Merge remote-tracking branch 'origin/develop' into fix/ssr-throttle-token

Author: nsemets

CHANGELOG

@@ -2,6 +2,26 @@
 
 We follow the CalVer (https://calver.org/) versioning scheme: YY.MINOR.MICRO.
 
+26.4.0 (2026-02-26)
+===================
+
+* Search and fetch funder ids from ROR instead of CrossRef
+
+26.3.1 (2026-02-25)
+===================
+
+* Hotfix to prevent 403 error when fetching metadata from causing a redirect
+
+26.3.0 (2026-02-24)
+===================
+
+* FAIR Signposting
+
+26.2.1 (2026-02-03)
+===================
+
+* Hotfix for navigation translations and contributor search
+
 26.2.0 (2026-01-29)
 ===================
 

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "osf",
-  "version": "26.2.0",
+  "version": "26.4.0",
   "scripts": {
     "ng": "ng",
     "analyze-bundle": "ng build --configuration=analyze-bundle && source-map-explorer dist/**/*.js --no-border-checks",

package.json

@@ -44,10 +44,12 @@ export class NavMenuComponent {
   private readonly isAuthenticated = select(UserSelectors.isAuthenticated);
   private readonly currentResource = select(CurrentResourceSelectors.getCurrentResource);
   private readonly provider = select(ProviderSelectors.getCurrentProvider);
+  private readonly translationsReady = toSignal(this.translateService.stream('navigation.overview'));
 
   readonly actions = createDispatchMap({ getResourceDetails: GetResourceDetails });
 
   readonly mainMenuItems = computed(() => {
+    this.translationsReady();
     const isAuthenticated = this.isAuthenticated();
     const filtered = filterMenuItems(MENU_ITEMS, isAuthenticated);
 

src/app/core/components/nav-menu/nav-menu.component.ts

@@ -14,12 +14,14 @@ import { authInterceptor } from './auth.interceptor';
 
 describe('authInterceptor', () => {
   let cookieService: CookieService;
-  let mockHandler: jest.Mock;
+  let cookieServiceMock: { get: jest.Mock };
 
   const setup = (platformId = 'browser', environmentOverrides: Partial<EnvironmentModel> = {}) => {
+    cookieServiceMock = { get: jest.fn() };
+
     TestBed.configureTestingModule({
       providers: [
-        MockProvider(CookieService, { get: jest.fn() }),
+        MockProvider(CookieService, cookieServiceMock),
         MockProvider(PLATFORM_ID, platformId),
         MockProvider(ENVIRONMENT, { throttleToken: '', ...environmentOverrides } as EnvironmentModel),
       ],
@@ -29,7 +31,6 @@ describe('authInterceptor', () => {
   };
 
   beforeEach(() => {
-    mockHandler = jest.fn();
     jest.clearAllMocks();
   });
 
@@ -41,13 +42,13 @@ describe('authInterceptor', () => {
   };
 
   const createHandler = () => {
-    const handler = mockHandler.mockReturnValue(of({}));
+    const handler = jest.fn().mockReturnValue(of({}));
     return handler;
   };
 
-  it('should skip CrossRef funders API requests', () => {
+  it('should skip ROR funders API requests', () => {
     setup();
-    const request = createRequest('/api.crossref.org/funders/10.13039/100000001');
+    const request = createRequest('https://api.ror.org/v2');
     const handler = createHandler();
 
     runInInjectionContext(TestBed, () => authInterceptor(request, handler));
@@ -110,7 +111,7 @@ describe('authInterceptor', () => {
 
   it('should add CSRF token and withCredentials in browser platform', () => {
     setup();
-    jest.spyOn(cookieService, 'get').mockReturnValue('csrf-token-123');
+    cookieServiceMock.get.mockReturnValue('csrf-token-123');
 
     const request = createRequest('/api/v2/projects/');
     const handler = createHandler();
@@ -126,7 +127,7 @@ describe('authInterceptor', () => {
 
   it('should not add CSRF token when not available in browser platform', () => {
     setup();
-    jest.spyOn(cookieService, 'get').mockReturnValue('');
+    cookieServiceMock.get.mockReturnValue('');
 
     const request = createRequest('/api/v2/projects/');
     const handler = createHandler();

src/app/core/interceptors/auth.interceptor.spec.ts

@@ -8,11 +8,13 @@ import { inject, PLATFORM_ID } from '@angular/core';
 
 import { ENVIRONMENT } from '@core/provider/environment.provider';
 
+import { environment } from 'src/environments/environment';
+
 export const authInterceptor: HttpInterceptorFn = (
   req: HttpRequest<unknown>,
   next: HttpHandlerFn
 ): Observable<HttpEvent<unknown>> => {
-  if (req.url.includes('/api.crossref.org/funders')) {
+  if (req.url.startsWith(environment.funderApiUrl)) {
     return next(req);
   }
 

src/app/core/interceptors/auth.interceptor.ts

@@ -2,7 +2,7 @@ import { MockProvider } from 'ng-mocks';
 
 import { throwError } from 'rxjs';
 
-import { HttpContext, HttpErrorResponse, HttpRequest } from '@angular/common/http';
+import { HttpContext, HttpErrorResponse, HttpHeaders, HttpRequest } from '@angular/common/http';
 import { runInInjectionContext } from '@angular/core';
 import { TestBed } from '@angular/core/testing';
 import { Router } from '@angular/router';
@@ -271,4 +271,25 @@ describe('errorInterceptor', () => {
       });
     });
   });
+
+  it('should not navigate for 403 errors when X-No-Auth-Redirect header is true', () => {
+    const error = new HttpErrorResponse({
+      error: {},
+      status: 403,
+      url: '/metadata/abcde/?format=google-dataset-json-ld',
+      headers: new HttpHeaders({ 'X-No-Auth-Redirect': 'true' }),
+    });
+    const request = createRequest();
+
+    runInInjectionContext(TestBed, () => {
+      const result = errorInterceptor(request, createErrorHandler(error));
+      result.subscribe({
+        error: () => {
+          expect(router.navigate).not.toHaveBeenCalled();
+          expect(loaderService.hide).toHaveBeenCalled();
+          expect(toastService.showError).not.toHaveBeenCalled();
+        },
+      });
+    });
+  });
 });

src/app/core/interceptors/error.interceptor.spec.ts

@@ -63,7 +63,8 @@ export const errorInterceptor: HttpInterceptorFn = (req, next) => {
 
       if (error.status === 403) {
         const requestAccessRegex = /\/v2\/nodes\/[^/]+\/requests\/?$/i;
-        if (error.url && requestAccessRegex.test(error.url)) {
+
+        if (error.url && (requestAccessRegex.test(error.url) || req.headers.has('X-No-Auth-Redirect'))) {
           loaderService.hide();
           return throwError(() => error);
         }

src/app/core/interceptors/error.interceptor.ts

@@ -113,14 +113,14 @@ describe('viewOnlyInterceptor', () => {
   it('should not modify funders API requests even when view-only param exists', () => {
     jest.spyOn(viewOnlyHelper, 'getViewOnlyParam').mockReturnValue('funder123');
 
-    const request = createRequest('/api.crossref.org/funders/10.13039/100000001');
+    const request = createRequest('https://api.ror.org/v2');
     const handler = createHandler();
 
     runInInjectionContext(TestBed, () => viewOnlyInterceptor(request, handler));
 
     expect(handler).toHaveBeenCalledTimes(1);
     const modifiedRequest = handler.mock.calls[0][0];
-    expect(modifiedRequest.url).toBe('/api.crossref.org/funders/10.13039/100000001');
+    expect(modifiedRequest.url).toBe('https://api.ror.org/v2');
   });
 
   it('should handle requests to other external APIs normally', () => {

src/app/core/interceptors/view-only.interceptor.spec.ts

@@ -6,6 +6,8 @@ import { Router } from '@angular/router';
 
 import { ViewOnlyLinkHelperService } from '@osf/shared/services/view-only-link-helper.service';
 
+import { environment } from 'src/environments/environment';
+
 export const viewOnlyInterceptor: HttpInterceptorFn = (
   req: HttpRequest<unknown>,
   next: HttpHandlerFn
@@ -15,7 +17,7 @@ export const viewOnlyInterceptor: HttpInterceptorFn = (
 
   const viewOnlyParam = viewOnlyHelper.getViewOnlyParam(router);
 
-  if (!req.url.includes('/api.crossref.org/funders') && viewOnlyParam) {
+  if (!req.url.startsWith(environment.funderApiUrl) && viewOnlyParam) {
     if (req.url.includes('view_only=')) {
       return next(req);
     }