Feature #9112

Libravatar support

Added by Jim Cheetham almost 8 years ago. Updated 27 days ago.

Status:ClosedStart date:2011-08-24
Priority:NormalDue date:
Assignee:Go MAEDA% Done:

0%

Category:Accounts / authentication
Target version:4.1.0
Resolution:Fixed

Description

As an alternative to gravatar support, could we have libravatar support as well?

http://libravatar.org/ provides the same sort of service as Gravatar, but instead of forcing you to host your data on a central service, allows federation out to multiple servers -- so you could have automatic support for fallthrough to one set of images for internal company use, another for official external use, or images hosted on libravatar.org itself, with additional fallback onto gravatar as well ...

avatar_service_url_configuration.patch Magnifier (1.52 KB) Go MAEDA, 2019-05-02 14:50

avatar_service_url_configuration-v2.patch Magnifier (3.73 KB) Go MAEDA, 2019-05-03 08:34

avatar_service_url_configuration-v3.patch Magnifier (3.72 KB) Go MAEDA, 2019-05-04 03:57

text_avatar_server_config_html@2x.png (13.6 KB) Go MAEDA, 2019-05-04 11:05

avatar_service_url_configuration-v4.patch Magnifier (5.37 KB) Go MAEDA, 2019-05-04 11:06


Related issues

Related to Redmine - Patch #31022: Always use HTTPS when accessing gravatar.com Closed
Blocked by Redmine - Defect #31428: Gravatar can't be displayed when copy configration.yml.ex... Closed

Associated revisions

Revision 18124
Added by Go MAEDA about 1 month ago

Add avatar_server_url configuration option in order to support Libravatar (#9112).

Patch by Go MAEDA.

Revision 18125
Added by Go MAEDA about 1 month ago

Update locales (#9112).

Revision 18192
Added by Go MAEDA 27 days ago

Gravatar icons are broken if configuration.yml.example file is used as is (#9112, #31428).

Contributed by Mizuki ISHIKAWA.

History

#1 Updated by Etienne Massip almost 8 years ago

  • Category set to Third-party libraries

Could be done with a plugin.

#3 Updated by n ext almost 4 years ago

Is there any progress yet? IMHO it's an much more privacy respecting solution that should be introduced upstream as gravatar is already?

#4 Updated by Sandro Santilli about 2 years ago

Upvoting this, I hate to be forced to have my face served by gravatar.com :/

#5 Updated by Oliver Falk about 1 month ago

Hi!

Libravatar has been recently completely renewed and now shines again.

Changing from Gravatar to Libravatar is only a matter of changing the "base URL". It's completely compatible with Gravatar. The default even is to proxy to Gravatar. With proxy I mean, real proxying; Gravatar doesn't see the client IP and therefore preserving user privacy.

This is really low hanging fruit, as you do not really need to change the module you use, if this is too much work. You just need to replace the URL.

https://secure.gravatar.com/ => https://secure.libravatar.org/

Thanks and kind regards,
Oliver

#6 Updated by Go MAEDA about 1 month ago

What do you think about the attached patch?

The patch introduces a new configuration option "avatar_service_url". You can switch to Libravatar by setting the option in the configuration.yml file like this.

  avatar_service_url: https://seccdn.libravatar.org

#7 Updated by Oliver Falk about 1 month ago

Hi!
In principle I like this! If I may suggest: Put it the other way round and make Libravatar the default :-)
I doesn't change anything for the user/admin, except they'll have better privacy.

#8 Updated by Go MAEDA about 1 month ago

  • Category changed from Third-party libraries to Accounts / authentication
  • Target version set to Candidate for next major release

#9 Updated by Jim Cheetham about 1 month ago

Thanks for promoting this again @Oliver :-)

The patch as presented gives the admin the option to easily select their own service, which is excellent.

We still have a hard-coded portion, '/avatar/' + hash, and this should be surfaced in the documentation at least, and probably in the configuration file as well. But to be fair, this is the published API for both Libravatar and Gravatar, and is probably just as static as the formation of the hash itself. It's been correct for many years now ...

The argument of which should be the default is going a step further than I was asking for, and whereas 7 years ago I was happy for this to be just an option these days I think more people are sensitive to privacy concerns. However, technically this patch provides good capability, and I'm happy to see it moving on.

Of course I now wish I'd dug in to the code myself all those years ago and written the patch myself!

#10 Updated by Go MAEDA about 1 month ago

Updated the patch. Now it includes test code.

Jim Cheetham wrote:

We still have a hard-coded portion, '/avatar/' + hash, and this should be surfaced in the documentation at least, and probably in the configuration file as well.

I have described what URLs are generated in configuraition.yml.example. Thank you for reviewing the patch.

But to be fair, this is the published API for both Libravatar and Gravatar, and is probably just as static as the formation of the hash itself. It's been correct for many years now ...

I think hard-coding '/avatar/' is OK because DNS-based server discovery mechanism described on https://wiki.libravatar.org/api/ assumes that the path is always '/avatar/'

#11 Updated by Oliver Falk about 1 month ago

Hi!

Yes, hardcoding /avatar/ should be fine. I'm pretty sure all services are using this path in order to be compatible with Gravatar. If - for some reason - someone has a different path with his service, he needs to rewrite it in the web server configuration accordingly - not really our issue.
Glad you enhanced the code with tests.
I would still love to see Libravatar be the default or some way how we could potentially encourage users to switch to Libravatar if it's not the default - but it is your decision and not mine of course.

Thanks for your work on this - highly appreciated!!

#12 Updated by Go MAEDA about 1 month ago

  • Target version changed from Candidate for next major release to 4.1.0

Oliver Falk wrote:

I would still love to see Libravatar be the default or some way how we could potentially encourage users to switch to Libravatar if it's not the default - but it is your decision and not mine of course.

I don't think we should make Libravatar the default because most people probably use Gravatar instead of Libravatar. In addition, I have doubts about the continuity of libravatar.org (see the articles below).
https://blog.libravatar.org/posts/Libravatar.org_is_shutting_down_on_2018-09-01/
https://blog.libravatar.org/posts/Libravatar.org_is_not_going_away/

Anyway, supporting Gravatar-compatible servers including Libravatar is easy, and I think it is valuable because it gives users another choice. I am setting the target version to 4.1.0.

#13 Updated by Oliver Falk about 1 month ago

Hi!

I don't think we should make Libravatar the default because most people probably use Gravatar
instead of Libravatar.

By default Libravatar proxies to Gravatar and therefore it doesn't make any difference to the user, apart from more privacy, since Gravatar only sees the proxy address.

In addition, I have doubts about the continuity of libravatar.org (see the articles below).
https://blog.libravatar.org/posts/Libravatar.org_is_shutting_down_on_2018-09-01/
https://blog.libravatar.org/posts/Libravatar.org_is_not_going_away/

I know those articles. I'm basically the reason behind the 'is not going away'. Software has been rewritten by me and is now hosted on Fedora Infrastructure - so really no doubts if it's staying or not. It IS staying. ;-)

Oliver

#14 Updated by Go MAEDA about 1 month ago

  • Related to Patch #31022: Always use HTTPS when accessing gravatar.com added

#15 Updated by Go MAEDA about 1 month ago

Updated the patch. I have changed the config name from avatar_service_url to avatar_server_url because users may use their own avatar server instead of services such as Gravatar and Libravatar.

You can see the list of opensource Gravatar-compatible servers: https://wiki.libravatar.org/running_your_own/

#16 Updated by Go MAEDA about 1 month ago

Added a message about the avatar server configuration on the settings page. Users will have a chance to know by this message that the avatar server is configurable.

#17 Updated by Marius BALTEANU about 1 month ago

Nice addition.

#18 Updated by Go MAEDA about 1 month ago

  • Status changed from New to Closed
  • Assignee set to Go MAEDA
  • Resolution set to Fixed

Committed the patch. Thank you all for suggesting this feature.

#19 Updated by Oliver Falk about 1 month ago

Go MAEDA wrote:

Committed the patch. Thank you all for suggesting this feature.

Awesome! Thanks a lot for your work!

Oliver

#20 Updated by Go MAEDA 27 days ago

  • Status changed from Closed to Reopened

#21 Updated by Go MAEDA 27 days ago

  • Blocked by Defect #31428: Gravatar can't be displayed when copy configration.yml.example to configration.yml added

#22 Updated by Go MAEDA 27 days ago

  • Status changed from Reopened to Closed

Committed the fix for #31428 in r18192.

Also available in: Atom PDF