arXiv · DavidLFielding · Mar 16, 2026 · Mar 9, 2026 · Mar 9, 2026 · Mar 9, 2026
@@ -11,7 +11,7 @@ There is a generated client in `client`. It can be built with `clitools.py`. I'm
 starting to wire up the UI to use that.
 
 I took the NG submission-core and submission-ui and put them in the same project
-and then refactored the pacakges. 
+and then refactored the packages. 
 
 # 2024-09-24 Start of UI
 Brian Caruso
@@ -73,8 +73,8 @@ without flask. This will need to be merged to arxiv-base master soon.
 ### Current state
 *WORKING*
 - creates a submission
-- uplaod and unpacks tar.gz
-- license, policy and author attestation
+- upload and unpacks tar.gz
+- submission agreement, and license acceptance
 - metadata: title abstract etc
 - docker file
 - tests

@@ -22,7 +22,7 @@
 from typing import List, Optional
 from enum import Enum
 
-from common import (GCP_LOG_NAME, GCP_RESULTS_NAME, GCP_PREFLIGHT_NAME,
+from .common import (GCP_LOG_NAME, GCP_RESULTS_NAME, GCP_PREFLIGHT_NAME,
                                    DEFAULT_SUBMISSION_LOG_NAME, DEFAULT_SYSTEM_LOG_NAME,
                                    DEFAULT_COMPILATION_TIMEOUT, DEFAULT_MAX_APPEND_FILES,
                                    DEFAULT_MAX_TEX_FILES, MAX_RETRIES, RETRY_DELAY)
@@ -478,7 +478,7 @@ def compile_submission(
         query_params['watermark_text'] = watermark_text
 
     if preflight:
-        query_params['preflight'] = args.preflight
+        query_params['preflight'] = preflight
 
     if not tex2pdf_url:
         raise FileNotFoundError("The tex2pdf_url is required. ")

@@ -8,8 +8,7 @@
 from submit_ce.api.CompileService import CompileService
 from submit_ce.api.domain.event.process import Result
 from submit_ce.api.domain.process import ProcessStatus
-import sys
-sys.path.append('submit_ce/implementations/compile')
+
 from submit_ce.implementations.compile.compile_at_gcp import PreflightOption, DEFAULT_MAX_APPEND_FILES, DEFAULT_MAX_TEX_FILES, \
     DEFAULT_COMPILATION_TIMEOUT, compile_submission
 
@@ -81,4 +80,5 @@ def start_compile(self, submission: Submission,
 
 
     def check(self, process_id: str, user: User, client: Client) -> ProcessStatus:
-        pass
+        pass
+
@@ -10,7 +10,6 @@
 from . import cross, delete, jref, util, withdraw
 from .manage_submissions import manage_submissions
 from .new import process, upload, review
-from .new.authorship import authorship
 from .new.classification import classification
 from .new.create import create
 from .new.final import finalize

@@ -0,0 +1,43 @@
+"""Tests for :mod:`submit_ce.controllers.license`."""
+import re
+import pytest
+from arxiv.license import LICENSES
+
+
+def _extract_csrf(html_bytes: bytes) -> str:
+    # Adjust to your CSRF field name; typical hidden input name is "csrf_token"
+    m = re.search(rb'name="csrf_token" value="([^"]+)"', html_bytes)
+    return m.group(1).decode() if m else ""
+
+@pytest.mark.usefixtures("app")
+def test_license_post_no_change_advances(authorized_client, sub_policy):
+    """
+    When the user submits the same license choice that the submission already has,
+    the controller should treat it as a no-op and move to the next stage
+    (ready_for_next), returning 200 without error.
+    """
+    sub = sub_policy
+
+    # Add a license
+    first_uri = next(iter(LICENSES.keys()))
+    sub.license = type("L", (), {"uri": first_uri})
+
+    assert sub.license and sub.license.uri, "Fixture must provide an existing license URI"
+
+    # 1) GET the license form (captures CSRF if enabled)
+    get_url = f"/{sub.submission_id}/license"
+    get_resp = authorized_client.get(get_url)
+    assert get_resp.status_code == 200
+    csrf_token = _extract_csrf(get_resp.data)
+
+    # 2) POST the *same* license value (no-op)
+    post_data = {
+        "license": sub.license.uri,    # same as current license
+    }
+    if csrf_token:
+        post_data["csrf_token"] = csrf_token
+
+    post_resp = authorized_client.post(get_url, data=post_data, follow_redirects=False)
+
+    # Expected: controller returns a 200 OK and advances via ready_for_next
+    assert post_resp.status_code == 200
@@ -30,4 +30,4 @@ def sub_from_db():
                                              "verify_user": "true",
                                              "action":"next"})
     assert resp.status_code == 303 and \
-        resp.headers["Location"] == f"/{sub.submission_id}/authorship"
+        resp.headers["Location"] == f"/{sub.submission_id}/policy"
@@ -0,0 +1,33 @@
+"""Tests for :mod:`submit_ce.controllers.verify_user`."""
+import pytest
+from http import HTTPStatus as status
+from submit_ce.ui.tests.csrf_util import parse_csrf_token
+from submit_ce.api.domain.submission import Submission
+
+@pytest.mark.usefixtures("app")
+def test_verify_user_normal(authorized_client, sub_created):
+    """
+    Non-proxy submitter: GET -> POST verify_user=true should advance (ready_for_next).
+    Covers validate(), save(), and ready_for_next path.
+    """
+    sub: Submission = sub_created
+    assert not sub.submitter_contact_verified
+
+    url = f"/{sub.submission_id}/verify_user"
+
+    # GET form
+    resp_get = authorized_client.get(url)
+    assert resp_get.status_code == status.OK
+
+    # Real CSRF from page
+    token = parse_csrf_token(resp_get)
+
+    # POST verify_user=true
+    resp_post = authorized_client.post(
+        url,
+        data={"verify_user": "y", "csrf_token": token},
+        follow_redirects=False
+    )
+
+    # Depending on your flow_control wrapper, this might be 200 or a redirect
+    assert resp_post.status_code in (status.OK, status.FOUND, status.SEE_OTHER)
@@ -0,0 +1,58 @@
+"""Tests for :mod:`submit_ce.controllers.verify_user`."""
+import pytest
+from http import HTTPStatus as status
+from submit_ce.ui.tests.csrf_util import parse_csrf_token
+from submit_ce.api.domain.submission import Submission
+
+@pytest.mark.usefixtures("app")
+def test_verify_user_proxy_requires_fields(authorized_client, sub_created, monkeypatch):
+    """
+    Proxy submitter: first POST missing fields -> 400; second POST with fields -> advance.
+    Covers may_proxy validation branch and both error/success paths.
+    """
+    sub: Submission = sub_created
+    assert not sub.submitter_contact_verified
+    url = f"/{sub.submission_id}/verify_user"
+
+    # give the current authorized user the PROXY_SUBMISSION scope
+    from arxiv.auth.auth import scopes
+    from submit_ce.ui import auth as auth_mod
+    # Patch only for the duration of this test: always return a user with PROXY_SUBMISSION
+    user_client = auth_mod.user_and_client_from_session
+    def fake_user_and_client(session):
+        submitter, client = user_client(session)
+        # ensure PROXY_SUBMISSION is present
+        submitter.scopes = set(getattr(submitter, "scopes", [])) | {scopes.PROXY_SUBMISSION}
+        return submitter, client
+
+    monkeypatch.setattr(
+        "submit_ce.ui.controllers.new.verify_user.user_and_client_from_session",
+        fake_user_and_client
+    )
+
+    # GET form
+    resp_get = authorized_client.get(url)
+    assert resp_get.status_code == status.OK
+    token = parse_csrf_token(resp_get)
+
+    # 1) Test bad request: POST with verify_user=true but missing proxy fields -> BAD_REQUEST
+    resp_bad = authorized_client.post(
+        url,
+        data={"verify_user": "y", "csrf_token": token},
+        follow_redirects=False
+    )
+    assert resp_bad.status_code == status.BAD_REQUEST
+
+    # 2) Test good request: POST with verify_user=true and valid proxy fields -> should advance
+    resp_ok = authorized_client.post(
+        url,
+        data={
+            "verify_user": "y",
+            "proxy_name": "Jane Proxy",
+            "proxy_email": "jane.proxy@example.org",
+            "csrf_token": token,
+        },
+        follow_redirects=False
+    )
+    assert resp_ok.status_code in (status.OK, status.FOUND, status.SEE_OTHER)
+