From 04185f1b83904bd5141d9eb0b68b0828616c2268 Mon Sep 17 00:00:00 2001 From: matkaczmarek Date: Wed, 25 Sep 2024 14:45:08 +0200 Subject: [PATCH] Show ORCID log in only if openid scope is enabled --- physionet-django/physionet/settings/base.py | 1 + physionet-django/sso/templates/sso/login.html | 18 +++++++------ .../user/templates/user/login.html | 26 ++++++++++--------- physionet-django/user/views.py | 21 ++++++++++++++- 4 files changed, 45 insertions(+), 21 deletions(-) diff --git a/physionet-django/physionet/settings/base.py b/physionet-django/physionet/settings/base.py index 430595d44..7f02dc5f0 100644 --- a/physionet-django/physionet/settings/base.py +++ b/physionet-django/physionet/settings/base.py @@ -287,6 +287,7 @@ ORCID_CLIENT_ID = config('ORCID_CLIENT_ID', default=False) ORCID_CLIENT_SECRET = config('ORCID_CLIENT_SECRET', default=False) ORCID_SCOPE = config('ORCID_SCOPE', default=False) +ORCID_LOGIN_ENABLED = "openid" in ORCID_SCOPE # Tags for the CITISOAPService API CITI_USERNAME = config('CITI_USERNAME', default='') diff --git a/physionet-django/sso/templates/sso/login.html b/physionet-django/sso/templates/sso/login.html index 7387d44b4..dc12f680d 100644 --- a/physionet-django/sso/templates/sso/login.html +++ b/physionet-django/sso/templates/sso/login.html @@ -24,14 +24,16 @@
Login through an external institutelogin using you institution
-
or using ORCID iD
- - - Log in using ORCID iD - + {% if enable_orcid_login %} +
or using ORCID iD
+ + + Log in using ORCID iD + + {% endif %} diff --git a/physionet-django/user/templates/user/login.html b/physionet-django/user/templates/user/login.html index a9246b6d7..2d54dee89 100644 --- a/physionet-django/user/templates/user/login.html +++ b/physionet-django/user/templates/user/login.html @@ -27,18 +27,20 @@

Account Login

-
- or -
-
- - - Log in using ORCID iD - -
+ {% if enable_orcid_login %} +
+ or +
+
+ + + Log in using ORCID iD + +
+ {% endif %}

New user? Create an account

diff --git a/physionet-django/user/views.py b/physionet-django/user/views.py index cdd351553..a8208516d 100644 --- a/physionet-django/user/views.py +++ b/physionet-django/user/views.py @@ -73,6 +73,14 @@ class LoginView(auth_views.LoginView): authentication_form = forms.LoginForm redirect_authenticated_user = True + def get_context_data(self, *args, **kwargs): + context = super().get_context_data(*args, **kwargs) + + sso_extra_context = { + 'enable_orcid_login': settings.ORCID_LOGIN_ENABLED, + } + return {**context, **sso_extra_context} + @method_decorator(allow_post_during_maintenance, 'dispatch') class SSOLoginView(auth_views.LoginView): @@ -91,6 +99,7 @@ def get_context_data(self, *args, **kwargs): sso_extra_context = { 'sso_login_button_text': settings.SSO_LOGIN_BUTTON_TEXT, 'login_instruction_sections': instruction_sections, + 'enable_orcid_login': settings.ORCID_LOGIN_ENABLED, } return {**context, **sso_extra_context} @@ -499,6 +508,8 @@ def auth_orcid_login(request): information to a users ORCID profile (ex: a PhysioNet dataset project). See the .env file for an example of how to do token exchanges. """ + if not settings.ORCID_LOGIN_ENABLED: + return redirect('home') client_id = settings.ORCID_CLIENT_ID redirect_uri = settings.ORCID_LOGIN_REDIRECT_URI @@ -545,7 +556,9 @@ def _fetch_and_validate_token(request, code, oauth_session): try: validators.validate_orcid_token(token['access_token']) - validators.validate_orcid_id_token(token['id_token']) + if settings.ORCID_LOGIN_ENABLED: + validators.validate_orcid_id_token(token['id_token']) + return True, token except ValidationError: messages.error(request, 'Validation Error: ORCID token validation failed.') @@ -565,6 +578,9 @@ def orcid_register(request): GET renders the registration form. POST submits the registration form. """ + if not settings.ORCID_LOGIN_ENABLED: + return redirect('home') + user = request.user if user.is_authenticated: return redirect('project_home') @@ -594,6 +610,9 @@ def orcid_init_login(request): """ Builds redirect url and redirects to ORCID authorization page """ + if not settings.ORCID_LOGIN_ENABLED: + return redirect('home') + client_id = settings.ORCID_CLIENT_ID redirect_uri = settings.ORCID_LOGIN_REDIRECT_URI scope = settings.ORCID_SCOPE