From 5a3727dc5f22af46205899a13bff4092e4d30621 Mon Sep 17 00:00:00 2001
From: Jyri-Petteri Paloposki <jyri-petteri.paloposki@iki.fi>
Date: Mon, 20 Jul 2020 18:16:15 +0300
Subject: [PATCH] Add functionality for requiring TOS approval on signup

---
 app/assets/stylesheets/login.scss   |  8 +++++++-
 app/controllers/users_controller.rb | 11 ++++++++++-
 app/views/users/new.html.erb        | 15 ++++++++++++---
 config/locales/en.yml               |  2 ++
 config/site.docker.yml              |  3 +++
 config/site.yml.tmpl                |  2 ++
 6 files changed, 36 insertions(+), 5 deletions(-)

diff --git a/app/assets/stylesheets/login.scss b/app/assets/stylesheets/login.scss
index da1d0737..dcab57c2 100644
--- a/app/assets/stylesheets/login.scss
+++ b/app/assets/stylesheets/login.scss
@@ -19,11 +19,17 @@ body {
   @include make-sm-column-offset(3);
   margin: 2em auto 1em;
   background-color: rgba(0, 0, 0, 0.75);
-  color: #eaeaea;
   padding: 0 0 1em 0;
   box-shadow: 0 2px 6px rgba(0, 0, 0, 0.5), 0 2px 3px rgba(0, 0, 0, 0.3);
+  color: #eaeaea;
+
+  a {
+    color: #eaeaea;
+    text-decoration: underline;
+  }
 }
 
+
 @media(min-width: $screen-sm-min) {
   .login-box {
     border-radius: 5px;
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index df04d9da..12c37c5e 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -76,10 +76,14 @@ class UsersController < ApplicationController
           return
         end
 
+        unless params['approve_tos'] == 'on' || SITE_CONFIG['tos_link'].blank?
+          render_failure "You have to accept the terms of service to sign up!"
+          return
+        end
+
         user = User.new(user_params)
 
         unless user.valid?
-          session['new_user'] = user
           redirect_to signup_path
           return
         end
@@ -106,6 +110,11 @@ class UsersController < ApplicationController
           render_failure "Expected post format is valid xml like so: <user><login>username</login><password>abc123</password></user>.", 400
           return
         end
+        unless user_params['approve_tos'] == 'on' || SITE_CONFIG['tos_link'].blank?
+          render_failure "You have to accept the terms of service to sign up!"
+          return
+        end
+
         user = User.new(user_params)
         user.password_confirmation = user_params[:password]
         saved = user.save
diff --git a/app/views/users/new.html.erb b/app/views/users/new.html.erb
index a4ff035d..4450011e 100644
--- a/app/views/users/new.html.erb
+++ b/app/views/users/new.html.erb
@@ -20,16 +20,25 @@
 
           <div class="label-element-combo">
             <%= label_tag "user_login", t('users.desired_login') %>
-            <%= text_field_tag "user_login", nil, class: "form-control" %>
+            <%= text_field "user", "login", class: "form-control" %>
           </div>
           <div class="label-element-combo">
             <%= label_tag "user_password", t('users.choose_password') %>
-            <%= password_field_tag "user_password", nil, class: "form-control" %>
+            <%= password_field "user", "password", class: "form-control" %>
           </div>
           <div class="label-element-combo">
             <%= label_tag "user_password_confirmation", t('users.confirm_password') %>
-            <%= password_field_tag "user_password_confirmation", nil, class: "form-control" %>
+            <%= password_field "user", "password_confirmation", class: "form-control" %>
           </div>
+          <% unless SITE_CONFIG['tos_link'].blank? -%>
+            <div class="label-element-combo">
+              <div class="checkbox">
+                <input name="approve_tos" id="approve_tos" type="checkbox" />
+                <label for="approve_tos"><%= t("users.approve_tos") %></label>
+                (<a href="<%= SITE_CONFIG['tos_link'] %>"><%= t('users.tos_link') %></a>)
+              </div>
+            </div>
+          <% end -%>
           <%= submit_tag t("users.signup"), class: "btn btn-default" %>
         <% end %>
       </div>
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 1a545da1..97626fd2 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -978,6 +978,8 @@ en:
     change_authentication_type: Change authentication type
     total_notes: Total notes
     select_authentication_type: Select your new authentication type and click 'Change authentication type' to replace your current settings.
+    approve_tos: I approve the Terms of Service
+    tos_link: read the Terms of Service
   feedlist:
     choose_context: Choose the context you want a feed of
     actions_due_today: Actions due today or earlier
diff --git a/config/site.docker.yml b/config/site.docker.yml
index 0b1a04d3..4b9b2eb5 100644
--- a/config/site.docker.yml
+++ b/config/site.docker.yml
@@ -42,6 +42,9 @@ force_ssl: false
 # Set to true to allow anyone to sign up for a username.
 open_signups: false
 
+# Set to require TOS approval on signup.
+#tos_link: "https://www.example.com"
+
 # When integrating your tracks instance with http://cloudmailin.com/ by using 
 # the /integrations/cloudmailin URL, this value is the cloudmailin-secret for 
 # verifying the authenticity of the request.
diff --git a/config/site.yml.tmpl b/config/site.yml.tmpl
index 29c53704..1d837be0 100644
--- a/config/site.yml.tmpl
+++ b/config/site.yml.tmpl
@@ -48,6 +48,8 @@ force_ssl: false
 # Set to true to allow anyone to sign up for a username.
 open_signups: false
 
+# Set to require TOS approval on signup.
+#tos_link: "https://www.example.com"
 
 # When integrating your tracks instance with http://cloudmailin.com/ by using 
 # the /integrations/cloudmailin URL, this value is the cloudmailin-secret for