From 3795da40149962e77d88dc3d88ba7c400005718a Mon Sep 17 00:00:00 2001 From: Andy Allan Date: Wed, 6 Feb 2019 14:54:56 +0100 Subject: [PATCH] Remove the require_terms_seen configuration option This option has been set to 'true' for over six years in production. Refs #2097 --- app/controllers/application_controller.rb | 2 +- app/controllers/users_controller.rb | 2 +- config/example.application.yml | 2 - test/integration/user_terms_seen_test.rb | 112 ++++++++++------------ 4 files changed, 50 insertions(+), 68 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 9666adf12..227e5198f 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -105,7 +105,7 @@ class ApplicationController < ActionController::Base # if the user hasn't seen the contributor terms then don't # allow editing - they have to go to the web site and see # (but can decline) the CTs to continue. - if REQUIRE_TERMS_SEEN && !current_user.terms_seen && flash[:skip_terms].nil? + if !current_user.terms_seen && flash[:skip_terms].nil? set_locale report_error t("application.setup_user_auth.need_to_see_terms"), :forbidden end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 01eee61df..d1a94b9f6 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -644,7 +644,7 @@ class UsersController < ApplicationController # - If they have a block on them, show them that. # - If they were referred to the login, send them back there. # - Otherwise, send them to the home page. - if REQUIRE_TERMS_SEEN && !user.terms_seen + if !user.terms_seen redirect_to :action => :terms, :referer => target elsif user.blocked_on_view redirect_to user.blocked_on_view, :referer => target diff --git a/config/example.application.yml b/config/example.application.yml index 7db7861b2..bf9ebeb59 100644 --- a/config/example.application.yml +++ b/config/example.application.yml @@ -87,8 +87,6 @@ defaults: &defaults #oauth_key: "" # OAuth consumer key for iD #id_key: "" - # Whether to require users to view the CTs before continuing to edit... - require_terms_seen: false # Whether to require users to agree to the CTs before editing require_terms_agreed: false # Imagery to return in capabilities as blacklisted diff --git a/test/integration/user_terms_seen_test.rb b/test/integration/user_terms_seen_test.rb index 03e8c6f54..33a6950ee 100644 --- a/test/integration/user_terms_seen_test.rb +++ b/test/integration/user_terms_seen_test.rb @@ -6,69 +6,63 @@ class UserTermsSeenTest < ActionDispatch::IntegrationTest end def test_api_blocked - with_terms_seen(true) do - user = create(:user, :terms_seen => false) + user = create(:user, :terms_seen => false) - get "/api/#{API_VERSION}/user/preferences", :headers => auth_header(user.display_name, "test") - assert_response :forbidden + get "/api/#{API_VERSION}/user/preferences", :headers => auth_header(user.display_name, "test") + assert_response :forbidden - # touch it so that the user has seen the terms - user.terms_seen = true - user.save + # touch it so that the user has seen the terms + user.terms_seen = true + user.save - get "/api/#{API_VERSION}/user/preferences", :headers => auth_header(user.display_name, "test") - assert_response :success - end + get "/api/#{API_VERSION}/user/preferences", :headers => auth_header(user.display_name, "test") + assert_response :success end def test_terms_presented_at_login - with_terms_seen(true) do - user = create(:user, :terms_seen => false) - - # try to log in - get "/login" - follow_redirect! - assert_response :success - assert_template "users/login" - post "/login", :params => { :username => user.email, :password => "test", :referer => "/diary/new" } - assert_response :redirect - # but now we need to look at the terms - assert_redirected_to :controller => :users, :action => :terms, :referer => "/diary/new" - follow_redirect! - assert_response :success - - # don't agree to the terms, but hit decline - post "/user/save", :params => { :decline => true, :referer => "/diary/new" } - assert_redirected_to "/diary/new" - follow_redirect! - - # should be carried through to a normal login with a message - assert_response :success - assert_not flash[:notice].nil? - end + user = create(:user, :terms_seen => false) + + # try to log in + get "/login" + follow_redirect! + assert_response :success + assert_template "users/login" + post "/login", :params => { :username => user.email, :password => "test", :referer => "/diary/new" } + assert_response :redirect + # but now we need to look at the terms + assert_redirected_to :controller => :users, :action => :terms, :referer => "/diary/new" + follow_redirect! + assert_response :success + + # don't agree to the terms, but hit decline + post "/user/save", :params => { :decline => true, :referer => "/diary/new" } + assert_redirected_to "/diary/new" + follow_redirect! + + # should be carried through to a normal login with a message + assert_response :success + assert_not flash[:notice].nil? end def test_terms_cant_be_circumvented - with_terms_seen(true) do - user = create(:user, :terms_seen => false) - - # try to log in - get "/login" - follow_redirect! - assert_response :success - assert_template "users/login" - post "/login", :params => { :username => user.email, :password => "test", :referer => "/diary/new" } - assert_response :redirect - # but now we need to look at the terms - assert_redirected_to :controller => :users, :action => :terms, :referer => "/diary/new" - - # check that if we go somewhere else now, it redirects - # back to the terms page. - get "/traces/mine" - assert_redirected_to :controller => :users, :action => :terms, :referer => "/traces/mine" - get "/traces/mine", :params => { :referer => "/diary/new" } - assert_redirected_to :controller => :users, :action => :terms, :referer => "/diary/new" - end + user = create(:user, :terms_seen => false) + + # try to log in + get "/login" + follow_redirect! + assert_response :success + assert_template "users/login" + post "/login", :params => { :username => user.email, :password => "test", :referer => "/diary/new" } + assert_response :redirect + # but now we need to look at the terms + assert_redirected_to :controller => :users, :action => :terms, :referer => "/diary/new" + + # check that if we go somewhere else now, it redirects + # back to the terms page. + get "/traces/mine" + assert_redirected_to :controller => :users, :action => :terms, :referer => "/traces/mine" + get "/traces/mine", :params => { :referer => "/diary/new" } + assert_redirected_to :controller => :users, :action => :terms, :referer => "/diary/new" end private @@ -76,14 +70,4 @@ class UserTermsSeenTest < ActionDispatch::IntegrationTest def auth_header(user, pass) { "HTTP_AUTHORIZATION" => format("Basic %{auth}", :auth => Base64.encode64("#{user}:#{pass}")) } end - - def with_terms_seen(value) - require_terms_seen = Object.send("remove_const", "REQUIRE_TERMS_SEEN") - Object.const_set("REQUIRE_TERMS_SEEN", value) - - yield - - Object.send("remove_const", "REQUIRE_TERMS_SEEN") - Object.const_set("REQUIRE_TERMS_SEEN", require_terms_seen) - end end -- 2.43.2