Merge branch 'main' into BC-4913-Remove-passage-on-user-registration

.github/workflows/push.yml

@@ -52,8 +52,6 @@ jobs:
 
       - name: test image exists
         run: |
-         mkdir -p ~/.docker
-         echo '{"experimental": "enabled"}' >> ~/.docker/config.json
          echo "IMAGE_EXISTS=$(docker manifest inspect ghcr.io/${{ github.repository }}-${{ matrix.tenants }}:${{ needs.branch_meta.outputs.sha }} > /dev/null && echo 1 || echo 0)" >> $GITHUB_ENV
 
       - name: Set up Docker Buildx

ansible/roles/schulcloud-client-core/templates/client-configmap-files.yml.j2

@@ -97,7 +97,7 @@ data:
             },
             '^/impressum': {
             },
-            '^/datenschutz': {
+            '^/privacypolicy': {
             }, */
             '^/about': {
                 defaultSrc: 'https://www10-fms.hpi.uni-potsdam.de https://cloud-instances.s3.hidrive.strato.com https://s3.hidrive.strato.com',

config/http-headers.js

@@ -80,7 +80,7 @@ const config = {
 			},
 			'^/impressum': {
 			},
-			'^/datenschutz': {
+			'^/privacypolicy': {
 			}, */
 			'^/about': {
 				defaultSrc: 'https://www10-fms.hpi.uni-potsdam.de https://cloud-instances.s3.hidrive.strato.com',

controllers/dataprivacy.js

@@ -1,60 +1,22 @@
 const express = require('express');
 const { URL } = require('url');
-const api = require('../api');
-const authHelper = require('../helpers/authentication');
 const { DOCUMENT_BASE_DIR, SC_THEME } = require('../config/global');
 const { specificFiles } = require('../config/documents');
+const { getBase64File } = require('../helpers/fileHelper');
+const { getConsentVersion } = require('../helpers/consentVersionHelper');
 
 const router = express.Router();
 
-const privacyUrl = () => {
-	return new URL(`${SC_THEME}/${specificFiles.privacyExemplary}`, DOCUMENT_BASE_DIR);
-};
-
-const downloadPolicyPdf = (res, fileData, fileTitle) => {
-	// ERR_INVALID_CHAR will get thrown on ukrainian translation without encoding
-	const encodedFileTitle = encodeURI(fileTitle);
-	const download = Buffer.from(fileData, 'base64');
-	res.writeHead(200, {
-		'Content-Type': 'application/pdf',
-		'Content-Disposition': `attachment; filename="${encodedFileTitle}.pdf"`,
-	}).end(download);
-};
-
-const getBase64File = async (req, res, fileId, fileTitle) => {
-	if (fileId) {
-		const base64File = await api(req).get(`/base64Files/${fileId}`);
-		if (base64File.data) {
-			const fileData = base64File.data.replace(
-				'data:application/pdf;base64,',
-				'',
-			);
-			downloadPolicyPdf(res, fileData, fileTitle);
-		}
-	}
-};
+const privacyUrl = () => new URL(`${SC_THEME}/${specificFiles.privacyExemplary}`, DOCUMENT_BASE_DIR);
 
 router.get('/', async (req, res, next) => {
 	try {
-		const isAuthenticated = await authHelper.isAuthenticated(req);
-		const qs = {
-			$limit: 1,
-			consentTypes: 'privacy',
-			$sort: {
-				publishedAt: -1,
-			},
-		};
-
-		if (isAuthenticated && res.locals.currentSchool) {
-			qs.schoolId = res.locals.currentSchool;
-		}
-
-		const consentVersions = await api(req).get('/consentVersions', { qs });
+		const consentVersions = await getConsentVersion(req, res, 'privacy');
 
 		if (consentVersions.data.length) {
 			const fileId = consentVersions.data[0].consentDataId;
 			if (!fileId) {
-				res.redirect(privacyUrl());
+				res.redirect(privacyUrl().toString());
 			}
 
 			const fileTitle = res.locals.theme.name === 'thr'
@@ -63,7 +25,7 @@ router.get('/', async (req, res, next) => {
 
 			await getBase64File(req, res, fileId, fileTitle);
 		} else {
-			res.redirect(privacyUrl());
+			res.redirect(privacyUrl().toString());
 		}
 	} catch (err) {
 		next(err);

controllers/firstLogin.js

@@ -29,10 +29,14 @@ const hasAccount = (req, res) => api(req).get('/consents', {
 	},
 });
 
-const getSchoolPrivacy = async (req, res) => {
+const getSchoolConsentVersionByType = async (req, res, consentType) => {
+	if (consentType !== 'privacy' && consentType !== 'termsOfUse') {
+		return undefined;
+	}
+
 	const qs = {
 		schoolId: res.locals.currentUser.schoolId,
-		consentTypes: ['privacy'],
+		consentTypes: [consentType],
 		consentDataId: { $exists: true },
 		$limit: 1,
 		$sort: {
@@ -249,7 +253,8 @@ router.get('/', async (req, res, next) => {
 		sso: !!(res.locals.currentPayload || {}).systemId,
 		now: Date.now(),
 		sections: sections.map((name) => `firstLogin/sections/${name}`),
-		schoolPrivacyLink: await getSchoolPrivacy(req, res),
+		schoolPrivacyLink: await getSchoolConsentVersionByType(req, res, 'privacy'),
+		schoolTermsLink: await getSchoolConsentVersionByType(req, res, 'termsOfUse'),
 		schoolPrivacyName: res.$t('global.text.dataProtection'),
 		submitPageIndex,
 		userConsent,

controllers/index.js

@@ -33,7 +33,8 @@ router.use('/partner/', require('./partner'));
 router.use('/community/', require('./community'));
 router.use('/about/', require('./about'));
 router.use('/help/', require('./help'));
-router.use('/datenschutz/', require('./dataprivacy'));
+router.use('/privacypolicy/', require('./dataprivacy'));
+router.use('/termsofuse/', require('./termsofuse'));
 router.use('/my-material', require('./my-material'));
 router.use('/base64Files', require('./base64Files'));
 router.use('/logs', require('./logs'));

controllers/registration.js

@@ -49,11 +49,11 @@ const checkValidRegistration = async (req) => {
  */
 router.get(['/register', '/register/*'], (req, res, next) => res.render('registration/deprecated_warning'));
 
-const getSchoolPrivacy = async (req, res) => {
+const getSchoolConsentVersionByType = async (req, res, consentType) => {
 	const importHash = getImportHash(req);
 
 	try {
-		const consentVersion = await api(req).get(`/registration/consent/${importHash}`);
+		const consentVersion = await api(req).get(`/registration/consent/${importHash}?consentType=${consentType}`);
 		if (consentVersion) {
 			const { consentDataId } = consentVersion;
 			return consentDataId ? `/base64Files/${consentDataId}` : undefined;
@@ -251,8 +251,10 @@ router.get(['/registration/:classOrSchoolId/byparent', '/registration/:classOrSc
 			hideMenu: true,
 			user,
 			needConsent,
-			schoolPrivacyLink: await getSchoolPrivacy(req, res),
-			schoolPrivacyName: res.$t('global.text.dataProtection'),
+			schoolPrivacyLink: await getSchoolConsentVersionByType(req, res, 'privacy'),
+			schoolTermsLink: await getSchoolConsentVersionByType(req, res, 'termsOfUse'),
+			schoolPrivacyName: res.$t('global.text.dataProtectionFile'),
+			schoolTermsName: res.$t('global.text.termsOfUseFile'),
 			sectionNumber,
 			CONSENT_WITHOUT_PARENTS_MIN_AGE_YEARS,
 			invalid,
@@ -317,8 +319,10 @@ router.get(['/registration/:classOrSchoolId/bystudent', '/registration/:classOrS
 			user,
 			needConsent,
 			sectionNumber,
-			schoolPrivacyLink: await getSchoolPrivacy(req, res),
-			schoolPrivacyName: res.$t('global.text.dataProtection'),
+			schoolPrivacyLink: await getSchoolConsentVersionByType(req, res, 'privacy'),
+			schoolTermsLink: await getSchoolConsentVersionByType(req, res, 'termsOfUse'),
+			schoolPrivacyName: res.$t('global.text.dataProtectionFile'),
+			schoolTermsName: res.$t('global.text.termsOfUseFile'),
 			CONSENT_WITHOUT_PARENTS_MIN_AGE_YEARS,
 			invalid,
 			secure,
@@ -393,8 +397,10 @@ router.get(['/registration/:classOrSchoolId/:byRole'], async (req, res) => {
 		user,
 		needConsent,
 		sectionNumber,
-		schoolPrivacyLink: await getSchoolPrivacy(req, res),
-		schoolPrivacyName: res.$t('global.text.dataProtection'),
+		schoolPrivacyLink: await getSchoolConsentVersionByType(req, res, 'privacy'),
+		schoolTermsLink: await getSchoolConsentVersionByType(req, res, 'termsOfUse'),
+		schoolPrivacyName: res.$t('global.text.dataProtectionFile'),
+		schoolTermsName: res.$t('global.text.termsOfUseFile'),
 		invalid,
 		secure,
 		correctID,
@@ -432,8 +438,10 @@ router.get(['/registration/:classOrSchoolId', '/registration/:classOrSchoolId/:s
 			sso: req.params.sso === 'sso',
 			account: req.params.accountId || '',
 			CONSENT_WITHOUT_PARENTS_MIN_AGE_YEARS,
-			schoolPrivacyLink: await getSchoolPrivacy(req, res),
-			schoolPrivacyName: res.$t('global.text.dataProtection'),
+			schoolPrivacyLink: await getSchoolConsentVersionByType(req, res, 'privacy'),
+			schoolTermsLink: await getSchoolConsentVersionByType(req, res, 'termsOfUse'),
+			schoolPrivacyName: res.$t('global.text.dataProtectionFile'),
+			schoolTermsName: res.$t('global.text.termsOfUseFile'),
 			invalid,
 			secure,
 			correctID,

controllers/termsofuse.js

@@ -0,0 +1,33 @@
+const express = require('express');
+const { URL } = require('url');
+const { DOCUMENT_BASE_DIR, SC_THEME } = require('../config/global');
+const { specificFiles } = require('../config/documents');
+const { getBase64File } = require('../helpers/fileHelper');
+const { getConsentVersion } = require('../helpers/consentVersionHelper');
+
+const router = express.Router();
+
+const termsUrl = () => new URL(`${SC_THEME}/${specificFiles.termsOfUseSchool}`, DOCUMENT_BASE_DIR);
+
+router.get('/', async (req, res, next) => {
+	try {
+		const consentVersions = await getConsentVersion(req, res, 'termsOfUse');
+
+		if (consentVersions.data.length) {
+			const fileId = consentVersions.data[0].consentDataId;
+			if (!fileId) {
+				res.redirect(termsUrl().toString());
+			}
+
+			const fileTitle = res.$t('global.text.termsOfUseFile');
+
+			await getBase64File(req, res, fileId, fileTitle);
+		} else {
+			res.redirect(termsUrl().toString());
+		}
+	} catch (err) {
+		next(err);
+	}
+});
+
+module.exports = router;

helpers/consentVersionHelper.js

@@ -0,0 +1,24 @@
+const api = require('../api');
+const authHelper = require('./authentication');
+
+const getConsentVersion = async (req, res, consentType) => {
+	const isAuthenticated = await authHelper.isAuthenticated(req);
+	const qs = {
+		$limit: 1,
+		consentTypes: [consentType],
+		$sort: {
+			publishedAt: -1,
+		},
+	};
+
+	if (isAuthenticated && res.locals.currentSchool) {
+		qs.schoolId = res.locals.currentSchool;
+	}
+
+	const consentVersion = await api(req).get('/consentVersions', { qs });
+	return consentVersion;
+};
+
+module.exports = {
+	getConsentVersion,
+};