Register privacy consent

modules/setting/service.go

@@ -85,6 +85,7 @@ var Service = struct {
 	DefaultOrgMemberVisible                 bool
 	UserDeleteWithCommentsMaxTime           time.Duration
 	ValidSiteURLSchemes                     []string
+	PrivacyPolicyURL                        string
 
 	// OpenID settings
 	EnableOpenIDSignIn bool
@@ -263,6 +264,8 @@ func loadServiceFrom(rootCfg ConfigProvider) {
 	}
 	Service.ValidSiteURLSchemes = schemes
 
+	Service.PrivacyPolicyURL = sec.Key("PRIVACY_POLICY_URL").MustString("")
+
 	mustMapSetting(rootCfg, "service.explore", &Service.Explore)
 
 	loadOpenIDSetting(rootCfg)

options/locale/locale_en-US.ini

@@ -38,6 +38,8 @@ captcha = CAPTCHA
 twofa = Two-factor authentication
 twofa_scratch = Two-factor scratch code
 passcode = Passcode
+consent_agree = I agree to the <a href="%s">Privacy Policy</a>
+consent_help = Our Privacy Policy explains how we handle your data.
 
 webauthn_insert_key = Insert your security key
 webauthn_sign_in = Press the button on your security key. If your security key has no button, re-insert it.
@@ -485,6 +487,7 @@ password_pwned_err = Could not complete request to HaveIBeenPwned
 last_admin = You cannot remove the last admin. There must be at least one admin.
 back_to_sign_in = Back to Sign in
 sign_in_openid = Proceed with OpenID
+must_consent = Agreement to our Privacy Policy is required to register.
 
 [mail]
 view_it_on = View it on %s

routers/web/auth/auth.go

@@ -403,6 +403,8 @@ func SignUp(ctx *context.Context) {
 
 	ctx.Data["SignUpLink"] = setting.AppSubURL + "/user/sign_up"
 
+	ctx.Data["PrivacyPolicyURL"] = setting.Service.PrivacyPolicyURL
+
 	oauth2Providers, err := oauth2.GetOAuth2Providers(ctx, optional.Some(true))
 	if err != nil {
 		ctx.ServerError("UserSignUp", err)
@@ -432,6 +434,8 @@ func SignUpPost(ctx *context.Context) {
 
 	ctx.Data["SignUpLink"] = setting.AppSubURL + "/user/sign_up"
 
+	ctx.Data["PrivacyPolicyURL"] = setting.Service.PrivacyPolicyURL
+
 	oauth2Providers, err := oauth2.GetOAuth2Providers(ctx, optional.Some(true))
 	if err != nil {
 		ctx.ServerError("UserSignUp", err)
@@ -479,6 +483,12 @@ func SignUpPost(ctx *context.Context) {
 		ctx.RenderWithErr(password.BuildComplexityError(ctx.Locale), tplSignUp, &form)
 		return
 	}
+
+	if !form.Consent {
+		ctx.RenderWithErr(ctx.Tr("auth.must_consent"), tplSignUp, &form)
+		return
+	} // consent is required before sending password anywhere
+
 	if err := password.IsPwned(ctx, form.Password); err != nil {
 		errMsg := ctx.Tr("auth.password_pwned", "https://haveibeenpwned.com/Passwords")
 		if password.IsErrIsPwnedRequest(err) {

services/forms/user_form.go

@@ -96,6 +96,7 @@ type RegisterForm struct {
 	Email    string `binding:"Required;MaxSize(254)"`
 	Password string `binding:"MaxSize(255)"`
 	Retype   string
+	Consent  bool
 }
 
 // Validate validates the fields

templates/user/auth/signup_inner.tmpl

@@ -37,6 +37,18 @@
 
 				{{template "user/auth/captcha" .}}
 
+				{{ if (.PrivacyPolicyURL) }}
+					<div id="consent_container">
+						<label>
+							<input id="consent" name="consent" type="checkbox">
+							{{ ctx.Locale.Tr "consent_agree" .PrivacyPolicyURL }}
+						</label>
+						<span class="help">{{ ctx.Locale.Tr "consent_help" }}</span>
+					</div>
+				{{ else }}
+					<input id="consent" name="consent" type="checkbox" checked hidden>
+        {{ end }}
+
 				<div class="inline field">
 					<button class="ui primary button tw-w-full">
 						{{if .LinkAccountMode}}

web_src/css/index.css

@@ -76,3 +76,26 @@
 
 @tailwind utilities;
 @import "./helpers.css";
+
+/* git724 tweaks below this line */
+
+#consent_container {
+  margin-bottom: .6em;
+
+  label {
+    input {
+      margin-right: .75em;
+      margin-top: .2em;
+      margin-bottom: .4em;
+    }
+
+    &::after {
+      content: "*";
+      color: var(--color-red);
+    }
+  }
+
+  .help {
+    margin-left: 0 !important;
+  }
+}