Merge pull request #1825 from UlrichB22/gravatar

Use new gravatar hash routine
moinwiki · Jan 14, 2025 · c81d484 · c81d484
2 parents 0906e7b + 2be7f57
commit c81d484
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 14 deletions.
diff --git a/docs/admin/configure.rst b/docs/admin/configure.rst
@@ -377,6 +377,11 @@ service. To enable it, add or uncomment this line in wikiconfig::
 
     user_use_gravatar = True
 
+If a user is not registered with gravar.com, a default image can be specified using
+the parameter user_gravatar_default_img, this can be a publicly available URL or a
+keyword “mp”, “identicon”, “monsterid”, “wavatar”, “retro” or “robohash”, the default
+value is “blank” (see https://docs.gravatar.com/api/avatars/images/ for details).
+
 Please note that using the gravatar service has some privacy issues:
 
 * to register your image for your email at gravatar.com, you need to give them

diff --git a/src/moin/config/default.py b/src/moin/config/default.py
@@ -708,6 +708,7 @@ def __init__(self, exprstr):
                 "interwiki name of the wiki where the user home pages are located [Unicode] - useful if you have ''many'' users. You could even link to nonwiki \"user pages\" if the wiki username is in the target URL.",
             ),
             ("use_gravatar", False, "if True, gravatar.com will be used to find User's avatar"),
+            ("gravatar_default_img", "blank", "default image if email not registered at gravatar.com."),
         ),
     ),
     "mail": (

diff --git a/src/moin/config/wikiconfig.py b/src/moin/config/wikiconfig.py
@@ -97,6 +97,9 @@ class Config(DefaultConfig):
 
     # read about PRIVACY ISSUES in docs before uncommenting the line below to use gravatars
     # user_use_gravatar = True
+    # user_gravatar_default_img = "blank"  # or "mp", "identicon", "monsterid", "wavatar", "retro", "robohash".
+    # you can also supply a publicly available image URL with user_gravatar_default_img,
+    # see https://docs.gravatar.com/api/avatars/images/ for details
 
     # read about SECURITY ISSUES in docs before uncommenting the line below allowing users
     # to edit style attributes in HTML and Markdown items

diff --git a/src/moin/user.py b/src/moin/user.py
@@ -20,7 +20,6 @@
 
 import copy
 import hashlib
-import werkzeug
 from io import BytesIO
 
 from babel import parse_locale
@@ -29,6 +28,7 @@
 from flask import g as flaskg
 from flask import session, url_for, render_template
 from jinja2.runtime import Undefined
+from urllib.parse import urlencode
 
 from moin import wikiutil
 from moin.constants.contenttypes import CONTENTTYPE_USER
@@ -411,24 +411,22 @@ def avatar(self, size=30):
         if not app.cfg.user_use_gravatar:
             return None
 
-        from moin.themes import get_current_theme
-        from flask_theme import static_file_url
-
-        theme = get_current_theme()
+        if app.cfg.user_gravatar_default_img:
+            default = app.cfg.user_gravatar_default_img
+        else:
+            default = "blank"
 
         email = self.email
-        if not email:
-            return static_file_url(theme, theme.info.get("default_avatar", "img/default_avatar.png"))
 
-        param = {}
-        param["gravatar_id"] = hashlib.md5(email.lower()).hexdigest()
+        if not email:
+            logging.warning(f"User {self.name0} has no valid email, cannot create an avatar.")
+            return None
 
-        param["default"] = static_file_url(theme, theme.info.get("default_avatar", "img/default_avatar.png"), True)
+        email_encoded = email.lower().encode("utf-8")
+        email_hash = hashlib.sha256(email_encoded).hexdigest()
 
-        param["size"] = str(size)
-        # TODO: use same protocol of Moin site (might be https instead of http)]
-        gravatar_url = "http://www.gravatar.com/avatar.php?"
-        gravatar_url += werkzeug.url_encode(param)
+        query_params = urlencode({"d": default, "s": str(size)})
+        gravatar_url = f"https://www.gravatar.com/avatar/{email_hash}?{query_params}"
 
         return gravatar_url