external-repos/ivatar
1
0
Fork 0
mirror of https://git.linux-kernel.at/oliver/ivatar.git synced 2025-11-13 03:36:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: external-repos:devel
Branches Tags
external-repos:master external-repos:devel external-repos:ai-playground external-repos:94-rfe-default-for-gravatarproxy-and-gravatarredirect-should-be-configurable-in-settings-config external-repos:sast-2 external-repos:91-error-500-if-trying-to-confirm-a-mail-address-that-is-already-confirmed-for-another-user external-repos:avatar-creator external-repos:django-4.1 external-repos:import_csv external-repos:trust external-repos:cipher_test external-repos:redesign external-repos:apikeys
external-repos:1.7.0 external-repos:1.6.2
..
compare: external-repos:import_csv
Branches Tags
external-repos:master external-repos:devel external-repos:ai-playground external-repos:94-rfe-default-for-gravatarproxy-and-gravatarredirect-should-be-configurable-in-settings-config external-repos:sast-2 external-repos:91-error-500-if-trying-to-confirm-a-mail-address-that-is-already-confirmed-for-another-user external-repos:avatar-creator external-repos:django-4.1 external-repos:import_csv external-repos:trust external-repos:cipher_test external-repos:redesign external-repos:apikeys
external-repos:1.7.0 external-repos:1.6.2

1 Commits
devel ... import_csv

Author SHA1 Message Date
Oliver Falk
f5a08c4a94 Add new script to import a CSV file with users 2022-09-16 13:37:37 +02:00
185 changed files with 4571 additions and 72112 deletions
Expand all files Collapse all files

1
.buildpacks
View File

@@ -1 +0,0 @@
https://github.com/heroku/heroku-buildpack-python

246
.cursorrules
View File

@@ -1,246 +0,0 @@
# ivatar/libravatar Project Rules
## Project Overview
ivatar is a Django-based federated avatar service that serves as an alternative to Gravatar. It provides avatar images for email addresses and OpenID URLs, with support for the Libravatar federation protocol.
## Core Functionality
- Avatar service for email addresses and OpenID URLs
- Federated compatibility with Libravatar protocol
- Multiple authentication methods (OpenID, OpenID Connect/Fedora, Django auth)
- Image upload, cropping, and management
- External avatar import (Gravatar, other Libravatar instances)
- Bluesky handle integration
- Multiple theme support (default, clime, green, red)
- Internationalization (15+ languages)
## Technical Stack
- **Framework**: Django 4.2+ with Python 3.x
- **Database**: SQLite (development), MySQL/MariaDB, PostgreSQL (production)
- **Image Processing**: PIL/Pillow for image manipulation
- **Authentication**: django-openid-auth, social-auth-app-django
- **Caching**: Memcached and filesystem caching
- **Email**: Mailgun integration via django-anymail
- **Testing**: pytest with custom markers
## Key Models
- `Photo`: Stores uploaded avatar images with format detection and access counting
- `ConfirmedEmail`: Verified email addresses with assigned photos and Bluesky handles
- `ConfirmedOpenId`: Verified OpenID URLs with assigned photos and Bluesky handles
- `UserPreference`: User theme preferences
- `UnconfirmedEmail`: Email verification workflow
- `UnconfirmedOpenId`: OpenID verification workflow
## Security Features
- File upload validation and sanitization
- EXIF data removal (ENABLE_EXIF_SANITIZATION)
- Malicious content scanning (ENABLE_MALICIOUS_CONTENT_SCAN)
- Comprehensive security logging
- File size limits and format validation
- Trusted URL validation for external avatar sources
## Development Workflow Rules
### Tool Usage Guidelines
- **Prefer MCP tools over command-line alternatives** - When MCP (Model Context Protocol) tools are available for a task, use them instead of command-line tools
- **Examples**: Use `mcp_lkernat-gitlab_*` functions instead of `glab` commands, prefer MCP web search over terminal `curl` calls
- **Benefits**: MCP tools provide more reliable, direct interfaces and better error handling
- **Fallback**: Only use command-line tools when no MCP alternative exists
### External Resources & Libraries
- **Web search is always allowed** - use web search to find solutions, check documentation, verify best practices
- **Use latest library versions** - always prefer the latest stable versions of external libraries
- **Security first** - outdated libraries are security risks, always update to latest versions
- **Dependency management** - when adding new dependencies, ensure they're actively maintained and secure
### Testing
- **MANDATORY: Run pre-commit hooks and tests before any changes** - this is an obligation
- Use `./run_tests_local.sh` for local development (skips Bluesky tests requiring API credentials)
- Run `python3 manage.py test -v3` for full test suite including Bluesky tests
- **MANDATORY: When adding new code, always write tests to increase code coverage** - never decrease coverage
- Use pytest markers appropriately:
- `@pytest.mark.bluesky`: Tests requiring Bluesky API credentials
- `@pytest.mark.slow`: Long-running tests
- `@pytest.mark.integration`: Integration tests
- `@pytest.mark.unit`: Unit tests
### Code Quality
- Always check for linter errors after making changes using `read_lints`
- Follow existing code style and patterns
- Maintain comprehensive logging (use `logger = logging.getLogger("ivatar")`)
- Consider security implications of any changes
- Follow Django best practices and conventions
- **Reduce script creation** - avoid creating unnecessary scripts, prefer existing tools and commands
- **Use latest libraries** - always use the latest versions of external libraries to ensure security and bug fixes
### Database Operations
- Use migrations for schema changes: `./manage.py migrate`
- Support multiple database backends (SQLite, MySQL, PostgreSQL)
- Use proper indexing for performance (see existing model indexes)
### Image Processing
- Support multiple formats: JPEG, PNG, GIF, WEBP
- Maximum image size: 512x512 pixels (AVATAR_MAX_SIZE)
- Maximum file size: 10MB (MAX_PHOTO_SIZE)
- JPEG quality: 85 (JPEG_QUALITY)
- Always validate image format and dimensions
## Configuration Management
- Main settings in `ivatar/settings.py` and `config.py`
- Local overrides in `config_local.py` (not in version control)
- Environment variables for sensitive data (database credentials, API keys)
- Support for multiple deployment environments (development, staging, production)
## Authentication & Authorization
- Multiple backends: Django auth, OpenID, Fedora OIDC
- Social auth pipeline with custom steps for email confirmation
- User account creation and management
- Email verification workflow
## Caching Strategy
- Memcached for general caching
- Filesystem cache for generated images
- 5-minute cache for resized images (CACHE_IMAGES_MAX_AGE)
- Cache invalidation on photo updates
## Internationalization
- Support for 15+ languages
- Use Django's translation framework
- Template strings should be translatable
- Locale-specific formatting
## File Structure Guidelines
- Main Django app: `ivatar/`
- Account management: `ivatar/ivataraccount/`
- Tools: `ivatar/tools/`
- Static files: `ivatar/static/` and `static/`
- Templates: `templates/` and app-specific template directories
- Tests: Co-located with modules or in dedicated test files
## Security Considerations
- Always validate file uploads
- Sanitize EXIF data from images
- Use secure password hashing (Argon2 preferred, PBKDF2 fallback)
- Implement proper CSRF protection
- Use secure cookies in production
- Log security events to dedicated security log
## Performance Considerations
- Use database indexes for frequently queried fields
- Implement proper caching strategies
- Optimize image processing operations
- Monitor access counts for analytics
- Use efficient database queries
## Production Deployment & Infrastructure
### Hosting & Sponsorship
- **Hosted by Fedora Project** - Free infrastructure provided due to heavy usage by Fedora community
- **Scale**: Handles millions of requests daily for 30k+ users with 33k+ avatar images
- **Performance**: High-performance system optimized for dynamic content (CDN difficult due to dynamic sizing)
### Production Architecture
- **Redis**: Session storage (potential future caching expansion)
- **Monitoring Stack**:
- Prometheus + Alertmanager for metrics and alerting
- Loki for log aggregation
- Alloy for observability
- Grafana for visualization
- Custom exporters for application metrics
- **Apache HTTPD**:
- SSL termination
- Load balancer for Gunicorn containers
- Caching (memory/socache and disk cache - optimization ongoing)
- **PostgreSQL**: Main production database
- **Gunicorn**: 2 containers running Django application
- **Containerization**: **Podman** (not Docker) - always prefer podman when possible
### Development Environment
- **Dev Instance**: dev.libravatar.org (auto-deployed from 'devel' branch via Puppet)
- **Limitation**: Aging CentOS 7 host with older Python 3.x and Django versions
- **Compatibility**: Must maintain backward compatibility with older versions
### CI/CD & Version Control
- **GitLab**: Self-hosted OSS/Community Edition on git.linux-kernel.at
- **CI**: GitLab CI extensively used
- **CD**: GitLab CD on roadmap (part of libravatar-ansible project)
- **Deployment**: Separate libravatar-ansible project handles production deployments
- **Container Management**: Ansible playbooks rebuild custom images and restart containers as needed
### Deployment Considerations
- Production requires proper database setup (PostgreSQL, not SQLite)
- Static file collection required: `./manage.py collectstatic`
- Environment-specific configuration via environment variables
- Custom container images with automated rebuilds
- High availability and performance optimization critical
## Common Commands
```bash
# Development server
./manage.py runserver 0:8080
# Run local tests (recommended for development)
./run_tests_local.sh
# Run all tests
python3 manage.py test -v2
# Database migrations
./manage.py migrate
# Collect static files
./manage.py collectstatic -l --no-input
# Create superuser
./manage.py createsuperuser
```
## Code Style Guidelines
- Use descriptive variable and function names
- Add comprehensive docstrings for classes and methods
- **MANDATORY: Include type hints for ALL new code** - this is a strict requirement
- Follow PEP 8 and Django coding standards
- Use meaningful commit messages
- Add comments for complex business logic
## Error Handling
- Use proper exception handling with specific exception types
- Log errors with appropriate levels (DEBUG, INFO, WARNING, ERROR)
- Provide user-friendly error messages
- Implement graceful fallbacks where possible
## API Compatibility
- Maintain backward compatibility with existing avatar URLs
- Support Libravatar federation protocol
- Ensure Gravatar compatibility for imports
- Preserve existing URL patterns and parameters
## Monitoring & Logging
- Use structured logging with appropriate levels
- Log security events to dedicated security log
- Monitor performance metrics (access counts, response times)
- Implement health checks for external dependencies
- **Robust logging setup**: Automatically tests directory writeability and falls back gracefully
- **Fallback hierarchy**: logs/ → /tmp/libravatar-logs → user-specific temp directory
- **Permission handling**: Handles cases where logs directory exists but isn't writable
## GitLab CI/CD Monitoring
- **MANDATORY: Check GitLab pipeline status regularly** during development
- Monitor pipeline status for the current working branch (typically `devel`)
- Use `glab ci list --repo git.linux-kernel.at/oliver/ivatar --per-page 5` to check recent pipelines
- Verify all tests pass before considering work complete
- Check pipeline logs with `glab ci trace <pipeline-id> --repo git.linux-kernel.at/oliver/ivatar` if needed
- Address any CI failures immediately before proceeding with new changes
- Pipeline URL: https://git.linux-kernel.at/oliver/ivatar/-/pipelines
## Deployment Verification
- **Automatic verification**: GitLab CI automatically verifies dev.libravatar.org deployments on `devel` branch
- **Manual verification**: Production deployments on `master` branch can be verified manually via CI
- **Version endpoint**: `/deployment/version/` provides commit hash, branch, and deployment status
- **Security**: Version endpoint uses cached git file reading (no subprocess calls) to prevent DDoS attacks
- **Performance**: Version information is cached in memory to avoid repeated file system access
- **SELinux compatibility**: No subprocess calls that might be blocked by SELinux policies
- **Manual testing**: Use `./scripts/test_deployment.sh` to test deployments locally
- **Deployment timing**: Dev deployments via Puppet may take up to 30 minutes to complete
- **Verification includes**: Version matching, avatar endpoint, stats endpoint functionality
Remember: This is a production avatar service handling user data and images. Security, performance, and reliability are paramount. Always consider the impact of changes on existing users and federated services.

11
.env
View File

@@ -1,11 +0,0 @@
if [ ! -d .virtualenv ]; then
if [ ! "$(which virtualenv)" == "" ]; then
if [ -f .env ]; then
virtualenv -p python3 .virtualenv
fi
fi
fi
if [ -f .virtualenv/bin/activate ]; then
source .virtualenv/bin/activate
AUTOENV_ENABLE_LEAVE=True
fi

1
.env.leave
View File

@@ -1 +0,0 @@
deactivate

2
.flake8
View File

@@ -1,5 +1,5 @@
[flake8]
ignore = E501, W503, E402, C901, E231, E702
ignore = E501, W503, E402, C901
max-line-length = 79
max-complexity = 18
select = B,C,E,F,W,T4,B9

11
.gitignore vendored
View File

@@ -1,6 +1,6 @@
__pycache__
/db.sqlite3
/static/*
/static/
**.*.swp
.coverage
htmlcov/
@@ -14,12 +14,3 @@ node_modules/
config_local.py
locale/*/LC_MESSAGES/django.mo
.DS_Store
.idea/
contacts.csv
falko_gravatar.jpg
*.egg-info
dump_all*.sql
dist/
.env.local
tmp/
logs/

284
.gitlab-ci.yml
View File

@@ -1,268 +1,56 @@
image:
name: git.linux-kernel.at:5050/oliver/fedora42-python3:latest
entrypoint:
- "/bin/sh"
- "-c"
name: quay.io/rhn_support_ofalk/fedora34-python3
entrypoint: [ '/bin/sh', '-c' ]
# Cache pip deps to speed up builds
cache:
paths:
- .pipcache
variables:
PIP_CACHE_DIR: .pipcache
before_script:
- virtualenv -p python3 /tmp/.virtualenv
- source /tmp/.virtualenv/bin/activate
- pip install Pillow
- pip install -r requirements.txt
- pip install python-coveralls
- pip install coverage
- pip install pycco
- pip install django_coverage_plugin
# Test with OpenTelemetry instrumentation (always enabled, export disabled in CI)
test_and_coverage:
stage: build
coverage: "/^TOTAL.*\\s+(\\d+\\%)$/"
services:
- postgres:latest
variables:
POSTGRES_DB: django_db
POSTGRES_USER: django_user
POSTGRES_PASSWORD: django_password
POSTGRES_HOST: postgres
DATABASE_URL: "postgres://django_user:django_password@postgres/django_db"
PYTHONUNBUFFERED: 1
# OpenTelemetry instrumentation always enabled, export controlled by OTEL_EXPORT_ENABLED
OTEL_EXPORT_ENABLED: "false" # Disable export in CI to avoid external dependencies
OTEL_SERVICE_NAME: "ivatar-ci"
OTEL_ENVIRONMENT: "ci"
before_script:
- virtualenv -p python3 /tmp/.virtualenv
- source /tmp/.virtualenv/bin/activate
- pip install -U pip
- pip install Pillow
- pip install -r requirements.txt
- pip install python-coveralls
- pip install coverage
- pip install pycco
- pip install django_coverage_plugin
script:
- source /tmp/.virtualenv/bin/activate
- echo 'from ivatar.settings import TEMPLATES' > config_local.py
- echo 'TEMPLATES[0]["OPTIONS"]["debug"] = True' >> config_local.py
- echo "DEBUG = True" >> config_local.py
- echo "from config import CACHES" >> config_local.py
- echo "CACHES['default'] = CACHES['filesystem']" >> config_local.py
- python manage.py sqldsn
- python manage.py collectstatic --noinput
- echo "Running tests with OpenTelemetry instrumentation enabled..."
- coverage run --source . scripts/run_tests_with_coverage.py
- coverage report --fail-under=70
- coverage html
artifacts:
paths:
- htmlcov/
pycco:
stage: test
before_script:
- virtualenv -p python3 /tmp/.virtualenv
- source /tmp/.virtualenv/bin/activate
- pip install -U pip
- pip install Pillow
- pip install -r requirements.txt
- pip install python-coveralls
- pip install coverage
- pip install pycco
- pip install django_coverage_plugin
coverage: '/^TOTAL.*\s+(\d+\%)$/'
script:
- "/bin/true"
- find ivatar/ -type f -name "*.py"|grep -v __pycache__|grep -v __init__.py|grep
-v /migrations/ | xargs pycco -p -d pycco -i -s
artifacts:
paths:
- pycco/
expire_in: 14 days
pages:
stage: deploy
dependencies:
- test_and_coverage
- pycco
script:
- mv htmlcov/ public/
- mv pycco/ public/
artifacts:
paths:
- public
expire_in: 14 days
only:
- master
#build-image:
# image: docker
# only:
# - master
# - devel
# services:
# - docker:dind
# before_script:
# - docker info
# - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
# script:
# - ls -lah
# - |
# if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
# tag=""
# echo "Running on default branch '$CI_DEFAULT_BRANCH': tag = 'latest'"
# else
# tag=":$CI_COMMIT_REF_SLUG"
# echo "Running on branch '$CI_COMMIT_BRANCH': tag = $tag"
# fi
# - docker build --pull -t "$CI_REGISTRY_IMAGE${tag}" .
# - docker push "$CI_REGISTRY_IMAGE${tag}"
# Local performance testing job (runs in CI environment)
performance_tests_local:
stage: test
services:
- postgres:latest
variables:
POSTGRES_DB: django_db
POSTGRES_USER: django_user
POSTGRES_PASSWORD: django_password
POSTGRES_HOST: postgres
DATABASE_URL: "postgres://django_user:django_password@postgres/django_db"
PYTHONUNBUFFERED: 1
# OpenTelemetry configuration for performance testing
OTEL_EXPORT_ENABLED: "false"
OTEL_SERVICE_NAME: "ivatar-perf-test-local"
OTEL_ENVIRONMENT: "ci-performance"
before_script:
- virtualenv -p python3 /tmp/.virtualenv
- source /tmp/.virtualenv/bin/activate
- pip install -U pip
- pip install Pillow
- pip install -r requirements.txt
- pip install requests # Additional dependency for performance tests
script:
- source /tmp/.virtualenv/bin/activate
- echo 'from ivatar.settings import TEMPLATES' > config_local.py
- echo 'TEMPLATES[0]["OPTIONS"]["debug"] = True' >> config_local.py
- echo "DEBUG = True" >> config_local.py
- echo "from config import CACHES" >> config_local.py
- echo "CACHES['default'] = CACHES['filesystem']" >> config_local.py
- python manage.py migrate
- python manage.py collectstatic --noinput
- echo "Running local performance tests (no cache testing)..."
- python3 scripts/performance_tests.py --no-cache-test --output performance_local.json
- coverage run --source . manage.py test -v3
- coverage report --fail-under=70
- coverage html
artifacts:
paths:
- performance_local.json
expire_in: 7 days
allow_failure: true # Don't fail the pipeline on performance issues, but report them
- htmlcov/
# Performance testing against dev server (devel branch only)
performance_tests_dev:
stage: deploy
image: python:3.11-alpine
only:
- devel
when: on_success # Run automatically after successful deployment verification
variables:
DEV_URL: "https://dev.libravatar.org"
PYTHONUNBUFFERED: 1
before_script:
- apk add --no-cache curl
- pip install requests Pillow prettytable pyLibravatar dnspython py3dns
pycco:
stage: test
script:
- echo "Running performance tests against dev.libravatar.org..."
- python3 scripts/performance_tests.py --base-url $DEV_URL --concurrent-users 5 --avatar-threshold 2500 --response-threshold 2500 --p95-threshold 5000 --ignore-cache-warnings --output performance_dev.json
- /bin/true
- find ivatar/ -type f -name "*.py"|grep -v __pycache__|grep -v __init__.py|grep -v /migrations/ | xargs pycco -p -d pycco -i -s
artifacts:
paths:
- performance_dev.json
expire_in: 7 days
allow_failure: true # Don't fail deployment on performance issues
needs:
- job: verify_dev_deployment
artifacts: false # Run after deployment verification succeeds
- pycco/
expire_in: 14 days
# Performance testing against production server (master branch only)
performance_tests_prod:
pages:
before_script:
- /bin/true
- /bin/true
stage: deploy
image: python:3.11-alpine
dependencies:
- test_and_coverage
- pycco
script:
- mv htmlcov/ public/
- mv pycco/ public/
artifacts:
paths:
- public
expire_in: 14 days
only:
- master
when: on_success # Run automatically after successful deployment verification
variables:
PROD_URL: "https://libravatar.org"
PYTHONUNBUFFERED: 1
before_script:
- apk add --no-cache curl
- pip install requests Pillow prettytable pyLibravatar dnspython py3dns
script:
- echo "Running performance tests against libravatar.org..."
- python3 scripts/performance_tests.py --base-url $PROD_URL --concurrent-users 3 --output performance_prod.json
artifacts:
paths:
- performance_prod.json
expire_in: 30 days # Keep production results longer
allow_failure: true # Don't fail deployment on performance issues
needs:
- job: verify_prod_deployment
artifacts: false # Run after deployment verification succeeds
# Manual performance testing against production (for on-demand testing)
performance_tests_prod_manual:
stage: deploy
image: python:3.11-alpine
only:
- master
when: manual # Manual trigger for on-demand performance testing
variables:
PROD_URL: "https://libravatar.org"
PYTHONUNBUFFERED: 1
before_script:
- apk add --no-cache curl
- pip install requests Pillow prettytable pyLibravatar dnspython py3dns
script:
- echo "Running manual performance tests against libravatar.org..."
- python3 scripts/performance_tests.py --base-url $PROD_URL --concurrent-users 5 --output performance_prod_manual.json
artifacts:
paths:
- performance_prod_manual.json
expire_in: 30 days
allow_failure: true
# Deployment verification jobs
verify_dev_deployment:
stage: deploy
image: python:3.11-alpine
only:
- devel
variables:
DEV_URL: "https://dev.libravatar.org"
MAX_RETRIES: 30
RETRY_DELAY: 60
PYTHONUNBUFFERED: 1
before_script:
- apk add --no-cache curl git
- pip install Pillow
script:
- echo "Waiting for dev.libravatar.org deployment to complete..."
- python3 scripts/check_deployment.py --dev --max-retries $MAX_RETRIES --retry-delay $RETRY_DELAY
allow_failure: false
verify_prod_deployment:
stage: deploy
image: python:3.11-alpine
only:
- master
when: on_success
variables:
PROD_URL: "https://libravatar.org"
MAX_RETRIES: 10
RETRY_DELAY: 30
PYTHONUNBUFFERED: 1
before_script:
- apk add --no-cache curl git
- pip install Pillow
script:
- echo "Verifying production deployment..."
- python3 scripts/check_deployment.py --prod --max-retries $MAX_RETRIES --retry-delay $RETRY_DELAY
allow_failure: false
include:
- template: Jobs/SAST.gitlab-ci.yml
- template: Jobs/Dependency-Scanning.gitlab-ci.yml
- template: Jobs/Secret-Detection.gitlab-ci.yml

5
.gitlab/issue_templates/example-template.md
View File

@@ -1,5 +0,0 @@
# Dscribe your issue
# What have you tried to far?
# Links / Pointer / Resources

32
.pre-commit-config.yaml
View File

@@ -4,20 +4,16 @@ repos:
hooks:
- id: check-useless-excludes
- repo: https://github.com/pre-commit/mirrors-prettier
rev: v4.0.0-alpha.8
rev: v2.6.2
hooks:
- id: prettier
files: \.(css|js|md|markdown|json)
- repo: https://github.com/python/black
rev: 25.9.0
rev: 22.3.0
hooks:
- id: black
- repo: https://github.com/asottile/pyupgrade
rev: v3.21.0
hooks:
- id: pyupgrade
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v6.0.0
rev: v4.2.0
hooks:
- id: check-added-large-files
- id: check-ast
@@ -32,6 +28,7 @@ repos:
args:
- --unsafe
- id: end-of-file-fixer
- id: fix-encoding-pragma
- id: forbid-new-submodules
- id: no-commit-to-branch
args:
@@ -40,8 +37,8 @@ repos:
- id: requirements-txt-fixer
- id: sort-simple-yaml
- id: trailing-whitespace
- repo: https://github.com/PyCQA/flake8
rev: 7.3.0
- repo: https://gitlab.com/pycqa/flake8
rev: 3.9.2
hooks:
- id: flake8
- repo: local
@@ -60,17 +57,16 @@ repos:
types:
- shell
- repo: https://github.com/asottile/blacken-docs
rev: 1.20.0
rev: v1.12.1
hooks:
- id: blacken-docs
# YASpeller does not seem to work anymore
# - repo: https://github.com/hcodes/yaspeller.git
# rev: v8.0.1
# hooks:
# - id: yaspeller
#
# types:
# - markdown
- repo: https://github.com/hcodes/yaspeller.git
rev: v8.0.1
hooks:
- id: yaspeller
types:
- markdown
- repo: https://github.com/kadrach/pre-commit-gitlabci-lint
rev: 22d0495c9894e8b27cc37c2ed5d9a6b46385a44c
hooks:

22
Dockerfile
View File

@@ -1,22 +0,0 @@
FROM git.linux-kernel.at:5050/oliver/fedora40-python3:latest
LABEL maintainer Oliver Falk <oliver@linux-kernel.at>
EXPOSE 8081
ADD . /opt/ivatar-devel
WORKDIR /opt/ivatar-devel
RUN pip3 install pip --upgrade \
&& virtualenv .virtualenv \
&& source .virtualenv/bin/activate \
&& pip3 install Pillow \
&& pip3 install -r requirements.txt \
&& pip3 install python-coveralls coverage pycco django_coverage_plugin
RUN echo "DEBUG = True" >> /opt/ivatar-devel/config_local.py
RUN echo "EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'" >> /opt/ivatar-devel/config_local.py
RUN source .virtualenv/bin/activate \
&& python3 manage.py migrate \
&& python3 manage.py collectstatic --noinput \
&& echo "from django.contrib.auth import get_user_model; User = get_user_model(); User.objects.create_superuser('admin', 'admin@local.tld', 'admin')" | python manage.py shell
ENTRYPOINT source .virtualenv/bin/activate && python3 ./manage.py runserver 0:8081

229
FILE_UPLOAD_SECURITY.md
View File

@@ -1,229 +0,0 @@
# File Upload Security Documentation
## Overview
The ivatar application now includes comprehensive file upload security features to protect against malicious file uploads, data leaks, and other security threats.
## Security Features
### 1. File Type Validation
**Magic Bytes Verification**
- Validates file signatures (magic bytes) to ensure uploaded files are actually images
- Supports JPEG, PNG, GIF, WebP, BMP, and TIFF formats
- Prevents file extension spoofing attacks
**MIME Type Validation**
- Uses python-magic library to detect actual MIME types
- Cross-references with allowed MIME types list
- Prevents MIME type confusion attacks
### 2. Content Security Scanning
**Malicious Content Detection**
- Scans for embedded scripts (`<script>`, `javascript:`, `vbscript:`)
- Detects executable content (PE headers, ELF headers)
- Identifies polyglot attacks (files valid in multiple formats)
- Checks for PHP and other server-side code
**PIL Image Validation**
- Uses Python Imaging Library to verify file is a valid image
- Checks image dimensions and format
- Ensures image can be properly loaded and processed
### 3. EXIF Data Sanitization
**Metadata Removal**
- Automatically strips EXIF data from uploaded images
- Prevents location data and other sensitive metadata leaks
- Preserves image quality while removing privacy risks
### 4. Enhanced Logging
**Security Event Logging**
- Logs all file upload attempts with user ID and IP address
- Records security violations and suspicious activity
- Provides audit trail for security monitoring
## Configuration
### Settings
All security features can be configured in `config.py` or overridden in `config_local.py`:
```python
# File upload security settings
ENABLE_FILE_SECURITY_VALIDATION = True
ENABLE_EXIF_SANITIZATION = True
ENABLE_MALICIOUS_CONTENT_SCAN = True
```
### Dependencies
The security features require the following Python packages:
```bash
pip install python-magic>=0.4.27
```
**Note**: On some systems, you may need to install the libmagic system library:
- **Ubuntu/Debian**: `sudo apt-get install libmagic1`
- **CentOS/RHEL**: `sudo yum install file-devel`
- **macOS**: `brew install libmagic`
## Security Levels
### Security Score System
Files are assigned a security score (0-100) based on validation results:
- **90-100**: Excellent - No security concerns
- **80-89**: Good - Minor warnings, safe to process
- **70-79**: Fair - Some concerns, review recommended
- **50-69**: Poor - Multiple issues, high risk
- **0-49**: Critical - Malicious content detected, reject
### Validation Levels
1. **Basic Validation**: File size, filename, extension
2. **Magic Bytes**: File signature verification
3. **MIME Type**: Content type validation
4. **PIL Validation**: Image format verification
5. **Security Scan**: Malicious content detection
6. **EXIF Sanitization**: Metadata removal
## API Reference
### FileValidator Class
```python
from ivatar.file_security import FileValidator
validator = FileValidator(file_data, filename)
results = validator.comprehensive_validation()
```
### Main Validation Function
```python
from ivatar.file_security import validate_uploaded_file
is_valid, results, sanitized_data = validate_uploaded_file(file_data, filename)
```
### Security Report Generation
```python
from ivatar.file_security import get_file_security_report
report = get_file_security_report(file_data, filename)
```
## Error Handling
### Validation Errors
The system provides user-friendly error messages while logging detailed security information:
- **Malicious Content**: "File appears to be malicious and cannot be uploaded"
- **Invalid Format**: "File format not supported or file appears to be corrupted"
### Logging Levels
- **INFO**: Successful uploads and normal operations
- **WARNING**: Security violations and suspicious activity
- **ERROR**: Validation failures and system errors
## Testing
### Running Security Tests
```bash
python manage.py test ivatar.test_file_security
```
### Test Coverage
The test suite covers:
- Valid file validation
- Malicious content detection
- Magic bytes verification
- MIME type validation
- EXIF sanitization
- Form validation
- Integration tests
## Performance Considerations
### Memory Usage
- Files are processed in memory for validation
- Large files (>5MB) may impact performance
- Consider increasing server memory for high-volume deployments
### Processing Time
- Basic validation: <10ms
- Full security scan: 50-200ms
- EXIF sanitization: 100-500ms
- Total overhead: ~200-700ms per upload
## Troubleshooting
### Common Issues
1. **python-magic Import Error**
- Install libmagic system library
- Verify python-magic installation
2. **False Positives**
- Review security score thresholds
- Adjust validation settings
### Debug Mode
Enable debug logging to troubleshoot validation issues:
```python
LOGGING = {
"loggers": {
"ivatar.security": {
"level": "DEBUG",
},
},
}
```
## Security Best Practices
### Deployment Recommendations
1. **Enable All Security Features** in production
2. **Monitor Security Logs** regularly
3. **Keep Dependencies Updated**
4. **Regular Security Audits** of uploaded content
### Monitoring
- Monitor security.log for violations
- Track upload success/failure rates
- Alert on repeated security violations
## Future Enhancements
Potential future improvements:
- Virus scanning integration (ClamAV)
- Content-based image analysis
- Machine learning threat detection
- Advanced polyglot detection
- Real-time threat intelligence feeds

57
INSTALL.md
View File

@@ -19,19 +19,19 @@ sudo apt-get install git python3-virtualenv libmariadb-dev libldap2-dev libsasl2
## Checkout
```bash
~~~~bash
git clone https://git.linux-kernel.at/oliver/ivatar.git
cd ivatar
```
~~~~
## Virtual environment
```bash
virtualenv -p python3 .virtualenv
~~~~bash
virtualenv -p python3 .virtualenv
source .virtualenv/bin/activate
pip install pillow
pip install -r requirements.txt
```
~~~~
## (SQL) Migrations
@@ -58,55 +58,10 @@ pip install -r requirements.txt
```
## Running the testsuite
```
./manage.py test -v3 # Or any other verbosity level you like
```
## Configuration
### Gravatar Proxy and Redirect Settings
By default, ivatar is configured to work well for public instances like libravatar.org. However, for local or private instances, you may want to disable external requests to Gravatar. You can configure the default behavior by adding these settings to your `config_local.py`:
```python
# Default settings for Gravatar proxy and redirect behavior
# These can be overridden by URL parameters (?gravatarproxy=n&gravatarredirect=n)
# Whether to proxy requests to Gravatar when no local avatar is found (default: True)
DEFAULT_GRAVATARPROXY = False
# Whether to redirect directly to Gravatar when no local avatar is found (default: False)
DEFAULT_GRAVATARREDIRECT = False
# Whether to force default behavior even when a user avatar exists (default: False)
FORCEDEFAULT = False
```
**Use cases:**
- **Private/Local instances**: Set `DEFAULT_GRAVATARPROXY = False` and `DEFAULT_GRAVATARREDIRECT = False` to prevent external requests
- **Gravatar-first instances**: Set `DEFAULT_GRAVATARREDIRECT = True` to redirect to Gravatar instead of proxying
- **Testing/Development**: Set `FORCEDEFAULT = True` to always use default avatars
**Note**: URL parameters (`?gravatarproxy=n`, `?gravatarredirect=y`, `?forcedefault=y`) will always override these configuration defaults.
### OpenID Connect authentication with Fedora
To enable OpenID Connect (OIDC) authentication with Fedora, you must have obtained a `client_id` and `client_secret` pair from the Fedora Infrastructure.
Then you must set these values in `config_local.py`:
```
SOCIAL_AUTH_FEDORA_KEY = "the-client-id"
SOCIAL_AUTH_FEDORA_SECRET = "the-client-secret"
```
You can override the location of the OIDC provider with the `SOCIAL_AUTH_FEDORA_OIDC_ENDPOINT` setting. For example, to authenticate with Fedora's staging environment, set this in `config_local.py`:
```
SOCIAL_AUTH_FEDORA_OIDC_ENDPOINT = "https://id.stg.fedoraproject.org"
```
# Production deployment Webserver (non-cloudy)
To deploy this Django application with WSGI on Apache, NGINX or any other web server, please refer to the the webserver documentation; There are also plenty of howtos on the net (I'll not LMGTFY...)
@@ -127,4 +82,4 @@ There is a file called ebcreate.txt as well as a directory called .ebextensions,
## Database
It should work with SQLite (do _not_ use in production!), MySQL/MariaDB, as well as PostgreSQL.
It should work with SQLite (do *not* use in production!), MySQL/MariaDB, as well as PostgreSQL.

10
MANIFEST.in
View File

@@ -1,10 +0,0 @@
include *.py
include *.md
include COPYING
include LICENSE
recursive-include templates *
recursive-include ivatar *
exclude .virtualenv
exclude libravatar.egg-info
global-exclude *.py[co]
global-exclude __pycache__

463
OPENTELEMETRY.md
View File

@@ -1,463 +0,0 @@
# OpenTelemetry Integration for ivatar
This document describes the OpenTelemetry integration implemented in the ivatar project, providing comprehensive observability for avatar generation, file uploads, authentication, and system performance.
## Overview
OpenTelemetry is integrated into ivatar to provide:
- **Distributed Tracing**: Track requests across the entire avatar generation pipeline
- **Custom Metrics**: Monitor avatar-specific operations and performance
- **Multi-Instance Support**: Distinguish between production and development environments
- **Infrastructure Integration**: Works with existing Prometheus/Grafana stack
## Architecture
### Components
1. **OpenTelemetry Configuration** (`ivatar/opentelemetry_config.py`)
- Centralized configuration management
- Environment-based setup
- Resource creation with service metadata
2. **Custom Middleware** (`ivatar/opentelemetry_middleware.py`)
- Request/response tracing
- Avatar-specific metrics
- Custom decorators for operation tracing
3. **Instrumentation Integration**
- Django framework instrumentation
- Database query tracing (PostgreSQL/MySQL)
- HTTP client instrumentation
- Cache instrumentation (Memcached)
## Configuration
### Environment Variables
| Variable | Description | Default | Required |
| ----------------------------- | ------------------------------------ | ------------- | -------- |
| `OTEL_EXPORT_ENABLED` | Enable OpenTelemetry data export | `false` | No |
| `OTEL_SERVICE_NAME` | Service name identifier | `ivatar` | No |
| `OTEL_ENVIRONMENT` | Environment (production/development) | `development` | No |
| `OTEL_EXPORTER_OTLP_ENDPOINT` | OTLP collector endpoint | None | No |
| `OTEL_PROMETHEUS_ENDPOINT` | Local Prometheus server (dev only) | None | No |
| `IVATAR_VERSION` | Application version | `2.0` | No |
| `HOSTNAME` | Instance identifier | `unknown` | No |
### Multi-Instance Configuration
#### Production Environment
```bash
export OTEL_EXPORT_ENABLED=true
export OTEL_SERVICE_NAME=ivatar-production
export OTEL_ENVIRONMENT=production
export OTEL_EXPORTER_OTLP_ENDPOINT=http://collector.internal:4317
export HOSTNAME=prod-instance-01
```
**Note**: In production, metrics are exported via OTLP to your existing Prometheus server. Do not set `OTEL_PROMETHEUS_ENDPOINT` in production.
#### Development Environment
```bash
export OTEL_EXPORT_ENABLED=true
export OTEL_SERVICE_NAME=ivatar-development
export OTEL_ENVIRONMENT=development
export OTEL_EXPORTER_OTLP_ENDPOINT=http://collector.internal:4317
export OTEL_PROMETHEUS_ENDPOINT=0.0.0.0:9467
export IVATAR_VERSION=2.0-dev
export HOSTNAME=dev-instance-01
```
**Note**: In development, you can optionally set `OTEL_PROMETHEUS_ENDPOINT` to start a local HTTP server for testing metrics.
## Metrics
### Custom Metrics
#### Avatar Operations
- `ivatar_requests_total`: Total HTTP requests by method, status, path
- `ivatar_request_duration_seconds`: Request duration histogram
- `ivatar_avatar_requests_total`: Avatar requests by status, size, format
- `ivatar_avatar_generation_seconds`: Avatar generation time histogram
- `ivatar_avatars_generated_total`: Avatars generated by size, format, source
- `ivatar_avatar_cache_hits_total`: Cache hits by size, format
- `ivatar_avatar_cache_misses_total`: Cache misses by size, format
- `ivatar_external_avatar_requests_total`: External service requests
- `ivatar_file_uploads_total`: File uploads by content type, success
- `ivatar_file_upload_size_bytes`: File upload size histogram
#### Labels/Dimensions
- `method`: HTTP method (GET, POST, etc.)
- `status_code`: HTTP status code
- `path`: Request path
- `size`: Avatar size (80, 128, 256, etc.)
- `format`: Image format (png, jpg, gif, etc.)
- `source`: Avatar source (uploaded, generated, external)
- `service`: External service name (gravatar, bluesky)
- `content_type`: File MIME type
- `success`: Operation success (true/false)
### Example Queries
#### Avatar Generation Rate
```promql
rate(ivatar_avatars_generated_total[5m])
```
#### Cache Hit Ratio
```promql
rate(ivatar_avatar_cache_hits_total[5m]) /
(rate(ivatar_avatar_cache_hits_total[5m]) + rate(ivatar_avatar_cache_misses_total[5m]))
```
#### Average Avatar Generation Time
```promql
histogram_quantile(0.95, rate(ivatar_avatar_generation_seconds_bucket[5m]))
```
#### File Upload Success Rate
```promql
rate(ivatar_file_uploads_total{success="true"}[5m]) /
rate(ivatar_file_uploads_total[5m])
```
## Tracing
### Trace Points
#### Request Lifecycle
- HTTP request processing
- Avatar generation pipeline
- File upload and processing
- Authentication flows
- External API calls
#### Custom Spans
- `avatar.generate_png`: PNG image generation
- `avatar.gravatar_proxy`: Gravatar service proxy
- `file_upload.process`: File upload processing
- `auth.login`: User authentication
- `auth.logout`: User logout
### Span Attributes
#### HTTP Attributes
- `http.method`: HTTP method
- `http.url`: Full request URL
- `http.status_code`: Response status code
- `http.user_agent`: Client user agent
- `http.remote_addr`: Client IP address
#### Avatar Attributes
- `ivatar.request_type`: Request type (avatar, stats, etc.)
- `ivatar.avatar_size`: Requested avatar size
- `ivatar.avatar_format`: Requested format
- `ivatar.avatar_email`: Email address (if applicable)
#### File Attributes
- `file.name`: Uploaded file name
- `file.size`: File size in bytes
- `file.content_type`: MIME type
## Infrastructure Requirements
### Option A: Extend Existing Stack (Recommended)
The existing monitoring stack can be extended to support OpenTelemetry:
#### Alloy Configuration
```yaml
# Add to existing Alloy configuration
otelcol.receiver.otlp:
grpc:
endpoint: 0.0.0.0:4317
http:
endpoint: 0.0.0.0:4318
otelcol.processor.batch:
timeout: 1s
send_batch_size: 1024
otelcol.exporter.prometheus:
endpoint: "0.0.0.0:9464"
otelcol.exporter.jaeger:
endpoint: "jaeger-collector:14250"
otelcol.pipeline.traces:
receivers: [otelcol.receiver.otlp]
processors: [otelcol.processor.batch]
exporters: [otelcol.exporter.jaeger]
otelcol.pipeline.metrics:
receivers: [otelcol.receiver.otlp]
processors: [otelcol.processor.batch]
exporters: [otelcol.exporter.prometheus]
```
#### Prometheus Configuration
```yaml
scrape_configs:
- job_name: "ivatar-opentelemetry"
static_configs:
- targets: ["ivatar-prod:9464", "ivatar-dev:9464"]
scrape_interval: 15s
metrics_path: /metrics
```
### Option B: Dedicated OpenTelemetry Collector
For full OpenTelemetry features, deploy a dedicated collector:
#### Collector Configuration
```yaml
receivers:
otlp:
protocols:
grpc:
endpoint: 0.0.0.0:4317
http:
endpoint: 0.0.0.0:4318
processors:
batch:
timeout: 1s
send_batch_size: 1024
resource:
attributes:
- key: environment
from_attribute: deployment.environment
action: insert
exporters:
prometheus:
endpoint: "0.0.0.0:9464"
jaeger:
endpoint: "jaeger-collector:14250"
logging:
loglevel: debug
service:
pipelines:
traces:
receivers: [otlp]
processors: [batch, resource]
exporters: [jaeger, logging]
metrics:
receivers: [otlp]
processors: [batch, resource]
exporters: [prometheus, logging]
```
## Deployment
### Development Setup
1. **Install Dependencies**
```bash
pip install -r requirements.txt
```
2. **Configure Environment**
```bash
export OTEL_ENABLED=true
export OTEL_SERVICE_NAME=ivatar-development
export OTEL_ENVIRONMENT=development
```
3. **Start Development Server**
```bash
./manage.py runserver 0:8080
```
4. **Verify Metrics**
```bash
curl http://localhost:9464/metrics
```
### Production Deployment
1. **Update Container Images**
- Add OpenTelemetry dependencies to requirements.txt
- Update container build process
2. **Configure Environment Variables**
- Set production-specific OpenTelemetry variables
- Configure collector endpoints
3. **Update Monitoring Stack**
- Extend Alloy configuration
- Update Prometheus scrape configs
- Configure Grafana dashboards
4. **Verify Deployment**
- Check metrics endpoint accessibility
- Verify trace data flow
- Monitor dashboard updates
## Monitoring and Alerting
### Key Metrics to Monitor
#### Performance
- Request duration percentiles (p50, p95, p99)
- Avatar generation time
- Cache hit ratio
- File upload success rate
#### Business Metrics
- Avatar requests per minute
- Popular avatar sizes
- External service usage
- User authentication success rate
#### Error Rates
- HTTP error rates by endpoint
- File upload failures
- External service failures
- Authentication failures
### Example Alerts
#### High Error Rate
```yaml
alert: HighErrorRate
expr: rate(ivatar_requests_total{status_code=~"5.."}[5m]) > 0.1
for: 2m
labels:
severity: warning
annotations:
summary: "High error rate detected"
description: "Error rate is {{ $value }} errors per second"
```
#### Slow Avatar Generation
```yaml
alert: SlowAvatarGeneration
expr: histogram_quantile(0.95, rate(ivatar_avatar_generation_seconds_bucket[5m])) > 2
for: 5m
labels:
severity: warning
annotations:
summary: "Slow avatar generation"
description: "95th percentile avatar generation time is {{ $value }}s"
```
#### Low Cache Hit Ratio
```yaml
alert: LowCacheHitRatio
expr: (rate(ivatar_avatar_cache_hits_total[5m]) / (rate(ivatar_avatar_cache_hits_total[5m]) + rate(ivatar_avatar_cache_misses_total[5m]))) < 0.8
for: 10m
labels:
severity: warning
annotations:
summary: "Low cache hit ratio"
description: "Cache hit ratio is {{ $value }}"
```
## Troubleshooting
### Common Issues
#### OpenTelemetry Not Enabled
- Check `OTEL_ENABLED` environment variable
- Verify OpenTelemetry packages are installed
- Check Django logs for configuration errors
#### Metrics Not Appearing
- Verify Prometheus endpoint is accessible
- Check collector configuration
- Ensure metrics are being generated
#### Traces Not Showing
- Verify OTLP endpoint configuration
- Check collector connectivity
- Ensure tracing is enabled in configuration
#### High Memory Usage
- Adjust batch processor settings
- Reduce trace sampling rate
- Monitor collector resource usage
### Debug Mode
Enable debug logging for OpenTelemetry:
```python
LOGGING = {
"loggers": {
"opentelemetry": {
"level": "DEBUG",
},
"ivatar.opentelemetry": {
"level": "DEBUG",
},
},
}
```
### Performance Considerations
- **Sampling**: Implement trace sampling for high-traffic production
- **Batch Processing**: Use appropriate batch sizes for your infrastructure
- **Resource Limits**: Monitor collector resource usage
- **Network**: Ensure low-latency connections to collectors
## Security Considerations
- **Data Privacy**: Ensure no sensitive data in trace attributes
- **Network Security**: Use TLS for collector communications
- **Access Control**: Restrict access to metrics endpoints
- **Data Retention**: Configure appropriate retention policies
## Future Enhancements
- **Custom Dashboards**: Create Grafana dashboards for avatar metrics
- **Advanced Sampling**: Implement intelligent trace sampling
- **Log Correlation**: Correlate traces with application logs
- **Performance Profiling**: Add profiling capabilities
- **Custom Exports**: Export to additional backends (Datadog, New Relic)
## Support
For issues related to OpenTelemetry integration:
- Check application logs for configuration errors
- Verify collector connectivity
- Review Prometheus metrics for data flow
- Consult OpenTelemetry documentation for advanced configuration

431
OPENTELEMETRY_INFRASTRUCTURE.md
View File

@@ -1,431 +0,0 @@
# OpenTelemetry Infrastructure Requirements
This document outlines the infrastructure requirements and deployment strategy for OpenTelemetry in the ivatar project, considering the existing Fedora Project hosting environment and multi-instance setup.
## Current Infrastructure Analysis
### Existing Monitoring Stack
- **Prometheus + Alertmanager**: Metrics collection and alerting
- **Loki**: Log aggregation
- **Alloy**: Observability data collection
- **Grafana**: Visualization and dashboards
- **Custom exporters**: Application-specific metrics
### Production Environment
- **Scale**: Millions of requests daily, 30k+ users, 33k+ avatar images
- **Infrastructure**: Fedora Project hosted, high-performance system
- **Architecture**: Apache HTTPD + Gunicorn containers + PostgreSQL
- **Containerization**: Podman (not Docker)
### Multi-Instance Setup
- **Production**: Production environment (master branch)
- **Development**: Development environment (devel branch)
- **Deployment**: GitLab CI/CD with Puppet automation
## Infrastructure Options
### Option A: Extend Existing Alloy Stack (Recommended)
**Advantages:**
- Leverages existing infrastructure
- Minimal additional complexity
- Consistent with current monitoring approach
- Cost-effective
**Implementation:**
```yaml
# Alloy configuration extension
otelcol.receiver.otlp:
grpc:
endpoint: 0.0.0.0:4317
http:
endpoint: 0.0.0.0:4318
otelcol.processor.batch:
timeout: 1s
send_batch_size: 1024
otelcol.exporter.prometheus:
endpoint: "0.0.0.0:9464"
otelcol.exporter.jaeger:
endpoint: "jaeger-collector:14250"
otelcol.pipeline.traces:
receivers: [otelcol.receiver.otlp]
processors: [otelcol.processor.batch]
exporters: [otelcol.exporter.jaeger]
otelcol.pipeline.metrics:
receivers: [otelcol.receiver.otlp]
processors: [otelcol.processor.batch]
exporters: [otelcol.exporter.prometheus]
```
### Option B: Dedicated OpenTelemetry Collector
**Advantages:**
- Full OpenTelemetry feature set
- Better performance for high-volume tracing
- More flexible configuration options
- Future-proof architecture
**Implementation:**
- Deploy standalone OpenTelemetry Collector
- Configure OTLP receivers and exporters
- Integrate with existing Prometheus/Grafana
## Deployment Strategy
### Phase 1: Development Environment
1. **Enable OpenTelemetry in Development**
```bash
# Development environment configuration
export OTEL_ENABLED=true
export OTEL_SERVICE_NAME=ivatar-development
export OTEL_ENVIRONMENT=development
export OTEL_EXPORTER_OTLP_ENDPOINT=http://collector.internal:4317
export OTEL_PROMETHEUS_ENDPOINT=0.0.0.0:9464
```
2. **Update Alloy Configuration**
- Add OTLP receivers to existing Alloy instance
- Configure trace and metrics pipelines
- Test data flow
3. **Verify Integration**
- Check metrics endpoint: `http://dev-instance:9464/metrics`
- Verify trace data in Jaeger
- Monitor Grafana dashboards
### Phase 2: Production Deployment
1. **Production Configuration**
```bash
# Production environment configuration
export OTEL_ENABLED=true
export OTEL_SERVICE_NAME=ivatar-production
export OTEL_ENVIRONMENT=production
export OTEL_EXPORTER_OTLP_ENDPOINT=http://collector.internal:4317
export OTEL_PROMETHEUS_ENDPOINT=0.0.0.0:9464
```
2. **Gradual Rollout**
- Deploy to one Gunicorn container first
- Monitor performance impact
- Gradually enable on all containers
3. **Performance Monitoring**
- Monitor collector resource usage
- Check application performance impact
- Verify data quality
## Resource Requirements
### Collector Resources
**Minimum Requirements:**
- CPU: 2 cores
- Memory: 4GB RAM
- Storage: 10GB for temporary data
- Network: 1Gbps
**Recommended for Production:**
- CPU: 4 cores
- Memory: 8GB RAM
- Storage: 50GB SSD
- Network: 10Gbps
### Network Requirements
**Ports:**
- 4317: OTLP gRPC receiver
- 4318: OTLP HTTP receiver
- 9464: Prometheus metrics exporter
- 14250: Jaeger trace exporter
**Bandwidth:**
- Estimated 1-5 Mbps per instance
- Burst capacity for peak loads
- Low-latency connection to collectors
## Configuration Management
### Environment-Specific Settings
#### Production Environment
```bash
# Production OpenTelemetry configuration
OTEL_ENABLED=true
OTEL_SERVICE_NAME=ivatar-production
OTEL_ENVIRONMENT=production
OTEL_EXPORTER_OTLP_ENDPOINT=http://collector.internal:4317
OTEL_PROMETHEUS_ENDPOINT=0.0.0.0:9464
OTEL_SAMPLING_RATIO=0.1 # 10% sampling for high volume
HOSTNAME=prod-instance-01
```
#### Development Environment
```bash
# Development OpenTelemetry configuration
OTEL_ENABLED=true
OTEL_SERVICE_NAME=ivatar-development
OTEL_ENVIRONMENT=development
OTEL_EXPORTER_OTLP_ENDPOINT=http://collector.internal:4317
OTEL_PROMETHEUS_ENDPOINT=0.0.0.0:9464
OTEL_SAMPLING_RATIO=1.0 # 100% sampling for debugging
HOSTNAME=dev-instance-01
```
### Container Configuration
#### Podman Container Updates
```dockerfile
# Add to existing Dockerfile
RUN pip install opentelemetry-api>=1.20.0 \
opentelemetry-sdk>=1.20.0 \
opentelemetry-instrumentation-django>=0.42b0 \
opentelemetry-instrumentation-psycopg2>=0.42b0 \
opentelemetry-instrumentation-pymysql>=0.42b0 \
opentelemetry-instrumentation-requests>=0.42b0 \
opentelemetry-instrumentation-urllib3>=0.42b0 \
opentelemetry-exporter-otlp>=1.20.0 \
opentelemetry-exporter-prometheus>=1.12.0rc1 \
opentelemetry-instrumentation-memcached>=0.42b0
```
#### Container Environment Variables
```bash
# Add to container startup script
export OTEL_ENABLED=${OTEL_ENABLED:-false}
export OTEL_SERVICE_NAME=${OTEL_SERVICE_NAME:-ivatar}
export OTEL_ENVIRONMENT=${OTEL_ENVIRONMENT:-development}
export OTEL_EXPORTER_OTLP_ENDPOINT=${OTEL_EXPORTER_OTLP_ENDPOINT}
export OTEL_PROMETHEUS_ENDPOINT=${OTEL_PROMETHEUS_ENDPOINT:-0.0.0.0:9464}
```
## Monitoring and Alerting
### Collector Health Monitoring
#### Collector Metrics
- `otelcol_receiver_accepted_spans`: Spans received by collector
- `otelcol_receiver_refused_spans`: Spans rejected by collector
- `otelcol_exporter_sent_spans`: Spans sent to exporters
- `otelcol_exporter_failed_spans`: Failed span exports
#### Health Checks
```yaml
# Prometheus health check
- job_name: "otel-collector-health"
static_configs:
- targets: ["collector.internal:8888"]
metrics_path: /metrics
scrape_interval: 30s
```
### Application Performance Impact
#### Key Metrics to Monitor
- Application response time impact
- Memory usage increase
- CPU usage increase
- Network bandwidth usage
#### Alerting Rules
```yaml
# High collector resource usage
alert: HighCollectorCPU
expr: rate(otelcol_process_cpu_seconds_total[5m]) > 0.8
for: 5m
labels:
severity: warning
annotations:
summary: "High collector CPU usage"
description: "Collector CPU usage is {{ $value }}"
# Collector memory usage
alert: HighCollectorMemory
expr: otelcol_process_memory_usage_bytes / otelcol_process_memory_limit_bytes > 0.8
for: 5m
labels:
severity: warning
annotations:
summary: "High collector memory usage"
description: "Collector memory usage is {{ $value }}"
```
## Security Considerations
### Network Security
- Use TLS for collector communications
- Restrict collector access to trusted networks
- Implement proper firewall rules
### Data Privacy
- Ensure no sensitive data in trace attributes
- Implement data sanitization
- Configure appropriate retention policies
### Access Control
- Restrict access to metrics endpoints
- Implement authentication for collector access
- Monitor access logs
## Backup and Recovery
### Data Retention
- Traces: 7 days (configurable)
- Metrics: 30 days (configurable)
- Logs: 14 days (configurable)
### Backup Strategy
- Regular backup of collector configuration
- Backup of Grafana dashboards
- Backup of Prometheus rules
## Performance Optimization
### Sampling Strategy
- Production: 10% sampling rate
- Development: 100% sampling rate
- Error traces: Always sample
### Batch Processing
- Optimize batch sizes for network conditions
- Configure appropriate timeouts
- Monitor queue depths
### Resource Optimization
- Monitor collector resource usage
- Scale collectors based on load
- Implement horizontal scaling if needed
## Troubleshooting
### Common Issues
#### Collector Not Receiving Data
- Check network connectivity
- Verify OTLP endpoint configuration
- Check collector logs
#### High Resource Usage
- Adjust sampling rates
- Optimize batch processing
- Scale collector resources
#### Data Quality Issues
- Verify instrumentation configuration
- Check span attribute quality
- Monitor error rates
### Debug Procedures
1. **Check Collector Status**
```bash
curl http://collector.internal:8888/metrics
```
2. **Verify Application Configuration**
```bash
curl http://app:9464/metrics
```
3. **Check Trace Data**
- Access Jaeger UI
- Search for recent traces
- Verify span attributes
## Future Enhancements
### Advanced Features
- Custom dashboards for avatar metrics
- Advanced sampling strategies
- Log correlation with traces
- Performance profiling integration
### Scalability Improvements
- Horizontal collector scaling
- Load balancing for collectors
- Multi-region deployment
- Edge collection points
### Integration Enhancements
- Additional exporter backends
- Custom processors
- Advanced filtering
- Data transformation
## Cost Considerations
### Infrastructure Costs
- Additional compute resources for collectors
- Storage costs for trace data
- Network bandwidth costs
### Operational Costs
- Monitoring and maintenance
- Configuration management
- Troubleshooting and support
### Optimization Strategies
- Implement efficient sampling
- Use appropriate retention policies
- Optimize batch processing
- Monitor resource usage
## Conclusion
The OpenTelemetry integration for ivatar provides comprehensive observability while leveraging the existing monitoring infrastructure. The phased deployment approach ensures minimal disruption to production services while providing valuable insights into avatar generation performance and user behavior.
Key success factors:
- Gradual rollout with monitoring
- Performance impact assessment
- Proper resource planning
- Security considerations
- Ongoing optimization

102
README.md
View File

@@ -1,102 +1,20 @@
# ivatar / libravatar
ivatar / libravatar
===================
# Pipeline and coverage status
Pipeline and coverage status
============================
[![pipeline status](https://git.linux-kernel.at/oliver/ivatar/badges/master/pipeline.svg)](https://git.linux-kernel.at/oliver/ivatar/commits/master)
[![coverage report](https://git.linux-kernel.at/oliver/ivatar/badges/master/coverage.svg)](http://git.linux-kernel.at/oliver/ivatar/commits/master)
# Reports / code documentation
Reports / code documentation
============================
- [Coverage HTML report](http://oliver.git.linux-kernel.at/ivatar)
- [Code documentation (autogenerated, pycco)](http://oliver.git.linux-kernel.at/ivatar/pycco/)
- [Coverage HTML report](http://oliver.git.linux-kernel.at/ivatar)
- [Code documentation (autogenerated, pycco)](http://oliver.git.linux-kernel.at/ivatar/pycco/)
# Environment Variables
## OpenTelemetry Configuration
OpenTelemetry instrumentation is always enabled in ivatar. The following environment variables control the behavior:
### Core Configuration
- `OTEL_SERVICE_NAME`: Service name for OpenTelemetry (default: "ivatar")
- `OTEL_ENVIRONMENT`: Deployment environment (default: "production")
- `OTEL_EXPORT_ENABLED`: Enable/disable data export (default: "false")
- Set to "true" to enable sending telemetry data to external collectors
- Set to "false" to disable export (instrumentation still active)
### Export Configuration
- `OTEL_EXPORTER_OTLP_ENDPOINT`: OTLP endpoint for traces and metrics export
- Example: "http://localhost:4317" (gRPC) or "http://localhost:4318" (HTTP)
- `OTEL_PROMETHEUS_ENDPOINT`: Prometheus metrics endpoint (default: "0.0.0.0:9464")
## Example Configurations
### Development (Export Disabled)
```bash
export OTEL_EXPORT_ENABLED=false
export OTEL_SERVICE_NAME=ivatar-dev
export OTEL_ENVIRONMENT=development
```
### Production (Export Enabled)
```bash
export OTEL_EXPORT_ENABLED=true
export OTEL_SERVICE_NAME=ivatar
export OTEL_ENVIRONMENT=production
export OTEL_EXPORTER_OTLP_ENDPOINT=http://otel-collector:4317
```
# Testing
## Running Tests
### Local Development (Recommended)
For local development, use the provided script to skip Bluesky tests that require external API credentials:
```bash
./scripts/run_tests_local.sh
```
This runs all tests except those marked with `@pytest.mark.bluesky`.
### All Tests
To run all tests including Bluesky tests (requires Bluesky API credentials):
```bash
python3 manage.py test -v3
```
### Specific Test Categories
```bash
# Run only Bluesky tests
python3 manage.py test ivatar.ivataraccount.test_views_bluesky -v3
# Run only file upload security tests
python3 manage.py test ivatar.test_file_security -v3
# Run only security fixes tests (ETag sanitization and URL validation)
python3 manage.py test ivatar.test_security_fixes -v3
# Run only upload tests
python3 manage.py test ivatar.ivataraccount.test_views -v3
```
## Test Markers
Tests are categorized using pytest markers:
- `@pytest.mark.bluesky`: Tests requiring Bluesky API credentials
- `@pytest.mark.slow`: Long-running tests
- `@pytest.mark.integration`: Integration tests
- `@pytest.mark.unit`: Unit tests
# Authors and contributors
Authors and contributors
========================
Lead developer/Owner: Oliver Falk (aka ofalk or falko) - https://git.linux-kernel.at/oliver

160
config.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
"""
Configuration overrides for settings.py
"""
@@ -30,12 +31,9 @@ INSTALLED_APPS.extend(
MIDDLEWARE.extend(
[
"ivatar.middleware.CustomLocaleMiddleware",
"django.middleware.locale.LocaleMiddleware",
]
)
# Add OpenTelemetry middleware only if feature flag is enabled
# Note: This will be checked at runtime, not at import time
MIDDLEWARE.insert(
0,
"ivatar.middleware.MultipleProxyMiddleware",
@@ -46,7 +44,6 @@ AUTHENTICATION_BACKENDS = (
# See INSTALL for more information.
# 'django_auth_ldap.backend.LDAPBackend',
"django_openid_auth.auth.OpenIDBackend",
"ivatar.ivataraccount.auth.FedoraOpenIdConnect",
"django.contrib.auth.backends.ModelBackend",
)
@@ -61,13 +58,9 @@ TEMPLATES[0]["OPTIONS"]["context_processors"].append(
OPENID_CREATE_USERS = True
OPENID_UPDATE_DETAILS_FROM_SREG = True
SOCIAL_AUTH_JSONFIELD_ENABLED = True
# Fedora authentication (OIDC). You need to set these two values to use it.
SOCIAL_AUTH_FEDORA_KEY = None # Also known as client_id
SOCIAL_AUTH_FEDORA_SECRET = None # Also known as client_secret
SITE_NAME = os.environ.get("SITE_NAME", "libravatar")
IVATAR_VERSION = "2.0"
IVATAR_VERSION = "1.6"
SCHEMAROOT = "https://www.libravatar.org/schemas/export/0.2"
@@ -86,18 +79,6 @@ MAX_PIXELS = 7000
AVATAR_MAX_SIZE = 512
JPEG_QUALITY = 85
# Robohash Performance Optimization
# Enable optimized robohash implementation for 6-22x performance improvement
ROBOHASH_OPTIMIZATION_ENABLED = True
# Robohash Configuration
# Maximum number of robot parts to cache in memory (each ~50-200KB)
ROBOHASH_CACHE_SIZE = 150 # ~10-30MB total cache size
# Pagan Avatar Optimization
# Maximum number of pagan Avatar objects to cache in memory (each ~100-500KB)
PAGAN_CACHE_SIZE = 100 # ~10-50MB total cache size
# I'm not 100% sure if single character domains are possible
# under any tld... so MIN_LENGTH_EMAIL/_URL, might be +1
MIN_LENGTH_URL = 11 # eg. http://a.io
@@ -172,21 +153,7 @@ if "POSTGRESQL_DATABASE" in os.environ:
"HOST": "postgresql",
}
# CI/CD config has different naming
if "POSTGRES_DB" in os.environ:
DATABASES["default"] = { # pragma: no cover
"ENGINE": "django.db.backends.postgresql",
"NAME": os.environ["POSTGRES_DB"],
"USER": os.environ["POSTGRES_USER"],
"PASSWORD": os.environ["POSTGRES_PASSWORD"],
"HOST": os.environ["POSTGRES_HOST"],
# Let Django use its default test database naming
# "TEST": {
# "NAME": os.environ["POSTGRES_DB"],
# },
}
SESSION_SERIALIZER = "django.contrib.sessions.serializers.JSONSerializer"
SESSION_SERIALIZER = "django.contrib.sessions.serializers.PickleSerializer"
USE_X_FORWARDED_HOST = True
ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS = [
@@ -196,12 +163,6 @@ ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS = [
DEFAULT_AVATAR_SIZE = 80
# Default settings for Gravatar proxy and redirect behavior
# These can be overridden by URL parameters
DEFAULT_GRAVATARPROXY = True
DEFAULT_GRAVATARREDIRECT = False
FORCEDEFAULT = False
LANGUAGES = (
("de", _("Deutsch")),
("en", _("English")),
@@ -230,105 +191,94 @@ MESSAGE_TAGS = {
CACHES = {
"default": {
"BACKEND": "django.core.cache.backends.memcached.PyMemcacheCache",
"BACKEND": "django.core.cache.backends.memcached.MemcachedCache",
"LOCATION": [
"127.0.0.1:11211",
],
# "OPTIONS": {"MAX_ENTRIES": 1000000},
},
"filesystem": {
"BACKEND": "django.core.cache.backends.filebased.FileBasedCache",
"LOCATION": "/var/tmp/ivatar_cache",
"TIMEOUT": 900, # 15 minutes
"OPTIONS": {"MAX_ENTRIES": 1000000},
},
}
# This is 5 minutes caching for generated/resized images,
# so the sites don't hit ivatar so much - it's what's set in the HTTP header
CACHE_IMAGES_MAX_AGE = 5 * 60
CACHE_RESPONSE = True
# Trusted URLs for default redirection
TRUSTED_DEFAULT_URLS = [
{"schemes": ["https"], "host_equals": "ui-avatars.com", "path_prefix": "/api/"},
{
"schemes": ["http", "https"],
"schemes": [
"https"
],
"host_equals": "ui-avatars.com",
"path_prefix": "/api/"
},
{
"schemes": [
"http",
"https"
],
"host_equals": "gravatar.com",
"path_prefix": "/avatar/",
"path_prefix": "/avatar/"
},
{
"schemes": ["http", "https"],
"schemes": [
"http",
"https"
],
"host_suffix": ".gravatar.com",
"path_prefix": "/avatar/",
"path_prefix": "/avatar/"
},
{
"schemes": ["http", "https"],
"schemes": [
"http",
"https"
],
"host_equals": "www.gravatar.org",
"path_prefix": "/avatar/",
"path_prefix": "/avatar/"
},
{
"schemes": ["https"],
"schemes": [
"https"
],
"host_equals": "avatars.dicebear.com",
"path_prefix": "/api/",
"path_prefix": "/api/"
},
{
"schemes": ["https"],
"host_equals": "api.dicebear.com",
"path_prefix": "/",
},
{
"schemes": ["https"],
"schemes": [
"https"
],
"host_equals": "badges.fedoraproject.org",
"path_prefix": "/static/img/",
"path_prefix": "/static/img/"
},
{
"schemes": ["http"],
"schemes": [
"http",
],
"host_equals": "www.planet-libre.org",
"path_prefix": "/themes/planetlibre/images/",
"path_prefix": "/themes/planetlibre/images/"
},
{"schemes": ["https"], "host_equals": "www.azuracast.com", "path_prefix": "/img/"},
{
"schemes": ["https"],
"host_equals": "reps.mozilla.org",
"path_prefix": "/static/base/img/remo/",
"schemes": [
"https"
],
"host_equals": "www.azuracast.com",
"path_prefix": "/img/"
},
{
"schemes": [
"https"
],
"host_equals": "reps.mozilla.org",
"path_prefix": "/static/base/img/remo/"
}
]
URL_TIMEOUT = 10
def map_legacy_config(trusted_url):
"""
For backward compability with the legacy configuration
for trusting URLs. Adapts them to fit the new config.
"""
if isinstance(trusted_url, str):
return {"url_prefix": trusted_url}
return trusted_url
# Backward compability for legacy behavior
TRUSTED_DEFAULT_URLS = list(map(map_legacy_config, TRUSTED_DEFAULT_URLS))
# Bluesky settings
BLUESKY_IDENTIFIER = os.environ.get("BLUESKY_IDENTIFIER", None)
BLUESKY_APP_PASSWORD = os.environ.get("BLUESKY_APP_PASSWORD", None)
# File upload security settings
FILE_UPLOAD_MAX_MEMORY_SIZE = 5 * 1024 * 1024 # 5MB
DATA_UPLOAD_MAX_MEMORY_SIZE = 5 * 1024 * 1024 # 5MB
FILE_UPLOAD_PERMISSIONS = 0o644
# Enhanced file upload security
ENABLE_FILE_SECURITY_VALIDATION = True
ENABLE_EXIF_SANITIZATION = True
ENABLE_MALICIOUS_CONTENT_SCAN = True
# Avatar optimization settings
PAGAN_CACHE_SIZE = 1000 # Number of pagan avatars to cache
# Logging configuration - can be overridden in local config
# Example: LOGS_DIR = "/var/log/ivatar" # For production deployments
# This MUST BE THE LAST!
if os.path.isfile(os.path.join(BASE_DIR, "config_local.py")):
from config_local import * # noqa # flake8: noqa # NOQA # pragma: no cover

65
config_local.py.example
View File

@@ -1,65 +0,0 @@
# -*- coding: utf-8 -*-
"""
Example local configuration file for ivatar
Copy this to config_local.py and customize for your environment
"""
import os
# Override logs directory for production deployments
# LOGS_DIR = "/var/log/ivatar"
# Override logs directory for development with custom location
# LOGS_DIR = os.path.join(os.path.expanduser("~"), "ivatar_logs")
# File upload security settings
# ENABLE_FILE_SECURITY_VALIDATION = True
# ENABLE_EXIF_SANITIZATION = True
# ENABLE_MALICIOUS_CONTENT_SCAN = True
# Example production overrides:
# DEBUG = False
# SECRET_KEY = "your-production-secret-key-here"
# ALLOWED_HOSTS = ["yourdomain.com", "www.yourdomain.com"]
# Database configuration (if not using environment variables)
# DATABASES = {
# 'default': {
# 'ENGINE': 'django.db.backends.postgresql',
# 'NAME': 'ivatar_prod',
# 'USER': 'ivatar_user',
# 'PASSWORD': 'your-db-password',
# 'HOST': 'localhost',
# 'PORT': '5432',
# }
# }
# Email configuration
# EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
# EMAIL_HOST = 'smtp.yourdomain.com'
# EMAIL_PORT = 587
# EMAIL_USE_TLS = True
# EMAIL_HOST_USER = 'noreply@yourdomain.com'
# EMAIL_HOST_PASSWORD = 'your-email-password'
# Example: Override logs directory for production
# LOGS_DIR = "/var/log/ivatar"
# Bluesky integration credentials
# BLUESKY_IDENTIFIER = "your-bluesky-handle"
# BLUESKY_APP_PASSWORD = "your-app-password"
# Gravatar proxy and redirect settings
# These control the default behavior when no local avatar is found
# URL parameters (?gravatarproxy=n&gravatarredirect=y) will override these defaults
# For private/local instances that should not make external requests:
# DEFAULT_GRAVATARPROXY = False
# DEFAULT_GRAVATARREDIRECT = False
# For instances that prefer direct Gravatar redirects:
# DEFAULT_GRAVATARREDIRECT = True
# DEFAULT_GRAVATARPROXY = False
# For testing/development (always use default avatars):
# FORCEDEFAULT = True

2
config_local_test.py
View File

@@ -1,2 +0,0 @@
# Test configuration to verify LOGS_DIR override
LOGS_DIR = "/tmp/ivatar_test_logs"

4
coverage_extra_style.css
View File

@@ -1,6 +1,6 @@
.stats span.mis {
background: #faa;
background: #faa;
}
.text p.mis {
background: #faa;
background: #faa;
}

14
create.sh
View File

@@ -2,11 +2,11 @@
oc new-project ivatar
DB_PASSWORD=$(openssl rand -base64 16)
DB_ROOT_PASSWORD=$(openssl rand -base64 16)
DB_PASSWORD=`openssl rand -base64 16`
DB_ROOT_PASSWORD=`openssl rand -base64 16`
if [ -n "$USE_MYSQL" ]; then
DB_CMDLINE="mysql-persistent
DB_CMDLINE="mysql-persistent
--group=python+mysql-persistent
-e MYSQL_USER=ivatar
-p MYSQL_USER=ivatar
@@ -17,7 +17,7 @@ if [ -n "$USE_MYSQL" ]; then
-e MYSQL_ROOT_PASSWORD=$DB_ROOT_PASSWORD
-p MYSQL_ROOT_PASSWORD=$DB_ROOT_PASSWORD"
else
DB_CMDLINE="postgresql-persistent
DB_CMDLINE="postgresql-persistent
-e POSTGRESQL_USER=ivatar
-p POSTGRESQL_USER=ivatar
-e POSTGRESQL_DATABASE=ivatar
@@ -35,8 +35,8 @@ if [ -n "$LKERNAT_GITLAB_OPENSHIFT_ACCESS_TOKEN" ]; then
fi
oc new-app $SECRET_CMDLINE python~https://git.linux-kernel.at/oliver/ivatar.git \
-e IVATAR_MAILGUN_API_KEY=$IVATAR_MAILGUN_API_KEY \
-e IVATAR_MAILGUN_SENDER_DOMAIN=$IVATAR_MAILGUN_SENDER_DOMAIN \
$DB_CMDLINE
-e IVATAR_MAILGUN_API_KEY=$IVATAR_MAILGUN_API_KEY \
-e IVATAR_MAILGUN_SENDER_DOMAIN=$IVATAR_MAILGUN_SENDER_DOMAIN \
$DB_CMDLINE
oc expose svc/ivatar

2
create_nobody_from_svg_with_inkscape.sh
View File

@@ -1,4 +1,4 @@
for size in $(seq 1 512); do
inkscape -z -e ivatar/static/img/nobody/${size}.png -w ${size} -h ${size} \
ivatar/static/img/libravatar_logo.svg
ivatar/static/img/libravatar_logo.svg
done

1
cropperjs.zip
View File

@@ -1 +0,0 @@
Not Found

78
import_csv.py Normal file
View File

@@ -0,0 +1,78 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
Import a CSV - Format as follows:
<mailaddr>,<path_to_image>
Example:
myuser@mydomain.tld,myphoto.jpeg
This will create or update an existing user and assign the image
to the given address.
"""
import os
from os.path import isfile
import sys
from io import BytesIO
import csv
import django
os.environ.setdefault(
"DJANGO_SETTINGS_MODULE", "ivatar.settings"
) # pylint: disable=wrong-import-position
django.setup() # pylint: disable=wrong-import-position
from django.contrib.auth.models import User
from PIL import Image
from ivatar.settings import JPEG_QUALITY
from ivatar.ivataraccount.models import ConfirmedEmail
from ivatar.ivataraccount.models import Photo
from ivatar.ivataraccount.models import file_format
if len(sys.argv) < 2:
print("First argument to '%s' must be the path to the CSV" % sys.argv[0])
exit(-255)
if not isfile(sys.argv[1]):
print("First argument to '%s' must be a path to the CSV" % sys.argv[0])
exit(-255)
PATH = sys.argv[1]
with open(PATH, newline="") as csvfile:
contactreader = csv.reader(csvfile, delimiter=",")
for row in contactreader:
mailaddr = row[0]
image = row[1]
if not isfile(image):
print("File '%s' doesn't exist - cannot add" % image)
continue
print("Adding: %s" % mailaddr)
(user, created) = User.objects.get_or_create(username=mailaddr)
if not user.confirmedemail_set.count() < 1:
ConfirmedEmail.objects.get_or_create(
email=mailaddr,
user=user,
)
user.save()
with open(image, "rb") as avatar:
pilobj = Image.open(avatar)
out = BytesIO()
pilobj.save(out, pilobj.format, quality=JPEG_QUALITY)
out.seek(0)
photo = None
if user.photo_set.count() < 1:
photo = Photo()
photo.user = user
else:
photo = user.photo_set.first()
photo.ip_address = "0.0.0.0"
photo.format = file_format(pilobj.format)
photo.data = out.read()
photo.save()
print("xxx: %s" % user.confirmedemail_set.first())
confirmed_email = user.confirmedemail_set.first()
confirmed_email.photo_id = photo.id
confirmed_email.save()

1
import_libravatar.py
View File

@@ -1,4 +1,5 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
Import the whole libravatar export
"""

1
ivatar/__init__.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
"""
Module init
"""

23
ivatar/context_processors.py
View File

@@ -1,9 +1,12 @@
# -*- coding: utf-8 -*-
"""
Default: useful variables for the base page templates.
"""
from django.conf import settings
from ipware import get_client_ip # type: ignore
from ipware import get_client_ip
from ivatar.settings import IVATAR_VERSION, SITE_NAME, MAX_PHOTO_SIZE
from ivatar.settings import BASE_URL, SECURE_BASE_URL
from ivatar.settings import MAX_NUM_UNCONFIRMED_EMAILS
def basepage(request):
@@ -18,21 +21,17 @@ def basepage(request):
] # pragma: no cover
client_ip = get_client_ip(request)[0]
context["client_ip"] = client_ip
context["ivatar_version"] = getattr(settings, "IVATAR_VERSION", "2.0")
context["site_name"] = getattr(settings, "SITE_NAME", "libravatar")
context["ivatar_version"] = IVATAR_VERSION
context["site_name"] = SITE_NAME
context["site_url"] = request.build_absolute_uri("/")[:-1]
context["max_file_size"] = getattr(settings, "MAX_PHOTO_SIZE", 10485760)
context["BASE_URL"] = getattr(settings, "BASE_URL", "http://localhost:8000/avatar/")
context["SECURE_BASE_URL"] = getattr(
settings, "SECURE_BASE_URL", "https://localhost:8000/avatar/"
)
context["max_file_size"] = MAX_PHOTO_SIZE
context["BASE_URL"] = BASE_URL
context["SECURE_BASE_URL"] = SECURE_BASE_URL
context["max_emails"] = False
if request.user:
if not request.user.is_anonymous:
unconfirmed = request.user.unconfirmedemail_set.count()
max_unconfirmed = getattr(settings, "MAX_NUM_UNCONFIRMED_EMAILS", 5)
if unconfirmed >= max_unconfirmed:
if unconfirmed >= MAX_NUM_UNCONFIRMED_EMAILS:
context["max_emails"] = True
return context

342
ivatar/file_security.py
View File

@@ -1,342 +0,0 @@
"""
File upload security utilities for ivatar
"""
import hashlib
import logging
import magic
import os
from io import BytesIO
from typing import Dict, Tuple
from PIL import Image
# Initialize logger
logger = logging.getLogger("ivatar.security")
# Security constants
ALLOWED_MIME_TYPES = [
"image/jpeg",
"image/png",
"image/gif",
"image/webp",
"image/bmp",
"image/tiff",
]
ALLOWED_EXTENSIONS = [".jpg", ".jpeg", ".png", ".gif", ".webp", ".bmp", ".tiff"]
# Magic byte signatures for image formats
IMAGE_SIGNATURES = {
b"\xff\xd8\xff": "image/jpeg",
b"\x89PNG\r\n\x1a\n": "image/png",
b"GIF87a": "image/gif",
b"GIF89a": "image/gif",
b"RIFF": "image/webp", # WebP starts with RIFF
b"BM": "image/bmp",
b"II*\x00": "image/tiff", # Little-endian TIFF
b"MM\x00*": "image/tiff", # Big-endian TIFF
}
# Maximum file size for different operations (in bytes)
MAX_FILE_SIZE_BASIC = 5 * 1024 * 1024 # 5MB for basic validation
MAX_FILE_SIZE_SCAN = 10 * 1024 * 1024 # 10MB for virus scanning
MAX_FILE_SIZE_PROCESS = 50 * 1024 * 1024 # 50MB for processing
class FileUploadSecurityError(Exception):
"""Custom exception for file upload security issues"""
pass
class FileValidator:
"""Comprehensive file validation for uploads"""
def __init__(self, file_data: bytes, filename: str):
self.file_data = file_data
self.filename = filename
self.file_size = len(file_data)
self.file_hash = hashlib.sha256(file_data).hexdigest()
def validate_basic(self) -> Dict[str, any]:
"""
Perform basic file validation
Returns validation results dictionary
"""
results = {
"valid": True,
"errors": [],
"warnings": [],
"file_info": {
"size": self.file_size,
"hash": self.file_hash,
"filename": self.filename,
},
}
# Check file size
if self.file_size > MAX_FILE_SIZE_BASIC:
results["valid"] = False
results["errors"].append(f"File too large: {self.file_size} bytes")
# Check filename
if not self.filename or len(self.filename) > 255:
results["valid"] = False
results["errors"].append("Invalid filename")
# Check file extension
ext = os.path.splitext(self.filename)[1].lower()
if ext not in ALLOWED_EXTENSIONS:
results["valid"] = False
results["errors"].append(f"File extension not allowed: {ext}")
return results
def validate_magic_bytes(self) -> Dict[str, any]:
"""
Validate file using magic bytes (file signatures)
"""
results = {"valid": True, "detected_type": None, "errors": []}
# Check magic bytes
detected_type = None
for signature, mime_type in IMAGE_SIGNATURES.items():
if self.file_data.startswith(signature):
detected_type = mime_type
break
# Special handling for WebP (RIFF + WEBP)
if self.file_data.startswith(b"RIFF") and b"WEBP" in self.file_data[:12]:
detected_type = "image/webp"
if not detected_type:
results["valid"] = False
results["errors"].append(
"File signature does not match any supported image format"
)
else:
results["detected_type"] = detected_type
return results
def validate_mime_type(self) -> Dict[str, any]:
"""
Validate MIME type using python-magic
"""
results = {"valid": True, "detected_mime": None, "errors": []}
try:
# Use python-magic to detect MIME type
detected_mime = magic.from_buffer(self.file_data, mime=True)
results["detected_mime"] = detected_mime
if detected_mime not in ALLOWED_MIME_TYPES:
results["valid"] = False
results["errors"].append(f"MIME type not allowed: {detected_mime}")
except Exception as e:
logger.warning(f"MIME type detection failed: {e}")
results["warnings"].append("Could not detect MIME type")
return results
def validate_pil_image(self) -> Dict[str, any]:
"""
Validate using PIL to ensure it's a valid image
"""
results = {"valid": True, "image_info": {}, "errors": []}
try:
# Open image with PIL
image = Image.open(BytesIO(self.file_data))
# Get image information
results["image_info"] = {
"format": image.format,
"mode": image.mode,
"size": image.size,
"width": image.width,
"height": image.height,
"has_transparency": image.mode in ("RGBA", "LA", "P"),
}
# Verify image can be loaded
image.load()
# Check for suspicious characteristics
if image.width > 10000 or image.height > 10000:
results["warnings"].append("Image dimensions are very large")
if image.width < 1 or image.height < 1:
results["valid"] = False
results["errors"].append("Invalid image dimensions")
except Exception as e:
results["valid"] = False
results["errors"].append(f"Invalid image format: {str(e)}")
return results
def sanitize_exif_data(self) -> bytes:
"""
Remove EXIF data from image to prevent metadata leaks
"""
try:
image = Image.open(BytesIO(self.file_data))
# Create new image without EXIF data
if image.mode in ("RGBA", "LA"):
# Preserve transparency
new_image = Image.new("RGBA", image.size, (255, 255, 255, 0))
new_image.paste(image, mask=image.split()[-1])
else:
new_image = Image.new("RGB", image.size, (255, 255, 255))
new_image.paste(image)
# Save without EXIF data
output = BytesIO()
new_image.save(output, format=image.format or "JPEG", quality=95)
return output.getvalue()
except Exception as e:
logger.warning(f"EXIF sanitization failed: {e}")
return self.file_data # Return original if sanitization fails
def scan_for_malicious_content(self) -> Dict[str, any]:
"""
Scan for potentially malicious content patterns
"""
results = {"suspicious": False, "threats": [], "warnings": []}
# Check for embedded scripts or executable content
suspicious_patterns = [
b"<script",
b"javascript:",
b"vbscript:",
b"data:text/html",
b"<?php",
b"<%",
b"#!/bin/",
b"MZ", # PE executable header
b"\x7fELF", # ELF executable header
]
for pattern in suspicious_patterns:
if pattern in self.file_data:
results["suspicious"] = True
results["threats"].append(f"Suspicious pattern detected: {pattern}")
# Check for polyglot files (valid in multiple formats)
if self.file_data.startswith(b"GIF89a") and b"<script" in self.file_data:
results["suspicious"] = True
results["threats"].append("Potential polyglot attack detected")
return results
def comprehensive_validation(self) -> Dict[str, any]:
"""
Perform comprehensive file validation
"""
results = {
"valid": True,
"errors": [],
"warnings": [],
"file_info": {},
"security_score": 100,
}
# Basic validation
basic_results = self.validate_basic()
if not basic_results["valid"]:
results["valid"] = False
results["errors"].extend(basic_results["errors"])
results["security_score"] -= 30
results["file_info"].update(basic_results["file_info"])
results["warnings"].extend(basic_results["warnings"])
# Magic bytes validation
magic_results = self.validate_magic_bytes()
if not magic_results["valid"]:
results["valid"] = False
results["errors"].extend(magic_results["errors"])
results[
"security_score"
] -= 10 # Reduced from 25 - basic format issue, not security threat
results["file_info"]["detected_type"] = magic_results["detected_type"]
# MIME type validation
mime_results = self.validate_mime_type()
if not mime_results["valid"]:
results["valid"] = False
results["errors"].extend(mime_results["errors"])
results[
"security_score"
] -= 10 # Reduced from 20 - basic format issue, not security threat
results["file_info"]["detected_mime"] = mime_results["detected_mime"]
results["warnings"].extend(mime_results.get("warnings", []))
# PIL image validation
pil_results = self.validate_pil_image()
if not pil_results["valid"]:
results["valid"] = False
results["errors"].extend(pil_results["errors"])
results[
"security_score"
] -= 10 # Reduced from 15 - basic format issue, not security threat
results["file_info"]["image_info"] = pil_results["image_info"]
results["warnings"].extend(pil_results.get("warnings", []))
# Security scan
security_results = self.scan_for_malicious_content()
if security_results["suspicious"]:
results["valid"] = False
results["errors"].extend(security_results["threats"])
results["security_score"] -= 50
results["warnings"].extend(security_results.get("warnings", []))
# Log security events
if not results["valid"]:
logger.warning(f"File upload validation failed: {results['errors']}")
elif results["security_score"] < 80:
logger.info(
f"File upload with low security score: {results['security_score']}"
)
return results
def validate_uploaded_file(
file_data: bytes, filename: str
) -> Tuple[bool, Dict[str, any], bytes]:
"""
Main function to validate uploaded files
Returns:
(is_valid, validation_results, sanitized_data)
"""
validator = FileValidator(file_data, filename)
# Perform comprehensive validation
results = validator.comprehensive_validation()
if not results["valid"]:
return False, results, file_data
# Sanitize EXIF data
sanitized_data = validator.sanitize_exif_data()
return True, results, sanitized_data
def get_file_security_report(file_data: bytes, filename: str) -> Dict[str, any]:
"""
Generate a security report for a file without modifying it
"""
validator = FileValidator(file_data, filename)
return validator.comprehensive_validation()

2
ivatar/ivataraccount/__init__.py
View File

@@ -1,5 +1,5 @@
# -*- coding: utf-8 -*-
"""
Module init
"""
app_label = __name__ # pylint: disable=invalid-name

2
ivatar/ivataraccount/admin.py
View File

@@ -1,7 +1,7 @@
# -*- coding: utf-8 -*-
"""
Register models in admin
"""
from django.contrib import admin
from .models import Photo, ConfirmedEmail, UnconfirmedEmail

55
ivatar/ivataraccount/auth.py
View File

@@ -1,55 +0,0 @@
from social_core.backends.open_id_connect import OpenIdConnectAuth
from ivatar.ivataraccount.models import ConfirmedEmail, Photo
from ivatar.settings import logger, TRUST_EMAIL_FROM_SOCIAL_AUTH_BACKENDS
class FedoraOpenIdConnect(OpenIdConnectAuth):
name = "fedora"
USERNAME_KEY = "nickname"
OIDC_ENDPOINT = "https://id.fedoraproject.org"
DEFAULT_SCOPE = ["openid", "profile", "email"]
TOKEN_ENDPOINT_AUTH_METHOD = "client_secret_post"
# Pipeline methods
def add_confirmed_email(backend, user, response, *args, **kwargs):
"""Add a ConfirmedEmail if we trust the auth backend to validate email."""
if not kwargs.get("is_new", False):
return None # Only act on account creation
if backend.name not in TRUST_EMAIL_FROM_SOCIAL_AUTH_BACKENDS:
return None
if ConfirmedEmail.objects.filter(email=user.email).count() > 0:
# email already exists
return None
(confirmed_id, external_photos) = ConfirmedEmail.objects.create_confirmed_email(
user, user.email, True
)
confirmed_email = ConfirmedEmail.objects.get(id=confirmed_id)
logger.debug(
"Email %s added upon creation of user %s", confirmed_email.email, user.pk
)
photo = Photo.objects.create(user=user, ip_address=confirmed_email.ip_address)
import_result = photo.import_image("Gravatar", confirmed_email.email)
if import_result:
logger.debug("Gravatar image imported for %s", confirmed_email.email)
def associate_by_confirmed_email(backend, details, user=None, *args, **kwargs):
"""
Associate current auth with a user that has their email address as ConfirmedEmail in the DB.
"""
if user:
return None
email = details.get("email")
if not email:
return None
try:
confirmed_email = ConfirmedEmail.objects.get(email=email)
except ConfirmedEmail.DoesNotExist:
return None
user = confirmed_email.user
logger.debug("Found a matching ConfirmedEmail for %s upon login", user.username)
return {"user": user, "is_new": False}

124
ivatar/ivataraccount/forms.py
View File

@@ -1,27 +1,20 @@
# -*- coding: utf-8 -*-
"""
Classes for our ivatar.ivataraccount.forms
"""
from urllib.parse import urlsplit, urlunsplit
from django import forms
from django.utils.translation import gettext_lazy as _
from django.core.exceptions import ValidationError
from ipware import get_client_ip
from ivatar import settings
from ivatar.settings import MIN_LENGTH_EMAIL, MAX_LENGTH_EMAIL
from ivatar.settings import MIN_LENGTH_URL, MAX_LENGTH_URL
from ivatar.settings import ENABLE_FILE_SECURITY_VALIDATION
from ivatar.file_security import validate_uploaded_file, FileUploadSecurityError
from .models import UnconfirmedEmail, ConfirmedEmail, Photo
from .models import UnconfirmedOpenId, ConfirmedOpenId
from .models import UserPreference
import logging
# Initialize logger
logger = logging.getLogger("ivatar.ivataraccount.forms")
MAX_NUM_UNCONFIRMED_EMAILS_DEFAULT = 5
@@ -88,7 +81,7 @@ class AddEmailForm(forms.Form):
class UploadPhotoForm(forms.Form):
"""
Form handling photo upload with enhanced security validation
Form handling photo upload
"""
photo = forms.FileField(
@@ -114,106 +107,20 @@ class UploadPhotoForm(forms.Form):
},
)
def clean_photo(self):
@staticmethod
def save(request, data):
"""
Enhanced photo validation with security checks
"""
photo = self.cleaned_data.get("photo")
if not photo:
raise ValidationError(_("No file provided"))
# Read file data
try:
# Handle different file types
if hasattr(photo, "read"):
file_data = photo.read()
elif hasattr(photo, "file"):
file_data = photo.file.read()
else:
file_data = bytes(photo)
filename = photo.name
except Exception as e:
logger.error(f"Error reading uploaded file: {e}")
raise ValidationError(_("Error reading uploaded file"))
# Perform comprehensive security validation (if enabled)
if ENABLE_FILE_SECURITY_VALIDATION:
try:
is_valid, validation_results, sanitized_data = validate_uploaded_file(
file_data, filename
)
if not is_valid:
# Log security violation
logger.warning(
f"File upload security violation: {validation_results['errors']}"
)
# Only reject truly malicious files at the form level
# Allow basic format issues to pass through to Photo.save() for original error handling
if validation_results.get("security_score", 100) < 30:
raise ValidationError(
_("File appears to be malicious and cannot be uploaded")
)
else:
# For format issues, don't raise ValidationError - let Photo.save() handle it
# This preserves the original error handling behavior
logger.info(
f"File format issue detected, allowing Photo.save() to handle: {validation_results['errors']}"
)
# Store the validation results for potential use, but don't reject the form
self.validation_results = validation_results
self.file_data = file_data
else:
# Store sanitized data for later use
self.sanitized_data = sanitized_data
self.validation_results = validation_results
# Store original file data for fallback
self.file_data = file_data
# Log successful validation
logger.info(
f"File upload validated successfully: {filename}, security_score: {validation_results.get('security_score', 100)}"
)
except FileUploadSecurityError as e:
logger.error(f"File upload security error: {e}")
raise ValidationError(_("File security validation failed"))
except Exception as e:
logger.error(f"Unexpected error during file validation: {e}")
raise ValidationError(_("File validation failed"))
else:
# Security validation disabled (e.g., in tests)
logger.debug(f"File upload security validation disabled for: {filename}")
self.file_data = file_data
return photo
def save(self, request, data):
"""
Save the model and assign it to the current user with enhanced security
Save the model and assign it to the current user
"""
# Link this file to the user's profile
photo = Photo()
photo.user = request.user
photo.ip_address = get_client_ip(request)[0]
# Use sanitized data if available, otherwise use stored file data
if hasattr(self, "sanitized_data"):
photo.data = self.sanitized_data
elif hasattr(self, "file_data"):
photo.data = self.file_data
else:
# Fallback: try to read from the file object
try:
photo.data = data.read()
except Exception as e:
logger.error(f"Failed to read file data: {e}")
photo.data = b""
photo.data = data.read()
photo.save()
return photo if photo.pk else None
if not photo.pk:
return None
return photo
class AddOpenIDForm(forms.Form):
@@ -234,16 +141,13 @@ class AddOpenIDForm(forms.Form):
"""
# Lowercase hostname port of the URL
url = urlsplit(self.cleaned_data["openid"])
return urlunsplit(
(
url.scheme.lower(),
url.netloc.lower(),
url.path,
url.query,
url.fragment,
)
data = urlunsplit(
(url.scheme.lower(), url.netloc.lower(), url.path, url.query, url.fragment)
)
# TODO: Domain restriction as in libravatar?
return data
def save(self, user):
"""
Save the model, ensuring some safety

27
ivatar/ivataraccount/gravatar.py
View File

@@ -1,14 +1,15 @@
# -*- coding: utf-8 -*-
"""
Helper method to fetch Gravatar image
"""
from ssl import SSLError
from urllib.request import HTTPError, URLError
from ivatar.utils import urlopen
from urllib.request import urlopen, HTTPError, URLError
import hashlib
from ..settings import AVATAR_MAX_SIZE
URL_TIMEOUT = 5 # in seconds
def get_photo(email):
"""
@@ -22,23 +23,29 @@ def get_photo(email):
+ "?s=%i&d=404" % AVATAR_MAX_SIZE
)
image_url = (
f"https://secure.gravatar.com/avatar/{hash_object.hexdigest()}?s=512&d=404"
"https://secure.gravatar.com/avatar/" + hash_object.hexdigest() + "?s=512&d=404"
)
# Will redirect to the public profile URL if it exists
service_url = f"http://www.gravatar.com/{hash_object.hexdigest()}"
service_url = "http://www.gravatar.com/" + hash_object.hexdigest()
try:
urlopen(image_url)
urlopen(image_url, timeout=URL_TIMEOUT)
except HTTPError as exc:
if exc.code not in [404, 503]:
print(f"Gravatar fetch failed with an unexpected {exc.code} HTTP error")
if exc.code != 404 and exc.code != 503:
print( # pragma: no cover
"Gravatar fetch failed with an unexpected %s HTTP error" % exc.code
)
return False
except URLError as exc: # pragma: no cover
print(f"Gravatar fetch failed with URL error: {exc.reason}")
print(
"Gravatar fetch failed with URL error: %s" % exc.reason
) # pragma: no cover
return False # pragma: no cover
except SSLError as exc: # pragma: no cover
print(f"Gravatar fetch failed with SSL error: {exc.reason}")
print(
"Gravatar fetch failed with SSL error: %s" % exc.reason
) # pragma: no cover
return False # pragma: no cover
return {

179
ivatar/ivataraccount/migrations/0001_initial.py
View File

@@ -3,6 +3,7 @@
from django.conf import settings
from django.db import migrations, models
import django.db.models.deletion
import ivatar.ivataraccount.models
class Migration(migrations.Migration):
@@ -15,167 +16,93 @@ class Migration(migrations.Migration):
operations = [
migrations.CreateModel(
name="ConfirmedEmail",
name='ConfirmedEmail',
fields=[
(
"id",
models.AutoField(
auto_created=True,
primary_key=True,
serialize=False,
verbose_name="ID",
),
),
("ip_address", models.GenericIPAddressField(unpack_ipv4=True)),
("add_date", models.DateTimeField()),
("email", models.EmailField(max_length=254, unique=True)),
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('ip_address', models.GenericIPAddressField(unpack_ipv4=True)),
('add_date', models.DateTimeField()),
('email', models.EmailField(max_length=254, unique=True)),
],
options={
"verbose_name": "confirmed email",
"verbose_name_plural": "confirmed emails",
'verbose_name': 'confirmed email',
'verbose_name_plural': 'confirmed emails',
},
),
migrations.CreateModel(
name="ConfirmedOpenId",
name='ConfirmedOpenId',
fields=[
(
"id",
models.AutoField(
auto_created=True,
primary_key=True,
serialize=False,
verbose_name="ID",
),
),
("ip_address", models.GenericIPAddressField(unpack_ipv4=True)),
("add_date", models.DateTimeField()),
("openid", models.URLField(max_length=255, unique=True)),
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('ip_address', models.GenericIPAddressField(unpack_ipv4=True)),
('add_date', models.DateTimeField()),
('openid', models.URLField(max_length=255, unique=True)),
],
options={
"verbose_name": "confirmed OpenID",
"verbose_name_plural": "confirmed OpenIDs",
'verbose_name': 'confirmed OpenID',
'verbose_name_plural': 'confirmed OpenIDs',
},
),
migrations.CreateModel(
name="Photo",
name='Photo',
fields=[
(
"id",
models.AutoField(
auto_created=True,
primary_key=True,
serialize=False,
verbose_name="ID",
),
),
("add_date", models.DateTimeField()),
("ip_address", models.GenericIPAddressField(unpack_ipv4=True)),
("data", models.BinaryField()),
("format", models.CharField(max_length=3)),
(
"user",
models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
to=settings.AUTH_USER_MODEL,
),
),
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('add_date', models.DateTimeField()),
('ip_address', models.GenericIPAddressField(unpack_ipv4=True)),
('data', models.BinaryField()),
('format', models.CharField(max_length=3)),
('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
],
options={
"verbose_name": "photo",
"verbose_name_plural": "photos",
'verbose_name': 'photo',
'verbose_name_plural': 'photos',
},
),
migrations.CreateModel(
name="UnconfirmedEmail",
name='UnconfirmedEmail',
fields=[
(
"id",
models.AutoField(
auto_created=True,
primary_key=True,
serialize=False,
verbose_name="ID",
),
),
("ip_address", models.GenericIPAddressField(unpack_ipv4=True)),
("add_date", models.DateTimeField()),
("email", models.EmailField(max_length=254)),
("verification_key", models.CharField(max_length=64)),
(
"user",
models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
to=settings.AUTH_USER_MODEL,
),
),
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('ip_address', models.GenericIPAddressField(unpack_ipv4=True)),
('add_date', models.DateTimeField()),
('email', models.EmailField(max_length=254)),
('verification_key', models.CharField(max_length=64)),
('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
],
options={
"verbose_name": "unconfirmed_email",
"verbose_name_plural": "unconfirmed_emails",
'verbose_name': 'unconfirmed_email',
'verbose_name_plural': 'unconfirmed_emails',
},
),
migrations.CreateModel(
name="UnconfirmedOpenId",
name='UnconfirmedOpenId',
fields=[
(
"id",
models.AutoField(
auto_created=True,
primary_key=True,
serialize=False,
verbose_name="ID",
),
),
("ip_address", models.GenericIPAddressField(unpack_ipv4=True)),
("add_date", models.DateTimeField()),
("openid", models.URLField(max_length=255)),
(
"user",
models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE,
to=settings.AUTH_USER_MODEL,
),
),
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('ip_address', models.GenericIPAddressField(unpack_ipv4=True)),
('add_date', models.DateTimeField()),
('openid', models.URLField(max_length=255)),
('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
],
options={
"verbose_name": "unconfirmed OpenID",
"verbose_name_plural": "unconfirmed_OpenIDs",
'verbose_name': 'unconfirmed OpenID',
'verbose_name_plural': 'unconfirmed_OpenIDs',
},
),
migrations.AddField(
model_name="confirmedopenid",
name="photo",
field=models.ForeignKey(
blank=True,
null=True,
on_delete=django.db.models.deletion.CASCADE,
related_name="openids",
to="ivataraccount.Photo",
),
model_name='confirmedopenid',
name='photo',
field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='openids', to='ivataraccount.Photo'),
),
migrations.AddField(
model_name="confirmedopenid",
name="user",
field=models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL
),
model_name='confirmedopenid',
name='user',
field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL),
),
migrations.AddField(
model_name="confirmedemail",
name="photo",
field=models.ForeignKey(
blank=True,
null=True,
on_delete=django.db.models.deletion.CASCADE,
related_name="emails",
to="ivataraccount.Photo",
),
model_name='confirmedemail',
name='photo',
field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='emails', to='ivataraccount.Photo'),
),
migrations.AddField(
model_name="confirmedemail",
name="user",
field=models.ForeignKey(
on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL
),
model_name='confirmedemail',
name='user',
field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL),
),
]

44
ivatar/ivataraccount/migrations/0002_openidassociation_openidnonce.py
View File

@@ -6,45 +6,29 @@ from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("ivataraccount", "0001_initial"),
('ivataraccount', '0001_initial'),
]
operations = [
migrations.CreateModel(
name="OpenIDAssociation",
name='OpenIDAssociation',
fields=[
(
"id",
models.AutoField(
auto_created=True,
primary_key=True,
serialize=False,
verbose_name="ID",
),
),
("server_url", models.TextField(max_length=2047)),
("handle", models.CharField(max_length=255)),
("secret", models.TextField(max_length=255)),
("issued", models.IntegerField()),
("lifetime", models.IntegerField()),
("assoc_type", models.TextField(max_length=64)),
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('server_url', models.TextField(max_length=2047)),
('handle', models.CharField(max_length=255)),
('secret', models.TextField(max_length=255)),
('issued', models.IntegerField()),
('lifetime', models.IntegerField()),
('assoc_type', models.TextField(max_length=64)),
],
),
migrations.CreateModel(
name="OpenIDNonce",
name='OpenIDNonce',
fields=[
(
"id",
models.AutoField(
auto_created=True,
primary_key=True,
serialize=False,
verbose_name="ID",
),
),
("server_url", models.CharField(max_length=255)),
("timestamp", models.IntegerField()),
("salt", models.CharField(max_length=128)),
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
('server_url', models.CharField(max_length=255)),
('timestamp', models.IntegerField()),
('salt', models.CharField(max_length=128)),
],
),
]

38
ivatar/ivataraccount/migrations/0003_auto_20180508_0637.py
View File

@@ -7,53 +7,53 @@ from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("ivataraccount", "0002_openidassociation_openidnonce"),
('ivataraccount', '0002_openidassociation_openidnonce'),
]
operations = [
migrations.AlterField(
model_name="confirmedemail",
name="add_date",
model_name='confirmedemail',
name='add_date',
field=models.DateTimeField(default=datetime.datetime.utcnow),
),
migrations.AlterField(
model_name="confirmedemail",
name="ip_address",
model_name='confirmedemail',
name='ip_address',
field=models.GenericIPAddressField(null=True, unpack_ipv4=True),
),
migrations.AlterField(
model_name="confirmedopenid",
name="add_date",
model_name='confirmedopenid',
name='add_date',
field=models.DateTimeField(default=datetime.datetime.utcnow),
),
migrations.AlterField(
model_name="confirmedopenid",
name="ip_address",
model_name='confirmedopenid',
name='ip_address',
field=models.GenericIPAddressField(null=True, unpack_ipv4=True),
),
migrations.AlterField(
model_name="photo",
name="add_date",
model_name='photo',
name='add_date',
field=models.DateTimeField(default=datetime.datetime.utcnow),
),
migrations.AlterField(
model_name="unconfirmedemail",
name="add_date",
model_name='unconfirmedemail',
name='add_date',
field=models.DateTimeField(default=datetime.datetime.utcnow),
),
migrations.AlterField(
model_name="unconfirmedemail",
name="ip_address",
model_name='unconfirmedemail',
name='ip_address',
field=models.GenericIPAddressField(null=True, unpack_ipv4=True),
),
migrations.AlterField(
model_name="unconfirmedopenid",
name="add_date",
model_name='unconfirmedopenid',
name='add_date',
field=models.DateTimeField(default=datetime.datetime.utcnow),
),
migrations.AlterField(
model_name="unconfirmedopenid",
name="ip_address",
model_name='unconfirmedopenid',
name='ip_address',
field=models.GenericIPAddressField(null=True, unpack_ipv4=True),
),
]

22
ivatar/ivataraccount/migrations/0004_auto_20180508_0742.py
View File

@@ -7,33 +7,33 @@ import django.utils.timezone
class Migration(migrations.Migration):
dependencies = [
("ivataraccount", "0003_auto_20180508_0637"),
('ivataraccount', '0003_auto_20180508_0637'),
]
operations = [
migrations.AlterField(
model_name="confirmedemail",
name="add_date",
model_name='confirmedemail',
name='add_date',
field=models.DateTimeField(default=django.utils.timezone.now),
),
migrations.AlterField(
model_name="confirmedopenid",
name="add_date",
model_name='confirmedopenid',
name='add_date',
field=models.DateTimeField(default=django.utils.timezone.now),
),
migrations.AlterField(
model_name="photo",
name="add_date",
model_name='photo',
name='add_date',
field=models.DateTimeField(default=django.utils.timezone.now),
),
migrations.AlterField(
model_name="unconfirmedemail",
name="add_date",
model_name='unconfirmedemail',
name='add_date',
field=models.DateTimeField(default=django.utils.timezone.now),
),
migrations.AlterField(
model_name="unconfirmedopenid",
name="add_date",
model_name='unconfirmedopenid',
name='add_date',
field=models.DateTimeField(default=django.utils.timezone.now),
),
]

14
ivatar/ivataraccount/migrations/0005_auto_20180522_1155.py
View File

@@ -6,20 +6,20 @@ from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("ivataraccount", "0004_auto_20180508_0742"),
('ivataraccount', '0004_auto_20180508_0742'),
]
operations = [
migrations.AddField(
model_name="confirmedemail",
name="digest",
field=models.CharField(default="", max_length=64),
model_name='confirmedemail',
name='digest',
field=models.CharField(default='', max_length=64),
preserve_default=False,
),
migrations.AddField(
model_name="confirmedopenid",
name="digest",
field=models.CharField(default="", max_length=64),
model_name='confirmedopenid',
name='digest',
field=models.CharField(default='', max_length=64),
preserve_default=False,
),
]

10
ivatar/ivataraccount/migrations/0006_auto_20180626_1445.py
View File

@@ -6,18 +6,18 @@ from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("ivataraccount", "0005_auto_20180522_1155"),
('ivataraccount', '0005_auto_20180522_1155'),
]
operations = [
migrations.AddField(
model_name="confirmedemail",
name="digest_sha256",
model_name='confirmedemail',
name='digest_sha256',
field=models.CharField(max_length=64, null=True),
),
migrations.AlterField(
model_name="confirmedemail",
name="digest",
model_name='confirmedemail',
name='digest',
field=models.CharField(max_length=32),
),
]

45
ivatar/ivataraccount/migrations/0007_auto_20180627_0624.py
View File

@@ -3,50 +3,37 @@
from django.db import migrations, models
import django.db.models.deletion
def add_sha256(apps, schema_editor):
"""
Make sure all ConfirmedEmail have digest_sha256 set
in order to alter the model so sha256 may not be NULL
"""
ConfirmedEmail = apps.get_model("ivataraccount", "ConfirmedEmail")
for mail in ConfirmedEmail.objects.filter(digest_sha256=None):
mail.save() # pragma: no cover
'''
Make sure all ConfirmedEmail have digest_sha256 set
in order to alter the model so sha256 may not be NULL
'''
ConfirmedEmail = apps.get_model('ivataraccount', 'ConfirmedEmail')
for mail in ConfirmedEmail.objects.filter(digest_sha256=None):
mail.save() # pragma: no cover
class Migration(migrations.Migration):
dependencies = [
("ivataraccount", "0006_auto_20180626_1445"),
('ivataraccount', '0006_auto_20180626_1445'),
]
operations = [
migrations.RunPython(add_sha256),
migrations.AlterField(
model_name="confirmedemail",
name="digest_sha256",
model_name='confirmedemail',
name='digest_sha256',
field=models.CharField(max_length=64),
),
migrations.AlterField(
model_name="confirmedemail",
name="photo",
field=models.ForeignKey(
blank=True,
null=True,
on_delete=django.db.models.deletion.SET_NULL,
related_name="emails",
to="ivataraccount.Photo",
),
model_name='confirmedemail',
name='photo',
field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='emails', to='ivataraccount.Photo'),
),
migrations.AlterField(
model_name="confirmedopenid",
name="photo",
field=models.ForeignKey(
blank=True,
null=True,
on_delete=django.db.models.deletion.SET_NULL,
related_name="openids",
to="ivataraccount.Photo",
),
model_name='confirmedopenid',
name='photo',
field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='openids', to='ivataraccount.Photo'),
),
]

45
ivatar/ivataraccount/migrations/0008_userpreference.py
View File

@@ -7,14 +7,11 @@ import django.db.models.deletion
def add_preference_to_user(apps, schema_editor): # pylint: disable=unused-argument
"""
'''
Make sure all users have preferences set up
"""
'''
from django.contrib.auth.models import User
UserPreference = apps.get_model(
"ivataraccount", "UserPreference"
) # pylint: disable=invalid-name
UserPreference = apps.get_model('ivataraccount', 'UserPreference') # pylint: disable=invalid-name
for user in User.objects.filter(userpreference=None):
pref = UserPreference.objects.create(user_id=user.pk) # pragma: no cover
pref.save() # pragma: no cover
@@ -23,34 +20,24 @@ def add_preference_to_user(apps, schema_editor): # pylint: disable=unused-argum
class Migration(migrations.Migration): # pylint: disable=missing-docstring
dependencies = [
("auth", "0009_alter_user_last_name_max_length"),
("ivataraccount", "0007_auto_20180627_0624"),
('auth', '0009_alter_user_last_name_max_length'),
('ivataraccount', '0007_auto_20180627_0624'),
]
operations = [
migrations.CreateModel(
name="UserPreference",
name='UserPreference',
fields=[
(
"theme",
models.CharField(
choices=[
("default", "Default theme"),
("clime", "Climes theme"),
],
default="default",
max_length=10,
),
),
(
"user",
models.OneToOneField(
on_delete=django.db.models.deletion.CASCADE,
primary_key=True,
serialize=False,
to=settings.AUTH_USER_MODEL,
),
),
('theme', models.CharField(
choices=[
('default', 'Default theme'),
('clime', 'Climes theme')],
default='default', max_length=10)),
('user', models.OneToOneField(
on_delete=django.db.models.deletion.CASCADE,
primary_key=True,
serialize=False,
to=settings.AUTH_USER_MODEL)),
],
),
migrations.RunPython(add_preference_to_user),

16
ivatar/ivataraccount/migrations/0009_auto_20180705_1152.py
View File

@@ -6,21 +6,13 @@ from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("ivataraccount", "0008_userpreference"),
('ivataraccount', '0008_userpreference'),
]
operations = [
migrations.AlterField(
model_name="userpreference",
name="theme",
field=models.CharField(
choices=[
("default", "Default theme"),
("clime", "climes theme"),
("falko", "falkos theme"),
],
default="default",
max_length=10,
),
model_name='userpreference',
name='theme',
field=models.CharField(choices=[('default', 'Default theme'), ('clime', 'climes theme'), ('falko', 'falkos theme')], default='default', max_length=10),
),
]

12
ivatar/ivataraccount/migrations/0010_auto_20180705_1201.py
View File

@@ -6,17 +6,13 @@ from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("ivataraccount", "0009_auto_20180705_1152"),
('ivataraccount', '0009_auto_20180705_1152'),
]
operations = [
migrations.AlterField(
model_name="userpreference",
name="theme",
field=models.CharField(
choices=[("default", "Default theme"), ("falko", "falkos theme")],
default="default",
max_length=10,
),
model_name='userpreference',
name='theme',
field=models.CharField(choices=[('default', 'Default theme'), ('falko', 'falkos theme')], default='default', max_length=10),
),
]

20
ivatar/ivataraccount/migrations/0011_auto_20181107_1550.py
View File

@@ -6,26 +6,18 @@ from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("ivataraccount", "0010_auto_20180705_1201"),
('ivataraccount', '0010_auto_20180705_1201'),
]
operations = [
migrations.AddField(
model_name="photo",
name="access_count",
model_name='photo',
name='access_count',
field=models.BigIntegerField(default=0, editable=False),
),
migrations.AlterField(
model_name="userpreference",
name="theme",
field=models.CharField(
choices=[
("default", "Default theme"),
("clime", "climes theme"),
("falko", "falkos theme"),
],
default="default",
max_length=10,
),
model_name='userpreference',
name='theme',
field=models.CharField(choices=[('default', 'Default theme'), ('clime', 'climes theme'), ('falko', 'falkos theme')], default='default', max_length=10),
),
]

10
ivatar/ivataraccount/migrations/0012_auto_20181107_1732.py
View File

@@ -6,18 +6,18 @@ from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("ivataraccount", "0011_auto_20181107_1550"),
('ivataraccount', '0011_auto_20181107_1550'),
]
operations = [
migrations.AddField(
model_name="confirmedemail",
name="access_count",
model_name='confirmedemail',
name='access_count',
field=models.BigIntegerField(default=0, editable=False),
),
migrations.AddField(
model_name="confirmedopenid",
name="access_count",
model_name='confirmedopenid',
name='access_count',
field=models.BigIntegerField(default=0, editable=False),
),
]

17
ivatar/ivataraccount/migrations/0013_auto_20181203_1421.py
View File

@@ -6,22 +6,13 @@ from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("ivataraccount", "0012_auto_20181107_1732"),
('ivataraccount', '0012_auto_20181107_1732'),
]
operations = [
migrations.AlterField(
model_name="userpreference",
name="theme",
field=models.CharField(
choices=[
("default", "Default theme"),
("clime", "climes theme"),
("green", "green theme"),
("red", "red theme"),
],
default="default",
max_length=10,
),
model_name='userpreference',
name='theme',
field=models.CharField(choices=[('default', 'Default theme'), ('clime', 'climes theme'), ('green', 'green theme'), ('red', 'red theme')], default='default', max_length=10),
),
]

9
ivatar/ivataraccount/migrations/0014_auto_20190218_1602.py
View File

@@ -6,15 +6,12 @@ from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
("ivataraccount", "0013_auto_20181203_1421"),
('ivataraccount', '0013_auto_20181203_1421'),
]
operations = [
migrations.AlterModelOptions(
name="unconfirmedemail",
options={
"verbose_name": "unconfirmed email",
"verbose_name_plural": "unconfirmed emails",
},
name='unconfirmedemail',
options={'verbose_name': 'unconfirmed email', 'verbose_name_plural': 'unconfirmed emails'},
),
]

14
ivatar/ivataraccount/migrations/0015_auto_20200225_0934.py
View File

@@ -6,23 +6,23 @@ from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("ivataraccount", "0014_auto_20190218_1602"),
('ivataraccount', '0014_auto_20190218_1602'),
]
operations = [
migrations.AddField(
model_name="confirmedopenid",
name="alt_digest1",
model_name='confirmedopenid',
name='alt_digest1',
field=models.CharField(blank=True, default=None, max_length=64, null=True),
),
migrations.AddField(
model_name="confirmedopenid",
name="alt_digest2",
model_name='confirmedopenid',
name='alt_digest2',
field=models.CharField(blank=True, default=None, max_length=64, null=True),
),
migrations.AddField(
model_name="confirmedopenid",
name="alt_digest3",
model_name='confirmedopenid',
name='alt_digest3',
field=models.CharField(blank=True, default=None, max_length=64, null=True),
),
]

10
ivatar/ivataraccount/migrations/0016_auto_20210413_0904.py
View File

@@ -6,18 +6,18 @@ from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("ivataraccount", "0015_auto_20200225_0934"),
('ivataraccount', '0015_auto_20200225_0934'),
]
operations = [
migrations.AddField(
model_name="unconfirmedemail",
name="last_send_date",
model_name='unconfirmedemail',
name='last_send_date',
field=models.DateTimeField(blank=True, null=True),
),
migrations.AddField(
model_name="unconfirmedemail",
name="last_status",
model_name='unconfirmedemail',
name='last_status',
field=models.TextField(blank=True, max_length=2047, null=True),
),
]

58
ivatar/ivataraccount/migrations/0017_auto_20210528_1314.py
View File

@@ -6,57 +6,43 @@ from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("ivataraccount", "0016_auto_20210413_0904"),
('ivataraccount', '0016_auto_20210413_0904'),
]
operations = [
migrations.AlterField(
model_name="confirmedemail",
name="id",
field=models.BigAutoField(
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
),
model_name='confirmedemail',
name='id',
field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
migrations.AlterField(
model_name="confirmedopenid",
name="id",
field=models.BigAutoField(
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
),
model_name='confirmedopenid',
name='id',
field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
migrations.AlterField(
model_name="openidassociation",
name="id",
field=models.BigAutoField(
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
),
model_name='openidassociation',
name='id',
field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
migrations.AlterField(
model_name="openidnonce",
name="id",
field=models.BigAutoField(
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
),
model_name='openidnonce',
name='id',
field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
migrations.AlterField(
model_name="photo",
name="id",
field=models.BigAutoField(
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
),
model_name='photo',
name='id',
field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
migrations.AlterField(
model_name="unconfirmedemail",
name="id",
field=models.BigAutoField(
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
),
model_name='unconfirmedemail',
name='id',
field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
migrations.AlterField(
model_name="unconfirmedopenid",
name="id",
field=models.BigAutoField(
auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
),
model_name='unconfirmedopenid',
name='id',
field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
),
]

18
ivatar/ivataraccount/migrations/0018_alter_photo_format.py
View File

@@ -1,18 +0,0 @@
# Generated by Django 5.0 on 2024-05-31 15:00
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("ivataraccount", "0017_auto_20210528_1314"),
]
operations = [
migrations.AlterField(
model_name="photo",
name="format",
field=models.CharField(max_length=4),
),
]

18
ivatar/ivataraccount/migrations/0019_confirmedemail_bluesky_handle.py
View File

@@ -1,18 +0,0 @@
# Generated by Django 5.1.5 on 2025-01-27 10:54
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("ivataraccount", "0018_alter_photo_format"),
]
operations = [
migrations.AddField(
model_name="confirmedemail",
name="bluesky_handle",
field=models.CharField(blank=True, max_length=256, null=True),
),
]

18
ivatar/ivataraccount/migrations/0020_confirmedopenid_bluesky_handle.py
View File

@@ -1,18 +0,0 @@
# Generated by Django 5.1.5 on 2025-01-27 13:33
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("ivataraccount", "0019_confirmedemail_bluesky_handle"),
]
operations = [
migrations.AddField(
model_name="confirmedopenid",
name="bluesky_handle",
field=models.CharField(blank=True, max_length=256, null=True),
),
]

129
ivatar/ivataraccount/migrations/0021_add_performance_indexes.py
View File

@@ -1,129 +0,0 @@
# Generated manually for performance optimization
from typing import Any, List, Tuple, Optional
from django.db import migrations, connection
def create_indexes(apps: Any, schema_editor: Any) -> None:
"""
Create performance indexes for both PostgreSQL and MySQL compatibility.
Uses CONCURRENTLY for PostgreSQL production, regular CREATE INDEX for tests/transactions.
"""
db_engine = connection.vendor
indexes: List[Tuple[str, str, str, Optional[str]]] = [
# ConfirmedEmail indexes
("idx_cemail_digest", "ivataraccount_confirmedemail", "digest", None),
(
"idx_cemail_digest_sha256",
"ivataraccount_confirmedemail",
"digest_sha256",
None,
),
(
"idx_cemail_access_count",
"ivataraccount_confirmedemail",
"access_count",
None,
),
(
"idx_cemail_bluesky_handle",
"ivataraccount_confirmedemail",
"bluesky_handle",
"WHERE bluesky_handle IS NOT NULL",
),
# Photo indexes
("idx_photo_format", "ivataraccount_photo", "format", None),
("idx_photo_access_count", "ivataraccount_photo", "access_count", None),
# Composite indexes
(
"idx_cemail_user_access",
"ivataraccount_confirmedemail",
"user_id, access_count",
None,
),
(
"idx_cemail_photo_access",
"ivataraccount_confirmedemail",
"photo_id, access_count",
None,
),
("idx_photo_user_format", "ivataraccount_photo", "user_id, format", None),
]
with connection.cursor() as cursor:
# Check if we're in a transaction (test environment)
try:
cursor.execute("SELECT 1")
in_transaction = connection.in_atomic_block
except Exception:
in_transaction = True
for index_name, table_name, columns, where_clause in indexes:
try:
if db_engine == "postgresql":
# Use CONCURRENTLY only if not in a transaction (production)
# Use regular CREATE INDEX if in a transaction (tests)
if in_transaction:
# In transaction (test environment) - use regular CREATE INDEX
if where_clause:
sql = f"CREATE INDEX IF NOT EXISTS {index_name} ON {table_name}({columns}) {where_clause};"
else:
sql = f"CREATE INDEX IF NOT EXISTS {index_name} ON {table_name}({columns});"
else:
# Not in transaction (production) - use CONCURRENTLY
if where_clause:
sql = f"CREATE INDEX CONCURRENTLY IF NOT EXISTS {index_name} ON {table_name}({columns}) {where_clause};"
else:
sql = f"CREATE INDEX CONCURRENTLY IF NOT EXISTS {index_name} ON {table_name}({columns});"
else:
# MySQL and other databases - skip partial indexes
if where_clause:
print(
f"Skipping partial index {index_name} for {db_engine} (not supported)"
)
continue
sql = f"CREATE INDEX IF NOT EXISTS {index_name} ON {table_name}({columns});"
cursor.execute(sql)
print(f"Created index: {index_name}")
except Exception as e:
# Index might already exist or other error - log and continue
print(f"Index {index_name} creation skipped: {e}")
def drop_indexes(apps: Any, schema_editor: Any) -> None:
"""
Drop the performance indexes.
"""
indexes: List[str] = [
"idx_cemail_digest",
"idx_cemail_digest_sha256",
"idx_cemail_access_count",
"idx_cemail_bluesky_handle",
"idx_photo_format",
"idx_photo_access_count",
"idx_cemail_user_access",
"idx_cemail_photo_access",
"idx_photo_user_format",
]
with connection.cursor() as cursor:
for index_name in indexes:
try:
cursor.execute(f"DROP INDEX IF EXISTS {index_name};")
print(f"Dropped index: {index_name}")
except Exception as e:
print(f"Index {index_name} drop skipped: {e}")
class Migration(migrations.Migration):
dependencies = [
("ivataraccount", "0020_confirmedopenid_bluesky_handle"),
]
operations = [
migrations.RunPython(create_indexes, drop_indexes),
]

174
ivatar/ivataraccount/models.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
"""
Our models for ivatar.ivataraccount
"""
@@ -8,9 +9,8 @@ import time
from io import BytesIO
from os import urandom
from urllib.error import HTTPError, URLError
from ivatar.utils import urlopen, Bluesky
from urllib.parse import urlsplit, urlunsplit, quote
import logging
from urllib.request import urlopen
from urllib.parse import urlsplit, urlunsplit
from PIL import Image
from django.contrib.auth.models import User
@@ -20,7 +20,6 @@ from django.utils import timezone
from django.http import HttpResponseRedirect
from django.urls import reverse_lazy, reverse
from django.utils.translation import gettext_lazy as _
from django.core.cache import cache
from django.core.exceptions import ObjectDoesNotExist
from django.core.mail import send_mail
from django.template.loader import render_to_string
@@ -30,29 +29,24 @@ from openid.store.interface import OpenIDStore
from libravatar import libravatar_url
from ivatar.settings import MAX_LENGTH_EMAIL
from ivatar.settings import MAX_LENGTH_EMAIL, logger
from ivatar.settings import MAX_PIXELS, AVATAR_MAX_SIZE, JPEG_QUALITY
from ivatar.settings import MAX_LENGTH_URL
from ivatar.settings import SECURE_BASE_URL, SITE_NAME, DEFAULT_FROM_EMAIL
from ivatar.utils import openid_variations
from .gravatar import get_photo as get_gravatar_photo
# Initialize logger
logger = logging.getLogger("ivatar")
def file_format(image_type):
"""
Helper method returning a short image type
"""
if image_type in ("JPEG", "MPO"):
if image_type == "JPEG":
return "jpg"
elif image_type == "PNG":
return "png"
elif image_type == "GIF":
return "gif"
elif image_type == "WEBP":
return "webp"
return None
@@ -60,14 +54,12 @@ def pil_format(image_type):
"""
Helper method returning the 'encoder name' for PIL
"""
if image_type in ("jpg", "jpeg", "mpo"):
if image_type == "jpg" or image_type == "jpeg":
return "JPEG"
elif image_type == "png":
return "PNG"
elif image_type == "gif":
return "GIF"
elif image_type == "webp":
return "WEBP"
logger.info("Unsupported file format: %s", image_type)
return None
@@ -128,7 +120,7 @@ class Photo(BaseAccountModel):
ip_address = models.GenericIPAddressField(unpack_ipv4=True)
data = models.BinaryField()
format = models.CharField(max_length=4)
format = models.CharField(max_length=3)
access_count = models.BigIntegerField(default=0, editable=False)
class Meta: # pylint: disable=too-few-public-methods
@@ -138,11 +130,6 @@ class Photo(BaseAccountModel):
verbose_name = _("photo")
verbose_name_plural = _("photos")
indexes = [
models.Index(fields=["format"], name="idx_photo_format"),
models.Index(fields=["access_count"], name="idx_photo_access_count"),
models.Index(fields=["user_id", "format"], name="idx_photo_user_format"),
]
def import_image(self, service_name, email_address):
"""
@@ -151,7 +138,8 @@ class Photo(BaseAccountModel):
image_url = False
if service_name == "Gravatar":
if gravatar := get_gravatar_photo(email_address):
gravatar = get_gravatar_photo(email_address)
if gravatar:
image_url = gravatar["image_url"]
if service_name == "Libravatar":
@@ -161,13 +149,15 @@ class Photo(BaseAccountModel):
return False # pragma: no cover
try:
image = urlopen(image_url)
# No idea how to test this
# pragma: no cover
except HTTPError as exc:
logger.warning(
f"{service_name} import failed with an HTTP error: {exc.code}"
)
print("%s import failed with an HTTP error: %s" % (service_name, exc.code))
return False
# No idea how to test this
# pragma: no cover
except URLError as exc:
logger.warning(f"{service_name} import failed: {exc.reason}")
print("%s import failed: %s" % (service_name, exc.reason))
return False
data = image.read()
@@ -179,7 +169,7 @@ class Photo(BaseAccountModel):
self.format = file_format(img.format)
if not self.format:
logger.warning(f"Unable to determine format: {img}")
print("Unable to determine format: %s" % img) # pragma: no cover
return False # pragma: no cover
self.data = data
super().save()
@@ -194,13 +184,14 @@ class Photo(BaseAccountModel):
# Use PIL to read the file format
try:
img = Image.open(BytesIO(self.data))
# Testing? Ideas anyone?
except Exception as exc: # pylint: disable=broad-except
# For debugging only
logger.error(f"Exception caught in Photo.save(): {exc}")
print("Exception caught in Photo.save(): %s" % exc)
return False
self.format = file_format(img.format)
if not self.format:
logger.error("Format not recognized")
print("Format not recognized")
return False
return super().save(force_insert, force_update, using, update_fields)
@@ -271,7 +262,7 @@ class Photo(BaseAccountModel):
cropped_w, cropped_h = cropped.size
max_w = AVATAR_MAX_SIZE
if cropped_w > max_w or cropped_h > max_w:
cropped = cropped.resize((max_w, max_w), Image.LANCZOS)
cropped = cropped.resize((max_w, max_w), Image.ANTIALIAS)
data = BytesIO()
cropped.save(data, pil_format(self.format), quality=JPEG_QUALITY)
@@ -306,7 +297,8 @@ class ConfirmedEmailManager(models.Manager):
external_photos = []
if is_logged_in:
if gravatar := get_gravatar_photo(confirmed.email):
gravatar = get_gravatar_photo(confirmed.email)
if gravatar:
external_photos.append(gravatar)
return (confirmed.pk, external_photos)
@@ -326,8 +318,6 @@ class ConfirmedEmail(BaseAccountModel):
null=True,
on_delete=models.deletion.SET_NULL,
)
# Alternative assignment - use Bluesky handle
bluesky_handle = models.CharField(max_length=256, null=True, blank=True)
digest = models.CharField(max_length=32)
digest_sha256 = models.CharField(max_length=64)
objects = ConfirmedEmailManager()
@@ -340,20 +330,6 @@ class ConfirmedEmail(BaseAccountModel):
verbose_name = _("confirmed email")
verbose_name_plural = _("confirmed emails")
indexes = [
models.Index(fields=["digest"], name="idx_cemail_digest"),
models.Index(fields=["digest_sha256"], name="idx_cemail_digest_sha256"),
models.Index(fields=["access_count"], name="idx_cemail_access_count"),
models.Index(fields=["bluesky_handle"], name="idx_cemail_bluesky_handle"),
models.Index(
fields=["user_id", "access_count"],
name="idx_cemail_user_access",
),
models.Index(
fields=["photo_id", "access_count"],
name="idx_cemail_photo_access",
),
]
def set_photo(self, photo):
"""
@@ -362,19 +338,6 @@ class ConfirmedEmail(BaseAccountModel):
self.photo = photo
self.save()
def set_bluesky_handle(self, handle):
"""
Helper method to set Bluesky handle
"""
bs = Bluesky()
handle = bs.normalize_handle(handle)
avatar = bs.get_profile(handle)
if not avatar:
raise ValueError("Invalid Bluesky handle")
self.bluesky_handle = handle
self.save()
def save(
self, force_insert=False, force_update=False, using=None, update_fields=None
):
@@ -387,39 +350,6 @@ class ConfirmedEmail(BaseAccountModel):
self.digest_sha256 = hashlib.sha256(
self.email.strip().lower().encode("utf-8")
).hexdigest()
# We need to manually expire the page caches
# TODO: Verify this works as expected
# First check if we already have an ID
if self.pk:
cache_url = reverse_lazy(
"assign_photo_email", kwargs={"email_id": int(self.pk)}
)
cache_key = f"views.decorators.cache.cache_page.{quote(str(cache_url))}"
try:
if cache.has_key(cache_key):
cache.delete(cache_key)
logger.debug("Successfully cleaned up cached page: %s" % cache_key)
except Exception as exc:
logger.warning(
"Failed to clean up cached page {}: {}".format(cache_key, exc)
)
# Invalidate Bluesky avatar URL cache if bluesky_handle changed
if hasattr(self, "bluesky_handle") and self.bluesky_handle:
try:
cache.delete(self.bluesky_handle)
logger.debug(
"Successfully cleaned up Bluesky avatar cache for handle: %s"
% self.bluesky_handle
)
except Exception as exc:
logger.warning(
"Failed to clean up Bluesky avatar cache for handle %s: %s"
% (self.bluesky_handle, exc)
)
return super().save(force_insert, force_update, using, update_fields)
def __str__(self):
@@ -454,7 +384,9 @@ class UnconfirmedEmail(BaseAccountModel):
+ self.user.username.encode("utf-8") # pylint: disable=no-member
) # pylint: disable=no-member
self.verification_key = hash_object.hexdigest()
super().save(force_insert, force_update, using, update_fields)
super(UnconfirmedEmail, self).save(
force_insert, force_update, using, update_fields
)
def send_confirmation_mail(self, url=SECURE_BASE_URL):
"""
@@ -478,7 +410,7 @@ class UnconfirmedEmail(BaseAccountModel):
try:
send_mail(email_subject, email_body, DEFAULT_FROM_EMAIL, [self.email])
except Exception as e:
self.last_status = f"{e}"
self.last_status = "%s" % e
self.save()
return True
@@ -527,8 +459,6 @@ class ConfirmedOpenId(BaseAccountModel):
alt_digest2 = models.CharField(max_length=64, null=True, blank=True, default=None)
# https://<id> - https w/o trailing slash
alt_digest3 = models.CharField(max_length=64, null=True, blank=True, default=None)
# Alternative assignment - use Bluesky handle
bluesky_handle = models.CharField(max_length=256, null=True, blank=True)
access_count = models.BigIntegerField(default=0, editable=False)
@@ -547,25 +477,13 @@ class ConfirmedOpenId(BaseAccountModel):
self.photo = photo
self.save()
def set_bluesky_handle(self, handle):
"""
Helper method to set Bluesky handle
"""
bs = Bluesky()
handle = bs.normalize_handle(handle)
avatar = bs.get_profile(handle)
if not avatar:
raise ValueError("Invalid Bluesky handle")
self.bluesky_handle = handle
self.save()
def save(
self, force_insert=False, force_update=False, using=None, update_fields=None
):
url = urlsplit(self.openid)
if url.username: # pragma: no cover
password = url.password or ""
netloc = f"{url.username}:{password}@{url.hostname}"
netloc = url.username + ":" + password + "@" + url.hostname
else:
netloc = url.hostname
lowercase_url = urlunsplit(
@@ -586,36 +504,6 @@ class ConfirmedOpenId(BaseAccountModel):
openid_variations(lowercase_url)[3].encode("utf-8")
).hexdigest()
# Invalidate page caches and Bluesky avatar cache
if self.pk:
# Invalidate assign_photo_openid page cache
cache_url = reverse_lazy(
"assign_photo_openid", kwargs={"openid_id": int(self.pk)}
)
cache_key = f"views.decorators.cache.cache_page.{quote(str(cache_url))}"
try:
if cache.has_key(cache_key):
cache.delete(cache_key)
logger.debug("Successfully cleaned up cached page: %s" % cache_key)
except Exception as exc:
logger.warning(
"Failed to clean up cached page {}: {}".format(cache_key, exc)
)
# Invalidate Bluesky avatar URL cache if bluesky_handle exists
if hasattr(self, "bluesky_handle") and self.bluesky_handle:
try:
cache.delete(self.bluesky_handle)
logger.debug(
"Successfully cleaned up Bluesky avatar cache for handle: %s"
% self.bluesky_handle
)
except Exception as exc:
logger.warning(
"Failed to clean up Bluesky avatar cache for handle %s: %s"
% (self.bluesky_handle, exc)
)
return super().save(force_insert, force_update, using, update_fields)
def __str__(self):
@@ -715,7 +603,9 @@ class DjangoOpenIDStore(OpenIDStore):
self.removeAssociation(server_url, assoc.handle)
else:
associations.append((association.issued, association))
return associations[-1][1] if associations else None
if not associations:
return None
return associations[-1][1]
@staticmethod
def removeAssociation(server_url, handle): # pragma: no cover
@@ -768,6 +658,6 @@ class DjangoOpenIDStore(OpenIDStore):
"""
Helper method to cleanup associations
"""
OpenIDAssociation.objects.extra(
where=[f"issued + lifetimeint < ({time.time()})"]
OpenIDAssociation.objects.extra( # pylint: disable=no-member
where=["issued + lifetimeint < (%s)" % time.time()]
).delete()

47
ivatar/ivataraccount/read_libravatar_export.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
"""
Reading libravatar export
"""
@@ -31,6 +32,8 @@ def read_gzdata(gzdata=None):
"""
Read gzipped data file
"""
emails = [] # pylint: disable=invalid-name
openids = [] # pylint: disable=invalid-name
photos = [] # pylint: disable=invalid-name
username = None # pylint: disable=invalid-name
password = None # pylint: disable=invalid-name
@@ -42,8 +45,8 @@ def read_gzdata(gzdata=None):
content = fh.read()
fh.close()
root = xml.etree.ElementTree.fromstring(content)
if root.tag != "{%s}user" % SCHEMAROOT:
print(f"Unknown export format: {root.tag}")
if not root.tag == "{%s}user" % SCHEMAROOT:
print("Unknown export format: %s" % root.tag)
exit(-1)
# Username
@@ -53,21 +56,23 @@ def read_gzdata(gzdata=None):
if item[0] == "password":
password = item[1]
emails = [
{"email": email.text, "photo_id": email.attrib["photo_id"]}
for email in root.findall("{%s}emails" % SCHEMAROOT)[0]
if email.tag == "{%s}email" % SCHEMAROOT
]
openids = [
{"openid": openid.text, "photo_id": openid.attrib["photo_id"]}
for openid in root.findall("{%s}openids" % SCHEMAROOT)[0]
if openid.tag == "{%s}openid" % SCHEMAROOT
]
# Emails
for email in root.findall("{%s}emails" % SCHEMAROOT)[0]:
if email.tag == "{%s}email" % SCHEMAROOT:
emails.append({"email": email.text, "photo_id": email.attrib["photo_id"]})
# OpenIDs
for openid in root.findall("{%s}openids" % SCHEMAROOT)[0]:
if openid.tag == "{%s}openid" % SCHEMAROOT:
openids.append(
{"openid": openid.text, "photo_id": openid.attrib["photo_id"]}
)
# Photos
for photo in root.findall("{%s}photos" % SCHEMAROOT)[0]:
if photo.tag == "{%s}photo" % SCHEMAROOT:
try:
# Safety measures to make sure we do not try to parse
# Safty measures to make sure we do not try to parse
# a binary encoded string
photo.text = photo.text.strip("'")
photo.text = photo.text.strip("\\n")
@@ -75,14 +80,26 @@ def read_gzdata(gzdata=None):
data = base64.decodebytes(bytes(photo.text, "utf-8"))
except binascii.Error as exc:
print(
f'Cannot decode photo; Encoding: {photo.attrib["encoding"]}, Format: {photo.attrib["format"]}, Id: {photo.attrib["id"]}: {exc}'
"Cannot decode photo; Encoding: %s, Format: %s, Id: %s: %s"
% (
photo.attrib["encoding"],
photo.attrib["format"],
photo.attrib["id"],
exc,
)
)
continue
try:
Image.open(BytesIO(data))
except Exception as exc: # pylint: disable=broad-except
print(
f'Cannot decode photo; Encoding: {photo.attrib["encoding"]}, Format: {photo.attrib["format"]}, Id: {photo.attrib["id"]}: {exc}'
"Cannot decode photo; Encoding: %s, Format: %s, Id: %s: %s"
% (
photo.attrib["encoding"],
photo.attrib["format"],
photo.attrib["id"],
exc,
)
)
continue
else:

35
ivatar/ivataraccount/templates/_import_photo_form.html
View File

@@ -12,24 +12,23 @@
{% endif %}
<div class="row">
{% for photo in photos %}
<div class="panel panel-tortin" style="width:182px;float:left;margin-left:20px">
<div class="panel-heading">
<h3 class="panel-title">
<input type="checkbox" name="photo_{{photo.service_name}}" id="photo_{{photo.service_name}}" checked="checked">
<label for="photo_{{photo.service_name}}" style="width:100%">
{{ photo.service_name }}
{% if photo.service_url %}
<a href="{{ photo.service_url }}" style="float:right;color:#FFFFFF"><i class="fa-solid fa-up-right-from-square"></i></a>
{% endif %}
</label>
</h3>
</div>
<div class="panel-body">
<center>
<img src="{{ photo.thumbnail_url }}" style="max-width: 80px; max-height: 80px;" alt="{{ photo.service_name }} image">
</center>
</div>
</div>
<div class="panel panel-tortin" style="width:182px;float:left;margin-left:20px">
<div class="panel-heading">
<h3 class="panel-title">
<input type="checkbox" name="photo_{{photo.service_name}}" id="photo_{{photo.service_name}}" checked="checked">
<label for="photo_{{photo.service_name}}" style="width:100%">
{{ photo.service_name }}
{% if photo.service_url %}
<a href="{{ photo.service_url }}" style="float:right;color:#FFFFFF"><i class="fa fa-external-link"></i></a>
{% endif %}
</label>
</h3></div>
<div class="panel-body">
<center>
<img src="{{ photo.thumbnail_url }}" style="max-width: 80px; max-height: 80px;" alt="{{ photo.service_name }} image">
</center>
</div>
</div>
{% endfor %}
</div>
<p>

10
ivatar/ivataraccount/templates/add_email.html
View File

@@ -17,17 +17,15 @@
{% if form.email.errors %}
<div class="alert alert-danger" role="alert">{{ form.email.errors }}</div>
{% endif %}
<div class="form-container">
<div style="max-width:640px">
<form action="{% url 'add_email' %}" name="addemail" method="post" id="form-addemail">
{% csrf_token %}
<div class="form-group">
<label for="id_email" class="form-label">{% trans 'Email' %}</label>
<input type="email" name="email" autofocus required class="form-control" id="id_email" placeholder="{% trans 'Enter your email address' %}">
</div>
<div class="button-group">
<button type="submit" class="btn btn-primary">{% trans 'Add' %}</button>
<label for="id_email">{% trans 'Email' %}:</label>
<input type="text" name="email" autofocus required class="form-control" id="id_email">
</div>
<button type="submit" class="button">{% trans 'Add' %}</button>
</form>
</div>

2
ivatar/ivataraccount/templates/add_openid.html
View File

@@ -1,4 +1,4 @@
{% extends 'base.html' %}
{% extends 'base.html' %}
{% load i18n %}
{% block title %}{% trans 'Add a new OpenID' %}{% endblock title %}

132
ivatar/ivataraccount/templates/assign_photo_email.html
View File

@@ -4,81 +4,65 @@
{% block title %}{% blocktrans with email.email as email_address %}Choose a photo for {{ email_address }}{% endblocktrans %}{% endblock title %}
{% block content %}
<style>
.nobutton {
background: none;
color: inherit;
border: none;
padding: 0;
font: inherit;
cursor: pointer;
outline: inherit;
}
</style>
<h1>{% blocktrans with email.email as email_address %}Choose a photo for {{ email_address }}{% endblocktrans %}</h1>
{% if user.photo_set.count %}
<p>{% trans 'Here are the pictures you have uploaded, click on the one you wish to associate with this email address:' %}</p>
<div class="photo-grid">
{% for photo in user.photo_set.all %}
<form action="{% url 'assign_photo_email' view.kwargs.email_id %}" method="post" class="photo-card">{% csrf_token %}
<input type="hidden" name="photo_id" value="{{ photo.id }}">
<button type="submit" name="photo{{ photo.id }}" class="nobutton">
<div class="panel panel-tortin">
<div class="panel-heading">
<h3 class="panel-title">{% if email.photo.id == photo.id %}<i class="fa-solid fa-check"></i>{% endif %} {% trans 'Image' %} {{ forloop.counter }}</h3>
</div>
<div class="panel-body" style="height:130px">
<center>
<img style="max-height:100px;max-width:100px" src="{% url 'raw_image' photo.id %}">
</center>
</div>
</div>
</button>
</form>
{% endfor %}
</div>
{% if not user.photo_set.count %}
{% url 'upload_photo' as upload_url %}
<h4>{% blocktrans %}You need to <a href="{{ upload_url }}">upload some photos</a> first!{% endblocktrans %}</h4>
<p><a href="{% url 'profile' %}" class="button">{% trans 'Back to your profile' %}</a></p>
{% else %}
<p>{% trans 'Here are the pictures you have uploaded, click on the one you wish to associate with this email address:' %}</p>
<div class="row">
{% for photo in user.photo_set.all %}
<form action="{% url 'assign_photo_email' view.kwargs.email_id %}" method="post" style="float:left;margin-left:20px">{% csrf_token %}
<input type="hidden" name="photo_id" value="{{ photo.id }}">
<button type="submit" name="photo{{ photo.id }}" class="nobutton">
<div class="panel panel-tortin" style="width:132px;margin:0">
<div class="panel-heading">
<h3 class="panel-title">{% ifequal email.photo.id photo.id %}<i class="fa fa-check"></i>{% endifequal %} {% trans 'Image' %} {{ forloop.counter }}</h3>
</div>
<div class="panel-body" style="height:130px">
<center>
<img style="max-height:100px;max-width:100px" src="{% url 'raw_image' photo.id %}">
</center>
</div>
</div>
</button>
</form>
{% endfor %}
<form action="{% url 'assign_photo_email' view.kwargs.email_id %}" method="post" style="float:left;margin-left:20px">{% csrf_token %}
<button type="submit" name="photoNone" class="nobutton">
<div class="panel panel-tortin" style="width:132px;margin:0">
<div class="panel-heading">
<h3 class="panel-title">{% ifequal email.photo.id photo.id %}<i class="fa fa-check"></i>{% endifequal %} {% trans 'No image' %}</h3>
</div>
<div class="panel-body" style="height:130px">
<center>
<img style="max-height:100px;max-width:100px" src="/static/img/nobody/100.png">
</center>
</div>
</div>
</button>
</form>
</div>
<div style="height:8px"></div>
<a href="{% url 'upload_photo' %}" class="button">{% blocktrans %}Upload a new one{% endblocktrans %}</a>&nbsp;&nbsp;
<a href="{% url 'import_photo' email.pk %}" class="button">{% blocktrans %}Import from other services{% endblocktrans %}</a>
{% endif %}
<div class="photo-grid">
<form action="{% url 'assign_photo_email' view.kwargs.email_id %}" method="post" class="photo-card">{% csrf_token %}
<button type="submit" name="photoNone" class="nobutton">
<div class="panel panel-tortin">
<div class="panel-heading">
<h3 class="panel-title">{% if email.photo.id == photo.id %}{% if not email.bluesky_handle %}<i class="fa-solid fa-check"></i>{% endif %}{% endif %} {% trans 'No image' %}</h3>
</div>
<div class="panel-body" style="height:130px">
<center>
<img style="max-height:100px;max-width:100px" src="/static/img/nobody/100.png">
</center>
</div>
</div>
</button>
</form>
{% if email.bluesky_handle %}
<form action="{% url 'assign_photo_email' view.kwargs.email_id %}" method="post" class="photo-card">{% csrf_token %}
<input type="hidden" name="photo_id" value="bluesky">
<button type="submit" name="photoBluesky" class="nobutton">
<div class="panel panel-tortin">
<div class="panel-heading">
<h3 class="panel-title">{% if email.bluesky_handle %}<i class="fa-solid fa-check"></i>{% endif %} {% trans "Bluesky" %}</h3>
</div>
<div class="panel-body" style="height:130px">
<center>
<img style="max-height:100px;max-width:100px" src="{% url "blueskyproxy" email.digest %}?size=100">
</center>
</div>
</div>
</button>
</form>
{% endif %}
</div>
<div class="action-buttons">
<a href="{% url 'upload_photo' %}" class="btn btn-primary">{% blocktrans %}Upload a new one{% endblocktrans %}</a>
<a href="{% url 'import_photo' %}" class="btn btn-secondary">{% blocktrans %}Import from other services{% endblocktrans %}</a>
</div>
<div style="margin-top: 2rem;">
<form action="{% url 'assign_bluesky_handle_to_email' view.kwargs.email_id %}" method="post">{% csrf_token %}
<div class="form-group">
<label for="id_bluesky_handle">{% trans "Bluesky handle" %}:</label>
{% if email.bluesky_handle %}
<input type="text" name="bluesky_handle" required value="{{ email.bluesky_handle }}" class="form-control" id="id_bluesky_handle">
{% else %}
<input type="text" name="bluesky_handle" required value="" placeholder="{% trans 'Bluesky handle' %}" class="form-control" id="id_bluesky_handle">
{% endif %}
</div>
<button type="submit" class="btn btn-primary">{% trans 'Assign Bluesky handle' %}</button>
</form>
</div>
<div style="height:40px"></div>
{% endblock content %}

123
ivatar/ivataraccount/templates/assign_photo_openid.html
View File

@@ -4,78 +4,65 @@
{% block title %}{% blocktrans with openid.openid as openid_address %}Choose a photo for {{ openid_address }}{% endblocktrans %}{% endblock title %}
{% block content %}
<style>
.nobutton {
background: none;
color: inherit;
border: none;
padding: 0;
font: inherit;
cursor: pointer;
outline: inherit;
}
</style>
<h1>{% blocktrans with openid.openid as openid_address %}Choose a photo for {{ openid_address }}{% endblocktrans %}</h1>
{% if user.photo_set.count %}
<p>{% trans 'Here are the pictures you have uploaded, click on the one you wish to associate with this openid address:' %}</p>
<div class="photo-grid">
{% for photo in user.photo_set.all %}
<form action="{% url 'assign_photo_openid' view.kwargs.openid_id %}" method="post" class="photo-card">{% csrf_token %}
<input type="hidden" name="photo_id" value="{{ photo.id }}">
<button type="submit" name="photo{{ photo.id }}" class="nobutton">
<div class="panel panel-tortin">
<div class="panel-heading">
<h3 class="panel-title">{% if openid.photo.id == photo.id %}<i class="fa-solid fa-check"></i>{% endif %} {% trans 'Image' %} {{ forloop.counter }}</h3>
</div>
<div class="panel-body" style="height:130px">
<center>
<img style="max-height:100px;max-width:100px" src="{% url 'raw_image' photo.id %}">
</center>
</div>
</div>
</button>
</form>
{% endfor %}
</div>
{% endif %}
{% if not user.photo_set.count %}
<div class="photo-grid">
<form action="{% url 'assign_photo_openid' view.kwargs.openid_id %}" method="post" class="photo-card">{% csrf_token %}
<button type="submit" name="photoNone" class="nobutton">
<div class="panel panel-tortin">
<div class="panel-heading">
<h3 class="panel-title">{% if not openid.photo and not openid.bluesky_handle %}<i class="fa-solid fa-check"></i>{% endif %} {% trans 'No image' %}</h3>
</div>
<div class="panel-body" style="height:130px">
<center>
{% url 'upload_photo' as upload_url %}
<h3>{% blocktrans %}You need to <a href="{{ upload_url }}">upload some photos</a> first!{% endblocktrans %}</h3>
<p><a href="{% url 'profile' %}" class="button">{% trans 'Back to your profile' %}</a></p>
{% else %}
<p>{% trans 'Here are the pictures you have uploaded, click on the one you wish to associate with this openid address:' %}</p>
<div class="row">
{% for photo in user.photo_set.all %}
<form action="{% url 'assign_photo_openid' view.kwargs.openid_id %}" method="post" style="float:left;margin-left:20px">{% csrf_token %}
<input type="hidden" name="photo_id" value="{{ photo.id }}">
<button type="submit" name="photo{{ photo.id }}" class="nobutton">
<div class="panel panel-tortin" style="width:132px;margin:0">
<div class="panel-heading">
<h3 class="panel-title">{% ifequal openid.photo.id photo.id %}<i class="fa fa-check"></i>{% endifequal %} {% trans 'Image' %} {{ forloop.counter }}</h3>
</div>
<div class="panel-body" style="height:130px">
<center>
<img style="max-height:100px;max-width:100px" src="{% url 'raw_image' photo.id %}">
</center>
</div>
</div>
</button>
</form>
{% endfor %}
<form action="{% url 'assign_photo_openid' view.kwargs.openid_id %}" method="post" style="float:left;margin-left:20px">{% csrf_token %}
<button type="submit" name="photoNone" class="nobutton">
<div class="panel panel-tortin" style="width:132px;margin:0">
<div class="panel-heading">
<h3 class="panel-title">{% ifequal openid.photo.id photo.id %}<i class="fa fa-check"></i>{% endifequal %} {% trans 'No image' %}</h3>
</div>
<div class="panel-body" style="height:130px">
<center>
<img style="max-height:100px;max-width:100px" src="/static/img/nobody/100.png">
</center>
</div>
</div>
</button>
</form>
{% if openid.bluesky_handle %}
<form action="" class="photo-card">
<div class="panel panel-tortin">
<div class="panel-heading">
<h3 class="panel-title"><i class="fa-solid fa-check"></i> {% trans "Bluesky" %}</h3>
</div>
<div class="panel-body" style="height:130px">
<center>
<img style="max-height:100px;max-width:100px" src="{% url "blueskyproxy" openid.digest %}?size=100">
</center>
</div>
</div>
</form>
{% endif %}
</center>
</div>
</div>
</button>
</form>
</div>
<div style="height:8px"></div>
<a href="{% url 'upload_photo' %}" class="button">{% blocktrans %}upload a new one{% endblocktrans %}</a>
<div class="action-buttons">
<a href="{% url 'upload_photo' %}" class="btn btn-primary">{% blocktrans %}upload a new one{% endblocktrans %}</a>
<a href="{% url 'import_photo' %}" class="btn btn-secondary">{% blocktrans %}Import from other services{% endblocktrans %}</a>
</div>
<div style="margin-top: 2rem;">
<form action="{% url 'assign_bluesky_handle_to_openid' view.kwargs.openid_id %}" method="post">{% csrf_token %}
<div class="form-group">
<label for="id_bluesky_handle">{% trans "Bluesky handle" %}:</label>
{% if openid.bluesky_handle %}
<input type="text" name="bluesky_handle" required value="{{ openid.bluesky_handle }}" class="form-control" id="id_bluesky_handle">
{% else %}
<input type="text" name="bluesky_handle" required value="" placeholder="{% trans 'Bluesky handle' %}" class="form-control" id="id_bluesky_handle">
{% endif %}
</div>
<button type="submit" class="btn btn-primary">{% trans 'Assign Bluesky handle' %}</button>
</form>
</div>
{% endif %}
<div style="height:40px"></div>
{% endblock content %}

7
ivatar/ivataraccount/templates/choose_libravatar_export.html
View File

@@ -8,13 +8,12 @@
<style>
input[type=checkbox] {display:none}
input[type=checkbox].image + label:before {
font-family: "Font Awesome 7 Free";
font-weight: 900;
font-family: FontAwesome;
display: inline-block;
}
input[type=checkbox].image + label:before {content: "\f0c8"}
input[type=checkbox].image + label:before {content: "\f096"}
input[type=checkbox].image + label:before {letter-spacing: 5px}
input[type=checkbox].image:checked + label:before {content: "\f14a"}
input[type=checkbox].image:checked + label:before {content: "\f046"}
input[type=checkbox].image:checked + label:before {letter-spacing: 3px}
</style>
<h1>{% trans 'Choose items to be imported' %}</h1>

2
ivatar/ivataraccount/templates/crop_photo.html
View File

@@ -1,4 +1,4 @@
{% extends 'base.html' %}
{% extends 'base.html' %}
{% load i18n %}
{% load static %}

4
ivatar/ivataraccount/templates/delete.html
View File

@@ -1,4 +1,4 @@
{% extends 'base.html' %}
{% extends 'base.html' %}
{% load i18n %}
{% load static %}
@@ -27,7 +27,7 @@
<button type="submit" class="btn btn-danger">{% trans 'Yes, delete all of my stuff' %}</button>
&nbsp;
<a href="{% url 'profile' %}" class="btn btn-secondary">{% trans 'Cancel' %}</a>
<button type="cancel" class="button" href="{% url 'profile' %}">{% trans 'Cancel' %}</button>
</form>

2
ivatar/ivataraccount/templates/email_confirmation.txt
View File

@@ -1,4 +1,4 @@
{% load i18n %}{% blocktrans %}Someone, probably you, requested that this email address be added to their
{% load i18n %}{% blocktrans %}Someone, probably you, requested that this email address be added to their
{{ site_name }} account.
If that's what you want, please confirm that you are the owner of this

7
ivatar/ivataraccount/templates/email_confirmed.html
View File

@@ -7,13 +7,12 @@
<style>
input[type=checkbox] {display:none}
input[type=checkbox] + label:before {
font-family: "Font Awesome 7 Free";
font-weight: 900;
font-family: FontAwesome;
display: inline-block;
}
input[type=checkbox] + label:before {content: "\f0c8"}
input[type=checkbox] + label:before {content: "\f096"}
input[type=checkbox] + label:before {letter-spacing: 5px}
input[type=checkbox]:checked + label:before {content: "\f14a"}
input[type=checkbox]:checked + label:before {content: "\f046"}
input[type=checkbox]:checked + label:before {letter-spacing: 3px}
</style>
<h1>{% trans 'Email confirmation' %}</h1>

55
ivatar/ivataraccount/templates/import_photo.html
View File

@@ -5,38 +5,37 @@
{% block content %}
<style>
input[type=checkbox] {display:none}
input[type=checkbox] + label:before {
font-family: "Font Awesome 7 Free";
font-weight: 900;
display: inline-block;
}
input[type=checkbox] + label:before {content: "\f0c8"}
input[type=checkbox] + label:before {letter-spacing: 5px}
input[type=checkbox]:checked + label:before {content: "\f14a"}
input[type=checkbox]:checked + label:before {letter-spacing: 3px}
input[type=checkbox] {display:none}
input[type=checkbox] + label:before {
font-family: FontAwesome;
display: inline-block;
}
input[type=checkbox] + label:before {content: "\f096"}
input[type=checkbox] + label:before {letter-spacing: 5px}
input[type=checkbox]:checked + label:before {content: "\f046"}
input[type=checkbox]:checked + label:before {letter-spacing: 3px}
</style>
<h1>{% trans 'Import photo' %}</h1>
{% if not email_id %}
<div style="max-width:640px">
<form action="{% url 'import_photo' %}" method="get" id="check_mail_form">
<div class="form-group">
<label for="check_email_addr">{% trans 'Email Address' %}</label>
<input type="text" name="check_email_addr" class="form-control" value="{{ email_addr }}">
</div>
<div class="form-group">
<button type="submit" class="button">{% trans 'Check' %}</button>
</div>
</form>
<script>
document.getElementById('check_mail_form').onsubmit =
function(self) {
window.location.href = "{% url 'import_photo' %}" + document.getElementsByName('check_email_addr')[0].value;
return false;
};
</script>
</div>
<div style="max-width:640px">
<form action="{% url 'import_photo' %}" method="get" id="check_mail_form">
<div class="form-group">
<label for="check_email_addr">{% trans 'Email Address' %}</label>
<input type="text" name="check_email_addr" class="form-control" value="{{ email_addr }}">
</div>
<div class="form-group">
<button type="submit" class="button">{% trans 'Check' %}</button>
</div>
</form>
<script>
document.getElementById('check_mail_form').onsubmit =
function(self) {
window.location.href = "{% url 'import_photo' %}" + document.getElementsByName('check_email_addr')[0].value;
return false;
};
</script>
</div>
{% endif %}
{% include '_import_photo_form.html' %}

28
ivatar/ivataraccount/templates/login.html
View File

@@ -18,28 +18,24 @@
{% if form.password.errors %}
<div class="alert alert-danger" role="alert">{{ form.password.errors }}</div>
{% endif %}
<div class="form-container">
<div style="max-width:700px">
<form action="{% url 'login' %}" method="post" name="login">
{% csrf_token %}
{% if next %}<input type="hidden" name="next" value="{{ next }}">{% endif %}
<div class="form-group">
<label for="id_username" class="form-label">{% trans 'Username' %}</label>
<input type="text" name="username" autofocus required class="form-control" id="id_username" placeholder="{% trans 'Enter your username' %}">
<label for="id_username">{% trans 'Username' %}:</label>
<input type="text" name="username" autofocus required class="form-control" id="id_username">
</div>
<div class="form-group">
<label for="id_password" class="form-label">{% trans 'Password' %}</label>
<input type="password" name="password" class="form-control" required id="id_password" placeholder="{% trans 'Enter your password' %}">
</div>
<div class="button-group">
<button type="submit" class="btn btn-primary">{% trans 'Login' %}</button>
<a href="{% url 'openid-login' %}" class="btn btn-secondary">{% trans 'Login with OpenID' %}</a>
{% if with_fedora %}
<a href="{% url "social:begin" "fedora" %}" class="btn btn-secondary">{% trans 'Login with Fedora' %}</a>
{% endif %}
<a href="{% url 'new_account' %}" class="btn btn-secondary">{% trans 'Create new user' %}</a>
<a href="{% url 'password_reset' %}" class="btn btn-secondary">{% trans 'Password reset' %}</a>
<label for="id_password">{% trans 'Password' %}:</label>
<input type="password" name="password" class="form-control" required id="id_password">
</div>
<button type="submit" class="button">{% trans 'Login' %}</button>
&nbsp;
<a href="{% url 'openid-login' %}" class="button">{% trans 'Login with OpenID' %}</a>
&nbsp;
<a href="{% url 'new_account' %}" class="button">{% trans 'Create new user' %}</a>
&nbsp;
<a href="{% url 'password_reset' %}" class="button">{% trans 'Password reset' %}</a>
</form>
</div>
<div style="height:40px"></div>

21
ivatar/ivataraccount/templates/new.html
View File

@@ -1,4 +1,4 @@
{% extends 'base.html' %}
{% extends 'base.html' %}
{% load i18n %}
{% block title %}{% trans 'Create a new ivatar account' %}{% endblock title %}
@@ -16,25 +16,22 @@
{% if form.password2.errors %}
<div class="alert alert-danger" role="alert">{{ form.password2.errors }}</div>
{% endif %}
<div class="form-container">
<form action="{% url 'new_account' %}" method="post" name="newaccount">
{% csrf_token %}
<div style="max-width:640px">
<div class="form-group">
<label for="id_username" class="form-label">{% trans 'Username' %}</label>
<input type="text" name="username" autofocus required class="form-control" id="id_username" placeholder="{% trans 'Choose a username' %}">
<label for="id_username">{% trans 'Username' %}:</label>
<input type="text" name="username" autofocus required class="form-control" id="id_username">
</div>
<div class="form-group">
<label for="id_password1" class="form-label">{% trans 'Password' %}</label>
<input type="password" name="password1" class="form-control" required id="id_password1" placeholder="{% trans 'Enter a secure password' %}">
<label for="id_password1">{% trans 'Password' %}:</label>
<input type="password" name="password1" class="form-control" required id="id_password1">
</div>
<div class="form-group">
<label for="id_password2" class="form-label">{% trans 'Password confirmation' %}</label>
<input type="password" name="password2" class="form-control" required id="id_password2" placeholder="{% trans 'Confirm your password' %}">
</div>
<div class="button-group">
<button type="submit" class="btn btn-primary">{% trans 'Create account' %}</button>
<a href="/accounts/login/" class="btn btn-secondary">{% trans 'Login' %}</a>
<label for="id_password2">{% trans 'Password confirmation' %}:</label>
<input type="password" name="password2" class="form-control" required id="id_password2">
</div>
<button type="submit" class="button">{% trans 'Create account' %}</button> or <a href="/accounts/login/" class="button">{% trans 'Login' %}</a>
</form>
</div>
<div style="height:40px"></div>

2
ivatar/ivataraccount/templates/password_change.html
View File

@@ -1,4 +1,4 @@
{% extends 'base.html' %}
{% extends 'base.html' %}
{% load i18n %}
{% block title %}{% trans 'Change your ivatar password' %}{% endblock title %}

13
ivatar/ivataraccount/templates/password_reset.html
View File

@@ -8,18 +8,17 @@
<h1>{% trans 'Reset password' %}</h1>
<p>{% trans 'To continue with the password reset, enter one of the email addresses associated with your account.' %}</p>
<div class="form-container">
<div style="max-width:640px">
<form action="" method="post" name="reset">{% csrf_token %}
{{ form.email.errors }}
<div class="form-group">
<label for="id_email" class="form-label">{% trans 'Email' %}</label>
<input type="email" name="email" autofocus required class="form-control" id="id_email" placeholder="{% trans 'Enter your email address' %}">
<label for="id_email">{% trans 'Email' %}:</label>
<input type="text" name="email" autofocus required class="form-control" id="id_email">
</div>
<div class="button-group">
<button type="submit" class="btn btn-primary">{% trans 'Reset my password' %}</button>
<a href="{% url 'profile' %}" class="btn btn-secondary">{% trans 'Cancel' %}</a>
</div>
<button type="submit" class="button">{% trans 'Reset my password' %}</button>&nbsp;
<button type="cancel" class="button" href="{% url 'profile' %}">{% trans 'Cancel' %}</button>
</form>
</div>

28
ivatar/ivataraccount/templates/preferences.html
View File

@@ -7,22 +7,17 @@
{% block content %}
<h1>{% trans 'Account settings' %}</h1>
<div class="form-container">
<label for="id_username" class="form-label">{% trans 'Username' %}</label>
<input type="text" name="username" class="form-control" id="id_username" disabled value="{{ user.username }}">
<label for="id_username">{% trans 'Username' %}:</label>
<input type="text" name="username" class="form-control" id="id_username" disabled value="{{ user.username }}" style="max-width:600px;">
<form action="{% url 'user_preference' %}" method="post">{% csrf_token %}
<div class="form-group">
<label for="id_first_name" class="form-label">{% trans 'Firstname' %}</label>
<input type="text" name="first_name" class="form-control" id="id_first_name" value="{{ user.first_name }}" placeholder="{% trans 'Enter your first name' %}">
</div>
<div class="form-group">
<label for="id_last_name" class="form-label">{% trans 'Lastname' %}</label>
<input type="text" name="last_name" class="form-control" id="id_last_name" value="{{ user.last_name }}" placeholder="{% trans 'Enter your last name' %}">
</div>
<div class="form-group">
<label for="id_email" class="form-label">{% trans 'E-mail address' %}</label>
<select name="email" class="form-control" id="id_email">
<label for="id_first_name">{% trans 'Firstname' %}:</label>
<input type="text" name="first_name" class="form-control" id="id_first_name" value="{{ user.first_name }}" style="max-width:600px;">
<label for="id_last_name">{% trans 'Lastname' %}:</label>
<input type="text" name="last_name" class="form-control" id="id_last_name" value="{{ user.last_name }}" style="max-width:600px;">
<label for="id_email">{% trans 'E-mail address' %}:</label>
<select name="email" class="form-control" id="id_email" style="max-width:600px;">
<option value="{{ user.email }}" selected>{{ user.email }}</option>
{% for confirmed_email in user.confirmedemail_set.all %}
{% if user.email != confirmed_email.email %}
@@ -32,11 +27,8 @@
</select>
</div>
<input type="hidden" name="theme" value="{{ user.userpreference.theme }}"/>
<div class="button-group">
<button type="submit" class="btn btn-primary">{% trans 'Save' %}</button>
</div>
<button type="submit" class="button">{% trans 'Save' %}</button>
</form>
</div>
<!-- TODO: Language stuff not yet fully implemented; Esp. translations are only half-way there

38
ivatar/ivataraccount/templates/profile.html
View File

@@ -101,15 +101,7 @@
<form action="{% url 'remove_confirmed_email' email.id %}" method="post">
{% csrf_token %}
<div id="email-conf-{{ forloop.counter }}" class="profile-container active">
<img title="{% trans 'Access count' %}: {{ email.access_count }}"
src="
{% if email.photo %}
{% url 'raw_image' email.photo.id %}
{% elif email.bluesky_handle %}
{% url 'blueskyproxy' email.digest %}
{% else %}
{% static '/img/nobody/120.png' %}
{% endif %}">
<img title="{% trans 'Access count' %}: {{ email.access_count }}" src="{% if email.photo %}{% url 'raw_image' email.photo.id %}{% else %}{% static '/img/nobody/120.png' %}{% endif %}">
<h3 class="panel-title email-profile" title="{{ email.email }}">
{{ email.email }}
</h3>
@@ -131,15 +123,7 @@
<form action="{% url 'remove_confirmed_email' email.id %}" method="post">
{% csrf_token %}
<div id="email-conf-{{ forloop.counter }}" class="profile-container" onclick="add_active('email-conf-{{ forloop.counter }}')">
<img title="{% trans 'Access count' %}: {{ email.access_count }}"
src="
{% if email.photo %}
{% url 'raw_image' email.photo.id %}
{% elif email.bluesky_handle %}
{% url 'blueskyproxy' email.digest %}
{% else %}
{% static '/img/nobody/120.png' %}
{% endif %}">
<img title="{% trans 'Access count' %}: {{ email.access_count }}" src="{% if email.photo %}{% url 'raw_image' email.photo.id %}{% else %}{% static '/img/nobody/120.png' %}{% endif %}">
<h3 class="panel-title email-profile" title="{{ email.email }}">
{{ email.email }}
</h3>
@@ -164,15 +148,7 @@
<form action="{% url 'remove_confirmed_openid' openid.id %}" method="post">{% csrf_token %}
<div>
<div id="id-conf-{{ forloop.counter }}" class="profile-container active">
<img title="{% trans 'Access count' %}: {{ openid.access_count }}"
src="
{% if openid.photo %}
{% url 'raw_image' openid.photo.id %}
{% elif openid.bluesky_handle %}
{% url 'blueskyproxy' openid.digest %}
{% else %}
{% static '/img/nobody/120.png' %}
{% endif %}">
<img title="{% trans 'Access count' %}: {{ openid.access_count }}" src="{% if openid.photo %}{% url 'raw_image' openid.photo.id %}{% else %}{% static '/img/nobody/120.png' %}{% endif %}">
<h3 class="panel-title email-profile" title="{{ openid.openid }}">
{{ openid.openid }}
</h3>
@@ -225,8 +201,8 @@
<form class="unconfirmed-mail-form" action="{% url 'remove_unconfirmed_email' email.id %}" method="post">
{% csrf_token %}
<div class="btn-group form-group" role="group">
<button type="submit" class="button" onclick="return confirm('{% trans 'Are you sure that you want to delete this email address?' %}')"><i class="fa-solid fa-trash"></i></button>
<a href="{% url 'resend_confirmation_mail' email.pk %}" class="button"><i class="fa-solid fa-envelope"></i></a>
<button type="submit" class="button" onclick="return confirm('{% trans 'Are you sure that you want to delete this email address?' %}')"><i class="fa fa-trash"></i></button>
<a href="{% url 'resend_confirmation_mail' email.pk %}" class="button"><i class="fa fa-envelope"></i></a>
<span class="input-group-addon" style="width: auto;">{{ email.email }}</span>
</div>
</form>
@@ -236,7 +212,7 @@
<form action="{% url 'remove_unconfirmed_openid' openid.id %}" method="post">
{% csrf_token %}
<div class="btn-group form-group" role="group">
<button type="submit" class="button" onclick="return confirm('{% trans 'Are you sure that you want to delete this OpenID?' %}')"><i class="fa-solid fa-trash"></i></button>
<button type="submit" class="button" onclick="return confirm('{% trans 'Are you sure that you want to delete this OpenID?' %}')"><i class="fa fa-trash"></i></button>
<span class="input-group-addon">{{ openid.openid }}</span>
</div>
</form>
@@ -253,7 +229,7 @@
{% for photo in user.photo_set.all %}
<div class="panel panel-tortin" style="width:132px;margin-left:20px;float:left">
<div class="panel-heading">
<h3 class="panel-title"><a href="{% url 'delete_photo' photo.pk %}" onclick="return confirm('{% trans 'Are you sure that you want to delete this image?' %}')"><i class="fa-solid fa-trash"></i></a> {% trans 'Image' %} {{ forloop.counter }}</h3>
<h3 class="panel-title"><a href="{% url 'delete_photo' photo.pk %}" onclick="return confirm('{% trans 'Are you sure that you want to delete this image?' %}')"><i class="fa fa-trash"></i></a> {% trans 'Image' %} {{ forloop.counter }}</h3>
</div>
<div class="panel-body" style="height:130px">
<img title="{% trans 'Access count' %}: {{ photo.access_count }}" style="max-height:100px;max-width:100px" src="{% url 'raw_image' photo.id %}">

72
ivatar/ivataraccount/test_auth.py
View File

@@ -1,72 +0,0 @@
from unittest import mock
from django.test import TestCase
from django.contrib.auth.models import User
from ivatar.ivataraccount.auth import FedoraOpenIdConnect
from ivatar.ivataraccount.models import ConfirmedEmail
from django.test import override_settings
@override_settings(SOCIAL_AUTH_FEDORA_OIDC_ENDPOINT="https://id.example.com/")
class AuthFedoraTestCase(TestCase):
def _authenticate(self, response):
backend = FedoraOpenIdConnect()
pipeline = backend.strategy.get_pipeline(backend)
return backend.pipeline(pipeline, response=response)
def test_new_user(self):
"""Check that a Fedora user gets a ConfirmedEmail automatically."""
user = self._authenticate({"nickname": "testuser", "email": "test@example.com"})
self.assertEqual(user.confirmedemail_set.count(), 1)
self.assertEqual(user.confirmedemail_set.first().email, "test@example.com")
@mock.patch("ivatar.ivataraccount.auth.TRUST_EMAIL_FROM_SOCIAL_AUTH_BACKENDS", [])
def test_new_user_untrusted_backend(self):
"""Check that ConfirmedEmails aren't automatically created for untrusted backends."""
user = self._authenticate({"nickname": "testuser", "email": "test@example.com"})
self.assertEqual(user.confirmedemail_set.count(), 0)
def test_existing_user(self):
"""Checks that existing users are found."""
user = User.objects.create_user(
username="testuser",
password="password",
email="test@example.com",
first_name="test",
last_name="user",
)
auth_user = self._authenticate(
{"nickname": "testuser", "email": "test@example.com"}
)
self.assertEqual(auth_user, user)
# Only add ConfirmedEmails on account creation.
self.assertEqual(auth_user.confirmedemail_set.count(), 0)
def test_existing_user_with_confirmed_email(self):
"""Check that the authenticating user is found using their ConfirmedEmail."""
user = User.objects.create_user(
username="testuser1",
password="password",
email="first@example.com",
first_name="test",
last_name="user",
)
ConfirmedEmail.objects.create_confirmed_email(user, "second@example.com", False)
auth_user = self._authenticate(
{"nickname": "testuser2", "email": "second@example.com"}
)
self.assertEqual(auth_user, user)
def test_existing_confirmed_email(self):
"""Check that ConfirmedEmail isn't created twice."""
user = User.objects.create_user(
username="testuser",
password="password",
email="testuser@example.com",
first_name="test",
last_name="user",
)
ConfirmedEmail.objects.create_confirmed_email(user, user.email, False)
auth_user = self._authenticate({"nickname": user.username, "email": user.email})
self.assertEqual(auth_user, user)
self.assertEqual(auth_user.confirmedemail_set.count(), 1)

968
ivatar/ivataraccount/test_views.py
View File

File diff suppressed because it is too large Load Diff

267
ivatar/ivataraccount/test_views_bluesky.py
View File

@@ -1,267 +0,0 @@
"""
Test our views in ivatar.ivataraccount.views and ivatar.views
"""
import contextlib
# pylint: disable=too-many-lines
import os
import django
import pytest
from django.test import TestCase
from django.test import Client
from django.urls import reverse
from django.contrib.auth.models import User
# from django.contrib.auth import authenticate
os.environ["DJANGO_SETTINGS_MODULE"] = "ivatar.settings"
django.setup()
# pylint: disable=wrong-import-position
from ivatar import settings
from ivatar.ivataraccount.models import ConfirmedOpenId, ConfirmedEmail
from ivatar.utils import random_string, Bluesky
from libravatar import libravatar_url
class Tester(TestCase): # pylint: disable=too-many-public-methods
"""
Main test class
"""
client = Client()
user = None
username = random_string()
password = random_string()
email = "{}@{}.{}".format(username, random_string(), random_string(2))
# Dunno why random tld doesn't work, but I'm too lazy now to investigate
openid = "http://{}.{}.{}/".format(username, random_string(), "org")
first_name = random_string()
last_name = random_string()
bsky_test_account = "libravatar.org"
def login(self):
"""
Login as user
"""
self.client.login(username=self.username, password=self.password)
def setUp(self):
"""
Prepare for tests.
- Create user
"""
self.user = User.objects.create_user(
username=self.username,
password=self.password,
first_name=self.first_name,
last_name=self.last_name,
)
settings.EMAIL_BACKEND = "django.core.mail.backends.dummy.EmailBackend"
# Clear any existing Bluesky session to ensure clean test state
Bluesky.clear_shared_session()
def tearDown(self):
"""
Clean up after tests
"""
# Clear Bluesky session to avoid affecting other tests
Bluesky.clear_shared_session()
def create_confirmed_openid(self):
"""
Create a confirmed openid
"""
return ConfirmedOpenId.objects.create(
user=self.user,
ip_address="127.0.0.1",
openid=self.openid,
)
def create_confirmed_email(self):
"""
Create a confirmed email
"""
return ConfirmedEmail.objects.create(
email=self.email,
user=self.user,
)
# The following tests need to be moved over to the model tests
# and real web UI tests added
@pytest.mark.bluesky
def test_bluesky_handle_for_mail_via_model_handle_does_not_exist(self):
"""
Add Bluesky handle to a confirmed mail address
"""
self.login()
confirmed = self.create_confirmed_email()
confirmed.set_bluesky_handle(self.bsky_test_account)
with contextlib.suppress(Exception):
confirmed.set_bluesky_handle(f"{self.bsky_test_account}1")
self.assertNotEqual(
confirmed.bluesky_handle,
f"{self.bsky_test_account}1",
"Setting Bluesky handle that doesn't exist works?",
)
@pytest.mark.bluesky
def test_bluesky_handle_for_mail_via_model_handle_exists(self):
"""
Add Bluesky handle to a confirmed mail address
"""
self.login()
confirmed = self.create_confirmed_email()
confirmed.set_bluesky_handle(self.bsky_test_account)
self.assertEqual(
confirmed.bluesky_handle,
self.bsky_test_account,
"Setting Bluesky handle doesn't work?",
)
@pytest.mark.bluesky
def test_bluesky_handle_for_openid_via_model_handle_does_not_exist(self):
"""
Add Bluesky handle to a confirmed openid address
"""
self.login()
confirmed = self.create_confirmed_openid()
confirmed.set_bluesky_handle(self.bsky_test_account)
with contextlib.suppress(Exception):
confirmed.set_bluesky_handle(f"{self.bsky_test_account}1")
self.assertNotEqual(
confirmed.bluesky_handle,
f"{self.bsky_test_account}1",
"Setting Bluesky handle that doesn't exist works?",
)
@pytest.mark.bluesky
def test_bluesky_handle_for_openid_via_model_handle_exists(self):
"""
Add Bluesky handle to a confirmed openid address
"""
self.login()
confirmed = self.create_confirmed_openid()
confirmed.set_bluesky_handle(self.bsky_test_account)
self.assertEqual(
confirmed.bluesky_handle,
self.bsky_test_account,
"Setting Bluesky handle doesn't work?",
)
@pytest.mark.bluesky
def test_bluesky_fetch_mail(self):
"""
Check if we can successfully fetch a Bluesky avatar via email
"""
self.login()
confirmed = self.create_confirmed_email()
confirmed.set_bluesky_handle(self.bsky_test_account)
lu = libravatar_url(confirmed.email, https=True)
lu = lu.replace("https://seccdn.libravatar.org/", reverse("home"))
response = self.client.get(lu)
# This is supposed to redirect to the Bluesky proxy
self.assertEqual(response.status_code, 302)
self.assertEqual(response["Location"], f"/blueskyproxy/{confirmed.digest}")
@pytest.mark.bluesky
def test_bluesky_fetch_openid(self):
"""
Check if we can successfully fetch a Bluesky avatar via OpenID
"""
self.login()
confirmed = self.create_confirmed_openid()
confirmed.set_bluesky_handle(self.bsky_test_account)
lu = libravatar_url(openid=confirmed.openid, https=True)
lu = lu.replace("https://seccdn.libravatar.org/", reverse("home"))
response = self.client.get(lu)
# This is supposed to redirect to the Bluesky proxy
self.assertEqual(response.status_code, 302)
self.assertEqual(response["Location"], f"/blueskyproxy/{confirmed.digest}")
@pytest.mark.bluesky
def test_assign_bluesky_handle_to_openid(self):
"""
Assign a Bluesky handle to an OpenID
"""
self.login()
confirmed = self.create_confirmed_openid()
self._assign_handle_to(
"assign_bluesky_handle_to_openid",
confirmed,
"Adding Bluesky handle to OpenID fails?",
)
@pytest.mark.bluesky
def test_assign_bluesky_handle_to_email(self):
"""
Assign a Bluesky handle to an email
"""
self.login()
confirmed = self.create_confirmed_email()
self._assign_handle_to(
"assign_bluesky_handle_to_email",
confirmed,
"Adding Bluesky handle to Email fails?",
)
def _assign_handle_to(self, endpoint, confirmed, message):
"""
Helper method to assign a handle to reduce code duplication
Since the endpoints are similar, we can reuse the code
"""
url = reverse(endpoint, args=[confirmed.id])
response = self.client.post(
url, {"bluesky_handle": self.bsky_test_account}, follow=True
)
self.assertEqual(response.status_code, 200, message)
confirmed.refresh_from_db(fields=["bluesky_handle"])
self.assertEqual(
confirmed.bluesky_handle,
self.bsky_test_account,
"Setting Bluesky handle doesn't work?",
)
@pytest.mark.bluesky
def test_assign_photo_to_mail_removes_bluesky_handle(self):
"""
Assign a Photo to a mail, removes Bluesky handle
"""
self.login()
confirmed = self.create_confirmed_email()
self._assign_bluesky_handle(confirmed, "assign_photo_email")
@pytest.mark.bluesky
def test_assign_photo_to_openid_removes_bluesky_handle(self):
"""
Assign a Photo to a OpenID, removes Bluesky handle
"""
self.login()
confirmed = self.create_confirmed_openid()
self._assign_bluesky_handle(confirmed, "assign_photo_openid")
def _assign_bluesky_handle(self, confirmed, endpoint):
"""
Helper method to assign a Bluesky handle
Since the endpoints are similar, we can reuse the code
"""
confirmed.bluesky_handle = self.bsky_test_account
confirmed.save()
url = reverse(endpoint, args=[confirmed.id])
response = self.client.post(url, {"photoNone": True}, follow=True)
self.assertEqual(response.status_code, 200, "Unassigning Photo doesn't work?")
confirmed.refresh_from_db(fields=["bluesky_handle"])
self.assertEqual(
confirmed.bluesky_handle, None, "Removing Bluesky handle doesn't work?"
)

60
ivatar/ivataraccount/urls.py
View File

@@ -1,8 +1,9 @@
# -*- coding: utf-8 -*-
"""
URLs for ivatar.ivataraccount
"""
from django.urls import path, re_path
from django.urls import path
from django.conf.urls import url
from django.contrib.auth.views import LogoutView
from django.contrib.auth.views import (
@@ -20,7 +21,6 @@ from .views import RemoveUnconfirmedOpenIDView, RemoveConfirmedOpenIDView
from .views import ImportPhotoView, RawImageView, DeletePhotoView
from .views import UploadPhotoView, AssignPhotoOpenIDView
from .views import AddOpenIDView, RedirectOpenIDView, ConfirmOpenIDView
from .views import AssignBlueskyHandleToEmailView, AssignBlueskyHandleToOpenIdView
from .views import CropPhotoView
from .views import UserPreferenceView, UploadLibravatarExportView
from .views import ResendConfirmationMailView
@@ -72,7 +72,7 @@ urlpatterns = [ # pylint: disable=invalid-name
),
path("delete/", DeleteAccountView.as_view(), name="delete"),
path("profile/", ProfileView.as_view(), name="profile"),
re_path(
url(
"profile/(?P<profile_username>.+)",
ProfileView.as_view(),
name="profile_with_profile_username",
@@ -81,87 +81,73 @@ urlpatterns = [ # pylint: disable=invalid-name
path("add_openid/", AddOpenIDView.as_view(), name="add_openid"),
path("upload_photo/", UploadPhotoView.as_view(), name="upload_photo"),
path("password_set/", PasswordSetView.as_view(), name="password_set"),
re_path(
url(
r"remove_unconfirmed_openid/(?P<openid_id>\d+)",
RemoveUnconfirmedOpenIDView.as_view(),
name="remove_unconfirmed_openid",
),
re_path(
url(
r"remove_confirmed_openid/(?P<openid_id>\d+)",
RemoveConfirmedOpenIDView.as_view(),
name="remove_confirmed_openid",
),
re_path(
url(
r"openid_redirection/(?P<openid_id>\d+)",
RedirectOpenIDView.as_view(),
name="openid_redirection",
),
re_path(
url(
r"confirm_openid/(?P<openid_id>\w+)",
ConfirmOpenIDView.as_view(),
name="confirm_openid",
),
re_path(
url(
r"confirm_email/(?P<verification_key>\w+)",
ConfirmEmailView.as_view(),
name="confirm_email",
),
re_path(
url(
r"remove_unconfirmed_email/(?P<email_id>\d+)",
RemoveUnconfirmedEmailView.as_view(),
name="remove_unconfirmed_email",
),
re_path(
url(
r"remove_confirmed_email/(?P<email_id>\d+)",
RemoveConfirmedEmailView.as_view(),
name="remove_confirmed_email",
),
re_path(
url(
r"assign_photo_email/(?P<email_id>\d+)",
AssignPhotoEmailView.as_view(),
name="assign_photo_email",
),
re_path(
url(
r"assign_photo_openid/(?P<openid_id>\d+)",
AssignPhotoOpenIDView.as_view(),
name="assign_photo_openid",
),
re_path(
r"assign_bluesky_handle_to_email/(?P<email_id>\d+)",
AssignBlueskyHandleToEmailView.as_view(),
name="assign_bluesky_handle_to_email",
),
re_path(
r"assign_bluesky_handle_to_openid/(?P<open_id>\d+)",
AssignBlueskyHandleToOpenIdView.as_view(),
name="assign_bluesky_handle_to_openid",
),
re_path(r"import_photo/$", ImportPhotoView.as_view(), name="import_photo"),
re_path(
url(r"import_photo/$", ImportPhotoView.as_view(), name="import_photo"),
url(
r"import_photo/(?P<email_addr>[\w.+-]+@[\w.]+.[\w.]+)",
ImportPhotoView.as_view(),
name="import_photo",
),
re_path(
url(
r"import_photo/(?P<email_id>\d+)",
ImportPhotoView.as_view(),
name="import_photo",
),
re_path(
r"delete_photo/(?P<pk>\d+)", DeletePhotoView.as_view(), name="delete_photo"
),
re_path(r"raw_image/(?P<pk>\d+)", RawImageView.as_view(), name="raw_image"),
re_path(r"crop_photo/(?P<pk>\d+)", CropPhotoView.as_view(), name="crop_photo"),
re_path(r"pref/$", UserPreferenceView.as_view(), name="user_preference"),
re_path(
r"upload_export/$", UploadLibravatarExportView.as_view(), name="upload_export"
),
re_path(
url(r"delete_photo/(?P<pk>\d+)", DeletePhotoView.as_view(), name="delete_photo"),
url(r"raw_image/(?P<pk>\d+)", RawImageView.as_view(), name="raw_image"),
url(r"crop_photo/(?P<pk>\d+)", CropPhotoView.as_view(), name="crop_photo"),
url(r"pref/$", UserPreferenceView.as_view(), name="user_preference"),
url(r"upload_export/$", UploadLibravatarExportView.as_view(), name="upload_export"),
url(
r"upload_export/(?P<save>save)$",
UploadLibravatarExportView.as_view(),
name="upload_export",
),
re_path(
url(
r"resend_confirmation_mail/(?P<email_id>\d+)",
ResendConfirmationMailView.as_view(),
name="resend_confirmation_mail",

381
ivatar/ivataraccount/views.py
View File

@@ -1,15 +1,13 @@
# -*- coding: utf-8 -*-
"""
View classes for ivatar/ivataraccount/
"""
from io import BytesIO
from ivatar.utils import urlopen, Bluesky
from urllib.request import urlopen
import base64
import binascii
import contextlib
from xml.sax import saxutils
import gzip
import logging
from PIL import Image
@@ -29,7 +27,6 @@ from django.contrib.auth.views import LoginView
from django.contrib.auth.views import (
PasswordResetView as PasswordResetViewOriginal,
)
from django.utils.crypto import get_random_string
from django.utils.translation import gettext_lazy as _
from django.http import HttpResponseRedirect, HttpResponse
from django.urls import reverse_lazy, reverse
@@ -49,7 +46,6 @@ from ivatar.settings import (
MAX_PHOTO_SIZE,
JPEG_QUALITY,
AVATAR_MAX_SIZE,
SOCIAL_AUTH_FEDORA_KEY,
)
from .gravatar import get_photo as get_gravatar_photo
@@ -62,19 +58,6 @@ from .models import UserPreference
from .models import file_format
from .read_libravatar_export import read_gzdata as libravatar_read_gzdata
# Initialize loggers
logger = logging.getLogger("ivatar")
security_logger = logging.getLogger("ivatar.security")
# Import OpenTelemetry with graceful degradation
from ..telemetry_utils import (
trace_file_upload,
trace_authentication,
get_telemetry_metrics,
)
avatar_metrics = get_telemetry_metrics()
def openid_logging(message, level=0):
"""
@@ -83,7 +66,7 @@ def openid_logging(message, level=0):
# Normal messages are not that important
# No need for coverage here
if level > 0: # pragma: no cover
logger.debug(message)
print(message)
class CreateView(SuccessMessageMixin, FormView):
@@ -94,7 +77,6 @@ class CreateView(SuccessMessageMixin, FormView):
template_name = "new.html"
form_class = UserCreationForm
@trace_authentication("user_registration")
def form_valid(self, form):
form.save()
user = authenticate(
@@ -105,8 +87,23 @@ class CreateView(SuccessMessageMixin, FormView):
# If the username looks like a mail address, automagically
# add it as unconfirmed mail and set it also as user's
# email address
with contextlib.suppress(Exception):
self._extracted_from_form_valid_(form, user)
try:
# This will error out if it's not a valid address
valid = validate_email(form.cleaned_data["username"])
user.email = valid.email
user.save()
# The following will also error out if it already exists
unconfirmed = UnconfirmedEmail()
unconfirmed.email = valid.email
unconfirmed.user = user
unconfirmed.save()
unconfirmed.send_confirmation_mail(
url=self.request.build_absolute_uri("/")[:-1]
)
# In any exception cases, we just skip it
except Exception: # pylint: disable=broad-except
pass
login(self.request, user)
pref = UserPreference.objects.create(
user_id=user.pk
@@ -115,26 +112,13 @@ class CreateView(SuccessMessageMixin, FormView):
return HttpResponseRedirect(reverse_lazy("profile"))
return HttpResponseRedirect(reverse_lazy("login")) # pragma: no cover
def _extracted_from_form_valid_(self, form, user):
# This will error out if it's not a valid address
valid = validate_email(form.cleaned_data["username"])
user.email = valid.email
user.save()
# The following will also error out if it already exists
unconfirmed = UnconfirmedEmail()
unconfirmed.email = valid.email
unconfirmed.user = user
unconfirmed.save()
unconfirmed.send_confirmation_mail(
url=self.request.build_absolute_uri("/")[:-1]
)
def get(self, request, *args, **kwargs):
"""
Handle get for create view
"""
if request.user and request.user.is_authenticated:
return HttpResponseRedirect(reverse_lazy("profile"))
if request.user:
if request.user.is_authenticated:
return HttpResponseRedirect(reverse_lazy("profile"))
return super().get(self, request, args, kwargs)
@@ -150,7 +134,7 @@ class PasswordSetView(SuccessMessageMixin, FormView):
success_url = reverse_lazy("profile")
def get_form_kwargs(self):
kwargs = super().get_form_kwargs()
kwargs = super(PasswordSetView, self).get_form_kwargs()
kwargs["user"] = self.request.user
return kwargs
@@ -223,13 +207,6 @@ class ConfirmEmailView(SuccessMessageMixin, TemplateView):
messages.error(request, _("Verification key does not exist"))
return HttpResponseRedirect(reverse_lazy("profile"))
if ConfirmedEmail.objects.filter(email=unconfirmed.email).count() > 0:
messages.error(
request,
_("This mail address has been taken already and cannot be confirmed"),
)
return HttpResponseRedirect(reverse_lazy("profile"))
# TODO: Check for a reasonable expiration time in unconfirmed email
(confirmed_id, external_photos) = ConfirmedEmail.objects.create_confirmed_email(
@@ -291,30 +268,19 @@ class AssignPhotoEmailView(SuccessMessageMixin, TemplateView):
if "photoNone" in request.POST:
email.photo = None
email.bluesky_handle = None
elif "photoBluesky" in request.POST:
# Keep the existing Bluesky handle, clear the photo
email.photo = None
# Don't clear bluesky_handle - keep it as is
else:
if "photo_id" not in request.POST:
messages.error(request, _("Invalid request [photo_id] missing"))
return HttpResponseRedirect(reverse_lazy("profile"))
if request.POST["photo_id"] == "bluesky":
# Handle Bluesky photo selection
email.photo = None
# Don't clear bluesky_handle - keep it as is
else:
try:
photo = self.model.objects.get( # pylint: disable=no-member
id=request.POST["photo_id"], user=request.user
)
except self.model.DoesNotExist: # pylint: disable=no-member
messages.error(request, _("Photo does not exist"))
return HttpResponseRedirect(reverse_lazy("profile"))
email.photo = photo
email.bluesky_handle = None
try:
photo = self.model.objects.get( # pylint: disable=no-member
id=request.POST["photo_id"], user=request.user
)
except self.model.DoesNotExist: # pylint: disable=no-member
messages.error(request, _("Photo does not exist"))
return HttpResponseRedirect(reverse_lazy("profile"))
email.photo = photo
email.save()
messages.success(request, _("Successfully changed photo"))
@@ -364,7 +330,6 @@ class AssignPhotoOpenIDView(SuccessMessageMixin, TemplateView):
messages.error(request, _("Photo does not exist"))
return HttpResponseRedirect(reverse_lazy("profile"))
openid.photo = photo
openid.bluesky_handle = None
openid.save()
messages.success(request, _("Successfully changed photo"))
@@ -378,116 +343,6 @@ class AssignPhotoOpenIDView(SuccessMessageMixin, TemplateView):
return data
@method_decorator(login_required, name="dispatch")
class AssignBlueskyHandleToEmailView(SuccessMessageMixin, TemplateView):
"""
View class for assigning a Bluesky handle to an email address
"""
def post(self, request, *args, **kwargs): # pylint: disable=unused-argument
"""
Handle post request - assign bluesky handle to email
"""
try:
email = ConfirmedEmail.objects.get(user=request.user, id=kwargs["email_id"])
except ConfirmedEmail.DoesNotExist: # pylint: disable=no-member
messages.error(request, _("Invalid request"))
return HttpResponseRedirect(reverse_lazy("profile"))
if "bluesky_handle" not in request.POST:
messages.error(request, _("Invalid request [bluesky_handle] missing"))
return HttpResponseRedirect(reverse_lazy("profile"))
bluesky_handle = request.POST["bluesky_handle"]
try:
bs = Bluesky()
bs.get_avatar(bluesky_handle)
except Exception as e:
messages.error(request, _(f"Handle '{bluesky_handle}' not found: {e}"))
return HttpResponseRedirect(
reverse_lazy(
"assign_photo_email", kwargs={"email_id": int(kwargs["email_id"])}
)
)
try:
email.set_bluesky_handle(bluesky_handle)
except Exception as e:
messages.error(request, _(f"Error: {e}"))
return HttpResponseRedirect(
reverse_lazy(
"assign_photo_email", kwargs={"email_id": int(kwargs["email_id"])}
)
)
email.photo = None
email.save()
messages.success(request, _("Successfully assigned Bluesky handle"))
return HttpResponseRedirect(reverse_lazy("profile"))
def get_context_data(self, **kwargs):
data = super().get_context_data(**kwargs)
data["email"] = ConfirmedEmail.objects.get(pk=kwargs["email_id"])
return data
@method_decorator(login_required, name="dispatch")
class AssignBlueskyHandleToOpenIdView(SuccessMessageMixin, TemplateView):
"""
View class for assigning a Bluesky handle to an email address
"""
def post(self, request, *args, **kwargs): # pylint: disable=unused-argument
"""
Handle post request - assign bluesky handle to email
"""
try:
openid = ConfirmedOpenId.objects.get(
user=request.user, id=kwargs["open_id"]
)
except ConfirmedOpenId.DoesNotExist: # pylint: disable=no-member
messages.error(request, _("Invalid request"))
return HttpResponseRedirect(reverse_lazy("profile"))
if "bluesky_handle" not in request.POST:
messages.error(request, _("Invalid request [bluesky_handle] missing"))
return HttpResponseRedirect(reverse_lazy("profile"))
bluesky_handle = request.POST["bluesky_handle"]
try:
bs = Bluesky()
bs.get_avatar(bluesky_handle)
except Exception as e:
messages.error(request, _(f"Handle '{bluesky_handle}' not found: {e}"))
return HttpResponseRedirect(
reverse_lazy(
"assign_photo_openid", kwargs={"openid_id": int(kwargs["open_id"])}
)
)
try:
openid.set_bluesky_handle(bluesky_handle)
except Exception as e:
messages.error(request, _(f"Error: {e}"))
return HttpResponseRedirect(
reverse_lazy(
"assign_photo_openid", kwargs={"openid_id": int(kwargs["open_id"])}
)
)
openid.photo = None
openid.save()
messages.success(request, _("Successfully assigned Bluesky handle"))
return HttpResponseRedirect(reverse_lazy("profile"))
def get_context_data(self, **kwargs):
data = super().get_context_data(**kwargs)
data["openid"] = ConfirmedOpenId.objects.get(pk=kwargs["open_id"])
return data
@method_decorator(login_required, name="dispatch")
class ImportPhotoView(SuccessMessageMixin, TemplateView):
"""
@@ -508,25 +363,29 @@ class ImportPhotoView(SuccessMessageMixin, TemplateView):
messages.error(self.request, _("Address does not exist"))
return context
if addr := kwargs.get("email_addr", None):
if gravatar := get_gravatar_photo(addr):
addr = kwargs.get("email_addr", None)
if addr:
gravatar = get_gravatar_photo(addr)
if gravatar:
context["photos"].append(gravatar)
if libravatar_service_url := libravatar_url(
libravatar_service_url = libravatar_url(
email=addr,
default=404,
size=AVATAR_MAX_SIZE,
):
)
if libravatar_service_url:
try:
urlopen(libravatar_service_url)
except OSError as exc:
logger.warning(f"Exception caught during photo import: {exc}")
print("Exception caught during photo import: {}".format(exc))
else:
context["photos"].append(
{
"service_url": libravatar_service_url,
"thumbnail_url": f"{libravatar_service_url}&s=80",
"image_url": f"{libravatar_service_url}&s=512",
"thumbnail_url": libravatar_service_url + "&s=80",
"image_url": libravatar_service_url + "&s=512",
"width": 80,
"height": 80,
"service_name": "Libravatar",
@@ -545,7 +404,7 @@ class ImportPhotoView(SuccessMessageMixin, TemplateView):
imported = None
email_id = kwargs.get("email_id", request.POST.get("email_id", None))
addr = kwargs.get("email", request.POST.get("email_addr", None))
addr = kwargs.get("emali_addr", request.POST.get("email_addr", None))
if email_id:
email = ConfirmedEmail.objects.filter(id=email_id, user=request.user)
@@ -595,9 +454,9 @@ class RawImageView(DetailView):
def get(self, request, *args, **kwargs):
photo = self.model.objects.get(pk=kwargs["pk"]) # pylint: disable=no-member
if photo.user.id != request.user.id and not request.user.is_staff:
if not photo.user.id == request.user.id and not request.user.is_staff:
return HttpResponseRedirect(reverse_lazy("home"))
return HttpResponse(BytesIO(photo.data), content_type=f"image/{photo.format}")
return HttpResponse(BytesIO(photo.data), content_type="image/%s" % photo.format)
@method_decorator(login_required, name="dispatch")
@@ -627,7 +486,7 @@ class DeletePhotoView(SuccessMessageMixin, View):
@method_decorator(login_required, name="dispatch")
class UploadPhotoView(SuccessMessageMixin, FormView):
"""
View class responsible for photo upload with enhanced security
View class responsible for photo upload
"""
model = Photo
@@ -637,64 +496,26 @@ class UploadPhotoView(SuccessMessageMixin, FormView):
success_url = reverse_lazy("profile")
def post(self, request, *args, **kwargs):
# Check maximum number of photos
num_photos = request.user.photo_set.count()
if num_photos >= MAX_NUM_PHOTOS:
messages.error(
request, _("Maximum number of photos (%i) reached" % MAX_NUM_PHOTOS)
)
return HttpResponseRedirect(reverse_lazy("profile"))
return super().post(request, *args, **kwargs)
@trace_file_upload("photo_upload")
def form_valid(self, form):
photo_data = self.request.FILES["photo"]
# Additional size check (redundant but good for security)
if photo_data.size > MAX_PHOTO_SIZE:
messages.error(self.request, _("Image too big"))
avatar_metrics.record_file_upload(
file_size=photo_data.size,
content_type=photo_data.content_type,
success=False,
)
return HttpResponseRedirect(reverse_lazy("profile"))
# Enhanced security logging
security_logger.info(
f"Photo upload attempt by user {self.request.user.id} "
f"from IP {get_client_ip(self.request)[0]}, "
f"file size: {photo_data.size} bytes"
)
photo = form.save(self.request, photo_data)
if not photo:
security_logger.warning(
f"Photo upload failed for user {self.request.user.id} - invalid format"
)
messages.error(self.request, _("Invalid Format"))
avatar_metrics.record_file_upload(
file_size=photo_data.size,
content_type=photo_data.content_type,
success=False,
)
return HttpResponseRedirect(reverse_lazy("profile"))
# Log successful upload
security_logger.info(
f"Photo uploaded successfully by user {self.request.user.id}, "
f"photo ID: {photo.pk}"
)
# Record successful file upload metrics
avatar_metrics.record_file_upload(
file_size=photo_data.size,
content_type=photo_data.content_type,
success=True,
)
# Override success URL -> Redirect to crop page.
self.success_url = reverse_lazy("crop_photo", args=[photo.pk])
return super().form_valid(form)
@@ -711,16 +532,17 @@ class AddOpenIDView(SuccessMessageMixin, FormView):
success_url = reverse_lazy("profile")
def form_valid(self, form):
if openid_id := form.save(self.request.user):
# At this point we have an unconfirmed OpenID, but
# we do not add the message, that we successfully added it,
# since this is misleading
return HttpResponseRedirect(
reverse_lazy("openid_redirection", args=[openid_id])
)
else:
openid_id = form.save(self.request.user)
if not openid_id:
return render(self.request, self.template_name, {"form": form})
# At this point we have an unconfirmed OpenID, but
# we do not add the message, that we successfully added it,
# since this is misleading
return HttpResponseRedirect(
reverse_lazy("openid_redirection", args=[openid_id])
)
@method_decorator(login_required, name="dispatch")
class RemoveUnconfirmedOpenIDView(View):
@@ -740,9 +562,7 @@ class RemoveUnconfirmedOpenIDView(View):
)
openid.delete()
messages.success(request, _("ID removed"))
except (
self.model.DoesNotExist
): # pragma: no cover pylint: disable=no-member,line-too-long
except self.model.DoesNotExist: # pragma: no cover pylint: disable=no-member,line-too-long
messages.error(request, _("ID does not exist"))
return HttpResponseRedirect(reverse_lazy("profile"))
@@ -772,7 +592,7 @@ class RemoveConfirmedOpenIDView(View):
openidobj.delete()
except Exception as exc: # pylint: disable=broad-except
# Why it is not there?
logger.warning(f"How did we get here: {exc}")
print("How did we get here: %s" % exc)
openid.delete()
messages.success(request, _("ID removed"))
except self.model.DoesNotExist: # pylint: disable=no-member
@@ -796,9 +616,7 @@ class RedirectOpenIDView(View):
unconfirmed = self.model.objects.get( # pylint: disable=no-member
user=request.user, id=kwargs["openid_id"]
)
except (
self.model.DoesNotExist
): # pragma: no cover pylint: disable=no-member,line-too-long
except self.model.DoesNotExist: # pragma: no cover pylint: disable=no-member,line-too-long
messages.error(request, _("ID does not exist"))
return HttpResponseRedirect(reverse_lazy("profile"))
@@ -811,7 +629,7 @@ class RedirectOpenIDView(View):
try:
auth_request = openid_consumer.begin(user_url)
except consumer.DiscoveryFailure as exc:
messages.error(request, _(f"OpenID discovery failed: {exc}"))
messages.error(request, _("OpenID discovery failed: %s" % exc))
return HttpResponseRedirect(reverse_lazy("profile"))
except UnicodeDecodeError as exc: # pragma: no cover
msg = _(
@@ -823,7 +641,7 @@ class RedirectOpenIDView(View):
"message": exc,
}
)
logger.error(f"message: {msg}")
print("message: %s" % msg)
messages.error(request, msg)
if auth_request is None: # pragma: no cover
@@ -957,13 +775,19 @@ class CropPhotoView(TemplateView):
}
email = openid = None
if "email" in request.POST:
with contextlib.suppress(ConfirmedEmail.DoesNotExist):
try:
email = ConfirmedEmail.objects.get(email=request.POST["email"])
except ConfirmedEmail.DoesNotExist: # pylint: disable=no-member
pass # Ignore automatic assignment
if "openid" in request.POST:
with contextlib.suppress(ConfirmedOpenId.DoesNotExist):
try:
openid = ConfirmedOpenId.objects.get( # pylint: disable=no-member
openid=request.POST["openid"]
)
except ConfirmedOpenId.DoesNotExist: # pylint: disable=no-member
pass # Ignore automatic assignment
return photo.perform_crop(request, dimensions, email, openid)
@@ -999,14 +823,14 @@ class UserPreferenceView(FormView, UpdateView):
if request.POST["email"] not in addresses:
messages.error(
self.request,
_(f'Mail address not allowed: {request.POST["email"]}'),
_("Mail address not allowed: %s" % request.POST["email"]),
)
else:
self.request.user.email = request.POST["email"]
self.request.user.save()
messages.info(self.request, _("Mail address changed."))
except Exception as e: # pylint: disable=broad-except
messages.error(self.request, _(f"Error setting new mail address: {e}"))
messages.error(self.request, _("Error setting new mail address: %s" % e))
try:
if request.POST["first_name"] or request.POST["last_name"]:
@@ -1018,7 +842,7 @@ class UserPreferenceView(FormView, UpdateView):
messages.info(self.request, _("Last name changed."))
self.request.user.save()
except Exception as e: # pylint: disable=broad-except
messages.error(self.request, _(f"Error setting names: {e}"))
messages.error(self.request, _("Error setting names: %s" % e))
return HttpResponseRedirect(reverse_lazy("user_preference"))
@@ -1086,14 +910,15 @@ class UploadLibravatarExportView(SuccessMessageMixin, FormView):
except Exception as exc: # pylint: disable=broad-except
# DEBUG
print(
f"Exception during adding mail address ({email}): {exc}"
"Exception during adding mail address (%s): %s"
% (email, exc)
)
if arg.startswith("photo"):
try:
data = base64.decodebytes(bytes(request.POST[arg], "utf-8"))
except binascii.Error as exc:
logger.warning(f"Cannot decode photo: {exc}")
print("Cannot decode photo: %s" % exc)
continue
try:
pilobj = Image.open(BytesIO(data))
@@ -1107,7 +932,7 @@ class UploadLibravatarExportView(SuccessMessageMixin, FormView):
photo.data = out.read()
photo.save()
except Exception as exc: # pylint: disable=broad-except
logger.error(f"Exception during save: {exc}")
print("Exception during save: %s" % exc)
continue
return HttpResponseRedirect(reverse_lazy("profile"))
@@ -1127,7 +952,7 @@ class UploadLibravatarExportView(SuccessMessageMixin, FormView):
},
)
except Exception as e:
messages.error(self.request, _(f"Unable to parse file: {e}"))
messages.error(self.request, _("Unable to parse file: %s" % e))
return HttpResponseRedirect(reverse_lazy("upload_export"))
@@ -1153,12 +978,13 @@ class ResendConfirmationMailView(View):
try:
email.send_confirmation_mail(url=request.build_absolute_uri("/")[:-1])
messages.success(
request, f'{_("Confirmation mail sent to")}: {email.email}'
request, "%s: %s" % (_("Confirmation mail sent to"), email.email)
)
except Exception as exc: # pylint: disable=broad-except
messages.error(
request,
f'{_("Unable to send confirmation email for")} {email.email}: {exc}',
"%s %s: %s"
% (_("Unable to send confirmation email for"), email.email, exc),
)
return HttpResponseRedirect(reverse_lazy("profile"))
@@ -1170,32 +996,15 @@ class IvatarLoginView(LoginView):
template_name = "login.html"
@trace_authentication("login_attempt")
def get(self, request, *args, **kwargs):
"""
Handle get for login view
"""
if request.user:
if request.user.is_authenticated:
# Respect the 'next' parameter if present
next_url = request.GET.get("next")
if next_url:
return HttpResponseRedirect(next_url)
return HttpResponseRedirect(reverse_lazy("profile"))
return super().get(self, request, args, kwargs)
@trace_authentication("login_post")
def post(self, request, *args, **kwargs):
"""
Handle login form submission
"""
return super().post(request, *args, **kwargs)
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
context["with_fedora"] = SOCIAL_AUTH_FEDORA_KEY is not None
return context
@method_decorator(login_required, name="dispatch")
class ProfileView(TemplateView):
@@ -1209,9 +1018,12 @@ class ProfileView(TemplateView):
if "profile_username" in kwargs:
if not request.user.is_staff:
return HttpResponseRedirect(reverse_lazy("profile"))
with contextlib.suppress(Exception):
try:
u = User.objects.get(username=kwargs["profile_username"])
request.user = u
except Exception: # pylint: disable=broad-except
pass
self._confirm_claimed_openid()
return super().get(self, request, args, kwargs)
@@ -1242,7 +1054,7 @@ class ProfileView(TemplateView):
openid=openids.first().claimed_id
).exists():
return
logger.debug(f"need to confirm: {openids.first()}")
print("need to confirm: %s" % openids.first())
confirmed = ConfirmedOpenId()
confirmed.user = self.request.user
confirmed.ip_address = get_client_ip(self.request)[0]
@@ -1260,7 +1072,7 @@ class PasswordResetView(PasswordResetViewOriginal):
Since we have the mail addresses in ConfirmedEmail model,
we need to set the email on the user object in order for the
PasswordResetView class to pick up the correct user.
In case we have the mail address in the User object, we still
In case we have the mail address in the User objecct, we still
need to assign a random password in order for PasswordResetView
class to pick up the user - else it will silently do nothing.
"""
@@ -1268,28 +1080,32 @@ class PasswordResetView(PasswordResetViewOriginal):
user = None
# Try to find the user via the normal user class
# TODO: How to handle the case that multiple user accounts
# could have the same password set?
user = User.objects.filter(email=request.POST["email"]).first()
try:
user = User.objects.get(email=request.POST["email"])
except ObjectDoesNotExist:
pass
# If we didn't find the user in the previous step,
# try the ConfirmedEmail class instead.
# If we find the user there, we need to set the mail
# attribute on the user object accordingly
if not user:
with contextlib.suppress(ObjectDoesNotExist):
try:
confirmed_email = ConfirmedEmail.objects.get(
email=request.POST["email"]
)
user = confirmed_email.user
user.email = confirmed_email.email
user.save()
except ObjectDoesNotExist:
pass
# If we found the user, set a random password. Else, the
# ResetPasswordView class will silently ignore the password
# reset request
if user:
if not user.password or user.password.startswith("!"):
random_pass = get_random_string(12)
random_pass = User.objects.make_random_password()
user.set_password(random_pass)
user.save()
@@ -1323,6 +1139,7 @@ class DeleteAccountView(SuccessMessageMixin, FormView):
messages.error(request, _("No password given"))
return HttpResponseRedirect(reverse_lazy("delete"))
raise _("No password given")
# should delete all confirmed/unconfirmed/photo objects
request.user.delete()
return super().post(self, request, args, kwargs)
@@ -1345,7 +1162,7 @@ class ExportView(SuccessMessageMixin, TemplateView):
Handle real export
"""
SCHEMA_ROOT = "https://www.libravatar.org/schemas/export/0.2"
SCHEMA_XSD = f"{SCHEMA_ROOT}/export.xsd"
SCHEMA_XSD = "%s/export.xsd" % SCHEMA_ROOT
def xml_header():
return (
@@ -1361,7 +1178,7 @@ class ExportView(SuccessMessageMixin, TemplateView):
def xml_account(user):
escaped_username = saxutils.quoteattr(user.username)
escaped_password = saxutils.quoteattr(user.password)
return " <account username={} password={}/>\n".format(
return " <account username=%s password=%s/>\n" % (
escaped_username,
escaped_password,
)
@@ -1428,7 +1245,7 @@ class ExportView(SuccessMessageMixin, TemplateView):
response = HttpResponse(content_type="application/gzip")
response["Content-Disposition"] = (
f'attachment; filename="libravatar-export_{user.username}.xml.gz"'
'attachment; filename="libravatar-export_%s.xml.gz"' % user.username
)
response.write(bytesobj.read())
return response

40
ivatar/middleware.py
View File

@@ -1,47 +1,9 @@
# -*- coding: utf-8 -*-
"""
Middleware classes
"""
from django.utils.deprecation import MiddlewareMixin
from django.middleware.locale import LocaleMiddleware
class CustomLocaleMiddleware(LocaleMiddleware):
"""
Middleware that extends LocaleMiddleware to skip Vary header processing for image URLs
"""
def process_response(self, request, response):
# Check if this is an image-related URL
path = request.path
if any(
path.startswith(prefix)
for prefix in ["/avatar/", "/gravatarproxy/", "/blueskyproxy/"]
):
# Delete Vary from header if exists
if "Vary" in response:
del response["Vary"]
# Extract hash from URL path for ETag
# URLs are like /avatar/{hash}, /gravatarproxy/{hash}, /blueskyproxy/{hash}
path_parts = path.strip("/").split("/")
if len(path_parts) >= 2:
hash_value = path_parts[1] # Get the hash part
# Sanitize hash_value to remove newlines and other control characters
# that would cause BadHeaderError
hash_value = "".join(
c for c in hash_value if c.isprintable() and c not in "\r\n"
)
response["Etag"] = f'"{hash_value}"'
else:
# Fallback to content hash if we can't extract from URL
response["Etag"] = f'"{hash(response.content)}"'
# Skip the parent's process_response to avoid adding Accept-Language to Vary
return response
# For all other URLs, use the parent's behavior
return super().process_response(request, response)
class MultipleProxyMiddleware(

300
ivatar/opentelemetry_config.py
View File

@@ -1,300 +0,0 @@
"""
OpenTelemetry configuration for ivatar project.
This module provides OpenTelemetry setup and configuration for the ivatar
Django application, including tracing, metrics, and logging integration.
"""
import os
import logging
from opentelemetry import trace, metrics
from opentelemetry.sdk.trace import TracerProvider
from opentelemetry.sdk.trace.export import BatchSpanProcessor
from opentelemetry.sdk.metrics import MeterProvider
from opentelemetry.sdk.metrics.export import PeriodicExportingMetricReader
from opentelemetry.sdk.resources import Resource
from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import OTLPSpanExporter
from opentelemetry.exporter.otlp.proto.grpc.metric_exporter import OTLPMetricExporter
from opentelemetry.exporter.prometheus import PrometheusMetricReader
from opentelemetry.instrumentation.psycopg2 import Psycopg2Instrumentor
from opentelemetry.instrumentation.pymysql import PyMySQLInstrumentor
from opentelemetry.instrumentation.requests import RequestsInstrumentor
from opentelemetry.instrumentation.urllib3 import URLLib3Instrumentor
from django.conf import settings
from django.core.exceptions import ImproperlyConfigured
# Note: Memcached instrumentation not available in OpenTelemetry Python
logger = logging.getLogger("ivatar")
class OpenTelemetryConfig:
"""
OpenTelemetry configuration manager for ivatar.
Handles setup of tracing, metrics, and instrumentation for the Django application.
"""
def __init__(self):
self.enabled = True # Always enable OpenTelemetry instrumentation
self.export_enabled = self._is_export_enabled()
self.service_name = self._get_service_name()
self.environment = self._get_environment()
self.resource = self._create_resource()
def _is_export_enabled(self) -> bool:
"""Check if OpenTelemetry data export is enabled via environment variable."""
return os.environ.get("OTEL_EXPORT_ENABLED", "false").lower() in (
"true",
"1",
"yes",
)
def _get_service_name(self) -> str:
"""Get service name from environment or default."""
return os.environ.get("OTEL_SERVICE_NAME", "ivatar")
def _get_environment(self) -> str:
"""Get environment name (production, development, etc.)."""
return os.environ.get("OTEL_ENVIRONMENT", "development")
def _create_resource(self) -> Resource:
"""Create OpenTelemetry resource with service information."""
# Get IVATAR_VERSION from environment or settings, handling case where
# Django settings might not be configured yet
ivatar_version = os.environ.get("IVATAR_VERSION")
if not ivatar_version:
# Try to access settings, but handle case where Django isn't configured
try:
ivatar_version = getattr(settings, "IVATAR_VERSION", "2.0")
except ImproperlyConfigured:
# Django settings not configured yet, use default
ivatar_version = "2.0"
return Resource.create(
{
"service.name": self.service_name,
"service.version": ivatar_version,
"service.namespace": "libravatar",
"deployment.environment": self.environment,
"service.instance.id": os.environ.get("HOSTNAME", "unknown"),
}
)
def setup_tracing(self) -> None:
"""Set up OpenTelemetry tracing."""
try:
# Only set up tracing if export is enabled
if not self.export_enabled:
logger.info("OpenTelemetry tracing disabled (export disabled)")
return
# Set up tracer provider
trace.set_tracer_provider(TracerProvider(resource=self.resource))
tracer_provider = trace.get_tracer_provider()
# Configure OTLP exporter if endpoint is provided
otlp_endpoint = os.environ.get("OTEL_EXPORTER_OTLP_ENDPOINT")
if otlp_endpoint:
otlp_exporter = OTLPSpanExporter(endpoint=otlp_endpoint)
span_processor = BatchSpanProcessor(otlp_exporter)
tracer_provider.add_span_processor(span_processor)
logger.info(
f"OpenTelemetry tracing configured with OTLP endpoint: {otlp_endpoint}"
)
else:
logger.info("OpenTelemetry tracing configured without OTLP endpoint")
except Exception as e:
logger.error(f"Failed to setup OpenTelemetry tracing: {e}")
# Don't disable OpenTelemetry entirely - metrics and instrumentation can still work
def setup_metrics(self) -> None:
"""Set up OpenTelemetry metrics."""
try:
# Configure metric readers based on environment
metric_readers = []
# Configure OTLP exporter if export is enabled and endpoint is provided
if self.export_enabled:
otlp_endpoint = os.environ.get("OTEL_EXPORTER_OTLP_ENDPOINT")
if otlp_endpoint:
otlp_exporter = OTLPMetricExporter(endpoint=otlp_endpoint)
metric_reader = PeriodicExportingMetricReader(otlp_exporter)
metric_readers.append(metric_reader)
logger.info(
f"OpenTelemetry metrics configured with OTLP endpoint: {otlp_endpoint}"
)
# For development/local testing, also configure Prometheus HTTP server
# In production, metrics are scraped by external Prometheus server
prometheus_endpoint = os.environ.get("OTEL_PROMETHEUS_ENDPOINT")
if prometheus_endpoint:
prometheus_reader = PrometheusMetricReader()
metric_readers.append(prometheus_reader)
# Set up meter provider with readers
meter_provider = MeterProvider(
resource=self.resource, metric_readers=metric_readers
)
# Only set meter provider if it's not already set
try:
metrics.set_meter_provider(meter_provider)
except Exception as e:
if "Overriding of current MeterProvider is not allowed" in str(e):
logger.warning("MeterProvider already set, using existing provider")
# Get the existing meter provider and add our readers
existing_provider = metrics.get_meter_provider()
if hasattr(existing_provider, "add_metric_reader"):
for reader in metric_readers:
existing_provider.add_metric_reader(reader)
else:
raise
# Start Prometheus HTTP server for local development (if configured)
if prometheus_endpoint:
self._start_prometheus_server(prometheus_reader, prometheus_endpoint)
logger.info(
f"OpenTelemetry metrics configured with Prometheus endpoint: {prometheus_endpoint}"
)
if not metric_readers:
logger.warning(
"No metric readers configured - metrics will not be exported"
)
except Exception as e:
logger.error(f"Failed to setup OpenTelemetry metrics: {e}")
# Don't disable OpenTelemetry entirely - tracing and instrumentation can still work
def _start_prometheus_server(
self, prometheus_reader: PrometheusMetricReader, endpoint: str
) -> None:
"""Start Prometheus HTTP server for metrics endpoint."""
try:
from prometheus_client import start_http_server, REGISTRY
# Parse endpoint to get host and port
if ":" in endpoint:
host, port = endpoint.split(":", 1)
port = int(port)
else:
host = "0.0.0.0"
port = int(endpoint)
# Register the PrometheusMetricReader collector with prometheus_client
REGISTRY.register(prometheus_reader._collector)
# Start HTTP server
start_http_server(port, addr=host)
logger.info(f"Prometheus metrics server started on {host}:{port}")
except OSError as e:
if e.errno == 98: # Address already in use
logger.warning(
f"Prometheus metrics server already running on {endpoint}"
)
else:
logger.error(f"Failed to start Prometheus metrics server: {e}")
# Don't disable OpenTelemetry entirely - metrics can still be exported via OTLP
except Exception as e:
logger.error(f"Failed to start Prometheus metrics server: {e}")
# Don't disable OpenTelemetry entirely - metrics can still be exported via OTLP
def setup_instrumentation(self) -> None:
"""Set up OpenTelemetry instrumentation for various libraries."""
try:
# Django instrumentation - TEMPORARILY DISABLED TO TEST HEADER ISSUE
# DjangoInstrumentor().instrument()
# logger.info("Django instrumentation enabled")
# Database instrumentation
Psycopg2Instrumentor().instrument()
PyMySQLInstrumentor().instrument()
logger.info("Database instrumentation enabled")
# HTTP client instrumentation
RequestsInstrumentor().instrument()
URLLib3Instrumentor().instrument()
logger.info("HTTP client instrumentation enabled")
# Note: Memcached instrumentation not available in OpenTelemetry Python
# Cache operations will be traced through Django instrumentation
except Exception as e:
logger.error(f"Failed to setup OpenTelemetry instrumentation: {e}")
# Don't disable OpenTelemetry entirely - tracing and metrics can still work
def get_tracer(self, name: str) -> trace.Tracer:
"""Get a tracer instance."""
return trace.get_tracer(name)
def get_meter(self, name: str) -> metrics.Meter:
"""Get a meter instance."""
return metrics.get_meter(name)
# Global OpenTelemetry configuration instance (lazy-loaded)
_ot_config = None
_ot_initialized = False
def get_ot_config():
"""Get the global OpenTelemetry configuration instance."""
global _ot_config
if _ot_config is None:
_ot_config = OpenTelemetryConfig()
return _ot_config
def setup_opentelemetry() -> None:
"""
Set up OpenTelemetry for the ivatar application.
This function should be called during Django application startup.
"""
global _ot_initialized
if _ot_initialized:
logger.debug("OpenTelemetry already initialized, skipping setup")
return
logger.info("Setting up OpenTelemetry...")
ot_config = get_ot_config()
ot_config.setup_tracing()
ot_config.setup_metrics()
ot_config.setup_instrumentation()
if ot_config.enabled:
if ot_config.export_enabled:
logger.info("OpenTelemetry setup completed successfully (export enabled)")
else:
logger.info("OpenTelemetry setup completed successfully (export disabled)")
_ot_initialized = True
else:
logger.info("OpenTelemetry setup failed")
def get_tracer(name: str) -> trace.Tracer:
"""Get a tracer instance for the given name."""
return get_ot_config().get_tracer(name)
def get_meter(name: str) -> metrics.Meter:
"""Get a meter instance for the given name."""
return get_ot_config().get_meter(name)
def is_enabled() -> bool:
"""Check if OpenTelemetry is enabled (always True now)."""
return True
def is_export_enabled() -> bool:
"""Check if OpenTelemetry data export is enabled."""
return get_ot_config().export_enabled

418
ivatar/opentelemetry_middleware.py
View File

@@ -1,418 +0,0 @@
"""
OpenTelemetry middleware and custom instrumentation for ivatar.
This module provides custom OpenTelemetry instrumentation for avatar-specific
operations, including metrics and tracing for avatar generation, file uploads,
and authentication flows.
"""
import logging
import time
from functools import wraps
from django.http import HttpRequest, HttpResponse
from django.utils.deprecation import MiddlewareMixin
from opentelemetry import trace
from opentelemetry.trace import Status, StatusCode
from ivatar.opentelemetry_config import get_tracer, get_meter, is_enabled
logger = logging.getLogger("ivatar")
class OpenTelemetryMiddleware(MiddlewareMixin):
"""
Custom OpenTelemetry middleware for ivatar-specific metrics and tracing.
This middleware adds custom attributes and metrics to OpenTelemetry spans
for avatar-related operations.
"""
def __init__(self, get_response):
self.get_response = get_response
# Don't get metrics instance here - get it lazily in __call__
def __call__(self, request):
# Get metrics instance lazily
if not hasattr(self, "metrics"):
self.metrics = get_avatar_metrics()
# Process request to start tracing
self.process_request(request)
response = self.get_response(request)
# Process response to complete tracing
self.process_response(request, response)
return response
def process_request(self, request: HttpRequest) -> None:
"""Process incoming request and start tracing."""
# Start span for the request
span_name = f"{request.method} {request.path}"
span = get_tracer("ivatar.middleware").start_span(span_name)
# Add request attributes
span.set_attributes(
{
"http.method": request.method,
"http.url": request.build_absolute_uri(),
"http.user_agent": request.META.get("HTTP_USER_AGENT", ""),
"http.remote_addr": self._get_client_ip(request),
"ivatar.path": request.path,
}
)
# Check if this is an avatar request
if self._is_avatar_request(request):
span.set_attribute("ivatar.request_type", "avatar")
self._add_avatar_attributes(span, request)
# Store span in request for later use
request._ot_span = span
# Record request start time
request._ot_start_time = time.time()
def process_response(
self, request: HttpRequest, response: HttpResponse
) -> HttpResponse:
"""Process response and complete tracing."""
span = getattr(request, "_ot_span", None)
if not span:
return response
try:
# Calculate request duration
start_time = getattr(request, "_ot_start_time", time.time())
duration = time.time() - start_time
# Add response attributes
span.set_attributes(
{
"http.status_code": response.status_code,
"http.response_size": (
len(response.content) if hasattr(response, "content") else 0
),
"http.request.duration": duration,
}
)
# Set span status based on response
if response.status_code >= 400:
span.set_status(
Status(StatusCode.ERROR, f"HTTP {response.status_code}")
)
else:
span.set_status(Status(StatusCode.OK))
# Record metrics
# Note: HTTP request metrics are handled by Django instrumentation
# We only record avatar-specific metrics here
# Record avatar-specific metrics
if self._is_avatar_request(request):
# Record avatar request metric using the new metrics system
self.metrics.record_avatar_request(
size=self._get_avatar_size(request),
format_type=self._get_avatar_format(request),
)
finally:
span.end()
return response
def _is_avatar_request(self, request: HttpRequest) -> bool:
"""Check if this is an avatar request."""
return request.path.startswith("/avatar/") or request.path.startswith("/avatar")
def _add_avatar_attributes(self, span: trace.Span, request: HttpRequest) -> None:
"""Add avatar-specific attributes to span."""
try:
# Extract avatar parameters
size = self._get_avatar_size(request)
format_type = self._get_avatar_format(request)
email = self._get_avatar_email(request)
span.set_attributes(
{
"ivatar.avatar_size": size,
"ivatar.avatar_format": format_type,
"ivatar.avatar_email": email,
}
)
except Exception as e:
logger.debug(f"Failed to add avatar attributes: {e}")
def _get_avatar_size(self, request: HttpRequest) -> str:
"""Extract avatar size from request."""
size = request.GET.get("s", "80")
return str(size)
def _get_avatar_format(self, request: HttpRequest) -> str:
"""Extract avatar format from request."""
format_type = request.GET.get("d", "png")
return str(format_type)
def _get_avatar_email(self, request: HttpRequest) -> str:
"""Extract email from avatar request path."""
try:
# Extract email from path like /avatar/user@example.com
path_parts = request.path.strip("/").split("/")
if len(path_parts) >= 2 and path_parts[0] == "avatar":
return path_parts[1]
except Exception:
pass
return "unknown"
def _get_client_ip(self, request: HttpRequest) -> str:
"""Get client IP address from request."""
x_forwarded_for = request.META.get("HTTP_X_FORWARDED_FOR")
if x_forwarded_for:
return x_forwarded_for.split(",")[0].strip()
return request.META.get("REMOTE_ADDR", "unknown")
def trace_avatar_operation(operation_name: str):
"""
Decorator to trace avatar operations.
Args:
operation_name: Name of the operation being traced
"""
def decorator(func):
@wraps(func)
def wrapper(*args, **kwargs):
if not is_enabled():
return func(*args, **kwargs)
tracer = get_tracer("ivatar.avatar")
with tracer.start_as_current_span(f"avatar.{operation_name}") as span:
try:
result = func(*args, **kwargs)
span.set_status(Status(StatusCode.OK))
return result
except Exception as e:
span.set_status(Status(StatusCode.ERROR, str(e)))
span.set_attribute("error.message", str(e))
raise
return wrapper
return decorator
def trace_file_upload(operation_name: str):
"""
Decorator to trace file upload operations.
Args:
operation_name: Name of the file upload operation being traced
"""
def decorator(func):
@wraps(func)
def wrapper(*args, **kwargs):
tracer = get_tracer("ivatar.file_upload")
with tracer.start_as_current_span(f"file_upload.{operation_name}") as span:
try:
# Add file information if available
if args and hasattr(args[0], "FILES"):
files = args[0].FILES
if files:
file_info = list(files.values())[0]
span.set_attributes(
{
"file.name": file_info.name,
"file.size": file_info.size,
"file.content_type": file_info.content_type,
}
)
result = func(*args, **kwargs)
span.set_status(Status(StatusCode.OK))
return result
except Exception as e:
span.set_status(Status(StatusCode.ERROR, str(e)))
span.set_attribute("error.message", str(e))
raise
return wrapper
return decorator
def trace_authentication(operation_name: str):
"""
Decorator to trace authentication operations.
Args:
operation_name: Name of the authentication operation being traced
"""
def decorator(func):
@wraps(func)
def wrapper(*args, **kwargs):
tracer = get_tracer("ivatar.auth")
with tracer.start_as_current_span(f"auth.{operation_name}") as span:
try:
result = func(*args, **kwargs)
span.set_status(Status(StatusCode.OK))
return result
except Exception as e:
span.set_status(Status(StatusCode.ERROR, str(e)))
span.set_attribute("error.message", str(e))
raise
return wrapper
return decorator
class AvatarMetrics:
"""
Custom metrics for avatar operations.
This class provides methods to record custom metrics for avatar-specific
operations like generation, caching, and external service calls.
"""
def __init__(self):
self.meter = get_meter("ivatar.avatar")
# Create custom metrics
self.avatar_generated = self.meter.create_counter(
name="ivatar_avatars_generated_total",
description="Total number of avatars generated",
unit="1",
)
self.avatar_requests = self.meter.create_counter(
name="ivatar_avatar_requests_total",
description="Total number of avatar image requests",
unit="1",
)
self.avatar_cache_hits = self.meter.create_counter(
name="ivatar_avatar_cache_hits_total",
description="Total number of avatar cache hits",
unit="1",
)
self.avatar_cache_misses = self.meter.create_counter(
name="ivatar_avatar_cache_misses_total",
description="Total number of avatar cache misses",
unit="1",
)
self.external_avatar_requests = self.meter.create_counter(
name="ivatar_external_avatar_requests_total",
description="Total number of external avatar requests",
unit="1",
)
self.file_uploads = self.meter.create_counter(
name="ivatar_file_uploads_total",
description="Total number of file uploads",
unit="1",
)
self.file_upload_size = self.meter.create_histogram(
name="ivatar_file_upload_size_bytes",
description="File upload size in bytes",
unit="bytes",
)
def record_avatar_request(self, size: str, format_type: str):
"""Record avatar request."""
self.avatar_requests.add(
1,
{
"size": size,
"format": format_type,
},
)
def record_avatar_generated(
self, size: str, format_type: str, source: str = "generated"
):
"""Record avatar generation."""
self.avatar_generated.add(
1,
{
"size": size,
"format": format_type,
"source": source,
},
)
def record_cache_hit(self, size: str, format_type: str):
"""Record cache hit."""
self.avatar_cache_hits.add(
1,
{
"size": size,
"format": format_type,
},
)
def record_cache_miss(self, size: str, format_type: str):
"""Record cache miss."""
self.avatar_cache_misses.add(
1,
{
"size": size,
"format": format_type,
},
)
def record_external_request(self, service: str, status_code: int):
"""Record external avatar service request."""
self.external_avatar_requests.add(
1,
{
"service": service,
"status_code": str(status_code),
},
)
def record_file_upload(self, file_size: int, content_type: str, success: bool):
"""Record file upload."""
self.file_uploads.add(
1,
{
"content_type": content_type,
"success": str(success),
},
)
self.file_upload_size.record(
file_size,
{
"content_type": content_type,
"success": str(success),
},
)
# Global metrics instance (lazy-loaded)
_avatar_metrics = None
def get_avatar_metrics():
"""Get the global avatar metrics instance."""
global _avatar_metrics
if _avatar_metrics is None:
_avatar_metrics = AvatarMetrics()
return _avatar_metrics
def reset_avatar_metrics():
"""Reset the global avatar metrics instance (for testing)."""
global _avatar_metrics
_avatar_metrics = None

185
ivatar/pagan_optimized.py
View File

@@ -1,185 +0,0 @@
"""
Optimized pagan avatar generator for ivatar
Provides 95x+ performance improvement through intelligent caching
"""
import threading
from io import BytesIO
from typing import Dict, Optional
from PIL import Image
from django.conf import settings
import pagan
class OptimizedPagan:
"""
Optimized pagan avatar generator that caches Avatar objects
Provides 95x+ performance improvement by caching expensive pagan.Avatar
object creation while maintaining 100% visual compatibility
"""
# Class-level cache shared across all instances
_avatar_cache: Dict[str, pagan.Avatar] = {}
_cache_lock = threading.Lock()
_cache_stats = {"hits": 0, "misses": 0, "size": 0}
# Cache configuration
_max_cache_size = getattr(settings, "PAGAN_CACHE_SIZE", 100) # Max cached avatars
_cache_enabled = True # Always enabled - this is the default implementation
@classmethod
def _get_cached_avatar(cls, digest: str) -> Optional[pagan.Avatar]:
"""Get cached pagan Avatar object or create and cache it"""
# Try to get from cache first
with cls._cache_lock:
if digest in cls._avatar_cache:
cls._cache_stats["hits"] += 1
return cls._avatar_cache[digest]
# Cache miss - create new Avatar object
try:
avatar = pagan.Avatar(digest)
with cls._cache_lock:
# Cache management - remove oldest entries if cache is full
if len(cls._avatar_cache) >= cls._max_cache_size:
# Remove 20% of oldest entries to make room
remove_count = max(1, cls._max_cache_size // 5)
keys_to_remove = list(cls._avatar_cache.keys())[:remove_count]
for key in keys_to_remove:
del cls._avatar_cache[key]
# Cache the Avatar object
cls._avatar_cache[digest] = avatar
cls._cache_stats["misses"] += 1
cls._cache_stats["size"] = len(cls._avatar_cache)
return avatar
except Exception as e:
if getattr(settings, "DEBUG", False):
print(f"Failed to create pagan avatar {digest}: {e}")
return None
@classmethod
def get_cache_stats(cls) -> Dict:
"""Get cache performance statistics"""
with cls._cache_lock:
total_requests = cls._cache_stats["hits"] + cls._cache_stats["misses"]
hit_rate = (
(cls._cache_stats["hits"] / total_requests * 100)
if total_requests > 0
else 0
)
return {
"size": cls._cache_stats["size"],
"max_size": cls._max_cache_size,
"hits": cls._cache_stats["hits"],
"misses": cls._cache_stats["misses"],
"hit_rate": f"{hit_rate:.1f}%",
"total_requests": total_requests,
}
@classmethod
def clear_cache(cls):
"""Clear the pagan avatar cache (useful for testing or memory management)"""
with cls._cache_lock:
cls._avatar_cache.clear()
cls._cache_stats = {"hits": 0, "misses": 0, "size": 0}
@classmethod
def generate_optimized(cls, digest: str, size: int = 80) -> Optional[Image.Image]:
"""
Generate optimized pagan avatar
Args:
digest (str): MD5 hash as hex string
size (int): Output image size in pixels
Returns:
PIL.Image: Resized pagan avatar image, or None on error
"""
try:
# Get cached Avatar object (this is where the 95x speedup comes from)
avatar = cls._get_cached_avatar(digest)
if avatar is None:
return None
# Resize the cached avatar's image (this is very fast ~0.2ms)
# The original pagan avatar is 128x128 RGBA
resized_img = avatar.img.resize((size, size), Image.LANCZOS)
return resized_img
except Exception as e:
if getattr(settings, "DEBUG", False):
print(f"Optimized pagan generation failed for {digest}: {e}")
return None
def create_optimized_pagan(digest: str, size: int = 80) -> BytesIO:
"""
Create pagan avatar using optimized implementation
Returns BytesIO object ready for HTTP response
Performance improvement: 95x+ faster than original pagan generation
Args:
digest (str): MD5 hash as hex string
size (int): Output image size in pixels
Returns:
BytesIO: PNG image data ready for HTTP response
"""
try:
# Generate optimized pagan avatar
img = OptimizedPagan.generate_optimized(digest, size)
if img is not None:
# Save to BytesIO for HTTP response
data = BytesIO()
img.save(data, format="PNG")
data.seek(0)
return data
else:
# Fallback to original implementation if optimization fails
if getattr(settings, "DEBUG", False):
print(f"Falling back to original pagan for {digest}")
paganobj = pagan.Avatar(digest)
img = paganobj.img.resize((size, size), Image.LANCZOS)
data = BytesIO()
img.save(data, format="PNG")
data.seek(0)
return data
except Exception as e:
if getattr(settings, "DEBUG", False):
print(f"Pagan generation failed: {e}")
# Return simple fallback image on error
fallback_img = Image.new("RGBA", (size, size), (100, 100, 150, 255))
data = BytesIO()
fallback_img.save(data, format="PNG")
data.seek(0)
return data
# Management utilities
def get_pagan_cache_info():
"""Get cache information for monitoring/debugging"""
return OptimizedPagan.get_cache_stats()
def clear_pagan_cache():
"""Clear the pagan avatar cache"""
OptimizedPagan.clear_cache()
# Backward compatibility - maintain same interface as original
def create_pagan_avatar(digest: str, size: int = 80) -> BytesIO:
"""Backward compatibility alias for create_optimized_pagan"""
return create_optimized_pagan(digest, size)

181
ivatar/robohash.py
View File

@@ -1,181 +0,0 @@
"""
Optimized Robohash implementation for ivatar.
Focuses on result caching for maximum performance with minimal complexity.
"""
import threading
from PIL import Image
from io import BytesIO
from robohash import Robohash
from typing import Dict, Optional
from django.conf import settings
class OptimizedRobohash:
"""
High-performance robohash implementation using intelligent result caching:
1. Caches assembled robots by hash signature to avoid regeneration
2. Lightweight approach with minimal initialization overhead
3. 100% visual compatibility with original robohash
Performance: 3x faster overall, up to 100x faster with cache hits
"""
# Class-level assembly cache
_assembly_cache: Dict[str, Image.Image] = {}
_cache_lock = threading.Lock()
_cache_stats = {"hits": 0, "misses": 0}
_max_cache_size = 50 # Limit memory usage
def __init__(self, string, hashcount=11, ignoreext=True):
# Use original robohash for compatibility
self._robohash = Robohash(string, hashcount, ignoreext)
self.hasharray = self._robohash.hasharray
self.img = None
self.format = "png"
def _get_cache_key(
self, roboset: str, color: str, bgset: Optional[str], size: int
) -> str:
"""Generate cache key for assembled robot"""
# Use hash signature for cache key
hash_sig = "".join(str(h % 1000) for h in self.hasharray[:6])
bg_key = bgset or "none"
return f"{roboset}:{color}:{bg_key}:{size}:{hash_sig}"
def assemble_optimized(
self, roboset=None, color=None, format=None, bgset=None, sizex=300, sizey=300
):
"""
Optimized assembly with intelligent result caching
"""
# Normalize parameters
roboset = roboset or "any"
color = color or "default"
bgset = None if (bgset == "none" or not bgset) else bgset
format = format or "png"
# Check cache first
cache_key = self._get_cache_key(roboset, color, bgset, sizex)
with self._cache_lock:
if cache_key in self._assembly_cache:
self._cache_stats["hits"] += 1
# Return cached result
self.img = self._assembly_cache[cache_key].copy()
self.format = format
return
self._cache_stats["misses"] += 1
# Cache miss - generate new robot using original robohash
try:
self._robohash.assemble(
roboset=roboset,
color=color,
format=format,
bgset=bgset,
sizex=sizex,
sizey=sizey,
)
# Store result
self.img = self._robohash.img
self.format = format
# Cache the result (if cache not full)
with self._cache_lock:
if len(self._assembly_cache) < self._max_cache_size:
self._assembly_cache[cache_key] = self.img.copy()
elif self._cache_stats["hits"] > 0: # Only clear if we've had hits
# Remove oldest entry (simple FIFO)
oldest_key = next(iter(self._assembly_cache))
del self._assembly_cache[oldest_key]
self._assembly_cache[cache_key] = self.img.copy()
except Exception as e:
if getattr(settings, "DEBUG", False):
print(f"Optimized robohash assembly error: {e}")
# Fallback to simple robot
self.img = Image.new("RGBA", (sizex, sizey), (128, 128, 128, 255))
self.format = format
@classmethod
def get_cache_stats(cls):
"""Get cache performance statistics"""
with cls._cache_lock:
total_requests = cls._cache_stats["hits"] + cls._cache_stats["misses"]
hit_rate = (
(cls._cache_stats["hits"] / total_requests * 100)
if total_requests > 0
else 0
)
return {
"hits": cls._cache_stats["hits"],
"misses": cls._cache_stats["misses"],
"hit_rate": f"{hit_rate:.1f}%",
"cache_size": len(cls._assembly_cache),
"max_cache_size": cls._max_cache_size,
}
@classmethod
def clear_cache(cls):
"""Clear assembly cache"""
with cls._cache_lock:
cls._assembly_cache.clear()
cls._cache_stats = {"hits": 0, "misses": 0}
def create_robohash(digest: str, size: int, roboset: str = "any") -> BytesIO:
"""
Create robohash using optimized implementation.
This is the main robohash generation function for ivatar.
Args:
digest: MD5 hash string for robot generation
size: Output image size in pixels
roboset: Robot set to use ("any", "set1", "set2", etc.)
Returns:
BytesIO object containing PNG image data
Performance: 3-5x faster than original robohash, up to 100x with cache hits
"""
try:
robohash = OptimizedRobohash(digest)
robohash.assemble_optimized(roboset=roboset, sizex=size, sizey=size)
# Save to BytesIO
data = BytesIO()
robohash.img.save(data, format="png")
data.seek(0)
return data
except Exception as e:
if getattr(settings, "DEBUG", False):
print(f"Robohash generation failed: {e}")
# Return fallback image
fallback_img = Image.new("RGBA", (size, size), (150, 150, 150, 255))
data = BytesIO()
fallback_img.save(data, format="png")
data.seek(0)
return data
# Management utilities for monitoring and debugging
def get_robohash_cache_stats():
"""Get robohash cache statistics for monitoring"""
return OptimizedRobohash.get_cache_stats()
def clear_robohash_cache():
"""Clear robohash caches"""
OptimizedRobohash.clear_cache()
# Backward compatibility aliases
create_optimized_robohash = create_robohash
create_fast_robohash = create_robohash
create_cached_robohash = create_robohash

210
ivatar/settings.py
View File

@@ -1,3 +1,4 @@
# -*- coding: utf-8 -*-
"""
Django settings for ivatar project.
"""
@@ -12,41 +13,6 @@ logger.setLevel(log_level)
PACKAGE_ROOT = os.path.abspath(os.path.dirname(__file__))
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
# Logging directory - can be overridden in local config
LOGS_DIR = os.path.join(BASE_DIR, "logs")
def _test_logs_directory_writeability(logs_dir):
"""
Test if a logs directory is actually writable by attempting to create and write a test file
"""
try:
# Ensure directory exists
os.makedirs(logs_dir, exist_ok=True)
# Test if we can actually write to the directory
test_file = os.path.join(logs_dir, ".write_test")
with open(test_file, "w") as f:
f.write("test")
# Clean up test file
os.remove(test_file)
return True
except (OSError, PermissionError):
return False
# Ensure logs directory exists and is writable - worst case, fall back to /tmp
if not _test_logs_directory_writeability(LOGS_DIR):
LOGS_DIR = "/tmp/libravatar-logs"
if not _test_logs_directory_writeability(LOGS_DIR):
# If even /tmp fails, use a user-specific temp directory
import tempfile
LOGS_DIR = os.path.join(tempfile.gettempdir(), f"libravatar-logs-{os.getuid()}")
_test_logs_directory_writeability(LOGS_DIR) # This should always succeed
logger.warning(f"Failed to write to logs directory, falling back to {LOGS_DIR}")
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = "=v(+-^t#ahv^a&&e)uf36g8algj$d1@6ou^w(r0@%)#8mlc*zk"
@@ -56,77 +22,6 @@ DEBUG = True
ALLOWED_HOSTS = []
# Comprehensive Logging Configuration
LOGGING = {
"version": 1,
"disable_existing_loggers": False,
"formatters": {
"verbose": {
"format": "{levelname} {asctime} {module} {process:d} {thread:d} {message}",
"style": "{",
},
"simple": {
"format": "{levelname} {asctime} {message}",
"style": "{",
},
"detailed": {
"format": "{levelname} {asctime} {name} {module} {funcName} {lineno:d} {message}",
"style": "{",
},
},
"handlers": {
"file": {
"level": "INFO",
"class": "logging.FileHandler",
"filename": os.path.join(LOGS_DIR, "ivatar.log"),
"formatter": "verbose",
},
"file_debug": {
"level": "DEBUG",
"class": "logging.FileHandler",
"filename": os.path.join(LOGS_DIR, "ivatar_debug.log"),
"formatter": "detailed",
},
"console": {
"level": "DEBUG" if DEBUG else "INFO",
"class": "logging.StreamHandler",
"formatter": "simple",
},
"security": {
"level": "WARNING",
"class": "logging.FileHandler",
"filename": os.path.join(LOGS_DIR, "security.log"),
"formatter": "detailed",
},
},
"loggers": {
"ivatar": {
"handlers": ["file", "console"],
"level": "INFO", # Restore normal logging level
"propagate": True,
},
"ivatar.security": {
"handlers": ["security", "console"],
"level": "WARNING",
"propagate": False,
},
"ivatar.debug": {
"handlers": ["file_debug"],
"level": "DEBUG",
"propagate": False,
},
"django.security": {
"handlers": ["security"],
"level": "WARNING",
"propagate": False,
},
},
"root": {
"handlers": ["console"],
"level": "INFO",
},
}
# Application definition
@@ -137,7 +32,6 @@ INSTALLED_APPS = [
"django.contrib.sessions",
"django.contrib.messages",
"django.contrib.staticfiles",
"social_django",
]
MIDDLEWARE = [
@@ -155,7 +49,7 @@ ROOT_URLCONF = "ivatar.urls"
TEMPLATES = [
{
"BACKEND": "django.template.backends.django.DjangoTemplates",
"DIRS": [os.path.join(BASE_DIR, "templates")],
"DIRS": [],
"APP_DIRS": True,
"OPTIONS": {
"context_processors": [
@@ -163,10 +57,7 @@ TEMPLATES = [
"django.template.context_processors.request",
"django.contrib.auth.context_processors.auth",
"django.contrib.messages.context_processors.messages",
"django.template.context_processors.i18n",
"social_django.context_processors.login_redirect",
],
"debug": DEBUG,
},
},
]
@@ -181,7 +72,6 @@ DATABASES = {
"default": {
"ENGINE": "django.db.backends.sqlite3",
"NAME": os.path.join(BASE_DIR, "db.sqlite3"),
"ATOMIC_REQUESTS": True,
}
}
@@ -195,9 +85,6 @@ AUTH_PASSWORD_VALIDATORS = [
},
{
"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator", # noqa
"OPTIONS": {
"min_length": 6,
},
},
{
"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator", # noqa
@@ -207,84 +94,6 @@ AUTH_PASSWORD_VALIDATORS = [
},
]
# Password Hashing (more secure)
# Try to use Argon2PasswordHasher with high security settings, fallback to PBKDF2
PASSWORD_HASHERS = []
# Try Argon2 first (requires Python 3.6+ and argon2-cffi package)
try:
import argon2 # noqa: F401
PASSWORD_HASHERS.append("django.contrib.auth.hashers.Argon2PasswordHasher")
except ImportError:
# Fallback for CentOS 7 / older systems without argon2-cffi
pass
# Always include PBKDF2 as fallback
PASSWORD_HASHERS.extend(
[
"django.contrib.auth.hashers.PBKDF2PasswordHasher",
# Keep PBKDF2SHA1 for existing password compatibility only
"django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher",
]
)
# Security Settings
SECURE_BROWSER_XSS_FILTER = True
SECURE_CONTENT_TYPE_NOSNIFF = True
X_FRAME_OPTIONS = "DENY"
CSRF_COOKIE_SECURE = not DEBUG
SESSION_COOKIE_SECURE = not DEBUG
if not DEBUG:
SECURE_SSL_REDIRECT = True
SECURE_HSTS_SECONDS = 31536000 # 1 year
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_HSTS_PRELOAD = True
# Social authentication
TRUST_EMAIL_FROM_SOCIAL_AUTH_BACKENDS = ["fedora"]
SOCIAL_AUTH_PIPELINE = (
# Get the information we can about the user and return it in a simple
# format to create the user instance later. In some cases the details are
# already part of the auth response from the provider, but sometimes this
# could hit a provider API.
"social_core.pipeline.social_auth.social_details",
# Get the social uid from whichever service we're authing thru. The uid is
# the unique identifier of the given user in the provider.
"social_core.pipeline.social_auth.social_uid",
# Verifies that the current auth process is valid within the current
# project, this is where emails and domains whitelists are applied (if
# defined).
"social_core.pipeline.social_auth.auth_allowed",
# Checks if the current social-account is already associated in the site.
"social_core.pipeline.social_auth.social_user",
# Make up a username for this person, appends a random string at the end if
# there's any collision.
"social_core.pipeline.user.get_username",
# Send a validation email to the user to verify its email address.
# Disabled by default.
# 'social_core.pipeline.mail.mail_validation',
# Associates the current social details with another user account with
# a similar email address. Disabled by default.
"social_core.pipeline.social_auth.associate_by_email",
# Associates the current social details with an existing user account with
# a matching ConfirmedEmail.
"ivatar.ivataraccount.auth.associate_by_confirmed_email",
# Create a user account if we haven't found one yet.
"social_core.pipeline.user.create_user",
# Create the record that associates the social account with the user.
"social_core.pipeline.social_auth.associate_user",
# Populate the extra_data field in the social record with the values
# specified by settings (and the default ones like access_token, etc).
"social_core.pipeline.social_auth.load_extra_data",
# Update the user record with any changed info from the auth service.
"social_core.pipeline.user.user_details",
# Create the ConfirmedEmail if appropriate.
"ivatar.ivataraccount.auth.add_confirmed_email",
)
# Internationalization
# https://docs.djangoproject.com/en/2.0/topics/i18n/
@@ -307,17 +116,4 @@ STATIC_ROOT = os.path.join(BASE_DIR, "static")
DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField"
from config import * # pylint: disable=wildcard-import,wrong-import-position,unused-wildcard-import # noqa
# OpenTelemetry setup - must be after config import
# Always setup OpenTelemetry (instrumentation always enabled, export controlled by OTEL_EXPORT_ENABLED)
try:
from ivatar.opentelemetry_config import setup_opentelemetry
setup_opentelemetry()
# Add OpenTelemetry middleware (always enabled)
MIDDLEWARE.append("ivatar.opentelemetry_middleware.OpenTelemetryMiddleware")
except (ImportError, NameError):
# OpenTelemetry packages not installed or configuration failed
pass
from config import * # pylint: disable=wildcard-import,wrong-import-position,unused-wildcard-import

7152
ivatar/static/css/bootstrap.min.css vendored
View File

File diff suppressed because one or more lines are too long

409
ivatar/static/css/clime.css
View File

File diff suppressed because one or more lines are too long

265
ivatar/static/css/cropper.min.css vendored
View File

@@ -1,265 +0,0 @@
/*!
* Cropper.js v1.6.2
* https://fengyuanchen.github.io/cropperjs
*
* Copyright 2015-present Chen Fengyuan
* Released under the MIT license
*
* Date: 2024-04-21T07:43:02.731Z
*/
.cropper-container {
-webkit-touch-callout: none;
direction: ltr;
font-size: 0;
line-height: 0;
position: relative;
-ms-touch-action: none;
touch-action: none;
-webkit-user-select: none;
-moz-user-select: none;
-ms-user-select: none;
user-select: none;
}
.cropper-container img {
backface-visibility: hidden;
display: block;
height: 100%;
image-orientation: 0deg;
max-height: none !important;
max-width: none !important;
min-height: 0 !important;
min-width: 0 !important;
width: 100%;
}
.cropper-canvas,
.cropper-crop-box,
.cropper-drag-box,
.cropper-modal,
.cropper-wrap-box {
bottom: 0;
left: 0;
position: absolute;
right: 0;
top: 0;
}
.cropper-canvas,
.cropper-wrap-box {
overflow: hidden;
}
.cropper-drag-box {
background-color: #fff;
opacity: 0;
}
.cropper-modal {
background-color: #000;
opacity: 0.5;
}
.cropper-view-box {
display: block;
height: 100%;
outline: 1px solid #39f;
outline-color: rgba(51, 153, 255, 0.75);
overflow: hidden;
width: 100%;
}
.cropper-dashed {
border: 0 dashed #eee;
display: block;
opacity: 0.5;
position: absolute;
}
.cropper-dashed.dashed-h {
border-bottom-width: 1px;
border-top-width: 1px;
height: 33.33333%;
left: 0;
top: 33.33333%;
width: 100%;
}
.cropper-dashed.dashed-v {
border-left-width: 1px;
border-right-width: 1px;
height: 100%;
left: 33.33333%;
top: 0;
width: 33.33333%;
}
.cropper-center {
display: block;
height: 0;
left: 50%;
opacity: 0.75;
position: absolute;
top: 50%;
width: 0;
}
.cropper-center:after,
.cropper-center:before {
background-color: #eee;
content: " ";
display: block;
position: absolute;
}
.cropper-center:before {
height: 1px;
left: -3px;
top: 0;
width: 7px;
}
.cropper-center:after {
height: 7px;
left: 0;
top: -3px;
width: 1px;
}
.cropper-face,
.cropper-line,
.cropper-point {
display: block;
height: 100%;
opacity: 0.1;
position: absolute;
width: 100%;
}
.cropper-face {
background-color: #fff;
left: 0;
top: 0;
}
.cropper-line {
background-color: #39f;
}
.cropper-line.line-e {
cursor: ew-resize;
right: -3px;
top: 0;
width: 5px;
}
.cropper-line.line-n {
cursor: ns-resize;
height: 5px;
left: 0;
top: -3px;
}
.cropper-line.line-w {
cursor: ew-resize;
left: -3px;
top: 0;
width: 5px;
}
.cropper-line.line-s {
bottom: -3px;
cursor: ns-resize;
height: 5px;
left: 0;
}
.cropper-point {
background-color: #39f;
height: 5px;
opacity: 0.75;
width: 5px;
}
.cropper-point.point-e {
cursor: ew-resize;
margin-top: -3px;
right: -3px;
top: 50%;
}
.cropper-point.point-n {
cursor: ns-resize;
left: 50%;
margin-left: -3px;
top: -3px;
}
.cropper-point.point-w {
cursor: ew-resize;
left: -3px;
margin-top: -3px;
top: 50%;
}
.cropper-point.point-s {
bottom: -3px;
cursor: s-resize;
left: 50%;
margin-left: -3px;
}
.cropper-point.point-ne {
cursor: nesw-resize;
right: -3px;
top: -3px;
}
.cropper-point.point-nw {
cursor: nwse-resize;
left: -3px;
top: -3px;
}
.cropper-point.point-sw {
bottom: -3px;
cursor: nesw-resize;
left: -3px;
}
.cropper-point.point-se {
bottom: -3px;
cursor: nwse-resize;
height: 20px;
opacity: 1;
right: -3px;
width: 20px;
}
@media (min-width: 768px) {
.cropper-point.point-se {
height: 15px;
width: 15px;
}
}
@media (min-width: 992px) {
.cropper-point.point-se {
height: 10px;
width: 10px;
}
}
@media (min-width: 1200px) {
.cropper-point.point-se {
height: 5px;
opacity: 0.75;
width: 5px;
}
}
.cropper-point.point-se:before {
background-color: #39f;
bottom: -50%;
content: " ";
display: block;
height: 200%;
opacity: 0;
position: absolute;
right: -50%;
width: 200%;
}
.cropper-invisible {
opacity: 0;
}
.cropper-bg {
background-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQAQMAAAAlPW0iAAAAA3NCSVQICAjb4U/gAAAABlBMVEXMzMz////TjRV2AAAACXBIWXMAAArrAAAK6wGCiw1aAAAAHHRFWHRTb2Z0d2FyZQBBZG9iZSBGaXJld29ya3MgQ1M26LyyjAAAABFJREFUCJlj+M/AgBVhF/0PAH6/D/HkDxOGAAAAAElFTkSuQmCC");
}
.cropper-hide {
display: block;
height: 0;
position: absolute;
width: 0;
}
.cropper-hidden {
display: none !important;
}
.cropper-move {
cursor: move;
}
.cropper-crop {
cursor: crosshair;
}
.cropper-disabled .cropper-drag-box,
.cropper-disabled .cropper-face,
.cropper-disabled .cropper-line,
.cropper-disabled .cropper-point {
cursor: not-allowed;
}

6880
ivatar/static/css/fontawesome.min.css vendored
View File

File diff suppressed because one or more lines are too long

392
ivatar/static/css/green.css
View File

File diff suppressed because one or more lines are too long

146
ivatar/static/css/jcrop.css
View File

@@ -1,146 +1,2 @@
/* jquery.Jcrop.min.css v0.9.15 (build:20180819) */
.jcrop-holder {
direction: ltr;
text-align: left;
-ms-touch-action: none;
}
.jcrop-hline,
.jcrop-vline {
background: #fff url(Jcrop.gif);
font-size: 0;
position: absolute;
}
.jcrop-vline {
height: 100%;
width: 1px !important;
}
.jcrop-vline.right {
right: 0;
}
.jcrop-hline {
height: 1px !important;
width: 100%;
}
.jcrop-hline.bottom {
bottom: 0;
}
.jcrop-tracker {
height: 100%;
width: 100%;
-webkit-tap-highlight-color: transparent;
-webkit-touch-callout: none;
-webkit-user-select: none;
}
.jcrop-handle {
background-color: #333;
border: 1px #eee solid;
width: 7px;
height: 7px;
font-size: 1px;
}
.jcrop-handle.ord-n {
left: 50%;
margin-left: -4px;
margin-top: -4px;
top: 0;
}
.jcrop-handle.ord-s {
bottom: 0;
left: 50%;
margin-bottom: -4px;
margin-left: -4px;
}
.jcrop-handle.ord-e {
margin-right: -4px;
margin-top: -4px;
right: 0;
top: 50%;
}
.jcrop-handle.ord-w {
left: 0;
margin-left: -4px;
margin-top: -4px;
top: 50%;
}
.jcrop-handle.ord-nw {
left: 0;
margin-left: -4px;
margin-top: -4px;
top: 0;
}
.jcrop-handle.ord-ne {
margin-right: -4px;
margin-top: -4px;
right: 0;
top: 0;
}
.jcrop-handle.ord-se {
bottom: 0;
margin-bottom: -4px;
margin-right: -4px;
right: 0;
}
.jcrop-handle.ord-sw {
bottom: 0;
left: 0;
margin-bottom: -4px;
margin-left: -4px;
}
.jcrop-dragbar.ord-n,
.jcrop-dragbar.ord-s {
height: 7px;
width: 100%;
}
.jcrop-dragbar.ord-e,
.jcrop-dragbar.ord-w {
height: 100%;
width: 7px;
}
.jcrop-dragbar.ord-n {
margin-top: -4px;
}
.jcrop-dragbar.ord-s {
bottom: 0;
margin-bottom: -4px;
}
.jcrop-dragbar.ord-e {
margin-right: -4px;
right: 0;
}
.jcrop-dragbar.ord-w {
margin-left: -4px;
}
.jcrop-light .jcrop-hline,
.jcrop-light .jcrop-vline {
background: #fff;
filter: alpha(opacity=70) !important;
opacity: 0.7 !important;
}
.jcrop-light .jcrop-handle {
-moz-border-radius: 3px;
-webkit-border-radius: 3px;
background-color: #000;
border-color: #fff;
border-radius: 3px;
}
.jcrop-dark .jcrop-hline,
.jcrop-dark .jcrop-vline {
background: #000;
filter: alpha(opacity=70) !important;
opacity: 0.7 !important;
}
.jcrop-dark .jcrop-handle {
-moz-border-radius: 3px;
-webkit-border-radius: 3px;
background-color: #fff;
border-color: #000;
border-radius: 3px;
}
.solid-line .jcrop-hline,
.solid-line .jcrop-vline {
background: #fff;
}
.jcrop-holder img,
img.jcrop-preview {
max-width: none;
}
.jcrop-holder{direction:ltr;text-align:left;-ms-touch-action:none}.jcrop-hline,.jcrop-vline{background:#fff url(Jcrop.gif);font-size:0;position:absolute}.jcrop-vline{height:100%;width:1px!important}.jcrop-vline.right{right:0}.jcrop-hline{height:1px!important;width:100%}.jcrop-hline.bottom{bottom:0}.jcrop-tracker{height:100%;width:100%;-webkit-tap-highlight-color:transparent;-webkit-touch-callout:none;-webkit-user-select:none}.jcrop-handle{background-color:#333;border:1px #eee solid;width:7px;height:7px;font-size:1px}.jcrop-handle.ord-n{left:50%;margin-left:-4px;margin-top:-4px;top:0}.jcrop-handle.ord-s{bottom:0;left:50%;margin-bottom:-4px;margin-left:-4px}.jcrop-handle.ord-e{margin-right:-4px;margin-top:-4px;right:0;top:50%}.jcrop-handle.ord-w{left:0;margin-left:-4px;margin-top:-4px;top:50%}.jcrop-handle.ord-nw{left:0;margin-left:-4px;margin-top:-4px;top:0}.jcrop-handle.ord-ne{margin-right:-4px;margin-top:-4px;right:0;top:0}.jcrop-handle.ord-se{bottom:0;margin-bottom:-4px;margin-right:-4px;right:0}.jcrop-handle.ord-sw{bottom:0;left:0;margin-bottom:-4px;margin-left:-4px}.jcrop-dragbar.ord-n,.jcrop-dragbar.ord-s{height:7px;width:100%}.jcrop-dragbar.ord-e,.jcrop-dragbar.ord-w{height:100%;width:7px}.jcrop-dragbar.ord-n{margin-top:-4px}.jcrop-dragbar.ord-s{bottom:0;margin-bottom:-4px}.jcrop-dragbar.ord-e{margin-right:-4px;right:0}.jcrop-dragbar.ord-w{margin-left:-4px}.jcrop-light .jcrop-hline,.jcrop-light .jcrop-vline{background:#fff;filter:alpha(opacity=70)!important;opacity:.7!important}.jcrop-light .jcrop-handle{-moz-border-radius:3px;-webkit-border-radius:3px;background-color:#000;border-color:#fff;border-radius:3px}.jcrop-dark .jcrop-hline,.jcrop-dark .jcrop-vline{background:#000;filter:alpha(opacity=70)!important;opacity:.7!important}.jcrop-dark .jcrop-handle{-moz-border-radius:3px;-webkit-border-radius:3px;background-color:#fff;border-color:#000;border-radius:3px}.solid-line .jcrop-hline,.solid-line .jcrop-vline{background:#fff}.jcrop-holder img,img.jcrop-preview{max-width:none}

2481
ivatar/static/css/libravatar_base.css
View File

File diff suppressed because it is too large Load Diff

392
ivatar/static/css/red.css
View File

File diff suppressed because one or more lines are too long

586
ivatar/static/css/surly-badges.local.css
View File

@@ -1,586 +0,0 @@
#surly-badge {
font-family: sans-serif !important;
font-weight: 400 !important;
width: 134px !important;
height: 164px !important;
text-align: center !important;
display: -webkit-box !important;
display: -ms-flexbox !important;
display: flex !important;
-webkit-box-orient: vertical !important;
-webkit-box-direction: normal !important;
-ms-flex-direction: column !important;
flex-direction: column !important;
-webkit-box-align: center !important;
-ms-flex-align: center !important;
align-items: center !important;
position: relative !important;
background-size: contain !important;
background-repeat: no-repeat !important;
background-position: top center !important;
-webkit-box-sizing: content-box !important;
box-sizing: content-box !important;
padding: 8px 15px 0 !important;
}
#surly-badge p {
margin: 0 !important;
}
#surly-badge.surly-badge_black-blue {
background-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 164 150'%3E%3Cpath style='fill:none;stroke:%23fff;stroke-width:2;stroke-miterlimit:10;' d='M16.05,22.74c0-7.61,6.16-13.76,13.76-13.76 M16.05,22.74v127.15 M29.02,140.85l-12.52,8.2 M28.47,141.01 h105.78 M134.25,141.01c7.61,0,13.76-6.16,13.76-13.76 M148.01,21.03v106.22 M29.81,8.97h106.2'/%3E%3Cpath style='stroke:%233273f6;stroke-width:2;stroke-miterlimit:10;' d='M148.01,18.02V-0.02 M138.99,9h18.04'/%3E%3C/svg%3E");
color: #fff !important;
}
#surly-badge.surly-badge_black-blue .surly-badge__header-text {
color: #3273f6 !important;
}
#surly-badge.surly-badge_black-blue .surly-badge__header-title {
color: #fff !important;
}
#surly-badge.surly-badge_black-blue .surly-badge__tag {
background-color: #3273f6 !important;
border-bottom: 1px solid #707070 !important;
}
#surly-badge.surly-badge_black-blue .surly-badge__tag-text {
color: #fff !important;
}
#surly-badge.surly-badge_black-blue .surly-badge__tag::before {
border-color: transparent #7f8ca5 transparent transparent !important;
}
#surly-badge.surly-badge_black-blue .surly-badge__tag::after {
border-color: transparent transparent transparent #7f8ca5 !important;
}
#surly-badge.surly-badge_black-blue .surly-badge__footer-link {
color: #3273f6 !important;
}
#surly-badge.surly-badge_black-blue .surly-badge__footer-title {
color: #fff !important;
}
#surly-badge.surly-badge_black-blue .surly-badge__footer-text {
color: #fff !important;
}
#surly-badge.surly-badge_black-gradient {
background-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 164 150'%3E%3Cpath style='fill:none;stroke:%23fff;stroke-width:2;stroke-miterlimit:10;' d='M16.05,22.74c0-7.61,6.16-13.76,13.76-13.76 M16.05,22.74v127.15 M29.02,140.85l-12.52,8.2 M28.47,141.01 h105.78 M134.25,141.01c7.61,0,13.76-6.16,13.76-13.76 M148.01,21.03v106.22 M29.81,8.97h106.2'/%3E%3Cpath style='stroke:%23ff715e;stroke-width:2;stroke-miterlimit:10;' d='M148.01,18.02V-0.02 M138.99,9h18.04'/%3E%3C/svg%3E");
color: #fff !important;
}
#surly-badge.surly-badge_black-gradient .surly-badge__header-text {
color: #3273f6 !important;
background: #ff715e !important;
background-image: -webkit-gradient(
linear,
left top,
right top,
from(#ff715e),
to(#00a8ff)
) !important;
background-image: -o-linear-gradient(
left,
#ff715e 0%,
#00a8ff 100%
) !important;
background-image: linear-gradient(90deg, #ff715e 0%, #00a8ff 100%) !important;
background-size: 100% !important;
-webkit-background-clip: text !important;
-moz-background-clip: text !important;
-webkit-text-fill-color: transparent !important;
-moz-text-fill-color: transparent !important;
}
#surly-badge.surly-badge_black-gradient .surly-badge__header-title {
color: #fff !important;
}
#surly-badge.surly-badge_black-gradient .surly-badge__tag {
background: #ff715e !important;
background: -webkit-gradient(
linear,
left top,
right top,
from(#ff715e),
to(#00a8ff)
) !important;
background: -o-linear-gradient(left, #ff715e 0%, #00a8ff 100%) !important;
background: linear-gradient(90deg, #ff715e 0%, #00a8ff 100%) !important;
border-bottom: 1px solid #707070 !important;
}
#surly-badge.surly-badge_black-gradient .surly-badge__tag-text {
color: #fff !important;
}
#surly-badge.surly-badge_black-gradient .surly-badge__tag::before {
border-color: transparent #914339 transparent transparent !important;
}
#surly-badge.surly-badge_black-gradient .surly-badge__tag::after {
border-color: transparent transparent transparent #3b7696 !important;
}
#surly-badge.surly-badge_black-gradient .surly-badge__footer-link {
color: #ff715e !important;
}
#surly-badge.surly-badge_black-gradient .surly-badge__footer-title {
color: #fff !important;
}
#surly-badge.surly-badge_black-gradient .surly-badge__footer-text {
color: #fff !important;
}
#surly-badge.surly-badge_black-red {
background-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 164 150'%3E%3Cpath style='fill:none;stroke:%23fff;stroke-width:2;stroke-miterlimit:10;' d='M16.05,22.74c0-7.61,6.16-13.76,13.76-13.76 M16.05,22.74v127.15 M29.02,140.85l-12.52,8.2 M28.47,141.01 h105.78 M134.25,141.01c7.61,0,13.76-6.16,13.76-13.76 M148.01,21.03v106.22 M29.81,8.97h106.2'/%3E%3Cpath style='stroke:%23ff715e;stroke-width:2;stroke-miterlimit:10;' d='M148.01,18.02V-0.02 M138.99,9h18.04'/%3E%3C/svg%3E");
color: #fff !important;
}
#surly-badge.surly-badge_black-red .surly-badge__header-text {
color: #ff715e !important;
}
#surly-badge.surly-badge_black-red .surly-badge__header-title {
color: #fff !important;
}
#surly-badge.surly-badge_black-red .surly-badge__tag {
background-color: #ff715e !important;
border-bottom: 1px solid #707070 !important;
}
#surly-badge.surly-badge_black-red .surly-badge__tag-text {
color: #fff !important;
}
#surly-badge.surly-badge_black-red .surly-badge__tag::before {
border-color: transparent #914339 transparent transparent !important;
}
#surly-badge.surly-badge_black-red .surly-badge__tag::after {
border-color: transparent transparent transparent #914339 !important;
}
#surly-badge.surly-badge_black-red .surly-badge__footer-link {
color: #ff715e !important;
}
#surly-badge.surly-badge_black-red .surly-badge__footer-title {
color: #fff !important;
}
#surly-badge.surly-badge_black-red .surly-badge__footer-text {
color: #fff !important;
}
#surly-badge.surly-badge_black-white {
background-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 164 150'%3E%3Cpath style='fill:none;stroke:%23fff;stroke-width:2;stroke-miterlimit:10;' d='M16.05,22.74c0-7.61,6.16-13.76,13.76-13.76 M16.05,22.74v127.15 M29.02,140.85l-12.52,8.2 M28.47,141.01 h105.78 M134.25,141.01c7.61,0,13.76-6.16,13.76-13.76 M148.01,21.03v106.22 M29.81,8.97h106.2'/%3E%3Cpath style='stroke:%23fff;stroke-width:2;stroke-miterlimit:10;' d='M148.01,18.02V-0.02 M138.99,9h18.04'/%3E%3C/svg%3E");
color: #fff !important;
}
#surly-badge.surly-badge_black-white .surly-badge__header-text {
color: #fff !important;
}
#surly-badge.surly-badge_black-white .surly-badge__header-title {
color: #fff !important;
}
#surly-badge.surly-badge_black-white .surly-badge__tag {
background-color: #fff !important;
border-bottom: 1px solid #707070 !important;
}
#surly-badge.surly-badge_black-white .surly-badge__tag-text {
color: #000 !important;
}
#surly-badge.surly-badge_black-white .surly-badge__tag::before {
border-color: transparent #707070 transparent transparent !important;
}
#surly-badge.surly-badge_black-white .surly-badge__tag::after {
border-color: transparent transparent transparent #707070 !important;
}
#surly-badge.surly-badge_black-white .surly-badge__footer-link {
color: #fff !important;
}
#surly-badge.surly-badge_black-white .surly-badge__footer-title {
color: #fff !important;
}
#surly-badge.surly-badge_black-white .surly-badge__footer-text {
color: #fff !important;
}
#surly-badge.surly-badge_white-blue {
background-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 164 150'%3E%3Cpath style='fill:none;stroke:%232e2e2e;stroke-width:2;stroke-miterlimit:10;' d='M16.05,22.74c0-7.61,6.16-13.76,13.76-13.76 M16.05,22.74v127.15 M29.02,140.85l-12.52,8.2 M28.47,141.01 h105.78 M134.25,141.01c7.61,0,13.76-6.16,13.76-13.76 M148.01,21.03v106.22 M29.81,8.97h106.2'/%3E%3Cpath style='stroke:%2302a7fd;stroke-width:2;stroke-miterlimit:10;' d='M148.01,18.02V-0.02 M138.99,9h18.04'/%3E%3C/svg%3E");
color: #2e2e2e !important;
}
#surly-badge.surly-badge_white-blue .surly-badge__header-text {
color: #02a7fd !important;
}
#surly-badge.surly-badge_white-blue .surly-badge__header-title {
color: #2e2e2e !important;
}
#surly-badge.surly-badge_white-blue .surly-badge__tag {
background-color: #02a7fd !important;
border-bottom: 1px solid #707070 !important;
}
#surly-badge.surly-badge_white-blue .surly-badge__tag-text {
color: #fff !important;
}
#surly-badge.surly-badge_white-blue .surly-badge__tag::before {
border-color: transparent #3b7696 transparent transparent !important;
}
#surly-badge.surly-badge_white-blue .surly-badge__tag::after {
border-color: transparent transparent transparent #3b7696 !important;
}
#surly-badge.surly-badge_white-blue .surly-badge__footer-link {
color: #02a7fd !important;
}
#surly-badge.surly-badge_white-blue .surly-badge__footer-title {
color: #2e2e2e !important;
}
#surly-badge.surly-badge_white-blue .surly-badge__footer-text {
color: #2e2e2e !important;
}
#surly-badge.surly-badge_white-gradient {
background-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 164 150'%3E%3Cpath style='fill:none;stroke:%232e2e2e;stroke-width:2;stroke-miterlimit:10;' d='M16.05,22.74c0-7.61,6.16-13.76,13.76-13.76 M16.05,22.74v127.15 M29.02,140.85l-12.52,8.2 M28.47,141.01 h105.78 M134.25,141.01c7.61,0,13.76-6.16,13.76-13.76 M148.01,21.03v106.22 M29.81,8.97h106.2'/%3E%3Cpath style='stroke:%23ff5741;stroke-width:2;stroke-miterlimit:10;' d='M148.01,18.02V-0.02 M138.99,9h18.04'/%3E%3C/svg%3E");
color: #2e2e2e !important;
}
#surly-badge.surly-badge_white-gradient .surly-badge__header-text {
color: #ff5741 !important;
background: #ff715e !important;
background-image: -webkit-gradient(
linear,
left top,
right top,
from(#ff715e),
to(#00a8ff)
) !important;
background-image: -o-linear-gradient(
left,
#ff715e 0%,
#00a8ff 100%
) !important;
background-image: linear-gradient(90deg, #ff715e 0%, #00a8ff 100%) !important;
background-size: 100% !important;
-webkit-background-clip: text !important;
-moz-background-clip: text !important;
-webkit-text-fill-color: transparent !important;
-moz-text-fill-color: transparent !important;
}
#surly-badge.surly-badge_white-gradient .surly-badge__header-title {
color: #2e2e2e !important;
}
#surly-badge.surly-badge_white-gradient .surly-badge__tag {
background: #ff715e !important;
background: -webkit-gradient(
linear,
left top,
right top,
from(#ff715e),
to(#00a8ff)
) !important;
background: -o-linear-gradient(left, #ff715e 0%, #00a8ff 100%) !important;
background: linear-gradient(90deg, #ff715e 0%, #00a8ff 100%) !important;
border-bottom: 1px solid #707070 !important;
}
#surly-badge.surly-badge_white-gradient .surly-badge__tag-text {
color: #fff !important;
}
#surly-badge.surly-badge_white-gradient .surly-badge__tag::before {
border-color: transparent #914339 transparent transparent !important;
}
#surly-badge.surly-badge_white-gradient .surly-badge__tag::after {
border-color: transparent transparent transparent #3b7696 !important;
}
#surly-badge.surly-badge_white-gradient .surly-badge__footer-link {
color: #ff5741 !important;
}
#surly-badge.surly-badge_white-gradient .surly-badge__footer-title {
color: #2e2e2e !important;
}
#surly-badge.surly-badge_white-gradient .surly-badge__footer-text {
color: #2e2e2e !important;
}
#surly-badge.surly-badge_white-red {
background-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 164 150'%3E%3Cpath style='fill:none;stroke:%232e2e2e;stroke-width:2;stroke-miterlimit:10;' d='M16.05,22.74c0-7.61,6.16-13.76,13.76-13.76 M16.05,22.74v127.15 M29.02,140.85l-12.52,8.2 M28.47,141.01 h105.78 M134.25,141.01c7.61,0,13.76-6.16,13.76-13.76 M148.01,21.03v106.22 M29.81,8.97h106.2'/%3E%3Cpath style='stroke:%23ff715e;stroke-width:2;stroke-miterlimit:10;' d='M148.01,18.02V-0.02 M138.99,9h18.04'/%3E%3C/svg%3E");
color: #2e2e2e !important;
}
#surly-badge.surly-badge_white-red .surly-badge__header-text {
color: #ff715e !important;
}
#surly-badge.surly-badge_white-red .surly-badge__header-title {
color: #2e2e2e !important;
}
#surly-badge.surly-badge_white-red .surly-badge__tag {
background-color: #ff715e !important;
border-bottom: 1px solid #707070 !important;
}
#surly-badge.surly-badge_white-red .surly-badge__tag-text {
color: #fff !important;
}
#surly-badge.surly-badge_white-red .surly-badge__tag::before {
border-color: transparent #914339 transparent transparent !important;
}
#surly-badge.surly-badge_white-red .surly-badge__tag::after {
border-color: transparent transparent transparent #914339 !important;
}
#surly-badge.surly-badge_white-red .surly-badge__footer-link {
color: #ff715e !important;
}
#surly-badge.surly-badge_white-red .surly-badge__footer-title {
color: #2e2e2e !important;
}
#surly-badge.surly-badge_white-red .surly-badge__footer-text {
color: #2e2e2e !important;
}
#surly-badge.surly-badge_white-black {
background-image: url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 164 150'%3E%3Cpath style='fill:none;stroke:%232e2e2e;stroke-width:2;stroke-miterlimit:10;' d='M16.05,22.74c0-7.61,6.16-13.76,13.76-13.76 M16.05,22.74v127.15 M29.02,140.85l-12.52,8.2 M28.47,141.01 h105.78 M134.25,141.01c7.61,0,13.76-6.16,13.76-13.76 M148.01,21.03v106.22 M29.81,8.97h106.2'/%3E%3Cpath style='stroke:%23707070;stroke-width:2;stroke-miterlimit:10;' d='M148.01,18.02V-0.02 M138.99,9h18.04'/%3E%3C/svg%3E");
color: #2e2e2e !important;
}
#surly-badge.surly-badge_white-black .surly-badge__header-text {
color: #2e2e2e !important;
}
#surly-badge.surly-badge_white-black .surly-badge__header-title {
color: #2e2e2e !important;
}
#surly-badge.surly-badge_white-black .surly-badge__tag {
background-color: #2e2e2e !important;
border-bottom: 1px solid #707070 !important;
}
#surly-badge.surly-badge_white-black .surly-badge__tag-text {
color: #fff !important;
}
#surly-badge.surly-badge_white-black .surly-badge__tag::before {
border-color: transparent #707070 transparent transparent !important;
}
#surly-badge.surly-badge_white-black .surly-badge__tag::after {
border-color: transparent transparent transparent #707070 !important;
}
#surly-badge.surly-badge_white-black .surly-badge__footer-link {
color: #2e2e2e !important;
}
#surly-badge.surly-badge_white-black .surly-badge__footer-title {
color: #2e2e2e !important;
}
#surly-badge.surly-badge_white-black .surly-badge__footer-text {
color: #2e2e2e !important;
}
#surly-badge .surly-badge__header {
position: relative !important;
z-index: 10 !important;
padding: 12px 6px 0 !important;
}
#surly-badge .surly-badge__header-title {
font-family: sans-serif !important;
font-size: 12px !important;
font-weight: 600 !important;
text-transform: uppercase !important;
line-height: 1 !important;
float: none !important;
text-align: center !important;
padding: 0 !important;
margin: 0 !important;
margin-bottom: 6px !important;
}
#surly-badge .surly-badge__header-text {
font-size: 40px !important;
font-weight: 700 !important;
text-transform: uppercase !important;
line-height: 33px !important;
float: none !important;
padding: 0 !important;
margin: 0 !important;
margin-bottom: 4px !important;
}
#surly-badge .surly-badge__tag {
height: 18px !important;
width: calc(100% + 26px) !important;
display: -webkit-box !important;
display: -ms-flexbox !important;
display: flex !important;
-webkit-box-align: center !important;
-ms-flex-align: center !important;
align-items: center !important;
position: relative !important;
z-index: 10 !important;
-ms-flex-negative: 0 !important;
flex-shrink: 0 !important;
padding: 0 2px !important;
}
#surly-badge .surly-badge__tag-text {
font-size: 10px !important;
font-weight: 500 !important;
cursor: pointer !important;
white-space: nowrap !important;
overflow: hidden !important;
width: 100% !important;
float: none !important;
-o-text-overflow: ellipsis !important;
text-overflow: ellipsis !important;
line-height: initial !important;
text-decoration: none !important;
padding: 0 0 !important;
}
#surly-badge .surly-badge__tag::before,
#surly-badge .surly-badge__tag::after {
content: "" !important;
display: block !important;
position: absolute !important;
width: 0 !important;
height: 0 !important;
border-style: solid !important;
}
#surly-badge .surly-badge__tag::before {
border-width: 0 15px 15px 0 !important;
left: 0 !important;
bottom: -15px !important;
}
#surly-badge .surly-badge__tag::after {
border-width: 15px 0 0 15px !important;
right: 0 !important;
top: -15px !important;
}
#surly-badge .surly-badge__footer {
position: relative !important;
z-index: 10 !important;
white-space: nowrap !important;
width: 100% !important;
padding-top: 6px !important;
}
#surly-badge .surly-badge__footer-title {
font-family: sans-serif !important;
font-size: 15px !important;
font-weight: 600 !important;
text-transform: uppercase !important;
overflow: hidden !important;
-o-text-overflow: ellipsis !important;
text-overflow: ellipsis !important;
letter-spacing: -0.5px !important;
line-height: 1 !important;
float: none !important;
text-align: center !important;
-webkit-box-sizing: border-box !important;
box-sizing: border-box !important;
padding: 0 12px !important;
margin: 0 !important;
margin-bottom: 5px !important;
}
#surly-badge .surly-badge__footer-text {
font-size: 13px !important;
font-weight: 500 !important;
line-height: 1 !important;
float: none !important;
text-align: center !important;
padding: 0 !important;
margin: 0 !important;
}
#surly-badge .surly-badge__footer-link {
font-size: 13px !important;
cursor: pointer !important;
text-decoration: underline !important;
line-height: initial !important;
display: inline-block !important;
float: none !important;
}
#surly-badge .surly-badge__date {
font-size: 16px !important;
font-weight: 600 !important;
-webkit-box-flex: 1 !important;
-ms-flex-positive: 1 !important;
flex-grow: 1 !important;
display: -webkit-box !important;
display: -ms-flexbox !important;
display: flex !important;
-webkit-box-align: end !important;
-ms-flex-align: end !important;
align-items: flex-end !important;
line-height: 1 !important;
text-align: center !important;
float: none !important;
}
#surly-badge br {
display: none !important;
}
.surly__id_56263329.surly-badge_white-blue {
margin: 0 auto !important;
}
.surly__id_135641946#surly-badge {
padding-top: 6px !important;
}
.surly__id_135641946#surly-badge .surly-badge__footer {
line-height: 1 !important;
}
.surly__id_135641946#surly-badge .surly-badge__footer-title {
margin-bottom: 2px !important;
}

2
ivatar/static/design_media/libravatar_header.svg
View File

@@ -1 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1656.69 67"><defs><style>.cls-1{fill:#fff;}</style></defs><title>Element 1</title><g id="Ebene_2" data-name="Ebene 2"><g id="Ebene_1-2" data-name="Ebene 1"><g id="Ebene_2-2" data-name="Ebene 2-2"><path class="cls-1" d="M1.69,67c72,0,578-67,943-67s712,67,712,67Z"/></g></g></g></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1656.69 67"><defs><style>.cls-1{fill:#fff;}</style></defs><title>Element 1</title><g id="Ebene_2" data-name="Ebene 2"><g id="Ebene_1-2" data-name="Ebene 1"><g id="Ebene_2-2" data-name="Ebene 2-2"><path class="cls-1" d="M1.69,67c72,0,578-67,943-67s712,67,712,67Z"/></g></g></g></svg>
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 336 B

After

Width:  |  Height:  |  Size: 335 B

BIN
ivatar/static/fonts/fa-brands-400.ttf
View File

Binary file not shown.

BIN
ivatar/static/fonts/fa-brands-400.woff2
View File

Binary file not shown.

BIN
ivatar/static/fonts/fa-regular-400.ttf
View File

Binary file not shown.

BIN
ivatar/static/fonts/fa-regular-400.woff2
View File

Binary file not shown.

BIN
ivatar/static/fonts/fa-solid-900.ttf
View File

Binary file not shown.

BIN
ivatar/static/fonts/fa-solid-900.woff2
View File

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show More