Some verified publishers no longer remove green tick at sublevels - Fixes issue #10484

[jasonrsadler]

Fixes #10484

Submitter Checklist:

• Submitted a ticket for my issue if one did not already exist.
• Used Github auto-closing keywords in the commit message.
• Added/updated tests for this change (for new code or code which already has tests).
• Ran git rebase -i to squash commits (if needed).
• Tagged reviewers and labelled the pull request as needed.
• Request a security/privacy review as needed. (Ask a Brave employee to help if you cannot access this document.)

Test Plan:

Reviewer Checklist:

• Request a security/privacy review as needed if one was not already requested.

Tests

• Adequate test coverage exists to prevent regressions
• Tests should be independent and work correctly when run individually or as a suite ref
• New files have MPL2 license header

I could only get this to repro on the brianbondy site. All other verified pubs didn't have this problem.

Regardless the addition allows the brianbondy sub levels to show green tick

Review Requested @bsclifton
Security Review Requested @diracdeltas

[codecov-io]

Codecov Report

Merging #13675 into master will decrease coverage by <.01%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master   #13675      +/-   ##
==========================================
- Coverage   56.45%   56.44%   -0.01%     
==========================================
  Files         283      283              
  Lines       28967    28982      +15     
  Branches     4803     4807       +4     
==========================================
+ Hits        16353    16360       +7     
- Misses      12614    12622       +8

Flag	Coverage Δ
#unittest	56.44% <100%> (-0.01%)	⬇️

Impacted Files	Coverage Δ
app/common/state/ledgerState.js	85.53% <100%> (+0.8%)	⬆️
.../renderer/components/navigation/publisherToggle.js	88.4% <100%> (ø)	⬆️
js/stores/appStoreRenderer.js	91.66% <0%> (-8.34%)	⬇️
app/renderer/components/reduxComponent.js	57.75% <0%> (-3.45%)	⬇️
js/stores/windowStore.js	28.46% <0%> (-0.3%)	⬇️

[jasonrsadler]

Recommend leaving this until after #12272

[NejcZdovc]

@jasonrsadler can you please add test for this one?

[jasonrsadler]

@NejcZdovc I've never been able to get the tests to run successfully. Can you tell me what I'm doing wrong. This is on a win10 box. I do npm run watch-test and then npm run test -- --grep="verified". Here's the test:

edited for brevity. webdriver tests not required

[NejcZdovc]

@jasonrsadler I was thinking about unit test for function getLocationProp. You can run unit test with npm run unittest. We don't need webdriver test for this one

[jasonrsadler]

Thanks for clarifying.

[jasonrsadler]

@NejcZdovc, can you tell me what I'm doing wrong?:

it('verified publisher', function () {
      const url = 'https://www.duckduckgo.com'
      const prop = 'publisher'
      const state = defaultState.setIn(['ledger', 'locations', url, prop], 'duckduckgo.com')
      const result = ledgerState.getLocationProp(state, url, prop)
      assert.equal(result, 'duckduckgo.com')
    })

result is always coming back undefined

[NejcZdovc]

@jasonrsadler you are getting undefined, because url.substring(0, url.indexOf('/', 8) + 1) is returning empty string and because of that getIn is not returning anything. If I understand code correctly what you want to achieve is to change long url to domain only url. Is that correct?

[jasonrsadler]

smacks forehead
Thanks

[jasonrsadler]

@NejcZdovc, would you let me know if this provides adequate coverage? Codecov doesn't seem to be running.

Thanks.

[NejcZdovc]

@jasonrsadler can you please add tests for shortenUrlToDomainTLD function as well? Thank you

[jasonrsadler]

@NejcZdovc, How is this?

[NejcZdovc]

please replace this with const

[NejcZdovc]

@jasonrsadler really good tests, great job

[NejcZdovc]

url !== null let's change this to url != null. This way we are checking null and undefined

[NejcZdovc]

@jasonrsadler please squash commits and then we are good to go with the code

[jasonrsadler]

@NejcZdovc Done. Thanks for the assist and let me know if everything else looks good.

[NejcZdovc]

++ thank you for good test coverage

[NejcZdovc]

@jasonrsadler this test should fail. We should not apply / at the end if / was not there from the gecko

[NejcZdovc]

other unit tests are failing because of that

[jasonrsadler]

Agree. But something else is appending the trailing '/' at the end of the url during normal browsing.
Example: using latest release type in brianbondy.com and press enter. The trailing '/' gets appended at the end.

As for the tests, will fix.

Let me know what your opinion is regarding the current navigation behavior.

[diracdeltas]

can you just use getBaseDomain from js/lib/baseDomain.js ?

[diracdeltas]

nvm, i guess what you want here is the full URL without the path?

this seems like it would fail on URLs that don't include slashes in the protocol, like mailto:

you could do parsed = urlParse(url); return parsed.path ? parsed.split(parsed.path)[0] : url or something like that

[diracdeltas]

^ though i guess that doesn't work with URLs that don't have a protocol

since publishers only works on http or https sites, you could fix by

if (!url.startsWith('http://') && !url.startsWith('https://')) { url = `https://${url}` }

[jasonrsadler]

@diracdeltas That works well. Thanks!

[jasonrsadler]

@diracdeltas I'm going to go with a combo and also to make sure another protocol isn't passed in.
if (!url.startsWith('http://') && !url.startsWith('https://') && !url.includes('://')) { url = `https://${url}` }

[jasonrsadler]

The STR I had I could only reproduce on brianbondy.com. That site seems to be down ATM. Need other sites with this issue to validate.

[diracdeltas]

not sure I understand this if condition. the part after the first && returns a truthy value, but it doesn't set the URL

[diracdeltas]

i think you mean:

if (url != null) {
  url = (!url.startsWith('http://') && !url.startsWith('https://')) ? `https://${url}` : url
  return url.substring(0, url.indexOf('/', url.indexOf('://') + 3))
}

[jasonrsadler]

Yes thank you.

[diracdeltas]

tests below should be uncommented?

[jasonrsadler]

Which I guess is why the function passed.

Thanks for catching.

[diracdeltas]

minor: it would be good to have a test case for a URL without a protocol, ex: brianbondy.com

[jasonrsadler]

This got me thinking: From everything I've seen in this so far. URLs already have the protocol resolved before they get to this point. @diracdeltas or @NejcZdovc, do you know of any exceptions where URLs don't have a protocol already before getting to the publisherToggle renderer? If not, then I might have been overthinking shortenUrlToDomainTLD logic

[diracdeltas]

@jasonrsadler I don't know of any examples but I also am not familiar with this code path at all

[NejcZdovc]

not that I am aware

[diracdeltas]

security review passes. i did not do a functional test because my ledger client seems to be broken locally

[NejcZdovc]

let's remove prop, because we changed this to specific publisher function, so it's not needed anymore

[jasonrsadler]

Done

[NejcZdovc]

I think this one can be problematic, perf wise. getVerifiedPublisherLocationProp is called from mergeProps, which is called a lot of times. ['ledger', 'locations'] can be a really big list which we convert from immutable to regular (expensive) and then filter that potential big list.

I didn't run the code yet, but can't we just do state.getIn(['ledger', 'locations', url, prop]) where url is created on line 76?

[jasonrsadler]

The problem I was running into is that sometimes the url is formatted inconsistently. Sometimes, there's a '/' at the end, sometimes it's left off which makes it difficult to get an exact match on the key.

I agree ['ledger', 'locations'] will get too big to pass back and forth. I'll need to rethink this.

[NejcZdovc]

if you need someone to brainstorm with just let me know

[NejcZdovc]

looks good to me. The only thing that we need to improve is that filter step

[diracdeltas]

IIRC this will always be truthy because urlParse returns {} for non-valid URLs

[NejcZdovc]

we can do const parsedUrl = urlParse(url) || {} just to be safe and then we can remove that if check

[diracdeltas]

parsedUrl.hostname may be null

also this would turn somesitewww.com into somesite.com. i think you want to either omit the replace or use a regex (/^www\./)

[diracdeltas]

lgtm security-wise

Changes were made

[ryanml]

I don't think it's related to this PR, but I am no longer seeing a checkmark for verified publishers.

Looks like a publisher verification issue:

Error verifying publisher brianbondy.com: Error: HTTP response 429 for GET /v3/publisher/identity?publisher=brianbondy.com

[NejcZdovc]

getVerifiedPublisherLocationProp -> getVerifiedPublisherLocation

Let's rename it, because we don't have prop anymore

[jasonrsadler]

Done

[NejcZdovc]

Please remove this empty line

[jasonrsadler]

Done

[NejcZdovc]

++ code and tests are looking good

[NejcZdovc]

master fcf1667
0.23 7ca75e8
0.22 e1113e3