Accept terms of Service at signup (#8193)

Co-authored-by: Charlie Meister <[email protected]>

CHANGELOG.unreleased.md

@@ -16,6 +16,7 @@ For upgrade instructions, please check the [migration guide](MIGRATIONS.released
 ### Changed
 - Reading image files on datastore filesystem is now done asynchronously. [#8126](https://github.com/scalableminds/webknossos/pull/8126)
 - Improved error messages for starting jobs on datasets from other organizations. [#8181](https://github.com/scalableminds/webknossos/pull/8181)
+- Terms of Service for Webknossos are now accepted at registration, not afterward. [#8193](https://github.com/scalableminds/webknossos/pull/8193)
 - Removed bounding box size restriction for inferral jobs for super users. [#8200](https://github.com/scalableminds/webknossos/pull/8200)
 
 ### Fixed

app/controllers/AuthenticationController.scala

@@ -23,7 +23,7 @@ import org.apache.commons.codec.digest.{HmacAlgorithms, HmacUtils}
 import play.api.data.Form
 import play.api.data.Forms.{email, _}
 import play.api.data.validation.Constraints._
-import play.api.i18n.Messages
+import play.api.i18n.{Messages, MessagesProvider}
 import play.api.libs.json._
 import play.api.mvc.{Action, AnyContent, Cookie, PlayBodyParsers, Request, Result}
 import security.{
@@ -621,6 +621,8 @@ class AuthenticationController @Inject()(
                     dataStoreToken <- bearerTokenAuthenticatorService.createAndInitDataStoreTokenForUser(user)
                     _ <- organizationService
                       .createOrganizationDirectory(organization._id, dataStoreToken) ?~> "organization.folderCreation.failed"
+                    _ <- Fox.runIf(conf.WebKnossos.TermsOfService.enabled)(
+                      acceptTermsOfServiceForUser(user, signUpData.acceptedTermsOfService))
                   } yield {
                     Mailer ! Send(defaultMails
                       .newOrganizationMail(organization.name, email, request.headers.get("Host").getOrElse("")))
@@ -637,6 +639,13 @@ class AuthenticationController @Inject()(
       )
   }
 
+  private def acceptTermsOfServiceForUser(user: User, termsOfServiceVersion: Option[Int])(
+      implicit m: MessagesProvider): Fox[Unit] =
+    for {
+      acceptedVersion <- Fox.option2Fox(termsOfServiceVersion) ?~> "Terms of service must be accepted."
+      _ <- organizationService.acceptTermsOfService(user._organization, acceptedVersion)(DBAccessContext(Some(user)), m)
+    } yield ()
+
   case class CreateUserInOrganizationParameters(firstName: String,
                                                 lastName: String,
                                                 email: String,
@@ -730,7 +739,8 @@ trait AuthForms {
                         firstName: String,
                         lastName: String,
                         password: String,
-                        inviteToken: Option[String])
+                        inviteToken: Option[String],
+                        acceptedTermsOfService: Option[Int])
 
   def signUpForm(implicit messages: Messages): Form[SignUpData] =
     Form(
@@ -745,8 +755,9 @@ trait AuthForms {
         "firstName" -> nonEmptyText,
         "lastName" -> nonEmptyText,
         "inviteToken" -> optional(nonEmptyText),
-      )((organization, organizationName, email, password, firstName, lastName, inviteToken) =>
-        SignUpData(organization, organizationName, email, firstName, lastName, password._1, inviteToken))(
+        "acceptedTermsOfService" -> optional(number)
+      )((organization, organizationName, email, password, firstName, lastName, inviteToken, acceptTos) =>
+        SignUpData(organization, organizationName, email, firstName, lastName, password._1, inviteToken, acceptTos))(
         signUpData =>
           Some(
             (signUpData.organization,
@@ -755,7 +766,8 @@ trait AuthForms {
              ("", ""),
              signUpData.firstName,
              signUpData.lastName,
-             signUpData.inviteToken))))
+             signUpData.inviteToken,
+             signUpData.acceptedTermsOfService))))
 
   // Sign in
   case class SignInData(email: String, password: String)

app/controllers/OrganizationController.scala

@@ -3,7 +3,6 @@ package controllers
 import org.apache.pekko.actor.ActorSystem
 import play.silhouette.api.Silhouette
 import com.scalableminds.util.accesscontext.{DBAccessContext, GlobalAccessContext}
-import com.scalableminds.util.time.Instant
 import com.scalableminds.util.tools.{Fox, FoxImplicits}
 import mail.{DefaultMails, Send}
 
@@ -141,10 +140,7 @@ class OrganizationController @Inject()(
   def acceptTermsOfService(version: Int): Action[AnyContent] = sil.SecuredAction.async { implicit request =>
     for {
       _ <- bool2Fox(request.identity.isOrganizationOwner) ?~> "termsOfService.onlyOrganizationOwner"
-      _ <- bool2Fox(conf.WebKnossos.TermsOfService.enabled) ?~> "termsOfService.notEnabled"
-      requiredVersion = conf.WebKnossos.TermsOfService.version
-      _ <- bool2Fox(version == requiredVersion) ?~> Messages("termsOfService.versionMismatch", requiredVersion, version)
-      _ <- organizationDAO.acceptTermsOfService(request.identity._organization, version, Instant.now)
+      _ <- organizationService.acceptTermsOfService(request.identity._organization, version)
     } yield Ok
   }
 

app/models/organization/OrganizationService.scala

@@ -1,6 +1,7 @@
 package models.organization
 
 import com.scalableminds.util.accesscontext.{DBAccessContext, GlobalAccessContext}
+import com.scalableminds.util.time.Instant
 import com.scalableminds.util.tools.{Fox, FoxImplicits, TextUtils}
 import com.scalableminds.webknossos.datastore.rpc.RPC
 import com.typesafe.scalalogging.LazyLogging
@@ -10,6 +11,7 @@ import models.dataset.{DataStore, DataStoreDAO}
 import models.folder.{Folder, FolderDAO, FolderService}
 import models.team.{PricingPlan, Team, TeamDAO}
 import models.user.{Invite, MultiUserDAO, User, UserDAO, UserService}
+import play.api.i18n.{Messages, MessagesProvider}
 import play.api.libs.json.{JsArray, JsObject, Json}
 import utils.{ObjectId, WkConf}
 
@@ -24,8 +26,7 @@ class OrganizationService @Inject()(organizationDAO: OrganizationDAO,
                                     folderService: FolderService,
                                     userService: UserService,
                                     rpc: RPC,
-                                    conf: WkConf,
-)(implicit ec: ExecutionContext)
+                                    conf: WkConf)(implicit ec: ExecutionContext)
     extends FoxImplicits
     with LazyLogging {
 
@@ -165,4 +166,13 @@ class OrganizationService @Inject()(organizationDAO: OrganizationDAO,
   def newUserMailRecipient(organization: Organization)(implicit ctx: DBAccessContext): Fox[String] =
     fallbackOnOwnerEmail(organization.newUserMailingList, organization)
 
+  def acceptTermsOfService(organizationId: String, version: Int)(implicit ctx: DBAccessContext,
+                                                                 m: MessagesProvider): Fox[Unit] =
+    for {
+      _ <- bool2Fox(conf.WebKnossos.TermsOfService.enabled) ?~> "termsOfService.notEnabled"
+      requiredVersion = conf.WebKnossos.TermsOfService.version
+      _ <- bool2Fox(version == requiredVersion) ?~> Messages("termsOfService.versionMismatch", requiredVersion, version)
+      _ <- organizationDAO.acceptTermsOfService(organizationId, version, Instant.now)
+    } yield ()
+
 }

conf/application.conf

@@ -117,7 +117,7 @@ webKnossos {
   """
   termsOfService {
     enabled = false
-    # The URL will be embedded into an iFrame
+    # The URL will be linked to or embedded into an iFrame
     url = "https://webknossos.org/terms-of-service"
     acceptanceDeadline = "2023-01-01T00:00:00Z"
     version = 1

frontend/javascripts/admin/auth/registration_form_generic.tsx

@@ -9,6 +9,9 @@ import Store from "oxalis/throttled_store";
 import messages from "messages";
 import { setHasOrganizationsAction } from "oxalis/model/actions/ui_actions";
 import { setActiveOrganizationAction } from "oxalis/model/actions/organization_actions";
+import { useFetch } from "libs/react_helpers";
+import { getTermsOfService } from "admin/api/terms_of_service";
+import { TOSCheckFormItem } from "./tos_check_form_item";
 
 const FormItem = Form.Item;
 const { Password } = Input;
@@ -26,6 +29,8 @@ type Props = {
 function RegistrationFormGeneric(props: Props) {
   const [form] = Form.useForm();
 
+  const terms = useFetch(getTermsOfService, null, []);
+
   const onFinish = async (formValues: Record<string, any>) => {
     await Request.sendJSONReceiveJSON(
       props.organizationIdToCreate != null
@@ -274,28 +279,32 @@ function RegistrationFormGeneric(props: Props) {
           </FormItem>
         </Col>
       </Row>
-      {props.hidePrivacyStatement ? null : (
-        <FormItem
-          name="privacy_check"
-          valuePropName="checked"
-          rules={[
-            {
-              validator: (_, value) =>
-                value
-                  ? Promise.resolve()
-                  : Promise.reject(new Error(messages["auth.privacy_check_required"])),
-            },
-          ]}
-        >
-          <Checkbox>
-            I agree to storage and processing of my personal data as described in the{" "}
-            <a target="_blank" href="/privacy" rel="noopener noreferrer">
-              privacy statement
-            </a>
-            .
-          </Checkbox>
-        </FormItem>
-      )}
+      <div className="registration-form-checkboxes">
+        {props.hidePrivacyStatement ? null : (
+          <FormItem
+            name="privacy_check"
+            valuePropName="checked"
+            rules={[
+              {
+                validator: (_, value) =>
+                  value
+                    ? Promise.resolve()
+                    : Promise.reject(new Error(messages["auth.privacy_check_required"])),
+              },
+            ]}
+          >
+            <Checkbox>
+              I agree to storage and processing of my personal data as described in the{" "}
+              <a target="_blank" href="/privacy" rel="noopener noreferrer">
+                privacy statement
+              </a>
+              .
+            </Checkbox>
+          </FormItem>
+        )}
+        <TOSCheckFormItem terms={terms} />
+      </div>
+
       <FormItem>
         <Button
           size="large"

frontend/javascripts/admin/auth/registration_form_wkorg.tsx

@@ -7,6 +7,9 @@ import Request from "libs/request";
 import Store from "oxalis/throttled_store";
 import messages from "messages";
 import { setActiveOrganizationAction } from "oxalis/model/actions/organization_actions";
+import { useFetch } from "libs/react_helpers";
+import { getTermsOfService } from "admin/api/terms_of_service";
+import { TOSCheckFormItem } from "./tos_check_form_item";
 
 const FormItem = Form.Item;
 const { Password } = Input;
@@ -30,6 +33,7 @@ function generateOrganizationId() {
 function RegistrationFormWKOrg(props: Props) {
   const [form] = Form.useForm();
   const organizationId = useRef(generateOrganizationId());
+  const terms = useFetch(getTermsOfService, null, []);
 
   async function onFinish(formValues: Record<string, any>) {
     await Request.sendJSONReceiveJSON("/api/auth/createOrganizationWithAdmin", {
@@ -43,6 +47,7 @@ function RegistrationFormWKOrg(props: Props) {
         },
         organization: organizationId.current,
         organizationName: `${formValues.firstName.trim()} ${formValues.lastName.trim()} Lab`,
+        acceptedTermsOfService: terms?.version,
       },
     });
     const [user, organization] = await loginUser({
@@ -155,32 +160,31 @@ function RegistrationFormWKOrg(props: Props) {
           placeholder="Password"
         />
       </FormItem>
+      <div className="registration-form-checkboxes">
+        <FormItem
+          name="privacy_check"
+          valuePropName="checked"
+          rules={[
+            {
+              validator: (_, value) =>
+                value
+                  ? Promise.resolve()
+                  : Promise.reject(new Error(messages["auth.privacy_check_required"])),
+            },
+          ]}
+        >
+          <Checkbox>
+            I agree to storage and processing of my personal data as described in the{" "}
+            <a target="_blank" href="/privacy" rel="noopener noreferrer">
+              privacy statement
+            </a>
+            .
+          </Checkbox>
+        </FormItem>
+        <TOSCheckFormItem terms={terms} />
+      </div>
 
-      <FormItem
-        name="privacy_check"
-        valuePropName="checked"
-        rules={[
-          {
-            validator: (_, value) =>
-              value
-                ? Promise.resolve()
-                : Promise.reject(new Error(messages["auth.privacy_check_required"])),
-          },
-        ]}
-      >
-        <Checkbox>
-          I agree to storage and processing of my personal data as described in the{" "}
-          <a target="_blank" href="/privacy" rel="noopener noreferrer">
-            privacy statement
-          </a>
-          .
-        </Checkbox>
-      </FormItem>
-      <FormItem
-        style={{
-          marginBottom: 10,
-        }}
-      >
+      <FormItem>
         <Button
           size="large"
           type="primary"

frontend/javascripts/admin/auth/tos_check_form_item.tsx

@@ -0,0 +1,40 @@
+import { Checkbox, Form } from "antd";
+import messages from "messages";
+
+const FormItem = Form.Item;
+
+type TOSProps = {
+  terms: {
+    enabled: boolean;
+    url: string;
+  } | null;
+};
+
+export function TOSCheckFormItem({ terms }: TOSProps) {
+  return terms == null || terms.enabled ? (
+    <FormItem
+      name="tos_check"
+      valuePropName="checked"
+      rules={[
+        {
+          validator: (_, value) =>
+            value
+              ? Promise.resolve()
+              : Promise.reject(new Error(messages["auth.tos_check_required"])),
+        },
+      ]}
+    >
+      <Checkbox disabled={terms == null}>
+        I agree to the{" "}
+        {terms == null ? (
+          "terms of service"
+        ) : (
+          <a target="_blank" href={terms.url} rel="noopener noreferrer">
+            terms of service
+          </a>
+        )}
+        .
+      </Checkbox>
+    </FormItem>
+  ) : null;
+}

frontend/javascripts/messages.tsx

@@ -408,6 +408,8 @@ instead. Only enable this option if you understand its effect. All layers will n
   "auth.registration_org_input": "Please select an organization!",
   "auth.privacy_check_required":
     "Unfortunately, we cannot provide the service without your consent to the processing of your data.",
+  "auth.tos_check_required":
+    "Unfortunately, we cannot provide the service without your consent to our terms of service.",
   "auth.reset_logout": "You will be logged out, after successfully changing your password.",
   "auth.reset_old_password": "Please input your old password!",
   "auth.reset_new_password": "Please input your new password!",

frontend/javascripts/router.tsx

@@ -34,7 +34,6 @@ import DisableGenericDnd from "components/disable_generic_dnd";
 import { Imprint, Privacy } from "components/legal";
 import AsyncRedirect from "components/redirect";
 import SecuredRoute from "components/secured_route";
-import { CheckTermsOfServices } from "components/terms_of_services_check";
 import DashboardView, { urlTokenToTabKeyMap } from "dashboard/dashboard_view";
 import DatasetSettingsView from "dashboard/dataset/dataset_settings_view";
 import PublicationDetailView from "dashboard/publication_details_view";
@@ -69,6 +68,7 @@ import loadable from "libs/lazy_loader";
 import type { EmptyObject } from "types/globals";
 import { DatasetURLImport } from "admin/dataset/dataset_url_import";
 import AiModelListView from "admin/voxelytics/ai_model_list_view";
+import { CheckTermsOfServices } from "components/terms_of_services_check";
 
 const { Content } = Layout;
 

frontend/stylesheets/main.less

@@ -679,3 +679,13 @@ button.narrow {
 .max-z-index {
   z-index: 10000000000;
 }
+
+.registration-form-checkboxes {
+  > div:first-of-type {
+    margin-bottom: 0px;
+  }
+
+  > div:last-of-type {
+    margin-bottom: 15px;
+  }
+}