diff --git a/pkg/controller/account/age_gate.go b/pkg/controller/account/age_gate.go index 37c1bdd..2a78851 100644 --- a/pkg/controller/account/age_gate.go +++ b/pkg/controller/account/age_gate.go @@ -28,6 +28,12 @@ func AgeGate() http.HandlerFunc { return } + // If we have already set our age, don't allow changing it. + if !user.Birthdate.IsZero() { + templates.NotFoundPage(w, r) + return + } + // Are we POSTing? if r.Method == http.MethodPost { var ( diff --git a/pkg/controller/account/settings.go b/pkg/controller/account/settings.go index c9e808f..bc12891 100644 --- a/pkg/controller/account/settings.go +++ b/pkg/controller/account/settings.go @@ -59,20 +59,24 @@ func Settings() http.HandlerFunc { // Set user attributes. user.Name = &displayName - if len(dob) > 0 { - if birthdate, err := time.Parse("2006-01-02", dob); err != nil { - session.FlashError(w, r, "Incorrect format for birthdate; should be in yyyy-mm-dd format but got: %s", dob) + + // Birthdate, now required. + if birthdate, err := time.Parse("2006-01-02", dob); err != nil { + session.FlashError(w, r, "Incorrect format for birthdate; should be in yyyy-mm-dd format but got: %s", dob) + } else { + // Validate birthdate is at least age 18. + if utility.Age(birthdate) < 18 { + session.FlashError(w, r, "Invalid birthdate: you must be at least 18 years old to use this site.") + templates.Redirect(w, r.URL.Path) + return + } + + // The user isn't allowed to change it on their own, even if they edit the form to remove the readonly value. + if !user.Birthdate.IsZero() && user.Birthdate.Format("2006-01-02") != dob { + session.FlashError(w, r, "Please contact support if you want to change your birthdate.") } else { - // Validate birthdate is at least age 18. - if utility.Age(birthdate) < 18 { - session.FlashError(w, r, "Invalid birthdate: you must be at least 18 years old to use this site.") - templates.Redirect(w, r.URL.Path) - return - } user.Birthdate = birthdate } - } else { - user.Birthdate = time.Time{} } // Set profile attributes.