diff --git a/.env.example b/.env.example index bc71dbb0d9..d112c5c9dd 100644 --- a/.env.example +++ b/.env.example @@ -104,6 +104,14 @@ ORCID_CLIENT_ID=SECRET ORCID_CLIENT_SECRET=SECRET ORCID_SCOPE='/read-limited,/activities/update' ORCID_LOGIN_ENABLED=True +ORCID_DOMAIN=https://sandbox.orcid.org +ORCID_LOGIN_REDIRECT_URI=http://localhost:8000/authorcid_login +ORCID_AUTH_URL=https://sandbox.orcid.org/oauth/authorize +ORCID_TOKEN_URL=https://sandbox.orcid.org/oauth/token +ORCID_LOGIN_ENABLED=False +ORCID_LOGIN_BUTTON_TEXT="Log in using ORCID iD" +# JWKS is used to get public key from orcid and validate access token using this public key +ORCID_OPEN_ID_JWKS_URL=https://sandbox.orcid.org/oauth/jwks STORAGE_TYPE=LOCAL diff --git a/physionet-django/physionet/settings/base.py b/physionet-django/physionet/settings/base.py index 04d48dfff4..a94095d08a 100644 --- a/physionet-django/physionet/settings/base.py +++ b/physionet-django/physionet/settings/base.py @@ -35,6 +35,20 @@ GCS_SIGNED_URL_LIFETIME_IN_MINUTES = config('GCS_SIGNED_URL_LIFETIME_IN_MINUTES', default=1440, cast=int) +# Tags for the ORCID API +ORCID_DOMAIN = config('ORCID_DOMAIN', default='https://sandbox.orcid.org') +ORCID_REDIRECT_URI = config('ORCID_REDIRECT_URI', default='http://127.0.0.1:8000/authorcid') +ORCID_LOGIN_REDIRECT_URI = config('ORCID_LOGIN_REDIRECT_URI', default='http://127.0.0.1:8000/authorcid_login') +ORCID_AUTH_URL = config('ORCID_AUTH_URL', default='https://sandbox.orcid.org/oauth/authorize') +ORCID_TOKEN_URL = config('ORCID_TOKEN_URL', default='https://sandbox.orcid.org/oauth/token') +ORCID_CLIENT_ID = config('ORCID_CLIENT_ID', default=False) +ORCID_CLIENT_SECRET = config('ORCID_CLIENT_SECRET', default=False) +ORCID_SCOPE = config('ORCID_SCOPE', default=False) +ORCID_LOGIN_ENABLED = config('ORCID_LOGIN_ENABLED', default=False) +ORCID_OPEN_ID_JWKS_URL = config('ORCID_OPEN_ID_JWKS_URL', default=False) +ORCID_LOGIN_BUTTON_TEXT = config('ORCID_LOGIN_BUTTON_TEXT', default="Log in using ORCID iD") + + # Application definition INSTALLED_APPS = [ @@ -150,7 +164,9 @@ }, ] -AUTHENTICATION_BACKENDS = ['user.backends.DualAuthModelBackend', 'user.backends.OrcidAuthBackend'] +AUTHENTICATION_BACKENDS = ['user.backends.DualAuthModelBackend'] +if ORCID_LOGIN_ENABLED: + AUTHENTICATION_BACKENDS.append('user.backends.OrcidAuthBackend') if ENABLE_SSO: AUTHENTICATION_BACKENDS += ['sso.auth.RemoteUserBackend'] @@ -278,18 +294,6 @@ DATACITE_USER = config('DATACITE_USER', default='') DATACITE_PASS = config('DATACITE_PASS', default='') -# Tags for the ORCID API -ORCID_DOMAIN = config('ORCID_DOMAIN', default='https://sandbox.orcid.org') -ORCID_REDIRECT_URI = config('ORCID_REDIRECT_URI', default='http://127.0.0.1:8000/authorcid') -ORCID_LOGIN_REDIRECT_URI = config('ORCID_LOGIN_REDIRECT_URI', default='http://127.0.0.1:8000/authorcid_login') -ORCID_AUTH_URL = config('ORCID_AUTH_URL', default='https://sandbox.orcid.org/oauth/authorize') -ORCID_TOKEN_URL = config('ORCID_TOKEN_URL', default='https://sandbox.orcid.org/oauth/token') -ORCID_CLIENT_ID = config('ORCID_CLIENT_ID', default=False) -ORCID_CLIENT_SECRET = config('ORCID_CLIENT_SECRET', default=False) -ORCID_SCOPE = config('ORCID_SCOPE', default=False) -ORCID_LOGIN_ENABLED = config('ORCID_LOGIN_ENABLED', default=("openid" in ORCID_SCOPE)) -ORCID_OPEN_ID_JWKS_URL = config('ORCID_OPEN_ID_JWKS_URL', default=False) - # Tags for the CITISOAPService API CITI_USERNAME = config('CITI_USERNAME', default='') CITI_PASSWORD = config('CITI_PASSWORD', default='') diff --git a/physionet-django/sso/templates/sso/login.html b/physionet-django/sso/templates/sso/login.html index dc12f680db..0fe0d02222 100644 --- a/physionet-django/sso/templates/sso/login.html +++ b/physionet-django/sso/templates/sso/login.html @@ -21,17 +21,19 @@
Login through an external institute - login using you institution + {{ sso_login_button_text }}
{% if enable_orcid_login %} -
or using ORCID iD
+
+ or +
- - Log in using ORCID iD + + {{ orcid_login_button_text }} {% endif %} diff --git a/physionet-django/static/images/ORCIDiD_icon24x24.png b/physionet-django/static/images/ORCIDiD_icon24x24.png deleted file mode 100644 index fc368b927d..0000000000 Binary files a/physionet-django/static/images/ORCIDiD_icon24x24.png and /dev/null differ diff --git a/physionet-django/static/images/orcid-icon-small.png b/physionet-django/static/images/orcid-icon-small.png new file mode 100644 index 0000000000..7b42a3e5b9 Binary files /dev/null and b/physionet-django/static/images/orcid-icon-small.png differ diff --git a/physionet-django/user/forms.py b/physionet-django/user/forms.py index e954779c76..8b9482f30d 100644 --- a/physionet-django/user/forms.py +++ b/physionet-django/user/forms.py @@ -937,7 +937,7 @@ class OrcidRegistrationForm(RegistrationForm): """ Form to register new user after signing in with ORCID. This saves user as the same way RegistrationForm but also stores - orcid_token and + Orcid profile linked with this user. """ def __init__(self, *args, **kwargs): diff --git a/physionet-django/user/templates/user/login.html b/physionet-django/user/templates/user/login.html index 2d54dee897..5640b30018 100644 --- a/physionet-django/user/templates/user/login.html +++ b/physionet-django/user/templates/user/login.html @@ -36,8 +36,8 @@

Account Login

type="button" class="btn btn-lg btn-secondary btn-block" href="{% url 'orcid_init_login' %}"> - - Log in using ORCID iD + + {{ orcid_login_button_text }} {% endif %} diff --git a/physionet-django/user/urls.py b/physionet-django/user/urls.py index 61250584cc..1ad3180e01 100644 --- a/physionet-django/user/urls.py +++ b/physionet-django/user/urls.py @@ -18,9 +18,6 @@ path("settings/cloud/aws/", views.edit_cloud_aws, name="edit_cloud_aws"), path("settings/orcid/", views.edit_orcid, name="edit_orcid"), path("authorcid/", views.auth_orcid, name="auth_orcid"), - path("authorcid_login/", views.auth_orcid_login, name="auth_orcid_login"), - path("orcid_init_login", views.orcid_init_login, name="orcid_init_login"), - path("orcid_register/", views.orcid_register, name="orcid_register"), path( "settings/credentialing/", views.edit_credentialing, name="edit_credentialing" ), @@ -119,6 +116,15 @@ ] ) +if settings.ORCID_LOGIN_ENABLED: + urlpatterns.extend( + [ + path("authorcid_login/", views.auth_orcid_login, name="auth_orcid_login"), + path("orcid_init_login", views.orcid_init_login, name="orcid_init_login"), + path("orcid_register/", views.orcid_register, name="orcid_register"), + ] + ) + # Parameters for testing URLs (see physionet/test_urls.py) TEST_DEFAULTS = { "_user_": "aewj", diff --git a/physionet-django/user/views.py b/physionet-django/user/views.py index f4910675f8..fdf9bd8220 100644 --- a/physionet-django/user/views.py +++ b/physionet-django/user/views.py @@ -79,10 +79,11 @@ class LoginView(auth_views.LoginView): def get_context_data(self, *args, **kwargs): context = super().get_context_data(*args, **kwargs) - sso_extra_context = { + orcid_extra_context = { 'enable_orcid_login': settings.ORCID_LOGIN_ENABLED, + 'orcid_login_button_text': settings.ORCID_LOGIN_BUTTON_TEXT, } - return {**context, **sso_extra_context} + return {**context, **orcid_extra_context} @method_decorator(allow_post_during_maintenance, 'dispatch') @@ -101,6 +102,7 @@ def get_context_data(self, *args, **kwargs): sso_extra_context = { 'sso_login_button_text': settings.SSO_LOGIN_BUTTON_TEXT, + 'orcid_login_button_text': settings.ORCID_LOGIN_BUTTON_TEXT, 'login_instruction_sections': instruction_sections, 'enable_orcid_login': settings.ORCID_LOGIN_ENABLED, }