Fix SSO authentication not working due to missing agreement boolean (#9915)

Fix #9906

app/models/concerns/omniauthable.rb

@@ -63,6 +63,7 @@ module Omniauthable
       {
         email: email || "#{TEMP_EMAIL_PREFIX}-#{auth.uid}-#{auth.provider}.com",
         password: Devise.friendly_token[0, 20],
+        agreement: true,
         account_attributes: {
           username: ensure_unique_username(auth.uid),
           display_name: display_name,

app/models/user.rb

@@ -295,6 +295,7 @@ class User < ApplicationRecord
 
   def self.pam_get_user(attributes = {})
     return nil unless attributes[:email]
+
     resource =
       if Devise.check_at_sign && !attributes[:email].index('@')
         joins(:account).find_by(accounts: { username: attributes[:email] })
@@ -304,6 +305,7 @@ class User < ApplicationRecord
 
     if resource.blank?
       resource = new(email: attributes[:email], agreement: true)
+
       if Devise.check_at_sign && !resource[:email].index('@')
         resource[:email] = Rpam2.getenv(resource.find_pam_service, attributes[:email], attributes[:password], 'email', false)
         resource[:email] = "#{attributes[:email]}@#{resource.find_pam_suffix}" unless resource[:email]