ENT-550 Display only TOS for enterprise's configured to skip registration

We have recently discovered that for any SSO Provider configured to skip the registration form, we were auto checking the terms of service box, which is a legal faux pas. Since IBM is planning to launch imminently and is depending on this feature, we need to remedy this situation for enterprises whose SSO Provider is configured to skip registration. This PR hides all of the registration fields except TOS for this scenario and disables the autoSubmit functionality that typically happens when skipping registration.
2017-07-19 12:23:17 -04:00
parent 8ce7d86471
commit 6439020815
5 changed files with 47 additions and 4 deletions
--- a/lms/djangoapps/student_account/views.py
+++ b/lms/djangoapps/student_account/views.py
@@ -319,7 +319,8 @@ def _third_party_auth_context(request, redirect_to, tpa_hint=None):
    }

    if third_party_auth.is_enabled():
-        if not enterprise_customer_for_request(request):
+        enterprise_customer = enterprise_customer_for_request(request)
+        if not enterprise_customer:
            for enabled in third_party_auth.provider.Registry.displayed_for_login(tpa_hint=tpa_hint):
                info = {
                    "id": enabled.provider_id,
@@ -348,8 +349,18 @@ def _third_party_auth_context(request, redirect_to, tpa_hint=None):
                context["finishAuthUrl"] = pipeline.get_complete_url(current_provider.backend_name)

                if current_provider.skip_registration_form:
-                    # As a reliable way of "skipping" the registration form, we just submit it automatically
-                    context["autoSubmitRegForm"] = True
+                    # For enterprise (and later for everyone), we need to get explicit consent to the
+                    # Terms of service instead of auto submitting the registration form outright.
+                    if not enterprise_customer:
+                        # As a reliable way of "skipping" the registration form, we just submit it automatically
+                        context["autoSubmitRegForm"] = True
+                    else:
+                        context["autoRegisterWelcomeMessage"] = (
+                            'Thank you for joining {}. '
+                            'Just a couple steps before you start learning!'
+                        ).format(
+                            configuration_helpers.get_value('PLATFORM_NAME', settings.PLATFORM_NAME)
+                        )

        # Check for any error messages we may want to display:
        for msg in messages.get_messages(request):
--- a/lms/static/js/student_account/views/RegisterView.js
+++ b/lms/static/js/student_account/views/RegisterView.js
@@ -38,6 +38,7 @@
                    this.platformName = data.platformName;
                    this.autoSubmit = data.thirdPartyAuth.autoSubmitRegForm;
                    this.hideAuthWarnings = data.hideAuthWarnings;
+                    this.autoRegisterWelcomeMessage = data.thirdPartyAuth.autoRegisterWelcomeMessage || '';

                    this.listenTo(this.model, 'sync', this.saveSuccess);
                },
@@ -55,7 +56,8 @@
                            currentProvider: this.currentProvider,
                            providers: this.providers,
                            hasSecondaryProviders: this.hasSecondaryProviders,
-                            platformName: this.platformName
+                            platformName: this.platformName,
+                            autoRegisterWelcomeMessage: this.autoRegisterWelcomeMessage
                        }
                    }));

--- a/lms/static/sass/views/_login-register.scss
+++ b/lms/static/sass/views/_login-register.scss
@@ -224,6 +224,16 @@
        &:focus {
            outline: none;
        }
+
+        div[class*="hidden-"] {
+            margin: 0;
+            display: none;
+        }
+
+        .auto-register-message {
+            font-size: 1.1em;
+            line-height: 1.3em;
+        }
    }

    %bold-label {
--- a/lms/templates/student_account/register.underscore
+++ b/lms/templates/student_account/register.underscore
@@ -45,6 +45,8 @@
                </h3>
            </div>
        <% } %>
+    <% } else if (context.autoRegisterWelcomeMessage) { %>
+        <span class="auto-register-message"><%- context.autoRegisterWelcomeMessage %></span>
    <% } %>

    <%= context.fields %>
--- a/openedx/core/djangoapps/user_api/views.py
+++ b/openedx/core/djangoapps/user_api/views.py
@@ -25,6 +25,7 @@ from edxmako.shortcuts import marketing_link
 from openedx.core.djangoapps.site_configuration import helpers as configuration_helpers
 from openedx.core.lib.api.authentication import SessionAuthenticationAllowInactiveUser
 from openedx.core.lib.api.permissions import ApiKeyHeaderPermission
+from openedx.features.enterprise_support.api import enterprise_customer_for_request
 from student.cookies import set_logged_in_cookies
 from student.forms import get_registration_extension_form
 from student.views import create_account_with_params
@@ -942,12 +943,29 @@ class RegistrationView(APIView):
                        running_pipeline.get('kwargs')
                    )

+                    # When the TPA Provider is configured to skip the registration form and we are in an
+                    # enterprise context, we need to hide all fields except for terms of service and
+                    # ensure that the user explicitly checks that field.
+                    hide_registration_fields_except_tos = (current_provider.skip_registration_form and
+                                                           enterprise_customer_for_request(request))
+
                    for field_name in self.DEFAULT_FIELDS + self.EXTRA_FIELDS:
                        if field_name in field_overrides:
                            form_desc.override_field_properties(
                                field_name, default=field_overrides[field_name]
                            )

+                            if (field_name not in ['terms_of_service', 'honor_code']
+                                    and field_overrides[field_name]
+                                    and hide_registration_fields_except_tos):
+
+                                form_desc.override_field_properties(
+                                    field_name,
+                                    field_type="hidden",
+                                    label="",
+                                    instructions="",
+                                )
+
                    # Hide the password field
                    form_desc.override_field_properties(
                        "password",