Merge branch 'main' into 9708-add-lastmodified-column-to-the-dwprofileinfoforspamcheck

Author: Camelia-Orcid

CHANGELOG.md

@@ -1,3 +1,17 @@
+## v2.76.1 - 2025-03-25
+
+[Full Changelog](https://github.com/ORCID/ORCID-Source/compare/v2.76.0...v2.76.1)
+
+- [#7261](https://github.com/ORCID/ORCID-Source/pull/7261): 404-redirects
+
+## v2.76.0 - 2025-03-25
+
+[Full Changelog](https://github.com/ORCID/ORCID-Source/compare/v2.75.0...v2.76.0)
+
+## v2.75.0 - 2025-03-25
+
+[Full Changelog](https://github.com/ORCID/ORCID-Source/compare/v2.74.0...v2.75.0)
+
 ## v2.74.0 - 2025-03-25
 
 [Full Changelog](https://github.com/ORCID/ORCID-Source/compare/v2.73.7...v2.74.0)

orcid-core/src/main/java/org/orcid/core/manager/v3/NotificationManager.java

@@ -20,6 +20,8 @@ public interface NotificationManager {
     void sendNotificationToAddedDelegate(String userGrantingPermission, String userReceivingPermission);
 
     void sendNotificationToUserGrantingPermission(String userGrantingPermission, String userReceivingPermission);
+    
+    void sendRevokeNotificationToUserGrantingPermission(String userGrantingPermission, String userReceivingPermission);
 
     Notification sendAmendEmail(String userOrcid, AmendedSection amendedSection, Collection<Item> activities);
 

orcid-core/src/main/java/org/orcid/core/manager/v3/impl/NotificationManagerImpl.java

@@ -341,6 +341,49 @@ public void sendNotificationToUserGrantingPermission(String userGrantingPermissi
         notification.setBodyText(text);
         createNotification(userGrantingPermission, notification);
     }
+    
+    
+    @Override
+    public void sendRevokeNotificationToUserGrantingPermission(String userGrantingPermission, String userReceivingPermission) {
+        ProfileEntity userGrantingProfileEntity = profileEntityCacheManager.retrieve(userGrantingPermission);
+        String emailName = recordNameManagerV3.deriveEmailFriendlyName(userGrantingPermission);
+
+        Locale userLocale = getUserLocaleFromProfileEntity(userGrantingProfileEntity);
+
+        String subject = messages.getMessage("email.subject.delegate.revoked", new String[] { emailName }, userLocale); 
+        String emailNameForDelegate = recordNameManagerV3.deriveEmailFriendlyName(userReceivingPermission);
+
+        org.orcid.jaxb.model.v3.release.record.Email primaryEmail = emailManager.findPrimaryEmail(userGrantingPermission);
+        String grantingOrcidEmail = primaryEmail.getEmail();
+        String assetsUrl = getAssetsUrl();
+        Map<String, Object> templateParams = new HashMap<String, Object>();
+        templateParams.put("emailName", emailName);
+        templateParams.put("orcidValue", userGrantingPermission);
+        templateParams.put("emailNameForDelegate", emailNameForDelegate);
+        templateParams.put("orcidValueForDelegate", userReceivingPermission);
+        templateParams.put("grantingOrcidValue", userGrantingPermission);
+        templateParams.put("grantingOrcidName", recordNameManagerV3.deriveEmailFriendlyName(userGrantingPermission));
+        templateParams.put("baseUri", orcidUrlManager.getBaseUrl());
+        templateParams.put("baseUriHttp", orcidUrlManager.getBaseUriHttp());
+        templateParams.put("grantingOrcidEmail", grantingOrcidEmail);
+        templateParams.put("subject", subject);
+        templateParams.put("assetsUrl", assetsUrl);
+
+        addMessageParams(templateParams, userLocale);
+
+        // Generate body from template
+        String text = templateManager.processTemplate("delegate_revoke_notification.ftl", templateParams);
+        // Generate html from template
+        String html = templateManager.processTemplate("delegate_revoke_notification_html.ftl", templateParams);
+        
+        NotificationAdministrative notification = new NotificationAdministrative();
+        notification.setNotificationType(NotificationType.ADMINISTRATIVE);
+        notification.setSubject(subject);
+        notification.setBodyHtml(html);
+        notification.setBodyText(text);
+        createNotification(userGrantingPermission, notification);
+    }
+
 
     public String createEmailBaseUrl(String unencryptedParams, String baseUri, String path) {
         // Encrypt and encode params

orcid-core/src/main/resources/i18n/email_subject_en.properties

@@ -21,3 +21,4 @@ email.subject.reactivatingAccount=[ORCID] Reactivating your ORCID account
 email.subject.register.welcome=[ORCID] Welcome to ORCID - verify your email address
 email.subject.delegate.recipient=[ORCID] You've made an Account Delegate!
 email.subject.add_works=[ORCID] Add Research Outputs to your ORCID record
+email.subject.delegate.revoked=[ORCID] {0} has revoked their Account Delegate access to your record

orcid-core/src/main/resources/i18n/email_subject_lr.properties

@@ -21,3 +21,4 @@ email.subject.reactivation=LR
 email.subject.reactivatingAccount=LR
 email.subject.register.welcome=LR
 email.subject.delegate.recipient=LR
+email.subject.delegate.revoked=LR

orcid-core/src/main/resources/i18n/email_subject_rl.properties

@@ -21,3 +21,4 @@ email.subject.reactivation=RL
 email.subject.reactivatingAccount=RL
 email.subject.register.welcome=RL
 email.subject.delegate.recipient=RL
+email.subject.delegate.revoked=RL

orcid-core/src/main/resources/i18n/email_subject_xx.properties

@@ -21,3 +21,4 @@ email.subject.reactivation=X
 email.subject.reactivatingAccount=X
 email.subject.register.welcome=X
 email.subject.delegate.recipient=X
+email.subject.delegate.revoked=X

orcid-core/src/main/resources/i18n/notification_delegate_en.properties

@@ -12,3 +12,8 @@ notification.delegate.receipt.tutorial=For a tutorial on the functions that you
 notification.delegate.receipt.questions=If you have questions or concerns about being an Account Delegate, please contact
 notification.delegate.receipt.helpDesk=or the ORCID Help Desk at
 
+notification.delegate.receipt.revokeTrustedIndividual=has revoked their Account Delegate access to your ORCID record
+notification.delegate.receipt.revokeAccessYourRecord=They can no longer access or manage information on your record and have been removed from your list of
+notification.delegate.receipt.trustedIndividuals=Trusted Individuals
+notification.delegate.receipt.revokeConcerns=If you have questions or concerns about account delegation, please contact the ORCID Help Desk at
+

orcid-core/src/main/resources/i18n/notification_delegate_lr.properties

@@ -13,3 +13,8 @@ notification.delegate.receipt.orcidRecord=LR
 notification.delegate.receipt.tutorial=LR
 notification.delegate.receipt.questions=LR
 notification.delegate.receipt.helpDesk=LR
+
+notification.delegate.receipt.revokeTrustedIndividual=LR
+notification.delegate.receipt.revokeAccessYourRecord=LR
+notification.delegate.receipt.trustedIndividuals=LR
+notification.delegate.receipt.revokeConcerns=LR

orcid-core/src/main/resources/i18n/notification_delegate_rl.properties

@@ -13,3 +13,8 @@ notification.delegate.receipt.orcidRecord=RL
 notification.delegate.receipt.tutorial=RL
 notification.delegate.receipt.questions=RL
 notification.delegate.receipt.helpDesk=RL
+
+notification.delegate.receipt.revokeTrustedIndividual=RL
+notification.delegate.receipt.revokeAccessYourRecord=RL
+notification.delegate.receipt.trustedIndividuals=RL
+notification.delegate.receipt.revokeConcerns=RL

orcid-core/src/main/resources/i18n/notification_delegate_xx.properties

@@ -13,3 +13,8 @@ notification.delegate.receipt.orcidRecord=XX
 notification.delegate.receipt.tutorial=XX
 notification.delegate.receipt.questions=XX
 notification.delegate.receipt.helpDesk=XX
+
+notification.delegate.receipt.revokeTrustedIndividual=XX
+notification.delegate.receipt.revokeAccessYourRecord=XX
+notification.delegate.receipt.trustedIndividuals=XX
+notification.delegate.receipt.revokeConcerns=XX

orcid-core/src/main/resources/org/orcid/core/template/delegate_revoke_notification.ftl

@@ -0,0 +1,12 @@
+<#import "email_macros.ftl" as emailMacros />
+
+<#include "notification_header.ftl"/>
+<@emailMacros.msg "notification.share.record" />
+
+${emailNameForDelegate}<@emailMacros.space /><a style="text-decoration: underline;color: #085c77;display: inline-block;" href="${baseUri}/${orcidValueForDelegate}" target="_blank">
+                (${baseUri}/${orcidValueForDelegate})
+            </a> <@emailMacros.space /><@emailMacros.msg "notification.delegate.receipt.revokeTrustedIndividual" />.
+
+<@emailMacros.msg "notification.delegate.receipt.revokeAccessYourRecord" /><@emailMacros.space /><a style="text-decoration: underline;color: #085c77;display: inline-block;" href="${baseUri}/trusted-parties" target="_blank">
+                <@emailMacros.msg "notification.delegate.receipt.trustedIndividuals" />
+            </a>

orcid-core/src/main/resources/org/orcid/core/template/delegate_revoke_notification_html.ftl

@@ -0,0 +1,27 @@
+<#import "email_macros.ftl" as emailMacros />
+<#escape x as x?html>
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>${subject}</title>
+    </head>
+    <body>
+    <#include "notification_header_html.ftl"/>
+            <p>
+                <b>${emailNameForDelegate}</b>
+                <@emailMacros.space />
+            <a style="text-decoration: underline;color: #085c77;display: inline-block;" href="${baseUri}/${orcidValueForDelegate}" target="_blank">
+                (${baseUri}/${orcidValueForDelegate})
+            </a>
+                <@emailMacros.space />
+                <@emailMacros.msg "notification.delegate.receipt.revokeTrustedIndividual" />
+            <p>
+                <@emailMacros.msg "notification.delegate.receipt.revokeAccessYourRecord" /><@emailMacros.space />
+            <@emailMacros.space /><a style="text-decoration: underline;color: #085c77;display: inline-block;" href="${baseUri}/trusted-parties" target="_blank">
+                <@emailMacros.msg "notification.delegate.receipt.trustedIndividuals" />
+            </a>
+            </p>
+            <#include "notification_footer_html.ftl"/>
+        </body>
+ </html>
+ </#escape>

orcid-web/src/main/java/org/orcid/frontend/web/controllers/ManageProfileController.java

@@ -135,6 +135,9 @@ public class ManageProfileController extends BaseWorkspaceController {
 
     @Resource
     private SlackManager slackManager;
+    
+    @Resource(name = "notificationManagerV3")
+    private NotificationManager notificationManager;
 
     @RequestMapping
     public ModelAndView manageProfile() {
@@ -218,6 +221,13 @@ public ModelAndView manageProfile() {
         givenPermissionToManager.remove(getCurrentUserOrcid(), manageDelegate.getDelegateToManage());
         return manageDelegate;
     }
+    
+    @RequestMapping(value = "/revokeOwnPermission.json", method = RequestMethod.POST)
+    public @ResponseBody ManageDelegate revokeOwnDelegate(@RequestBody ManageDelegate manageDelegate) {
+        givenPermissionToManager.remove(manageDelegate.getDelegateToManage(),getCurrentUserOrcid());
+        notificationManager.sendRevokeNotificationToUserGrantingPermission(manageDelegate.getDelegateToManage(),getCurrentUserOrcid());
+        return manageDelegate;
+    }
 
     @RequestMapping(value = "/socialAccounts.json", method = RequestMethod.GET)
     public @ResponseBody List<UserconnectionEntity> getSocialAccountsJson(HttpServletRequest request) {

orcid-web/src/main/resources/orcid-frontend-security.xml

@@ -418,11 +418,14 @@
 			access="ROLE_USER" />
 		<sec:intercept-url pattern="/2FA/authenticationCode.json(\?.*)?"
 			access="ROLE_USER" />
-		<sec:intercept-url pattern="/2FA/submitCode.json(\?.*)?"
-			access="ROLE_USER" />		
-		<sec:intercept-url pattern="/.*" method="POST" access="ROLE_USER"/>  
-
-
+    <sec:intercept-url pattern="/2FA/submitCode.json(\?.*)?"
+			access="ROLE_USER" />
+			
+		<!-- Allow GET requests (no authentication needed) -->
+		<sec:intercept-url pattern="/.*" method="GET" access="IS_AUTHENTICATED_ANONYMOUSLY" />
+		<!-- Require ROLE_USER for all other methods -->
+		<sec:intercept-url pattern="/.*" access="ROLE_USER" />
+		
 		<sec:form-login login-processing-url="/signin/auth.json" authentication-details-source-ref="authenticationDetailsSource"
 						login-page="${org.orcid.core.baseUri}/signin" authentication-success-handler-ref="ajaxAuthenticationSuccessHandler"
 						authentication-failure-handler-ref="ajaxAuthenticationFailureHandler"

properties/development.properties

@@ -289,6 +289,18 @@ org.orcid.core.utils.cache.papi.redis.port=6379
 org.orcid.core.utils.cache.papi.redis.password=xxxx
 org.orcid.core.utils.cache.papi.redis.enabled=true
 
+# CSRF Cookie settings
 org.orcid.core.csrf.domain=dev.orcid.org
 org.orcid.scheduler.web.processOrgsForIndexing=0 48 12 * * *
 org.orcid.admin.registry.url:https://dev.orcid.org
+
+# Redis to hold session data
+org.orcid.core.session.cookie.domain=dev.orcid.org
+org.orcid.core.utils.cache.session.redis.host=xxxx
+org.orcid.core.utils.cache.session.redis.port=6379
+org.orcid.core.utils.cache.session.redis.password=xxxx
+org.orcid.core.utils.cache.session.redis.pool.idle.max=10
+org.orcid.core.utils.cache.session.redis.pool.max=10
+org.orcid.core.utils.cache.session.redis.pool.wait.millis=1000
+org.orcid.core.utils.cache.session.redis.connection_timeout_millis=1000
+org.orcid.core.utils.cache.session.redis.session.timeout=600