Remove the require_terms_seen configuration option

This option has been set to 'true' for over six years in production. Refs #2097
2019-02-06 14:54:56 +01:00 · 2019-02-06 14:54:56 +01:00 · 3795da4014
commit 3795da4014
parent f21d0126be
4 changed files with 45 additions and 63 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -105,7 +105,7 @@ class ApplicationController < ActionController::Base
      # if the user hasn't seen the contributor terms then don't
      # allow editing - they have to go to the web site and see
      # (but can decline) the CTs to continue.
-      if REQUIRE_TERMS_SEEN && !current_user.terms_seen && flash[:skip_terms].nil?
+      if !current_user.terms_seen && flash[:skip_terms].nil?
        set_locale
        report_error t("application.setup_user_auth.need_to_see_terms"), :forbidden
      end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -644,7 +644,7 @@ class UsersController < ApplicationController
    # - If they have a block on them, show them that.
    # - If they were referred to the login, send them back there.
    # - Otherwise, send them to the home page.
-    if REQUIRE_TERMS_SEEN && !user.terms_seen
+    if !user.terms_seen
      redirect_to :action => :terms, :referer => target
    elsif user.blocked_on_view
      redirect_to user.blocked_on_view, :referer => target
--- a/config/example.application.yml
+++ b/config/example.application.yml
@ -87,8 +87,6 @@ defaults: &defaults
  #oauth_key: ""
  # OAuth consumer key for iD
  #id_key: ""
-  # Whether to require users to view the CTs before continuing to edit...
-  require_terms_seen: false
  # Whether to require users to agree to the CTs before editing
  require_terms_agreed: false
  # Imagery to return in capabilities as blacklisted
--- a/test/integration/user_terms_seen_test.rb
+++ b/test/integration/user_terms_seen_test.rb
@ -6,69 +6,63 @@ class UserTermsSeenTest < ActionDispatch::IntegrationTest
  end

  def test_api_blocked
-    with_terms_seen(true) do
-      user = create(:user, :terms_seen => false)
+    user = create(:user, :terms_seen => false)

-      get "/api/#{API_VERSION}/user/preferences", :headers => auth_header(user.display_name, "test")
-      assert_response :forbidden
+    get "/api/#{API_VERSION}/user/preferences", :headers => auth_header(user.display_name, "test")
+    assert_response :forbidden

-      # touch it so that the user has seen the terms
-      user.terms_seen = true
-      user.save
+    # touch it so that the user has seen the terms
+    user.terms_seen = true
+    user.save

-      get "/api/#{API_VERSION}/user/preferences", :headers => auth_header(user.display_name, "test")
-      assert_response :success
-    end
+    get "/api/#{API_VERSION}/user/preferences", :headers => auth_header(user.display_name, "test")
+    assert_response :success
  end

  def test_terms_presented_at_login
-    with_terms_seen(true) do
-      user = create(:user, :terms_seen => false)
+    user = create(:user, :terms_seen => false)

-      # try to log in
-      get "/login"
-      follow_redirect!
-      assert_response :success
-      assert_template "users/login"
-      post "/login", :params => { :username => user.email, :password => "test", :referer => "/diary/new" }
-      assert_response :redirect
-      # but now we need to look at the terms
-      assert_redirected_to :controller => :users, :action => :terms, :referer => "/diary/new"
-      follow_redirect!
-      assert_response :success
+    # try to log in
+    get "/login"
+    follow_redirect!
+    assert_response :success
+    assert_template "users/login"
+    post "/login", :params => { :username => user.email, :password => "test", :referer => "/diary/new" }
+    assert_response :redirect
+    # but now we need to look at the terms
+    assert_redirected_to :controller => :users, :action => :terms, :referer => "/diary/new"
+    follow_redirect!
+    assert_response :success

-      # don't agree to the terms, but hit decline
-      post "/user/save", :params => { :decline => true, :referer => "/diary/new" }
-      assert_redirected_to "/diary/new"
-      follow_redirect!
+    # don't agree to the terms, but hit decline
+    post "/user/save", :params => { :decline => true, :referer => "/diary/new" }
+    assert_redirected_to "/diary/new"
+    follow_redirect!

-      # should be carried through to a normal login with a message
-      assert_response :success
-      assert_not flash[:notice].nil?
-    end
+    # should be carried through to a normal login with a message
+    assert_response :success
+    assert_not flash[:notice].nil?
  end

  def test_terms_cant_be_circumvented
-    with_terms_seen(true) do
-      user = create(:user, :terms_seen => false)
+    user = create(:user, :terms_seen => false)

-      # try to log in
-      get "/login"
-      follow_redirect!
-      assert_response :success
-      assert_template "users/login"
-      post "/login", :params => { :username => user.email, :password => "test", :referer => "/diary/new" }
-      assert_response :redirect
-      # but now we need to look at the terms
-      assert_redirected_to :controller => :users, :action => :terms, :referer => "/diary/new"
+    # try to log in
+    get "/login"
+    follow_redirect!
+    assert_response :success
+    assert_template "users/login"
+    post "/login", :params => { :username => user.email, :password => "test", :referer => "/diary/new" }
+    assert_response :redirect
+    # but now we need to look at the terms
+    assert_redirected_to :controller => :users, :action => :terms, :referer => "/diary/new"

-      # check that if we go somewhere else now, it redirects
-      # back to the terms page.
-      get "/traces/mine"
-      assert_redirected_to :controller => :users, :action => :terms, :referer => "/traces/mine"
-      get "/traces/mine", :params => { :referer => "/diary/new" }
-      assert_redirected_to :controller => :users, :action => :terms, :referer => "/diary/new"
-    end
+    # check that if we go somewhere else now, it redirects
+    # back to the terms page.
+    get "/traces/mine"
+    assert_redirected_to :controller => :users, :action => :terms, :referer => "/traces/mine"
+    get "/traces/mine", :params => { :referer => "/diary/new" }
+    assert_redirected_to :controller => :users, :action => :terms, :referer => "/diary/new"
  end

  private
@ -76,14 +70,4 @@ class UserTermsSeenTest < ActionDispatch::IntegrationTest
  def auth_header(user, pass)
    { "HTTP_AUTHORIZATION" => format("Basic %{auth}", :auth => Base64.encode64("#{user}:#{pass}")) }
  end
-
-  def with_terms_seen(value)
-    require_terms_seen = Object.send("remove_const", "REQUIRE_TERMS_SEEN")
-    Object.const_set("REQUIRE_TERMS_SEEN", value)
-
-    yield
-
-    Object.send("remove_const", "REQUIRE_TERMS_SEEN")
-    Object.const_set("REQUIRE_TERMS_SEEN", require_terms_seen)
-  end
 end