 148 insertions(+), 72 deletions(-)
 create mode 100644 templates/user/include/suspended.tmpl

diff --git a/account.go b/account.go
index c3d55ba7..0faa7bbc 100644
--- a/account.go
+++ b/account.go
@@ -750,14 +750,20 @@ func viewArticles(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 		log.Error("unable to fetch collections: %v", err)
 	}
 
+	suspended, err := app.db.IsUserSuspended(u.ID)
+	if err != nil {
+		log.Error("view articles: %v", err)
+	}
 	d := struct {
 		*UserPage
 		AnonymousPosts *[]PublicPost
 		Collections    *[]Collection
+		Suspended      bool
 	}{
 		UserPage:       NewUserPage(app, r, u, u.Username+"'s Posts", f),
 		AnonymousPosts: p,
 		Collections:    c,
+		Suspended:      suspended,
 	}
 	d.UserPage.SetMessaging(u)
 	w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
@@ -779,6 +785,11 @@ func viewCollections(app *App, u *User, w http.ResponseWriter, r *http.Request)
 	uc, _ := app.db.GetUserCollectionCount(u.ID)
 	// TODO: handle any errors
 
+	suspended, err := app.db.IsUserSuspended(u.ID)
+	if err != nil {
+		log.Error("view collections %v", err)
+		return fmt.Errorf("view collections: %v", err)
+	}
 	d := struct {
 		*UserPage
 		Collections *[]Collection
@@ -786,11 +797,13 @@ func viewCollections(app *App, u *User, w http.ResponseWriter, r *http.Request)
 		UsedCollections, TotalCollections int
 
 		NewBlogsDisabled bool
+		Suspended        bool
 	}{
 		UserPage:         NewUserPage(app, r, u, u.Username+"'s Blogs", f),
 		Collections:      c,
 		UsedCollections:  int(uc),
 		NewBlogsDisabled: !app.cfg.App.CanCreateBlogs(uc),
+		Suspended:        suspended,
 	}
 	d.UserPage.SetMessaging(u)
 	showUserPage(w, "collections", d)
@@ -808,13 +821,20 @@ func viewEditCollection(app *App, u *User, w http.ResponseWriter, r *http.Reques
 		return ErrCollectionNotFound
 	}
 
+	suspended, err := app.db.IsUserSuspended(u.ID)
+	if err != nil {
+		log.Error("view edit collection %v", err)
+		return fmt.Errorf("view edit collection: %v", err)
+	}
 	flashes, _ := getSessionFlashes(app, w, r, nil)
 	obj := struct {
 		*UserPage
 		*Collection
+		Suspended bool
 	}{
 		UserPage:   NewUserPage(app, r, u, "Edit "+c.DisplayTitle(), flashes),
 		Collection: c,
+		Suspended:  suspended,
 	}
 
 	showUserPage(w, "collection", obj)
@@ -976,17 +996,24 @@ func viewStats(app *App, u *User, w http.ResponseWriter, r *http.Request) error
 		titleStats = c.DisplayTitle() + " "
 	}
 
+	suspended, err := app.db.IsUserSuspended(u.ID)
+	if err != nil {
+		log.Error("view stats: %v", err)
+		return err
+	}
 	obj := struct {
 		*UserPage
 		VisitsBlog  string
 		Collection  *Collection
 		TopPosts    *[]PublicPost
 		APFollowers int
+		Suspended   bool
 	}{
 		UserPage:   NewUserPage(app, r, u, titleStats+"Stats", flashes),
 		VisitsBlog: alias,
 		Collection: c,
 		TopPosts:   topPosts,
+		Suspended:  suspended,
 	}
 	if app.cfg.App.Federation {
 		folls, err := app.db.GetAPFollowers(c)
@@ -1026,7 +1053,7 @@ func viewSettings(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 		Email:     fullUser.EmailClear(app.keys),
 		HasPass:   passIsSet,
 		IsLogOut:  r.FormValue("logout") == "1",
-		Suspended: fullUser.Suspended,
+		Suspended: fullUser.Status == UserSuspended,
 	}
 
 	showUserPage(w, "settings", obj)
diff --git a/activitypub.go b/activitypub.go
index 06b04688..eeaa1fa6 100644
--- a/activitypub.go
+++ b/activitypub.go
@@ -82,7 +82,7 @@ func handleFetchCollectionActivities(app *App, w http.ResponseWriter, r *http.Re
 	}
 	suspended, err := app.db.IsUserSuspended(c.OwnerID)
 	if err != nil {
-		log.Error("fetch collection inbox: get owner: %v", err)
+		log.Error("fetch collection activities: %v", err)
 		return ErrInternalGeneral
 	}
 	if suspended {
@@ -115,7 +115,7 @@ func handleFetchCollectionOutbox(app *App, w http.ResponseWriter, r *http.Reques
 	}
 	suspended, err := app.db.IsUserSuspended(c.OwnerID)
 	if err != nil {
-		log.Error("fetch collection inbox: get owner: %v", err)
+		log.Error("fetch collection outbox: %v", err)
 		return ErrInternalGeneral
 	}
 	if suspended {
@@ -176,7 +176,7 @@ func handleFetchCollectionFollowers(app *App, w http.ResponseWriter, r *http.Req
 	}
 	suspended, err := app.db.IsUserSuspended(c.OwnerID)
 	if err != nil {
-		log.Error("fetch collection inbox: get owner: %v", err)
+		log.Error("fetch collection followers: %v", err)
 		return ErrInternalGeneral
 	}
 	if suspended {
@@ -230,7 +230,7 @@ func handleFetchCollectionFollowing(app *App, w http.ResponseWriter, r *http.Req
 	}
 	suspended, err := app.db.IsUserSuspended(c.OwnerID)
 	if err != nil {
-		log.Error("fetch collection inbox: get owner: %v", err)
+		log.Error("fetch collection following: %v", err)
 		return ErrInternalGeneral
 	}
 	if suspended {
@@ -272,7 +272,7 @@ func handleFetchCollectionInbox(app *App, w http.ResponseWriter, r *http.Request
 	}
 	suspended, err := app.db.IsUserSuspended(c.OwnerID)
 	if err != nil {
-		log.Error("fetch collection inbox: get owner: %v", err)
+		log.Error("fetch collection inbox: %v", err)
 		return ErrInternalGeneral
 	}
 	if suspended {
diff --git a/admin.go b/admin.go
index 1d949871..65afd5f7 100644
--- a/admin.go
+++ b/admin.go
@@ -230,28 +230,27 @@ func handleViewAdminUser(app *App, u *User, w http.ResponseWriter, r *http.Reque
 	return nil
 }
 
-func handleAdminToggleUserSuspended(app *App, u *User, w http.ResponseWriter, r *http.Request) error {
+func handleAdminToggleUserStatus(app *App, u *User, w http.ResponseWriter, r *http.Request) error {
 	vars := mux.Vars(r)
 	username := vars["username"]
 	if username == "" {
 		return impart.HTTPError{http.StatusFound, "/admin/users"}
 	}
 
-	userToToggle, err := app.db.GetUserForAuth(username)
+	user, err := app.db.GetUserForAuth(username)
 	if err != nil {
 		log.Error("failed to get user: %v", err)
 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user from username: %v", err)}
 	}
-	if userToToggle.Suspended {
-		err = app.db.SetUserSuspended(userToToggle.ID, false)
+	if user.Status == UserSuspended {
+		err = app.db.SetUserStatus(user.ID, UserActive)
 	} else {
-		err = app.db.SetUserSuspended(userToToggle.ID, true)
+		err = app.db.SetUserStatus(user.ID, UserSuspended)
 	}
 	if err != nil {
 		log.Error("toggle user suspended: %v", err)
-		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not toggle user suspended: %v")}
+		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not toggle user status: %v")}
 	}
-	// TODO: invalidate sessions
 	return impart.HTTPError{http.StatusFound, fmt.Sprintf("/admin/user/%s#status", username)}
 }
 
diff --git a/collections.go b/collections.go
index c4cefeb6..38ec6f10 100644
--- a/collections.go
+++ b/collections.go
@@ -71,6 +71,7 @@ type (
 		CurrentPage int
 		TotalPages  int
 		Format      *CollectionFormat
+		Suspended   bool
 	}
 	SubmittedCollection struct {
 		// Data used for updating a given collection
@@ -398,7 +399,7 @@ func newCollection(app *App, w http.ResponseWriter, r *http.Request) error {
 	}
 	suspended, err := app.db.IsUserSuspended(userID)
 	if err != nil {
-		log.Error("new collection: get user: %v", err)
+		log.Error("new collection: %v", err)
 		return ErrInternalGeneral
 	}
 	if suspended {
@@ -486,6 +487,7 @@ func fetchCollection(app *App, w http.ResponseWriter, r *http.Request) error {
 			res.Owner = u
 		}
 	}
+	// TODO: check suspended
 	app.db.GetPostsCount(res, isCollOwner)
 	// Strip non-public information
 	res.Collection.ForPublic()
@@ -738,14 +740,10 @@ func handleViewCollection(app *App, w http.ResponseWriter, r *http.Request) erro
 
 	suspended, err := app.db.IsUserSuspended(c.OwnerID)
 	if err != nil {
-		log.Error("view collection: get owner: %v", err)
+		log.Error("view collection: %v", err)
 		return ErrInternalGeneral
 	}
 
-	if suspended {
-		return ErrCollectionNotFound
-	}
-
 	// Serve ActivityStreams data now, if requested
 	if strings.Contains(r.Header.Get("Accept"), "application/activity+json") {
 		ac := c.PersonObject()
@@ -802,6 +800,10 @@ func handleViewCollection(app *App, w http.ResponseWriter, r *http.Request) erro
 			log.Error("Error getting user for collection: %v", err)
 		}
 	}
+	if !isOwner && suspended {
+		return ErrCollectionNotFound
+	}
+	displayPage.Suspended = isOwner && suspended
 	displayPage.Owner = owner
 	coll.Owner = displayPage.Owner
 
@@ -853,10 +855,6 @@ func handleViewCollectionTag(app *App, w http.ResponseWriter, r *http.Request) e
 		return err
 	}
 
-	if u.Suspended {
-		return ErrCollectionNotFound
-	}
-
 	page := getCollectionPage(vars)
 
 	c, err := processCollectionPermissions(app, cr, u, w, r)
@@ -908,6 +906,10 @@ func handleViewCollectionTag(app *App, w http.ResponseWriter, r *http.Request) e
 			log.Error("Error getting user for collection: %v", err)
 		}
 	}
+	if !isOwner && u.Status == UserSuspended {
+		return ErrCollectionNotFound
+	}
+	displayPage.Suspended = u.Status == UserSuspended
 	displayPage.Owner = owner
 	coll.Owner = displayPage.Owner
 	// Add more data
@@ -946,7 +948,7 @@ func existingCollection(app *App, w http.ResponseWriter, r *http.Request) error
 	collAlias := vars["alias"]
 	isWeb := r.FormValue("web") == "1"
 
-	var u *User
+	u := &User{}
 	if reqJSON && !isWeb {
 		// Ensure an access token was given
 		accessToken := r.Header.Get("Authorization")
@@ -963,7 +965,7 @@ func existingCollection(app *App, w http.ResponseWriter, r *http.Request) error
 
 	suspended, err := app.db.IsUserSuspended(u.ID)
 	if err != nil {
-		log.Error("existing collection: get user suspended status: %v", err)
+		log.Error("existing collection: %v", err)
 		return ErrInternalGeneral
 	}
 
diff --git a/database.go b/database.go
index b465e680..4b0c702b 100644
--- a/database.go
+++ b/database.go
@@ -296,7 +296,7 @@ func (db *datastore) CreateCollection(cfg *config.Config, alias, title string, u
 func (db *datastore) GetUserByID(id int64) (*User, error) {
 	u := &User{ID: id}
 
-	err := db.QueryRow("SELECT username, password, email, created, suspended FROM users WHERE id = ?", id).Scan(&u.Username, &u.HashedPass, &u.Email, &u.Created, &u.Suspended)
+	err := db.QueryRow("SELECT username, password, email, created, status FROM users WHERE id = ?", id).Scan(&u.Username, &u.HashedPass, &u.Email, &u.Created, &u.Status)
 	switch {
 	case err == sql.ErrNoRows:
 		return nil, ErrUserNotFound
@@ -313,16 +313,16 @@ func (db *datastore) GetUserByID(id int64) (*User, error) {
 func (db *datastore) IsUserSuspended(id int64) (bool, error) {
 	u := &User{ID: id}
 
-	err := db.QueryRow("SELECT suspended FROM users WHERE id = ?", id).Scan(&u.Suspended)
+	err := db.QueryRow("SELECT status FROM users WHERE id = ?", id).Scan(&u.Status)
 	switch {
 	case err == sql.ErrNoRows:
-		return false, ErrUserNotFound
+		return false, fmt.Errorf("is user suspended: %v", ErrUserNotFound)
 	case err != nil:
 		log.Error("Couldn't SELECT user password: %v", err)
-		return false, err
+		return false, fmt.Errorf("is user suspended: %v", err)
 	}
 
-	return u.Suspended, nil
+	return u.Status == UserSuspended, nil
 }
 
 // DoesUserNeedAuth returns true if the user hasn't provided any methods for
@@ -364,7 +364,7 @@ func (db *datastore) IsUserPassSet(id int64) (bool, error) {
 func (db *datastore) GetUserForAuth(username string) (*User, error) {
 	u := &User{Username: username}
 
-	err := db.QueryRow("SELECT id, password, email, created, suspended FROM users WHERE username = ?", username).Scan(&u.ID, &u.HashedPass, &u.Email, &u.Created, &u.Suspended)
+	err := db.QueryRow("SELECT id, password, email, created, status FROM users WHERE username = ?", username).Scan(&u.ID, &u.HashedPass, &u.Email, &u.Created, &u.Status)
 	switch {
 	case err == sql.ErrNoRows:
 		// Check if they've entered the wrong, unnormalized username
@@ -387,7 +387,7 @@ func (db *datastore) GetUserForAuth(username string) (*User, error) {
 func (db *datastore) GetUserForAuthByID(userID int64) (*User, error) {
 	u := &User{ID: userID}
 
-	err := db.QueryRow("SELECT id, password, email, created, suspended FROM users WHERE id = ?", u.ID).Scan(&u.ID, &u.HashedPass, &u.Email, &u.Created, &u.Suspended)
+	err := db.QueryRow("SELECT id, password, email, created, status FROM users WHERE id = ?", u.ID).Scan(&u.ID, &u.HashedPass, &u.Email, &u.Created, &u.Status)
 	switch {
 	case err == sql.ErrNoRows:
 		return nil, ErrUserNotFound
@@ -1650,7 +1650,7 @@ func (db *datastore) GetTotalCollections() (collCount int64, err error) {
 	SELECT COUNT(*) 
 	FROM collections c
 	LEFT JOIN users u ON u.id = c.owner_id
-	WHERE u.suspended = 0`).Scan(&collCount)
+	WHERE u.status = 0`).Scan(&collCount)
 	if err != nil {
 		log.Error("Unable to fetch collections count: %v", err)
 	}
@@ -1662,7 +1662,7 @@ func (db *datastore) GetTotalPosts() (postCount int64, err error) {
 	SELECT COUNT(*)
 	FROM posts p
 	LEFT JOIN users u ON u.id = p.owner_id
-	WHERE u.Suspended = 0`).Scan(&postCount)
+	WHERE u.status = 0`).Scan(&postCount)
 	if err != nil {
 		log.Error("Unable to fetch posts count: %v", err)
 	}
@@ -2384,7 +2384,7 @@ func (db *datastore) GetAllUsers(page uint) (*[]User, error) {
 		limitStr = fmt.Sprintf("%d, %d", (page-1)*adminUsersPerPage, adminUsersPerPage)
 	}
 
-	rows, err := db.Query("SELECT id, username, created, suspended FROM users ORDER BY created DESC LIMIT " + limitStr)
+	rows, err := db.Query("SELECT id, username, created, status FROM users ORDER BY created DESC LIMIT " + limitStr)
 	if err != nil {
 		log.Error("Failed selecting from users: %v", err)
 		return nil, impart.HTTPError{http.StatusInternalServerError, "Couldn't retrieve all users."}
@@ -2394,7 +2394,7 @@ func (db *datastore) GetAllUsers(page uint) (*[]User, error) {
 	users := []User{}
 	for rows.Next() {
 		u := User{}
-		err = rows.Scan(&u.ID, &u.Username, &u.Created, &u.Suspended)
+		err = rows.Scan(&u.ID, &u.Username, &u.Created, &u.Status)
 		if err != nil {
 			log.Error("Failed scanning GetAllUsers() row: %v", err)
 			break
@@ -2431,10 +2431,11 @@ func (db *datastore) GetUserLastPostTime(id int64) (*time.Time, error) {
 	return &t, nil
 }
 
-func (db *datastore) SetUserSuspended(id int64, suspend bool) error {
-	_, err := db.Exec("UPDATE users SET suspended = ? WHERE id = ?", suspend, id)
+// SetUserStatus changes a user's status in the database. see Users.UserStatus
+func (db *datastore) SetUserStatus(id int64, status UserStatus) error {
+	_, err := db.Exec("UPDATE users SET status = ? WHERE id = ?", status, id)
 	if err != nil {
-		return fmt.Errorf("failed to update user suspended status: %v", err)
+		return fmt.Errorf("failed to update user status: %v", err)
 	}
 	return nil
 }
diff --git a/invites.go b/invites.go
index adff49a4..8f341eca 100644
--- a/invites.go
+++ b/invites.go
@@ -78,7 +78,7 @@ func handleCreateUserInvite(app *App, u *User, w http.ResponseWriter, r *http.Re
 	muVal := r.FormValue("uses")
 	expVal := r.FormValue("expires")
 
-	if u.Suspended {
+	if u.Status == UserSuspended {
 		return ErrUserSuspended
 	}
 
diff --git a/migrations/migrations.go b/migrations/migrations.go
index de3f4874..0799f8e0 100644
--- a/migrations/migrations.go
+++ b/migrations/migrations.go
@@ -58,7 +58,7 @@ func (m *migration) Migrate(db *datastore) error {
 var migrations = []Migration{
 	New("support user invites", supportUserInvites),             // -> V1 (v0.8.0)
 	New("support dynamic instance pages", supportInstancePages), // V1 -> V2 (v0.9.0)
-	New("support users suspension", supportUserSuspension),      // V2 -> V3 ()
+	New("support users suspension", supportUserStatus),          // V2 -> V3 (v0.11.0)
 }
 
 // CurrentVer returns the current migration version the application is on
diff --git a/migrations/v3.go b/migrations/v3.go
index c7c00a92..b5351daf 100644
--- a/migrations/v3.go
+++ b/migrations/v3.go
@@ -10,10 +10,10 @@
 
 package migrations
 
-func supportUserSuspension(db *datastore) error {
+func supportUserStatus(db *datastore) error {
 	t, err := db.Begin()
 
-	_, err = t.Exec(`ALTER TABLE users ADD COLUMN suspended ` + db.typeBool() + ` DEFAULT '0' NOT NULL`)
+	_, err = t.Exec(`ALTER TABLE users ADD COLUMN status ` + db.typeInt() + ` DEFAULT '0' NOT NULL`)
 	if err != nil {
 		t.Rollback()
 		return err
diff --git a/posts.go b/posts.go
index 33d46381..15d93c8d 100644
--- a/posts.go
+++ b/posts.go
@@ -383,7 +383,7 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
 
 	suspended, err := app.db.IsUserSuspended(ownerID.Int64)
 	if err != nil {
-		log.Error("view post: get collection owner: %v", err)
+		log.Error("view post: %v", err)
 		return ErrInternalGeneral
 	}
 
@@ -509,7 +509,7 @@ func newPost(app *App, w http.ResponseWriter, r *http.Request) error {
 	}
 	suspended, err := app.db.IsUserSuspended(userID)
 	if err != nil {
-		log.Error("new post: get user: %v", err)
+		log.Error("new post: %v", err)
 		return ErrInternalGeneral
 	}
 	if suspended {
@@ -683,7 +683,7 @@ func existingPost(app *App, w http.ResponseWriter, r *http.Request) error {
 
 	suspended, err := app.db.IsUserSuspended(userID)
 	if err != nil {
-		log.Error("existing post: get user: %v", err)
+		log.Error("existing post: %v", err)
 		return ErrInternalGeneral
 	}
 	if suspended {
@@ -886,7 +886,7 @@ func addPost(app *App, w http.ResponseWriter, r *http.Request) error {
 
 	suspended, err := app.db.IsUserSuspended(ownerID)
 	if err != nil {
-		log.Error("add post: get user: %v", err)
+		log.Error("add post: %v", err)
 		return ErrInternalGeneral
 	}
 	if suspended {
@@ -989,7 +989,7 @@ func pinPost(app *App, w http.ResponseWriter, r *http.Request) error {
 
 	suspended, err := app.db.IsUserSuspended(userID)
 	if err != nil {
-		log.Error("pin post: get user: %v", err)
+		log.Error("pin post: %v", err)
 		return ErrInternalGeneral
 	}
 	if suspended {
@@ -1063,7 +1063,7 @@ func fetchPost(app *App, w http.ResponseWriter, r *http.Request) error {
 	}
 	suspended, err := app.db.IsUserSuspended(ownerID)
 	if err != nil {
-		log.Error("fetch post: get owner: %v", err)
+		log.Error("fetch post: %v", err)
 		return ErrInternalGeneral
 	}
 
@@ -1333,13 +1333,10 @@ func viewCollectionPost(app *App, w http.ResponseWriter, r *http.Request) error
 
 	suspended, err := app.db.IsUserSuspended(c.OwnerID)
 	if err != nil {
-		log.Error("view collection post: get owner: %v", err)
+		log.Error("view collection post: %v", err)
 		return ErrInternalGeneral
 	}
 
-	if suspended {
-		return ErrPostNotFound
-	}
 	// Check collection permissions
 	if c.IsPrivate() && (u == nil || u.ID != c.OwnerID) {
 		return ErrPostNotFound
@@ -1396,6 +1393,9 @@ Are you sure it was ever here?`,
 	p.Collection = coll
 	p.IsTopLevel = app.cfg.App.SingleUser
 
+	if !p.IsOwner && suspended {
+		return ErrPostNotFound
+	}
 	// Check if post has been unpublished
 	if p.Content == "" && p.Title.String == "" {
 		return impart.HTTPError{http.StatusGone, "Post was unpublished."}
@@ -1445,12 +1445,14 @@ Are you sure it was ever here?`,
 			IsFound        bool
 			IsAdmin        bool
 			CanInvite      bool
+			Suspended      bool
 		}{
 			PublicPost:     p,
 			StaticPage:     pageForReq(app, r),
 			IsOwner:        cr.isCollOwner,
 			IsCustomDomain: cr.isCustomDomain,
 			IsFound:        postFound,
+			Suspended:      suspended,
 		}
 		tp.IsAdmin = u != nil && u.IsAdmin()
 		tp.CanInvite = canUserInvite(app.cfg, tp.IsAdmin)
diff --git a/read.go b/read.go
index 86664b5c..6d0c8a7d 100644
--- a/read.go
+++ b/read.go
@@ -71,7 +71,7 @@ func (app *App) FetchPublicPosts() (interface{}, error) {
 	FROM collections c
 	LEFT JOIN posts p ON p.collection_id = c.id
 	LEFT JOIN users u ON u.id = p.owner_id
-	WHERE c.privacy = 1 AND (p.created >= ` + app.db.dateSub(3, "month") + ` AND p.created <= ` + app.db.now() + ` AND pinned_position IS NULL) AND u.suspended = 0
+	WHERE c.privacy = 1 AND (p.created >= ` + app.db.dateSub(3, "month") + ` AND p.created <= ` + app.db.now() + ` AND pinned_position IS NULL) AND u.status = 0
 	ORDER BY p.created DESC`)
 	if err != nil {
 		log.Error("Failed selecting from posts: %v", err)
diff --git a/routes.go b/routes.go
index 510a5391..1ff250fb 100644
--- a/routes.go
+++ b/routes.go
@@ -144,7 +144,7 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router {
 	write.HandleFunc("/admin", handler.Admin(handleViewAdminDash)).Methods("GET")
 	write.HandleFunc("/admin/users", handler.Admin(handleViewAdminUsers)).Methods("GET")
 	write.HandleFunc("/admin/user/{username}", handler.Admin(handleViewAdminUser)).Methods("GET")
-	write.HandleFunc("/admin/user/{username}", handler.Admin(handleAdminToggleUserSuspended)).Methods("POST")
+	write.HandleFunc("/admin/user/{username}/status", handler.Admin(handleAdminToggleUserStatus)).Methods("POST")
 	write.HandleFunc("/admin/pages", handler.Admin(handleViewAdminPages)).Methods("GET")
 	write.HandleFunc("/admin/page/{slug}", handler.Admin(handleViewAdminPage)).Methods("GET")
 	write.HandleFunc("/admin/update/config", handler.AdminApper(handleAdminUpdateConfig)).Methods("POST")
diff --git a/schema.sql b/schema.sql
index 3a797363..b3fae97a 100644
--- a/schema.sql
+++ b/schema.sql
@@ -225,7 +225,6 @@ CREATE TABLE IF NOT EXISTS `users` (
   `password` char(60) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL,
   `email` varbinary(255) DEFAULT NULL,
   `created` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
-  `suspended` tinyint(1) NOT NULL DEFAULT 0,
   PRIMARY KEY (`id`),
   UNIQUE KEY `username` (`username`)
 ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
diff --git a/sqlite.sql b/sqlite.sql
index 920ffeda..90989ed5 100644
--- a/sqlite.sql
+++ b/sqlite.sql
@@ -214,8 +214,7 @@ CREATE TABLE IF NOT EXISTS `users` (
   username TEXT NOT NULL UNIQUE,
   password TEXT NOT NULL,
   email TEXT DEFAULT NULL,
-  created DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
-  suspended INTEGER NOT NULL DEFAULT 0
+  created DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
 );
 
 -- --------------------------------------------------------
diff --git a/templates.go b/templates.go
index 6e9a0083..968845d7 100644
--- a/templates.go
+++ b/templates.go
@@ -11,10 +11,6 @@
 package writefreely
 
 import (
-	"github.com/dustin/go-humanize"
-	"github.com/writeas/web-core/l10n"
-	"github.com/writeas/web-core/log"
-	"github.com/writeas/writefreely/config"
 	"html/template"
 	"io"
 	"io/ioutil"
@@ -22,6 +18,11 @@ import (
 	"os"
 	"path/filepath"
 	"strings"
+
+	"github.com/dustin/go-humanize"
+	"github.com/writeas/web-core/l10n"
+	"github.com/writeas/web-core/log"
+	"github.com/writeas/writefreely/config"
 )
 
 var (
@@ -63,6 +64,7 @@ func initTemplate(parentDir, name string) {
 		filepath.Join(parentDir, templatesDir, name+".tmpl"),
 		filepath.Join(parentDir, templatesDir, "include", "footer.tmpl"),
 		filepath.Join(parentDir, templatesDir, "base.tmpl"),
+		filepath.Join(parentDir, templatesDir, "user", "include", "suspended.tmpl"),
 	}
 	if name == "collection" || name == "collection-tags" || name == "chorus-collection" {
 		// These pages list out collection posts, so we also parse templatesDir + "include/posts.tmpl"
@@ -86,6 +88,7 @@ func initPage(parentDir, path, key string) {
 		path,
 		filepath.Join(parentDir, templatesDir, "include", "footer.tmpl"),
 		filepath.Join(parentDir, templatesDir, "base.tmpl"),
+		filepath.Join(parentDir, templatesDir, "user", "include", "suspended.tmpl"),
 	))
 }
 
@@ -98,6 +101,7 @@ func initUserPage(parentDir, path, key string) {
 		path,
 		filepath.Join(parentDir, templatesDir, "user", "include", "header.tmpl"),
 		filepath.Join(parentDir, templatesDir, "user", "include", "footer.tmpl"),
+		filepath.Join(parentDir, templatesDir, "user", "include", "suspended.tmpl"),
 	))
 }
 
diff --git a/templates/chorus-collection-post.tmpl b/templates/chorus-collection-post.tmpl
index bab2e31f..58e514f0 100644
--- a/templates/chorus-collection-post.tmpl
+++ b/templates/chorus-collection-post.tmpl
@@ -65,6 +65,9 @@ article time.dt-published {
 
 		{{template "user-navigation" .}}
 		
+		{{if .Suspended}}
+			{{template "user-suspended"}}
+		{{end}}
 		<article id="post-body" class="{{.Font}} h-entry">{{if .IsScheduled}}<p class="badge">Scheduled</p>{{end}}{{if .Title.String}}<h2 id="title" class="p-name">{{.FormattedDisplayTitle}}</h2>{{end}}{{/* TODO: check format: if .Collection.Format.ShowDates*/}}<time class="dt-published" datetime="{{.Created}}" pubdate itemprop="datePublished" content="{{.Created}}">{{.DisplayDate}}</time><div class="e-content">{{.HTMLContent}}</div></article>
 
 		{{ if .Collection.ShowFooterBranding }}
diff --git a/templates/chorus-collection.tmpl b/templates/chorus-collection.tmpl
index e36d3b5e..5f4d418e 100644
--- a/templates/chorus-collection.tmpl
+++ b/templates/chorus-collection.tmpl
@@ -61,6 +61,9 @@ body#collection header nav.tabs a:first-child {
 	<body id="collection" itemscope itemtype="http://schema.org/WebPage">
 		{{template "user-navigation" .}}
 		
+		{{if .Suspended}}
+			{{template "user-suspended"}}
+		{{end}}
 		<header>
 		<h1 dir="{{.Direction}}" id="blog-title"><a href="/{{if .IsTopLevel}}{{else}}{{.Prefix}}{{.Alias}}/{{end}}" class="h-card p-author u-url" rel="me author">{{.DisplayTitle}}</a></h1>
 		{{if .Description}}<p class="description p-note">{{.Description}}</p>{{end}}
diff --git a/templates/collection-post.tmpl b/templates/collection-post.tmpl
index 7075226a..43988041 100644
--- a/templates/collection-post.tmpl
+++ b/templates/collection-post.tmpl
@@ -59,6 +59,9 @@
 			</nav>
 		</header>
 		
+		{{if .Suspended}}
+			{{template "user-suspended"}}
+		{{end}}
 		<article id="post-body" class="{{.Font}} h-entry {{if not .IsFound}}error-page{{end}}">{{if .IsScheduled}}<p class="badge">Scheduled</p>{{end}}{{if .Title.String}}<h2 id="title" class="p-name">{{.FormattedDisplayTitle}}</h2>{{end}}<div class="e-content">{{.HTMLContent}}</div></article>
 
 		{{ if .Collection.ShowFooterBranding }}
diff --git a/templates/collection-tags.tmpl b/templates/collection-tags.tmpl
index 7cad3b78..5e2e2d32 100644
--- a/templates/collection-tags.tmpl
+++ b/templates/collection-tags.tmpl
@@ -53,6 +53,9 @@
 			</nav>
 		</header>
 		
+		{{if .Suspended}}
+			{{template "user-suspended"}}
+		{{end}}
 		{{if .Posts}}<section id="wrapper" itemscope itemtype="http://schema.org/Blog">{{else}}<div id="wrapper">{{end}}
 			<h1>{{.Tag}}</h1>
 			{{template "posts" .}}
diff --git a/templates/collection.tmpl b/templates/collection.tmpl
index 36a266b7..5a33bbac 100644
--- a/templates/collection.tmpl
+++ b/templates/collection.tmpl
@@ -62,6 +62,9 @@
 		</ul></nav>{{end}}
 		
 		<header>
+		{{if .Suspended}}
+			{{template "user-suspended"}}
+		{{end}}
 		<h1 dir="{{.Direction}}" id="blog-title">{{if .Posts}}{{else}}<span class="writeas-prefix"><a href="/">write.as</a></span> {{end}}<a href="/{{if .IsTopLevel}}{{else}}{{.Prefix}}{{.Alias}}/{{end}}" class="h-card p-author u-url" rel="me author">{{.DisplayTitle}}</a></h1>
 		{{if .Description}}<p class="description p-note">{{.Description}}</p>{{end}}
 		{{/*if not .Public/*}}
diff --git a/templates/password-collection.tmpl b/templates/password-collection.tmpl
index e0b755d4..73c44653 100644
--- a/templates/password-collection.tmpl
+++ b/templates/password-collection.tmpl
@@ -25,6 +25,9 @@
 
 	</head>
 	<body id="collection" itemscope itemtype="http://schema.org/WebPage">
+		{{if .Suspended}}
+			{{template "user-supsended"}}
+		{{end}}
 		<header>
 		<h1 dir="{{.Direction}}" id="blog-title"><a href="/{{.Alias}}/" class="h-card p-author u-url" rel="me author">{{.DisplayTitle}}</a></h1>
 		</header>
diff --git a/templates/post.tmpl b/templates/post.tmpl
index dd1375ec..74135a3e 100644
--- a/templates/post.tmpl
+++ b/templates/post.tmpl
@@ -36,6 +36,9 @@
 	</head>
 	<body id="post">
 
+		{{if .Suspended}}
+			{{template "user-suspended"}}
+		{{end}}
 		<header>
 			<h1 dir="{{.Direction}}"><a href="/">{{.SiteName}}</a></h1>
 			<nav>
diff --git a/templates/user/admin/users.tmpl b/templates/user/admin/users.tmpl
index bcd3728f..6d5d6f75 100644
--- a/templates/user/admin/users.tmpl
+++ b/templates/user/admin/users.tmpl
@@ -21,7 +21,7 @@
 			<td style="text-align:center">
 				<a 
 				href="/admin/user/{{.Username}}#status"
-				title="View or change account status">{{if .Suspended}}suspended{{else}}active{{end}}</a></td>
+				title="View or change account status">{{if eq .Status 1}}suspended{{else}}active{{end}}</a></td>
 		</tr>
 		{{end}}
 	</table>
diff --git a/templates/user/admin/view-user.tmpl b/templates/user/admin/view-user.tmpl
index a3d96d5b..01eb1f05 100644
--- a/templates/user/admin/view-user.tmpl
+++ b/templates/user/admin/view-user.tmpl
@@ -57,10 +57,10 @@ td.active-suspend > input[type="submit"] {
 			<td>{{if .LastPost}}{{.LastPost}}{{else}}Never{{end}}</td>
 		</tr>
 		<tr>
-			<form action="/admin/user/{{.User.Username}}" method="POST">
+			<form action="/admin/user/{{.User.Username}}/status" method="POST">
 				<a id="status"/>
 				<th>Status</th>
-				{{if .User.Suspended}}
+				{{if eq .User.Status 1}}
 				<td class="active-suspend"><p>User is currently Suspended</p><input type="submit" value="Activate"/></td>
 				{{else}}
 				<td class="active-suspend">
diff --git a/templates/user/articles.tmpl b/templates/user/articles.tmpl
index 67d3e0b2..3edb89cb 100644
--- a/templates/user/articles.tmpl
+++ b/templates/user/articles.tmpl
@@ -6,6 +6,9 @@
 {{if .Flashes}}<ul class="errors">
 	{{range .Flashes}}<li class="urgent">{{.}}</li>{{end}}
 </ul>{{end}}
+{{if .Suspended}}
+	{{template "user-suspended"}}
+{{end}}
 
 <h2 id="posts-header">drafts</h2>
 
diff --git a/templates/user/collection.tmpl b/templates/user/collection.tmpl
index 8af3bdad..edd06c1f 100644
--- a/templates/user/collection.tmpl
+++ b/templates/user/collection.tmpl
@@ -8,6 +8,9 @@
 <div class="content-container snug">
 	<div id="overlay"></div>
 
+	{{if .Suspended}}
+		{{template "user-suspended"}}
+	{{end}}
 	<h2>Customize {{.DisplayTitle}} <a href="{{if .SingleUser}}/{{else}}/{{.Alias}}/{{end}}">view blog</a></h2>
 
 	{{if .Flashes}}<ul class="errors">
diff --git a/templates/user/collections.tmpl b/templates/user/collections.tmpl
index 481fd8f6..7f6e83ce 100644
--- a/templates/user/collections.tmpl
+++ b/templates/user/collections.tmpl
@@ -7,6 +7,9 @@
 	{{range .Flashes}}<li class="urgent">{{.}}</li>{{end}}
 </ul>{{end}}
 
+{{if .Suspended}}
+	{{template "user-suspended"}}
+{{end}}
 <h2>blogs</h2>
 <ul class="atoms collections">
 	{{range $i, $el := .Collections}}<li class="collection"><h3>
diff --git a/templates/user/include/suspended.tmpl b/templates/user/include/suspended.tmpl
new file mode 100644
index 00000000..b1e42c82
--- /dev/null
+++ b/templates/user/include/suspended.tmpl
@@ -0,0 +1,6 @@
+{{define "user-suspended"}}
+<div class="alert info">
+	<p>This account is currently suspended.</p>
+	<p>Please contact the instance administrator to discuss reactivation.</p>
+</div>
+{{end}}
diff --git a/templates/user/settings.tmpl b/templates/user/settings.tmpl
index 822d0916..d5cc33dd 100644
--- a/templates/user/settings.tmpl
+++ b/templates/user/settings.tmpl
@@ -7,17 +7,14 @@ h3 { font-weight: normal; }
 .section > *:not(input) { font-size: 0.86em; }
 </style>
 <div class="content-container snug regular">
+	{{if .Suspended}}
+		{{template "user-suspended"}}
+	{{end}}
 	<h2>{{if .IsLogOut}}Before you go...{{else}}Account Settings {{if .IsAdmin}}<a href="/admin">admin settings</a>{{end}}{{end}}</h2>
 	{{if .Flashes}}<ul class="errors">
 		{{range .Flashes}}<li class="urgent">{{.}}</li>{{end}}
 	</ul>{{end}}
 
-	{{if .Suspended}}
-	<div class="alert info">
-		<p>This account is currently suspended.</p>
-		<p>Please contact the instance administrator to discuss reactivation.</p>
-	</div>
-	{{end}}
 	{{ if .IsLogOut }}
 	<div class="alert info">
 		<p class="introduction">Please add an <strong>email address</strong> and/or <strong>passphrase</strong> so you can log in again later.</p>
diff --git a/templates/user/stats.tmpl b/templates/user/stats.tmpl
index f5588fba..705f1e03 100644
--- a/templates/user/stats.tmpl
+++ b/templates/user/stats.tmpl
@@ -17,6 +17,9 @@ td.none {
 </style>
 
 <div class="content-container snug">
+	{{if .Suspended}}
+		{{template "user-suspended"}}
+	{{end}}
 	<h2 id="posts-header">{{if .Collection}}{{.Collection.DisplayTitle}} {{end}}Stats</h2>
 
 	<p>Stats for all time.</p>
diff --git a/users.go b/users.go
index e8be2525..05b5bb4b 100644
--- a/users.go
+++ b/users.go
@@ -19,6 +19,13 @@ import (
 	"github.com/writeas/writefreely/key"
 )
 
+type UserStatus int
+
+const (
+	UserActive = iota
+	UserSuspended
+)
+
 type (
 	userCredentials struct {
 		Alias string `json:"alias" schema:"alias"`
@@ -59,7 +66,7 @@ type (
 		HasPass    bool        `json:"has_pass"`
 		Email      zero.String `json:"email"`
 		Created    time.Time   `json:"created"`
-		Suspended  bool        `json:"suspended"`
+		Status     UserStatus  `json:"status"`
 
 		clearEmail string `json:"email"`
 	}

From 5429ca4ab09258c264468d510dd6246abe385d9e Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Fri, 25 Oct 2019 13:40:32 -0700
Subject: [PATCH 04/31] add check for suspended user on single posts

also fix logic bug in posts.go viewCollectionPost checking the page
owner
---
 posts.go | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/posts.go b/posts.go
index 15d93c8d..6974a4fa 100644
--- a/posts.go
+++ b/posts.go
@@ -387,10 +387,6 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
 		return ErrInternalGeneral
 	}
 
-	if suspended {
-		return ErrPostNotFound
-	}
-
 	// Check if post has been unpublished
 	if content == "" {
 		gone = true
@@ -438,9 +434,10 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
 		page := struct {
 			*AnonymousPost
 			page.StaticPage
-			Username string
-			IsOwner  bool
-			SiteURL  string
+			Username  string
+			IsOwner   bool
+			SiteURL   string
+			Suspended bool
 		}{
 			AnonymousPost: post,
 			StaticPage:    pageForReq(app, r),
@@ -451,6 +448,10 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
 			page.IsOwner = ownerID.Valid && ownerID.Int64 == u.ID
 		}
 
+		if !page.IsOwner && suspended {
+			return ErrPostNotFound
+		}
+		page.Suspended = suspended
 		err = templates["post"].ExecuteTemplate(w, "post", page)
 		if err != nil {
 			log.Error("Post template execute error: %v", err)
@@ -1389,7 +1390,7 @@ Are you sure it was ever here?`,
 			return err
 		}
 	}
-	p.IsOwner = owner != nil && p.OwnerID.Valid && owner.ID == p.OwnerID.Int64
+	p.IsOwner = owner != nil && p.OwnerID.Valid && u.ID == p.OwnerID.Int64
 	p.Collection = coll
 	p.IsTopLevel = app.cfg.App.SingleUser
 

From da7dcfee6affa0dc02255bcbd6669dce606dbd26 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 7 Nov 2019 14:07:00 +0900
Subject: [PATCH 05/31] Move admin template IsSuspended logic into method

This adds a User.IsSuspended() method and uses it when displaying the
user's status on admin pages, instead of doing a magic number check.
This should also help in the future, in case this logic ever changes.

Ref T661
---
 templates/user/admin/users.tmpl     |  5 ++---
 templates/user/admin/view-user.tmpl | 11 ++++++-----
 users.go                            |  4 ++++
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/templates/user/admin/users.tmpl b/templates/user/admin/users.tmpl
index 6d5d6f75..03a3f6c0 100644
--- a/templates/user/admin/users.tmpl
+++ b/templates/user/admin/users.tmpl
@@ -19,9 +19,8 @@
 			<td>{{.CreatedFriendly}}</td>
 			<td style="text-align:center">{{if .IsAdmin}}Admin{{else}}User{{end}}</td>
 			<td style="text-align:center">
-				<a 
-				href="/admin/user/{{.Username}}#status"
-				title="View or change account status">{{if eq .Status 1}}suspended{{else}}active{{end}}</a></td>
+				<a href="/admin/user/{{.Username}}#status" title="View or change account status">{{if .IsSuspended}}suspended{{else}}active{{end}}</a>
+			</td>
 		</tr>
 		{{end}}
 	</table>
diff --git a/templates/user/admin/view-user.tmpl b/templates/user/admin/view-user.tmpl
index 01eb1f05..9226c399 100644
--- a/templates/user/admin/view-user.tmpl
+++ b/templates/user/admin/view-user.tmpl
@@ -60,14 +60,15 @@ td.active-suspend > input[type="submit"] {
 			<form action="/admin/user/{{.User.Username}}/status" method="POST">
 				<a id="status"/>
 				<th>Status</th>
-				{{if eq .User.Status 1}}
-				<td class="active-suspend"><p>User is currently Suspended</p><input type="submit" value="Activate"/></td>
-				{{else}}
 				<td class="active-suspend">
-					<p>User is currently Active</p>
+				{{if .User.IsSuspended}}
+					<p>Suspended</p>
+					<input type="submit" value="Activate"/>
+				{{else}}
+					<p>Active</p>
 					<input class="danger" type="submit" value="Suspend" {{if .User.IsAdmin}}disabled{{end}}/>
-				</td>
 				{{end}}
+				</td>
 			</form>
 		</tr>
 	</table>
diff --git a/users.go b/users.go
index 05b5bb4b..5eb2e61e 100644
--- a/users.go
+++ b/users.go
@@ -126,3 +126,7 @@ func (u *User) IsAdmin() bool {
 	// TODO: get this from database
 	return u.ID == 1
 }
+
+func (u *User) IsSuspended() bool {
+	return u.Status&UserSuspended != 0
+}

From c9f72198310078a01ee00810210a22a1493c6fe1 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 7 Nov 2019 16:49:52 +0900
Subject: [PATCH 06/31] Move user status in list out of <a>

The link here is a little redundant, and might make people think that it
actually changes the status by clicking on it.
---
 templates/user/admin/users.tmpl | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/templates/user/admin/users.tmpl b/templates/user/admin/users.tmpl
index 03a3f6c0..df840b28 100644
--- a/templates/user/admin/users.tmpl
+++ b/templates/user/admin/users.tmpl
@@ -18,9 +18,7 @@
 			<td><a href="/admin/user/{{.Username}}">{{.Username}}</a></td>
 			<td>{{.CreatedFriendly}}</td>
 			<td style="text-align:center">{{if .IsAdmin}}Admin{{else}}User{{end}}</td>
-			<td style="text-align:center">
-				<a href="/admin/user/{{.Username}}#status" title="View or change account status">{{if .IsSuspended}}suspended{{else}}active{{end}}</a>
-			</td>
+			<td style="text-align:center">{{if .IsSuspended}}Suspended{{else}}Active{{end}}</td>
 		</tr>
 		{{end}}
 	</table>

From 280c32afdce41c473a5844ee6553ff03544750f6 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 7 Nov 2019 16:59:02 +0900
Subject: [PATCH 07/31] Confirm suspension before submitting the form

This also includes a bit of explanation about what suspending a user
actually does.

Ref T661
---
 templates/user/admin/view-user.tmpl | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/templates/user/admin/view-user.tmpl b/templates/user/admin/view-user.tmpl
index 9226c399..3b13c334 100644
--- a/templates/user/admin/view-user.tmpl
+++ b/templates/user/admin/view-user.tmpl
@@ -57,7 +57,7 @@ td.active-suspend > input[type="submit"] {
 			<td>{{if .LastPost}}{{.LastPost}}{{else}}Never{{end}}</td>
 		</tr>
 		<tr>
-			<form action="/admin/user/{{.User.Username}}/status" method="POST">
+			<form action="/admin/user/{{.User.Username}}/status" method="POST" {{if not .User.IsSuspended}}onsubmit="return confirmSuspend()"{{end}}>
 				<a id="status"/>
 				<th>Status</th>
 				<td class="active-suspend">
@@ -116,5 +116,11 @@ td.active-suspend > input[type="submit"] {
 	{{end}}
 </div>
 
+<script type="text/javascript">
+function confirmSuspend() {
+	return confirm("Suspend this user? They'll still be able to log in and access their posts, but no one else will be able to see them anymore. You can reverse this decision at any time.");
+}
+</script>
+
 {{template "footer" .}}
 {{end}}

From 619b10c3e5f4f4e28752dbe302a632ea92c0d84a Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 7 Nov 2019 17:09:43 +0900
Subject: [PATCH 08/31] Fix "suspended" message location on Drafts

Previously it was above the header.

Ref T661
---
 templates/post.tmpl | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/templates/post.tmpl b/templates/post.tmpl
index 74135a3e..52d53a99 100644
--- a/templates/post.tmpl
+++ b/templates/post.tmpl
@@ -35,10 +35,6 @@
 		{{template "highlighting" .}}
 	</head>
 	<body id="post">
-
-		{{if .Suspended}}
-			{{template "user-suspended"}}
-		{{end}}
 		<header>
 			<h1 dir="{{.Direction}}"><a href="/">{{.SiteName}}</a></h1>
 			<nav>
@@ -52,6 +48,10 @@
 				{{ end }}
 			</nav>
 		</header>
+
+		{{if .Suspended}}
+			{{template "user-suspended"}}
+		{{end}}
 		
 		<article class="{{.Font}} h-entry">{{if .Title}}<h2 id="title" class="p-name">{{.Title}}</h2>{{end}}{{ if .IsPlainText }}<p id="post-body" class="e-content">{{.Content}}</p>{{ else }}<div id="post-body" class="e-content">{{.HTMLContent}}</div>{{ end }}</article>
 

From e1149cd1e95154e4e72aca606e5582ad5dcbc7cf Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 7 Nov 2019 17:24:04 +0900
Subject: [PATCH 09/31] Fix URLs in CSV exports

This includes the instance's hostname in calls to export a CSV file and
PublicPost.CanonicalURL().

It also fixes a panic in that method during CSV export caused by draft
posts.
---
 account.go | 2 +-
 export.go  | 5 +++--
 posts.go   | 6 +++---
 read.go    | 2 +-
 4 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/account.go b/account.go
index 920fc9de..180e9b03 100644
--- a/account.go
+++ b/account.go
@@ -625,7 +625,7 @@ func viewExportPosts(app *App, w http.ResponseWriter, r *http.Request) ([]byte,
 
 	// Export as CSV
 	if strings.HasSuffix(r.URL.Path, ".csv") {
-		data = exportPostsCSV(u, posts)
+		data = exportPostsCSV(app.cfg.App.Host, u, posts)
 		return data, filename, err
 	}
 	if strings.HasSuffix(r.URL.Path, ".zip") {
diff --git a/export.go b/export.go
index 3b5ac493..592bc0c2 100644
--- a/export.go
+++ b/export.go
@@ -20,7 +20,7 @@ import (
 	"github.com/writeas/web-core/log"
 )
 
-func exportPostsCSV(u *User, posts *[]PublicPost) []byte {
+func exportPostsCSV(hostName string, u *User, posts *[]PublicPost) []byte {
 	var b bytes.Buffer
 
 	r := [][]string{
@@ -30,8 +30,9 @@ func exportPostsCSV(u *User, posts *[]PublicPost) []byte {
 		var blog string
 		if p.Collection != nil {
 			blog = p.Collection.Alias
+			p.Collection.hostName = hostName
 		}
-		f := []string{p.ID, p.Slug.String, blog, p.CanonicalURL(), p.Created8601(), p.Title.String, strings.Replace(p.Content, "\n", "\\n", -1)}
+		f := []string{p.ID, p.Slug.String, blog, p.CanonicalURL(hostName), p.Created8601(), p.Title.String, strings.Replace(p.Content, "\n", "\\n", -1)}
 		r = append(r, f)
 	}
 
diff --git a/posts.go b/posts.go
index 1f35edad..d0042968 100644
--- a/posts.go
+++ b/posts.go
@@ -1061,9 +1061,9 @@ func (p *Post) processPost() PublicPost {
 	return *res
 }
 
-func (p *PublicPost) CanonicalURL() string {
+func (p *PublicPost) CanonicalURL(hostName string) string {
 	if p.Collection == nil || p.Collection.Alias == "" {
-		return p.Collection.hostName + "/" + p.ID
+		return hostName + "/" + p.ID
 	}
 	return p.Collection.CanonicalURL() + p.Slug.String
 }
@@ -1072,7 +1072,7 @@ func (p *PublicPost) ActivityObject(cfg *config.Config) *activitystreams.Object
 	o := activitystreams.NewArticleObject()
 	o.ID = p.Collection.FederatedAPIBase() + "api/posts/" + p.ID
 	o.Published = p.Created
-	o.URL = p.CanonicalURL()
+	o.URL = p.CanonicalURL(cfg.App.Host)
 	o.AttributedTo = p.Collection.FederatedAccount()
 	o.CC = []string{
 		p.Collection.FederatedAccount() + "/followers",
diff --git a/read.go b/read.go
index ec0305ab..df24621c 100644
--- a/read.go
+++ b/read.go
@@ -293,7 +293,7 @@ func viewLocalTimelineFeed(app *App, w http.ResponseWriter, req *http.Request) e
 		}
 
 		title = p.PlainDisplayTitle()
-		permalink = p.CanonicalURL()
+		permalink = p.CanonicalURL(app.cfg.App.Host)
 		if p.Collection != nil {
 			author = p.Collection.Title
 		} else {

From c0b75f6b65e375b04a100ca6b9963e579d4282d5 Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Fri, 8 Nov 2019 08:47:03 -0800
Subject: [PATCH 10/31] pass hostname to canonical url in post templates

the change to take a hostname in Post.CanonicalURL broke a few template
using that function. This adds a Hostname string to the Post being
passed to templates and passes it to calls to Post.CanonicalURL
---
 posts.go                              | 2 ++
 templates/chorus-collection-post.tmpl | 6 +++---
 templates/chorus-collection.tmpl      | 2 +-
 templates/collection-post.tmpl        | 6 +++---
 templates/collection-tags.tmpl        | 2 +-
 templates/collection.tmpl             | 2 +-
 templates/read.tmpl                   | 8 ++++----
 7 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/posts.go b/posts.go
index d0042968..6cb76a23 100644
--- a/posts.go
+++ b/posts.go
@@ -1380,12 +1380,14 @@ Are you sure it was ever here?`,
 			IsFound        bool
 			IsAdmin        bool
 			CanInvite      bool
+			Hostname       string
 		}{
 			PublicPost:     p,
 			StaticPage:     pageForReq(app, r),
 			IsOwner:        cr.isCollOwner,
 			IsCustomDomain: cr.isCustomDomain,
 			IsFound:        postFound,
+			Hostname:       app.cfg.App.Host,
 		}
 		tp.IsAdmin = u != nil && u.IsAdmin()
 		tp.CanInvite = canUserInvite(app.cfg, tp.IsAdmin)
diff --git a/templates/chorus-collection-post.tmpl b/templates/chorus-collection-post.tmpl
index bab2e31f..d229c621 100644
--- a/templates/chorus-collection-post.tmpl
+++ b/templates/chorus-collection-post.tmpl
@@ -8,7 +8,7 @@
 		<link rel="stylesheet" type="text/css" href="/css/write.css" />
 		<link rel="shortcut icon" href="/favicon.ico" />
 		<meta name="viewport" content="width=device-width, initial-scale=1.0" />
-		<link rel="canonical" href="{{.CanonicalURL}}" />
+		<link rel="canonical" href="{{.CanonicalURL .Hostname}}" />
 		<meta name="generator" content="WriteFreely">
 		<meta name="title" content="{{.PlainDisplayTitle}} {{localhtml "title dash" .Language.String}} {{if .Collection.Title}}{{.Collection.Title}}{{else}}{{.Collection.Alias}}{{end}}">
 		<meta name="description" content="{{.Summary}}">
@@ -25,7 +25,7 @@
 		<meta property="og:description" content="{{.Summary}}" />
 		<meta property="og:site_name" content="{{.Collection.DisplayTitle}}" />
 		<meta property="og:type" content="article" />
-		<meta property="og:url" content="{{.CanonicalURL}}" />
+		<meta property="og:url" content="{{.CanonicalURL .Hostname}}" />
 		<meta property="og:updated_time" content="{{.Created8601}}" />
 		{{range .Images}}<meta property="og:image" content="{{.}}" />{{else}}<meta property="og:image" content="{{.Collection.AvatarURL}}">{{end}}
 		<meta property="article:published_time" content="{{.Created8601}}">
@@ -77,7 +77,7 @@ article time.dt-published {
 			</p>
 			<nav>
 				{{if .PinnedPosts}}
-				{{range .PinnedPosts}}<a class="pinned{{if eq .Slug.String $.Slug.String}} selected{{end}}" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}
+				{{range .PinnedPosts}}<a class="pinned{{if eq .Slug.String $.Slug.String}} selected{{end}}" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}
 				{{end}}
 			</nav>
 			<hr>
diff --git a/templates/chorus-collection.tmpl b/templates/chorus-collection.tmpl
index e36d3b5e..ebee403f 100644
--- a/templates/chorus-collection.tmpl
+++ b/templates/chorus-collection.tmpl
@@ -68,7 +68,7 @@ body#collection header nav.tabs a:first-child {
 			<!--p class="meta-note"><span>Private collection</span>. Only you can see this page.</p-->
 		{{/*end*/}}
 		{{if .PinnedPosts}}<nav class="pinned-posts">
-			{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}</nav>
+			{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}</nav>
 		{{end}}
 		</header>
 		
diff --git a/templates/collection-post.tmpl b/templates/collection-post.tmpl
index 7075226a..a4084b3e 100644
--- a/templates/collection-post.tmpl
+++ b/templates/collection-post.tmpl
@@ -9,7 +9,7 @@
 		<link rel="shortcut icon" href="/favicon.ico" />
 		<meta name="viewport" content="width=device-width, initial-scale=1.0" />
 		{{ if .IsFound }}
-		<link rel="canonical" href="{{.CanonicalURL}}" />
+		<link rel="canonical" href="{{.CanonicalURL .Hostname}}" />
 		<meta name="generator" content="WriteFreely">
 		<meta name="title" content="{{.PlainDisplayTitle}} {{localhtml "title dash" .Language.String}} {{if .Collection.Title}}{{.Collection.Title}}{{else}}{{.Collection.Alias}}{{end}}">
 		<meta name="description" content="{{.Summary}}">
@@ -26,7 +26,7 @@
 		<meta property="og:description" content="{{.Summary}}" />
 		<meta property="og:site_name" content="{{.Collection.DisplayTitle}}" />
 		<meta property="og:type" content="article" />
-		<meta property="og:url" content="{{.CanonicalURL}}" />
+		<meta property="og:url" content="{{.CanonicalURL .Hostname}}" />
 		<meta property="og:updated_time" content="{{.Created8601}}" />
 		{{range .Images}}<meta property="og:image" content="{{.}}" />{{else}}<meta property="og:image" content="{{.Collection.AvatarURL}}">{{end}}
 		<meta property="article:published_time" content="{{.Created8601}}">
@@ -50,7 +50,7 @@
 		<h1 dir="{{.Direction}}" id="blog-title"><a rel="author" href="{{if .IsTopLevel}}/{{else}}/{{.Collection.Alias}}/{{end}}" class="h-card p-author">{{.Collection.DisplayTitle}}</a></h1>
 			<nav>
 				{{if .PinnedPosts}}
-				{{range .PinnedPosts}}<a class="pinned{{if eq .Slug.String $.Slug.String}} selected{{end}}" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}
+				{{range .PinnedPosts}}<a class="pinned{{if eq .Slug.String $.Slug.String}} selected{{end}}" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}
 				{{end}}
 				{{ if and .IsOwner .IsFound }}<span class="views" dir="ltr"><strong>{{largeNumFmt .Views}}</strong> {{pluralize "view" "views" .Views}}</span>
 				<a class="xtra-feature" href="/{{if not .SingleUser}}{{.Collection.Alias}}/{{end}}{{.Slug.String}}/edit" dir="{{.Direction}}">Edit</a>
diff --git a/templates/collection-tags.tmpl b/templates/collection-tags.tmpl
index 7cad3b78..039e0718 100644
--- a/templates/collection-tags.tmpl
+++ b/templates/collection-tags.tmpl
@@ -48,7 +48,7 @@
 		<h1 dir="{{.Direction}}" id="blog-title"><a href="{{if .IsTopLevel}}/{{else}}/{{.Collection.Alias}}/{{end}}" class="h-card p-author">{{.Collection.DisplayTitle}}</a></h1>
 			<nav>
 				{{if .PinnedPosts}}
-				{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL}}{{end}}">{{.DisplayTitle}}</a>{{end}}
+				{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}{{end}}">{{.DisplayTitle}}</a>{{end}}
 				{{end}}
 			</nav>
 		</header>
diff --git a/templates/collection.tmpl b/templates/collection.tmpl
index 36a266b7..fa66f691 100644
--- a/templates/collection.tmpl
+++ b/templates/collection.tmpl
@@ -68,7 +68,7 @@
 			<!--p class="meta-note"><span>Private collection</span>. Only you can see this page.</p-->
 		{{/*end*/}}
 		{{if .PinnedPosts}}<nav>
-			{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}</nav>
+			{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}</nav>
 		{{end}}
 		</header>
 		
diff --git a/templates/read.tmpl b/templates/read.tmpl
index 9541ab52..91fbeb40 100644
--- a/templates/read.tmpl
+++ b/templates/read.tmpl
@@ -87,17 +87,17 @@
 		{{ if gt (len .Posts) 0 }}
 		<section itemscope itemtype="http://schema.org/Blog">
 			{{range .Posts}}<article class="{{.Font}} h-entry" itemscope itemtype="http://schema.org/BlogPosting">
-			{{if .Title.String}}<h2 class="post-title" itemprop="name" class="p-name"><a href="{{if .Slug.String}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL}}.md{{end}}" itemprop="url" class="u-url">{{.PlainDisplayTitle}}</a></h2>
+			{{if .Title.String}}<h2 class="post-title" itemprop="name" class="p-name"><a href="{{if .Slug.String}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}.md{{end}}" itemprop="url" class="u-url">{{.PlainDisplayTitle}}</a></h2>
 			<time class="dt-published" datetime="{{.Created}}" pubdate itemprop="datePublished" content="{{.Created}}">{{if not .Title.String}}<a href="{{.Collection.CanonicalURL}}{{.Slug.String}}" itemprop="url">{{end}}{{.DisplayDate}}{{if not .Title.String}}</a>{{end}}</time>
 			{{else}}
-			<h2 class="post-title" itemprop="name"><time class="dt-published" datetime="{{.Created}}" pubdate itemprop="datePublished" content="{{.Created}}"><a href="{{if .Collection}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL}}.md{{end}}" itemprop="url" class="u-url">{{.DisplayDate}}</a></time></h2>
+			<h2 class="post-title" itemprop="name"><time class="dt-published" datetime="{{.Created}}" pubdate itemprop="datePublished" content="{{.Created}}"><a href="{{if .Collection}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}.md{{end}}" itemprop="url" class="u-url">{{.DisplayDate}}</a></time></h2>
 			{{end}}
 			<p class="source">{{if .Collection}}from <a href="{{.Collection.CanonicalURL}}">{{.Collection.DisplayTitle}}</a>{{else}}<em>Anonymous</em>{{end}}</p>
 			{{if .Excerpt}}<div class="p-summary" {{if .Language}}lang="{{.Language.String}}"{{end}} dir="{{.Direction}}">{{.Excerpt}}</div>
 		
-			<a class="read-more" href="{{if .Collection}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL}}.md{{end}}">{{localstr "Read more..." .Language.String}}</a>{{else}}<div class="e-content preview" {{if .Language}}lang="{{.Language.String}}"{{end}} dir="{{.Direction}}">{{ if not .HTMLContent }}<p id="post-body" class="e-content preview">{{.Content}}</p>{{ else }}{{.HTMLContent}}{{ end }}<div class="over">&nbsp;</div></div>
+			<a class="read-more" href="{{if .Collection}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}.md{{end}}">{{localstr "Read more..." .Language.String}}</a>{{else}}<div class="e-content preview" {{if .Language}}lang="{{.Language.String}}"{{end}} dir="{{.Direction}}">{{ if not .HTMLContent }}<p id="post-body" class="e-content preview">{{.Content}}</p>{{ else }}{{.HTMLContent}}{{ end }}<div class="over">&nbsp;</div></div>
 			
-			<a class="read-more maybe" href="{{if .Collection}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL}}.md{{end}}">{{localstr "Read more..." .Language.String}}</a>{{end}}</article>
+			<a class="read-more maybe" href="{{if .Collection}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}.md{{end}}">{{localstr "Read more..." .Language.String}}</a>{{end}}</article>
 			{{end}}
 		</section>
 		{{ else }}

From f66d5bf1e8fa35330f52c2bb6b58f9720831029b Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Sat, 9 Nov 2019 11:41:39 -0800
Subject: [PATCH 11/31] use .Host instead of adding .Hostname

---
 posts.go                              | 2 --
 templates/chorus-collection-post.tmpl | 6 +++---
 templates/chorus-collection.tmpl      | 2 +-
 templates/collection-post.tmpl        | 6 +++---
 templates/collection-tags.tmpl        | 2 +-
 templates/collection.tmpl             | 2 +-
 templates/read.tmpl                   | 8 ++++----
 7 files changed, 13 insertions(+), 15 deletions(-)

diff --git a/posts.go b/posts.go
index 6cb76a23..d0042968 100644
--- a/posts.go
+++ b/posts.go
@@ -1380,14 +1380,12 @@ Are you sure it was ever here?`,
 			IsFound        bool
 			IsAdmin        bool
 			CanInvite      bool
-			Hostname       string
 		}{
 			PublicPost:     p,
 			StaticPage:     pageForReq(app, r),
 			IsOwner:        cr.isCollOwner,
 			IsCustomDomain: cr.isCustomDomain,
 			IsFound:        postFound,
-			Hostname:       app.cfg.App.Host,
 		}
 		tp.IsAdmin = u != nil && u.IsAdmin()
 		tp.CanInvite = canUserInvite(app.cfg, tp.IsAdmin)
diff --git a/templates/chorus-collection-post.tmpl b/templates/chorus-collection-post.tmpl
index d229c621..18fb632f 100644
--- a/templates/chorus-collection-post.tmpl
+++ b/templates/chorus-collection-post.tmpl
@@ -8,7 +8,7 @@
 		<link rel="stylesheet" type="text/css" href="/css/write.css" />
 		<link rel="shortcut icon" href="/favicon.ico" />
 		<meta name="viewport" content="width=device-width, initial-scale=1.0" />
-		<link rel="canonical" href="{{.CanonicalURL .Hostname}}" />
+		<link rel="canonical" href="{{.CanonicalURL .Host}}" />
 		<meta name="generator" content="WriteFreely">
 		<meta name="title" content="{{.PlainDisplayTitle}} {{localhtml "title dash" .Language.String}} {{if .Collection.Title}}{{.Collection.Title}}{{else}}{{.Collection.Alias}}{{end}}">
 		<meta name="description" content="{{.Summary}}">
@@ -25,7 +25,7 @@
 		<meta property="og:description" content="{{.Summary}}" />
 		<meta property="og:site_name" content="{{.Collection.DisplayTitle}}" />
 		<meta property="og:type" content="article" />
-		<meta property="og:url" content="{{.CanonicalURL .Hostname}}" />
+		<meta property="og:url" content="{{.CanonicalURL .Host}}" />
 		<meta property="og:updated_time" content="{{.Created8601}}" />
 		{{range .Images}}<meta property="og:image" content="{{.}}" />{{else}}<meta property="og:image" content="{{.Collection.AvatarURL}}">{{end}}
 		<meta property="article:published_time" content="{{.Created8601}}">
@@ -77,7 +77,7 @@ article time.dt-published {
 			</p>
 			<nav>
 				{{if .PinnedPosts}}
-				{{range .PinnedPosts}}<a class="pinned{{if eq .Slug.String $.Slug.String}} selected{{end}}" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}
+				{{range .PinnedPosts}}<a class="pinned{{if eq .Slug.String $.Slug.String}} selected{{end}}" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}
 				{{end}}
 			</nav>
 			<hr>
diff --git a/templates/chorus-collection.tmpl b/templates/chorus-collection.tmpl
index ebee403f..14d5fbd1 100644
--- a/templates/chorus-collection.tmpl
+++ b/templates/chorus-collection.tmpl
@@ -68,7 +68,7 @@ body#collection header nav.tabs a:first-child {
 			<!--p class="meta-note"><span>Private collection</span>. Only you can see this page.</p-->
 		{{/*end*/}}
 		{{if .PinnedPosts}}<nav class="pinned-posts">
-			{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}</nav>
+			{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}</nav>
 		{{end}}
 		</header>
 		
diff --git a/templates/collection-post.tmpl b/templates/collection-post.tmpl
index a4084b3e..4af5cb83 100644
--- a/templates/collection-post.tmpl
+++ b/templates/collection-post.tmpl
@@ -9,7 +9,7 @@
 		<link rel="shortcut icon" href="/favicon.ico" />
 		<meta name="viewport" content="width=device-width, initial-scale=1.0" />
 		{{ if .IsFound }}
-		<link rel="canonical" href="{{.CanonicalURL .Hostname}}" />
+		<link rel="canonical" href="{{.CanonicalURL .Host}}" />
 		<meta name="generator" content="WriteFreely">
 		<meta name="title" content="{{.PlainDisplayTitle}} {{localhtml "title dash" .Language.String}} {{if .Collection.Title}}{{.Collection.Title}}{{else}}{{.Collection.Alias}}{{end}}">
 		<meta name="description" content="{{.Summary}}">
@@ -26,7 +26,7 @@
 		<meta property="og:description" content="{{.Summary}}" />
 		<meta property="og:site_name" content="{{.Collection.DisplayTitle}}" />
 		<meta property="og:type" content="article" />
-		<meta property="og:url" content="{{.CanonicalURL .Hostname}}" />
+		<meta property="og:url" content="{{.CanonicalURL .Host}}" />
 		<meta property="og:updated_time" content="{{.Created8601}}" />
 		{{range .Images}}<meta property="og:image" content="{{.}}" />{{else}}<meta property="og:image" content="{{.Collection.AvatarURL}}">{{end}}
 		<meta property="article:published_time" content="{{.Created8601}}">
@@ -50,7 +50,7 @@
 		<h1 dir="{{.Direction}}" id="blog-title"><a rel="author" href="{{if .IsTopLevel}}/{{else}}/{{.Collection.Alias}}/{{end}}" class="h-card p-author">{{.Collection.DisplayTitle}}</a></h1>
 			<nav>
 				{{if .PinnedPosts}}
-				{{range .PinnedPosts}}<a class="pinned{{if eq .Slug.String $.Slug.String}} selected{{end}}" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}
+				{{range .PinnedPosts}}<a class="pinned{{if eq .Slug.String $.Slug.String}} selected{{end}}" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}
 				{{end}}
 				{{ if and .IsOwner .IsFound }}<span class="views" dir="ltr"><strong>{{largeNumFmt .Views}}</strong> {{pluralize "view" "views" .Views}}</span>
 				<a class="xtra-feature" href="/{{if not .SingleUser}}{{.Collection.Alias}}/{{end}}{{.Slug.String}}/edit" dir="{{.Direction}}">Edit</a>
diff --git a/templates/collection-tags.tmpl b/templates/collection-tags.tmpl
index 039e0718..ff9c2b96 100644
--- a/templates/collection-tags.tmpl
+++ b/templates/collection-tags.tmpl
@@ -48,7 +48,7 @@
 		<h1 dir="{{.Direction}}" id="blog-title"><a href="{{if .IsTopLevel}}/{{else}}/{{.Collection.Alias}}/{{end}}" class="h-card p-author">{{.Collection.DisplayTitle}}</a></h1>
 			<nav>
 				{{if .PinnedPosts}}
-				{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}{{end}}">{{.DisplayTitle}}</a>{{end}}
+				{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}{{end}}">{{.DisplayTitle}}</a>{{end}}
 				{{end}}
 			</nav>
 		</header>
diff --git a/templates/collection.tmpl b/templates/collection.tmpl
index fa66f691..34eb0764 100644
--- a/templates/collection.tmpl
+++ b/templates/collection.tmpl
@@ -68,7 +68,7 @@
 			<!--p class="meta-note"><span>Private collection</span>. Only you can see this page.</p-->
 		{{/*end*/}}
 		{{if .PinnedPosts}}<nav>
-			{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}</nav>
+			{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}</nav>
 		{{end}}
 		</header>
 		
diff --git a/templates/read.tmpl b/templates/read.tmpl
index 91fbeb40..f1cbf291 100644
--- a/templates/read.tmpl
+++ b/templates/read.tmpl
@@ -87,17 +87,17 @@
 		{{ if gt (len .Posts) 0 }}
 		<section itemscope itemtype="http://schema.org/Blog">
 			{{range .Posts}}<article class="{{.Font}} h-entry" itemscope itemtype="http://schema.org/BlogPosting">
-			{{if .Title.String}}<h2 class="post-title" itemprop="name" class="p-name"><a href="{{if .Slug.String}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}.md{{end}}" itemprop="url" class="u-url">{{.PlainDisplayTitle}}</a></h2>
+			{{if .Title.String}}<h2 class="post-title" itemprop="name" class="p-name"><a href="{{if .Slug.String}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}.md{{end}}" itemprop="url" class="u-url">{{.PlainDisplayTitle}}</a></h2>
 			<time class="dt-published" datetime="{{.Created}}" pubdate itemprop="datePublished" content="{{.Created}}">{{if not .Title.String}}<a href="{{.Collection.CanonicalURL}}{{.Slug.String}}" itemprop="url">{{end}}{{.DisplayDate}}{{if not .Title.String}}</a>{{end}}</time>
 			{{else}}
-			<h2 class="post-title" itemprop="name"><time class="dt-published" datetime="{{.Created}}" pubdate itemprop="datePublished" content="{{.Created}}"><a href="{{if .Collection}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}.md{{end}}" itemprop="url" class="u-url">{{.DisplayDate}}</a></time></h2>
+			<h2 class="post-title" itemprop="name"><time class="dt-published" datetime="{{.Created}}" pubdate itemprop="datePublished" content="{{.Created}}"><a href="{{if .Collection}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}.md{{end}}" itemprop="url" class="u-url">{{.DisplayDate}}</a></time></h2>
 			{{end}}
 			<p class="source">{{if .Collection}}from <a href="{{.Collection.CanonicalURL}}">{{.Collection.DisplayTitle}}</a>{{else}}<em>Anonymous</em>{{end}}</p>
 			{{if .Excerpt}}<div class="p-summary" {{if .Language}}lang="{{.Language.String}}"{{end}} dir="{{.Direction}}">{{.Excerpt}}</div>
 		
-			<a class="read-more" href="{{if .Collection}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}.md{{end}}">{{localstr "Read more..." .Language.String}}</a>{{else}}<div class="e-content preview" {{if .Language}}lang="{{.Language.String}}"{{end}} dir="{{.Direction}}">{{ if not .HTMLContent }}<p id="post-body" class="e-content preview">{{.Content}}</p>{{ else }}{{.HTMLContent}}{{ end }}<div class="over">&nbsp;</div></div>
+			<a class="read-more" href="{{if .Collection}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}.md{{end}}">{{localstr "Read more..." .Language.String}}</a>{{else}}<div class="e-content preview" {{if .Language}}lang="{{.Language.String}}"{{end}} dir="{{.Direction}}">{{ if not .HTMLContent }}<p id="post-body" class="e-content preview">{{.Content}}</p>{{ else }}{{.HTMLContent}}{{ end }}<div class="over">&nbsp;</div></div>
 			
-			<a class="read-more maybe" href="{{if .Collection}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}.md{{end}}">{{localstr "Read more..." .Language.String}}</a>{{end}}</article>
+			<a class="read-more maybe" href="{{if .Collection}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}.md{{end}}">{{localstr "Read more..." .Language.String}}</a>{{end}}</article>
 			{{end}}
 		</section>
 		{{ else }}

From 2c2ee0c00cd80e199678ac53adac25d6ff5803a3 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 11 Nov 2019 15:16:04 +0900
Subject: [PATCH 12/31] Tweak "suspended" notification copy

---
 templates/user/include/suspended.tmpl | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/templates/user/include/suspended.tmpl b/templates/user/include/suspended.tmpl
index b1e42c82..e5d9be80 100644
--- a/templates/user/include/suspended.tmpl
+++ b/templates/user/include/suspended.tmpl
@@ -1,6 +1,5 @@
 {{define "user-suspended"}}
 <div class="alert info">
-	<p>This account is currently suspended.</p>
-	<p>Please contact the instance administrator to discuss reactivation.</p>
+	<p><strong>Your account is suspended.</strong> You can still access all of your posts and blogs, but no one else can currently see them.</p>
 </div>
 {{end}}

From 6e09fcb9e2a3088c9c5ad1cbbbb5cc5947d2122a Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 11 Nov 2019 16:02:22 +0900
Subject: [PATCH 13/31] Change password reset endpoint to
 /admin/user/{Username}/passphrase

Ref T695
---
 routes.go                           | 2 +-
 templates/user/admin/view-user.tmpl | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/routes.go b/routes.go
index 003b7d17..de19ff25 100644
--- a/routes.go
+++ b/routes.go
@@ -144,7 +144,7 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router {
 	write.HandleFunc("/admin", handler.Admin(handleViewAdminDash)).Methods("GET")
 	write.HandleFunc("/admin/users", handler.Admin(handleViewAdminUsers)).Methods("GET")
 	write.HandleFunc("/admin/user/{username}", handler.Admin(handleViewAdminUser)).Methods("GET")
-	write.HandleFunc("/admin/user/{username}", handler.Admin(handleAdminResetUserPass)).Methods("POST")
+	write.HandleFunc("/admin/user/{username}/passphrase", handler.Admin(handleAdminResetUserPass)).Methods("POST")
 	write.HandleFunc("/admin/pages", handler.Admin(handleViewAdminPages)).Methods("GET")
 	write.HandleFunc("/admin/page/{slug}", handler.Admin(handleViewAdminPage)).Methods("GET")
 	write.HandleFunc("/admin/update/config", handler.AdminApper(handleAdminUpdateConfig)).Methods("POST")
diff --git a/templates/user/admin/view-user.tmpl b/templates/user/admin/view-user.tmpl
index 211297d6..91fdaf1d 100644
--- a/templates/user/admin/view-user.tmpl
+++ b/templates/user/admin/view-user.tmpl
@@ -62,7 +62,7 @@ button[type="submit"].danger {
 			<th>Password</th>
 			<td>
 				{{if not .OwnUserPage}}
-					<form id="reset-form" action="/admin/user/{{.User.Username}}" method="post" autocomplete="false">
+					<form id="reset-form" action="/admin/user/{{.User.Username}}/passphrase" method="post" autocomplete="false">
 					<input type="hidden" name="user" value="{{.User.ID}}"/>
 					<button
 					class="danger"

From 6d4ec0b17db8f27673f91a7c2fa20229a93527f3 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 11 Nov 2019 16:06:03 +0900
Subject: [PATCH 14/31] Remove extra OwnUserPage field

Move logic into template, rather than add another field to the page.

Ref T695
---
 admin.go                            | 6 ++----
 templates/user/admin/view-user.tmpl | 2 +-
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/admin.go b/admin.go
index 5b3acab9..c5f5646f 100644
--- a/admin.go
+++ b/admin.go
@@ -169,9 +169,8 @@ func handleViewAdminUser(app *App, u *User, w http.ResponseWriter, r *http.Reque
 
 	p := struct {
 		*UserPage
-		Config      config.AppCfg
-		Message     string
-		OwnUserPage bool
+		Config  config.AppCfg
+		Message string
 
 		User        *User
 		Colls       []inspectedCollection
@@ -196,7 +195,6 @@ func handleViewAdminUser(app *App, u *User, w http.ResponseWriter, r *http.Reque
 	if err != nil {
 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user: %v", err)}
 	}
-	p.OwnUserPage = u.ID == p.User.ID
 	p.UserPage = NewUserPage(app, r, u, p.User.Username, nil)
 	p.TotalPosts = app.db.GetUserPostsCount(p.User.ID)
 	lp, err := app.db.GetUserLastPostTime(p.User.ID)
diff --git a/templates/user/admin/view-user.tmpl b/templates/user/admin/view-user.tmpl
index 91fdaf1d..ac1f8bdf 100644
--- a/templates/user/admin/view-user.tmpl
+++ b/templates/user/admin/view-user.tmpl
@@ -61,7 +61,7 @@ button[type="submit"].danger {
 		<tr>
 			<th>Password</th>
 			<td>
-				{{if not .OwnUserPage}}
+				{{if ne .Username .User.Username}}
 					<form id="reset-form" action="/admin/user/{{.User.Username}}/passphrase" method="post" autocomplete="false">
 					<input type="hidden" name="user" value="{{.User.ID}}"/>
 					<button

From f673f9b562fad6141155a48eff438a05ea03358e Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 11 Nov 2019 18:01:08 +0900
Subject: [PATCH 15/31] Reset password to sorta-sensical string

This resets user password to something random that also reminds the user
they should change it immediately after logging in, instead of a
completely random jumble of characters.

Ref T695
---
 admin.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/admin.go b/admin.go
index c5f5646f..b1553210 100644
--- a/admin.go
+++ b/admin.go
@@ -246,7 +246,7 @@ func handleAdminResetUserPass(app *App, u *User, w http.ResponseWriter, r *http.
 		return impart.HTTPError{http.StatusFound, "/admin/users"}
 	}
 	// Generate new random password since none supplied
-	pass := passgen.New()
+	pass := passgen.NewWordish()
 	hashedPass, err := auth.HashPass([]byte(pass))
 	if err != nil {
 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not create password hash: %v", err)}

From 422c16f39a6c7969f21d633e7946689e782ea391 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 11 Nov 2019 18:03:19 +0900
Subject: [PATCH 16/31] Tweak admin user pass reset success copy

This also adjusts the style and includes the user's password, so the
admin can easily notify them.

Ref T695
---
 admin.go                            |  2 ++
 templates/user/admin/view-user.tmpl | 23 ++++++++++-------------
 2 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/admin.go b/admin.go
index b1553210..5f7d0c74 100644
--- a/admin.go
+++ b/admin.go
@@ -177,6 +177,7 @@ func handleViewAdminUser(app *App, u *User, w http.ResponseWriter, r *http.Reque
 		LastPost    string
 		NewPassword string
 		TotalPosts  int64
+		ClearEmail  string
 	}{
 		Config:  app.cfg.App,
 		Message: r.FormValue("m"),
@@ -187,6 +188,7 @@ func handleViewAdminUser(app *App, u *User, w http.ResponseWriter, r *http.Reque
 	for _, flash := range flashes {
 		if strings.HasPrefix(flash, "SUCCESS: ") {
 			p.NewPassword = strings.TrimPrefix(flash, "SUCCESS: ")
+			p.ClearEmail = u.EmailClear(app.keys)
 		}
 	}
 
diff --git a/templates/user/admin/view-user.tmpl b/templates/user/admin/view-user.tmpl
index ac1f8bdf..c1d76150 100644
--- a/templates/user/admin/view-user.tmpl
+++ b/templates/user/admin/view-user.tmpl
@@ -9,9 +9,10 @@ h3 {
 }
 input.copy-text {
 	text-align: center;
-	    font-size: 1.2em;
-	    color: #555;
-	margin-left: 1rem;
+	font-size: 1.2em;
+	color: #555;
+	width: 100%;
+	box-sizing: border-box;
 }
 button[type="submit"].danger {
 	padding-left: 2rem;
@@ -22,16 +23,12 @@ button[type="submit"].danger {
 	{{template "admin-header" .}}
 
 	<h2 id="posts-header">{{.User.Username}}</h2>
-	{{if .NewPassword}}<p class="alert success">New password for user <strong>{{.User.Username}}</strong> is
-		<input
-		type="text"
-		class="copy-text"
-		value="{{.NewPassword}}"
-		onfocus="if (this.select) this.select(); else this.setSelectionRange(0, this.value.length);"
-		readonly />
-		<br/><br/>
-		You must share this new password with the user, this is the only time it will be displayed.
-		</p>
+	{{if .NewPassword}}<div class="alert success">
+		<p>This user's password has been reset to:</p>
+		<p><input type="text" class="copy-text" value="{{.NewPassword}}" onfocus="if (this.select) this.select(); else this.setSelectionRange(0, this.value.length);" readonly /></p>
+		<p>They can use this new password to log in to their account. <strong>This will only be shown once</strong>, so be sure to copy it and send it to them now.</p>
+		{{if .User.Email}}<p>Their email address is: <a href="mailto:{{.ClearEmail}}">{{.ClearEmail}}</a></p>{{end}}
+		</div>
 	{{end}}
 	<table class="classy export">
 		<tr>

From 3e8d1014d9c831bd5fe95d68d5f7da61ca8e766f Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 11 Nov 2019 18:04:20 +0900
Subject: [PATCH 17/31] Tweak admin reset confirmation copy

Also updates some whitespace in the JS.

Ref T695
---
 templates/user/admin/view-user.tmpl | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/templates/user/admin/view-user.tmpl b/templates/user/admin/view-user.tmpl
index c1d76150..5198903a 100644
--- a/templates/user/admin/view-user.tmpl
+++ b/templates/user/admin/view-user.tmpl
@@ -119,8 +119,10 @@ button[type="submit"].danger {
 	form = document.getElementById("reset-form");
 	form.addEventListener('submit', function(e) {
 		e.preventDefault();
-		agreed = confirm("Really reset password for {{.User.Username}}?\nYou will have to record and share the new password with them.");
-		if (agreed === true) { form.submit();}
+		agreed = confirm("Reset this user's password? This will generate a new temporary password that you'll need to share with them, and invalidate their old one.");
+		if (agreed === true) {
+			form.submit();
+		}
 	});
 </script>
 {{template "footer" .}}

From d5dd007ff738bf75181ef698ad4645580fe69210 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 11 Nov 2019 21:37:02 +0900
Subject: [PATCH 18/31] Change Reset Password button style

Ref T695
---
 templates/user/admin/view-user.tmpl | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/templates/user/admin/view-user.tmpl b/templates/user/admin/view-user.tmpl
index 5198903a..720a7146 100644
--- a/templates/user/admin/view-user.tmpl
+++ b/templates/user/admin/view-user.tmpl
@@ -14,10 +14,6 @@ input.copy-text {
 	width: 100%;
 	box-sizing: border-box;
 }
-button[type="submit"].danger {
-	padding-left: 2rem;
-	padding-right: 2rem;
-}
 </style>
 <div class="snug content-container">
 	{{template "admin-header" .}}
@@ -59,11 +55,9 @@ button[type="submit"].danger {
 			<th>Password</th>
 			<td>
 				{{if ne .Username .User.Username}}
-					<form id="reset-form" action="/admin/user/{{.User.Username}}/passphrase" method="post" autocomplete="false">
+				<form id="reset-form" action="/admin/user/{{.User.Username}}/passphrase" method="post" autocomplete="false">
 					<input type="hidden" name="user" value="{{.User.ID}}"/>
-					<button
-					class="danger"
-					type="submit">Reset</button>
+					<button type="submit">Reset</button>
 				</form>
 				{{else}}
 				<a href="/me/settings" title="Go to reset password page">Change your password</a>

From a9b5bb2f6baba201c561868fdb31aeca789853c7 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 11 Nov 2019 21:40:49 +0900
Subject: [PATCH 19/31] Fix reset user's email address display

Previously, this had bad template logic and showed the wrong email address.

Ref T695
---
 admin.go                            | 14 +++++++-------
 templates/user/admin/view-user.tmpl |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/admin.go b/admin.go
index 5f7d0c74..3b05bd45 100644
--- a/admin.go
+++ b/admin.go
@@ -184,19 +184,19 @@ func handleViewAdminUser(app *App, u *User, w http.ResponseWriter, r *http.Reque
 		Colls:   []inspectedCollection{},
 	}
 
+	var err error
+	p.User, err = app.db.GetUserForAuth(username)
+	if err != nil {
+		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user: %v", err)}
+	}
+
 	flashes, _ := getSessionFlashes(app, w, r, nil)
 	for _, flash := range flashes {
 		if strings.HasPrefix(flash, "SUCCESS: ") {
 			p.NewPassword = strings.TrimPrefix(flash, "SUCCESS: ")
-			p.ClearEmail = u.EmailClear(app.keys)
+			p.ClearEmail = p.User.EmailClear(app.keys)
 		}
 	}
-
-	var err error
-	p.User, err = app.db.GetUserForAuth(username)
-	if err != nil {
-		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user: %v", err)}
-	}
 	p.UserPage = NewUserPage(app, r, u, p.User.Username, nil)
 	p.TotalPosts = app.db.GetUserPostsCount(p.User.ID)
 	lp, err := app.db.GetUserLastPostTime(p.User.ID)
diff --git a/templates/user/admin/view-user.tmpl b/templates/user/admin/view-user.tmpl
index 720a7146..4157fca8 100644
--- a/templates/user/admin/view-user.tmpl
+++ b/templates/user/admin/view-user.tmpl
@@ -23,7 +23,7 @@ input.copy-text {
 		<p>This user's password has been reset to:</p>
 		<p><input type="text" class="copy-text" value="{{.NewPassword}}" onfocus="if (this.select) this.select(); else this.setSelectionRange(0, this.value.length);" readonly /></p>
 		<p>They can use this new password to log in to their account. <strong>This will only be shown once</strong>, so be sure to copy it and send it to them now.</p>
-		{{if .User.Email}}<p>Their email address is: <a href="mailto:{{.ClearEmail}}">{{.ClearEmail}}</a></p>{{end}}
+		{{if .ClearEmail}}<p>Their email address is: <a href="mailto:{{.ClearEmail}}">{{.ClearEmail}}</a></p>{{end}}
 		</div>
 	{{end}}
 	<table class="classy export">

From d4206cd5f8bb4883eca6a856fc19f54a7df29b1b Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 11 Nov 2019 23:19:23 +0900
Subject: [PATCH 20/31] Move to web-core v1.2.0

---
 go.mod | 2 +-
 go.sum | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 9c67aeb0..88af8c93 100644
--- a/go.mod
+++ b/go.mod
@@ -45,7 +45,7 @@ require (
 	github.com/writeas/openssl-go v1.0.0 // indirect
 	github.com/writeas/saturday v1.7.1
 	github.com/writeas/slug v1.2.0
-	github.com/writeas/web-core v1.0.0
+	github.com/writeas/web-core v1.2.0
 	github.com/writefreely/go-nodeinfo v1.2.0
 	golang.org/x/crypto v0.0.0-20190208162236-193df9c0f06f
 	golang.org/x/lint v0.0.0-20181217174547-8f45f776aaf1 // indirect
diff --git a/go.sum b/go.sum
index ec1e19d0..b2562231 100644
--- a/go.sum
+++ b/go.sum
@@ -135,6 +135,8 @@ github.com/writeas/slug v1.2.0 h1:EMQ+cwLiOcA6EtFwUgyw3Ge18x9uflUnOnR6bp/J+/g=
 github.com/writeas/slug v1.2.0/go.mod h1:RE8shOqQP3YhsfsQe0L3RnuejfQ4Mk+JjY5YJQFubfQ=
 github.com/writeas/web-core v1.0.0 h1:5VKkCakQgdKZcbfVKJXtRpc5VHrkflusCl/KRCPzpQ0=
 github.com/writeas/web-core v1.0.0/go.mod h1:Si3chV7VWgY8CsV+3gRolMXSO2Vx1ZFAQ/mkrpvmyEE=
+github.com/writeas/web-core v1.2.0 h1:CYqvBd+byi1cK4mCr1NZ6CjILuMOFmiFecv+OACcmG0=
+github.com/writeas/web-core v1.2.0/go.mod h1:vTYajviuNBAxjctPp2NUYdgjofywVkxUGpeaERF3SfI=
 github.com/writefreely/go-nodeinfo v1.2.0 h1:La+YbTCvmpTwFhBSlebWDDL81N88Qf/SCAvRLR7F8ss=
 github.com/writefreely/go-nodeinfo v1.2.0/go.mod h1:UTvE78KpcjYOlRHupZIiSEFcXHioTXuacCbHU+CAcPg=
 golang.org/x/crypto v0.0.0-20180527072434-ab813273cd59 h1:hk3yo72LXLapY9EXVttc3Z1rLOxT9IuAPPX3GpY2+jo=

From f7550a0da8f6782dd12a683844394aca3b8e117b Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 12 Nov 2019 00:04:36 +0900
Subject: [PATCH 21/31] Change more suspension check logic

From u.Status == UserSuspended to u.IsSuspended()

Ref T661
---
 account.go     | 2 +-
 admin.go       | 2 +-
 collections.go | 4 ++--
 database.go    | 2 +-
 invites.go     | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/account.go b/account.go
index 0faa7bbc..25f1e0db 100644
--- a/account.go
+++ b/account.go
@@ -1053,7 +1053,7 @@ func viewSettings(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 		Email:     fullUser.EmailClear(app.keys),
 		HasPass:   passIsSet,
 		IsLogOut:  r.FormValue("logout") == "1",
-		Suspended: fullUser.Status == UserSuspended,
+		Suspended: fullUser.IsSuspended(),
 	}
 
 	showUserPage(w, "settings", obj)
diff --git a/admin.go b/admin.go
index 65afd5f7..2e5b8a56 100644
--- a/admin.go
+++ b/admin.go
@@ -242,7 +242,7 @@ func handleAdminToggleUserStatus(app *App, u *User, w http.ResponseWriter, r *ht
 		log.Error("failed to get user: %v", err)
 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user from username: %v", err)}
 	}
-	if user.Status == UserSuspended {
+	if user.IsSuspended() {
 		err = app.db.SetUserStatus(user.ID, UserActive)
 	} else {
 		err = app.db.SetUserStatus(user.ID, UserSuspended)
diff --git a/collections.go b/collections.go
index 38ec6f10..fe9d89fb 100644
--- a/collections.go
+++ b/collections.go
@@ -906,10 +906,10 @@ func handleViewCollectionTag(app *App, w http.ResponseWriter, r *http.Request) e
 			log.Error("Error getting user for collection: %v", err)
 		}
 	}
-	if !isOwner && u.Status == UserSuspended {
+	if !isOwner && u.IsSuspended() {
 		return ErrCollectionNotFound
 	}
-	displayPage.Suspended = u.Status == UserSuspended
+	displayPage.Suspended = u.IsSuspended()
 	displayPage.Owner = owner
 	coll.Owner = displayPage.Owner
 	// Add more data
diff --git a/database.go b/database.go
index 4b0c702b..4b4f4dcc 100644
--- a/database.go
+++ b/database.go
@@ -322,7 +322,7 @@ func (db *datastore) IsUserSuspended(id int64) (bool, error) {
 		return false, fmt.Errorf("is user suspended: %v", err)
 	}
 
-	return u.Status == UserSuspended, nil
+	return u.IsSuspended(), nil
 }
 
 // DoesUserNeedAuth returns true if the user hasn't provided any methods for
diff --git a/invites.go b/invites.go
index 8f341eca..5f04c696 100644
--- a/invites.go
+++ b/invites.go
@@ -78,7 +78,7 @@ func handleCreateUserInvite(app *App, u *User, w http.ResponseWriter, r *http.Re
 	muVal := r.FormValue("uses")
 	expVal := r.FormValue("expires")
 
-	if u.Status == UserSuspended {
+	if u.IsSuspended() {
 		return ErrUserSuspended
 	}
 

From c3f76a3ab84026dd4431e1b081c089fae8fd484f Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 12 Nov 2019 00:16:44 +0900
Subject: [PATCH 22/31] Change "suspend" to "silence" where user-facing

This puts the verbiage more in line with what the feature does, and
leaves room for other moderation controls in the future.

NOTE: this includes no backend refactoring, which may be confusing. We
should rename things to fit ASAP.

Ref T661
---
 errors.go                             |  2 +-
 templates/pad.tmpl                    |  2 +-
 templates/user/admin/users.tmpl       |  2 +-
 templates/user/admin/view-user.tmpl   | 12 ++++++------
 templates/user/include/suspended.tmpl |  2 +-
 5 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/errors.go b/errors.go
index fa7304f2..c0d435c8 100644
--- a/errors.go
+++ b/errors.go
@@ -48,7 +48,7 @@ var (
 	ErrUserNotFound      = impart.HTTPError{http.StatusNotFound, "User doesn't exist."}
 	ErrUserNotFoundEmail = impart.HTTPError{http.StatusNotFound, "Please enter your username instead of your email address."}
 
-	ErrUserSuspended = impart.HTTPError{http.StatusForbidden, "Account is suspended, contact the administrator."}
+	ErrUserSuspended = impart.HTTPError{http.StatusForbidden, "Account is silenced."}
 )
 
 // Post operation errors
diff --git a/templates/pad.tmpl b/templates/pad.tmpl
index 4be311e2..0b73b94c 100644
--- a/templates/pad.tmpl
+++ b/templates/pad.tmpl
@@ -134,7 +134,7 @@
 		var suspended = {{.Suspended}};
 		var publish = function(content, font) {
 			if (suspended === true) {
-				alert("Your account is currently suspended, posting is disabled.");
+				alert("Your account is silenced, so you can't publish or update posts.");
 				return;
 			}
 			{{if and (and .Post.Id (not .Post.Slug)) (not .User)}}
diff --git a/templates/user/admin/users.tmpl b/templates/user/admin/users.tmpl
index df840b28..fb69d3a3 100644
--- a/templates/user/admin/users.tmpl
+++ b/templates/user/admin/users.tmpl
@@ -18,7 +18,7 @@
 			<td><a href="/admin/user/{{.Username}}">{{.Username}}</a></td>
 			<td>{{.CreatedFriendly}}</td>
 			<td style="text-align:center">{{if .IsAdmin}}Admin{{else}}User{{end}}</td>
-			<td style="text-align:center">{{if .IsSuspended}}Suspended{{else}}Active{{end}}</td>
+			<td style="text-align:center">{{if .IsSilenced}}Silenced{{else}}Active{{end}}</td>
 		</tr>
 		{{end}}
 	</table>
diff --git a/templates/user/admin/view-user.tmpl b/templates/user/admin/view-user.tmpl
index 3b13c334..dc7b2ef4 100644
--- a/templates/user/admin/view-user.tmpl
+++ b/templates/user/admin/view-user.tmpl
@@ -57,16 +57,16 @@ td.active-suspend > input[type="submit"] {
 			<td>{{if .LastPost}}{{.LastPost}}{{else}}Never{{end}}</td>
 		</tr>
 		<tr>
-			<form action="/admin/user/{{.User.Username}}/status" method="POST" {{if not .User.IsSuspended}}onsubmit="return confirmSuspend()"{{end}}>
+			<form action="/admin/user/{{.User.Username}}/status" method="POST" {{if not .User.IsSilenced}}onsubmit="return confirmSilence()"{{end}}>
 				<a id="status"/>
 				<th>Status</th>
 				<td class="active-suspend">
 				{{if .User.IsSuspended}}
-					<p>Suspended</p>
-					<input type="submit" value="Activate"/>
+					<p>Silenced</p>
+					<input type="submit" value="Unsilence"/>
 				{{else}}
 					<p>Active</p>
-					<input class="danger" type="submit" value="Suspend" {{if .User.IsAdmin}}disabled{{end}}/>
+					<input class="danger" type="submit" value="Silence" {{if .User.IsAdmin}}disabled{{end}}/>
 				{{end}}
 				</td>
 			</form>
@@ -117,8 +117,8 @@ td.active-suspend > input[type="submit"] {
 </div>
 
 <script type="text/javascript">
-function confirmSuspend() {
-	return confirm("Suspend this user? They'll still be able to log in and access their posts, but no one else will be able to see them anymore. You can reverse this decision at any time.");
+function confirmSilence() {
+	return confirm("Silence this user? They'll still be able to log in and access their posts, but no one else will be able to see them anymore. You can reverse this decision at any time.");
 }
 </script>
 
diff --git a/templates/user/include/suspended.tmpl b/templates/user/include/suspended.tmpl
index e5d9be80..76906de5 100644
--- a/templates/user/include/suspended.tmpl
+++ b/templates/user/include/suspended.tmpl
@@ -1,5 +1,5 @@
 {{define "user-suspended"}}
 <div class="alert info">
-	<p><strong>Your account is suspended.</strong> You can still access all of your posts and blogs, but no one else can currently see them.</p>
+	<p><strong>Your account has been silenced.</strong> You can still access all of your posts and blogs, but no one else can currently see them.</p>
 </div>
 {{end}}

From 7f96e8c38421689b2e1d39056fae4bf90a0e2bc7 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 12 Nov 2019 00:40:16 +0900
Subject: [PATCH 23/31] Rename UserSuspended to UserSilenced

Some of the work needed to have the backend match user-facing wording.

Ref T661
---
 account.go                          | 2 +-
 admin.go                            | 4 ++--
 collections.go                      | 4 ++--
 database.go                         | 2 +-
 invites.go                          | 2 +-
 templates/user/admin/view-user.tmpl | 2 +-
 users.go                            | 6 +++---
 7 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/account.go b/account.go
index 25f1e0db..5fb87f0c 100644
--- a/account.go
+++ b/account.go
@@ -1053,7 +1053,7 @@ func viewSettings(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 		Email:     fullUser.EmailClear(app.keys),
 		HasPass:   passIsSet,
 		IsLogOut:  r.FormValue("logout") == "1",
-		Suspended: fullUser.IsSuspended(),
+		Suspended: fullUser.IsSilenced(),
 	}
 
 	showUserPage(w, "settings", obj)
diff --git a/admin.go b/admin.go
index 2e5b8a56..e624bfb2 100644
--- a/admin.go
+++ b/admin.go
@@ -242,10 +242,10 @@ func handleAdminToggleUserStatus(app *App, u *User, w http.ResponseWriter, r *ht
 		log.Error("failed to get user: %v", err)
 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user from username: %v", err)}
 	}
-	if user.IsSuspended() {
+	if user.IsSilenced() {
 		err = app.db.SetUserStatus(user.ID, UserActive)
 	} else {
-		err = app.db.SetUserStatus(user.ID, UserSuspended)
+		err = app.db.SetUserStatus(user.ID, UserSilenced)
 	}
 	if err != nil {
 		log.Error("toggle user suspended: %v", err)
diff --git a/collections.go b/collections.go
index fe9d89fb..3e86f309 100644
--- a/collections.go
+++ b/collections.go
@@ -906,10 +906,10 @@ func handleViewCollectionTag(app *App, w http.ResponseWriter, r *http.Request) e
 			log.Error("Error getting user for collection: %v", err)
 		}
 	}
-	if !isOwner && u.IsSuspended() {
+	if !isOwner && u.IsSilenced() {
 		return ErrCollectionNotFound
 	}
-	displayPage.Suspended = u.IsSuspended()
+	displayPage.Suspended = u.IsSilenced()
 	displayPage.Owner = owner
 	coll.Owner = displayPage.Owner
 	// Add more data
diff --git a/database.go b/database.go
index 4b4f4dcc..d78d8885 100644
--- a/database.go
+++ b/database.go
@@ -322,7 +322,7 @@ func (db *datastore) IsUserSuspended(id int64) (bool, error) {
 		return false, fmt.Errorf("is user suspended: %v", err)
 	}
 
-	return u.IsSuspended(), nil
+	return u.IsSilenced(), nil
 }
 
 // DoesUserNeedAuth returns true if the user hasn't provided any methods for
diff --git a/invites.go b/invites.go
index 5f04c696..1dba7bdc 100644
--- a/invites.go
+++ b/invites.go
@@ -78,7 +78,7 @@ func handleCreateUserInvite(app *App, u *User, w http.ResponseWriter, r *http.Re
 	muVal := r.FormValue("uses")
 	expVal := r.FormValue("expires")
 
-	if u.IsSuspended() {
+	if u.IsSilenced() {
 		return ErrUserSuspended
 	}
 
diff --git a/templates/user/admin/view-user.tmpl b/templates/user/admin/view-user.tmpl
index dc7b2ef4..be50b129 100644
--- a/templates/user/admin/view-user.tmpl
+++ b/templates/user/admin/view-user.tmpl
@@ -61,7 +61,7 @@ td.active-suspend > input[type="submit"] {
 				<a id="status"/>
 				<th>Status</th>
 				<td class="active-suspend">
-				{{if .User.IsSuspended}}
+				{{if .User.IsSilenced}}
 					<p>Silenced</p>
 					<input type="submit" value="Unsilence"/>
 				{{else}}
diff --git a/users.go b/users.go
index 5eb2e61e..9b5c99c9 100644
--- a/users.go
+++ b/users.go
@@ -23,7 +23,7 @@ type UserStatus int
 
 const (
 	UserActive = iota
-	UserSuspended
+	UserSilenced
 )
 
 type (
@@ -127,6 +127,6 @@ func (u *User) IsAdmin() bool {
 	return u.ID == 1
 }
 
-func (u *User) IsSuspended() bool {
-	return u.Status&UserSuspended != 0
+func (u *User) IsSilenced() bool {
+	return u.Status&UserSilenced != 0
 }

From 5644e8d2516fd92df3158d3d875279293b130ff0 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 12 Nov 2019 00:41:45 +0900
Subject: [PATCH 24/31] Fix "silenced" alert styles on more pages

- Tagged posts
- Collection index

Ref T661
---
 less/core.less | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/less/core.less b/less/core.less
index f4332a9d..8844c84d 100644
--- a/less/core.less
+++ b/less/core.less
@@ -516,10 +516,17 @@ abbr {
 body#collection article p, body#subpage article p {
 	.article-p;
 }
-pre, body#post article, body#collection article, body#subpage article, body#subpage #wrapper h1 {
+pre, body#post article, #post .alert, #subpage .alert, body#collection article, body#subpage article, body#subpage #wrapper h1 {
 	max-width: 40rem;
 	margin: 0 auto;
 }
+#collection header .alert, #post .alert, #subpage .alert {
+	margin-bottom: 1em;
+	p {
+		text-align: left;
+		line-height: 1.4;
+	}
+}
 textarea, pre, body#post article, body#collection article p {
 	&.norm, &.sans, &.wrap {
 		line-height: 1.4em;

From 8f24da94a62a0afdbe25ed692e35b84008b10c94 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 12 Nov 2019 00:47:49 +0900
Subject: [PATCH 25/31] Bump version to 0.11.0

---
 app.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app.go b/app.go
index 514c7c83..9b01bc64 100644
--- a/app.go
+++ b/app.go
@@ -56,7 +56,7 @@ var (
 	debugging bool
 
 	// Software version can be set from git env using -ldflags
-	softwareVer = "0.10.0"
+	softwareVer = "0.11.0"
 
 	// DEPRECATED VARS
 	isSingleUser bool

From 79f35a0ccdf6bc7b6b5008b33b4d570ba4992f07 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 12 Nov 2019 08:03:00 +0900
Subject: [PATCH 26/31] Fix collection template issues introduced in #205

This fixes a template rendering issue caused by bad references to $.Host
in pinned posts links on single-user instances.

Closes #207
---
 templates/chorus-collection-post.tmpl | 2 +-
 templates/chorus-collection.tmpl      | 2 +-
 templates/collection-post.tmpl        | 2 +-
 templates/collection-tags.tmpl        | 2 +-
 templates/collection.tmpl             | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/templates/chorus-collection-post.tmpl b/templates/chorus-collection-post.tmpl
index a6b6102b..b9df8ade 100644
--- a/templates/chorus-collection-post.tmpl
+++ b/templates/chorus-collection-post.tmpl
@@ -80,7 +80,7 @@ article time.dt-published {
 			</p>
 			<nav>
 				{{if .PinnedPosts}}
-				{{range .PinnedPosts}}<a class="pinned{{if eq .Slug.String $.Slug.String}} selected{{end}}" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}
+				{{range .PinnedPosts}}<a class="pinned{{if eq .Slug.String $.Slug.String}} selected{{end}}" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL $.Host}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}
 				{{end}}
 			</nav>
 			<hr>
diff --git a/templates/chorus-collection.tmpl b/templates/chorus-collection.tmpl
index 504e54f5..8250287e 100644
--- a/templates/chorus-collection.tmpl
+++ b/templates/chorus-collection.tmpl
@@ -71,7 +71,7 @@ body#collection header nav.tabs a:first-child {
 			<!--p class="meta-note"><span>Private collection</span>. Only you can see this page.</p-->
 		{{/*end*/}}
 		{{if .PinnedPosts}}<nav class="pinned-posts">
-			{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}</nav>
+			{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL $.Host}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}</nav>
 		{{end}}
 		</header>
 		
diff --git a/templates/collection-post.tmpl b/templates/collection-post.tmpl
index e24c6dd4..a194cf4b 100644
--- a/templates/collection-post.tmpl
+++ b/templates/collection-post.tmpl
@@ -50,7 +50,7 @@
 		<h1 dir="{{.Direction}}" id="blog-title"><a rel="author" href="{{if .IsTopLevel}}/{{else}}/{{.Collection.Alias}}/{{end}}" class="h-card p-author">{{.Collection.DisplayTitle}}</a></h1>
 			<nav>
 				{{if .PinnedPosts}}
-				{{range .PinnedPosts}}<a class="pinned{{if eq .Slug.String $.Slug.String}} selected{{end}}" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}
+				{{range .PinnedPosts}}<a class="pinned{{if eq .Slug.String $.Slug.String}} selected{{end}}" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL $.Host}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}
 				{{end}}
 				{{ if and .IsOwner .IsFound }}<span class="views" dir="ltr"><strong>{{largeNumFmt .Views}}</strong> {{pluralize "view" "views" .Views}}</span>
 				<a class="xtra-feature" href="/{{if not .SingleUser}}{{.Collection.Alias}}/{{end}}{{.Slug.String}}/edit" dir="{{.Direction}}">Edit</a>
diff --git a/templates/collection-tags.tmpl b/templates/collection-tags.tmpl
index 2618f3dc..f209162c 100644
--- a/templates/collection-tags.tmpl
+++ b/templates/collection-tags.tmpl
@@ -48,7 +48,7 @@
 		<h1 dir="{{.Direction}}" id="blog-title"><a href="{{if .IsTopLevel}}/{{else}}/{{.Collection.Alias}}/{{end}}" class="h-card p-author">{{.Collection.DisplayTitle}}</a></h1>
 			<nav>
 				{{if .PinnedPosts}}
-				{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}{{end}}">{{.DisplayTitle}}</a>{{end}}
+				{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL $.Host}}{{end}}">{{.DisplayTitle}}</a>{{end}}
 				{{end}}
 			</nav>
 		</header>
diff --git a/templates/collection.tmpl b/templates/collection.tmpl
index 47dc24d4..b87ce873 100644
--- a/templates/collection.tmpl
+++ b/templates/collection.tmpl
@@ -71,7 +71,7 @@
 			<!--p class="meta-note"><span>Private collection</span>. Only you can see this page.</p-->
 		{{/*end*/}}
 		{{if .PinnedPosts}}<nav>
-			{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}</nav>
+			{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL $.Host}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}</nav>
 		{{end}}
 		</header>
 		

From 80362000feedae19e51bbc7ab7afb4283a762361 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 12 Nov 2019 08:07:51 +0900
Subject: [PATCH 27/31] Skip logging default pad template fallback

This reduces unnecessary logging by not showing the "no template" line
when the `editor` config value is empty (default).
---
 pad.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pad.go b/pad.go
index db356c49..37d1c9bd 100644
--- a/pad.go
+++ b/pad.go
@@ -61,7 +61,9 @@ func handleViewPad(app *App, w http.ResponseWriter, r *http.Request) error {
 
 	padTmpl := app.cfg.App.Editor
 	if templates[padTmpl] == nil {
-		log.Info("No template '%s' found. Falling back to default 'pad' template.", padTmpl)
+		if padTmpl != "" {
+			log.Info("No template '%s' found. Falling back to default 'pad' template.", padTmpl)
+		}
 		padTmpl = "pad"
 	}
 

From 3d49baf39a0f84f5282de6dcb7297a88fa1ebbf2 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 12 Nov 2019 16:49:38 +0900
Subject: [PATCH 28/31] Improve non-chorus site-wide header

This adds a Reader tab when necessary while logged in, and generally
keeps the navigation consistent for logged-in users, particularly in
regard to the Reader:

- Now includes user buttons and dropdown
- Makes header on user pages consistent with Reader page
---
 templates/base.tmpl                | 6 +++---
 templates/user/include/header.tmpl | 6 ++----
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/templates/base.tmpl b/templates/base.tmpl
index aae7850e..3826917c 100644
--- a/templates/base.tmpl
+++ b/templates/base.tmpl
@@ -22,7 +22,7 @@
 			{{ end }}
 			{{if not .SingleUser}}
 			<nav id="user-nav">
-				{{if and .Chorus .Username}}
+				{{if .Username}}
 				<nav class="dropdown-nav">
 					<ul><li><a>{{.Username}}</a> <img class="ic-18dp" src="/img/ic_down_arrow_dark@2x.png" /><ul>
 							{{if .IsAdmin}}<li><a href="/admin">Admin dashboard</a></li>{{end}}
@@ -39,10 +39,10 @@
 					{{ if and .SimpleNav (not .SingleUser) }}
 					{{if and (and .LocalTimeline .CanViewReader) .Chorus}}<a href="/"{{if eq .Path "/"}} class="selected"{{end}}>Home</a>{{end}}
 					{{ end }}
-					<a href="/about"{{if eq .Path "/about"}} class="selected"{{end}}>About</a>
+					{{if or .Chorus (not .Username)}}<a href="/about"{{if eq .Path "/about"}} class="selected"{{end}}>About</a>{{end}}
 					{{ if not .SingleUser }}
 						{{ if .Username }}
-					{{if gt .MaxBlogs 1}}<a href="/me/c/"{{if eq .Path "/me/c/"}} class="selected"{{end}}>Blogs</a>{{end}}
+					{{if or (not .Chorus) (gt .MaxBlogs 1)}}<a href="/me/c/"{{if eq .Path "/me/c/"}} class="selected"{{end}}>Blogs</a>{{end}}
 					{{if and (and .Chorus (eq .MaxBlogs 1)) .Username}}<a href="/{{.Username}}/"{{if eq .Path (printf "/%s/" .Username)}} class="selected"{{end}}>My Posts</a>{{end}}
 					{{if not .DisableDrafts}}<a href="/me/posts/"{{if eq .Path "/me/posts/"}} class="selected"{{end}}>Drafts</a>{{end}}
 						{{ end }}
diff --git a/templates/user/include/header.tmpl b/templates/user/include/header.tmpl
index 0feca893..c53ac33f 100644
--- a/templates/user/include/header.tmpl
+++ b/templates/user/include/header.tmpl
@@ -22,13 +22,10 @@
 			</nav>
 		</nav>
 		{{else}}
-		{{ if .Chorus }}<nav id="full-nav">
+		<nav id="full-nav">
 			<div class="left-side">
 				<h1><a href="/" title="Return to editor">{{.SiteName}}</a></h1>
 			</div>
-		{{ else }}
-			<h1><a href="/" title="Return to editor">{{.SiteName}}</a></h1>
-		{{ end }}
 		<nav id="user-nav">
 			{{if .Username}}
 			<nav class="dropdown-nav">
@@ -62,6 +59,7 @@
 				{{else}}
 					<a href="/me/c/"{{if eq .Path "/me/c/"}} class="selected"{{end}}>Blogs</a>
 					{{if not .DisableDrafts}}<a href="/me/posts/"{{if eq .Path "/me/posts/"}} class="selected"{{end}}>Drafts</a>{{end}}
+					{{if and (and .LocalTimeline .CanViewReader) (not .Chorus)}}<a href="/read">Reader</a>{{end}}
 				{{end}}
 			</nav>
 		</nav>

From 278e4f6242d1f01d20d2feb811a89c1d25bd6e64 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 12 Nov 2019 16:53:52 +0900
Subject: [PATCH 29/31] Bump version to 0.11.1

---
 app.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app.go b/app.go
index 9b01bc64..018ce377 100644
--- a/app.go
+++ b/app.go
@@ -56,7 +56,7 @@ var (
 	debugging bool
 
 	// Software version can be set from git env using -ldflags
-	softwareVer = "0.11.0"
+	softwareVer = "0.11.1"
 
 	// DEPRECATED VARS
 	isSingleUser bool

From 2899d98cfd9f9ae092b962a451c150424de97e2a Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 12 Nov 2019 19:43:41 +0900
Subject: [PATCH 30/31] Fix collection post 500 when not logged in

This reverts some code from 5429ca4a, which broke collection post
loading on blog posts when not logged in.
---
 posts.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/posts.go b/posts.go
index 2a6fe740..6410735c 100644
--- a/posts.go
+++ b/posts.go
@@ -1390,7 +1390,7 @@ Are you sure it was ever here?`,
 			return err
 		}
 	}
-	p.IsOwner = owner != nil && p.OwnerID.Valid && u.ID == p.OwnerID.Int64
+	p.IsOwner = owner != nil && p.OwnerID.Valid && owner.ID == p.OwnerID.Int64
 	p.Collection = coll
 	p.IsTopLevel = app.cfg.App.SingleUser
 

From bd99044e9c92b40ff7f816c667c1adeb72911ff9 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 12 Nov 2019 20:01:14 +0900
Subject: [PATCH 31/31] Fix 500 on tags page

This fixes a panic from a nil user when calling u.IsSuspended().
Instead, this checks and calls IsSuspended() on `owner`.
---
 collections.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/collections.go b/collections.go
index 54ddc8a1..b85f0a4f 100644
--- a/collections.go
+++ b/collections.go
@@ -905,11 +905,11 @@ func handleViewCollectionTag(app *App, w http.ResponseWriter, r *http.Request) e
 			// Log the error and just continue
 			log.Error("Error getting user for collection: %v", err)
 		}
+		if owner.IsSilenced() {
+			return ErrCollectionNotFound
+		}
 	}
-	if !isOwner && u.IsSilenced() {
-		return ErrCollectionNotFound
-	}
-	displayPage.Suspended = u.IsSilenced()
+	displayPage.Suspended = owner != nil && owner.IsSilenced()
 	displayPage.Owner = owner
 	coll.Owner = displayPage.Owner
 	// Add more data