From 71afd96bac1920e7310fc263ca6df671e9bc9d10 Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Thu, 6 May 2021 22:32:57 -0500
Subject: [PATCH 01/32] LG-4449 Implement rules of use for existing users

---
 app/controllers/rules_of_use_controller.rb   | 49 +++++++++++++++++++
 app/controllers/users/sessions_controller.rb | 10 +++-
 app/forms/rules_of_use_form.rb               | 50 ++++++++++++++++++++
 app/javascript/packs/form-validation.js      | 19 +++++---
 app/models/user.rb                           |  4 ++
 app/services/analytics.rb                    |  1 +
 app/views/rules_of_use/new.html.erb          | 38 +++++++++++++++
 config/locales/errors/en.yml                 |  1 +
 config/locales/errors/es.yml                 |  1 +
 config/locales/errors/fr.yml                 |  1 +
 config/locales/users/en.yml                  | 11 +++++
 config/locales/users/es.yml                  |  5 ++
 config/locales/users/fr.yml                  |  5 ++
 config/routes.rb                             |  3 ++
 spec/factories/users.rb                      |  3 ++
 15 files changed, 193 insertions(+), 8 deletions(-)
 create mode 100644 app/controllers/rules_of_use_controller.rb
 create mode 100644 app/forms/rules_of_use_form.rb
 create mode 100644 app/views/rules_of_use/new.html.erb

diff --git a/app/controllers/rules_of_use_controller.rb b/app/controllers/rules_of_use_controller.rb
new file mode 100644
index 00000000000..eaa4174ae9e
--- /dev/null
+++ b/app/controllers/rules_of_use_controller.rb
@@ -0,0 +1,49 @@
+class RulesOfUseController < ApplicationController
+  before_action :confirm_signed_in
+  before_action :confirm_need_to_accept_rules_of_use
+
+  def new
+    analytics.track_event(Analytics::RULES_OF_USE_VISIT)
+    @rules_of_use_form = new_rules_of_use_form
+    render :new, locals: { request_id: nil }, formats: :html
+  end
+
+  def create
+    @rules_of_use_form = new_rules_of_use_form
+
+    result = @rules_of_use_form.submit(permitted_params)
+
+    analytics.track_event(Analytics::USER_REGISTRATION_EMAIL, result.to_h)
+
+    if result.success?
+      process_successful_agreement_to_rules_of_use
+    else
+      render :new
+    end
+  end
+
+  private
+
+  def new_rules_of_use_form
+    RulesOfUseForm.new(user: current_user, analytics: analytics)
+  end
+
+  def process_successful_agreement_to_rules_of_use
+    redirect_to user_two_factor_authentication_url
+  end
+
+  def confirm_signed_in
+    return if signed_in?
+    redirect_to root_url
+  end
+
+  def confirm_need_to_accept_rules_of_use
+    return unless current_user.accepted_terms_at
+
+    redirect_to user_two_factor_authentication_url
+  end
+
+  def permitted_params
+    params.require(:user).permit(:terms_accepted)
+  end
+end
diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb
index d8415a5f826..8dcbefd68c9 100644
--- a/app/controllers/users/sessions_controller.rb
+++ b/app/controllers/users/sessions_controller.rb
@@ -174,10 +174,16 @@ def request_id
     end
 
     def redirect_to_2fa_or_pending_reset
+      redirect_to next_url
+    end
+
+    def next_url
       if pending_account_reset_request.present?
-        redirect_to account_reset_pending_url
+        account_reset_pending_url
+      elsif current_user.accepted_rules_of_use?
+        user_two_factor_authentication_url
       else
-        redirect_to user_two_factor_authentication_url
+        rules_of_use_url
       end
     end
 
diff --git a/app/forms/rules_of_use_form.rb b/app/forms/rules_of_use_form.rb
new file mode 100644
index 00000000000..0fb13e1c8c1
--- /dev/null
+++ b/app/forms/rules_of_use_form.rb
@@ -0,0 +1,50 @@
+class RulesOfUseForm
+  include ActiveModel::Model
+  include ActionView::Helpers::TranslationHelper
+
+  validate :validate_terms_accepted
+
+  attr_reader :terms_accepted
+
+  def self.model_name
+    ActiveModel::Name.new(self, nil, 'User')
+  end
+
+  def initialize(user:, analytics:)
+    @user = user
+    @analytics = analytics
+  end
+
+  def validate_terms_accepted
+    return if @terms_accepted
+
+    errors.add(:terms_accepted, t('errors.registration.terms'))
+  end
+
+  def submit(params, instructions = nil)
+    @terms_accepted = params[:terms_accepted] == 'true'
+    if valid?
+      process_successful_submission
+    else
+      self.success = false
+    end
+
+    FormResponse.new(success: success, errors: errors.messages, extra: extra_analytics_attributes)
+  end
+
+  private
+
+  attr_accessor :success, :user
+
+  def process_successful_submission
+    self.success = true
+    user.accepted_terms_at = Time.zone.now
+    user.save!
+  end
+
+  def extra_analytics_attributes
+    {
+      user_id: user.uuid,
+    }
+  end
+end
diff --git a/app/javascript/packs/form-validation.js b/app/javascript/packs/form-validation.js
index 0a3fd242d26..618481f9147 100644
--- a/app/javascript/packs/form-validation.js
+++ b/app/javascript/packs/form-validation.js
@@ -18,12 +18,9 @@ function disableFormSubmit(event) {
 }
 
 /**
- * Given an `input` or `invalid` event, updates custom validity of the given input.
- *
- * @param {Event} event Input or invalid event.
+ * @param {HTMLInputElement} input
  */
-function checkInputValidity(event) {
-  const input = /** @type {HTMLInputElement} */ (event.target);
+function validateInput(input) {
   input.setCustomValidity('');
   input.setAttribute('aria-invalid', String(!input.validity.valid));
   if (
@@ -52,12 +49,22 @@ function checkInputValidity(event) {
   }
 }
 
+/**
+ * Given an `input` or `invalid` event, updates custom validity of the given input.
+ *
+ * @param {Event} event Input or invalid event.
+ */
+function checkInputValidity(event) {
+  const input = /** @type {HTMLInputElement} */ (event.target);
+  validateInput(input);
+}
+
 /**
  * Binds validation to a given input.
  *
  * @param {HTMLInputElement} input Input element.
  */
-function validateInput(input) {
+function addInputValidationListeners(input) {
   input.addEventListener('input', checkInputValidity);
   input.addEventListener('invalid', checkInputValidity);
 }
diff --git a/app/models/user.rb b/app/models/user.rb
index 49a3eec7f75..dfb61073161 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -64,6 +64,10 @@ def confirmed?
     email_addresses.where.not(confirmed_at: nil).any?
   end
 
+  def accepted_rules_of_use?
+    self.accepted_terms_at.present?
+  end
+
   def set_reset_password_token
     super
   end
diff --git a/app/services/analytics.rb b/app/services/analytics.rb
index 3b6815fd47e..a0187672387 100644
--- a/app/services/analytics.rb
+++ b/app/services/analytics.rb
@@ -177,6 +177,7 @@ def browser_attributes
   REMEMBERED_DEVICE_USED_FOR_AUTH = 'Remembered device used for authentication'.freeze
   RETURN_TO_SP_CANCEL = 'Return to SP: Cancelled'.freeze
   RETURN_TO_SP_FAILURE_TO_PROOF = 'Return to SP: Failed to proof'.freeze
+  RULES_OF_USE_VISIT = 'Rules Of Use Visited'.freeze
   SECURITY_EVENT_RECEIVED = 'RISC: Security event received'.freeze
   SP_REVOKE_CONSENT_REVOKED = 'SP Revoke Consent: Revoked'.freeze
   SP_REVOKE_CONSENT_VISITED = 'SP Revoke Consent: Visited'.freeze
diff --git a/app/views/rules_of_use/new.html.erb b/app/views/rules_of_use/new.html.erb
new file mode 100644
index 00000000000..ff328c2001a
--- /dev/null
+++ b/app/views/rules_of_use/new.html.erb
@@ -0,0 +1,38 @@
+<% title t('titles.registrations.new') %>
+
+<h1><%= t('titles.rules_of_use') %></h1>
+
+<p>
+<%== t('users.rules_of_use.overview', link: new_window_link_to(t('titles.rules_of_use'),
+                                                              "http://localhost:4000/policy/rules-of-use/")) %>
+</p>
+
+<%= t('users.rules_of_use.details_html') %>
+<div class='margin-bottom-6'>
+  <%= validated_form_for(@rules_of_use_form,
+      html: { autocomplete: 'off', role: 'form' },
+      url: rules_of_use_path) do |f| %>
+
+    <div class="margin-bottom-3">
+      <%= f.check_box :terms_accepted, { class: 'usa-checkbox__input',
+                                         required: true, aria: { invalid: false } }, true, false %>
+      <label for="user_terms_accepted" class="usa-checkbox__label"><%= t('users.rules_of_use.check_box_to_accept') %>    <%= new_window_link_to(t('titles.rules_of_use'),
+                                                                                                                                                "http://localhost:4000/policy/rules-of-use/") %>
+      </label>
+      <div class="usa-error-message usa-error-message--with-icon display-if-invalid" role="alert">
+        <%= t('errors.rules_of_use') %>
+      </div>
+    </div>
+
+    <%= f.input :request_id, as: :hidden, input_html: { value: params[:request_id] || request_id } %>
+    <%= f.button :button, t('forms.buttons.continue'), type: :submit,
+                 class: 'usa-button--big grid-col-8 mobile-lg:grid-col-6' %>
+<% end %>
+</div>
+
+<%= render 'shared/cancel', link: decorated_session.cancel_link_url %>
+
+<p class='margin-top-2'>
+</p>
+
+<%= javascript_packs_tag_once 'accept-terms-button' %>
diff --git a/config/locales/errors/en.yml b/config/locales/errors/en.yml
index 9e4d96ea6b2..534ba7be711 100644
--- a/config/locales/errors/en.yml
+++ b/config/locales/errors/en.yml
@@ -103,6 +103,7 @@ en:
     registration:
       terms: Before you can continue, you must give us permission. Please check the
         box below and then click continue.
+    rules_of_use: Please check this box to continue
     two_factor_auth_setup:
       must_select_option: Select an authentication method.
     verify_personal_key:
diff --git a/config/locales/errors/es.yml b/config/locales/errors/es.yml
index b3bfa19ed09..48631fd4e34 100644
--- a/config/locales/errors/es.yml
+++ b/config/locales/errors/es.yml
@@ -107,6 +107,7 @@ es:
     registration:
       terms: Antes de continuar, debe darnos permiso. Marque la casilla a continuación
         y luego haga clic en continuar.
+    rules_of_use: Marque esta casilla para continuar
     two_factor_auth_setup:
       must_select_option: Seleccione un método de autenticación.
     verify_personal_key:
diff --git a/config/locales/errors/fr.yml b/config/locales/errors/fr.yml
index 83ea6e447e3..a7140d77fb2 100644
--- a/config/locales/errors/fr.yml
+++ b/config/locales/errors/fr.yml
@@ -116,6 +116,7 @@ fr:
     registration:
       terms: Avant de pouvoir continuer, vous devez nous donner la permission.
         Veuillez cocher la case ci-dessous puis cliquez sur continuer.
+    rules_of_use: Veuillez cocher cette case pour continuer
     two_factor_auth_setup:
       must_select_option: Sélectionnez une méthode d’authentification.
     verify_personal_key:
diff --git a/config/locales/users/en.yml b/config/locales/users/en.yml
index 262c194072d..13669338817 100644
--- a/config/locales/users/en.yml
+++ b/config/locales/users/en.yml
@@ -24,3 +24,14 @@ en:
       generated_on_html: Generated on %{date}
       header: Your personal key
       print: Print
+    rules_of_use:
+      check_box_to_accept: Check this box to accept the login.gov
+      details_html: |-
+        <div class="bold margin-bottom-1">Rules of Use:</div>
+        <ul>
+        <li>Explain how the login.gov service works and what you can expect from it,</li>
+        <li>The terms under which we provide the login.gov service to you,</li>
+        <li>How we use your information and your rights to that information, ands</li>
+        <li>The conditions you agree to when you take certain actions on the login.gov service.</li>
+        </ul>
+      overview: We've updated our %{link}. Please review and check the box below to continue.
diff --git a/config/locales/users/es.yml b/config/locales/users/es.yml
index 88c4fe6263d..8273f7d7615 100644
--- a/config/locales/users/es.yml
+++ b/config/locales/users/es.yml
@@ -25,3 +25,8 @@ es:
       generated_on_html: Generado el %{date}
       header: Su clave personal
       print: Imprima esta página
+    rules_of_use:
+      check_box_to_accept: translate
+      details_html: |-
+        translate
+      overview: translate
diff --git a/config/locales/users/fr.yml b/config/locales/users/fr.yml
index 7bbe3aefb51..b8a8c233ef4 100644
--- a/config/locales/users/fr.yml
+++ b/config/locales/users/fr.yml
@@ -27,3 +27,8 @@ fr:
       generated_on_html: Générée le %{date}
       header: Votre clé personnelle
       print: Imprimer cette page
+    rules_of_use:
+      check_box_to_accept: translate
+      details_html: |-
+        translate
+      overview: translate
diff --git a/config/routes.rb b/config/routes.rb
index 66e9d5861be..7e44aa8a782 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -161,6 +161,9 @@
     get '/events/disavow' => 'event_disavowal#new', as: :event_disavowal
     post '/events/disavow' => 'event_disavowal#create', as: :events_disavowal
 
+    get '/rules_of_use' => 'rules_of_use#new'
+    post '/rules_of_use' => 'rules_of_use#create'
+
     get '/piv_cac' => 'users/piv_cac_authentication_setup#new', as: :setup_piv_cac
     get '/piv_cac_error' => 'users/piv_cac_authentication_setup#error', as: :setup_piv_cac_error
     delete '/piv_cac' => 'users/piv_cac_authentication_setup#delete', as: :disable_piv_cac
diff --git a/spec/factories/users.rb b/spec/factories/users.rb
index 3cf048e54cd..8059bb9e53b 100644
--- a/spec/factories/users.rb
+++ b/spec/factories/users.rb
@@ -8,6 +8,7 @@
       with { {} }
       email { Faker::Internet.safe_email }
       confirmed_at { Time.zone.now }
+      accepted_terms_at { Time.zone.now }
     end
 
     after(:build) do |user, evaluator|
@@ -18,6 +19,7 @@
       )
       user.email = evaluator.email
       user.confirmed_at = evaluator.confirmed_at
+      user.accepted_terms_at = Time.zone.now
     end
 
     after(:stub) do |user, evaluator|
@@ -28,6 +30,7 @@
       )
       user.email = evaluator.email
       user.confirmed_at = evaluator.confirmed_at
+      user.accepted_terms_at = Time.zone.now
     end
 
     trait :with_multiple_emails do

From 30114740ac16f8a180ca4573fc9ac4b030936b2e Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Thu, 6 May 2021 22:50:35 -0500
Subject: [PATCH 02/32] Misc

---
 app/controllers/rules_of_use_controller.rb |  2 +-
 app/forms/rules_of_use_form.rb             | 11 ++---------
 2 files changed, 3 insertions(+), 10 deletions(-)

diff --git a/app/controllers/rules_of_use_controller.rb b/app/controllers/rules_of_use_controller.rb
index eaa4174ae9e..b32c07619a9 100644
--- a/app/controllers/rules_of_use_controller.rb
+++ b/app/controllers/rules_of_use_controller.rb
@@ -25,7 +25,7 @@ def create
   private
 
   def new_rules_of_use_form
-    RulesOfUseForm.new(user: current_user, analytics: analytics)
+    RulesOfUseForm.new(current_user)
   end
 
   def process_successful_agreement_to_rules_of_use
diff --git a/app/forms/rules_of_use_form.rb b/app/forms/rules_of_use_form.rb
index 0fb13e1c8c1..731dbd8e5e9 100644
--- a/app/forms/rules_of_use_form.rb
+++ b/app/forms/rules_of_use_form.rb
@@ -10,9 +10,8 @@ def self.model_name
     ActiveModel::Name.new(self, nil, 'User')
   end
 
-  def initialize(user:, analytics:)
+  def initialize(user)
     @user = user
-    @analytics = analytics
   end
 
   def validate_terms_accepted
@@ -29,7 +28,7 @@ def submit(params, instructions = nil)
       self.success = false
     end
 
-    FormResponse.new(success: success, errors: errors.messages, extra: extra_analytics_attributes)
+    FormResponse.new(success: success, errors: errors.messages)
   end
 
   private
@@ -41,10 +40,4 @@ def process_successful_submission
     user.accepted_terms_at = Time.zone.now
     user.save!
   end
-
-  def extra_analytics_attributes
-    {
-      user_id: user.uuid,
-    }
-  end
 end

From bccc5f063c26c307e7c653ef8f5dbef40d2e1e1a Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Thu, 6 May 2021 23:11:06 -0500
Subject: [PATCH 03/32] Misc

---
 config/locales/users/en.yml | 3 ++-
 config/locales/users/es.yml | 3 +--
 config/locales/users/fr.yml | 3 +--
 3 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/config/locales/users/en.yml b/config/locales/users/en.yml
index 13669338817..aa1252b023a 100644
--- a/config/locales/users/en.yml
+++ b/config/locales/users/en.yml
@@ -34,4 +34,5 @@ en:
         <li>How we use your information and your rights to that information, ands</li>
         <li>The conditions you agree to when you take certain actions on the login.gov service.</li>
         </ul>
-      overview: We've updated our %{link}. Please review and check the box below to continue.
+      overview: We’ve updated our %{link}. Please review and check the box below to
+        continue.
diff --git a/config/locales/users/es.yml b/config/locales/users/es.yml
index 8273f7d7615..f99381d92af 100644
--- a/config/locales/users/es.yml
+++ b/config/locales/users/es.yml
@@ -27,6 +27,5 @@ es:
       print: Imprima esta página
     rules_of_use:
       check_box_to_accept: translate
-      details_html: |-
-        translate
+      details_html: translate
       overview: translate
diff --git a/config/locales/users/fr.yml b/config/locales/users/fr.yml
index b8a8c233ef4..35a35ecf65c 100644
--- a/config/locales/users/fr.yml
+++ b/config/locales/users/fr.yml
@@ -29,6 +29,5 @@ fr:
       print: Imprimer cette page
     rules_of_use:
       check_box_to_accept: translate
-      details_html: |-
-        translate
+      details_html: translate
       overview: translate

From ee4909d526cea2399816a29b3f6d54c3519ac3d1 Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Thu, 6 May 2021 23:35:12 -0500
Subject: [PATCH 04/32] Misc

---
 spec/support/features/session_helper.rb | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/spec/support/features/session_helper.rb b/spec/support/features/session_helper.rb
index 77e4756a9a9..10692cbb671 100644
--- a/spec/support/features/session_helper.rb
+++ b/spec/support/features/session_helper.rb
@@ -17,6 +17,8 @@ def expect_email_invalid(page)
     end
 
     def choose_another_security_option(option)
+      accept_rules_of_use_and_continue_if_displayed
+
       click_link t('two_factor_authentication.login_options_link_text')
 
       expect(current_path).to eq login_two_factor_options_path
@@ -262,9 +264,16 @@ def sign_in_live_with_piv_cac(user = user_with_piv_cac)
     end
 
     def fill_in_code_with_last_phone_otp
+      accept_rules_of_use_and_continue_if_displayed
       fill_in :code, with: last_phone_otp
     end
 
+    def accept_rules_of_use_and_continue_if_displayed
+      return unless current_path == rules_of_use_path
+      check t('users.rules_of_use.check_box_to_accept'), allow_label_click: true
+      click_button t('forms.buttons.continue')
+    end
+
     def click_submit_default
       click_button t('forms.buttons.submit.default')
     end

From 6b113cb5b70a664cdb0fd0ee8fb7a3a01e361d02 Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Thu, 6 May 2021 23:52:59 -0500
Subject: [PATCH 05/32] Misc

---
 app/forms/rules_of_use_form.rb | 2 +-
 config/locales/users/es.yml    | 2 +-
 config/locales/users/fr.yml    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/forms/rules_of_use_form.rb b/app/forms/rules_of_use_form.rb
index 731dbd8e5e9..6b693411331 100644
--- a/app/forms/rules_of_use_form.rb
+++ b/app/forms/rules_of_use_form.rb
@@ -17,7 +17,7 @@ def initialize(user)
   def validate_terms_accepted
     return if @terms_accepted
 
-    errors.add(:terms_accepted, t('errors.registration.terms'))
+    errors.add(:terms_accepted, t('errors.rules_of_use'))
   end
 
   def submit(params, instructions = nil)
diff --git a/config/locales/users/es.yml b/config/locales/users/es.yml
index f99381d92af..2a2a07721c2 100644
--- a/config/locales/users/es.yml
+++ b/config/locales/users/es.yml
@@ -28,4 +28,4 @@ es:
     rules_of_use:
       check_box_to_accept: translate
       details_html: translate
-      overview: translate
+      overview: translate %{link}
diff --git a/config/locales/users/fr.yml b/config/locales/users/fr.yml
index 35a35ecf65c..4ed1537737e 100644
--- a/config/locales/users/fr.yml
+++ b/config/locales/users/fr.yml
@@ -30,4 +30,4 @@ fr:
     rules_of_use:
       check_box_to_accept: translate
       details_html: translate
-      overview: translate
+      overview: translate %{link}

From c80eae2f1d9b686fdb97b0405949756c404ebb24 Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Fri, 7 May 2021 00:23:35 -0500
Subject: [PATCH 06/32] Misc

---
 spec/support/monitor/monitor_idp_steps.rb | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/spec/support/monitor/monitor_idp_steps.rb b/spec/support/monitor/monitor_idp_steps.rb
index d9bbce230f6..52fc41f98da 100644
--- a/spec/support/monitor/monitor_idp_steps.rb
+++ b/spec/support/monitor/monitor_idp_steps.rb
@@ -57,6 +57,12 @@ def sign_in_and_2fa(email)
     fill_in 'user_email', with: email
     fill_in 'user_password', with: monitor.config.login_gov_sign_in_password
     click_on 'Sign in'
+
+    if current_path == rules_of_use_path
+      check t('users.rules_of_use.check_box_to_accept'), allow_label_click: true
+      click_button t('forms.buttons.continue')
+    end
+
     fill_in 'code', with: monitor.check_for_otp
     uncheck 'Remember this browser'
     click_on 'Submit'

From 8e9b9a07fa7a0802ae15e1e5610dfc588050e8f0 Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Fri, 7 May 2021 11:40:20 -0500
Subject: [PATCH 07/32] Controller under users

---
 app/controllers/rules_of_use_controller.rb    | 49 ------------------
 .../users/rules_of_use_controller.rb          | 51 +++++++++++++++++++
 config/routes.rb                              |  4 +-
 3 files changed, 53 insertions(+), 51 deletions(-)
 delete mode 100644 app/controllers/rules_of_use_controller.rb
 create mode 100644 app/controllers/users/rules_of_use_controller.rb

diff --git a/app/controllers/rules_of_use_controller.rb b/app/controllers/rules_of_use_controller.rb
deleted file mode 100644
index b32c07619a9..00000000000
--- a/app/controllers/rules_of_use_controller.rb
+++ /dev/null
@@ -1,49 +0,0 @@
-class RulesOfUseController < ApplicationController
-  before_action :confirm_signed_in
-  before_action :confirm_need_to_accept_rules_of_use
-
-  def new
-    analytics.track_event(Analytics::RULES_OF_USE_VISIT)
-    @rules_of_use_form = new_rules_of_use_form
-    render :new, locals: { request_id: nil }, formats: :html
-  end
-
-  def create
-    @rules_of_use_form = new_rules_of_use_form
-
-    result = @rules_of_use_form.submit(permitted_params)
-
-    analytics.track_event(Analytics::USER_REGISTRATION_EMAIL, result.to_h)
-
-    if result.success?
-      process_successful_agreement_to_rules_of_use
-    else
-      render :new
-    end
-  end
-
-  private
-
-  def new_rules_of_use_form
-    RulesOfUseForm.new(current_user)
-  end
-
-  def process_successful_agreement_to_rules_of_use
-    redirect_to user_two_factor_authentication_url
-  end
-
-  def confirm_signed_in
-    return if signed_in?
-    redirect_to root_url
-  end
-
-  def confirm_need_to_accept_rules_of_use
-    return unless current_user.accepted_terms_at
-
-    redirect_to user_two_factor_authentication_url
-  end
-
-  def permitted_params
-    params.require(:user).permit(:terms_accepted)
-  end
-end
diff --git a/app/controllers/users/rules_of_use_controller.rb b/app/controllers/users/rules_of_use_controller.rb
new file mode 100644
index 00000000000..9af0b19ae04
--- /dev/null
+++ b/app/controllers/users/rules_of_use_controller.rb
@@ -0,0 +1,51 @@
+module Users
+  class RulesOfUseController < ApplicationController
+    before_action :confirm_signed_in
+    before_action :confirm_need_to_accept_rules_of_use
+
+    def new
+      analytics.track_event(Analytics::RULES_OF_USE_VISIT)
+      @rules_of_use_form = new_rules_of_use_form
+      render :new, locals: { request_id: nil }, formats: :html
+    end
+
+    def create
+      @rules_of_use_form = new_rules_of_use_form
+
+      result = @rules_of_use_form.submit(permitted_params)
+
+      analytics.track_event(Analytics::USER_REGISTRATION_EMAIL, result.to_h)
+
+      if result.success?
+        process_successful_agreement_to_rules_of_use
+      else
+        render :new
+      end
+    end
+
+    private
+
+    def new_rules_of_use_form
+      RulesOfUseForm.new(current_user)
+    end
+
+    def process_successful_agreement_to_rules_of_use
+      redirect_to user_two_factor_authentication_url
+    end
+
+    def confirm_signed_in
+      return if signed_in?
+      redirect_to root_url
+    end
+
+    def confirm_need_to_accept_rules_of_use
+      return unless current_user.accepted_terms_at
+
+      redirect_to user_two_factor_authentication_url
+    end
+
+    def permitted_params
+      params.require(:user).permit(:terms_accepted)
+    end
+  end
+end
diff --git a/config/routes.rb b/config/routes.rb
index 7e44aa8a782..d4b8ea5de6c 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -161,8 +161,8 @@
     get '/events/disavow' => 'event_disavowal#new', as: :event_disavowal
     post '/events/disavow' => 'event_disavowal#create', as: :events_disavowal
 
-    get '/rules_of_use' => 'rules_of_use#new'
-    post '/rules_of_use' => 'rules_of_use#create'
+    get '/rules_of_use' => 'users/rules_of_use#new'
+    post '/rules_of_use' => 'users/rules_of_use#create'
 
     get '/piv_cac' => 'users/piv_cac_authentication_setup#new', as: :setup_piv_cac
     get '/piv_cac_error' => 'users/piv_cac_authentication_setup#error', as: :setup_piv_cac_error

From 3a7e5907d6e925c848cc083d9460741dad967e53 Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Fri, 7 May 2021 11:42:47 -0500
Subject: [PATCH 08/32] UpdateUser

---
 app/forms/rules_of_use_form.rb | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/app/forms/rules_of_use_form.rb b/app/forms/rules_of_use_form.rb
index 6b693411331..609caba0dc6 100644
--- a/app/forms/rules_of_use_form.rb
+++ b/app/forms/rules_of_use_form.rb
@@ -37,7 +37,6 @@ def submit(params, instructions = nil)
 
   def process_successful_submission
     self.success = true
-    user.accepted_terms_at = Time.zone.now
-    user.save!
+    UpdateUser.new(user: user, attributes: { accepted_terms_at: Time.zone.now }).call
   end
 end

From 0b6de339ba0f98cf2b06615ceb062bb0194ee885 Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Fri, 7 May 2021 11:44:42 -0500
Subject: [PATCH 09/32] Drop render

---
 app/controllers/users/rules_of_use_controller.rb | 1 -
 1 file changed, 1 deletion(-)

diff --git a/app/controllers/users/rules_of_use_controller.rb b/app/controllers/users/rules_of_use_controller.rb
index 9af0b19ae04..bc40592b769 100644
--- a/app/controllers/users/rules_of_use_controller.rb
+++ b/app/controllers/users/rules_of_use_controller.rb
@@ -6,7 +6,6 @@ class RulesOfUseController < ApplicationController
     def new
       analytics.track_event(Analytics::RULES_OF_USE_VISIT)
       @rules_of_use_form = new_rules_of_use_form
-      render :new, locals: { request_id: nil }, formats: :html
     end
 
     def create

From 50f48af59ed2eab65d0f8b726eca48a90856f1fb Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Fri, 7 May 2021 12:07:01 -0500
Subject: [PATCH 10/32] MarketingSite.security_and_privacy_practices_url

---
 app/views/rules_of_use/new.html.erb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/app/views/rules_of_use/new.html.erb b/app/views/rules_of_use/new.html.erb
index ff328c2001a..072ebfc919e 100644
--- a/app/views/rules_of_use/new.html.erb
+++ b/app/views/rules_of_use/new.html.erb
@@ -16,8 +16,9 @@
     <div class="margin-bottom-3">
       <%= f.check_box :terms_accepted, { class: 'usa-checkbox__input',
                                          required: true, aria: { invalid: false } }, true, false %>
-      <label for="user_terms_accepted" class="usa-checkbox__label"><%= t('users.rules_of_use.check_box_to_accept') %>    <%= new_window_link_to(t('titles.rules_of_use'),
-                                                                                                                                                "http://localhost:4000/policy/rules-of-use/") %>
+      <label for="user_terms_accepted" class="usa-checkbox__label">
+        <%= t('users.rules_of_use.check_box_to_accept') %>
+        <%= new_window_link_to(t('titles.rules_of_use'), MarketingSite.security_and_privacy_practices_url) %>
       </label>
       <div class="usa-error-message usa-error-message--with-icon display-if-invalid" role="alert">
         <%= t('errors.rules_of_use') %>

From 5dc3e3340b9efe4d04dda3876978a98c9c56f476 Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Fri, 7 May 2021 12:08:30 -0500
Subject: [PATCH 11/32] RULES_OF_USE_SUBMITTED

---
 app/controllers/users/rules_of_use_controller.rb | 2 +-
 app/services/analytics.rb                        | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/controllers/users/rules_of_use_controller.rb b/app/controllers/users/rules_of_use_controller.rb
index bc40592b769..15f0b7d851f 100644
--- a/app/controllers/users/rules_of_use_controller.rb
+++ b/app/controllers/users/rules_of_use_controller.rb
@@ -13,7 +13,7 @@ def create
 
       result = @rules_of_use_form.submit(permitted_params)
 
-      analytics.track_event(Analytics::USER_REGISTRATION_EMAIL, result.to_h)
+      analytics.track_event(Analytics::RULES_OF_USE_SUBMITTED, result.to_h)
 
       if result.success?
         process_successful_agreement_to_rules_of_use
diff --git a/app/services/analytics.rb b/app/services/analytics.rb
index a0187672387..9bf7b3dce72 100644
--- a/app/services/analytics.rb
+++ b/app/services/analytics.rb
@@ -178,6 +178,7 @@ def browser_attributes
   RETURN_TO_SP_CANCEL = 'Return to SP: Cancelled'.freeze
   RETURN_TO_SP_FAILURE_TO_PROOF = 'Return to SP: Failed to proof'.freeze
   RULES_OF_USE_VISIT = 'Rules Of Use Visited'.freeze
+  RULES_OF_USE_SUBMITTED = 'Rules Of Use Submitted'.freeze
   SECURITY_EVENT_RECEIVED = 'RISC: Security event received'.freeze
   SP_REVOKE_CONSENT_REVOKED = 'SP Revoke Consent: Revoked'.freeze
   SP_REVOKE_CONSENT_VISITED = 'SP Revoke Consent: Visited'.freeze

From d46eda2530fa0886276bef43766b5f6034cbadd3 Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Fri, 7 May 2021 12:19:09 -0500
Subject: [PATCH 12/32] Move view

---
 app/controllers/users/rules_of_use_controller.rb | 1 +
 app/views/{ => users}/rules_of_use/new.html.erb  | 0
 2 files changed, 1 insertion(+)
 rename app/views/{ => users}/rules_of_use/new.html.erb (100%)

diff --git a/app/controllers/users/rules_of_use_controller.rb b/app/controllers/users/rules_of_use_controller.rb
index 15f0b7d851f..7dbe3bdd50a 100644
--- a/app/controllers/users/rules_of_use_controller.rb
+++ b/app/controllers/users/rules_of_use_controller.rb
@@ -6,6 +6,7 @@ class RulesOfUseController < ApplicationController
     def new
       analytics.track_event(Analytics::RULES_OF_USE_VISIT)
       @rules_of_use_form = new_rules_of_use_form
+      render :new, locals: { request_id: nil }, formats: :html
     end
 
     def create
diff --git a/app/views/rules_of_use/new.html.erb b/app/views/users/rules_of_use/new.html.erb
similarity index 100%
rename from app/views/rules_of_use/new.html.erb
rename to app/views/users/rules_of_use/new.html.erb

From f5f6be1662e7e6f9c71d61ae89c813f9cefb3ec4 Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Fri, 7 May 2021 13:56:05 -0500
Subject: [PATCH 13/32] MarketingSite.security_and_privacy_practices_url

---
 app/views/users/rules_of_use/new.html.erb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/app/views/users/rules_of_use/new.html.erb b/app/views/users/rules_of_use/new.html.erb
index 072ebfc919e..7436f28fb68 100644
--- a/app/views/users/rules_of_use/new.html.erb
+++ b/app/views/users/rules_of_use/new.html.erb
@@ -3,8 +3,9 @@
 <h1><%= t('titles.rules_of_use') %></h1>
 
 <p>
-<%== t('users.rules_of_use.overview', link: new_window_link_to(t('titles.rules_of_use'),
-                                                              "http://localhost:4000/policy/rules-of-use/")) %>
+<%== t('users.rules_of_use.overview',
+       link: new_window_link_to(t('titles.rules_of_use'),
+                                MarketingSite.security_and_privacy_practices_url)) %>
 </p>
 
 <%= t('users.rules_of_use.details_html') %>

From 43503aa521c4340bc0e7554278cee13b2e608e50 Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Fri, 7 May 2021 14:03:15 -0500
Subject: [PATCH 14/32] Users routes

---
 config/routes.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/routes.rb b/config/routes.rb
index d4b8ea5de6c..b590cfda3a8 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -161,8 +161,8 @@
     get '/events/disavow' => 'event_disavowal#new', as: :event_disavowal
     post '/events/disavow' => 'event_disavowal#create', as: :events_disavowal
 
-    get '/rules_of_use' => 'users/rules_of_use#new'
-    post '/rules_of_use' => 'users/rules_of_use#create'
+    get '/users/rules_of_use' => 'users/rules_of_use#new'
+    post '/users/rules_of_use' => 'users/rules_of_use#create'
 
     get '/piv_cac' => 'users/piv_cac_authentication_setup#new', as: :setup_piv_cac
     get '/piv_cac_error' => 'users/piv_cac_authentication_setup#error', as: :setup_piv_cac_error

From 4733a24ce8396ff1c00473171336af3ff3e3c206 Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Fri, 7 May 2021 14:42:04 -0500
Subject: [PATCH 15/32] Revert

---
 config/routes.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/routes.rb b/config/routes.rb
index b590cfda3a8..d4b8ea5de6c 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -161,8 +161,8 @@
     get '/events/disavow' => 'event_disavowal#new', as: :event_disavowal
     post '/events/disavow' => 'event_disavowal#create', as: :events_disavowal
 
-    get '/users/rules_of_use' => 'users/rules_of_use#new'
-    post '/users/rules_of_use' => 'users/rules_of_use#create'
+    get '/rules_of_use' => 'users/rules_of_use#new'
+    post '/rules_of_use' => 'users/rules_of_use#create'
 
     get '/piv_cac' => 'users/piv_cac_authentication_setup#new', as: :setup_piv_cac
     get '/piv_cac_error' => 'users/piv_cac_authentication_setup#error', as: :setup_piv_cac_error

From 788f95d19efe5184e1caaafc01cfd417e219f851 Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Fri, 7 May 2021 16:25:10 -0500
Subject: [PATCH 16/32] Ands

---
 config/locales/users/en.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/locales/users/en.yml b/config/locales/users/en.yml
index aa1252b023a..2c260b570a0 100644
--- a/config/locales/users/en.yml
+++ b/config/locales/users/en.yml
@@ -31,7 +31,7 @@ en:
         <ul>
         <li>Explain how the login.gov service works and what you can expect from it,</li>
         <li>The terms under which we provide the login.gov service to you,</li>
-        <li>How we use your information and your rights to that information, ands</li>
+        <li>How we use your information and your rights to that information, and</li>
         <li>The conditions you agree to when you take certain actions on the login.gov service.</li>
         </ul>
       overview: We’ve updated our %{link}. Please review and check the box below to

From 47f8348839450351f41fe1874b93e52ecfbc92dd Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Fri, 7 May 2021 21:29:06 -0500
Subject: [PATCH 17/32] Translations

---
 config/locales/users/es.yml | 14 +++++++++++---
 config/locales/users/fr.yml | 15 ++++++++++++---
 2 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/config/locales/users/es.yml b/config/locales/users/es.yml
index 2a2a07721c2..b8c7db0e6ec 100644
--- a/config/locales/users/es.yml
+++ b/config/locales/users/es.yml
@@ -26,6 +26,14 @@ es:
       header: Su clave personal
       print: Imprima esta página
     rules_of_use:
-      check_box_to_accept: translate
-      details_html: translate
-      overview: translate %{link}
+      check_box_to_accept: Marque esta casilla para aceptar las reglas de uso de login.gov
+      details_html: |-
+        <div class="bold margin-bottom-1">Reglas de uso:</div>
+        <ul>
+        <li>Explique cómo funciona el servicio login.gov y qué puede esperar de él,</li>
+        <li>Los términos bajo los cuales le brindamos el servicio login.gov,</li>
+        <li>Cómo usamos su información y sus derechos sobre esa información, y</li>
+        <li>Las condiciones que acepta cuando realiza determinadas acciones en el servicio login.gov.</li>
+        </ul>
+      overview: Actualizamos nuestro %{link}. Revise y marque la casilla a continuación
+        para continuar.
diff --git a/config/locales/users/fr.yml b/config/locales/users/fr.yml
index 4ed1537737e..cd3a7c30016 100644
--- a/config/locales/users/fr.yml
+++ b/config/locales/users/fr.yml
@@ -28,6 +28,15 @@ fr:
       header: Votre clé personnelle
       print: Imprimer cette page
     rules_of_use:
-      check_box_to_accept: translate
-      details_html: translate
-      overview: translate %{link}
+      check_box_to_accept: Cochez cette case pour accepter les règles d’utilisation
+        de login.gov
+      details_html: |-
+        <div class="bold margin-bottom-1">Règles d’utilisation:</div>
+        <ul>
+        <li>Expliquez le fonctionnement du service login.gov et ce que vous pouvez en attendre,</li>
+        <li>Les conditions dans lesquelles nous vous fournissons le service login.gov,</li>
+        <li>Comment nous utilisons vos informations et vos droits sur ces informations, et</li>
+        <li>Les conditions que vous acceptez lorsque vous effectuez certaines actions sur le service login.gov.</li>
+        </ul>
+      overview: Nous avons mis à jour notre %{link}. Veuillez consulter et cocher
+        la case ci-dessous pour continuer.

From ba0ae24d1f391666af4556059a16f42277b396ec Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Fri, 7 May 2021 21:32:49 -0500
Subject: [PATCH 18/32] overview_html

---
 app/views/users/rules_of_use/new.html.erb | 6 +++---
 config/locales/users/en.yml               | 4 ++--
 config/locales/users/es.yml               | 2 +-
 config/locales/users/fr.yml               | 2 +-
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/app/views/users/rules_of_use/new.html.erb b/app/views/users/rules_of_use/new.html.erb
index 7436f28fb68..ac7ad551571 100644
--- a/app/views/users/rules_of_use/new.html.erb
+++ b/app/views/users/rules_of_use/new.html.erb
@@ -3,9 +3,9 @@
 <h1><%= t('titles.rules_of_use') %></h1>
 
 <p>
-<%== t('users.rules_of_use.overview',
-       link: new_window_link_to(t('titles.rules_of_use'),
-                                MarketingSite.security_and_privacy_practices_url)) %>
+<%= t('users.rules_of_use.overview_html',
+      link: new_window_link_to(t('titles.rules_of_use'),
+                               MarketingSite.security_and_privacy_practices_url)) %>
 </p>
 
 <%= t('users.rules_of_use.details_html') %>
diff --git a/config/locales/users/en.yml b/config/locales/users/en.yml
index 2c260b570a0..813816b7396 100644
--- a/config/locales/users/en.yml
+++ b/config/locales/users/en.yml
@@ -34,5 +34,5 @@ en:
         <li>How we use your information and your rights to that information, and</li>
         <li>The conditions you agree to when you take certain actions on the login.gov service.</li>
         </ul>
-      overview: We’ve updated our %{link}. Please review and check the box below to
-        continue.
+      overview_html: We’ve updated our %{link}. Please review and check the box below
+        to continue.
diff --git a/config/locales/users/es.yml b/config/locales/users/es.yml
index b8c7db0e6ec..964ead2c30c 100644
--- a/config/locales/users/es.yml
+++ b/config/locales/users/es.yml
@@ -35,5 +35,5 @@ es:
         <li>Cómo usamos su información y sus derechos sobre esa información, y</li>
         <li>Las condiciones que acepta cuando realiza determinadas acciones en el servicio login.gov.</li>
         </ul>
-      overview: Actualizamos nuestro %{link}. Revise y marque la casilla a continuación
+      overview_html: Actualizamos nuestro %{link}. Revise y marque la casilla a continuación
         para continuar.
diff --git a/config/locales/users/fr.yml b/config/locales/users/fr.yml
index cd3a7c30016..270a8790024 100644
--- a/config/locales/users/fr.yml
+++ b/config/locales/users/fr.yml
@@ -38,5 +38,5 @@ fr:
         <li>Comment nous utilisons vos informations et vos droits sur ces informations, et</li>
         <li>Les conditions que vous acceptez lorsque vous effectuez certaines actions sur le service login.gov.</li>
         </ul>
-      overview: Nous avons mis à jour notre %{link}. Veuillez consulter et cocher
+      overview_html: Nous avons mis à jour notre %{link}. Veuillez consulter et cocher
         la case ci-dessous pour continuer.

From 54c62144f696d12c44796ebf4fdb68d922b82f75 Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Fri, 7 May 2021 22:36:47 -0500
Subject: [PATCH 19/32] Spec

---
 .../users/rules_of_use_controller_spec.rb     | 93 +++++++++++++++++++
 1 file changed, 93 insertions(+)
 create mode 100644 spec/controllers/users/rules_of_use_controller_spec.rb

diff --git a/spec/controllers/users/rules_of_use_controller_spec.rb b/spec/controllers/users/rules_of_use_controller_spec.rb
new file mode 100644
index 00000000000..66d7f1e2cf3
--- /dev/null
+++ b/spec/controllers/users/rules_of_use_controller_spec.rb
@@ -0,0 +1,93 @@
+require 'rails_helper'
+
+RSpec.describe Users::RulesOfUseController do
+  describe 'before_actions' do
+    it 'includes appropriate before_actions' do
+      expect(subject).to have_actions(
+        :before,
+        :confirm_signed_in,
+        :confirm_need_to_accept_rules_of_use,
+      )
+    end
+  end
+
+  describe '#new' do
+    subject(:action) { get :new }
+
+    context 'with a user that has not accepted the rules of use' do
+      before do
+        sign_in_before_2fa_with_user_that_needs_to_accept_rules_of_use
+      end
+
+      it 'renders' do
+        action
+        expect(response).to render_template(:new)
+      end
+
+      it 'logs an analytics event for visiting' do
+        stub_analytics
+        expect(@analytics).to receive(:track_event).with(Analytics::RULES_OF_USE_VISIT)
+
+        action
+      end
+    end
+
+    context 'with a user that has accepted the rules of use' do
+      before do
+        sign_in_before_2fa
+      end
+
+      it 'redirects to mfa' do
+        action
+
+        expect(response).to redirect_to user_two_factor_authentication_url
+      end
+    end
+
+    context 'with no user signed in' do
+      it 'redirects to root' do
+        action
+
+        expect(response).to redirect_to root_url
+      end
+    end
+  end
+
+  describe '#create' do
+    subject(:action) do
+      post :create, params: { user: { terms_accepted: 'true' } }
+    end
+
+    context 'when the user needs to accept the rules of use' do
+      before do
+        sign_in_before_2fa_with_user_that_needs_to_accept_rules_of_use
+      end
+
+      it 'updates the user accepted terms at timestamp' do
+        action
+
+        expect(controller.current_user.reload.accepted_terms_at).to be_present
+      end
+
+      it 'redirects to the two factor authentication page' do
+        action
+
+        expect(response).to redirect_to user_two_factor_authentication_url
+      end
+
+      it 'logs a successful analytics event' do
+        stub_analytics
+        expect(@analytics).to receive(:track_event).
+          with(Analytics::RULES_OF_USE_SUBMITTED, hash_including(success: true))
+
+        action
+      end
+    end
+  end
+
+  def sign_in_before_2fa_with_user_that_needs_to_accept_rules_of_use
+    user = create(:user, :signed_up)
+    UpdateUser.new(user: user, attributes: {accepted_terms_at: nil}).call
+    sign_in_before_2fa(user)
+  end
+end

From 7d811bbec6c359c4369c4491989c6a4f24894343 Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Fri, 7 May 2021 23:02:19 -0500
Subject: [PATCH 20/32] more spec

---
 .../users/rules_of_use_controller_spec.rb     | 38 +++++++++++++++++--
 1 file changed, 34 insertions(+), 4 deletions(-)

diff --git a/spec/controllers/users/rules_of_use_controller_spec.rb b/spec/controllers/users/rules_of_use_controller_spec.rb
index 66d7f1e2cf3..5a10fbb38fe 100644
--- a/spec/controllers/users/rules_of_use_controller_spec.rb
+++ b/spec/controllers/users/rules_of_use_controller_spec.rb
@@ -54,11 +54,11 @@
   end
 
   describe '#create' do
-    subject(:action) do
-      post :create, params: { user: { terms_accepted: 'true' } }
-    end
+    context 'when the user needs to accept the rules of use and does accept them' do
+      subject(:action) do
+        post :create, params: { user: { terms_accepted: 'true' } }
+      end
 
-    context 'when the user needs to accept the rules of use' do
       before do
         sign_in_before_2fa_with_user_that_needs_to_accept_rules_of_use
       end
@@ -83,6 +83,36 @@
         action
       end
     end
+
+    context 'when the user needs to accept the rules of use and does not accept them' do
+      subject(:action) do
+        post :create, params: { user: { terms_accepted: 'false' } }
+      end
+
+      before do
+        sign_in_before_2fa_with_user_that_needs_to_accept_rules_of_use
+      end
+
+      it 'does not updates the user accepted terms at timestamp' do
+        action
+
+        expect(controller.current_user.reload.accepted_terms_at).to be_nil
+      end
+
+      it 'redirects to the two factor authentication page' do
+        action
+
+        expect(response).to render_template(:new)
+      end
+
+      it 'logs a failure analytics event' do
+        stub_analytics
+        expect(@analytics).to receive(:track_event).
+            with(Analytics::RULES_OF_USE_SUBMITTED, hash_including(success: false))
+
+        action
+      end
+    end
   end
 
   def sign_in_before_2fa_with_user_that_needs_to_accept_rules_of_use

From 958493b34763ea7c156f47e832b4bcf7b8c332f8 Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Mon, 10 May 2021 09:38:23 -0500
Subject: [PATCH 21/32] next_url_after_valid_authentication

---
 app/controllers/users/sessions_controller.rb | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb
index 8dcbefd68c9..6e02a97b590 100644
--- a/app/controllers/users/sessions_controller.rb
+++ b/app/controllers/users/sessions_controller.rb
@@ -109,7 +109,7 @@ def handle_valid_authentication
       create_user_event(:sign_in_before_2fa)
       update_sp_return_logs_with_user(current_user.id)
       update_last_sign_in_at_on_email
-      redirect_to_2fa_or_pending_reset
+      redirect_to next_url_after_valid_authentication
     end
 
     def now
@@ -173,11 +173,7 @@ def request_id
       params.fetch(:request_id, '')
     end
 
-    def redirect_to_2fa_or_pending_reset
-      redirect_to next_url
-    end
-
-    def next_url
+    def next_url_after_valid_authentication
       if pending_account_reset_request.present?
         account_reset_pending_url
       elsif current_user.accepted_rules_of_use?

From 487cdfadfd60ec64c2b9fae4f45dbd1f84dd5b2a Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Mon, 10 May 2021 09:39:28 -0500
Subject: [PATCH 22/32] Unused p

---
 app/views/users/rules_of_use/new.html.erb | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/app/views/users/rules_of_use/new.html.erb b/app/views/users/rules_of_use/new.html.erb
index ac7ad551571..707b46a2c00 100644
--- a/app/views/users/rules_of_use/new.html.erb
+++ b/app/views/users/rules_of_use/new.html.erb
@@ -34,7 +34,4 @@
 
 <%= render 'shared/cancel', link: decorated_session.cancel_link_url %>
 
-<p class='margin-top-2'>
-</p>
-
 <%= javascript_packs_tag_once 'accept-terms-button' %>

From cc1e91078461426817cccf9c0cadcd3196dbba81 Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Mon, 10 May 2021 09:40:46 -0500
Subject: [PATCH 23/32] Unused param instructions

---
 app/forms/rules_of_use_form.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/forms/rules_of_use_form.rb b/app/forms/rules_of_use_form.rb
index 609caba0dc6..1f32dbd05b6 100644
--- a/app/forms/rules_of_use_form.rb
+++ b/app/forms/rules_of_use_form.rb
@@ -20,7 +20,7 @@ def validate_terms_accepted
     errors.add(:terms_accepted, t('errors.rules_of_use'))
   end
 
-  def submit(params, instructions = nil)
+  def submit(params)
     @terms_accepted = params[:terms_accepted] == 'true'
     if valid?
       process_successful_submission

From a1b23363214c422711175b0bdf7e0cbf33182156 Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Mon, 10 May 2021 15:24:13 -0500
Subject: [PATCH 24/32] Remove request_id

---
 app/controllers/users/rules_of_use_controller.rb | 2 +-
 app/views/users/rules_of_use/new.html.erb        | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/app/controllers/users/rules_of_use_controller.rb b/app/controllers/users/rules_of_use_controller.rb
index 7dbe3bdd50a..76558f6f309 100644
--- a/app/controllers/users/rules_of_use_controller.rb
+++ b/app/controllers/users/rules_of_use_controller.rb
@@ -6,7 +6,7 @@ class RulesOfUseController < ApplicationController
     def new
       analytics.track_event(Analytics::RULES_OF_USE_VISIT)
       @rules_of_use_form = new_rules_of_use_form
-      render :new, locals: { request_id: nil }, formats: :html
+      render :new, formats: :html
     end
 
     def create
diff --git a/app/views/users/rules_of_use/new.html.erb b/app/views/users/rules_of_use/new.html.erb
index 707b46a2c00..ae846e3a348 100644
--- a/app/views/users/rules_of_use/new.html.erb
+++ b/app/views/users/rules_of_use/new.html.erb
@@ -26,7 +26,6 @@
       </div>
     </div>
 
-    <%= f.input :request_id, as: :hidden, input_html: { value: params[:request_id] || request_id } %>
     <%= f.button :button, t('forms.buttons.continue'), type: :submit,
                  class: 'usa-button--big grid-col-8 mobile-lg:grid-col-6' %>
 <% end %>

From b057bbc2501282cf6ae7a294c219522bf750fc51 Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Mon, 10 May 2021 22:32:22 -0500
Subject: [PATCH 25/32] Simply add [required] to the selector in
 form-validation.js

---
 app/javascript/packs/form-validation.js | 19 ++++++-------------
 1 file changed, 6 insertions(+), 13 deletions(-)

diff --git a/app/javascript/packs/form-validation.js b/app/javascript/packs/form-validation.js
index 618481f9147..0a3fd242d26 100644
--- a/app/javascript/packs/form-validation.js
+++ b/app/javascript/packs/form-validation.js
@@ -18,9 +18,12 @@ function disableFormSubmit(event) {
 }
 
 /**
- * @param {HTMLInputElement} input
+ * Given an `input` or `invalid` event, updates custom validity of the given input.
+ *
+ * @param {Event} event Input or invalid event.
  */
-function validateInput(input) {
+function checkInputValidity(event) {
+  const input = /** @type {HTMLInputElement} */ (event.target);
   input.setCustomValidity('');
   input.setAttribute('aria-invalid', String(!input.validity.valid));
   if (
@@ -49,22 +52,12 @@ function validateInput(input) {
   }
 }
 
-/**
- * Given an `input` or `invalid` event, updates custom validity of the given input.
- *
- * @param {Event} event Input or invalid event.
- */
-function checkInputValidity(event) {
-  const input = /** @type {HTMLInputElement} */ (event.target);
-  validateInput(input);
-}
-
 /**
  * Binds validation to a given input.
  *
  * @param {HTMLInputElement} input Input element.
  */
-function addInputValidationListeners(input) {
+function validateInput(input) {
   input.addEventListener('input', checkInputValidity);
   input.addEventListener('invalid', checkInputValidity);
 }

From 23b92893ff9e0d3a1a55094e6aa87856d0d0b598 Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Fri, 21 May 2021 13:51:46 -0500
Subject: [PATCH 26/32] rules of use url

---
 app/views/users/rules_of_use/new.html.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views/users/rules_of_use/new.html.erb b/app/views/users/rules_of_use/new.html.erb
index ae846e3a348..d0375d64393 100644
--- a/app/views/users/rules_of_use/new.html.erb
+++ b/app/views/users/rules_of_use/new.html.erb
@@ -19,7 +19,7 @@
                                          required: true, aria: { invalid: false } }, true, false %>
       <label for="user_terms_accepted" class="usa-checkbox__label">
         <%= t('users.rules_of_use.check_box_to_accept') %>
-        <%= new_window_link_to(t('titles.rules_of_use'), MarketingSite.security_and_privacy_practices_url) %>
+        <%= new_window_link_to(t('titles.rules_of_use'), MarketingSite.rules_of_use_url) %>
       </label>
       <div class="usa-error-message usa-error-message--with-icon display-if-invalid" role="alert">
         <%= t('errors.rules_of_use') %>

From a9575b0299d8ee69a13df9d5869ebaf703643d3a Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Fri, 21 May 2021 21:30:03 -0500
Subject: [PATCH 27/32] normalize yaml

---
 config/locales/users/es.yml | 7 +++----
 config/locales/users/fr.yml | 6 +++---
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/config/locales/users/es.yml b/config/locales/users/es.yml
index 964ead2c30c..21f9b486ab2 100644
--- a/config/locales/users/es.yml
+++ b/config/locales/users/es.yml
@@ -10,13 +10,12 @@ es:
       bullet_1: Usted no tendrá una %{app} cuenta.
       bullet_2_loa1: Eliminaremos su dirección de correo electrónico, contraseña y
         número de teléfono
-      bullet_2_loa3: '%{app} borrará su email, contraseña, número de teléfono, nombre,
-        dirección, fecha de nacimiento y número de Seguro Social de nuestro
-        sistema.'
+      bullet_2_loa3: "%{app} borrará su email, contraseña, número de teléfono, nombre,
+        dirección, fecha de nacimiento y número de Seguro Social de nuestro sistema."
       bullet_3: Usted no podrá tener acceso seguro a su información usando %{app}
       bullet_4: Notificaremos a las agencias a las que acceda con %{app} que no ya
         tengo una cuenta
-      heading: '¿Está seguro que desea eliminar su cuenta?'
+      heading: "¿Está seguro que desea eliminar su cuenta?"
       instructions: Ingrese su contraseña para confirmar que desea eliminar su cuenta.
       subheading: Si elimina su cuenta
     personal_key:
diff --git a/config/locales/users/fr.yml b/config/locales/users/fr.yml
index 270a8790024..ff640ec6555 100644
--- a/config/locales/users/fr.yml
+++ b/config/locales/users/fr.yml
@@ -10,9 +10,9 @@ fr:
       bullet_1: Vous n’aurez pas de compte %{app}.
       bullet_2_loa1: Nous effacerons votre adresse email, votre mot de passe et votre
         numéro de téléphone
-      bullet_2_loa3: '%{app} supprimera votre adresse e-mail, votre mot de passe et
-        votre numéro de téléphone, votre nom, votre adresse, votre date de
-        naissance et votre numéro de sécurité sociale de notre système.'
+      bullet_2_loa3: "%{app} supprimera votre adresse e-mail, votre mot de passe et
+        votre numéro de téléphone, votre nom, votre adresse, votre date de naissance
+        et votre numéro de sécurité sociale de notre système."
       bullet_3: Vous ne pourrez pas accéder en toute sécurité à vos informations en
         utilisant %{app}.
       bullet_4: Nous informerons les agences auxquelles vous accédez avec %{app} que

From 4e0782fae855991b51f743f649ed3a5ad4359c2e Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Fri, 21 May 2021 21:59:46 -0500
Subject: [PATCH 28/32] Quotes

---
 config/locales/users/es.yml | 6 +++---
 config/locales/users/fr.yml | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/config/locales/users/es.yml b/config/locales/users/es.yml
index 21f9b486ab2..649188336a9 100644
--- a/config/locales/users/es.yml
+++ b/config/locales/users/es.yml
@@ -10,12 +10,12 @@ es:
       bullet_1: Usted no tendrá una %{app} cuenta.
       bullet_2_loa1: Eliminaremos su dirección de correo electrónico, contraseña y
         número de teléfono
-      bullet_2_loa3: "%{app} borrará su email, contraseña, número de teléfono, nombre,
-        dirección, fecha de nacimiento y número de Seguro Social de nuestro sistema."
+      bullet_2_loa3: '%{app} borrará su email, contraseña, número de teléfono, nombre,
+        dirección, fecha de nacimiento y número de Seguro Social de nuestro sistema.'
       bullet_3: Usted no podrá tener acceso seguro a su información usando %{app}
       bullet_4: Notificaremos a las agencias a las que acceda con %{app} que no ya
         tengo una cuenta
-      heading: "¿Está seguro que desea eliminar su cuenta?"
+      heading: '¿Está seguro que desea eliminar su cuenta?'
       instructions: Ingrese su contraseña para confirmar que desea eliminar su cuenta.
       subheading: Si elimina su cuenta
     personal_key:
diff --git a/config/locales/users/fr.yml b/config/locales/users/fr.yml
index ff640ec6555..3651d36e597 100644
--- a/config/locales/users/fr.yml
+++ b/config/locales/users/fr.yml
@@ -10,9 +10,9 @@ fr:
       bullet_1: Vous n’aurez pas de compte %{app}.
       bullet_2_loa1: Nous effacerons votre adresse email, votre mot de passe et votre
         numéro de téléphone
-      bullet_2_loa3: "%{app} supprimera votre adresse e-mail, votre mot de passe et
+      bullet_2_loa3: '%{app} supprimera votre adresse e-mail, votre mot de passe et
         votre numéro de téléphone, votre nom, votre adresse, votre date de naissance
-        et votre numéro de sécurité sociale de notre système."
+        et votre numéro de sécurité sociale de notre système.'
       bullet_3: Vous ne pourrez pas accéder en toute sécurité à vos informations en
         utilisant %{app}.
       bullet_4: Nous informerons les agences auxquelles vous accédez avec %{app} que

From 05f1c184b4c5a3a57baf882402c03908cf621ded Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Fri, 21 May 2021 23:51:04 -0500
Subject: [PATCH 29/32] normalize

---
 config/locales/users/es.yml | 7 ++++---
 config/locales/users/fr.yml | 7 +++----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/config/locales/users/es.yml b/config/locales/users/es.yml
index 649188336a9..cf797834288 100644
--- a/config/locales/users/es.yml
+++ b/config/locales/users/es.yml
@@ -11,7 +11,8 @@ es:
       bullet_2_loa1: Eliminaremos su dirección de correo electrónico, contraseña y
         número de teléfono
       bullet_2_loa3: '%{app} borrará su email, contraseña, número de teléfono, nombre,
-        dirección, fecha de nacimiento y número de Seguro Social de nuestro sistema.'
+        dirección, fecha de nacimiento y número de Seguro Social de nuestro
+        sistema.'
       bullet_3: Usted no podrá tener acceso seguro a su información usando %{app}
       bullet_4: Notificaremos a las agencias a las que acceda con %{app} que no ya
         tengo una cuenta
@@ -34,5 +35,5 @@ es:
         <li>Cómo usamos su información y sus derechos sobre esa información, y</li>
         <li>Las condiciones que acepta cuando realiza determinadas acciones en el servicio login.gov.</li>
         </ul>
-      overview_html: Actualizamos nuestro %{link}. Revise y marque la casilla a continuación
-        para continuar.
+      overview_html: Actualizamos nuestro %{link}. Revise y marque la casilla a
+        continuación para continuar.
diff --git a/config/locales/users/fr.yml b/config/locales/users/fr.yml
index 3651d36e597..203fa9ebf53 100644
--- a/config/locales/users/fr.yml
+++ b/config/locales/users/fr.yml
@@ -11,8 +11,8 @@ fr:
       bullet_2_loa1: Nous effacerons votre adresse email, votre mot de passe et votre
         numéro de téléphone
       bullet_2_loa3: '%{app} supprimera votre adresse e-mail, votre mot de passe et
-        votre numéro de téléphone, votre nom, votre adresse, votre date de naissance
-        et votre numéro de sécurité sociale de notre système.'
+        votre numéro de téléphone, votre nom, votre adresse, votre date de
+        naissance et votre numéro de sécurité sociale de notre système.'
       bullet_3: Vous ne pourrez pas accéder en toute sécurité à vos informations en
         utilisant %{app}.
       bullet_4: Nous informerons les agences auxquelles vous accédez avec %{app} que
@@ -28,8 +28,7 @@ fr:
       header: Votre clé personnelle
       print: Imprimer cette page
     rules_of_use:
-      check_box_to_accept: Cochez cette case pour accepter les règles d’utilisation
-        de login.gov
+      check_box_to_accept: Cochez cette case pour accepter les règles d’utilisation de login.gov
       details_html: |-
         <div class="bold margin-bottom-1">Règles d’utilisation:</div>
         <ul>

From 4a8df6264b4ea73861483a80eeebf6c6e32aec6d Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Fri, 21 May 2021 23:56:06 -0500
Subject: [PATCH 30/32] Update url

---
 app/views/users/rules_of_use/new.html.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views/users/rules_of_use/new.html.erb b/app/views/users/rules_of_use/new.html.erb
index d0375d64393..dd80393041c 100644
--- a/app/views/users/rules_of_use/new.html.erb
+++ b/app/views/users/rules_of_use/new.html.erb
@@ -5,7 +5,7 @@
 <p>
 <%= t('users.rules_of_use.overview_html',
       link: new_window_link_to(t('titles.rules_of_use'),
-                               MarketingSite.security_and_privacy_practices_url)) %>
+                               MarketingSite.rules_of_use_url)) %>
 </p>
 
 <%= t('users.rules_of_use.details_html') %>

From 3b482f1b4d1c33229c494a1e8bb2fdf676d9eca3 Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Sat, 22 May 2021 00:18:11 -0500
Subject: [PATCH 31/32] FormResponse.new(success: success, errors: errors)

---
 app/forms/rules_of_use_form.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/forms/rules_of_use_form.rb b/app/forms/rules_of_use_form.rb
index 1f32dbd05b6..afef0cbf184 100644
--- a/app/forms/rules_of_use_form.rb
+++ b/app/forms/rules_of_use_form.rb
@@ -28,7 +28,7 @@ def submit(params)
       self.success = false
     end
 
-    FormResponse.new(success: success, errors: errors.messages)
+    FormResponse.new(success: success, errors: errors)
   end
 
   private

From 9a71c099daf9d6fb47f4368525e0c9d6de80cb34 Mon Sep 17 00:00:00 2001
From: Steve Urciuoli <steve.urciuoli@gsa.gov>
Date: Sat, 22 May 2021 00:33:31 -0500
Subject: [PATCH 32/32] Smoke test updates

---
 spec/support/monitor/monitor_idp_steps.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/spec/support/monitor/monitor_idp_steps.rb b/spec/support/monitor/monitor_idp_steps.rb
index 52fc41f98da..70424655d63 100644
--- a/spec/support/monitor/monitor_idp_steps.rb
+++ b/spec/support/monitor/monitor_idp_steps.rb
@@ -59,8 +59,8 @@ def sign_in_and_2fa(email)
     click_on 'Sign in'
 
     if current_path == rules_of_use_path
-      check t('users.rules_of_use.check_box_to_accept'), allow_label_click: true
-      click_button t('forms.buttons.continue')
+      check 'user_terms_accepted', allow_label_click: true
+      click_button 'Continue'
     end
 
     fill_in 'code', with: monitor.check_for_otp