Skip to content

Add optional Terms of Use acceptance gate#1012

Merged
Bionic711 merged 3 commits into
Developmentfrom
feature/termsofservice
Jul 8, 2026
Merged

Add optional Terms of Use acceptance gate#1012
Bionic711 merged 3 commits into
Developmentfrom
feature/termsofservice

Conversation

@Bionic711

Copy link
Copy Markdown
Collaborator

Summary

  • Adds an optional admin-configurable Terms of Use prompt that users must accept before using SimpleChat.
  • Supports every-session, once-per-day, and once-per-terms-version acceptance modes.
  • Enforces Terms of Use before standard sign-in and after passive/SSO session creation.
  • Adds server-side enforcement for browser/API requests until terms are accepted.
  • Records accepted and declined events in activity logs when a user identity is available.
  • Adds admin General tab settings for terms title, message, frequency, accept/decline labels, and decline redirect.

Fixes #504

Validation

  • git diff --check
  • Python compile check for changed Python files
  • python scripts/check_swagger_routes.py ...
  • XSS changed-line check: passed for 10 files
  • Broken access control changed-line check: passed for 8 files
  • Route policy coverage tests:
    • functional_tests/route_tests/test_route_blueprint_policy_inventory.py
    • functional_tests/route_tests/test_route_unauthenticated_policy_contract.py
    • functional_tests/route_tests/test_route_policy_test_coverage.py
  • python functional_tests/test_terms_of_use.py — 4/4 passed
  • python -m pytest -rs ui_tests/test_terms_of_use_ui.py — 2/2 passed

Documentation and Release Notes

  • Added docs/explanation/features/TERMS_OF_USE.md.
  • Updated docs/explanation/release_notes.md under version 0.250.056.
  • application/single_app/config.py version is 0.250.056.

Security Notes

  • No sensitive filename hits for .env, secrets, tokens, sessions, keys, connection strings, or local settings artifacts.
  • XSS guardrail passed.
  • Broken access control guardrail passed.
  • Route decorator and route policy coverage passed.

Known Risks / Follow-Up

  • Before standard Microsoft authentication, SimpleChat cannot know the user identity. Daily and once-per-version persistence is therefore applied after authentication, while the pre-auth terms prompt is tracked in the anonymous Flask session.

Comment thread application/single_app/route_frontend_terms_of_use.py Fixed
Comment thread application/single_app/route_frontend_terms_of_use.py Fixed
Comment thread application/single_app/route_frontend_terms_of_use.py Fixed
Comment thread application/single_app/route_frontend_terms_of_use.py Fixed
Comment thread application/single_app/route_frontend_terms_of_use.py Fixed
@Bionic711 Bionic711 marked this pull request as ready for review July 8, 2026 18:51
@Bionic711 Bionic711 merged commit fd9b4e9 into Development Jul 8, 2026
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants