feat(legal): add privacy_policy_accepted field to User and enforce on registration

[vitorhugo-java]

Summary

• Flyway V28 (V28__add_privacy_policy_accepted_to_users.sql): adds privacy_policy_accepted TINYINT(1) NOT NULL DEFAULT 0 and privacy_policy_accepted_at DATETIME NULL columns to the users table
• User entity: two new fields with getters/setters
• RegisterRequest: new acceptedPrivacyPolicy field annotated with @AssertTrue — returns HTTP 400 if the client sends false or omits the field
• AuthService.register(): sets privacyPolicyAccepted = true and privacyPolicyAcceptedAt = now() when a user completes registration
• UserResponse: exposes privacyPolicyAccepted so the frontend can read the flag
• AuthMapper: maps the new field from entity to DTO

Why

Google requires every user to actively accept a Privacy Policy before an OAuth2 app can be approved for production. This change persists the acceptance event (boolean + timestamp) for compliance and audit purposes.

Reviewer notes

• The DEFAULT 0 in the migration means all existing users will have privacy_policy_accepted = 0. That is intentional — existing users predate this requirement and can be handled separately if needed
• The @AssertTrue constraint fires during Spring's @Valid processing on the controller, so no changes are needed in the controller itself
• Frontend counterpart: vitorhugo-java/React-JobApplyTracker — PR adds the checkbox UI and sends the flag on registration

Test plan

• Run the app — Flyway V28 migration applies cleanly with no errors
• POST /api/v1/auth/register without acceptedPrivacyPolicy or with false → HTTP 400 with validation message
• POST /api/v1/auth/register with acceptedPrivacyPolicy: true → HTTP 200, check DB row has privacy_policy_accepted = 1 and a non-null privacy_policy_accepted_at
• GET /api/v1/auth/me returns privacyPolicyAccepted: true for newly registered user

🤖 Generated with Claude Code

[github-actions]

Qodana for JVM

3 new problems were found

Inspection name	Severity	Problems
Nullability and data flow problems	🔶 Warning	1
Mismatched query and update of 'StringBuilder'	🔶 Warning	1
Simplifiable conditional expression	🔶 Warning	1

View the detailed Qodana report

To be able to view the detailed Qodana report, you can either:

• Register at Qodana Cloud and configure the action
• Use GitHub Code Scanning with Qodana
• Host Qodana report at GitHub Pages
• Inspect and use qodana.sarif.json (see the Qodana SARIF format for details)

To get *.log files or any other Qodana artifacts, run the action with upload-result option set to true,
so that the action will upload the files as the job artifacts:

      - name: 'Qodana Scan'
        uses: JetBrains/qodana-action@v2025.3.2
        with:
          upload-result: true

Contact Qodana team

Contact us at qodana-support@jetbrains.com

• Or via our issue tracker: https://jb.gg/qodana-issue
• Or share your feedback: https://jb.gg/qodana-discussions