session_expires_automatically
redirect_to :controller => "user", :action => "suspended"
+
+ # don't allow access to any auth-requiring part of the site unless
+ # the new CTs have been seen (and accept/decline chosen).
+ elsif !@user.terms_seen and flash[:showing_terms].nil?
+ flash[:notice] = t 'user.terms.you need to accept or decline'
+ if params[:referer]
+ redirect_to :controller => "user", :action => "terms", :referer => params[:referer]
+ else
+ redirect_to :controller => "user", :action => "terms", :referer => request.request_uri
+ end
end
elsif session[:token]
@user = User.authenticate(:token => session[:token])
class UserController < ApplicationController
layout :choose_layout
+ before_filter :disable_terms_redirect, :only => [:terms, :save]
before_filter :authorize, :only => [:api_details, :api_gpx_files]
before_filter :authorize_web, :except => [:api_details, :api_gpx_files]
before_filter :set_locale, :except => [:api_details, :api_gpx_files]
elsif params[:decline]
if @user
@user.terms_seen = true
- @user.save
+
+ if @user.save
+ flash[:notice] = t 'user.new.terms declined', :url => t('user.new.terms declined url')
+ end
if params[:referer]
redirect_to params[:referer]
'site'
end
end
+
+ ##
+ #
+ def disable_terms_redirect
+ # this is necessary otherwise going to the user terms page, when
+ # having not agreed already would cause an infinite redirect loop.
+ # it's .now so that this doesn't propagate to other pages.
+ flash.now[:showing_terms] = true
+ end
end
continue: Continue
flash create success message: "Thanks for signing up. We've sent a confirmation note to {{email}} and as soon as you confirm your account you'll be able to get mapping.<br /><br />If you use an antispam system which sends confirmation requests then please make sure you whitelist webmaster@openstreetmap.org as we are unable to reply to any confirmation requests."
terms accepted: "Thanks for accepting the new contributor terms!"
+ terms declined: "We are sorry that you have decided to not accept the new Contributor Terms. For more information, please see <a href=\"{{url}}\">this wiki page</a>."
+ terms declined url: http://wiki.openstreetmap.org/wiki/Contributor_Terms_Declined
terms:
title: "Contributor terms"
heading: "Contributor terms"
agree: Agree
declined: "http://wiki.openstreetmap.org/wiki/Contributor_Terms_Declined"
decline: "Decline"
+ you need to accept or decline: "Please read and then either accept or decline the new Contributor Terms to continue."
legale_select: "Please select your country of residence:"
legale_names:
france: "France"
assert_response :success
# don't agree to the terms, but hit decline
+ post "/user/#{user.display_name}/save", {'decline' => 'decline', 'referer' => '/'}
+ assert_redirected_to "/"
+ follow_redirect!
+
+ # should be carried through to a normal login with a message
+ assert_response :success
+ assert !flash[:notice].nil?
+ end
+ end
+
+ def test_terms_cant_be_circumvented
+ if REQUIRE_TERMS_SEEN
+ user = users(:terms_not_seen_user)
+
+ # try to log in
+ get_via_redirect "/login"
+ assert_response :success
+ assert_template 'user/login'
+ post "/login", {'user[email]' => user.email, 'user[password]' => 'test', :referer => "/"}
+ assert_response :redirect
+ # but now we need to look at the terms
+ assert_redirected_to "controller" => "user", "action" => "terms", :referer => "/"
+ follow_redirect!
+ assert_response :success
- # should be carried through to a normal login
+ # check that if we go somewhere else now, it redirects
+ # back to the terms page.
+ get "/traces/mine"
+ assert_redirected_to "controller" => "user", "action" => "terms", :referer => "/traces/mine"
end
end
projects / rails.git / commitdiff