Security: New config option to disable the use of gravatar for profile images, Closes #1891

CHANGELOG.md

@@ -6,6 +6,7 @@
 
 **Backend**
 - [Issue #1905](https://github.com/grafana/grafana/issues/1905). Github OAuth: You can now configure a Github team membership requirement, thx @dewski
+- [Issue #1891](https://github.com/grafana/grafana/issues/1891). Security: New config option to disable the use of gravatar for profile images
 
 
 # 2.0.3 (unreleased - 2.0.x branch)

conf/defaults.ini

@@ -109,6 +109,9 @@ login_remember_days = 7
 cookie_username = grafana_user
 cookie_remember_name = grafana_remember
 
+# disable gravatar profile images
+disable_gravatar = false
+
 #################################### Users ####################################
 [users]
 # disable user signup / registration

conf/sample.ini

@@ -108,6 +108,9 @@
 ;cookie_username = grafana_user
 ;cookie_remember_name = grafana_remember
 
+# disable gravatar profile images
+;disable_gravatar = false
+
 #################################### Users ####################################
 [users]
 # disable user signup / registration

docs/sources/installation/configuration.md

@@ -134,6 +134,9 @@ The number of days the keep me logged in / remember me cookie lasts.
 ### secret_key
 Used for signing keep me logged in / remember me cookies.
 
+### disable_gravatar
+Set to true to disable the use of Gravatar for user profile images. Default is `false`.
+
 <hr>
 ## [user]
 

pkg/api/index.go

@@ -25,6 +25,10 @@ func setIndexViewData(c *middleware.Context) error {
 		IsGrafanaAdmin: c.IsGrafanaAdmin,
 	}
 
+	if setting.DisableGravatar {
+		currentUser.GravatarUrl = setting.AppSubUrl + "/img/user_profile.png"
+	}
+
 	if len(currentUser.Name) == 0 {
 		currentUser.Name = currentUser.Login
 	}

pkg/setting/setting.go

@@ -71,6 +71,7 @@ var (
 	LogInRememberDays  int
 	CookieUserName     string
 	CookieRememberName string
+	DisableGravatar    bool
 
 	// User settings
 	AllowUserSignUp    bool
@@ -358,6 +359,8 @@ func NewConfigContext(args *CommandLineArgs) {
 	LogInRememberDays = security.Key("login_remember_days").MustInt()
 	CookieUserName = security.Key("cookie_username").String()
 	CookieRememberName = security.Key("cookie_remember_name").String()
+	DisableGravatar = security.Key("disable_gravatar").MustBool(true)
+
 	// admin
 	AdminUser = security.Key("admin_user").String()
 	AdminPassword = security.Key("admin_password").String()

public/app/plugins/datasource/influxdb_08/datasource.js

@@ -42,9 +42,9 @@ function (angular, _, kbn, InfluxSeries, InfluxQueryBuilder) {
         query = query.replace(/\$interval/g, (target.interval || options.interval));
 
         // replace templated variables
-        query = templateSrv.replace(query);
+        query = templateSrv.replace(query, options.scopedVars);
 
-        var alias = target.alias ? templateSrv.replace(target.alias) : '';
+        var alias = target.alias ? templateSrv.replace(target.alias, options.scopedVars) : '';
 
         var handleResponse = _.partial(handleInfluxQueryResponse, alias, queryBuilder.groupByField);
         return this._seriesQuery(query).then(handleResponse);