ivatar issueshttps://git.linux-kernel.at/oliver/ivatar/-/issues2019-02-21T08:53:19Zhttps://git.linux-kernel.at/oliver/ivatar/-/issues/1Write INSTALL.md2019-02-21T08:53:19ZOliver Falkoliver@linux-kernel.atWrite INSTALL.mdThere's only 'TODO' in INSTALL.md at the moment. Write some real documentatino.There's only 'TODO' in INSTALL.md at the moment. Write some real documentatino.Feature complete - one month before go livehttps://git.linux-kernel.at/oliver/ivatar/-/issues/2Security check2019-02-21T08:52:03ZOliver Falkoliver@linux-kernel.atSecurity checkI believe there should be no real big security issue, but if someone could check, I'd appreciate!I believe there should be no real big security issue, but if someone could check, I'd appreciate!Feature complete - one month before go liveOliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/3gitlab: no ssh-based access to git repository2021-09-06T11:46:41ZGhost Usergitlab: no ssh-based access to git repositoryAn infrastructure wish: please enable the ssh transport for git. Thank you!An infrastructure wish: please enable the ssh transport for git. Thank you!https://git.linux-kernel.at/oliver/ivatar/-/issues/4s option: invalid value handling2021-09-06T11:46:53ZGhost Users option: invalid value handlingAssigning the empty string and just any non-integer value to the option `s` will cause a `ValueError` exception to be thrawn.
In this case Gravatar ignores the option[1] while my implementation returns a HTTP 400 error[2].
[1]: https:/...Assigning the empty string and just any non-integer value to the option `s` will cause a `ValueError` exception to be thrawn.
In this case Gravatar ignores the option[1] while my implementation returns a HTTP 400 error[2].
[1]: https://www.gravatar.com/avatar/4751ed9aae86881d2b45dd0512c3e14a?s=
[2]: https://avatars.bouledef.eu/avatar/4751ed9aae86881d2b45dd0512c3e14a?s=Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/5s option: size 02021-09-06T11:47:05ZGhost Users option: size 0According to Libravatar specification the correct image size a user can request should be between 1 and 512 inclusive. Here 0 (zero) is accepted but trigger a division by zero.
In this case Gravatar ignores the option[1] while my implem...According to Libravatar specification the correct image size a user can request should be between 1 and 512 inclusive. Here 0 (zero) is accepted but trigger a division by zero.
In this case Gravatar ignores the option[1] while my implementation returns a HTTP 400 error[2].
[1]: https://www.gravatar.com/avatar/4751ed9aae86881d2b45dd0512c3e14a?s=0
[2]: https://avatars.bouledef.eu/avatar/4751ed9aae86881d2b45dd0512c3e14a?s=0Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/6Add support for the f= switch2021-09-06T11:47:21ZGhost UserAdd support for the f= switchGravatar added a `f=` switch at some point which force the default image rather than the user avatar. It only accepts the value `y`.
It is documented in the section **Force Default** [here](https://en.gravatar.com/site/implement/images/).Gravatar added a `f=` switch at some point which force the default image rather than the user avatar. It only accepts the value `y`.
It is documented in the section **Force Default** [here](https://en.gravatar.com/site/implement/images/).Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/7Add support for long options2021-09-06T11:47:31ZGhost UserAdd support for long optionsAnother evolution from Gravatar is long options name. Every one-letter option now as a long alias :
* d: default
* f: forcedefault
* r: rating
* s: sizeAnother evolution from Gravatar is long options name. Every one-letter option now as a long alias :
* d: default
* f: forcedefault
* r: rating
* s: sizeOliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/8It's not possible to switch the theme now2021-09-06T11:47:41ZGhost UserIt's not possible to switch the theme nowWith the new default theme, there is no option to switch to alternative themes as there was before.With the new default theme, there is no option to switch to alternative themes as there was before.Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/9Login with OpenID should automatically add OpenID identity2018-12-05T15:48:21ZOliver Falkoliver@linux-kernel.atLogin with OpenID should automatically add OpenID identityIf you login with https://avatars.linux-kernel.at/openid/login/, it will not automatically create your OpenID identity, but it should, since it's kinda confirmed at that point already.If you login with https://avatars.linux-kernel.at/openid/login/, it will not automatically create your OpenID identity, but it should, since it's kinda confirmed at that point already.Additional features (not required for go-live)Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/10OpenID login redirects to *openshift2018-11-23T11:49:16ZOliver Falkoliver@linux-kernel.atOpenID login redirects to *openshiftFix redirect to go where you came from.Fix redirect to go where you came from.Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/12e.g. ".well-known/avatars" as an alternative/addition to DNS SRV for federate...2022-12-30T12:37:46ZOliver Falkoliver@linux-kernel.ate.g. ".well-known/avatars" as an alternative/addition to DNS SRV for federated libravatars?Looking at [WebFinger](https://webfinger.net/) and its [avatar link](https://webfinger.net/rel/avatar/) rel I was wondering if one could use a .well-known/avatars or something similar as an alternative/addition to DNS SRV records federat...Looking at [WebFinger](https://webfinger.net/) and its [avatar link](https://webfinger.net/rel/avatar/) rel I was wondering if one could use a .well-known/avatars or something similar as an alternative/addition to DNS SRV records federated avatars server?
E.g. either add something like:
https://example.com/.well-known/avatars
or
https://example.com/.well-known/avatars-server
which responds with the avatars-server (and maybe port/path) to [Well-Known URIs](https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml)?
Or maybe it would fit better to use [RFC 6415](https://tools.ietf.org/html/rfc6415)'s .well-known/host-meta or even [WebFinger](https://webfinger.net/)?Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/13Add RoboHash?2019-02-21T08:51:43ZOliver Falkoliver@linux-kernel.atAdd RoboHash?If we want RoboHash, this should receive some votes, else, I'll not care too much:
https://github.com/e1ven/RobohashIf we want RoboHash, this should receive some votes, else, I'll not care too much:
https://github.com/e1ven/RobohashAdditional features (not required for go-live)Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/14raw_image/<id> should not be accessible to _every_ logged in user2018-11-12T15:25:37ZOliver Falkoliver@linux-kernel.atraw_image/<id> should not be accessible to _every_ logged in userAt the moment the raw/original image can be access by every logged in person, this poses a bit of a security leak. Eg. https://avatars.linux-kernel.at/accounts/raw_image/12At the moment the raw/original image can be access by every logged in person, this poses a bit of a security leak. Eg. https://avatars.linux-kernel.at/accounts/raw_image/12Go-LiveOliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/15Exception on avatar importing2021-09-06T11:48:12ZGhost UserException on avatar importingHello Oliver,
I got the following exception when I tried to import avatar from gravatar (this was automatically offered to me after email confirmation).
```
DataError at /accounts/import_photo/1
invalid input syntax for type inet: "('2...Hello Oliver,
I got the following exception when I tried to import avatar from gravatar (this was automatically offered to me after email confirmation).
```
DataError at /accounts/import_photo/1
invalid input syntax for type inet: "('213.175.37.10', True)"
LINE 1: ... '2018-11-13T15:37:48.762539+00:00'::timestamptz, '(''213.17...
^
Request Method: POST
Request URL: http://libravatar-stg.fedorainfracloud.org/accounts/import_photo/1
Django Version: 2.1.2
Exception Type: DataError
Exception Value:
invalid input syntax for type inet: "('213.175.37.10', True)"
LINE 1: ... '2018-11-13T15:37:48.762539+00:00'::timestamptz, '(''213.17...
^
Exception Location: /mnt/data/.virtualenv/lib/python3.6/site-packages/django/db/backends/utils.py in _execute, line 85
Python Executable: /usr/bin/python3
Python Version: 3.6.6
Python Path:
['/srv/libravatar',
'/mnt/data/.virtualenv/lib64/python36.zip',
'/mnt/data/.virtualenv/lib64/python3.6',
'/mnt/data/.virtualenv/lib64/python3.6/lib-dynload',
'/usr/lib64/python3.6',
'/usr/lib/python3.6',
'/mnt/data/.virtualenv/lib/python3.6/site-packages']
Server time: Tue, 13 Nov 2018 15:37:49 +0000
```Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/16Importing pictures from another libravatar instance is broken2021-09-06T11:48:18ZGhost UserImporting pictures from another libravatar instance is brokenThe function `get_context_data` in the class `ImportPhotoView` from the `ivatar/ivataraccount/views.py` file generates a broken URL.
In this snippet the variable `libravatar_service_url` already contains an option at the end, namely '?d...The function `get_context_data` in the class `ImportPhotoView` from the `ivatar/ivataraccount/views.py` file generates a broken URL.
In this snippet the variable `libravatar_service_url` already contains an option at the end, namely '?d=404' :
```
libravatar_service_url = libravatar_url(
email=addr,
default=404,
)
```
A few lines later '?s=512' or '?s=80' is concatenated.Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/17Error 500 on invalid size option2021-09-06T11:48:25ZGhost UserError 500 on invalid size optionWhen requesting an avatar with a non-integer size such as the word “mille” (or anything else) ivatar seems to crash and returns a HTTP 500 error code.
Example:
```curl -i https://avatars.linux-kernel.at/avatar/4751ed9aae86881d2b45dd051...When requesting an avatar with a non-integer size such as the word “mille” (or anything else) ivatar seems to crash and returns a HTTP 500 error code.
Example:
```curl -i https://avatars.linux-kernel.at/avatar/4751ed9aae86881d2b45dd0512c3e14a?s=mille```
Issue found with my tests script `ivatar.t`.Feature complete - one month before go liveOliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/18The MysteryMan avatar is returned when a non-existing user is requested with ...2021-09-06T11:43:00ZGhost UserThe MysteryMan avatar is returned when a non-existing user is requested with an empty default optionWhen an avatar is requested with a malformed `default` option with no value on a non-existing user the 'mm.png' file is returned.
Example:
```
curl -i https://avatars.linux-kernel.at/avatar/nobodyasdasdasdasdashdakhdkjhkaa?d=
```
Whil...When an avatar is requested with a malformed `default` option with no value on a non-existing user the 'mm.png' file is returned.
Example:
```
curl -i https://avatars.linux-kernel.at/avatar/nobodyasdasdasdasdashdakhdkjhkaa?d=
```
While not technically against the API this is not the behaviour of both Libravatar 0.1 and Gravatar, where the default 'nobody.png' file is used instead. This is mentioned briefly, although I think not very clearly, in the documentation:
> d or default parameter defaults to the Libravatar logo
Issue found with my tests script `ivatar.t`.Feature complete - one month before go liveOliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/19Wrong size is returned for default=retro and default=identicon2021-09-06T11:42:47ZGhost UserWrong size is returned for default=retro and default=identiconWhen an avatar is requested with a default option of 'retro' or 'identicon' on a non-existing user a wrongly sized image is returned. This image will always be 20px large.
Example:
```
https://avatars.linux-kernel.at/avatar/nobodyasdas...When an avatar is requested with a default option of 'retro' or 'identicon' on a non-existing user a wrongly sized image is returned. This image will always be 20px large.
Example:
```
https://avatars.linux-kernel.at/avatar/nobodyasdasdasdasdashdakhdkjhkaa?s=80&d=retro
```
This image will be 100 pixels wide.
Issue found with my tests script `ivatar.t`.Feature complete - one month before go liveOliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/20nobody.png is returned instead of MysteryMan2021-09-06T11:48:41ZGhost Usernobody.png is returned instead of MysteryManNow it is the other way around ! :laughing:
When requesting a non existing user's avatar with a `default` option of 'mm' or 'mp' the nobody.png picture is returned instead of 'mm.png'.
Example:
```
curl -L https://avatars.linux-kerne...Now it is the other way around ! :laughing:
When requesting a non existing user's avatar with a `default` option of 'mm' or 'mp' the nobody.png picture is returned instead of 'mm.png'.
Example:
```
curl -L https://avatars.linux-kernel.at/avatar/4751ed9aae86881d2b45dd0512c3e14a?d=mm&f=y
```
This regression doesn't affect values of 'identicon' or 'retro'.Oliver Falkoliver@linux-kernel.atOliver Falkoliver@linux-kernel.athttps://git.linux-kernel.at/oliver/ivatar/-/issues/21Requests with a negative size option crash ivatar2021-09-06T11:48:47ZGhost UserRequests with a negative size option crash ivatarExample:
```
curl -i "https://avatars.linux-kernel.at/avatar/4751ed9aae86881d2b45dd0512c3e14a?s=-19"
```
This produce an uncatched ValueError exception with the following message: “height and width must be > 0”.
My implementation retu...Example:
```
curl -i "https://avatars.linux-kernel.at/avatar/4751ed9aae86881d2b45dd0512c3e14a?s=-19"
```
This produce an uncatched ValueError exception with the following message: “height and width must be > 0”.
My implementation returns an HTTP status code 400 while libravatar returns an image with the default size.