Always allow the empty string as an avatar_url. (#12261)
Hopefully this fixes #12257. Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
This commit is contained in:
parent
61aae18d45
commit
fffb3c4c8f
|
@ -0,0 +1 @@
|
||||||
|
Fix a bug introduced in Synapse 1.52 where admins could not deactivate and GDPR-erase a user if Synapse was configured with limits on avatars.
|
|
@ -336,12 +336,18 @@ class ProfileHandler:
|
||||||
"""Check that the size and content type of the avatar at the given MXC URI are
|
"""Check that the size and content type of the avatar at the given MXC URI are
|
||||||
within the configured limits.
|
within the configured limits.
|
||||||
|
|
||||||
|
If the given `mxc` is empty, no checks are performed. (Users are always able to
|
||||||
|
unset their avatar.)
|
||||||
|
|
||||||
Args:
|
Args:
|
||||||
mxc: The MXC URI at which the avatar can be found.
|
mxc: The MXC URI at which the avatar can be found.
|
||||||
|
|
||||||
Returns:
|
Returns:
|
||||||
A boolean indicating whether the file can be allowed to be set as an avatar.
|
A boolean indicating whether the file can be allowed to be set as an avatar.
|
||||||
"""
|
"""
|
||||||
|
if mxc == "":
|
||||||
|
return True
|
||||||
|
|
||||||
if not self.max_avatar_size and not self.allowed_avatar_mimetypes:
|
if not self.max_avatar_size and not self.allowed_avatar_mimetypes:
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
|
|
@ -267,6 +267,12 @@ class ProfileTestCase(unittest.HomeserverTestCase):
|
||||||
)
|
)
|
||||||
self.assertTrue(res)
|
self.assertTrue(res)
|
||||||
|
|
||||||
|
@unittest.override_config({"max_avatar_size": 50})
|
||||||
|
def test_avatar_constraints_allow_empty_avatar_url(self) -> None:
|
||||||
|
"""An empty avatar is always permitted."""
|
||||||
|
res = self.get_success(self.handler.check_avatar_size_and_mime_type(""))
|
||||||
|
self.assertTrue(res)
|
||||||
|
|
||||||
@unittest.override_config({"max_avatar_size": 50})
|
@unittest.override_config({"max_avatar_size": 50})
|
||||||
def test_avatar_constraints_missing(self) -> None:
|
def test_avatar_constraints_missing(self) -> None:
|
||||||
"""Tests that an avatar isn't allowed if the file at the given MXC URI couldn't
|
"""Tests that an avatar isn't allowed if the file at the given MXC URI couldn't
|
||||||
|
|
|
@ -1050,6 +1050,25 @@ class DeactivateAccountTestCase(unittest.HomeserverTestCase):
|
||||||
|
|
||||||
self._is_erased("@user:test", True)
|
self._is_erased("@user:test", True)
|
||||||
|
|
||||||
|
@override_config({"max_avatar_size": 1234})
|
||||||
|
def test_deactivate_user_erase_true_avatar_nonnull_but_empty(self) -> None:
|
||||||
|
"""Check we can erase a user whose avatar is the empty string.
|
||||||
|
|
||||||
|
Reproduces #12257.
|
||||||
|
"""
|
||||||
|
# Patch `self.other_user` to have an empty string as their avatar.
|
||||||
|
self.get_success(self.store.set_profile_avatar_url("user", ""))
|
||||||
|
|
||||||
|
# Check we can still erase them.
|
||||||
|
channel = self.make_request(
|
||||||
|
"POST",
|
||||||
|
self.url,
|
||||||
|
access_token=self.admin_user_tok,
|
||||||
|
content={"erase": True},
|
||||||
|
)
|
||||||
|
self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.json_body)
|
||||||
|
self._is_erased("@user:test", True)
|
||||||
|
|
||||||
def test_deactivate_user_erase_false(self) -> None:
|
def test_deactivate_user_erase_false(self) -> None:
|
||||||
"""
|
"""
|
||||||
Test deactivating a user and set `erase` to `false`
|
Test deactivating a user and set `erase` to `false`
|
||||||
|
|
Loading…
Reference in New Issue