Show ORCID log in only if openid scope is enabled

T-CAIREM · Sep 25, 2024 · 04185f1 · 04185f1
1 parent 710d677
commit 04185f1
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 21 deletions.
diff --git a/physionet-django/physionet/settings/base.py b/physionet-django/physionet/settings/base.py
@@ -287,6 +287,7 @@
 ORCID_CLIENT_ID = config('ORCID_CLIENT_ID', default=False)
 ORCID_CLIENT_SECRET = config('ORCID_CLIENT_SECRET', default=False)
 ORCID_SCOPE = config('ORCID_SCOPE', default=False)
+ORCID_LOGIN_ENABLED = "openid" in ORCID_SCOPE
 
 # Tags for the CITISOAPService API
 CITI_USERNAME = config('CITI_USERNAME', default='')

diff --git a/physionet-django/sso/templates/sso/login.html b/physionet-django/sso/templates/sso/login.html
@@ -24,14 +24,16 @@ <h6 class="card-subtitle mb-2 text-muted">Login through an external institute</h
           <span class="h6">login using you institution</span>
         </a>
         <br>
-        <h6 class="card-subtitle mb-2 mt-3 text-muted">or using ORCID iD</h6>
-        <a id="orcid_login"
-           type="button"
-           class="btn btn-secondary center p-2 px-3"
-           href="{% url 'orcid_init_login' %}">
-          <img src="https://orcid.org/sites/default/files/images/orcid_24x24.png" />
-          <span class="h6"> Log in using ORCID iD </span>
-        </a>
+        {% if enable_orcid_login %}
+          <h6 class="card-subtitle mb-2 mt-3 text-muted">or using ORCID iD</h6>
+          <a id="orcid_login"
+             type="button"
+             class="btn btn-secondary center p-2 px-3"
+             href="{% url 'orcid_init_login' %}">
+            <img src="https://orcid.org/sites/default/files/images/orcid_24x24.png" />
+            <span class="h6"> Log in using ORCID iD </span>
+          </a>
+        {% endif %}
       </div>
     </div>
   </div>

diff --git a/physionet-django/user/templates/user/login.html b/physionet-django/user/templates/user/login.html
@@ -27,18 +27,20 @@ <h2 class="form-signin-heading">Account Login</h2>
     </div>
     <button id="login" class="btn btn-lg btn-primary btn-block" type="submit">Log In</button>
   </form>
-  <div class="separator">
-    <span>or</span>
-  </div>
-  <div class="form-signin">
-    <a id="orcid_login"
-       type="button"
-       class="btn  btn-lg btn-secondary btn-block"
-       href="{% url 'orcid_init_login' %}">
-      <img src="https://orcid.org/sites/default/files/images/orcid_24x24.png" />
-      Log in using ORCID iD
-    </a>
-  </div>
+  {% if enable_orcid_login %}
+    <div class="separator">
+      <span>or</span>
+    </div>
+    <div class="form-signin">
+      <a id="orcid_login"
+         type="button"
+         class="btn  btn-lg btn-secondary btn-block"
+         href="{% url 'orcid_init_login' %}">
+        <img src="https://orcid.org/sites/default/files/images/orcid_24x24.png" />
+        Log in using ORCID iD
+      </a>
+    </div>
+  {% endif %}
   <div class="form-signin">
     <p>New user? <a id="register" href="{% url 'register' %}">Create an account</a></p>
   </div>

diff --git a/physionet-django/user/views.py b/physionet-django/user/views.py
@@ -73,6 +73,14 @@ class LoginView(auth_views.LoginView):
     authentication_form = forms.LoginForm
     redirect_authenticated_user = True
 
+    def get_context_data(self, *args, **kwargs):
+        context = super().get_context_data(*args, **kwargs)
+
+        sso_extra_context = {
+            'enable_orcid_login': settings.ORCID_LOGIN_ENABLED,
+        }
+        return {**context, **sso_extra_context}
+
 
 @method_decorator(allow_post_during_maintenance, 'dispatch')
 class SSOLoginView(auth_views.LoginView):
@@ -91,6 +99,7 @@ def get_context_data(self, *args, **kwargs):
         sso_extra_context = {
             'sso_login_button_text': settings.SSO_LOGIN_BUTTON_TEXT,
             'login_instruction_sections': instruction_sections,
+            'enable_orcid_login': settings.ORCID_LOGIN_ENABLED,
         }
         return {**context, **sso_extra_context}
 
@@ -499,6 +508,8 @@ def auth_orcid_login(request):
     information to a users ORCID profile (ex: a PhysioNet dataset project).  See the .env file for an example of how to
     do token exchanges.
     """
+    if not settings.ORCID_LOGIN_ENABLED:
+        return redirect('home')
 
     client_id = settings.ORCID_CLIENT_ID
     redirect_uri = settings.ORCID_LOGIN_REDIRECT_URI
@@ -545,7 +556,9 @@ def _fetch_and_validate_token(request, code, oauth_session):
 
         try:
             validators.validate_orcid_token(token['access_token'])
-            validators.validate_orcid_id_token(token['id_token'])
+            if settings.ORCID_LOGIN_ENABLED:
+                validators.validate_orcid_id_token(token['id_token'])
+
             return True, token
         except ValidationError:
             messages.error(request, 'Validation Error: ORCID token validation failed.')
@@ -565,6 +578,9 @@ def orcid_register(request):
     GET renders the registration form.
     POST submits the registration form.
     """
+    if not settings.ORCID_LOGIN_ENABLED:
+        return redirect('home')
+
     user = request.user
     if user.is_authenticated:
         return redirect('project_home')
@@ -594,6 +610,9 @@ def orcid_init_login(request):
     """
     Builds redirect url and redirects to ORCID authorization page
     """
+    if not settings.ORCID_LOGIN_ENABLED:
+        return redirect('home')
+
     client_id = settings.ORCID_CLIENT_ID
     redirect_uri = settings.ORCID_LOGIN_REDIRECT_URI
     scope = settings.ORCID_SCOPE