Matrix-Mirrors/synapse-product
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/synapse-product.git synced 2024-09-06 23:11:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Always allow the empty string as an avatar_url. (#12261)

Browse Source 
Hopefully this fixes #12257.

Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
This commit is contained in:
David Robertson 2022-03-25 13:28:42 +00:00 committed by GitHub
parent 61aae18d45
commit fffb3c4c8f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changelog.d/12261.bugfix Normal file
View File

@ -0,0 +1 @@
Fix a bug introduced in Synapse 1.52 where admins could not deactivate and GDPR-erase a user if Synapse was configured with limits on avatars.

6
synapse/handlers/profile.py
View File

@ -336,12 +336,18 @@ class ProfileHandler:
"""Check that the size and content type of the avatar at the given MXC URI are """Check that the size and content type of the avatar at the given MXC URI are
within the configured limits. within the configured limits.
If the given `mxc` is empty, no checks are performed. (Users are always able to
unset their avatar.)
Args: Args:
mxc: The MXC URI at which the avatar can be found. mxc: The MXC URI at which the avatar can be found.
Returns: Returns:
A boolean indicating whether the file can be allowed to be set as an avatar. A boolean indicating whether the file can be allowed to be set as an avatar.
""" """
if mxc == "":
return True
if not self.max_avatar_size and not self.allowed_avatar_mimetypes: if not self.max_avatar_size and not self.allowed_avatar_mimetypes:
return True return True

6
tests/handlers/test_profile.py
View File

@ -267,6 +267,12 @@ class ProfileTestCase(unittest.HomeserverTestCase):
) )
self.assertTrue(res) self.assertTrue(res)
@unittest.override_config({"max_avatar_size": 50})
def test_avatar_constraints_allow_empty_avatar_url(self) -> None:
"""An empty avatar is always permitted."""
res = self.get_success(self.handler.check_avatar_size_and_mime_type(""))
self.assertTrue(res)
@unittest.override_config({"max_avatar_size": 50}) @unittest.override_config({"max_avatar_size": 50})
def test_avatar_constraints_missing(self) -> None: def test_avatar_constraints_missing(self) -> None:
"""Tests that an avatar isn't allowed if the file at the given MXC URI couldn't """Tests that an avatar isn't allowed if the file at the given MXC URI couldn't

19
tests/rest/admin/test_user.py
View File

@ -1050,6 +1050,25 @@ class DeactivateAccountTestCase(unittest.HomeserverTestCase):
self._is_erased("@user:test", True) self._is_erased("@user:test", True)
@override_config({"max_avatar_size": 1234})
def test_deactivate_user_erase_true_avatar_nonnull_but_empty(self) -> None:
"""Check we can erase a user whose avatar is the empty string.
Reproduces #12257.
"""
# Patch `self.other_user` to have an empty string as their avatar.
self.get_success(self.store.set_profile_avatar_url("user", ""))
# Check we can still erase them.
channel = self.make_request(
"POST",
self.url,
access_token=self.admin_user_tok,
content={"erase": True},
)
self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.json_body)
self._is_erased("@user:test", True)
def test_deactivate_user_erase_false(self) -> None: def test_deactivate_user_erase_false(self) -> None:
""" """
Test deactivating a user and set `erase` to `false` Test deactivating a user and set `erase` to `false`