pkp/pkp-lib#10819 Unable to update OAuth scope for authenticated ORCIDs

ewhanson · Jan 31, 2025 · ffa54cf · ffa54cf
1 parent b40af6e
commit ffa54cf
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 6 deletions.
diff --git a/config.TEMPLATE.inc.php b/config.TEMPLATE.inc.php
@@ -162,8 +162,8 @@
 [cache]
 
 ; Default driver for Laravel-based caching. Currently supports opcache and file drivers.
-; By default, the opcache is used.
-; default = opcache
+; By default, the file is used.
+; default = file
 
 ; Path to store cache contents for file or opcode based caches.
 ; path = cache/opcache

diff --git a/dbscripts/xml/upgrade.xml b/dbscripts/xml/upgrade.xml
@@ -159,6 +159,7 @@
 		<migration class="PKP\migration\upgrade\v3_5_0\FilterClassNames"/>
 		<migration class="APP\migration\upgrade\v3_5_0\I10620_EditorialBoardMemberRole"/>
 		<migration class="APP\migration\upgrade\v3_5_0\I9707_WeblateUILocales"/>
+		<migration class="PKP\migration\upgrade\v3_5_0\I10819_OrcidOauthScopeMail"/>
 		<note file="docs/release-notes/README-3.5.0" />
 	</upgrade>
 

diff --git a/jobs/orcid/DepositOrcidReview.php b/jobs/orcid/DepositOrcidReview.php
@@ -21,12 +21,15 @@
 use APP\orcid\OrcidReview;
 use Carbon\Carbon;
 use GuzzleHttp\Exception\ClientException;
+use Illuminate\Contracts\Queue\ShouldBeUnique;
 use PKP\config\Config;
 use PKP\jobs\BaseJob;
+use PKP\jobs\orcid\SendUpdateScopeMail;
+use PKP\orcid\enums\OrcidDepositType;
 use PKP\orcid\OrcidManager;
 use PKP\submission\reviewAssignment\ReviewAssignment;
 
-class DepositOrcidReview extends BaseJob
+class DepositOrcidReview extends BaseJob implements ShouldBeUnique
 {
     public function __construct(
         private int $reviewAssignmentId
@@ -45,7 +48,7 @@ public function handle(): void
         }
 
         if (!in_array($reviewAssignment->getStatus(), ReviewAssignment::REVIEW_COMPLETE_STATUSES)) {
-            $this->fail('Review assignment was not completed.');
+            return;
         }
 
         $submission = Repo::submission()->get($reviewAssignment->getSubmissionId());
@@ -56,7 +59,7 @@ public function handle(): void
             $this->fail('Application is set to sandbox mode and will not interact with the ORCID service');
         }
 
-        if (OrcidManager::isEnabled($context)) {
+        if (!OrcidManager::isEnabled($context)) {
             return;
         }
 
@@ -71,6 +74,13 @@ public function handle(): void
         $reviewer = Repo::user()->get($reviewAssignment->getData('reviewerId'));
 
         if ($reviewer->getOrcid() && $reviewer->getData('orcidAccessToken')) {
+            // Check user scope, if public API, stop here and request member scope
+            if ($reviewer->getData('orcidAccessScope') !== OrcidManager::ORCID_API_SCOPE_MEMBER) {
+                // Request member scope and retry deposit
+                dispatch(new SendUpdateScopeMail($reviewer, $context->getId(), $this->reviewAssignmentId, OrcidDepositType::REVIEW));
+                return;
+            }
+
             $orcidAccessExpiresOn = Carbon::parse($reviewer->getData('orcidAccessExpiresOn'));
             if ($orcidAccessExpiresOn->isFuture()) {
                 # Extract only the ORCID from the stored ORCID uri
@@ -121,12 +131,17 @@ public function handle(): void
                             OrcidManager::logError("Unexpected status {$httpStatus} response, body: " . json_encode($responseHeaders));
                     }
                 } catch (ClientException $exception) {
-                    $reason = $exception->getResponse()->getBody();
+                    $reason = $exception->getResponse()->getBody()->getContents();
                     OrcidManager::logError("Publication fail: {$reason}");
 
                     $this->fail($exception);
                 }
             }
         }
     }
+
+    public function uniqueId(): string
+    {
+        return (string) $this->reviewAssignmentId;
+    }
 }
diff --git a/registry/emailTemplates.xml b/registry/emailTemplates.xml
@@ -81,4 +81,5 @@
 	<email key="ORCID_REQUEST_AUTHOR_AUTHORIZATION" name="orcidProfile.orcidRequestAuthorAuthorization.name"  subject="emails.orcidRequestAuthorAuthorization.subject" body="emails.orcidRequestAuthorAuthorization.body"/>
 	<email key="USER_ROLE_ASSIGNMENT_INVITATION" name="mailable.userRoleAssignmentInvitationNotify.name" subject="emails.userRoleAssignmentInvitationNotify.subject" body="emails.userRoleAssignmentInvitationNotify.body"/>
 	<email key="USER_ROLE_END" name="mailable.userRoleEndNotify.name" subject="emails.userRoleEndNotify.subject" body="emails.userRoleEndNotify.body"/>
+	<email key="ORCID_REQUEST_UPDATE_SCOPE" name="orcid.orcidRequestUpdateScope.name"  subject="emails.orcidRequestUpdateScope.subject" body="emails.orcidRequestUpdateScope.body"/>
 </emails>