Hashing Camels in Fisheye and Gravatar.

I’m working with a lot of the Atlassian tools lately, and I do like them a lot. Though I know there are a lot of alternatives out there, I like the fact that these play nicely together and of course JIRA is a kick-ass tool. But enough of that.

I found a little annoyance in the latest fisheye release, which I wasted about an hour or so on.

We just decided in a moment of inspiration to use Gravatar to enable custom avatars, free, already comes integrated and seems easy enough to use. So we went off and created users and were careful to use the company email address etc and waited for the disclaimer amount of time to have it refreshed, but nothing happens. So I read a little more about it and think, maybe our firewalls are causing problems – I’ll use the HTTPS mode! I reconfigured and full of anticipation refreshed the people page, but again – nothing.

After ruling out general firewall and networks issues (I can see the image in a browser on the server Fisheye is running on) I looked closer to the URL itself, and it turns out the image source fisheye is constructing was not at all the same as Gravatar claims ot be using.

So I trawled through more of the details of both Fisheyes integration with it (not much), some forums, and how Gravatar generates the image itself and thats when I spotted a potential flaw..

"[…The next part of the URL is the hexadecimal MD5 hash of the requested user’s lowercased email address with all whitespace trimmed…]",

Noticed the lowercased bit??


We are using CROWD to feed the user details from AD, and even though we have set it up to only serve up lowercase output, that only formats users, groups and roles. Attributes like Email is still Camel case, and as we all know hashing is case-sensitive. But fortunately this field is editable in Fisheye in the local user details, so I can lowercase it myself – and Job done!

So while there has been a lot of thought and work going into this the devil is in the integration details.


    Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out /  Change )

    Google+ photo

    You are commenting using your Google+ account. Log Out /  Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out /  Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out /  Change )


    Connecting to %s

%d bloggers like this: