From d032a025c998f67c4785386da434ef675db69ed6 Mon Sep 17 00:00:00 2001
From: matkaczmarek <mat_kaczmarek@outlook.com>
Date: Tue, 17 Dec 2024 13:18:11 +0100
Subject: [PATCH] Introduce new env variables and clean up views and defaults.

[T-CAIREM 1243]
---
 .env.example                                  |   8 +++++
 physionet-django/physionet/settings/base.py   |  30 ++++++++++--------
 physionet-django/sso/templates/sso/login.html |  10 +++---
 .../static/images/ORCIDiD_icon24x24.png       | Bin 1399 -> 0 bytes
 .../static/images/orcid-icon-small.png        | Bin 0 -> 402 bytes
 physionet-django/user/forms.py                |   2 +-
 .../user/templates/user/login.html            |   4 +--
 physionet-django/user/urls.py                 |  12 +++++--
 physionet-django/user/views.py                |   6 ++--
 9 files changed, 47 insertions(+), 25 deletions(-)
 delete mode 100644 physionet-django/static/images/ORCIDiD_icon24x24.png
 create mode 100644 physionet-django/static/images/orcid-icon-small.png

diff --git a/.env.example b/.env.example
index bc71dbb0d9..d112c5c9dd 100644
--- a/.env.example
+++ b/.env.example
@@ -104,6 +104,14 @@ ORCID_CLIENT_ID=SECRET
 ORCID_CLIENT_SECRET=SECRET
 ORCID_SCOPE='/read-limited,/activities/update'
 ORCID_LOGIN_ENABLED=True
+ORCID_DOMAIN=https://sandbox.orcid.org
+ORCID_LOGIN_REDIRECT_URI=http://localhost:8000/authorcid_login
+ORCID_AUTH_URL=https://sandbox.orcid.org/oauth/authorize
+ORCID_TOKEN_URL=https://sandbox.orcid.org/oauth/token
+ORCID_LOGIN_ENABLED=False
+ORCID_LOGIN_BUTTON_TEXT="Log in using ORCID iD"
+# JWKS is used to get public key from orcid and validate access token using this public key
+ORCID_OPEN_ID_JWKS_URL=https://sandbox.orcid.org/oauth/jwks
 
 STORAGE_TYPE=LOCAL
 
diff --git a/physionet-django/physionet/settings/base.py b/physionet-django/physionet/settings/base.py
index 04d48dfff4..a94095d08a 100644
--- a/physionet-django/physionet/settings/base.py
+++ b/physionet-django/physionet/settings/base.py
@@ -35,6 +35,20 @@
 GCS_SIGNED_URL_LIFETIME_IN_MINUTES = config('GCS_SIGNED_URL_LIFETIME_IN_MINUTES', default=1440, cast=int)
 
 
+# Tags for the ORCID API
+ORCID_DOMAIN = config('ORCID_DOMAIN', default='https://sandbox.orcid.org')
+ORCID_REDIRECT_URI = config('ORCID_REDIRECT_URI', default='http://127.0.0.1:8000/authorcid')
+ORCID_LOGIN_REDIRECT_URI = config('ORCID_LOGIN_REDIRECT_URI', default='http://127.0.0.1:8000/authorcid_login')
+ORCID_AUTH_URL = config('ORCID_AUTH_URL', default='https://sandbox.orcid.org/oauth/authorize')
+ORCID_TOKEN_URL = config('ORCID_TOKEN_URL', default='https://sandbox.orcid.org/oauth/token')
+ORCID_CLIENT_ID = config('ORCID_CLIENT_ID', default=False)
+ORCID_CLIENT_SECRET = config('ORCID_CLIENT_SECRET', default=False)
+ORCID_SCOPE = config('ORCID_SCOPE', default=False)
+ORCID_LOGIN_ENABLED = config('ORCID_LOGIN_ENABLED', default=False)
+ORCID_OPEN_ID_JWKS_URL = config('ORCID_OPEN_ID_JWKS_URL', default=False)
+ORCID_LOGIN_BUTTON_TEXT = config('ORCID_LOGIN_BUTTON_TEXT', default="Log in using ORCID iD")
+
+
 # Application definition
 
 INSTALLED_APPS = [
@@ -150,7 +164,9 @@
     },
 ]
 
-AUTHENTICATION_BACKENDS = ['user.backends.DualAuthModelBackend', 'user.backends.OrcidAuthBackend']
+AUTHENTICATION_BACKENDS = ['user.backends.DualAuthModelBackend']
+if ORCID_LOGIN_ENABLED:
+    AUTHENTICATION_BACKENDS.append('user.backends.OrcidAuthBackend')
 
 if ENABLE_SSO:
     AUTHENTICATION_BACKENDS += ['sso.auth.RemoteUserBackend']
@@ -278,18 +294,6 @@
 DATACITE_USER = config('DATACITE_USER', default='')
 DATACITE_PASS = config('DATACITE_PASS', default='')
 
-# Tags for the ORCID API
-ORCID_DOMAIN = config('ORCID_DOMAIN', default='https://sandbox.orcid.org')
-ORCID_REDIRECT_URI = config('ORCID_REDIRECT_URI', default='http://127.0.0.1:8000/authorcid')
-ORCID_LOGIN_REDIRECT_URI = config('ORCID_LOGIN_REDIRECT_URI', default='http://127.0.0.1:8000/authorcid_login')
-ORCID_AUTH_URL = config('ORCID_AUTH_URL', default='https://sandbox.orcid.org/oauth/authorize')
-ORCID_TOKEN_URL = config('ORCID_TOKEN_URL', default='https://sandbox.orcid.org/oauth/token')
-ORCID_CLIENT_ID = config('ORCID_CLIENT_ID', default=False)
-ORCID_CLIENT_SECRET = config('ORCID_CLIENT_SECRET', default=False)
-ORCID_SCOPE = config('ORCID_SCOPE', default=False)
-ORCID_LOGIN_ENABLED = config('ORCID_LOGIN_ENABLED', default=("openid" in ORCID_SCOPE))
-ORCID_OPEN_ID_JWKS_URL = config('ORCID_OPEN_ID_JWKS_URL', default=False)
-
 # Tags for the CITISOAPService API
 CITI_USERNAME = config('CITI_USERNAME', default='')
 CITI_PASSWORD = config('CITI_PASSWORD', default='')
diff --git a/physionet-django/sso/templates/sso/login.html b/physionet-django/sso/templates/sso/login.html
index dc12f680db..0fe0d02222 100644
--- a/physionet-django/sso/templates/sso/login.html
+++ b/physionet-django/sso/templates/sso/login.html
@@ -21,17 +21,19 @@ <h6 class="card-subtitle mb-2 text-muted">Login through an external institute</h
           aria-disabled="true"
         >
           <i class="fa fa-university fa-lg mr-3"></i>
-          <span class="h6">login using you institution</span>
+          <span class="h6">{{ sso_login_button_text }}</span>
         </a>
         <br>
         {% if enable_orcid_login %}
-          <h6 class="card-subtitle mb-2 mt-3 text-muted">or using ORCID iD</h6>
+          <div class="separator">
+            <span>or</span>
+          </div>
           <a id="orcid_login"
              type="button"
              class="btn btn-secondary center p-2 px-3"
              href="{% url 'orcid_init_login' %}">
-            <img src="https://orcid.org/sites/default/files/images/orcid_24x24.png" />
-            <span class="h6"> Log in using ORCID iD </span>
+            <img src="{% static 'images/orcid-icon-small.png' %}" />
+            <span class="h6"> {{ orcid_login_button_text }} </span>
           </a>
         {% endif %}
       </div>
diff --git a/physionet-django/static/images/ORCIDiD_icon24x24.png b/physionet-django/static/images/ORCIDiD_icon24x24.png
deleted file mode 100644
index fc368b927d9313aaa852751f39f756d6a5cf3cdd..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1399
zcmaJ>e@q*76u(L+3=6Y530ugx9j>rQdq3LiwHGQs?pkT2h^1<onsM}w_N2Y*?hYvg
z;}~wqWNK${o4>H4ZsLq%82p`qgBX^vjhL8CHx(n1Kjy*`Su!`bcn1{y19!>Y_xrxz
z_df5v&wKCo)Ym<jo3kMY0DxR?4eeLg0`1M#tKXS+*EMxnuegIsgV>_9GZF_>v0^g^
zdSgtO^K%T_vHc`h4geV~d?2U<eYIprj9C~>$C8M}Rcin!uSmq1P%Ec^&0LrlT+sYi
zqY%imF6eRGhxp<Y7vXC<C9a{fE)eQ$4LMn;;sLNcL8<^TPGP`AEGo!k!UZkjlImVN
zh9PiKMQL?GOF;#F^&llm9Ee*Ga|p2`pdGcKRvSSOWgv#22#jDbikVS@v|=QJfXff0
zdXv}|(ocJqeW{WQiYQ8)gyHt~c1yd}B1&Nxbvm6I28Nkc4YS-KC``gE$i-;{nv+8k
zA6Ix$05wFWS!`2WkQ(Vy3bDA)w*oB4%S5S^!3ib~qZR~?#k9N@wPnT6{Ts%r+H#;H
z&cS|87TctdT920Ew6V(F?Hy@~YBc1-60a78iPB=IEyf9omv%wwjfLe|61P({hBy!m
z#}K;%RnxaoPAiUDJ$AavffH$r)ocmEMmTLw#N)vU6m_ExqRQc}b~x-FqMD)+XWG^)
z$O<EbxU^qh^=qdo+-jq!+uD+p#4(B}1w=8L?tuD;sEBezjDu7I4*Hl7FKDt>o~3MQ
zPU4^8SdS#ez(syZeii>t502UFR2AY_&Kvi*X~Kz8cGQj7Xc}6!Wmn-0!5s*S5;lbR
zAI@Mk7+7nL|1?YbNbNvvyVClqurfTHpiYdWj)tC{J_rE1!(O^7kod8g9n0AN)+YwQ
zf2;BjU?L~--P#@3fV;%K7<pWGVEtZ)LBHNn)celoz~nHUa%W|41#Djz)!d6DvrK?_
z%LK2Rjwg@YQyE1!77v|20?*Zqu)672Xv3Y!r}D6ijcqx>uKCM_Qd#$n=htkRI+>dv
zO#x4vCbBBeJUg3x^XlB%p3;{$9=v(|)aEx24ILYrc`=cK*EOcR#^RC5HCqRQO=WMq
z#GE)<v8|xLt9;_h)pK$*zjVh`OZOq!kSgA1Fx>dFv@1GRV|x47-!HvtnCq{dFkL=-
z$7!0@C3jsodU(7?-&atX|3UBWp1*=++nb<GR_551!tvu5elX0B{-S>ZnjCz=SX<j?
zI<W1zQRHIR$lX)>jYH$f@POy_zpr1)taE-C96N35KDRTgui(tLQ{yR%e$Q-4Q64j!
zX^QN7C?9wqD*1kJW-@d0qxI~&-5IHcPmPa_8ST@_O+PQJ+wJJ@8Zw3-(VhAtTy*w6
zqNJxc$MfC^p<+0b-c@mHc+wcqq5i>vZyKNc?W1@paQ^<nF9WYBgA0Q{MRnN-V8TDk
T3T;T{X}?0RyN>?2x@qS>r7h!2

diff --git a/physionet-django/static/images/orcid-icon-small.png b/physionet-django/static/images/orcid-icon-small.png
new file mode 100644
index 0000000000000000000000000000000000000000..7b42a3e5b974a87de807910e6fc08dba8a8ec902
GIT binary patch
literal 402
zcmV;D0d4+?P)<h;3K|Lk000e1NJLTq000;O000;W1^@s6;CDUv00045Nkl<ZcwS>*
zzyp?@F$-9F)?)s$a~AiPowNLpiY@Mg<$!9?^$`S%Pg^)(Hxw7PxDV2UZVpzk?5ue|
zrU67^pk8$IPyi%2Ad2_g$_8T$LkM7y8R+JM0kX?M2Ezb3mSFe<66Od66k7nqC~<-w
zp$kr#{@;2n8H_<}To~O@RBUk{VmL6Fp-X}^Uw%FZjA4es_{jL|;|c#aUJ1ftI241D
zFml8qTL1ztKc9nJfDhbwwF1-dbI=G!4<39L!1yqAp!j+B?G_$OfWd?*NW29gyyl`S
z+>-6r<1oyk*a8qf{-7Bw4~iFbIjUFyOV%{AfPfDy?xPE$8;H(FR*OFlfRRi}GDWw5
zP%45XQydu$n+3Q4Hp9UfR#%`06Uacyb27B300H#E4rVAJjA<wWV^lyCRW#@ry|{(}
wY!OZ>##!OO07X8*<#KdD(@Gy1P@~xb0Erw@*V?o6cmMzZ07*qoM6N<$g6##LQUCw|

literal 0
HcmV?d00001

diff --git a/physionet-django/user/forms.py b/physionet-django/user/forms.py
index e954779c76..8b9482f30d 100644
--- a/physionet-django/user/forms.py
+++ b/physionet-django/user/forms.py
@@ -937,7 +937,7 @@ class OrcidRegistrationForm(RegistrationForm):
     """
     Form to register new user after signing in with ORCID.
     This saves user as the same way RegistrationForm but also stores
-    orcid_token and
+    Orcid profile linked with this user.
     """
 
     def __init__(self, *args, **kwargs):
diff --git a/physionet-django/user/templates/user/login.html b/physionet-django/user/templates/user/login.html
index 2d54dee897..5640b30018 100644
--- a/physionet-django/user/templates/user/login.html
+++ b/physionet-django/user/templates/user/login.html
@@ -36,8 +36,8 @@ <h2 class="form-signin-heading">Account Login</h2>
          type="button"
          class="btn  btn-lg btn-secondary btn-block"
          href="{% url 'orcid_init_login' %}">
-        <img src="https://orcid.org/sites/default/files/images/orcid_24x24.png" />
-        Log in using ORCID iD
+        <img src="{% static 'images/orcid-icon-small.png' %}" />
+        {{ orcid_login_button_text }}
       </a>
     </div>
   {% endif %}
diff --git a/physionet-django/user/urls.py b/physionet-django/user/urls.py
index 61250584cc..1ad3180e01 100644
--- a/physionet-django/user/urls.py
+++ b/physionet-django/user/urls.py
@@ -18,9 +18,6 @@
     path("settings/cloud/aws/", views.edit_cloud_aws, name="edit_cloud_aws"),
     path("settings/orcid/", views.edit_orcid, name="edit_orcid"),
     path("authorcid/", views.auth_orcid, name="auth_orcid"),
-    path("authorcid_login/", views.auth_orcid_login, name="auth_orcid_login"),
-    path("orcid_init_login", views.orcid_init_login, name="orcid_init_login"),
-    path("orcid_register/", views.orcid_register, name="orcid_register"),
     path(
         "settings/credentialing/", views.edit_credentialing, name="edit_credentialing"
     ),
@@ -119,6 +116,15 @@
         ]
     )
 
+if settings.ORCID_LOGIN_ENABLED:
+    urlpatterns.extend(
+        [
+            path("authorcid_login/", views.auth_orcid_login, name="auth_orcid_login"),
+            path("orcid_init_login", views.orcid_init_login, name="orcid_init_login"),
+            path("orcid_register/", views.orcid_register, name="orcid_register"),
+        ]
+    )
+
 # Parameters for testing URLs (see physionet/test_urls.py)
 TEST_DEFAULTS = {
     "_user_": "aewj",
diff --git a/physionet-django/user/views.py b/physionet-django/user/views.py
index f4910675f8..fdf9bd8220 100644
--- a/physionet-django/user/views.py
+++ b/physionet-django/user/views.py
@@ -79,10 +79,11 @@ class LoginView(auth_views.LoginView):
     def get_context_data(self, *args, **kwargs):
         context = super().get_context_data(*args, **kwargs)
 
-        sso_extra_context = {
+        orcid_extra_context = {
             'enable_orcid_login': settings.ORCID_LOGIN_ENABLED,
+            'orcid_login_button_text': settings.ORCID_LOGIN_BUTTON_TEXT,
         }
-        return {**context, **sso_extra_context}
+        return {**context, **orcid_extra_context}
 
 
 @method_decorator(allow_post_during_maintenance, 'dispatch')
@@ -101,6 +102,7 @@ def get_context_data(self, *args, **kwargs):
 
         sso_extra_context = {
             'sso_login_button_text': settings.SSO_LOGIN_BUTTON_TEXT,
+            'orcid_login_button_text': settings.ORCID_LOGIN_BUTTON_TEXT,
             'login_instruction_sections': instruction_sections,
             'enable_orcid_login': settings.ORCID_LOGIN_ENABLED,
         }