File upload security (iteration 1), security enhancements and OpenTelemetry (OTEL) implementation (sending data disabled by default)
See merge request oliver/ivatar!265
- Replace digest_sha256 with avatar_url in top_viewed_avatars
- Replace digest_sha256 with avatar_url in top_queried_emails
- Replace digest_sha256 with avatar_url in top_queried_openids
- All avatar URLs now use https://libravatar.org/avatar/{digest} format
- Update tests to verify avatar_url presence and correct format
- All 5 stats tests pass successfully
This makes the stats API more user-friendly by providing complete
avatar URLs that can be directly used in applications instead of
requiring clients to construct the URLs themselves.
- Convert avg_size_bytes to float to handle SQLite returning string values
- Fixes TypeError: '>' not supported between instances of 'str' and 'int'
- Ensures photo size statistics work correctly across different database backends
- All 5 stats tests pass successfully
The issue occurred because SQLite's AVG() function can return string representations
of numbers in some cases, causing type comparison errors in tests.
- Remove email addresses from top_viewed_avatars and top_queried_emails
- Remove OpenID URLs from top_viewed_avatars and top_queried_openids
- Remove Bluesky handles from bluesky_handles section
- Keep only access_count and digest_sha256 for privacy protection
- Update tests to reflect privacy changes
- All 5 stats tests pass successfully
This ensures that the stats endpoint no longer exposes:
- User email addresses
- OpenID URLs
- Bluesky handles
- Any other personally identifiable information
The stats now only show aggregated counts and hashed identifiers.
- Add random_ip_address() function to ivatar.utils for generating random IP addresses
- Create separate test_views_stats.py file with StatsTester class
- Move all stats tests from test_views.py to test_views_stats.py
- Update tests to use random_string() for emails and OpenIDs instead of static @example.com
- Update tests to use random_ip_address() for IP addresses instead of static 192.168.1.x
- Remove stats tests from original test_views.py file
- Add test_stats_basic: Test basic count statistics
- Add test_stats_comprehensive: Test all new statistics with real data
- Add test_stats_edge_cases: Test edge cases with empty data
- Add test_stats_with_bluesky_handles: Test Bluesky handles functionality
- Add test_stats_photo_duplicates: Test potential duplicate photos detection
All tests cover:
- Top 10 viewed avatars with associated email/OpenID details
- Top 10 queried email addresses and OpenIDs
- Photo format distribution statistics
- User activity metrics (multiple photos, email+OpenID users, avg photos per user)
- Bluesky handles statistics with top handles by access count
- Average photo size calculation using SQL queries
- Potential duplicate photos detection by format and size
- Edge cases and error handling
Tests use valid PNG image data and proper model relationships.
All 5 new test methods pass successfully.
- Implement top 10 viewed avatars with associated email/OpenID details
- Add top 10 queried email addresses and OpenIDs by access count
- Include photo format distribution statistics
- Add user activity metrics (multiple photos, email+OpenID users, avg photos per user)
- Implement Bluesky handles statistics with top handles by access count
- Add average photo size calculation using fast SQL queries
- Include potential duplicate photos detection by format and size
- Use raw SQL for performance optimization on large datasets
- Remove orphaned photos check as requested
All statistics now return consistent data structure with access_count and digest_sha256 fields.
- Fix login page button spacing with proper gap between buttons
- Add responsive button group styling for all forms (login, registration, preferences, etc.)
- Implement mobile-first button layout: horizontal on desktop, vertical stack on mobile
- Center hero section buttons on front page with explicit flexbox centering
- Add theme-resistant CSS overrides to ensure consistent button appearance
- Update HTML structure to properly contain buttons within btn-group containers
- Enhance mobile UX with full-width buttons and touch-friendly spacing
- Add CSS overrides with !important to ensure button text is visible
- Fixes invisible text on primary/secondary/danger buttons when custom themes are active
- Resolves issue where theme CSS files (red.css, green.css, clime.css) override text colors
- Ensures consistent button appearance regardless of selected theme
- Replace float layout with responsive CSS Grid for photo selection
- Add proper spacing between image boxes on mobile devices
- Fix button overflow issues with responsive flexbox layout
- Consolidate duplicate CSS into main stylesheet
- Apply improvements to both email and OpenID assignment templates
