Class: UserAvatar

Inherits:

ActiveRecord::Base

• Object
• ActiveRecord::Base
• UserAvatar

Defined in:

app/models/user_avatar.rb

Constant Summary

@@custom_user_gravatar_email_hash =

{
  Discourse::SYSTEM_USER_ID => User.email_hash("info@discourse.org"),
}

Class Method Summary

• .ensure_consistency!(max_optimized_avatars_to_remove: 20_000) ⇒ Object
• .external_avatar_template(user_id, upload_id) ⇒ Object
• .external_avatar_url(user_id, upload_id, size) ⇒ Object
• .import_url_for_user(avatar_url, user, options = nil) ⇒ Object
• .local_avatar_template(hostname, username, upload_id) ⇒ Object
• .local_avatar_url(hostname, username, upload_id, size) ⇒ Object
• .register_custom_user_gravatar_email_hash(user_id, email) ⇒ Object
• .version(upload_id) ⇒ Object

Instance Method Summary

• #contains_upload?(id) ⇒ Boolean
• #update_gravatar! ⇒ Object

Class Method Details

.ensure_consistency!(max_optimized_avatars_to_remove: 20_000) ⇒ Object

# File 'app/models/user_avatar.rb', line 154

def self.ensure_consistency!(max_optimized_avatars_to_remove: 20_000)
  DB.exec <<~SQL
    UPDATE user_avatars
    SET gravatar_upload_id = NULL
    WHERE gravatar_upload_id IN (
      SELECT u1.gravatar_upload_id FROM user_avatars u1
      LEFT JOIN uploads up
        ON u1.gravatar_upload_id = up.id
      WHERE u1.gravatar_upload_id IS NOT NULL AND
        up.id IS NULL
    )
  SQL

  DB.exec <<~SQL
    UPDATE user_avatars
    SET custom_upload_id = NULL
    WHERE custom_upload_id IN (
      SELECT u1.custom_upload_id FROM user_avatars u1
      LEFT JOIN uploads up
        ON u1.custom_upload_id = up.id
      WHERE u1.custom_upload_id IS NOT NULL AND
        up.id IS NULL
    )
  SQL

  ids =
    DB.query_single(<<~SQL, sizes: Discourse.avatar_sizes, limit: max_optimized_avatars_to_remove)
    SELECT oi.id FROM user_avatars a
    JOIN optimized_images oi ON oi.upload_id = a.custom_upload_id
    LEFT JOIN upload_references ur ON ur.upload_id = a.custom_upload_id and ur.target_type <> 'UserAvatar'
    WHERE oi.width not in (:sizes) AND oi.height not in (:sizes) AND ur.upload_id IS NULL
    LIMIT :limit
  SQL

  warnings_reported = 0

  ids.each do |id|
    begin
      OptimizedImage.find(id).destroy!
    rescue ActiveRecord::RecordNotFound
    rescue => e
      if warnings_reported < 10
        Discourse.warn_exception(e, message: "Failed to remove optimized image")
        warnings_reported += 1
      end
    end
  end
end

.external_avatar_template(user_id, upload_id) ⇒ Object

# File 'app/models/user_avatar.rb', line 101

def self.external_avatar_template(user_id, upload_id)
  version = self.version(upload_id)
  "#{Discourse.store.absolute_base_url}/avatars/#{user_id}/{size}/#{version}.png"
end

.external_avatar_url(user_id, upload_id, size) ⇒ Object

# File 'app/models/user_avatar.rb', line 97

def self.external_avatar_url(user_id, upload_id, size)
  self.external_avatar_template(user_id, upload_id).gsub("{size}", size.to_s)
end

.import_url_for_user(avatar_url, user, options = nil) ⇒ Object

# File 'app/models/user_avatar.rb', line 110

def self.import_url_for_user(avatar_url, user, options = nil)
  if SiteSetting.verbose_upload_logging
    Rails.logger.warn("Verbose Upload Logging: Downloading sso-avatar from #{avatar_url}")
  end

  tempfile =
    FileHelper.download(
      avatar_url,
      max_file_size: SiteSetting.max_image_size_kb.kilobytes,
      tmp_file_name: "sso-avatar",
      follow_redirect: true,
      skip_rate_limit: !!options&.fetch(:skip_rate_limit, false),
    )

  return unless tempfile

  ext = FastImage.type(tempfile).to_s
  tempfile.rewind

  upload =
    UploadCreator.new(
      tempfile,
      "external-avatar." + ext,
      origin: avatar_url,
      type: "avatar",
    ).create_for(user.id)

  user.create_user_avatar! unless user.user_avatar

  if !user.user_avatar.contains_upload?(upload.id)
    user.user_avatar.update!(custom_upload_id: upload.id)
    override_gravatar = !options || options[:override_gravatar]

    if user.uploaded_avatar_id.nil? ||
         !user.user_avatar.contains_upload?(user.uploaded_avatar_id) || override_gravatar
      user.update!(uploaded_avatar_id: upload.id)
    end
  end
rescue Net::ReadTimeout, OpenURI::HTTPError, FinalDestination::SSRFError
  # Skip saving. We are not connected to the net, or SSRF checks failed.
ensure
  tempfile.close! if tempfile && tempfile.respond_to?(:close!)
end

.local_avatar_template(hostname, username, upload_id) ⇒ Object

# File 'app/models/user_avatar.rb', line 92

def self.local_avatar_template(hostname, username, upload_id)
  version = self.version(upload_id)
  "#{Discourse.base_path}/user_avatar/#{hostname}/#{username}/{size}/#{version}.png"
end

.local_avatar_url(hostname, username, upload_id, size) ⇒ Object

# File 'app/models/user_avatar.rb', line 88

def self.local_avatar_url(hostname, username, upload_id, size)
  self.local_avatar_template(hostname, username, upload_id).gsub("{size}", size.to_s)
end

.register_custom_user_gravatar_email_hash(user_id, email) ⇒ Object

# File 'app/models/user_avatar.rb', line 20

def self.register_custom_user_gravatar_email_hash(user_id, email)
  @@custom_user_gravatar_email_hash[user_id] = User.email_hash(email)
end

.version(upload_id) ⇒ Object

# File 'app/models/user_avatar.rb', line 106

def self.version(upload_id)
  "#{upload_id}_#{OptimizedImage::VERSION}"
end

Instance Method Details

#contains_upload?(id) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/user_avatar.rb', line 24

def contains_upload?(id)
  gravatar_upload_id == id || custom_upload_id == id
end

#update_gravatar! ⇒ Object

# File 'app/models/user_avatar.rb', line 28

def update_gravatar!
  DistributedMutex.synchronize("update_gravatar_#{user_id}") do
    begin
      self.update!(last_gravatar_download_attempt: Time.zone.now)

      max = Discourse.avatar_sizes.max

      # The user could be deleted before this executes
      return if user.blank? || user.primary_email.blank?

      email_hash = @@custom_user_gravatar_email_hash[user_id] || user.email_hash
      gravatar_url =
        "https://#{SiteSetting.gravatar_base_url}/avatar/#{email_hash}.png?s=#{max}&d=404&reset_cache=#{SecureRandom.urlsafe_base64(5)}"

      if SiteSetting.verbose_upload_logging
        Rails.logger.warn("Verbose Upload Logging: Downloading gravatar from #{gravatar_url}")
      end

      # follow redirects in case gravatar change rules on us
      tempfile =
        FileHelper.download(
          gravatar_url,
          max_file_size: SiteSetting.max_image_size_kb.kilobytes,
          tmp_file_name: "gravatar",
          skip_rate_limit: true,
          verbose: false,
          follow_redirect: true,
        )

      if tempfile
        ext = File.extname(tempfile)
        ext = ".png" if ext.blank?

        upload =
          UploadCreator.new(
            tempfile,
            "gravatar#{ext}",
            origin: gravatar_url,
            type: "avatar",
            for_gravatar: true,
          ).create_for(user_id)

        if gravatar_upload_id != upload.id
          User.transaction do
            if gravatar_upload_id && user.uploaded_avatar_id == gravatar_upload_id
              user.update!(uploaded_avatar_id: upload.id)
            end

            self.update!(gravatar_upload: upload)
          end
        end
      end
    rescue OpenURI::HTTPError => e
      raise e if e.io&.status[0].to_i != 404
    ensure
      tempfile&.close!
    end
  end
end