Merge remote-tracking branch 'upstream/develop' into add-new-notifications-data-model

Conflicts will be fixed in next commit:
* api/users/views.py
* api_tests/users/views/test_user_settings.py

Author: cslzchen

CHANGELOG

@@ -2,6 +2,11 @@
 
 We follow the CalVer (https://calver.org/) versioning scheme: YY.MINOR.MICRO.
 
+25.16.0 (2025-09-17)
+====================
+
+- Misc. fixes for Angular migration
+
 25.15.2 (2025-09-10)
 ====================
 

admin/brands/forms.py

@@ -11,6 +11,7 @@ class Meta:
         widgets = {
             'primary_color': TextInput(attrs={'class': 'colorpicker'}),
             'secondary_color': TextInput(attrs={'class': 'colorpicker'}),
+            'background_color': TextInput(attrs={'class': 'colorpicker'}),
             'topnav_logo_image': TextInput(attrs={'placeholder': 'Logo should be max height of 40px', 'size': 200}),
             'hero_logo_image': TextInput(
                 attrs={'placeholder': 'Logo image should be max height of 100px', 'size': 200}

admin/brands/views.py

@@ -60,6 +60,14 @@ class BrandChangeForm(PermissionRequiredMixin, UpdateView):
     raise_exception = True
     model = Brand
     form_class = BrandForm
+    template_name = 'brands/detail.html'
+
+    def get_context_data(self, **kwargs):
+        context = super().get_context_data(**kwargs)
+        context['change_form'] = context.get('form')
+        brand_obj = self.get_object()
+        context['brand'] = model_to_dict(brand_obj)
+        return context
 
     def get_object(self, queryset=None):
         brand_id = self.kwargs.get('brand_id')
@@ -81,13 +89,17 @@ def post(self, request, *args, **kwargs):
         view = BrandChangeForm.as_view()
         primary_color = request.POST.get('primary_color')
         secondary_color = request.POST.get('secondary_color')
+        background_color = request.POST.get('background_color')
 
         if not is_a11y(primary_color):
             messages.warning(request, """The selected primary color is not a11y compliant.
                 For more information, visit https://color.a11y.com/""")
         if not is_a11y(secondary_color):
             messages.warning(request, """The selected secondary color is not a11y compliant.
                 For more information, visit https://color.a11y.com/""")
+        if background_color and not is_a11y(background_color):
+            messages.warning(request, """The selected background color is not a11y compliant.
+                For more information, visit https://color.a11y.com/""")
         return view(request, *args, **kwargs)
 
 
@@ -109,11 +121,15 @@ def get_context_data(self, *args, **kwargs):
     def post(self, request, *args, **kwargs):
         primary_color = request.POST.get('primary_color')
         secondary_color = request.POST.get('secondary_color')
+        background_color = request.POST.get('background_color')
 
         if not is_a11y(primary_color):
             messages.warning(request, """The selected primary color is not a11y compliant.
                 For more information, visit https://color.a11y.com/""")
         if not is_a11y(secondary_color):
             messages.warning(request, """The selected secondary color is not a11y compliant.
                 For more information, visit https://color.a11y.com/""")
+        if background_color and not is_a11y(background_color):
+            messages.warning(request, """The selected background color is not a11y compliant.
+                For more information, visit https://color.a11y.com/""")
         return super().post(request, *args, **kwargs)

admin/static/js/banners/banners.js

@@ -26,6 +26,9 @@ $(document).ready(function() {
         }
     });
 
-    $(".colorpicker").colorpicker();
+    $(".colorpicker").colorpicker({
+        format: 'hex',
+        useAlpha: false
+    });
 
 });

admin/static/js/brands/brands.js

@@ -5,6 +5,9 @@ require('bootstrap-colorpicker/dist/css/bootstrap-colorpicker.min.css');
 
 $(document).ready(function() {
 
-    $(".colorpicker").colorpicker();
+    $(".colorpicker").colorpicker({
+        format: 'hex',
+        useAlpha: false
+    });
 
 });

admin/users/views.py

@@ -12,7 +12,6 @@
 from django.contrib.auth.mixins import PermissionRequiredMixin
 from django.urls import reverse
 from django.core.exceptions import PermissionDenied
-from django.core.mail import send_mail
 from django.shortcuts import redirect
 from django.core.paginator import Paginator
 from django.core.exceptions import ValidationError
@@ -48,7 +47,8 @@
     AddSystemTagForm
 )
 from admin.base.views import GuidView
-from website.settings import DOMAIN, OSF_SUPPORT_EMAIL
+from api.users.services import send_password_reset_email
+from website.settings import DOMAIN
 from django.urls import reverse_lazy
 
 
@@ -532,17 +532,9 @@ class ResetPasswordView(UserMixin, View):
     def post(self, request, *args, **kwargs):
         email = self.request.POST['emails']
         user = get_user(email)
-        url = furl(DOMAIN)
 
-        user.verification_key_v2 = generate_verification_key(verification_type='password_admin')
-        user.save()
-        url.add(path=f'resetpassword/{user._id}/{user.verification_key_v2["token"]}')
-        send_mail(
-            subject='Reset OSF Password',
-            message=f'Follow this link to reset your password: {url.url}\n Note: this link will expire in 12 hours',
-            from_email=OSF_SUPPORT_EMAIL,
-            recipient_list=[email]
-        )
+        send_password_reset_email(user, email, institutional=False, verification_type='password_admin')
+
         update_admin_log(
             user_id=self.request.user.id,
             object_id=user.pk,

api/brands/serializers.py

@@ -15,6 +15,7 @@ class BrandSerializer(JSONAPISerializer):
 
     primary_color = ser.CharField(read_only=True, max_length=7)
     secondary_color = ser.CharField(read_only=True, max_length=7)
+    background_color = ser.CharField(read_only=True, allow_null=True, max_length=7)
 
     links = LinksField({
         'self': 'get_absolute_url',

api/collections/views.py

@@ -36,6 +36,7 @@
     CollectedRegistrationsRelationshipSerializer,
 )
 from api.nodes.serializers import NodeSerializer
+from api.nodes.filters import NodesFilterMixin
 from api.preprints.serializers import PreprintSerializer
 from api.subjects.views import SubjectRelationshipBaseView, BaseResourceSubjectsList
 from api.registrations.serializers import RegistrationSerializer
@@ -506,7 +507,7 @@ def get_resource(self, check_object_permissions=True):
         return self.get_collection_submission(check_object_permissions)
 
 
-class LinkedNodesList(JSONAPIBaseView, generics.ListAPIView, CollectionMixin, NodeOptimizationMixin):
+class LinkedNodesList(JSONAPIBaseView, generics.ListAPIView, CollectionMixin, NodeOptimizationMixin, NodesFilterMixin):
     """List of nodes linked to this node. *Read-only*.
 
     Linked nodes are the project/component nodes pointed to by node links. This view will probably replace node_links in the near future.
@@ -569,12 +570,15 @@ class LinkedNodesList(JSONAPIBaseView, generics.ListAPIView, CollectionMixin, No
 
     ordering = ('-modified',)
 
-    def get_queryset(self):
+    def get_default_queryset(self):
         auth = get_user_auth(self.request)
         node_ids = self.get_collection().active_guids.filter(content_type_id=ContentType.objects.get_for_model(Node).id).values_list('object_id', flat=True)
         nodes = Node.objects.filter(id__in=node_ids, is_deleted=False).can_view(user=auth.user, private_link=auth.private_link).order_by('-modified')
         return self.optimize_node_queryset(nodes)
 
+    def get_queryset(self):
+        return self.get_queryset_from_request()
+
     # overrides APIView
     def get_parser_context(self, http_request):
         """

api/custom_metadata/serializers.py

@@ -2,6 +2,7 @@
 import rest_framework.serializers as ser
 
 from framework.auth.core import Auth
+from osf.metadata.definitions.datacite import DATACITE_RESOURCE_TYPES_GENERAL
 from api.base.serializers import (
     IDField,
     JSONAPISerializer,
@@ -80,10 +81,10 @@ class CustomItemMetadataSerializer(JSONAPISerializer):
         allow_blank=True,
         max_length=REASONABLE_MAX_LENGTH,
     )
-    resource_type_general = ser.CharField(
+    resource_type_general = ser.ChoiceField(
         required=False,
         allow_blank=True,
-        max_length=REASONABLE_MAX_LENGTH,
+        choices=sorted(DATACITE_RESOURCE_TYPES_GENERAL),
     )
     funders = FundingInfoSerializer(
         many=True,

api/institutions/views.py

@@ -592,6 +592,7 @@ def get_default_search(self):
             InstitutionalUserReport.search()
             .filter('term', report_yearmonth=str(_yearmonth))
             .filter('term', institution_id=self.get_institution()._id)
+            .exclude('term', user_name='Deleted user')
         )