From a2ed6626c2f4e85878f775abcac897a1fd3a1f42 Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Fri, 13 Sep 2019 17:33:18 +0200
Subject: Add support for terms of service

This feature is optional. It is based on the presence of a
`data/tos.html` file that an administrator can create. If this file
exists, FreshRSS will automatically add a "ToS" checkbox on the
registration page that users must check to be able to create their
account.
---
 app/Controllers/authController.php  |  1 +
 app/Controllers/indexController.php | 17 +++++++++++++++++
 app/Controllers/userController.php  | 10 ++++++++++
 3 files changed, 28 insertions(+)

(limited to 'app/Controllers')

diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php
index a8b21b886..70adaa5d3 100644
--- a/app/Controllers/authController.php
+++ b/app/Controllers/authController.php
@@ -205,6 +205,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
 			Minz_Error::error(403);
 		}
 
+		$this->view->show_tos_checkbox = file_exists(join_path(DATA_PATH, 'tos.html'));
 		$this->view->show_email_field = FreshRSS_Context::$system_conf->force_email_validation;
 		Minz_View::prependTitle(_t('gen.auth.registration.title') . ' · ');
 	}
diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php
index 4023492d2..2d791ce1d 100755
--- a/app/Controllers/indexController.php
+++ b/app/Controllers/indexController.php
@@ -259,6 +259,23 @@ class FreshRSS_index_Controller extends Minz_ActionController {
 		Minz_View::prependTitle(_t('index.about.title') . ' · ');
 	}
 
+	/**
+	 * This action displays the EULA page of FreshRSS.
+	 * This page is enabled only if admin created a data/tos.html file.
+	 * The content of the page is the content of data/tos.html.
+	 * It returns 404 if there is no EULA.
+	 */
+	public function tosAction() {
+		$terms_of_service = file_get_contents(join_path(DATA_PATH, 'tos.html'));
+		if (!$terms_of_service) {
+			Minz_Error::error(404);
+		}
+
+		$this->view->terms_of_service = $terms_of_service;
+		$this->view->can_register = !max_registrations_reached();
+		Minz_View::prependTitle(_t('index.tos.title') . ' · ');
+	}
+
 	/**
 	 * This action displays logs of FreshRSS for the current user.
 	 */
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 69c1820e5..ab8dfb0b2 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -281,6 +281,9 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 			$passwordPlain = Minz_Request::param('new_user_passwordPlain', '', true);
 			$new_user_language = Minz_Request::param('new_user_language', FreshRSS_Context::$user_conf->language);
 
+			$tos_enabled = file_exists(join_path(DATA_PATH, 'tos.html'));
+			$accept_tos = Minz_Request::param('accept_tos', false);
+
 			if ($system_conf->force_email_validation && empty($email)) {
 				Minz_Request::bad(
 					_t('user.email.feedback.required'),
@@ -295,6 +298,13 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 				);
 			}
 
+			if ($tos_enabled && !$accept_tos) {
+				Minz_Request::bad(
+					_t('user.tos.feedback.invalid'),
+					array('c' => 'auth', 'a' => 'register')
+				);
+			}
+
 			$ok = self::createUser($new_user_name, $email, $passwordPlain, '', array('language' => $new_user_language));
 			Minz_Request::_param('new_user_passwordPlain');	//Discard plain-text password ASAP
 			$_POST['new_user_passwordPlain'] = '';
-- 
cgit v1.2.3