Commit 2c99025f authored by Igor Drozdov's avatar Igor Drozdov

Merge branch '195664-bypass-accepting-terms-for-deleting-own-account' into 'master'

Require Terms of Service for deleting an account

See merge request gitlab-org/gitlab!72000
parents 24b51f40 365173c5
...@@ -45,6 +45,11 @@ class RegistrationsController < Devise::RegistrationsController ...@@ -45,6 +45,11 @@ class RegistrationsController < Devise::RegistrationsController
end end
def destroy def destroy
if current_user.required_terms_not_accepted?
redirect_to profile_account_path, status: :see_other, alert: s_('Profiles|You must accept the Terms of Service in order to perform this action.')
return
end
if destroy_confirmation_valid? if destroy_confirmation_valid?
current_user.delete_async(deleted_by: current_user) current_user.delete_async(deleted_by: current_user)
session.try(:destroy) session.try(:destroy)
......
...@@ -26312,6 +26312,9 @@ msgstr "" ...@@ -26312,6 +26312,9 @@ msgstr ""
msgid "Profiles|You don't have access to delete this user." msgid "Profiles|You don't have access to delete this user."
msgstr "" msgstr ""
msgid "Profiles|You must accept the Terms of Service in order to perform this action."
msgstr ""
msgid "Profiles|You must transfer ownership or delete groups you are an owner of before you can delete your account" msgid "Profiles|You must transfer ownership or delete groups you are an owner of before you can delete your account"
msgstr "" msgstr ""
......
...@@ -602,6 +602,22 @@ RSpec.describe RegistrationsController do ...@@ -602,6 +602,22 @@ RSpec.describe RegistrationsController do
end end
end end
context 'when user did not accept app terms' do
let(:user) { create(:user, accepted_term: nil) }
before do
stub_application_setting(password_authentication_enabled_for_web: false)
stub_application_setting(password_authentication_enabled_for_git: false)
stub_application_setting(enforce_terms: true)
end
it 'fails with message' do
post :destroy, params: { username: user.username }
expect_failure(s_('Profiles|You must accept the Terms of Service in order to perform this action.'))
end
end
it 'sets the username and caller_id in the context' do it 'sets the username and caller_id in the context' do
expect(controller).to receive(:destroy).and_wrap_original do |m, *args| expect(controller).to receive(:destroy).and_wrap_original do |m, *args|
m.call(*args) m.call(*args)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment