2 files changed, 107 insertions, 57 deletions

diff --git a/test/web/media_proxy/media_proxy_controller_test.exs b/test/web/media_proxy/media_proxy_controller_test.exs
index d61cef83b..d4db44c63 100644
--- a/test/web/media_proxy/media_proxy_controller_test.exs
+++ b/test/web/media_proxy/media_proxy_controller_test.exs
@@ -4,82 +4,118 @@
 
 defmodule Pleroma.Web.MediaProxy.MediaProxyControllerTest do
   use Pleroma.Web.ConnCase
+
   import Mock
-  alias Pleroma.Config
 
-  setup do: clear_config(:media_proxy)
-  setup do: clear_config([Pleroma.Web.Endpoint, :secret_key_base])
+  alias Pleroma.Web.MediaProxy
+  alias Pleroma.Web.MediaProxy.MediaProxyController
+  alias Plug.Conn
 
   setup do
     on_exit(fn -> Cachex.clear(:banned_urls_cache) end)
   end
 
   test "it returns 404 when MediaProxy disabled", %{conn: conn} do
-    Config.put([:media_proxy, :enabled], false)
+    clear_config([:media_proxy, :enabled], false)
 
-    assert %Plug.Conn{
+    assert %Conn{
              status: 404,
              resp_body: "Not Found"
            } = get(conn, "/proxy/hhgfh/eeeee")
 
-    assert %Plug.Conn{
+    assert %Conn{
              status: 404,
              resp_body: "Not Found"
            } = get(conn, "/proxy/hhgfh/eeee/fff")
   end
 
-  test "it returns 403 when signature invalidated", %{conn: conn} do
-    Config.put([:media_proxy, :enabled], true)
-    Config.put([Pleroma.Web.Endpoint, :secret_key_base], "00000000000")
-    path = URI.parse(Pleroma.Web.MediaProxy.encode_url("https://google.fn")).path
-    Config.put([Pleroma.Web.Endpoint, :secret_key_base], "000")
-
-    assert %Plug.Conn{
-             status: 403,
-             resp_body: "Forbidden"
-           } = get(conn, path)
-
-    assert %Plug.Conn{
-             status: 403,
-             resp_body: "Forbidden"
-           } = get(conn, "/proxy/hhgfh/eeee")
-
-    assert %Plug.Conn{
-             status: 403,
-             resp_body: "Forbidden"
-           } = get(conn, "/proxy/hhgfh/eeee/fff")
-  end
+  describe "" do
+    setup do
+      clear_config([:media_proxy, :enabled], true)
+      clear_config([Pleroma.Web.Endpoint, :secret_key_base], "00000000000")
+      [url: MediaProxy.encode_url("https://google.fn/test.png")]
+    end
 
-  test "redirects on valid url when filename invalidated", %{conn: conn} do
-    Config.put([:media_proxy, :enabled], true)
-    Config.put([Pleroma.Web.Endpoint, :secret_key_base], "00000000000")
-    url = Pleroma.Web.MediaProxy.encode_url("https://google.fn/test.png")
-    invalid_url = String.replace(url, "test.png", "test-file.png")
-    response = get(conn, invalid_url)
-    assert response.status == 302
-    assert redirected_to(response) == url
-  end
+    test "it returns 403 for invalid signature", %{conn: conn, url: url} do
+      Pleroma.Config.put([Pleroma.Web.Endpoint, :secret_key_base], "000")
+      %{path: path} = URI.parse(url)
+
+      assert %Conn{
+               status: 403,
+               resp_body: "Forbidden"
+             } = get(conn, path)
+
+      assert %Conn{
+               status: 403,
+               resp_body: "Forbidden"
+             } = get(conn, "/proxy/hhgfh/eeee")
+
+      assert %Conn{
+               status: 403,
+               resp_body: "Forbidden"
+             } = get(conn, "/proxy/hhgfh/eeee/fff")
+    end
 
-  test "it performs ReverseProxy.call when signature valid", %{conn: conn} do
-    Config.put([:media_proxy, :enabled], true)
-    Config.put([Pleroma.Web.Endpoint, :secret_key_base], "00000000000")
-    url = Pleroma.Web.MediaProxy.encode_url("https://google.fn/test.png")
+    test "redirects on valid url when filename is invalidated", %{conn: conn, url: url} do
+      invalid_url = String.replace(url, "test.png", "test-file.png")
+      response = get(conn, invalid_url)
+      assert response.status == 302
+      assert redirected_to(response) == url
+    end
 
-    with_mock Pleroma.ReverseProxy,
-      call: fn _conn, _url, _opts -> %Plug.Conn{status: :success} end do
-      assert %Plug.Conn{status: :success} = get(conn, url)
+    test "it performs ReverseProxy.call with valid signature", %{conn: conn, url: url} do
+      with_mock Pleroma.ReverseProxy,
+        call: fn _conn, _url, _opts -> %Conn{status: :success} end do
+        assert %Conn{status: :success} = get(conn, url)
+      end
+    end
+
+    test "it returns 404 when url is in banned_urls cache", %{conn: conn, url: url} do
+      MediaProxy.put_in_banned_urls("https://google.fn/test.png")
+
+      with_mock Pleroma.ReverseProxy,
+        call: fn _conn, _url, _opts -> %Conn{status: :success} end do
+        assert %Conn{status: 404, resp_body: "Not Found"} = get(conn, url)
+      end
     end
   end
 
-  test "it returns 404 when url contains in banned_urls cache", %{conn: conn} do
-    Config.put([:media_proxy, :enabled], true)
-    Config.put([Pleroma.Web.Endpoint, :secret_key_base], "00000000000")
-    url = Pleroma.Web.MediaProxy.encode_url("https://google.fn/test.png")
-    Pleroma.Web.MediaProxy.put_in_banned_urls("https://google.fn/test.png")
+  describe "filename_matches/3" do
+    test "preserves the encoded or decoded path" do
+      assert MediaProxyController.filename_matches(
+               %{"filename" => "/Hello world.jpg"},
+               "/Hello world.jpg",
+               "http://pleroma.social/Hello world.jpg"
+             ) == :ok
+
+      assert MediaProxyController.filename_matches(
+               %{"filename" => "/Hello%20world.jpg"},
+               "/Hello%20world.jpg",
+               "http://pleroma.social/Hello%20world.jpg"
+             ) == :ok
+
+      assert MediaProxyController.filename_matches(
+               %{"filename" => "/my%2Flong%2Furl%2F2019%2F07%2FS.jpg"},
+               "/my%2Flong%2Furl%2F2019%2F07%2FS.jpg",
+               "http://pleroma.social/my%2Flong%2Furl%2F2019%2F07%2FS.jpg"
+             ) == :ok
+
+      assert MediaProxyController.filename_matches(
+               %{"filename" => "/my%2Flong%2Furl%2F2019%2F07%2FS.jp"},
+               "/my%2Flong%2Furl%2F2019%2F07%2FS.jp",
+               "http://pleroma.social/my%2Flong%2Furl%2F2019%2F07%2FS.jpg"
+             ) == {:wrong_filename, "my%2Flong%2Furl%2F2019%2F07%2FS.jpg"}
+    end
+
+    test "encoded url are tried to match for proxy as `conn.request_path` encodes the url" do
+      # conn.request_path will return encoded url
+      request_path = "/ANALYSE-DAI-_-LE-STABLECOIN-100-D%C3%89CENTRALIS%C3%89-BQ.jpg"
 
-    with_mock Pleroma.ReverseProxy,
-      call: fn _conn, _url, _opts -> %Plug.Conn{status: :success} end do
-      assert %Plug.Conn{status: 404, resp_body: "Not Found"} = get(conn, url)
+      assert MediaProxyController.filename_matches(
+               true,
+               request_path,
+               "https://mydomain.com/uploads/2019/07/ANALYSE-DAI-_-LE-STABLECOIN-100-DÉCENTRALISÉ-BQ.jpg"
+             ) == :ok
     end
   end
 end
diff --git a/test/web/media_proxy/media_proxy_test.exs b/test/web/media_proxy/media_proxy_test.exs
index ac5d8fd32..06990464f 100644
--- a/test/web/media_proxy/media_proxy_test.exs
+++ b/test/web/media_proxy/media_proxy_test.exs
@@ -71,12 +71,9 @@ defmodule Pleroma.Web.MediaProxyTest do
     end
 
     test "validates signature" do
-      secret_key_base = Config.get([Endpoint, :secret_key_base])
-      clear_config([Endpoint, :secret_key_base], secret_key_base)
-
       encoded = MediaProxy.url("https://pleroma.social")
 
-      Config.put(
+      clear_config(
         [Endpoint, :secret_key_base],
         "00000000000000000000000000000000000000000000000"
       )
@@ -144,15 +141,17 @@ defmodule Pleroma.Web.MediaProxyTest do
                request_path,
                "https://mydomain.com/uploads/2019/07/ANALYSE-DAI-_-LE-STABLECOIN-100-DÉCENTRALISÉ-BQ.jpg"
              ) == :ok
+      assert MediaProxy.decode_url(sig, base64) == {:error, :invalid_signature}
     end
 
     test "uses the configured base_url" do
-      clear_config([:media_proxy, :base_url], "https://cache.pleroma.social")
+      base_url = "https://cache.pleroma.social"
+      clear_config([:media_proxy, :base_url], base_url)
 
       url = "https://pleroma.soykaf.com/static/logo.png"
       encoded = MediaProxy.url(url)
 
-      assert String.starts_with?(encoded, Config.get([:media_proxy, :base_url]))
+      assert String.starts_with?(encoded, base_url)
     end
 
     # Some sites expect ASCII encoded characters in the URL to be preserved even if
@@ -194,10 +193,25 @@ defmodule Pleroma.Web.MediaProxyTest do
     end
   end
 
+  defp decode_result(encoded) do
+    [_, "proxy", sig, base64 | _] = URI.parse(encoded).path |> String.split("/")
+    {:ok, decoded} = MediaProxy.decode_url(sig, base64)
+    decoded
+  end
+
   describe "whitelist" do
     setup do: clear_config([:media_proxy, :enabled], true)
 
     test "mediaproxy whitelist" do
+      clear_config([:media_proxy, :whitelist], ["https://google.com", "https://feld.me"])
+      url = "https://feld.me/foo.png"
+
+      unencoded = MediaProxy.url(url)
+      assert unencoded == url
+    end
+
+    # TODO: delete after removing support bare domains for media proxy whitelist
+    test "mediaproxy whitelist bare domains whitelist (deprecated)" do
       clear_config([:media_proxy, :whitelist], ["google.com", "feld.me"])
       url = "https://feld.me/foo.png"