summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJoas Schilling <coding@schilljs.com>2022-02-04 12:12:48 +0100
committerJoas Schilling <coding@schilljs.com>2022-02-07 16:47:51 +0100
commit6dd60b6d304648acf542a84ba76ad5fc0b693b43 (patch)
tree74a9ab5e9f0c9a212211b417320f3453e10b5647
parenteb340734192e44acc3e4e80442fe54371431ad12 (diff)
downloadnextcloud-server-6dd60b6d304648acf542a84ba76ad5fc0b693b43.tar.gz
nextcloud-server-6dd60b6d304648acf542a84ba76ad5fc0b693b43.zip
Only allow avatars in 64 and 512 pixel size
Signed-off-by: Joas Schilling <coding@schilljs.com>
-rw-r--r--build/integration/features/avatar.feature26
-rw-r--r--core/Controller/AvatarController.php13
-rw-r--r--core/Controller/GuestAvatarController.php13
-rw-r--r--tests/Core/Controller/AvatarControllerTest.php62
-rw-r--r--tests/Core/Controller/GuestAvatarControllerTest.php2
5 files changed, 83 insertions, 33 deletions
diff --git a/build/integration/features/avatar.feature b/build/integration/features/avatar.feature
index f7926615c01..2d6cb66548f 100644
--- a/build/integration/features/avatar.feature
+++ b/build/integration/features/avatar.feature
@@ -8,7 +8,7 @@ Feature: avatar
Then The following headers should be set
| Content-Type | image/png |
| X-NC-IsCustomAvatar | 0 |
- And last avatar is a square of size 128
+ And last avatar is a square of size 512
And last avatar is not a single color
Scenario: get default user avatar as an anonymous user
@@ -16,7 +16,7 @@ Feature: avatar
Then The following headers should be set
| Content-Type | image/png |
| X-NC-IsCustomAvatar | 0 |
- And last avatar is a square of size 128
+ And last avatar is a square of size 512
And last avatar is not a single color
@@ -39,7 +39,7 @@ Feature: avatar
Then The following headers should be set
| Content-Type | image/png |
| X-NC-IsCustomAvatar | 0 |
- And last avatar is a square of size 128
+ And last avatar is a square of size 512
And last avatar is not a single color
@@ -57,13 +57,13 @@ Feature: avatar
And The following headers should be set
| Content-Type | image/png |
| X-NC-IsCustomAvatar | 1 |
- And last avatar is a square of size 128
+ And last avatar is a square of size 512
And last avatar is a single "#FF0000" color
And user "anonymous" gets avatar for user "user0"
And The following headers should be set
| Content-Type | image/png |
| X-NC-IsCustomAvatar | 1 |
- And last avatar is a square of size 128
+ And last avatar is a square of size 512
And last avatar is a single "#FF0000" color
Scenario: set user avatar from internal path
@@ -112,26 +112,26 @@ Feature: avatar
And The following headers should be set
| Content-Type | image/png |
| X-NC-IsCustomAvatar | 1 |
- And last avatar is a square of size 128
+ And last avatar is a square of size 512
And last avatar is a single "#FF0000" color
And user "anonymous" gets avatar for user "user0"
And The following headers should be set
| Content-Type | image/png |
| X-NC-IsCustomAvatar | 1 |
- And last avatar is a square of size 128
+ And last avatar is a square of size 512
And last avatar is a single "#FF0000" color
When logged in user deletes the user avatar
Then user "user0" gets avatar for user "user0"
And The following headers should be set
| Content-Type | image/png |
| X-NC-IsCustomAvatar | 0 |
- And last avatar is a square of size 128
+ And last avatar is a square of size 512
And last avatar is not a single color
And user "anonymous" gets avatar for user "user0"
And The following headers should be set
| Content-Type | image/png |
| X-NC-IsCustomAvatar | 0 |
- And last avatar is a square of size 128
+ And last avatar is a square of size 512
And last avatar is not a single color
@@ -148,7 +148,7 @@ Feature: avatar
Then The following headers should be set
| Content-Type | image/png |
| X-NC-IsCustomAvatar | 1 |
- And last avatar is a square of size 192
+ And last avatar is a square of size 512
And last avatar is a single "#FF0000" color
Scenario: get user avatar with a smaller size than the original one
@@ -163,7 +163,7 @@ Feature: avatar
Then The following headers should be set
| Content-Type | image/png |
| X-NC-IsCustomAvatar | 1 |
- And last avatar is a square of size 96
+ And last avatar is a square of size 512
And last avatar is a single "#FF0000" color
@@ -172,12 +172,12 @@ Feature: avatar
When user "user0" gets avatar for guest "guest0"
Then The following headers should be set
| Content-Type | image/png |
- And last avatar is a square of size 128
+ And last avatar is a square of size 512
And last avatar is not a single color
Scenario: get default guest avatar as an anonymous user
When user "anonymous" gets avatar for guest "guest0"
Then The following headers should be set
| Content-Type | image/png |
- And last avatar is a square of size 128
+ And last avatar is a square of size 512
And last avatar is not a single color
diff --git a/core/Controller/AvatarController.php b/core/Controller/AvatarController.php
index 5acfe9cd404..ed8d0c3cdeb 100644
--- a/core/Controller/AvatarController.php
+++ b/core/Controller/AvatarController.php
@@ -114,11 +114,16 @@ class AvatarController extends Controller {
* @return JSONResponse|FileDisplayResponse
*/
public function getAvatar($userId, $size) {
- // min/max size
- if ($size > 2048) {
- $size = 2048;
- } elseif ($size <= 0) {
+ if ($size <= 64) {
+ if ($size !== 64) {
+ $this->logger->debug('Avatar requested in deprecated size ' . $size);
+ }
$size = 64;
+ } else {
+ if ($size !== 512) {
+ $this->logger->debug('Avatar requested in deprecated size ' . $size);
+ }
+ $size = 512;
}
try {
diff --git a/core/Controller/GuestAvatarController.php b/core/Controller/GuestAvatarController.php
index 57900af810d..6d14474ed44 100644
--- a/core/Controller/GuestAvatarController.php
+++ b/core/Controller/GuestAvatarController.php
@@ -76,11 +76,16 @@ class GuestAvatarController extends Controller {
public function getAvatar($guestName, $size) {
$size = (int) $size;
- // min/max size
- if ($size > 2048) {
- $size = 2048;
- } elseif ($size <= 0) {
+ if ($size <= 64) {
+ if ($size !== 64) {
+ $this->logger->debug('Avatar requested in deprecated size ' . $size);
+ }
$size = 64;
+ } else {
+ if ($size !== 512) {
+ $this->logger->debug('Avatar requested in deprecated size ' . $size);
+ }
+ $size = 512;
}
try {
diff --git a/tests/Core/Controller/AvatarControllerTest.php b/tests/Core/Controller/AvatarControllerTest.php
index 35d89c24a45..8d3cd73a656 100644
--- a/tests/Core/Controller/AvatarControllerTest.php
+++ b/tests/Core/Controller/AvatarControllerTest.php
@@ -193,46 +193,86 @@ class AvatarControllerTest extends \Test\TestCase {
$this->assertEquals(Http::STATUS_NOT_FOUND, $response->getStatus());
}
+ public function testGetAvatarSize64(): void {
+ $this->avatarMock->expects($this->once())
+ ->method('getFile')
+ ->with($this->equalTo(64))
+ ->willReturn($this->avatarFile);
+
+ $this->avatarManager->method('getAvatar')->willReturn($this->avatarMock);
+
+ $this->logger->expects($this->never())
+ ->method('debug');
+
+ $this->avatarController->getAvatar('userId', 64);
+ }
+
+ public function testGetAvatarSize512(): void {
+ $this->avatarMock->expects($this->once())
+ ->method('getFile')
+ ->with($this->equalTo(512))
+ ->willReturn($this->avatarFile);
+
+ $this->avatarManager->method('getAvatar')->willReturn($this->avatarMock);
+
+ $this->logger->expects($this->never())
+ ->method('debug');
+
+ $this->avatarController->getAvatar('userId', 512);
+ }
+
/**
- * Make sure we get the correct size
+ * Small sizes return 64 and generate a log
*/
- public function testGetAvatarSize() {
+ public function testGetAvatarSizeTooSmall(): void {
$this->avatarMock->expects($this->once())
->method('getFile')
- ->with($this->equalTo(32))
+ ->with($this->equalTo(64))
->willReturn($this->avatarFile);
$this->avatarManager->method('getAvatar')->willReturn($this->avatarMock);
+ $this->logger->expects($this->once())
+ ->method('debug')
+ ->with('Avatar requested in deprecated size 32');
+
$this->avatarController->getAvatar('userId', 32);
}
/**
- * We cannot get avatars that are 0 or negative
+ * Avatars between 64 and 512 are upgraded to 512
*/
- public function testGetAvatarSizeMin() {
+ public function testGetAvatarSizeBetween(): void {
$this->avatarMock->expects($this->once())
->method('getFile')
- ->with($this->equalTo(64))
+ ->with($this->equalTo(512))
->willReturn($this->avatarFile);
$this->avatarManager->method('getAvatar')->willReturn($this->avatarMock);
- $this->avatarController->getAvatar('userId', 0);
+ $this->logger->expects($this->once())
+ ->method('debug')
+ ->with('Avatar requested in deprecated size 65');
+
+ $this->avatarController->getAvatar('userId', 65);
}
/**
- * We do not support avatars larger than 2048*2048
+ * We do not support avatars larger than 512
*/
- public function testGetAvatarSizeMax() {
+ public function testGetAvatarSizeTooBig(): void {
$this->avatarMock->expects($this->once())
->method('getFile')
- ->with($this->equalTo(2048))
+ ->with($this->equalTo(512))
->willReturn($this->avatarFile);
$this->avatarManager->method('getAvatar')->willReturn($this->avatarMock);
- $this->avatarController->getAvatar('userId', 2049);
+ $this->logger->expects($this->once())
+ ->method('debug')
+ ->with('Avatar requested in deprecated size 513');
+
+ $this->avatarController->getAvatar('userId', 513);
}
/**
diff --git a/tests/Core/Controller/GuestAvatarControllerTest.php b/tests/Core/Controller/GuestAvatarControllerTest.php
index e14a5416c49..b5682d2d716 100644
--- a/tests/Core/Controller/GuestAvatarControllerTest.php
+++ b/tests/Core/Controller/GuestAvatarControllerTest.php
@@ -77,7 +77,7 @@ class GuestAvatarControllerTest extends \Test\TestCase {
$this->avatar->expects($this->once())
->method('getFile')
- ->with(128)
+ ->with(512)
->willReturn($this->file);
$this->file->method('getMimeType')