add BIMI as source for avatars

[MeiKatz]

• todo: currently only supports default as selector ( e.g. default._bimi.example.org )
• todo: does not validate VMC (Verified Mark Certificates) or DMARC (Domain-based Message Authentication, Reporting & Conformance) or SPF (Sender Policy Framework) (RFC: https://www.ietf.org/archive/id/draft-fetch-validation-vmc-wchuang-05.html)
• todo: currently does not validate SVG Tiny PS format

RFC: https://www.ietf.org/archive/id/draft-blank-ietf-bimi-02.txt

[welcome]

Thanks for opening your first pull request in this repository! ✌️

[miaulalala]

While I personally love the code style with whitespace between brackets and variables, CI isn't going to let it pass ;) can you run the cs fixer? Should all be there for you to be able to run it via composer with composer run cs:fix.

[MeiKatz]

@miaulalala okay, I will try. This is my first pull request here therefore I have to learn this step by step :)

[miaulalala]

Cool, if you have any questions, feel free to post here or you could join the public dev chat if you'd like!

[MeiKatz]

Okay, currently I am struggling with the message The PEAR repository has been removed from Composer 2.x. I tried to find a solution but as far as I searched I could not find a solution. How do you solve this issue?

[miaulalala]

Does that happen when you try to run composer install?

[MeiKatz]

Right. I also cannot run any of the scripts. I guess that is because composer install does not succeed beforehand.

[MeiKatz]

Okay, I could fix the problem by removing the pear package from the repositories list in the composer.json.

[ChristophWurst]

Okay, currently I am struggling with the message The PEAR repository has been removed from Composer 2.x. I tried to find a solution but as far as I searched I could not find a solution. How do you solve this issue?

You will have to use composer v1. I keep a local copy of it as alias of composer1, then I run composer1 i and the like for this app.

Okay, I could fix the problem by removing the pear package from the repositories list in the composer.json.

Hmm okay. But don't you miss the Horde libraries then?

[MeiKatz]

Hmm okay. But don't you miss the Horde libraries then?

Maybe, but I could run the fixer. If this is enough then we should try the workflow tasks on the GitHub servers.

[MeiKatz]

@ChristophWurst is there any blocking issue in my pull request? Just curious about the workflow here and if there is anything that I can do to speed up the process.

[ChristophWurst]

@ChristophWurst is there any blocking issue in my pull request? Just curious about the workflow here and if there is anything that I can do to speed up the process.

We'll test/review soon. Do you have any examples that we could test this with?

[miaulalala]

Right, by signing up with wordpress I could test this. The avatar is returned as a data:image string but it never reaches the frontend

[miaulalala]

For testing purposes: pinterest also has a BIMI record.

[MeiKatz]

Right, by signing up with wordpress I could test this. The avatar is returned as a data:image string but it never reaches the frontend

What do you mean with "it never reaches the frontend"? Is something else shown? Or is it a display error? Or something totally different?

[miaulalala]

Not an error, but the data format doesn't work with the html from the frontend. I signed up for a wordpress account, which will send you an email so you can test this.

[MeiKatz]

Not an error, but the data format doesn't work with the html from the frontend. I signed up for a wordpress account, which will send you an email so you can test this.

I currently try to get a full NextCloud instance running on my local machine with Podman, but I am facing some problems with this. So it's not done yet. Nevertheless, can you send me the received data from the api, that the frontend cannot handle?

[miaulalala]

Hi, finally got you the data:

so the Avatar object looks like this for me:

$avatar = {OCA\Mail\Service\Avatar\Avatar} [3]
 url = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIAAAACACAIAAABMXPacAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAABmJLR0QAAAAAAAD5Q7t/AAAAB3RJTUUH5gIcDR4WRIvwpQAAJNtJREFUeNrtfXtcVNUW/zpn3g9mYHgNL2EgQRnRQURTy4jQ1JtpKmaQXc361S8u3atx4Wo+SiwfXdEul1tm/TK7qGlqlIkiEZZgCghKiJowPOX9mDfzOOf8/jh4HHnMmUGQ+ly//8DZs59rnbP23muvtTbAQ4wqEABwWf7P0e7G/y6Y5B+UzR/tnvwvAjfp0dHuw/86HjJglPGQAaOMhwwYZTxkwCjjIQNGGQ8ZMMp4yIBRxkMGjDIeMmCU8ZABowzmaHeAHrhRxzJ28wxtqKre0KJsVl63nV8qG8fzDMTFvgaeu5njjHIEoz0CW/hdMoAgcKNWoGtkNl2tuZxPpikUiqioqLCwpTKZzM3NTSQScblcJpPJYDAwDLNYLD09PWq1ur29XalUlpeX5+fn15aVkWUDJkdZvCbqBD4oRwgIMtrDuwe96ujfiTaU0HeLVDdbLhw3aNUCgSAxMXHu3LlyuVwikaCow9ISx/HOzs6KiorTp0+np6frdDqeUOQ5fbFaHIzwnUd7rAAAuEn/u2AAgZn53dX6kuOdzfUKhSIlJSU6Otrd3R0ZvreVIIi2tra8vLwdO3aUlZVJpH78iMV650CEwRrFgY8+A3CT3rm1VJmXCQDp6emxsbGenp4j3WhLS8vRo0cTExMBQBYd3+0RPorDHzUG4CaDS/PF6vwj48ePz8jImDVrFoPBGDCnxWJpbW29efNmWVlZUVHRpUuXbt26NVi1QUFBkZGRU6dODQ8PDw4Olkqlg8kuDMN++umnhISEysrKwKhlXdJpKJv3wIkwGgwgcM"
 mime = "image/png"
 isExternal = true

It works fine up to this line: https://github.com/MeiKatz/nextcloud-mail/blob/master/lib/Service/AvatarService.php#L144

I think this method needs an additional check on the mime type to cover this case of a base64 encoded image as URL.

[MeiKatz]

@miaulalala So this is the value of $cachedImage or of $avatar?

[miaulalala]

This is the value of $avatar

[ChristophWurst]

This would still be a very nice feature. @MeiKatz if you have time to continue/finish the feature let me know. Else I'll try to find someone else to take over, but it won't happen anytime soon.

[MeiKatz]

@ChristophWurst currently my development of the feature is paused but I never stopped thinking about it. In the last few months I learnt a lot about deployment of NC via Docker and therefore I will try in the next weeks so set up a local instance of NC so I can re-start developing this feature.

[ChristophWurst]

The SVG handling is a bit scary. I wish that could be offloaded to a library with plenty of tests.

The rest looks alright, so I'm not closing the PR yet.

[MeiKatz]

The SVG handling is a bit scary. I wish that could be offloaded to a library with plenty of tests.

I would go with a package that does the job but as far as I know there is not for now. But I can create this missing package myself and use it here, so the problem goes into my play field. Would this be better?

[ChristophWurst]

https://github.com/SRWieZ/php-svg-ps-converter?

[pabzm]

As far as I can tell this code doesn't check if the email is valid and legimitate. I'd suggest to at least require a good DMARC-result, else this might even make illegitimate emails look more trustworthy.

This feature is in development for Roundcubemail, too, and over there someone suggested technical details of such a requirement.

[MeiKatz]

@pabzm You've got a valid point there. DMARC would be the requirement because paid certificates are for the most companies unavailable because they are way too expensive.

This PR is on my to do list for a long time now and maybe there should be a separate pull request before where checking for DMARC is added and we can call something like $this->isValidDMARC() before fetching the BIMI image.

[Neustradamus]

@MeiKatz: Can you update your PR with the latest BIMI draft version?

• https://datatracker.ietf.org/doc/html/draft-brand-indicators-for-message-identification

Thanks in advance.