bookstack/app/Uploads/UserAvatars.php

<?php

namespace BookStack\Uploads;

use BookStack\Exceptions\HttpFetchException;
use BookStack\Http\HttpRequestService;
use BookStack\Users\Models\User;
use BookStack\Util\WebSafeMimeSniffer;
use Exception;
use GuzzleHttp\Psr7\Request;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Str;
use Psr\Http\Client\ClientExceptionInterface;

class UserAvatars
{
    public function __construct(
        protected ImageService $imageService,
        protected HttpRequestService $http
    ) {
    }

    /**
     * Fetch and assign an avatar image to the given user.
     */
    public function fetchAndAssignToUser(User $user): void
    {
        if (!$this->avatarFetchEnabled()) {
            return;
        }

        try {
            $this->destroyAllForUser($user);
            $avatar = $this->saveAvatarImage($user);
            $user->avatar()->associate($avatar);
            $user->save();
        } catch (Exception $e) {
            Log::error('Failed to save user avatar image', ['exception' => $e]);
        }
    }

    /**
     * Assign a new avatar image to the given user using the given image data.
     */
    public function assignToUserFromExistingData(User $user, string $imageData, string $extension): void
    {
        try {
            $this->destroyAllForUser($user);
            $avatar = $this->createAvatarImageFromData($user, $imageData, $extension);
            $user->avatar()->associate($avatar);
            $user->save();
        } catch (Exception $e) {
            Log::error('Failed to save user avatar image', ['exception' => $e]);
        }
    }

    /**
     * Assign a new avatar image to the given user by fetching from a remote URL.
     */
    public function assignToUserFromUrl(User $user, string $avatarUrl): void
    {
        try {
            $this->destroyAllForUser($user);
            $imageData = $this->getAvatarImageData($avatarUrl);

            $mime = (new WebSafeMimeSniffer())->sniff($imageData);
            [$format, $type] = explode('/', $mime, 2);
            if ($format !== 'image' || !ImageService::isExtensionSupported($type)) {
                return;
            }

            $avatar = $this->createAvatarImageFromData($user, $imageData, $type);
            $user->avatar()->associate($avatar);
            $user->save();
        } catch (Exception $e) {
            Log::error('Failed to save user avatar image from URL', [
                'exception' => $e->getMessage(),
                'url'       => $avatarUrl,
                'user_id'   => $user->id,
            ]);
        }
    }

    /**
     * Destroy all user avatars uploaded to the given user.
     */
    public function destroyAllForUser(User $user): void
    {
        $profileImages = Image::query()->where('type', '=', 'user')
            ->where('uploaded_to', '=', $user->id)
            ->get();

        foreach ($profileImages as $image) {
            $this->imageService->destroy($image);
        }
    }

    /**
     * Save an avatar image from an external service.
     *
     * @throws HttpFetchException
     */
    protected function saveAvatarImage(User $user, int $size = 500): Image
    {
        $avatarUrl = $this->getAvatarUrl();
        $email = strtolower(trim($user->email));

        $replacements = [
            '${hash}'  => md5($email),
            '${size}'  => $size,
            '${email}' => urlencode($email),
        ];

        $userAvatarUrl = strtr($avatarUrl, $replacements);
        $imageData = $this->getAvatarImageData($userAvatarUrl);

        return $this->createAvatarImageFromData($user, $imageData, 'png');
    }

    /**
     * Creates a new image instance and saves it in the system as a new user avatar image.
     */
    protected function createAvatarImageFromData(User $user, string $imageData, string $extension): Image
    {
        $imageName = Str::random(10) . '-avatar.' . $extension;

        $image = $this->imageService->saveNew($imageName, $imageData, 'user', $user->id);
        $image->created_by = $user->id;
        $image->updated_by = $user->id;
        $image->save();

        return $image;
    }

    /**
     * Get an image from a URL and return it as a string of image data.
     *
     * @throws HttpFetchException
     */
    protected function getAvatarImageData(string $url): string
    {
        try {
            $client = $this->http->buildClient(5);
            $responseCount = 0;

            do {
                $response = $client->sendRequest(new Request('GET', $url));
                $responseCount++;
                $isRedirect = ($response->getStatusCode() === 301 || $response->getStatusCode() === 302);
                $url = $response->getHeader('Location')[0] ?? '';
            } while ($responseCount < 3 && $isRedirect && is_string($url) && str_starts_with($url, 'http'));

            if ($responseCount === 3) {
                throw new HttpFetchException("Failed to fetch image, max redirect limit of 3 tries reached. Last fetched URL: {$url}");
            }

            if ($response->getStatusCode() !== 200) {
                throw new HttpFetchException(trans('errors.cannot_get_image_from_url', ['url' => $url]));
            }

            return (string) $response->getBody();
        } catch (ClientExceptionInterface $exception) {
            throw new HttpFetchException(trans('errors.cannot_get_image_from_url', ['url' => $url]), $exception->getCode(), $exception);
        }
    }

    /**
     * Check if fetching external avatars is enabled.
     */
    public function avatarFetchEnabled(): bool
    {
        $fetchUrl = $this->getAvatarUrl();

        return str_starts_with($fetchUrl, 'http');
    }

    /**
     * Get the URL to fetch avatars from.
     */
    public function getAvatarUrl(): string
    {
        $configOption = config('services.avatar_url');
        if ($configOption === false) {
            return '';
        }

        $url = trim($configOption);

        if (empty($url) && !config('services.disable_services')) {
            $url = 'https://www.gravatar.com/avatar/${hash}?s=${size}&d=identicon';
        }

        return $url;
    }
}
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00			`<?php`

			`namespace BookStack\Uploads;`
Cleaned up some user/image areas of the app Further cleanup of docblocks and standardisation of repos. 2020-12-09 07:46:38 +08:00
			`use BookStack\Exceptions\HttpFetchException;`
Removed use of HttpFetcher - Fixed some existing issues in new aligned process. - Manually tested each external call scenario. 2023-09-09 00:16:57 +08:00			`use BookStack\Http\HttpRequestService;`
Played around with a new app structure 2023-05-18 00:56:55 +08:00			`use BookStack\Users\Models\User;`
OIDC: Updated picture fetch implementation during review Review of #5429 2025-05-24 21:02:37 +08:00			`use BookStack\Util\WebSafeMimeSniffer;`
Cleaned up some user/image areas of the app Further cleanup of docblocks and standardisation of repos. 2020-12-09 07:46:38 +08:00			`use Exception;`
Removed use of HttpFetcher - Fixed some existing issues in new aligned process. - Manually tested each external call scenario. 2023-09-09 00:16:57 +08:00			`use GuzzleHttp\Psr7\Request;`
Added test case for avatar failed fetch Fixed non-imported log issue while there. For #2449 2021-01-10 21:29:13 +08:00			`use Illuminate\Support\Facades\Log;`
Fixed disabling of avatar urls, Removed id from gravatar image name Included test to cover avatar url disabling. Related to #1835 2022-07-26 19:10:19 +08:00			`use Illuminate\Support\Str;`
Removed use of HttpFetcher - Fixed some existing issues in new aligned process. - Manually tested each external call scenario. 2023-09-09 00:16:57 +08:00			`use Psr\Http\Client\ClientExceptionInterface;`
Cleaned up some user/image areas of the app Further cleanup of docblocks and standardisation of repos. 2020-12-09 07:46:38 +08:00
			`class UserAvatars`
			`{`
Removed use of HttpFetcher - Fixed some existing issues in new aligned process. - Manually tested each external call scenario. 2023-09-09 00:16:57 +08:00			`public function __construct(`
			`protected ImageService $imageService,`
			`protected HttpRequestService $http`
			`) {`
Cleaned up some user/image areas of the app Further cleanup of docblocks and standardisation of repos. 2020-12-09 07:46:38 +08:00			`}`

			`/**`
			`* Fetch and assign an avatar image to the given user.`
			`*/`
			`public function fetchAndAssignToUser(User $user): void`
			`{`
			`if (!$this->avatarFetchEnabled()) {`
			`return;`
			`}`

			`try {`
Reviewed PR to add import user avatars va LDAP - Reduced options to single new configuration paramter instead of two. - Moved more logic into UserAvatars class. - Updated LDAP avatar import to also run on login when no image is currently set. - Added thumbnail fetching to search requests. - Added testing to cover. Related to PR #2320, and issue #1161 2021-05-25 01:45:08 +08:00			`$this->destroyAllForUser($user);`
Cleaned up some user/image areas of the app Further cleanup of docblocks and standardisation of repos. 2020-12-09 07:46:38 +08:00			`$avatar = $this->saveAvatarImage($user);`
			`$user->avatar()->associate($avatar);`
			`$user->save();`
Revert some changes to HttpFetchException 2023-06-19 14:47:47 +08:00			`} catch (Exception $e) {`
Modify HttpFetchException handle to log exception Within the flow of HttpFetchException, the actual exception from curl is preserved and logged. Make HttpFetchException a pretty exception for when it is shown to users. 2023-06-14 20:09:52 +08:00			`Log::error('Failed to save user avatar image', ['exception' => $e]);`
Cleaned up some user/image areas of the app Further cleanup of docblocks and standardisation of repos. 2020-12-09 07:46:38 +08:00			`}`
			`}`

Reviewed PR to add import user avatars va LDAP - Reduced options to single new configuration paramter instead of two. - Moved more logic into UserAvatars class. - Updated LDAP avatar import to also run on login when no image is currently set. - Added thumbnail fetching to search requests. - Added testing to cover. Related to PR #2320, and issue #1161 2021-05-25 01:45:08 +08:00			`/**`
			`* Assign a new avatar image to the given user using the given image data.`
			`*/`
			`public function assignToUserFromExistingData(User $user, string $imageData, string $extension): void`
			`{`
			`try {`
			`$this->destroyAllForUser($user);`
			`$avatar = $this->createAvatarImageFromData($user, $imageData, $extension);`
			`$user->avatar()->associate($avatar);`
			`$user->save();`
Revert some changes to HttpFetchException 2023-06-19 14:47:47 +08:00			`} catch (Exception $e) {`
Modify HttpFetchException handle to log exception Within the flow of HttpFetchException, the actual exception from curl is preserved and logged. Make HttpFetchException a pretty exception for when it is shown to users. 2023-06-14 20:09:52 +08:00			`Log::error('Failed to save user avatar image', ['exception' => $e]);`
Reviewed PR to add import user avatars va LDAP - Reduced options to single new configuration paramter instead of two. - Moved more logic into UserAvatars class. - Updated LDAP avatar import to also run on login when no image is currently set. - Added thumbnail fetching to search requests. - Added testing to cover. Related to PR #2320, and issue #1161 2021-05-25 01:45:08 +08:00			`}`
			`}`

Add optional OIDC avatar fetching from the “picture” claim 2025-01-21 00:21:46 +08:00			`/**`
			`* Assign a new avatar image to the given user by fetching from a remote URL.`
			`*/`
OIDC: Updated picture fetch implementation during review Review of #5429 2025-05-24 21:02:37 +08:00			`public function assignToUserFromUrl(User $user, string $avatarUrl): void`
Add optional OIDC avatar fetching from the “picture” claim 2025-01-21 00:21:46 +08:00			`{`
			`try {`
			`$this->destroyAllForUser($user);`
OIDC: Updated picture fetch implementation during review Review of #5429 2025-05-24 21:02:37 +08:00			`$imageData = $this->getAvatarImageData($avatarUrl);`

			`$mime = (new WebSafeMimeSniffer())->sniff($imageData);`
			`[$format, $type] = explode('/', $mime, 2);`
OIDC: Added testing coverage for picture fetching 2025-05-24 21:36:36 +08:00			`if ($format !== 'image' \|\| !ImageService::isExtensionSupported($type)) {`
OIDC: Updated picture fetch implementation during review Review of #5429 2025-05-24 21:02:37 +08:00			`return;`
			`}`

			`$avatar = $this->createAvatarImageFromData($user, $imageData, $type);`
Add optional OIDC avatar fetching from the “picture” claim 2025-01-21 00:21:46 +08:00			`$user->avatar()->associate($avatar);`
			`$user->save();`
			`} catch (Exception $e) {`
			`Log::error('Failed to save user avatar image from URL', [`
Avatars: Added redirect handling image fetching Up to 3 times. Can be needed based upon testing with Auth0. Should be fine as long as it's something clearly documented. Added test to cover. 2025-05-25 00:56:21 +08:00			`'exception' => $e->getMessage(),`
Add optional OIDC avatar fetching from the “picture” claim 2025-01-21 00:21:46 +08:00			`'url' => $avatarUrl,`
			`'user_id' => $user->id,`
			`]);`
			`}`
			`}`

Reviewed PR to add import user avatars va LDAP - Reduced options to single new configuration paramter instead of two. - Moved more logic into UserAvatars class. - Updated LDAP avatar import to also run on login when no image is currently set. - Added thumbnail fetching to search requests. - Added testing to cover. Related to PR #2320, and issue #1161 2021-05-25 01:45:08 +08:00			`/**`
			`* Destroy all user avatars uploaded to the given user.`
			`*/`
fix: Actually check if we have correct data 2023-09-19 02:04:59 +08:00			`public function destroyAllForUser(User $user): void`
Reviewed PR to add import user avatars va LDAP - Reduced options to single new configuration paramter instead of two. - Moved more logic into UserAvatars class. - Updated LDAP avatar import to also run on login when no image is currently set. - Added thumbnail fetching to search requests. - Added testing to cover. Related to PR #2320, and issue #1161 2021-05-25 01:45:08 +08:00			`{`
			`$profileImages = Image::query()->where('type', '=', 'user')`
			`->where('uploaded_to', '=', $user->id)`
			`->get();`

			`foreach ($profileImages as $image) {`
			`$this->imageService->destroy($image);`
			`}`
			`}`

Cleaned up some user/image areas of the app Further cleanup of docblocks and standardisation of repos. 2020-12-09 07:46:38 +08:00			`/**`
			`* Save an avatar image from an external service.`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00			`*`
fix: Actually check if we have correct data 2023-09-19 02:04:59 +08:00			`* @throws HttpFetchException`
Cleaned up some user/image areas of the app Further cleanup of docblocks and standardisation of repos. 2020-12-09 07:46:38 +08:00			`*/`
			`protected function saveAvatarImage(User $user, int $size = 500): Image`
			`{`
			`$avatarUrl = $this->getAvatarUrl();`
			`$email = strtolower(trim($user->email));`

			`$replacements = [`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00			`'${hash}' => md5($email),`
			`'${size}' => $size,`
Cleaned up some user/image areas of the app Further cleanup of docblocks and standardisation of repos. 2020-12-09 07:46:38 +08:00			`'${email}' => urlencode($email),`
			`];`

			`$userAvatarUrl = strtr($avatarUrl, $replacements);`
			`$imageData = $this->getAvatarImageData($userAvatarUrl);`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00
Reviewed PR to add import user avatars va LDAP - Reduced options to single new configuration paramter instead of two. - Moved more logic into UserAvatars class. - Updated LDAP avatar import to also run on login when no image is currently set. - Added thumbnail fetching to search requests. - Added testing to cover. Related to PR #2320, and issue #1161 2021-05-25 01:45:08 +08:00			`return $this->createAvatarImageFromData($user, $imageData, 'png');`
			`}`

			`/**`
			`* Creates a new image instance and saves it in the system as a new user avatar image.`
			`*/`
			`protected function createAvatarImageFromData(User $user, string $imageData, string $extension): Image`
			`{`
Fixed disabling of avatar urls, Removed id from gravatar image name Included test to cover avatar url disabling. Related to #1835 2022-07-26 19:10:19 +08:00			`$imageName = Str::random(10) . '-avatar.' . $extension;`
Cleaned up some user/image areas of the app Further cleanup of docblocks and standardisation of repos. 2020-12-09 07:46:38 +08:00
			`$image = $this->imageService->saveNew($imageName, $imageData, 'user', $user->id);`
			`$image->created_by = $user->id;`
			`$image->updated_by = $user->id;`
			`$image->save();`

			`return $image;`
			`}`

			`/**`
OIDC: Updated picture fetch implementation during review Review of #5429 2025-05-24 21:02:37 +08:00			`* Get an image from a URL and return it as a string of image data.`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00			`*`
Modify HttpFetchException handle to log exception Within the flow of HttpFetchException, the actual exception from curl is preserved and logged. Make HttpFetchException a pretty exception for when it is shown to users. 2023-06-14 20:09:52 +08:00			`* @throws HttpFetchException`
Cleaned up some user/image areas of the app Further cleanup of docblocks and standardisation of repos. 2020-12-09 07:46:38 +08:00			`*/`
OIDC: Updated picture fetch implementation during review Review of #5429 2025-05-24 21:02:37 +08:00			`protected function getAvatarImageData(string $url): string`
Cleaned up some user/image areas of the app Further cleanup of docblocks and standardisation of repos. 2020-12-09 07:46:38 +08:00			`{`
			`try {`
Removed use of HttpFetcher - Fixed some existing issues in new aligned process. - Manually tested each external call scenario. 2023-09-09 00:16:57 +08:00			`$client = $this->http->buildClient(5);`
Avatars: Added redirect handling image fetching Up to 3 times. Can be needed based upon testing with Auth0. Should be fine as long as it's something clearly documented. Added test to cover. 2025-05-25 00:56:21 +08:00			`$responseCount = 0;`

			`do {`
			`$response = $client->sendRequest(new Request('GET', $url));`
			`$responseCount++;`
			`$isRedirect = ($response->getStatusCode() === 301 \|\| $response->getStatusCode() === 302);`
			`$url = $response->getHeader('Location')[0] ?? '';`
			`} while ($responseCount < 3 && $isRedirect && is_string($url) && str_starts_with($url, 'http'));`

			`if ($responseCount === 3) {`
			`throw new HttpFetchException("Failed to fetch image, max redirect limit of 3 tries reached. Last fetched URL: {$url}");`
			`}`
Add optional OIDC avatar fetching from the “picture” claim 2025-01-21 00:21:46 +08:00
fix: Actually check if we have correct data 2023-09-19 02:04:59 +08:00			`if ($response->getStatusCode() !== 200) {`
			`throw new HttpFetchException(trans('errors.cannot_get_image_from_url', ['url' => $url]));`
			`}`

			`return (string) $response->getBody();`
Removed use of HttpFetcher - Fixed some existing issues in new aligned process. - Manually tested each external call scenario. 2023-09-09 00:16:57 +08:00			`} catch (ClientExceptionInterface $exception) {`
Modify HttpFetchException handle to log exception Within the flow of HttpFetchException, the actual exception from curl is preserved and logged. Make HttpFetchException a pretty exception for when it is shown to users. 2023-06-14 20:09:52 +08:00			`throw new HttpFetchException(trans('errors.cannot_get_image_from_url', ['url' => $url]), $exception->getCode(), $exception);`
Cleaned up some user/image areas of the app Further cleanup of docblocks and standardisation of repos. 2020-12-09 07:46:38 +08:00			`}`
			`}`

			`/**`
			`* Check if fetching external avatars is enabled.`
			`*/`
Avatar Commend: Simplified and updated during review During review of #4560. - Simplified command to share as much log as possible across different run options. - Extracted out user handling to share with MFA command. - Added specific handling for disabled avatar fetching. - Added mention of avatar endpoint, to make it clear where these avatars are coming from (Protect against user expectation of LDAP avatar sync). - Simplified a range of the testing. - Tweaked wording and code formatting. 2023-09-19 22:53:01 +08:00			`public function avatarFetchEnabled(): bool`
Cleaned up some user/image areas of the app Further cleanup of docblocks and standardisation of repos. 2020-12-09 07:46:38 +08:00			`{`
			`$fetchUrl = $this->getAvatarUrl();`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00
Removed use of HttpFetcher - Fixed some existing issues in new aligned process. - Manually tested each external call scenario. 2023-09-09 00:16:57 +08:00			`return str_starts_with($fetchUrl, 'http');`
Cleaned up some user/image areas of the app Further cleanup of docblocks and standardisation of repos. 2020-12-09 07:46:38 +08:00			`}`

			`/**`
			`* Get the URL to fetch avatars from.`
			`*/`
Avatar Commend: Simplified and updated during review During review of #4560. - Simplified command to share as much log as possible across different run options. - Extracted out user handling to share with MFA command. - Added specific handling for disabled avatar fetching. - Added mention of avatar endpoint, to make it clear where these avatars are coming from (Protect against user expectation of LDAP avatar sync). - Simplified a range of the testing. - Tweaked wording and code formatting. 2023-09-19 22:53:01 +08:00			`public function getAvatarUrl(): string`
Cleaned up some user/image areas of the app Further cleanup of docblocks and standardisation of repos. 2020-12-09 07:46:38 +08:00			`{`
Fixed disabling of avatar urls, Removed id from gravatar image name Included test to cover avatar url disabling. Related to #1835 2022-07-26 19:10:19 +08:00			`$configOption = config('services.avatar_url');`
			`if ($configOption === false) {`
			`return '';`
			`}`

			`$url = trim($configOption);`
Cleaned up some user/image areas of the app Further cleanup of docblocks and standardisation of repos. 2020-12-09 07:46:38 +08:00
			`if (empty($url) && !config('services.disable_services')) {`
			`$url = 'https://www.gravatar.com/avatar/${hash}?s=${size}&d=identicon';`
			`}`

			`return $url;`
			`}`
Ran phpcbf and updated phpcs.xml 2021-03-08 06:24:05 +08:00			`}`