diff --git a/app/assets/javascripts/discourse/controllers/preferences.js.es6 b/app/assets/javascripts/discourse/controllers/preferences.js.es6
index 0394fe857bb..9ed837fd3dc 100644
--- a/app/assets/javascripts/discourse/controllers/preferences.js.es6
+++ b/app/assets/javascripts/discourse/controllers/preferences.js.es6
@@ -12,6 +12,7 @@ export default ObjectController.extend({
allowAvatarUpload: Discourse.computed.setting('allow_uploaded_avatars'),
allowUserLocale: Discourse.computed.setting('allow_user_locale'),
+ ssoOverridesAvatar: Discourse.computed.setting('sso_overrides_avatar'),
selectedCategories: function(){
return [].concat(this.get("watchedCategories"), this.get("trackedCategories"), this.get("mutedCategories"));
diff --git a/app/assets/javascripts/discourse/templates/user/preferences.js.handlebars b/app/assets/javascripts/discourse/templates/user/preferences.js.handlebars
index f5406e2dad2..ceadd22601e 100644
--- a/app/assets/javascripts/discourse/templates/user/preferences.js.handlebars
+++ b/app/assets/javascripts/discourse/templates/user/preferences.js.handlebars
@@ -82,9 +82,9 @@
{{bound-avatar model "large"}}
{{#if allowAvatarUpload}}
- {{else}}
+ {{else}} {{#unless ssoOverridesAvatar}}
- {{/if}}
+ {{/unless}} {{/if}}
diff --git a/app/models/discourse_single_sign_on.rb b/app/models/discourse_single_sign_on.rb
index 52eff1357f3..a7826f83d67 100644
--- a/app/models/discourse_single_sign_on.rb
+++ b/app/models/discourse_single_sign_on.rb
@@ -121,9 +121,32 @@ class DiscourseSingleSignOn < SingleSignOn
user.name = User.suggest_name(name || username || email)
end
+ if SiteSetting.sso_overrides_avatar && (
+ avatar_force_update == "true" ||
+ avatar_force_update.to_i != 0 ||
+ sso_record.external_avatar_url != avatar_url)
+ begin
+ tempfile = FileHelper.download(avatar_url, 1.megabyte, "sso-avatar")
+
+ upload = Upload.create_for(user.id, tempfile, "external-avatar", File.size(tempfile.path), { origin: avatar_url })
+
+ user.uploaded_avatar_id = upload.id
+
+ if !user.user_avatar.contains_upload?(upload.id)
+ user.user_avatar.custom_upload_id = upload.id
+ end
+ rescue SocketError
+ # skip saving, we are not connected to the net
+ Rails.logger.warn "Failed to download external avatar: #{avatar_url}, socket error - user id #{ user.id }"
+ ensure
+ tempfile.close! if tempfile && tempfile.respond_to?(:close!)
+ end
+ end
+
# change external attributes for sso record
sso_record.external_username = username
sso_record.external_email = email
sso_record.external_name = name
+ sso_record.external_avatar_url = avatar_url
end
end
diff --git a/app/models/single_sign_on_record.rb b/app/models/single_sign_on_record.rb
index e58d174093f..7f444a2c53a 100644
--- a/app/models/single_sign_on_record.rb
+++ b/app/models/single_sign_on_record.rb
@@ -6,15 +6,16 @@ end
#
# Table name: single_sign_on_records
#
-# id :integer not null, primary key
-# user_id :integer not null
-# external_id :string(255) not null
-# last_payload :text not null
-# created_at :datetime
-# updated_at :datetime
-# external_username :string(255)
-# external_email :string(255)
-# external_name :string(255)
+# id :integer not null, primary key
+# user_id :integer not null
+# external_id :string(255) not null
+# last_payload :text not null
+# created_at :datetime
+# updated_at :datetime
+# external_username :string(255)
+# external_email :string(255)
+# external_name :string(255)
+# external_avatar_url :string(255)
#
# Indexes
#
diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index 322d2276a64..44be22dcdd8 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -769,6 +769,7 @@ en:
sso_overrides_email: "Overrides local email with external site email from SSO payload (WARNING: discrepancies can occur due to normalization of local emails)"
sso_overrides_username: "Overrides local username with external site username from SSO payload (WARNING: discrepancies can occur due to differences in username length/requirements)"
sso_overrides_name: "Overrides local name with external site name from SSO payload (WARNING: discrepancies can occur due to normalization of local names)"
+ sso_overrides_avatar: "Overrides user avatar with external site avatar from SSO payload. If enabled, disabling allow_uploaded_avatars is highly recommended"
enable_local_logins: "Enable local username and password login based accounts. (Note: this must be enabled for invites to work)"
allow_new_registrations: "Allow new user registrations. Uncheck this to prevent anyone from creating a new account."
diff --git a/config/site_settings.yml b/config/site_settings.yml
index 3acece680fd..dac388c7e1c 100644
--- a/config/site_settings.yml
+++ b/config/site_settings.yml
@@ -229,6 +229,9 @@ login:
sso_overrides_email: false
sso_overrides_username: false
sso_overrides_name: false
+ sso_overrides_avatar:
+ default: false
+ client: true
users:
diff --git a/db/migrate/20140817011612_add_external_avatar_url_to_single_sign_on_record.rb b/db/migrate/20140817011612_add_external_avatar_url_to_single_sign_on_record.rb
new file mode 100644
index 00000000000..926615c55a7
--- /dev/null
+++ b/db/migrate/20140817011612_add_external_avatar_url_to_single_sign_on_record.rb
@@ -0,0 +1,5 @@
+class AddExternalAvatarUrlToSingleSignOnRecord < ActiveRecord::Migration
+ def change
+ add_column :single_sign_on_records, :external_avatar_url, :string
+ end
+end
\ No newline at end of file
diff --git a/lib/single_sign_on.rb b/lib/single_sign_on.rb
index 4e2e83312e7..bd01633c968 100644
--- a/lib/single_sign_on.rb
+++ b/lib/single_sign_on.rb
@@ -1,5 +1,5 @@
class SingleSignOn
- ACCESSORS = [:nonce, :name, :username, :email,
+ ACCESSORS = [:nonce, :name, :username, :email, :avatar_url, :avatar_force_update,
:about_me, :external_id]
FIXNUMS = []
NONCE_EXPIRY_TIME = 10.minutes