[PR #5626] [MERGED] Review of #5429, OIDC avatar fetching #6534

New Issue

Closed

opened 2026-02-05 10:34:52 +03:00 by OVERLORD · 0 comments

OVERLORD commented 2026-02-05 10:34:52 +03:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/BookStackApp/BookStack/pull/5626
Author: @ssddanbrown
Created: 5/24/2025
Status: ✅ Merged
Merged: 5/24/2025
Merged by: @ssddanbrown

Base: development ← Head: rubentalstra-development

---

📝 Commits (7)

• da82e70 Add optional OIDC avatar fetching from the “picture” claim
• 05f7f4c Merge branch 'development' of github.com:rubentalstra/BookStack into rubentalstra-development
• f9dbbe5 OIDC: Updated picture fetch implementation during review
• b64c9b3 OIDC: Added testing coverage for picture fetching
• 30bf0ce OIDC: Updated avatar fetching to run on each login
• 9d6bc1a Testing: Updated tests to account for recent page redirect changes
• eb47e11 Avatars: Added redirect handling image fetching

📊 Changes

10 files changed (+195 additions, -19 deletions)

View changed files

📝 app/Access/Oidc/OidcService.php (+7 -1)
📝 app/Access/Oidc/OidcUserDetails.php (+16 -4)
📝 app/Config/oidc.php (+6 -0)
📝 app/Uploads/UserAvatars.php (+42 -2)
📝 app/Users/Models/User.php (+1 -0)
📝 tests/Auth/OidcTest.php (+101 -0)
📝 tests/Helpers/FileProvider.php (+8 -0)
📝 tests/Permissions/EntityPermissionsTest.php (+4 -4)
📝 tests/Permissions/RolePermissionsTest.php (+10 -8)
➕ tests/test-data/test-image.jpg (+0 -0)

📄 Description

Continuation/review of PR #5429

Doc Updates

• Document added option in ldap docs
  • Ensure behaviour (login where no existing avatar set) and security issues (SSR) are clearly mentioned.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/BookStackApp/BookStack/pull/5626 **Author:** [@ssddanbrown](https://github.com/ssddanbrown) **Created:** 5/24/2025 **Status:** ✅ Merged **Merged:** 5/24/2025 **Merged by:** [@ssddanbrown](https://github.com/ssddanbrown) **Base:** `development` ← **Head:** `rubentalstra-development` --- ### 📝 Commits (7) - [`da82e70`](https://github.com/BookStackApp/BookStack/commit/da82e70ca3cdd075f7ae148cb2f58fddb0d93627) Add optional OIDC avatar fetching from the “picture” claim - [`05f7f4c`](https://github.com/BookStackApp/BookStack/commit/05f7f4cb17470b2bdc898cf7e99781d0509c0bf8) Merge branch 'development' of github.com:rubentalstra/BookStack into rubentalstra-development - [`f9dbbe5`](https://github.com/BookStackApp/BookStack/commit/f9dbbe5d70f751d67aa41f65f257f580bcf33568) OIDC: Updated picture fetch implementation during review - [`b64c9b3`](https://github.com/BookStackApp/BookStack/commit/b64c9b31d51b5d15972c6cb37cfdca37db80d28a) OIDC: Added testing coverage for picture fetching - [`30bf0ce`](https://github.com/BookStackApp/BookStack/commit/30bf0ce632663eb508b02c2f534c817660dd5d34) OIDC: Updated avatar fetching to run on each login - [`9d6bc1a`](https://github.com/BookStackApp/BookStack/commit/9d6bc1ad4da9142766e4d3a29b5a535f93f1c33a) Testing: Updated tests to account for recent page redirect changes - [`eb47e11`](https://github.com/BookStackApp/BookStack/commit/eb47e1191665e75adcbc63876470259685b459e8) Avatars: Added redirect handling image fetching ### 📊 Changes **10 files changed** (+195 additions, -19 deletions) <details> <summary>View changed files</summary> 📝 `app/Access/Oidc/OidcService.php` (+7 -1) 📝 `app/Access/Oidc/OidcUserDetails.php` (+16 -4) 📝 `app/Config/oidc.php` (+6 -0) 📝 `app/Uploads/UserAvatars.php` (+42 -2) 📝 `app/Users/Models/User.php` (+1 -0) 📝 `tests/Auth/OidcTest.php` (+101 -0) 📝 `tests/Helpers/FileProvider.php` (+8 -0) 📝 `tests/Permissions/EntityPermissionsTest.php` (+4 -4) 📝 `tests/Permissions/RolePermissionsTest.php` (+10 -8) ➕ `tests/test-data/test-image.jpg` (+0 -0) </details> ### 📄 Description Continuation/review of PR #5429 ### Doc Updates - Document added option in ldap docs - Ensure behaviour (login where no existing avatar set) and security issues (SSR) are clearly mentioned. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

OVERLORD added the pull-request label 2026-02-05 10:34:52 +03:00

OVERLORD closed this issue 2026-02-05 10:34:56 +03:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

l10n_development

further_theme_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#6534