openlibhums · everreau · Jan 21, 2026 · Jan 22, 2026 · Jan 23, 2026 · Jan 26, 2026
diff --git a/src/core/admin.py b/src/core/admin.py
@@ -8,6 +8,7 @@
 from django.contrib.auth.admin import UserAdmin
 from django.utils.safestring import mark_safe
 from django.template.defaultfilters import truncatewords
+from django.conf import settings
 
 from utils import admin_utils
 from core import models, forms
@@ -134,6 +135,12 @@ class AccountAdmin(UserAdmin):
         admin_utils.PasswordResetInline,
     ]
 
+    def get_readonly_fields(self, request, obj=None):
+        if settings.ENABLE_ORCID:
+            return ["orcid"]
+        else:
+            return []
+
     def _roles_in(self, obj):
         if obj:
             journals = journal_models.Journal.objects.filter(

diff --git a/src/core/forms/forms.py b/src/core/forms/forms.py
@@ -15,6 +15,7 @@
 from django.utils.translation import gettext_lazy as _
 from django.contrib.auth.forms import UserCreationForm
 from django.core.validators import validate_email, ValidationError
+from django.conf import settings as django_settings
 
 from tinymce.widgets import TinyMCE
 
@@ -278,6 +279,12 @@ class Meta:
             "enable_public_profile": YesNoRadio,
         }
 
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+
+        if django_settings.ENABLE_ORCID:
+            self.fields["orcid"].widget = forms.HiddenInput()
+
     def save(self, commit=True):
         user = super(EditAccountForm, self).save(commit=False)
         user.clean()

diff --git a/src/core/include_urls.py b/src/core/include_urls.py
@@ -431,6 +431,11 @@
         core_views.manage_access_requests,
         name="manage_access_requests",
     ),
+    re_path(
+        r"^manager/account/(?P<account_id>\d+)/request_orcid/$",
+        core_views.request_orcid,
+        name="request_orcid",
+    ),
 ]
 
 # Journal homepage block loading

diff --git a/src/core/logic.py b/src/core/logic.py
@@ -148,6 +148,42 @@ def send_confirmation_link(request, new_user):
     )
 
 
+def send_orcid_request(request, user):
+    if request.journal:
+        publication_name = request.journal.name
+    elif request.repository:
+        publication_name = request.repository.name
+    else:
+        publication_name = request.press.name
+    context = {
+        "user": user,
+        "user_profile_url": request.site_type.site_url(
+            reverse("core_edit_profile"),
+        ),
+        "publication_name": publication_name,
+    }
+    log_dict = {"level": "Info", "types": "ORCID Request", "target": None}
+
+    user.date_orcid_requested = timezone.now()
+    user.save()
+
+    if user.is_active:
+        template = "orcid_request"
+        subject = "subject_orcid_request"
+    else:
+        template = "orcid_activate_request"
+        subject = "subject_orcid_activate_request"
+
+    notify_helpers.send_email_with_body_from_setting_template(
+        request,
+        template,
+        subject,
+        user.email,
+        context,
+        log_dict=log_dict,
+    )
+
+
 def resize_and_crop(
     img_path,
     size=settings.DEFAULT_CROP_SIZE,
@@ -1035,22 +1071,27 @@ def password_policy_check(request):
     password = request.POST.get("password_1")
 
     rules = [
-        lambda s: len(password) >= request.press.password_length
-        or _("Your password must be {} characters long").format(
-            request.press.password_length
+        lambda s: (
+            len(password) >= request.press.password_length
+            or _("Your password must be {} characters long").format(
+                request.press.password_length
+            )
         )
     ]
 
     if request.press.password_upper:
         rules.append(
-            lambda password: any(x.isupper() for x in password)
-            or _("An uppercase character is required")
+            lambda password: (
+                any(x.isupper() for x in password)
+                or _("An uppercase character is required")
+            )
         )
 
     if request.press.password_number:
         rules.append(
-            lambda password: any(x.isdigit() for x in password)
-            or _("A number is required")
+            lambda password: (
+                any(x.isdigit() for x in password) or _("A number is required")
+            )
         )
 
     problems = [p for p in [r(password) for r in rules] if p != True]

diff --git a/src/core/migrations/0110_account_date_orcid_requested_account_orcid_token_and_more.py b/src/core/migrations/0110_account_date_orcid_requested_account_orcid_token_and_more.py
@@ -0,0 +1,37 @@
+# Generated by Django 4.2.26 on 2026-02-18 21:39
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("core", "0109_salutation_name_20250707_1420"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="account",
+            name="date_orcid_requested",
+            field=models.DateTimeField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name="account",
+            name="orcid_token",
+            field=models.CharField(blank=True, default="", max_length=40),
+        ),
+        migrations.AddField(
+            model_name="account",
+            name="orcid_token_expiration",
+            field=models.DateTimeField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name="orcidtoken",
+            name="access_token",
+            field=models.CharField(blank=True, default="", max_length=40),
+        ),
+        migrations.AddField(
+            model_name="orcidtoken",
+            name="access_token_expiration",
+            field=models.DateTimeField(blank=True, null=True),
+        ),
+    ]
diff --git a/src/core/models.py b/src/core/models.py
@@ -71,6 +71,7 @@
 from utils import logic as utils_logic
 from utils.forms import plain_text_validator
 from production import logic as production_logic
+from utils.orcid import is_token_valid
 
 fs = JanewayFileSystemStorage()
 logger = get_logger(__name__)
@@ -485,6 +486,9 @@ class Account(AbstractBaseUser, PermissionsMixin):
     orcid = models.CharField(
         max_length=40, null=True, blank=True, verbose_name=_("ORCiD")
     )
+    orcid_token = models.CharField(max_length=40, blank=True, default="")
+    orcid_token_expiration = models.DateTimeField(null=True, blank=True)
+    date_orcid_requested = models.DateTimeField(blank=True, null=True)
     twitter = models.CharField(
         max_length=300, null=True, blank=True, verbose_name=_("Twitter Handle")
     )
@@ -884,6 +888,10 @@ def snapshot_as_author(self, article, force_update=True):
             "order": article.next_frozen_author_order(),
         }
 
+        if self.orcid:
+            frozen_dict["frozen_orcid"] = self.orcid
+            frozen_dict["is_frozen_orcid_valid"] = self.is_orcid_token_valid()
+
         frozen_author, created = submission_models.FrozenAuthor.objects.get_or_create(
             author=self,
             article=article,
@@ -948,6 +956,12 @@ def hypothesis_username(self):
         )[:30]
         return username.lower()
 
+    def get_orcid_url(self):
+        return f"{settings.ORCID_URL.replace('oauth/authorize', '')}{self.orcid}"
+
+    def is_orcid_token_valid(self):
+        return is_token_valid(self.orcid, self.orcid_token)
+
 
 def generate_expiry_date():
     return timezone.now() + timedelta(days=1)
@@ -959,9 +973,11 @@ class OrcidToken(models.Model):
     expiry = models.DateTimeField(
         default=generate_expiry_date, verbose_name=_("Expires on")
     )
+    access_token = models.CharField(max_length=40, blank=True, default="")
+    access_token_expiration = models.DateTimeField(null=True, blank=True)
 
     def __str__(self):
-        return "ORCiD Token [{0}] - {1}".format(self.orcid, self.token)
+        return "ORCID iD Token [{0}] - {1}".format(self.orcid, self.token)
 
 
 class PasswordResetToken(models.Model):

diff --git a/src/core/tests/test_app.py b/src/core/tests/test_app.py
@@ -15,6 +15,7 @@
 from django.urls.base import clear_script_prefix
 from django.utils import timezone
 from django.core import mail
+from journal.tests.utils import make_test_journal
 
 from utils.testing import helpers
 from utils import setting_handler, install
@@ -219,7 +220,7 @@ def test_register_with_orcid_token(self, record_mock):
         self.assertContains(response, "Campbell")
         self.assertContains(response, "Kasey")
         self.assertContains(response, "[email protected]")
-        self.assertNotContains(response, "Register with ORCiD")
+        self.assertNotContains(response, "Register with ORCID")
         self.assertContains(response, "http://sandbox.orcid.org/0000-0000-0000-0000")
         self.assertContains(
             response,
@@ -252,13 +253,13 @@ def test_register_with_orcid_token(self, record_mock):
     def test_registration(self):
         response = self.client.get(reverse("core_register"))
         self.assertEqual(response.status_code, 200)
-        self.assertContains(response, "Register with ORCiD")
+        self.assertContains(response, "Register with ORCID")
 
     @override_settings(ENABLE_ORCID=False)
     def test_registration(self):
         response = self.client.get(reverse("core_register"))
         self.assertEqual(response.status_code, 200)
-        self.assertNotContains(response, "Register with ORCiD")
+        self.assertNotContains(response, "Register with ORCID")
 
     @override_settings(URL_CONFIG="domain", CAPTCHA_TYPE=None)
     def test_mixed_case_login_different_case(self):
@@ -582,3 +583,88 @@ def setUp(self):
         )
 
         clear_script_prefix()
+
+    @override_settings(ENABLE_ORCID=False)
+    def test_profile_orcid_disabled(self):
+        self.client.force_login(self.admin_user)
+        response = self.client.get(reverse("core_edit_profile"))
+        self.assertContains(
+            response, '<input type="text" name="orcid" maxlength="40" id="id_orcid">'
+        )
+
+    @override_settings(ENABLE_ORCID=True)
+    def test_profile_orcid_enabled_no_orcid(self):
+        # Profile should offer to connect orcid
+        self.client.force_login(self.admin_user)
+        response = self.client.get(reverse("core_edit_profile"))
+        self.assertNotContains(response, "ORCID could not be validated.")
+        self.assertContains(response, "Connect your ORCID")
+
+    @override_settings(
+        ENABLE_ORCID=True, ORCID_URL="https://sandbox.orcid.org/oauth/authorize"
+    )
+    def test_profile_orcid_unverified(self):
+        self.admin_user.orcid = "0000-0000-0000-0000"
+        self.admin_user.save()
+        self.client.force_login(self.admin_user)
+        response = self.client.get(reverse("core_edit_profile"))
+        self.assertContains(response, "ORCID iD could not be validated.")
+        self.assertContains(response, "Connect your ORCID")
+        self.assertContains(response, "https://sandbox.orcid.org/0000-0000-0000-0000")
+
+    @patch.object(models.Account, "is_orcid_token_valid")
+    @override_settings(
+        ENABLE_ORCID=True, ORCID_URL="https://sandbox.orcid.org/oauth/authorize"
+    )
+    def test_profile_orcid(self, mock_method):
+        # override is_orcid_token valid make if valid
+        mock_method.return_value = True
+        self.admin_user.orcid = "0000-0000-0000-0000"
+        self.admin_user.orcid_token = "0a0aaaaa-0aa0-0000-aa00-a00aa0a00000"
+        self.admin_user.save()
+        self.client.force_login(self.admin_user)
+        response = self.client.get(reverse("core_edit_profile"))
+        self.assertContains(response, "https://sandbox.orcid.org/0000-0000-0000-0000")
+        self.assertContains(response, "remove_orcid")
+        self.assertContains(
+            response,
+            '<input type="hidden" name="orcid" value="0000-0000-0000-0000" id="id_orcid">',
+        )
+        self.assertNotContains(response, "ORCID iD could not be validated.")
+
+    @patch.object(models.Account, "is_orcid_token_valid")
+    @override_settings(
+        ENABLE_ORCID=True,
+        URL_CONFIG="domain",
+        ORCID_URL="https://sandbox.orcid.org/oauth/authorize",
+    )
+    def test_profile_orcid_not_admin(self, mock_method):
+        mock_method.return_value = True
+
+        journal_kwargs = {
+            "code": "fetests",
+            "domain": "fetests.janeway.systems",
+        }
+        journal = make_test_journal(**journal_kwargs)
+
+        journal_manager = helpers.create_user(
+            "[email protected]", ["journal-manager"], journal=journal
+        )
+        journal_manager.is_active = True
+        journal_manager.save()
+
+        self.regular_user.orcid = "0000-0000-0000-0000"
+        self.regular_user.orcid_token = "0a0aaaaa-0aa0-0000-aa00-a00aa0a00000"
+        self.regular_user.save()
+
+        self.client.force_login(journal_manager)
+
+        url = reverse("core_user_edit", kwargs={"user_id": self.regular_user.pk})
+        response = self.client.get(url, SERVER_NAME=journal.domain)
+        self.assertContains(response, "https://sandbox.orcid.org/0000-0000-0000-0000")
+        self.assertContains(
+            response,
+            '<input type="hidden" name="orcid" value="0000-0000-0000-0000" id="id_orcid">',
+        )
+        self.assertNotContains(response, "ORCID iD could not be validated.")
+        self.assertNotContains(response, "remove_orcid")