Internal: Improve Terms and Conditions handling - refs BT#22774

Author: christianbeeznest

assets/vue/composables/auth/login.js

@@ -29,31 +29,29 @@ export function useLogin() {
     requires2FA.value = false
 
     try {
-      // Build the payload using OFAJ style
+      // Prepare payload as expected by securityService
       const payload = {
-        username: login,
+        login,
         password,
         _remember_me,
+        totp,
       }
 
-      if (totp) {
-        payload.totp = totp
-      }
-
+      // Add returnUrl if exists in query param
       const returnUrl = route.query.redirect?.toString() || null
       if (returnUrl) {
         payload.returnUrl = returnUrl
       }
 
       const responseData = await securityService.login(payload)
 
-      // Handle 2FA
+      // Handle 2FA flow
       if (responseData.requires2FA && !payload.totp) {
         requires2FA.value = true
         return { success: false, requires2FA: true }
       }
 
-      // Handle rotate password flow
+      // Handle forced password rotation
       if (responseData.rotate_password && responseData.redirect) {
         window.location.href = responseData.redirect
         return { success: true, rotate: true }
@@ -65,13 +63,13 @@ export function useLogin() {
         return { success: false, error: responseData.error }
       }
 
-      // Handle terms and conditions redirection
+      // Handle terms and conditions redirect
       if (responseData.load_terms && responseData.redirect) {
         window.location.href = responseData.redirect
         return { success: true, redirect: responseData.redirect }
       }
 
-      // External redirect parameter
+      // Handle external redirect param
       if (route.query.redirect) {
         const redirectParam = route.query.redirect.toString()
         if (isValidHttpUrl(redirectParam)) {
@@ -88,16 +86,17 @@ export function useLogin() {
         return { success: true }
       }
 
+      // Save user info
       securityStore.setUser(responseData)
       await platformConfigurationStore.initialize()
 
-      // Handle redirect param again after login
+      // Redirect again if redirect param still exists
       if (route.query.redirect) {
         await router.replace({ path: route.query.redirect.toString() })
         return { success: true }
       }
 
-      // Handle post-login redirection based on platform config
+      // Default platform redirect after login
       const setting = platformConfigurationStore.getSetting("registration.redirect_after_login")
       let target = "/"
 

public/main/auth/tc.php

@@ -1,21 +1,53 @@
 <?php
 require_once __DIR__.'/../inc/global.inc.php';
 
+use Chamilo\CoreBundle\Framework\Container;
 use Chamilo\CoreBundle\Helpers\ChamiloHelper;
+use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use ChamiloSession as Session;
 
 $return = $_POST['return'] ?? $_GET['return'] ?? 'index.php';
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST'
     && !empty($_POST['legal_accept_type'])
     && isset($_POST['legal_accept'])
-    && ($uid = api_get_user_id())
 ) {
-    ChamiloHelper::saveUserTermsAcceptance($uid, $_POST['legal_accept_type']);
+    $userId = 0;
+    $termData = Session::read('term_and_condition');
+    if (!empty($termData['user_id'])) {
+        $userId = (int)$termData['user_id'];
+    } else {
+        $userId = api_get_user_id();
+    }
 
-    Session::write('term_and_condition', null);
+    if ($userId > 0) {
+        ChamiloHelper::saveUserTermsAcceptance($userId, $_POST['legal_accept_type']);
 
-    ChamiloHelper::redirectTo($return);
+        // Re-login in Symfony security
+        $userEntity = api_get_user_entity($userId);
+        if ($userEntity) {
+            $token = new UsernamePasswordToken(
+                $userEntity,
+                'main',
+                $userEntity->getRoles()
+            );
+
+            $tokenStorage = Container::getTokenStorage();
+            $tokenStorage->setToken($token);
+
+            // Save the token to session so the firewall recognizes it on the next request
+            $session = Container::getSession();
+            if ($session) {
+                $session->set('_security_main', serialize($token));
+            }
+        }
+
+        Session::write('term_and_condition', null);
+
+        ChamiloHelper::redirectTo($return);
+    } else {
+        die('Error: Unable to identify user accepting terms.');
+    }
 }
 
 ChamiloHelper::displayLegalTermsPage($return);

src/CoreBundle/Controller/CourseController.php

@@ -90,14 +90,16 @@ public function checkTermsAndConditionJson(
     ): Response {
         $user = $this->userHelper->getCurrent();
         $course = $this->getCourse();
+        $sid = $this->getSessionId();
+
         $responseData = [
             'redirect' => false,
             'url' => '#',
         ];
 
         if ($user->hasRole('ROLE_STUDENT')
-            && 'true' === $settingsManager->getSetting('registration.allow_terms_conditions')
-            && 'course' === $settingsManager->getSetting('platform.load_term_conditions_section')
+            && 'true' === $settingsManager->getSetting('registration.allow_terms_conditions', true)
+            && 'course' === $settingsManager->getSetting('platform.load_term_conditions_section', true)
         ) {
             $termAndConditionStatus = false;
             $extraValue = $extraFieldValuesRepository->findLegalAcceptByItemId($user->getId());
@@ -115,7 +117,7 @@ public function checkTermsAndConditionJson(
 
                 $redirect = true;
 
-                if ('true' === $settingsManager->getSetting('course.allow_public_course_with_no_terms_conditions')
+                if ('true' === $settingsManager->getSetting('course.allow_public_course_with_no_terms_conditions', true)
                     && Course::OPEN_WORLD === $course->getVisibility()
                 ) {
                     $redirect = false;
@@ -124,9 +126,13 @@ public function checkTermsAndConditionJson(
                 if ($redirect && !$this->isGranted('ROLE_ADMIN')) {
                     $request->getSession()->remove('cid');
                     $request->getSession()->remove('course');
+
+                    // Build return URL
+                    $returnUrl = '/course/' . $course->getId() . '/home?sid='.$sid;
+
                     $responseData = [
                         'redirect' => true,
-                        'url' => '/main/auth/tc.php',
+                        'url' => '/main/auth/tc.php?return=' . urlencode($returnUrl),
                     ];
                 }
             } else {

src/CoreBundle/Controller/SecurityController.php

@@ -102,9 +102,10 @@ public function loginJson(
 
         $extraFieldValuesRepository = $this->entityManager->getRepository(ExtraFieldValues::class);
         $legalTermsRepo = $this->entityManager->getRepository(Legal::class);
-        if ($user->hasRole('ROLE_STUDENT')
-            && 'true' === $this->settingsManager->getSetting('allow_terms_conditions')
-            && 'login' === $this->settingsManager->getSetting('load_term_conditions_section')
+        if (
+            $user->hasRole('ROLE_STUDENT')
+            && 'true' === $this->settingsManager->getSetting('allow_terms_conditions', true)
+            && 'login' === $this->settingsManager->getSetting('load_term_conditions_section', true)
         ) {
             $termAndConditionStatus = false;
             $extraValue = $extraFieldValuesRepository->findLegalAcceptByItemId($user->getId());
@@ -118,18 +119,15 @@ public function loginJson(
             }
 
             if (false === $termAndConditionStatus) {
-                /*$tempTermAndCondition = ['user_id' => $user->getId()];
+                $tempTermAndCondition = ['user_id' => $user->getId()];
                 $this->tokenStorage->setToken(null);
                 $request->getSession()->invalidate();
                 $request->getSession()->start();
                 $request->getSession()->set('term_and_condition', $tempTermAndCondition);
-                */
-
-                $request->getSession()->set('term_and_condition', ['user_id' => $user->getId()]);
 
                 return $this->json([
-                    'requiresTerms' => true,
-                    'redirect'     => '/main/auth/tc.php?return=' . urlencode('/'),
+                    'load_terms' => true,
+                    'redirect'   => '/main/auth/tc.php?return=' . urlencode('/home'),
                 ]);
             }
             $request->getSession()->remove('term_and_condition');

src/CoreBundle/DataFixtures/SettingsCurrentFixtures.php

@@ -3458,6 +3458,11 @@ public static function getNewConfigurationSettings(): array
                     'title' => 'Send the welcome message to e-mail and inbox',
                     'comment' => "By default, the welcome message (with credentials) is sent only by e-mail. Enable this option to send it to the user's Chamilo inbox as well.",
                 ],
+                [
+                    'name' => 'hide_legal_accept_checkbox',
+                    'title' => 'Hide legal accept checkbox in Terms and Conditions page',
+                    'comment' => 'If set to true, removes the "I have read and accept" checkbox in the Terms and Conditions page flow.',
+                ],
             ],
             'work' => [
                 [

src/CoreBundle/Migrations/Schema/V200/Version20250714184000.php

@@ -0,0 +1,85 @@
+<?php
+
+/* For licensing terms, see /license.txt */
+
+declare(strict_types=1);
+
+namespace Chamilo\CoreBundle\Migrations\Schema\V200;
+
+use Chamilo\CoreBundle\Migrations\AbstractMigrationChamilo;
+use Doctrine\DBAL\Schema\Schema;
+
+final class Version20250714184000 extends AbstractMigrationChamilo
+{
+    public function getDescription(): string
+    {
+        return 'Add setting registration.hide_legal_accept_checkbox';
+    }
+
+    public function up(Schema $schema): void
+    {
+        $variable = 'hide_legal_accept_checkbox';
+        $category = 'registration';
+        $selectedValue = 'false';
+        $title = 'Hide legal accept checkbox in Terms and Conditions page';
+        $comment = 'If set to true, removes the "I have read and accept" checkbox in the Terms and Conditions page flow.';
+
+        $sqlCheck = sprintf(
+            "SELECT COUNT(*) as count
+             FROM settings
+             WHERE variable = '%s'
+               AND subkey IS NULL
+               AND access_url = 1",
+            addslashes($variable)
+        );
+
+        $stmt = $this->connection->executeQuery($sqlCheck);
+        $result = $stmt->fetchAssociative();
+
+        if ($result && (int) $result['count'] > 0) {
+            $this->addSql(sprintf(
+                "UPDATE settings
+                 SET selected_value = '%s',
+                     title = '%s',
+                     comment = '%s',
+                     category = '%s'
+                 WHERE variable = '%s'
+                   AND subkey IS NULL
+                   AND access_url = 1",
+                addslashes($selectedValue),
+                addslashes($title),
+                addslashes($comment),
+                addslashes($category),
+                addslashes($variable)
+            ));
+            $this->write(sprintf('Updated setting: %s', $variable));
+        } else {
+            $this->addSql(sprintf(
+                "INSERT INTO settings
+                    (variable, subkey, type, category, selected_value, title, comment, access_url_changeable, access_url_locked, access_url)
+                 VALUES
+                    ('%s', NULL, NULL, '%s', '%s', '%s', '%s', 1, 0, 1)",
+                addslashes($variable),
+                addslashes($category),
+                addslashes($selectedValue),
+                addslashes($title),
+                addslashes($comment)
+            ));
+            $this->write(sprintf('Inserted setting: %s', $variable));
+        }
+    }
+
+    public function down(Schema $schema): void
+    {
+        $variable = 'hide_legal_accept_checkbox';
+
+        $this->addSql(sprintf(
+            "DELETE FROM settings
+             WHERE variable = '%s'
+               AND subkey IS NULL
+               AND access_url = 1",
+            addslashes($variable)
+        ));
+        $this->write(sprintf('Removed setting: %s.', $variable));
+    }
+}

src/CoreBundle/Settings/RegistrationSettingsSchema.php

@@ -35,6 +35,7 @@ public function buildSettings(AbstractSettingsBuilder $builder): void
                 'allow_fields_inscription' => '',
                 'send_inscription_msg_to_inbox' => 'false',
                 'redirect_after_login' => '',
+                'hide_legal_accept_checkbox' => 'false',
             ])
             ->setTransformer('required_profile_fields', new ArrayToIdentifierTransformer())
             ->setTransformer('extendedprofile_registration', new ArrayToIdentifierTransformer())
@@ -101,6 +102,7 @@ public function buildForm(FormBuilderInterface $builder): void
             ->add('redirect_after_login', TextareaType::class, [
                 'required' => false,
             ])
+            ->add('hide_legal_accept_checkbox', YesNoType::class)
         ;
 
         $this->updateFormFieldsFromSettingsInfo($builder);