avatar: don't generate avatars for non-users
parent
a6cc147595
commit
b10f6478da
|
@ -197,7 +197,8 @@ class AvatarCache:
|
||||||
res = []
|
res = []
|
||||||
|
|
||||||
avatar = None
|
avatar = None
|
||||||
if len(res) == 1:
|
is_user_found = len(res) == 1
|
||||||
|
if is_user_found:
|
||||||
for attr, vs in res[0][1].items():
|
for attr, vs in res[0][1].items():
|
||||||
if attr == 'jpegPhoto':
|
if attr == 'jpegPhoto':
|
||||||
for v in vs:
|
for v in vs:
|
||||||
|
@ -217,7 +218,9 @@ class AvatarCache:
|
||||||
# If nothing was found in LDAP (either uid doesn't exist or uid doesn't
|
# If nothing was found in LDAP (either uid doesn't exist or uid doesn't
|
||||||
# have an avatar attached), serve default avatar.
|
# have an avatar attached), serve default avatar.
|
||||||
if avatar is None:
|
if avatar is None:
|
||||||
avatar = default_avatar(uid)
|
# don't generate avatars for non-users to reduce DoS potential
|
||||||
|
# (note: capacifier already leaks existence of users, so whatever)
|
||||||
|
avatar = default_avatar(uid if is_user_found else 'default')
|
||||||
|
|
||||||
# Save avatar in cache.
|
# Save avatar in cache.
|
||||||
entry = AvatarCacheEntry(uid, avatar)
|
entry = AvatarCacheEntry(uid, avatar)
|
||||||
|
|
Loading…
Reference in New Issue