feat: Use sha256 hash in avatar service
What does this MR do and why?
It should be viable to use SHA256 instead of MD5 when hashing the email address for avatar services now.
- Gravatar now supports SHA256, and as a centralized service, there are no notable considerations. [source]
- Libravatar has had SHA256 support since 2018, so self-hosted instances have had more than enough time to update. [source]
- Most other avatar services use arbitrary text rather than a hash, so the avatar may change in these cases but will not be inherently wrong. (While the change in avatars is shoddy, it may be worth it to get away from the cons of using MD5.)
While GitLab is less susceptible to this issue (emails addresses are often public, particularly in git log), this will improve privacy as it's easier to get emails from MD5 hashes than SHA256 hashes. [reference]
This also reverts !94475 (merged) as it no longer depends on the MD5 function.
Related
- Resolves #370057 (closed)
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
I believe there is nothing specific I have to note here.
Screenshots
Observe that the avatar from Gravatar is being served, despite the URL at the bottom-left showing a SHA256 hash instead of a MD5 hash.
Observe that the avatar from Libravatar still works.
How to set up and validate locally
- Create a user or update the admin user to have an email address to a valid Gravatar account. (i.e.
jitewaboh@lagify.com) - Review the areas of the UI that show your avatar, such as home page, profile, and edit profile pages.
- Update config to use Libravatar. [docs]
- Repeat step 2.