From 78d9ad2a0ab6ce0ed7091f9446dd573e3b40766d Mon Sep 17 00:00:00 2001
From: Travis Ralston <travis+github@t2bot.io>
Date: Mon, 23 Dec 2024 13:43:08 -0700
Subject: [PATCH] Enable authenticated media by default (#625)

* Enabled authenticated media by default

* Fix tests

* Fix tests
---
 CHANGELOG.md               |  1 +
 common/config/conf_main.go |  2 +-
 config.sample.yaml         |  8 ++++----
 test/upload_suite_test.go  | 14 +++++++-------
 4 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 264b3cb5..100102cb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 ### Changed
 
 * MMR now requires Go 1.22 for compilation.
+* The global `repo.freezeUnauthenticatedMedia` option now defaults to `true`, enabling authenticated media by default. A future release will remove this option, requiring the freeze behaviour. See `config.sample.yaml` for details.
 
 ### Fixed
 
diff --git a/common/config/conf_main.go b/common/config/conf_main.go
index 8b7e3ac6..41d81bc1 100644
--- a/common/config/conf_main.go
+++ b/common/config/conf_main.go
@@ -32,7 +32,7 @@ func NewDefaultMainConfig() MainRepoConfig {
 			LogLevel:                   "info",
 			TrustAnyForward:            false,
 			UseForwardedHost:           true,
-			FreezeUnauthenticatedMedia: false,
+			FreezeUnauthenticatedMedia: true,
 		},
 		Database: DatabaseConfig{
 			Postgres: "postgres://your_username:your_password@localhost/database_name?sslmode=disable",
diff --git a/config.sample.yaml b/config.sample.yaml
index 5e037828..dd9dc286 100644
--- a/config.sample.yaml
+++ b/config.sample.yaml
@@ -40,10 +40,10 @@ repo:
   # only be accessible over authenticated endpoints, though future media will be accessible on both
   # authenticated and unauthenticated media.
   #
-  # This flag currently defaults to false. A future release, likely in August 2024, will remove this flag
-  # and have the same effect as it being true (always on). This flag is primarily intended for servers to
-  # opt-in to the behaviour early.
-  freezeUnauthenticatedMedia: false
+  # This flag defaults to true. Previously it defauled to false. A future release, likely in 2025, will
+  # remove this flag and have the same effect as it being true (always on). This flag is primarily
+  # intended for servers to opt-out of the behaviour while they are still testing compatibility.
+  freezeUnauthenticatedMedia: true
 
 # Options for dealing with federation
 federation:
diff --git a/test/upload_suite_test.go b/test/upload_suite_test.go
index b203b8ce..80bdcb9b 100644
--- a/test/upload_suite_test.go
+++ b/test/upload_suite_test.go
@@ -47,8 +47,8 @@ func (s *UploadTestSuite) TestUpload() {
 	client2 := &test_internals.MatrixClient{
 		ClientServerUrl: s.deps.Machines[1].HttpUrl,       // deliberately the second machine
 		ServerName:      s.deps.Homeservers[1].ServerName, // deliberately the second machine
-		AccessToken:     "",                               // no auth for downloads
-		UserId:          "",                               // no auth for downloads
+		AccessToken:     s.deps.Homeservers[1].UnprivilegedUsers[0].AccessToken,
+		UserId:          s.deps.Homeservers[1].UnprivilegedUsers[0].UserId,
 	}
 
 	contentType, img, err := test_internals.MakeTestImage(512, 512)
@@ -62,7 +62,7 @@ func (s *UploadTestSuite) TestUpload() {
 	assert.Equal(t, client1.ServerName, origin)
 	assert.NotEmpty(t, mediaId)
 
-	raw, err := client2.DoRaw("GET", fmt.Sprintf("/_matrix/media/v3/download/%s/%s", origin, mediaId), nil, "", nil)
+	raw, err := client2.DoRaw("GET", fmt.Sprintf("/_matrix/client/v1/media/download/%s/%s", origin, mediaId), nil, "", nil)
 	assert.NoError(t, err)
 	assert.Equal(t, raw.StatusCode, http.StatusOK)
 	test_internals.AssertIsTestImage(t, raw.Body)
@@ -258,8 +258,8 @@ func (s *UploadTestSuite) TestUploadAsyncFlow() {
 	client2 := &test_internals.MatrixClient{
 		ClientServerUrl: s.deps.Machines[1].HttpUrl,       // deliberately the second machine
 		ServerName:      s.deps.Homeservers[1].ServerName, // deliberately the second machine
-		AccessToken:     "",                               // no auth for downloads
-		UserId:          "",                               // no auth for downloads
+		AccessToken:     s.deps.Homeservers[1].UnprivilegedUsers[0].AccessToken,
+		UserId:          s.deps.Homeservers[1].UnprivilegedUsers[0].UserId,
 	}
 
 	contentType, img, err := test_internals.MakeTestImage(512, 512)
@@ -278,7 +278,7 @@ func (s *UploadTestSuite) TestUploadAsyncFlow() {
 	assert.NotEmpty(t, mediaId)
 
 	// Do a test download to ensure that the media doesn't (yet) exist
-	errRes, err := client2.DoExpectError("GET", fmt.Sprintf("/_matrix/media/v3/download/%s/%s", origin, mediaId), url.Values{
+	errRes, err := client2.DoExpectError("GET", fmt.Sprintf("/_matrix/client/v1/media/download/%s/%s", origin, mediaId), url.Values{
 		"timeout_ms": []string{"1000"},
 	}, "", nil)
 	assert.NoError(t, err)
@@ -303,7 +303,7 @@ func (s *UploadTestSuite) TestUploadAsyncFlow() {
 	assert.Equal(t, http.StatusConflict, errRes.InjectedStatusCode)
 
 	// Download and test the upload
-	raw, err := client2.DoRaw("GET", fmt.Sprintf("/_matrix/media/v3/download/%s/%s", origin, mediaId), nil, "", nil)
+	raw, err := client2.DoRaw("GET", fmt.Sprintf("/_matrix/client/v1/media/download/%s/%s", origin, mediaId), nil, "", nil)
 	assert.NoError(t, err)
 	assert.Equal(t, raw.StatusCode, http.StatusOK)
 	test_internals.AssertIsTestImage(t, raw.Body)