Validate Graph response in Entra photo sync + consolidate scripts (#224)#257
Open
theneiljohnson wants to merge 1 commit intomicrosoft:masterfrom
Open
Validate Graph response in Entra photo sync + consolidate scripts (#224)#257theneiljohnson wants to merge 1 commit intomicrosoft:masterfrom
theneiljohnson wants to merge 1 commit intomicrosoft:masterfrom
Conversation
Resolves microsoft#224. The legacy downloadEntraPhoto.sh wrote whatever Graph returned straight to PhotoID.jpg with no HTTP-status or content-type check. When Graph returned an error body (404 ImageNotFound, 400 etc.) the JSON error response was saved as the user's photo - which presented exactly as microsoft#224 describes: "the jpg appears in the user profile but is a matter of a few hundred bytes and doesn't appear to be a proper jpg". The downloadEntraPhoto_v2.0.0.sh script already in this folder fixes all of this (HTTP code check, MIME-type validation via 'file -b --mime-type', proper exit codes, structured logging) but it was a parallel file with no signposting from the readme, so anyone deployed on the original filename never benefited from the fix. Changes: - Replace downloadEntraPhoto.sh contents with the v2.0.0 code so existing Intune deployments self-heal on next sync without anyone having to repoint their script assignment. - Remove the now-redundant downloadEntraPhoto_v2.0.0.sh duplicate. - Update the readme to link the script by name, drop the brittle "edit lines 22, 23, 24" instruction (line numbers no longer match) and add a short note explaining the no-photo / error-response behaviour, with a back-reference to microsoft#224.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Resolves #224.
Why @56122's photo file was a few hundred bytes
The legacy
downloadEntraPhoto.shpiped whatever Microsoft Graph returned straight toPhotoID.jpgwith no HTTP-status or content-type check:When Graph returned an error body —
404 ImageNotFound,400 Bad Requestafter a tenant-side change, etc. — the JSON error response was saved as the user's photo. That presents exactly as the report: a tiny non-image file in the user profile.downloadEntraPhoto_v2.0.0.sh(already in the same folder) fixes all of this — HTTP-code check,file -b --mime-typevalidation, proper exit codes — but it was a parallel file with no signposting from the readme, so anyone deployed on the original filename never benefited.Fix
downloadEntraPhoto.shcontent with the v2.0.0 code so existing Intune deployments self-heal on next sync without anyone having to repoint their script assignment.downloadEntraPhoto_v2.0.0.sh.