-
-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add initial Terms of Service support. #186
Conversation
- New TermsOfService that represents a ToS, with a name, date, URL and an "active" flag. - New middleware like the existing one for enforcing active emails that requires users which haven't agreed to all "active" ToSes to agree. - Sync support for syncing ToSes to groups, for export to Discourse and Ore. At the moment, this only happens when a user logs in again. - Migration to create the initial SpongePowered 2018-03-10 ToS. - Updated registration form to add checkboxes to agree to the ToSes at registration time. These are all mandatory.
{% block title %}{% trans "Terms of Service" %}{% endblock %} | ||
{% block main %} | ||
<div class="container top-level"> | ||
<div class="row"> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This formatting is all over the place.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is the current user flow for when the TOS is updated? Are we making users auto agree to the updated terms? We can send a notification to users when the TOS is updated with a link to the Docs.
@@ -43,6 +43,20 @@ class ForgotTokenGenerator(django.contrib.auth.tokens.PasswordResetTokenGenerato | |||
|
|||
|
|||
def _log_user_in(request, user, skip_twofa=False): | |||
# Resync groups with the TOS acceptances. | |||
# XXX(lukegb): this is a hack, don't do this. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this syncing the groups in memory with the groups in the DB? Do you want to put this into a separate function and have these sync periodically?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Specifically this syncs the group membership in the database with the ToS acceptances. These are separate because going back and retroactively changing the group membership to use a through table is tricky, and acceptances store a timestamp value as well, whereas groups do not.
This should really be a trigger when acceptances change rather than on login, but I haven't bothered to implement that yet.
This probably has consequences for the following flow, though:
- User logs in, and hasn't accepted all the ToSes yet
- User clicks through the ToS acknowledgement
- User continues to Discourse/Ore
...because the user won't be added to the ToS group for the things they've just acked.
The user flow for when ToSes are updated is currently that we will force them to click through the ToS again on login (or any action on SpongeAuth). This is slightly different to the wording in the ToS, which permits us to update the ToS, but I don't see it happening particularly often, so I'm not too worried. |
|
|
an "active" flag.
requires users which haven't agreed to all "active" ToSes to agree.
Ore. At the moment, this only happens when a user logs in again.
at registration time. These are all mandatory.