Hi everyone. I am using SSO on my forum and avatars are controlled by my website.
Until a few days ago, avatar upload/update from the website to the Discource, via API was working. I now get a 422 - Unprocessable Entity error.
I’ve tried to debug the issue, did some testing with Postman and I have the same issues. The request I am doing is below (with url, username and api_key removed, of course).
Does any of you know if there’s any issue with this portion of Discourse?
I think that would interfere with the actual upload, not the assignment of the avatar to the user.
I can upload the file without any issue. When I make the call to the API to indicate which file to use as an avatar, that’s where I get the error and that started out of the blue.
I’m trying my luck and boost this one last time. It’s odd that no one has found this. I am sure it’s not a coding issue since it has been working for over a couple of years now.
I don’t have an answer yet, but just wanted to let you know that this is on my list to look into. I have a sso setup I can test locally, so that our settings match. It seems like we should be respecting that site setting which could be a change someone made recently, but maybe we could add an API override.
I thought about that as well but it didn’t work. Also, this issue appeared out of the blue. No one changed anything (I am the only admin so there’s no chance someone could have switched any settings), no code changes on the main website, nothing.
Can you let me know what you have set for allow_uploaded_avatars? It no longer is just a true/false setting, but is set to a certain trust level. And can you let me know what the trust level is of the user trying to change their avatar? And are you on the latest version of Discourse?
Here is the code for picking an avatar and the lines that return 422 responses.
Not that it couldn’t be something else deep in the codebase, but it likely is one of these 3. The first one has to do with discourse_connect_overrides_avatar and apparently we ruled that one out. I don’t think it is the second one because your curl command looks correct and includes the “uploaded” type. It could possibly still be the third one with the allow_uploaded_avatars setting which is why I’d like to know what you have that one set to.
I had it disabled until this problem started. Then I changed it to 0:new user.
But having it disabled always worked for me. I don’t want users to actually upload from the forum, but rather from the website which uses SSO. Still, changing it to 0:new user doesn’t change anything. I still get the same error
I’m not able to find any recent update that would have stopped avatars to work via the api when all the site settings have them blocked. Regardless, if you are using SSO (or DiscourseConnect), you should be using the /admin/users/sync_sso api route to update the users avatar not the UI route (/u/username/preferences/avatar/pick).
Hi Blake. Thank you very much for your continued help on this matter.
I can’t find any information about that endpoint in the API documentation. Is that something new?
Also, like I indicated before, avatar update was working fine for several months using the /u/username/preferences/avatar/pick endpoint, which is really odd. It just stopped working. That really puzzles me.