Merge remote-tracking branch 'origin/develop' into feature/3573_autoc…

…heck_article_uploaded
DOAJ · Jul 31, 2024 · 161a013 · 161a013
2 parents ad0c19c + 832fa88
commit 161a013
Show file tree

Hide file tree

Showing 37 changed files with 779 additions and 432 deletions.
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,12 +1,10 @@
-# Title <- provide a title for the PR
-
-*Please don't delete any sections when completing this PR template; instead enter **N/A** for checkboxes or sections which are not applicable, unless otherwise stated below*
+* Issue: [enter link to issue here]
 
-See # <- enter link to issue on main board
+---
 
-Describe the scope/purpose of the PR here in as much detail as you like
+# Title <- provide a title for the PR
 
-## Categorisation
+*briefly describe the PR here*
 
 This PR...
 - [ ] has scripts to run
@@ -18,121 +16,52 @@ This PR...
 - [ ] affects the publisher area
 - [ ] affects the monitoring
 
-## Basic PR Checklist
-
-Instructions for developers:
-* For each checklist item, if it is N/A to your PR check the N/A box
-* For each item that you have done and confirmed for yourself, check Developer box (including if you have checked the N/A box)
-
-Instructions for reviewers:
-* For each checklist item that has been confirmed by the Developer, check the Reviewer box if you agree
-* For multiple reviewers, feel free to add your own checkbox with your github username next to it if that helps with review tracking
-
-### Code Style
-
-- No deprecated methods are used
-  - [ ] N/A
-  - [ ] Developer
-  - [ ] Reviewer
-
-- No magic strings/numbers - all strings are in `constants` or `messages` files
-  - [ ] N/A
-  - [ ] Developer
-  - [ ] Reviewer
-
-- ES queries are wrapped in a Query object rather than inlined in the code
-  - [ ] N/A
-  - [ ] Developer
-  - [ ] Reviewer
-
-- Where possible our common library functions have been used (e.g. dates manipulated via `dates`)
-  - [ ] N/A
-  - [ ] Developer
-  - [ ] Reviewer
-
-- Cleaned up commented out code, etc
-  - [ ] N/A
-  - [ ] Developer
-  - [ ] Reviewer
-
-- Urls are constructed with `url_for` not hard-coded
-  - [ ] N/A
-  - [ ] Developer
-  - [ ] Reviewer
-### Testing
-
-- Unit tests have been added/modified
-  - [ ] N/A
-  - [ ] Developer
-  - [ ] Reviewer
-
-- Functional tests have been added/modified
-  - [ ] N/A
-  - [ ] Developer
-  - [ ] Reviewer
-
-- Code has been run manually in development, and functional tests followed locally
-  - [ ] N/A
-  - [ ] Developer
-  - [ ] Reviewer
-
-- Have CSS/style changes been implemented?  If they are of a global scope (e.g. on base HTML elements) have the downstream impacts of the change in other areas of the system been considered?
-  - [ ] N/A
-  - [ ] Developer
-  - [ ] Reviewer
-
-### Documentation
-
-- FeatureMap annotations have been added
-  - [ ] N/A
-  - [ ] Developer
-  - [ ] Reviewer
-
-- Documentation updates - if needed - have been identified and prepared for inclusion into main documentation (e.g. added and highlighted/commented as appropriate to this PR)
-  - [ ] N/A
-  - [ ] Developer
-  - [ ] Reviewer
-
-- Core model documentation has been added to if needed: https://docs.google.com/spreadsheets/d/1lun2S9vwGbyfy3WjIjgXBm05D-3wWDZ4bp8xiIYfImM/edit
-  - [ ] N/A
-  - [ ] Developer
-  - [ ] Reviewer
-
-- Events and consumers documentation has been added if needed: https://docs.google.com/spreadsheets/d/1oIeG5vg-blm2MZCE-7YhwulUlSz6TOUeY8jAftdP9JE/edit
-  - [ ] N/A
-  - [ ] Developer
-  - [ ] Reviewer
-
-- The docs for this branch have been generated and pushed to the doc site (see docs/README.md for details)
-  - [ ] N/A
-  - [ ] Developer
-  - [ ] Reviewer
-
-
-### Release Readiness
-
-- If needed, migration has been created and tested locally
-  - [ ] N/A
-  - [ ] Developer
-  - [ ] Reviewer
-
-- Release sheet has been created, and completed as far as is possible https://docs.google.com/spreadsheets/d/1Bqx23J1MwXzjrmAygbqlU3YHxN1Wf7zkkRv14eTVLZQ/edit
-  - [ ] N/A
-  - [ ] Developer
-  - [ ] Reviewer
-
-- There has been a recent merge up from `develop` (or other base branch).  List the dates of the merges up from develop below
-  - [date of merge up]
-
+## Developer Checklist
+
+*Developers should review and confirm each of these items before requesting review*
+
+* [ ] Code meets acceptance criteria from issue
+* [ ] Unit tests are written and all pass
+* [ ] User Test Scripts (if required) are written and have been run through
+* [ ] Project's coding standards are met
+    - No deprecated methods are used
+    - No magic strings/numbers - all strings are in `constants` or `messages` files
+    - ES queries are wrapped in a Query object rather than inlined in the code
+    - Where possible our common library functions have been used (e.g. dates manipulated via `dates`)
+    - Cleaned up commented out code, etc
+    - Urls are constructed with `url_for` not hard-coded
+* [ ] Code documentation and related non-code documentation has all been updated
+    - Core model documentation has been added to if needed: https://docs.google.com/spreadsheets/d/1lun2S9vwGbyfy3WjIjgXBm05D-3wWDZ4bp8xiIYfImM/edit
+    - Events and consumers documentation has been added if needed: https://docs.google.com/spreadsheets/d/1oIeG5vg-blm2MZCE-7YhwulUlSz6TOUeY8jAftdP9JE/edit
+* [ ] Migation has been created and tested
+* [ ] There is a recent merge from `develop`
+
+## Reviewer Checklist
+
+*Reviewers should review and confirm each of these items before approval*
+*If there are multiple reviewers, this section should be duplicated for each reviewer*
+
+* [ ] Code meets acceptance criteria from issue
+* [ ] Unit tests are written and all pass
+* [ ] User Test Scripts (if required) are written and have been run through
+* [ ] Project's coding standards are met
+    - No deprecated methods are used
+    - No magic strings/numbers - all strings are in `constants` or `messages` files
+    - ES queries are wrapped in a Query object rather than inlined in the code
+    - Where possible our common library functions have been used (e.g. dates manipulated via `dates`)
+    - Cleaned up commented out code, etc
+    - Urls are constructed with `url_for` not hard-coded
+* [ ] Code documentation and related non-code documentation has all been updated
+    - Core model documentation has been added to if needed: https://docs.google.com/spreadsheets/d/1lun2S9vwGbyfy3WjIjgXBm05D-3wWDZ4bp8xiIYfImM/edit
+    - Events and consumers documentation has been added if needed: https://docs.google.com/spreadsheets/d/1oIeG5vg-blm2MZCE-7YhwulUlSz6TOUeY8jAftdP9JE/edit
+* [ ] Migation has been created and tested
+* [ ] There is a recent merge from `develop`
 
 ## Testing
 
-List the Functional Tests that must be run to confirm this feature
-
-1. ...
-2. ...
-
+*List user test scripts that need to be run*
 
+*List any non-unit test scripts that need to be run by reviewers*
 
 ## Deployment
 
@@ -161,5 +90,3 @@ What new infrastructure does this PR require (e.g. new services that need to run
 ### Continuous Integration
 
 What CI changes are required for this
-
-
diff --git a/cms/assets/img/sponsors/Logo1.png b/cms/assets/img/sponsors/Logo1.png
diff --git a/cms/assets/img/sponsors/igf.png b/cms/assets/img/sponsors/igf.png
diff --git a/cms/assets/img/sponsors/scup-logo.png b/cms/assets/img/sponsors/scup-logo.png
diff --git a/cms/assets/img/volunteers/Popova-1.jpeg b/cms/assets/img/volunteers/Popova-1.jpeg
@@ -0,0 +1 @@
+../ambassadors/Popova-1.jpeg
diff --git a/cms/assets/img/volunteers/ina-smith.png b/cms/assets/img/volunteers/ina-smith.png
@@ -0,0 +1 @@
+../ambassadors/ina-smith.png
diff --git a/cms/assets/img/volunteers/max.png b/cms/assets/img/volunteers/max.png
@@ -0,0 +1 @@
+../ambassadors/max.png
diff --git a/cms/data/publisher-supporters.yml b/cms/data/publisher-supporters.yml
@@ -1,21 +1 @@
 # ~~PublisherSupporters:Data~~
-- name: Faculty of Communication, Universitas Tarumanagara
-  url: https://fikom.untar.ac.id/
-
-- name: Gruppo Italiano Frattura
-  url: http://www.gruppofrattura.it/sito/en/
-
-- name: INCAS - National Institute for Aerospace Research “Elie Carafoli”, INCAS Bucuresti
-  url: https://www.gruppofrattura.it/sito/en/
-
-- name: Italian Society of Victimology
-  url: https://www.vittimologia.it/rivista
-
-- name: Scandinavian University Press (Universitetsforlaget AS)
-  url: https://www.universitetsforlaget.no/
-
-- name: Scientia Agropecuaria
-  url: https://revistas.unitru.edu.pe/index.php/scientiaagrop
-
-- name: Tsinghua University Press
-  url: https://www.tsinghua.edu.cn/en/
diff --git a/cms/data/sponsors.yml b/cms/data/sponsors.yml
@@ -73,6 +73,10 @@
   url: https://www.frontiersin.org/
   logo: frontiers.svg
 
+- name: Gruppo Italiano Frattura
+  url: https://www.gruppofrattura.eu/
+  logo: igf.png  
+
 - name: Iași University of Life Sciences
   url: https://iuls.ro/en/
   logo: Lasi.png 
@@ -85,6 +89,10 @@
   url: https://www.theiet.org/
   logo: iet.svg
 
+- name: INCAS - National Institute for Aerospace Research “Elie Carafoli”
+  url: https://www.incas.ro/
+  logo: Logo1.png
+
 - name: Institute of Physics
   url: https://www.iop.org/
   logo: iop.jpg
@@ -137,6 +145,10 @@
   url: https://www.sagepublications.com/
   logo: sage.svg
 
+- name: Scandinavian University Press
+  url: https://www.universitetsforlaget.no/en/
+  logo: scup-logo.png
+
 - name: SciFree
   url: https://scifree.se/
   logo: scifree.svg

diff --git a/cms/data/volunteers.yml b/cms/data/volunteers.yml
@@ -364,6 +364,14 @@ ass_ed:
   language: Indonesian, English
   photo: "handoko.jpg"
 
+- name: Ina Smith
+  area: Scholarly Publishing, Instructional Design
+  year_since:
+  city: Pretoria
+  country: South Africa
+  language: English, Africaans
+  photo: "ina-smith.png"
+
 - name: Iryna Kuchma
   area: Humanities, Social Sciences
   year_since:
@@ -545,7 +553,15 @@ ass_ed:
   country: Poland
   language: Polish, English
   photo: "Martyna.JPG"
-
+
+- name: Maxim Mitrofanov
+  area: International Relations, Political Science
+  year_since:
+  city: Moscow
+  country: Russian Federation
+  language: Russian, English
+  photo: "max.png"
+
 - name: Melih Sever
   area: Social Sciences
   year_since:
@@ -576,6 +592,14 @@ ass_ed:
   language: Indonesian, English
   photo: "MuhamadTaufik.jpg"
 
+- name: Natalia Popova
+  area: Sociology
+  year_since:
+  city: Ekaterinburg
+  country: Russian Federation
+  language: Russian, English
+  photo: "Popova-1.jpeg"
+
 - name: Nataliia Kaliuzhna
   area: Library and Information Science
   year_since:
@@ -584,7 +608,7 @@ ass_ed:
   language: Ukrainian, Russian, English, Polish
   featured: true
   photo: "Nataliia.jpg"
-  
+
 - name: Natia Gabedava
   area: Humanities, Education
   year_since:
@@ -707,13 +731,6 @@ ass_ed:
   city: Tabriz
   country: Iran
   language: Persian, Azari, Turkish, English
-
-- name: Sara Ricetto
-  area: Scholarly Publishing
-  year_since:
-  city: Milan
-  country: Italy
-  language: Italian, English, German
 
 - name: Shiying Li
   area: Forensic Science

diff --git a/cms/pages/support/publisher-supporters.md b/cms/pages/support/publisher-supporters.md
@@ -66,5 +66,3 @@ Please [contact us](/contact/) to discuss further.
 ## Supporting publishers, aggregators, and other organizations
 
 <div>{% include '/data/sponsors.html' %}</div>
-
-## Other publisher supporters
diff --git a/doajtest/unit/test_cookie_consent_own_domain.py b/doajtest/unit/test_cookie_consent_own_domain.py
@@ -0,0 +1,44 @@
+from doajtest.helpers import DoajTestCase
+from urllib.parse import quote_plus, urlparse
+
+
+class TestCookieConsent(DoajTestCase):
+
+    def test_01_cookie_consent_permitted_domains(self):
+        """ Ensure we only redirect to our own domain via cookie consent """
+
+        with self.app_test.test_client() as t_client:
+            # Ensure only relative redirects are permitted
+            empty_redirect = t_client.get('/cookie_consent')
+            assert empty_redirect.status_code == 200
+
+            permitted_redirect = t_client.get('/cookie_consent?continue=%2Farticle%2Fuuid')
+            assert permitted_redirect.status_code == 302
+            assert permitted_redirect.location == '/article/uuid'
+
+            permitted_redirect_params = t_client.get('/cookie_consent?continue=' + quote_plus('/apply?errors=numerous'))
+            assert permitted_redirect_params.status_code == 302
+            assert permitted_redirect_params.location == '/apply?errors=numerous'
+
+    def test_02_cookie_consent_invalid_domains(self):
+        """ Any redirect to another domain is rejected via cookie consent """
+
+        with self.app_test.test_client() as t_client:
+            invalid_redirect = t_client.get(
+                '/cookie_consent?continue=https%3A%2F%2Fa_nasty_phishing_site.com%2Femailform%3Fdeeds%3Devil')
+            assert invalid_redirect.status_code == 400
+
+            # The best we can do - a redirect that looks like a path should try to serve from our domain, fail with 404
+            invalid_redirect_no_scheme = t_client.get(
+                '/cookie_consent?continue=a_nasty_phishing_site.com%2Femailform%3Fdeeds%3Devil')
+            assert invalid_redirect_no_scheme.status_code == 302
+            assert not invalid_redirect_no_scheme.location.startswith('http')
+            assert urlparse(invalid_redirect_no_scheme.location).path == 'a_nasty_phishing_site.com/emailform'
+            assert urlparse(invalid_redirect_no_scheme.location).netloc == ''
+
+            invalid_redirect_ip = t_client.get(
+                '/cookie_consent?continue=1.2.3.4%2Femailform%3Fdeeds%3Devil')
+            assert invalid_redirect_ip.status_code == 302
+            assert not invalid_redirect_ip.location.startswith('http')
+            assert urlparse(invalid_redirect_ip.location).path == '1.2.3.4/emailform'
+            assert urlparse(invalid_redirect_ip.location).netloc == ''