From 99f1a5380e588603b28cdbb688d59bea4893007f Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Wed, 2 May 2018 13:02:07 -0400
Subject: [PATCH] closes #6483

---
 src/controllers/authentication.js | 14 +++++++--
 src/controllers/index.js          |  2 +-
 src/middleware/user.js            |  3 ++
 src/routes/authentication.js      |  6 +++-
 src/user.js                       | 48 +++++++++++++++++++++++++++----
 src/user/create.js                |  1 +
 6 files changed, 64 insertions(+), 10 deletions(-)

diff --git a/src/controllers/authentication.js b/src/controllers/authentication.js
index de0ba56bf0..643b898843 100644
--- a/src/controllers/authentication.js
+++ b/src/controllers/authentication.js
@@ -191,8 +191,18 @@ authenticationController.registerComplete = function (req, res, next) {
 				res.locals.processLogin = true;
 				registerAndLoginUser(req, res, req.session.registration, done);
 			} else {
-				// Clear registration data in session
-				done();
+				// Update user hash, clear registration data in session
+				const payload = req.session.registration;
+				const uid = payload.uid;
+				delete payload.uid;
+
+				Object.keys(payload).forEach((prop) => {
+					if (typeof payload[prop] === 'boolean') {
+						payload[prop] = payload[prop] ? 1 : 0;
+					}
+				});
+
+				user.setUserFields(uid, payload, done);
 			}
 		});
 	});
diff --git a/src/controllers/index.js b/src/controllers/index.js
index 292d892767..052995c60b 100644
--- a/src/controllers/index.js
+++ b/src/controllers/index.js
@@ -197,7 +197,7 @@ Controllers.registerInterstitial = function (req, res, next) {
 			if (!data.interstitials.length) {
 				// No interstitials, redirect to home
 				delete req.session.registration;
-				return res.redirect('/');
+				return res.redirect(nconf.get('relative_path') + '/');
 			}
 			var renders = data.interstitials.map(function (interstitial) {
 				return async.apply(req.app.render.bind(req.app), interstitial.template, interstitial.data || {});
diff --git a/src/middleware/user.js b/src/middleware/user.js
index 0c726c4403..e7c6c7ef36 100644
--- a/src/middleware/user.js
+++ b/src/middleware/user.js
@@ -215,6 +215,9 @@ module.exports = function (middleware) {
 			return next();
 		}
 		if (!req.path.endsWith('/register/complete')) {
+			// Append user data if present
+			req.session.registration.uid = req.uid;
+
 			controllers.helpers.redirect(res, '/register/complete');
 		} else {
 			return next();
diff --git a/src/routes/authentication.js b/src/routes/authentication.js
index 212c2b1302..fff3c997fb 100644
--- a/src/routes/authentication.js
+++ b/src/routes/authentication.js
@@ -66,7 +66,11 @@ Auth.reloadRoutes = function (callback) {
 					}));
 				}
 
-				router.get(strategy.callbackURL, passport.authenticate(strategy.name, {
+				router.get(strategy.callbackURL, function (req, res, next) {
+					// Trigger registration interstitial checks
+					req.session.registration = req.session.registration || {};
+					next();
+				}, passport.authenticate(strategy.name, {
 					successReturnToOrRedirect: nconf.get('relative_path') + (strategy.successUrl !== undefined ? strategy.successUrl : '/'),
 					failureRedirect: nconf.get('relative_path') + (strategy.failureUrl !== undefined ? strategy.failureUrl : '/login'),
 				}));
diff --git a/src/user.js b/src/user.js
index 634bff8f4a..9712f8063f 100644
--- a/src/user.js
+++ b/src/user.js
@@ -353,7 +353,7 @@ User.addInterstitials = function (callback) {
 		method: [
 			// GDPR information collection/processing consent + email consent
 			function (data, callback) {
-				if (!data.userData.gdpr_consent) {
+				const add = function () {
 					data.interstitials.push({
 						template: 'partials/gdpr_consent',
 						data: {
@@ -368,14 +368,32 @@ User.addInterstitials = function (callback) {
 							next(userData.gdpr_consent ? null : new Error('[[register:gdpr_consent_denied]]'));
 						},
 					});
-				}
+				};
+
+				if (!data.userData.gdpr_consent) {
+					if (data.userData.uid) {
+						db.getObjectField('user:' + data.userData.uid, 'gdpr_consent', function (err, consented) {
+							if (err) {
+								return callback(err);
+							} else if (!parseInt(consented, 10)) {
+								add();
+							}
 
-				setImmediate(callback, null, data);
+							callback(null, data);
+						});
+					} else {
+						add();
+						setImmediate(callback, null, data);
+					}
+				} else {
+					// GDPR consent signed
+					setImmediate(callback, null, data);
+				}
 			},
 
 			// Forum Terms of Use
 			function (data, callback) {
-				if (meta.config.termsOfUse && !data.userData.acceptTos) {
+				const add = function () {
 					data.interstitials.push({
 						template: 'partials/acceptTos',
 						data: {
@@ -389,9 +407,27 @@ User.addInterstitials = function (callback) {
 							next(userData.acceptTos ? null : new Error('[[register:terms_of_use_error]]'));
 						},
 					});
-				}
+				};
+
+				if (meta.config.termsOfUse && !data.userData.acceptTos) {
+					if (data.userData.uid) {
+						db.getObjectField('user:' + data.userData.uid, 'acceptTos', function (err, accepted) {
+							if (err) {
+								return callback(err);
+							} else if (!parseInt(accepted, 10)) {
+								add();
+							}
 
-				setImmediate(callback, null, data);
+							callback(null, data);
+						});
+					} else {
+						add();
+						setImmediate(callback, null, data);
+					}
+				} else {
+					// TOS accepted
+					setImmediate(callback, null, data);
+				}
 			},
 		],
 	});
diff --git a/src/user/create.js b/src/user/create.js
index d6718e8a4d..b0eba41c6b 100644
--- a/src/user/create.js
+++ b/src/user/create.js
@@ -47,6 +47,7 @@ module.exports = function (User) {
 					banned: 0,
 					status: 'online',
 					gdpr_consent: data.gdpr_consent === true ? 1 : 0,
+					acceptTos: data.acceptTos === true ? 1 : 0,
 				};
 
 				User.uniqueUsername(userData, next);