Terms and privacy

[gaspergrom]

Changes proposed ✍️

What

🤖 Generated by Copilot at 6003e7a

This pull request implements a new feature that requires users to accept the terms and privacy policy of the platform when signing up. It adds a new page, a checkbox, and a validation rule to the frontend, and a new column, a property, and a validation logic to the backend. It also adds the necessary migrations, models, repositories, services, actions, middleware, and translations to support the feature.
​

🤖 Generated by Copilot at 6003e7a

Oh we're the coders of the sea, and we work with skill and glee
We add features to the auth, to respect the users' path
We need consent for terms and privacy, so we check the acceptedTermsAndPrivacy
Heave away, me hearties, heave away, heave away

Why

How

🤖 Generated by Copilot at 6003e7a

• Add a validation check to the authSignUp endpoint to ensure that the request body has a property acceptedTermsAndPrivacy that is truthy, and return a 422 error if not (backend/src/api/auth/authSignUp.ts, link, link)
• Add a new column acceptedTermsAndPrivacy to the users table in the database, with a default value of true, and a corresponding rollback migration script (backend/src/database/migrations/V1689235178__addTermsAndPrivacyColumn.sql, link, backend/src/database/migrations/U1689235178__addTermsAndPrivacyColumn.sql, link)
• Add the acceptedTermsAndPrivacy property to the user model definition, the user model's create and update methods, and the soft-delete logic (backend/src/database/models/user.ts, link, backend/src/database/repositories/userRepository.ts, link, link, link)
• Add the acceptedTermsAndPrivacy parameter to the signUp method of the authService class, and pass it to the userRepository.create method (backend/src/services/auth/authService.ts, link, link)
• Add a condition to the auth-guard middleware that redirects the user to the terms-and-privacy page if they have not accepted the terms and privacy policy (frontend/src/middleware/auth/auth-guard.js, link)
• Add a new route for the terms-and-privacy path, with the TermsAndPrivacyPage component and a meta title (frontend/src/modules/auth/auth-routes.js, link, link)
• Add a new component file for the terms-and-privacy page, with a template, a script, and a style section, that displays the terms and privacy policy and collects the user's consent (frontend/src/modules/auth/pages/terms-and-privacy.vue, link)
• Add a checkbox element to the signup-page.vue component, with a v-model binding to the acceptedTermsAndPrivacy property of the model object, and a text span with links to the terms of service and privacy policy (frontend/src/modules/auth/pages/signup-page.vue, link)
• Add a validation rule, a data property, and a condition to the signup-page.vue component, to validate, track, and handle the user's consent before submitting the form (frontend/src/modules/auth/pages/signup-page.vue, link, link, link)
• Add the acceptedTermsAndPrivacy parameter to the registerWithEmailAndPassword method of the authService class, and pass it to the authAxios.post method (frontend/src/modules/auth/auth-service.js, link, link)
• Add the acceptedTermsAndPrivacy parameter to the doRegisterEmailAndPassword action of the auth module's store, and pass it to the authService.registerWithEmailAndPassword method (frontend/src/modules/auth/store/actions.js, link, link)
• Add a new field definition for the acceptedTermsAndPrivacy property of the user model, with a type, a label, and a required rule (frontend/src/modules/user/user-model.js, link)
• Add the acceptedTermsAndPrivacy property to the en object of the i18n module, for the translation of the checkbox label (frontend/src/i18n/en.js, link)
• Move the sendPasswordResetEmail method of the authService class to a different position in the file, for readability and consistency (frontend/src/modules/auth/auth-service.js, link)

Checklist ✅

• Label appropriately with Feature, Improvement, or Bug.
• Add screehshots to the PR description for relevant FE changes
• New backend functionality has been unit-tested.
• API documentation has been updated (if necessary) (see docs on API documentation).
• Quality standards are met.

[joanagmaia]

I don't think this one is used

[joanagmaia]

Should we only allow this route if user is authenticated? Otherwise I'm able to access it, click on the button and get a 403 when not authenticated?