🐛 Bug Report: Unable to remove or change OIDC Client Logo #181

New Issue

Closed

opened 2025-10-07 23:56:27 +03:00 by OVERLORD · 11 comments

OVERLORD commented 2025-10-07 23:56:27 +03:00

Owner

Copy Link

Originally created by @mitchplze on GitHub.

Reproduction steps

Go to an OIDC Client application
Try to Change or Remove the Logo

Expected behavior

The logo should be removed or changed

Actual Behavior

On certain OIDC apps from time to time, the logo removal or change does not 'commit' when you save the page and the logo is effectively stuck/locked.

Even after browser refresh, the old logo is shown on the details and list page.

This doesn't happen all the time, and is often hard to reproduce. Sometimes if you remove the logo, wait a bit, and try to upload a new one it will work.

Version and Environment

Docker. Pocket v.1.2.0

Log Output

When I remove the problematic logo (SVG if it matters), the following panic is logged:

pocket-id  | [GIN] 2025/06/04 - 18:05:07 | 200 |   13.261287ms |  172.71.150.151 | GET      "/api/user-groups?sort[column]=friendlyName&sort[direction]=asc"
pocket-id  | [GIN] 2025/06/04 - 18:05:07 | 200 |   13.325207ms |  172.71.150.151 | GET      "/api/user-groups?sort[column]=friendlyName&sort[direction]=asc"
pocket-id  | [GIN] 2025/06/04 - 18:05:11 | 500 |    1.141567ms |  172.71.150.151 | DELETE   "/api/oidc/clients/5648bf99-fc7a-4653-a306-3c6791412ee5/logo"
pocket-id  | 
pocket-id  | 
pocket-id  | 2025/06/04 18:05:11 [Recovery] 2025/06/04 - 18:05:11 panic recovered:
pocket-id  | runtime error: invalid memory address or nil pointer dereference
pocket-id  | runtime/panic.go:262 (0x8764f)
pocket-id  | runtime/signal_unix.go:925 (0x8761c)
pocket-id  | github.com/pocket-id/pocket-id/backend/internal/service/oidc_service.go:756 (0x6daa20)
pocket-id  | github.com/pocket-id/pocket-id/backend/internal/controller/oidc_controller.go:577 (0xd4aa5b)
pocket-id  | github.com/gin-gonic/gin@v1.10.0/context.go:185 (0xd3f17f)
pocket-id  | github.com/pocket-id/pocket-id/backend/internal/middleware/rate_limit.go:44 (0xd3f130)
pocket-id  | github.com/gin-gonic/gin@v1.10.0/context.go:185 (0xd2097b)
pocket-id  | github.com/pocket-id/pocket-id/backend/internal/middleware/error_handler.go:24 (0xd5f3ef)
pocket-id  | github.com/gin-gonic/gin@v1.10.0/context.go:185 (0xd2097b)
pocket-id  | github.com/pocket-id/pocket-id/backend/internal/middleware/cors.go:24 (0xd5f3a3)
pocket-id  | github.com/gin-gonic/gin@v1.10.0/context.go:185 (0xd2c813)
pocket-id  | github.com/gin-gonic/gin@v1.10.0/logger.go:249 (0xd2c7f4)
pocket-id  | github.com/gin-gonic/gin@v1.10.0/context.go:185 (0xd2d467)
pocket-id  | github.com/gin-gonic/gin@v1.10.0/recovery.go:102 (0xd2d44c)
pocket-id  | github.com/gin-gonic/gin@v1.10.0/context.go:185 (0xd2c813)
pocket-id  | github.com/gin-gonic/gin@v1.10.0/logger.go:249 (0xd2c7f4)
pocket-id  | github.com/gin-gonic/gin@v1.10.0/context.go:185 (0xd2bcb3)
pocket-id  | github.com/gin-gonic/gin@v1.10.0/gin.go:633 (0xd2b83c)
pocket-id  | github.com/gin-gonic/gin@v1.10.0/gin.go:589 (0xd2b47f)
pocket-id  | net/http/server.go:3301 (0x31115b)
pocket-id  | net/http/server.go:2102 (0x2f104b)
pocket-id  | runtime/asm_arm64.s:1223 (0x8cc63)
pocket-id  | 
pocket-id  | [GIN] 2025/06/04 - 18:05:11 | 200 |    2.164934ms |  172.71.150.151 | PUT      "/api/oidc/clients/5648bf99-fc7a-4653-a306-3c6791412ee5"
pocket-id  | [GIN] 2025/06/04 - 18:05:11 | 200 |    2.199055ms |  172.71.150.151 | PUT      "/api/oidc/clients/5648bf99-fc7a-4653-a306-3c6791412ee5"

Originally created by @mitchplze on GitHub. ### Reproduction steps Go to an OIDC Client application Try to Change or Remove the Logo ### Expected behavior The logo should be removed or changed ### Actual Behavior On certain OIDC apps from time to time, the logo removal or change does not 'commit' when you save the page and the logo is effectively stuck/locked. Even after browser refresh, the old logo is shown on the details and list page. This doesn't happen all the time, and is often hard to reproduce. Sometimes if you remove the logo, wait a bit, and try to upload a new one it will work.  ### Version and Environment Docker. Pocket `v.1.2.0` ### Log Output When I *remove* the problematic logo (SVG if it matters), the following panic is logged: ``` pocket-id | [GIN] 2025/06/04 - 18:05:07 | 200 | 13.261287ms | 172.71.150.151 | GET "/api/user-groups?sort[column]=friendlyName&sort[direction]=asc" pocket-id | [GIN] 2025/06/04 - 18:05:07 | 200 | 13.325207ms | 172.71.150.151 | GET "/api/user-groups?sort[column]=friendlyName&sort[direction]=asc" pocket-id | [GIN] 2025/06/04 - 18:05:11 | 500 | 1.141567ms | 172.71.150.151 | DELETE "/api/oidc/clients/5648bf99-fc7a-4653-a306-3c6791412ee5/logo" pocket-id | pocket-id | pocket-id | 2025/06/04 18:05:11 [Recovery] 2025/06/04 - 18:05:11 panic recovered: pocket-id | runtime error: invalid memory address or nil pointer dereference pocket-id | runtime/panic.go:262 (0x8764f) pocket-id | runtime/signal_unix.go:925 (0x8761c) pocket-id | github.com/pocket-id/pocket-id/backend/internal/service/oidc_service.go:756 (0x6daa20) pocket-id | github.com/pocket-id/pocket-id/backend/internal/controller/oidc_controller.go:577 (0xd4aa5b) pocket-id | github.com/gin-gonic/gin@v1.10.0/context.go:185 (0xd3f17f) pocket-id | github.com/pocket-id/pocket-id/backend/internal/middleware/rate_limit.go:44 (0xd3f130) pocket-id | github.com/gin-gonic/gin@v1.10.0/context.go:185 (0xd2097b) pocket-id | github.com/pocket-id/pocket-id/backend/internal/middleware/error_handler.go:24 (0xd5f3ef) pocket-id | github.com/gin-gonic/gin@v1.10.0/context.go:185 (0xd2097b) pocket-id | github.com/pocket-id/pocket-id/backend/internal/middleware/cors.go:24 (0xd5f3a3) pocket-id | github.com/gin-gonic/gin@v1.10.0/context.go:185 (0xd2c813) pocket-id | github.com/gin-gonic/gin@v1.10.0/logger.go:249 (0xd2c7f4) pocket-id | github.com/gin-gonic/gin@v1.10.0/context.go:185 (0xd2d467) pocket-id | github.com/gin-gonic/gin@v1.10.0/recovery.go:102 (0xd2d44c) pocket-id | github.com/gin-gonic/gin@v1.10.0/context.go:185 (0xd2c813) pocket-id | github.com/gin-gonic/gin@v1.10.0/logger.go:249 (0xd2c7f4) pocket-id | github.com/gin-gonic/gin@v1.10.0/context.go:185 (0xd2bcb3) pocket-id | github.com/gin-gonic/gin@v1.10.0/gin.go:633 (0xd2b83c) pocket-id | github.com/gin-gonic/gin@v1.10.0/gin.go:589 (0xd2b47f) pocket-id | net/http/server.go:3301 (0x31115b) pocket-id | net/http/server.go:2102 (0x2f104b) pocket-id | runtime/asm_arm64.s:1223 (0x8cc63) pocket-id | pocket-id | [GIN] 2025/06/04 - 18:05:11 | 200 | 2.164934ms | 172.71.150.151 | PUT "/api/oidc/clients/5648bf99-fc7a-4653-a306-3c6791412ee5" pocket-id | [GIN] 2025/06/04 - 18:05:11 | 200 | 2.199055ms | 172.71.150.151 | PUT "/api/oidc/clients/5648bf99-fc7a-4653-a306-3c6791412ee5" ```

OVERLORD added the bug label 2025-10-07 23:56:27 +03:00

OVERLORD closed this issue 2025-10-07 23:56:28 +03:00

OVERLORD commented 2025-10-07 23:56:30 +03:00

Author

Owner

Copy Link

@stonith404 commented on GitHub:

I was able to reproduce the bug that the image can't be deleted. The image did update correctly though.

Is there a possibility that a reverse proxy in front or the browser might cache the image? If you check the data/uploads/oidc-client-images folder, does the image update correctly?

@stonith404 commented on GitHub: I was able to reproduce the bug that the image can't be deleted. The image did update correctly though. Is there a possibility that a reverse proxy in front or the browser might cache the image? If you check the `data/uploads/oidc-client-images` folder, does the image update correctly?

OVERLORD commented 2025-10-07 23:56:31 +03:00

Author

Owner

Copy Link

@mitchplze commented on GitHub:

Not sure if you want a separate issue created for this, but could the alignment and size for images be unified as well?

Example:

This logo file is a (small) SVG. It should be rendered as centered horizontal+vertical, and filling the maximum size of the box (as it's a vector).

I believe the same issue happens with PNGs, if the image size is smaller than the box. For rasterized images, at the very least, the image should be center aligned in both directions I think.

@mitchplze commented on GitHub: Not sure if you want a separate issue created for this, but could the alignment and size for images be unified as well? Example: <img width="293" alt="Image" src="https://github.com/user-attachments/assets/37321f21-b113-42fd-9025-363ca00dc7ba" /> This logo file is a (small) SVG. It should be rendered as centered horizontal+vertical, and filling the maximum size of the box (as it's a vector). I believe the same issue happens with PNGs, if the image size is smaller than the box. For rasterized images, at the very least, the image should be center aligned in both directions I think.

OVERLORD commented 2025-10-07 23:56:31 +03:00

Author

Owner

Copy Link

@stonith404 commented on GitHub:

Thanks for checking this. Would you mind to test the ghcr.io/pocket-id/pocket-id:next image and let me know if the the alignment of the image is correct now and the image updates correctly?

Previously, we didn't set any caching headers for these images, and it seems that the absence of a cache control header is interpreted differently by different browsers. Now images get cached for 15 minutes but for the browser that has updated the image the cache gets invalidated.

@stonith404 commented on GitHub: Thanks for checking this. Would you mind to test the `ghcr.io/pocket-id/pocket-id:next` image and let me know if the the alignment of the image is correct now and the image updates correctly? Previously, we didn't set any caching headers for these images, and it seems that the absence of a cache control header is interpreted differently by different browsers. Now images get cached for 15 minutes but for the browser that has updated the image the cache gets invalidated.

OVERLORD commented 2025-10-07 23:56:32 +03:00

Author

Owner

Copy Link

@kmendell commented on GitHub:

This is interesting, I tried to reproduce this last night and i couldnt...

@stonith404 Are you able to reproduce?

@kmendell commented on GitHub: This is interesting, I tried to reproduce this last night and i couldnt... @stonith404 Are you able to reproduce?

OVERLORD commented 2025-10-07 23:56:32 +03:00

Author

Owner

Copy Link

@mitchplze commented on GitHub:

Looks like my browser was caching the image on the admin screen even after reload, but it was showing up properly during a login flow, and on disk. Strange. A hard cache reload fixed it on admin.

I'm not a web dev, but is there a way to force cache invalidation of the logo when it changes somehow? Perhaps change the underlying URL/guid, which would cause it to be fetched fresh from disk. That would likely require decoupling the client ID from the logo file name though.

@mitchplze commented on GitHub: Looks like my browser was caching the image on the admin screen even after reload, but it was showing up properly during a login flow, and on disk. Strange. A hard cache reload fixed it on admin. I'm not a web dev, but is there a way to force cache invalidation of the logo when it changes somehow? Perhaps change the underlying URL/guid, which would cause it to be fetched fresh from disk. That would likely require decoupling the client ID from the logo file name though.

OVERLORD commented 2025-10-07 23:56:34 +03:00

Author

Owner

Copy Link

@mitchplze commented on GitHub:

Something seems a bit messed up on :next for me. All CSS / page formatting on all pages is gone, and its plain text all smushed to the left now. This is in a regular browser or incog.

Switching my compose back to no tag (assuming :latest) fixes it immediately.

@mitchplze commented on GitHub: Something seems a bit messed up on `:next` for me. All CSS / page formatting on all pages is gone, and its plain text all smushed to the left now. This is in a regular browser or incog.  Switching my compose back to no tag (assuming `:latest`) fixes it immediately.

OVERLORD commented 2025-10-07 23:56:35 +03:00

Author

Owner

Copy Link

@mitchplze commented on GitHub:

Looks like a glitch on my end. I re-pulled and it feels great.

• No caching issues; logo changes are immediately visible
• Centering and layout of logos looks really good now

Thanks a ton!

@mitchplze commented on GitHub: Looks like a glitch on my end. I re-pulled and it feels great. - No caching issues; logo changes are immediately visible - Centering and layout of logos looks really good now Thanks a ton!

OVERLORD commented 2025-10-07 23:56:35 +03:00

Author

Owner

Copy Link

@mitchplze commented on GitHub:

Unfortunately, adding and editing clients altogether is now broken for me, even with incognito.

• create or edit an oidc client
• save it
• something went wrong - internal error

@mitchplze commented on GitHub: Unfortunately, adding and editing clients altogether is now broken for me, even with incognito. - create or edit an oidc client - save it - something went wrong - internal error

OVERLORD commented 2025-10-07 23:56:36 +03:00

Author

Owner

Copy Link

@stonith404 commented on GitHub:

Sorry, somehow the whole CSS broke in the production build because of a minor issue on one site. Could you try the latest next image again?

@stonith404 commented on GitHub: Sorry, somehow the whole CSS broke in the production build because of a minor issue on one site. Could you try the latest `next` image again?

OVERLORD commented 2025-10-07 23:56:36 +03:00

Author

Owner

Copy Link

@stonith404 commented on GitHub:

I can't reproduce this. Is there anything in the logs? What inputs did you enter for creating the client?

@stonith404 commented on GitHub: I can't reproduce this. Is there anything in the logs? What inputs did you enter for creating the client?

OVERLORD commented 2025-10-07 23:56:37 +03:00

Author

Owner

Copy Link

@stonith404 commented on GitHub:

Awesome, thanks for the feedback.

@stonith404 commented on GitHub: Awesome, thanks for the feedback.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

fix/restrict-email-one-time-access

oidc-scopes

breaking/v2

i18n_crowdin

v2/use-item-component

default-env-db-keys

slog-gorm

v1.16.0

v1.15.0

v1.14.2

v1.14.1

v1.14.0

v1.13.1

v1.13.0

v1.12.0

v1.11.2

v1.11.1

v1.11.0

v1.10.0

v1.9.1

v1.9.0

v1.8.1

v1.8.0

v1.7.0

v1.6.4

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.5.0

v1.4.1

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.53.0

v0.52.0

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.0

v0.45.0

v0.44.0

v0.43.1

v0.43.0

v0.42.1

v0.42.0

v0.41.0

v0.40.1

v0.40.0

v0.39.0

v0.38.0

v0.37.0

v0.36.0

v0.35.6

v0.35.5

v0.35.4

v0.35.3

v0.35.2

v0.35.1

v0.35.0

v0.34.0

v0.33.0

v0.32.0

v0.31.0

v0.30.0

v0.29.0

v0.28.1

v0.28.0

v0.27.2

v0.27.1

v0.27.0

v0.26.0

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.0

v0.22.0

v0.21.0

v0.20.1

v0.20.0

v0.19.0

v0.18.0

v0.17.0

v0.16.0

v0.15.0

v0.14.0

v0.13.1

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.0

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.1

v0.4.0

v0.3.1

v0.3.0

v0.2.1

v0.2.0

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels

breaking

bug

documentation

feature

needs more upvotes

open to pull requests

pull-request

Mirrored from GitHub Pull Request

No Label bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/pocket-id-pocket-id-1#181