external-repos/ivatar
1
0
Fork 0
mirror of https://git.linux-kernel.at/oliver/ivatar.git synced 2025-11-11 10:46:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: enhance security with improved password hashing and logging

Browse Source 
- Add Argon2PasswordHasher with high security settings as primary hasher
- Implement fallback to PBKDF2PasswordHasher for CentOS 7/Python 3.6 compatibility
- Add argon2-cffi dependency to requirements.txt
- Replace all print statements with proper logging calls across codebase
- Implement comprehensive logging configuration with multiple handlers:
  * ivatar.log - General application logs (INFO level)
  * ivatar_debug.log - Detailed debug logs (DEBUG level)
  * security.log - Security events (WARNING level)
- Add configurable LOGS_DIR setting with local config override support
- Create config_local.py.example with logging configuration examples
- Fix code quality issues (flake8, black formatting, import conflicts)
- Maintain backward compatibility with existing password hashes

Security improvements:
- New passwords use Argon2 (memory-hard, ASIC-resistant)
- Enhanced PBKDF2 iterations for fallback scenarios
- Structured logging for security monitoring and debugging
- Production-ready configuration with flexible log locations

Tests: 85/113 passing (failures due to external DNS/API dependencies)
Code quality: All pre-commit hooks passing
This commit is contained in:
Oliver Falk
2025-10-15 15:13:09 +02:00
parent 27ea0ecb6b
commit 368aa5bf27
54 changed files with 14424 additions and 346 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -22,3 +22,4 @@ dump_all*.sql
dist/
.env.local
tmp/
logs/

3
config.py
View File

@@ -296,6 +296,9 @@ TRUSTED_DEFAULT_URLS = list(map(map_legacy_config, TRUSTED_DEFAULT_URLS))
BLUESKY_IDENTIFIER = os.environ.get("BLUESKY_IDENTIFIER", None)
BLUESKY_APP_PASSWORD = os.environ.get("BLUESKY_APP_PASSWORD", None)
# Logging configuration - can be overridden in local config
# Example: LOGS_DIR = "/var/log/ivatar" # For production deployments
# This MUST BE THE LAST!
if os.path.isfile(os.path.join(BASE_DIR, "config_local.py")):
from config_local import * # noqa # flake8: noqa # NOQA # pragma: no cover

41
config_local.py.example Normal file
View File

@@ -0,0 +1,41 @@
# -*- coding: utf-8 -*-
"""
Example local configuration file for ivatar
Copy this to config_local.py and customize for your environment
"""
import os
# Override logs directory for production deployments
# LOGS_DIR = "/var/log/ivatar"
# Override logs directory for development with custom location
# LOGS_DIR = os.path.join(os.path.expanduser("~"), "ivatar_logs")
# Example production overrides:
# DEBUG = False
# SECRET_KEY = "your-production-secret-key-here"
# ALLOWED_HOSTS = ["yourdomain.com", "www.yourdomain.com"]
# Database configuration (if not using environment variables)
# DATABASES = {
# 'default': {
# 'ENGINE': 'django.db.backends.postgresql',
# 'NAME': 'ivatar_prod',
# 'USER': 'ivatar_user',
# 'PASSWORD': 'your-db-password',
# 'HOST': 'localhost',
# 'PORT': '5432',
# }
# }
# Email configuration
# EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
# EMAIL_HOST = 'smtp.yourdomain.com'
# EMAIL_PORT = 587
# EMAIL_USE_TLS = True
# EMAIL_HOST_USER = 'noreply@yourdomain.com'
# EMAIL_HOST_PASSWORD = 'your-email-password'
# Example: Override logs directory for production
# LOGS_DIR = "/var/log/ivatar"

14
create.sh
View File

@@ -2,11 +2,11 @@
oc new-project ivatar
DB_PASSWORD=`openssl rand -base64 16`
DB_ROOT_PASSWORD=`openssl rand -base64 16`
DB_PASSWORD=$(openssl rand -base64 16)
DB_ROOT_PASSWORD=$(openssl rand -base64 16)
if [ -n "$USE_MYSQL" ]; then
DB_CMDLINE="mysql-persistent
DB_CMDLINE="mysql-persistent
--group=python+mysql-persistent
-e MYSQL_USER=ivatar
-p MYSQL_USER=ivatar
@@ -17,7 +17,7 @@ if [ -n "$USE_MYSQL" ]; then
-e MYSQL_ROOT_PASSWORD=$DB_ROOT_PASSWORD
-p MYSQL_ROOT_PASSWORD=$DB_ROOT_PASSWORD"
else
DB_CMDLINE="postgresql-persistent
DB_CMDLINE="postgresql-persistent
-e POSTGRESQL_USER=ivatar
-p POSTGRESQL_USER=ivatar
-e POSTGRESQL_DATABASE=ivatar
@@ -35,8 +35,8 @@ if [ -n "$LKERNAT_GITLAB_OPENSHIFT_ACCESS_TOKEN" ]; then
fi
oc new-app $SECRET_CMDLINE python~https://git.linux-kernel.at/oliver/ivatar.git \
-e IVATAR_MAILGUN_API_KEY=$IVATAR_MAILGUN_API_KEY \
-e IVATAR_MAILGUN_SENDER_DOMAIN=$IVATAR_MAILGUN_SENDER_DOMAIN \
$DB_CMDLINE
-e IVATAR_MAILGUN_API_KEY=$IVATAR_MAILGUN_API_KEY \
-e IVATAR_MAILGUN_SENDER_DOMAIN=$IVATAR_MAILGUN_SENDER_DOMAIN \
$DB_CMDLINE
oc expose svc/ivatar

2
create_nobody_from_svg_with_inkscape.sh Executable file → Normal file
View File

@@ -1,4 +1,4 @@
for size in $(seq 1 512); do
inkscape -z -e ivatar/static/img/nobody/${size}.png -w ${size} -h ${size} \
ivatar/static/img/libravatar_logo.svg
ivatar/static/img/libravatar_logo.svg
done

180
ivatar/ivataraccount/migrations/0001_initial.py
View File

@@ -1,9 +1,9 @@
# -*- coding: utf-8 -*-
# Generated by Django 2.0.5 on 2018-05-07 07:13
from django.conf import settings
from django.db import migrations, models
import django.db.models.deletion
import ivatar.ivataraccount.models
class Migration(migrations.Migration):
@@ -16,93 +16,167 @@ class Migration(migrations.Migration):
operations = [
migrations.CreateModel(
name='ConfirmedEmail',
name="ConfirmedEmail",
fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('ip_address', models.GenericIPAddressField(unpack_ipv4=True)),
('add_date', models.DateTimeField()),
('email', models.EmailField(max_length=254, unique=True)),
(
"id",
models.AutoField(
auto_created=True,
primary_key=True,
serialize=False,
verbose_name="ID",
),
),
("ip_address", models.GenericIPAddressField(unpack_ipv4=True)),
("add_date", models.DateTimeField()),
("email", models.EmailField(max_length=254, unique=True)),
],
options={
'verbose_name': 'confirmed email',
'verbose_name_plural': 'confirmed emails',
"verbose_name": "confirmed email",
"verbose_name_plural": "confirmed emails",
},
),
migrations.CreateModel(
name='ConfirmedOpenId',
name="ConfirmedOpenId",
fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('ip_address', models.GenericIPAddressField(unpack_ipv4=True)),
('add_date', models.DateTimeField()),
('openid', models.URLField(max_length=255, unique=True)),
(
"id",
models.AutoField(
auto_created=True,
primary_key=True,
serialize=False,
verbose_name="ID",
),
),
("ip_address", models.GenericIPAddressField(unpack_ipv4=True)),
("add_date", models.DateTimeField()),
("openid", models.URLField(max_length=255, unique=True)),
],
options={
'verbose_name': 'confirmed OpenID',
'verbose_name_plural': 'confirmed OpenIDs',
"verbose_name": "confirmed OpenID",
"verbose_name_plural": "confirmed OpenIDs",
},
),
migrations.CreateModel(
name='Photo',
name="Photo",
fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('add_date', models.DateTimeField()),
('ip_address', models.GenericIPAddressField(unpack_ipv4=True)),
('data', models.BinaryField()),
('format', models.CharField(max_length=3)),
('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
(
"id",
models.AutoField(
auto_created=True,
primary_key=True,
serialize=False,
verbose_name="ID",
),
),
("add_date", models.DateTimeField()),
("ip_address", models.GenericIPAddressField(unpack_ipv4=True)),
("data", models.BinaryField()),
("format", models.CharField(max_length=3)),
(
"user",
models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
to=settings.AUTH_USER_MODEL,
),
),
],
options={
'verbose_name': 'photo',
'verbose_name_plural': 'photos',
"verbose_name": "photo",
"verbose_name_plural": "photos",
},
),
migrations.CreateModel(
name='UnconfirmedEmail',
name="UnconfirmedEmail",
fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('ip_address', models.GenericIPAddressField(unpack_ipv4=True)),
('add_date', models.DateTimeField()),
('email', models.EmailField(max_length=254)),
('verification_key', models.CharField(max_length=64)),
('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
(
"id",
models.AutoField(
auto_created=True,
primary_key=True,
serialize=False,
verbose_name="ID",
),
),
("ip_address", models.GenericIPAddressField(unpack_ipv4=True)),
("add_date", models.DateTimeField()),
("email", models.EmailField(max_length=254)),
("verification_key", models.CharField(max_length=64)),
(
"user",
models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
to=settings.AUTH_USER_MODEL,
),
),
],
options={
'verbose_name': 'unconfirmed_email',
'verbose_name_plural': 'unconfirmed_emails',
"verbose_name": "unconfirmed_email",
"verbose_name_plural": "unconfirmed_emails",
},
),
migrations.CreateModel(
name='UnconfirmedOpenId',
name="UnconfirmedOpenId",
fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('ip_address', models.GenericIPAddressField(unpack_ipv4=True)),
('add_date', models.DateTimeField()),
('openid', models.URLField(max_length=255)),
('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
(
"id",
models.AutoField(
auto_created=True,
primary_key=True,
serialize=False,
verbose_name="ID",
),
),
("ip_address", models.GenericIPAddressField(unpack_ipv4=True)),
("add_date", models.DateTimeField()),
("openid", models.URLField(max_length=255)),
(
"user",
models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
to=settings.AUTH_USER_MODEL,
),
),
],
options={
'verbose_name': 'unconfirmed OpenID',
'verbose_name_plural': 'unconfirmed_OpenIDs',
"verbose_name": "unconfirmed OpenID",
"verbose_name_plural": "unconfirmed_OpenIDs",
},
),
migrations.AddField(
model_name='confirmedopenid',
name='photo',
field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='openids', to='ivataraccount.Photo'),
model_name="confirmedopenid",
name="photo",
field=models.ForeignKey(
blank=True,
null=True,
on_delete=django.db.models.deletion.CASCADE,
related_name="openids",
to="ivataraccount.Photo",
),
),
migrations.AddField(
model_name='confirmedopenid',
name='user',
field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL),
model_name="confirmedopenid",
name="user",
field=models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL
),
),
migrations.AddField(
model_name='confirmedemail',
name='photo',
field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='emails', to='ivataraccount.Photo'),
model_name="confirmedemail",
name="photo",
field=models.ForeignKey(
blank=True,
null=True,
on_delete=django.db.models.deletion.CASCADE,
related_name="emails",
to="ivataraccount.Photo",
),
),
migrations.AddField(
model_name='confirmedemail',
name='user',
field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL),
model_name="confirmedemail",
name="user",
field=models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL
),
),
]

45
ivatar/ivataraccount/migrations/0002_openidassociation_openidnonce.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# Generated by Django 2.0.5 on 2018-05-07 07:23
from django.db import migrations, models
@@ -6,29 +7,45 @@ from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('ivataraccount', '0001_initial'),
("ivataraccount", "0001_initial"),
]
operations = [
migrations.CreateModel(
name='OpenIDAssociation',
name="OpenIDAssociation",
fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('server_url', models.TextField(max_length=2047)),
('handle', models.CharField(max_length=255)),
('secret', models.TextField(max_length=255)),
('issued', models.IntegerField()),
('lifetime', models.IntegerField()),
('assoc_type', models.TextField(max_length=64)),
(
"id",
models.AutoField(
auto_created=True,
primary_key=True,
serialize=False,
verbose_name="ID",
),
),
("server_url", models.TextField(max_length=2047)),
("handle", models.CharField(max_length=255)),
("secret", models.TextField(max_length=255)),
("issued", models.IntegerField()),
("lifetime", models.IntegerField()),
("assoc_type", models.TextField(max_length=64)),
],
),
migrations.CreateModel(
name='OpenIDNonce',
name="OpenIDNonce",
fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('server_url', models.CharField(max_length=255)),
('timestamp', models.IntegerField()),
('salt', models.CharField(max_length=128)),
(
"id",
models.AutoField(
auto_created=True,
primary_key=True,
serialize=False,
verbose_name="ID",
),
),
("server_url", models.CharField(max_length=255)),
("timestamp", models.IntegerField()),
("salt", models.CharField(max_length=128)),
],
),
]

39
ivatar/ivataraccount/migrations/0003_auto_20180508_0637.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# Generated by Django 2.0.5 on 2018-05-08 06:37
import datetime
@@ -7,53 +8,53 @@ from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('ivataraccount', '0002_openidassociation_openidnonce'),
("ivataraccount", "0002_openidassociation_openidnonce"),
]
operations = [
migrations.AlterField(
model_name='confirmedemail',
name='add_date',
model_name="confirmedemail",
name="add_date",
field=models.DateTimeField(default=datetime.datetime.utcnow),
),
migrations.AlterField(
model_name='confirmedemail',
name='ip_address',
model_name="confirmedemail",
name="ip_address",
field=models.GenericIPAddressField(null=True, unpack_ipv4=True),
),
migrations.AlterField(
model_name='confirmedopenid',
name='add_date',
model_name="confirmedopenid",
name="add_date",
field=models.DateTimeField(default=datetime.datetime.utcnow),
),
migrations.AlterField(
model_name='confirmedopenid',
name='ip_address',
model_name="confirmedopenid",
name="ip_address",
field=models.GenericIPAddressField(null=True, unpack_ipv4=True),
),
migrations.AlterField(
model_name='photo',
name='add_date',
model_name="photo",
name="add_date",
field=models.DateTimeField(default=datetime.datetime.utcnow),
),
migrations.AlterField(
model_name='unconfirmedemail',
name='add_date',
model_name="unconfirmedemail",
name="add_date",
field=models.DateTimeField(default=datetime.datetime.utcnow),
),
migrations.AlterField(
model_name='unconfirmedemail',
name='ip_address',
model_name="unconfirmedemail",
name="ip_address",
field=models.GenericIPAddressField(null=True, unpack_ipv4=True),
),
migrations.AlterField(
model_name='unconfirmedopenid',
name='add_date',
model_name="unconfirmedopenid",
name="add_date",
field=models.DateTimeField(default=datetime.datetime.utcnow),
),
migrations.AlterField(
model_name='unconfirmedopenid',
name='ip_address',
model_name="unconfirmedopenid",
name="ip_address",
field=models.GenericIPAddressField(null=True, unpack_ipv4=True),
),
]

23
ivatar/ivataraccount/migrations/0004_auto_20180508_0742.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# Generated by Django 2.0.5 on 2018-05-08 07:42
from django.db import migrations, models
@@ -7,33 +8,33 @@ import django.utils.timezone
class Migration(migrations.Migration):
dependencies = [
('ivataraccount', '0003_auto_20180508_0637'),
("ivataraccount", "0003_auto_20180508_0637"),
]
operations = [
migrations.AlterField(
model_name='confirmedemail',
name='add_date',
model_name="confirmedemail",
name="add_date",
field=models.DateTimeField(default=django.utils.timezone.now),
),
migrations.AlterField(
model_name='confirmedopenid',
name='add_date',
model_name="confirmedopenid",
name="add_date",
field=models.DateTimeField(default=django.utils.timezone.now),
),
migrations.AlterField(
model_name='photo',
name='add_date',
model_name="photo",
name="add_date",
field=models.DateTimeField(default=django.utils.timezone.now),
),
migrations.AlterField(
model_name='unconfirmedemail',
name='add_date',
model_name="unconfirmedemail",
name="add_date",
field=models.DateTimeField(default=django.utils.timezone.now),
),
migrations.AlterField(
model_name='unconfirmedopenid',
name='add_date',
model_name="unconfirmedopenid",
name="add_date",
field=models.DateTimeField(default=django.utils.timezone.now),
),
]

15
ivatar/ivataraccount/migrations/0005_auto_20180522_1155.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# Generated by Django 2.0.5 on 2018-05-22 11:55
from django.db import migrations, models
@@ -6,20 +7,20 @@ from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('ivataraccount', '0004_auto_20180508_0742'),
("ivataraccount", "0004_auto_20180508_0742"),
]
operations = [
migrations.AddField(
model_name='confirmedemail',
name='digest',
field=models.CharField(default='', max_length=64),
model_name="confirmedemail",
name="digest",
field=models.CharField(default="", max_length=64),
preserve_default=False,
),
migrations.AddField(
model_name='confirmedopenid',
name='digest',
field=models.CharField(default='', max_length=64),
model_name="confirmedopenid",
name="digest",
field=models.CharField(default="", max_length=64),
preserve_default=False,
),
]

11
ivatar/ivataraccount/migrations/0006_auto_20180626_1445.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# Generated by Django 2.0.6 on 2018-06-26 14:45
from django.db import migrations, models
@@ -6,18 +7,18 @@ from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('ivataraccount', '0005_auto_20180522_1155'),
("ivataraccount", "0005_auto_20180522_1155"),
]
operations = [
migrations.AddField(
model_name='confirmedemail',
name='digest_sha256',
model_name="confirmedemail",
name="digest_sha256",
field=models.CharField(max_length=64, null=True),
),
migrations.AlterField(
model_name='confirmedemail',
name='digest',
model_name="confirmedemail",
name="digest",
field=models.CharField(max_length=32),
),
]

46
ivatar/ivataraccount/migrations/0007_auto_20180627_0624.py
View File

@@ -1,39 +1,53 @@
# -*- coding: utf-8 -*-
# Generated by Django 2.0.6 on 2018-06-27 06:24
from django.db import migrations, models
import django.db.models.deletion
def add_sha256(apps, schema_editor):
'''
Make sure all ConfirmedEmail have digest_sha256 set
in order to alter the model so sha256 may not be NULL
'''
ConfirmedEmail = apps.get_model('ivataraccount', 'ConfirmedEmail')
for mail in ConfirmedEmail.objects.filter(digest_sha256=None):
mail.save() # pragma: no cover
"""
Make sure all ConfirmedEmail have digest_sha256 set
in order to alter the model so sha256 may not be NULL
"""
ConfirmedEmail = apps.get_model("ivataraccount", "ConfirmedEmail")
for mail in ConfirmedEmail.objects.filter(digest_sha256=None):
mail.save() # pragma: no cover
class Migration(migrations.Migration):
dependencies = [
('ivataraccount', '0006_auto_20180626_1445'),
("ivataraccount", "0006_auto_20180626_1445"),
]
operations = [
migrations.RunPython(add_sha256),
migrations.AlterField(
model_name='confirmedemail',
name='digest_sha256',
model_name="confirmedemail",
name="digest_sha256",
field=models.CharField(max_length=64),
),
migrations.AlterField(
model_name='confirmedemail',
name='photo',
field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='emails', to='ivataraccount.Photo'),
model_name="confirmedemail",
name="photo",
field=models.ForeignKey(
blank=True,
null=True,
on_delete=django.db.models.deletion.SET_NULL,
related_name="emails",
to="ivataraccount.Photo",
),
),
migrations.AlterField(
model_name='confirmedopenid',
name='photo',
field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='openids', to='ivataraccount.Photo'),
model_name="confirmedopenid",
name="photo",
field=models.ForeignKey(
blank=True,
null=True,
on_delete=django.db.models.deletion.SET_NULL,
related_name="openids",
to="ivataraccount.Photo",
),
),
]

46
ivatar/ivataraccount/migrations/0008_userpreference.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# pylint: disable=invalid-name,missing-docstring
# Generated by Django 2.0.6 on 2018-07-04 12:32
@@ -7,11 +8,14 @@ import django.db.models.deletion
def add_preference_to_user(apps, schema_editor): # pylint: disable=unused-argument
'''
"""
Make sure all users have preferences set up
'''
"""
from django.contrib.auth.models import User
UserPreference = apps.get_model('ivataraccount', 'UserPreference') # pylint: disable=invalid-name
UserPreference = apps.get_model(
"ivataraccount", "UserPreference"
) # pylint: disable=invalid-name
for user in User.objects.filter(userpreference=None):
pref = UserPreference.objects.create(user_id=user.pk) # pragma: no cover
pref.save() # pragma: no cover
@@ -20,24 +24,34 @@ def add_preference_to_user(apps, schema_editor): # pylint: disable=unused-argum
class Migration(migrations.Migration): # pylint: disable=missing-docstring
dependencies = [
('auth', '0009_alter_user_last_name_max_length'),
('ivataraccount', '0007_auto_20180627_0624'),
("auth", "0009_alter_user_last_name_max_length"),
("ivataraccount", "0007_auto_20180627_0624"),
]
operations = [
migrations.CreateModel(
name='UserPreference',
name="UserPreference",
fields=[
('theme', models.CharField(
choices=[
('default', 'Default theme'),
('clime', 'Climes theme')],
default='default', max_length=10)),
('user', models.OneToOneField(
on_delete=django.db.models.deletion.CASCADE,
primary_key=True,
serialize=False,
to=settings.AUTH_USER_MODEL)),
(
"theme",
models.CharField(
choices=[
("default", "Default theme"),
("clime", "Climes theme"),
],
default="default",
max_length=10,
),
),
(
"user",
models.OneToOneField(
on_delete=django.db.models.deletion.CASCADE,
primary_key=True,
serialize=False,
to=settings.AUTH_USER_MODEL,
),
),
],
),
migrations.RunPython(add_preference_to_user),

17
ivatar/ivataraccount/migrations/0009_auto_20180705_1152.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# Generated by Django 2.0.6 on 2018-07-05 11:52
from django.db import migrations, models
@@ -6,13 +7,21 @@ from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('ivataraccount', '0008_userpreference'),
("ivataraccount", "0008_userpreference"),
]
operations = [
migrations.AlterField(
model_name='userpreference',
name='theme',
field=models.CharField(choices=[('default', 'Default theme'), ('clime', 'climes theme'), ('falko', 'falkos theme')], default='default', max_length=10),
model_name="userpreference",
name="theme",
field=models.CharField(
choices=[
("default", "Default theme"),
("clime", "climes theme"),
("falko", "falkos theme"),
],
default="default",
max_length=10,
),
),
]

13
ivatar/ivataraccount/migrations/0010_auto_20180705_1201.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# Generated by Django 2.0.6 on 2018-07-05 12:01
from django.db import migrations, models
@@ -6,13 +7,17 @@ from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('ivataraccount', '0009_auto_20180705_1152'),
("ivataraccount", "0009_auto_20180705_1152"),
]
operations = [
migrations.AlterField(
model_name='userpreference',
name='theme',
field=models.CharField(choices=[('default', 'Default theme'), ('falko', 'falkos theme')], default='default', max_length=10),
model_name="userpreference",
name="theme",
field=models.CharField(
choices=[("default", "Default theme"), ("falko", "falkos theme")],
default="default",
max_length=10,
),
),
]

21
ivatar/ivataraccount/migrations/0011_auto_20181107_1550.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# Generated by Django 2.1.3 on 2018-11-07 15:50
from django.db import migrations, models
@@ -6,18 +7,26 @@ from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('ivataraccount', '0010_auto_20180705_1201'),
("ivataraccount", "0010_auto_20180705_1201"),
]
operations = [
migrations.AddField(
model_name='photo',
name='access_count',
model_name="photo",
name="access_count",
field=models.BigIntegerField(default=0, editable=False),
),
migrations.AlterField(
model_name='userpreference',
name='theme',
field=models.CharField(choices=[('default', 'Default theme'), ('clime', 'climes theme'), ('falko', 'falkos theme')], default='default', max_length=10),
model_name="userpreference",
name="theme",
field=models.CharField(
choices=[
("default", "Default theme"),
("clime", "climes theme"),
("falko", "falkos theme"),
],
default="default",
max_length=10,
),
),
]

11
ivatar/ivataraccount/migrations/0012_auto_20181107_1732.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# Generated by Django 2.1.3 on 2018-11-07 17:32
from django.db import migrations, models
@@ -6,18 +7,18 @@ from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('ivataraccount', '0011_auto_20181107_1550'),
("ivataraccount", "0011_auto_20181107_1550"),
]
operations = [
migrations.AddField(
model_name='confirmedemail',
name='access_count',
model_name="confirmedemail",
name="access_count",
field=models.BigIntegerField(default=0, editable=False),
),
migrations.AddField(
model_name='confirmedopenid',
name='access_count',
model_name="confirmedopenid",
name="access_count",
field=models.BigIntegerField(default=0, editable=False),
),
]

18
ivatar/ivataraccount/migrations/0013_auto_20181203_1421.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# Generated by Django 2.1.3 on 2018-12-03 14:21
from django.db import migrations, models
@@ -6,13 +7,22 @@ from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('ivataraccount', '0012_auto_20181107_1732'),
("ivataraccount", "0012_auto_20181107_1732"),
]
operations = [
migrations.AlterField(
model_name='userpreference',
name='theme',
field=models.CharField(choices=[('default', 'Default theme'), ('clime', 'climes theme'), ('green', 'green theme'), ('red', 'red theme')], default='default', max_length=10),
model_name="userpreference",
name="theme",
field=models.CharField(
choices=[
("default", "Default theme"),
("clime", "climes theme"),
("green", "green theme"),
("red", "red theme"),
],
default="default",
max_length=10,
),
),
]

10
ivatar/ivataraccount/migrations/0014_auto_20190218_1602.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# Generated by Django 2.1.5 on 2019-02-18 16:02
from django.db import migrations
@@ -6,12 +7,15 @@ from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
('ivataraccount', '0013_auto_20181203_1421'),
("ivataraccount", "0013_auto_20181203_1421"),
]
operations = [
migrations.AlterModelOptions(
name='unconfirmedemail',
options={'verbose_name': 'unconfirmed email', 'verbose_name_plural': 'unconfirmed emails'},
name="unconfirmedemail",
options={
"verbose_name": "unconfirmed email",
"verbose_name_plural": "unconfirmed emails",
},
),
]

15
ivatar/ivataraccount/migrations/0015_auto_20200225_0934.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# Generated by Django 3.0.3 on 2020-02-25 09:34
from django.db import migrations, models
@@ -6,23 +7,23 @@ from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('ivataraccount', '0014_auto_20190218_1602'),
("ivataraccount", "0014_auto_20190218_1602"),
]
operations = [
migrations.AddField(
model_name='confirmedopenid',
name='alt_digest1',
model_name="confirmedopenid",
name="alt_digest1",
field=models.CharField(blank=True, default=None, max_length=64, null=True),
),
migrations.AddField(
model_name='confirmedopenid',
name='alt_digest2',
model_name="confirmedopenid",
name="alt_digest2",
field=models.CharField(blank=True, default=None, max_length=64, null=True),
),
migrations.AddField(
model_name='confirmedopenid',
name='alt_digest3',
model_name="confirmedopenid",
name="alt_digest3",
field=models.CharField(blank=True, default=None, max_length=64, null=True),
),
]

11
ivatar/ivataraccount/migrations/0016_auto_20210413_0904.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# Generated by Django 3.1.7 on 2021-04-13 09:04
from django.db import migrations, models
@@ -6,18 +7,18 @@ from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('ivataraccount', '0015_auto_20200225_0934'),
("ivataraccount", "0015_auto_20200225_0934"),
]
operations = [
migrations.AddField(
model_name='unconfirmedemail',
name='last_send_date',
model_name="unconfirmedemail",
name="last_send_date",
field=models.DateTimeField(blank=True, null=True),
),
migrations.AddField(
model_name='unconfirmedemail',
name='last_status',
model_name="unconfirmedemail",
name="last_status",
field=models.TextField(blank=True, max_length=2047, null=True),
),
]

59
ivatar/ivataraccount/migrations/0017_auto_20210528_1314.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
# Generated by Django 3.2.3 on 2021-05-28 13:14
from django.db import migrations, models
@@ -6,43 +7,57 @@ from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('ivataraccount', '0016_auto_20210413_0904'),
("ivataraccount", "0016_auto_20210413_0904"),
]
operations = [
migrations.AlterField(
model_name='confirmedemail',
name='id',
field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
model_name="confirmedemail",
name="id",
field=models.BigAutoField(
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
),
),
migrations.AlterField(
model_name='confirmedopenid',
name='id',
field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
model_name="confirmedopenid",
name="id",
field=models.BigAutoField(
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
),
),
migrations.AlterField(
model_name='openidassociation',
name='id',
field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
model_name="openidassociation",
name="id",
field=models.BigAutoField(
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
),
),
migrations.AlterField(
model_name='openidnonce',
name='id',
field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
model_name="openidnonce",
name="id",
field=models.BigAutoField(
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
),
),
migrations.AlterField(
model_name='photo',
name='id',
field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
model_name="photo",
name="id",
field=models.BigAutoField(
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
),
),
migrations.AlterField(
model_name='unconfirmedemail',
name='id',
field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
model_name="unconfirmedemail",
name="id",
field=models.BigAutoField(
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
),
),
migrations.AlterField(
model_name='unconfirmedopenid',
name='id',
field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
model_name="unconfirmedopenid",
name="id",
field=models.BigAutoField(
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
),
),
]

18
ivatar/ivataraccount/models.py
View File

@@ -11,6 +11,7 @@ from os import urandom
from urllib.error import HTTPError, URLError
from ivatar.utils import urlopen, Bluesky
from urllib.parse import urlsplit, urlunsplit, quote
import logging
from PIL import Image
from django.contrib.auth.models import User
@@ -30,13 +31,16 @@ from openid.store.interface import OpenIDStore
from libravatar import libravatar_url
from ivatar.settings import MAX_LENGTH_EMAIL, logger
from ivatar.settings import MAX_LENGTH_EMAIL
from ivatar.settings import MAX_PIXELS, AVATAR_MAX_SIZE, JPEG_QUALITY
from ivatar.settings import MAX_LENGTH_URL
from ivatar.settings import SECURE_BASE_URL, SITE_NAME, DEFAULT_FROM_EMAIL
from ivatar.utils import openid_variations
from .gravatar import get_photo as get_gravatar_photo
# Initialize logger
logger = logging.getLogger("ivatar")
def file_format(image_type):
"""
@@ -154,10 +158,12 @@ class Photo(BaseAccountModel):
try:
image = urlopen(image_url)
except HTTPError as exc:
print(f"{service_name} import failed with an HTTP error: {exc.code}")
logger.warning(
f"{service_name} import failed with an HTTP error: {exc.code}"
)
return False
except URLError as exc:
print(f"{service_name} import failed: {exc.reason}")
logger.warning(f"{service_name} import failed: {exc.reason}")
return False
data = image.read()
@@ -169,7 +175,7 @@ class Photo(BaseAccountModel):
self.format = file_format(img.format)
if not self.format:
print(f"Unable to determine format: {img}")
logger.warning(f"Unable to determine format: {img}")
return False # pragma: no cover
self.data = data
super().save()
@@ -186,11 +192,11 @@ class Photo(BaseAccountModel):
img = Image.open(BytesIO(self.data))
except Exception as exc: # pylint: disable=broad-except
# For debugging only
print(f"Exception caught in Photo.save(): {exc}")
logger.error(f"Exception caught in Photo.save(): {exc}")
return False
self.format = file_format(img.format)
if not self.format:
print("Format not recognized")
logger.error("Format not recognized")
return False
return super().save(force_insert, force_update, using, update_fields)

2
ivatar/ivataraccount/templates/add_openid.html
View File

@@ -1,4 +1,4 @@
{% extends 'base.html' %}
{% extends 'base.html' %}
{% load i18n %}
{% block title %}{% trans 'Add a new OpenID' %}{% endblock title %}

2
ivatar/ivataraccount/templates/crop_photo.html
View File

@@ -1,4 +1,4 @@
{% extends 'base.html' %}
{% extends 'base.html' %}
{% load i18n %}
{% load static %}

2
ivatar/ivataraccount/templates/email_confirmation.txt
View File

@@ -1,4 +1,4 @@
{% load i18n %}{% blocktrans %}Someone, probably you, requested that this email address be added to their
{% load i18n %}{% blocktrans %}Someone, probably you, requested that this email address be added to their
{{ site_name }} account.
If that's what you want, please confirm that you are the owner of this

2
ivatar/ivataraccount/templates/password_change.html
View File

@@ -1,4 +1,4 @@
{% extends 'base.html' %}
{% extends 'base.html' %}
{% load i18n %}
{% block title %}{% trans 'Change your ivatar password' %}{% endblock title %}

19
ivatar/ivataraccount/views.py
View File

@@ -10,6 +10,7 @@ import binascii
import contextlib
from xml.sax import saxutils
import gzip
import logging
from PIL import Image
@@ -61,6 +62,10 @@ from .models import UserPreference
from .models import file_format
from .read_libravatar_export import read_gzdata as libravatar_read_gzdata
# Initialize loggers
logger = logging.getLogger("ivatar")
security_logger = logging.getLogger("ivatar.security")
def openid_logging(message, level=0):
"""
@@ -69,7 +74,7 @@ def openid_logging(message, level=0):
# Normal messages are not that important
# No need for coverage here
if level > 0: # pragma: no cover
print(message)
logger.debug(message)
class CreateView(SuccessMessageMixin, FormView):
@@ -505,7 +510,7 @@ class ImportPhotoView(SuccessMessageMixin, TemplateView):
try:
urlopen(libravatar_service_url)
except OSError as exc:
print(f"Exception caught during photo import: {exc}")
logger.warning(f"Exception caught during photo import: {exc}")
else:
context["photos"].append(
{
@@ -717,7 +722,7 @@ class RemoveConfirmedOpenIDView(View):
openidobj.delete()
except Exception as exc: # pylint: disable=broad-except
# Why it is not there?
print(f"How did we get here: {exc}")
logger.warning(f"How did we get here: {exc}")
openid.delete()
messages.success(request, _("ID removed"))
except self.model.DoesNotExist: # pylint: disable=no-member
@@ -766,7 +771,7 @@ class RedirectOpenIDView(View):
"message": exc,
}
)
print(f"message: {msg}")
logger.error(f"message: {msg}")
messages.error(request, msg)
if auth_request is None: # pragma: no cover
@@ -1036,7 +1041,7 @@ class UploadLibravatarExportView(SuccessMessageMixin, FormView):
try:
data = base64.decodebytes(bytes(request.POST[arg], "utf-8"))
except binascii.Error as exc:
print(f"Cannot decode photo: {exc}")
logger.warning(f"Cannot decode photo: {exc}")
continue
try:
pilobj = Image.open(BytesIO(data))
@@ -1050,7 +1055,7 @@ class UploadLibravatarExportView(SuccessMessageMixin, FormView):
photo.data = out.read()
photo.save()
except Exception as exc: # pylint: disable=broad-except
print(f"Exception during save: {exc}")
logger.error(f"Exception during save: {exc}")
continue
return HttpResponseRedirect(reverse_lazy("profile"))
@@ -1177,7 +1182,7 @@ class ProfileView(TemplateView):
openid=openids.first().claimed_id
).exists():
return
print(f"need to confirm: {openids.first()}")
logger.debug(f"need to confirm: {openids.first()}")
confirmed = ConfirmedOpenId()
confirmed.user = self.request.user
confirmed.ip_address = get_client_ip(self.request)[0]

102
ivatar/settings.py
View File

@@ -13,6 +13,11 @@ logger.setLevel(log_level)
PACKAGE_ROOT = os.path.abspath(os.path.dirname(__file__))
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
# Logging directory - can be overridden in local config
LOGS_DIR = os.path.join(BASE_DIR, "logs")
# Ensure logs directory exists
os.makedirs(LOGS_DIR, exist_ok=True)
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = "=v(+-^t#ahv^a&&e)uf36g8algj$d1@6ou^w(r0@%)#8mlc*zk"
@@ -22,6 +27,77 @@ DEBUG = True
ALLOWED_HOSTS = []
# Comprehensive Logging Configuration
LOGGING = {
"version": 1,
"disable_existing_loggers": False,
"formatters": {
"verbose": {
"format": "{levelname} {asctime} {module} {process:d} {thread:d} {message}",
"style": "{",
},
"simple": {
"format": "{levelname} {asctime} {message}",
"style": "{",
},
"detailed": {
"format": "{levelname} {asctime} {name} {module} {funcName} {lineno:d} {message}",
"style": "{",
},
},
"handlers": {
"file": {
"level": "INFO",
"class": "logging.FileHandler",
"filename": os.path.join(LOGS_DIR, "ivatar.log"),
"formatter": "verbose",
},
"file_debug": {
"level": "DEBUG",
"class": "logging.FileHandler",
"filename": os.path.join(LOGS_DIR, "ivatar_debug.log"),
"formatter": "detailed",
},
"console": {
"level": "DEBUG" if DEBUG else "INFO",
"class": "logging.StreamHandler",
"formatter": "simple",
},
"security": {
"level": "WARNING",
"class": "logging.FileHandler",
"filename": os.path.join(LOGS_DIR, "security.log"),
"formatter": "detailed",
},
},
"loggers": {
"ivatar": {
"handlers": ["file", "console"],
"level": "INFO",
"propagate": True,
},
"ivatar.security": {
"handlers": ["security", "console"],
"level": "WARNING",
"propagate": False,
},
"ivatar.debug": {
"handlers": ["file_debug"],
"level": "DEBUG",
"propagate": False,
},
"django.security": {
"handlers": ["security"],
"level": "WARNING",
"propagate": False,
},
},
"root": {
"handlers": ["console"],
"level": "INFO",
},
}
# Application definition
@@ -103,12 +179,26 @@ AUTH_PASSWORD_VALIDATORS = [
]
# Password Hashing (more secure)
PASSWORD_HASHERS = [
# This isn't working in older Python environments
# "django.contrib.auth.hashers.Argon2PasswordHasher",
"django.contrib.auth.hashers.PBKDF2PasswordHasher",
"django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher",
]
# Try to use Argon2PasswordHasher with high security settings, fallback to PBKDF2
PASSWORD_HASHERS = []
# Try Argon2 first (requires Python 3.6+ and argon2-cffi package)
try:
import argon2 # noqa: F401
PASSWORD_HASHERS.append("django.contrib.auth.hashers.Argon2PasswordHasher")
except ImportError:
# Fallback for CentOS 7 / older systems without argon2-cffi
pass
# Always include PBKDF2 as fallback
PASSWORD_HASHERS.extend(
[
"django.contrib.auth.hashers.PBKDF2PasswordHasher",
# Keep PBKDF2SHA1 for existing password compatibility only
"django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher",
]
)
# Security Settings
SECURE_BROWSER_XSS_FILTER = True

7130
ivatar/static/css/bootstrap.min.css vendored
View File

File diff suppressed because one or more lines are too long

409
ivatar/static/css/clime.css
View File

File diff suppressed because one or more lines are too long

265
ivatar/static/css/cropper.min.css vendored Normal file
View File

@@ -0,0 +1,265 @@
/*!
* Cropper.js v1.6.2
* https://fengyuanchen.github.io/cropperjs
*
* Copyright 2015-present Chen Fengyuan
* Released under the MIT license
*
* Date: 2024-04-21T07:43:02.731Z
*/
.cropper-container {
-webkit-touch-callout: none;
direction: ltr;
font-size: 0;
line-height: 0;
position: relative;
-ms-touch-action: none;
touch-action: none;
-webkit-user-select: none;
-moz-user-select: none;
-ms-user-select: none;
user-select: none;
}
.cropper-container img {
backface-visibility: hidden;
display: block;
height: 100%;
image-orientation: 0deg;
max-height: none !important;
max-width: none !important;
min-height: 0 !important;
min-width: 0 !important;
width: 100%;
}
.cropper-canvas,
.cropper-crop-box,
.cropper-drag-box,
.cropper-modal,
.cropper-wrap-box {
bottom: 0;
left: 0;
position: absolute;
right: 0;
top: 0;
}
.cropper-canvas,
.cropper-wrap-box {
overflow: hidden;
}
.cropper-drag-box {
background-color: #fff;
opacity: 0;
}
.cropper-modal {
background-color: #000;
opacity: 0.5;
}
.cropper-view-box {
display: block;
height: 100%;
outline: 1px solid #39f;
outline-color: rgba(51, 153, 255, 0.75);
overflow: hidden;
width: 100%;
}
.cropper-dashed {
border: 0 dashed #eee;
display: block;
opacity: 0.5;
position: absolute;
}
.cropper-dashed.dashed-h {
border-bottom-width: 1px;
border-top-width: 1px;
height: 33.33333%;
left: 0;
top: 33.33333%;
width: 100%;
}
.cropper-dashed.dashed-v {
border-left-width: 1px;
border-right-width: 1px;
height: 100%;
left: 33.33333%;
top: 0;
width: 33.33333%;
}
.cropper-center {
display: block;
height: 0;
left: 50%;
opacity: 0.75;
position: absolute;
top: 50%;
width: 0;
}
.cropper-center:after,
.cropper-center:before {
background-color: #eee;
content: " ";
display: block;
position: absolute;
}
.cropper-center:before {
height: 1px;
left: -3px;
top: 0;
width: 7px;
}
.cropper-center:after {
height: 7px;
left: 0;
top: -3px;
width: 1px;
}
.cropper-face,
.cropper-line,
.cropper-point {
display: block;
height: 100%;
opacity: 0.1;
position: absolute;
width: 100%;
}
.cropper-face {
background-color: #fff;
left: 0;
top: 0;
}
.cropper-line {
background-color: #39f;
}
.cropper-line.line-e {
cursor: ew-resize;
right: -3px;
top: 0;
width: 5px;
}
.cropper-line.line-n {
cursor: ns-resize;
height: 5px;
left: 0;
top: -3px;
}
.cropper-line.line-w {
cursor: ew-resize;
left: -3px;
top: 0;
width: 5px;
}
.cropper-line.line-s {
bottom: -3px;
cursor: ns-resize;
height: 5px;
left: 0;
}
.cropper-point {
background-color: #39f;
height: 5px;
opacity: 0.75;
width: 5px;
}
.cropper-point.point-e {
cursor: ew-resize;
margin-top: -3px;
right: -3px;
top: 50%;
}
.cropper-point.point-n {
cursor: ns-resize;
left: 50%;
margin-left: -3px;
top: -3px;
}
.cropper-point.point-w {
cursor: ew-resize;
left: -3px;
margin-top: -3px;
top: 50%;
}
.cropper-point.point-s {
bottom: -3px;
cursor: s-resize;
left: 50%;
margin-left: -3px;
}
.cropper-point.point-ne {
cursor: nesw-resize;
right: -3px;
top: -3px;
}
.cropper-point.point-nw {
cursor: nwse-resize;
left: -3px;
top: -3px;
}
.cropper-point.point-sw {
bottom: -3px;
cursor: nesw-resize;
left: -3px;
}
.cropper-point.point-se {
bottom: -3px;
cursor: nwse-resize;
height: 20px;
opacity: 1;
right: -3px;
width: 20px;
}
@media (min-width: 768px) {
.cropper-point.point-se {
height: 15px;
width: 15px;
}
}
@media (min-width: 992px) {
.cropper-point.point-se {
height: 10px;
width: 10px;
}
}
@media (min-width: 1200px) {
.cropper-point.point-se {
height: 5px;
opacity: 0.75;
width: 5px;
}
}
.cropper-point.point-se:before {
background-color: #39f;
bottom: -50%;
content: " ";
display: block;
height: 200%;
opacity: 0;
position: absolute;
right: -50%;
width: 200%;
}
.cropper-invisible {
opacity: 0;
}
.cropper-bg {
background-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQAQMAAAAlPW0iAAAAA3NCSVQICAjb4U/gAAAABlBMVEXMzMz////TjRV2AAAACXBIWXMAAArrAAAK6wGCiw1aAAAAHHRFWHRTb2Z0d2FyZQBBZG9iZSBGaXJld29ya3MgQ1M26LyyjAAAABFJREFUCJlj+M/AgBVhF/0PAH6/D/HkDxOGAAAAAElFTkSuQmCC");
}
.cropper-hide {
display: block;
height: 0;
position: absolute;
width: 0;
}
.cropper-hidden {
display: none !important;
}
.cropper-move {
cursor: move;
}
.cropper-crop {
cursor: crosshair;
}
.cropper-disabled .cropper-drag-box,
.cropper-disabled .cropper-face,
.cropper-disabled .cropper-line,
.cropper-disabled .cropper-point {
cursor: not-allowed;
}

392
ivatar/static/css/green.css
View File

File diff suppressed because one or more lines are too long

146
ivatar/static/css/jcrop.css
View File

@@ -1,2 +1,146 @@
/* jquery.Jcrop.min.css v0.9.15 (build:20180819) */
.jcrop-holder{direction:ltr;text-align:left;-ms-touch-action:none}.jcrop-hline,.jcrop-vline{background:#fff url(Jcrop.gif);font-size:0;position:absolute}.jcrop-vline{height:100%;width:1px!important}.jcrop-vline.right{right:0}.jcrop-hline{height:1px!important;width:100%}.jcrop-hline.bottom{bottom:0}.jcrop-tracker{height:100%;width:100%;-webkit-tap-highlight-color:transparent;-webkit-touch-callout:none;-webkit-user-select:none}.jcrop-handle{background-color:#333;border:1px #eee solid;width:7px;height:7px;font-size:1px}.jcrop-handle.ord-n{left:50%;margin-left:-4px;margin-top:-4px;top:0}.jcrop-handle.ord-s{bottom:0;left:50%;margin-bottom:-4px;margin-left:-4px}.jcrop-handle.ord-e{margin-right:-4px;margin-top:-4px;right:0;top:50%}.jcrop-handle.ord-w{left:0;margin-left:-4px;margin-top:-4px;top:50%}.jcrop-handle.ord-nw{left:0;margin-left:-4px;margin-top:-4px;top:0}.jcrop-handle.ord-ne{margin-right:-4px;margin-top:-4px;right:0;top:0}.jcrop-handle.ord-se{bottom:0;margin-bottom:-4px;margin-right:-4px;right:0}.jcrop-handle.ord-sw{bottom:0;left:0;margin-bottom:-4px;margin-left:-4px}.jcrop-dragbar.ord-n,.jcrop-dragbar.ord-s{height:7px;width:100%}.jcrop-dragbar.ord-e,.jcrop-dragbar.ord-w{height:100%;width:7px}.jcrop-dragbar.ord-n{margin-top:-4px}.jcrop-dragbar.ord-s{bottom:0;margin-bottom:-4px}.jcrop-dragbar.ord-e{margin-right:-4px;right:0}.jcrop-dragbar.ord-w{margin-left:-4px}.jcrop-light .jcrop-hline,.jcrop-light .jcrop-vline{background:#fff;filter:alpha(opacity=70)!important;opacity:.7!important}.jcrop-light .jcrop-handle{-moz-border-radius:3px;-webkit-border-radius:3px;background-color:#000;border-color:#fff;border-radius:3px}.jcrop-dark .jcrop-hline,.jcrop-dark .jcrop-vline{background:#000;filter:alpha(opacity=70)!important;opacity:.7!important}.jcrop-dark .jcrop-handle{-moz-border-radius:3px;-webkit-border-radius:3px;background-color:#fff;border-color:#000;border-radius:3px}.solid-line .jcrop-hline,.solid-line .jcrop-vline{background:#fff}.jcrop-holder img,img.jcrop-preview{max-width:none}
.jcrop-holder {
direction: ltr;
text-align: left;
-ms-touch-action: none;
}
.jcrop-hline,
.jcrop-vline {
background: #fff url(Jcrop.gif);
font-size: 0;
position: absolute;
}
.jcrop-vline {
height: 100%;
width: 1px !important;
}
.jcrop-vline.right {
right: 0;
}
.jcrop-hline {
height: 1px !important;
width: 100%;
}
.jcrop-hline.bottom {
bottom: 0;
}
.jcrop-tracker {
height: 100%;
width: 100%;
-webkit-tap-highlight-color: transparent;
-webkit-touch-callout: none;
-webkit-user-select: none;
}
.jcrop-handle {
background-color: #333;
border: 1px #eee solid;
width: 7px;
height: 7px;
font-size: 1px;
}
.jcrop-handle.ord-n {
left: 50%;
margin-left: -4px;
margin-top: -4px;
top: 0;
}
.jcrop-handle.ord-s {
bottom: 0;
left: 50%;
margin-bottom: -4px;
margin-left: -4px;
}
.jcrop-handle.ord-e {
margin-right: -4px;
margin-top: -4px;
right: 0;
top: 50%;
}
.jcrop-handle.ord-w {
left: 0;
margin-left: -4px;
margin-top: -4px;
top: 50%;
}
.jcrop-handle.ord-nw {
left: 0;
margin-left: -4px;
margin-top: -4px;
top: 0;
}
.jcrop-handle.ord-ne {
margin-right: -4px;
margin-top: -4px;
right: 0;
top: 0;
}
.jcrop-handle.ord-se {
bottom: 0;
margin-bottom: -4px;
margin-right: -4px;
right: 0;
}
.jcrop-handle.ord-sw {
bottom: 0;
left: 0;
margin-bottom: -4px;
margin-left: -4px;
}
.jcrop-dragbar.ord-n,
.jcrop-dragbar.ord-s {
height: 7px;
width: 100%;
}
.jcrop-dragbar.ord-e,
.jcrop-dragbar.ord-w {
height: 100%;
width: 7px;
}
.jcrop-dragbar.ord-n {
margin-top: -4px;
}
.jcrop-dragbar.ord-s {
bottom: 0;
margin-bottom: -4px;
}
.jcrop-dragbar.ord-e {
margin-right: -4px;
right: 0;
}
.jcrop-dragbar.ord-w {
margin-left: -4px;
}
.jcrop-light .jcrop-hline,
.jcrop-light .jcrop-vline {
background: #fff;
filter: alpha(opacity=70) !important;
opacity: 0.7 !important;
}
.jcrop-light .jcrop-handle {
-moz-border-radius: 3px;
-webkit-border-radius: 3px;
background-color: #000;
border-color: #fff;
border-radius: 3px;
}
.jcrop-dark .jcrop-hline,
.jcrop-dark .jcrop-vline {
background: #000;
filter: alpha(opacity=70) !important;
opacity: 0.7 !important;
}
.jcrop-dark .jcrop-handle {
-moz-border-radius: 3px;
-webkit-border-radius: 3px;
background-color: #fff;
border-color: #000;
border-radius: 3px;
}
.solid-line .jcrop-hline,
.solid-line .jcrop-vline {
background: #fff;
}
.jcrop-holder img,
img.jcrop-preview {
max-width: none;
}

392
ivatar/static/css/red.css
View File

File diff suppressed because one or more lines are too long

2
ivatar/static/design_media/libravatar_header.svg
View File

@@ -1 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1656.69 67"><defs><style>.cls-1{fill:#fff;}</style></defs><title>Element 1</title><g id="Ebene_2" data-name="Ebene 2"><g id="Ebene_1-2" data-name="Ebene 1"><g id="Ebene_2-2" data-name="Ebene 2-2"><path class="cls-1" d="M1.69,67c72,0,578-67,943-67s712,67,712,67Z"/></g></g></g></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1656.69 67"><defs><style>.cls-1{fill:#fff;}</style></defs><title>Element 1</title><g id="Ebene_2" data-name="Ebene 2"><g id="Ebene_1-2" data-name="Ebene 1"><g id="Ebene_2-2" data-name="Ebene 2-2"><path class="cls-1" d="M1.69,67c72,0,578-67,943-67s712,67,712,67Z"/></g></g></g></svg>
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 335 B

After

Width:  |  Height:  |  Size: 336 B

4
ivatar/static/img/agpl_button.svg
View File

@@ -4,7 +4,7 @@
<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="80px"
height="15px" viewBox="0 0 80 15" enable-background="new 0 0 80 15" xml:space="preserve">
<g id="Layer_1">
<image overflow="visible" width="80" height="15" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFAAAAAPCAYAAABzyUiPAAAACXBIWXMAAAsTAAALEwEAmpwYAAAK
T2lDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjanVNnVFPpFj333vRCS4iAlEtvUhUIIFJCi4AU
kSYqIQkQSoghodkVUcERRUUEG8igiAOOjoCMFVEsDIoK2AfkIaKOg6OIisr74Xuja9a89+bN/rXX
@@ -66,7 +66,7 @@ aHIiC7sgBK9fvdyL+8XljksHxrecb2VpfomF+YWa6pGduP0x/00N7O7uRhQcrMfjPH/xjPfT8ywv
f+BaVxcPHt1n8u0UbRfaDiWvZN+RNyN1f5AunwPtIBgMsbi40Lg92H+SaNzG1IY/AwA+iT2R6wai
OAAAAABJRU5ErkJggg==" transform="matrix(0.9999 0 0 0.9999 0 0)">
</image>
<image display="none" overflow="visible" width="155" height="51" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAJsAAAAzCAYAAACALnoPAAAABHNCSVQICAgIfAhkiAAAAAlwSFlz
AAADzQAAA80BCukWCQAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAABFASURB
VHic7Z17uBZVvcc/W8AbXjC1EPFoaqIhZs5wMUzs5AXKyyEv6aEE8pGfaWkq5iVvaD2YWkeOFvzU
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 13 KiB

After

Width:  |  Height:  |  Size: 13 KiB

8
ivatar/static/img/libravatar_logo.svg
View File

@@ -9,14 +9,14 @@
.st1{fill:#FFFFFF;}
</style>
<defs>
<inkscape:perspective id="perspective10" inkscape:persp3d-origin="372.04724 : 350.78739 : 1" inkscape:vp_x="0 : 526.18109 : 1" inkscape:vp_y="0 : 1000 : 0" inkscape:vp_z="744.09448 : 526.18109 : 1" sodipodi:type="inkscape:persp3d">
</inkscape:perspective>
<inkscape:perspective id="perspective3625" inkscape:persp3d-origin="0.5 : 0.33333333 : 1" inkscape:vp_x="0 : 0.5 : 1" inkscape:vp_y="0 : 1000 : 0" inkscape:vp_z="1 : 0.5 : 1" sodipodi:type="inkscape:persp3d">
</inkscape:perspective>
<inkscape:perspective id="perspective3650" inkscape:persp3d-origin="0.5 : 0.33333333 : 1" inkscape:vp_x="0 : 0.5 : 1" inkscape:vp_y="0 : 1000 : 0" inkscape:vp_z="1 : 0.5 : 1" sodipodi:type="inkscape:persp3d">
</inkscape:perspective>
</defs>
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 5.2 KiB

After

Width:  |  Height:  |  Size: 5.2 KiB

0
ivatar/static/img/logo4hex/libravatar_org.svg Executable file → Normal file
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 13 KiB

After

Width:  |  Height:  |  Size: 13 KiB

0
ivatar/static/img/logo4hex/libravatar_org_6.svg Executable file → Normal file
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 13 KiB

After

Width:  |  Height:  |  Size: 13 KiB

0
ivatar/static/img/logo4hex/libravatar_org_process_blue.svg Executable file → Normal file
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 12 KiB

After

Width:  |  Height:  |  Size: 12 KiB

0
ivatar/static/img/logo4hex/libravatar_org_process_blue_6.svg Executable file → Normal file
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 12 KiB

After

Width:  |  Height:  |  Size: 12 KiB

2
ivatar/static/img/safari-pinned-tab.svg
View File

@@ -1 +1 @@
<svg version="1" xmlns="http://www.w3.org/2000/svg" width="682.667" height="682.667" viewBox="0 0 512.000000 512.000000"><path d="M152 86.4c-24.7 5.3-40.4 19.6-46.7 42.7-2.3 8.5-2.2 28.7.2 37.9 5 19.3 19.6 35 37.8 41 4.6 1.4 4 2.3-2.8 3.9-2.7.7-9.2 3.2-14.3 5.7-15.7 7.6-25.2 19.5-29.9 37.4-2.7 10.4-2.4 35 .6 46 7 26.3 22.7 42.1 47.8 48.1 17.1 4.1 43.6 2.1 61.8-4.5l6.5-2.4V427h32v-90h22v90h32v-84.8l6.5 2.4c18.2 6.6 44.7 8.6 61.8 4.5 25.1-6 40.8-21.8 47.8-48.1 3-11 3.3-35.6.6-46-4.7-17.9-14.2-29.8-29.9-37.4-5.1-2.5-11.5-5-14.3-5.7-6.8-1.6-7.4-2.5-2.8-3.9 18.2-6 32.8-21.7 37.8-41 2.4-9.2 2.5-29.4.2-37.9-5.8-21.5-20.5-35.8-42.7-41.8-9.2-2.5-34.7-2.5-44.5.1-15.8 4.1-28.3 12.6-36.6 24.7-7.4 10.9-13 28.8-14.4 45.6l-.7 8.3h-23.6l-.7-8.3c-1.4-16.8-7-34.7-14.4-45.6-8.2-12-20.8-20.6-36.1-24.6-8.9-2.3-32.4-2.9-41-1.1zm25.3 14.6c15.4 2.3 25.8 12.3 31.1 30 4.2 13.9 4.6 23.4 4.6 112.1v84.8l-5.3 1.5c-10 2.9-24.3 4.8-36.7 4.8-10.5.1-13.4-.3-18.1-2.1-9.8-3.8-17.4-12-21.4-23.1-6.3-17.5-5.7-50.9 1.1-64.2 7.6-15.1 21.5-23.6 41.4-25.6l7.5-.7.3-7.8.3-7.7h-3.8c-6.3 0-17.1-2.7-22.4-5.7-6.3-3.4-12.4-10.1-15.5-17-5-11.2-6.9-34.2-3.9-48.5 3.8-17.9 12.9-28.5 26.4-30.8 6.4-1.1 6.8-1.1 14.4 0zm178.7 2.1c16.8 7.3 24.7 33.1 19.4 63.2-2.6 15.4-8.9 25.4-19.3 31-5.3 3-16.1 5.7-22.4 5.7h-3.8l.3 7.7.3 7.8 7.5.7c19.9 2 33.8 10.5 41.4 25.6 3.2 6.2 5.6 20 5.6 32.2 0 35.3-11.4 54.1-34.9 57.1-11.4 1.4-32.3-1-48.8-5.7l-2.3-.6v-84.7c0-88.7.4-98.2 4.6-112.1 5.1-17.2 15.7-27.7 30.2-30 7.6-1.1 16.7-.3 22.2 2.1z"/><path d="M248.5 91.2c-8.6 3-13.5 10.1-13.5 19.6 0 10.7 7.3 18.3 18.4 19 10.2.6 18-5 20.7-15.1 3.8-14.2-11.6-28.4-25.6-23.5z"/></svg>
<svg version="1" xmlns="http://www.w3.org/2000/svg" width="682.667" height="682.667" viewBox="0 0 512.000000 512.000000"><path d="M152 86.4c-24.7 5.3-40.4 19.6-46.7 42.7-2.3 8.5-2.2 28.7.2 37.9 5 19.3 19.6 35 37.8 41 4.6 1.4 4 2.3-2.8 3.9-2.7.7-9.2 3.2-14.3 5.7-15.7 7.6-25.2 19.5-29.9 37.4-2.7 10.4-2.4 35 .6 46 7 26.3 22.7 42.1 47.8 48.1 17.1 4.1 43.6 2.1 61.8-4.5l6.5-2.4V427h32v-90h22v90h32v-84.8l6.5 2.4c18.2 6.6 44.7 8.6 61.8 4.5 25.1-6 40.8-21.8 47.8-48.1 3-11 3.3-35.6.6-46-4.7-17.9-14.2-29.8-29.9-37.4-5.1-2.5-11.5-5-14.3-5.7-6.8-1.6-7.4-2.5-2.8-3.9 18.2-6 32.8-21.7 37.8-41 2.4-9.2 2.5-29.4.2-37.9-5.8-21.5-20.5-35.8-42.7-41.8-9.2-2.5-34.7-2.5-44.5.1-15.8 4.1-28.3 12.6-36.6 24.7-7.4 10.9-13 28.8-14.4 45.6l-.7 8.3h-23.6l-.7-8.3c-1.4-16.8-7-34.7-14.4-45.6-8.2-12-20.8-20.6-36.1-24.6-8.9-2.3-32.4-2.9-41-1.1zm25.3 14.6c15.4 2.3 25.8 12.3 31.1 30 4.2 13.9 4.6 23.4 4.6 112.1v84.8l-5.3 1.5c-10 2.9-24.3 4.8-36.7 4.8-10.5.1-13.4-.3-18.1-2.1-9.8-3.8-17.4-12-21.4-23.1-6.3-17.5-5.7-50.9 1.1-64.2 7.6-15.1 21.5-23.6 41.4-25.6l7.5-.7.3-7.8.3-7.7h-3.8c-6.3 0-17.1-2.7-22.4-5.7-6.3-3.4-12.4-10.1-15.5-17-5-11.2-6.9-34.2-3.9-48.5 3.8-17.9 12.9-28.5 26.4-30.8 6.4-1.1 6.8-1.1 14.4 0zm178.7 2.1c16.8 7.3 24.7 33.1 19.4 63.2-2.6 15.4-8.9 25.4-19.3 31-5.3 3-16.1 5.7-22.4 5.7h-3.8l.3 7.7.3 7.8 7.5.7c19.9 2 33.8 10.5 41.4 25.6 3.2 6.2 5.6 20 5.6 32.2 0 35.3-11.4 54.1-34.9 57.1-11.4 1.4-32.3-1-48.8-5.7l-2.3-.6v-84.7c0-88.7.4-98.2 4.6-112.1 5.1-17.2 15.7-27.7 30.2-30 7.6-1.1 16.7-.3 22.2 2.1z"/><path d="M248.5 91.2c-8.6 3-13.5 10.1-13.5 19.6 0 10.7 7.3 18.3 18.4 19 10.2.6 18-5 20.7-15.1 3.8-14.2-11.6-28.4-25.6-23.5z"/></svg>
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.6 KiB

After

Width:  |  Height:  |  Size: 1.6 KiB

1701
ivatar/static/js/bootstrap.min.js vendored
View File

File diff suppressed because one or more lines are too long

2170
ivatar/static/js/cropper.min.js vendored Normal file
View File

File diff suppressed because it is too large Load Diff

44
ivatar/static/js/ivatar.js
View File

@@ -2,33 +2,33 @@
// Autofocus the right field on forms
if (document.forms.login) {
if (document.forms.login.username) {
document.forms.login.username.focus();
} else if (document.forms.login.openid_identifier) {
document.forms.login.openid_identifier.focus();
}
if (document.forms.login.username) {
document.forms.login.username.focus();
} else if (document.forms.login.openid_identifier) {
document.forms.login.openid_identifier.focus();
}
} else if (document.forms.addemail) {
document.forms.addemail.email.focus();
document.forms.addemail.email.focus();
} else if (document.forms.addopenid) {
document.forms.addopenid.openid.focus();
document.forms.addopenid.openid.focus();
} else if (document.forms.changepassword) {
if(document.forms.changepassword.old_password) {
document.forms.changepassword.old_password.focus();
} else {
document.forms.changepassword.new_password1.focus();
}
if (document.forms.changepassword.old_password) {
document.forms.changepassword.old_password.focus();
} else {
document.forms.changepassword.new_password1.focus();
}
} else if (document.forms.deleteaccount) {
if (document.forms.deleteaccount.password) {
document.forms.deleteaccount.password.focus();
}
if (document.forms.deleteaccount.password) {
document.forms.deleteaccount.password.focus();
}
} else if (document.forms.lookup) {
if (document.forms.lookup.email) {
document.forms.lookup.email.focus();
} else if (document.forms.lookup.domain) {
document.forms.lookup.domain.focus();
}
if (document.forms.lookup.email) {
document.forms.lookup.email.focus();
} else if (document.forms.lookup.domain) {
document.forms.lookup.domain.focus();
}
} else if (document.forms.newaccount) {
document.forms.newaccount.username.focus();
document.forms.newaccount.username.focus();
} else if (document.forms.reset) {
document.forms.reset.email.focus();
document.forms.reset.email.focus();
}

1155
ivatar/static/js/jcrop.js
View File

File diff suppressed because one or more lines are too long

110
ivatar/test_utils.py
View File

@@ -47,71 +47,67 @@ class Tester(TestCase):
self.assertEqual(openid_variations(openid3)[3], openid3)
def test_is_trusted_url(self):
test_gravatar_true = is_trusted_url("https://gravatar.com/avatar/63a75a80e6b1f4adfdb04c1ca02e596c", [
{
"schemes": [
"http",
"https"
],
"host_equals": "gravatar.com",
"path_prefix": "/avatar/"
}
])
test_gravatar_true = is_trusted_url(
"https://gravatar.com/avatar/63a75a80e6b1f4adfdb04c1ca02e596c",
[
{
"schemes": ["http", "https"],
"host_equals": "gravatar.com",
"path_prefix": "/avatar/",
}
],
)
self.assertTrue(test_gravatar_true)
test_gravatar_false = is_trusted_url("https://gravatar.com.example.org/avatar/63a75a80e6b1f4adfdb04c1ca02e596c", [
{
"schemes": [
"http",
"https"
],
"host_suffix": ".gravatar.com",
"path_prefix": "/avatar/"
}
])
test_gravatar_false = is_trusted_url(
"https://gravatar.com.example.org/avatar/63a75a80e6b1f4adfdb04c1ca02e596c",
[
{
"schemes": ["http", "https"],
"host_suffix": ".gravatar.com",
"path_prefix": "/avatar/",
}
],
)
self.assertFalse(test_gravatar_false)
test_open_redirect = is_trusted_url("https://github.com/SethFalco/?boop=https://secure.gravatar.com/avatar/205e460b479e2e5b48aec07710c08d50", [
{
"schemes": [
"http",
"https"
],
"host_suffix": ".gravatar.com",
"path_prefix": "/avatar/"
}
])
test_open_redirect = is_trusted_url(
"https://github.com/SethFalco/?boop=https://secure.gravatar.com/avatar/205e460b479e2e5b48aec07710c08d50",
[
{
"schemes": ["http", "https"],
"host_suffix": ".gravatar.com",
"path_prefix": "/avatar/",
}
],
)
self.assertFalse(test_open_redirect)
test_multiple_filters = is_trusted_url("https://ui-avatars.com/api/blah", [
{
"schemes": [
"https"
],
"host_equals": "ui-avatars.com",
"path_prefix": "/api/"
},
{
"schemes": [
"http",
"https"
],
"host_suffix": ".gravatar.com",
"path_prefix": "/avatar/"
}
])
test_multiple_filters = is_trusted_url(
"https://ui-avatars.com/api/blah",
[
{
"schemes": ["https"],
"host_equals": "ui-avatars.com",
"path_prefix": "/api/",
},
{
"schemes": ["http", "https"],
"host_suffix": ".gravatar.com",
"path_prefix": "/avatar/",
},
],
)
self.assertTrue(test_multiple_filters)
test_url_prefix_true = is_trusted_url("https://ui-avatars.com/api/blah", [
{
"url_prefix": "https://ui-avatars.com/api/"
}
])
test_url_prefix_true = is_trusted_url(
"https://ui-avatars.com/api/blah",
[{"url_prefix": "https://ui-avatars.com/api/"}],
)
self.assertTrue(test_url_prefix_true)
test_url_prefix_false = is_trusted_url("https://ui-avatars.com/api/blah", [
{
"url_prefix": "https://gravatar.com/avatar/"
}
])
test_url_prefix_false = is_trusted_url(
"https://ui-avatars.com/api/blah",
[{"url_prefix": "https://gravatar.com/avatar/"}],
)
self.assertFalse(test_url_prefix_false)

6
ivatar/utils.py
View File

@@ -6,6 +6,7 @@ Simple module providing reusable random_string function
import contextlib
import random
import string
import logging
from io import BytesIO
from PIL import Image, ImageDraw, ImageSequence
from urllib.parse import urlparse
@@ -13,6 +14,9 @@ import requests
from ivatar.settings import DEBUG, URL_TIMEOUT
from urllib.request import urlopen as urlopen_orig
# Initialize logger
logger = logging.getLogger("ivatar")
BLUESKY_IDENTIFIER = None
BLUESKY_APP_PASSWORD = None
with contextlib.suppress(Exception):
@@ -88,7 +92,7 @@ class Bluesky:
)
profile_response.raise_for_status()
except Exception as exc:
print(f"Bluesky profile fetch failed with HTTP error: {exc}")
logger.warning(f"Bluesky profile fetch failed with HTTP error: {exc}")
return None
return profile_response.json()

39
ivatar/views.py
View File

@@ -7,6 +7,7 @@ import contextlib
from io import BytesIO
from os import path
import hashlib
import logging
from ivatar.utils import urlopen, Bluesky
from urllib.error import HTTPError, URLError
from ssl import SSLError
@@ -38,6 +39,10 @@ from .ivataraccount.models import Photo
from .ivataraccount.models import pil_format, file_format
from .utils import is_trusted_url, mm_ng, resize_animated_gif
# Initialize loggers
logger = logging.getLogger("ivatar")
security_logger = logging.getLogger("ivatar.security")
def get_size(request, size=DEFAULT_AVATAR_SIZE):
"""
@@ -137,14 +142,14 @@ class AvatarImageView(TemplateView):
if default is not None:
if TRUSTED_DEFAULT_URLS is None:
print("Query parameter `default` is disabled.")
logger.warning("Query parameter `default` is disabled.")
default = None
elif default.find("://") > 0:
# Check if it's trusted, if not, reset to None
trusted_url = is_trusted_url(default, TRUSTED_DEFAULT_URLS)
if not trusted_url:
print(
security_logger.warning(
f"Default URL is not in trusted URLs: '{default}'; Kicking it!"
)
default = None
@@ -373,7 +378,7 @@ class GravatarProxyView(View):
if exc.code == 404:
cache.set(gravatar_test_url, "default", 60)
else:
print(f"Gravatar test url fetch failed: {exc}")
logger.warning(f"Gravatar test url fetch failed: {exc}")
return redir_default(default)
gravatar_url = (
@@ -384,23 +389,25 @@ class GravatarProxyView(View):
try:
if cache.get(gravatar_url) == "err":
print(f"Cached Gravatar fetch failed with URL error: {gravatar_url}")
logger.warning(
f"Cached Gravatar fetch failed with URL error: {gravatar_url}"
)
return redir_default(default)
gravatarimagedata = urlopen(gravatar_url)
except HTTPError as exc:
if exc.code not in [404, 503]:
print(
logger.warning(
f"Gravatar fetch failed with an unexpected {exc.code} HTTP error: {gravatar_url}"
)
cache.set(gravatar_url, "err", 30)
return redir_default(default)
except URLError as exc:
print(f"Gravatar fetch failed with URL error: {exc.reason}")
logger.warning(f"Gravatar fetch failed with URL error: {exc.reason}")
cache.set(gravatar_url, "err", 30)
return redir_default(default)
except SSLError as exc:
print(f"Gravatar fetch failed with SSL error: {exc.reason}")
logger.warning(f"Gravatar fetch failed with SSL error: {exc.reason}")
cache.set(gravatar_url, "err", 30)
return redir_default(default)
try:
@@ -416,7 +423,7 @@ class GravatarProxyView(View):
return response
except ValueError as exc:
print(f"Value error: {exc}")
logger.error(f"Value error: {exc}")
return redir_default(default)
# We shouldn't reach this point... But make sure we do something
@@ -446,7 +453,7 @@ class BlueskyProxyView(View):
return HttpResponseRedirect(url)
size = get_size(request)
print(size)
logger.debug(f"Bluesky avatar size requested: {size}")
blueskyimagedata = None
default = None
@@ -461,7 +468,7 @@ class BlueskyProxyView(View):
Q(digest=kwargs["digest"]) | Q(digest_sha256=kwargs["digest"])
).first()
except Exception as exc:
print(exc)
logger.warning(f"Exception: {exc}")
# If no identity is found in the email table, try the openid table
if not identity:
@@ -473,7 +480,7 @@ class BlueskyProxyView(View):
| Q(alt_digest3=kwargs["digest"])
).first()
except Exception as exc:
print(exc)
logger.warning(f"Exception: {exc}")
# If still no identity is found, redirect to the default
if not identity:
@@ -494,7 +501,9 @@ class BlueskyProxyView(View):
try:
if cache.get(bluesky_url) == "err":
print(f"Cached Bluesky fetch failed with URL error: {bluesky_url}")
logger.warning(
f"Cached Bluesky fetch failed with URL error: {bluesky_url}"
)
return redir_default(default)
blueskyimagedata = urlopen(bluesky_url)
@@ -506,11 +515,11 @@ class BlueskyProxyView(View):
cache.set(bluesky_url, "err", 30)
return redir_default(default)
except URLError as exc:
print(f"Bluesky fetch failed with URL error: {exc.reason}")
logger.warning(f"Bluesky fetch failed with URL error: {exc.reason}")
cache.set(bluesky_url, "err", 30)
return redir_default(default)
except SSLError as exc:
print(f"Bluesky fetch failed with SSL error: {exc.reason}")
logger.warning(f"Bluesky fetch failed with SSL error: {exc.reason}")
cache.set(bluesky_url, "err", 30)
return redir_default(default)
try:
@@ -536,7 +545,7 @@ class BlueskyProxyView(View):
response["Vary"] = ""
return response
except ValueError as exc:
print(f"Value error: {exc}")
logger.error(f"Value error: {exc}")
return redir_default(default)
# We shouldn't reach this point... But make sure we do something

1
ivatar/wsgi.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
"""
WSGI config for ivatar project.

1
manage.py
View File

@@ -1,4 +1,5 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import os
import sys

1
requirements.txt
View File

@@ -1,3 +1,4 @@
argon2-cffi>=21.3.0
autopep8
bcrypt
defusedxml

4
templates/description.html
View File

@@ -24,7 +24,7 @@ All you have to do is <a href="{% url 'new_account' %}">sign up on libravatar.or
Once you've done that, a bunch of websites (where you've entered your email address, usually as part of the registration process) will start displaying your avatar next to your name.<br/>
<img src="{% static 'img/gitlab-profile-view.png' %}">
<br/>
<h2>Freedom and federation</h2>
How is Libravatar <a href="{% url 'features' %}">different</a> from Gravatar though? The main difference is that while <a href="{% url 'home' %}">Libravatar.org</a> is an online avatar hosting service just like Gravatar, the software that powers the former is also available for download under a free software license.
@@ -64,7 +64,7 @@ If you're interested in the details of how third-party websites display Libravat
<figure>
<img src="https://seccdn.libravatar.org/avatar/63a75a80e6b1f4adfdb04c1ca02e596c">
<figcaption>&lt;img src="https://seccdn.libravatar.org/avatar/63a75a80e6b1f4adfdb04c1ca02e596c"&gt;</code></figcaption>
</figure>
</figure>
<br/>
<!-- TODO: Libraries url -->
It's pretty simple, but for most web applications it's even easier because they're just using one of the convenient <a href="https://wiki.libravatar.org/libraries/">libraries</a> provided by the community.