Add tos to allowed controllers when force authorizations enabled (#368)

* add tos to allowed controllers

* update tests

.github/workflows/tests.yml

@@ -79,7 +79,7 @@ jobs:
 
       - run: tar -zcf /tmp/testapp-env.tar.gz ./spec/decidim_dummy_app
 
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         with:
           name: workspace
           path: /tmp/testapp-env.tar.gz
@@ -139,7 +139,7 @@ jobs:
       - run: |
           sudo apt install wkhtmltopdf imagemagick 7zip
 
-      - uses: actions/download-artifact@v3
+      - uses: actions/download-artifact@v4
         with:
           name: workspace
           path: /tmp
@@ -165,7 +165,7 @@ jobs:
       - name: Upload coverage reports to Codecov
         uses: codecov/codecov-action@v3
 
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         if: always()
         with:
           name: screenshots

CHANGELOG.md

@@ -1,6 +1,14 @@
 CHANGELOG
 =========
 
+Unreleased
+-------
+Compatibility:
+  - Decidim 0.28.x
+
+Features:
+  - Fix allowing to accept terms and conditions when forced verifications enabled
+
 v0.11.3
 -------
 Compatibility:

app/controllers/concerns/decidim/decidim_awesome/check_login_authorizations.rb

@@ -53,7 +53,7 @@ def current_authorizations
       end
 
       def allowed_controllers
-        %w(required_authorizations authorizations upload_validations timeouts editor_images locales) + awesome_config[:force_authorization_allowed_controller_names].to_a
+        %w(required_authorizations authorizations upload_validations timeouts editor_images locales pages tos) + awesome_config[:force_authorization_allowed_controller_names].to_a
       end
     end
   end

lib/decidim/decidim_awesome/awesome.rb

@@ -205,8 +205,9 @@ module DecidimAwesome
     end
 
     # This controllers will be skipped from the authorization check
+    # Included automatically: required_authorizations authorizations upload_validations timeouts editor_images locales pages tos
     config_accessor :force_authorization_allowed_controller_names do
-      %w(account pages)
+      %w(account)
     end
 
     # How old must be the private data to be considered expired and therefore presented to the admins for deletion

spec/system/public/forced_verifications_spec.rb

@@ -81,6 +81,18 @@
       end
     end
 
+    context "when the user has not accepted the terms an conditions" do
+      let(:user) { create(:user, :confirmed, organization:, accepted_tos_version: nil) }
+
+      it "user can accept the terms and conditions" do
+        expect(page).to have_current_path("/pages/terms-of-service")
+        click_on "I agree with these terms"
+        expect(user.reload.accepted_tos_version).not_to be_nil
+        expect(page).to have_current_path(decidim_decidim_awesome.required_authorizations_path(redirect_url: restricted_path))
+        expect(page).to have_content("you need to authorize your account with a valid authorization")
+      end
+    end
+
     context "when is an admin" do
       let(:user) { create(:user, :confirmed, :admin, organization:) }