SSO avatars not being overridden

windy · 21 ديسمبر 2016، 5:40م

I know there are a few other posts about this, but none of them were able to solve my problem. Everything else in our SSO implementation works fine; this is the only thing that’s not working as expected. I’ve tried setting avatar_force_update to both true and 1 to no avail.

Code snippet w/ verbose log output: https://gist.github.com/windy1/86ee6965fbcd00036fbeae56cfa659b7

Any insight is much appreciated, thanks.

alehandrof · 21 ديسمبر 2016، 6:23م

If you’re in development, maybe it’s this:

Edit: nevermind, you’re using non-local URLs.

windy · 23 ديسمبر 2016، 4:14م

Bump (sorry)…

Falco · 23 ديسمبر 2016، 4:39م

DId you enable sso overrides avatar ?

windy · 23 ديسمبر 2016، 4:51م

Yes I did. Sorry should have mentioned that.

windy · 27 ديسمبر 2016، 10:16م

@Falco Any other possible fixes you can think of? Kind of important I work this out.

Falco · 27 ديسمبر 2016، 10:47م

In your gist avatar_force_update isn’t set, did you manage to make it true in verbose logging?

windy · 27 ديسمبر 2016، 11:49م

Yes sorry, I tried both with and without, I had another instance where it was set to true and still no update.

Falco · 28 ديسمبر 2016، 12:00ص

So even with verbose_logging showing avatar_force_update = true the avatar isn’t updated?

Are you runiing against a production docker instance?

windy · 28 ديسمبر 2016، 12:14ص

Yeah, I tested on both production and a dev instance on OS X.

EDIT: Just realized I haven’t tested avatar_force_update on prod, will try that and report back.

windy · 28 ديسمبر 2016، 12:47ص

Ok just tested on our production docker instance @Falco and still no update with avatar_force_update: true in verbose logging.

Falco · 28 ديسمبر 2016، 1:17ص

The user already exists or is he being created as part of the SSO log in?

Also is /sidekiq with a queue? Any errors regarding DownloadAvatarFromUrl?

Also try this in a rails console in a production instance:

user = User.find_by_email(AUSEREMAILHERE)
Jobs.enqueue(:download_avatar_from_url, url: 'http://mycoolavatar.png', user_id: user.id)

and watch logs.

lukegb · 17 يناير 2017، 1:19ص

For what it’s worth, it works fine. The main problem is that sso_overrides_avatar is misleadingly named, because it won’t, in fact, override a Gravatar set on a user.

The call to download_avatar_from_url here:

github.com/discourse/discourse

app/models/discourse_single_sign_on.rb

v1.8.0.beta2


      
              if SiteSetting.sso_overrides_name && user.name != name && name.present?
                user.name = name || User.suggest_name(username.blank? ? email : username)
              end
          
              avatar_missing = user.uploaded_avatar_id.nil? || !Upload.exists?(user.uploaded_avatar_id)
          
              if (avatar_missing || avatar_force_update || SiteSetting.sso_overrides_avatar) && avatar_url.present?
                avatar_changed = sso_record.external_avatar_url != avatar_url
          
                if avatar_force_update || avatar_changed || avatar_missing
                  Jobs.enqueue(:download_avatar_from_url, url: avatar_url, user_id: user.id)
                end
              end
          
              # change external attributes for sso record
              sso_record.external_username = username
              sso_record.external_email = email
              sso_record.external_name = name
              sso_record.external_avatar_url = avatar_url
            end
          end

doesn’t pass override_gravatar, so:

github.com/discourse/discourse

app/jobs/regular/download_avatar_from_url.rb

v1.8.0.beta2


      
          
              def execute(args)
                url = args[:url]
                user_id = args[:user_id]
          
                raise Discourse::InvalidParameters.new(:url) if url.blank?
                raise Discourse::InvalidParameters.new(:user_id) if user_id.blank?
          
                return unless user = User.find_by(id: user_id)
          
                UserAvatar.import_url_for_user(url, user, override_gravatar: args[:override_gravatar])
              end
          
            end
          
          end

doesn’t pass on override_gravatar, so:

github.com/discourse/discourse

app/models/user_avatar.rb

63a88ee6e


      
            ext = FastImage.type(tempfile).to_s
            tempfile.rewind
          
            upload = Upload.create_for(user.id, tempfile, "external-avatar." + ext, File.size(tempfile.path), origin: avatar_url, image_type: "avatar")
          
            user.create_user_avatar unless user.user_avatar
          
            if !user.user_avatar.contains_upload?(upload.id)
              user.user_avatar.update_columns(custom_upload_id: upload.id)
          
              override_gravatar = !options || options[:override_gravatar]
          
              if user.uploaded_avatar_id.nil? ||
                  !user.user_avatar.contains_upload?(user.uploaded_avatar_id) ||
                  override_gravatar
                user.update_columns(uploaded_avatar_id: upload.id)
              end
            end
          
          rescue => e
            # skip saving, we are not connected to the net

won’t set it to the avatar from SSO.

Is this intentional behavior?

zogstrip · 17 يناير 2017، 9:38ص

No it’s not. Feel free to do a pull request

techAPJ · 19 يناير 2017، 5:26ص

Fixed via:

lukegb · 20 يناير 2017، 9:23م

Thanks! I wasn’t sure if there was an obvious edgecase I’d missed

الموضوع		الردود	مرات العرض
Can't get avatar overrides to work over SSO Support	3	2451	8 يونيو 2024
SSO Failing to Override Avatar SSO	1	767	9 مايو 2022
Overwriting avatars now that they're uploaded SSO discourseconnect	2	1099	8 يونيو 2024
Avatars not pulling from SSO SSO	10	2050	29 أبريل 2019
Sso overrides avatar WordPress	4	1961	2 فبراير 2017

SSO avatars not being overridden

الموضوعات ذات الصلة