Closed (fixed)
Project:
Legal
Version:
master
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
27 Nov 2007 at 23:24 UTC
Updated:
6 May 2011 at 16:01 UTC
Jump to comment: Most recent file
Conflict with OpenID module: openid users are never shown the terms and conditions, yet they are credited as having accepted them automatically.
| Comment | File | Size | Author |
|---|---|---|---|
| #18 | legal_alternative_logins.patch | 1.9 KB | quicksketch |
| #17 | legal_module_195866.patch | 1.34 KB | pfournier |
| #2 | legal+openid.patch | 482 bytes | sikjoy |
Comments
Comment #1
sikjoy commentedOne of the nice features of OpenID is that you don't have to fill out a form when you register with a website. Consequently, the registration form is skipped.
When OpenID users reach the 'insert' case in hook_user, legal executes the legal_save_accept function. If there were some way to test for OpenID registrations at this point, you could break out of this case before executing this function. Then OpenID users would be presented with the T&Cs at the login stage.
Comment #2
sikjoy commentedThe following patch solves the problem for me. If someone could test it that would be great.
Comment #3
sikjoy commentedOops, forgot to change the status.
Comment #4
dpalfan commentedI'm ready to test it, but need the legal module updated to Drupal6.
Comment #5
robert castelo commentedAnyone want to try this out?
Comment #6
robert castelo commented#2 patch doesn't add functionality required for OpenID to fully work with Legal module.
We need Legal to interrupt after the OpenID system has verified who the user is, during legal_user 'login' operation.
Comment #7
sikjoy commentedI see you changed this bug to Drupal 6.x. Will the fix be back-ported to 5.x?
Comment #8
robert castelo commentedIt should be possible to take the relevant code from the D6 version and add it to the D5 version. We'll see.
Comment #9
sikjoy commentedSwitching this bug back to active since the patch didn't work out.
Comment #10
sikjoy commentedComment #11
rbryer commentedAny progress on this?
Comment #12
jamesJonas commentedI'm also interested if anyone has found a fix for this issue.
Comment #13
xibun commentedsame here
Comment #14
Delta Bridges commentedsubscribing
Comment #15
mfer commentedThis legal problem isn't just for openid users. What about anonymous commenters with the legal module?
Here is my suggestion. Under the openid login and the comment area there is a space to have a message that says (by logging in with openid/commenting you are accepting the terms.) The terms is a link to the terms page. There could even be an option for a checkbox that fails the form if not checked asking them to accept the terms.
This would be fairly straight forward to put into code. Does the idea work?
Thoughts?
Comment #16
dayre commentedThis is also a problem for any bulk added users. We're bootstrapping a large user base using this module and by default they all had the terms accepted.
This is due to the hook_user insert operation which assumes if Drupal got to that point, the user has accepted... which may not be the case.
To solve this, and the openid issue, might be good to have some additional hook structure in there... for my problem, i solved it like this.
Comment #17
pfournier commentedHere is a patch that also handles the 'update' case.
Comment #18
quicksketchThanks @pfournier for the patch! It doesn't look like it was properly formed however, so I rebuilt it in this patch (with a little documentation). I'm not quite sure what's going on with the branches in this project (7.x, 8.x, master, what's going on here?) so I rolled it against master, which looks like it's for Drupal 6 still.
I'm actually using this module with Facebook Connect, which also suffers the same problem. I'm updating the title issue to reflect the scope of the issue.
To be more clear, the user doesn't just *bypass* the T&C, they actually are marked as having accepted the conditions! That's much worse. I can't imagine the fight that might arise over a user who violated the terms of service arguing that they never even agreed to them to begin with.
Comment #19
robert castelo commentedThanks dayre, pfournier, and quicksketch.
I tested with OpenID and works beautifully.
Committed, and will be part of a release today.
Re branches: - master and 6.x-8.x are currently the same, I jumped up to 6.x-8.x because I had previously accidentally created a 6.x-7.x branch which was never actually developed on, and just wanted to make a fresh start.
Comment #20
quicksketchAh yes, classic. I'd be lying if I said I never made a 6.x-6.x release accidentally. :P I'm happy the new project Git mechanism is much less prone-to-error.
Thanks for committing (and for really pulling this module out of the pits!)