Upload user avatars and store in attributes as URL instead of base64 encoded data #6824
Replies: 4 comments 8 replies
-
for me it did not in fact autocreate the |
Beta Was this translation helpful? Give feedback.
-
Thank you so much for this, it works very well! I just had to add the following if statement to the beginning of if not request.user.is_authenticated:
return |
Beta Was this translation helpful? Give feedback.
-
This guide works great. Only thing to note is as @thefeli73 said, the mkdir -p /authentik/media/user-avatars/
chown -R 1000:1000 /authentik/media/user-avatars/
chmod -R 644 /authentik/media/user-avatars/ Obviously adjust chown owner to whatever you need. I got the avatar upload to work with permission And if you have multiple sources for avatars, stick the custom upload to the front, otherwise initials will have priority. Mine didn't work until I flipped the order.
|
Beta Was this translation helpful? Give feedback.
-
cant add validation policies , after success got blank again |
Beta Was this translation helpful? Give feedback.
-
Background
There is an issue (#2631) ongoing about how to allow users to upload their own avatars. Basic functionality seems to work with the file prompt field (#3156) and the
AUTHENTIK_AVATARS=attributes.avatar,…
setting, but a few problems still remain to be solved.While a file cropper seems nice to have, the show-stopper for me is having to store image files as base64-encoded strings directly in the user profile (attributes). Even with reasonably sized image files, this leads to performance issues (e.g., see #5942), makes it more cumbersome to edit the user profile in the admin interface (the YAML is hundreds of lines long), and may cause problems with proxying authentik-ated web applications (with avatars of ca. 100 KBytes, I received error 500 codes from nginx until I found out that I had to increase proxy buffers in size); even then, the
/outpost.goauthentik.io/sign_out
redirect for proxied applications errored out because query strings (presumably containing user profile data) became too long (I suppose).My proposed solution is a workaround for this problem which allows the user to upload an image file as a user avatar, stores this image file in your authentik server's
/media/
subdirectory under a random (non-guessable) file name, and stores the URL of this image file in theavatar
profile attribute of the user.This way, arbitrarily large image files (the maximum is configurable) can be used as a user avatar without cluttering the profile.
Credits: The helpful comments in issue #4283 as well as the above-mentioned issues pointed me in the right direction.
Procedure
Include the
attributes.avatar
option in yourAUTHENTIK_AVATARS
environment variable (see here).Make sure the
/media/
directory in your authentik-server container is writable by authentik and persistent. Avatar image files will be stored in a sub-directory/media/user-avatars/
(auto-created if not present).Create a custom
File
prompt, e.g.,default-user-settings-field-avatar
, with field keyattributes.avatar
; adjust theOrder
(not visible in the screenshot) as appropriate (e.g., 205)Create a custom
checkbox
prompt, e.g.,default-user-settings-field-avatar-reset
, with field keyattributes.avatar_reset
; adjust theOrder
(e.g., to 206). The user can check this box to delete the current avatar file.Create a custom expression policy, e.g.,
default-user-settings-avatar-authorization
with this expression. This is where the uploaded file is saved, any previous file is removed, and the new URL is prepared to be stored in the user profile. Make sure to configureAK_DOMAIN
,MAX_UPLOAD_SIZE
andACCEPTED_FILE_TYPES
to your needs.Update your
default-user-settings
prompt stage (or a new, custom prompt stage, if you prefer) so that thedefault-user-settings-field-avatar
anddefault-user-settings-field-avatar-reset
prompts are included in the Fields selection (make sure not to accidentally unselect the default profile fields) and thedefault-user-settings-avatar-authorization
is included in the Validation Policies (along with the stockdefault-user-settings-authorization
policy).Done! Now your users should be able to customize their own avatar images. (Don't forget to re-create your docker container after updating environment options.)
Open Questions/Issues
default-user-settings-avatar-authorization
should catch and reject too large files, but there seems to be an implicit limit where things start to go wrong. Specifically, I had problems with large (but still reasonably sized) files: After uploading a files of 1 – 2 MB, I get no error message, but the UI switches from direct display of profile fields to a button "Open settings", which then opens the profile on a separate page, and when I hit the "Continue" button, the upload seems to have failed (silently). I don't know where to begin debugging this. -- EDIT: This is solved, I forgot to increase theclient_max_body_size
setting in my nginx reverse proxy. 🙄Beta Was this translation helpful? Give feedback.
All reactions