Conversation
|
supersedes: #4399 |
|
So great, @everreau! I've suggested some changes in line with ORCID's brand guidelines This is only for journals at the moment, is that correct? Could the co-author use the ORCID login option to connect their iD to their account rather than connecting the iD in their profile? What happens if the co-author is a frozen author without an account, or if the account isn't active? |
|
@alainna. All of the login features also work for preprints. I don't see any reference at all to orcids in the preprint author interface. I think we (cdl) would send whatever orcid was in the author's account to crossref even though it's not visible and it appears in the preprint front end. The profile and the account are the same as far as I know. The interface on main is a bit different than what we're currently running. Maybe we should setup a time so you can take a look at what I have. I hadn't really thought about what would happen if a user connects their orcid after the frozen authors were already made. I'll take a look at that. |
On the |
|
@joemull can you do the first technical review on this and then pass it to me please? |
|
Just an update: I should be able to get to this |
|
Some suggestions for this dev: eScholarship#46 |
joemull
left a comment
joemull
left a comment
There was a problem hiding this comment.
This is hugely appreciated--thank you for putting it in.
I'm having trouble testing it out (an issue with OLH's ORCID sandbox that will take a few days to resolve), but I've gone ahead and given you some comments from reading the code. Hope they're clear but please do ping me if anything does not make sense.
| response = self.client.get(reverse("core_edit_profile")) | ||
| self.assertContains(response, "ORCID iD could not be validated.") | ||
| self.assertContains(response, "Connect your ORCID") | ||
| self.assertContains(response, "https://sandbox.orcid.org/0000-0000-0000-0000") |
There was a problem hiding this comment.
Does this test (or any of the ones below) rely on a network connection? We'll need to put mocks into any test that relies on a network connection.
There was a problem hiding this comment.
None of the tests rely on network connection. It's setting the orcid url purely for display purposes. I noticed that ruff is failing now but it was passing at some point and the tests ran successfully.
| response, '<input type="text" name="orcid" maxlength="40" id="id_orcid">' | ||
| ) | ||
|
|
||
| def test_profile_orcid_enabled_no_orcid(self): |
There was a problem hiding this comment.
Maybe add an override_settings decorator on this and other tests that expect ENABLE_ORCID=True, in case someone has it off and runs tests.
src/core/models.py
Outdated
| orcid = models.CharField( | ||
| max_length=40, null=True, blank=True, verbose_name=_("ORCiD") | ||
| ) | ||
| orcid_token = models.CharField(max_length=40, null=True, blank=True) |
There was a problem hiding this comment.
Charfields should not have null=True
src/core/models.py
Outdated
| expiry = models.DateTimeField( | ||
| default=generate_expiry_date, verbose_name=_("Expires on") | ||
| ) | ||
| access_token = models.CharField(max_length=40, null=True, blank=True) |
There was a problem hiding this comment.
Same as the other one--charfields should not have null=True
| messages.SUCCESS, | ||
| _("Your ORCID has been connected to your account."), | ||
| ) | ||
| return redirect(logic.reverse_with_next("core_edit_profile", next_url)) |
There was a problem hiding this comment.
Haven't been able to test this yet but I'm actually having trouble working out what's happening just by reading it, especially the case where they're not authenticated and they get sent to a different login screen. Can you add a comment above with context, like the other if / else branches have?
| <tr> | ||
| <th>{% trans 'Name' %}</th> | ||
| <th>{% trans 'Email' %}</th> | ||
| <th>{% trans 'ORCID' %}</th> |
| "type": "rich-text" | ||
| }, | ||
| "value": { | ||
| "default": "<p>Dear {{ user.full_name }}<br/><br/>Your co-author has requested your ORCID iD. You can add it by through your profile {{ user_profile_url }}.<br/></p>" |
| "editor", | ||
| "journal-manager" | ||
| ] | ||
| }, |
There was a problem hiding this comment.
It looks like this separate template isn't needed, since the email text is the same and the link is the same. Only the subject differs. Is there another reason for it?
There was a problem hiding this comment.
@alainna suggested having different text for active and inactive users. I asked her for text but she hasn't sent any yet. I'll check with her today.
There was a problem hiding this comment.
Apologies @joemull @everreau: just back in office. Re: template:
@joemull could you confirm whether this situation is true? If an author is added to a Janeway journal or repository article, then an account is created for them and set as "inactive". In order for the user to connect an authenticated ORCID iD to their Janeway account/author profile, they must first activate their Janeway account, then go to their profile to connect their ORCID iD.
Is that correct?
A second question: If an active user tries to sign into Janeway with ORCID, but there's no iD in their account, they will be redirected back to the Janeway login page and asked to sign in -- is that correct?
(Apologies, our ORCID integration is currently undergoing issues; i may try to get a local copy running to test tomorrow.)
There was a problem hiding this comment.
@alainna this is a complicated thing to answer, because the changes to journals and repositories are getting out of sync. Let's discuss on Discord.
There was a problem hiding this comment.
But to try to answer just for the repository side:
If an author is added to a Janeway journal or repository article, then an account is created for them and set as "inactive". In order for the user to connect an authenticated ORCID iD to their Janeway account/author profile, they must first activate their Janeway account, then go to their profile to connect their ORCID iD.
I believe that's correct for the behavior before this PR. However, we should consider whether we can provide these users with a link that will do it all--authenticate with ORCID and activate their Janeway account.
If an active user tries to sign into Janeway with ORCID, but there's no iD in their account, they will be redirected back to the Janeway login page and asked to sign in -- is that correct?
No, if there is no ORCID for them in Janeway, Janeway will attempt to match on email address. If the email address in their Janeway account matches one of the email addresses on their public ORCID profile, it will add the ORCID and log them in automatically. However, if there is no match by email, Janeway will say there is no matching account and redirect them to the registration page. This could potentially result in duplicate accounts, or an error when the user types in their email and it says "an account with that email already exists". So I think this PR should introduce a third option, where Janeway is able to identify the user attached to an ORCID authentication token, and input the ORCID and activate the account.
src/utils/orcid.py
Outdated
| def is_token_valid(orcid_id, token): | ||
| api_client = OrcidAPI( | ||
| settings.ORCID_CLIENT_ID, settings.ORCID_CLIENT_SECRET, sandbox=True | ||
| ) |
There was a problem hiding this comment.
The sandbox parameter needs to be able to change in production. Maybe it should be based on whether sandbox.orcid.org is present in the URL in settings.py?
There was a problem hiding this comment.
ugh, yes, this was actually mistakenly commited but I can actually fix it.
src/utils/orcid.py
Outdated
| logger.info("Retrieving ORCID profile for %s", orcid) | ||
| api_client = OrcidAPI(settings.ORCID_CLIENT_ID, settings.ORCID_CLIENT_SECRET) | ||
| api_client = OrcidAPI( | ||
| settings.ORCID_CLIENT_ID, settings.ORCID_CLIENT_SECRET, sandbox=True |
There was a problem hiding this comment.
Same comment about changing sandbox in production.
4 participants
Addresses: #2610
When orcid is enabled: