added a comment - - edited
I think I'm going to do that next week, Thursday'ish, if that's ok with you...?
No problem on my end.
I created GitHub PR 2480, which contains the opt-in workflow as well as Web registration. A copy of the PR message is pasted here:
Two major changes:
- The following may be disabled by simply removing the terms-of-use: if the variable is empty there is no consent.
- For now, we use the drupal database, boincuser table to record the initial consent. This will hopefully move to a BOINC upstream database table in the near future.
- Web registration - admin has the ability to enable/disable creating new accounts using the create_account RPC and the Web registration form. These may be independently toggled.
Update: I marked the PR WIP. Here are some additional thoughts about account creation.
Ways a user can create an account:
- BOINC Manager
- Account manager
- Web browser http://firstname.lastname@example.org...
- BOINC command line boinccmd
- Web interface - in our case the Drupal Web site.
Methods #1-#4 use the create_account RPC. Of these, #1 presents the user with the terms of service.
While it is possible to modify the create_account.php RPC we use in boincuser.module to modify the database and say the user has consented; it is not possible to know which of the four methods above the user is using: meaning if they use a Web browser (#3), they are not presented with a terms-of-use, so the RPC doesn't "know" whether to record an opt-in consent date-time or not.
This could be mitigated by someone changing BOINC upstream, and/or modified the create_account RPC. An easier work-around is to disable the create_account.php RPC entirely, which is possible with the code in the PR.