Show user-uploaded avatars on the website.

Show user-uploaded avatars on the website for users who have
UserProfile.avatar_source == 'U'.  (Continue to show gravatars
for other users.)  This includes the home page, the visible-phone
div, and the settings page.

This fix does NOT address a few things:
* There is no GUI to actually upload user images yet on the website.
* The !gravatar syntax in bugdown will continue to show gravatar images
  only.
* We are not changing identicon behavior.

(imported from commit 9f5ac0bbe21ba56528048233aab2430e4dd431aa)

zephyr/lib/avatar.py

@@ -1,4 +1,5 @@
 from __future__ import absolute_import
+from django.conf import settings
 
 import hashlib
 from zephyr.lib.utils import make_safe_digest
@@ -11,3 +12,21 @@ def gravatar_hash(email):
     # typo an address or someone manages to give us a non-ASCII address, let's
     # not error out on it.
     return make_safe_digest(email.lower(), hashlib.md5)
+
+def user_avatar_hash(email):
+    # Salting the user_key may be overkill, but it prevents us from
+    # basically mimicking Gravatar's hashing scheme, which could lead
+    # to some abuse scenarios like folks using us as a free Gravatar
+    # replacement.
+    user_key = email.lower() + settings.AVATAR_SALT
+    return make_safe_digest(user_key, hashlib.sha1)
+
+def avatar_url(user_profile):
+    if user_profile.avatar_source == 'U':
+        bucket = settings.S3_AVATAR_BUCKET
+        hash_key = user_avatar_hash(user_profile.email)
+        # ?x=x allows templates to append additional parameters with &s
+        return "https://%s.s3.amazonaws.com/%s?x=x" % (bucket, hash_key)
+    else:
+        hash_key = gravatar_hash(user_profile.email)
+        return "https://secure.gravatar.com/avatar/%s?d=identicon" % (hash_key,)