From 64390208155d3192ea67c0bc5914ae225103dc80 Mon Sep 17 00:00:00 2001 From: Brittney Exline Date: Wed, 19 Jul 2017 12:23:17 -0400 Subject: [PATCH] ENT-550 Display only TOS for enterprise's configured to skip registration We have recently discovered that for any SSO Provider configured to skip the registration form, we were auto checking the terms of service box, which is a legal faux pas. Since IBM is planning to launch imminently and is depending on this feature, we need to remedy this situation for enterprises whose SSO Provider is configured to skip registration. This PR hides all of the registration fields except TOS for this scenario and disables the autoSubmit functionality that typically happens when skipping registration. --- lms/djangoapps/student_account/views.py | 17 ++++++++++++++--- .../js/student_account/views/RegisterView.js | 4 +++- lms/static/sass/views/_login-register.scss | 10 ++++++++++ .../student_account/register.underscore | 2 ++ openedx/core/djangoapps/user_api/views.py | 18 ++++++++++++++++++ 5 files changed, 47 insertions(+), 4 deletions(-) diff --git a/lms/djangoapps/student_account/views.py b/lms/djangoapps/student_account/views.py index 17b00e5532..6351a405af 100644 --- a/lms/djangoapps/student_account/views.py +++ b/lms/djangoapps/student_account/views.py @@ -319,7 +319,8 @@ def _third_party_auth_context(request, redirect_to, tpa_hint=None): } if third_party_auth.is_enabled(): - if not enterprise_customer_for_request(request): + enterprise_customer = enterprise_customer_for_request(request) + if not enterprise_customer: for enabled in third_party_auth.provider.Registry.displayed_for_login(tpa_hint=tpa_hint): info = { "id": enabled.provider_id, @@ -348,8 +349,18 @@ def _third_party_auth_context(request, redirect_to, tpa_hint=None): context["finishAuthUrl"] = pipeline.get_complete_url(current_provider.backend_name) if current_provider.skip_registration_form: - # As a reliable way of "skipping" the registration form, we just submit it automatically - context["autoSubmitRegForm"] = True + # For enterprise (and later for everyone), we need to get explicit consent to the + # Terms of service instead of auto submitting the registration form outright. + if not enterprise_customer: + # As a reliable way of "skipping" the registration form, we just submit it automatically + context["autoSubmitRegForm"] = True + else: + context["autoRegisterWelcomeMessage"] = ( + 'Thank you for joining {}. ' + 'Just a couple steps before you start learning!' + ).format( + configuration_helpers.get_value('PLATFORM_NAME', settings.PLATFORM_NAME) + ) # Check for any error messages we may want to display: for msg in messages.get_messages(request): diff --git a/lms/static/js/student_account/views/RegisterView.js b/lms/static/js/student_account/views/RegisterView.js index 918cad4f61..6c05d4a3e0 100644 --- a/lms/static/js/student_account/views/RegisterView.js +++ b/lms/static/js/student_account/views/RegisterView.js @@ -38,6 +38,7 @@ this.platformName = data.platformName; this.autoSubmit = data.thirdPartyAuth.autoSubmitRegForm; this.hideAuthWarnings = data.hideAuthWarnings; + this.autoRegisterWelcomeMessage = data.thirdPartyAuth.autoRegisterWelcomeMessage || ''; this.listenTo(this.model, 'sync', this.saveSuccess); }, @@ -55,7 +56,8 @@ currentProvider: this.currentProvider, providers: this.providers, hasSecondaryProviders: this.hasSecondaryProviders, - platformName: this.platformName + platformName: this.platformName, + autoRegisterWelcomeMessage: this.autoRegisterWelcomeMessage } })); diff --git a/lms/static/sass/views/_login-register.scss b/lms/static/sass/views/_login-register.scss index 27596b99e9..af0128dd62 100644 --- a/lms/static/sass/views/_login-register.scss +++ b/lms/static/sass/views/_login-register.scss @@ -224,6 +224,16 @@ &:focus { outline: none; } + + div[class*="hidden-"] { + margin: 0; + display: none; + } + + .auto-register-message { + font-size: 1.1em; + line-height: 1.3em; + } } %bold-label { diff --git a/lms/templates/student_account/register.underscore b/lms/templates/student_account/register.underscore index d4ed354202..bd0016afea 100644 --- a/lms/templates/student_account/register.underscore +++ b/lms/templates/student_account/register.underscore @@ -45,6 +45,8 @@ <% } %> + <% } else if (context.autoRegisterWelcomeMessage) { %> + <%- context.autoRegisterWelcomeMessage %> <% } %> <%= context.fields %> diff --git a/openedx/core/djangoapps/user_api/views.py b/openedx/core/djangoapps/user_api/views.py index bff2f449a7..6d644e1a30 100644 --- a/openedx/core/djangoapps/user_api/views.py +++ b/openedx/core/djangoapps/user_api/views.py @@ -25,6 +25,7 @@ from edxmako.shortcuts import marketing_link from openedx.core.djangoapps.site_configuration import helpers as configuration_helpers from openedx.core.lib.api.authentication import SessionAuthenticationAllowInactiveUser from openedx.core.lib.api.permissions import ApiKeyHeaderPermission +from openedx.features.enterprise_support.api import enterprise_customer_for_request from student.cookies import set_logged_in_cookies from student.forms import get_registration_extension_form from student.views import create_account_with_params @@ -942,12 +943,29 @@ class RegistrationView(APIView): running_pipeline.get('kwargs') ) + # When the TPA Provider is configured to skip the registration form and we are in an + # enterprise context, we need to hide all fields except for terms of service and + # ensure that the user explicitly checks that field. + hide_registration_fields_except_tos = (current_provider.skip_registration_form and + enterprise_customer_for_request(request)) + for field_name in self.DEFAULT_FIELDS + self.EXTRA_FIELDS: if field_name in field_overrides: form_desc.override_field_properties( field_name, default=field_overrides[field_name] ) + if (field_name not in ['terms_of_service', 'honor_code'] + and field_overrides[field_name] + and hide_registration_fields_except_tos): + + form_desc.override_field_properties( + field_name, + field_type="hidden", + label="", + instructions="", + ) + # Hide the password field form_desc.override_field_properties( "password",