feat: add terms of service to registration/login flow (#28)

See SwissDataScienceCenter/renku-ui#2954

Author: ciyer

README.md

@@ -2,11 +2,19 @@
 
 This project defines the keycloak theme shown on RenkuLab.
 
-# Production
+## Production
 
 In production, the Docker image is mounted into container running Keycloak. See the keycloak section of the helm chart/values file: https://github.com/SwissDataScienceCenter/renku/blob/master/helm-chart/renku/values.yaml. Search for `theme` to find the relevant lines.
 
-# Development
+## Configuration
+
+Keycloak can be configured to prompt a user to accept the **terms of service** on their first login. In Keycloack version 20, this can be done in the admin UI under the `Authentication` section for the realm.
+
+Select the `Required Actions` tab, make sure `Terms and Conditions` is enabled and set it as default action as well.
+
+For a Keycloak version different from 20, consult the admin guide, since the configuration may be different.
+
+## Development
 
 For development, there is a `Dockerfile.dev` that can be built and run locally to shorten the feedback loop.
 
@@ -27,6 +35,28 @@ From here, you can click _Sign In_ to get to the login UI.
 
 You can make changes to the theme and refresh in your browser to see the updates. You need to do a hard refresh (e.g., Shift-Refresh on Safari) or ensure the cache is disabled to see your changes.
 
+### Configuration
+
+Keycloak can be configured to prompt a user to accept the **terms of service** on their first login. This is off by default, but to enable it, modify the following section in `renku-realm.json`:
+
+```
+{
+    "alias": "terms_and_conditions",
+    "name": "Terms and Conditions",
+    "providerId": "terms_and_conditions",
+    "enabled": false,
+    "defaultAction": true,
+    "priority": 20,
+    "config": {}
+}
+```
+
+and set `enabled` to `true`.
+
+```
+"enabled": true,
+```
+
 ## Local Testing
 
 After the initial theme is set up, you should make some configuration changes to test several scenarios:

renku-theme-dev/renku-realm.json

@@ -1325,7 +1325,7 @@
       "name": "Terms and Conditions",
       "providerId": "terms_and_conditions",
       "enabled": false,
-      "defaultAction": false,
+      "defaultAction": true,
       "priority": 20,
       "config": {}
     },

renku_theme/login/login.ftl

@@ -2,6 +2,11 @@
 <@layout.registrationLayout displayMessage=!messagesPerField.existsError('username','password') displayInfo=realm.password && realm.registrationAllowed && !registrationDisabled??; section>
     <#if section = "header">
         ${msg("loginAccountTitle")}
+        <div id="renku-login-terms-container">
+            <div id="renku-login-terms-text">
+                ${kcSanitize(msg("termsText"))?no_esc}
+            </div>
+        </div>
     <#elseif section = "socialProviders" >
         <#if realm.password && social.providers??>
             <div id="kc-social-providers" class="${properties.kcFormSocialAccountSectionClass!}">

renku_theme/login/messages/messages_en.properties

@@ -3,3 +3,4 @@ loginFormLabel=Log in with your RenkuLab account
 
 # Identity provider
 identity-provider-login-label=Sign up or Log in with
+termsText=By continuing, you agree to the RenkuLab <a target="_blank" rel="noreferrer noopener" href="/help/tos">Terms of Service</a> and acknowledge that the <a target="_blank" rel="noreferrer noopener" href="/help/privacy">Privacy Policy</a> applies to you.

renku_theme/login/register.ftl

@@ -0,0 +1,146 @@
+<#import "template.ftl" as layout>
+<@layout.registrationLayout displayMessage=!messagesPerField.existsError('firstName','lastName','email','username','password','password-confirm'); section>
+    <#if section = "header">
+        ${msg("registerTitle")}
+        <div id="renku-login-terms-container">
+            <div id="renku-login-terms-text">
+                ${kcSanitize(msg("termsText"))?no_esc}
+            </div>
+        </div>
+    <#elseif section = "form">
+        <form id="kc-register-form" class="${properties.kcFormClass!}" action="${url.registrationAction}" method="post">
+            <div class="${properties.kcFormGroupClass!}">
+                <div class="${properties.kcLabelWrapperClass!}">
+                    <label for="firstName" class="${properties.kcLabelClass!}">${msg("firstName")}</label>
+                </div>
+                <div class="${properties.kcInputWrapperClass!}">
+                    <input type="text" id="firstName" class="${properties.kcInputClass!}" name="firstName"
+                           value="${(register.formData.firstName!'')}"
+                           aria-invalid="<#if messagesPerField.existsError('firstName')>true</#if>"
+                    />
+
+                    <#if messagesPerField.existsError('firstName')>
+                        <span id="input-error-firstname" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
+                            ${kcSanitize(messagesPerField.get('firstName'))?no_esc}
+                        </span>
+                    </#if>
+                </div>
+            </div>
+
+            <div class="${properties.kcFormGroupClass!}">
+                <div class="${properties.kcLabelWrapperClass!}">
+                    <label for="lastName" class="${properties.kcLabelClass!}">${msg("lastName")}</label>
+                </div>
+                <div class="${properties.kcInputWrapperClass!}">
+                    <input type="text" id="lastName" class="${properties.kcInputClass!}" name="lastName"
+                           value="${(register.formData.lastName!'')}"
+                           aria-invalid="<#if messagesPerField.existsError('lastName')>true</#if>"
+                    />
+
+                    <#if messagesPerField.existsError('lastName')>
+                        <span id="input-error-lastname" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
+                            ${kcSanitize(messagesPerField.get('lastName'))?no_esc}
+                        </span>
+                    </#if>
+                </div>
+            </div>
+
+            <div class="${properties.kcFormGroupClass!}">
+                <div class="${properties.kcLabelWrapperClass!}">
+                    <label for="email" class="${properties.kcLabelClass!}">${msg("email")}</label>
+                </div>
+                <div class="${properties.kcInputWrapperClass!}">
+                    <input type="text" id="email" class="${properties.kcInputClass!}" name="email"
+                           value="${(register.formData.email!'')}" autocomplete="email"
+                           aria-invalid="<#if messagesPerField.existsError('email')>true</#if>"
+                    />
+
+                    <#if messagesPerField.existsError('email')>
+                        <span id="input-error-email" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
+                            ${kcSanitize(messagesPerField.get('email'))?no_esc}
+                        </span>
+                    </#if>
+                </div>
+            </div>
+
+            <#if !realm.registrationEmailAsUsername>
+                <div class="${properties.kcFormGroupClass!}">
+                    <div class="${properties.kcLabelWrapperClass!}">
+                        <label for="username" class="${properties.kcLabelClass!}">${msg("username")}</label>
+                    </div>
+                    <div class="${properties.kcInputWrapperClass!}">
+                        <input type="text" id="username" class="${properties.kcInputClass!}" name="username"
+                               value="${(register.formData.username!'')}" autocomplete="username"
+                               aria-invalid="<#if messagesPerField.existsError('username')>true</#if>"
+                        />
+
+                        <#if messagesPerField.existsError('username')>
+                            <span id="input-error-username" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
+                                ${kcSanitize(messagesPerField.get('username'))?no_esc}
+                            </span>
+                        </#if>
+                    </div>
+                </div>
+            </#if>
+
+            <#if passwordRequired??>
+                <div class="${properties.kcFormGroupClass!}">
+                    <div class="${properties.kcLabelWrapperClass!}">
+                        <label for="password" class="${properties.kcLabelClass!}">${msg("password")}</label>
+                    </div>
+                    <div class="${properties.kcInputWrapperClass!}">
+                        <input type="password" id="password" class="${properties.kcInputClass!}" name="password"
+                               autocomplete="new-password"
+                               aria-invalid="<#if messagesPerField.existsError('password','password-confirm')>true</#if>"
+                        />
+
+                        <#if messagesPerField.existsError('password')>
+                            <span id="input-error-password" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
+                                ${kcSanitize(messagesPerField.get('password'))?no_esc}
+                            </span>
+                        </#if>
+                    </div>
+                </div>
+
+                <div class="${properties.kcFormGroupClass!}">
+                    <div class="${properties.kcLabelWrapperClass!}">
+                        <label for="password-confirm"
+                               class="${properties.kcLabelClass!}">${msg("passwordConfirm")}</label>
+                    </div>
+                    <div class="${properties.kcInputWrapperClass!}">
+                        <input type="password" id="password-confirm" class="${properties.kcInputClass!}"
+                               name="password-confirm"
+                               aria-invalid="<#if messagesPerField.existsError('password-confirm')>true</#if>"
+                        />
+
+                        <#if messagesPerField.existsError('password-confirm')>
+                            <span id="input-error-password-confirm" class="${properties.kcInputErrorMessageClass!}" aria-live="polite">
+                                ${kcSanitize(messagesPerField.get('password-confirm'))?no_esc}
+                            </span>
+                        </#if>
+                    </div>
+                </div>
+            </#if>
+
+            <#if recaptchaRequired??>
+                <div class="form-group">
+                    <div class="${properties.kcInputWrapperClass!}">
+                        <div class="g-recaptcha" data-size="compact" data-sitekey="${recaptchaSiteKey}"></div>
+                    </div>
+                </div>
+            </#if>
+
+            <div class="${properties.kcFormGroupClass!}">
+                <div id="kc-form-options" class="${properties.kcFormOptionsClass!}">
+                    <div class="${properties.kcFormOptionsWrapperClass!}">
+                        <span><a href="${url.loginUrl}">${kcSanitize(msg("backToLogin"))?no_esc}</a></span>
+                    </div>
+                </div>
+
+                <div id="kc-form-buttons" class="${properties.kcFormButtonsClass!}">
+                    <input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonBlockClass!} ${properties.kcButtonLargeClass!}" type="submit" value="${msg("doRegister")}"/>
+                </div>
+            </div>
+        </form>
+    </#if>
+</@layout.registrationLayout>

renku_theme/login/resources/css/login.css

@@ -165,7 +165,7 @@ input[type="submit"] {
 }
 
 input[type="submit"]:hover {
-  background: #007A6C;
+  background: #007a6c;
   color: #ffffff;
 }
 
@@ -325,7 +325,7 @@ div#kc-social-providers a {
 }
 
 div#kc-social-providers a:hover {
-  background: #007A6C;
+  background: #007a6c;
   color: #ffffff;
 }
 
@@ -355,6 +355,18 @@ div#kc-social-providers a:active {
   background-color: #ffffff7d;
 }
 
+div#renku-login-terms-container {
+  display: flex;
+  font-size: 12px;
+  font-weight: normal;
+  margin-top: 20px;
+  justify-content: center;
+}
+
+div#renku-login-terms-text {
+  max-width: 400px;
+}
+
 @media only screen and (max-width: 1080px) {
   #kc-content-wrapper {
     align-items: center;

renku_theme/login/terms.ftl

@@ -0,0 +1,17 @@
+<#import "template.ftl" as layout>
+<@layout.registrationLayout displayMessage=false; section>
+    <#if section = "header">
+        ${msg("termsTitle")}
+    <#elseif section = "form">
+        <div id="renku-terms-wrapper">
+        <div id="kc-terms-text">
+            ${kcSanitize(msg("termsText"))?no_esc}
+        </div>
+        <form class="form-actions" action="${url.loginAction}" method="POST">
+            <input class="${properties.kcButtonClass!} ${properties.kcButtonDefaultClass!} ${properties.kcButtonLargeClass!}" name="cancel" id="kc-decline" type="submit" value="${msg("doDecline")}"/>
+            <input class="${properties.kcButtonClass!} ${properties.kcButtonPrimaryClass!} ${properties.kcButtonLargeClass!}" name="accept" id="kc-accept" type="submit" value="${msg("doAccept")}"/>
+        </form>
+        <div class="clearfix"></div>
+        </div>
+    </#if>
+</@layout.registrationLayout>