diff --git a/docs/admin/configure.rst b/docs/admin/configure.rst index 5f1652bd1..da570ca93 100644 --- a/docs/admin/configure.rst +++ b/docs/admin/configure.rst @@ -377,6 +377,11 @@ service. To enable it, add or uncomment this line in wikiconfig:: user_use_gravatar = True +If a user is not registered with gravar.com, a default image can be specified using +the parameter user_gravatar_default_img, this can be a publicly available URL or a +keyword “mp”, “identicon”, “monsterid”, “wavatar”, “retro” or “robohash”, the default +value is “blank” (see https://docs.gravatar.com/api/avatars/images/ for details). + Please note that using the gravatar service has some privacy issues: * to register your image for your email at gravatar.com, you need to give them diff --git a/src/moin/config/default.py b/src/moin/config/default.py index 09bcf4c94..a9a583ae2 100644 --- a/src/moin/config/default.py +++ b/src/moin/config/default.py @@ -708,6 +708,7 @@ def __init__(self, exprstr): "interwiki name of the wiki where the user home pages are located [Unicode] - useful if you have ''many'' users. You could even link to nonwiki \"user pages\" if the wiki username is in the target URL.", ), ("use_gravatar", False, "if True, gravatar.com will be used to find User's avatar"), + ("gravatar_default_img", "blank", "default image if email not registered at gravatar.com."), ), ), "mail": ( diff --git a/src/moin/config/wikiconfig.py b/src/moin/config/wikiconfig.py index eb3e0e094..448ce0965 100644 --- a/src/moin/config/wikiconfig.py +++ b/src/moin/config/wikiconfig.py @@ -97,6 +97,9 @@ class Config(DefaultConfig): # read about PRIVACY ISSUES in docs before uncommenting the line below to use gravatars # user_use_gravatar = True + # user_gravatar_default_img = "blank" # or "mp", "identicon", "monsterid", "wavatar", "retro", "robohash". + # you can also supply a publicly available image URL with user_gravatar_default_img, + # see https://docs.gravatar.com/api/avatars/images/ for details # read about SECURITY ISSUES in docs before uncommenting the line below allowing users # to edit style attributes in HTML and Markdown items diff --git a/src/moin/user.py b/src/moin/user.py index a59f5da4d..08864322d 100644 --- a/src/moin/user.py +++ b/src/moin/user.py @@ -20,7 +20,6 @@ import copy import hashlib -import werkzeug from io import BytesIO from babel import parse_locale @@ -29,6 +28,7 @@ from flask import g as flaskg from flask import session, url_for, render_template from jinja2.runtime import Undefined +from urllib.parse import urlencode from moin import wikiutil from moin.constants.contenttypes import CONTENTTYPE_USER @@ -411,24 +411,22 @@ def avatar(self, size=30): if not app.cfg.user_use_gravatar: return None - from moin.themes import get_current_theme - from flask_theme import static_file_url - - theme = get_current_theme() + if app.cfg.user_gravatar_default_img: + default = app.cfg.user_gravatar_default_img + else: + default = "blank" email = self.email - if not email: - return static_file_url(theme, theme.info.get("default_avatar", "img/default_avatar.png")) - param = {} - param["gravatar_id"] = hashlib.md5(email.lower()).hexdigest() + if not email: + logging.warning(f"User {self.name0} has no valid email, cannot create an avatar.") + return None - param["default"] = static_file_url(theme, theme.info.get("default_avatar", "img/default_avatar.png"), True) + email_encoded = email.lower().encode("utf-8") + email_hash = hashlib.sha256(email_encoded).hexdigest() - param["size"] = str(size) - # TODO: use same protocol of Moin site (might be https instead of http)] - gravatar_url = "http://www.gravatar.com/avatar.php?" - gravatar_url += werkzeug.url_encode(param) + query_params = urlencode({"d": default, "s": str(size)}) + gravatar_url = f"https://www.gravatar.com/avatar/{email_hash}?{query_params}" return gravatar_url