Merge branch 'main' into submission

app/controllers/api_application_controller.rb

@@ -5,10 +5,13 @@
 
 # class ApplicationController < ActionController::Base
 class ApiApplicationController < StashEngine::ApplicationController
+  include StashApi::Versioning
 
   layout 'layouts/stash_engine/application'
 
   before_action :log_request
+  before_action :set_response_version_header
+  before_action :check_requested_version
   skip_before_action :verify_authenticity_token
 
   DEFAULT_PAGE_SIZE = 20

app/controllers/stash_api/versioning.rb

@@ -0,0 +1,34 @@
+module StashApi
+  module Versioning
+    extend ActiveSupport::Concern
+
+    private
+
+    def set_response_version_header
+      response.headers['X-API-Version'] = api_version
+      return if api_version == current_version
+
+      response.headers['X-API-Deprecation'] = 'true'
+    end
+
+    def check_requested_version
+      return if !requested_version || requested_version == current_version
+
+      render json: { error: "Unsupported API version: #{requested_version}, latest version is: #{current_version}" }, status: 400
+    end
+
+    def current_version
+      '2.1.0'
+    end
+
+    def api_version
+      return requested_version if requested_version
+
+      request.path.include?('/api/v2') ? '2.1.0' : '1.0.0'
+    end
+
+    def requested_version
+      @requested_version ||= request.headers['X-API-Version']
+    end
+  end
+end

app/javascript/react/components/MetadataEntry/ResearchDomain.jsx

@@ -52,6 +52,7 @@ function ResearchDomain({
               formik.handleSubmit();
             }}
           >
+            <option value="" aria-label="Choose a research domain" />
             {subjectList.map((subj, index) => {
               // key made from subj + count of preceding duplicates
               const key = subj + subjectList.slice(0, index).filter((s) => s === subj).length;

app/views/layouts/_best_practices.html.md

@@ -19,7 +19,7 @@ Additionally, if applicable, please do not include any data visualizations that
 
 ## Make sure your data are shareable
 
-* **All files submitted to Dryad must abide by the terms of the [Creative Commons Zero (CC0 1.0)](https://creativecommons.org/publicdomain/zero/1.0/) waiver**. Under these terms, the author releases the data to the public domain.
+* **All files submitted to Dryad must abide by the terms of the [Creative Commons Zero v1.0 Universal](https://spdx.org/licenses/CC0-1.0.html) waiver**. Under these terms, the author releases the data to the public domain.
     * Review all files and ensure they conform to `CC0` terms and are not covered by copyright claims or other terms-of-use. We cannot archive any files that contain licenses incompatible with `CC0` (`GNU GPL, MIT, CC-BY,` etc.), but we can link to content in a dedicated software repository (Github, Zenodo, Bitbucket, or CRAN, etc.).
     * For more information see [Good data practices: Removing barriers to data reuse with CC0 licensing](https://blog.datadryad.org/2023/05/30/good-data-practices-removing-barriers-to-data-reuse-with-cc0-licensing/), [Why Does Dryad Use CC0](https://blog.datadryad.org/2011/10/05/why-does-dryad-use-cc0/), and [Some dos and don'ts for CC0](https://blog.datadryad.org/2017/09/11/some-dos-and-donts-for-cc0/).
 * Human subjects data must be properly anonymized and prepared under applicable legal and ethical guidelines (see <a href="/docs/HumanSubjectsData.pdf">tips for human subjects data<span class="pdfIcon" role="img" aria-label=" (PDF)"/></a>).
@@ -127,9 +127,9 @@ Ready to get started? [Log in](/stash/sessions/choose_login) and go to the "My d
 ### Additional resources
 
 * Institutional data librarians are an outstanding resource. Check with your university library's data management services team.
-* [Cornell University Research Data Management Service Group's Guide to writing "readme" style metadata](https://data.research.cornell.edu/content/readme)
-* [Why Dryad uses Creative Commons Zero](https://blog.datadryad.org/2011/10/05/why-does-dryad-use-cc0/)
-* <a href="https://www.dataone.org/sites/all/documents/DataONE_BP_Primer_020212.pdf">DataONE Primer on Data Management Best Practices<span class="pdfIcon" role="img" aria-label=" (PDF)"/></a>
-* [Introduction to Open Science: Why data versioning and data care practices are key for science and social science](http://blogs.lse.ac.uk/impactofsocialsciences/2015/02/09/data-versioning-open-science/)
-* [Making data Findable, Accessible, Interoperable, and Reusable (FAIR)](https://www.force11.org/group/fairgroup/fairprinciples)
-* [Data organization in spreadsheets](http://www.tandfonline.com/doi/full/10.1080/00031305.2017.1375989)
+* <a href="https://data.research.cornell.edu/content/readme" target="_blank">Cornell University Research Data Management Service Group's Guide to writing "readme" style metadata<span class="screen-reader-only"> (opens in new window)</span></a>
+* <a href="https://blog.datadryad.org/2011/10/05/why-does-dryad-use-cc0/" target="_blank">Why Dryad uses Creative Commons Zero<span class="screen-reader-only"> (opens in new window)</span></a>
+* <a href="https://dataoneorg.github.io/Education/bestpractices/" target="_blank">DataONE Primer on Data Management Best Practices<span class="screen-reader-only"> (opens in new window)</span></a>
+* <a href="https://blogs.lse.ac.uk/impactofsocialsciences/2015/02/09/data-versioning-open-science/" target="_blank">Introduction to Open Science: Why data versioning and data care practices are key for science and social science<span class="screen-reader-only"> (opens in new window)</span></a>
+* <a href="https://www.force11.org/group/fairgroup/fairprinciples" target="_blank">Making data Findable, Accessible, Interoperable, and Reusable (FAIR)<span class="screen-reader-only"> (opens in new window)</span></a>
+* <a href="https://www.tandfonline.com/doi/full/10.1080/00031305.2017.1375989" target="_blank">Data organization in spreadsheets<span class="screen-reader-only"> (opens in new window)</span></a>

app/views/layouts/_requirements.html.md

@@ -23,6 +23,10 @@ Most types of files can be submitted (e.g., text, spreadsheets, video, photograp
 * **Video**: `AVI, MPEG, MP4`
 * **Compressed file archive**: `TAR.GZ, 7Z, ZIP`
 
+<div class="callout">
+<p><span style="background-color: white; border-radius: 3px; padding: 4px 4px 2px">Note:</span> RAR (Roshal ARchive) is a proprietary compression format. Because users may not have access to the necessary tools to open RAR files, we cannot accept them for publication. Please use open, widely supported, and easily accessible formats like those listed above.</p>
+</div>
+
 
 ## File size
 

app/views/stash_datacite/licenses/_license_sidebar.html.erb

@@ -3,5 +3,5 @@
   <%= render partial: 'stash_datacite/licenses/no_license_review', locals: {right: right} %>
 <% else %>
   <h2>License:</h2>
-  <a href="https://creativecommons.org/publicdomain/zero/1.0/" target="_blank"><i class="fab fa-creative-commons-zero" aria-hidden="true"></i>Public domain<span class="screen-reader-only"> (opens in new window)</span></a>
+  <a href="https://spdx.org/licenses/CC0-1.0.html" target="_blank"><i class="fab fa-creative-commons-zero" aria-hidden="true"></i>Public domain<span class="screen-reader-only"> (opens in new window)</span></a>
 <% end %>

app/views/stash_engine/resource_mailer/send_set_to_withdrawn_notification.html.erb

@@ -1,6 +1,8 @@
 <p>Dear <%= @user_name %>,</p>
 
-<p>Your data submission has been automatically withdrawn from the Dryad platform and will be permanently deleted after one year:</p>
+<p>Your data submission has been automatically withdrawn from the Dryad platform
+  due to inactivity for more than one year. Your data will be permanently
+  deleted after one year with further inactivity:</p>
 
 <p>
   Title: <%= @resource.title %><br/>
@@ -19,4 +21,10 @@
   </ol>
 </p>
 
-<p>If you have questions about this action, please contact us at <a href="mailto:<%= @helpdesk_email %>?subject=Auto-Withdraw <%= @resource.identifier_str %>"><%= @helpdesk_email %></a>.</p>
+<p>Please note that your dataset never completed the curation process and,
+  therefore, was not published. You should have received an email from us
+  outlining the changes required to have your dataset published.</p>
+
+<p>If you do not have access to the email or if you have any questions about the
+  action taken to withdraw your dataset, please contact us at
+  <a href="mailto:<%= @helpdesk_email %>?subject=Auto-Withdraw <%= @resource.identifier_str %>"><%= @helpdesk_email %></a>.</p>

config/licenses.yml

@@ -2,8 +2,8 @@
 # and then uri, name, explanation and badge
 
 cc0:
-  uri: https://creativecommons.org/publicdomain/zero/1.0/
-  name: CC0 1.0 Universal (CC0 1.0) Public Domain Dedication
+  uri: https://spdx.org/licenses/CC0-1.0.html
+  name: Creative Commons Zero v1.0 Universal
   explanation: >
     This releases your work to the public domain for any use.
   badge: icon_cc-zero.svg

db/data/20241028110859_updated_cc0_license.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+class UpdatedCc0License < ActiveRecord::Migration[7.0]
+  def up
+    StashDatacite::Right.where(rights: 'CC0 1.0 Universal (CC0 1.0) Public Domain Dedication')
+                        .update_all(rights: 'Creative Commons Zero v1.0 Universal', rights_uri: 'https://spdx.org/licenses/CC0-1.0.html')
+  end
+
+  def down
+    raise ActiveRecord::IrreversibleMigration
+  end
+end

db/data_schema.rb

@@ -1 +1 @@
-DataMigrate::Data.define(version: 20241022152849)
+DataMigrate::Data.define(version: 20241028110859)

documentation/apis/README.md

@@ -50,3 +50,24 @@ Dryad maintains a variety of reports regarding its content.
 - Reports that are automatically generated on a regular basis are available at `https://datadryad.org/api/v2/reports`
 - Reports that are generated less frequently are available through our [Data about Dryad](https://github.com/datadryad/dryad-data/) repository
 
+
+API Versioning
+============
+
+The Dryad API uses [Semantic Versioning](https://semver.org/) to track changes to the API. 
+
+The current version of our API is `2.1.0`. This is also the only supported API versions, at the moment.
+
+In order to use the latest API version, you can:
+- Use `https://datadryad.org/api/v2/` as the base URL for all API requests.
+- You can also send send the `X-API-Version: 2.1.0`
+
+We added 2 new response headers:
+- The `X-API-Version` header to allow clients to specify the version of the API they are using.
+- The `X-API-Deprecation` header to notify clients if the version they are using is deprecated and will be removed in the future.
+
+In case a bad version number is used, the API will respond with:
+- `400` error status.
+- `{ "error": "Unsupported API version: {requested-version}, latest version is: 2.1.0" }` in the response body.
+- The `X-API-Version` header set to the version of the API you requested.
+- The `X-API-Deprecation` header set `true`. This header will not be returned in case the version you are using is not deprecated.

documentation/apis/embedded_submission.md

@@ -106,7 +106,7 @@ A sample call using the [sample dataset file](sample_dataset.json), with results
   "lastModificationDate": "2020-10-02",
   "visibility": "restricted",
   "userId": "0000-0003-0597-4085",
-  "license": "https://creativecommons.org/publicdomain/zero/1.0/",
+  "license": "https://spdx.org/licenses/CC0-1.0.html",
   "editLink": "/stash/edit/doi%3A10.7959%2Fdryad.83bk3jc0"
   }
 ```
@@ -197,7 +197,7 @@ Sample call and (abbreviated) response:
   "visibility": "restricted",
   "sharingLink":"https://datadryad.org/stash/share/OI-tU-WmoT3I2KCOqX7Of624",
   "userId": 37182,
-  "license": "https://creativecommons.org/publicdomain/zero/1.0/",
+  "license": "https://spdx.org/licenses/CC0-1.0.html",
   "editLink": "/stash/edit/doi%3A10.7959%2Fdryad.83bk3jc0"
   }
 ```

documentation/shibboleth/README.md

@@ -198,3 +198,27 @@ mv shibd.service shibd-old.service
 sudo systemctl enable shibd.service
 ```
 
+Renewing certificats for Shibboleth
+===================================
+
+To test the certificate, log in to the machine you are testing and run:
+
+`echo | openssl s_client -showcerts -servername localhost -connect localhost:443 2>/dev/null | openssl x509 -inform pem -noout -text`
+
+The certificate should state that it's from "Let's Encrypt", and it should have valid dates.
+
+To renew a certificate:
+- On the server where you will generate the certificate, update the Apache to respond on port 80 as well as 443. Copy the `datadryad.org.conf` file, and change the new file to respond to port 80.
+- Restart Apache: `apache_restart.sh`
+- In the load balancer, disable servers other than the one you are using to generate the certificate
+- On the server, generate the certificate and install (change the server name in the directories):
+```
+sudo certbot renew
+sudo cp /etc/letsencrypt/live/sandbox.datadryad.org/fullchain.pem /etc/pki/tls/certs/letsencrypt.crt
+sudo cp /etc/letsencrypt/live/sandbox.datadryad.org/privkey.pem /etc/pki/tls/private/letsencrypt.key
+apache_restart.sh
+```
+- Copy the certificate files to other servers and restart Apache on those servers as well
+- Re-enable all servers in the load balancer
+- Remove the "extra" configuration file for Apache
+- If the server is also running Shibboleth services, restart them: `sudo systemctl restart shibd` and verify that Shibboleth is working through Apache `curl -k https://localhost/Shibboleth.sso/Status`