diff options
| author | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-06-08 14:20:44 +0300 |
|---|---|---|
| committer | Bob Van Landuyt <bob@vanlanduyt.co> | 2018-06-08 20:17:00 +0300 |
| commit | 3d713ac114085e091815aa486fb96905347c3002 (patch) | |
| tree | 64c7ee7c43e2a313bf75e10c14b09ef9c1ccd0d4 /app/controllers | |
| parent | ebdc7f11d9c1a2a492e4af6918d407882ce5737d (diff) | |
Users can accept terms during registration
When a user checks the `accept` checkbox, we will track that
acceptance as usual. That way they don't need to accept again after
they complete the registration.
When an unauthenticated user visits the `/-/users/terms` page, there
is no button to accept, decline or continue. The 'current-user menu'
is also hidden from the top bar.
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/registrations_controller.rb | 27 | ||||
| -rw-r--r-- | app/controllers/users/terms_controller.rb | 3 |
2 files changed, 28 insertions, 2 deletions
diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb index f5a222b3a48..e6d6965036e 100644 --- a/app/controllers/registrations_controller.rb +++ b/app/controllers/registrations_controller.rb @@ -3,6 +3,9 @@ class RegistrationsController < Devise::RegistrationsController include AcceptsPendingInvitations before_action :whitelist_query_limiting, only: [:destroy] + before_action :ensure_terms_accepted, + if: -> { Gitlab::CurrentSettings.current_application_settings.enforce_terms? }, + only: [:create] def new redirect_to(new_user_session_path) @@ -18,7 +21,9 @@ class RegistrationsController < Devise::RegistrationsController if !Gitlab::Recaptcha.load_configurations! || verify_recaptcha accept_pending_invitations - super + super do |new_user| + persist_accepted_terms_if_required(new_user) + end else flash[:alert] = 'There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.' flash.delete :recaptcha_error @@ -40,6 +45,16 @@ class RegistrationsController < Devise::RegistrationsController protected + def persist_accepted_terms_if_required(new_user) + return unless new_user.persisted? + return unless Gitlab::CurrentSettings.current_application_settings.enforce_terms? + + if terms_accepted? + terms = ApplicationSetting::Term.latest + Users::RespondToTermsService.new(new_user, terms).execute(accepted: true) + end + end + def destroy_confirmation_valid? if current_user.confirm_deletion_with_password? current_user.valid_password?(params[:password]) @@ -91,4 +106,14 @@ class RegistrationsController < Devise::RegistrationsController def whitelist_query_limiting Gitlab::QueryLimiting.whitelist('https://gitlab.com/gitlab-org/gitlab-ce/issues/42380') end + + def ensure_terms_accepted + return if terms_accepted? + + redirect_to new_user_session_path, alert: _('You must accept our Terms of Service and privacy policy in order to register an account') + end + + def terms_accepted? + Gitlab::Utils.to_boolean(params[:terms_opt_in]) + end end diff --git a/app/controllers/users/terms_controller.rb b/app/controllers/users/terms_controller.rb index f7c6d1d59db..1b1560a2a00 100644 --- a/app/controllers/users/terms_controller.rb +++ b/app/controllers/users/terms_controller.rb @@ -2,6 +2,7 @@ module Users class TermsController < ApplicationController include InternalRedirect + skip_before_action :authenticate_user! skip_before_action :enforce_terms! skip_before_action :check_password_expiration skip_before_action :check_two_factor_requirement @@ -14,7 +15,7 @@ module Users def index @redirect = redirect_path - if @term.accepted_by_user?(current_user) + if current_user && @term.accepted_by_user?(current_user) flash.now[:notice] = "You have already accepted the Terms of Service as #{current_user.to_reference}" end end |