From c4c107ad6d3093d9d33ffb4f41a10e59efaddb45 Mon Sep 17 00:00:00 2001
From: Gareth Coles <gdude2002@gmail.com>
Date: Thu, 31 May 2018 13:50:49 +0100
Subject: Update privacy policy and related migrations

* Don't collect DOB anymore, and remove it from database
* Make doubly-sure all emails are gone because I'm paranoid and "update" doesn't do what it sounds like
---
 .../tables/code_jam_participants/__init__.py       |  0
 .../migrations/tables/code_jam_participants/v1.py  | 11 ++++++
 pysite/migrations/tables/users/v2.py               | 11 ++++++
 pysite/tables.py                                   |  1 -
 pysite/views/main/jams/profile.py                  | 16 +-------
 templates/main/about/privacy.html                  | 22 ++++++++---
 templates/main/jams/profile.html                   | 43 +---------------------
 7 files changed, 40 insertions(+), 64 deletions(-)
 create mode 100644 pysite/migrations/tables/code_jam_participants/__init__.py
 create mode 100644 pysite/migrations/tables/code_jam_participants/v1.py
 create mode 100644 pysite/migrations/tables/users/v2.py

diff --git a/pysite/migrations/tables/code_jam_participants/__init__.py b/pysite/migrations/tables/code_jam_participants/__init__.py
new file mode 100644
index 00000000..e69de29b
diff --git a/pysite/migrations/tables/code_jam_participants/v1.py b/pysite/migrations/tables/code_jam_participants/v1.py
new file mode 100644
index 00000000..c6e7bff6
--- /dev/null
+++ b/pysite/migrations/tables/code_jam_participants/v1.py
@@ -0,0 +1,11 @@
+def run(db, table, table_obj):
+    """
+    Remove stored dates of birth from code jam participants
+    """
+
+    for document in db.get_all(table):
+        if "dob" in document:
+            del document["dob"]
+
+            db.insert(table, document, conflict="replace", durability="soft")
+    db.sync(table)
diff --git a/pysite/migrations/tables/users/v2.py b/pysite/migrations/tables/users/v2.py
new file mode 100644
index 00000000..820d0d6d
--- /dev/null
+++ b/pysite/migrations/tables/users/v2.py
@@ -0,0 +1,11 @@
+def run(db, table, table_obj):
+    """
+    Remove stored email addresses from every user document - "apparently `update` doesn't update" update
+    """
+
+    for document in db.get_all(table):
+        if "email" in document:
+            del document["email"]
+
+            db.insert(table, document, conflict="replace", durability="soft")
+    db.sync(table)
diff --git a/pysite/tables.py b/pysite/tables.py
index be43c588..b33f04b9 100644
--- a/pysite/tables.py
+++ b/pysite/tables.py
@@ -112,7 +112,6 @@ TABLES = {
         primary_key="id",
         keys=sorted([
             "id",  # str
-            "dob",  # str
             "github_username",  # str
             "timezone"  # str
         ])
diff --git a/pysite/views/main/jams/profile.py b/pysite/views/main/jams/profile.py
index d8a663f7..f84534e6 100644
--- a/pysite/views/main/jams/profile.py
+++ b/pysite/views/main/jams/profile.py
@@ -1,5 +1,3 @@
-import datetime
-
 from flask import redirect, request, url_for
 from werkzeug.exceptions import BadRequest
 
@@ -47,24 +45,12 @@ class JamsProfileView(RouteView, DBMixin, OAuthMixin):
         if not participant:
             participant = {"id": self.user_data["user_id"]}
 
-        dob = request.form.get("dob")
         github_username = request.form.get("github_username")
         timezone = request.form.get("timezone")
 
-        if not dob or not github_username or not timezone:
+        if not github_username or not timezone:
             return BadRequest()
 
-        # Convert given datetime strings into actual objects, adding timezones to keep rethinkdb happy
-        dob = datetime.datetime.strptime(dob, "%Y-%m-%d")
-        dob = dob.replace(tzinfo=datetime.timezone.utc)
-
-        now = datetime.datetime.now(tz=datetime.timezone.utc)
-        then = now.replace(year=now.year - 13)
-
-        if then < dob:
-            raise BadRequest()  # They're too young, but this is validated on the form
-
-        participant["dob"] = dob
         participant["github_username"] = github_username
         participant["timezone"] = timezone
 
diff --git a/templates/main/about/privacy.html b/templates/main/about/privacy.html
index 92a5eb73..ce6e20f8 100644
--- a/templates/main/about/privacy.html
+++ b/templates/main/about/privacy.html
@@ -77,12 +77,6 @@
                             <td>Administrative staff</td>
                         </tr>
 
-                        <tr>
-                            <td>Date of birth</td>
-                            <td class="uk-table-shrink">Code jam profile </td>
-                            <td style="max-width: 30rem;">Age verification and a factor in code jam team match-ups; only stored if you're over 13</td>
-                            <td>Administrative staff</td>
-                        </tr>
                         <tr>
                             <td>GitHub username</td>
                             <td class="uk-table-shrink">Code jam profile</td>
@@ -205,6 +199,13 @@
                     our GDPR officer on Discord (<code>gdude#2002</code>), or any other member of the administrative
                     staff.
                 </p>
+                <p>
+                    We believe that the best way to keep your personal data safe is to avoid collecting it at all.
+                    Discord itself is GDPR-compliant and they've already done the legwork required to ensure that
+                    your data may be collected - so we don't see the need to collect your personal information
+                    ourselves. Don't forget that by using Discord, you are stating that you are of legal age in
+                    your country to give consent to process your data!
+                </p>
                 <p>
                     We are currently working on an automated way to get all of your data in both a human-readable
                     and machine-readable format. Keep your eye on the usual announcements channels for more information
@@ -223,6 +224,15 @@
                 </p>
 
                 <ul class="uk-list uk-list-divider">
+                    <li>
+                        <h4>May 31st, 2018</h4>
+                        <p>
+                            We no longer collect your date of birth, and all collected dates of birth have been
+                            removed from our database. The reason for this is that Discord itself already complies with
+                            GDPR - and in order for you to sign up for a code jam, you must already have a Discord
+                            account.
+                        </p>
+                    </li>
                     <li>
                         <h4>May 20th, 2018</h4>
                         <p>
diff --git a/templates/main/jams/profile.html b/templates/main/jams/profile.html
index cf2088c7..98867c8a 100644
--- a/templates/main/jams/profile.html
+++ b/templates/main/jams/profile.html
@@ -33,14 +33,7 @@
         {% else %}
             <form class="uk-form-horizontal" action="{{ url_for("main.jams.profile") }}" method="post">
         {% endif %}
-            <div>
-                <div class="uk-form-label">
-                    <label class="uk-form-label" for="dob">Date of Birth</label>
-                </div>
-                <div class="uk-form-controls-text uk-form-controls">
-                    <input class="uk-input" type="text" name="dob" id="dob" value="{{ participant.dob }}" required>
-                </div>
-            </div>
+
             <div>
                 <div class="uk-form-label">
                     <label class="uk-form-label" for="github_username">GitHub Username</label>
@@ -86,47 +79,14 @@
 
 
 <script type="application/javascript">
-    const date = flatpickr("#dob", {
-        enableTime: false, altInput: true, altInputClass: "date-picker",
-        onChange: function() {
-            let dob = moment(dob_input.value);
-
-            if (!dob.isBefore(earliest_dob)) {
-                UIkit.notification({
-                    "message": "You must be aged 13 or older to participate in our code jams.",
-                    "status": "danger",
-                    "pos": "top-center",
-                    "timeout": 5000,
-                });
-
-                dob_output.classList.add("uk-form-danger");
-                submit_button.disabled = true;
-            } else {
-                dob_output.classList.remove("uk-form-danger");
-            }
-        }
-    });
-
     const tz = moment().format("Z");
 
-    const dob_input = document.getElementById("dob");
-    const dob_output = document.getElementsByClassName("date-picker")[0];
     const github_input = document.getElementById("github_username");
     const tz_input = document.getElementById("timezone");
 
     const submit_button = document.getElementById("submit");
-    const earliest_dob = moment().subtract(13, "years");
 
     function checkInputs() {
-        if (dob_input.value.length < 1)
-            return submit_button.disabled = true;
-
-        let dob = moment(dob_input.value);
-
-        if (!dob.isBefore(earliest_dob)) {
-            return submit_button.disabled = true;
-        }
-
         if (github_input.value.length < 1)
             return submit_button.disabled = true;
 
@@ -136,7 +96,6 @@
         submit_button.disabled = false;
     }
 
-    dob_input.oninput = checkInputs;
     github_input.oninput = checkInputs;
     tz_input.oninput = checkInputs;
 
-- 
cgit v1.2.3