From 3ee69f3da9956aa45580696b8ad7fe20b41c1a43 Mon Sep 17 00:00:00 2001
From: Aditya Bansal <adi.bansal241996@gmail.com>
Date: Fri, 4 Jan 2019 20:52:04 +0530
Subject: [PATCH] thumbnails: Add setting THUMBNAIL_IMAGES.

This setting splits away part of responsibility from THUMBOR_URL.
Now on, this setting will be responsible for controlling whether
we thumbnail images or not by asking bugdown to render image links
to hit our /thumbnail endpoint. This is irrespective of what
THUMBOR_URL is set to though ideally THUMBOR_URL should be set
to point to a running thumbor instance.
---
 docs/subsystems/thumbnailing.md    | 2 +-
 zerver/lib/bugdown/__init__.py     | 4 ++--
 zerver/tests/test_bugdown.py       | 2 +-
 zproject/dev_settings.py           | 1 +
 zproject/prod_settings_template.py | 9 +++++++--
 zproject/settings.py               | 1 +
 zproject/test_settings.py          | 1 +
 7 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/docs/subsystems/thumbnailing.md b/docs/subsystems/thumbnailing.md
index cc3dcc5971..516f43a431 100644
--- a/docs/subsystems/thumbnailing.md
+++ b/docs/subsystems/thumbnailing.md
@@ -28,7 +28,7 @@ Thumbor is responsible for a few things in Zulip:
 Thumbor handles a lot of details for us, varying from signing of
 thumbnailing URLs, to caching for DoS prevention.
 
-It is configured via the `THUMBOR_URL` setting in
+It is configured via the `THUMBOR_URL` and `THUMBNAIL_IMAGES` settings in
 `/etc/zulip/settings.py`; you can host Thumbor on the same machine as
 the Zulip server, or a remote server (which is better for isolation,
 since security bugs in image-processing libraries have in the past
diff --git a/zerver/lib/bugdown/__init__.py b/zerver/lib/bugdown/__init__.py
index 667ad0194e..1a9df32f31 100644
--- a/zerver/lib/bugdown/__init__.py
+++ b/zerver/lib/bugdown/__init__.py
@@ -35,7 +35,7 @@ from zerver.lib.emoji import translate_emoticons, emoticon_regex
 from zerver.lib.mention import possible_mentions, \
     possible_user_group_mentions, extract_user_group
 from zerver.lib.url_encoding import encode_stream
-from zerver.lib.thumbnail import is_thumbor_enabled, user_uploads_or_external
+from zerver.lib.thumbnail import user_uploads_or_external
 from zerver.lib.timeout import timeout, TimeoutExpired
 from zerver.lib.cache import cache_with_key, NotFoundInCache
 from zerver.lib.url_preview import preview as link_preview
@@ -309,7 +309,7 @@ def add_a(
     if data_id is not None:
         a.set("data-id", data_id)
     img = markdown.util.etree.SubElement(a, "img")
-    if is_thumbor_enabled() and (not already_thumbnailed) and user_uploads_or_external(url):
+    if settings.THUMBNAIL_IMAGES and (not already_thumbnailed) and user_uploads_or_external(url):
         # See docs/thumbnailing.md for some high-level documentation.
         #
         # We strip leading '/' from relative URLs here to ensure
diff --git a/zerver/tests/test_bugdown.py b/zerver/tests/test_bugdown.py
index 03d0f36c92..39e618bb71 100644
--- a/zerver/tests/test_bugdown.py
+++ b/zerver/tests/test_bugdown.py
@@ -379,7 +379,7 @@ class BugdownTest(ZulipTestCase):
 
         msg = 'https://www.google.com/images/srpr/logo4w.png'
         thumbnail_img = '<div class="message_inline_image"><a href="https://www.google.com/images/srpr/logo4w.png" target="_blank" title="https://www.google.com/images/srpr/logo4w.png"><img src="https://www.google.com/images/srpr/logo4w.png"></a></div>'
-        with self.settings(THUMBOR_URL=''):
+        with self.settings(THUMBNAIL_IMAGES=False):
             converted = bugdown_convert(msg)
         self.assertIn(thumbnail_img, converted)
 
diff --git a/zproject/dev_settings.py b/zproject/dev_settings.py
index 994e48a935..bb1f2d4698 100644
--- a/zproject/dev_settings.py
+++ b/zproject/dev_settings.py
@@ -120,6 +120,7 @@ if FAKE_LDAP_MODE:
     AUTHENTICATION_BACKENDS += ('zproject.backends.ZulipLDAPAuthBackend',)  # type: ignore # tuple hackery
 
 THUMBOR_URL = 'http://127.0.0.1:9995'
+THUMBNAIL_IMAGES = True
 
 SEARCH_PILLS_ENABLED = os.getenv('SEARCH_PILLS_ENABLED', False)
 
diff --git a/zproject/prod_settings_template.py b/zproject/prod_settings_template.py
index cbd4cf48ac..5f067f980c 100644
--- a/zproject/prod_settings_template.py
+++ b/zproject/prod_settings_template.py
@@ -516,9 +516,14 @@ CAMO_URI = '/external_content/'
 # By default, Zulip connects to the thumbor (the thumbnailing software
 # we use) service running locally on the machine.  If you're running
 # thumbor on a different server, you can configure that by setting
-# THUMBOR_URL here.  Setting THUMBOR_URL='' will disable
-# thumbnailing in Zulip.
+# THUMBOR_URL here.  Setting THUMBOR_URL='' will let Zulip server know that
+# thumbor is not running or configured.
 #THUMBOR_URL = 'http://127.0.0.1:9995'
+#
+# This setting controls whether images shown in Zulip's inline image
+# previews should be thumbnailed by thumbor, which saves bandwidth but
+# can modify the image's appearance.
+#THUMBNAIL_IMAGES = True
 
 # Controls the Jitsi video call integration.  By default, the
 # integration uses the SaaS meet.jit.si server.  You can specify
diff --git a/zproject/settings.py b/zproject/settings.py
index 0c29fec6b6..b054df0e64 100644
--- a/zproject/settings.py
+++ b/zproject/settings.py
@@ -209,6 +209,7 @@ DEFAULT_SETTINGS = {
     'REMOTE_POSTGRES_HOST': '',
     'REMOTE_POSTGRES_SSLMODE': '',
     'THUMBOR_URL': '',
+    'THUMBNAIL_IMAGES': False,
     'SENDFILE_BACKEND': None,
 
     # ToS/Privacy templates
diff --git a/zproject/test_settings.py b/zproject/test_settings.py
index 638094498a..985d1d8fb6 100644
--- a/zproject/test_settings.py
+++ b/zproject/test_settings.py
@@ -159,6 +159,7 @@ PUSH_NOTIFICATION_BOUNCER_URL = None
 SLOW_QUERY_LOGS_STREAM = None
 
 THUMBOR_URL = 'http://127.0.0.1:9995'
+THUMBNAIL_IMAGES = True
 
 # Logging the emails while running the tests adds them
 # to /emails page.