fix avatar bug #1114 (#1122)

This PR fix the avatar bug described in #1114. This will fix random avatar is blank problem and potential delete avatars dir problem.

Author: lunny

models/user.go

@@ -296,6 +296,9 @@ func (u *User) GenerateRandomAvatar() error {
 	if err != nil {
 		return fmt.Errorf("RandomImage: %v", err)
 	}
+	// NOTICE for random avatar, it still uses id as avatar name, but custom avatar use md5
+	// since random image is not a user's photo, there is no security for enumable
+	u.Avatar = fmt.Sprintf("%d", u.ID)
 	if err = os.MkdirAll(filepath.Dir(u.CustomAvatarPath()), os.ModePerm); err != nil {
 		return fmt.Errorf("MkdirAll: %v", err)
 	}
@@ -451,13 +454,15 @@ func (u *User) UploadAvatar(data []byte) error {
 // DeleteAvatar deletes the user's custom avatar.
 func (u *User) DeleteAvatar() error {
 	log.Trace("DeleteAvatar[%d]: %s", u.ID, u.CustomAvatarPath())
-
-	if err := os.Remove(u.CustomAvatarPath()); err != nil {
-		return fmt.Errorf("Failed to remove %s: %v", u.CustomAvatarPath(), err)
+	if len(u.Avatar) > 0 {
+		if err := os.Remove(u.CustomAvatarPath()); err != nil {
+			return fmt.Errorf("Failed to remove %s: %v", u.CustomAvatarPath(), err)
+		}
 	}
 
 	u.UseCustomAvatar = false
-	if err := UpdateUser(u); err != nil {
+	u.Avatar = ""
+	if _, err := x.Id(u.ID).Cols("avatar, use_custom_avatar").Update(u); err != nil {
 		return fmt.Errorf("UpdateUser: %v", err)
 	}
 	return nil
@@ -994,10 +999,12 @@ func deleteUser(e *xorm.Session, u *User) error {
 		return fmt.Errorf("Failed to RemoveAll %s: %v", path, err)
 	}
 
-	avatarPath := u.CustomAvatarPath()
-	if com.IsExist(avatarPath) {
-		if err := os.Remove(avatarPath); err != nil {
-			return fmt.Errorf("Failed to remove %s: %v", avatarPath, err)
+	if len(u.Avatar) > 0 {
+		avatarPath := u.CustomAvatarPath()
+		if com.IsExist(avatarPath) {
+			if err := os.Remove(avatarPath); err != nil {
+				return fmt.Errorf("Failed to remove %s: %v", avatarPath, err)
+			}
 		}
 	}