zulip/zerver/lib/avatar_hash.py

import hashlib

from django.conf import settings

from zerver.models import UserProfile


def gravatar_hash(email: str) -> str:
    """Compute the Gravatar hash for an email address."""
    # Non-ASCII characters aren't permitted by the currently active e-mail
    # RFCs. However, the IETF has published https://tools.ietf.org/html/rfc4952,
    # outlining internationalization of email addresses, and regardless if we
    # typo an address or someone manages to give us a non-ASCII address, let's
    # not error out on it.
    return hashlib.md5(email.lower().encode()).hexdigest()


def user_avatar_hash(uid: str, version: str) -> str:
    # WARNING: If this method is changed, you may need to do a migration
    # similar to zerver/migrations/0060_move_avatars_to_be_uid_based.py .

    # The salt prevents unauthenticated clients from enumerating the
    # avatars of all users.
    user_key = uid + ":" + version + ":" + settings.AVATAR_SALT
    return hashlib.sha256(user_key.encode()).hexdigest()[:40]


def user_avatar_path(user_profile: UserProfile, future: bool = False) -> str:
    # 'future' is if this is for the current avatar version, of the next one.
    return user_avatar_base_path_from_ids(
        user_profile.id, user_profile.avatar_version + (1 if future else 0), user_profile.realm_id
    )


def user_avatar_base_path_from_ids(user_profile_id: int, version: int, realm_id: int) -> str:
    user_id_hash = user_avatar_hash(str(user_profile_id), str(version))
    return f"{realm_id}/{user_id_hash}"


def user_avatar_content_hash(ldap_avatar: bytes) -> str:
    return hashlib.sha256(ldap_avatar).hexdigest()
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-06-11 00:54:34 +02:00			`import hashlib`

avatar: Move avatar hash computations to their own file. 2016-09-28 00:12:18 +02:00			`from django.conf import settings`

zerver/lib: Use Python 3 syntax for typing for several files. This adds a number of annotations that had been missed in previous passes. 2017-11-27 05:27:04 +01:00			`from zerver.models import UserProfile`
mypy: Add UserProfile import in avatar_hash.py. 2017-03-05 05:24:47 +01:00
avatar: Move avatar hash computations to their own file. 2016-09-28 00:12:18 +02:00
zerver/lib: Change use of typing.Text to str. 2018-05-10 19:13:36 +02:00			`def gravatar_hash(email: str) -> str:`
avatar: Move avatar hash computations to their own file. 2016-09-28 00:12:18 +02:00			`"""Compute the Gravatar hash for an email address."""`
			`# Non-ASCII characters aren't permitted by the currently active e-mail`
			`# RFCs. However, the IETF has published https://tools.ietf.org/html/rfc4952,`
			`# outlining internationalization of email addresses, and regardless if we`
			`# typo an address or someone manages to give us a non-ASCII address, let's`
			`# not error out on it.`
utils: Remove make_safe_digest wrapper. It’s unclear what was supposed to be “safe” about this wrapper. The hashlib API is fine without it, and we don’t want to encourage further use of SHA-1. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2023-07-19 00:44:51 +02:00			`return hashlib.md5(email.lower().encode()).hexdigest()`
avatar: Move avatar hash computations to their own file. 2016-09-28 00:12:18 +02:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00
avatars: Encode version into the filename. Hash the salt, user-id, and now avatar version into the filename. This allows the URL contents to be immutable, and thus to be marked as immutable and cacheable. Since avatars are served unauthenticated, hashing with a server-side salt makes the current and past avatars not enumerable. This requires plumbing the current (or future) avatar version through various parts of the upload process. Since this already requires a full migration of current avatars, also take the opportunity to fix the missing `.png` on S3 uploads (#12852). We switch from SHA-1 to SHA-256, but truncate it such that avatar URL data does not substantially increase in size. Fixes: #12852. 2024-06-13 14:57:18 +02:00			`def user_avatar_hash(uid: str, version: str) -> str:`
avatar_hash: Update a comment to reflect the current code. Also move a couple of comments inside the functions they describe, because they're about the implementation of the functions rather than their interface. 2017-06-27 00:12:15 +02:00			`# WARNING: If this method is changed, you may need to do a migration`
			`# similar to zerver/migrations/0060_move_avatars_to_be_uid_based.py .`

avatars: Encode version into the filename. Hash the salt, user-id, and now avatar version into the filename. This allows the URL contents to be immutable, and thus to be marked as immutable and cacheable. Since avatars are served unauthenticated, hashing with a server-side salt makes the current and past avatars not enumerable. This requires plumbing the current (or future) avatar version through various parts of the upload process. Since this already requires a full migration of current avatars, also take the opportunity to fix the missing `.png` on S3 uploads (#12852). We switch from SHA-1 to SHA-256, but truncate it such that avatar URL data does not substantially increase in size. Fixes: #12852. 2024-06-13 14:57:18 +02:00			`# The salt prevents unauthenticated clients from enumerating the`
			`# avatars of all users.`
			`user_key = uid + ":" + version + ":" + settings.AVATAR_SALT`
			`return hashlib.sha256(user_key.encode()).hexdigest()[:40]`
Refactor: Change user_avatar_hash with user_avatar_path at all calls. In this commit we change user_avatar_hash with user_avatar_path which now returns paths to avatars based on the email hash. Tweaked by tabbott to avoid an import loop. 2017-03-02 23:45:57 +01:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00
avatars: Encode version into the filename. Hash the salt, user-id, and now avatar version into the filename. This allows the URL contents to be immutable, and thus to be marked as immutable and cacheable. Since avatars are served unauthenticated, hashing with a server-side salt makes the current and past avatars not enumerable. This requires plumbing the current (or future) avatar version through various parts of the upload process. Since this already requires a full migration of current avatars, also take the opportunity to fix the missing `.png` on S3 uploads (#12852). We switch from SHA-1 to SHA-256, but truncate it such that avatar URL data does not substantially increase in size. Fixes: #12852. 2024-06-13 14:57:18 +02:00			`def user_avatar_path(user_profile: UserProfile, future: bool = False) -> str:`
			`# 'future' is if this is for the current avatar version, of the next one.`
			`return user_avatar_base_path_from_ids(`
			`user_profile.id, user_profile.avatar_version + (1 if future else 0), user_profile.realm_id`
			`)`
avatar_hash: Extract user_avatar_path_from_ids. 2017-05-10 06:40:07 +02:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00
avatars: Encode version into the filename. Hash the salt, user-id, and now avatar version into the filename. This allows the URL contents to be immutable, and thus to be marked as immutable and cacheable. Since avatars are served unauthenticated, hashing with a server-side salt makes the current and past avatars not enumerable. This requires plumbing the current (or future) avatar version through various parts of the upload process. Since this already requires a full migration of current avatars, also take the opportunity to fix the missing `.png` on S3 uploads (#12852). We switch from SHA-1 to SHA-256, but truncate it such that avatar URL data does not substantially increase in size. Fixes: #12852. 2024-06-13 14:57:18 +02:00			`def user_avatar_base_path_from_ids(user_profile_id: int, version: int, realm_id: int) -> str:`
			`user_id_hash = user_avatar_hash(str(user_profile_id), str(version))`
ruff: Fix RUF010 Use conversion in f-string. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2023-05-27 02:30:33 +02:00			`return f"{realm_id}/{user_id_hash}"`
ldap: Fix LDAP avatar synchronization to check if avatar has changed. When "manage.py sync_ldap_user_data" is run, user avatars are now only updated if they have changed in LDAP. Fixes #12381. 2019-06-28 00:10:58 +02:00
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2021-02-12 08:19:30 +01:00
ldap: Fix LDAP avatar synchronization to check if avatar has changed. When "manage.py sync_ldap_user_data" is run, user avatars are now only updated if they have changed in LDAP. Fixes #12381. 2019-06-28 00:10:58 +02:00			`def user_avatar_content_hash(ldap_avatar: bytes) -> str:`
			`return hashlib.sha256(ldap_avatar).hexdigest()`