From 6e9c31e6a8c2254b40bc76aff97f128a9ed4021d Mon Sep 17 00:00:00 2001 From: bsardo <1168933+bsardo@users.noreply.github.com> Date: Wed, 18 Nov 2020 16:50:22 -0500 Subject: [PATCH 1/4] Enforce GDPR privacy if there's an error parsing consent --- exchange/utils.go | 12 +++++++----- exchange/utils_test.go | 21 ++++++++++++++++++--- 2 files changed, 25 insertions(+), 8 deletions(-) diff --git a/exchange/utils.go b/exchange/utils.go index 21c31a290b4..d574c2a6452 100644 --- a/exchange/utils.go +++ b/exchange/utils.go @@ -118,11 +118,13 @@ func cleanOpenRTBRequests(ctx context.Context, if gdprEnforced { var publisherID = req.LegacyLabels.PubID _, geo, id, err := gDPR.PersonalInfoAllowed(ctx, bidderRequest.BidderCoreName, publisherID, gdprSignal, consent) - privacyEnforcement.GDPRGeo = !geo && err == nil - privacyEnforcement.GDPRID = !id && err == nil - } else { - privacyEnforcement.GDPRGeo = false - privacyEnforcement.GDPRID = false + if err == nil { + privacyEnforcement.GDPRGeo = !geo + privacyEnforcement.GDPRID = !id + } else { + privacyEnforcement.GDPRGeo = true + privacyEnforcement.GDPRID = true + } } privacyEnforcement.Apply(bidderRequest.BidRequest) diff --git a/exchange/utils_test.go b/exchange/utils_test.go index f9a04f25e40..3007a7da348 100644 --- a/exchange/utils_test.go +++ b/exchange/utils_test.go @@ -20,7 +20,8 @@ import ( // // It only allows appnexus for GDPR consent type permissionsMock struct { - personalInfoAllowed bool + personalInfoAllowed bool + personalInfoAllowedError error } func (p *permissionsMock) HostCookiesAllowed(ctx context.Context, consent string) (bool, error) { @@ -32,7 +33,7 @@ func (p *permissionsMock) BidderSyncAllowed(ctx context.Context, bidder openrtb_ } func (p *permissionsMock) PersonalInfoAllowed(ctx context.Context, bidder openrtb_ext.BidderName, PublisherID string, gdpr gdpr.Signal, consent string) (bool, bool, bool, error) { - return p.personalInfoAllowed, p.personalInfoAllowed, p.personalInfoAllowed, nil + return p.personalInfoAllowed, p.personalInfoAllowed, p.personalInfoAllowed, p.personalInfoAllowedError } func assertReq(t *testing.T, bidderRequests []BidderRequest, @@ -1054,6 +1055,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) { gdpr string gdprConsent string gdprScrub bool + permissionsError error userSyncIfAmbiguous bool expectPrivacyLabels metrics.PrivacyLabels }{ @@ -1179,6 +1181,19 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) { GDPRTCFVersion: "", }, }, + { + description: "Not Enforce - error while checking if personal info is allowed", + gdprAccountEnabled: nil, + gdprHostEnabled: true, + gdpr: "1", + gdprConsent: "BONV8oqONXwgmADACHENAO7pqzAAppY", + gdprScrub: true, + permissionsError: errors.New("Some error"), + expectPrivacyLabels: metrics.PrivacyLabels{ + GDPREnforced: true, + GDPRTCFVersion: metrics.TCFVersionV1, + }, + }, } for _, test := range testCases { @@ -1214,7 +1229,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) { context.Background(), auctionReq, nil, - &permissionsMock{personalInfoAllowed: !test.gdprScrub}, + &permissionsMock{personalInfoAllowed: !test.gdprScrub, personalInfoAllowedError: test.permissionsError}, test.userSyncIfAmbiguous, privacyConfig) result := results[0] From a2a9ad6a12f88929b35d6e9fa2b86d9257884834 Mon Sep 17 00:00:00 2001 From: bsardo <1168933+bsardo@users.noreply.github.com> Date: Fri, 8 Jan 2021 11:36:16 -0500 Subject: [PATCH 2/4] Update test with consent string variables to improve readability --- exchange/utils_test.go | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/exchange/utils_test.go b/exchange/utils_test.go index 3007a7da348..08a70cc3718 100644 --- a/exchange/utils_test.go +++ b/exchange/utils_test.go @@ -1046,6 +1046,8 @@ func TestCleanOpenRTBRequestsLMT(t *testing.T) { } func TestCleanOpenRTBRequestsGDPR(t *testing.T) { + TCF1Consent := "BONV8oqONXwgmADACHENAO7pqzAAppY" + TCF2Consent := "COzTVhaOzTVhaGvAAAENAiCIAP_AAH_AAAAAAEEUACCKAAA" trueValue, falseValue := true, false testCases := []struct { @@ -1076,7 +1078,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) { gdprAccountEnabled: &trueValue, gdprHostEnabled: true, gdpr: "1", - gdprConsent: "BONV8oqONXwgmADACHENAO7pqzAAppY", + gdprConsent: TCF1Consent, gdprScrub: true, expectPrivacyLabels: metrics.PrivacyLabels{ GDPREnforced: true, @@ -1088,7 +1090,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) { gdprAccountEnabled: &trueValue, gdprHostEnabled: true, gdpr: "1", - gdprConsent: "COzTVhaOzTVhaGvAAAENAiCIAP_AAH_AAAAAAEEUACCKAAA", + gdprConsent: TCF2Consent, gdprScrub: true, expectPrivacyLabels: metrics.PrivacyLabels{ GDPREnforced: true, @@ -1100,7 +1102,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) { gdprAccountEnabled: &trueValue, gdprHostEnabled: true, gdpr: "0", - gdprConsent: "BONV8oqONXwgmADACHENAO7pqzAAppY", + gdprConsent: TCF1Consent, gdprScrub: false, expectPrivacyLabels: metrics.PrivacyLabels{ GDPREnforced: false, @@ -1112,7 +1114,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) { gdprAccountEnabled: &trueValue, gdprHostEnabled: false, gdpr: "1", - gdprConsent: "BONV8oqONXwgmADACHENAO7pqzAAppY", + gdprConsent: TCF1Consent, gdprScrub: true, expectPrivacyLabels: metrics.PrivacyLabels{ GDPREnforced: true, @@ -1124,7 +1126,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) { gdprAccountEnabled: &falseValue, gdprHostEnabled: true, gdpr: "1", - gdprConsent: "BONV8oqONXwgmADACHENAO7pqzAAppY", + gdprConsent: TCF1Consent, gdprScrub: false, expectPrivacyLabels: metrics.PrivacyLabels{ GDPREnforced: false, @@ -1136,7 +1138,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) { gdprAccountEnabled: nil, gdprHostEnabled: true, gdpr: "1", - gdprConsent: "BONV8oqONXwgmADACHENAO7pqzAAppY", + gdprConsent: TCF1Consent, gdprScrub: true, expectPrivacyLabels: metrics.PrivacyLabels{ GDPREnforced: true, @@ -1148,7 +1150,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) { gdprAccountEnabled: nil, gdprHostEnabled: false, gdpr: "1", - gdprConsent: "BONV8oqONXwgmADACHENAO7pqzAAppY", + gdprConsent: TCF1Consent, gdprScrub: false, expectPrivacyLabels: metrics.PrivacyLabels{ GDPREnforced: false, @@ -1160,7 +1162,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) { gdprAccountEnabled: nil, gdprHostEnabled: true, gdpr: "null", - gdprConsent: "BONV8oqONXwgmADACHENAO7pqzAAppY", + gdprConsent: TCF1Consent, gdprScrub: true, userSyncIfAmbiguous: false, expectPrivacyLabels: metrics.PrivacyLabels{ @@ -1173,7 +1175,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) { gdprAccountEnabled: nil, gdprHostEnabled: true, gdpr: "null", - gdprConsent: "BONV8oqONXwgmADACHENAO7pqzAAppY", + gdprConsent: TCF1Consent, gdprScrub: false, userSyncIfAmbiguous: true, expectPrivacyLabels: metrics.PrivacyLabels{ @@ -1186,7 +1188,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) { gdprAccountEnabled: nil, gdprHostEnabled: true, gdpr: "1", - gdprConsent: "BONV8oqONXwgmADACHENAO7pqzAAppY", + gdprConsent: TCF1Consent, gdprScrub: true, permissionsError: errors.New("Some error"), expectPrivacyLabels: metrics.PrivacyLabels{ From 6209fe28317479f242159c894381edec0cbf51a9 Mon Sep 17 00:00:00 2001 From: bsardo <1168933+bsardo@users.noreply.github.com> Date: Fri, 8 Jan 2021 11:39:10 -0500 Subject: [PATCH 3/4] Fix test typo --- exchange/utils_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/exchange/utils_test.go b/exchange/utils_test.go index 08a70cc3718..74fb7c980c0 100644 --- a/exchange/utils_test.go +++ b/exchange/utils_test.go @@ -1184,7 +1184,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) { }, }, { - description: "Not Enforce - error while checking if personal info is allowed", + description: "Enforce - error while checking if personal info is allowed", gdprAccountEnabled: nil, gdprHostEnabled: true, gdpr: "1", From 36483ebc7fe61dd2b0b4478f83b0086a680254a7 Mon Sep 17 00:00:00 2001 From: bsardo <1168933+bsardo@users.noreply.github.com> Date: Tue, 12 Jan 2021 10:06:30 -0500 Subject: [PATCH 4/4] Update test variable names to follow go conventions --- exchange/utils_test.go | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/exchange/utils_test.go b/exchange/utils_test.go index 74fb7c980c0..e13f956b46d 100644 --- a/exchange/utils_test.go +++ b/exchange/utils_test.go @@ -1046,8 +1046,8 @@ func TestCleanOpenRTBRequestsLMT(t *testing.T) { } func TestCleanOpenRTBRequestsGDPR(t *testing.T) { - TCF1Consent := "BONV8oqONXwgmADACHENAO7pqzAAppY" - TCF2Consent := "COzTVhaOzTVhaGvAAAENAiCIAP_AAH_AAAAAAEEUACCKAAA" + tcf1Consent := "BONV8oqONXwgmADACHENAO7pqzAAppY" + tcf2Consent := "COzTVhaOzTVhaGvAAAENAiCIAP_AAH_AAAAAAEEUACCKAAA" trueValue, falseValue := true, false testCases := []struct { @@ -1078,7 +1078,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) { gdprAccountEnabled: &trueValue, gdprHostEnabled: true, gdpr: "1", - gdprConsent: TCF1Consent, + gdprConsent: tcf1Consent, gdprScrub: true, expectPrivacyLabels: metrics.PrivacyLabels{ GDPREnforced: true, @@ -1090,7 +1090,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) { gdprAccountEnabled: &trueValue, gdprHostEnabled: true, gdpr: "1", - gdprConsent: TCF2Consent, + gdprConsent: tcf2Consent, gdprScrub: true, expectPrivacyLabels: metrics.PrivacyLabels{ GDPREnforced: true, @@ -1102,7 +1102,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) { gdprAccountEnabled: &trueValue, gdprHostEnabled: true, gdpr: "0", - gdprConsent: TCF1Consent, + gdprConsent: tcf1Consent, gdprScrub: false, expectPrivacyLabels: metrics.PrivacyLabels{ GDPREnforced: false, @@ -1114,7 +1114,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) { gdprAccountEnabled: &trueValue, gdprHostEnabled: false, gdpr: "1", - gdprConsent: TCF1Consent, + gdprConsent: tcf1Consent, gdprScrub: true, expectPrivacyLabels: metrics.PrivacyLabels{ GDPREnforced: true, @@ -1126,7 +1126,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) { gdprAccountEnabled: &falseValue, gdprHostEnabled: true, gdpr: "1", - gdprConsent: TCF1Consent, + gdprConsent: tcf1Consent, gdprScrub: false, expectPrivacyLabels: metrics.PrivacyLabels{ GDPREnforced: false, @@ -1138,7 +1138,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) { gdprAccountEnabled: nil, gdprHostEnabled: true, gdpr: "1", - gdprConsent: TCF1Consent, + gdprConsent: tcf1Consent, gdprScrub: true, expectPrivacyLabels: metrics.PrivacyLabels{ GDPREnforced: true, @@ -1150,7 +1150,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) { gdprAccountEnabled: nil, gdprHostEnabled: false, gdpr: "1", - gdprConsent: TCF1Consent, + gdprConsent: tcf1Consent, gdprScrub: false, expectPrivacyLabels: metrics.PrivacyLabels{ GDPREnforced: false, @@ -1162,7 +1162,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) { gdprAccountEnabled: nil, gdprHostEnabled: true, gdpr: "null", - gdprConsent: TCF1Consent, + gdprConsent: tcf1Consent, gdprScrub: true, userSyncIfAmbiguous: false, expectPrivacyLabels: metrics.PrivacyLabels{ @@ -1175,7 +1175,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) { gdprAccountEnabled: nil, gdprHostEnabled: true, gdpr: "null", - gdprConsent: TCF1Consent, + gdprConsent: tcf1Consent, gdprScrub: false, userSyncIfAmbiguous: true, expectPrivacyLabels: metrics.PrivacyLabels{ @@ -1188,7 +1188,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) { gdprAccountEnabled: nil, gdprHostEnabled: true, gdpr: "1", - gdprConsent: TCF1Consent, + gdprConsent: tcf1Consent, gdprScrub: true, permissionsError: errors.New("Some error"), expectPrivacyLabels: metrics.PrivacyLabels{