fix(profile): prevent avatar twice error message toast and avatar removal when invalid avatar URL is provided

[sahillllllllll-bit]

Proposed changes (including videos or screenshots)

Problem

In My Account → Profile → Avatar (Use URL for avatar):

If a user enters an invalid URL (example: hello) and clicks the link button:

1. An error toast error-invalid-image-url appears (correct)
2. The avatar preview disappears (incorrect)
3. After clicking Save Changes
   • Two error messages appear

This results in inconsistent UI behavior:

• when clicking link button shows error message then also in save profile showing error message twice
• Preview is lost until page refresh

Fix

Added URL validation before setting avatar state:

• Validate URL protocol (http/https)
• If invalid:
  • show only error toast
  • do NOT update avatarObj
  • do NOT clear avatar preview
• Prevent Save Changes from triggering avatar update

Result

Now behavior is correct:

Invalid URL:

• Shows only one error toast
• Avatar preview remains visible
• Save Changes shows only "Profile saved successfully"

Valid URL:

• Avatar updates normally
• Success toast shown correctly

No backend or API changes were made. Only UI state handling was corrected.

---

Issue(s)

UI bug discovered during profile avatar testing.

---

Screen recording Before :

Screen.Recording.2026-02-24.133411.mp4

Screen recording After:

Screen.Recording.2026-02-24.133552.mp4

Steps to test or reproduce

1. Go to My Account → Profile
2. In avatar URL field enter: hello
3. Click link icon

Before fix

• Avatar preview disappears
• twice error message shown when clicking save changes

After fix

• Only invalid URL error appears
• Avatar preview stays
• Save Changes only shows "Profile saved successfully"

---

Further comments

This fix improves UX consistency by aligning toast messages with the actual avatar update state.

Summary by CodeRabbit

Bug Fixes

• Added validation for avatar URLs to prevent invalid inputs from being processed; invalid URLs now display an error message.
• Improved avatar update efficiency by only updating when avatar changes are necessary.

[dionisio-bot]

Looks like this PR is not ready to merge, because of the following issues:

• This PR is missing the 'stat: QA assured' label
• This PR is missing the required milestone or project

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

[changeset-bot]

⚠️ No Changeset found

Latest commit: 31547c4

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

Two avatar-related components were modified to add URL validation and conditional avatar updates. A new helper function validates HTTP/HTTPS URLs in the UserAvatarEditor, displaying error toasts for invalid inputs. The AccountProfileForm now only calls updateAvatar when avatar is truthy and not 'reset', with an added originalAvatarEtag constant for reference.

Changes

Cohort / File(s)	Summary
Avatar URL Validation apps/meteor/client/components/avatar/UserAvatarEditor/UserAvatarEditor.tsx	Added isValidHttpUrl helper function to validate HTTP/HTTPS URLs. Modified handleAddUrl to check URL validity before processing; invalid URLs trigger an error toast and clear avatar state early.
Avatar Update Logic apps/meteor/client/views/account/profile/AccountProfileForm.tsx	Introduced originalAvatarEtag constant from user data. Made updateAvatar() call conditional, executing only when avatar is truthy and not equal to 'reset'.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 A hop, a skip, through avatar land,
Where URLs must pass our validation's hand,
No invalid paths shall slip through here,
With toasts of truth and states so clear,
Avatar updates dance with grace—only when needed, time and place!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main changes: preventing duplicate error toasts and avatar removal when an invalid URL is provided, which aligns with the core fixes implemented across both files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cubic-dev-ai]

1 issue found across 2 files

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="apps/meteor/client/views/account/profile/AccountProfileForm.tsx">

<violation number="1" location="apps/meteor/client/views/account/profile/AccountProfileForm.tsx:128">
P2: Avatar reset via the 'reset' sentinel is no longer processed because updateAvatar() is now skipped when avatar === 'reset', even though the hook handles reset by calling /v1/users.resetAvatar.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

apps/meteor/client/components/avatar/UserAvatarEditor/UserAvatarEditor.tsx (1)

72-74: Inconsistent indentation in the valid-URL branch.

Lines 72–74 mix a tab with extra spaces, whereas the rest of the function body uses tabs exclusively.

🔧 Suggested fix

-	  setNewAvatarSource(avatarFromUrl);
-	  setAvatarObj({ avatarUrl: avatarFromUrl });
-   };
+	setNewAvatarSource(avatarFromUrl);
+	setAvatarObj({ avatarUrl: avatarFromUrl });
+};

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/meteor/client/components/avatar/UserAvatarEditor/UserAvatarEditor.tsx`
around lines 72 - 74, The valid-URL branch in the function that calls
setNewAvatarSource and setAvatarObj has mixed indentation (a tab plus spaces)
causing inconsistent formatting; update the indentation in that branch to use
tabs consistent with the rest of the function (the lines containing
setNewAvatarSource(avatarFromUrl); and setAvatarObj({ avatarUrl: avatarFromUrl
});) so the file uses tabs only, matching surrounding code style.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@apps/meteor/client/components/avatar/UserAvatarEditor/UserAvatarEditor.tsx`:
- Around line 61-70: The error branch that runs when
isValidHttpUrl(avatarFromUrl) is false should only show the toast and clear the
URL input; remove the lines that call setAvatarObj('reset') and
setNewAvatarSource(undefined) so we do not mutate existing avatar selection, and
keep setAvatarFromUrl('') to clear the text field; also delete the inline
implementation comment near that block to follow the coding guideline.

In `@apps/meteor/client/views/account/profile/AccountProfileForm.tsx`:
- Line 70: Remove the dead constant originalAvatarEtag from
AccountProfileForm.tsx: locate the declaration "const originalAvatarEtag =
user?.avatarETag;" and delete it (or the entire unused assignment) since it's
never referenced anywhere in the component; if the value was intended for future
use, add a TODO comment instead of keeping an unused variable.
- Around line 128-130: The guard prevents legitimate avatar resets because
handleAddUrl's error path sets avatarObj('reset'), so change the error path in
UserAvatarEditor.tsx (the error branch in handleAddUrl) to not assign the
sentinel 'reset' — use null/undefined or a dedicated error flag instead; then
restore the check in AccountProfileForm.tsx around updateAvatar() (replace the
current avatar && avatar !== 'reset' check) to only skip on falsy values (e.g.,
if (avatar) await updateAvatar()), relying on useUpdateAvatar to handle the
'reset' value server-side.

---

Nitpick comments:
In `@apps/meteor/client/components/avatar/UserAvatarEditor/UserAvatarEditor.tsx`:
- Around line 72-74: The valid-URL branch in the function that calls
setNewAvatarSource and setAvatarObj has mixed indentation (a tab plus spaces)
causing inconsistent formatting; update the indentation in that branch to use
tabs consistent with the rest of the function (the lines containing
setNewAvatarSource(avatarFromUrl); and setAvatarObj({ avatarUrl: avatarFromUrl
});) so the file uses tabs only, matching surrounding code style.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 50e0f90 and 31547c4.

📒 Files selected for processing (2)

• apps/meteor/client/components/avatar/UserAvatarEditor/UserAvatarEditor.tsx
• apps/meteor/client/views/account/profile/AccountProfileForm.tsx

📜 Review details

🧰 Additional context used

📓 Path-based instructions (1)

**/*.{ts,tsx,js}

📄 CodeRabbit inference engine (.cursor/rules/playwright.mdc)

**/*.{ts,tsx,js}: Write concise, technical TypeScript/JavaScript with accurate typing in Playwright tests
Avoid code comments in the implementation

Files:

• apps/meteor/client/components/avatar/UserAvatarEditor/UserAvatarEditor.tsx
• apps/meteor/client/views/account/profile/AccountProfileForm.tsx

🔇 Additional comments (1)

apps/meteor/client/components/avatar/UserAvatarEditor/UserAvatarEditor.tsx (1)

15-22: isValidHttpUrl helper looks correct.

Using the URL constructor's throw-on-invalid behavior with an explicit protocol check is the idiomatic and reliable pattern for this validation.