logtacts icon indicating copy to clipboard operation
logtacts copied to clipboard

Published 20 hours ago verified publisher icon phildini

Alternate image sources for contacts

Open phildini opened this issue 9 years ago • 8 comments

This is an idea issue. This should be a place for discussion, and then individual issues are filed for each outcome of the discussion

Not everybody has gravatar, shockingly, and not every contact is going to have an email. It would be great if we could pull from other sources

  • twitter, if twitter?
  • facebook? (trickier, might still require email)
  • image uploads? (look at ImmaculateObsession/nest for possible image upload solution)
  • others?

phildini avatar Jan 19 '16 06:01 phildini

Somehow google knows to populate user images based on email address (I wonder if this is a google+ thing). If this is accessible over an API, :100:

phildini avatar Jan 26 '16 17:01 phildini

Slightly relevant:

https://stackoverflow.com/questions/14243200/find-google-avatar-for-given-email-address-without-oauth

https://stackoverflow.com/questions/9128700/getting-google-profile-picture-url-with-user-id

But I don't know how to go from email address to user_id yet.

paulproteus avatar Jan 26 '16 17:01 paulproteus

Reading those SO threads makes me think some level of oauth needs to happen, which is unfortunate. Not the end of the world, but unfortunate.

phildini avatar Jan 26 '16 18:01 phildini

Also thinking about using this if no gravatar found: http://avatars.adorable.io/

phildini avatar Feb 03 '16 22:02 phildini

Keep ​in mind that the avatars.adorable.io API results in them getting every email address in plaintext. There's not even (seemingly) any hashing (which would still be rainbow-table-able) which Gravatar at least does.

paulproteus avatar Feb 03 '16 23:02 paulproteus

Oh huh. That's a really interesting point, thanks for raising that issue.

PJJ http://philipjohnjames.com

On Wed, Feb 3, 2016 at 3:01 PM, Asheesh Laroia [email protected] wrote:

Keep ​in mind that the avatars.adorable.io API results in them getting every email address in plaintext. There's not even (seemingly) any hashing (which would still be rainbow-table-able) which Gravatar at least does.

— Reply to this email directly or view it on GitHub https://github.com/phildini/logtacts/issues/20#issuecomment-179519631.

phildini avatar Feb 03 '16 23:02 phildini

"Obviously" I should just hash that info beforehand, and send adorable avatars the hash.

phildini avatar Feb 04 '16 05:02 phildini

Hashing it yourself is one way to do it.

I would personally prefer something that isn't identifiable between servers.

For example:

import hmac hmac = hmac.new(key=settings.SECRET_KEY) hmac.update(str(u.pk)) hmac.hexdigest() 'ff8a70f3069086db1db34b0a26da26a0'

or

u.random_id = uuid.uuid4().hex u.save()

If you "just" hash the email address, it's probably pretty straightforward nowadays probably to rainbow-table it backwards.

paulproteus avatar Feb 04 '16 05:02 paulproteus