Merge branch 'add-onetrust-to-additional-sign-up-flow-pages' into 'master'

Add OneTrust to additional sign up pages See merge request gitlab-org/gitlab!75577

Merge branch 'add-onetrust-to-additional-sign-up-flow-pages' into 'master'
Add OneTrust to additional sign up pages See merge request gitlab-org/gitlab!75577
58a84211 · Etienne Baqué · c2e1c077 · 60552084 · 58a84211 · 58a84211
Commit 58a84211 authored Dec 02, 2021 by Etienne Baqué
12 changed files
--- a/app/controllers/confirmations_controller.rb
+++ b/app/controllers/confirmations_controller.rb
@@ -3,6 +3,7 @@
 class ConfirmationsController < Devise::ConfirmationsController
  include AcceptsPendingInvitations
  include GitlabRecaptcha
+  include OneTrustCSP

  prepend_before_action :check_recaptcha, only: :create
  before_action :load_recaptcha, only: :new

--- a/app/views/devise/confirmations/almost_there.haml
+++ b/app/views/devise/confirmations/almost_there.haml
 - user_email = "(#{params[:email]})" if params[:email].present?
 - request_link_start = '<a href="%{new_user_confirmation_path}">'.html_safe % { new_user_confirmation_path: new_user_confirmation_path }
 - request_link_end = '</a>'.html_safe
+- content_for :page_specific_javascripts do
+  = render "layouts/one_trust"

 .well-confirmation.gl-text-center.gl-mb-6
  %h1.gl-mt-0

--- a/ee/app/controllers/ee/registrations/welcome_controller.rb
+++ b/ee/app/controllers/ee/registrations/welcome_controller.rb
@@ -10,6 +10,8 @@ module EE
      TRIAL_ONBOARDING_BOARD_NAME = 'GitLab onboarding'

      prepended do
+        include OneTrustCSP
+
        before_action :authorized_for_trial_onboarding!,
                      only: [
                        :trial_getting_started,

--- a/ee/app/controllers/registrations/groups_controller.rb
+++ b/ee/app/controllers/registrations/groups_controller.rb
@@ -4,6 +4,7 @@ module Registrations
  class GroupsController < ApplicationController
    include Registrations::CreateGroup
    include ::Gitlab::Utils::StrongMemoize
+    include OneTrustCSP

    layout 'minimal'


--- a/ee/app/controllers/registrations/groups_projects_controller.rb
+++ b/ee/app/controllers/registrations/groups_projects_controller.rb
@@ -4,6 +4,7 @@ module Registrations
  class GroupsProjectsController < ApplicationController
    include Registrations::CreateProject
    include Registrations::CreateGroup
+    include OneTrustCSP

    layout 'minimal'


--- a/ee/app/controllers/registrations/projects_controller.rb
+++ b/ee/app/controllers/registrations/projects_controller.rb
@@ -3,6 +3,8 @@
 module Registrations
  class ProjectsController < ApplicationController
    include Registrations::CreateProject
+    include OneTrustCSP
+
    layout 'minimal'

    before_action :check_if_gl_com_or_dev

--- a/ee/app/views/registrations/groups/new.html.haml
+++ b/ee/app/views/registrations/groups/new.html.haml
 - @html_class = "subscriptions-layout-html"
 - page_title _('Your GitLab group')
 - form_params = { trial_onboarding_flow: params[:trial_onboarding_flow], glm_source: params[:glm_source], glm_content: params[:glm_content] }
+- content_for :page_specific_javascripts do
+  = render "layouts/one_trust"

 .row.gl-flex-grow-1
  .gl-display-flex.gl-flex-direction-column.gl-align-items-center.gl-w-full.gl-px-5.gl-pb-5

--- a/ee/app/views/registrations/groups_projects/new.html.haml
+++ b/ee/app/views/registrations/groups_projects/new.html.haml
 - @html_class = "subscriptions-layout-html"
 - page_title _('Your GitLab group')
 - form_params = { trial_onboarding_flow: params[:trial_onboarding_flow], glm_source: params[:glm_source], glm_content: params[:glm_content] }
+- content_for :page_specific_javascripts do
+  = render "layouts/one_trust"

 - if in_trial_onboarding_flow?
  .row

--- a/ee/app/views/registrations/projects/new.html.haml
+++ b/ee/app/views/registrations/projects/new.html.haml
 - @html_class = "subscriptions-layout-html"
 - page_title _('Your first project')
 - visibility_level = selected_visibility_level(@project, params.dig(:project, :visibility_level))
+- content_for :page_specific_javascripts do
+  = render "layouts/one_trust"

 - if in_trial_during_signup_flow? || in_trial_onboarding_flow?
  = render 'registrations/trial_is_activated_banner'

--- a/ee/app/views/registrations/welcome/trial_getting_started.html.haml
+++ b/ee/app/views/registrations/welcome/trial_getting_started.html.haml
 - return unless learn_gitlab_project
 - page_title _('Get started with GitLab')
+- content_for :page_specific_javascripts do
+  = render "layouts/one_trust"

 .row.gl-flex-grow-1
  .gl-display-flex.gl-flex-direction-column.gl-align-items-center.gl-w-full

--- a/ee/spec/features/registrations/one_trust_spec.rb
+++ b/ee/spec/features/registrations/one_trust_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'OneTrust in the sign up flow' do
+  let_it_be(:onetrust_url) { 'https://*.onetrust.com' }
+  let_it_be(:one_trust_id) { SecureRandom.uuid }
+  let_it_be(:user) { create(:user) }
+  let_it_be(:group) { create(:group) }
+
+  before do
+    stub_config(extra: { one_trust_id: one_trust_id })
+    stub_feature_flags(ecomm_instrumentation: true)
+    allow(::Gitlab).to receive(:dev_env_or_com?).and_return(true)
+    sign_in(user)
+  end
+
+  shared_examples_for 'one trust settings' do
+    it 'has the OneTrust CSP settings', :aggregate_failures do
+      expect(response_headers['Content-Security-Policy']).to include("#{onetrust_url}")
+      expect(page.html).to include("https://cdn.cookielaw.org/consent/#{one_trust_id}/OtAutoBlock.js")
+    end
+  end
+
+  context 'when user visits /users/sign_up/groups/new' do
+    before do
+      visit new_users_sign_up_group_path
+    end
+
+    it_behaves_like 'one trust settings'
+  end
+
+  context 'when user visits /users/sign_up/projects/new' do
+    before do
+      group.add_owner(user)
+      visit new_users_sign_up_project_path(namespace_id: group.id)
+    end
+
+    it_behaves_like 'one trust settings'
+  end
+
+  context 'when user visits /users/sign_up/groups_projects/new' do
+    before do
+      visit new_users_sign_up_groups_project_path
+    end
+
+    it_behaves_like 'one trust settings'
+  end
+
+  context 'when user visits /users/sign_up/welcome/trial_getting_started' do
+    let_it_be(:project) { create(:project, group: group) }
+
+    before do
+      project.group.add_owner(user)
+      visit trial_getting_started_users_sign_up_welcome_path(learn_gitlab_project_id: project.id)
+    end
+
+    it_behaves_like 'one trust settings'
+  end
+end
--- a/spec/features/one_trust_spec.rb
+++ b/spec/features/one_trust_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'OneTrust' do
+  context 'almost there page' do
+    context 'when OneTrust is enabled' do
+      let_it_be(:onetrust_url) { 'https://*.onetrust.com' }
+      let_it_be(:one_trust_id) { SecureRandom.uuid }
+
+      before do
+        stub_config(extra: { one_trust_id: one_trust_id })
+        stub_feature_flags(ecomm_instrumentation: true)
+        visit users_almost_there_path
+      end
+
+      it 'has the OneTrust CSP settings', :aggregate_failures do
+        expect(response_headers['Content-Security-Policy']).to include("#{onetrust_url}")
+        expect(page.html).to include("https://cdn.cookielaw.org/consent/#{one_trust_id}/OtAutoBlock.js")
+      end
+    end
+  end
+end