Add prompt to consent to terms and conditions on first use #1103
Conversation
owi92
force-pushed
the
terms-and-conditions
branch
from
46e7e23 to
52986f7
Compare
owi92
force-pushed
the
terms-and-conditions
branch
from
52986f7 to
61c32a6
Compare
| [general.initial_consent] | ||
| title.en = "Terms & Conditions" | ||
| button.en = "Agree" | ||
| text.en = """ | ||
| By using this video portal, you agree to our terms and conditions. | ||
|
|
||
| For more information, see: | ||
| - [Our terms](https://www.our.terms) | ||
| - [Our conditions](https://www.our.conditions) | ||
| """ | ||
|
|
There was a problem hiding this comment.
I would not add this to our test deployment. That would be super annoying.
Though of course I appreciate it for the test deployment of this PR :D maybe remove this right before merging.
| [general.initial_consent] | ||
| title.en = "Terms & Conditions" | ||
| button.en = "Agree" | ||
| text.en = """ | ||
| By using this video portal, you agree to our terms and conditions. | ||
|
|
||
| For more information, see: | ||
| - [Our terms](https://www.our.terms) | ||
| - [Our conditions](https://www.our.conditions) | ||
| """ | ||
|
|
There was a problem hiding this comment.
Similarly I would not add this to our dev config, equally annoying for devs.
Now you might say: but then we don't "automatically" regularly test this. Correct. Mir wurscht :P I don't want to see these prompts every single day. And more seriously: I don't think this feature, once working, will easily break. So not testing it regularly is fine IMO.
frontend/src/ui/InitialConsent.tsx
Outdated
| return (hash >>> 0).toString(36); | ||
| }; | ||
|
|
||
| const hash = simpleHash(CONFIG.initialConsent.toString()); |
There was a problem hiding this comment.
Calling toString() on an object returns "[object Object]". This needs to be done differently.
Though now I'm wondering... we can concat all strings and hash that. But we have to make sure that we always concat them in the same order. But more importantly: if a new language is added, the hash changes and everyone has to agree again. And if it is changed in a language other than the one you agreed to, then the same happens.
Do we want to avoid that? Then maybe we should store in local storage the language key and the hash? Then, to check if the user needs to re-confirm, we only concat the strings of the language in the local storage and compare the hash?
There was a problem hiding this comment.
Right, yeah I think that makes sense. I forgot that in my recent push, will look into it tomorrow.
owi92
force-pushed
the
terms-and-conditions
branch
from
61c32a6 to
c492a32
Compare
|
Let me know if/when you're ok with these changes, then I'll remove the pre-configured values from the test and dev config. Also, tests are expected to fail while these are still configured. |
This comment was marked as resolved.
This comment was marked as resolved.
github-actions
bot
added
the
status:conflicts
owi92
changed the title
This holds configurable title, text and button label for the terms and conditions prompt.
This is a really basic consent modal, that is only closeable by agreeing to the configured terms and conditions. Users are prompted when first visiting Tobira. The consent is saved in local storage, meaning it is done on a per-device basis rather than per-user. Users are re-prompted once anything in the T&Cs changes.
owi92
force-pushed
the
terms-and-conditions
branch
from
c492a32 to
1902db7
Compare
github-actions
bot
removed
the
status:conflicts
|
Closed in favor of #1112 |
Supersedes #1103 Closes #1023 The consent is stored in local storage, and thus is bound to a device (+ browser & OS) and not to a (logged-in) user. We need this functionality anyway for users that never log in. In #1023 it was suggested that we also store the consent in the DB for logged-in users. In theory that means logged-in users never see the prompt again, but in practice this is not useful: since the prompt is in front of everything, the user has to agree to it before logging in. So the DB-stored value would never be used, except in very rare cases. Tobira asks for consent again once the configured texts change. Or more specifically: the texts in the language shown to the user when clicking "Agree". That means new languages can be added without re-prompting all users.
Closes #1023
This adds a simple modal asking the user to agree to configurable terms and conditions.
The modal can only be closed by agreeing. So if a user doesn't agree, they cannot use Tobira.
Right now this is only done when a user first visits Tobira prior to logging in, so it doesn't store any
user information per se. This means consent is given per device/browser and not per user.
Still subject to change or be expanded with additional consent needed after logging in.
I'm marking this as a draft, since that is what it is, but I would still appreciate a review and feedback.
Edit: Tests need to be rewritten for this. I'd definitely want to wait for @LukasKalbertodt playwright changes.