From a82821a48eea0439d6ff498a55c0516ed0aedaf1 Mon Sep 17 00:00:00 2001
From: alejandromumo <manuel.alejandro.de.oliveira.da.costa@cern.ch>
Date: Tue, 13 Feb 2024 16:54:39 +0100
Subject: [PATCH 1/5] files: added x509 authentication to EOS offload.

---
 invenio.cfg              |  8 ++++++++
 site/zenodo_rdm/files.py | 23 ++++++++++++++++++++---
 2 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/invenio.cfg b/invenio.cfg
index fb55e763..52d010c7 100644
--- a/invenio.cfg
+++ b/invenio.cfg
@@ -712,6 +712,14 @@ FILES_REST_XSENDFILE_ENABLED = False
 ZENODO_EOS_OFFLOAD_ENABLED = False
 ZENODO_EOS_OFFLOAD_HTTPHOST = ""
 ZENODO_EOS_OFFLOAD_REDIRECT_BASE_PATH = ""
+# control EOS offload authentication
+ZENODO_EOS_OFFLOAD_AUTH_X509 = False
+"""Specifies whether to use X509 authentication for EOS offload."""
+ZENODO_EOS_OFFLOAD_X509_CERT_PATH = ""
+"""The path to the X509 certificate file."""
+ZENODO_EOS_OFFLOAD_X509_KEY_PATH = ""
+"""The path to the X509 private key file."""
+
 
 FILES_REST_DEFAULT_QUOTA_SIZE = 5*10**10
 FILES_REST_DEFAULT_MAX_FILE_SIZE = 5*10**10
diff --git a/site/zenodo_rdm/files.py b/site/zenodo_rdm/files.py
index 3e760079..adcddaf9 100644
--- a/site/zenodo_rdm/files.py
+++ b/site/zenodo_rdm/files.py
@@ -31,15 +31,32 @@
 class EOSFilesOffload(BaseFileStorage):
     """Offload file downloads to another server."""
 
+    def _get_auth_session(self):
+        """Get a requests session with authentication configured.
+
+        If X.509 is enabled, it will be used, otherwise kerberos will be used.
+        """
+        s = requests.Session()
+        x509_enabled = current_app.config.get("ZENODO_EOS_OFFLOAD_AUTH_X509", False)
+        cert = current_app.config.get("ZENODO_EOS_OFFLOAD_X509_CERT_PATH")
+        key = current_app.config.get("ZENODO_EOS_OFFLOAD_X509_KEY_PATH")
+        if x509_enabled and cert and key:
+            s.cert = (cert, key)
+            s.verify = False
+        else:
+            # Default to kerberos
+            s.auth = HTTPKerberosAuth(DISABLED)
+            s.verify = False
+        return s
+
     def _get_eos_redirect_path(self):
         """Get the real path of the file streamed from another server."""
         host = current_app.config["ZENODO_EOS_OFFLOAD_HTTPHOST"]
         redirect_base_path = current_app.config["ZENODO_EOS_OFFLOAD_REDIRECT_BASE_PATH"]
         base_path = urlsplit(self.fileurl).path
-        eos_resp = requests.get(
+        session = self._get_auth_session()
+        eos_resp = session.get(
             f"{host}/{base_path}",
-            auth=HTTPKerberosAuth(DISABLED),
-            verify=False,
             allow_redirects=False,
         )
         if eos_resp.status_code != 307:

From 84dfff616417bc0ba3a5b9b5619ec72be6d29589 Mon Sep 17 00:00:00 2001
From: Lars Holm Nielsen <lars.holm.nielsen@cern.ch>
Date: Thu, 15 Feb 2024 11:02:33 +0100
Subject: [PATCH 2/5] config: fix orcid/openaire sandbox endpoints

---
 invenio.cfg | 44 +++++++++++++++++++++++++-------------------
 1 file changed, 25 insertions(+), 19 deletions(-)

diff --git a/invenio.cfg b/invenio.cfg
index 52d010c7..96ffdd0f 100644
--- a/invenio.cfg
+++ b/invenio.cfg
@@ -23,7 +23,7 @@ from invenio_administration.permissions import administration_permission
 from invenio_app_rdm.config import CELERY_BEAT_SCHEDULE, APP_RDM_ROUTES, APP_RDM_DEPOSIT_FORM_DEFAULTS as DEPOSIT_FORM_DEFAULTS
 from invenio_i18n import lazy_gettext as _
 from invenio_oauthclient.contrib.keycloak import KeycloakSettingsHelper
-from invenio_oauthclient.contrib.orcid import ORCIDOAuthSettingsHelper
+from invenio_oauthclient.contrib.orcid import REMOTE_MEMBER_APP, REMOTE_SANDBOX_MEMBER_APP
 from invenio_github.oauth.remote_app import github_app as github_remote_app
 from invenio_records_resources.services.records.queryparser import FieldValueMapper
 from invenio_rdm_records.config import (
@@ -70,6 +70,9 @@ APP_ALLOWED_HOSTS = ['0.0.0.0', 'localhost', '127.0.0.1']
 
 APP_RDM_ROUTES["index"] = ("/", frontpage_view_function)
 
+ZENODO_ENV = os.environ.get('ZENODO_ENV', 'production').lower()
+
+
 # Flask-SQLAlchemy
 # ================
 # See https://flask-sqlalchemy.palletsprojects.com/en/2.x/config/
@@ -507,19 +510,10 @@ PERMANENT_SESSION_LIFETIME = timedelta(days=10)
 
 # Invenio-OAuthclient
 # ===================
-_orcid_helper = ORCIDOAuthSettingsHelper(
-    title="ORCID",
-    description="ORCID - Connecting Research and Researchers.",
-    base_url='https://api.orcid.org/',
-    access_token_url='https://api.orcid.org/oauth/token',
-    authorize_url='https://orcid.org/oauth/authorize',
-)
-
-# Openaire sandbox
 _openaire_helper = KeycloakSettingsHelper(
     title="OpenAIRE",
     description="Open Science Services.",
-    base_url="https://aai.openaire.eu",
+    base_url="https://aai.openaire.eu" if ZENODO_ENV == "production" else "https://beta.aai.openaire.eu",
     realm="openaire",
     scopes="openid profile email eduperson_entitlement orcid",
     app_key="OPENAIRE_APP_CREDENTIALS",
@@ -529,6 +523,7 @@ _openaire_helper = KeycloakSettingsHelper(
     }
 )
 
+
 OAUTHCLIENT_OPENAIRE_AAI_VERIFY_EXP = True
 OAUTHCLIENT_OPENAIRE_AAI_VERIFY_AUD = True
 OAUTHCLIENT_OPENAIRE_AAI_USER_INFO_FROM_ENDPOINT = True
@@ -536,14 +531,25 @@ OAUTHCLIENT_OPENAIRE_AAI_REALM_URL = 'https://aai.openaire.eu/auth/realms/openai
 OAUTHCLIENT_OPENAIRE_AAI_USER_INFO_URL = "https://aai.openaire.eu/auth/realms/openaire/protocol/openid-connect/userinfo"
 
 
-OAUTHCLIENT_REMOTE_APPS = {
-    "orcid": _orcid_helper.remote_app,
-    "github": github_remote_app,
-    "openaire_aai": _openaire_helper.remote_app,
-}
-OAUTHCLIENT_REST_REMOTE_APPS = {
-    "github": github_remote_app,
-}
+if ZENODO_ENV == "production":
+    OAUTHCLIENT_REMOTE_APPS = {
+        "orcid": REMOTE_MEMBER_APP,
+        "github": github_remote_app,
+        "openaire_aai": _openaire_helper.remote_app,
+    }
+    OAUTHCLIENT_REST_REMOTE_APPS = {
+        "github": github_remote_app,
+    }
+else:
+    OAUTHCLIENT_REMOTE_APPS = {
+        "orcid": REMOTE_SANDBOX_MEMBER_APP,
+        "github": github_remote_app,
+        "openaire_aai": _openaire_helper.remote_app,
+    }
+    OAUTHCLIENT_REST_REMOTE_APPS = {
+        "github": github_remote_app,
+    }
+
 
 # secrets will be injected on deployment
 ORCID_APP_CREDENTIALS = {

From 96cee50134eaf767b63f8ca5eeddfbd5d98a3ae5 Mon Sep 17 00:00:00 2001
From: alejandromumo <manuel.alejandro.de.oliveira.da.costa@cern.ch>
Date: Wed, 14 Feb 2024 14:17:56 +0100
Subject: [PATCH 3/5] config: added sort by created to sort by pubdate.

---
 invenio.cfg | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/invenio.cfg b/invenio.cfg
index 96ffdd0f..04f18851 100644
--- a/invenio.cfg
+++ b/invenio.cfg
@@ -350,11 +350,11 @@ LEGACY_SORT_OPTIONS = {
     ),
     "publication_date": {
         "title": _("Publication date [Newest]"),
-        "fields": ["-metadata.publication_date"],
+        "fields": ["-metadata.publication_date", "-created"],
     },
     "-publication_date": {
         "title": _("Publication date [Oldest]"),
-        "fields": ["metadata.publication_date"],
+        "fields": ["metadata.publication_date", "created"],
     },
     "mostrecent": {
         "title": _("Newest"),
@@ -411,11 +411,11 @@ RDM_SORT_OPTIONS = {
     **BASE_SORT_OPTIONS,
     "publication-desc": {
         "title": _("Published [Newest]"),
-        "fields": ["-metadata.publication_date"],
+        "fields": ["-metadata.publication_date", "-created"],
     },
     "publication-asc": {
         "title": ("Published [Oldest]"),
-        "fields": ["metadata.publication_date"],
+        "fields": ["metadata.publication_date", "created"],
     },
     **MEETING_SORT_OPTIONS,  # conference asc and desc
     **JOURNAL_SORT_OPTIONS,  # journal asc and desc

From 1ef67184fe140ab787dc39796b96a47b568e7c78 Mon Sep 17 00:00:00 2001
From: Anika Churilova <nyuta.churilova@gmail.com>
Date: Thu, 15 Feb 2024 16:33:21 +0100
Subject: [PATCH 4/5] record preview: display communities list

* closes https://github.com/zenodo/zenodo-rdm/issues/715
---
 .../zenodo_rdm/macros/communities_list.html   | 37 +++++++++++++++++++
 .../zenodo_rdm/macros/record_item.html        |  7 ++++
 2 files changed, 44 insertions(+)
 create mode 100644 templates/semantic-ui/zenodo_rdm/macros/communities_list.html

diff --git a/templates/semantic-ui/zenodo_rdm/macros/communities_list.html b/templates/semantic-ui/zenodo_rdm/macros/communities_list.html
new file mode 100644
index 00000000..157a79cf
--- /dev/null
+++ b/templates/semantic-ui/zenodo_rdm/macros/communities_list.html
@@ -0,0 +1,37 @@
+{#
+# This file is part of Zenodo.
+# Copyright (C) 2024 CERN.
+#
+# Zenodo is free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of the
+# License, or (at your option) any later version.
+#
+# Zenodo is distributed in the hope that it will be
+# useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Zenodo; if not, write to the
+# Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston,
+# MA 02111-1307, USA.
+#
+# In applying this license, CERN does not
+# waive the privileges and immunities granted to it by virtue of its status
+# as an Intergovernmental Organization or submit itself to any jurisdiction.
+-#}
+
+{% macro communities_list(communities=None) %}
+  {% for community in communities %}
+    {% set community_title = community.metadata.get("title", "No title") if community.metadata %}
+    <span class="display-inline-flex comma-separated">
+      <a
+        href="/communities/{{ community.slug }}"
+        title="{{ community_title }}: {{_('Search')}}"
+      >
+        {{ community_title }}
+      </a>
+    </span>
+  {% endfor%}
+{% endmacro %}
diff --git a/templates/semantic-ui/zenodo_rdm/macros/record_item.html b/templates/semantic-ui/zenodo_rdm/macros/record_item.html
index 685886a0..a9a19844 100644
--- a/templates/semantic-ui/zenodo_rdm/macros/record_item.html
+++ b/templates/semantic-ui/zenodo_rdm/macros/record_item.html
@@ -23,6 +23,7 @@
 -#}
 
 {% from "zenodo_rdm/macros/creators.html" import creators %}
+{% from "zenodo_rdm/macros/communities_list.html" import communities_list %}
 
 {% macro record_item(record=None) %}
   <li class="item">
@@ -67,6 +68,12 @@
         {{ description | truncate(length=350, end='...') }}
       </p>
 
+      {# Communities list #}
+      <h5>
+        {% set communities_entries = record.parent.communities.entries %}
+        <b>{{ _("Part of:")}} {{ communities_list(communities=communities_entries) }}</b>
+      </h5>
+
       <div class="extra">
         <div class="flex justify-space-between align-items-end">
           {# Publishing details #}

From a5bfa4ea3125c7e6cd3c26df30a70c37c762deec Mon Sep 17 00:00:00 2001
From: Anika Churilova <nyuta.churilova@gmail.com>
Date: Fri, 16 Feb 2024 10:21:40 +0100
Subject: [PATCH 5/5] ui: add and remove links, change titles, remove open the
 new tab

* closes https://github.com/zenodo/zenodo-rdm/issues/727
---
 .../zenodo_rdm/macros/record_item.html        |  2 +-
 .../horizon/invenio_app_rdm/footer.html       | 15 +-------
 .../invenio_communities/details/header.html   | 37 +++++++++++--------
 .../details/home/index.html                   |  5 +--
 4 files changed, 25 insertions(+), 34 deletions(-)

diff --git a/templates/semantic-ui/zenodo_rdm/macros/record_item.html b/templates/semantic-ui/zenodo_rdm/macros/record_item.html
index a9a19844..5ee2577d 100644
--- a/templates/semantic-ui/zenodo_rdm/macros/record_item.html
+++ b/templates/semantic-ui/zenodo_rdm/macros/record_item.html
@@ -63,7 +63,7 @@
 
       {# Description #}
       <p class="description">
-        {% set description = record.ui.get("description_stripped", "No description") %}
+        {% set description = record.ui.get("description_stripped", "") %}
 
         {{ description | truncate(length=350, end='...') }}
       </p>
diff --git a/templates/themes/horizon/invenio_app_rdm/footer.html b/templates/themes/horizon/invenio_app_rdm/footer.html
index ef859282..d8c67f2f 100644
--- a/templates/themes/horizon/invenio_app_rdm/footer.html
+++ b/templates/themes/horizon/invenio_app_rdm/footer.html
@@ -32,20 +32,7 @@ <h2 class="ui small header">{{ _("Contact") }}</h2>
               <div class="ui grid">
                 <div class="three wide five wide tablet column">
                   <h2 class="ui small header">{{ _("About") }}</h2>
-                    <p><a href="{{ horizon_url }}">How it works?</a></p>
-                    <p><a href="{{ horizon_url }}">FAQ</a></p>
-                    <p><a href="https://about.zenodo.org/contact">Contact</a></p>
-                </div>
-                <div class="three wide computer five wide tablet column">
-                  <h2 class="ui small header">{{ _("FAIR publishing") }}</h2>
-                    <p><a href="{{ horizon_url }}">Getting started </a></p>
-                    <p><a href="{{community.slug}}/upload">Submit your research</a></p>
-                  </div>
-                  <div class="three wide computer five wide tablet column">
-                    <h2 class="ui small header">{{ _("Integrations") }}</h2>
-                    <p><a href="https://developers.zenodo.org/">REST API</a></p>
-                    <p><a href="https://developers.zenodo.org/#oai-pmh/">OAI-PMH</a></p>
-                    <p><a href="{{ horizon_url }}">FAIR Evaluation tools</a></p>
+                    <p><a href="https://open-research-europe.ec.europa.eu/">Learn more</a></p>
                 </div>
               </div>
             </div>
diff --git a/templates/themes/horizon/invenio_communities/details/header.html b/templates/themes/horizon/invenio_communities/details/header.html
index b77f1611..d73d8029 100644
--- a/templates/themes/horizon/invenio_communities/details/header.html
+++ b/templates/themes/horizon/invenio_communities/details/header.html
@@ -29,15 +29,22 @@
               </div>
 
               <div class="mobile only">
-                <h1 class="ui medium header mb-5">
-                  {{ community.metadata.title }}
-                </h1>
+                <a class="remove-default-style" href="{{ community.links.self_html }}">
+                  <h1 class="ui medium header mb-5">
+                    {{ community.metadata.title }}
+                  </h1>
+                </a>
               </div>
             </div>
 
             <div>
               <div class="flex align-items-center mb-5 tablet computer only">
-                <h1 class="ui medium header mb-0">{{ community.metadata.title }} </h1>
+
+                <a class="remove-default-style" href="{{ community.links.self_html }}">
+                  <h1 class="ui medium header mb-0">
+                    {{ community.metadata.title }}
+                  </h1>
+                </a>
 
                 {% if community.access.visibility == 'restricted' %}
                   <div class="rel-ml-1">
@@ -108,19 +115,17 @@ <h1 class="ui medium header mb-0">{{ community.metadata.title }} </h1>
 
       <div
         class="sixteen wide mobile sixteen wide tablet four wide computer right aligned middle aligned column">
-          {%- if not community_use_jinja_header %}
-            <a href="/uploads/new?community={{ community.slug }}"
-              class="ui positive button labeled icon rel-mt-1 theme-secondary">
-              <i class="upload icon" aria-hidden="true"></i>
-              {{ _("New upload") }}
-            </a>
-        {% endif %}
+          <a href="/uploads/new?community={{ community.slug }}"
+            class="ui positive button labeled icon rel-mt-1 theme-secondary">
+            <i class="upload icon" aria-hidden="true"></i>
+            {{ _("New upload") }}
+          </a>
           <a href="{{'/support/'}}"
-          target="_blank"
-          class="ui positive item button labeled theme-primary icon rel-mt-1">
-          <i class="users icon" aria-hidden="true"></i>
-          {{ _("Join waiting list") }}
-        </a>
+            target="_blank"
+            class="ui positive item button labeled theme-primary icon rel-mt-1">
+            <i class="users icon" aria-hidden="true"></i>
+            {{ _("Join waiting list") }}
+          </a>
           {% if permissions.can_moderate %}
             <a
                     href="{{ url_for('administration.communities', q='slug:'+community.slug) }}"
diff --git a/templates/themes/horizon/invenio_communities/details/home/index.html b/templates/themes/horizon/invenio_communities/details/home/index.html
index 05bf6b28..6a66931e 100644
--- a/templates/themes/horizon/invenio_communities/details/home/index.html
+++ b/templates/themes/horizon/invenio_communities/details/home/index.html
@@ -27,7 +27,6 @@ <h1 class="ui text-muted small header">Builtin compliance with EU open science
         <div class="ui rel-mt-2 rel-mb-4">
           <div class="ui fluid container row rel-mb-2">
             <a href="/uploads/new?community={{ community.slug }}"
-               target="_blank"
                class="ui positive button labeled theme-secondary icon rel-mt-1">
               <i class="upload icon" aria-hidden="true"></i>
               {{ _("New upload") }}
@@ -51,7 +50,7 @@ <h1 class="ui text-muted small header">Builtin compliance with EU open science
 
     {% if records %}
       <div class="ui container">
-        <h2>{{ title }}</h2>
+        <h2>{{ _("Recent uploads") }}</h2>
         <div class="ui divider"></div>
 
         <div class="ui fluid stackable three column grid">
@@ -67,7 +66,7 @@ <h2>{{ title }}</h2>
     <div class="ui stackable theme-font grid container rel-mt-2">
       <div class="column">
         <div class="row item">
-          <h1 class="ui large header">{{ _('How it works?') }}</h1>
+          <h1 class="ui large header">{{ _('How it works') }}</h1>
         </div>
         <div class="ui divider"></div>
         <div class="center aligned ui equal width stackable grid rel-mt-4 rel-mb-2">