ivatar issueshttps://git.linux-kernel.at/oliver/ivatar/-/issues2021-09-06T11:42:47Zhttps://git.linux-kernel.at/oliver/ivatar/-/issues/19Wrong size is returned for default=retro and default=identicon2021-09-06T11:42:47ZGhost UserWrong size is returned for default=retro and default=identiconWhen an avatar is requested with a default option of 'retro' or 'identicon' on a non-existing user a wrongly sized image is returned. This image will always be 20px large.
Example:
```
https://avatars.linux-kernel.at/avatar/nobodyasdas...When an avatar is requested with a default option of 'retro' or 'identicon' on a non-existing user a wrongly sized image is returned. This image will always be 20px large.
Example:
```
https://avatars.linux-kernel.at/avatar/nobodyasdasdasdasdashdakhdkjhkaa?s=80&d=retro
```
This image will be 100 pixels wide.
Issue found with my tests script `ivatar.t`.Feature complete - one month before go liveOliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/18The MysteryMan avatar is returned when a non-existing user is requested with ...2021-09-06T11:43:00ZGhost UserThe MysteryMan avatar is returned when a non-existing user is requested with an empty default optionWhen an avatar is requested with a malformed `default` option with no value on a non-existing user the 'mm.png' file is returned.
Example:
```
curl -i https://avatars.linux-kernel.at/avatar/nobodyasdasdasdasdashdakhdkjhkaa?d=
```
Whil...When an avatar is requested with a malformed `default` option with no value on a non-existing user the 'mm.png' file is returned.
Example:
```
curl -i https://avatars.linux-kernel.at/avatar/nobodyasdasdasdasdashdakhdkjhkaa?d=
```
While not technically against the API this is not the behaviour of both Libravatar 0.1 and Gravatar, where the default 'nobody.png' file is used instead. This is mentioned briefly, although I think not very clearly, in the documentation:
> d or default parameter defaults to the Libravatar logo
Issue found with my tests script `ivatar.t`.Feature complete - one month before go liveOliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/17Error 500 on invalid size option2021-09-06T11:48:25ZGhost UserError 500 on invalid size optionWhen requesting an avatar with a non-integer size such as the word “mille” (or anything else) ivatar seems to crash and returns a HTTP 500 error code.
Example:
```curl -i https://avatars.linux-kernel.at/avatar/4751ed9aae86881d2b45dd051...When requesting an avatar with a non-integer size such as the word “mille” (or anything else) ivatar seems to crash and returns a HTTP 500 error code.
Example:
```curl -i https://avatars.linux-kernel.at/avatar/4751ed9aae86881d2b45dd0512c3e14a?s=mille```
Issue found with my tests script `ivatar.t`.Feature complete - one month before go liveOliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/2Security check2019-02-21T08:52:03ZOliver Falkoliver@linux-kernel.atSecurity checkI believe there should be no real big security issue, but if someone could check, I'd appreciate!I believe there should be no real big security issue, but if someone could check, I'd appreciate!Feature complete - one month before go liveOliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/1Write INSTALL.md2019-02-21T08:53:19ZOliver Falkoliver@linux-kernel.atWrite INSTALL.mdThere's only 'TODO' in INSTALL.md at the moment. Write some real documentatino.There's only 'TODO' in INSTALL.md at the moment. Write some real documentatino.Feature complete - one month before go livehttps://git.linux-kernel.at/oliver/ivatar/-/issues/14raw_image/<id> should not be accessible to _every_ logged in user2018-11-12T15:25:37ZOliver Falkoliver@linux-kernel.atraw_image/<id> should not be accessible to _every_ logged in userAt the moment the raw/original image can be access by every logged in person, this poses a bit of a security leak. Eg. https://avatars.linux-kernel.at/accounts/raw_image/12At the moment the raw/original image can be access by every logged in person, this poses a bit of a security leak. Eg. https://avatars.linux-kernel.at/accounts/raw_image/12Go-LiveOliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/87Add webp support2022-12-06T18:10:22ZOliver Falkoliver@linux-kernel.atAdd webp supportIt would be great to use WebP (or even AVIF) for the generated avatar icons by appending the file extension as a suffix in the URL.
https://caniuse.com/webp
https://caniuse.com/avif
Then the website that uses Libravatar can choose if ...It would be great to use WebP (or even AVIF) for the generated avatar icons by appending the file extension as a suffix in the URL.
https://caniuse.com/webp
https://caniuse.com/avif
Then the website that uses Libravatar can choose if they want it in PNG or WebP format.
https://www.libravatar.org/static/img/nobody/80.png -- works today
https://www.libravatar.org/static/img/nobody/80.webp -- does not work
https://www.libravatar.org/avatar/23463b99b62a72f26ed677cc556c44e8?s=80 -- works today
https://www.libravatar.org/avatar/23463b99b62a72f26ed677cc556c44e8.webp?s=80 -- does not workWinter Sprint 2022Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/69Automatically associate added emails with "other service" default2021-09-16T11:27:12ZGhost UserAutomatically associate added emails with "other service" defaultI've been importing all my previous email associated to Gravatar, however the experience was a bit annoying as I was expecting this to set the previously used image as default for such email, instead of having me to redo the same process...I've been importing all my previous email associated to Gravatar, however the experience was a bit annoying as I was expecting this to set the previously used image as default for such email, instead of having me to redo the same process for them all (and I had like 8 with different images).
So, please... I like the idea of a free service, but make the migration a nicer experience.Winter Sprint 2022Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/59Email in settings is not editable2021-09-06T11:54:03ZGhost UserEmail in settings is not editableGo to `/accounts/pref/`
There is only one option - email, and you can't edit it
Maybe change it to a select with verified emailsGo to `/accounts/pref/`
There is only one option - email, and you can't edit it
Maybe change it to a select with verified emailsWinter Sprint 2022Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/95Logout leading to HTTP error 4052024-01-16T14:00:42ZOliver Falkoliver@linux-kernel.atLogout leading to HTTP error 405Django 5 deprecated logout via GET request - only POST is allowed.
Reference: https://docs.djangoproject.com/en/5.0/releases/5.0/#features-removed-in-5-0
Also partially outlined here: https://codereviewdoctor.medium.com/3-awesome-django...Django 5 deprecated logout via GET request - only POST is allowed.
Reference: https://docs.djangoproject.com/en/5.0/releases/5.0/#features-removed-in-5-0
Also partially outlined here: https://codereviewdoctor.medium.com/3-awesome-django-4-1-changes-1-is-a-logout-deprecation-you-need-to-know-about-1d8166ccbdb2
This needs to be fixed in navigation and home pages.https://git.linux-kernel.at/oliver/ivatar/-/issues/92Dicebear implementation needs update2023-02-01T16:17:39ZOliver Falkoliver@linux-kernel.atDicebear implementation needs updateAllowed URLs need an update: https://git.linux-kernel.at/oliver/ivatar/-/blob/master/config.py#L213
Dicebear API docs: https://dicebear.com/how-to-use/http-api
Maybe keep the 'avatars' subdomain and just add the 'api' subdomain in case...Allowed URLs need an update: https://git.linux-kernel.at/oliver/ivatar/-/blob/master/config.py#L213
Dicebear API docs: https://dicebear.com/how-to-use/http-api
Maybe keep the 'avatars' subdomain and just add the 'api' subdomain in case it would break some implementation.Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/91Error 500 if trying to confirm a mail address that is already confirmed for a...2023-01-24T21:00:19ZOliver Falkoliver@linux-kernel.atError 500 if trying to confirm a mail address that is already confirmed for another userError logged:
```
IntegrityError at /accounts/confirm_email/<verify digest>
duplicate key value violates unique constraint "ivataraccount_confirmedemail_email_key"
DETAIL: Key (email)=(<some mail address>) already exists.
```Error logged:
```
IntegrityError at /accounts/confirm_email/<verify digest>
duplicate key value violates unique constraint "ivataraccount_confirmedemail_email_key"
DETAIL: Key (email)=(<some mail address>) already exists.
```Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/90Trusted URLs improvements/refactors2022-09-15T17:06:45ZSeth Falcoseth@falco.funTrusted URLs improvements/refactorsJust making some notes to resolve later if you don't disagree with them anyway:
* Given that the list of TRUSTED_DEFAULT_URLs can be overridden, it's probably best to handle None explicitly.
* Add backward compatibility to work with stri...Just making some notes to resolve later if you don't disagree with them anyway:
* Given that the list of TRUSTED_DEFAULT_URLs can be overridden, it's probably best to handle None explicitly.
* Add backward compatibility to work with string literals and check the start of the string.Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/89Password reset raises error if multiple accounts with the same mail address e...2022-11-17T11:39:14ZOliver Falkoliver@linux-kernel.atPassword reset raises error if multiple accounts with the same mail address existLog from the error:
```
Internal Server Error: /accounts/password_reset/
Traceback (most recent call last):
File "/data/venvs/libravatar/lib/python3.10/site-packages/django/core/handlers/exception.py", line 47, in inner
response =...Log from the error:
```
Internal Server Error: /accounts/password_reset/
Traceback (most recent call last):
File "/data/venvs/libravatar/lib/python3.10/site-packages/django/core/handlers/exception.py", line 47, in inner
response = get_response(request)
File "/data/venvs/libravatar/lib/python3.10/site-packages/django/core/handlers/base.py", line 181, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/data/venvs/libravatar/lib/python3.10/site-packages/django/views/generic/base.py", line 70, in view
return self.dispatch(request, *args, **kwargs)
File "/data/venvs/libravatar/lib/python3.10/site-packages/django/utils/decorators.py", line 43, in _wrapper
return bound_method(*args, **kwargs)
File "/data/venvs/libravatar/lib/python3.10/site-packages/django/utils/decorators.py", line 130, in _wrapped_view
response = view_func(request, *args, **kwargs)
File "/data/venvs/libravatar/lib/python3.10/site-packages/django/contrib/auth/views.py", line 222, in dispatch
return super().dispatch(*args, **kwargs)
File "/data/venvs/libravatar/lib/python3.10/site-packages/django/views/generic/base.py", line 98, in dispatch
return handler(request, *args, **kwargs)
File "/srv/libravatar/ivatar/ivataraccount/views.py", line 1084, in post
user = User.objects.get(email=request.POST["email"])
File "/data/venvs/libravatar/lib/python3.10/site-packages/django/db/models/manager.py", line 85, in manager_method
return getattr(self.get_queryset(), name)(*args, **kwargs)
File "/data/venvs/libravatar/lib/python3.10/site-packages/django/db/models/query.py", line 439, in get
raise self.model.MultipleObjectsReturned(
django.contrib.auth.models.User.MultipleObjectsReturned: get() returned more than one User -- it returned 4!
```Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/86Missing Cache-Control headers2022-12-30T12:26:39ZDaniel AleksandersenMissing Cache-Control headersHi,
There’s quite a few responses that are missing `Cache-Control` headers. Especially the 404 not found responses (default image), redirects, and even when an avatar image is found and served.
Secondarily, the cache efficiency can be ...Hi,
There’s quite a few responses that are missing `Cache-Control` headers. Especially the 404 not found responses (default image), redirects, and even when an avatar image is found and served.
Secondarily, the cache efficiency can be increased significantly by adding `stale-while-revalidate` handling (e.g. `Cache-Cotrol: max-age=600,stale-while-revalidate=259200`.) Intermediary caches and even browsers will keep using a cached image and revalidate and update the cached image in the background. (So, the page load isn’t delayed after the `max-age` has expired.) It lets you keep a short 15-min max-age while still letting browsers use a cached image for a month.Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/85Matrix contact details2021-09-06T12:18:16ZGhost UserMatrix contact detailsSince I didn't manage to fork the project on this gitlab instance due to project restrictions, I just provide this handy patch, that should provide an updated version of the contact page.
It's a first draft, so feel free to criticise an...Since I didn't manage to fork the project on this gitlab instance due to project restrictions, I just provide this handy patch, that should provide an updated version of the contact page.
It's a first draft, so feel free to criticise and adjust :)
[0001-Add-newer-version-of-matrix-contact-page.patch](/uploads/7c01d8cd8d94e357b463fc380b650ef6/0001-Add-newer-version-of-matrix-contact-page.patch)Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/84Support for self signed certificates - openid2022-12-30T12:25:48ZMinecraftchest1Support for self signed certificates - openidWhen logging in with an openid connect provider that uses a self-signed cert (such as a self-hosted keycloak install), the following error is generated.
```
OpenID discovery failed: Error fetching XRDS document: <urlopen error [SSL: CERT...When logging in with an openid connect provider that uses a self-signed cert (such as a self-hosted keycloak install), the following error is generated.
```
OpenID discovery failed: Error fetching XRDS document: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1056)>
```
![image](/uploads/17c6d103dfd7481a10b29287aabbb858/image.png)Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/83Verification links not working2021-09-06T12:18:00ZGhost UserVerification links not workingWhen adding a new email address on my install, the verification links don't seem to work. The links have a different hash than the database table. When I take the hash from the database and use it in the link, it works. I tested this ...When adding a new email address on my install, the verification links don't seem to work. The links have a different hash than the database table. When I take the hash from the database and use it in the link, it works. I tested this using both the SQLite and PostgreSQL options.Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.at2021-04-16https://git.linux-kernel.at/oliver/ivatar/-/issues/81No module named 'PIL2021-09-06T12:17:47ZGhost UserNo module named 'PILWhen installing on my RaspberryPi, I get this error when running `pip install -r requirements.txt`
```
ERROR: Command errored out with exit status 1:
command: /opt/ivatar/ivatar/.virtualenv/bin/python3 -c 'import sys, setuptools, to...When installing on my RaspberryPi, I get this error when running `pip install -r requirements.txt`
```
ERROR: Command errored out with exit status 1:
command: /opt/ivatar/ivatar/.virtualenv/bin/python3 -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-req-build-9qiryzy2/setup.py'"'"'; __file__='"'"'/tmp/pip-req-build-9qiryzy2/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' egg_info --egg-base /tmp/pip-pip-egg-info-ofy7p5ap
cwd: /tmp/pip-req-build-9qiryzy2/
Complete output (7 lines):
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/tmp/pip-req-build-9qiryzy2/setup.py", line 4, in <module>
import Identicon
File "/tmp/pip-req-build-9qiryzy2/Identicon/__init__.py", line 6, in <module>
from PIL import Image, ImageDraw
ModuleNotFoundError: No module named 'PIL'
----------------------------------------
WARNING: Discarding git+https://github.com/flavono123/identicon.git. Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.
ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.
```Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/80No confirmation email2021-09-06T12:17:40ZGhost UserNo confirmation emailHello there,
I am using this service for a while now,
when I use google, yahoo ..etc email, it's completely fine, I can just ask for a confirmation email, and done.
But this can't be done with "@outlook" email.
I have checked the inbox a...Hello there,
I am using this service for a while now,
when I use google, yahoo ..etc email, it's completely fine, I can just ask for a confirmation email, and done.
But this can't be done with "@outlook" email.
I have checked the inbox and junk as well.
Thank you.Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.at