From 61f4cabb9564c222a11ece26ddc42cd0c499e2c7 Mon Sep 17 00:00:00 2001 From: Minecon724 Date: Sat, 15 Mar 2025 09:10:11 +0100 Subject: [PATCH] Register privacy consent --- modules/setting/service.go | 3 +++ options/locale/locale_en-US.ini | 3 +++ routers/web/auth/auth.go | 10 ++++++++++ services/forms/user_form.go | 1 + templates/user/auth/signup_inner.tmpl | 12 ++++++++++++ web_src/css/index.css | 23 +++++++++++++++++++++++ 6 files changed, 52 insertions(+) diff --git a/modules/setting/service.go b/modules/setting/service.go index 74ed5cd3c9..f69041b3dc 100644 --- a/modules/setting/service.go +++ b/modules/setting/service.go @@ -85,6 +85,7 @@ var Service = struct { DefaultOrgMemberVisible bool UserDeleteWithCommentsMaxTime time.Duration ValidSiteURLSchemes []string + PrivacyPolicyURL string // OpenID settings EnableOpenIDSignIn bool @@ -263,6 +264,8 @@ func loadServiceFrom(rootCfg ConfigProvider) { } Service.ValidSiteURLSchemes = schemes + Service.PrivacyPolicyURL = sec.Key("PRIVACY_POLICY_URL").MustString("") + mustMapSetting(rootCfg, "service.explore", &Service.Explore) loadOpenIDSetting(rootCfg) diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini index 53a47f0c17..8440a67df3 100644 --- a/options/locale/locale_en-US.ini +++ b/options/locale/locale_en-US.ini @@ -38,6 +38,8 @@ captcha = CAPTCHA twofa = Two-factor authentication twofa_scratch = Two-factor scratch code passcode = Passcode +consent_agree = I agree to the Privacy Policy +consent_help = Our Privacy Policy explains how we handle your data. webauthn_insert_key = Insert your security key webauthn_sign_in = Press the button on your security key. If your security key has no button, re-insert it. @@ -485,6 +487,7 @@ password_pwned_err = Could not complete request to HaveIBeenPwned last_admin = You cannot remove the last admin. There must be at least one admin. back_to_sign_in = Back to Sign in sign_in_openid = Proceed with OpenID +must_consent = Agreement to our Privacy Policy is required to register. [mail] view_it_on = View it on %s diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go index ccab47a9a2..179e36abb6 100644 --- a/routers/web/auth/auth.go +++ b/routers/web/auth/auth.go @@ -403,6 +403,8 @@ func SignUp(ctx *context.Context) { ctx.Data["SignUpLink"] = setting.AppSubURL + "/user/sign_up" + ctx.Data["PrivacyPolicyURL"] = setting.Service.PrivacyPolicyURL + oauth2Providers, err := oauth2.GetOAuth2Providers(ctx, optional.Some(true)) if err != nil { ctx.ServerError("UserSignUp", err) @@ -432,6 +434,8 @@ func SignUpPost(ctx *context.Context) { ctx.Data["SignUpLink"] = setting.AppSubURL + "/user/sign_up" + ctx.Data["PrivacyPolicyURL"] = setting.Service.PrivacyPolicyURL + oauth2Providers, err := oauth2.GetOAuth2Providers(ctx, optional.Some(true)) if err != nil { ctx.ServerError("UserSignUp", err) @@ -479,6 +483,12 @@ func SignUpPost(ctx *context.Context) { ctx.RenderWithErr(password.BuildComplexityError(ctx.Locale), tplSignUp, &form) return } + + if !form.Consent { + ctx.RenderWithErr(ctx.Tr("auth.must_consent"), tplSignUp, &form) + return + } // consent is required before sending password anywhere + if err := password.IsPwned(ctx, form.Password); err != nil { errMsg := ctx.Tr("auth.password_pwned", "https://haveibeenpwned.com/Passwords") if password.IsErrIsPwnedRequest(err) { diff --git a/services/forms/user_form.go b/services/forms/user_form.go index 3ba8724c92..c24fa0186e 100644 --- a/services/forms/user_form.go +++ b/services/forms/user_form.go @@ -96,6 +96,7 @@ type RegisterForm struct { Email string `binding:"Required;MaxSize(254)"` Password string `binding:"MaxSize(255)"` Retype string + Consent bool } // Validate validates the fields diff --git a/templates/user/auth/signup_inner.tmpl b/templates/user/auth/signup_inner.tmpl index 6c5ac6731f..97ca03492e 100644 --- a/templates/user/auth/signup_inner.tmpl +++ b/templates/user/auth/signup_inner.tmpl @@ -37,6 +37,18 @@ {{template "user/auth/captcha" .}} + {{ if (.PrivacyPolicyURL) }} + + {{ else }} + + {{ end }} +