Hash email addresses in rankings JSON endpoints

gridhead · gridhead · commit f12121c6e646 · 2026-04-02T11:45:59.000+05:30
The `/json/search/`, `/json/user/`, and `/json/report/` routes were still
sending raw email addresses to the React frontend, causing `deadbeef`
portraits. Wrap `person.avatar` with hash_email() in `explore.py`, `user.py`,
and `report.py`.

Signed-off-by: Akashdeep Dhar &lt;akashdeep.dhar@gmail.com&gt;
diff --git a/tahrir/views/explore.py b/tahrir/views/explore.py
@@ -8,6 +8,7 @@
 from feedgen.feed import FeedGenerator
 from flask import abort, current_app, g, jsonify, redirect, render_template, request, url_for
 
+from ..utils.avatar import hash_email
 from ..utils.badge import sort_badges_by_tag
 from . import blueprint as bp
 
@@ -123,7 +124,7 @@ def json_explore(search_query):
             "id": person.id,
             "bio": person.bio if person.bio else None,
             "created_on": person.created_on.timestamp() if person.created_on else None,
-            "email": person.avatar,
+            "email": hash_email(person.avatar),
             "last_login": person.last_login.timestamp() if person.last_login else None,
             "nickname": person.nickname,
             "rank": person.rank,
diff --git a/tahrir/views/report.py b/tahrir/views/report.py
@@ -2,6 +2,7 @@
 
 from flask import g, jsonify, redirect, render_template, request, url_for
 
+from tahrir.utils.avatar import hash_email
 from tahrir.utils.date_time import get_start_week
 
 from . import blueprint as bp
@@ -183,7 +184,7 @@ def json_report_year(year=None, week=None, month=None, day=None):
 
     data = [
         {
-            "mail": user.avatar,
+            "mail": hash_email(user.avatar),
             "nickname": user.nickname,
             "badges": user_to_rank[user]["badges"],
             "rank": {
diff --git a/tahrir/views/user.py b/tahrir/views/user.py
@@ -6,6 +6,7 @@
 from feedgen.feed import FeedGenerator
 from flask import abort, current_app, g, jsonify, render_template, request, url_for
 
+from tahrir.utils.avatar import hash_email
 from tahrir.utils.badge import badge_json_generator, sort_badges_by_tag
 from tahrir.utils.user import get_person
 
@@ -180,7 +181,7 @@ def _user_json_generator(person):
 
     return {
         "user": person.nickname,
-        "mail": person.avatar,
+        "mail": hash_email(person.avatar),
         "percent_earned": user_info["percent_earned"],
         "classified": classified,
         "serialized": serialized,
