Feat: add Terms of Use accept view and middleware #1217
Conversation
Signed-off-by: David Wallace <david.wallace@tu-darmstadt.de>
Signed-off-by: David Wallace <david.wallace@tu-darmstadt.de>
Signed-off-by: David Wallace <david.wallace@tu-darmstadt.de>
MyPyDavid
force-pushed
the
feat-add-terms-of-use-middleware
branch
from
bcbd456 to
e25b960
Compare
Signed-off-by: David Wallace <david.wallace@tu-darmstadt.de>
MyPyDavid
force-pushed
the
feat-add-terms-of-use-middleware
branch
from
e25b960 to
3c2a3bc
Compare
Signed-off-by: David Wallace <david.wallace@tu-darmstadt.de>
Signed-off-by: David Wallace <david.wallace@tu-darmstadt.de>
Signed-off-by: David Wallace <david.wallace@tu-darmstadt.de>
|
can be reviewed when tests pass |
MyPyDavid
changed the title
rdmo/accounts/models.py
Outdated
|
|
||
| def is_consent_valid(self) -> bool: | ||
| # optionally enable terms to be outdated | ||
| terms_version_date = getattr(settings, 'TERMS_VERSION_DATE', None) |
There was a problem hiding this comment.
As a flow for invalidating the consent (eg. when the text needs an update or the terms changed),
I thought it would be helpful to be able to simply set this date as a setting instead of manually deleting all of the ConsentFieldValue objects.
Is the name of the TERMS_VERSION_DATE ok? Should it be added to the normal core/settings as TERMS_VERSION_DATE = None ?
There was a problem hiding this comment.
I like it! And (see my comment above) should have a sensible default (None) in rdmo.core.settings.
There was a problem hiding this comment.
Actually I would call it ACCOUNT_TERMS_OF_USE_DATE to have some kind of ACCOUNT_TERMS_OF_USE_ namespacing in the settings.
There was a problem hiding this comment.
Same for the other terms of use related settings.
There was a problem hiding this comment.
I would stick to having a default value for the settings used in RDMO (otherwise we are inconsistent in rdmo), but something like this could be nice for plugins.
There was a problem hiding this comment.
yes, I mean in addition to setting the default. The default is None and then when another value is set, it needs to be a valid to-a-date-parse-able string.
There was a problem hiding this comment.
Hmm, I would not start checking settings. If RDMO is misconfigured exceptions will happen. If you mean to check validate the settings once when starting and outside of the usage of the settings in the code, I am fine with it. But I don't want to have validate(settings.FOO_BAR) everywhere.
There was a problem hiding this comment.
yes, it's exactly that, for manage.py check:
SystemCheckError: System check identified some issues:
ERRORS:
?: (core.E001) ACCOUNT_TERMS_OF_USE_DATE = 2025-02-36 is not a valid date string.
HINT: day is out of range for month
System check identified 1 issue (0 silenced).
❯
rdmo/accounts/middleware.py
Outdated
|
|
||
| from .models import ConsentFieldValue | ||
|
|
||
| # these exclude url settings are optional |
There was a problem hiding this comment.
My philosophy in RDMO was to add all settings to rdmo.core.settings in order to avoid those "checking" blocks. (getattr is already better than try ... execpt.) I suggest we stick to this.
rdmo/accounts/middleware.py
Outdated
| if ( | ||
| settings.ACCOUNT_TERMS_OF_USE # Terms enforcement enabled | ||
| and request.user.is_authenticated | ||
| and request.path != reverse("terms_of_use_accept") |
There was a problem hiding this comment.
Could be part of is_path_protected.
|
|
||
| obj.delete() # Remove when consent is outdated | ||
| return False | ||
|
|
| return False | ||
|
|
||
|
|
||
| @classmethod |
There was a problem hiding this comment.
I actually likes it better when this was in utils. (I just forgot to pull and looked at an older version of the branch.)
There was a problem hiding this comment.
Ok after looking at it some more, it makes sense together with the other methods.
There was a problem hiding this comment.
I used the "Fat Models" approach for this and put everything relevant on the model..
rdmo/accounts/models.py
Outdated
|
|
||
| def is_consent_valid(self) -> bool: | ||
| # optionally enable terms to be outdated | ||
| terms_version_date = getattr(settings, 'TERMS_VERSION_DATE', None) |
There was a problem hiding this comment.
I like it! And (see my comment above) should have a sensible default (None) in rdmo.core.settings.
rdmo/accounts/models.py
Outdated
|
|
||
| def is_consent_valid(self) -> bool: | ||
| # optionally enable terms to be outdated | ||
| terms_version_date = getattr(settings, 'TERMS_VERSION_DATE', None) |
rdmo/accounts/models.py
Outdated
| # First, try standard ISO format (YYYY-MM-DD) | ||
| latest_terms_version_date = parse_date(terms_version_date) | ||
|
|
||
| # If ISO parsing fails, try localized formats |
There was a problem hiding this comment.
I wonder if we already use a more generic datetime parsing function in RDMO. If not we should put something like this in rdmo.core.utils. Maybe using datetime.fromisoformat(string) would suffice.
There was a problem hiding this comment.
Ah I see that parse_date is already the django version of this.
| from django.utils.translation import gettext_lazy as _ | ||
|
|
||
| from rdmo.core.models import Model as RDMOTimeStampedModel |
There was a problem hiding this comment.
I am not a fan of renaming in import, but I guess naming it just Model was not super clever back then.
rdmo/accounts/models.py
Outdated
|
|
||
| def is_consent_valid(self) -> bool: | ||
| # optionally enable terms to be outdated | ||
| terms_version_date = getattr(settings, 'TERMS_VERSION_DATE', None) |
There was a problem hiding this comment.
Actually I would call it ACCOUNT_TERMS_OF_USE_DATE to have some kind of ACCOUNT_TERMS_OF_USE_ namespacing in the settings.
rdmo/accounts/models.py
Outdated
|
|
||
| def is_consent_valid(self) -> bool: | ||
| # optionally enable terms to be outdated | ||
| terms_version_date = getattr(settings, 'TERMS_VERSION_DATE', None) |
There was a problem hiding this comment.
Same for the other terms of use related settings.
I think what is still missing is the integration with the social signup form, like the account sign up already has. |
…d add checks Signed-off-by: David Wallace <david.wallace@tu-darmstadt.de>
Description
Related issue: #141, #161
It adds a migration for the
ConsentFieldValuemodel:accounts.0022_add_created_updated_to_consentSo it requires a
python manage.py migrate.I have added some methods that handle the consent and session to the model.
configuration in the rdmo-app
When
ACCOUNT_TERMS_OF_USEis enabled, some settings need to be configured in the rdmo-app as well.In the settings from
local.py:An optional feature is added that sets the date on which the ToU text is valid, so that it can be easily updated when the text might change. The optional setting is
TERMS_VERSION_DATEand needs to be a valid date string that is compatible with formats from djangoget_format('DATE_INPUT_FORMATS'). The date of this setting checks if the user has updated their consent on or after that date, otherwise the consent is invalid and asked to accept again.Optionally, in the
urls.py:Motivation and Context
How has this been tested?
Screenshots (if appropriate)