MM-13996 Properly get image dimensions for OpenGraph images using secure_url (#10240)

For images in the OpenGraph metadata, we only looked for the `url` field, but we should've also been looking for the `secure_url` field for sites that defined it. We also set the `secure_url` field when proxying OpenGraph images as well, so we were not properly giving image dimensions for OpenGraph images.

#### Ticket Link
https://mattermost.atlassian.net/browse/MM-13996

app/post_metadata.go

@@ -169,15 +169,26 @@ func (a *App) getImagesForPost(post *model.Post, imageURLs []string, isNewPost b
 
 		case model.POST_EMBED_OPENGRAPH:
 			for _, image := range embed.Data.(*opengraph.OpenGraph).Images {
+				var imageURL string
+				if image.SecureURL != "" {
+					imageURL = image.SecureURL
+				} else if image.URL != "" {
+					imageURL = image.URL
+				}
+
+				if imageURL == "" {
+					continue
+				}
+
 				if image.Width != 0 || image.Height != 0 {
 					// The site has already told us the image dimensions
-					images[image.URL] = &model.PostImage{
+					images[imageURL] = &model.PostImage{
 						Width:  int(image.Width),
 						Height: int(image.Height),
 					}
 				} else {
 					// The site did not specify its image dimensions
-					imageURLs = append(imageURLs, image.URL)
+					imageURLs = append(imageURLs, imageURL)
 				}
 			}
 		}

app/post_metadata_test.go

@@ -551,6 +551,194 @@ func TestGetImagesForPost(t *testing.T) {
 
 		assert.Equal(t, images, map[string]*model.PostImage{})
 	})
+
+	t.Run("for an OpenGraph image with dimensions", func(t *testing.T) {
+		th := Setup()
+		defer th.TearDown()
+
+		th.App.UpdateConfig(func(cfg *model.Config) {
+			*cfg.ServiceSettings.AllowedUntrustedInternalConnections = "127.0.0.1"
+		})
+
+		ogURL := "https://example.com/index.html"
+		imageURL := "https://example.com/image.png"
+
+		post := &model.Post{
+			Metadata: &model.PostMetadata{
+				Embeds: []*model.PostEmbed{
+					{
+						Type: model.POST_EMBED_OPENGRAPH,
+						URL:  ogURL,
+						Data: &opengraph.OpenGraph{
+							Images: []*opengraph.Image{
+								{
+									URL:    imageURL,
+									Width:  100,
+									Height: 200,
+								},
+							},
+						},
+					},
+				},
+			},
+		}
+
+		images := th.App.getImagesForPost(post, []string{}, false)
+
+		assert.Equal(t, images, map[string]*model.PostImage{
+			imageURL: {
+				Width:  100,
+				Height: 200,
+			},
+		})
+	})
+
+	t.Run("for an OpenGraph image without dimensions", func(t *testing.T) {
+		th := Setup()
+		defer th.TearDown()
+
+		th.App.UpdateConfig(func(cfg *model.Config) {
+			*cfg.ServiceSettings.AllowedUntrustedInternalConnections = "127.0.0.1"
+		})
+
+		server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			if r.URL.Path == "/image.png" {
+				w.Header().Set("Content-Type", "image/png")
+
+				img := image.NewGray(image.Rect(0, 0, 200, 300))
+
+				var encoder png.Encoder
+				encoder.Encode(w, img)
+			} else {
+				w.WriteHeader(http.StatusNotFound)
+			}
+		}))
+		defer server.Close()
+
+		ogURL := server.URL + "/index.html"
+		imageURL := server.URL + "/image.png"
+
+		post := &model.Post{
+			Metadata: &model.PostMetadata{
+				Embeds: []*model.PostEmbed{
+					{
+						Type: model.POST_EMBED_OPENGRAPH,
+						URL:  ogURL,
+						Data: &opengraph.OpenGraph{
+							Images: []*opengraph.Image{
+								{
+									URL: imageURL,
+								},
+							},
+						},
+					},
+				},
+			},
+		}
+
+		images := th.App.getImagesForPost(post, []string{}, false)
+
+		assert.Equal(t, images, map[string]*model.PostImage{
+			imageURL: {
+				Width:  200,
+				Height: 300,
+			},
+		})
+	})
+
+	t.Run("with an OpenGraph image with a secure_url and dimensions", func(t *testing.T) {
+		th := Setup()
+		defer th.TearDown()
+
+		th.App.UpdateConfig(func(cfg *model.Config) {
+			*cfg.ServiceSettings.AllowedUntrustedInternalConnections = "127.0.0.1"
+		})
+
+		ogURL := "https://example.com/index.html"
+		imageURL := "https://example.com/secure_image.png"
+
+		post := &model.Post{
+			Metadata: &model.PostMetadata{
+				Embeds: []*model.PostEmbed{
+					{
+						Type: model.POST_EMBED_OPENGRAPH,
+						URL:  ogURL,
+						Data: &opengraph.OpenGraph{
+							Images: []*opengraph.Image{
+								{
+									URL:    imageURL,
+									Width:  300,
+									Height: 400,
+								},
+							},
+						},
+					},
+				},
+			},
+		}
+
+		images := th.App.getImagesForPost(post, []string{}, false)
+
+		assert.Equal(t, images, map[string]*model.PostImage{
+			imageURL: {
+				Width:  300,
+				Height: 400,
+			},
+		})
+	})
+
+	t.Run("with an OpenGraph image with a secure_url and no dimensions", func(t *testing.T) {
+		th := Setup()
+		defer th.TearDown()
+
+		th.App.UpdateConfig(func(cfg *model.Config) {
+			*cfg.ServiceSettings.AllowedUntrustedInternalConnections = "127.0.0.1"
+		})
+
+		server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			if r.URL.Path == "/secure_image.png" {
+				w.Header().Set("Content-Type", "image/png")
+
+				img := image.NewGray(image.Rect(0, 0, 400, 500))
+
+				var encoder png.Encoder
+				encoder.Encode(w, img)
+			} else {
+				w.WriteHeader(http.StatusNotFound)
+			}
+		}))
+
+		ogURL := server.URL + "/index.html"
+		imageURL := server.URL + "/secure_image.png"
+
+		post := &model.Post{
+			Metadata: &model.PostMetadata{
+				Embeds: []*model.PostEmbed{
+					{
+						Type: model.POST_EMBED_OPENGRAPH,
+						URL:  ogURL,
+						Data: &opengraph.OpenGraph{
+							Images: []*opengraph.Image{
+								{
+									URL:       server.URL + "/image.png",
+									SecureURL: imageURL,
+								},
+							},
+						},
+					},
+				},
+			},
+		}
+
+		images := th.App.getImagesForPost(post, []string{}, false)
+
+		assert.Equal(t, images, map[string]*model.PostImage{
+			imageURL: {
+				Width:  400,
+				Height: 500,
+			},
+		})
+	})
 }
 
 func TestGetEmojiNamesForString(t *testing.T) {