Merge branch 'main' into allow-token-exchange-if-at-least-one-token-i…

…s-not-revoked

CHANGELOG.md

@@ -1,3 +1,11 @@
+## v2.71.22 - 2025-02-20
+
+[Full Changelog](https://github.com/ORCID/ORCID-Source/compare/v2.71.21...v2.71.22)
+
+## v2.71.21 - 2025-02-19
+
+[Full Changelog](https://github.com/ORCID/ORCID-Source/compare/v2.71.20...v2.71.21)
+
 ## v2.71.20 - 2025-02-15
 
 [Full Changelog](https://github.com/ORCID/ORCID-Source/compare/v2.71.19...v2.71.20)

orcid-core/src/main/java/org/orcid/pojo/AdminResetPasswordLink.java

@@ -5,7 +5,7 @@
 public class AdminResetPasswordLink {
     private String resetLink;
 
-    private String email;
+    private String orcidOrEmail;
 
     private String error;
 
@@ -21,12 +21,12 @@ public void setResetLink(String resetLink) {
         this.resetLink = resetLink;
     }
 
-    public String getEmail() {
-        return email;
+    public String getOrcidOrEmail() {
+        return orcidOrEmail;
     }
 
-    public void setEmail(String email) {
-        this.email = email;
+    public void setOrcidOrEmail(String orcidOrEmail) {
+        this.orcidOrEmail = orcidOrEmail;
     }
 
     public String getError() {

orcid-web/src/main/java/org/orcid/frontend/web/controllers/AdminController.java

@@ -88,23 +88,22 @@ public class AdminController extends BaseController {
 
     @Resource(name = "clientDetailsManagerV3")
     private ClientDetailsManager clientDetailsManager;
-    
+
     @Resource
     private VerifyEmailUtils verifyEmailUtils;
-    
+
     @Resource
     private EncryptionManager encryptionManager;
 
     @Resource(name = "spamManager")
     SpamManager spamManager;
-    
-    @Resource 
+
+    @Resource
     private RecordEmailSender recordEmailSender;
-    
+
     @Resource
     private TwoFactorAuthenticationManager twoFactorAuthenticationManager;
-
-
+
     @Value("${org.orcid.admin.registry.url:https://orcid.org}")
     private String registryUrl;
 
@@ -120,7 +119,7 @@ public class AdminController extends BaseController {
     private static final String OUT_NOT_AVAILABLE = "N/A";
     private static final String OUT_NOT_AVAILABLE_ID = "N/A                ";
     private static final String OUT_NEW_LINE = "\n";
-    
+
     private static final int RESET_PASSWORD_LINK_DURATION = 24;
 
     private void isAdmin(HttpServletRequest serverRequest, HttpServletResponse response) throws IllegalAccessException {
@@ -347,7 +346,8 @@ else if (PojoUtil.isEmpty(email) || !validateEmailAddress(email))
         }
 
         if (profileDetails.getErrors() == null || profileDetails.getErrors().size() == 0) {
-            // Return a list of email addresses that should be notified by this change
+            // Return a list of email addresses that should be notified by this
+            // change
             List<String> emailsToNotify = profileEntityManager.reactivate(orcid, email, null);
             // Notify any new email address
             if (!emailsToNotify.isEmpty()) {
@@ -644,7 +644,7 @@ public Map<String, String> findIdByEmailHelper(String csvEmails) {
         }
         return form;
     }
-    
+
     /**
      * Reset password validate
      * 
@@ -656,18 +656,34 @@ public Map<String, String> findIdByEmailHelper(String csvEmails) {
             @RequestBody AdminResetPasswordLink form) throws IllegalAccessException, UnsupportedEncodingException {
         isAdmin(serverRequest, response);
         form.setError(null);
-        String email = URLDecoder.decode(form.getEmail(), "UTF-8").trim();
-        LOGGER.debug("The email to reset password link to is: " + email);
-        if (OrcidStringUtils.isEmailValid(email) && emailManager.emailExists(email)) {
-            Pair<String, Date> resetLinkData = verifyEmailUtils.createResetLinkForAdmin(email, registryUrl);
+        String orcidOrEmail = URLDecoder.decode(form.getOrcidOrEmail(), "UTF-8").trim();
+        boolean isOrcid = OrcidStringUtils.isValidOrcid(orcidOrEmail);
+        String orcid = null;
+        // If it is not an orcid, check the value from the emails table
+        if (!isOrcid) {
+            if (OrcidStringUtils.isEmailValid(orcidOrEmail) && emailManager.emailExists(orcidOrEmail)) {
+                orcid = emailManager.findOrcidIdByEmail(orcidOrEmail);
+            } else {
+                form.setError(getMessage("admin.errors.unable_to_fetch_info"));
+                return form;
+            }
+        } else {
+            orcid = orcidOrEmail;
+        }
+
+        if (!PojoUtil.isEmpty(orcid) && profileEntityManager.orcidExists(orcid)) {
+            Pair<String, Date> resetLinkData = verifyEmailUtils.createResetLinkForAdmin(orcid, registryUrl);
             LOGGER.debug("Reset link to be sent to the client: " + resetLinkData.getKey());
-            
+
             form.setResetLink(resetLinkData.getKey());
             form.setIssueDate(resetLinkData.getValue());
-            form.setDurationInHours(RESET_PASSWORD_LINK_DURATION); 
+            form.setDurationInHours(RESET_PASSWORD_LINK_DURATION);
+
         } else {
-            form.setError(getMessage("admin.errors.unexisting_email"));
+            form.setError(getMessage("admin.errors.unexisting_orcid"));
+            return form;
         }
+
         return form;
     }
 
@@ -862,10 +878,11 @@ private String getOrcidFromParam(String orcidOrEmail) {
                         } else if (lockAccounts.getDescription() == null || lockAccounts.getDescription().isEmpty()) {
                             descriptionMissing.add(nextToken);
                         } else {
-                            boolean wasLocked = profileEntityManager.lockProfile(orcidId, lockAccounts.getLockReason(), lockAccounts.getDescription(), getCurrentUserOrcid());
+                            boolean wasLocked = profileEntityManager.lockProfile(orcidId, lockAccounts.getLockReason(), lockAccounts.getDescription(),
+                                    getCurrentUserOrcid());
                             if (wasLocked) {
                                 recordEmailSender.sendOrcidLockedEmail(orcidId);
-                            }                            
+                            }
                             successIds.add(nextToken);
                         }
                     }
@@ -1053,7 +1070,7 @@ private String getOrcidFromParam(String orcidOrEmail) {
                         } else {
                             email = emailOrOrcid;
                         }
-                        recordEmailSender.sendClaimReminderEmail(orcidId,0,email);
+                        recordEmailSender.sendClaimReminderEmail(orcidId, 0, email);
                         successIds.add(emailOrOrcid);
                     }
                 }
@@ -1094,7 +1111,7 @@ private String getOrcidFromParam(String orcidOrEmail) {
 
                     if (entity.getUsing2FA()) {
                         twoFactorAuthenticationManager.adminDisable2FA(orcidId, getCurrentUserOrcid());
-                        recordEmailSender.send2FADisabledEmail(orcidId);                        
+                        recordEmailSender.send2FADisabledEmail(orcidId);
                         disabledIds.add(emailOrOrcid);
                     } else {
                         without2FAs.add(emailOrOrcid);
@@ -1118,8 +1135,6 @@ private String getOrcidFromParam(String orcidOrEmail) {
         data.setAlreadyMember(false);
         data.setClientDeactivated(false);
 
-
-
         isAdmin(serverRequest, response);
         if (PojoUtil.isEmpty(data.getClientId()) || !clientDetailsManager.exists(data.getClientId())) {
             data.setClientNotFound(true);
@@ -1144,14 +1159,14 @@ private String getOrcidFromParam(String orcidOrEmail) {
                 ProfileEntity group = profileEntityCacheManager.retrieve(data.getGroupId());
                 if (group == null || !OrcidType.GROUP.name().equals(group.getOrcidType())) {
                     data.setGroupIdNotFound(true);
-                } else { 
+                } else {
                     if (!group.isEnabled() || group.getRecordLocked() || group.getDeactivationDate() != null) {
                         data.setGroupIdDeactivated(true);
-                    } else {                    
+                    } else {
                         ClientType clientType = MemberType.PREMIUM.name().equals(group.getGroupType()) ? ClientType.PREMIUM_UPDATER : ClientType.UPDATER;
                         data.setTargetClientType(clientType.name());
                     }
-                    
+
                 }
 
             } catch (IllegalArgumentException e) {
@@ -1160,13 +1175,12 @@ private String getOrcidFromParam(String orcidOrEmail) {
             }
         }
 
-
         return data;
     }
 
     @RequestMapping(value = "/convert-client.json", method = RequestMethod.POST)
     public @ResponseBody ConvertClient convertClient(HttpServletRequest serverRequest, HttpServletResponse response, @RequestBody ConvertClient data)
-            throws IllegalAccessException {        
+            throws IllegalAccessException {
         isAdmin(serverRequest, response);
         data = validateClientConversion(serverRequest, response, data);
         if (data.isClientNotFound() || data.isAlreadyMember() || data.isGroupIdNotFound()) {
@@ -1196,7 +1210,7 @@ private String getOrcidFromParam(String orcidOrEmail) {
             data.setSuccess(false);
             return data;
         }
-            
+
         try {
             clientDetailsManager.moveClientGroupId(data.getClientId(), data.getGroupId());
             data.setSuccess(true);

orcid-web/src/main/java/org/orcid/frontend/web/controllers/PasswordResetController.java

@@ -283,7 +283,22 @@ public ModelAndView resetPasswordEmail(HttpServletRequest request, @PathVariable
 
         passwordConfirmValidate(oneTimeResetPasswordForm.getRetypedPassword(), oneTimeResetPasswordForm.getPassword());
 
-        String orcid = emailManagerReadOnly.findOrcidIdByEmail(passwordResetToken.getEmail());
+        String orcid = null;
+        //check first if valid orcid as the admin portal can send either and email or an orcid
+        if(OrcidStringUtils.isValidOrcid(passwordResetToken.getEmail()) ){
+            if(profileEntityManager.orcidExists(passwordResetToken.getEmail())) {
+                orcid = passwordResetToken.getEmail();
+            }
+            else {
+                String message = "invalidPasswordResetToken";
+                oneTimeResetPasswordForm.getErrors().add(message);
+                return oneTimeResetPasswordForm;
+            }
+        }
+        else {
+            orcid = emailManagerReadOnly.findOrcidIdByEmail(passwordResetToken.getEmail());
+        }
+
         Emails emails = emailManager.getEmails(orcid);
 
         passwordChecklistValidate(oneTimeResetPasswordForm.getRetypedPassword(), oneTimeResetPasswordForm.getPassword(), emails);

orcid-web/src/test/java/org/orcid/frontend/web/controllers/AdminControllerTest.java

@@ -1429,13 +1429,15 @@ public void resetPasswordLink() throws Exception {
        AdminController adminController = new AdminController();
        EmailManager emailManager = Mockito.mock(EmailManager.class);    
        LocaleManager localeManager = Mockito.mock(LocaleManager.class);  
+       ProfileEntityManager profileEntityManager = Mockito.mock(ProfileEntityManager.class);
 
 
        ReflectionTestUtils.setField(adminController, "verifyEmailUtils", verifyEmailUtils);
        ReflectionTestUtils.setField(adminController, "encryptionManager", encryptionManager);
        ReflectionTestUtils.setField(adminController, "emailManager", emailManager);
        ReflectionTestUtils.setField(adminController, "localeManager", localeManager);
        ReflectionTestUtils.setField(adminController, "orcidSecurityManager", orcidSecurityManager);
+       ReflectionTestUtils.setField(adminController, "profileEntityManager", profileEntityManager);
 
        Mockito.when(orcidSecurityManager.isAdmin()).thenReturn(true);
 
@@ -1445,18 +1447,20 @@ public void resetPasswordLink() throws Exception {
 
        Mockito.when(localeManager.resolveMessage(Mockito.anyString(), Mockito.any())).thenReturn("That email address is not on our records");       
        Mockito.when(verifyEmailUtils.createResetLinkForAdmin(Mockito.anyString(), Mockito.any())).thenReturn(new Pair<String, Date>("xyz", new Date())); 
-
+       Mockito.when(localeManager.resolveMessage(Mockito.anyString(), Mockito.any())).thenReturn("That email address is not on our records"); 
+       Mockito.when(profileEntityManager.orcidExists(Mockito.anyString())).thenReturn(true);
 
 
        AdminResetPasswordLink adminResetPasswordLink = new AdminResetPasswordLink();
-       adminResetPasswordLink.setEmail("[email protected]");
+       adminResetPasswordLink.setOrcidOrEmail("[email protected]");
 
        adminResetPasswordLink = adminController.resetPasswordLink(mockRequest, mockResponse, adminResetPasswordLink);
 
        assertEquals("That email address is not on our records", adminResetPasswordLink.getError());
 
        adminResetPasswordLink = new AdminResetPasswordLink();
-       adminResetPasswordLink.setEmail("[email protected]");
+       Mockito.when(emailManager.findOrcidIdByEmail(Mockito.anyString())).thenReturn("0000-0002-0551-5914"); 
+       adminResetPasswordLink.setOrcidOrEmail("[email protected]");
        XMLGregorianCalendar date = DateUtils.convertToXMLGregorianCalendarNoTimeZoneNoMillis(new Date());
        Mockito.when(encryptionManager.decryptForExternalUse(Mockito.anyString())).thenReturn("[email protected]&issueDate="+ date.toXMLFormat()+ "&h=24"); 
        adminResetPasswordLink = adminController.resetPasswordLink(mockRequest, mockResponse, adminResetPasswordLink);

properties/development.properties

@@ -291,3 +291,4 @@ org.orcid.core.utils.cache.papi.redis.enabled=true
 
 org.orcid.core.csrf.domain=dev.orcid.org
 org.orcid.scheduler.web.processOrgsForIndexing=0 48 12 * * *
+org.orcid.admin.registry.url:https://dev.orcid.org