Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enabled authenticated media by default #625

Merged
merged 5 commits into from
Dec 23, 2024
Merged

Enabled authenticated media by default #625

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
ccc99ac
Enabled authenticated media by default
turt2live Nov 18, 2024
eda0f3f
Fix tests
turt2live Nov 18, 2024
2c558a6
Fix tests
turt2live Nov 18, 2024
598d3d1
Merge branch 'main' into travis/authed-default
turt2live Dec 17, 2024
6e3d04b
Merge branch 'main' into travis/authed-default
turt2live Dec 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
### Changed

* MMR now requires Go 1.22 for compilation.
* The global `repo.freezeUnauthenticatedMedia` option now defaults to `true`, enabling authenticated media by default. A future release will remove this option, requiring the freeze behaviour. See `config.sample.yaml` for details.

### Fixed

Expand Down
2 changes: 1 addition & 1 deletion common/config/conf_main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ func NewDefaultMainConfig() MainRepoConfig {
LogLevel: "info",
TrustAnyForward: false,
UseForwardedHost: true,
FreezeUnauthenticatedMedia: false,
FreezeUnauthenticatedMedia: true,
},
Database: DatabaseConfig{
Postgres: "postgres://your_username:your_password@localhost/database_name?sslmode=disable",
Expand Down
8 changes: 4 additions & 4 deletions config.sample.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,10 +40,10 @@ repo:
# only be accessible over authenticated endpoints, though future media will be accessible on both
# authenticated and unauthenticated media.
#
# This flag currently defaults to false. A future release, likely in August 2024, will remove this flag
# and have the same effect as it being true (always on). This flag is primarily intended for servers to
# opt-in to the behaviour early.
freezeUnauthenticatedMedia: false
# This flag defaults to true. Previously it defauled to false. A future release, likely in 2025, will
# remove this flag and have the same effect as it being true (always on). This flag is primarily
# intended for servers to opt-out of the behaviour while they are still testing compatibility.
freezeUnauthenticatedMedia: true

# Options for dealing with federation
federation:
Expand Down
14 changes: 7 additions & 7 deletions test/upload_suite_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,8 @@ func (s *UploadTestSuite) TestUpload() {
client2 := &test_internals.MatrixClient{
ClientServerUrl: s.deps.Machines[1].HttpUrl, // deliberately the second machine
ServerName: s.deps.Homeservers[1].ServerName, // deliberately the second machine
AccessToken: "", // no auth for downloads
UserId: "", // no auth for downloads
AccessToken: s.deps.Homeservers[1].UnprivilegedUsers[0].AccessToken,
UserId: s.deps.Homeservers[1].UnprivilegedUsers[0].UserId,
}

contentType, img, err := test_internals.MakeTestImage(512, 512)
Expand All @@ -62,7 +62,7 @@ func (s *UploadTestSuite) TestUpload() {
assert.Equal(t, client1.ServerName, origin)
assert.NotEmpty(t, mediaId)

raw, err := client2.DoRaw("GET", fmt.Sprintf("/_matrix/media/v3/download/%s/%s", origin, mediaId), nil, "", nil)
raw, err := client2.DoRaw("GET", fmt.Sprintf("/_matrix/client/v1/media/download/%s/%s", origin, mediaId), nil, "", nil)
assert.NoError(t, err)
assert.Equal(t, raw.StatusCode, http.StatusOK)
test_internals.AssertIsTestImage(t, raw.Body)
Expand Down Expand Up @@ -258,8 +258,8 @@ func (s *UploadTestSuite) TestUploadAsyncFlow() {
client2 := &test_internals.MatrixClient{
ClientServerUrl: s.deps.Machines[1].HttpUrl, // deliberately the second machine
ServerName: s.deps.Homeservers[1].ServerName, // deliberately the second machine
AccessToken: "", // no auth for downloads
UserId: "", // no auth for downloads
AccessToken: s.deps.Homeservers[1].UnprivilegedUsers[0].AccessToken,
UserId: s.deps.Homeservers[1].UnprivilegedUsers[0].UserId,
}

contentType, img, err := test_internals.MakeTestImage(512, 512)
Expand All @@ -278,7 +278,7 @@ func (s *UploadTestSuite) TestUploadAsyncFlow() {
assert.NotEmpty(t, mediaId)

// Do a test download to ensure that the media doesn't (yet) exist
errRes, err := client2.DoExpectError("GET", fmt.Sprintf("/_matrix/media/v3/download/%s/%s", origin, mediaId), url.Values{
errRes, err := client2.DoExpectError("GET", fmt.Sprintf("/_matrix/client/v1/media/download/%s/%s", origin, mediaId), url.Values{
"timeout_ms": []string{"1000"},
}, "", nil)
assert.NoError(t, err)
Expand All @@ -303,7 +303,7 @@ func (s *UploadTestSuite) TestUploadAsyncFlow() {
assert.Equal(t, http.StatusConflict, errRes.InjectedStatusCode)

// Download and test the upload
raw, err := client2.DoRaw("GET", fmt.Sprintf("/_matrix/media/v3/download/%s/%s", origin, mediaId), nil, "", nil)
raw, err := client2.DoRaw("GET", fmt.Sprintf("/_matrix/client/v1/media/download/%s/%s", origin, mediaId), nil, "", nil)
assert.NoError(t, err)
assert.Equal(t, raw.StatusCode, http.StatusOK)
test_internals.AssertIsTestImage(t, raw.Body)
Expand Down
Loading