data protection policy shown twice before and after signup

[VOOM108]

With regular auth with e-mail-confirmation the policy is shown and has to be checked before the signup form appears. The the form, then the policy is never shown again.

With the auth_enrolkey it happens twice: the policy is shown and needs to be checked once more right after the form is submitted.

In both cases the policiy is set to be mandatory for authenticated users the exact same way.

[VOOM108]

I suppose it has to do with this from auth.php:

// These are currently not present in the user object.
       $user->policyagreed = 0;

[VOOM108]

Indeed, if I comment that out, the policy appears only once before the form and is saved in the profile of the new user from agreeing to it before the form.

[brendanheywood]

thanks @VOOM108 can you please make a pull request for this?

[VOOM108]

I am not so much fit with making PRs and stuff...

[VOOM108]

Ok, I tried. Hope I did this right...

[VOOM108]

The PR shows an error, but I don't get what is wrong. After all, I did no more than comment out one line. Should I just delete the line? I figured when a human checks this in, it would be edited according to how it is supposed to show up in the final code...

[brendanheywood]

thanks @VOOM108 leave this with us and we'll sort this

[Apollon1977]

Hello,
the issue is still present in VERSION3 under moodle 3.11. I further investigated and compared it to email based self registration.

Summary:
The problem only appears when "emailconfirmation" in the auth_enrolkey settings is set to "YES".
The problem is - I think -, that after registration

• policyagreed in user table of moodle db is set to "0" AND
• no entry in the tool_policy_acceptances table of the moodle database is created for the user.

In Detail:
I think it has only partially to do something with "$user->policyagreed" in auth.php as this is only related to the field "policyagreed" in the user table of the moodle database, which - I think - has the only purpose to not show the policy acceptance page.

On E-Mail-based self registration if you register as new user (after accepting the policy) an entry in the tool_policy_acceptances table of the moodle database is immediately created, i.e. BEFORE E-Mail confirmation. Same happens in auth_enrolkey if "emailconfirmation" in the auth_enrolkey settings is set to "NO" or "PARTIAL". Whereas this is not the case when set to "YES". This can been easily seen in "admin/tool/policy/acceptances.php".

The consequence depends on how "emailconfirmation" in the auth_enrolkey settings is configured:

• Yes: BUG users have to accept policies twice, once before registration (singnup.php) and once after confirmation.
  OK: E-Mail-confirmation is immediately required before further access to site is granted.
  OK: confirmed in user table of moodle db remains "0"
  NOK: policyagreed in user table of moodle db is "1" only after 2nd acceptance. Should be immedately after registration
  NOK: An entry in tool_policy_acceptances is only created after 2nd acceptance. Should be created immediately after registration.
• No: everything works as supposed:
  OK: immediate acces to the site
  OK: policyagreed AND confirmed is set to "1" and an entry in tool_policy_acceptances is created immediately after registration
• Partial: everything works as supposed:
  OK: immediate access to the site, but confirmation required before next login.
  OK: policyagreed is set to "1" and an entry in tool_policy_acceptances is created immediately after registration
  OK: confirmed remains "0"

For testing I commented out "$user->policyagreed = 0" in line 167 of auth.php. Result: behavior like "emailconfiguration" is set on partial which I expected but is not the intended behavior.