@openneuro/server 4.25.0 → 4.25.1-orcid-demo.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openneuro/server",
-  "version": "4.25.0",
+  "version": "4.25.1-orcid-demo.0",
   "description": "Core service for the OpenNeuro platform.",
   "license": "MIT",
   "main": "src/server.js",
@@ -21,7 +21,7 @@
     "@elastic/elasticsearch": "8.13.1",
     "@graphql-tools/schema": "^10.0.0",
     "@keyv/redis": "^2.7.0",
-    "@openneuro/search": "^4.25.0",
+    "@openneuro/search": "^4.25.1-orcid-demo.0",
     "@passport-next/passport-google-oauth2": "^1.0.0",
     "@sentry/node": "^4.5.3",
     "base64url": "^3.0.0",
@@ -52,7 +52,7 @@
     "passport-google-oauth20": "^1.0.0",
     "passport-jwt": "^4.0.0",
     "passport-oauth2-refresh": "^2.0.0",
-    "passport-orcid": "^0.0.3",
+    "passport-orcid": "0.0.4",
     "react": "^18.2.0",
     "react-dom": "^18.2.0",
     "redlock": "^4.0.0",
@@ -86,5 +86,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "294a30606b3851318666efca9f987ccf8af8c5e7"
+  "gitHead": "259ffc8b9203f57385bc42f151ba72202f743006"
 }

package/src/graphql/schema.ts

@@ -317,8 +317,8 @@ export const typeDefs = `
     created: DateTime!
     modified: DateTime
     lastSeen: DateTime
-    email: String!
-    name: String!
+    email: String
+    name: String
     admin: Boolean
     blocked: Boolean
   }

package/src/handlers/config.ts

@@ -9,8 +9,7 @@ const config = {
   GOOGLE_CLIENT_ID: process.env.GOOGLE_CLIENT_ID,
   GLOBUS_CLIENT_ID: process.env.GLOBUS_CLIENT_ID,
   ORCID_CLIENT_ID: process.env.ORCID_CLIENT_ID,
-  ORCID_URI: process.env.ORCID_URI,
-  ORCID_REDIRECT_URI: process.env.ORCID_REDIRECT_URI,
+  ORCID_API_ENDPOINT: process.env.ORCID_API_ENDPOINT,
   GOOGLE_TRACKING_IDS: process.env.GOOGLE_TRACKING_IDS,
   ENVIRONMENT: process.env.ENVIRONMENT,
   SUPPORT_URL: process.env.FRESH_DESK_URL,

package/src/handlers/datalad.ts

@@ -39,9 +39,11 @@ export const getFile = async (req, res) => {
       }
     } catch (err) {
       // ConnectTimeoutError is Node/Undici and TimeoutError is the standard DOMException name
+      // "fetch failed" can mean the connection failed at setup (network is unavailable)
       if (
         err?.cause?.name === "ConnectTimeoutError" ||
-        err?.name === "TimeoutError"
+        err?.name === "TimeoutError" ||
+        err?.name === "TypeError" && err?.message.includes("fetch failed")
       ) {
         // Unreachable backend, forward this error
         // Usually this is the service restarting due to node migrations or upgrades

package/src/libs/authentication/__tests__/passport.spec.ts

@@ -0,0 +1,57 @@
+import { vi } from "vitest"
+vi.mock("../../../config.ts")
+import { loadProfile } from "../passport"
+
+describe("passport.loadProfile()", () => {
+  it("handles example orcid profile", () => {
+    const profile = {
+      provider: "orcid",
+      providerId: "0000-0000-0000-0000",
+      orcid: "0000-0000-0000-0000",
+      info: {
+        email: "test@example.com",
+        name: "Test User",
+      },
+    }
+    const result = loadProfile(profile)
+    if (result instanceof Error) {
+      expect(result).not.toBeInstanceOf(Error)
+    } else {
+      expect(result.email).toEqual(profile.info.email)
+      expect(result.name).toEqual(profile.info.name)
+    }
+  })
+  it("handles an ORCID without preferred name or email", () => {
+    const profile = {
+      provider: "orcid",
+      providerId: "0000-0000-0000-0000",
+      orcid: "0000-0000-0000-0000",
+      info: {},
+    }
+    const result = loadProfile(profile)
+    if (result instanceof Error) {
+      expect(result).not.toBeInstanceOf(Error)
+    } else {
+      expect(result.email).toBeUndefined()
+      expect(result.name).toEqual("Anonymous User")
+    }
+  })
+  it("handles an example Google account", () => {
+    const profile = {
+      provider: "google",
+      providerId: "1234-5678-1011",
+      displayName: "Test User",
+      emails: [
+        { value: "test@example.com", verified: false },
+        { value: "test2@example.com", verified: true },
+      ],
+    }
+    const result = loadProfile(profile)
+    if (result instanceof Error) {
+      expect(result).not.toBeInstanceOf(Error)
+    } else {
+      expect(result.email).toEqual("test2@example.com")
+      expect(result.name).toEqual("Test User")
+    }
+  })
+})

package/src/libs/authentication/passport.ts

@@ -23,7 +23,7 @@ interface OauthProfile {
   refresh?: string
 }
 
-const loadProfile = (profile): OauthProfile | Error => {
+export const loadProfile = (profile): OauthProfile | Error => {
   if (profile.provider === PROVIDERS.GOOGLE) {
     // Get the account email from Google profile
     const primaryEmail = profile.emails
@@ -31,15 +31,15 @@ const loadProfile = (profile): OauthProfile | Error => {
       .shift()
     return {
       email: primaryEmail.value,
-      name: profile.displayName,
+      name: profile?.displayName || "Anonymous User",
       provider: profile.provider,
       providerId: profile.id,
       refresh: undefined,
     }
   } else if (profile.provider === PROVIDERS.ORCID) {
     return {
-      email: profile.info.email,
-      name: profile.info.name,
+      email: profile?.info?.email,
+      name: profile?.info?.name || "Anonymous User",
       provider: profile.provider,
       providerId: profile.orcid,
       orcid: profile.orcid,
@@ -161,6 +161,7 @@ export const setupPassportAuth = () => {
           config.auth.orcid.apiURI.includes("sandbox"),
         clientID: config.auth.orcid.clientID,
         clientSecret: config.auth.orcid.clientSecret,
+        scope: "/read-limited",
         callbackURL: `${config.url + config.apiPrefix}auth/orcid/callback`,
       },
       verifyORCIDUser,

package/src/libs/orcid.ts

@@ -20,22 +20,12 @@ export default {
         },
         (err, res) => {
           if (err) {
-            return reject({
+            reject({
               message:
                 "An unexpected ORCID login failure occurred, please try again later.",
             })
           }
-          let doc
-          // Catch issues with parsing this response
-          try {
-            doc = new xmldoc.XmlDocument(res.body)
-          } catch (err) {
-            return reject({
-              type: "config",
-              message:
-                "ORCID auth response invalid, most likely this is a misconfigured ORCID_API_ENDPOINT value",
-            })
-          }
+          const doc = new xmldoc.XmlDocument(res.body)
           let name = doc.valueWithPath(
             "person:person.person:name.personal-details:credit-name",
           )
@@ -49,32 +39,14 @@ export default {
             "person:person.email:emails.email:email.email:email",
           )
 
-          if (!name) {
-            if (!firstname) {
-              return reject({
-                type: "given",
-                message:
-                  "Your ORCID account does not have a given name, or it is not public. Please fix your account before continuing.",
-              })
-            } else if (!lastname) {
-              return reject({
-                type: "family",
-                message:
-                  "Your ORCID account does not have a family name, or it is not public. Please fix your account before continuing.",
-              })
-            } else {
+          if (!name && firstname && lastname) {
+            if (firstname && lastname) {
               name = `${firstname} ${lastname}`
+            } else {
+              name = lastname || firstname
             }
           }
 
-          if (!email) {
-            return reject({
-              type: "email",
-              message:
-                "Your ORCID account does not have an e-mail, or your e-mail is not public. Please fix your account before continuing.",
-            })
-          }
-
           resolve({
             name,
             email,