yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Disable Gravatar images when FIPS is enabled

Browse Source 
Gravatar image URLs require an MD5 hash of the email be generated.  On a FIPS-enabled server, the MD5 algorithm is not available.  As Gravatar doesn't offer any other method for getting user images, enabling FIPS means that no user images will be available.
This commit is contained in:
Benjamin Carleski
2018-11-20 15:08:50 -08:00
committed by Sebastiaan Janssen
parent e9d53252b8
commit a37b2d42fb
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/Umbraco.Core/Models/UserExtensions.cs
View File

@@ -3,6 +3,7 @@ using System.Collections.Generic;
using System.Globalization;
using System.Linq;
using System.Net;
using System.Security.Cryptography;
using Umbraco.Core.Cache;
using Umbraco.Core.Configuration;
using Umbraco.Core.IO;
@@ -35,9 +36,12 @@ namespace Umbraco.Core.Models
/// A list of 5 different sized avatar URLs
/// </returns>
internal static string[] GetUserAvatarUrls(this IUser user, ICacheProvider staticCache)
{
//check if the user has explicitly removed all avatars including a gravatar, this will be possible and the value will be "none"
if (user.Avatar == "none")
{
// If FIPS is required, never check the Gravatar service as it only supports MD5 hashing.
// Unfortunately, if the FIPS setting is enabled on Windows, using MD5 will throw an exception
// and the website will not run.
// Also, check if the user has explicitly removed all avatars including a gravatar, this will be possible and the value will be "none"
if (user.Avatar == "none" || CryptoConfig.AllowOnlyFipsAlgorithms)
{
return new string[0];
}