how do we know the user changed profile picture from default in github via api

Question

I'm working on a script to audit Github. so in that process im trying to find a way to know if the GitHub user in my organization has changed their profile picture from the default profile picture.

Im working with the go-github package to access Github. https://github.com/google/go-github/blob/ababee01b03f69965d0ec370e65b61ec7967be34/github/users.go

Currently, I can get the list of users from ListMembers method and GetAvatarURL gets organization users profile image. But I can't get any differentiation from default github image and the user changed image.

Following is the default image ima talking about.

I get the AvatarURL like https://avatars0.githubusercontent.com/u/XXXXXX?v=4 This is the same for default and for images uploaded by the users. only change is the host server of the images like avatars1, avatars2, avatars3 & avatars4.

Is there any other way to find the difference?

Answer 1

One way to do this is to get some information about the images using tools like ImageMagick

After checking the Github auto-generated identicons, there are 2 check that would be interesting :

• check that the image has 2 unique colors :

  identify -format %k  github_avatar.png
  

output:

2

• one of this color is grey-ish F0F0F0

  convert github_avatar.png -colors 2 \
      -format "%c" histogram:info: | \
      cut -d'#' -f2 | cut -d' ' -f1
  

output:

D65193
F0F0F0

identify and convert tools are part of ImageMagick

The following code use go-github to fetch 50 members of an organization and check each avatarURL with the 2 checks above :

package main
import (
    "github.com/google/go-github/github"
    "fmt"
    "context"
    "os/exec"
    "strconv"
    "strings"
)

func main() {
    client := github.NewClient(nil)
    opt := &github.ListMembersOptions{
        ListOptions: github.ListOptions{PerPage: 50},
    }
    members, _, err := client.Organizations.ListMembers(context.Background(), "IBM", opt)
    if err != nil {
        println(err.Error())
        return
    }
    max := 50
    for i := 0; i < max; i++ {
        identify_cmd := fmt.Sprintf("identify -format %%k %s",*members[i].AvatarURL)
        cmd := exec.Command("bash", "-c",identify_cmd)
        stdout, err := cmd.Output()
        if err != nil {
            println(err.Error())
        } else {
            color_unique, err := strconv.Atoi(string(stdout))
            if err != nil {
                println(err.Error())
            }
            //check that the thumbnail has exactly 2 unique colors
            if (color_unique == 2) {
                //check that the thumbnail has F0F0F0 among those 2 colors
                convert_cmd := fmt.Sprintf("convert %s -colors 2 -format \"%%c\" histogram:info: | cut -d'#' -f2 | cut -d' ' -f1",*members[i].AvatarURL)
                cmd := exec.Command("bash","-c",convert_cmd)
                stdout, err := cmd.Output()
                if err != nil {
                    println(err.Error())
                } else {
                    colors:=strings.Split(string(stdout),"\n")
                    has_color:=false
                    for i := 0; i < len(colors); i++ {
                        if (colors[i] == "F0F0F0") {
                            has_color = true
                            break
                        }
                    }
                    if (has_color) {
                        fmt.Printf("[%v/%v] user %v has not set her/his thumbnail image (%v)\n",i+1,max,*members[i].HTMLURL,*members[i].AvatarURL)
                    } else {
                        fmt.Printf("[%v/%v] the thumbnail for user %v has 2 unique color but none of them is F0F0F0 (%v)\n",i+1,max,*members[i].HTMLURL,*members[i].AvatarURL)
                    }
                }
            } else {
                fmt.Printf("[%v/%v] %v is not a default thumbnail\n",i+1,max,*members[i].AvatarURL)
            }
        }
    }
}

Note: In order to pass URL to the tools instead of regular files, I had to edit the file under /etc/ImageMagick-6/policy.xml commenting https policy but you can modify the code to download the avatar image yourself if needed