Add a customizable note about personal data to the login page

Due to GDPR, users should be alerted before logging in about how long personal data is stored in the system. The details may vary in different organizations and thus, this note is customizable in the server's local_settings.py. The structure of the privacy notice may also vary in organizations and the note in the login page may need to refer to certain sections of the privacy notice.
apluslms · Sep 1, 2021 · 7051393 · 7051393
1 parent 3a08510
commit 7051393
Show file tree

Hide file tree

Showing 6 changed files with 14 additions and 21 deletions.
diff --git a/aplus/local_settings.example.py b/aplus/local_settings.example.py
@@ -28,6 +28,7 @@
 #MOOC_BODY_TEXT = 'Some of our courses are open for everyone. Log in with your user account from one of the following services.'
 #INTERNAL_USER_LABEL = 'Aalto'
 #EXTERNAL_USER_LABEL = 'MOOC'
+#LOGIN_USER_DATA_INFO = 'Your personal data are stored in {brand_name}. For additional information, please see <a href="{privacy_url}">the privacy notice</a>.'
 
 #WELCOME_TEXT_FI = 'A+ <small>verkkopohjainen oppimisympäristö</small>'
 #SHIBBOLETH_TITLE_TEXT_FI = 'Aalto-yliopiston käyttäjät'
@@ -38,6 +39,7 @@
 #HAKA_BUTTON_TEXT_FI = 'Kirjaudu Haka-tunnuksella'
 #MOOC_TITLE_TEXT_FI = 'Käyttäjät Aallon ulkopuolelta'
 #MOOC_BODY_TEXT_FI = 'Osa kursseistamme on avoinna kaikille. Kirjaudu sisään jonkin seuraavan palvelun käyttäjätunnuksellasi.'
+#LOGIN_USER_DATA_INFO_FI = 'Henkilötietosi säilytetään {brand_name}-järjestelmässä. Katso lisätietoja <a href="{privacy_url}">tietosuojailmoituksesta</a>.'
 
 # Show red alert on top of all pages
 #SITEWIDE_ALERT_TEXT = "Maintenance on Monday"

diff --git a/aplus/settings.py b/aplus/settings.py
@@ -50,6 +50,7 @@
 MOOC_BODY_TEXT = 'Some of our courses are open for everyone. Log in with your user account from one of the following services.'
 INTERNAL_USER_LABEL = 'Aalto'
 EXTERNAL_USER_LABEL = 'MOOC'
+LOGIN_USER_DATA_INFO = 'Your personal data are stored in {brand_name}. For additional information, please see <a href="{privacy_url}">the privacy notice</a>.'
 
 WELCOME_TEXT_FI = 'A+ <small>verkkopohjainen oppimisympäristö</small>'
 SHIBBOLETH_TITLE_TEXT_FI = 'Aalto-yliopiston käyttäjät'
@@ -60,6 +61,7 @@
 HAKA_BUTTON_TEXT_FI = 'Kirjaudu Haka-tunnuksella'
 MOOC_TITLE_TEXT_FI = 'Käyttäjät Aallon ulkopuolelta'
 MOOC_BODY_TEXT_FI = 'Osa kursseistamme on avoinna kaikille. Kirjaudu sisään jonkin seuraavan palvelun käyttäjätunnuksellasi.'
+LOGIN_USER_DATA_INFO_FI = 'Henkilötietosi säilytetään {brand_name}-järjestelmässä. Katso lisätietoja <a href="{privacy_url}">tietosuojailmoituksesta</a>.'
 
 TRACKING_HTML = ''
 

diff --git a/locale/en/LC_MESSAGES/django.po b/locale/en/LC_MESSAGES/django.po
@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2021-08-11 17:34+0300\n"
+"POT-Creation-Date: 2021-08-31 16:43+0300\n"
 "PO-Revision-Date: 2021-05-27 14:47+0300\n"
 "Last-Translator: Ella Anttila <[email protected]>\n"
 "Language-Team: English<>\n"
@@ -4697,11 +4697,6 @@ msgstr "Password"
 msgid "SHOW_MORE_LOGIN_OPTIONS"
 msgstr "Show more login options"
 
-#: userprofile/templates/userprofile/login.html
-#, python-format
-msgid "READ_OUR_PRIVACY_NOTICE -- %(url)s"
-msgstr "You may want to read our <a href=\"%(url)s\">privacy notice</a>."
-
 #: userprofile/templates/userprofile/logout.html
 msgid "LOGGED_OUT"
 msgstr "Logged out"

diff --git a/locale/fi/LC_MESSAGES/django.po b/locale/fi/LC_MESSAGES/django.po
@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2021-08-11 17:34+0300\n"
+"POT-Creation-Date: 2021-08-31 16:43+0300\n"
 "PO-Revision-Date: 2019-08-14 12:16+0200\n"
 "Last-Translator: Ella Anttila <[email protected]>\n"
 "Language-Team: Finnish <>\n"
@@ -4709,12 +4709,6 @@ msgstr "Salasana"
 msgid "SHOW_MORE_LOGIN_OPTIONS"
 msgstr "Näytä lisää kirjautumisvaihtoehtoja"
 
-#: userprofile/templates/userprofile/login.html
-#, python-format
-msgid "READ_OUR_PRIVACY_NOTICE -- %(url)s"
-msgstr ""
-"Voit olla kiinnostunut <a href=\"%(url)s\">tietosuojailmoituksestamme</a>."
-
 #: userprofile/templates/userprofile/logout.html
 msgid "LOGGED_OUT"
 msgstr "Olet kirjautunut ulos"

diff --git a/userprofile/templates/userprofile/login.html b/userprofile/templates/userprofile/login.html
@@ -162,11 +162,6 @@ <h2 id="login-local-users">
 		</div>
 	</div>
 
-	{% url 'privacy_notice' as privacy_url %}
-	<p>
-		{% blocktranslate trimmed with url=privacy_url %}
-			READ_OUR_PRIVACY_NOTICE -- {{ url }}
-		{% endblocktranslate %}
-	</p>
+	<p>{{ user_data_info|safe }}</p>
 
 {% endblock %}
diff --git a/userprofile/views.py b/userprofile/views.py
@@ -9,7 +9,7 @@
 from django.core.cache.utils import make_template_fragment_key
 from django.http import HttpResponse, HttpResponseRedirect, HttpRequest
 from django.template.loader import TemplateDoesNotExist, get_template
-from django.urls import translate_url
+from django.urls import reverse, translate_url
 from django.utils.http import is_safe_url
 from django.utils.translation import (
     LANGUAGE_SESSION_KEY,
@@ -41,7 +41,6 @@ class CustomLoginView(LoginView):
         'shibboleth_login': 'shibboleth_login' in settings.INSTALLED_APPS,
         'haka_login': getattr(settings, 'HAKA_LOGIN', False),
         'mooc_login': 'social_django' in settings.INSTALLED_APPS,
-        'brand_name': settings_text('BRAND_NAME'),
     }
     if extra_context['haka_login'] and not extra_context['shibboleth_login']:
         logger.warning("Shibboleth login not enabled, but Haka login flag set as true.")
@@ -54,7 +53,9 @@ def get_context_data(self, **kwargs):
         # that the language can be defined. There is no request in the code
         # in the class level, but there is a request when this method is called
         # (self.request).
+        brand_name = settings_text('BRAND_NAME')
         context.update({
+            'brand_name': brand_name,
             'shibboleth_title_text': settings_text('SHIBBOLETH_TITLE_TEXT'),
             'shibboleth_body_text': settings_text('SHIBBOLETH_BODY_TEXT'),
             'shibboleth_button_text': settings_text('SHIBBOLETH_BUTTON_TEXT'),
@@ -63,6 +64,10 @@ def get_context_data(self, **kwargs):
             'haka_button_text': settings_text('HAKA_BUTTON_TEXT'),
             'mooc_title_text': settings_text('MOOC_TITLE_TEXT'),
             'mooc_body_text': settings_text('MOOC_BODY_TEXT'),
+            'user_data_info': settings_text('LOGIN_USER_DATA_INFO').format(
+                brand_name=brand_name,
+                privacy_url=reverse('privacy_notice'),
+            ),
         })
         return context