[avatar] add error handlers for avatar setup

[MorrisJobke]

Steps to reproduce:

• upload a huge image (i.e. https://commons.wikimedia.org/wiki/File:Bath_from_alexandra_park.jpg )
• upload it directly as avatar in the personal settings
• before: no error message, afterwards: error message
• upload the same file to files app
• go to personal settings
• click "Choose from files"
• choose the image
• before: no error message, afterwards: error message

cc @DeepDiver1975 @CaptionF @kawohl @Henni @rullzer @Xenopathic @LukasReschke @oparoz

[MorrisJobke]

@oparoz I got following for this huge image:

{"reqId":"slAdfYOL92fOpVODLr6\/","remoteAddr":"127.0.0.1","app":"PHP","message":"Allowed memory size of 536870912 bytes exhausted (tried to allocate 90636805 bytes) at \/home\/mjob\/Projekte\/owncloud\/master\/lib\/private\/encryption\/manager.php#179","level":3,"time":"2015-07-22T09:02:28+00:00","method":"POST","url":"\/master\/index.php\/avatar\/"}

Can we somehow limit the avatar stuff to not accept images that are bigger than 10 MB or so?

[karlitschek]

nice 👍
Please also backport

[nickvergessen]

No string concatenation for translations please.
French uses : (space before and after colon)

[MorrisJobke]

I just move the colon inside, because on most other translations with a trailing whitespace it was added to the translation as well. And thanks for the hint.

[oparoz]

@MorrisJobke - I'm not familiar with the avatar code, but it should be possible to check the size of the image in the controller and send back an error if it's deemed too large. I think a hard limit makes sense as it's only an avatar and lots of systems place limits on dimensions or size.

[oparoz]

@MorrisJobke - I think a code 413 would be appropriate and the JS could alter the error message based on the code it receives.

[MorrisJobke]

@MorrisJobke - I think a code 413 would be appropriate and the JS could alter the error message based on the code it receives.

Can you make this a separate PR? That would be really nice :)

[nickvergessen]

Also use place holders for the status and statusText? I mean that's why we have them ;)

[MorrisJobke]

I always forgot about them 🙈

[MorrisJobke]

I changed it.

[MorrisJobke]

Jenkins: #17809

[MorrisJobke]

@nickvergessen @oparoz Please review :)

[rullzer]

@MorrisJobke - I'm not familiar with the avatar code, but it should be possible to check the size of the image in the controller and send back an error if it's deemed too large. I think a hard limit makes sense as it's only an avatar and lots of systems place limits on dimensions or size.

Well we do pose limits on the avatar size. But only if a user requests the avatar. max 2048x2048.
I'm not sure if we have the dimension info available before the whole file is uploaded.

[rullzer]

@MorrisJobke - I think a code 413 would be appropriate and the JS could alter the error message based on the code it receives.

Can you make this a separate PR? That would be really nice :)

So the avatar controller can't do this. Because the file needs to be uploaded before we can make this happen. A solution is to use HTML5 (if we can): see https://jsfiddle.net/xnkhN/
That way we could first send a request to the avatarcontroller to see if the files is larger than the maxiumum.

But lets not complicate this more than it has to. This PR shows a nice error message if things go bad. If users decide it is a good idea to upload a 100MB file to create a tiny avatar I do not think it is then our responsibility to make their experience as smooth as possible.

I do wish we had javascript tests for those files.

[oparoz]

So the avatar controller can't do this. Because the file needs to be uploaded before we can make this happen

Yes, but uploading the file is only a problem if you encrypt it right away. If it's in /tmp, then you can get its size before processing it further.

If users decide it is a good idea to upload a 100MB file to create a tiny avatar I do not think it is then our responsibility to make their experience as smooth as possible.

I agree, but what about the case were a user wants to use one of the pictures which are already in his cloud?
If you already cancel the operation when you detect that the image is larger than 2048x2048, then it should be all good.

[rullzer]

@oparoz nope then it is not all good. We allow the user to crop an image to create an avatar. So we should allow images larger than 2048x2048.

[DeepDiver1975]

@MorrisJobke for me there is no error on server side - but the image is not shown after upload

I guess some max file size check is reasonable.

[oparoz]

We allow the user to crop an image to create an avatar. So we should allow images larger than 2048x2048.

OK, then users will be able to break PHP if their memory limit is set too low, just like for previews, except that it's more annoying when you don't get the avatar picture.

[DeepDiver1975]

To me it would make sense to have a max limit here of 20MB for now - talking about a solution which can be backported as well.

In the long run the avatar code needs to get rid of that cache class - it is not designed to operate with that big data

[DeepDiver1975]

@MorrisJobke @oparoz size limit is in place

[oparoz]

size limit is in place

We need the same things for the dimensions (a 4MB JPEG can break PHP if set with a 64MB memory limit), but I think it might be best to keep it in the Preview class

[rullzer]

Currently it displays: 400 Bad request. Which does not tell the user anything. It should display the returned message: File is too big

[MorrisJobke]

@rullzer @Xenopathic @LukasReschke @oparoz Please review :)

[PVince81]

Huh?! Copy-paste fail ?

[DeepDiver1975]

😫

[DeepDiver1975]

@rullzer @Xenopathic @LukasReschke @oparoz Please review :)

[rullzer]

data is undefined in this function.
Bad copy paste?

[DeepDiver1975]

👾 😢 me an js 💣

[rullzer]

Looking good now! 👍

[rullzer]

On tiny last thing.

It now shows:

An error occurred: 400 File is too big

Shouldn't that be something like

An error occurred: File is too big (code 400)

Or even without the code? Since the user does not care about the response code.

@jancborchardt ^^

[MorrisJobke]

@owncloud-bot retest this please

[DeepDiver1975]

Shouldn't that be something like

An error occurred: File is too big (code 400)

Or even without the code? Since the user does not care about the response code.

@rullzer branch hijack permission granted - THX

[MorrisJobke]

Jenkins is happy: #17968 (comment)

[jancborchardt]

@rullzer simply:

Error: File is too big

No error code indeed. ;)

[DeepDiver1975]

No error code indeed. ;)

Already done - 73f025a#diff-a1c52fafc7d1f682c8849c5c62297682R244

status code is only displayed if there is no message communicated to the client

[rullzer]

@rullzer branch hijack permission granted - THX

Ah I'm to late ;)
Anyway, looking good! Lets get this in. 👍

Looks simple enough to backport!

[MorrisJobke]

That looks weird. Two times status text?

[DeepDiver1975]

Okay - I better stop writing JS

[MorrisJobke]

I will fix it

[MorrisJobke]

Fixed

[rullzer]

o, mmm missed that.
this is why we need javascript tests for those classes as well!

Good catch @MorrisJobke

[scrutinizer-notifier]

A new inspection was created.

[MorrisJobke]

Now I'm fine with this 👍

[MorrisJobke]

@owncloud-bot retest this please

[ghost]

🚀 Test PASSed.🚀