Prepare for authenticated media freeze #17433
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -119,18 +119,19 @@ | |
| "e2e_room_keys": ["is_verified"], | ||
| "event_edges": ["is_state"], | ||
| "events": ["processed", "outlier", "contains_url"], | ||
| "local_media_repository": ["safe_from_quarantine", "authenticated"], | ||
| "per_user_experimental_features": ["enabled"], | ||
| "presence_list": ["accepted"], | ||
| "presence_stream": ["currently_active"], | ||
| "public_room_list_stream": ["visibility"], | ||
| "pushers": ["enabled"], | ||
| "redactions": ["have_censored"], | ||
| "remote_media_cache": ["authenticated"], | ||
| "room_stats_state": ["is_federatable"], | ||
| "rooms": ["is_public", "has_auth_chain_index"], | ||
| "users": ["shadow_banned", "approved", "locked", "suspended"], | ||
| "un_partial_stated_event_stream": ["rejection_status_changed"], | ||
| "users_who_share_rooms": ["share_private"], | ||
| } | ||
|
|
||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -272,9 +272,8 @@ def read_config(self, config: JsonDict, **kwargs: Any) -> None: | |
| remote_media_lifetime | ||
| ) | ||
|
|
||
| self.enable_authenticated_media = config.get( | ||
| "enable_authenticated_media", False | ||
| ) | ||
|
|
||
| def generate_config_section(self, data_dir_path: str, **kwargs: Any) -> str: | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -453,9 +453,9 @@ async def get_local_media( | |
| if not media_info: | ||
| return | ||
|
|
||
| if self.hs.config.media.enable_authenticated_media and not allow_authenticated: | ||
| if media_info.authenticated: | ||
| raise NotFoundError() | ||
|
|
||
| self.mark_recently_accessed(None, media_id) | ||
|
|
||
|
|
@@ -634,14 +634,10 @@ async def _get_remote_media_impl( | |
| """ | ||
| media_info = await self.store.get_cached_remote_media(server_name, media_id) | ||
|
|
||
| if self.hs.config.media.enable_authenticated_media and not allow_authenticated: | ||
| # if it isn't cached then don't fetch it or if it's authenticated then don't serve it | ||
| if not media_info or media_info.authenticated: | ||
| raise NotFoundError() | ||
|
|
||
| # file_id is the ID we use to track the file locally. If we've already | ||
| # seen the file then reuse the existing ID, otherwise generate a new | ||
|
|
@@ -816,7 +812,7 @@ async def _download_remote_file( | |
|
|
||
| logger.info("Stored remote media in file %r", fname) | ||
|
|
||
| if self.hs.config.media.enable_authenticated_media: | ||
| authenticated = True | ||
| else: | ||
| authenticated = False | ||
|
|
@@ -945,7 +941,7 @@ async def _federation_download_remote_file( | |
|
|
||
| logger.debug("Stored remote media in file %r", fname) | ||
|
|
||
| if self.hs.config.media.enable_authenticated_media: | ||
| authenticated = True | ||
| else: | ||
| authenticated = False | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -284,9 +284,9 @@ async def respond_local_thumbnail( | |
|
|
||
| # if the media the thumbnail is generated from is authenticated, don't serve the | ||
| # thumbnail over an unauthenticated endpoint | ||
| if self.hs.config.media.enable_authenticated_media and not allow_authenticated: | ||
| if media_info.authenticated: | ||
| raise NotFoundError() | ||
|
|
||
| thumbnail_infos = await self.store.get_local_media_thumbnails(media_id) | ||
| await self._select_and_respond_with_thumbnail( | ||
|
|
@@ -324,9 +324,9 @@ async def select_or_generate_local_thumbnail( | |
|
|
||
| # if the media the thumbnail is generated from is authenticated, don't serve the | ||
| # thumbnail over an unauthenticated endpoint | ||
| if self.hs.config.media.enable_authenticated_media and not allow_authenticated: | ||
| if media_info.authenticated: | ||
| raise NotFoundError() | ||
|
|
||
| thumbnail_infos = await self.store.get_local_media_thumbnails(media_id) | ||
| for info in thumbnail_infos: | ||
|
|
@@ -410,7 +410,7 @@ async def select_or_generate_remote_thumbnail( | |
|
|
||
| # if the media the thumbnail is generated from is authenticated, don't serve the | ||
| # thumbnail over an unauthenticated endpoint | ||
| if self.hs.config.media.enable_authenticated_media and not allow_authenticated: | ||
| if media_info.authenticated: | ||
| respond_404(request) | ||
| return | ||
|
|
@@ -490,9 +490,9 @@ async def respond_remote_thumbnail( | |
|
|
||
| # if the media the thumbnail is generated from is authenticated, don't serve the | ||
| # thumbnail over an unauthenticated endpoint | ||
| if self.hs.config.media.enable_authenticated_media and not allow_authenticated: | ||
| if media_info.authenticated: | ||
| raise NotFoundError() | ||
|
|
||
| thumbnail_infos = await self.store.get_remote_media_thumbnails( | ||
| server_name, media_id | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -423,7 +423,7 @@ async def store_local_media_id( | |
| time_now_ms: int, | ||
| user_id: UserID, | ||
| ) -> None: | ||
| if self.hs.config.media.enable_authenticated_media: | ||
| authenticated = True | ||
| else: | ||
| authenticated = False | ||
|
|
@@ -450,7 +450,7 @@ async def store_local_media( | |
| user_id: UserID, | ||
| url_cache: Optional[str] = None, | ||
| ) -> None: | ||
| if self.hs.config.media.enable_authenticated_media: | ||
| authenticated = True | ||
| else: | ||
| authenticated = False | ||
|
|
@@ -686,7 +686,7 @@ async def store_cached_remote_media( | |
| upload_name: Optional[str], | ||
| filesystem_id: str, | ||
| ) -> None: | ||
| if self.hs.config.media.enable_authenticated_media: | ||
| authenticated = True | ||
| else: | ||
| authenticated = False | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -11,6 +11,5 @@ | |
| -- See the GNU Affero General Public License for more details: | ||
| -- <https://www.gnu.org/licenses/agpl-3.0.html>. | ||
|
|
||
| ALTER TABLE remote_media_cache ADD COLUMN authenticated BOOLEAN DEFAULT FALSE NOT NULL; | ||
H-Shay marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| ALTER TABLE local_media_repository ADD COLUMN authenticated BOOLEAN DEFAULT FALSE NOT NULL; | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2453,8 +2453,7 @@ def make_homeserver(self, reactor: MemoryReactor, clock: Clock) -> HomeServer: | |
| os.mkdir(self.storage_path) | ||
| os.mkdir(self.media_store_path) | ||
| config["media_store_path"] = self.media_store_path | ||
| config["enable_authenticated_media"] = True | ||
|
|
||
| provider_config = { | ||
| "module": "synapse.media.storage_provider.FileStorageProviderBackend", | ||
|
|
@@ -2593,3 +2592,46 @@ def test_authenticated_media(self) -> None: | |
| access_token=self.tok, | ||
| ) | ||
| self.assertEqual(channel9.code, 404) | ||
|
|
||
| # Inject a piece of local media that isn't authenticated | ||
| file_id = "abcdefg123456" | ||
| file_info = FileInfo(None, file_id=file_id) | ||
|
|
||
| ctx = media_storage.store_into_file(file_info) | ||
| (f, fname) = self.get_success(ctx.__aenter__()) | ||
| f.write(SMALL_PNG) | ||
| self.get_success(ctx.__aexit__(None, None, None)) | ||
|
|
||
| self.get_success( | ||
| self.store.db_pool.simple_insert( | ||
| "local_media_repository", | ||
| { | ||
| "media_id": "abcdefg123456", | ||
| "media_type": "image/png", | ||
| "created_ts": self.clock.time_msec(), | ||
| "upload_name": "test_local", | ||
| "media_length": 1, | ||
| "user_id": "someone", | ||
| "url_cache": None, | ||
| "authenticated": False, | ||
| }, | ||
| desc="store_local_media", | ||
| ) | ||
| ) | ||
|
|
||
| # check that unauthenticated media is still available over both endpoints | ||
| channel9 = self.make_request( | ||
| "GET", | ||
| "/_matrix/client/v1/media/download/test/abcdefg123456", | ||
| shorthand=False, | ||
| access_token=self.tok, | ||
| ) | ||
| self.assertEqual(channel9.code, 200) | ||
|
|
||
| channel10 = self.make_request( | ||
| "GET", | ||
| "/_matrix/media/r0/download/test/abcdefg123456", | ||
| shorthand=False, | ||
| access_token=self.tok, | ||
| ) | ||
| self.assertEqual(channel10.code, 200) | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(on the fence; do you think we ought to add an upgrade notes entry about this change, so people can get ahead of the curve and set the option to false explicitly if they want to make sure their special client won't be bitten by the upcoming freeze? It'd also be a good place to just lay out the plan a bit, since I think for most who don't read TWIM etc, the upcoming changes may not be obvious?)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd like to get @turt2live's opinion on this - perhaps it would make sense to link to the blog post announcing the freeze? I think for now though we can merge this (I'd like to get it into the next rc so people can test against it on beta.matrix.org) and figure out how to handle the upgrade notes, etc soon.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Server operators are going to be increasingly incentivized to ensure this option is actually set to
truerather thanfalse, regardless of client breakage. When we change the default totruewe should definitely call out matrix.org's plan as reference, but I wouldn't include language about setting it tofalse.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From brief discussion in backend internal: we should provide users with instructions on how to set it to
false, but we can have the changelog read as eventually removing the option (making the feature inevitable)