Skip to content

Support forcing users to accept ToS and privacy policy #5925

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ThiefMaster merged 26 commits into from
Feb 29, 2024
Merged

Support forcing users to accept ToS and privacy policy #5925

ThiefMaster merged 26 commits into from
Feb 29, 2024

Conversation

@kewisch
Copy link
Contributor

@kewisch kewisch commented Sep 12, 2023

Fixes #5923 .

@kewisch kewisch mentioned this pull request Sep 12, 2023
Closed
@kewisch
Copy link
Contributor Author

kewisch commented Sep 12, 2023

fwiw after some renaming I just noticed that it doesn't quite fit under privacy policy any more. I don't think it fits in any of the others (though maybe the Terms one), and a new section could be overkill.

I'll leave it to your judgement where it fits best.

ThiefMaster
ThiefMaster reviewed Sep 12, 2023
View reviewed changes
@kewisch kewisch force-pushed the force-accept-tos branch 2 times, most recently from e64a29d to 528859b Compare September 13, 2023 20:19
@kewisch kewisch changed the title Support for accepting terms on user registration Support to force accepting terms and privacy policy Sep 21, 2023
@kewisch
Copy link
Contributor Author

kewisch commented Sep 21, 2023

@ThiefMaster it might not be quite perfect yet, but this is ready for a new round of reviews. See context in #5923

github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 21, 2023
View reviewed changes
ThiefMaster
ThiefMaster reviewed Sep 21, 2023
View reviewed changes
ThiefMaster
ThiefMaster reviewed Oct 5, 2023
View reviewed changes
kewisch
kewisch commented Oct 14, 2023
View reviewed changes
@kewisch kewisch force-pushed the force-accept-tos branch 2 times, most recently from 0e569da to 81a733a Compare October 14, 2023 18:25
kewisch added a commit to kewisch/indico that referenced this pull request Oct 14, 2023
@kewisch
Support to force accepting terms and privacy policy (indico#5925)
0a74480
@kewisch
Copy link
Contributor Author

kewisch commented Oct 24, 2023

@ThiefMaster I've hit a snag on this while debugging something else and could use your advice:

This approach seems to fail for urls that have @allow_signed_url. In the intercepting signal there is a check for session.user, which calls indico.web.util's get_request_user, which will fail because g.rh is not yet set, so it can't actually see that the controller has _ALLOW_SIGNED_URL.

Is there a way to do this interception later, or a better way to check for the user at this stage?

@ThiefMaster
Copy link
Member

ThiefMaster commented Nov 3, 2023

Do you mean the time when _handle_terms_changed runs? If yes, you could move it into the RH class right after self._check_csrf()

ThiefMaster
ThiefMaster reviewed Nov 3, 2023
View reviewed changes
@kewisch
Copy link
Contributor Author

kewisch commented Dec 11, 2023

Do you mean the time when _handle_terms_changed runs? If yes, you could move it into the RH class right after self._check_csrf()

Yeah, this works much better. It feels a little unclean, but I'll leave that to the review if it works out good enough :)

@ThiefMaster also friendly reminder for this comment: #5925 (comment)

ThiefMaster
ThiefMaster reviewed Dec 11, 2023
View reviewed changes
kewisch added a commit to kewisch/indico that referenced this pull request Dec 11, 2023
@kewisch
Support to force accepting terms and privacy policy (indico#5925)
add6399
kewisch added a commit to kewisch/indico that referenced this pull request Dec 12, 2023
@kewisch
Support to force accepting terms and privacy policy (indico#5925)
2afd8ab
kewisch added a commit to kewisch/indico that referenced this pull request Dec 12, 2023
@kewisch
Support to force accepting terms and privacy policy (indico#5925)
0e44879
@kewisch
Copy link
Contributor Author

kewisch commented Dec 12, 2023

All current review comments taken care of :)

@ThiefMaster
Fix jinja styling
072bc9f
@ThiefMaster
Make agreement form nicer
f639aa8
@ThiefMaster
Improve redirect logic
922fb1a 
- use similar endpoint whitelist like in case of bad passwords
- exclude non-GET requests altogether (those might break things when
  people are editing something and want to save)
@ThiefMaster
Improve way to check form data
69223cd 
Also improve formatting
@ThiefMaster
Set tos acceptance data during signup
826b294
@ThiefMaster
Use more generic column name
965efc1
@ThiefMaster ThiefMaster changed the title Support to force accepting terms and privacy policy Support forcing users to accept ToS and privacy policy Feb 29, 2024
ThiefMaster
ThiefMaster approved these changes Feb 29, 2024
View reviewed changes
Copy link
Member

@ThiefMaster ThiefMaster left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice pr :)

@ThiefMaster ThiefMaster merged commit e3e29f9 into indico:master Feb 29, 2024
@ThiefMaster ThiefMaster added this to the v3.3 milestone Feb 29, 2024
@kewisch kewisch deleted the force-accept-tos branch February 29, 2024 15:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tomasr8 tomasr8 tomasr8 left review comments

@ThiefMaster ThiefMaster ThiefMaster approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

v3.3

Development

Successfully merging this pull request may close these issues.

Force user to accept a privacy policy when creating a profile

3 participants

@kewisch @ThiefMaster @tomasr8