Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Profile picture also changes on changing the username #24132

Closed
try-catch-stack opened this issue Jan 10, 2022 · 27 comments
Closed

Profile picture also changes on changing the username #24132

try-catch-stack opened this issue Jan 10, 2022 · 27 comments
Assignees

Comments

@try-catch-stack
Copy link
Contributor

Description:

On changing the username , the profile picture also changes (Sometimes) to some random user's profile picture . This profile picture maybe of some user with the same username in the past.

Steps to reproduce:

  1. Go to your profile settings.
  2. Change your username to some other username and save.
  3. The profile picture will be changed to some random image.

Expected behavior:

The original profile picture(The one before changing the username) should be retained.

Actual behavior:

Profile picture changes to some random image.

Rocket.Chat.2022-01-10.18-05-30.mp4

Server Setup Information:

  • Version of Rocket.Chat Server:
  • Operating System:
  • Deployment Method:
  • Number of Running Instances:
  • DB Replicaset Oplog:
  • NodeJS Version:
  • MongoDB Version:

Client Setup Information

  • Desktop App or Browser Version:
  • Operating System:

Additional context

Relevant logs:

@sohamparate
Copy link

hey @try-catch-stack , may I know what version of Rocket.Chat server are you using ?

@try-catch-stack
Copy link
Contributor Author

Latest version

@code-pil
Copy link

Yes I also face this issue!

@ankar84
Copy link

ankar84 commented Jan 11, 2022

Confirm that bug on 4.2.2
Some renamed users get one current avatar picture for some reason (always same)

@Gummikavalier
Copy link

Gummikavalier commented Jan 13, 2022

In our case this was so bad that when we changed the name of the user in admin console session, that session somehow started showing and avatar of completely different person from a completely different RC instance that was open in another tab. This indicates some kind of cache leak between completely separate RC sessions on the same browser.

RC version 4.3.1.

@Ayush01729
Copy link

Hello @try-catch-stack, are you working on this issue?
It's my first time with Rocket Chat's codebase, so if you are familiar with the codebase, could you please help me out by pointing out the directory related to this issue?

@try-catch-stack
Copy link
Contributor Author

Hey @Ayush01729 , code for the edit profile section can be found in AccountProfileForm.js file present in client>views>account , but we are still unsure about the reason causing the issue . As quoted above , it is probably due to some sort of cache leak between different sessions.

@Gummikavalier
Copy link

Update to the claim of mine that cache between sessions might leak. There is a possibility that the location where I spotted the issue with completely wrong person avatar had once had had an account of that person on the instance a year ago. So it is possible that while the user had been deleted long time ago, his avatar might not have been deleted from the system database because of some bug in the handling of avatars during the account deletion.

If it was not a cache issue, RC simply fetched the wrong avatar from the database for the user who even didn't have one to begin with.

@dougfabris
Copy link
Member

Hey guys! I'm trying to reproduce in 4.4.0 but it seems normal. Can someone confirm if it is still happening?

@try-catch-stack
Copy link
Contributor Author

try-catch-stack commented Jan 26, 2022

I can still reproduce it on the Open community server.Is it on the version 4.4.0 as https://open.rocket.chat/api/info does return 4.4.0?
Also the issue does not happen everytime and is sort of random. The number of users on that server may also be the factor to consider in this case.

@mes85
Copy link

mes85 commented Jan 28, 2022

I observed this - or a similar issue - in our installation. In our case it is more obscure:

  • My profile picture got lost
  • My profile picture is now shown for at least two different users

We are using LDAP for all accounts. Changing the user name is therefore not possible. Automatic LDAP sync is also disabled.

(edit) We are currently using version 4.3.2, I see a chance that exactly the update introduced the issue. I cannot remember the previous version, but I think it was 4.2.X.

@mes85
Copy link

mes85 commented Jan 28, 2022

Also, this might be a new issue, as admin I cannot delete or change other user's avatars.
The green popup for a successful change appears, but the avatar remains the same.

Let me know whether I should open a new issue entry for this.

@memachado
Copy link

Also, this might be a new issue, as admin I cannot delete or change other user's avatars. The green popup for a successful change appears, but the avatar remains the same.

Let me know whether I should open a new issue entry for this.

Could be related to this #24100?

@ipikiiskinen
Copy link

ipikiiskinen commented Feb 10, 2022

Just updated our servers from 3.18.3 to 4.3.3 and got reports from a lot of users that their profile picture has changed to a profile picture of someone else.
Some profile pictures got lost.
In the upgrade we also did mongoDB upgrade from 4.0 to 4.2.

We use LDAP as authentication/user sync, but Sync User Avatar is NOT enabled.

This is a nasty bug.

@MightyGoldenOctopus
Copy link

MightyGoldenOctopus commented Feb 10, 2022

Same issue on self-hosted 4.4.1 docker compose deployment. We are not using LDAP.
Node Version: v14.18.2
MongoDB: 4.2.17 / wiredTiger (oplog enabled)

@ipikiiskinen
Copy link

ipikiiskinen commented Feb 10, 2022

More info about the case.

Our system was totally messed up with user profile pictures, so we decided to delete all avatar data from mongoDB:

db.users.update( {}, { $unset : {'avatarETag': [] }}, {multi:true} )
db.users.update( {}, { $unset : {'avatarOrigin': [] }}, {multi:true} )
db.rocketchat_avatars.deleteMany({})
db.rocketchat_avatars.chunks.deleteMany({})
db.rocketchat_avatars.files.deleteMany({})

After a user avatar update there was a single entry in rocketchat_avatars:

rs01:PRIMARY> db.rocketchat_avatars.find()
{ "_id" : "6k3vx7fYtwyFpyTsA", "userId" : "USERID_OF_USER_FOO", "type" : "image/jpeg", "size" : 5007, "store" : "GridFS:Avatars", "_updatedAt" : ISODate("2022-02-10T13:43:43.244Z"), "name" : "FOO_USER", "complete" : true, "etag" : "ptfnHeMrr35hdg4Tr", "path" : "/ufs/GridFS:Avatars/6k3vx7fYtwyFpyTsA/undefined", "progress" : 1, "token" : "29A9c85F29", "uploadedAt" : ISODate("2022-02-10T13:43:43.242Z"), "uploading" : false, "url" : "https://example.com/ufs/GridFS:Avatars/6k3vx7fYtwyFpyTsA/undefined" }

After a while, the same (!) entry was changed with some other user data:

rs01:PRIMARY> db.rocketchat_avatars.find()
{ "_id" : "6k3vx7fYtwyFpyTsA", "userId" : "USERID_OF_USER_FOO", "type" : "image/jpeg", "size" : 5007, "store" : "GridFS:Avatars", "_updatedAt" : ISODate("2022-02-10T13:49:47.751Z"), "name" : "BAR_USER", "complete" : true, "etag" : "ptfnHeMrr35hdg4Tr", "path" : "/ufs/GridFS:Avatars/6k3vx7fYtwyFpyTsA/undefined", "progress" : 1, "token" : "29A9c85F29", "uploadedAt" : ISODate("2022-02-10T13:43:43.242Z"), "uploading" : false, "url" : "https://example.com/ufs/GridFS:Avatars/6k3vx7fYtwyFpyTsA/undefined" }

Note that only name got somehow changed. After this BAR_USER user has the profile picture of FOO_USER.
Our guess is that the entry got updated once a LDAP user logged in (and user data gets synced).
No one did avatar updates.
Happened to users that have profile picture set and to users that didn't have any profile picture set.

We have LDAP -> Data Sync -> Update User Data on Login enabled
I wonder if this triggers the issue.

Note that we do have LDAP -> Data Sync -> Avatar -> Sync User Avatar disabled

@Steini-
Copy link

Steini- commented Mar 3, 2022

Same here: After we upgraded to 4.4.2 it seemed that sometimes the avatars change at random. I could not yet identify any pattern or solution to this but the users on my RC-instance are getting a little confused.
We use the LDAP-Integration just for Authentication.
I could provide with logfiles if that helps, feel free to ask and I will provide them.

@ali-alhaidary
Copy link

Same here almost all 4.x releases. as shown in the attached image:

  1. Avatar is overlapping user name.
  2. Avatar size is usually big, however, when starting a call, it small, and in both cases overlapping user name
    Screenshot 2022-03-03 at 14-22-19 (•) مِـرســال
    .

@ipikiiskinen
Copy link

Still running 4.3.3, but I have some update/confirmation about the triggering setting (at least for us).
We use LDAP for integration. We have run the service for >25 days with settings:
LDAP -> Data Sync -> Update User Data on Login disabled
LDAP -> Data Sync -> Avatar -> Sync User Avatar disabled
The issue with this setting is that users do not get Name attribute in place.

I changed LDAP -> Data Sync -> Update User Data on Login enabled
Pretty much right after the change I got feedback from users about missing or wrong profile pictures (Avatars).
So changing this setting gets the avatars messed up.

Not sure if these settings have any role here, but just in case they have, we have the following non-default Accounts -> Avatar settings:
Block Unauthenticated Access to Avatars enabled
Set Default Avatar disabled

@bzmd-einkauf
Copy link

Pretty much right after the change I got feedback from users about missing or wrong profile pictures (Avatars).
So changing this setting gets the avatars messed up.

We have the exact same setup and issue. Something strange is happening to the avatars, either they go missing or users suddenly had images from different people.

@Gummikavalier
Copy link

Gummikavalier commented Mar 31, 2022

On RC 4.5.5 I can confirm this issue still happens exactly when changing the username. Changes to any other user information do not trigger the bug.

Having merge off in the ldap settings works around it, but it is not a preferred solution. For instance when the username has been chosen to be email directly, and when the surname changes due to changes in user's marital status, merge is the only automated solution that does not create completely new account when the user logs in next time using LDAP.

So our options currently are risking the avatar roulette with merge enabled, or with merge disabled doing any actual username changes manually in coordinatation with the users themselves.

@Dennis14e
Copy link

Any update on this?
On 4.7 the issue is still present. Users get avatars from other users. Also, the Rocket.Chat system user don't have a avatar anymore (another user got it).

@MightyGoldenOctopus
Copy link

Still have the issue on my installation, still no dev answer, Rocket.Chat being ready for real use is really a big joke, all it done was to convince me Slack premium is worth the money....

@ankar84
Copy link

ankar84 commented Jun 15, 2022

Could be fixed in #25603

@vinniefalco
Copy link

Related: #26033

@dougfabris dougfabris self-assigned this Jun 30, 2022
@dougfabris
Copy link
Member

Could be fixed in #25603

@ankar84 Partially fixes it, we're not going to have the random images anymore, but after changing the username we still lost the picture. I assigned myself to track and I'm working on finding the solution!

@tassoevan tassoevan added type: bug and removed bug labels Oct 26, 2022
@hugocostadev
Copy link
Contributor

Hi there, thanks for the contribution! 🚀 💯

Sorry, this error does not happen on the latest and maintained releases.

Rocket.Chat  provides support for, at least, 3 months for each release and 6 months to the latest releases of each major version

I would suggest you update your Rocket.Chat version to the latest stable version, which you can find in Releases Page and, check it HERE the table with versions and End of Life dates.


Questions? Help needed? Feature Requests?

  • Join our Open Server in the #support channel and feel free to raise a question
  • Join our Community Forum and search/create a post there

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests