Prevent NPE on avatar direct rendering if federated avatars disabled (#15434)

#13649 assumed that direct avatar urls would always be libravatar urls - this leads
to NPEs if federated avatar service is disabled.

Fix #15421

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>

routers/user/avatar.go

@@ -7,12 +7,14 @@ package user
 import (
 	"errors"
 	"net/url"
+	"path"
 	"strconv"
 	"strings"
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
 )
 
 // Avatar redirect browser to user avatar of requested size
@@ -70,8 +72,21 @@ func AvatarByEmailHash(ctx *context.Context) {
 	}
 
 	var avatarURL *url.URL
-	avatarURL, err = models.LibravatarURL(email)
+
-	if err != nil {
+	if setting.EnableFederatedAvatar && setting.LibravatarService != nil {
+		avatarURL, err = models.LibravatarURL(email)
+		if err != nil {
+			avatarURL, err = url.Parse(models.DefaultAvatarLink())
+			if err != nil {
+				ctx.ServerError("invalid default avatar url", err)
+				return
+			}
+		}
+	} else if !setting.DisableGravatar {
+		copyOfGravatarSourceURL := *setting.GravatarSourceURL
+		avatarURL = &copyOfGravatarSourceURL
+		avatarURL.Path = path.Join(avatarURL.Path, hash)
+	} else {
 		avatarURL, err = url.Parse(models.DefaultAvatarLink())
 		if err != nil {
 			ctx.ServerError("invalid default avatar url", err)