Problem
The oauth_connection table defines image_url and profile_url as Unicode(512), capping both fields at 512 characters. OAuth providers (e.g. Google, GitHub) can return image and profile URLs that exceed this limit, causing silent truncation or insertion errors.
Affected locations
| Field |
File |
Line |
Current constraint |
profile_url |
backend/src/powonline/model.py |
405 |
Unicode(512) |
image_url |
backend/src/powonline/model.py |
406 |
Unicode(512) |
profile_url |
backend/alembic/versions/5be3d628dcc3_lost_tracker_alignment.py |
116 |
Unicode(512) |
image_url |
backend/alembic/versions/5be3d628dcc3_lost_tracker_alignment.py |
117 |
Unicode(512) |
The image_url field is also written in backend/src/powonline/core.py:884 inside by_social_connection() when creating a new connection after a successful OAuth login.
Proposed fix
1. ORM model (model.py)
Change both column definitions to unbounded Unicode (or a very large limit such as Unicode(2048)):
# before
profile_url: Mapped[str | None] = mapped_column(Unicode(512))
image_url: Mapped[str | None] = mapped_column(Unicode(512))
# after
profile_url: Mapped[str | None] = mapped_column(Unicode)
image_url: Mapped[str | None] = mapped_column(Unicode)
Using an unbounded Unicode column maps to TEXT in PostgreSQL, which has no practical length limit and is the safest choice for arbitrary URLs.
2. New Alembic migration
Create a new migration that uses ALTER COLUMN to remove the length restriction:
def upgrade() -> None:
op.alter_column("oauth_connection", "profile_url",
type_=sa.Unicode(), existing_type=sa.Unicode(512))
op.alter_column("oauth_connection", "image_url",
type_=sa.Unicode(), existing_type=sa.Unicode(512))
def downgrade() -> None:
op.alter_column("oauth_connection", "image_url",
type_=sa.Unicode(512), existing_type=sa.Unicode())
op.alter_column("oauth_connection", "profile_url",
type_=sa.Unicode(512), existing_type=sa.Unicode())
Note: Do not modify the existing 5be3d628dcc3 migration — that would break environments that have already applied it.
Acceptance criteria
Problem
The
oauth_connectiontable definesimage_urlandprofile_urlasUnicode(512), capping both fields at 512 characters. OAuth providers (e.g. Google, GitHub) can return image and profile URLs that exceed this limit, causing silent truncation or insertion errors.Affected locations
profile_urlbackend/src/powonline/model.pyUnicode(512)image_urlbackend/src/powonline/model.pyUnicode(512)profile_urlbackend/alembic/versions/5be3d628dcc3_lost_tracker_alignment.pyUnicode(512)image_urlbackend/alembic/versions/5be3d628dcc3_lost_tracker_alignment.pyUnicode(512)The
image_urlfield is also written inbackend/src/powonline/core.py:884insideby_social_connection()when creating a new connection after a successful OAuth login.Proposed fix
1. ORM model (
model.py)Change both column definitions to unbounded
Unicode(or a very large limit such asUnicode(2048)):Using an unbounded
Unicodecolumn maps toTEXTin PostgreSQL, which has no practical length limit and is the safest choice for arbitrary URLs.2. New Alembic migration
Create a new migration that uses
ALTER COLUMNto remove the length restriction:Acceptance criteria
image_urlandprofile_urlcolumns accept URLs longer than 512 characters without error or truncation.alembic upgrade head).model.pyreflects the updated column types.pytest).