avatar: don't generate avatars for non-users
parent
a6cc147595
commit
b10f6478da
|
@ -197,7 +197,8 @@ class AvatarCache:
|
|||
res = []
|
||||
|
||||
avatar = None
|
||||
if len(res) == 1:
|
||||
is_user_found = len(res) == 1
|
||||
if is_user_found:
|
||||
for attr, vs in res[0][1].items():
|
||||
if attr == 'jpegPhoto':
|
||||
for v in vs:
|
||||
|
@ -217,7 +218,9 @@ class AvatarCache:
|
|||
# If nothing was found in LDAP (either uid doesn't exist or uid doesn't
|
||||
# have an avatar attached), serve default avatar.
|
||||
if avatar is None:
|
||||
avatar = default_avatar(uid)
|
||||
# don't generate avatars for non-users to reduce DoS potential
|
||||
# (note: capacifier already leaks existence of users, so whatever)
|
||||
avatar = default_avatar(uid if is_user_found else 'default')
|
||||
|
||||
# Save avatar in cache.
|
||||
entry = AvatarCacheEntry(uid, avatar)
|
||||
|
|
Loading…
Reference in New Issue