From a44f78213cacaed9c7656eae386ee415c672017b Mon Sep 17 00:00:00 2001
From: frcroth <frcroth@gmail.com>
Date: Wed, 13 Nov 2024 15:28:20 +0100
Subject: [PATCH 01/17] Adapt create org route in backend to accept terms of
 service version

---
 app/controllers/AuthenticationController.scala    | 13 +++++++++----
 app/controllers/OrganizationController.scala      |  6 +-----
 app/models/organization/OrganizationService.scala | 10 ++++++++++
 3 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/app/controllers/AuthenticationController.scala b/app/controllers/AuthenticationController.scala
index f6609755e09..2a25e793a88 100755
--- a/app/controllers/AuthenticationController.scala
+++ b/app/controllers/AuthenticationController.scala
@@ -621,6 +621,8 @@ class AuthenticationController @Inject()(
                     dataStoreToken <- bearerTokenAuthenticatorService.createAndInitDataStoreTokenForUser(user)
                     _ <- organizationService
                       .createOrganizationDirectory(organization._id, dataStoreToken) ?~> "organization.folderCreation.failed"
+                    _ <- Fox.runOptional(signUpData.acceptedTermsOfService)(version =>
+                      organizationService.acceptTermsOfService(organization._id, version))
                   } yield {
                     Mailer ! Send(defaultMails
                       .newOrganizationMail(organization.name, email, request.headers.get("Host").getOrElse("")))
@@ -730,7 +732,8 @@ trait AuthForms {
                         firstName: String,
                         lastName: String,
                         password: String,
-                        inviteToken: Option[String])
+                        inviteToken: Option[String],
+                        acceptedTermsOfService: Option[Int])
 
   def signUpForm(implicit messages: Messages): Form[SignUpData] =
     Form(
@@ -745,8 +748,9 @@ trait AuthForms {
         "firstName" -> nonEmptyText,
         "lastName" -> nonEmptyText,
         "inviteToken" -> optional(nonEmptyText),
-      )((organization, organizationName, email, password, firstName, lastName, inviteToken) =>
-        SignUpData(organization, organizationName, email, firstName, lastName, password._1, inviteToken))(
+        "acceptTermsOfService" -> optional(number)
+      )((organization, organizationName, email, password, firstName, lastName, inviteToken, acceptTos) =>
+        SignUpData(organization, organizationName, email, firstName, lastName, password._1, inviteToken, acceptTos))(
         signUpData =>
           Some(
             (signUpData.organization,
@@ -755,7 +759,8 @@ trait AuthForms {
              ("", ""),
              signUpData.firstName,
              signUpData.lastName,
-             signUpData.inviteToken))))
+             signUpData.inviteToken,
+             signUpData.acceptedTermsOfService))))
 
   // Sign in
   case class SignInData(email: String, password: String)
diff --git a/app/controllers/OrganizationController.scala b/app/controllers/OrganizationController.scala
index 19ae573e35a..f1bd61c9c4e 100755
--- a/app/controllers/OrganizationController.scala
+++ b/app/controllers/OrganizationController.scala
@@ -3,7 +3,6 @@ package controllers
 import org.apache.pekko.actor.ActorSystem
 import play.silhouette.api.Silhouette
 import com.scalableminds.util.accesscontext.{DBAccessContext, GlobalAccessContext}
-import com.scalableminds.util.time.Instant
 import com.scalableminds.util.tools.{Fox, FoxImplicits}
 import mail.{DefaultMails, Send}
 
@@ -141,10 +140,7 @@ class OrganizationController @Inject()(
   def acceptTermsOfService(version: Int): Action[AnyContent] = sil.SecuredAction.async { implicit request =>
     for {
       _ <- bool2Fox(request.identity.isOrganizationOwner) ?~> "termsOfService.onlyOrganizationOwner"
-      _ <- bool2Fox(conf.WebKnossos.TermsOfService.enabled) ?~> "termsOfService.notEnabled"
-      requiredVersion = conf.WebKnossos.TermsOfService.version
-      _ <- bool2Fox(version == requiredVersion) ?~> Messages("termsOfService.versionMismatch", requiredVersion, version)
-      _ <- organizationDAO.acceptTermsOfService(request.identity._organization, version, Instant.now)
+      _ <- organizationService.acceptTermsOfService(request.identity._organization, version)
     } yield Ok
   }
 
diff --git a/app/models/organization/OrganizationService.scala b/app/models/organization/OrganizationService.scala
index 6e105e18c2c..3fd81773d04 100644
--- a/app/models/organization/OrganizationService.scala
+++ b/app/models/organization/OrganizationService.scala
@@ -1,6 +1,7 @@
 package models.organization
 
 import com.scalableminds.util.accesscontext.{DBAccessContext, GlobalAccessContext}
+import com.scalableminds.util.time.Instant
 import com.scalableminds.util.tools.{Fox, FoxImplicits, TextUtils}
 import com.scalableminds.webknossos.datastore.rpc.RPC
 import com.typesafe.scalalogging.LazyLogging
@@ -10,6 +11,7 @@ import models.dataset.{DataStore, DataStoreDAO}
 import models.folder.{Folder, FolderDAO, FolderService}
 import models.team.{PricingPlan, Team, TeamDAO}
 import models.user.{Invite, MultiUserDAO, User, UserDAO, UserService}
+import play.api.i18n.{Messages, MessagesProvider}
 import play.api.libs.json.{JsArray, JsObject, Json}
 import utils.{ObjectId, WkConf}
 
@@ -165,4 +167,12 @@ class OrganizationService @Inject()(organizationDAO: OrganizationDAO,
   def newUserMailRecipient(organization: Organization)(implicit ctx: DBAccessContext): Fox[String] =
     fallbackOnOwnerEmail(organization.newUserMailingList, organization)
 
+  def acceptTermsOfService(organizationId: String, version: Int)(implicit ctx: DBAccessContext, mp: MessagesProvider): Fox[Unit] =
+    for {
+      _ <- bool2Fox(conf.WebKnossos.TermsOfService.enabled) ?~> "termsOfService.notEnabled"
+      requiredVersion = conf.WebKnossos.TermsOfService.version
+      _ <- bool2Fox(version == requiredVersion) ?~> Messages("termsOfService.versionMismatch", requiredVersion, version)
+      _ <- organizationDAO.acceptTermsOfService(organizationId, version, Instant.now)
+    } yield ()
+
 }

From 94716a7bda84996792ed28fd6b32d5aed9ee01a4 Mon Sep 17 00:00:00 2001
From: frcroth <frcroth@gmail.com>
Date: Wed, 13 Nov 2024 15:35:07 +0100
Subject: [PATCH 02/17] fix inconsistency

---
 app/controllers/AuthenticationController.scala | 2 +-
 conf/application.conf                          | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/controllers/AuthenticationController.scala b/app/controllers/AuthenticationController.scala
index 2a25e793a88..03d8fa7a6ae 100755
--- a/app/controllers/AuthenticationController.scala
+++ b/app/controllers/AuthenticationController.scala
@@ -748,7 +748,7 @@ trait AuthForms {
         "firstName" -> nonEmptyText,
         "lastName" -> nonEmptyText,
         "inviteToken" -> optional(nonEmptyText),
-        "acceptTermsOfService" -> optional(number)
+        "acceptedTermsOfService" -> optional(number)
       )((organization, organizationName, email, password, firstName, lastName, inviteToken, acceptTos) =>
         SignUpData(organization, organizationName, email, firstName, lastName, password._1, inviteToken, acceptTos))(
         signUpData =>
diff --git a/conf/application.conf b/conf/application.conf
index 0ae8b6f25dd..eb5ed4d566b 100644
--- a/conf/application.conf
+++ b/conf/application.conf
@@ -116,7 +116,7 @@ webKnossos {
     Please add the information of the operator to comply with GDPR.
   """
   termsOfService {
-    enabled = false
+    enabled = true
     # The URL will be embedded into an iFrame
     url = "https://webknossos.org/terms-of-service"
     acceptanceDeadline = "2023-01-01T00:00:00Z"
@@ -146,7 +146,7 @@ features {
   discussionBoard = "https://forum.image.sc/tag/webknossos"
   discussionBoardRequiresAdmin = false
   hideNavbarLogin = false
-  isWkorgInstance = false
+  isWkorgInstance = true
   recommendWkorgInstance = true
   taskReopenAllowedInSeconds = 30
   allowDeleteDatasets = true

From 5607fcc8404100af1f7dd893ec30ede2b61b0d6a Mon Sep 17 00:00:00 2001
From: frcroth <frcroth@gmail.com>
Date: Wed, 13 Nov 2024 15:49:09 +0100
Subject: [PATCH 03/17] Fix formatting

---
 app/models/organization/OrganizationService.scala | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/models/organization/OrganizationService.scala b/app/models/organization/OrganizationService.scala
index 3fd81773d04..0760d67cb3b 100644
--- a/app/models/organization/OrganizationService.scala
+++ b/app/models/organization/OrganizationService.scala
@@ -167,7 +167,8 @@ class OrganizationService @Inject()(organizationDAO: OrganizationDAO,
   def newUserMailRecipient(organization: Organization)(implicit ctx: DBAccessContext): Fox[String] =
     fallbackOnOwnerEmail(organization.newUserMailingList, organization)
 
-  def acceptTermsOfService(organizationId: String, version: Int)(implicit ctx: DBAccessContext, mp: MessagesProvider): Fox[Unit] =
+  def acceptTermsOfService(organizationId: String, version: Int)(implicit ctx: DBAccessContext,
+                                                                 mp: MessagesProvider): Fox[Unit] =
     for {
       _ <- bool2Fox(conf.WebKnossos.TermsOfService.enabled) ?~> "termsOfService.notEnabled"
       requiredVersion = conf.WebKnossos.TermsOfService.version

From 05eed1c5e8eb10790e840ac45db26919a64d9e3e Mon Sep 17 00:00:00 2001
From: Charlie Meister <charlie.meister@student.hpi.de>
Date: Thu, 14 Nov 2024 20:28:20 +0100
Subject: [PATCH 04/17] start to implement frontend

---
 .../admin/auth/registration_form_wkorg.tsx    | 22 +++++++++++
 frontend/javascripts/messages.tsx             |  2 +
 .../javascripts/test/misc/node_types.spec.ts  | 37 +++++++++++++++++++
 3 files changed, 61 insertions(+)
 create mode 100644 frontend/javascripts/test/misc/node_types.spec.ts

diff --git a/frontend/javascripts/admin/auth/registration_form_wkorg.tsx b/frontend/javascripts/admin/auth/registration_form_wkorg.tsx
index b18395a1388..1eba8dc7df7 100644
--- a/frontend/javascripts/admin/auth/registration_form_wkorg.tsx
+++ b/frontend/javascripts/admin/auth/registration_form_wkorg.tsx
@@ -176,6 +176,28 @@ function RegistrationFormWKOrg(props: Props) {
           .
         </Checkbox>
       </FormItem>
+
+      {/* WIP! see terms_of_services.tsx */}
+      <FormItem
+        name="tos_check"
+        valuePropName="checked"
+        rules={[
+          {
+            validator: (_, value) =>
+              value
+                ? Promise.resolve()
+                : Promise.reject(new Error(messages["auth.tos_check_required"])),
+          },
+        ]}
+      >
+        <Checkbox>
+          I agree to the{" "}
+          <a target="_blank" href="/privacy" rel="noopener noreferrer">
+            terms of service
+          </a>
+          .
+        </Checkbox>
+      </FormItem>
       <FormItem
         style={{
           marginBottom: 10,
diff --git a/frontend/javascripts/messages.tsx b/frontend/javascripts/messages.tsx
index 4cf2b0f8a98..44e3907190c 100644
--- a/frontend/javascripts/messages.tsx
+++ b/frontend/javascripts/messages.tsx
@@ -408,6 +408,8 @@ instead. Only enable this option if you understand its effect. All layers will n
   "auth.registration_org_input": "Please select an organization!",
   "auth.privacy_check_required":
     "Unfortunately, we cannot provide the service without your consent to the processing of your data.",
+  "auth.tos_check_required":
+    "Unfortunately, we cannot provide the service without your consent to our terms of service.",
   "auth.reset_logout": "You will be logged out, after successfully changing your password.",
   "auth.reset_old_password": "Please input your old password!",
   "auth.reset_new_password": "Please input your new password!",
diff --git a/frontend/javascripts/test/misc/node_types.spec.ts b/frontend/javascripts/test/misc/node_types.spec.ts
new file mode 100644
index 00000000000..27053969c14
--- /dev/null
+++ b/frontend/javascripts/test/misc/node_types.spec.ts
@@ -0,0 +1,37 @@
+import test from "ava";
+
+interface ServerNode {
+  id: string;
+  name: string;
+  status: string;
+}
+
+interface MutableNode {
+  id: string;
+  value: any;
+  updatedAt: Date;
+}
+
+test("ServerNode has the right fields", (t) => {
+  const serverNode: ServerNode = {
+    id: "1",
+    name: "Server1",
+    status: "active",
+  };
+
+  t.is(serverNode.id, "1");
+  t.is(serverNode.name, "Server1");
+  t.is(serverNode.status, "active");
+});
+
+test("MutableNode has the right fields", (t) => {
+  const mutableNode: MutableNode = {
+    id: "2",
+    value: "some value",
+    updatedAt: new Date(),
+  };
+
+  t.is(mutableNode.id, "2");
+  t.is(mutableNode.value, "some value");
+  t.true(mutableNode.updatedAt instanceof Date);
+});

From ae61dc64e3d2da3c9566772d0c74e659814721f9 Mon Sep 17 00:00:00 2001
From: Charlie Meister <charlie.meister@student.hpi.de>
Date: Thu, 14 Nov 2024 23:24:02 +0100
Subject: [PATCH 05/17] delete old tos modal, add checkboxes to forms and add
 style

---
 .../javascripts/admin/api/terms_of_service.ts |  14 --
 .../admin/auth/registration_form_generic.tsx  |  33 +++
 .../admin/auth/registration_form_wkorg.tsx    |  26 ++-
 .../components/terms_of_services_check.tsx    | 214 ------------------
 frontend/javascripts/router.tsx               |   2 -
 frontend/stylesheets/main.less                |   5 +
 6 files changed, 54 insertions(+), 240 deletions(-)
 delete mode 100644 frontend/javascripts/components/terms_of_services_check.tsx

diff --git a/frontend/javascripts/admin/api/terms_of_service.ts b/frontend/javascripts/admin/api/terms_of_service.ts
index c1cf868c5a8..8d989704f98 100644
--- a/frontend/javascripts/admin/api/terms_of_service.ts
+++ b/frontend/javascripts/admin/api/terms_of_service.ts
@@ -7,17 +7,3 @@ export function getTermsOfService(): Promise<{
 }> {
   return Request.receiveJSON("/api/termsOfService");
 }
-
-export type AcceptanceInfo = {
-  acceptanceDeadline: number;
-  acceptanceDeadlinePassed: boolean;
-  acceptanceNeeded: boolean;
-};
-
-export async function requiresTermsOfServiceAcceptance(): Promise<AcceptanceInfo> {
-  return await Request.receiveJSON("/api/termsOfService/acceptanceNeeded");
-}
-
-export function acceptTermsOfService(version: number): Promise<unknown> {
-  return Request.receiveJSON(`/api/termsOfService/accept?version=${version}`, { method: "POST" });
-}
diff --git a/frontend/javascripts/admin/auth/registration_form_generic.tsx b/frontend/javascripts/admin/auth/registration_form_generic.tsx
index a4686ce5829..f820e2b7da5 100644
--- a/frontend/javascripts/admin/auth/registration_form_generic.tsx
+++ b/frontend/javascripts/admin/auth/registration_form_generic.tsx
@@ -9,6 +9,8 @@ import Store from "oxalis/throttled_store";
 import messages from "messages";
 import { setHasOrganizationsAction } from "oxalis/model/actions/ui_actions";
 import { setActiveOrganizationAction } from "oxalis/model/actions/organization_actions";
+import { useFetch } from "libs/react_helpers";
+import { getTermsOfService } from "admin/api/terms_of_service";
 
 const FormItem = Form.Item;
 const { Password } = Input;
@@ -26,6 +28,8 @@ type Props = {
 function RegistrationFormGeneric(props: Props) {
   const [form] = Form.useForm();
 
+  const terms = useFetch(getTermsOfService, null, []);
+
   const onFinish = async (formValues: Record<string, any>) => {
     await Request.sendJSONReceiveJSON(
       props.organizationIdToCreate != null
@@ -276,6 +280,7 @@ function RegistrationFormGeneric(props: Props) {
       </Row>
       {props.hidePrivacyStatement ? null : (
         <FormItem
+          className="registration-form-checkbox privacy"
           name="privacy_check"
           valuePropName="checked"
           rules={[
@@ -296,6 +301,34 @@ function RegistrationFormGeneric(props: Props) {
           </Checkbox>
         </FormItem>
       )}
+      {terms != null && !terms.enabled ? null : (
+        <FormItem
+          className="registration-form-checkbox tos"
+          name="tos_check"
+          valuePropName="checked"
+          rules={[
+            {
+              validator: (_, value) =>
+                value
+                  ? Promise.resolve()
+                  : Promise.reject(new Error(messages["auth.tos_check_required"])),
+            },
+          ]}
+        >
+          <Checkbox disabled={terms == null}>
+            I agree to the{" "}
+            {terms == null ? (
+              "terms of service"
+            ) : (
+              <a target="_blank" href={terms.url} rel="noopener noreferrer">
+                terms of service
+              </a>
+            )}
+            .
+          </Checkbox>
+        </FormItem>
+      )}
+
       <FormItem>
         <Button
           size="large"
diff --git a/frontend/javascripts/admin/auth/registration_form_wkorg.tsx b/frontend/javascripts/admin/auth/registration_form_wkorg.tsx
index 1eba8dc7df7..d4666bc0511 100644
--- a/frontend/javascripts/admin/auth/registration_form_wkorg.tsx
+++ b/frontend/javascripts/admin/auth/registration_form_wkorg.tsx
@@ -7,6 +7,8 @@ import Request from "libs/request";
 import Store from "oxalis/throttled_store";
 import messages from "messages";
 import { setActiveOrganizationAction } from "oxalis/model/actions/organization_actions";
+import { useFetch } from "libs/react_helpers";
+import { getTermsOfService } from "admin/api/terms_of_service";
 
 const FormItem = Form.Item;
 const { Password } = Input;
@@ -30,6 +32,7 @@ function generateOrganizationId() {
 function RegistrationFormWKOrg(props: Props) {
   const [form] = Form.useForm();
   const organizationId = useRef(generateOrganizationId());
+  const terms = useFetch(getTermsOfService, null, []);
 
   async function onFinish(formValues: Record<string, any>) {
     await Request.sendJSONReceiveJSON("/api/auth/createOrganizationWithAdmin", {
@@ -43,6 +46,7 @@ function RegistrationFormWKOrg(props: Props) {
         },
         organization: organizationId.current,
         organizationName: `${formValues.firstName.trim()} ${formValues.lastName.trim()} Lab`,
+        acceptedTermsOfService: terms?.version,
       },
     });
     const [user, organization] = await loginUser({
@@ -158,6 +162,7 @@ function RegistrationFormWKOrg(props: Props) {
 
       <FormItem
         name="privacy_check"
+        className="registration-form-checkbox privacy"
         valuePropName="checked"
         rules={[
           {
@@ -177,9 +182,9 @@ function RegistrationFormWKOrg(props: Props) {
         </Checkbox>
       </FormItem>
 
-      {/* WIP! see terms_of_services.tsx */}
       <FormItem
         name="tos_check"
+        className="registration-form-checkbox tos"
         valuePropName="checked"
         rules={[
           {
@@ -190,19 +195,20 @@ function RegistrationFormWKOrg(props: Props) {
           },
         ]}
       >
-        <Checkbox>
+        <Checkbox disabled={terms == null}>
           I agree to the{" "}
-          <a target="_blank" href="/privacy" rel="noopener noreferrer">
-            terms of service
-          </a>
+          {terms == null ? (
+            "terms of service"
+          ) : (
+            <a target="_blank" href={terms.url} rel="noopener noreferrer">
+              terms of service
+            </a>
+          )}
           .
         </Checkbox>
       </FormItem>
-      <FormItem
-        style={{
-          marginBottom: 10,
-        }}
-      >
+
+      <FormItem>
         <Button
           size="large"
           type="primary"
diff --git a/frontend/javascripts/components/terms_of_services_check.tsx b/frontend/javascripts/components/terms_of_services_check.tsx
deleted file mode 100644
index d6b39d39a0d..00000000000
--- a/frontend/javascripts/components/terms_of_services_check.tsx
+++ /dev/null
@@ -1,214 +0,0 @@
-import {
-  type AcceptanceInfo,
-  acceptTermsOfService,
-  getTermsOfService,
-  requiresTermsOfServiceAcceptance,
-} from "admin/api/terms_of_service";
-import { Dropdown, type MenuProps, Modal, Space, Spin } from "antd";
-import { AsyncButton } from "components/async_clickables";
-import { useFetch } from "libs/react_helpers";
-import UserLocalStorage from "libs/user_local_storage";
-import dayjs from "dayjs";
-import type { OxalisState } from "oxalis/store";
-import type React from "react";
-import { useEffect, useState } from "react";
-import { useSelector } from "react-redux";
-import { formatDateInLocalTimeZone } from "./formatted_date";
-import { switchTo } from "navbar";
-import { getUsersOrganizations } from "admin/admin_rest_api";
-import { DownOutlined } from "@ant-design/icons";
-import _ from "lodash";
-import type { APIUser } from "types/api_flow_types";
-
-const SNOOZE_DURATION_IN_DAYS = 3;
-const LAST_TERMS_OF_SERVICE_WARNING_KEY = "lastTermsOfServiceWarning";
-
-export function CheckTermsOfServices() {
-  const [isModalOpen, setIsModalOpen] = useState(false);
-  const closeModal = () => {
-    UserLocalStorage.setItem(LAST_TERMS_OF_SERVICE_WARNING_KEY, String(Date.now()));
-    setIsModalOpen(false);
-  };
-  const activeUser = useSelector((state: OxalisState) => state.activeUser);
-  const [recheckCounter, setRecheckCounter] = useState(0);
-  const acceptanceInfo = useFetch(
-    async () => {
-      if (activeUser == null) {
-        return null;
-      }
-      return await requiresTermsOfServiceAcceptance();
-    },
-    null,
-    [activeUser, recheckCounter],
-  );
-
-  useEffect(() => {
-    // Show ToS modal when the acceptance is needed and it wasn't snoozed
-    // (unless the deadline is exceeded).
-    if (!acceptanceInfo || !acceptanceInfo.acceptanceNeeded) {
-      return;
-    }
-    if (acceptanceInfo.acceptanceNeeded && acceptanceInfo.acceptanceDeadlinePassed) {
-      setIsModalOpen(true);
-      return;
-    }
-
-    const lastWarningString = UserLocalStorage.getItem(LAST_TERMS_OF_SERVICE_WARNING_KEY);
-    const lastWarning = dayjs(lastWarningString ? Number.parseInt(lastWarningString) : 0);
-    const isLastWarningOld = dayjs().diff(lastWarning, "days") > SNOOZE_DURATION_IN_DAYS;
-    setIsModalOpen(isLastWarningOld);
-  }, [acceptanceInfo]);
-  const onAccept = async (version: number) => {
-    await acceptTermsOfService(version);
-    setRecheckCounter((val) => val + 1);
-  };
-
-  if (!acceptanceInfo || !activeUser || !acceptanceInfo.acceptanceNeeded) {
-    return null;
-  }
-
-  if (activeUser.isOrganizationOwner) {
-    return (
-      <AcceptTermsOfServiceModal
-        acceptanceInfo={acceptanceInfo}
-        onAccept={onAccept}
-        isModalOpen={isModalOpen}
-        closeModal={closeModal}
-        activeUser={activeUser}
-      />
-    );
-  } else {
-    return (
-      <TermsOfServiceAcceptanceMissingModal
-        acceptanceInfo={acceptanceInfo}
-        isModalOpen={isModalOpen}
-        closeModal={closeModal}
-        activeUser={activeUser}
-      />
-    );
-  }
-}
-
-function OrganizationSwitchMenu({
-  activeUser,
-  style,
-}: {
-  activeUser: APIUser;
-  style?: React.CSSProperties;
-}) {
-  const { organization: organizationId } = activeUser;
-  const usersOrganizations = useFetch(getUsersOrganizations, [], []);
-  const switchableOrganizations = usersOrganizations.filter((org) => org.id !== organizationId);
-  const isMultiMember = switchableOrganizations.length > 0;
-
-  if (!isMultiMember) {
-    return null;
-  }
-
-  const items: MenuProps["items"] = switchableOrganizations.map((org) => ({
-    key: org.id,
-    onClick: () => switchTo(org),
-    label: org.name || org.id,
-  }));
-
-  return (
-    <Dropdown menu={{ items }} overlayStyle={{ maxHeight: "60vh", overflow: "auto" }}>
-      <a onClick={(e) => e.preventDefault()}>
-        <Space style={style}>
-          Switch Organization
-          <DownOutlined />
-        </Space>
-      </a>
-    </Dropdown>
-  );
-}
-
-function AcceptTermsOfServiceModal({
-  onAccept,
-  acceptanceInfo,
-  isModalOpen,
-  closeModal,
-  activeUser,
-}: {
-  onAccept: (version: number) => Promise<void>;
-  acceptanceInfo: AcceptanceInfo;
-  isModalOpen: boolean;
-  closeModal: () => void;
-  activeUser: APIUser;
-}) {
-  const terms = useFetch(getTermsOfService, null, []);
-
-  const deadlineExplanation = getDeadlineExplanation(acceptanceInfo);
-
-  return (
-    <Modal
-      open={isModalOpen}
-      title="Terms of Services"
-      closable={!acceptanceInfo.acceptanceDeadlinePassed}
-      onCancel={acceptanceInfo.acceptanceDeadlinePassed ? _.noop : closeModal}
-      width={850}
-      maskClosable={false}
-      footer={[
-        <OrganizationSwitchMenu
-          activeUser={activeUser}
-          style={{ marginRight: 12 }}
-          key={"switch-org"}
-        />,
-        <AsyncButton
-          key={"accept-button"}
-          type="primary"
-          loading={terms?.url == null}
-          onClick={async () => (terms != null ? await onAccept(terms.version) : null)}
-        >
-          Accept
-        </AsyncButton>,
-      ]}
-    >
-      <p>
-        <b>
-          Please accept the following terms of services to continue using WEBKNOSSOS.{" "}
-          {deadlineExplanation}
-        </b>
-      </p>
-
-      {terms == null ? (
-        <Spin spinning />
-      ) : (
-        <iframe style={{ width: 800, height: "55vh", border: "none" }} src={terms.url} />
-      )}
-    </Modal>
-  );
-}
-
-function getDeadlineExplanation(acceptanceInfo: AcceptanceInfo) {
-  return acceptanceInfo.acceptanceDeadlinePassed
-    ? null
-    : `If the terms are not accepted until ${formatDateInLocalTimeZone(
-        acceptanceInfo.acceptanceDeadline,
-      )}, WEBKNOSSOS cannot be used until the terms are accepted.`;
-}
-
-function TermsOfServiceAcceptanceMissingModal({
-  acceptanceInfo,
-  isModalOpen,
-  closeModal,
-  activeUser,
-}: {
-  acceptanceInfo: AcceptanceInfo;
-  isModalOpen: boolean;
-  closeModal: () => void;
-  activeUser: APIUser;
-}) {
-  const deadlineExplanation = getDeadlineExplanation(acceptanceInfo);
-  return (
-    <Modal
-      open={isModalOpen}
-      closable={!acceptanceInfo.acceptanceDeadlinePassed}
-      onCancel={closeModal}
-      footer={[<OrganizationSwitchMenu activeUser={activeUser} key={"switch-org"} />]}
-      maskClosable={false}
-    >
-      Please ask the organization owner to accept the terms of services. {deadlineExplanation}
-    </Modal>
-  );
-}
diff --git a/frontend/javascripts/router.tsx b/frontend/javascripts/router.tsx
index dcbc7815c49..a839dfe1a57 100644
--- a/frontend/javascripts/router.tsx
+++ b/frontend/javascripts/router.tsx
@@ -34,7 +34,6 @@ import DisableGenericDnd from "components/disable_generic_dnd";
 import { Imprint, Privacy } from "components/legal";
 import AsyncRedirect from "components/redirect";
 import SecuredRoute from "components/secured_route";
-import { CheckTermsOfServices } from "components/terms_of_services_check";
 import DashboardView, { urlTokenToTabKeyMap } from "dashboard/dashboard_view";
 import DatasetSettingsView from "dashboard/dataset/dataset_settings_view";
 import PublicationDetailView from "dashboard/publication_details_view";
@@ -213,7 +212,6 @@ class ReactRouter extends React.Component<Props> {
       <Router history={browserHistory}>
         <Layout>
           <DisableGenericDnd />
-          <CheckTermsOfServices />
           <Navbar isAuthenticated={isAuthenticated} />
           <HelpButton />
           <Content>
diff --git a/frontend/stylesheets/main.less b/frontend/stylesheets/main.less
index 984566340f3..67349f3078d 100644
--- a/frontend/stylesheets/main.less
+++ b/frontend/stylesheets/main.less
@@ -679,3 +679,8 @@ button.narrow {
 .max-z-index {
   z-index: 10000000000;
 }
+
+.registration-form-checkbox {
+  &.privacy{margin-bottom: 0px;}
+  &.tos{margin-bottom: 15px;}
+}
\ No newline at end of file

From 5340755a8db247d992acf5c0805f8b0f94b90281 Mon Sep 17 00:00:00 2001
From: Charlie Meister <charlie.meister@student.hpi.de>
Date: Fri, 15 Nov 2024 15:22:38 +0100
Subject: [PATCH 06/17] improve styling and remove random new test file

---
 .../admin/auth/registration_form_generic.tsx  | 98 +++++++++----------
 .../admin/auth/registration_form_wkorg.tsx    | 95 +++++++++---------
 .../javascripts/test/misc/node_types.spec.ts  | 37 -------
 frontend/stylesheets/main.less                | 13 ++-
 4 files changed, 106 insertions(+), 137 deletions(-)
 delete mode 100644 frontend/javascripts/test/misc/node_types.spec.ts

diff --git a/frontend/javascripts/admin/auth/registration_form_generic.tsx b/frontend/javascripts/admin/auth/registration_form_generic.tsx
index f820e2b7da5..6787ecd4c3b 100644
--- a/frontend/javascripts/admin/auth/registration_form_generic.tsx
+++ b/frontend/javascripts/admin/auth/registration_form_generic.tsx
@@ -278,56 +278,56 @@ function RegistrationFormGeneric(props: Props) {
           </FormItem>
         </Col>
       </Row>
-      {props.hidePrivacyStatement ? null : (
-        <FormItem
-          className="registration-form-checkbox privacy"
-          name="privacy_check"
-          valuePropName="checked"
-          rules={[
-            {
-              validator: (_, value) =>
-                value
-                  ? Promise.resolve()
-                  : Promise.reject(new Error(messages["auth.privacy_check_required"])),
-            },
-          ]}
-        >
-          <Checkbox>
-            I agree to storage and processing of my personal data as described in the{" "}
-            <a target="_blank" href="/privacy" rel="noopener noreferrer">
-              privacy statement
-            </a>
-            .
-          </Checkbox>
-        </FormItem>
-      )}
-      {terms != null && !terms.enabled ? null : (
-        <FormItem
-          className="registration-form-checkbox tos"
-          name="tos_check"
-          valuePropName="checked"
-          rules={[
-            {
-              validator: (_, value) =>
-                value
-                  ? Promise.resolve()
-                  : Promise.reject(new Error(messages["auth.tos_check_required"])),
-            },
-          ]}
-        >
-          <Checkbox disabled={terms == null}>
-            I agree to the{" "}
-            {terms == null ? (
-              "terms of service"
-            ) : (
-              <a target="_blank" href={terms.url} rel="noopener noreferrer">
-                terms of service
+      <div className="registration-form-checkboxes">
+        {props.hidePrivacyStatement ? null : (
+          <FormItem
+            name="privacy_check"
+            valuePropName="checked"
+            rules={[
+              {
+                validator: (_, value) =>
+                  value
+                    ? Promise.resolve()
+                    : Promise.reject(new Error(messages["auth.privacy_check_required"])),
+              },
+            ]}
+          >
+            <Checkbox>
+              I agree to storage and processing of my personal data as described in the{" "}
+              <a target="_blank" href="/privacy" rel="noopener noreferrer">
+                privacy statement
               </a>
-            )}
-            .
-          </Checkbox>
-        </FormItem>
-      )}
+              .
+            </Checkbox>
+          </FormItem>
+        )}
+        {terms != null && !terms.enabled ? null : (
+          <FormItem
+            name="tos_check"
+            valuePropName="checked"
+            rules={[
+              {
+                validator: (_, value) =>
+                  value
+                    ? Promise.resolve()
+                    : Promise.reject(new Error(messages["auth.tos_check_required"])),
+              },
+            ]}
+          >
+            <Checkbox disabled={terms == null}>
+              I agree to the{" "}
+              {terms == null ? (
+                "terms of service"
+              ) : (
+                <a target="_blank" href={terms.url} rel="noopener noreferrer">
+                  terms of service
+                </a>
+              )}
+              .
+            </Checkbox>
+          </FormItem>
+        )}
+      </div>
 
       <FormItem>
         <Button
diff --git a/frontend/javascripts/admin/auth/registration_form_wkorg.tsx b/frontend/javascripts/admin/auth/registration_form_wkorg.tsx
index d4666bc0511..610766645d3 100644
--- a/frontend/javascripts/admin/auth/registration_form_wkorg.tsx
+++ b/frontend/javascripts/admin/auth/registration_form_wkorg.tsx
@@ -159,54 +159,55 @@ function RegistrationFormWKOrg(props: Props) {
           placeholder="Password"
         />
       </FormItem>
-
-      <FormItem
-        name="privacy_check"
-        className="registration-form-checkbox privacy"
-        valuePropName="checked"
-        rules={[
-          {
-            validator: (_, value) =>
-              value
-                ? Promise.resolve()
-                : Promise.reject(new Error(messages["auth.privacy_check_required"])),
-          },
-        ]}
-      >
-        <Checkbox>
-          I agree to storage and processing of my personal data as described in the{" "}
-          <a target="_blank" href="/privacy" rel="noopener noreferrer">
-            privacy statement
-          </a>
-          .
-        </Checkbox>
-      </FormItem>
-
-      <FormItem
-        name="tos_check"
-        className="registration-form-checkbox tos"
-        valuePropName="checked"
-        rules={[
-          {
-            validator: (_, value) =>
-              value
-                ? Promise.resolve()
-                : Promise.reject(new Error(messages["auth.tos_check_required"])),
-          },
-        ]}
-      >
-        <Checkbox disabled={terms == null}>
-          I agree to the{" "}
-          {terms == null ? (
-            "terms of service"
-          ) : (
-            <a target="_blank" href={terms.url} rel="noopener noreferrer">
-              terms of service
+      <div className="registration-form-checkboxes">
+        <FormItem
+          name="privacy_check"
+          valuePropName="checked"
+          rules={[
+            {
+              validator: (_, value) =>
+                value
+                  ? Promise.resolve()
+                  : Promise.reject(new Error(messages["auth.privacy_check_required"])),
+            },
+          ]}
+        >
+          <Checkbox>
+            I agree to storage and processing of my personal data as described in the{" "}
+            <a target="_blank" href="/privacy" rel="noopener noreferrer">
+              privacy statement
             </a>
-          )}
-          .
-        </Checkbox>
-      </FormItem>
+            .
+          </Checkbox>
+        </FormItem>
+
+        {terms != null && !terms.enabled ? null : (
+          <FormItem
+            name="tos_check"
+            valuePropName="checked"
+            rules={[
+              {
+                validator: (_, value) =>
+                  value
+                    ? Promise.resolve()
+                    : Promise.reject(new Error(messages["auth.tos_check_required"])),
+              },
+            ]}
+          >
+            <Checkbox disabled={terms == null}>
+              I agree to the{" "}
+              {terms == null ? (
+                "terms of service"
+              ) : (
+                <a target="_blank" href={terms.url} rel="noopener noreferrer">
+                  terms of service
+                </a>
+              )}
+              .
+            </Checkbox>
+          </FormItem>
+        )}
+      </div>
 
       <FormItem>
         <Button
diff --git a/frontend/javascripts/test/misc/node_types.spec.ts b/frontend/javascripts/test/misc/node_types.spec.ts
deleted file mode 100644
index 27053969c14..00000000000
--- a/frontend/javascripts/test/misc/node_types.spec.ts
+++ /dev/null
@@ -1,37 +0,0 @@
-import test from "ava";
-
-interface ServerNode {
-  id: string;
-  name: string;
-  status: string;
-}
-
-interface MutableNode {
-  id: string;
-  value: any;
-  updatedAt: Date;
-}
-
-test("ServerNode has the right fields", (t) => {
-  const serverNode: ServerNode = {
-    id: "1",
-    name: "Server1",
-    status: "active",
-  };
-
-  t.is(serverNode.id, "1");
-  t.is(serverNode.name, "Server1");
-  t.is(serverNode.status, "active");
-});
-
-test("MutableNode has the right fields", (t) => {
-  const mutableNode: MutableNode = {
-    id: "2",
-    value: "some value",
-    updatedAt: new Date(),
-  };
-
-  t.is(mutableNode.id, "2");
-  t.is(mutableNode.value, "some value");
-  t.true(mutableNode.updatedAt instanceof Date);
-});
diff --git a/frontend/stylesheets/main.less b/frontend/stylesheets/main.less
index 67349f3078d..32d1bcc3fb3 100644
--- a/frontend/stylesheets/main.less
+++ b/frontend/stylesheets/main.less
@@ -680,7 +680,12 @@ button.narrow {
   z-index: 10000000000;
 }
 
-.registration-form-checkbox {
-  &.privacy{margin-bottom: 0px;}
-  &.tos{margin-bottom: 15px;}
-}
\ No newline at end of file
+.registration-form-checkboxes {
+  > div:first-of-type {
+    margin-bottom: 0px;
+  }
+  
+  > div:last-of-type {
+    margin-bottom: 15px;
+  }
+}

From 4ea0446cf136d50597e2f74bc3243aba821fa7e0 Mon Sep 17 00:00:00 2001
From: frcroth <frcroth@gmail.com>
Date: Mon, 18 Nov 2024 10:27:28 +0100
Subject: [PATCH 07/17] Supply user access context at sign up tos acceptance

---
 app/controllers/AuthenticationController.scala    | 11 +++++++++--
 app/models/organization/OrganizationService.scala |  5 ++---
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/app/controllers/AuthenticationController.scala b/app/controllers/AuthenticationController.scala
index 03d8fa7a6ae..94aaf77045a 100755
--- a/app/controllers/AuthenticationController.scala
+++ b/app/controllers/AuthenticationController.scala
@@ -23,7 +23,7 @@ import org.apache.commons.codec.digest.{HmacAlgorithms, HmacUtils}
 import play.api.data.Form
 import play.api.data.Forms.{email, _}
 import play.api.data.validation.Constraints._
-import play.api.i18n.Messages
+import play.api.i18n.{Messages, MessagesProvider}
 import play.api.libs.json._
 import play.api.mvc.{Action, AnyContent, Cookie, PlayBodyParsers, Request, Result}
 import security.{
@@ -622,7 +622,7 @@ class AuthenticationController @Inject()(
                     _ <- organizationService
                       .createOrganizationDirectory(organization._id, dataStoreToken) ?~> "organization.folderCreation.failed"
                     _ <- Fox.runOptional(signUpData.acceptedTermsOfService)(version =>
-                      organizationService.acceptTermsOfService(organization._id, version))
+                      acceptTermsOfServiceForUser(user, version))
                   } yield {
                     Mailer ! Send(defaultMails
                       .newOrganizationMail(organization.name, email, request.headers.get("Host").getOrElse("")))
@@ -639,6 +639,13 @@ class AuthenticationController @Inject()(
       )
   }
 
+  private def acceptTermsOfServiceForUser(user: User, termsOfServiceVersion: Int)(implicit m: MessagesProvider) =
+    for {
+      _ <- organizationService.acceptTermsOfService(user._organization, termsOfServiceVersion)(
+        DBAccessContext(Some(user)),
+        m)
+    } yield ()
+
   case class CreateUserInOrganizationParameters(firstName: String,
                                                 lastName: String,
                                                 email: String,
diff --git a/app/models/organization/OrganizationService.scala b/app/models/organization/OrganizationService.scala
index 0760d67cb3b..a5f29b74310 100644
--- a/app/models/organization/OrganizationService.scala
+++ b/app/models/organization/OrganizationService.scala
@@ -26,8 +26,7 @@ class OrganizationService @Inject()(organizationDAO: OrganizationDAO,
                                     folderService: FolderService,
                                     userService: UserService,
                                     rpc: RPC,
-                                    conf: WkConf,
-)(implicit ec: ExecutionContext)
+                                    conf: WkConf)(implicit ec: ExecutionContext)
     extends FoxImplicits
     with LazyLogging {
 
@@ -168,7 +167,7 @@ class OrganizationService @Inject()(organizationDAO: OrganizationDAO,
     fallbackOnOwnerEmail(organization.newUserMailingList, organization)
 
   def acceptTermsOfService(organizationId: String, version: Int)(implicit ctx: DBAccessContext,
-                                                                 mp: MessagesProvider): Fox[Unit] =
+                                                                 m: MessagesProvider): Fox[Unit] =
     for {
       _ <- bool2Fox(conf.WebKnossos.TermsOfService.enabled) ?~> "termsOfService.notEnabled"
       requiredVersion = conf.WebKnossos.TermsOfService.version

From 77e2a59b38ccb44299694275f4edcfa80d8f208a Mon Sep 17 00:00:00 2001
From: Charlie Meister <charlie.meister@student.hpi.de>
Date: Mon, 18 Nov 2024 11:48:16 +0100
Subject: [PATCH 08/17] send org name as id

---
 .../admin/auth/registration_form_wkorg.tsx    | 28 +++++++++----------
 1 file changed, 13 insertions(+), 15 deletions(-)

diff --git a/frontend/javascripts/admin/auth/registration_form_wkorg.tsx b/frontend/javascripts/admin/auth/registration_form_wkorg.tsx
index 610766645d3..14a7b7f93cb 100644
--- a/frontend/javascripts/admin/auth/registration_form_wkorg.tsx
+++ b/frontend/javascripts/admin/auth/registration_form_wkorg.tsx
@@ -1,6 +1,6 @@
 import { Form, Input, Button, Row, Col, Checkbox } from "antd";
 import { UserOutlined, LockOutlined, MailOutlined } from "@ant-design/icons";
-import { useRef, memo } from "react";
+import { memo } from "react";
 import { loginUser } from "admin/admin_rest_api";
 import { setActiveUserAction } from "oxalis/model/actions/user_actions";
 import Request from "libs/request";
@@ -17,35 +17,33 @@ type Props = {
   onRegistered: (isUserLoggedIn: true) => void;
 };
 
-function generateOrganizationId() {
-  let output = "";
-
-  for (let i = 0; i < 8; i++) {
-    output += Math.floor(Math.random() * 255)
-      .toString(16)
-      .padStart(2, "0");
-  }
+function generateOrganizationId(firstName: string, lastName: string) {
+  return `${firstName.toLowerCase()}-${lastName.toLowerCase()}-lab`;
+}
 
-  return output;
+function generateOrganizationName(firstName: string, lastName: string) {
+  return `${firstName} ${lastName} Lab`;
 }
 
 function RegistrationFormWKOrg(props: Props) {
   const [form] = Form.useForm();
-  const organizationId = useRef(generateOrganizationId());
   const terms = useFetch(getTermsOfService, null, []);
 
   async function onFinish(formValues: Record<string, any>) {
+    const { firstName, lastName } = formValues;
+    const trimmedFirstName = firstName.trim();
+    const trimmedLastName = lastName.trim();
     await Request.sendJSONReceiveJSON("/api/auth/createOrganizationWithAdmin", {
       data: {
         ...formValues,
-        firstName: formValues.firstName.trim(),
-        lastName: formValues.lastName.trim(),
+        firstName: trimmedFirstName,
+        lastName: trimmedLastName,
         password: {
           password1: formValues.password.password1,
           password2: formValues.password.password1,
         },
-        organization: organizationId.current,
-        organizationName: `${formValues.firstName.trim()} ${formValues.lastName.trim()} Lab`,
+        organization: generateOrganizationId(trimmedFirstName, trimmedLastName),
+        organizationName: generateOrganizationName(trimmedFirstName, trimmedLastName),
         acceptedTermsOfService: terms?.version,
       },
     });

From b1bb0b8f2dcdf3587f62e419250c0bda848487df Mon Sep 17 00:00:00 2001
From: Charlie Meister <charlie.meister@student.hpi.de>
Date: Mon, 18 Nov 2024 11:53:26 +0100
Subject: [PATCH 09/17] add tos modal again

---
 .../javascripts/admin/api/terms_of_service.ts |  14 ++
 .../components/terms_of_services_check.tsx    | 214 ++++++++++++++++++
 frontend/javascripts/router.tsx               |   2 +
 3 files changed, 230 insertions(+)
 create mode 100644 frontend/javascripts/components/terms_of_services_check.tsx

diff --git a/frontend/javascripts/admin/api/terms_of_service.ts b/frontend/javascripts/admin/api/terms_of_service.ts
index 8d989704f98..c1cf868c5a8 100644
--- a/frontend/javascripts/admin/api/terms_of_service.ts
+++ b/frontend/javascripts/admin/api/terms_of_service.ts
@@ -7,3 +7,17 @@ export function getTermsOfService(): Promise<{
 }> {
   return Request.receiveJSON("/api/termsOfService");
 }
+
+export type AcceptanceInfo = {
+  acceptanceDeadline: number;
+  acceptanceDeadlinePassed: boolean;
+  acceptanceNeeded: boolean;
+};
+
+export async function requiresTermsOfServiceAcceptance(): Promise<AcceptanceInfo> {
+  return await Request.receiveJSON("/api/termsOfService/acceptanceNeeded");
+}
+
+export function acceptTermsOfService(version: number): Promise<unknown> {
+  return Request.receiveJSON(`/api/termsOfService/accept?version=${version}`, { method: "POST" });
+}
diff --git a/frontend/javascripts/components/terms_of_services_check.tsx b/frontend/javascripts/components/terms_of_services_check.tsx
new file mode 100644
index 00000000000..d6b39d39a0d
--- /dev/null
+++ b/frontend/javascripts/components/terms_of_services_check.tsx
@@ -0,0 +1,214 @@
+import {
+  type AcceptanceInfo,
+  acceptTermsOfService,
+  getTermsOfService,
+  requiresTermsOfServiceAcceptance,
+} from "admin/api/terms_of_service";
+import { Dropdown, type MenuProps, Modal, Space, Spin } from "antd";
+import { AsyncButton } from "components/async_clickables";
+import { useFetch } from "libs/react_helpers";
+import UserLocalStorage from "libs/user_local_storage";
+import dayjs from "dayjs";
+import type { OxalisState } from "oxalis/store";
+import type React from "react";
+import { useEffect, useState } from "react";
+import { useSelector } from "react-redux";
+import { formatDateInLocalTimeZone } from "./formatted_date";
+import { switchTo } from "navbar";
+import { getUsersOrganizations } from "admin/admin_rest_api";
+import { DownOutlined } from "@ant-design/icons";
+import _ from "lodash";
+import type { APIUser } from "types/api_flow_types";
+
+const SNOOZE_DURATION_IN_DAYS = 3;
+const LAST_TERMS_OF_SERVICE_WARNING_KEY = "lastTermsOfServiceWarning";
+
+export function CheckTermsOfServices() {
+  const [isModalOpen, setIsModalOpen] = useState(false);
+  const closeModal = () => {
+    UserLocalStorage.setItem(LAST_TERMS_OF_SERVICE_WARNING_KEY, String(Date.now()));
+    setIsModalOpen(false);
+  };
+  const activeUser = useSelector((state: OxalisState) => state.activeUser);
+  const [recheckCounter, setRecheckCounter] = useState(0);
+  const acceptanceInfo = useFetch(
+    async () => {
+      if (activeUser == null) {
+        return null;
+      }
+      return await requiresTermsOfServiceAcceptance();
+    },
+    null,
+    [activeUser, recheckCounter],
+  );
+
+  useEffect(() => {
+    // Show ToS modal when the acceptance is needed and it wasn't snoozed
+    // (unless the deadline is exceeded).
+    if (!acceptanceInfo || !acceptanceInfo.acceptanceNeeded) {
+      return;
+    }
+    if (acceptanceInfo.acceptanceNeeded && acceptanceInfo.acceptanceDeadlinePassed) {
+      setIsModalOpen(true);
+      return;
+    }
+
+    const lastWarningString = UserLocalStorage.getItem(LAST_TERMS_OF_SERVICE_WARNING_KEY);
+    const lastWarning = dayjs(lastWarningString ? Number.parseInt(lastWarningString) : 0);
+    const isLastWarningOld = dayjs().diff(lastWarning, "days") > SNOOZE_DURATION_IN_DAYS;
+    setIsModalOpen(isLastWarningOld);
+  }, [acceptanceInfo]);
+  const onAccept = async (version: number) => {
+    await acceptTermsOfService(version);
+    setRecheckCounter((val) => val + 1);
+  };
+
+  if (!acceptanceInfo || !activeUser || !acceptanceInfo.acceptanceNeeded) {
+    return null;
+  }
+
+  if (activeUser.isOrganizationOwner) {
+    return (
+      <AcceptTermsOfServiceModal
+        acceptanceInfo={acceptanceInfo}
+        onAccept={onAccept}
+        isModalOpen={isModalOpen}
+        closeModal={closeModal}
+        activeUser={activeUser}
+      />
+    );
+  } else {
+    return (
+      <TermsOfServiceAcceptanceMissingModal
+        acceptanceInfo={acceptanceInfo}
+        isModalOpen={isModalOpen}
+        closeModal={closeModal}
+        activeUser={activeUser}
+      />
+    );
+  }
+}
+
+function OrganizationSwitchMenu({
+  activeUser,
+  style,
+}: {
+  activeUser: APIUser;
+  style?: React.CSSProperties;
+}) {
+  const { organization: organizationId } = activeUser;
+  const usersOrganizations = useFetch(getUsersOrganizations, [], []);
+  const switchableOrganizations = usersOrganizations.filter((org) => org.id !== organizationId);
+  const isMultiMember = switchableOrganizations.length > 0;
+
+  if (!isMultiMember) {
+    return null;
+  }
+
+  const items: MenuProps["items"] = switchableOrganizations.map((org) => ({
+    key: org.id,
+    onClick: () => switchTo(org),
+    label: org.name || org.id,
+  }));
+
+  return (
+    <Dropdown menu={{ items }} overlayStyle={{ maxHeight: "60vh", overflow: "auto" }}>
+      <a onClick={(e) => e.preventDefault()}>
+        <Space style={style}>
+          Switch Organization
+          <DownOutlined />
+        </Space>
+      </a>
+    </Dropdown>
+  );
+}
+
+function AcceptTermsOfServiceModal({
+  onAccept,
+  acceptanceInfo,
+  isModalOpen,
+  closeModal,
+  activeUser,
+}: {
+  onAccept: (version: number) => Promise<void>;
+  acceptanceInfo: AcceptanceInfo;
+  isModalOpen: boolean;
+  closeModal: () => void;
+  activeUser: APIUser;
+}) {
+  const terms = useFetch(getTermsOfService, null, []);
+
+  const deadlineExplanation = getDeadlineExplanation(acceptanceInfo);
+
+  return (
+    <Modal
+      open={isModalOpen}
+      title="Terms of Services"
+      closable={!acceptanceInfo.acceptanceDeadlinePassed}
+      onCancel={acceptanceInfo.acceptanceDeadlinePassed ? _.noop : closeModal}
+      width={850}
+      maskClosable={false}
+      footer={[
+        <OrganizationSwitchMenu
+          activeUser={activeUser}
+          style={{ marginRight: 12 }}
+          key={"switch-org"}
+        />,
+        <AsyncButton
+          key={"accept-button"}
+          type="primary"
+          loading={terms?.url == null}
+          onClick={async () => (terms != null ? await onAccept(terms.version) : null)}
+        >
+          Accept
+        </AsyncButton>,
+      ]}
+    >
+      <p>
+        <b>
+          Please accept the following terms of services to continue using WEBKNOSSOS.{" "}
+          {deadlineExplanation}
+        </b>
+      </p>
+
+      {terms == null ? (
+        <Spin spinning />
+      ) : (
+        <iframe style={{ width: 800, height: "55vh", border: "none" }} src={terms.url} />
+      )}
+    </Modal>
+  );
+}
+
+function getDeadlineExplanation(acceptanceInfo: AcceptanceInfo) {
+  return acceptanceInfo.acceptanceDeadlinePassed
+    ? null
+    : `If the terms are not accepted until ${formatDateInLocalTimeZone(
+        acceptanceInfo.acceptanceDeadline,
+      )}, WEBKNOSSOS cannot be used until the terms are accepted.`;
+}
+
+function TermsOfServiceAcceptanceMissingModal({
+  acceptanceInfo,
+  isModalOpen,
+  closeModal,
+  activeUser,
+}: {
+  acceptanceInfo: AcceptanceInfo;
+  isModalOpen: boolean;
+  closeModal: () => void;
+  activeUser: APIUser;
+}) {
+  const deadlineExplanation = getDeadlineExplanation(acceptanceInfo);
+  return (
+    <Modal
+      open={isModalOpen}
+      closable={!acceptanceInfo.acceptanceDeadlinePassed}
+      onCancel={closeModal}
+      footer={[<OrganizationSwitchMenu activeUser={activeUser} key={"switch-org"} />]}
+      maskClosable={false}
+    >
+      Please ask the organization owner to accept the terms of services. {deadlineExplanation}
+    </Modal>
+  );
+}
diff --git a/frontend/javascripts/router.tsx b/frontend/javascripts/router.tsx
index a839dfe1a57..77ceaeb6e3a 100644
--- a/frontend/javascripts/router.tsx
+++ b/frontend/javascripts/router.tsx
@@ -69,6 +69,7 @@ import loadable from "libs/lazy_loader";
 import type { EmptyObject } from "types/globals";
 import { DatasetURLImport } from "admin/dataset/dataset_url_import";
 import AiModelListView from "admin/voxelytics/ai_model_list_view";
+import { CheckTermsOfServices } from "components/terms_of_services_check";
 
 const { Content } = Layout;
 
@@ -212,6 +213,7 @@ class ReactRouter extends React.Component<Props> {
       <Router history={browserHistory}>
         <Layout>
           <DisableGenericDnd />
+          <CheckTermsOfServices />
           <Navbar isAuthenticated={isAuthenticated} />
           <HelpButton />
           <Content>

From f52c52842f5ad61866653cf09d8680d37f51f8ba Mon Sep 17 00:00:00 2001
From: frcroth <frcroth@gmail.com>
Date: Mon, 18 Nov 2024 16:50:00 +0100
Subject: [PATCH 10/17] Fix frontend lint

---
 frontend/javascripts/dashboard/explorative_annotations_view.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frontend/javascripts/dashboard/explorative_annotations_view.tsx b/frontend/javascripts/dashboard/explorative_annotations_view.tsx
index a57790d896b..cce9042286a 100644
--- a/frontend/javascripts/dashboard/explorative_annotations_view.tsx
+++ b/frontend/javascripts/dashboard/explorative_annotations_view.tsx
@@ -699,7 +699,7 @@ class ExplorativeAnnotationsView extends React.PureComponent<Props, State> {
               </div>
               <div className="flex-container">
                 <div className="flex-item" style={{ flexGrow: 0 }}>
-                  {teamTags.length > 0 ? <TeamOutlined className="icon-margin-right"/> : null}
+                  {teamTags.length > 0 ? <TeamOutlined className="icon-margin-right" /> : null}
                 </div>
                 <div className="flex-item">{teamTags}</div>
               </div>

From 2602e5bf416a141061b71a594cb5b226de4132e4 Mon Sep 17 00:00:00 2001
From: frcroth <frcroth@gmail.com>
Date: Wed, 20 Nov 2024 09:31:26 +0100
Subject: [PATCH 11/17] Add changelog

---
 CHANGELOG.unreleased.md                        | 1 +
 app/controllers/AuthenticationController.scala | 6 +-----
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.unreleased.md b/CHANGELOG.unreleased.md
index 3784c9075c7..4d3572ef4f6 100644
--- a/CHANGELOG.unreleased.md
+++ b/CHANGELOG.unreleased.md
@@ -15,6 +15,7 @@ For upgrade instructions, please check the [migration guide](MIGRATIONS.released
 ### Changed
 - Reading image files on datastore filesystem is now done asynchronously. [#8126](https://github.com/scalableminds/webknossos/pull/8126)
 - Improved error messages for starting jobs on datasets from other organizations. [#8181](https://github.com/scalableminds/webknossos/pull/8181)
+- Terms of Service for Webknossos are now accepted at registration, not afterward. [#8193](https://github.com/scalableminds/webknossos/pull/8193)
 
 ### Fixed
 - Fix performance bottleneck when deleting a lot of trees at once. [#8176](https://github.com/scalableminds/webknossos/pull/8176)
diff --git a/app/controllers/AuthenticationController.scala b/app/controllers/AuthenticationController.scala
index 94aaf77045a..81afb6d7350 100755
--- a/app/controllers/AuthenticationController.scala
+++ b/app/controllers/AuthenticationController.scala
@@ -640,11 +640,7 @@ class AuthenticationController @Inject()(
   }
 
   private def acceptTermsOfServiceForUser(user: User, termsOfServiceVersion: Int)(implicit m: MessagesProvider) =
-    for {
-      _ <- organizationService.acceptTermsOfService(user._organization, termsOfServiceVersion)(
-        DBAccessContext(Some(user)),
-        m)
-    } yield ()
+    organizationService.acceptTermsOfService(user._organization, termsOfServiceVersion)(DBAccessContext(Some(user)), m)
 
   case class CreateUserInOrganizationParameters(firstName: String,
                                                 lastName: String,

From e5d5f191e9017f6730e09fa7f4b28cfb1c2107c7 Mon Sep 17 00:00:00 2001
From: frcroth <frcroth@gmail.com>
Date: Wed, 20 Nov 2024 09:32:52 +0100
Subject: [PATCH 12/17] Revert "send org name as id"

This reverts commit 77e2a59b38ccb44299694275f4edcfa80d8f208a.
---
 .../admin/auth/registration_form_wkorg.tsx    | 28 ++++++++++---------
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/frontend/javascripts/admin/auth/registration_form_wkorg.tsx b/frontend/javascripts/admin/auth/registration_form_wkorg.tsx
index 14a7b7f93cb..610766645d3 100644
--- a/frontend/javascripts/admin/auth/registration_form_wkorg.tsx
+++ b/frontend/javascripts/admin/auth/registration_form_wkorg.tsx
@@ -1,6 +1,6 @@
 import { Form, Input, Button, Row, Col, Checkbox } from "antd";
 import { UserOutlined, LockOutlined, MailOutlined } from "@ant-design/icons";
-import { memo } from "react";
+import { useRef, memo } from "react";
 import { loginUser } from "admin/admin_rest_api";
 import { setActiveUserAction } from "oxalis/model/actions/user_actions";
 import Request from "libs/request";
@@ -17,33 +17,35 @@ type Props = {
   onRegistered: (isUserLoggedIn: true) => void;
 };
 
-function generateOrganizationId(firstName: string, lastName: string) {
-  return `${firstName.toLowerCase()}-${lastName.toLowerCase()}-lab`;
-}
+function generateOrganizationId() {
+  let output = "";
+
+  for (let i = 0; i < 8; i++) {
+    output += Math.floor(Math.random() * 255)
+      .toString(16)
+      .padStart(2, "0");
+  }
 
-function generateOrganizationName(firstName: string, lastName: string) {
-  return `${firstName} ${lastName} Lab`;
+  return output;
 }
 
 function RegistrationFormWKOrg(props: Props) {
   const [form] = Form.useForm();
+  const organizationId = useRef(generateOrganizationId());
   const terms = useFetch(getTermsOfService, null, []);
 
   async function onFinish(formValues: Record<string, any>) {
-    const { firstName, lastName } = formValues;
-    const trimmedFirstName = firstName.trim();
-    const trimmedLastName = lastName.trim();
     await Request.sendJSONReceiveJSON("/api/auth/createOrganizationWithAdmin", {
       data: {
         ...formValues,
-        firstName: trimmedFirstName,
-        lastName: trimmedLastName,
+        firstName: formValues.firstName.trim(),
+        lastName: formValues.lastName.trim(),
         password: {
           password1: formValues.password.password1,
           password2: formValues.password.password1,
         },
-        organization: generateOrganizationId(trimmedFirstName, trimmedLastName),
-        organizationName: generateOrganizationName(trimmedFirstName, trimmedLastName),
+        organization: organizationId.current,
+        organizationName: `${formValues.firstName.trim()} ${formValues.lastName.trim()} Lab`,
         acceptedTermsOfService: terms?.version,
       },
     });

From 377d2897b3d8564bfd25bf50c932b3b446645649 Mon Sep 17 00:00:00 2001
From: frcroth <frcroth@gmail.com>
Date: Wed, 20 Nov 2024 11:55:35 +0100
Subject: [PATCH 13/17] Require terms of service at sign up if enabled

---
 app/controllers/AuthenticationController.scala | 12 ++++++++----
 conf/application.conf                          |  2 +-
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/app/controllers/AuthenticationController.scala b/app/controllers/AuthenticationController.scala
index 81afb6d7350..3a8620a23df 100755
--- a/app/controllers/AuthenticationController.scala
+++ b/app/controllers/AuthenticationController.scala
@@ -621,8 +621,8 @@ class AuthenticationController @Inject()(
                     dataStoreToken <- bearerTokenAuthenticatorService.createAndInitDataStoreTokenForUser(user)
                     _ <- organizationService
                       .createOrganizationDirectory(organization._id, dataStoreToken) ?~> "organization.folderCreation.failed"
-                    _ <- Fox.runOptional(signUpData.acceptedTermsOfService)(version =>
-                      acceptTermsOfServiceForUser(user, version))
+                    _ <- Fox.runIf(conf.WebKnossos.TermsOfService.enabled)(
+                      acceptTermsOfServiceForUser(user, signUpData.acceptedTermsOfService))
                   } yield {
                     Mailer ! Send(defaultMails
                       .newOrganizationMail(organization.name, email, request.headers.get("Host").getOrElse("")))
@@ -639,8 +639,12 @@ class AuthenticationController @Inject()(
       )
   }
 
-  private def acceptTermsOfServiceForUser(user: User, termsOfServiceVersion: Int)(implicit m: MessagesProvider) =
-    organizationService.acceptTermsOfService(user._organization, termsOfServiceVersion)(DBAccessContext(Some(user)), m)
+  private def acceptTermsOfServiceForUser(user: User, termsOfServiceVersion: Option[Int])(
+      implicit m: MessagesProvider): Fox[Unit] =
+    for {
+      acceptedVersion <- Fox.option2Fox(termsOfServiceVersion)
+      _ <- organizationService.acceptTermsOfService(user._organization, acceptedVersion)(DBAccessContext(Some(user)), m)
+    } yield ()
 
   case class CreateUserInOrganizationParameters(firstName: String,
                                                 lastName: String,
diff --git a/conf/application.conf b/conf/application.conf
index dd13a75721f..a626e2bad6b 100644
--- a/conf/application.conf
+++ b/conf/application.conf
@@ -117,7 +117,7 @@ webKnossos {
   """
   termsOfService {
     enabled = true
-    # The URL will be embedded into an iFrame
+    # The URL will be linked to or embedded into an iFrame
     url = "https://webknossos.org/terms-of-service"
     acceptanceDeadline = "2023-01-01T00:00:00Z"
     version = 1

From 8d618c4fff0a2a087cdf087704e75425551f30ca Mon Sep 17 00:00:00 2001
From: Charlie Meister <charlie.meister@student.hpi.de>
Date: Thu, 21 Nov 2024 20:22:38 +0100
Subject: [PATCH 14/17] invert logic for rendering tos checkbox

---
 frontend/javascripts/admin/auth/registration_form_generic.tsx | 4 ++--
 frontend/javascripts/admin/auth/registration_form_wkorg.tsx   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/frontend/javascripts/admin/auth/registration_form_generic.tsx b/frontend/javascripts/admin/auth/registration_form_generic.tsx
index 6787ecd4c3b..d26a404fddd 100644
--- a/frontend/javascripts/admin/auth/registration_form_generic.tsx
+++ b/frontend/javascripts/admin/auth/registration_form_generic.tsx
@@ -301,7 +301,7 @@ function RegistrationFormGeneric(props: Props) {
             </Checkbox>
           </FormItem>
         )}
-        {terms != null && !terms.enabled ? null : (
+        {terms == null || terms.enabled ? (
           <FormItem
             name="tos_check"
             valuePropName="checked"
@@ -326,7 +326,7 @@ function RegistrationFormGeneric(props: Props) {
               .
             </Checkbox>
           </FormItem>
-        )}
+        ) : null}
       </div>
 
       <FormItem>
diff --git a/frontend/javascripts/admin/auth/registration_form_wkorg.tsx b/frontend/javascripts/admin/auth/registration_form_wkorg.tsx
index 610766645d3..d4997b0d1bd 100644
--- a/frontend/javascripts/admin/auth/registration_form_wkorg.tsx
+++ b/frontend/javascripts/admin/auth/registration_form_wkorg.tsx
@@ -181,7 +181,7 @@ function RegistrationFormWKOrg(props: Props) {
           </Checkbox>
         </FormItem>
 
-        {terms != null && !terms.enabled ? null : (
+        {terms == null || terms.enabled ? (
           <FormItem
             name="tos_check"
             valuePropName="checked"
@@ -206,7 +206,7 @@ function RegistrationFormWKOrg(props: Props) {
               .
             </Checkbox>
           </FormItem>
-        )}
+        ) : null}
       </div>
 
       <FormItem>

From 6c819e38c62d13a5b32921e7c99ff2516bfd9beb Mon Sep 17 00:00:00 2001
From: frcroth <frcroth@gmail.com>
Date: Mon, 25 Nov 2024 09:18:30 +0100
Subject: [PATCH 15/17] Add explanation on tos failure because of
 non-acceptance

---
 app/controllers/AuthenticationController.scala | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/AuthenticationController.scala b/app/controllers/AuthenticationController.scala
index 3a8620a23df..f8c87168bd7 100755
--- a/app/controllers/AuthenticationController.scala
+++ b/app/controllers/AuthenticationController.scala
@@ -642,7 +642,7 @@ class AuthenticationController @Inject()(
   private def acceptTermsOfServiceForUser(user: User, termsOfServiceVersion: Option[Int])(
       implicit m: MessagesProvider): Fox[Unit] =
     for {
-      acceptedVersion <- Fox.option2Fox(termsOfServiceVersion)
+      acceptedVersion <- Fox.option2Fox(termsOfServiceVersion) ?~> "Terms of service must be accepted."
       _ <- organizationService.acceptTermsOfService(user._organization, acceptedVersion)(DBAccessContext(Some(user)), m)
     } yield ()
 

From 1d2ecb25f10063d933954fbf70219563b98cdba5 Mon Sep 17 00:00:00 2001
From: frcroth <frcroth@gmail.com>
Date: Mon, 25 Nov 2024 09:20:21 +0100
Subject: [PATCH 16/17] Revert changes to application.conf

---
 conf/application.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/conf/application.conf b/conf/application.conf
index a626e2bad6b..751fcd1e5aa 100644
--- a/conf/application.conf
+++ b/conf/application.conf
@@ -116,7 +116,7 @@ webKnossos {
     Please add the information of the operator to comply with GDPR.
   """
   termsOfService {
-    enabled = true
+    enabled = false
     # The URL will be linked to or embedded into an iFrame
     url = "https://webknossos.org/terms-of-service"
     acceptanceDeadline = "2023-01-01T00:00:00Z"
@@ -146,7 +146,7 @@ features {
   discussionBoard = "https://forum.image.sc/tag/webknossos"
   discussionBoardRequiresAdmin = false
   hideNavbarLogin = false
-  isWkorgInstance = true
+  isWkorgInstance = false
   recommendWkorgInstance = true
   taskReopenAllowedInSeconds = 30
   allowDeleteDatasets = true

From d60afaa363ac145d144daed81c47fc4da6b40785 Mon Sep 17 00:00:00 2001
From: Charlie Meister <charlie.meister@student.hpi.de>
Date: Mon, 25 Nov 2024 17:11:03 +0100
Subject: [PATCH 17/17] extract TOS checkbox to component

---
 .../admin/auth/registration_form_generic.tsx  | 28 +------------
 .../admin/auth/registration_form_wkorg.tsx    | 29 +-------------
 .../admin/auth/tos_check_form_item.tsx        | 40 +++++++++++++++++++
 3 files changed, 44 insertions(+), 53 deletions(-)
 create mode 100644 frontend/javascripts/admin/auth/tos_check_form_item.tsx

diff --git a/frontend/javascripts/admin/auth/registration_form_generic.tsx b/frontend/javascripts/admin/auth/registration_form_generic.tsx
index d26a404fddd..dbb6c877a55 100644
--- a/frontend/javascripts/admin/auth/registration_form_generic.tsx
+++ b/frontend/javascripts/admin/auth/registration_form_generic.tsx
@@ -11,6 +11,7 @@ import { setHasOrganizationsAction } from "oxalis/model/actions/ui_actions";
 import { setActiveOrganizationAction } from "oxalis/model/actions/organization_actions";
 import { useFetch } from "libs/react_helpers";
 import { getTermsOfService } from "admin/api/terms_of_service";
+import { TOSCheckFormItem } from "./tos_check_form_item";
 
 const FormItem = Form.Item;
 const { Password } = Input;
@@ -301,32 +302,7 @@ function RegistrationFormGeneric(props: Props) {
             </Checkbox>
           </FormItem>
         )}
-        {terms == null || terms.enabled ? (
-          <FormItem
-            name="tos_check"
-            valuePropName="checked"
-            rules={[
-              {
-                validator: (_, value) =>
-                  value
-                    ? Promise.resolve()
-                    : Promise.reject(new Error(messages["auth.tos_check_required"])),
-              },
-            ]}
-          >
-            <Checkbox disabled={terms == null}>
-              I agree to the{" "}
-              {terms == null ? (
-                "terms of service"
-              ) : (
-                <a target="_blank" href={terms.url} rel="noopener noreferrer">
-                  terms of service
-                </a>
-              )}
-              .
-            </Checkbox>
-          </FormItem>
-        ) : null}
+        <TOSCheckFormItem terms={terms} />
       </div>
 
       <FormItem>
diff --git a/frontend/javascripts/admin/auth/registration_form_wkorg.tsx b/frontend/javascripts/admin/auth/registration_form_wkorg.tsx
index d4997b0d1bd..633e7613d0d 100644
--- a/frontend/javascripts/admin/auth/registration_form_wkorg.tsx
+++ b/frontend/javascripts/admin/auth/registration_form_wkorg.tsx
@@ -9,6 +9,7 @@ import messages from "messages";
 import { setActiveOrganizationAction } from "oxalis/model/actions/organization_actions";
 import { useFetch } from "libs/react_helpers";
 import { getTermsOfService } from "admin/api/terms_of_service";
+import { TOSCheckFormItem } from "./tos_check_form_item";
 
 const FormItem = Form.Item;
 const { Password } = Input;
@@ -180,33 +181,7 @@ function RegistrationFormWKOrg(props: Props) {
             .
           </Checkbox>
         </FormItem>
-
-        {terms == null || terms.enabled ? (
-          <FormItem
-            name="tos_check"
-            valuePropName="checked"
-            rules={[
-              {
-                validator: (_, value) =>
-                  value
-                    ? Promise.resolve()
-                    : Promise.reject(new Error(messages["auth.tos_check_required"])),
-              },
-            ]}
-          >
-            <Checkbox disabled={terms == null}>
-              I agree to the{" "}
-              {terms == null ? (
-                "terms of service"
-              ) : (
-                <a target="_blank" href={terms.url} rel="noopener noreferrer">
-                  terms of service
-                </a>
-              )}
-              .
-            </Checkbox>
-          </FormItem>
-        ) : null}
+        <TOSCheckFormItem terms={terms} />
       </div>
 
       <FormItem>
diff --git a/frontend/javascripts/admin/auth/tos_check_form_item.tsx b/frontend/javascripts/admin/auth/tos_check_form_item.tsx
new file mode 100644
index 00000000000..472d2e77455
--- /dev/null
+++ b/frontend/javascripts/admin/auth/tos_check_form_item.tsx
@@ -0,0 +1,40 @@
+import { Checkbox, Form } from "antd";
+import messages from "messages";
+
+const FormItem = Form.Item;
+
+type TOSProps = {
+  terms: {
+    enabled: boolean;
+    url: string;
+  } | null;
+};
+
+export function TOSCheckFormItem({ terms }: TOSProps) {
+  return terms == null || terms.enabled ? (
+    <FormItem
+      name="tos_check"
+      valuePropName="checked"
+      rules={[
+        {
+          validator: (_, value) =>
+            value
+              ? Promise.resolve()
+              : Promise.reject(new Error(messages["auth.tos_check_required"])),
+        },
+      ]}
+    >
+      <Checkbox disabled={terms == null}>
+        I agree to the{" "}
+        {terms == null ? (
+          "terms of service"
+        ) : (
+          <a target="_blank" href={terms.url} rel="noopener noreferrer">
+            terms of service
+          </a>
+        )}
+        .
+      </Checkbox>
+    </FormItem>
+  ) : null;
+}