From a5fb01cc3d00653ed61ec4b96bdc2b3e2d94d706 Mon Sep 17 00:00:00 2001 From: kolaente Date: Wed, 8 Apr 2026 10:31:01 +0200 Subject: [PATCH] fix: reset SSO avatar provider to default when picture claim is removed --- pkg/modules/auth/openid/openid.go | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/pkg/modules/auth/openid/openid.go b/pkg/modules/auth/openid/openid.go index a5e01605d..a2dfeb3e5 100644 --- a/pkg/modules/auth/openid/openid.go +++ b/pkg/modules/auth/openid/openid.go @@ -242,9 +242,17 @@ func getTeamDataFromToken(groups []map[string]interface{}, provider *Provider) ( // Download and store a user's avatar from an OpenID provider func syncUserAvatarFromOpenID(s *xorm.Session, u *user.User, pictureURL string) (err error) { - // Don't sync avatar if no picture URL is provided + // If no picture URL is provided, reset the avatar provider if it was set to openid if pictureURL == "" { - return fmt.Errorf("no picture URL provided") + if u.AvatarProvider == "openid" { + u.AvatarProvider = "default" + _, err = s.Where("id = ?", u.ID).Cols("avatar_provider").Update(&user.User{AvatarProvider: "default"}) + if err != nil { + return fmt.Errorf("error resetting avatar provider: %w", err) + } + avatar.FlushAllCaches(u) + } + return nil } log.Debugf("Found avatar URL for user %s: %s", u.Username, pictureURL)