[SG-58] Avatar color selector (#2330)

* chore: backend work

* changed typing to match efc

* Update User_Update.sql

* fix: script cleanup

* fix: adjust max length

* fix: adjust max length

* fix: added missing script changes

* fix: use short form for creating objects

* add: mysql migrations

* chore: add mysql script

* chore: posgres migrations

* chore: postgres migrations

* fix: lint

* Update 20221115034053_AvatarColor.cs

* fix: removed gravatar inline (#2447)

Co-authored-by: Todd Martin <tmartin@bitwarden.com>
Co-authored-by: Todd Martin <106564991+trmartin4@users.noreply.github.com>

src/Api/Controllers/AccountsController.cs

@@ -471,6 +471,20 @@ public class AccountsController : Controller
         return response;
     }
 
+    [HttpPut("avatar")]
+    [HttpPost("avatar")]
+    public async Task<ProfileResponseModel> PutAvatar([FromBody] UpdateAvatarRequestModel model)
+    {
+        var user = await _userService.GetUserByPrincipalAsync(User);
+        if (user == null)
+        {
+            throw new UnauthorizedAccessException();
+        }
+        await _userService.SaveUserAsync(model.ToUser(user), true);
+        var response = new ProfileResponseModel(user, null, null, null, await _userService.TwoFactorIsEnabledAsync(user), await _userService.HasPremiumFromOrganization(user));
+        return response;
+    }
+
     [HttpGet("revision-date")]
     public async Task<long?> GetAccountRevisionDate()
     {

src/Api/Models/Request/Accounts/UpdateAvatarRequestModel.cs

@@ -0,0 +1,16 @@
+using System.ComponentModel.DataAnnotations;
+using Bit.Core.Entities;
+
+namespace Bit.Api.Models.Request.Accounts;
+
+public class UpdateAvatarRequestModel
+{
+    [StringLength(7)]
+    public string AvatarColor { get; set; }
+
+    public User ToUser(User existingUser)
+    {
+        existingUser.AvatarColor = AvatarColor;
+        return existingUser;
+    }
+}

src/Api/Models/Response/ProfileResponseModel.cs

@@ -34,6 +34,7 @@ public class ProfileResponseModel : ResponseModel
         SecurityStamp = user.SecurityStamp;
         ForcePasswordReset = user.ForcePasswordReset;
         UsesKeyConnector = user.UsesKeyConnector;
+        AvatarColor = user.AvatarColor;
         Organizations = organizationsUserDetails?.Select(o => new ProfileOrganizationResponseModel(o));
         Providers = providerUserDetails?.Select(p => new ProfileProviderResponseModel(p));
         ProviderOrganizations =
@@ -58,6 +59,7 @@ public class ProfileResponseModel : ResponseModel
     public string SecurityStamp { get; set; }
     public bool ForcePasswordReset { get; set; }
     public bool UsesKeyConnector { get; set; }
+    public string AvatarColor { get; set; }
     public IEnumerable<ProfileOrganizationResponseModel> Organizations { get; set; }
     public IEnumerable<ProfileProviderResponseModel> Providers { get; set; }
     public IEnumerable<ProfileProviderOrganizationResponseModel> ProviderOrganizations { get; set; }

src/Core/Entities/User.cs

@@ -61,6 +61,8 @@ public class User : ITableObject<Guid>, ISubscriber, IStorable, IStorableSubscri
     public int FailedLoginCount { get; set; }
     public DateTime? LastFailedLoginDate { get; set; }
     public bool UnknownDeviceVerificationEnabled { get; set; }
+    [MaxLength(7)]
+    public string AvatarColor { get; set; }
 
     public void SetNewId()
     {

src/Sql/dbo/Stored Procedures/User_Create.sql

@@ -34,7 +34,8 @@
     @UsesKeyConnector BIT = 0,
     @FailedLoginCount INT = 0,
     @LastFailedLoginDate DATETIME2(7),
-    @UnknownDeviceVerificationEnabled BIT = 1
+    @UnknownDeviceVerificationEnabled BIT = 1,
+    @AvatarColor VARCHAR(7) = NULL
 AS
 BEGIN
     SET NOCOUNT ON
@@ -76,7 +77,8 @@ BEGIN
         [UsesKeyConnector],
         [FailedLoginCount],
         [LastFailedLoginDate],
-        [UnknownDeviceVerificationEnabled]
+        [UnknownDeviceVerificationEnabled],
+        [AvatarColor]
     )
     VALUES
     (
@@ -115,6 +117,7 @@ BEGIN
         @UsesKeyConnector,
         @FailedLoginCount,
         @LastFailedLoginDate,
-        @UnknownDeviceVerificationEnabled
+        @UnknownDeviceVerificationEnabled,
+        @AvatarColor
     )
 END

src/Sql/dbo/Stored Procedures/User_Update.sql

@@ -34,7 +34,8 @@
     @UsesKeyConnector BIT = 0,
     @FailedLoginCount INT,
     @LastFailedLoginDate DATETIME2(7),
-    @UnknownDeviceVerificationEnabled BIT = 1
+    @UnknownDeviceVerificationEnabled BIT = 1,
+    @AvatarColor VARCHAR(7)
 AS
 BEGIN
     SET NOCOUNT ON
@@ -76,7 +77,8 @@ BEGIN
         [UsesKeyConnector] = @UsesKeyConnector,
         [FailedLoginCount] = @FailedLoginCount,
         [LastFailedLoginDate] = @LastFailedLoginDate,
-        [UnknownDeviceVerificationEnabled] = @UnknownDeviceVerificationEnabled
+        [UnknownDeviceVerificationEnabled] = @UnknownDeviceVerificationEnabled,
+	    [AvatarColor] = @AvatarColor
     WHERE
         [Id] = @Id
 END

src/Sql/dbo/Tables/User.sql

@@ -35,6 +35,7 @@
     [FailedLoginCount]                 INT              CONSTRAINT [D_User_FailedLoginCount] DEFAULT ((0)) NOT NULL,
     [LastFailedLoginDate]              DATETIME2 (7)    NULL,
     [UnknownDeviceVerificationEnabled] BIT              CONSTRAINT [D_User_UnknownDeviceVerificationEnabled] DEFAULT ((1)) NOT NULL,
+    [AvatarColor] VARCHAR(7) NULL, 
     CONSTRAINT [PK_User] PRIMARY KEY CLUSTERED ([Id] ASC)
 );
 

util/Migrator/DbScripts/2022-09-20_00_AvatarColor.sql

@@ -0,0 +1,226 @@
+--Add column
+IF COL_LENGTH('[dbo].[User]', 'AvatarColor') IS NULL
+BEGIN
+    ALTER TABLE [dbo].[User] ADD [AvatarColor] VARCHAR (7) NULL;
+END
+GO
+
+-- Recreate VIEW UserView
+CREATE OR ALTER VIEW [dbo].[UserView]
+AS
+SELECT
+    *
+FROM
+    [dbo].[User]
+GO
+
+-- Recreate procedure User_Update
+CREATE OR ALTER PROCEDURE [dbo].[User_Update]
+    @Id UNIQUEIDENTIFIER,
+    @Name NVARCHAR(50),
+    @Email NVARCHAR(256),
+    @EmailVerified BIT,
+    @MasterPassword NVARCHAR(300),
+    @MasterPasswordHint NVARCHAR(50),
+    @Culture NVARCHAR(10),
+    @SecurityStamp NVARCHAR(50),
+    @TwoFactorProviders NVARCHAR(MAX),
+    @TwoFactorRecoveryCode NVARCHAR(32),
+    @EquivalentDomains NVARCHAR(MAX),
+    @ExcludedGlobalEquivalentDomains NVARCHAR(MAX),
+    @AccountRevisionDate DATETIME2(7),
+    @Key NVARCHAR(MAX),
+    @PublicKey NVARCHAR(MAX),
+    @PrivateKey NVARCHAR(MAX),
+    @Premium BIT,
+    @PremiumExpirationDate DATETIME2(7),
+    @RenewalReminderDate DATETIME2(7),
+    @Storage BIGINT,
+    @MaxStorageGb SMALLINT,
+    @Gateway TINYINT,
+    @GatewayCustomerId VARCHAR(50),
+    @GatewaySubscriptionId VARCHAR(50),
+    @ReferenceData VARCHAR(MAX),
+    @LicenseKey VARCHAR(100),
+    @Kdf TINYINT,
+    @KdfIterations INT,
+    @CreationDate DATETIME2(7),
+    @RevisionDate DATETIME2(7),
+    @ApiKey VARCHAR(30),
+    @ForcePasswordReset BIT = 0,
+    @UsesKeyConnector BIT = 0,
+    @FailedLoginCount INT,
+    @LastFailedLoginDate DATETIME2(7),
+    @UnknownDeviceVerificationEnabled BIT = 1,
+    @AvatarColor VARCHAR(7)
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    UPDATE
+        [dbo].[User]
+    SET
+        [Name] = @Name,
+        [Email] = @Email,
+        [EmailVerified] = @EmailVerified,
+        [MasterPassword] = @MasterPassword,
+        [MasterPasswordHint] = @MasterPasswordHint,
+        [Culture] = @Culture,
+        [SecurityStamp] = @SecurityStamp,
+        [TwoFactorProviders] = @TwoFactorProviders,
+        [TwoFactorRecoveryCode] = @TwoFactorRecoveryCode,
+        [EquivalentDomains] = @EquivalentDomains,
+        [ExcludedGlobalEquivalentDomains] = @ExcludedGlobalEquivalentDomains,
+        [AccountRevisionDate] = @AccountRevisionDate,
+        [Key] = @Key,
+        [PublicKey] = @PublicKey,
+        [PrivateKey] = @PrivateKey,
+        [Premium] = @Premium,
+        [PremiumExpirationDate] = @PremiumExpirationDate,
+        [RenewalReminderDate] = @RenewalReminderDate,
+        [Storage] = @Storage,
+        [MaxStorageGb] = @MaxStorageGb,
+        [Gateway] = @Gateway,
+        [GatewayCustomerId] = @GatewayCustomerId,
+        [GatewaySubscriptionId] = @GatewaySubscriptionId,
+        [ReferenceData] = @ReferenceData,
+        [LicenseKey] = @LicenseKey,
+        [Kdf] = @Kdf,
+        [KdfIterations] = @KdfIterations,
+        [CreationDate] = @CreationDate,
+        [RevisionDate] = @RevisionDate,
+        [ApiKey] = @ApiKey,
+        [ForcePasswordReset] = @ForcePasswordReset,
+        [UsesKeyConnector] = @UsesKeyConnector,
+        [FailedLoginCount] = @FailedLoginCount,
+        [LastFailedLoginDate] = @LastFailedLoginDate,
+        [UnknownDeviceVerificationEnabled] = @UnknownDeviceVerificationEnabled,
+	  [AvatarColor] = @AvatarColor
+    WHERE
+        [Id] = @Id
+END
+GO
+
+CREATE OR ALTER PROCEDURE [dbo].[User_Create]
+    @Id UNIQUEIDENTIFIER OUTPUT,
+    @Name NVARCHAR(50),
+    @Email NVARCHAR(256),
+    @EmailVerified BIT,
+    @MasterPassword NVARCHAR(300),
+    @MasterPasswordHint NVARCHAR(50),
+    @Culture NVARCHAR(10),
+    @SecurityStamp NVARCHAR(50),
+    @TwoFactorProviders NVARCHAR(MAX),
+    @TwoFactorRecoveryCode NVARCHAR(32),
+    @EquivalentDomains NVARCHAR(MAX),
+    @ExcludedGlobalEquivalentDomains NVARCHAR(MAX),
+    @AccountRevisionDate DATETIME2(7),
+    @Key NVARCHAR(MAX),
+    @PublicKey NVARCHAR(MAX),
+    @PrivateKey NVARCHAR(MAX),
+    @Premium BIT,
+    @PremiumExpirationDate DATETIME2(7),
+    @RenewalReminderDate DATETIME2(7),
+    @Storage BIGINT,
+    @MaxStorageGb SMALLINT,
+    @Gateway TINYINT,
+    @GatewayCustomerId VARCHAR(50),
+    @GatewaySubscriptionId VARCHAR(50),
+    @ReferenceData VARCHAR(MAX),
+    @LicenseKey VARCHAR(100),
+    @Kdf TINYINT,
+    @KdfIterations INT,
+    @CreationDate DATETIME2(7),
+    @RevisionDate DATETIME2(7),
+    @ApiKey VARCHAR(30),
+    @ForcePasswordReset BIT = 0,
+    @UsesKeyConnector BIT = 0,
+    @FailedLoginCount INT = 0,
+    @LastFailedLoginDate DATETIME2(7),
+    @UnknownDeviceVerificationEnabled BIT = 1,
+    @AvatarColor VARCHAR(7) = NULL
+AS
+BEGIN
+    SET NOCOUNT ON
+
+    INSERT INTO [dbo].[User]
+    (
+        [Id],
+        [Name],
+        [Email],
+        [EmailVerified],
+        [MasterPassword],
+        [MasterPasswordHint],
+        [Culture],
+        [SecurityStamp],
+        [TwoFactorProviders],
+        [TwoFactorRecoveryCode],
+        [EquivalentDomains],
+        [ExcludedGlobalEquivalentDomains],
+        [AccountRevisionDate],
+        [Key],
+        [PublicKey],
+        [PrivateKey],
+        [Premium],
+        [PremiumExpirationDate],
+        [RenewalReminderDate],
+        [Storage],
+        [MaxStorageGb],
+        [Gateway],
+        [GatewayCustomerId],
+        [GatewaySubscriptionId],
+        [ReferenceData],
+        [LicenseKey],
+        [Kdf],
+        [KdfIterations],
+        [CreationDate],
+        [RevisionDate],
+        [ApiKey],
+        [ForcePasswordReset],
+        [UsesKeyConnector],
+        [FailedLoginCount],
+        [LastFailedLoginDate],
+        [UnknownDeviceVerificationEnabled],
+        [AvatarColor]
+    )
+    VALUES
+    (
+        @Id,
+        @Name,
+        @Email,
+        @EmailVerified,
+        @MasterPassword,
+        @MasterPasswordHint,
+        @Culture,
+        @SecurityStamp,
+        @TwoFactorProviders,
+        @TwoFactorRecoveryCode,
+        @EquivalentDomains,
+        @ExcludedGlobalEquivalentDomains,
+        @AccountRevisionDate,
+        @Key,
+        @PublicKey,
+        @PrivateKey,
+        @Premium,
+        @PremiumExpirationDate,
+        @RenewalReminderDate,
+        @Storage,
+        @MaxStorageGb,
+        @Gateway,
+        @GatewayCustomerId,
+        @GatewaySubscriptionId,
+        @ReferenceData,
+        @LicenseKey,
+        @Kdf,
+        @KdfIterations,
+        @CreationDate,
+        @RevisionDate,
+        @ApiKey,
+        @ForcePasswordReset,
+        @UsesKeyConnector,
+        @FailedLoginCount,
+        @LastFailedLoginDate,
+        @UnknownDeviceVerificationEnabled,
+        @AvatarColor
+    )
+END

util/MySqlMigrations/Migrations/20221115030843_AvatarColor.cs

@@ -0,0 +1,25 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+namespace Bit.MySqlMigrations.Migrations;
+
+public partial class AvatarColor : Migration
+{
+    protected override void Up(MigrationBuilder migrationBuilder)
+    {
+        migrationBuilder.AddColumn<string>(
+            name: "AvatarColor",
+            table: "User",
+            type: "varchar(7)",
+            maxLength: 7,
+            nullable: true)
+            .Annotation("MySql:CharSet", "utf8mb4");
+    }
+
+    protected override void Down(MigrationBuilder migrationBuilder)
+    {
+        migrationBuilder.DropColumn(
+            name: "AvatarColor",
+            table: "User");
+    }
+}

util/MySqlMigrations/Migrations/DatabaseContextModelSnapshot.cs

@@ -1160,6 +1160,10 @@ namespace Bit.MySqlMigrations.Migrations
                         .HasMaxLength(30)
                         .HasColumnType("varchar(30)");
 
+                    b.Property<string>("AvatarColor")
+                        .HasMaxLength(7)
+                        .HasColumnType("varchar(7)");
+
                     b.Property<DateTime>("CreationDate")
                         .HasColumnType("datetime(6)");
 

util/MySqlMigrations/Scripts/2022_11_14_00_AddAvatarColor

@@ -0,0 +1,9 @@
+START TRANSACTION;
+
+ALTER TABLE `User` ADD `AvatarColor` varchar(7) CHARACTER SET utf8mb4 NULL;
+
+INSERT INTO `__EFMigrationsHistory` (`MigrationId`, `ProductVersion`)
+VALUES ('20221115030843_AvatarColor', '6.0.4');
+
+COMMIT;
+

util/PostgresMigrations/Migrations/20221115034053_AvatarColor.cs

@@ -0,0 +1,26 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace Bit.PostgresMigrations.Migrations;
+
+public partial class AvatarColor : Migration
+{
+    protected override void Up(MigrationBuilder migrationBuilder)
+    {
+
+        migrationBuilder.AddColumn<string>(
+            name: "AvatarColor",
+            table: "User",
+            type: "character varying(7)",
+            maxLength: 7,
+            nullable: true);
+    }
+
+    protected override void Down(MigrationBuilder migrationBuilder)
+    {
+        migrationBuilder.DropColumn(
+            name: "AvatarColor",
+            table: "User");
+    }
+}

util/PostgresMigrations/Migrations/DatabaseContextModelSnapshot.cs

@@ -1167,6 +1167,10 @@ namespace Bit.PostgresMigrations.Migrations
                         .HasMaxLength(30)
                         .HasColumnType("character varying(30)");
 
+                    b.Property<string>("AvatarColor")
+                        .HasMaxLength(7)
+                        .HasColumnType("character varying(7)");
+
                     b.Property<DateTime>("CreationDate")
                         .HasColumnType("timestamp with time zone");
 

util/PostgresMigrations/Scripts/2022_11_14_00_AddAvatarColor

@@ -0,0 +1,9 @@
+START TRANSACTION;
+
+ALTER TABLE "User" ADD "AvatarColor" character varying(7) NULL;
+
+INSERT INTO "__EFMigrationsHistory" ("MigrationId", "ProductVersion")
+VALUES ('20221115034053_AvatarColor', '6.0.4');
+
+COMMIT;
+

util/Setup/Configuration.cs

@@ -77,7 +77,7 @@ public class Configuration
         "WARNING: Reconfiguring this parameter may break features. By changing this parameter\n" +
         "you become responsible for maintaining this value.")]
     public string NginxHeaderContentSecurityPolicy { get; set; } = "default-src 'self'; style-src 'self' " +
-        "'unsafe-inline'; img-src 'self' data: https://haveibeenpwned.com https://www.gravatar.com; " +
+        "'unsafe-inline'; img-src 'self' data: https://haveibeenpwned.com; " +
         "child-src 'self' https://*.duosecurity.com https://*.duofederal.com; " +
         "frame-src 'self' https://*.duosecurity.com https://*.duofederal.com; " +
         "connect-src 'self' wss://{0} https://api.pwnedpasswords.com " +