Fix profile refresh identity compatibility

2026-04-21 00:42:55 +08:00
parent 030da8c2f6
commit e4fe9fae2a
7 changed files with 195 additions and 92 deletions
--- a/backend/internal/handler/auth_oauth_pending_flow.go
+++ b/backend/internal/handler/auth_oauth_pending_flow.go
@@ -848,6 +848,12 @@ func shouldBindPendingOAuthIdentity(session *dbent.PendingAuthSession, decision
 	}
 }

+func shouldSkipAvatarAdoption(err error) bool {
+	return errors.Is(err, service.ErrAvatarInvalid) ||
+		errors.Is(err, service.ErrAvatarTooLarge) ||
+		errors.Is(err, service.ErrAvatarNotImage)
+}
+
 func applyPendingOAuthBinding(
 	ctx context.Context,
 	client *dbent.Client,
@@ -885,6 +891,14 @@ func applyPendingOAuthBinding(
 	if decision != nil && decision.AdoptAvatar {
 		adoptedAvatarURL = pendingSessionStringValue(session.UpstreamIdentityClaims, "suggested_avatar_url")
 	}
+	shouldAdoptAvatar := false
+	if decision != nil && decision.AdoptAvatar && adoptedAvatarURL != "" {
+		if err := service.ValidateUserAvatar(adoptedAvatarURL); err == nil {
+			shouldAdoptAvatar = true
+		} else if !shouldSkipAvatarAdoption(err) {
+			return err
+		}
+	}

 	tx, err := client.Tx(ctx)
 	if err != nil {
@@ -913,7 +927,7 @@ func applyPendingOAuthBinding(
 	if decision != nil && decision.AdoptDisplayName && adoptedDisplayName != "" {
 		metadata["display_name"] = adoptedDisplayName
 	}
-	if decision != nil && decision.AdoptAvatar && adoptedAvatarURL != "" {
+	if shouldAdoptAvatar {
 		metadata["avatar_url"] = adoptedAvatarURL
 	}

@@ -939,7 +953,7 @@ func applyPendingOAuthBinding(
 		}
 	}

-	if decision != nil && decision.AdoptAvatar && adoptedAvatarURL != "" && userService != nil {
+	if shouldAdoptAvatar && userService != nil {
 		if _, err := userService.SetAvatar(txCtx, targetUserID, adoptedAvatarURL); err != nil {
 			return err
 		}