zulip/zerver/lib/avatar.py

from __future__ import absolute_import
from django.conf import settings

import hashlib
from zerver.lib.utils import make_safe_digest
if False:
    from zerver.models import UserProfile

from six import text_type

def gravatar_hash(email):
    # type: (text_type) -> text_type
    """Compute the Gravatar hash for an email address."""
    # Non-ASCII characters aren't permitted by the currently active e-mail
    # RFCs. However, the IETF has published https://tools.ietf.org/html/rfc4952,
    # outlining internationalization of email addresses, and regardless if we
    # typo an address or someone manages to give us a non-ASCII address, let's
    # not error out on it.
    return make_safe_digest(email.lower(), hashlib.md5)

def user_avatar_hash(email):
    # type: (text_type) -> text_type
    # Salting the user_key may be overkill, but it prevents us from
    # basically mimicking Gravatar's hashing scheme, which could lead
    # to some abuse scenarios like folks using us as a free Gravatar
    # replacement.
    user_key = email.lower() + settings.AVATAR_SALT
    return make_safe_digest(user_key, hashlib.sha1)

def avatar_url(user_profile):
    # type: (UserProfile) -> text_type
    return get_avatar_url(
            user_profile.avatar_source,
            user_profile.email
    )

def get_avatar_url(avatar_source, email):
    # type: (text_type, text_type) -> text_type
    if avatar_source == u'U':
        hash_key = user_avatar_hash(email)
        if settings.LOCAL_UPLOADS_DIR is not None:
            # ?x=x allows templates to append additional parameters with &s
            return u"/user_avatars/%s.png?x=x" % (hash_key)
        else:
            bucket = settings.S3_AVATAR_BUCKET
            return u"https://%s.s3.amazonaws.com/%s?x=x" % (bucket, hash_key)
    elif settings.ENABLE_GRAVATAR:
        hash_key = gravatar_hash(email)
        return u"https://secure.gravatar.com/avatar/%s?d=identicon" % (hash_key,)
    else:
        return settings.DEFAULT_AVATAR_URI+'?x=x'
Enable absolute imports. See PEP 328[1] for details. This feature was introduced in Python 2.5 and will become mandatory in Python 3. [1]: http://www.python.org/dev/peps/pep-0328 (imported from commit 7444eeba8a08d5f91b94c7921848f2274979bd76) 2013-04-23 18:51:17 +02:00			`from __future__ import absolute_import`
Show user-uploaded avatars on the website. Show user-uploaded avatars on the website for users who have UserProfile.avatar_source == 'U'. (Continue to show gravatars for other users.) This includes the home page, the visible-phone div, and the settings page. This fix does NOT address a few things: * There is no GUI to actually upload user images yet on the website. * The !gravatar syntax in bugdown will continue to show gravatar images only. * We are not changing identicon behavior. (imported from commit 9f5ac0bbe21ba56528048233aab2430e4dd431aa) 2013-06-10 21:35:48 +02:00			`from django.conf import settings`
Enable absolute imports. See PEP 328[1] for details. This feature was introduced in Python 2.5 and will become mandatory in Python 3. [1]: http://www.python.org/dev/peps/pep-0328 (imported from commit 7444eeba8a08d5f91b94c7921848f2274979bd76) 2013-04-23 18:51:17 +02:00
Factor out Gravatar hash calculation (imported from commit 29872722fb4856773d98fc987a1e2d6eb99ad8b2) 2012-10-17 04:07:35 +02:00			`import hashlib`
[manual] Rename Django app from zephyr to zerver. This needs to be deployed to both staging and prod at the same off-peak time (and the schema migration run). At the time it is deployed, we need to make a few changes directly in the database: (1) UPDATE django_content_type set app_label='zerver' where app_label='zephyr'; (2) UPDATE south_migrationhistory set app_name='zerver' where app_name='zephyr'; (imported from commit eb3fd719571740189514ef0b884738cb30df1320) 2013-07-29 23:03:31 +02:00			`from zerver.lib.utils import make_safe_digest`
Add annotations to avatar.py, db.py, logging_util.py, unminify.py. Also, fixed a a small type annotation in users.py because email must be a string because emails don't support UTF-8 at this time (according a comment in gravatar_hash in avatar.py). 2016-06-05 04:20:00 +02:00			`if False:`
			`from zerver.models import UserProfile`

			`from six import text_type`
Factor out Gravatar hash calculation (imported from commit 29872722fb4856773d98fc987a1e2d6eb99ad8b2) 2012-10-17 04:07:35 +02:00
			`def gravatar_hash(email):`
Fix annotations related to make_safe_digest and hashes. 2016-06-12 14:22:20 +02:00			`# type: (text_type) -> text_type`
Factor out Gravatar hash calculation (imported from commit 29872722fb4856773d98fc987a1e2d6eb99ad8b2) 2012-10-17 04:07:35 +02:00			`"""Compute the Gravatar hash for an email address."""`
Always give hashlib.sha1 and friends bytes. This fixes an experienced bug where you couldn't subscribe to a stream with non-ASCII characters (failing with a UnicodeEncodeError), as well as many other potential bugs. (imported from commit f084a4b4b597b85935655097a7b5a163811c4d71) 2013-03-20 15:31:27 +01:00			`# Non-ASCII characters aren't permitted by the currently active e-mail`
			`# RFCs. However, the IETF has published https://tools.ietf.org/html/rfc4952,`
			`# outlining internationalization of email addresses, and regardless if we`
			`# typo an address or someone manages to give us a non-ASCII address, let's`
			`# not error out on it.`
			`return make_safe_digest(email.lower(), hashlib.md5)`
Show user-uploaded avatars on the website. Show user-uploaded avatars on the website for users who have UserProfile.avatar_source == 'U'. (Continue to show gravatars for other users.) This includes the home page, the visible-phone div, and the settings page. This fix does NOT address a few things: * There is no GUI to actually upload user images yet on the website. * The !gravatar syntax in bugdown will continue to show gravatar images only. * We are not changing identicon behavior. (imported from commit 9f5ac0bbe21ba56528048233aab2430e4dd431aa) 2013-06-10 21:35:48 +02:00
			`def user_avatar_hash(email):`
Fix annotations related to make_safe_digest and hashes. 2016-06-12 14:22:20 +02:00			`# type: (text_type) -> text_type`
Show user-uploaded avatars on the website. Show user-uploaded avatars on the website for users who have UserProfile.avatar_source == 'U'. (Continue to show gravatars for other users.) This includes the home page, the visible-phone div, and the settings page. This fix does NOT address a few things: * There is no GUI to actually upload user images yet on the website. * The !gravatar syntax in bugdown will continue to show gravatar images only. * We are not changing identicon behavior. (imported from commit 9f5ac0bbe21ba56528048233aab2430e4dd431aa) 2013-06-10 21:35:48 +02:00			`# Salting the user_key may be overkill, but it prevents us from`
			`# basically mimicking Gravatar's hashing scheme, which could lead`
			`# to some abuse scenarios like folks using us as a free Gravatar`
			`# replacement.`
			`user_key = email.lower() + settings.AVATAR_SALT`
			`return make_safe_digest(user_key, hashlib.sha1)`

			`def avatar_url(user_profile):`
Add annotations to avatar.py, db.py, logging_util.py, unminify.py. Also, fixed a a small type annotation in users.py because email must be a string because emails don't support UTF-8 at this time (according a comment in gravatar_hash in avatar.py). 2016-06-05 04:20:00 +02:00			`# type: (UserProfile) -> text_type`
Extract get_avatar_url(). This function doesn't require the whole UserProfile object to create the avatar url, and we call it from Message.to_dict_uncached(). (imported from commit e814caab101c4fedd1ba66df041a3408014e4085) 2013-09-21 16:32:29 +02:00			`return get_avatar_url(`
			`user_profile.avatar_source,`
			`user_profile.email`
			`)`

			`def get_avatar_url(avatar_source, email):`
Fix annotations related to make_safe_digest and hashes. 2016-06-12 14:22:20 +02:00			`# type: (text_type, text_type) -> text_type`
			`if avatar_source == u'U':`
Extract get_avatar_url(). This function doesn't require the whole UserProfile object to create the avatar url, and we call it from Message.to_dict_uncached(). (imported from commit e814caab101c4fedd1ba66df041a3408014e4085) 2013-09-21 16:32:29 +02:00			`hash_key = user_avatar_hash(email)`
Upload to local filesystem on local server. (imported from commit 6c38a8cae721b2e7a0863470692cc56425006ecb) 2013-10-28 16:13:53 +01:00			`if settings.LOCAL_UPLOADS_DIR is not None:`
			`# ?x=x allows templates to append additional parameters with &s`
Fix annotations related to make_safe_digest and hashes. 2016-06-12 14:22:20 +02:00			`return u"/user_avatars/%s.png?x=x" % (hash_key)`
Upload to local filesystem on local server. (imported from commit 6c38a8cae721b2e7a0863470692cc56425006ecb) 2013-10-28 16:13:53 +01:00			`else:`
			`bucket = settings.S3_AVATAR_BUCKET`
Fix annotations related to make_safe_digest and hashes. 2016-06-12 14:22:20 +02:00			`return u"https://%s.s3.amazonaws.com/%s?x=x" % (bucket, hash_key)`
Allow enterprise deployments to disable the use of Gravatar. (imported from commit 49c14cc7629f2ffe6cedaab5d42ad5bf7f6569a4) 2013-11-15 22:25:02 +01:00			`elif settings.ENABLE_GRAVATAR:`
Extract get_avatar_url(). This function doesn't require the whole UserProfile object to create the avatar url, and we call it from Message.to_dict_uncached(). (imported from commit e814caab101c4fedd1ba66df041a3408014e4085) 2013-09-21 16:32:29 +02:00			`hash_key = gravatar_hash(email)`
Fix annotations related to make_safe_digest and hashes. 2016-06-12 14:22:20 +02:00			`return u"https://secure.gravatar.com/avatar/%s?d=identicon" % (hash_key,)`
Allow enterprise deployments to disable the use of Gravatar. (imported from commit 49c14cc7629f2ffe6cedaab5d42ad5bf7f6569a4) 2013-11-15 22:25:02 +01:00			`else:`
Allow overriding the default avatar image (imported from commit 66d413682a822e0019f28033f19908bdd9fa0156) 2013-11-18 16:58:39 +01:00			`return settings.DEFAULT_AVATAR_URI+'?x=x'`