store terms_accepted_at for User registration (#13)

econya · Sep 23, 2020 · 209be89 · 209be89
1 parent 351947c
commit 209be89
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 4 deletions.
diff --git a/app/models/user.rb b/app/models/user.rb
@@ -18,6 +18,8 @@ class User < ApplicationRecord
   attribute :read_privacy_terms
   validates_acceptance_of :read_privacy_terms, :allow_nil => false, :on => :create
 
+  after_create :accept_terms
+
   scope :with_current_subscription, -> {
     joins(:subscriptions).merge(Subscription.current)
   }
@@ -59,4 +61,8 @@ def in_trial_period?
   def send_devise_notification(notification, *args)
     devise_mailer.send(notification, self, *args).deliver_later
   end
+
+  def accept_terms
+    update(terms_accepted_at: DateTime.now)
+  end
 end
diff --git a/db/migrate/20200923085201_add_terms_accepted_at_to_user.rb b/db/migrate/20200923085201_add_terms_accepted_at_to_user.rb
@@ -0,0 +1,9 @@
+# SPDX-FileCopyrightText: 2020 Felix Wolfsteller
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+class AddTermsAcceptedAtToUser < ActiveRecord::Migration[6.0]
+  def change
+    add_column :users, :terms_accepted_at, :datetime
+  end
+end
diff --git a/doc/knowledgebase.md b/doc/knowledgebase.md
@@ -256,13 +256,23 @@ taken notice of, there cannot be disagreement by click).
 
 As the policies might change, it is important to store the date of the consents.
 
-In order to force users to agree to the policies, the devises User model is
-adjusted to force acceptance via a checkbox. The agreement itself is not stored,
-but timestamped instead (column: ).
+In order to force users to agree to the policies (at registration), the
+devises User model is adjusted to force acceptance via a checkbox.
+This applies only in the create-phase.
+
+The agreement itself is not stored, but is timestamped instead (column:
+`accepted_terms_at`). To ease things (and we are only dealing with two
+policies), just one timestamp is stored - if the consent becomes invalid
+(because outdated), both policies have to be re-agreed to.
 
 After a valid login we have to redirect users to re-agree to the terms/policies
 if they are outdated. To do so there are at least two general approaches.
 
+To hook into the devise workflow, a custom registrations_controller is
+implemented, that overrides the `sign_up_params`. Futhermore, tableless
+attributes are added to the User model and the registration form is adjusted
+accordingly.
+
 #### Rights on data
 
 ##### Deletion/anonymisation

diff --git a/test/system/tos_test.rb b/test/system/tos_test.rb
@@ -45,7 +45,18 @@ class TosTest < ApplicationSystemTestCase
   end
 
   test "when signed up, dates of consent are saved in User model" do
-    skip "tbi"
+    visit new_user_registration_url
+
+    fill_in "E-Mail",   with: '[email protected]'
+    fill_in "Passwort", with: '[email protected]'
+    fill_in "Passwortbestätigung", with: '[email protected]'
+
+    check('Datenschutzhinweise gelesen')
+    check('Stimme AGB zu')
+
+    click_on "Für Schnupperwoche registrieren"
+
+    assert_in_delta DateTime.now.to_i, User.last.terms_accepted_at.to_i, 5
   end
 
   test "when logging in and no consent was given, user is forced to agree or delete account" do