From 33468255f5a2098344ed3186fda68042a6f4d1bb Mon Sep 17 00:00:00 2001 From: Finn Bacall Date: Tue, 17 Feb 2026 14:51:44 +0000 Subject: [PATCH 1/4] Don't show option to authenticate ORCID if client credentials not present. Also, allow ORCID authentication even if ORCID is currently blank. --- app/controllers/orcid_controller.rb | 7 ++++++ app/views/users/show.html.erb | 6 ++--- config/application.rb | 6 +++++ config/locales/en.yml | 1 + test/controllers/orcid_controller_test.rb | 27 ++++++++++++++++++++ test/controllers/users_controller_test.rb | 30 +++++++++++++++++++++++ 6 files changed, 74 insertions(+), 3 deletions(-) diff --git a/app/controllers/orcid_controller.rb b/app/controllers/orcid_controller.rb index 970c1a572..485a1347a 100644 --- a/app/controllers/orcid_controller.rb +++ b/app/controllers/orcid_controller.rb @@ -1,4 +1,5 @@ class OrcidController < ApplicationController + before_action :orcid_auth_enabled before_action :authenticate_user! before_action :set_oauth_client, only: [:authenticate, :callback] @@ -43,4 +44,10 @@ def set_oauth_client host: config[:host].presence || (Rails.env.production? ? 'orcid.org' : 'sandbox.orcid.org') ) end + + def orcid_auth_enabled + unless TeSS::Config.orcid_authentication_enabled? + raise ActionController::RoutingError.new('Feature not enabled') + end + end end diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb index 7c90ae6ee..954413f39 100644 --- a/app/views/users/show.html.erb +++ b/app/views/users/show.html.erb @@ -50,9 +50,9 @@ None specified <% else %> <%= orcid_link(@user.profile) %> - <% if current_user == @user && !@user.profile.orcid_authenticated? %> - <%= button_to t('orcid.authenticate'), authenticate_orcid_path, class: 'btn btn-default' %> - <% end %> + <% end %> + <% if TeSS::Config.orcid_authentication_enabled? && current_user == @user && !@user.profile.orcid_authenticated? %> + <%= button_to t(@user.profile.orcid.blank? ? 'orcid.link' : 'orcid.authenticate'), authenticate_orcid_path, class: 'btn btn-default' %> <% end %>

diff --git a/config/application.rb b/config/application.rb index de1a8c70f..7faab17b1 100644 --- a/config/application.rb +++ b/config/application.rb @@ -170,6 +170,12 @@ def _sentry_dsn def sentry_enabled? _sentry_dsn.present? && Rails.env.production? end + + def orcid_authentication_enabled? + Rails.application.config.secrets.orcid.present? && + Rails.application.config.secrets.orcid[:client_id].present? && + Rails.application.config.secrets.orcid[:secret].present? + end end Config = TessConfig.new(tess_config) diff --git a/config/locales/en.yml b/config/locales/en.yml index f1e7e1c94..8ebd0881f 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -1129,6 +1129,7 @@ en: Spaces are customizable, community-managed sub-portals within %{site_name}, each with their own catalogue of training content. orcid: error: 'An error occurred whilst trying to authenticate your ORCID.' + link: 'Link your ORCID' authenticate: 'Authenticate your ORCID' authentication_success: 'You have successfully authenticated your ORCID.' authentication_failure: 'Failed to authenticate your ORCID.' \ No newline at end of file diff --git a/test/controllers/orcid_controller_test.rb b/test/controllers/orcid_controller_test.rb index 18c12aa8c..ff0f0f245 100644 --- a/test/controllers/orcid_controller_test.rb +++ b/test/controllers/orcid_controller_test.rb @@ -20,6 +20,7 @@ class OrcidControllerTest < ActionController::TestCase test 'handle callback and assign orcid if free' do mock_images user = users(:regular_user) + assert user.profile.orcid.blank? sign_in user VCR.use_cassette('orcid/get_token_free_orcid') do @@ -121,4 +122,30 @@ class OrcidControllerTest < ActionController::TestCase assert profile.orcid.blank? refute profile.orcid_authenticated? end + + test 'do not authenticate orcid if feature not enabled' do + Rails.application.config.secrets.stub(:orcid, nil) do + sign_in users(:regular_user) + + assert_raises(ActionController::RoutingError) do + post :authenticate + end + end + end + + test 'do not handle orcid callback if feature not enabled' do + Rails.application.config.secrets.stub(:orcid, nil) do + mock_images + user = users(:regular_user) + sign_in user + + VCR.use_cassette('orcid/get_token_unauth_orcid') do + assert_raises(ActionController::RoutingError) do + get :callback, params: { code: '123xyz' } + profile = user.profile.reload + refute profile.orcid_authenticated? + end + end + end + end end diff --git a/test/controllers/users_controller_test.rb b/test/controllers/users_controller_test.rb index 2d16af748..c0f051493 100644 --- a/test/controllers/users_controller_test.rb +++ b/test/controllers/users_controller_test.rb @@ -504,6 +504,36 @@ class UsersControllerTest < ActionController::TestCase assert_select '#sidebar button', text: 'Authenticate your ORCID' end + test 'should show link orcid button if own profile and orcid currently blank' do + user = users(:private_user) + user.profile.update_column(:orcid, nil) + + refute user.profile.orcid.present? + refute user.profile.orcid_authenticated? + + sign_in user + + get :show, params: { id: user } + + assert_response :success + assert_select '#sidebar button', text: 'Link your ORCID' + end + + test 'should not show authenticate orcid button if feature disabled' do + Rails.application.config.secrets.stub(:orcid, nil) do + user = users(:private_user) + assert user.profile.orcid.present? + refute user.profile.orcid_authenticated? + + sign_in user + + get :show, params: { id: user } + + assert_response :success + assert_select '#sidebar button', text: 'Authenticate your ORCID', count: 0 + end + end + test 'should not show authenticate orcid button if not own profile' do user = users(:private_user) assert user.profile.orcid.present? From 672e9447040efd7fa9c1f2b2f963f3064a6c7947 Mon Sep 17 00:00:00 2001 From: Finn Bacall Date: Tue, 17 Feb 2026 16:28:37 +0000 Subject: [PATCH 2/4] Try and fix duplicate docker images being built For app and sidekiq --- docker-compose.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 1cc31c05e..e77bfbc64 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -61,10 +61,6 @@ services: - redis-data:/data sidekiq: container_name: ${PREFIX}-sidekiq - build: - context: . - dockerfile: Dockerfile - target: development image: ${PREFIX}-app depends_on: - app From 9124df5600ce6e5b8590c258faa4a19655089d72 Mon Sep 17 00:00:00 2001 From: Finn Bacall Date: Tue, 17 Feb 2026 16:31:20 +0000 Subject: [PATCH 3/4] Apply suggestion from @Copilot Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- test/controllers/orcid_controller_test.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/controllers/orcid_controller_test.rb b/test/controllers/orcid_controller_test.rb index ff0f0f245..e7f8c86e7 100644 --- a/test/controllers/orcid_controller_test.rb +++ b/test/controllers/orcid_controller_test.rb @@ -142,9 +142,9 @@ class OrcidControllerTest < ActionController::TestCase VCR.use_cassette('orcid/get_token_unauth_orcid') do assert_raises(ActionController::RoutingError) do get :callback, params: { code: '123xyz' } - profile = user.profile.reload - refute profile.orcid_authenticated? end + profile = user.profile.reload + refute profile.orcid_authenticated? end end end From 8c9d095e7765069aa8ea3ccf97f3f8ec08991c20 Mon Sep 17 00:00:00 2001 From: Finn Bacall Date: Tue, 17 Feb 2026 16:37:05 +0000 Subject: [PATCH 4/4] Docker compose fix for prod too --- docker-compose-prod.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/docker-compose-prod.yml b/docker-compose-prod.yml index 9405cd29e..e5110ed6c 100644 --- a/docker-compose-prod.yml +++ b/docker-compose-prod.yml @@ -69,10 +69,6 @@ services: - redis-data:/data sidekiq: container_name: ${PREFIX}-sidekiq - build: - context: . - dockerfile: Dockerfile - target: production image: ${PREFIX}-app restart: always depends_on: