Introduce new env variables and clean up views and defaults.

[T-CAIREM 1243]
MIT-LCP · Dec 17, 2024 · d032a02 · d032a02
1 parent ec72682
commit d032a02
Show file tree

Hide file tree

Showing 9 changed files with 47 additions and 25 deletions.
diff --git a/.env.example b/.env.example
@@ -104,6 +104,14 @@ ORCID_CLIENT_ID=SECRET
 ORCID_CLIENT_SECRET=SECRET
 ORCID_SCOPE='/read-limited,/activities/update'
 ORCID_LOGIN_ENABLED=True
+ORCID_DOMAIN=https://sandbox.orcid.org
+ORCID_LOGIN_REDIRECT_URI=http://localhost:8000/authorcid_login
+ORCID_AUTH_URL=https://sandbox.orcid.org/oauth/authorize
+ORCID_TOKEN_URL=https://sandbox.orcid.org/oauth/token
+ORCID_LOGIN_ENABLED=False
+ORCID_LOGIN_BUTTON_TEXT="Log in using ORCID iD"
+# JWKS is used to get public key from orcid and validate access token using this public key
+ORCID_OPEN_ID_JWKS_URL=https://sandbox.orcid.org/oauth/jwks
 
 STORAGE_TYPE=LOCAL
 

diff --git a/physionet-django/physionet/settings/base.py b/physionet-django/physionet/settings/base.py
@@ -35,6 +35,20 @@
 GCS_SIGNED_URL_LIFETIME_IN_MINUTES = config('GCS_SIGNED_URL_LIFETIME_IN_MINUTES', default=1440, cast=int)
 
 
+# Tags for the ORCID API
+ORCID_DOMAIN = config('ORCID_DOMAIN', default='https://sandbox.orcid.org')
+ORCID_REDIRECT_URI = config('ORCID_REDIRECT_URI', default='http://127.0.0.1:8000/authorcid')
+ORCID_LOGIN_REDIRECT_URI = config('ORCID_LOGIN_REDIRECT_URI', default='http://127.0.0.1:8000/authorcid_login')
+ORCID_AUTH_URL = config('ORCID_AUTH_URL', default='https://sandbox.orcid.org/oauth/authorize')
+ORCID_TOKEN_URL = config('ORCID_TOKEN_URL', default='https://sandbox.orcid.org/oauth/token')
+ORCID_CLIENT_ID = config('ORCID_CLIENT_ID', default=False)
+ORCID_CLIENT_SECRET = config('ORCID_CLIENT_SECRET', default=False)
+ORCID_SCOPE = config('ORCID_SCOPE', default=False)
+ORCID_LOGIN_ENABLED = config('ORCID_LOGIN_ENABLED', default=False)
+ORCID_OPEN_ID_JWKS_URL = config('ORCID_OPEN_ID_JWKS_URL', default=False)
+ORCID_LOGIN_BUTTON_TEXT = config('ORCID_LOGIN_BUTTON_TEXT', default="Log in using ORCID iD")
+
+
 # Application definition
 
 INSTALLED_APPS = [
@@ -150,7 +164,9 @@
     },
 ]
 
-AUTHENTICATION_BACKENDS = ['user.backends.DualAuthModelBackend', 'user.backends.OrcidAuthBackend']
+AUTHENTICATION_BACKENDS = ['user.backends.DualAuthModelBackend']
+if ORCID_LOGIN_ENABLED:
+    AUTHENTICATION_BACKENDS.append('user.backends.OrcidAuthBackend')
 
 if ENABLE_SSO:
     AUTHENTICATION_BACKENDS += ['sso.auth.RemoteUserBackend']
@@ -278,18 +294,6 @@
 DATACITE_USER = config('DATACITE_USER', default='')
 DATACITE_PASS = config('DATACITE_PASS', default='')
 
-# Tags for the ORCID API
-ORCID_DOMAIN = config('ORCID_DOMAIN', default='https://sandbox.orcid.org')
-ORCID_REDIRECT_URI = config('ORCID_REDIRECT_URI', default='http://127.0.0.1:8000/authorcid')
-ORCID_LOGIN_REDIRECT_URI = config('ORCID_LOGIN_REDIRECT_URI', default='http://127.0.0.1:8000/authorcid_login')
-ORCID_AUTH_URL = config('ORCID_AUTH_URL', default='https://sandbox.orcid.org/oauth/authorize')
-ORCID_TOKEN_URL = config('ORCID_TOKEN_URL', default='https://sandbox.orcid.org/oauth/token')
-ORCID_CLIENT_ID = config('ORCID_CLIENT_ID', default=False)
-ORCID_CLIENT_SECRET = config('ORCID_CLIENT_SECRET', default=False)
-ORCID_SCOPE = config('ORCID_SCOPE', default=False)
-ORCID_LOGIN_ENABLED = config('ORCID_LOGIN_ENABLED', default=("openid" in ORCID_SCOPE))
-ORCID_OPEN_ID_JWKS_URL = config('ORCID_OPEN_ID_JWKS_URL', default=False)
-
 # Tags for the CITISOAPService API
 CITI_USERNAME = config('CITI_USERNAME', default='')
 CITI_PASSWORD = config('CITI_PASSWORD', default='')

diff --git a/physionet-django/sso/templates/sso/login.html b/physionet-django/sso/templates/sso/login.html
@@ -21,17 +21,19 @@ <h6 class="card-subtitle mb-2 text-muted">Login through an external institute</h
           aria-disabled="true"
         >
           <i class="fa fa-university fa-lg mr-3"></i>
-          <span class="h6">login using you institution</span>
+          <span class="h6">{{ sso_login_button_text }}</span>
         </a>
         <br>
         {% if enable_orcid_login %}
-          <h6 class="card-subtitle mb-2 mt-3 text-muted">or using ORCID iD</h6>
+          <div class="separator">
+            <span>or</span>
+          </div>
           <a id="orcid_login"
              type="button"
              class="btn btn-secondary center p-2 px-3"
              href="{% url 'orcid_init_login' %}">
-            <img src="https://orcid.org/sites/default/files/images/orcid_24x24.png" />
-            <span class="h6"> Log in using ORCID iD </span>
+            <img src="{% static 'images/orcid-icon-small.png' %}" />
+            <span class="h6"> {{ orcid_login_button_text }} </span>
           </a>
         {% endif %}
       </div>

diff --git a/physionet-django/static/images/ORCIDiD_icon24x24.png b/physionet-django/static/images/ORCIDiD_icon24x24.png
diff --git a/physionet-django/static/images/orcid-icon-small.png b/physionet-django/static/images/orcid-icon-small.png
diff --git a/physionet-django/user/forms.py b/physionet-django/user/forms.py
@@ -937,7 +937,7 @@ class OrcidRegistrationForm(RegistrationForm):
     """
     Form to register new user after signing in with ORCID.
     This saves user as the same way RegistrationForm but also stores
-    orcid_token and
+    Orcid profile linked with this user.
     """
 
     def __init__(self, *args, **kwargs):

diff --git a/physionet-django/user/templates/user/login.html b/physionet-django/user/templates/user/login.html
@@ -36,8 +36,8 @@ <h2 class="form-signin-heading">Account Login</h2>
          type="button"
          class="btn  btn-lg btn-secondary btn-block"
          href="{% url 'orcid_init_login' %}">
-        <img src="https://orcid.org/sites/default/files/images/orcid_24x24.png" />
-        Log in using ORCID iD
+        <img src="{% static 'images/orcid-icon-small.png' %}" />
+        {{ orcid_login_button_text }}
       </a>
     </div>
   {% endif %}

diff --git a/physionet-django/user/urls.py b/physionet-django/user/urls.py
@@ -18,9 +18,6 @@
     path("settings/cloud/aws/", views.edit_cloud_aws, name="edit_cloud_aws"),
     path("settings/orcid/", views.edit_orcid, name="edit_orcid"),
     path("authorcid/", views.auth_orcid, name="auth_orcid"),
-    path("authorcid_login/", views.auth_orcid_login, name="auth_orcid_login"),
-    path("orcid_init_login", views.orcid_init_login, name="orcid_init_login"),
-    path("orcid_register/", views.orcid_register, name="orcid_register"),
     path(
         "settings/credentialing/", views.edit_credentialing, name="edit_credentialing"
     ),
@@ -119,6 +116,15 @@
         ]
     )
 
+if settings.ORCID_LOGIN_ENABLED:
+    urlpatterns.extend(
+        [
+            path("authorcid_login/", views.auth_orcid_login, name="auth_orcid_login"),
+            path("orcid_init_login", views.orcid_init_login, name="orcid_init_login"),
+            path("orcid_register/", views.orcid_register, name="orcid_register"),
+        ]
+    )
+
 # Parameters for testing URLs (see physionet/test_urls.py)
 TEST_DEFAULTS = {
     "_user_": "aewj",

diff --git a/physionet-django/user/views.py b/physionet-django/user/views.py
@@ -79,10 +79,11 @@ class LoginView(auth_views.LoginView):
     def get_context_data(self, *args, **kwargs):
         context = super().get_context_data(*args, **kwargs)
 
-        sso_extra_context = {
+        orcid_extra_context = {
             'enable_orcid_login': settings.ORCID_LOGIN_ENABLED,
+            'orcid_login_button_text': settings.ORCID_LOGIN_BUTTON_TEXT,
         }
-        return {**context, **sso_extra_context}
+        return {**context, **orcid_extra_context}
 
 
 @method_decorator(allow_post_during_maintenance, 'dispatch')
@@ -101,6 +102,7 @@ def get_context_data(self, *args, **kwargs):
 
         sso_extra_context = {
             'sso_login_button_text': settings.SSO_LOGIN_BUTTON_TEXT,
+            'orcid_login_button_text': settings.ORCID_LOGIN_BUTTON_TEXT,
             'login_instruction_sections': instruction_sections,
             'enable_orcid_login': settings.ORCID_LOGIN_ENABLED,
         }