Adds date check for terms of use

For SOC2 Compliance, we need to set a date after which users must accept terms of use if they are just registering or being imported. closes CNVS-18692 Change-Id: I9b195367dd304083ca7be8f27f51724a390ce348 Reviewed-on: https://gerrit.instructure.com/49127 Tested-by: Jenkins Reviewed-by: Jeremy Stanley <jeremy@instructure.com> QA-Review: Jahnavi Yetukuri <jyetukuri@instructure.com> Product-Review: Cosme Salazar <cosme@instructure.com>
2015-02-19 17:44:03 -07:00 · 2015-02-19 17:44:03 -07:00 · a58f641c96
parent e5645778ea
commit a58f641c96
2 changed files with 60 additions and 1 deletions
--- a/app/models/account.rb
+++ b/app/models/account.rb
@ -306,11 +306,16 @@ class Account < ActiveRecord::Base
  end

  def require_acceptance_of_terms?(user)
+    soc2_start_date = Setting.get('SOC2_start_date', Time.new(2015, 4, 4, 0, 0, 0).utc)
+
    return false if !terms_required?
    return true if user.nil? || user.new_record?
    terms_changed_at = settings[:terms_changed_at]
    last_accepted = user.preferences[:accepted_terms]
-    return false if terms_changed_at.nil? && user.registered? # make sure existing users are grandfathered in
+
+    # make sure existing users are grandfathered in
+    return false if terms_changed_at.nil? && user.registered? && user.created_at < soc2_start_date
+
    return false if last_accepted && (terms_changed_at.nil? || last_accepted > terms_changed_at)
    true
  end
--- a/spec/selenium/terms_of_use_spec.rb
+++ b/spec/selenium/terms_of_use_spec.rb
@ -45,3 +45,57 @@ describe "terms of use test" do
    expect(f('.reaccept_terms')).to be_present
  end
 end
+
+describe "terms of use SOC2 compliance test" do
+  include_examples "in-process server selenium tests"
+
+  it "should prevent a user from accessing canvas if they are newly registered/imported after the SOC2 start date and have not yet accepted the terms" do
+
+    # Create a user after SOC2 implemented
+    after_soc2_start_date = Setting.get('SOC2_start_date', Time.new(2015, 4, 4, 0, 0, 0).utc) + 10.days
+
+    Timecop.freeze(after_soc2_start_date) do
+      user_with_pseudonym
+      @user.register!
+    end
+
+    login_as
+
+    # terms page should be displayed
+    expect(f('.reaccept_terms')).to be_present
+
+    # try to view a different page, terms page should remain
+    get "/profile/settings"
+    form = f('.reaccept_terms')
+    expect(form).to be_present
+
+    # accept the terms
+    expect_new_page_load {
+      f('[name="user[terms_of_use]"]').click
+      submit_form form
+    }
+
+    expect(f('.reaccept_terms')).not_to be_present
+  end
+
+  it "should grandfather in previously registered users without prompting them to reaccept the terms" do
+
+    # Create a user before SOC2 implemented
+    before_soc2_start_date = Setting.get('SOC2_start_date', Time.new(2015, 4, 4, 0, 0, 0).utc) - 10.days
+
+    Timecop.freeze(before_soc2_start_date) do
+      user_with_pseudonym
+      @user.register!
+    end
+
+    login_as
+
+    # terms page shouldn't be visible
+    expect(f('.reaccept_terms')).not_to be_present
+
+    # view a different page, verify terms page isn't displayed
+    get "/profile/settings"
+    form = f('.reaccept_terms')
+    expect(form).not_to be_present
+  end
+end