ElixirTeSS · fbacall · Feb 18, 2026 · Feb 17, 2026 · Feb 17, 2026 · Feb 17, 2026
diff --git a/app/controllers/orcid_controller.rb b/app/controllers/orcid_controller.rb
@@ -1,4 +1,5 @@
 class OrcidController < ApplicationController
+  before_action :orcid_auth_enabled
   before_action :authenticate_user!
   before_action :set_oauth_client, only: [:authenticate, :callback]
 
@@ -43,4 +44,10 @@ def set_oauth_client
       host: config[:host].presence || (Rails.env.production? ? 'orcid.org' : 'sandbox.orcid.org')
     )
   end
+
+  def orcid_auth_enabled
+    unless TeSS::Config.orcid_authentication_enabled?
+      raise ActionController::RoutingError.new('Feature not enabled')
+    end
+  end
 end
diff --git a/app/views/users/show.html.erb b/app/views/users/show.html.erb
@@ -50,9 +50,9 @@
           <span class="empty">None specified</span>
         <% else %>
           <%= orcid_link(@user.profile) %>
-          <% if current_user == @user && !@user.profile.orcid_authenticated? %>
-            <%= button_to t('orcid.authenticate'), authenticate_orcid_path, class: 'btn btn-default' %>
-          <% end %>
+        <% end %>
+        <% if TeSS::Config.orcid_authentication_enabled? && current_user == @user && !@user.profile.orcid_authenticated? %>
+          <%= button_to t(@user.profile.orcid.blank? ? 'orcid.link' : 'orcid.authenticate'), authenticate_orcid_path, class: 'btn btn-default' %>
         <% end %>
       </p>
 

diff --git a/config/application.rb b/config/application.rb
@@ -170,6 +170,12 @@ def _sentry_dsn
     def sentry_enabled?
       _sentry_dsn.present? && Rails.env.production?
     end
+
+    def orcid_authentication_enabled?
+      Rails.application.config.secrets.orcid.present? &&
+        Rails.application.config.secrets.orcid[:client_id].present? &&
+        Rails.application.config.secrets.orcid[:secret].present?
+    end
   end
 
   Config = TessConfig.new(tess_config)

diff --git a/config/locales/en.yml b/config/locales/en.yml
@@ -1129,6 +1129,7 @@ en:
         Spaces are customizable, community-managed sub-portals within %{site_name}, each with their own catalogue of training content.
   orcid:
     error: 'An error occurred whilst trying to authenticate your ORCID.'
+    link: 'Link your ORCID'
     authenticate: 'Authenticate your ORCID'
     authentication_success: 'You have successfully authenticated your ORCID.'
     authentication_failure: 'Failed to authenticate your ORCID.'
diff --git a/docker-compose-prod.yml b/docker-compose-prod.yml
@@ -69,10 +69,6 @@ services:
       - redis-data:/data
   sidekiq:
     container_name: ${PREFIX}-sidekiq
-    build:
-      context: .
-      dockerfile: Dockerfile
-      target: production
     image: ${PREFIX}-app
     restart: always
     depends_on:

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -61,10 +61,6 @@ services:
       - redis-data:/data
   sidekiq:
     container_name: ${PREFIX}-sidekiq
-    build:
-      context: .
-      dockerfile: Dockerfile
-      target: development
     image: ${PREFIX}-app
     depends_on:
       - app

diff --git a/test/controllers/orcid_controller_test.rb b/test/controllers/orcid_controller_test.rb
@@ -20,6 +20,7 @@ class OrcidControllerTest < ActionController::TestCase
   test 'handle callback and assign orcid if free' do
     mock_images
     user = users(:regular_user)
+    assert user.profile.orcid.blank?
     sign_in user
 
     VCR.use_cassette('orcid/get_token_free_orcid') do
@@ -121,4 +122,30 @@ class OrcidControllerTest < ActionController::TestCase
     assert profile.orcid.blank?
     refute profile.orcid_authenticated?
   end
+
+  test 'do not authenticate orcid if feature not enabled' do
+    Rails.application.config.secrets.stub(:orcid, nil) do
+      sign_in users(:regular_user)
+
+      assert_raises(ActionController::RoutingError) do
+        post :authenticate
+      end
+    end
+  end
+
+  test 'do not handle orcid callback if feature not enabled' do
+    Rails.application.config.secrets.stub(:orcid, nil) do
+      mock_images
+      user = users(:regular_user)
+      sign_in user
+
+      VCR.use_cassette('orcid/get_token_unauth_orcid') do
+        assert_raises(ActionController::RoutingError) do
+          get :callback, params: { code: '123xyz' }
+        end
+        profile = user.profile.reload
+        refute profile.orcid_authenticated?
+      end
+    end
+  end
 end
diff --git a/test/controllers/users_controller_test.rb b/test/controllers/users_controller_test.rb
@@ -504,6 +504,36 @@ class UsersControllerTest < ActionController::TestCase
     assert_select '#sidebar button', text: 'Authenticate your ORCID'
   end
 
+  test 'should show link orcid button if own profile and orcid currently blank' do
+    user = users(:private_user)
+    user.profile.update_column(:orcid, nil)
+
+    refute user.profile.orcid.present?
+    refute user.profile.orcid_authenticated?
+
+    sign_in user
+
+    get :show, params: { id: user }
+
+    assert_response :success
+    assert_select '#sidebar button', text: 'Link your ORCID'
+  end
+
+  test 'should not show authenticate orcid button if feature disabled' do
+    Rails.application.config.secrets.stub(:orcid, nil) do
+      user = users(:private_user)
+      assert user.profile.orcid.present?
+      refute user.profile.orcid_authenticated?
+
+      sign_in user
+
+      get :show, params: { id: user }
+
+      assert_response :success
+      assert_select '#sidebar button', text: 'Authenticate your ORCID', count: 0
+    end
+  end
+
   test 'should not show authenticate orcid button if not own profile' do
     user = users(:private_user)
     assert user.profile.orcid.present?