From 95bf70c15f54184255f1d114ccc3c42d7acc10a5 Mon Sep 17 00:00:00 2001
From: Ihsan Ullah <ihsan2131@gmail.com>
Date: Wed, 7 Feb 2024 14:42:02 +0500
Subject: [PATCH 01/19] organization oidc login added

---
 src/apps/oidc_configurations/__init__.py      |   0
 src/apps/oidc_configurations/admin.py         |   6 +
 src/apps/oidc_configurations/apps.py          |   5 +
 .../migrations/0001_initial.py                |  29 ++++
 .../migrations/__init__.py                    |   0
 src/apps/oidc_configurations/models.py        |  14 ++
 src/apps/oidc_configurations/tests.py         |   3 +
 src/apps/oidc_configurations/urls.py          |  10 ++
 src/apps/oidc_configurations/views.py         | 144 ++++++++++++++++++
 src/apps/profiles/views.py                    |   6 +
 src/settings/base.py                          |   1 +
 src/templates/oidc/oidc_complete.html         |  16 ++
 src/templates/registration/login.html         |  22 +++
 src/urls.py                                   |   2 +
 14 files changed, 258 insertions(+)
 create mode 100644 src/apps/oidc_configurations/__init__.py
 create mode 100644 src/apps/oidc_configurations/admin.py
 create mode 100644 src/apps/oidc_configurations/apps.py
 create mode 100644 src/apps/oidc_configurations/migrations/0001_initial.py
 create mode 100644 src/apps/oidc_configurations/migrations/__init__.py
 create mode 100644 src/apps/oidc_configurations/models.py
 create mode 100644 src/apps/oidc_configurations/tests.py
 create mode 100644 src/apps/oidc_configurations/urls.py
 create mode 100644 src/apps/oidc_configurations/views.py
 create mode 100644 src/templates/oidc/oidc_complete.html

diff --git a/src/apps/oidc_configurations/__init__.py b/src/apps/oidc_configurations/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/src/apps/oidc_configurations/admin.py b/src/apps/oidc_configurations/admin.py
new file mode 100644
index 000000000..5ea6e683f
--- /dev/null
+++ b/src/apps/oidc_configurations/admin.py
@@ -0,0 +1,6 @@
+from django.contrib import admin
+from .models import Auth_Organization
+
+admin.site.register(Auth_Organization)
+
+# Register your models here.
diff --git a/src/apps/oidc_configurations/apps.py b/src/apps/oidc_configurations/apps.py
new file mode 100644
index 000000000..3d757062b
--- /dev/null
+++ b/src/apps/oidc_configurations/apps.py
@@ -0,0 +1,5 @@
+from django.apps import AppConfig
+
+
+class OidcConfigurationsConfig(AppConfig):
+    name = 'oidc_configurations'
diff --git a/src/apps/oidc_configurations/migrations/0001_initial.py b/src/apps/oidc_configurations/migrations/0001_initial.py
new file mode 100644
index 000000000..266976235
--- /dev/null
+++ b/src/apps/oidc_configurations/migrations/0001_initial.py
@@ -0,0 +1,29 @@
+# Generated by Django 2.2.17 on 2024-02-04 14:21
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Auth_Organization',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=255)),
+                ('client_id', models.CharField(max_length=255)),
+                ('client_secret', models.CharField(max_length=255)),
+                ('authorization_url', models.URLField()),
+                ('token_url', models.URLField()),
+                ('user_info_url', models.URLField()),
+                ('redirect_url', models.URLField()),
+                ('button_bg_color', models.CharField(default='#2C3E4C', max_length=20)),
+                ('button_text_color', models.CharField(default='#FFFFFF', max_length=20)),
+            ],
+        ),
+    ]
diff --git a/src/apps/oidc_configurations/migrations/__init__.py b/src/apps/oidc_configurations/migrations/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/src/apps/oidc_configurations/models.py b/src/apps/oidc_configurations/models.py
new file mode 100644
index 000000000..07525ca3c
--- /dev/null
+++ b/src/apps/oidc_configurations/models.py
@@ -0,0 +1,14 @@
+# oidc_configurations/models.py
+from django.db import models
+
+
+class Auth_Organization(models.Model):
+    name = models.CharField(max_length=255)
+    client_id = models.CharField(max_length=255)
+    client_secret = models.CharField(max_length=255)
+    authorization_url = models.URLField()
+    token_url = models.URLField()
+    user_info_url = models.URLField()
+    redirect_url = models.URLField()
+    button_bg_color = models.CharField(max_length=20, default='#2C3E4C')
+    button_text_color = models.CharField(max_length=20, default='#FFFFFF')
diff --git a/src/apps/oidc_configurations/tests.py b/src/apps/oidc_configurations/tests.py
new file mode 100644
index 000000000..7ce503c2d
--- /dev/null
+++ b/src/apps/oidc_configurations/tests.py
@@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.
diff --git a/src/apps/oidc_configurations/urls.py b/src/apps/oidc_configurations/urls.py
new file mode 100644
index 000000000..7bfae4f99
--- /dev/null
+++ b/src/apps/oidc_configurations/urls.py
@@ -0,0 +1,10 @@
+# oidc_configurations/urls.py
+from django.urls import path
+from .views import organization_oidc_login, oidc_complete
+
+app_name = 'oidc_configurations'
+
+urlpatterns = [
+    path('organization_oidc_login/', organization_oidc_login, name='organization_oidc_login'),
+    path('complete/<int:auth_organization_id>/', oidc_complete, name='oidc_complete'),
+]
diff --git a/src/apps/oidc_configurations/views.py b/src/apps/oidc_configurations/views.py
new file mode 100644
index 000000000..63f59989e
--- /dev/null
+++ b/src/apps/oidc_configurations/views.py
@@ -0,0 +1,144 @@
+# oidc_configurations/views.py
+import base64
+import requests
+from django.shortcuts import render, redirect, get_object_or_404
+from .models import Auth_Organization
+
+
+def organization_oidc_login(request):
+    # Check if this is a post request and it contains organization_oauth2_login
+    if request.method == 'POST' and 'organization_oidc_login' in request.POST:
+        # Get auth organization id from the request
+        auth_organization_id = request.POST.get('organization_oidc_login')
+
+        # Get auth organization using its id
+        organization = get_object_or_404(Auth_Organization, pk=auth_organization_id)
+
+        if organization:
+            # Create a redirect url consisiting of
+            # - authorization_url
+            # - client_id
+            # - response_type
+            # - scope
+            # - redirect_uri
+            oidc_auth_url = (
+                f"{organization.authorization_url}?"
+                f"client_id={organization.client_id}&"
+                f"response_type=code&"
+                "scope=openid profile email&"
+                f"redirect_uri={organization.redirect_url}"
+            )
+
+            # Redirect the user to the OAuth2 provider's authorization URL
+            return redirect(oidc_auth_url)
+
+    # Handle other cases or render a different template if needed
+    return render(request, 'registration/login.html')
+
+
+def oidc_complete(request, auth_organization_id):
+
+    # create empty context
+    context = {}
+
+    # Get error or authorization code from the query string
+    error = request.GET.get('error', None)
+    error_description = request.GET.get('error_description', None)
+    authorization_code = request.GET.get('code', None)
+
+    if error:
+        context["error"] = error
+
+    if error_description:
+        context["error_description"] = error_description
+
+    # Token exhange process
+    if authorization_code:
+
+        print(f"\n\n\n Authentication Code: {authorization_code} \n\n\n")
+
+        try:
+            # STEP 1: Get auth organization using its id
+            organization = get_object_or_404(Auth_Organization, pk=auth_organization_id)
+            if organization:
+
+                # Get access token
+                access_token, token_error = get_access_token(organization, authorization_code)
+                if token_error:
+                    context["error"] = token_error
+
+                print(f"\n\n\n Access Token: {access_token} \n\n\n")
+
+                # STEP 2: Make a POST request to the user info endpoint to get user info
+                user_info, user_info_error = get_user_info(organization, access_token)
+                if user_info_error:
+                    context["error"] = user_info_error
+
+                print(f"\n\n\n User Info: {user_info} \n\n\n")
+
+                print(user_info)
+                # STEP 3: Check in db if this user exists then login, if user is new create a new user and then login
+
+            else:
+                context["error"] = "Invalid Organization ID!"
+        except Exception as e:
+            context["error"] = f"{e}"
+
+    return render(request, 'oidc/oidc_complete.html', context)
+
+
+def get_access_token(organization, authorization_code):
+
+    token_url = organization.token_url
+    client_id = organization.client_id
+    client_secret = organization.client_secret
+    redirect_url = organization.redirect_url
+
+    auth_header = base64.b64encode(f"{client_id}:{client_secret}".encode()).decode("utf-8")
+    headers = {
+        "Content-Type": "application/x-www-form-urlencoded",
+        "Authorization": f"Basic {auth_header}",
+    }
+    data = {
+        "grant_type": "authorization_code",
+        "code": authorization_code,
+        "redirect_uri": redirect_url,
+    }
+
+    # response = requests.post(token_url, data=data, headers=headers)
+
+    # try:
+    #     token_data = response.json()
+    #     return token_data.get('access_token'), None
+    # except Exception as e:
+    #     return None, e
+
+    try:
+        response = requests.post(token_url, data=data, headers=headers)
+        response.raise_for_status()  # Raise an HTTPError for bad responses (4xx or 5xx)
+        token_data = response.json()
+        access_token = token_data.get('access_token')
+        return access_token, None
+    except requests.exceptions.RequestException as e:
+        print(f"Error during token request: {e}")
+        return None, e
+    except Exception as e:
+        print(f"Error parsing token response: {e}")
+        return None, e
+
+
+def get_user_info(organization, access_token):
+
+    user_info_url = organization.user_info_url
+
+    headers = {
+        'Authorization': f'Bearer {access_token}',
+    }
+
+    response = requests.get(user_info_url, headers=headers)
+
+    try:
+        user_info = response.json()
+        return user_info, None
+    except Exception as e:
+        return None, e
diff --git a/src/apps/profiles/views.py b/src/apps/profiles/views.py
index 33ab6235d..fda7e124a 100644
--- a/src/apps/profiles/views.py
+++ b/src/apps/profiles/views.py
@@ -21,6 +21,7 @@
     UserNotificationSerializer
 from .forms import SignUpForm, LoginForm
 from .models import User, Organization, Membership
+from oidc_configurations.models import Auth_Organization
 from .tokens import account_activation_token
 
 
@@ -172,6 +173,11 @@ def log_in(request):
         else:
             context['form'] = form
 
+    # Fetch auth_organizations from the database
+    auth_organizations = Auth_Organization.objects.all()
+    if auth_organizations:
+        context['auth_organizations'] = auth_organizations
+
     if not context.get('form'):
         context['form'] = LoginForm()
     return render(request, 'registration/login.html', context)
diff --git a/src/settings/base.py b/src/settings/base.py
index d5047db82..513ae7918 100644
--- a/src/settings/base.py
+++ b/src/settings/base.py
@@ -60,6 +60,7 @@
     'health',
     'forums',
     'announcements',
+    'oidc_configurations',
 )
 INSTALLED_APPS = THIRD_PARTY_APPS + OUR_APPS
 
diff --git a/src/templates/oidc/oidc_complete.html b/src/templates/oidc/oidc_complete.html
new file mode 100644
index 000000000..293d52823
--- /dev/null
+++ b/src/templates/oidc/oidc_complete.html
@@ -0,0 +1,16 @@
+{% extends 'base.html' %}
+{% load static %}
+
+{% block content %}
+<div class="sixteen wide mobile six wide computer centered">
+    {% if error %}
+        <h3 class="ui centered header">OIDC Error</h3>
+        <div class="ui red message">
+            <h4>{{ error }}</h4>
+            {% if error_description %}
+            <p>{{ error_description }}</p>
+            {% endif %}
+        </div>
+    {% endif %}
+</div>
+{% endblock %}
\ No newline at end of file
diff --git a/src/templates/registration/login.html b/src/templates/registration/login.html
index 55d8f10cf..99bf8033c 100644
--- a/src/templates/registration/login.html
+++ b/src/templates/registration/login.html
@@ -58,5 +58,27 @@ <h2 class="ui blue centered header">
             <div class="ui error message"></div>
         </form>
     </div>
+
+    <!-- Auth Organization Buttons -->
+    {% if auth_organizations %}
+    <div class="sixteen wide mobile six wide computer centered column">
+        <h3 class="ui centered header">Organization Login</h3>
+        {% for organization in auth_organizations %}
+            <form method="POST" action="{% url 'oidc_configurations:organization_oidc_login' %}">
+            {% csrf_token %}
+            <button class="ui fluid primary submit button"
+                    type="submit"
+                    name="organization_oidc_login"
+                    value="{{ organization.id }}"
+                    style="background-color: {{ organization.button_bg_color }};
+                           color: {{ organization.button_text_color }};
+                           margin-bottom:5px;">
+                Login with {{ organization.name }}
+            </button>
+            </form>
+        {% endfor %}
+        
+    </div>
+    {% endif %}
 </div>
 {% endblock %}
\ No newline at end of file
diff --git a/src/urls.py b/src/urls.py
index ea610fd46..a74ff4b5b 100644
--- a/src/urls.py
+++ b/src/urls.py
@@ -30,6 +30,8 @@
     path('accounts/', include('profiles.urls_accounts')),
     path('admin/', admin.site.urls),
     path('social/', include('social_django.urls', namespace='social')),
+    path('oidc/', include('oidc_configurations.urls')),
+
 ]
 
 

From 93a8af6d8da3eaef615bff1560a5c39981d372f9 Mon Sep 17 00:00:00 2001
From: Ihsan Ullah <ihsan2131@gmail.com>
Date: Wed, 7 Feb 2024 14:48:01 +0500
Subject: [PATCH 02/19] unused test file removed

---
 src/apps/oidc_configurations/tests.py | 3 ---
 1 file changed, 3 deletions(-)
 delete mode 100644 src/apps/oidc_configurations/tests.py

diff --git a/src/apps/oidc_configurations/tests.py b/src/apps/oidc_configurations/tests.py
deleted file mode 100644
index 7ce503c2d..000000000
--- a/src/apps/oidc_configurations/tests.py
+++ /dev/null
@@ -1,3 +0,0 @@
-from django.test import TestCase
-
-# Create your tests here.

From 4004cec2f146e7c2b9a7fcb9deec4e5ceb23581f Mon Sep 17 00:00:00 2001
From: Ihsan Ullah <ihsan2131@gmail.com>
Date: Thu, 8 Feb 2024 14:34:51 +0500
Subject: [PATCH 03/19] http client

---
 src/apps/oidc_configurations/views.py | 40 ++++++++++++++++++++-------
 1 file changed, 30 insertions(+), 10 deletions(-)

diff --git a/src/apps/oidc_configurations/views.py b/src/apps/oidc_configurations/views.py
index 63f59989e..c6a302cfa 100644
--- a/src/apps/oidc_configurations/views.py
+++ b/src/apps/oidc_configurations/views.py
@@ -1,6 +1,8 @@
 # oidc_configurations/views.py
 import base64
+import http.client
 import requests
+from urllib.parse import urlparse
 from django.shortcuts import render, redirect, get_object_or_404
 from .models import Auth_Organization
 
@@ -19,17 +21,15 @@ def organization_oidc_login(request):
             # - authorization_url
             # - client_id
             # - response_type
-            # - scope
             # - redirect_uri
             oidc_auth_url = (
                 f"{organization.authorization_url}?"
                 f"client_id={organization.client_id}&"
                 f"response_type=code&"
-                "scope=openid profile email&"
                 f"redirect_uri={organization.redirect_url}"
             )
 
-            # Redirect the user to the OAuth2 provider's authorization URL
+            # Redirect the user to the OIDC provider's authorization URL
             return redirect(oidc_auth_url)
 
     # Handle other cases or render a different template if needed
@@ -104,6 +104,9 @@ def get_access_token(organization, authorization_code):
         "code": authorization_code,
         "redirect_uri": redirect_url,
     }
+    print("token url: ", token_url)
+    print("data: ", data)
+    print("header: ", headers)
 
     # response = requests.post(token_url, data=data, headers=headers)
 
@@ -113,17 +116,34 @@ def get_access_token(organization, authorization_code):
     # except Exception as e:
     #     return None, e
 
+    
+    # try:
+    #     response = requests.request("POST", token_url, data=data, headers=headers)
+    #     response.raise_for_status()  # Raise an HTTPError for bad responses (4xx or 5xx)
+    #     token_data = response.json()
+    #     access_token = token_data.get('access_token')
+    #     return access_token, None
+    # except requests.exceptions.RequestException as e:
+    #     print(f"Error during token request: {e}")
+    #     return None, e
+    # except Exception as e:
+    #     print(f"Error parsing token response: {e}")
+    #     return None, e
+
     try:
-        response = requests.post(token_url, data=data, headers=headers)
-        response.raise_for_status()  # Raise an HTTPError for bad responses (4xx or 5xx)
-        token_data = response.json()
+        parsed_url = urlparse(token_url)
+        conn = http.client.HTTPConnection(parsed_url.hostname, parsed_url.port)
+        conn.request("POST", parsed_url.path, data, headers)
+        response = conn.getresponse()
+        token_data = response.read().decode("utf-8")
         access_token = token_data.get('access_token')
+        conn.close()
+        print("Response:", token_data)
+        # Parse token_data if needed
+        # access_token = ...
         return access_token, None
-    except requests.exceptions.RequestException as e:
-        print(f"Error during token request: {e}")
-        return None, e
     except Exception as e:
-        print(f"Error parsing token response: {e}")
+        print(f"Error during token request: {e}")
         return None, e
 
 

From 0c2e12a54c130a562f66327ba68d630f6d02acd3 Mon Sep 17 00:00:00 2001
From: Ihsan Ullah <ihsan2131@gmail.com>
Date: Tue, 20 Feb 2024 14:28:15 +0500
Subject: [PATCH 04/19] some changes

---
 docker-compose.yml                    | 17 +++++++++++++++++
 src/apps/oidc_configurations/views.py |  3 ++-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 0b5c2c6ee..46516aa9f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -232,3 +232,20 @@ services:
       options:
         max-size: "20k"
         max-file: "10"
+
+
+  #-----------------------------------------------
+  #  OIDC
+  #-----------------------------------------------
+
+  oidc:
+      image: oidc_server
+      command: bash -c "cd /app/ && python manage.py runserver 0.0.0.0:9100"
+      ports:
+        - 9100:9100
+      stdin_open: true
+      tty: true
+      logging:
+        options:
+          max-size: "20k"
+          max-file: "10"
\ No newline at end of file
diff --git a/src/apps/oidc_configurations/views.py b/src/apps/oidc_configurations/views.py
index c6a302cfa..908b40987 100644
--- a/src/apps/oidc_configurations/views.py
+++ b/src/apps/oidc_configurations/views.py
@@ -25,7 +25,8 @@ def organization_oidc_login(request):
             oidc_auth_url = (
                 f"{organization.authorization_url}?"
                 f"client_id={organization.client_id}&"
-                f"response_type=code&"
+                "response_type=code&"
+                "scope=openid profile email&"
                 f"redirect_uri={organization.redirect_url}"
             )
 

From f6e5a8b4e5ff4df27e8d6bb7dfeff9a7ce9b3558 Mon Sep 17 00:00:00 2001
From: Ihsan Ullah <ihsan2131@gmail.com>
Date: Tue, 20 Feb 2024 22:03:19 +0500
Subject: [PATCH 05/19] oidc login and signup added

---
 docker-compose.yml                            |  19 +--
 src/apps/oidc_configurations/views.py         | 144 +++++++++++-------
 .../migrations/0013_auto_20240220_1526.py     |  25 +++
 src/apps/profiles/models.py                   |   5 +
 4 files changed, 124 insertions(+), 69 deletions(-)
 create mode 100644 src/apps/profiles/migrations/0013_auto_20240220_1526.py

diff --git a/docker-compose.yml b/docker-compose.yml
index 46516aa9f..08e7a5c84 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -231,21 +231,4 @@ services:
     logging:
       options:
         max-size: "20k"
-        max-file: "10"
-
-
-  #-----------------------------------------------
-  #  OIDC
-  #-----------------------------------------------
-
-  oidc:
-      image: oidc_server
-      command: bash -c "cd /app/ && python manage.py runserver 0.0.0.0:9100"
-      ports:
-        - 9100:9100
-      stdin_open: true
-      tty: true
-      logging:
-        options:
-          max-size: "20k"
-          max-file: "10"
\ No newline at end of file
+        max-file: "10"
\ No newline at end of file
diff --git a/src/apps/oidc_configurations/views.py b/src/apps/oidc_configurations/views.py
index 908b40987..e0af3a67e 100644
--- a/src/apps/oidc_configurations/views.py
+++ b/src/apps/oidc_configurations/views.py
@@ -5,6 +5,12 @@
 from urllib.parse import urlparse
 from django.shortcuts import render, redirect, get_object_or_404
 from .models import Auth_Organization
+from django.contrib.auth import get_user_model, authenticate, login
+import re
+User = get_user_model()
+from django.contrib.auth.backends import ModelBackend
+
+BACKEND = 'django.contrib.auth.backends.ModelBackend'
 
 
 def organization_oidc_login(request):
@@ -56,30 +62,43 @@ def oidc_complete(request, auth_organization_id):
     # Token exhange process
     if authorization_code:
 
-        print(f"\n\n\n Authentication Code: {authorization_code} \n\n\n")
-
         try:
             # STEP 1: Get auth organization using its id
             organization = get_object_or_404(Auth_Organization, pk=auth_organization_id)
+
             if organization:
 
-                # Get access token
+                # STEP 2:  Get access token
                 access_token, token_error = get_access_token(organization, authorization_code)
+
                 if token_error:
                     context["error"] = token_error
-
-                print(f"\n\n\n Access Token: {access_token} \n\n\n")
-
-                # STEP 2: Make a POST request to the user info endpoint to get user info
-                user_info, user_info_error = get_user_info(organization, access_token)
-                if user_info_error:
-                    context["error"] = user_info_error
-
-                print(f"\n\n\n User Info: {user_info} \n\n\n")
-
-                print(user_info)
-                # STEP 3: Check in db if this user exists then login, if user is new create a new user and then login
-
+                else:
+                    # STEP 3: Get user info
+                    user_info, user_info_error = get_user_info(organization, access_token)
+                    if user_info_error:
+                        context["error"] = user_info_error
+                    else:
+
+                        # get email and nickname (username) of the user
+                        user_email = user_info.get("email", None)
+                        user_nickname = user_info.get("nickname", None)
+                        if user_email:
+                            # get user with this email
+                            user = get_user_by_email(user_email)
+                            # STEP 4: Check if user exists and user is created using oidc and oidc orgnaization matches this one
+                            if user:
+                                if user.is_created_using_oidc and user.oidc_organization.id == auth_organization_id:
+                                    login(request, user, backend=BACKEND)
+                                    # Redirect the user home page
+                                    return redirect('pages:home')
+                                else:
+                                    context["error"] = "User account cannot be authenticated using this Organization."
+                            else:
+                                register_and_authenticate_user(request, user_email, user_nickname, organization)
+
+                        else:
+                            context["error"] = "Unable to extract email from user info! Please contact platform"
             else:
                 context["error"] = "Invalid Organization ID!"
         except Exception as e:
@@ -105,47 +124,19 @@ def get_access_token(organization, authorization_code):
         "code": authorization_code,
         "redirect_uri": redirect_url,
     }
-    print("token url: ", token_url)
-    print("data: ", data)
-    print("header: ", headers)
-
-    # response = requests.post(token_url, data=data, headers=headers)
-
-    # try:
-    #     token_data = response.json()
-    #     return token_data.get('access_token'), None
-    # except Exception as e:
-    #     return None, e
-
-    
-    # try:
-    #     response = requests.request("POST", token_url, data=data, headers=headers)
-    #     response.raise_for_status()  # Raise an HTTPError for bad responses (4xx or 5xx)
-    #     token_data = response.json()
-    #     access_token = token_data.get('access_token')
-    #     return access_token, None
-    # except requests.exceptions.RequestException as e:
-    #     print(f"Error during token request: {e}")
-    #     return None, e
-    # except Exception as e:
-    #     print(f"Error parsing token response: {e}")
-    #     return None, e
 
     try:
-        parsed_url = urlparse(token_url)
-        conn = http.client.HTTPConnection(parsed_url.hostname, parsed_url.port)
-        conn.request("POST", parsed_url.path, data, headers)
-        response = conn.getresponse()
-        token_data = response.read().decode("utf-8")
+        response = requests.request("POST", token_url, data=data, headers=headers)
+        response.raise_for_status()  # Raise an HTTPError for bad responses (4xx or 5xx)
+        token_data = response.json()
         access_token = token_data.get('access_token')
-        conn.close()
-        print("Response:", token_data)
-        # Parse token_data if needed
-        # access_token = ...
         return access_token, None
-    except Exception as e:
+    except requests.exceptions.RequestException as e:
         print(f"Error during token request: {e}")
         return None, e
+    except Exception as e:
+        print(f"Error parsing token response: {e}")
+        return None, e
 
 
 def get_user_info(organization, access_token):
@@ -163,3 +154,54 @@ def get_user_info(organization, access_token):
         return user_info, None
     except Exception as e:
         return None, e
+
+
+def register_and_authenticate_user(request, user_email, user_nickname, organization):
+
+    if not user_nickname:
+        username = re.sub(r'[^a-zA-Z0-9]', '', user_email.split('@')[0])
+    else:
+        username = user_nickname
+
+    # Ensure the username is unique
+    username = create_unique_username(username)
+
+    # Create a new user
+    user = User.objects.create(
+        username=username,
+        email=user_email,
+        is_created_using_oidc=True,
+        oidc_organization=organization,
+    )
+
+    if user:
+        # login user
+        login(request, user, backend=BACKEND)
+        # Redirect to the home page
+        return redirect('pages:home')
+    else:
+        # Handle authentication failure
+        return redirect('accounts:login')
+
+
+def create_unique_username(username):
+    # Check if the username already exists
+    if User.objects.filter(username=username).exists():
+        # If the username already exists, modify it to make it unique
+        suffix = 1
+        new_username = f"{username}_{suffix}"
+        while User.objects.filter(username=new_username).exists():
+            suffix += 1
+            new_username = f"{username}_{suffix}"
+        return new_username
+    else:
+        # If the username doesn't exist, use it as is
+        return username
+
+
+def get_user_by_email(email):
+    try:
+        user = User.objects.get(email=email)
+        return user
+    except User.DoesNotExist:
+        return None
diff --git a/src/apps/profiles/migrations/0013_auto_20240220_1526.py b/src/apps/profiles/migrations/0013_auto_20240220_1526.py
new file mode 100644
index 000000000..57f3aef69
--- /dev/null
+++ b/src/apps/profiles/migrations/0013_auto_20240220_1526.py
@@ -0,0 +1,25 @@
+# Generated by Django 2.2.17 on 2024-02-20 15:26
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('oidc_configurations', '0001_initial'),
+        ('profiles', '0012_user_quota'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='is_created_using_oidc',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='oidc_organization',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='authorized_users', to='oidc_configurations.Auth_Organization'),
+        ),
+    ]
diff --git a/src/apps/profiles/models.py b/src/apps/profiles/models.py
index 518230f92..b150e54e4 100644
--- a/src/apps/profiles/models.py
+++ b/src/apps/profiles/models.py
@@ -16,6 +16,7 @@
     When,
     DecimalField,
 )
+from oidc_configurations.models import Auth_Organization
 
 PROFILE_DATA_BLACKLIST = [
     'password',
@@ -72,6 +73,10 @@ class User(ChaHubSaveMixin, AbstractBaseUser, PermissionsMixin):
     is_staff = models.BooleanField(default=False)
     quota = models.BigIntegerField(default=settings.DEFAULT_USER_QUOTA, null=False)
 
+    # Fields for OIDC authentication
+    is_created_using_oidc = models.BooleanField(default=False)
+    oidc_organization = models.ForeignKey(Auth_Organization, null=True, blank=True, on_delete=models.SET_NULL, related_name="authorized_users")
+
     # Notifications
     organizer_direct_message_updates = models.BooleanField(default=True)
     allow_forum_notifications = models.BooleanField(default=True)

From 9935f2c2f1d6547967193d916eb3aa7aefbd778e Mon Sep 17 00:00:00 2001
From: Ihsan Ullah <ihsan2131@gmail.com>
Date: Mon, 4 Mar 2024 11:18:04 +0500
Subject: [PATCH 06/19] oidc flow completed

---
 .../oidc_configurations/migrations/0001_initial.py  | 10 +++++-----
 src/apps/oidc_configurations/models.py              |  8 ++++----
 src/apps/oidc_configurations/views.py               | 13 +++++++------
 ..._20240220_1526.py => 0013_auto_20240304_0616.py} |  2 +-
 4 files changed, 17 insertions(+), 16 deletions(-)
 rename src/apps/profiles/migrations/{0013_auto_20240220_1526.py => 0013_auto_20240304_0616.py} (93%)

diff --git a/src/apps/oidc_configurations/migrations/0001_initial.py b/src/apps/oidc_configurations/migrations/0001_initial.py
index 266976235..085e64983 100644
--- a/src/apps/oidc_configurations/migrations/0001_initial.py
+++ b/src/apps/oidc_configurations/migrations/0001_initial.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.2.17 on 2024-02-04 14:21
+# Generated by Django 2.2.17 on 2024-03-04 06:16
 
 from django.db import migrations, models
 
@@ -18,10 +18,10 @@ class Migration(migrations.Migration):
                 ('name', models.CharField(max_length=255)),
                 ('client_id', models.CharField(max_length=255)),
                 ('client_secret', models.CharField(max_length=255)),
-                ('authorization_url', models.URLField()),
-                ('token_url', models.URLField()),
-                ('user_info_url', models.URLField()),
-                ('redirect_url', models.URLField()),
+                ('authorization_url', models.CharField(max_length=255)),
+                ('token_url', models.CharField(max_length=255)),
+                ('user_info_url', models.CharField(max_length=255)),
+                ('redirect_url', models.CharField(max_length=255)),
                 ('button_bg_color', models.CharField(default='#2C3E4C', max_length=20)),
                 ('button_text_color', models.CharField(default='#FFFFFF', max_length=20)),
             ],
diff --git a/src/apps/oidc_configurations/models.py b/src/apps/oidc_configurations/models.py
index 07525ca3c..9e2b0c66c 100644
--- a/src/apps/oidc_configurations/models.py
+++ b/src/apps/oidc_configurations/models.py
@@ -6,9 +6,9 @@ class Auth_Organization(models.Model):
     name = models.CharField(max_length=255)
     client_id = models.CharField(max_length=255)
     client_secret = models.CharField(max_length=255)
-    authorization_url = models.URLField()
-    token_url = models.URLField()
-    user_info_url = models.URLField()
-    redirect_url = models.URLField()
+    authorization_url = models.CharField(max_length=255)
+    token_url = models.CharField(max_length=255)
+    user_info_url = models.CharField(max_length=255)
+    redirect_url = models.CharField(max_length=255)
     button_bg_color = models.CharField(max_length=20, default='#2C3E4C')
     button_text_color = models.CharField(max_length=20, default='#FFFFFF')
diff --git a/src/apps/oidc_configurations/views.py b/src/apps/oidc_configurations/views.py
index e0af3a67e..0e4724743 100644
--- a/src/apps/oidc_configurations/views.py
+++ b/src/apps/oidc_configurations/views.py
@@ -1,14 +1,12 @@
 # oidc_configurations/views.py
 import base64
-import http.client
 import requests
-from urllib.parse import urlparse
 from django.shortcuts import render, redirect, get_object_or_404
 from .models import Auth_Organization
-from django.contrib.auth import get_user_model, authenticate, login
+from django.contrib.auth import get_user_model, login
 import re
+
 User = get_user_model()
-from django.contrib.auth.backends import ModelBackend
 
 BACKEND = 'django.contrib.auth.backends.ModelBackend'
 
@@ -95,7 +93,7 @@ def oidc_complete(request, auth_organization_id):
                                 else:
                                     context["error"] = "User account cannot be authenticated using this Organization."
                             else:
-                                register_and_authenticate_user(request, user_email, user_nickname, organization)
+                                return register_and_authenticate_user(request, user_email, user_nickname, organization)
 
                         else:
                             context["error"] = "Unable to extract email from user info! Please contact platform"
@@ -165,6 +163,8 @@ def register_and_authenticate_user(request, user_email, user_nickname, organizat
 
     # Ensure the username is unique
     username = create_unique_username(username)
+    username = "ihsaan8"
+    user_email = "ihsaan8+test@gmail.com"
 
     # Create a new user
     user = User.objects.create(
@@ -179,8 +179,9 @@ def register_and_authenticate_user(request, user_email, user_nickname, organizat
         login(request, user, backend=BACKEND)
         # Redirect to the home page
         return redirect('pages:home')
+
     else:
-        # Handle authentication failure
+        # Handle authentication failure i.e. go back to login
         return redirect('accounts:login')
 
 
diff --git a/src/apps/profiles/migrations/0013_auto_20240220_1526.py b/src/apps/profiles/migrations/0013_auto_20240304_0616.py
similarity index 93%
rename from src/apps/profiles/migrations/0013_auto_20240220_1526.py
rename to src/apps/profiles/migrations/0013_auto_20240304_0616.py
index 57f3aef69..121ca477c 100644
--- a/src/apps/profiles/migrations/0013_auto_20240220_1526.py
+++ b/src/apps/profiles/migrations/0013_auto_20240304_0616.py
@@ -1,4 +1,4 @@
-# Generated by Django 2.2.17 on 2024-02-20 15:26
+# Generated by Django 2.2.17 on 2024-03-04 06:16
 
 from django.db import migrations, models
 import django.db.models.deletion

From df0ceab72e38911bf0c235a5b7111467d4e3c58f Mon Sep 17 00:00:00 2001
From: Chris Harris <cjh@lbl.gov>
Date: Tue, 5 Mar 2024 19:45:21 +0000
Subject: [PATCH 07/19] Fix revoking tasks on custom queues

As custom queues have a different vhost we need to use an
appropriate celery configuration with that vhost including
in the broker URL.
---
 src/apps/competitions/models.py |  9 +++++++--
 src/celery_config.py            | 25 +++++++++++++++++++++++++
 2 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/src/apps/competitions/models.py b/src/apps/competitions/models.py
index 03d8b65fc..924c10cec 100644
--- a/src/apps/competitions/models.py
+++ b/src/apps/competitions/models.py
@@ -12,7 +12,7 @@
 from django.urls import reverse
 from django.utils.timezone import now
 
-from celery_config import app
+from celery_config import app, app_for_vhost
 from chahub.models import ChaHubSaveMixin
 from leaderboards.models import SubmissionScore
 from profiles.models import User, Organization
@@ -644,7 +644,12 @@ def cancel(self, status=CANCELLED):
             if self.has_children:
                 for sub in self.children.all():
                     sub.cancel(status=status)
-            app.control.revoke(self.celery_task_id, terminate=True)
+            celery_app = app
+            # If a custom queue is set, we need to fetch the appropriate celery app
+            if self.phase.competition.queue:
+                celery_app = app_for_vhost(str(self.phase.competition.queue.vhost))
+
+            celery_app.control.revoke(self.celery_task_id, terminate=True)
             self.status = status
             self.save()
             return True
diff --git a/src/celery_config.py b/src/celery_config.py
index 76c52a7a4..e3b7e141e 100644
--- a/src/celery_config.py
+++ b/src/celery_config.py
@@ -1,5 +1,8 @@
 from celery import Celery
 from kombu import Queue, Exchange
+from django.conf import settings
+import urllib.parse
+import copy
 
 app = Celery()
 
@@ -11,3 +14,25 @@
     # Mostly defining queue here so we can set x-max-priority
     Queue('compute-worker', Exchange('compute-worker'), routing_key='compute-worker', queue_arguments={'x-max-priority': 10}),
 ]
+
+_vhost_apps = {}
+# Function to get the app for a vhost
+def app_for_vhost(vhost):
+    if vhost not in _vhost_apps:
+        # Take the CELERY_BROKER_URL and replace the vhost with the vhhost for this queue
+        broker_url = settings.CELERY_BROKER_URL
+        # This is require to work around https://bugs.python.org/issue18828
+        scheme = urllib.parse.urlparse(broker_url).scheme
+        urllib.parse.uses_relative.append(scheme)
+        urllib.parse.uses_netloc.append(scheme)
+        broker_url = urllib.parse.urljoin(broker_url, vhost)
+
+        vhost_app = Celery()
+        # Copy the settings so we can modify the broker url to include the vhost
+        django_settings = copy.copy(settings)
+        django_settings.CELERY_BROKER_URL = broker_url
+        vhost_app.config_from_object(django_settings, namespace='CELERY')
+        vhost_app.task_queues = app.conf.task_queues
+        _vhost_apps[vhost] = vhost_app
+
+    return _vhost_apps[vhost]
\ No newline at end of file

From 48cb7f88b764121342182daf56a940acfec31d90 Mon Sep 17 00:00:00 2001
From: Chris Harris <chris.harris@kitware.com>
Date: Tue, 5 Mar 2024 08:06:50 -0800
Subject: [PATCH 08/19] Prevent LimitOverrunError with large output lines

If a submission writes a output line larger than the stream buffer
size ( default 64k ) a LimitOverrunError will be raise. Rather than
using readline(...) use readutil(....) and in the case of a overrun
just return the current buffer, the rest of the line will be returned
with the next read.

Signed-off-by: Chris Harris <cjh@lbl.gov>
---
 compute_worker/compute_worker.py | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/compute_worker/compute_worker.py b/compute_worker/compute_worker.py
index 491b84e5f..24e7d25bc 100644
--- a/compute_worker/compute_worker.py
+++ b/compute_worker/compute_worker.py
@@ -507,12 +507,25 @@ async def _run_container_engine_cmd(self, engine_cmd, kind):
         websocket = await websockets.connect(self.websocket_url)
         websocket_errors = (socket.gaierror, websockets.WebSocketException, websockets.ConnectionClosedError, ConnectionRefusedError)
 
+        # Function to read a line, if the line is larger than the buffer size we will
+        # return the buffer so we can continue reading until we get a newline, rather
+        # than getting a LimitOverrunError
+        async def _readline_or_chunk(stream):
+            try:
+                return await stream.readuntil(b"\n")
+            except asyncio.exceptions.IncompleteReadError as e:
+                # Just return what has been read so far
+                return e.partial
+            except asyncio.exceptions.LimitOverrunError as e:
+                # If we get a LimitOverrunError, we will return the buffer so we can continue reading
+                return await stream.read(e.consumed)
+
         while any(v["continue"] for k, v in self.logs[kind].items() if k in ['stdout', 'stderr']):
             try:
                 logs = [self.logs[kind][key] for key in ('stdout', 'stderr')]
                 for value in logs:
                     try:
-                        out = await asyncio.wait_for(value["stream"].readline(), timeout=.1)
+                        out = await asyncio.wait_for(_readline_or_chunk(value["stream"]), timeout=.1)
                         if out:
                             value["data"] += out
                             print("WS: " + str(out))

From 0fe72d5bebbf82a896d63ad51cf645d113ea5d30 Mon Sep 17 00:00:00 2001
From: Ihsan Ullah <ihsan2131@gmail.com>
Date: Sun, 17 Mar 2024 00:31:35 +0500
Subject: [PATCH 09/19] terms and condition check added

---
 src/apps/oidc_configurations/views.py | 11 +++--------
 src/templates/registration/login.html |  4 ++++
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/src/apps/oidc_configurations/views.py b/src/apps/oidc_configurations/views.py
index 0e4724743..6b04be8ff 100644
--- a/src/apps/oidc_configurations/views.py
+++ b/src/apps/oidc_configurations/views.py
@@ -86,12 +86,9 @@ def oidc_complete(request, auth_organization_id):
                             user = get_user_by_email(user_email)
                             # STEP 4: Check if user exists and user is created using oidc and oidc orgnaization matches this one
                             if user:
-                                if user.is_created_using_oidc and user.oidc_organization.id == auth_organization_id:
-                                    login(request, user, backend=BACKEND)
-                                    # Redirect the user home page
-                                    return redirect('pages:home')
-                                else:
-                                    context["error"] = "User account cannot be authenticated using this Organization."
+                                login(request, user, backend=BACKEND)
+                                # Redirect the user home page
+                                return redirect('pages:home')
                             else:
                                 return register_and_authenticate_user(request, user_email, user_nickname, organization)
 
@@ -163,8 +160,6 @@ def register_and_authenticate_user(request, user_email, user_nickname, organizat
 
     # Ensure the username is unique
     username = create_unique_username(username)
-    username = "ihsaan8"
-    user_email = "ihsaan8+test@gmail.com"
 
     # Create a new user
     user = User.objects.create(
diff --git a/src/templates/registration/login.html b/src/templates/registration/login.html
index 99bf8033c..6664f41df 100644
--- a/src/templates/registration/login.html
+++ b/src/templates/registration/login.html
@@ -66,6 +66,10 @@ <h3 class="ui centered header">Organization Login</h3>
         {% for organization in auth_organizations %}
             <form method="POST" action="{% url 'oidc_configurations:organization_oidc_login' %}">
             {% csrf_token %}
+            <div>
+                <input type="checkbox" name="checkbox" id="id_checkbox" required>
+                <label for="id_checkbox">I accept the <a href="https://github.com/codalab/codalab-competitions/wiki/Privacy" target="_blank">terms and conditions</a>.</label>
+            </div>
             <button class="ui fluid primary submit button"
                     type="submit"
                     name="organization_oidc_login"

From f0175596d6fbee33a8d8c68201bca4670c71f42a Mon Sep 17 00:00:00 2001
From: Ihsan Ullah <ihsan2131@gmail.com>
Date: Sun, 31 Mar 2024 21:37:13 +0500
Subject: [PATCH 10/19] one terms checkbox for all organization login buttons

---
 src/templates/registration/login.html | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/templates/registration/login.html b/src/templates/registration/login.html
index 6664f41df..eed29ad36 100644
--- a/src/templates/registration/login.html
+++ b/src/templates/registration/login.html
@@ -63,13 +63,13 @@ <h2 class="ui blue centered header">
     {% if auth_organizations %}
     <div class="sixteen wide mobile six wide computer centered column">
         <h3 class="ui centered header">Organization Login</h3>
-        {% for organization in auth_organizations %}
-            <form method="POST" action="{% url 'oidc_configurations:organization_oidc_login' %}">
+        <form method="POST" action="{% url 'oidc_configurations:organization_oidc_login' %}">
             {% csrf_token %}
             <div>
                 <input type="checkbox" name="checkbox" id="id_checkbox" required>
                 <label for="id_checkbox">I accept the <a href="https://github.com/codalab/codalab-competitions/wiki/Privacy" target="_blank">terms and conditions</a>.</label>
             </div>
+            {% for organization in auth_organizations %}
             <button class="ui fluid primary submit button"
                     type="submit"
                     name="organization_oidc_login"
@@ -79,8 +79,8 @@ <h3 class="ui centered header">Organization Login</h3>
                            margin-bottom:5px;">
                 Login with {{ organization.name }}
             </button>
-            </form>
-        {% endfor %}
+            {% endfor %}
+        </form>
         
     </div>
     {% endif %}

From 1b4dde2f272cd906895791dbccda622dec3eca1d Mon Sep 17 00:00:00 2001
From: Ihsan Ullah <ihsan2131@gmail.com>
Date: Thu, 11 Apr 2024 15:40:51 +0500
Subject: [PATCH 11/19] removed sandbox property from iframe to allow links in
 the iframe

---
 src/static/riot/competitions/detail/submission_modal.tag | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/static/riot/competitions/detail/submission_modal.tag b/src/static/riot/competitions/detail/submission_modal.tag
index 7bb5eb840..55cb5dde4 100644
--- a/src/static/riot/competitions/detail/submission_modal.tag
+++ b/src/static/riot/competitions/detail/submission_modal.tag
@@ -136,7 +136,7 @@
         <div class="ui button green" onclick="{update_fact_sheet.bind(this)}">Save</div>
     </div>
     <div class="ui tab modal-tab" data-tab="{admin_: submission.admin}graph" show="{opts.show_visualization && (!opts.hide_output || submission.admin)}">
-        <iframe sandbox="allow-scripts" src="{detailed_result}" class="graph-frame" show="{detailed_result}"></iframe>
+        <iframe src="{detailed_result}" class="graph-frame" show="{detailed_result}"></iframe>
     </div>
     <div class="ui tab leaderboard-tab" data-tab="admin" if="{submission.admin}">
         <submission-scores leaderboards="{leaderboards}"></submission-scores>

From 362f443ec2b257ee9d20543421a9224d991b0271 Mon Sep 17 00:00:00 2001
From: Ihsan Ullah <ihsan2131@gmail.com>
Date: Thu, 11 Apr 2024 20:16:17 +0500
Subject: [PATCH 12/19] Detailed results title removed

---
 src/static/riot/competitions/detail/_detailed_results.tag | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/static/riot/competitions/detail/_detailed_results.tag b/src/static/riot/competitions/detail/_detailed_results.tag
index 0136e6689..bb2f87e30 100644
--- a/src/static/riot/competitions/detail/_detailed_results.tag
+++ b/src/static/riot/competitions/detail/_detailed_results.tag
@@ -1,5 +1,4 @@
 <competition-detailed-results>
-    <h3>Detailed Results</h3>
     <iframe src="{detailed_result}" width="100%" height="100%" frameBorder="0"></iframe>
 
     <script>

From 2423eb88ac801aa390126b001d131a25d533acbf Mon Sep 17 00:00:00 2001
From: Ihsan Ullah <ihsan2131@gmail.com>
Date: Fri, 12 Apr 2024 14:44:47 +0500
Subject: [PATCH 13/19] Detailed results configuration (#1374)

* competition model updated

* competition settings to allow participant to make submission public/private

* unwanted restriction removed

* detailed results now shown in submission panel and in leaderboard

* submission tests updated
---
 src/apps/api/serializers/competitions.py      |   6 +
 src/apps/api/serializers/submissions.py       |   8 +-
 src/apps/api/views/submissions.py             |   6 +-
 ...an_participants_make_submissions_public.py |  18 +++
 .../migrations/0048_auto_20240401_1646.py     |  23 +++
 src/apps/competitions/models.py               |   7 +
 src/apps/competitions/unpackers/v1.py         |   2 +
 src/apps/competitions/unpackers/v2.py         |   3 +
 .../riot/competitions/detail/leaderboards.tag |   4 +-
 .../detail/submission_manager.tag             |  13 +-
 .../editor/_competition_details.tag           | 135 ++++++++++++++----
 src/tests/functional/test_submissions.py      |   9 +-
 12 files changed, 190 insertions(+), 44 deletions(-)
 create mode 100644 src/apps/competitions/migrations/0047_competition_can_participants_make_submissions_public.py
 create mode 100644 src/apps/competitions/migrations/0048_auto_20240401_1646.py

diff --git a/src/apps/api/serializers/competitions.py b/src/apps/api/serializers/competitions.py
index 9b622b3dc..41cd51341 100644
--- a/src/apps/api/serializers/competitions.py
+++ b/src/apps/api/serializers/competitions.py
@@ -254,7 +254,10 @@ class Meta:
             'registration_auto_approve',
             'queue',
             'enable_detailed_results',
+            'show_detailed_results_in_submission_panel',
+            'show_detailed_results_in_leaderboard',
             'auto_run_submissions',
+            'can_participants_make_submissions_public',
             'make_programs_available',
             'make_input_data_available',
             'docker_image',
@@ -373,7 +376,10 @@ class Meta:
             'submission_count',
             'queue',
             'enable_detailed_results',
+            'show_detailed_results_in_submission_panel',
+            'show_detailed_results_in_leaderboard',
             'auto_run_submissions',
+            'can_participants_make_submissions_public',
             'make_programs_available',
             'make_input_data_available',
             'docker_image',
diff --git a/src/apps/api/serializers/submissions.py b/src/apps/api/serializers/submissions.py
index 33fe9241e..05191e8e3 100644
--- a/src/apps/api/serializers/submissions.py
+++ b/src/apps/api/serializers/submissions.py
@@ -42,6 +42,7 @@ class SubmissionSerializer(serializers.ModelSerializer):
     task = TaskSerializer()
     created_when = serializers.DateTimeField(format="%Y-%m-%d %H:%M")
     auto_run = serializers.SerializerMethodField(read_only=True)
+    can_make_submissions_public = serializers.SerializerMethodField(read_only=True)
 
     class Meta:
         model = Submission
@@ -67,7 +68,8 @@ class Meta:
             'leaderboard',
             'on_leaderboard',
             'task',
-            'auto_run'
+            'auto_run',
+            'can_make_submissions_public',
         )
         read_only_fields = (
             'pk',
@@ -85,6 +87,10 @@ def get_auto_run(self, instance):
         # returns this submission's competition auto_run_submissions Flag
         return instance.phase.competition.auto_run_submissions
 
+    def get_can_make_submissions_public(self, instance):
+        # returns this submission's competition can_participants_make_submissions_public Flag
+        return instance.phase.competition.can_participants_make_submissions_public
+
 
 class SubmissionLeaderBoardSerializer(serializers.ModelSerializer):
     scores = SubmissionScoreSerializer(many=True)
diff --git a/src/apps/api/views/submissions.py b/src/apps/api/views/submissions.py
index d0c0defb7..fccaeefd4 100644
--- a/src/apps/api/views/submissions.py
+++ b/src/apps/api/views/submissions.py
@@ -352,15 +352,15 @@ def get_detail_result(self, request, pk):
                 )
         else:
             return Response({
-                "error_msg": "Visualizations are disabled"},
+                "error_msg": "Detailed results are disable for this competition!"},
                 status=status.HTTP_404_NOT_FOUND
             )
 
     @action(detail=True, methods=('GET',))
     def toggle_public(self, request, pk):
         submission = super().get_object()
-        if not self.has_admin_permission(request.user, submission):
-            raise PermissionDenied(f'You do not have permission to publish this submissions')
+        if not submission.phase.competition.can_participants_make_submissions_public:
+            raise PermissionDenied("You do not have permission to make this submissions public/private")
         is_public = not submission.is_public
         submission.data.is_public = is_public
         submission.data.save(send=False)
diff --git a/src/apps/competitions/migrations/0047_competition_can_participants_make_submissions_public.py b/src/apps/competitions/migrations/0047_competition_can_participants_make_submissions_public.py
new file mode 100644
index 000000000..2b750fa02
--- /dev/null
+++ b/src/apps/competitions/migrations/0047_competition_can_participants_make_submissions_public.py
@@ -0,0 +1,18 @@
+# Generated by Django 2.2.17 on 2024-03-28 13:00
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('competitions', '0046_merge_20240222_1916'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='competition',
+            name='can_participants_make_submissions_public',
+            field=models.BooleanField(default=True),
+        ),
+    ]
diff --git a/src/apps/competitions/migrations/0048_auto_20240401_1646.py b/src/apps/competitions/migrations/0048_auto_20240401_1646.py
new file mode 100644
index 000000000..3ed2ad446
--- /dev/null
+++ b/src/apps/competitions/migrations/0048_auto_20240401_1646.py
@@ -0,0 +1,23 @@
+# Generated by Django 2.2.17 on 2024-04-01 16:46
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('competitions', '0047_competition_can_participants_make_submissions_public'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='competition',
+            name='show_detailed_results_in_leaderboard',
+            field=models.BooleanField(default=True),
+        ),
+        migrations.AddField(
+            model_name='competition',
+            name='show_detailed_results_in_submission_panel',
+            field=models.BooleanField(default=True),
+        ),
+    ]
diff --git a/src/apps/competitions/models.py b/src/apps/competitions/models.py
index 03d8b65fc..777dbb86a 100644
--- a/src/apps/competitions/models.py
+++ b/src/apps/competitions/models.py
@@ -49,6 +49,10 @@ class Competition(ChaHubSaveMixin, models.Model):
     description = models.TextField(null=True, blank=True)
     docker_image = models.CharField(max_length=128, default="codalab/codalab-legacy:py37")
     enable_detailed_results = models.BooleanField(default=False)
+    # If true, show detailed results in submission panel
+    show_detailed_results_in_submission_panel = models.BooleanField(default=True)
+    # If true, show detailed results in leaderboard
+    show_detailed_results_in_leaderboard = models.BooleanField(default=True)
     make_programs_available = models.BooleanField(default=False)
     make_input_data_available = models.BooleanField(default=False)
 
@@ -69,6 +73,9 @@ class Competition(ChaHubSaveMixin, models.Model):
     # if false, submissions run will be intiiated by organizer
     auto_run_submissions = models.BooleanField(default=True)
 
+    # If true, participants see the make their submissions public
+    can_participants_make_submissions_public = models.BooleanField(default=True)
+
     def __str__(self):
         return f"competition-{self.title}-{self.pk}-{self.competition_type}"
 
diff --git a/src/apps/competitions/unpackers/v1.py b/src/apps/competitions/unpackers/v1.py
index 91496ddca..dc476a5c2 100644
--- a/src/apps/competitions/unpackers/v1.py
+++ b/src/apps/competitions/unpackers/v1.py
@@ -23,6 +23,8 @@ def __init__(self, *args, **kwargs):
             "description": self.competition_yaml.get("description", ""),
             "docker_image": docker_image,
             "enable_detailed_results": self.competition_yaml.get('enable_detailed_results', False),
+            "show_detailed_results_in_submission_panel": self.competition_yaml.get('show_detailed_results_in_submission_panel', True),
+            "show_detailed_results_in_leaderboard": self.competition_yaml.get('show_detailed_results_in_leaderboard', True),
             "auto_run_submissions": self.competition_yaml.get('auto_run_submissions', True),
             "make_programs_available": self.competition_yaml.get('make_programs_available', False),
             "make_input_data_available": self.competition_yaml.get('make_input_data_available', False),
diff --git a/src/apps/competitions/unpackers/v2.py b/src/apps/competitions/unpackers/v2.py
index 8de2a42ad..b825e9ee2 100644
--- a/src/apps/competitions/unpackers/v2.py
+++ b/src/apps/competitions/unpackers/v2.py
@@ -14,7 +14,10 @@ def __init__(self, *args, **kwargs):
             "registration_auto_approve": self.competition_yaml.get('registration_auto_approve', False),
             "docker_image": self.competition_yaml.get('docker_image', 'codalab/codalab-legacy:py37'),
             "enable_detailed_results": self.competition_yaml.get('enable_detailed_results', False),
+            "show_detailed_results_in_submission_panel": self.competition_yaml.get('show_detailed_results_in_submission_panel', True),
+            "show_detailed_results_in_leaderboard": self.competition_yaml.get('show_detailed_results_in_leaderboard', True),
             "auto_run_submissions": self.competition_yaml.get('auto_run_submissions', True),
+            "can_participants_make_submissions_public": self.competition_yaml.get('can_participants_make_submissions_public', True),
             "make_programs_available": self.competition_yaml.get('make_programs_available', False),
             "make_input_data_available": self.competition_yaml.get('make_input_data_available', False),
             "description": self.competition_yaml.get("description", ""),
diff --git a/src/static/riot/competitions/detail/leaderboards.tag b/src/static/riot/competitions/detail/leaderboards.tag
index 0617a38ea..2f09f26f5 100644
--- a/src/static/riot/competitions/detail/leaderboards.tag
+++ b/src/static/riot/competitions/detail/leaderboards.tag
@@ -78,6 +78,7 @@
         self.phase_id = null
         self.competition_id = null
         self.enable_detailed_results = false
+        self.show_detailed_results_in_leaderboard = false
 
        
         self.bold_class = function(column, submission){
@@ -168,7 +169,7 @@
                             self.columns.push(column)
                         }
                         // -1 id is used for fact sheet answers
-                        if(self.enable_detailed_results & task.id != -1){
+                        if(self.enable_detailed_results & self.show_detailed_results_in_leaderboard & task.id != -1){
                             self.columns.push({
                               task_id: task.id,
                               title: "Detailed Results"
@@ -200,6 +201,7 @@
             self.competition_id = competition.id
             self.opts.is_admin ? self.show_download = "visible": self.show_download = "hidden"
             self.enable_detailed_results = competition.enable_detailed_results
+            self.show_detailed_results_in_leaderboard = competition.show_detailed_results_in_leaderboard
             
         })
 
diff --git a/src/static/riot/competitions/detail/submission_manager.tag b/src/static/riot/competitions/detail/submission_manager.tag
index 5cfa0c7f5..f99b70046 100644
--- a/src/static/riot/competitions/detail/submission_manager.tag
+++ b/src/static/riot/competitions/detail/submission_manager.tag
@@ -64,6 +64,7 @@
             <th>Date</th>
             <th>Status</th>
             <th>Score</th>
+            <th if="{ opts.competition.enable_detailed_results && opts.competition.show_detailed_results_in_submission_panel}">Detailed Results</th>
             <th class="center aligned {admin-action-column: opts.admin, action-column: !opts.admin}">Actions</th>
         </tr>
         </thead>
@@ -99,6 +100,11 @@
                 </sup>
             </td>
             <td>{get_score(submission)}</td>
+            <td if="{ opts.competition.enable_detailed_results && opts.competition.show_detailed_results_in_submission_panel }">
+                <a if="{submission.status === 'Finished'}" href="detailed_results/{submission.id}" target="_blank" class="eye-icon-link">
+                    <i class="icon grey eye eye-icon"></i>
+                </a>
+            </td>
             <td class="center aligned">
                 <virtual if="{ opts.admin }">
                     <!-- run/rerun submission -->
@@ -138,14 +144,14 @@
                     <i class="icon green check"></i>
                 </span>
                 <!--  Make Public  -->
-                <span if="{!submission.is_public && submission.status === 'Finished'}"
+                <span if="{!submission.is_public && submission.status === 'Finished' && submission.can_make_submissions_public}"
                       data-tooltip="Make Public"
                       data-inverted=""
                       onclick="{toggle_submission_is_public.bind(this, submission)}">
                     <i class="icon share teal alternate"></i>
                 </span>
                 <!--  Make Private  -->
-                <span if="{!!submission.is_public && submission.status === 'Finished'}"
+                <span if="{!!submission.is_public && submission.status === 'Finished' && submission.can_make_submissions_public}"
                       data-tooltip="Make Private"
                       data-inverted=""
                       onclick="{toggle_submission_is_public.bind(this, submission)}">
@@ -393,7 +399,6 @@
 
         self.delete_selected_submissions = function () {
             if (confirm(`Are you sure you want to delete the selected submissions?`)) {
-                console.log()
                 CODALAB.api.delete_many_submissions(self.checked_submissions)
                     .done(function (response) {
                         toastr.success('Submissions deleted')
@@ -437,7 +442,7 @@
                         self.update_submissions()
                     })
                     .fail(resp => {
-                        toastr.error('Error updating submission')
+                        toastr.error(resp.responseJSON.detail)
                     })
             }
         }
diff --git a/src/static/riot/competitions/editor/_competition_details.tag b/src/static/riot/competitions/editor/_competition_details.tag
index c068f9810..4e60bbff1 100644
--- a/src/static/riot/competitions/editor/_competition_details.tag
+++ b/src/static/riot/competitions/editor/_competition_details.tag
@@ -1,10 +1,13 @@
 <competition-details>
     <div class="ui form">
+
+        <!--  Title  -->
         <div class="field required">
             <label>Title</label>
             <input type="text" ref="title" onchange="{form_updated}">
         </div>
 
+        <!--  Logo  -->
         <div class="field required">
             <label>Logo</label>
             <!-- This is the SINGLE FILE with NO OTHER OPTIONS example -->
@@ -22,10 +25,56 @@
                 <input value="{ logo_file_name }" readonly onclick="document.getElementById('form_file_logo').click()">
             </div>
         </div>
+
+        <!--  Description  -->
         <div class="field smaller-mde">
             <label>Description</label>
             <textarea class="markdown-editor" ref="comp_description" name="description" onchange="{form_updated}"></textarea>
         </div>
+
+        <!--  Queue  -->
+        <div class="field">
+            <label>Queue</label>
+            <select class="ui fluid search selection dropdown" ref="queue"></select>
+        </div>
+
+        <!--  Docker Image  -->
+        <div class="field required">
+            <label>Competition Docker Image</label>
+            <input type="text" ref="docker_image" placeholder="Example: codalab/codalab-legacy:py37" onchange="{form_updated}">
+        </div>
+
+        <!--  Type  -->
+        <div class="field">
+            <label>Competition Type</label>
+            <div ref="competition_type" class="ui selection dropdown">
+                <input type="hidden" name="competition_type" value="{ data.competition_type || 'competition' }" onchange="{form_updated}">
+                <div class="text">Competition</div>
+                <i class="dropdown icon"></i>
+                <div class="menu">
+                    <div class="item" data-value="competition">Competition</div>
+                    <div class="item" data-value="benchmark">Benchmark</div>
+                </div>
+            </div>
+        </div>
+
+        <!--  Reward  -->
+        <div class="field">
+            <label>Competition Reward</label>
+            <input type="text" ref="reward" placeholder="Example: $1000 for the top participant" onchange="{form_updated}">
+        </div>
+        <!--  Contact Email  -->
+        <div class="field">
+            <label>Organizer Contact Email</label>
+            <input type="email" ref="contact_email" placeholder="Example: email@example.com" onchange="{form_updated}">
+        </div>
+        <!--  Report  -->
+        <div class="field">
+            <label>Competition Report</label>
+            <input type="text" ref="report" placeholder="Example: https://example.com/report.pdf" onchange="{form_updated}">
+        </div>
+
+        <!--  Fact Sheet  -->
         <div class="field smaller-mde">
             <label>Fact Sheet</label>
             <div class="row">
@@ -82,6 +131,8 @@
             </div>
             </form>
         </div>
+
+        <!--  Files Available  -->
         <div class="field smaller-mde">
             <label>
                 Files Available
@@ -103,29 +154,12 @@
                 <input type="checkbox" ref="make_input_data_available" onchange="{form_updated}">
             </div>
         </div>
+
+        <!--  Detailed results  -->
         <div class="field">
-            <label>Queue</label>
-            <select class="ui fluid search selection dropdown" ref="queue"></select>
-        </div>
-        <div class="field required">
-            <label>Competition Docker Image</label>
-            <input type="text" ref="docker_image" placeholder="Example: codalab/codalab-legacy:py37" onchange="{form_updated}">
-        </div>
-        <div class="field">
-            <label>Competition Type</label>
-            <div ref="competition_type" class="ui selection dropdown">
-                <input type="hidden" name="competition_type" value="{ data.competition_type || 'competition' }" onchange="{form_updated}">
-                <div class="text">Competition</div>
-                <i class="dropdown icon"></i>
-                <div class="menu">
-                    <div class="item" data-value="competition">Competition</div>
-                    <div class="item" data-value="benchmark">Benchmark</div>
-                </div>
-            </div>
-        </div>
-        <div class="field">
+            <label>Detailed Results</label>
             <div class="ui checkbox">
-                <label>Enable Visualizations</label>
+                <label>Enable Detailed Results</label>
                 <input type="checkbox" ref="detailed_results" onchange="{form_updated}">
             </div>
             <sup>
@@ -135,8 +169,35 @@
                     <i class="grey question circle icon"></i>
                 </a>
             </sup>
+            <br>
+            <div class="ui checkbox">
+                <label>Show Detailed Results in submission pannel</label>
+                <input type="checkbox" ref="show_detailed_results_in_submission_panel" onchange="{form_updated}">
+            </div>
+            <sup>
+                <span data-tooltip="If checked and detailed results are enabled, participants can see detailed results in submission panel"
+                          data-inverted=""
+                          data-position="bottom center">
+                    <i class="help icon circle"></i>
+                </span>
+            </sup>
+            <br>
+            <div class="ui checkbox">
+                <label>Show Detailed Results in leaderboard</label>
+                <input type="checkbox" ref="show_detailed_results_in_leaderboard" onchange="{form_updated}">
+            </div>
+            <sup>
+                <span data-tooltip="If checked and detailed results are enabled, participants can see detailed results in leaderboard"
+                          data-inverted=""
+                          data-position="bottom center">
+                    <i class="help icon circle"></i>
+                </span>
+            </sup>
         </div>
+
+        <!--  Auto Run submissions  -->
         <div class="field">
+            <label>Submission execution</label>
             <div class="ui checkbox">
                 <label>Auto-run submissions</label>
                 <input type="checkbox" ref="auto_run_submissions" onchange="{form_updated}">
@@ -149,18 +210,24 @@
                 </span>
             </sup>
         </div>
+
+        <!--  Public submissions  -->
         <div class="field">
-            <label>Competition Reward</label>
-            <input type="text" ref="reward" placeholder="Example: $1000 for the top participant" onchange="{form_updated}">
-        </div>
-        <div class="field">
-            <label>Organizer Contact Email</label>
-            <input type="email" ref="contact_email" placeholder="Example: email@example.com" onchange="{form_updated}">
-        </div>
-        <div class="field">
-            <label>Competition Report</label>
-            <input type="text" ref="report" placeholder="Example: https://example.com/report.pdf" onchange="{form_updated}">
+            <label>Public Submissions</label>
+            <div class="ui checkbox">
+                <label>Participants can make submission public</label>
+                <input type="checkbox" ref="can_participants_make_submissions_public" onchange="{form_updated}">
+            </div>
+            <sup>
+                <span data-tooltip="If unchecked, participants cannot make their submissions public from submission panel"
+                          data-inverted=""
+                          data-position="bottom center">
+                    <i class="help icon circle"></i>
+                </span>
+            </sup>
         </div>
+
+        
     </div>
 
     <script>
@@ -226,7 +293,10 @@
             self.data["description"] = self.markdown_editor.value()
             self.data["queue"] = self.refs.queue.value
             self.data["enable_detailed_results"] = self.refs.detailed_results.checked
+            self.data["show_detailed_results_in_submission_panel"] = self.refs.show_detailed_results_in_submission_panel.checked
+            self.data["show_detailed_results_in_leaderboard"] = self.refs.show_detailed_results_in_leaderboard.checked
             self.data["auto_run_submissions"] = self.refs.auto_run_submissions.checked
+            self.data["can_participants_make_submissions_public"] = self.refs.can_participants_make_submissions_public.checked
             self.data["make_programs_available"] = self.refs.make_programs_available.checked
             self.data["make_input_data_available"] = self.refs.make_input_data_available.checked
             self.data["docker_image"] = $(self.refs.docker_image).val()
@@ -360,7 +430,10 @@
                     .dropdown('set value', competition.queue.id)
             }
             self.refs.detailed_results.checked = competition.enable_detailed_results
+            self.refs.show_detailed_results_in_submission_panel.checked = competition.show_detailed_results_in_submission_panel
+            self.refs.show_detailed_results_in_leaderboard.checked = competition.show_detailed_results_in_leaderboard
             self.refs.auto_run_submissions.checked = competition.auto_run_submissions
+            self.refs.can_participants_make_submissions_public.checked = competition.can_participants_make_submissions_public
             self.refs.make_programs_available.checked = competition.make_programs_available
             self.refs.make_input_data_available.checked = competition.make_input_data_available
             $(self.refs.docker_image).val(competition.docker_image)
diff --git a/src/tests/functional/test_submissions.py b/src/tests/functional/test_submissions.py
index 2beba29f1..6248ccaf2 100644
--- a/src/tests/functional/test_submissions.py
+++ b/src/tests/functional/test_submissions.py
@@ -18,7 +18,7 @@ def setUp(self):
         super().setUp()
         self.user = UserFactory(password='test')
 
-    def _run_submission_and_add_to_leaderboard(self, competition_zip_path, submission_zip_path, expected_submission_output, has_solutions=True, timeout=600, precision=2):
+    def _run_submission_and_add_to_leaderboard(self, competition_zip_path, submission_zip_path, expected_submission_output, has_solutions=True, has_detailed_result=True, timeout=600, precision=2):
         """Creates a competition and runs a submission inside it, waiting for expected output to
         appear in submission realtime output panel.
 
@@ -68,7 +68,8 @@ def _run_submission_and_add_to_leaderboard(self, competition_zip_path, submissio
         submission_id = int(self.find('submission-manager#user-submission-table table tbody tr:nth-of-type(1) td:nth-of-type(1)').text)
 
         # Add the submission to the leaderboard and go to results tab
-        self.find('submission-manager#user-submission-table table tbody tr:nth-of-type(1) td:nth-of-type(6) span[data-tooltip="Add to Leaderboard"]').click()
+        add_to_leaderboard_column = 7 if has_detailed_result else 6
+        self.find(f'submission-manager#user-submission-table table tbody tr:nth-of-type(1) td:nth-of-type({add_to_leaderboard_column}) span[data-tooltip="Add to Leaderboard"]').click()
         self.find('.item[data-tab="results-tab"]').click()
 
         # The leaderboard table lists our submission
@@ -82,7 +83,7 @@ def test_v15_iris_code_submission_end_to_end(self):
         self._run_submission_and_add_to_leaderboard('competition_15_iris.zip', 'submission_15_iris_code.zip', '======= Set 1 (Iris_test)', has_solutions=False, precision=4)
 
     def test_v18_submission_end_to_end(self):
-        self._run_submission_and_add_to_leaderboard('competition_18.zip', 'submission_18.zip', 'results', has_solutions=False)
+        self._run_submission_and_add_to_leaderboard('competition_18.zip', 'submission_18.zip', 'results', has_solutions=False, has_detailed_result=False)
 
     def test_v2_submission_end_to_end(self):
-        self._run_submission_and_add_to_leaderboard('competition.zip', 'submission.zip', 'Scores')
+        self._run_submission_and_add_to_leaderboard('competition.zip', 'submission.zip', 'Scores', has_detailed_result=False)

From 403fc2b591f00f1e5c51f903a22558a8b51fba4d Mon Sep 17 00:00:00 2001
From: Ihsan Ullah <ihsan2131@gmail.com>
Date: Fri, 12 Apr 2024 14:56:22 +0500
Subject: [PATCH 14/19] Option to hide make submission public button from
 participants (#1372)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* competition model updated

* competition settings to allow participant to make submission public/private

* unwanted restriction removed

---------

Co-authored-by: Adrien Pavão <adrien.pavao@gmail.com>

From c3ac8005469330e5070858eff330dc29b69b4bc3 Mon Sep 17 00:00:00 2001
From: Ihsan Ullah <ihsan2131@gmail.com>
Date: Fri, 12 Apr 2024 15:04:42 +0500
Subject: [PATCH 15/19] Submission ID in leaderboard (#1370)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* leaderbord shows submission id

* test updated

* test reversed

* test updated

* Rename 'submission ID' -> 'ID'

---------

Co-authored-by: Adrien Pavão <adrien.pavao@gmail.com>
---
 src/static/riot/competitions/detail/leaderboards.tag | 4 +++-
 src/tests/functional/test_submissions.py             | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/static/riot/competitions/detail/leaderboards.tag b/src/static/riot/competitions/detail/leaderboards.tag
index 2f09f26f5..95b4fc793 100644
--- a/src/static/riot/competitions/detail/leaderboards.tag
+++ b/src/static/riot/competitions/detail/leaderboards.tag
@@ -28,7 +28,7 @@
         </tr>
         <tr class="task-row">
             <th>Task:</th>
-            <th colspan=3></th>
+            <th colspan=4></th>
             <th each="{ task in filtered_tasks }" class="center aligned" colspan="{ task.colWidth }">{ task.name }</th>
         </tr>
         <tr>
@@ -36,6 +36,7 @@
             <th>Participant</th>
             <th>Entries</th>
             <th>Date</th>
+            <th>ID</th>
             <th each="{ column in filtered_columns }" colspan="1">{column.title}</th>
             
         </tr>
@@ -59,6 +60,7 @@
             <td if="{submission.organization !== null}"><a href="{submission.organization.url}">{ submission.organization.name }</a></td>
             <td>{submission.num_entries}</td>
             <td>{submission.created_when}</td>
+            <td>{submission.id}</td>
             <td each="{ column in filtered_columns }">
                 <a if="{column.title == 'Detailed Results'}" href="detailed_results/{get_detailed_result_submisison_id(column, submission)}" target="_blank" class="eye-icon-link">
                     <i class="icon grey eye eye-icon"></i>
diff --git a/src/tests/functional/test_submissions.py b/src/tests/functional/test_submissions.py
index 6248ccaf2..3ee088ae0 100644
--- a/src/tests/functional/test_submissions.py
+++ b/src/tests/functional/test_submissions.py
@@ -74,7 +74,7 @@ def _run_submission_and_add_to_leaderboard(self, competition_zip_path, submissio
 
         # The leaderboard table lists our submission
         prediction_score = Submission.objects.get(pk=submission_id).scores.first().score
-        assert Decimal(self.find('leaderboards table tbody tr:nth-of-type(1) td:nth-of-type(5)').text) == round(Decimal(prediction_score), precision)
+        assert Decimal(self.find('leaderboards table tbody tr:nth-of-type(1) td:nth-of-type(6)').text) == round(Decimal(prediction_score), precision)
 
     def test_v15_iris_result_submission_end_to_end(self):
         self._run_submission_and_add_to_leaderboard('competition_15_iris.zip', 'submission_15_iris_result.zip', '======= Set 1 (Iris_test)', has_solutions=False, precision=4)

From 34bbf0bd09ee4d9d5a0f75f4ebf088cd1843f125 Mon Sep 17 00:00:00 2001
From: Benjamin Bearce <bbearce@gmail.com>
Date: Tue, 16 Apr 2024 09:53:17 -0400
Subject: [PATCH 16/19] CPU limit on default queue (#1154)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* cpu limit changes

* flake8

* disable submission file input for 6 seconds

* Update .env_sample

* Update tasks.py

* Add spaces

* time limit of the default queue in pop up

* Update .env_sample

---------

Co-authored-by: Adrien Pavão <adrien.pavao@gmail.com>
---
 .env_sample                                     | 1 +
 src/apps/competitions/tasks.py                  | 6 ++++--
 src/settings/base.py                            | 1 +
 src/static/riot/competitions/editor/_phases.tag | 3 ++-
 src/static/riot/forms/input-file.tag            | 7 ++++++-
 src/templates/base.html                         | 6 +++++-
 src/utils/context_processors.py                 | 1 +
 7 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/.env_sample b/.env_sample
index a60000460..26c9337bd 100644
--- a/.env_sample
+++ b/.env_sample
@@ -10,6 +10,7 @@ DB_PORT=5432
 DJANGO_SETTINGS_MODULE=settings.develop
 ALLOWED_HOSTS=localhost,example.com
 SUBMISSIONS_API_URL=http://django:8000/api
+MAX_EXECUTION_TIME_LIMIT=600 # time limit for the default queue (in seconds)
 
 # Local domain definition
 DOMAIN_NAME=localhost:80
diff --git a/src/apps/competitions/tasks.py b/src/apps/competitions/tasks.py
index 87ad0d316..facc8041b 100644
--- a/src/apps/competitions/tasks.py
+++ b/src/apps/competitions/tasks.py
@@ -99,6 +99,7 @@
     'computation_indexes',
     'hidden',
 ]
+MAX_EXECUTION_TIME_LIMIT = int(os.environ.get('MAX_EXECUTION_TIME_LIMIT', 600))  # time limit of the default queue
 
 
 def _send_to_compute_worker(submission, is_scoring):
@@ -107,7 +108,7 @@ def _send_to_compute_worker(submission, is_scoring):
         "submissions_api_url": settings.SUBMISSIONS_API_URL,
         "secret": submission.secret,
         "docker_image": submission.phase.competition.docker_image,
-        "execution_time_limit": submission.phase.execution_time_limit,
+        "execution_time_limit": min(MAX_EXECUTION_TIME_LIMIT, submission.phase.execution_time_limit),
         "id": submission.pk,
         "is_scoring": is_scoring,
     }
@@ -185,8 +186,9 @@ def _send_to_compute_worker(submission, is_scoring):
     time_padding = 60 * 20  # 20 minutes
     time_limit = submission.phase.execution_time_limit + time_padding
 
-    if submission.phase.competition.queue:
+    if submission.phase.competition.queue:  # if the competition is running on a custom queue, not the default queue
         submission.queue_name = submission.phase.competition.queue.name or ''
+        run_args['execution_time_limit'] = submission.phase.execution_time_limit  # use the competition time limit
         submission.save()
 
         # Send to special queue? Using `celery_app` var name here since we'd be overriding the imported `app`
diff --git a/src/settings/base.py b/src/settings/base.py
index 27e76045a..9114e0687 100644
--- a/src/settings/base.py
+++ b/src/settings/base.py
@@ -331,6 +331,7 @@
 }
 
 SUBMISSIONS_API_URL = os.environ.get('SUBMISSIONS_API_URL', "http://django/api")
+MAX_EXECUTION_TIME_LIMIT = os.environ.get('MAX_EXECUTION_TIME_LIMIT', "600")  # time limit of the default queue
 
 # =============================================================================
 # Storage
diff --git a/src/static/riot/competitions/editor/_phases.tag b/src/static/riot/competitions/editor/_phases.tag
index bad6512d2..2ca4e6be0 100644
--- a/src/static/riot/competitions/editor/_phases.tag
+++ b/src/static/riot/competitions/editor/_phases.tag
@@ -133,7 +133,7 @@
                         <div class="three fields">
                             <div class="field">
                                 <label>
-                                    Execution Time Limit <span data-tooltip="In seconds, 600s default if unset"
+                                    Execution Time Limit (seconds)<span data-tooltip="600s if unset, { CODALAB.state.public_env_variables.MAX_EXECUTION_TIME_LIMIT }s max with default queue."
                                                                data-inverted=""
                                                                data-position="bottom center">
                                     <i class="help icon circle"></i></span>
@@ -670,6 +670,7 @@
          Events
         ---------------------------------------------------------------------*/
         CODALAB.events.on('competition_loaded', function (competition) {
+            debugger
             self.phases = competition.phases
             self.form_updated()
         })
diff --git a/src/static/riot/forms/input-file.tag b/src/static/riot/forms/input-file.tag
index aa7e51372..d68c49e89 100644
--- a/src/static/riot/forms/input-file.tag
+++ b/src/static/riot/forms/input-file.tag
@@ -2,7 +2,7 @@
 <input-file class="field {error: opts.error}">
     <!-- This is the SINGLE FILE with NO OTHER OPTIONS example -->
     <!-- In the future, we'll have this type AND a type that is pre-filled with nice options -->
-    <div class="ui left action file input">
+    <div class="ui left action file input" ref="submission_upload">
         <button type="button" class="ui icon button" onclick="{ open_file_selection }">
             <i class="attach icon"></i>
         </button>
@@ -38,6 +38,11 @@
         ---------------------------------------------------------------------*/
         self.open_file_selection = function () {
             self.refs.file_input.click()
+            // Re-enable the button after 5 seconds
+            self.refs.submission_upload.style['display'] = 'none'
+            setTimeout(function () {
+                self.refs.submission_upload.style['display'] = ''
+            }, 6000);
         }
     </script>
     <style>
diff --git a/src/templates/base.html b/src/templates/base.html
index fd54b5ab6..de6296321 100644
--- a/src/templates/base.html
+++ b/src/templates/base.html
@@ -257,10 +257,14 @@ <h4 class="ui inverted header">CodaBench</h4>
     <script>
         {# From `common_settings` context processor #}
         STORAGE_TYPE = "{{ STORAGE_TYPE }}"
+        MAX_EXECUTION_TIME_LIMIT = "{{ MAX_EXECUTION_TIME_LIMIT }}"
         CURRENT_DATE_TIME = "{% now "c" %}"
         CODALAB = {
             state: {
-                user: JSON.parse("{{ USER_JSON_DATA|escapejs }}")
+                user: JSON.parse("{{ USER_JSON_DATA|escapejs }}"),
+                public_env_variables: {
+                    MAX_EXECUTION_TIME_LIMIT:MAX_EXECUTION_TIME_LIMIT
+                }
             }
         }
 
diff --git a/src/utils/context_processors.py b/src/utils/context_processors.py
index dd49ccbbb..9ed17f064 100644
--- a/src/utils/context_processors.py
+++ b/src/utils/context_processors.py
@@ -20,6 +20,7 @@ def common_settings(request):
 
     return {
         'STORAGE_TYPE': settings.STORAGE_TYPE,
+        'MAX_EXECUTION_TIME_LIMIT': settings.MAX_EXECUTION_TIME_LIMIT,
         'USER_JSON_DATA': json.dumps(user_json_data),
         'RABBITMQ_MANAGEMENT_URL': f"http://{settings.DOMAIN_NAME}:{settings.RABBITMQ_MANAGEMENT_PORT}",
         'FLOWER_URL': f"http://{settings.DOMAIN_NAME}:{settings.FLOWER_PUBLIC_PORT}",

From bade1eba4a49b4a6aea7bc39dc141e329d43081a Mon Sep 17 00:00:00 2001
From: Ihsan Ullah <ihsan2131@gmail.com>
Date: Tue, 16 Apr 2024 20:46:50 +0500
Subject: [PATCH 17/19] Auto-migrate leaderboard submissions (#1341)

* only migrate submissions which are on the leaderboard

* tests fixed
---
 src/apps/api/tests/test_competitions.py         |  4 ++--
 src/apps/chahub/tests/test_chahub_mixin.py      |  1 +
 src/apps/competitions/models.py                 |  2 ++
 .../competitions/tests/test_phase_migration.py  |  4 +++-
 src/factories.py                                | 17 +++++++++--------
 5 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/src/apps/api/tests/test_competitions.py b/src/apps/api/tests/test_competitions.py
index 989f668f4..59ebc216c 100644
--- a/src/apps/api/tests/test_competitions.py
+++ b/src/apps/api/tests/test_competitions.py
@@ -111,7 +111,7 @@ def test_manual_migration_makes_submissions_from_one_phase_in_another(self):
 
         # make 5 submissions in phase 1
         for _ in range(5):
-            SubmissionFactory(owner=self.creator, phase=self.phase_1, status=Submission.FINISHED)
+            SubmissionFactory(owner=self.creator, phase=self.phase_1, status=Submission.FINISHED, leaderboard=self.leaderboard)
         assert self.phase_1.submissions.count() == 5
         assert self.phase_2.submissions.count() == 0
 
@@ -130,7 +130,7 @@ def test_manual_migration_makes_submissions_out_of_only_parents_not_children(sel
         self.client.login(username='creator', password='creator')
 
         # make 1 submission with 4 children
-        parent = SubmissionFactory(owner=self.creator, phase=self.phase_1, has_children=True, status=Submission.FINISHED)
+        parent = SubmissionFactory(owner=self.creator, phase=self.phase_1, has_children=True, status=Submission.FINISHED, leaderboard=self.leaderboard)
         for _ in range(4):
             # Make a submission _and_ new Task for phase 2
             self.phase_2.tasks.add(TaskFactory())
diff --git a/src/apps/chahub/tests/test_chahub_mixin.py b/src/apps/chahub/tests/test_chahub_mixin.py
index 75565c196..77aa3532a 100644
--- a/src/apps/chahub/tests/test_chahub_mixin.py
+++ b/src/apps/chahub/tests/test_chahub_mixin.py
@@ -21,6 +21,7 @@ def setUp(self):
             participant=self.participant,
             status='Finished',
             is_public=True,
+            leaderboard=None
         )
 
     def test_submission_save_sends_to_chahub(self):
diff --git a/src/apps/competitions/models.py b/src/apps/competitions/models.py
index 777dbb86a..100685d9e 100644
--- a/src/apps/competitions/models.py
+++ b/src/apps/competitions/models.py
@@ -128,10 +128,12 @@ def apply_phase_migration(self, current_phase, next_phase, force_migration=False
         self.is_migrating = True
         self.save()
 
+        # Get submissions of current phase with finished status and which are on leaderboard
         submissions = Submission.objects.filter(
             phase=current_phase,
             is_migrated=False,
             parent__isnull=True,
+            leaderboard__isnull=False,
             status=Submission.FINISHED
         )
 
diff --git a/src/apps/competitions/tests/test_phase_migration.py b/src/apps/competitions/tests/test_phase_migration.py
index 404c0fee5..f1b6e77a8 100644
--- a/src/apps/competitions/tests/test_phase_migration.py
+++ b/src/apps/competitions/tests/test_phase_migration.py
@@ -7,7 +7,7 @@
 from competitions.models import Submission, Competition, Phase
 from competitions.tasks import do_phase_migrations
 from factories import UserFactory, CompetitionFactory, PhaseFactory, SubmissionFactory, CompetitionParticipantFactory, \
-    TaskFactory
+    TaskFactory, LeaderboardFactory
 
 twenty_minutes_ago = now() - timedelta(hours=0, minutes=20)
 twenty_five_minutes_ago = now() - timedelta(hours=0, minutes=25)
@@ -22,6 +22,7 @@ def setUp(self):
         self.competition = CompetitionFactory(created_by=self.owner, title="Competition One")
         self.competition_participant = CompetitionParticipantFactory(user=self.normal_user,
                                                                      competition=self.competition)
+        self.leaderboard = LeaderboardFactory()
         self.phase1 = PhaseFactory(
             competition=self.competition,
             auto_migrate_to_this_phase=False,
@@ -59,6 +60,7 @@ def make_submission(self, **kwargs):
         kwargs.setdefault('participant', self.competition_participant)
         kwargs.setdefault('phase', self.phase1)
         kwargs.setdefault('status', Submission.FINISHED)
+        kwargs.setdefault('leaderboard', self.leaderboard)
         sub = SubmissionFactory(**kwargs)
         return sub
 
diff --git a/src/factories.py b/src/factories.py
index d0c47716c..c76384f5c 100644
--- a/src/factories.py
+++ b/src/factories.py
@@ -154,6 +154,14 @@ class Meta:
     task = factory.SubFactory(TaskFactory)
 
 
+class LeaderboardFactory(DjangoModelFactory):
+    class Meta:
+        model = Leaderboard
+
+    title = factory.Faker('word')
+    key = factory.Faker('word')
+
+
 class SubmissionFactory(DjangoModelFactory):
     class Meta:
         model = Submission
@@ -161,6 +169,7 @@ class Meta:
     owner = factory.SubFactory(UserFactory)
     phase = factory.SubFactory(PhaseFactory)
     name = factory.Sequence(lambda n: f'Submission {n}')
+    leaderboard = factory.SubFactory(LeaderboardFactory)
 
     created_when = factory.Faker('date_time_between', start_date='-5y', end_date='now', tzinfo=UTC)
     data = factory.SubFactory(
@@ -182,14 +191,6 @@ class Meta:
     status = factory.LazyAttribute(lambda n: random.choice(['unknown', 'denied', 'approved', 'pending']))
 
 
-class LeaderboardFactory(DjangoModelFactory):
-    class Meta:
-        model = Leaderboard
-
-    title = factory.Faker('word')
-    key = factory.Faker('word')
-
-
 class ColumnFactory(DjangoModelFactory):
     class Meta:
         model = Column

From b0bbb716b2c99881044f99da96c6d8289c4815be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrien=20Pav=C3=A3o?= <adrien.pavao@gmail.com>
Date: Fri, 19 Apr 2024 14:15:50 +0200
Subject: [PATCH 18/19] Clean code in celery_config.py (#1420)

* Clean code in celery_config.py

* Update celery_config.py

* Add blank line (flake8)
---
 src/celery_config.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/celery_config.py b/src/celery_config.py
index e3b7e141e..7ef8f818e 100644
--- a/src/celery_config.py
+++ b/src/celery_config.py
@@ -16,8 +16,10 @@
 ]
 
 _vhost_apps = {}
-# Function to get the app for a vhost
+
+
 def app_for_vhost(vhost):
+    # Function to get the app for a vhost
     if vhost not in _vhost_apps:
         # Take the CELERY_BROKER_URL and replace the vhost with the vhhost for this queue
         broker_url = settings.CELERY_BROKER_URL
@@ -26,7 +28,6 @@ def app_for_vhost(vhost):
         urllib.parse.uses_relative.append(scheme)
         urllib.parse.uses_netloc.append(scheme)
         broker_url = urllib.parse.urljoin(broker_url, vhost)
-
         vhost_app = Celery()
         # Copy the settings so we can modify the broker url to include the vhost
         django_settings = copy.copy(settings)
@@ -34,5 +35,4 @@ def app_for_vhost(vhost):
         vhost_app.config_from_object(django_settings, namespace='CELERY')
         vhost_app.task_queues = app.conf.task_queues
         _vhost_apps[vhost] = vhost_app
-
-    return _vhost_apps[vhost]
\ No newline at end of file
+    return _vhost_apps[vhost]

From 992bd86c661b157fde9ef1ed94ab35276694eddc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrien=20Pav=C3=A3o?= <adrien.pavao@gmail.com>
Date: Fri, 19 Apr 2024 18:17:11 +0200
Subject: [PATCH 19/19] Update README.md

---
 README.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 2b3308d0f..8c6da464e 100644
--- a/README.md
+++ b/README.md
@@ -26,10 +26,12 @@ $ docker-compose exec django ./manage.py generate_data
 $ docker-compose exec django ./manage.py collectstatic --noinput
 ```
 
-You can now login as username "admin" with password "admin" at http://localhost:8000
+You can now login as username "admin" with password "admin" at http://localhost/
 
 If you ever need to reset the database, use the script `./reset_db.sh`
 
+For more information about installation, checkout [Codabench Basic Installation Guide](https://github.com/codalab/codabench/wiki/Codabench-Installation) and [How to Deploy Server](https://github.com/codalab/codabench/wiki/How-to-deploy-Codabench-on-your-server).
+
 
 ## License