release: 0.35.2

.version

@@ -1 +1 @@
-0.35.0
+0.35.2

CHANGELOG.md

@@ -1,3 +1,19 @@
+## [](https://github.com/pocket-id/pocket-id/compare/v0.35.1...v) (2025-02-24)
+
+
+### Bug Fixes
+
+* delete profile picture if user gets deleted ([9a167d4](https://github.com/pocket-id/pocket-id/commit/9a167d4076872e5e3e5d78d2a66ef7203ca5261b))
+* updating profile picture of other user updates own profile picture ([887c5e4](https://github.com/pocket-id/pocket-id/commit/887c5e462a50c8fb579ca6804f1a643d8af78fe8))
+
+## [](https://github.com/pocket-id/pocket-id/compare/v0.35.0...v) (2025-02-22)
+
+
+### Bug Fixes
+
+* add validation that `PUBLIC_APP_URL` can't contain a path ([a6ae7ae](https://github.com/pocket-id/pocket-id/commit/a6ae7ae28713f7fc8018ae2aa7572986df3e1a5b))
+* binary profile picture can't be imported from LDAP ([840a672](https://github.com/pocket-id/pocket-id/commit/840a672fc35ca8476caf86d7efaba9d54bce86aa))
+
 ## [](https://github.com/pocket-id/pocket-id/compare/v0.34.0...v) (2025-02-19)
 
 

backend/internal/common/env_config.go

@@ -2,6 +2,7 @@ package common
 
 import (
 	"log"
+	"net/url"
 
 	"github.com/caarlos0/env/v11"
 	_ "github.com/joho/godotenv/autoload"
@@ -61,4 +62,12 @@ func init() {
 	if EnvConfig.DbProvider == DbProviderSqlite && EnvConfig.SqliteDBPath == "" {
 		log.Fatal("Missing SQLITE_DB_PATH environment variable")
 	}
+
+	parsedAppUrl, err := url.Parse(EnvConfig.AppURL)
+	if err != nil {
+		log.Fatal("PUBLIC_APP_URL is not a valid URL")
+	}
+	if parsedAppUrl.Path != "" {
+		log.Fatal("PUBLIC_APP_URL must not contain a path")
+	}
 }

backend/internal/controller/user_controller.go

@@ -172,7 +172,7 @@ func (uc *UserController) getCurrentUserProfilePictureHandler(c *gin.Context) {
 }
 
 func (uc *UserController) updateUserProfilePictureHandler(c *gin.Context) {
-	userID := c.GetString("userID")
+	userID := c.Param("id")
 	fileHeader, err := c.FormFile("file")
 	if err != nil {
 		c.Error(err)

backend/internal/service/ldap_service.go

@@ -263,7 +263,7 @@ func (s *LdapService) SyncUsers() error {
 	// Delete users that no longer exist in LDAP
 	for _, user := range ldapUsersInDb {
 		if _, exists := ldapUserIDs[*user.LdapID]; !exists {
-			if err := s.db.Delete(&model.User{}, "ldap_id = ?", user.LdapID).Error; err != nil {
+			if err := s.userService.DeleteUser(user.ID); err != nil {
 				log.Printf("Failed to delete user %s with: %v", user.Username, err)
 			} else {
 				log.Printf("Deleted user %s", user.Username)
@@ -292,7 +292,7 @@ func (s *LdapService) SaveProfilePicture(userId string, pictureString string) er
 
 	} else {
 		// If the photo is a string, we assume that it's a binary string
-		reader = bytes.NewReader([]byte("pictureString"))
+		reader = bytes.NewReader([]byte(pictureString))
 	}
 
 	// Update the profile picture

backend/internal/service/user_service.go

@@ -128,6 +128,12 @@ func (s *UserService) DeleteUser(userID string) error {
 		return &common.LdapUserUpdateError{}
 	}
 
+	// Delete the profile picture
+	profilePicturePath := fmt.Sprintf("%s/profile-pictures/%s.png", common.EnvConfig.UploadPath, userID)
+	if err := os.Remove(profilePicturePath); err != nil && !os.IsNotExist(err) {
+		return err
+	}
+
 	return s.db.Delete(&user).Error
 }
 

frontend/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pocket-id-frontend",
-  "version": "0.35.0",
+  "version": "0.35.2",
   "private": true,
   "type": "module",
   "scripts": {