Option to disable Gravatar

[josefandersson]

Out of both privacy and self-sufficiency concerns I would like Gravatar to be optional. I can think of a few alternatives for how to do this:

1. "avatar.enable" config to just outright not render avatars if disabled.
2. "avatar.gravatar" config to return a generic profile.png asset when the avatar url method is called and this option is disabled. (This would be easier from a frontend POV to not have to consider design when no image is rendered.)
3. In combination with the above, allow users to upload their own profile pictures. Fallback to Gravatar if no picture available and Gravatar is enabled in config, otherwise show generic profile.png.
4. In combination with the above, also use the avatar url provided by goth when users use OAuth to sign in. Possibly download the third-party avatar on sign in and host it ourselves, especially for non-selfhosted OAuth providers (Github).
5. One of the above and remove Gravatar completely (this is not a good option as Gravatar still is a great service that I'm sure some users want to use).

I would personally want to see no. 4 in combination with no. 2 and eventually no. 3. I looked at how to implement no. 4 and am not quite sure how it best be done, but storing an oauthAvatarUrl on the user may work, and we just make sure to update this on every session renewal and delete on oauth provider deletion. A problem would arise when changing Gitea url in the config though, if we store the full image url from a previous TLD... Thoughts?

I've never written anything in Go but I can still give it a shot after we discuss that to implement.

[thomiceli]

Hi, thanks for the thoughts!

I'm not into uploading and storing pictures via Opengist.. but instead having an url pointing to an image.
It would be ok to have an option to disable gravatar, either in the config.yml or via the admin panel.

So, i would say : either you use Gravatar (if enabled) with your email or enter an url to your picture; and if you're logged in with OAuth we can set the url to the picture according to the provider (https://avatars.githubusercontent.com/u/:github_userid or https://gitea.com/api/v1/users/:gitea_username)

What do you think ?

[josefandersson]

I get why you're against hosting the images! Saving the url to their oauth provider avatar sounds good enough to me (and don't we already get that data from goth when authenticating?).

Do you mean allowing the user to set their own url? That sounds like a privacy risk to me...

I'm thinking that this is good enough for the time being:

• "Use Gravatar" option
• "Use avatar from OAuth provider" option

And fallback to an anonymous profile.png otherwise.

What should be stored in db? A single avatar_url string which will be updated on every OAuth authentication?

[thomiceli]

Your idea of avatar_url sounds good.

I can see in the user settings radio buttons to either choose to display the avatar from Gravatar or from the OAuth provider (if both options are enabled of course)

Anyway one hitch about this whole feature would be in the revisions list, where you can have multiple users who have committed : right now getting the avatar from Gravatar is based on the git committer email address, but now it would actually need one more database query instead to get avatar urls

[josefandersson]

I was thinking that both Gravatar and OAuth Avatar could be enabled at the same time and that we practically just do

var avatarUrl =
    (OAuthAvatar.Enabled ? OAuthAvatarUrl : null)
        ?? (Gravatar.Enabled ? GravatarAvatarUrl : null)
        ?? MissingProfile.png

does that make sense?

The extra query is a valid concern. But it shouldn't have too big of an impact though? (Albeit we are using SQLite atm... :P) I will see if I have the time to experiment with this feature tonight if you're not already on it. :)

[thomiceli]

I would have replaced nulls with MissingProfile.png; also with your logic there you cant use your Gravatar pic if you log in with an OAuth provider, but it's actually fine by me since i want to keep this simple for now :)

If you have some spare time to implement this, i would be glad to see your contribution :)