[ENG-10586] BE: Ensure only one ORCID ID is availalble in the UserModel.external_identity attribute#11661
Conversation
…D, the existing ORCID ID should be removed/overwritten
futa-ikeda
left a comment
futa-ikeda
left a comment
There was a problem hiding this comment.
Seems like a reasonable fix for now, but I will have @cslzchen weigh in on this, as he would have a bit more knowledge on this workflow.
cslzchen
left a comment
cslzchen
left a comment
There was a problem hiding this comment.
I am surprised that we have two set of the same/similar code ... one in api v1 and the other in api v2. And there seems to be slight differences. Please double check which is the actual code being used.
Usually if we have v2, it means we are using v2. But it may not be the case for ORCiD. Could the V2 could be some unfinished work from previous projects that never worked or tested at all?
This needs to be wider discussion, likely outside the project scope: if v1 is the one being used and has been fully tested and if v2 is untested/unfinished "future" work, should we maintain both code?
Please add/update unit tests.
api/users/views.py
Outdated
| external_identity[external_id_provider][external_id] = 'LINK' | ||
| if external_id_provider in user.external_identity: | ||
| user.external_identity[external_id_provider].update(external_identity[external_id_provider]) | ||
| if external_id_provider == 'orcid': |
There was a problem hiding this comment.
I don't think it is 'orcid'.
In addition, we should be able to find this key in settings (or parse it out of settings).
There was a problem hiding this comment.
Hi @cslzchen
- There is 'orcid' key used for tests so think it is ok key to use
also there is 'orcid' on test run
api_tests/users/views/test_user_external_login.py
not confident where should be so have added to both.
As git log tells there are recent code changings for both files
There was a problem hiding this comment.
First, regarding to what you see in tests. We sometimes use literal string in test server for testing purpose, which is ok. Another possibility is unit tests were not written well, it uses "orcid" within the scope of the test but on servers, it's "ORCID". That's why I doubted using literal string in your actual code wouldn't work.
Here is what I found in website/settings/defaults.py.
# External Identity Provider
EXTERNAL_IDENTITY_PROFILE = {
'OrcidProfile': 'ORCID',
}
And in framework/auth/cas.py, here is an example of how we use it.
provider = settings.EXTERNAL_IDENTITY_PROFILE[profile_name]
return {
'provider': provider,
'id': technical_id,
}
I also checked the database after logging in via ORCiD, it's "ORCID" instead of "orcid", which confirms what mentioned above.
There was a problem hiding this comment.
Second, regarding the changes, I think the git history you mentioned are on the file. You need to take a look at history for related code / lines.
Given we have both API V1 and V2 doing the same thing, the best way to verify is to go on one of our servers, go through the ORCiD process and see what request is made. Or take a look at your local code legacy flask view/html, on which endpoint the code uses when submitting the form.
framework/auth/views.py
Outdated
| external_identity[external_id_provider][external_id] = 'LINK' | ||
| if external_id_provider in user.external_identity: | ||
| user.external_identity[external_id_provider].update(external_identity[external_id_provider]) | ||
| if external_id_provider == 'orcid': |
3 participants
Ticket
Purpose
If a user has an existing ORCID ID, and then associates a new ORCID ID, the existing ORCID ID should be removed/overwritten
Changes
Side Effects
also maybe someone knows it better:
not confident whether we need to deal somehow with already existing in database values
not confident how it is /was possible to create several records for ORCID
maybe some backend workflow also will be needed for the stuff
QE Notes
CE Notes
Documentation