Skip to content

Commit

Permalink
Enforce GDPR privacy if there's an error parsing consent (prebid#1593)
Browse files Browse the repository at this point in the history
* Enforce GDPR privacy if there's an error parsing consent

* Update test with consent string variables to improve readability

* Fix test typo

* Update test variable names to follow go conventions
  • Loading branch information
bsardo authored and Dan Barnett committed May 11, 2021
1 parent ef89f66 commit 4d2a8ac
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 17 deletions.
12 changes: 7 additions & 5 deletions exchange/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -118,11 +118,13 @@ func cleanOpenRTBRequests(ctx context.Context,
if gdprEnforced {
var publisherID = req.LegacyLabels.PubID
_, geo, id, err := gDPR.PersonalInfoAllowed(ctx, bidderRequest.BidderCoreName, publisherID, gdprSignal, consent)
privacyEnforcement.GDPRGeo = !geo && err == nil
privacyEnforcement.GDPRID = !id && err == nil
} else {
privacyEnforcement.GDPRGeo = false
privacyEnforcement.GDPRID = false
if err == nil {
privacyEnforcement.GDPRGeo = !geo
privacyEnforcement.GDPRID = !id
} else {
privacyEnforcement.GDPRGeo = true
privacyEnforcement.GDPRID = true
}
}

privacyEnforcement.Apply(bidderRequest.BidRequest)
Expand Down
41 changes: 29 additions & 12 deletions exchange/utils_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,8 @@ import (
//
// It only allows appnexus for GDPR consent
type permissionsMock struct {
personalInfoAllowed bool
personalInfoAllowed bool
personalInfoAllowedError error
}

func (p *permissionsMock) HostCookiesAllowed(ctx context.Context, consent string) (bool, error) {
Expand All @@ -32,7 +33,7 @@ func (p *permissionsMock) BidderSyncAllowed(ctx context.Context, bidder openrtb_
}

func (p *permissionsMock) PersonalInfoAllowed(ctx context.Context, bidder openrtb_ext.BidderName, PublisherID string, gdpr gdpr.Signal, consent string) (bool, bool, bool, error) {
return p.personalInfoAllowed, p.personalInfoAllowed, p.personalInfoAllowed, nil
return p.personalInfoAllowed, p.personalInfoAllowed, p.personalInfoAllowed, p.personalInfoAllowedError
}

func assertReq(t *testing.T, bidderRequests []BidderRequest,
Expand Down Expand Up @@ -1045,6 +1046,8 @@ func TestCleanOpenRTBRequestsLMT(t *testing.T) {
}

func TestCleanOpenRTBRequestsGDPR(t *testing.T) {
tcf1Consent := "BONV8oqONXwgmADACHENAO7pqzAAppY"
tcf2Consent := "COzTVhaOzTVhaGvAAAENAiCIAP_AAH_AAAAAAEEUACCKAAA"
trueValue, falseValue := true, false

testCases := []struct {
Expand All @@ -1054,6 +1057,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) {
gdpr string
gdprConsent string
gdprScrub bool
permissionsError error
userSyncIfAmbiguous bool
expectPrivacyLabels metrics.PrivacyLabels
}{
Expand All @@ -1074,7 +1078,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) {
gdprAccountEnabled: &trueValue,
gdprHostEnabled: true,
gdpr: "1",
gdprConsent: "BONV8oqONXwgmADACHENAO7pqzAAppY",
gdprConsent: tcf1Consent,
gdprScrub: true,
expectPrivacyLabels: metrics.PrivacyLabels{
GDPREnforced: true,
Expand All @@ -1086,7 +1090,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) {
gdprAccountEnabled: &trueValue,
gdprHostEnabled: true,
gdpr: "1",
gdprConsent: "COzTVhaOzTVhaGvAAAENAiCIAP_AAH_AAAAAAEEUACCKAAA",
gdprConsent: tcf2Consent,
gdprScrub: true,
expectPrivacyLabels: metrics.PrivacyLabels{
GDPREnforced: true,
Expand All @@ -1098,7 +1102,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) {
gdprAccountEnabled: &trueValue,
gdprHostEnabled: true,
gdpr: "0",
gdprConsent: "BONV8oqONXwgmADACHENAO7pqzAAppY",
gdprConsent: tcf1Consent,
gdprScrub: false,
expectPrivacyLabels: metrics.PrivacyLabels{
GDPREnforced: false,
Expand All @@ -1110,7 +1114,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) {
gdprAccountEnabled: &trueValue,
gdprHostEnabled: false,
gdpr: "1",
gdprConsent: "BONV8oqONXwgmADACHENAO7pqzAAppY",
gdprConsent: tcf1Consent,
gdprScrub: true,
expectPrivacyLabels: metrics.PrivacyLabels{
GDPREnforced: true,
Expand All @@ -1122,7 +1126,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) {
gdprAccountEnabled: &falseValue,
gdprHostEnabled: true,
gdpr: "1",
gdprConsent: "BONV8oqONXwgmADACHENAO7pqzAAppY",
gdprConsent: tcf1Consent,
gdprScrub: false,
expectPrivacyLabels: metrics.PrivacyLabels{
GDPREnforced: false,
Expand All @@ -1134,7 +1138,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) {
gdprAccountEnabled: nil,
gdprHostEnabled: true,
gdpr: "1",
gdprConsent: "BONV8oqONXwgmADACHENAO7pqzAAppY",
gdprConsent: tcf1Consent,
gdprScrub: true,
expectPrivacyLabels: metrics.PrivacyLabels{
GDPREnforced: true,
Expand All @@ -1146,7 +1150,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) {
gdprAccountEnabled: nil,
gdprHostEnabled: false,
gdpr: "1",
gdprConsent: "BONV8oqONXwgmADACHENAO7pqzAAppY",
gdprConsent: tcf1Consent,
gdprScrub: false,
expectPrivacyLabels: metrics.PrivacyLabels{
GDPREnforced: false,
Expand All @@ -1158,7 +1162,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) {
gdprAccountEnabled: nil,
gdprHostEnabled: true,
gdpr: "null",
gdprConsent: "BONV8oqONXwgmADACHENAO7pqzAAppY",
gdprConsent: tcf1Consent,
gdprScrub: true,
userSyncIfAmbiguous: false,
expectPrivacyLabels: metrics.PrivacyLabels{
Expand All @@ -1171,14 +1175,27 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) {
gdprAccountEnabled: nil,
gdprHostEnabled: true,
gdpr: "null",
gdprConsent: "BONV8oqONXwgmADACHENAO7pqzAAppY",
gdprConsent: tcf1Consent,
gdprScrub: false,
userSyncIfAmbiguous: true,
expectPrivacyLabels: metrics.PrivacyLabels{
GDPREnforced: false,
GDPRTCFVersion: "",
},
},
{
description: "Enforce - error while checking if personal info is allowed",
gdprAccountEnabled: nil,
gdprHostEnabled: true,
gdpr: "1",
gdprConsent: tcf1Consent,
gdprScrub: true,
permissionsError: errors.New("Some error"),
expectPrivacyLabels: metrics.PrivacyLabels{
GDPREnforced: true,
GDPRTCFVersion: metrics.TCFVersionV1,
},
},
}

for _, test := range testCases {
Expand Down Expand Up @@ -1214,7 +1231,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) {
context.Background(),
auctionReq,
nil,
&permissionsMock{personalInfoAllowed: !test.gdprScrub},
&permissionsMock{personalInfoAllowed: !test.gdprScrub, personalInfoAllowedError: test.permissionsError},
test.userSyncIfAmbiguous,
privacyConfig)
result := results[0]
Expand Down

0 comments on commit 4d2a8ac

Please sign in to comment.