Require Terms of Service for deleting an account

If for some reason Terms wasn't accepted before
we require it on delete account attempt.

app/controllers/registrations_controller.rb

@@ -45,6 +45,11 @@ class RegistrationsController < Devise::RegistrationsController
   end
 
   def destroy
+    if current_user.required_terms_not_accepted?
+      redirect_to profile_account_path, status: :see_other, alert: s_('Profiles|You must accept the Terms of Service in order to perform this action.')
+      return
+    end
+
     if destroy_confirmation_valid?
       current_user.delete_async(deleted_by: current_user)
       session.try(:destroy)

locale/gitlab.pot

@@ -26303,6 +26303,9 @@ msgstr ""
 msgid "Profiles|You don't have access to delete this user."
 msgstr ""
 
+msgid "Profiles|You must accept the Terms of Service in order to perform this action."
+msgstr ""
+
 msgid "Profiles|You must transfer ownership or delete groups you are an owner of before you can delete your account"
 msgstr ""
 

spec/controllers/registrations_controller_spec.rb

@@ -602,6 +602,22 @@ RSpec.describe RegistrationsController do
       end
     end
 
+    context 'when user did not accept app terms' do
+      let(:user) { create(:user, accepted_term: nil) }
+
+      before do
+        stub_application_setting(password_authentication_enabled_for_web: false)
+        stub_application_setting(password_authentication_enabled_for_git: false)
+        stub_application_setting(enforce_terms: true)
+      end
+
+      it 'fails with message' do
+        post :destroy, params: { username: user.username }
+
+        expect_failure(s_('Profiles|You must accept the Terms of Service in order to perform this action.'))
+      end
+    end
+
     it 'sets the username and caller_id in the context' do
       expect(controller).to receive(:destroy).and_wrap_original do |m, *args|
         m.call(*args)