merge bridging page and terms and conditions page

DFE-Digital · Dec 5, 2023 · 879fbed · 879fbed
2 parents a21cd78 + d1b61eb
commit 879fbed
Show file tree

Hide file tree

Showing 15 changed files with 121 additions and 18 deletions.
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -20,7 +20,11 @@ def authenticate_registered_user!
     authenticate_user! unless user_signed_in?
     return true if current_user.registration_complete?
 
-    redirect_to edit_registration_name_path, notice: 'Please complete registration'
+    if Rails.application.gov_one_login?
+      redirect_to edit_registration_terms_and_conditions_path, notice: 'Please complete registration'
+    else
+      redirect_to edit_registration_name_path, notice: 'Please complete registration'
+    end
   end
 
   def configure_permitted_parameters

diff --git a/app/controllers/registration/terms_and_conditions_controller.rb b/app/controllers/registration/terms_and_conditions_controller.rb
@@ -0,0 +1,35 @@
+module Registration
+  class TermsAndConditionsController < BaseController
+    def edit; end
+
+    def update
+      form.terms_and_conditions_agreed_at = user_params[:terms_and_conditions_agreed_at]
+
+      if form.save
+        if current_user.registration_complete?
+          redirect_to user_path, notice: t(:details_updated)
+        else
+          redirect_to edit_registration_name_path
+        end
+      else
+        render :edit, status: :unprocessable_entity
+      end
+    end
+
+  private
+
+    # @return [Hash]
+    def user_params
+      params.require(:user).permit(:terms_and_conditions_agreed_at)
+    end
+
+    # @return [Registration::NameForm]
+    def form
+      @form ||=
+        TermsAndConditionsForm.new(
+          user: current_user,
+          terms_and_conditions_agreed_at: current_user.terms_and_conditions_agreed_at,
+        )
+    end
+  end
+end
diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb
@@ -12,13 +12,13 @@ def openid_connect
     return error_redirect unless valid_tokens?(tokens_response)
 
     id_token = auth_service.decode_id_token(tokens_response['id_token'])[0]
-    session[:id_token] = id_token
+    session[:id_token] = tokens_response['id_token']
     gov_one_id = id_token['sub']
     return error_redirect unless auth_service.valid_id_token?(id_token, session[:gov_one_auth_nonce])
 
     user_info_response = auth_service.user_info(tokens_response['access_token'])
     email = user_info_response['email']
-    return error_redirect unless valid_user_info?(user_info_response)
+    return error_redirect unless valid_user_info?(user_info_response, gov_one_id)
 
     gov_user = User.find_or_create_from_gov_one(email: email, gov_one_id: gov_one_id)
 
@@ -47,8 +47,8 @@ def valid_tokens?(tokens_response)
 
   # @param user_info_response [Hash]
   # @return [Boolean]
-  def valid_user_info?(user_info_response)
-    user_info_response.present? && user_info_response['email'].present? && user_info_response['sub'] == session[:id_token]['sub']
+  def valid_user_info?(user_info_response, gov_one_id)
+    user_info_response.present? && user_info_response['email'].present? && user_info_response['sub'] == gov_one_id
   end
 
   # @return [nil]
@@ -78,7 +78,7 @@ def after_sign_in_path_for(resource)
     elsif resource.private_beta_registration_complete?
       static_path('new-registration')
     else
-      edit_registration_name_path
+      edit_registration_terms_and_conditions_path
     end
   end
 end
diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb
@@ -16,6 +16,8 @@ def after_sign_in_path_for(resource)
       end
     elsif resource.private_beta_registration_complete?
       static_path('new-registration')
+    elsif Rails.application.gov_one_login?
+      edit_registration_terms_and_conditions_path
     else
       edit_registration_name_path
     end

diff --git a/app/forms/registration/terms_and_conditions_form.rb b/app/forms/registration/terms_and_conditions_form.rb
@@ -0,0 +1,14 @@
+module Registration
+  class TermsAndConditionsForm < BaseForm
+    attr_accessor :terms_and_conditions_agreed_at
+
+    validates :terms_and_conditions_agreed_at, presence: true
+
+    # @return [Boolean]
+    def save
+      return false unless valid?
+
+      user.update!(terms_and_conditions_agreed_at: terms_and_conditions_agreed_at)
+    end
+  end
+end
diff --git a/app/helpers/gov_one_helper.rb b/app/helpers/gov_one_helper.rb
@@ -18,6 +18,8 @@ def login_uri
 
   # @return [URI]
   def logout_uri
+    puts "logout_uri: #{session[:id_token]}"
+    puts "logout_uri: #{session[:id_token]}"
     params = {
       post_logout_redirect_uri: GovOneAuthService::CALLBACKS[:logout],
       id_token_hint: session[:id_token],

diff --git a/app/views/registration/terms_and_conditions/edit.html.slim b/app/views/registration/terms_and_conditions/edit.html.slim
@@ -0,0 +1,22 @@
+= render 'user/debug'
+
+- content_for :page_title do
+  = html_title 'Terms and Conditions'
+
+.govuk-grid-row
+  .govuk-grid-column-two-thirds-from-desktop
+    = form_for form, url: registration_terms_and_conditions_path, method: :patch do |f|
+      = f.govuk_error_summary
+
+      h1.govuk-heading-l = t('register_terms_and_conditions.heading')
+
+      h3 = t('register_terms_and_conditions.subheading')
+
+      = f.govuk_check_boxes_fieldset :terms_and_conditions_agreed_at,
+        legend: { class: 'govuk-visually-hidden', text: 'Terms and conditions'}, classes: 'light-grey-box' do
+        = m('register_terms_and_conditions.legend')
+        = f.terms_and_conditions_check_box
+
+
+      .govuk-button-group
+        = f.govuk_submit t('links.continue')
diff --git a/config/locales/en.yml b/config/locales/en.yml
@@ -449,6 +449,13 @@ en:
   complete_registration: Thank you for creating an Early years child development training account. You can now start your first module.
   update_registration: Thank you for updating your Early years child development training account. You can now continue.
 
+  # /registration/terms-and-conditions/edit
+  register_terms_and_conditions:
+    heading: Set up your training account
+    subheading: Agree to our terms and conditions
+    legend: |
+      To use this service, you must accept the [terms and conditions](/terms-and-conditions) and [privacy policy](/privacy-policy).
+
   # /registration/name/edit
   register_name:
     heading: About you

diff --git a/config/routes.rb b/config/routes.rb
@@ -37,6 +37,7 @@
   end
 
   namespace :registration do
+    resource :terms_and_conditions, only: %i[edit update], path: 'terms-and-conditions'
     resource :name, only: %i[edit update]
     resource :setting_type, only: %i[edit update], path: 'setting-type'
     resource :setting_type_other, only: %i[edit update], path: 'setting-type-other'

diff --git a/config/sitemap.rb b/config/sitemap.rb
@@ -71,6 +71,7 @@
   # edit registration/account
   add edit_email_user_path
   add edit_password_user_path
+  add edit_registration_terms_and_conditions_path
   add edit_registration_name_path
   add edit_registration_setting_type_path
   add edit_registration_setting_type_other_path

diff --git a/spec/controllers/users/omniauth_callbacks_controller_spec.rb b/spec/controllers/users/omniauth_callbacks_controller_spec.rb
@@ -34,8 +34,8 @@
     end
 
     it 'redirects to complete registration' do
-      expect(session[:id_token]).to eq decoded_id_token
-      expect(response).to redirect_to edit_registration_name_path
+      expect(session[:id_token]).to eq id_token
+      expect(response).to redirect_to edit_registration_terms_and_conditions_path
     end
   end
 
@@ -50,7 +50,7 @@
     end
 
     it 'redirects to /my-modules' do
-      expect(session[:id_token]).to eq decoded_id_token
+      expect(session[:id_token]).to eq id_token
       expect(response).to redirect_to my_modules_path
     end
   end
@@ -62,7 +62,7 @@
     end
 
     it 'redirects to /my-modules' do
-      expect(session[:id_token]).to eq decoded_id_token
+      expect(session[:id_token]).to eq id_token
       expect(response).to redirect_to my_modules_path
     end
   end

diff --git a/spec/lib/seed_snippets_spec.rb b/spec/lib/seed_snippets_spec.rb
@@ -5,7 +5,7 @@
   subject(:locales) { described_class.new.call }
 
   it 'converts all translations' do
-    expect(locales.count).to be 195
+    expect(locales.count).to be 194
   end
 
   it 'dot separated key -> Page::Resource#name' do

diff --git a/spec/requests/authentication_spec.rb b/spec/requests/authentication_spec.rb
@@ -4,7 +4,7 @@
 #
 RSpec.describe 'Authentication', type: :request do
   describe 'viewing authenticate_user! controller action' do
-    let(:action_path) { edit_registration_name_path }
+    let(:action_path) { edit_registration_terms_and_conditions_path }
 
     context 'with User not signed in' do
       it 'redirects to sign in page' do
@@ -85,11 +85,14 @@
     end
 
     context 'with partially registered User' do
-      before { sign_in create(:user, :confirmed) }
+      before do
+        allow(Rails.application).to receive(:gov_one_login?).and_return(true)
+        sign_in create(:user, :confirmed)
+      end
 
       it 'redirects to finish registration' do
         get action_path
-        expect(response).to redirect_to(edit_registration_name_path)
+        expect(response).to redirect_to(edit_registration_terms_and_conditions_path)
       end
 
       it 'displays message to complete registration' do

diff --git a/spec/system/confirmed_user/completing_registration_spec.rb b/spec/system/confirmed_user/completing_registration_spec.rb
@@ -1,11 +1,24 @@
 require 'rails_helper'
 
 RSpec.describe 'Confirmed users completing registration' do
-  include_context 'with user'
+  before do
+    allow(Rails.application).to receive(:gov_one_login?).and_return(true)
+  end
 
+  include_context 'with user'
   let(:user) { create :user, :confirmed }
 
   it 'requires name and a setting type and email preferences and a complete' do
+    expect(page).to have_text('Terms and conditions')
+    click_button 'Continue'
+    expect(page).to have_text('There is a problem')
+      .and have_text('You must accept the terms and conditions and privacy policy to create an account.')
+
+    expect(page).to have_text('Agree to our terms and conditions')
+
+    check 'I confirm that I accept the terms and conditions and privacy policy.'
+    click_button 'Continue'
+
     expect(page).to have_text('About you')
     click_button 'Continue'
 
@@ -48,14 +61,12 @@
 
     expect(page).to have_text('What is your role?')
       .and have_text('Enter your job title.')
-
     click_button 'Continue'
 
     expect(page).to have_text('There is a problem')
       .and have_text('Enter your job title.')
 
     fill_in 'Enter your job title.', with: 'user defined job title'
-
     click_button 'Continue'
 
     expect(page).to have_text('Do you want to get email updates about this training course?')

diff --git a/spec/system/sign_in_spec.rb b/spec/system/sign_in_spec.rb
@@ -5,6 +5,7 @@
   let(:password) { 'Str0ngPa$$w0rd' }
 
   before do
+    allow(Rails.application).to receive(:gov_one_login?).and_return(true)
     visit '/users/sign-in'
     fill_in 'Email address', with: email_address
     fill_in 'Password', with: password
@@ -45,7 +46,7 @@
 
     context 'and enters valid credentials' do
       it 'signs in successfully' do
-        expect(page).to have_text('About you') # extra registration
+        expect(page).to have_text('Agree to our terms and conditions') # extra registration
       end
     end