Revert "GPP in the cookie sync endpoint (prebid#2757)"

This reverts commit 708d917.
PubMatic-OpenWrap · Jun 5, 2023 · 4f67c5a · 4f67c5a
1 parent c7eabde
commit 4f67c5a
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 268 deletions.
diff --git a/endpoints/cookie_sync.go b/endpoints/cookie_sync.go
@@ -12,8 +12,6 @@ import (
 
 	"github.com/golang/glog"
 	"github.com/julienschmidt/httprouter"
-	gpplib "github.com/prebid/go-gpp"
-	gppConstants "github.com/prebid/go-gpp/constants"
 	accountService "github.com/prebid/prebid-server/account"
 	"github.com/prebid/prebid-server/analytics"
 	"github.com/prebid/prebid-server/config"
@@ -27,7 +25,6 @@ import (
 	gppPrivacy "github.com/prebid/prebid-server/privacy/gpp"
 	"github.com/prebid/prebid-server/stored_requests"
 	"github.com/prebid/prebid-server/usersync"
-	stringutil "github.com/prebid/prebid-server/util/stringutil"
 )
 
 var (
@@ -129,12 +126,40 @@ func (c *cookieSyncEndpoint) parseRequest(r *http.Request) (usersync.Request, pr
 		return usersync.Request{}, privacy.Policies{}, combineErrors(fetchErrs)
 	}
 
+	var gdprString string
+	if request.GDPR != nil {
+		gdprString = strconv.Itoa(*request.GDPR)
+	}
+	gdprSignal, err := gdpr.StrSignalParse(gdprString)
+	if err != nil {
+		return usersync.Request{}, privacy.Policies{}, err
+	}
+
+	if request.GDPRConsent == "" {
+		if gdprSignal == gdpr.SignalYes {
+			return usersync.Request{}, privacy.Policies{}, errCookieSyncGDPRConsentMissing
+		}
+
+		if gdprSignal == gdpr.SignalAmbiguous && gdpr.SignalNormalize(gdprSignal, c.privacyConfig.gdprConfig.DefaultValue) == gdpr.SignalYes {
+			return usersync.Request{}, privacy.Policies{}, errCookieSyncGDPRConsentMissingSignalAmbiguous
+		}
+	}
+
 	request = c.setLimit(request, account.CookieSync)
 	request = c.setCooperativeSync(request, account.CookieSync)
 
-	privacyPolicies, gdprSignal, err := extractPrivacyPolicies(request, c.privacyConfig.gdprConfig.DefaultValue)
-	if err != nil {
-		return usersync.Request{}, privacy.Policies{}, err
+	privacyPolicies := privacy.Policies{
+		GDPR: gdprPrivacy.Policy{
+			Signal:  gdprString,
+			Consent: request.GDPRConsent,
+		},
+		CCPA: ccpa.Policy{
+			Consent: request.USPrivacy,
+		},
+		GPP: gppPrivacy.Policy{
+			Consent: request.GPP,
+			RawSID:  request.GPPSid,
+		},
 	}
 
 	//OpenWrap: do not allow publishers to bypass GDPR
@@ -159,7 +184,7 @@ func (c *cookieSyncEndpoint) parseRequest(r *http.Request) (usersync.Request, pr
 	}
 
 	gdprRequestInfo := gdpr.RequestInfo{
-		Consent:    privacyPolicies.GDPR.Consent,
+		Consent:    request.GDPRConsent,
 		GDPRSignal: gdprSignal,
 	}
 
@@ -182,82 +207,6 @@ func (c *cookieSyncEndpoint) parseRequest(r *http.Request) (usersync.Request, pr
 	return rx, privacyPolicies, nil
 }
 
-func extractPrivacyPolicies(request cookieSyncRequest, usersyncDefaultGDPRValue string) (privacy.Policies, gdpr.Signal, error) {
-	// GDPR
-	gppSID, err := stringutil.StrToInt8Slice(request.GPPSid)
-	if err != nil {
-		return privacy.Policies{}, gdpr.SignalNo, err
-	}
-
-	gdprSignal, gdprString, err := extractGDPRSignal(request.GDPR, gppSID)
-	if err != nil {
-		return privacy.Policies{}, gdpr.SignalNo, err
-	}
-
-	var gpp gpplib.GppContainer
-	if len(request.GPP) > 0 {
-		var err error
-		gpp, err = gpplib.Parse(request.GPP)
-		if err != nil {
-			return privacy.Policies{}, gdpr.SignalNo, err
-		}
-	}
-
-	gdprConsent := request.GDPRConsent
-	if i := gppPrivacy.IndexOfSID(gpp, gppConstants.SectionTCFEU2); i >= 0 {
-		gdprConsent = gpp.Sections[i].GetValue()
-	}
-
-	if gdprConsent == "" {
-		if gdprSignal == gdpr.SignalYes {
-			return privacy.Policies{}, gdpr.SignalNo, errCookieSyncGDPRConsentMissing
-		}
-
-		if gdprSignal == gdpr.SignalAmbiguous && gdpr.SignalNormalize(gdprSignal, usersyncDefaultGDPRValue) == gdpr.SignalYes {
-			return privacy.Policies{}, gdpr.SignalNo, errCookieSyncGDPRConsentMissingSignalAmbiguous
-		}
-	}
-
-	// CCPA
-	ccpaString, err := ccpa.SelectCCPAConsent(request.USPrivacy, gpp, gppSID)
-	if err != nil {
-		return privacy.Policies{}, gdpr.SignalNo, err
-	}
-
-	return privacy.Policies{
-		GDPR: gdprPrivacy.Policy{
-			Signal:  gdprString,
-			Consent: gdprConsent,
-		},
-		CCPA: ccpa.Policy{
-			Consent: ccpaString,
-		},
-		GPP: gppPrivacy.Policy{
-			Consent: request.GPP,
-			RawSID:  request.GPPSid,
-		},
-	}, gdprSignal, nil
-}
-
-func extractGDPRSignal(requestGDPR *int, gppSID []int8) (gdpr.Signal, string, error) {
-	if len(gppSID) > 0 {
-		if gppPrivacy.IsSIDInList(gppSID, gppConstants.SectionTCFEU2) {
-			return gdpr.SignalYes, strconv.Itoa(int(gdpr.SignalYes)), nil
-		}
-		return gdpr.SignalNo, strconv.Itoa(int(gdpr.SignalNo)), nil
-	}
-
-	if requestGDPR == nil {
-		return gdpr.SignalAmbiguous, "", nil
-	}
-
-	gdprSignal, err := gdpr.IntSignalParse(*requestGDPR)
-	if err != nil {
-		return gdpr.SignalAmbiguous, strconv.Itoa(*requestGDPR), err
-	}
-	return gdprSignal, strconv.Itoa(*requestGDPR), nil
-}
-
 func (c *cookieSyncEndpoint) writeParseRequestErrorMetrics(err error) {
 	switch err {
 	case errCookieSyncAccountBlocked:

diff --git a/endpoints/cookie_sync_test.go b/endpoints/cookie_sync_test.go
@@ -7,7 +7,6 @@ import (
 	"io"
 	"net/http"
 	"net/http/httptest"
-	"strconv"
 	"strings"
 	"testing"
 	"testing/iotest"
@@ -24,7 +23,6 @@ import (
 	gdprPrivacy "github.com/prebid/prebid-server/privacy/gdpr"
 	gppPrivacy "github.com/prebid/prebid-server/privacy/gpp"
 	"github.com/prebid/prebid-server/usersync"
-	"github.com/prebid/prebid-server/util/ptrutil"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
@@ -305,185 +303,6 @@ func TestCookieSyncHandle(t *testing.T) {
 	}
 }
 
-func TestExtractGDPRSignal(t *testing.T) {
-	type testInput struct {
-		requestGDPR *int
-		gppSID      []int8
-	}
-	type testOutput struct {
-		gdprSignal gdpr.Signal
-		gdprString string
-		err        error
-	}
-	testCases := []struct {
-		desc     string
-		in       testInput
-		expected testOutput
-	}{
-		{
-			desc: "SectionTCFEU2 is listed in GPP_SID array, expect SignalYes and nil error",
-			in: testInput{
-				requestGDPR: nil,
-				gppSID:      []int8{2},
-			},
-			expected: testOutput{
-				gdprSignal: gdpr.SignalYes,
-				gdprString: strconv.Itoa(int(gdpr.SignalYes)),
-				err:        nil,
-			},
-		},
-		{
-			desc: "SectionTCFEU2 is not listed in GPP_SID array, expect SignalNo and nil error",
-			in: testInput{
-				requestGDPR: nil,
-				gppSID:      []int8{6},
-			},
-			expected: testOutput{
-				gdprSignal: gdpr.SignalNo,
-				gdprString: strconv.Itoa(int(gdpr.SignalNo)),
-				err:        nil,
-			},
-		},
-		{
-			desc: "Empty GPP_SID array and nil requestGDPR value, expect SignalAmbiguous and nil error",
-			in: testInput{
-				requestGDPR: nil,
-				gppSID:      []int8{},
-			},
-			expected: testOutput{
-				gdprSignal: gdpr.SignalAmbiguous,
-				gdprString: "",
-				err:        nil,
-			},
-		},
-		{
-			desc: "Empty GPP_SID array and non-nil requestGDPR value that could not be successfully parsed, expect SignalAmbiguous and parse error",
-			in: testInput{
-				requestGDPR: ptrutil.ToPtr(2),
-				gppSID:      nil,
-			},
-			expected: testOutput{
-				gdprSignal: gdpr.SignalAmbiguous,
-				gdprString: "2",
-				err:        &errortypes.BadInput{"GDPR signal should be integer 0 or 1"},
-			},
-		},
-		{
-			desc: "Empty GPP_SID array and non-nil requestGDPR value that could be successfully parsed, expect SignalYes and nil error",
-			in: testInput{
-				requestGDPR: ptrutil.ToPtr(1),
-				gppSID:      nil,
-			},
-			expected: testOutput{
-				gdprSignal: gdpr.SignalYes,
-				gdprString: "1",
-				err:        nil,
-			},
-		},
-	}
-	for _, tc := range testCases {
-		// run
-		outSignal, outGdprStr, outErr := extractGDPRSignal(tc.in.requestGDPR, tc.in.gppSID)
-		// assertions
-		assert.Equal(t, tc.expected.gdprSignal, outSignal, tc.desc)
-		assert.Equal(t, tc.expected.gdprString, outGdprStr, tc.desc)
-		assert.Equal(t, tc.expected.err, outErr, tc.desc)
-	}
-}
-
-func TestExtractPrivacyPolicies(t *testing.T) {
-	type testInput struct {
-		request                  cookieSyncRequest
-		usersyncDefaultGDPRValue string
-	}
-	type testOutput struct {
-		policies   privacy.Policies
-		gdprSignal gdpr.Signal
-		err        error
-	}
-	testCases := []struct {
-		desc     string
-		in       testInput
-		expected testOutput
-	}{
-		{
-			desc: "request GPP string is malformed, expect empty policies, signal No and error",
-			in: testInput{
-				request: cookieSyncRequest{GPP: "malformedGPPString"},
-			},
-			expected: testOutput{
-				policies:   privacy.Policies{},
-				gdprSignal: gdpr.SignalNo,
-				err:        errors.New("error parsing GPP header, header must have type=3"),
-			},
-		},
-		{
-			desc: "Malformed GPPSid string",
-			in: testInput{
-				request: cookieSyncRequest{
-					GPP:       "DBACNYA~CPXxRfAPXxRfAAfKABENB-CgAAAAAAAAAAYgAAAAAAAA~1YNN",
-					GPPSid:    "malformed",
-					USPrivacy: "1YYY",
-				},
-			},
-			expected: testOutput{
-				policies:   privacy.Policies{},
-				gdprSignal: gdpr.SignalNo,
-				err:        &strconv.NumError{"ParseInt", "malformed", strconv.ErrSyntax},
-			},
-		},
-		{
-			desc: "request USPrivacy string is different from the one in the GPP string, expect empty policies, signalNo and error",
-			in: testInput{
-				request: cookieSyncRequest{
-					GPP:       "DBACNYA~CPXxRfAPXxRfAAfKABENB-CgAAAAAAAAAAYgAAAAAAAA~1YNN",
-					GPPSid:    "6",
-					USPrivacy: "1YYY",
-				},
-			},
-			expected: testOutput{
-				policies:   privacy.Policies{},
-				gdprSignal: gdpr.SignalNo,
-				err:        errors.New("request.us_privacy consent does not match uspv1"),
-			},
-		},
-		{
-			desc: "no issues extracting privacy policies from request GPP and request GPPSid strings",
-			in: testInput{
-				request: cookieSyncRequest{
-					GPP:    "DBACNYA~CPXxRfAPXxRfAAfKABENB-CgAAAAAAAAAAYgAAAAAAAA~1YNN",
-					GPPSid: "6",
-				},
-			},
-			expected: testOutput{
-				policies: privacy.Policies{
-					GDPR: gdprPrivacy.Policy{
-						Signal:  "0",
-						Consent: "CPXxRfAPXxRfAAfKABENB-CgAAAAAAAAAAYgAAAAAAAA",
-					},
-					CCPA: ccpa.Policy{
-						Consent: "1YNN",
-					},
-					GPP: gppPrivacy.Policy{
-						Consent: "DBACNYA~CPXxRfAPXxRfAAfKABENB-CgAAAAAAAAAAYgAAAAAAAA~1YNN",
-						RawSID:  "6",
-					},
-				},
-				gdprSignal: gdpr.SignalNo,
-				err:        nil,
-			},
-		},
-	}
-	for _, tc := range testCases {
-		// run
-		outPolicies, outSignal, outErr := extractPrivacyPolicies(tc.in.request, tc.in.usersyncDefaultGDPRValue)
-		// assertions
-		assert.Equal(t, tc.expected.policies, outPolicies, tc.desc)
-		assert.Equal(t, tc.expected.gdprSignal, outSignal, tc.desc)
-		assert.Equal(t, tc.expected.err, outErr, tc.desc)
-	}
-}
-
 func TestCookieSyncParseRequest(t *testing.T) {
 	expectedCCPAParsedPolicy, _ := ccpa.Policy{Consent: "1NYN"}.Parse(map[string]struct{}{})
 
@@ -499,13 +318,13 @@ func TestCookieSyncParseRequest(t *testing.T) {
 		expectedRequest      usersync.Request
 	}{
 		{
-			description: "Complete Request - includes GPP string with EU TCF V2",
+			description: "Complete Request",
 			givenBody: strings.NewReader(`{` +
 				`"bidders":["a", "b"],` +
 				`"gdpr":1,` +
 				`"gdpr_consent":"anyGDPRConsent",` +
 				`"us_privacy":"1NYN",` +
-				`"gpp":"DBABMA~CPXxRfAPXxRfAAfKABENB-CgAAAAAAAAAAYgAAAAAAAA",` +
+				`"gpp":"anyGPPString",` +
 				`"gpp_sid":"2",` +
 				`"limit":42,` +
 				`"coopSync":true,` +
@@ -522,13 +341,13 @@ func TestCookieSyncParseRequest(t *testing.T) {
 			expectedPrivacy: privacy.Policies{
 				GDPR: gdprPrivacy.Policy{
 					Signal:  "1",
-					Consent: "CPXxRfAPXxRfAAfKABENB-CgAAAAAAAAAAYgAAAAAAAA",
+					Consent: "anyGDPRConsent",
 				},
 				CCPA: ccpa.Policy{
 					Consent: "1NYN",
 				},
 				GPP: gppPrivacy.Policy{
-					Consent: "DBABMA~CPXxRfAPXxRfAAfKABENB-CgAAAAAAAAAAYgAAAAAAAA",
+					Consent: "anyGPPString",
 					RawSID:  "2",
 				},
 			},