Skip to content

ORCiD info is prefilled when registering#4279

Merged
joemull merged 11 commits into
openlibhums:masterfrom
everreau:3337-orcid-prefill
Aug 15, 2024
Merged

ORCiD info is prefilled when registering#4279
joemull merged 11 commits into
openlibhums:masterfrom
everreau:3337-orcid-prefill

Conversation

@everreau

@everreau everreau commented Jun 14, 2024

Copy link
Copy Markdown
Contributor

Closes #3337.

  • Add functionality to prefill registration field from orcid info
  • Allow user to prefill form from orcid but remove orcid (for some reason, it was in the spec from Alainna)
  • Display orcid to their display standards
  • Test it.

@Bbkctp

Bbkctp commented Jun 14, 2024

Copy link
Copy Markdown
Contributor

Can one of the admins verify this patch?

@ajrbyers

Copy link
Copy Markdown
Member

Jenkins: Whitelist

@ajrbyers

Copy link
Copy Markdown
Member

Jenkins: test this please

@alainna

alainna commented Jun 20, 2024

Copy link
Copy Markdown
Contributor

related: #3337

@alainna

alainna commented Jun 20, 2024

Copy link
Copy Markdown
Contributor

@everreau @ajrbyers The rationale for allowing the user to remove the ORCID iD from the registration form (or their profile) is in case they authenticate the incorrect ORCID iD. This can occur when the user:

a. accidentally registers a new ORCID iD;
b. has multiple ORCID iDs (for whatever reason) and uses the incorrect one;
c. is a delegate to another ORCID user and has connected their delegator's ORCID iD.

(My expectation would be that with the ORCID iD is removed, the access token is simultaneously revoked also. haven't checked whether that's part of the process.)

@alainna

alainna commented Jun 20, 2024

Copy link
Copy Markdown
Contributor

@everreau the display of the ORCID iD should be HTTPS, not HTTP

@ajrbyers

Copy link
Copy Markdown
Member

For clarification it allows the user to remove the ORCID but doesn’t remove it automatically?

@everreau

Copy link
Copy Markdown
Contributor Author

@alainna 1. hm.. if that's the use case for the remove orcid link I can probably just make it simpler. This remove the orcid removes the id but keeps the form auto-filled. (This seemed unnecessarily complicated to me but that was how I interpreted the spec). If it's just for the case that it's the wrong orcid we could just link back to the original form with no token.
2. I don't know where you're refering to HTTP v HTTPS There is some http in the tests but that's not really related to what will show in real life. In the real implementation it grabs the orcid url from the orcid response.

@alainna

alainna commented Jun 25, 2024

Copy link
Copy Markdown
Contributor

@everreau
1: I think that the form should also remain auto-filled after removing the ORCID iD and revoking the access token -- it seems the simplest method. But maybe there should be an open to "clear form" so the user could start over? Maybe as a question modal/box "do you also want to clear the form"?

2: excellent!!

@everreau

Copy link
Copy Markdown
Contributor Author

@alainna Leaving the form auto-filled is not simpler and it seems like a weird thing to do. "I want to use my orcid data to fill the form but I do NOT want to save that orcid". However, I already implemented this functionality so I can leave it as-is. I was just asking to make it simpler. If we don't simplify it then they can just click the "Register" link again to get a clean form.

@joemull joemull self-requested a review July 9, 2024 08:58
@joemull joemull assigned joemull and unassigned ajrbyers Jul 9, 2024
@joemull joemull removed the request for review from ajrbyers July 9, 2024 08:58

@joemull joemull left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @everreau--I think this is good but it is pulling on some pre-existing spaghetti we have around URL formation and carrying users through redirects that I think we need to address a bit more holistically. I happen to be working on another feature that touches the same code, so I am sharing some information related to that below. See comments inline.

As for the feature to remove the ORCID, I think we should take the additional context from Alainna and simplify it like you suggest. I think it would be counter-intuitive to offer just the deletion of the ORCID, without removing the rest of the form details, because the user will wonder what they are actually doing when they submit the form after that. Are they still connecting their orcid account? Maybe some kind of "Start over" or "Retry" button would be clearer?

Comment thread src/core/views.py Outdated
elif request.journal:
return redirect(reverse('core_dashboard'))
else:
return redirect(reverse('website_index'))

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This bit has one too many indents.

Comment thread src/core/views.py Outdated
@@ -328,8 +342,6 @@ def register(request):
if form.is_valid():
if token_obj:
new_user = form.save(commit=False)

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will need to be commit=True or no commit arg if the user is not being saved because line 332 is deleted.

Comment thread src/utils/tests.py Outdated
press= helpers.create_press()
repo = helpers.create_repository(press, [], [])
self.assertEqual(build_redirect_uri(repo), "http://localhost/login/orcid/?action=login")
self.assertEqual(build_redirect_uri(repo, action="register"), "http://localhost/login/orcid/?action=register")

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This test is failing for me because it's missing some data around the request. But once that data is provided and the function runs, I think it will still not be a great idea to pass query parameters in the path argument of site_url and build_url functions. I understand why you are putting it in the path and not a query dict or something, because we don't provide a way to pass query parameters into that function and even if you could, the URL encoding is redundant so the URL would be garbled on its way back from ORCiD.

I discovered these things while working on a separate feature, #3899, whereby users will be carried through the login and registration process with a bit more care. It's still a work in progress but I'm thinking of expanding simplifying and unifying our token models so that we can retrieve next URLs and query parameters like this, even when we send things out to ORCiD.

If we were to fix up the tokens, we could make use of ORCiD's state parameter, which would let us link up the appropriate "next" url, whether login or registration (your feature) or something else (my feature).

I know this is a lot but I am curious what your thoughts are. If you want to glance over my still-messy WIP, it's here: #4322

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hi @joemull -- sorry for my delayed response. I got waylaid by other tasks and some time off. I've checked in corrections to the more minor issues you've pointed out.

I like your idea for fixing the return url business. I'm also thinking we might be able to use this if fix something else Alainna requested. She doesn't want to have to add each new journal/repo url to the redirect urls but instead have a press or installation wide return url that is able to redirect appropriately.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@joemull How do you want to proceed with this work? We'd like to get this and a few other orcid features that would depend on this rewrite into the next release.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@everreau I think unifying the various Token models to a single one and passing the token ID in state to the ORCID API is the right direction. I could potentially separate that work from the rest of my branch and put it through review with higher priority. You could then rebase this branch on that and finish up this work.

I'd have to run it by @mauromsl and @ajrbyers to confirm they like the solution and figure out a time frame. It will be tight, because we are hoping to finish up 1.7 in the next few weeks.

Shall I do that and let you know?

Or if you have time to handle it ASAP, would you want to copy-paste and fix up my WIP code that unifies the Token objects and sends and receives state as a part of this PR?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@joemull I can probably do it. I think this is my highest priority task at the moment. I'll check with Chad to be sure. Thank you!

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That would be super! Let me know if I can help with context.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@everreau I just had a chat with Andy and Mauro, and can we actually ask you to hold off on this? We need a chance to discuss it properly.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@joemull no problem. Chad has indeed deemed this my most important task so we'd like to get going as soon as we can. Thanks!

Comment thread src/utils/orcid.py Outdated
try:
r.raise_for_status()
except HTTPError as e:
print(e)

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should remove this right?

@joemull joemull changed the title 3337 orcid prefill ORCiD info is prefilled when registering Jul 10, 2024
@everreau

Copy link
Copy Markdown
Contributor Author

@joemull updated code to use state. If the test above is still failing for you please let me know what is missing. It's passing for me.

@joemull joemull self-requested a review August 14, 2024 10:06

@joemull joemull left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me. I also tested it out manually to make sure I understood it.

As for the whole state thing, it's not quite what I had in mind but that's OK because your solution works. Just a heads up, I may refactor it a bit when I get to the next URL branch. OK If I add you as a reviewer on that PR when it is ready, to make sure I don't mess this up?

The test that was failing for me was only failing when I ran the orcid tests in isolation, and I also might have a fix for it in my refactor, so I am OK with merging this. I want to make sure we don't hold you up any more than we have already.

@joemull

joemull commented Aug 14, 2024

Copy link
Copy Markdown
Member

Oh, there are merge conflicts on this branch. Normally we ask the branch owner do a git rebase locally onto a later version and then force push. Is that alright with you?

@ajrbyers ajrbyers left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm happy with this. @mauromsl is also going to look over it as he requested some of the changes.

@mauromsl

Copy link
Copy Markdown
Member

Thanks @everreau!

As Joe mentioned, there are a few conflicts that need resolving, would you mind performing a rebase of master as per our remote, ahead of merging to master?

@everreau

Copy link
Copy Markdown
Contributor Author

no problem @mauromsl , I'll have it done by end of day. @joemull I'm happy to review your PR when ready. As I'm sure you're aware this whole login page could use some rewriting but it sounded like you all wanted to hold off on that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Allow users to prefill registration form with ORCID record data

6 participants