Merge branch 'release/26.7.0'

cslzchen · cslzchen · commit fced96b46066 · 2026-04-08T11:40:58.000-04:00
diff --git a/CHANGELOG b/CHANGELOG
@@ -2,6 +2,11 @@
 
 We follow the CalVer (https://calver.org/) versioning scheme: YY.MINOR.MICRO.
 
+26.7.0 (2026-04-08)
+===================
+
+- ORCiD Integration Project - BE Part
+
 26.6.3 (2026-04-02)
 ===================
 
diff --git a/admin/management/urls.py b/admin/management/urls.py
@@ -19,5 +19,7 @@
     re_path(r'^empty_metadata_dataarchive_registration_bulk_resync', views.EmptyMetadataDataarchiveRegistrationBulkResync.as_view(),
             name='empty-metadata-dataarchive-registration-bulk-resync'),
     re_path(r'^sync_notification_templates', views.SyncNotificationTemplates.as_view(),
-            name='sync_notification_templates')
+            name='sync_notification_templates'),
+    re_path(r'^remove_orcid_from_user_social', views.RemoveOrcidFromUserSocial.as_view(),
+            name='remove_orcid_from_user_social')
 ]
diff --git a/admin/management/views.py b/admin/management/views.py
@@ -12,6 +12,7 @@
 from osf.management.commands.fetch_cedar_metadata_templates import ingest_cedar_metadata_templates
 from osf.management.commands.sync_doi_metadata import sync_doi_metadata, sync_doi_empty_metadata_dataarchive_registrations
 from osf.management.commands.populate_notification_types import populate_notification_types
+from osf.management.commands.remove_orcid_from_user_social import remove_orcid_from_user_social
 from scripts.find_spammy_content import manage_spammy_content
 from django.urls import reverse
 from django.shortcuts import redirect
@@ -181,3 +182,11 @@ def post(self, request):
         populate_notification_types()
         messages.success(request, 'Notification templates have been successfully synced.')
         return redirect(reverse('management:commands'))
+
+
+class RemoveOrcidFromUserSocial(ManagementCommandPermissionView):
+
+    def post(self, request):
+        remove_orcid_from_user_social()
+        messages.success(request, 'Orcid from user social have been successfully removed.')
+        return redirect(reverse('management:commands'))
diff --git a/admin/templates/management/commands.html b/admin/templates/management/commands.html
@@ -165,6 +165,19 @@ <h4><u>Sync Notification Templates</u></h4>
                     </nav>
                 </form>
             </section>
+            <section>
+                <h4><u>Remove existing orcid info from user social</u></h4>
+                <p>
+                    Use this management command to remove existing orcid info from user social.
+                </p>
+                <form method="post"
+                      action="{% url 'management:remove_orcid_from_user_social'%}">
+                    {% csrf_token %}
+                    <nav>
+                        <input class="btn btn-success" type="submit" value="Run" />
+                    </nav>
+                </form>
+            </section>
         </div>
     </section>
 {% endblock %}
diff --git a/api/base/schemas/social-schema.json b/api/base/schemas/social-schema.json
@@ -67,10 +67,6 @@
     "academiaInstitution": {
       "description": "The academiaInstitution for the given user",
       "type": "string"
-    },
-    "orcid": {
-      "description": "The orcid for the given user",
-      "type": "string"
     }
   },
   "additionalProperties": false
diff --git a/api/users/views.py b/api/users/views.py
@@ -755,7 +755,11 @@ def post(self, request, *args, **kwargs):
             # 1. update user oauth, with pending status
             external_identity[external_id_provider][external_id] = 'LINK'
             if external_id_provider in user.external_identity:
-                user.external_identity[external_id_provider].update(external_identity[external_id_provider])
+                # v1 looks to be used because of /confirm/external/ usage for auth but add orcid external identity rewrite updates for v2 as well
+                if external_id_provider == settings.EXTERNAL_IDENTITY_PROFILE.get('OrcidProfile'):
+                    user.external_identity[external_id_provider] = external_identity[external_id_provider]
+                else:
+                    user.external_identity[external_id_provider].update(external_identity[external_id_provider])
             else:
                 user.external_identity.update(external_identity)
             if not user.accepted_terms_of_service and accepted_terms_of_service:
@@ -1153,7 +1157,6 @@ class ConfirmEmailView(generics.CreateAPIView):
 
     def _process_external_identity(self, user, external_identity, service_url):
         """Handle all external_identity logic, including task enqueueing and url updates."""
-
         provider = next(iter(external_identity))
         if provider not in user.external_identity:
             raise ValidationError('External-ID provider mismatch.')
diff --git a/api_tests/users/views/test_user_detail.py b/api_tests/users/views/test_user_detail.py
@@ -453,7 +453,6 @@ def user_one(self):
                 twitter='userOneTwitter',
                 linkedIn='userOneLinkedIn',
                 impactStory='userOneImpactStory',
-                orcid='userOneOrcid',
                 researcherId='userOneResearcherId'
             )
         )
@@ -508,7 +507,6 @@ def data_new_user_one(self, user_one):
                         'twitter': ['http://twitter.com/newtwitter'],
                         'linkedIn': ['https://www.linkedin.com/newLinkedIn'],
                         'impactStory': 'https://impactstory.org/newImpactStory',
-                        'orcid': 'http://orcid.org/newOrcid',
                         'researcherId': 'http://researcherid.com/rid/newResearcherId',
                     }},
             }}
@@ -916,7 +914,6 @@ def test_partial_patch_user_logged_in(self, app, user_one, url_user_one):
         assert user_one.social['twitter'] in social['twitter']
         assert user_one.social['linkedIn'] in social['linkedIn']
         assert user_one.social['impactStory'] in social['impactStory']
-        assert user_one.social['orcid'] in social['orcid']
         assert user_one.social['researcherId'] in social['researcherId']
         assert user_one.fullname == 'new_fullname'
         assert user_one.suffix == 'The Millionth'
@@ -933,7 +930,6 @@ def test_patch_all_social_fields(self, app, user_one, url_user_one, mock_spam_he
             'academiaProfileID': 'okokokok',
             'ssrn': 'aaaa',
             'impactStory': 'why not',
-            'orcid': 'ork-id',
             'researchGate': 'Why are there so many of these',
             'researcherId': 'ok-lastone',
             'academiaInstitution': 'Center for Open Science'
@@ -1005,7 +1001,6 @@ def test_partial_patch_user_logged_in_no_social_fields(
         assert user_one.social['twitter'] in social['twitter']
         assert user_one.social['linkedIn'] in social['linkedIn']
         assert user_one.social['impactStory'] in social['impactStory']
-        assert user_one.social['orcid'] in social['orcid']
         assert user_one.social['researcherId'] in social['researcherId']
         assert user_one.fullname == 'new_fullname'
         assert user_one.suffix == 'The Millionth'
@@ -1056,7 +1051,6 @@ def test_put_user_logged_in(self, app, user_one, data_new_user_one, url_user_one
         assert 'newtwitter' in social['twitter'][0]
         assert 'newLinkedIn' in social['linkedIn'][0]
         assert 'newImpactStory' in social['impactStory']
-        assert 'newOrcid' in social['orcid']
         assert 'newResearcherId' in social['researcherId']
         user_one.reload()
         assert user_one.fullname == data_new_user_one['data']['attributes']['full_name']
@@ -1069,7 +1063,6 @@ def test_put_user_logged_in(self, app, user_one, data_new_user_one, url_user_one
         assert 'newtwitter' in social['twitter'][0]
         assert 'newLinkedIn' in social['linkedIn'][0]
         assert 'newImpactStory' in social['impactStory']
-        assert 'newOrcid' in social['orcid']
         assert 'newResearcherId' in social['researcherId']
 
     def test_update_user_sanitizes_html_properly(
diff --git a/api_tests/users/views/test_user_exceptions.py b/api_tests/users/views/test_user_exceptions.py
@@ -22,7 +22,6 @@ def user(self):
                 twitter='userOneTwitter',
                 linkedIn='userOneLinkedIn',
                 impactStory='userOneImpactStory',
-                orcid='userOneOrcid',
                 researcherId='userOneResearcherId'
             )
         )
diff --git a/api_tests/users/views/test_user_external_login.py b/api_tests/users/views/test_user_external_login.py
@@ -48,7 +48,7 @@ def csrf_token(self):
     @pytest.fixture()
     def session_data(self):
         session = SessionStore()
-        session['auth_user_external_id_provider'] = 'orcid'
+        session['auth_user_external_id_provider'] = 'ORCID'
         session['auth_user_external_id'] = '1234-1234-1234-1234'
         session['auth_user_fullname'] = 'external login'
         session['auth_user_external_first_login'] = True
@@ -62,7 +62,7 @@ def test_external_login(self, app, payload, url, session_data, csrf_token):
         with capture_notifications():
             res = app.post_json_api(url, payload, headers={'X-CSRFToken': csrf_token})
         assert res.status_code == 200
-        assert res.json == {'external_id_provider': 'orcid', 'auth_user_fullname': 'external login'}
+        assert res.json == {'external_id_provider': 'ORCID', 'auth_user_fullname': 'external login'}
         assert not OSFUser.objects.get(username='freddie@mercury.com').is_confirmed
 
     def test_invalid_payload(self, app, url, session_data, csrf_token):
@@ -84,6 +84,24 @@ def test_existing_user(self, app, payload, url, user_one, session_data, csrf_tok
         with capture_notifications():
             res = app.post_json_api(url, payload, headers={'X-CSRFToken': csrf_token})
         assert res.status_code == 200
-        assert res.json == {'external_id_provider': 'orcid', 'auth_user_fullname': 'external login'}
+        assert res.json == {'external_id_provider': 'ORCID', 'auth_user_fullname': 'external login'}
         user_one.reload()
         assert user_one.username in user_one.unconfirmed_emails
+
+    def test_existing_user_orcid_overwrites(self, app, payload, url, user_one, session_data, csrf_token):
+        user_one.external_identity = {
+            'ORCID': {
+                '0000-0000-0000-0000': 'LINK',
+            }
+        }
+        user_one.save()
+        app.set_cookie(CSRF_COOKIE_NAME, csrf_token)
+        app.set_cookie(settings.COOKIE_NAME, str(session_data))
+        assert user_one.external_identity['ORCID'] == {'0000-0000-0000-0000': 'LINK'}
+        assert '0000-0000-0000-0000' in user_one.external_identity['ORCID']
+        payload['data']['attributes']['email'] = user_one.username
+        with capture_notifications():
+            res = app.post_json_api(url, payload, headers={'X-CSRFToken': csrf_token})
+        assert res.status_code == 200
+        user_one.reload()
+        assert user_one.external_identity['ORCID'] == {'1234-1234-1234-1234': 'LINK'}
diff --git a/framework/auth/views.py b/framework/auth/views.py
@@ -644,7 +644,6 @@ def external_login_confirm_email_get(auth, uid, token):
 
     user.date_last_logged_in = timezone.now()
     user.external_identity[provider][provider_id] = 'VERIFIED'
-    user.social[provider.lower()] = provider_id
     del user.email_verifications[token]
     user.verification_key = generate_verification_key()
     user.save()
@@ -1094,7 +1093,11 @@ def external_login_email_post():
             # 1. update user oauth, with pending status
             external_identity[external_id_provider][external_id] = 'LINK'
             if external_id_provider in user.external_identity:
-                user.external_identity[external_id_provider].update(external_identity[external_id_provider])
+                # v1 looks to be used because of /confirm/external/ usage for auth but add orcid external identity rewrite updates for v2 as well
+                if external_id_provider == settings.EXTERNAL_IDENTITY_PROFILE.get('OrcidProfile'):
+                    user.external_identity[external_id_provider] = external_identity[external_id_provider]
+                else:
+                    user.external_identity[external_id_provider].update(external_identity[external_id_provider])
             else:
                 user.external_identity.update(external_identity)
             if not user.accepted_terms_of_service and form.accepted_terms_of_service.data:
@@ -1129,7 +1132,6 @@ def external_login_email_post():
                 campaign=None,
                 accepted_terms_of_service=accepted_terms_of_service
             )
-            # TODO: [#OSF-6934] update social fields, verified social fields cannot be modified
             user.save()
             # 3. send confirmation email
             send_confirm_email_async(
diff --git a/osf/external/chronos/chronos.py b/osf/external/chronos/chronos.py
@@ -103,7 +103,6 @@ def serialize_user(cls, user):
             'GIVEN_NAME': user.given_name,
             'FULLNAME': user.fullname,
             'MIDDLE_NAME': user.middle_names,
-            'ORCID_ID': user.social.get('orcid', None),
             'PARTNER_USER_ID': user._id,
             'SURNAME': user.family_name,
         }
diff --git a/osf/management/commands/remove_orcid_from_user_social.py b/osf/management/commands/remove_orcid_from_user_social.py
@@ -0,0 +1,24 @@
+from django.core.management.base import BaseCommand
+from django.db.models.expressions import RawSQL
+from osf.models import OSFUser
+from datetime import datetime
+import logging
+
+logger = logging.getLogger(__name__)
+
+
+def remove_orcid_from_user_social():
+    start = datetime.now()
+    orcid_records = OSFUser.objects.filter(social__has_key='orcid')
+    logger.info(f'extracted orcid records count {orcid_records.count()}')
+    total_deleted_records = 0
+    while OSFUser.objects.filter(social__has_key='orcid').exists():
+        total_deleted_records += OSFUser.objects.filter(
+            id__in=OSFUser.objects.filter(social__has_key='orcid')[:10_000].values_list('id', flat=True)
+        ).update(social=RawSQL("""social #- '{orcid}'""", []))
+    logger.info(f'deleted orcid records count {total_deleted_records} in {datetime.now() - start}')
+
+
+class Command(BaseCommand):
+    def handle(self, *args, **kwargs):
+        remove_orcid_from_user_social()
diff --git a/osf/models/user.py b/osf/models/user.py
@@ -153,6 +153,7 @@ class OSFUser(DirtyFieldsMixin, GuidMixin, BaseModel, AbstractBaseUser, Permissi
         'schools',
         'social',
         'allow_indexing',
+        'external_identity',
     }
 
     # Overrides DirtyFieldsMixin, Foreign Keys checked by '<attribute_name>_id' rather than typical name.
@@ -163,7 +164,6 @@ class OSFUser(DirtyFieldsMixin, GuidMixin, BaseModel, AbstractBaseUser, Permissi
     #   search update for all nodes to which the user is a contributor.
 
     SOCIAL_FIELDS = {
-        'orcid': 'http://orcid.org/{}',
         'github': 'http://github.com/{}',
         'scholar': 'http://scholar.google.com/citations?user={}',
         'twitter': 'http://twitter.com/{}',
@@ -346,7 +346,6 @@ class OSFUser(DirtyFieldsMixin, GuidMixin, BaseModel, AbstractBaseUser, Permissi
     #     'twitter': <list of twitter usernames>,
     #     'github': <list of github usernames>,
     #     'linkedIn': <list of linkedin profiles>,
-    #     'orcid': <orcid for user>,
     #     'researcherID': <researcherID>,
     #     'impactStory': <impactStory identifier>,
     #     'scholar': <google scholar identifier>,
diff --git a/osf_tests/test_elastic_search.py b/osf_tests/test_elastic_search.py
@@ -1099,16 +1099,6 @@ def test_search_partial_special_character(self):
         contribs = search.search_contributor(self.name4.split(' ')[0][:-1])
         assert len(contribs['users']) == 0
 
-    def test_search_profile(self):
-        orcid = '123456'
-        user = factories.UserFactory()
-        user.social['orcid'] = orcid
-        user.save()
-        contribs = search.search_contributor(orcid)
-        assert len(contribs['users']) == 1
-        assert len(contribs['users'][0]['social']) == 1
-        assert contribs['users'][0]['social']['orcid'] == user.social_links['orcid']
-
 
 @pytest.mark.enable_search
 @pytest.mark.enable_enqueue_task
diff --git a/osf_tests/test_search_views.py b/osf_tests/test_search_views.py
@@ -174,7 +174,6 @@ def test_search_views(self):
 
         user_two.social = {
             'profileWebsites': [f'http://me.com/{user_two.given_name}'],
-            'orcid': user_two.given_name,
             'linkedIn': user_two.given_name,
             'scholar': user_two.given_name,
             'impactStory': user_two.given_name,
@@ -207,7 +206,6 @@ def test_search_views(self):
         assert 'ssrn' not in res.json['results'][0]['social']
         assert res.json['results'][0]['social']['profileWebsites'][0] == f'http://me.com/{user_two.given_name}'
         assert res.json['results'][0]['social']['impactStory'] == f'https://impactstory.org/u/{user_two.given_name}'
-        assert res.json['results'][0]['social']['orcid'] == f'http://orcid.org/{user_two.given_name}'
         assert res.json['results'][0]['social']['baiduScholar'] == f'http://xueshu.baidu.com/scholarID/{user_two.given_name}'
         assert res.json['results'][0]['social']['linkedIn'] == f'https://www.linkedin.com/{user_two.given_name}'
         assert res.json['results'][0]['social']['scholar'] == f'http://scholar.google.com/citations?user={user_two.given_name}'
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "OSF",
-  "version": "26.6.3",
+  "version": "26.7.0",
   "description": "Facilitating Open Science",
   "repository": "https://github.com/CenterForOpenScience/osf.io",
   "author": "Center for Open Science",
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "osf-io"
-version = "26.6.3"
+version = "26.7.0"
 description = "The code for [https://osf.io](https://osf.io)."
 authors = ["Your Name <you@example.com>"]
 license = "Apache License 2.0"
diff --git a/tests/identifiers/test_crossref.py b/tests/identifiers/test_crossref.py
@@ -294,20 +294,6 @@ def test_metadata_contributor_orcid(self, crossref_client, preprint):
         assert contributors.find('.//{%s}ORCID' % crossref.CROSSREF_NAMESPACE).text == f'https://orcid.org/{ORCID}'
         assert contributors.find('.//{%s}ORCID' % crossref.CROSSREF_NAMESPACE).attrib == {'authenticated': 'true'}
 
-        # unverified (only in profile)
-        contributor.external_identity = {}
-        contributor.social = {
-            'orcid': ORCID
-        }
-        contributor.save()
-
-        crossref_xml = crossref_client.build_metadata(preprint)
-        root = lxml.etree.fromstring(crossref_xml)
-        contributors = root.find('.//{%s}contributors' % crossref.CROSSREF_NAMESPACE)
-
-        # Do not send unverified ORCID to crossref
-        assert contributors.find('.//{%s}ORCID' % crossref.CROSSREF_NAMESPACE) is None
-
     def test_metadata_none_license_update(self, crossref_client, preprint):
         crossref_xml = crossref_client.build_metadata(preprint)
         root = lxml.etree.fromstring(crossref_xml)
diff --git a/website/static/js/profile.js b/website/static/js/profile.js
@@ -43,7 +43,6 @@ function urlRegex() {
 }
 
 var socialRules = {
-    orcid: /orcid\.org\/([-\d]+)/i,
     researcherId: /researcherid\.com\/rid\/([-\w]+)/i,
     scholar: /scholar\.google\.com\/citations\?user=(\w+)/i,
     twitter: /twitter\.com\/(\w+)/i,
@@ -601,10 +600,6 @@ var SocialViewModel = function(urls, modes, preventUnsaved) {
         return true;
     });
 
-    self.orcid = extendLink(
-        ko.observable().extend({trimmed: true, cleanup: cleanByRule(socialRules.orcid)}),
-        self, 'orcid', 'http://orcid.org/'
-    );
     self.researcherId = extendLink(
         ko.observable().extend({trimmed: true, cleanup: cleanByRule(socialRules.researcherId)}),
         self, 'researcherId', 'http://researcherId.com/rid/'
@@ -653,7 +648,6 @@ var SocialViewModel = function(urls, modes, preventUnsaved) {
 
     self.trackedProperties = [
         self.profileWebsites,
-        self.orcid,
         self.researcherId,
         self.twitter,
         self.scholar,
@@ -675,7 +669,6 @@ var SocialViewModel = function(urls, modes, preventUnsaved) {
 
     self.values = ko.computed(function() {
         return [
-            {label: 'ORCID', text: self.orcid(), value: self.orcid.url()},
             {label: 'ResearcherID', text: self.researcherId(), value: self.researcherId.url()},
             {label: 'Twitter', text: self.twitter(), value: self.twitter.url()},
             {label: 'GitHub', text: self.github(), value: self.github.url()},
diff --git a/website/templates/include/profile/social.mako b/website/templates/include/profile/social.mako
diff --git a/website/templates/project/modal_add_contributor.mako b/website/templates/project/modal_add_contributor.mako
diff --git a/website/templates/search.mako b/website/templates/search.mako

Original file line number	Diff line number	Diff line change
`@@ -19,5 +19,7 @@`
`19`	`19`	`re_path(r'^empty_metadata_dataarchive_registration_bulk_resync', views.EmptyMetadataDataarchiveRegistrationBulkResync.as_view(),`
`20`	`20`	`name='empty-metadata-dataarchive-registration-bulk-resync'),`
`21`	`21`	`re_path(r'^sync_notification_templates', views.SyncNotificationTemplates.as_view(),`
`22`		`- name='sync_notification_templates')`
	`22`	`+ name='sync_notification_templates'),`
	`23`	`+ re_path(r'^remove_orcid_from_user_social', views.RemoveOrcidFromUserSocial.as_view(),`
	`24`	`+ name='remove_orcid_from_user_social')`
`23`	`25`	`]`
Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,6 @@ def user(self):`
`22`	`22`	`twitter='userOneTwitter',`
`23`	`23`	`linkedIn='userOneLinkedIn',`
`24`	`24`	`impactStory='userOneImpactStory',`
`25`		`- orcid='userOneOrcid',`
`26`	`25`	`researcherId='userOneResearcherId'`
`27`	`26`	`)`
`28`	`27`	`)`