Bubble up GDPR signal/consent errors while applying privacy policies (p…

…rebid#1651)
flux-dev-team · Jan 20, 2021 · e2c9289 · e2c9289
1 parent 50b49a0
commit e2c9289
Show file tree

Hide file tree

Showing 4 changed files with 52 additions and 14 deletions.
diff --git a/exchange/gdpr.go b/exchange/gdpr.go
@@ -8,24 +8,22 @@ import (
 )
 
 // ExtractGDPR will pull the gdpr flag from an openrtb request
-func extractGDPR(bidRequest *openrtb.BidRequest) gdpr.Signal {
+func extractGDPR(bidRequest *openrtb.BidRequest) (gdpr.Signal, error) {
 	var re regsExt
 	var err error
-	if bidRequest.Regs != nil {
+	if bidRequest.Regs != nil && bidRequest.Regs.Ext != nil {
 		err = json.Unmarshal(bidRequest.Regs.Ext, &re)
 	}
 	if re.GDPR == nil || err != nil {
-		return gdpr.SignalAmbiguous
-	} else {
-		return gdpr.Signal(*re.GDPR)
+		return gdpr.SignalAmbiguous, err
 	}
+	return gdpr.Signal(*re.GDPR), nil
 }
 
 // ExtractConsent will pull the consent string from an openrtb request
-func extractConsent(bidRequest *openrtb.BidRequest) (consent string) {
+func extractConsent(bidRequest *openrtb.BidRequest) (consent string, err error) {
 	var ue userExt
-	var err error
-	if bidRequest.User != nil {
+	if bidRequest.User != nil && bidRequest.User.Ext != nil {
 		err = json.Unmarshal(bidRequest.User.Ext, &ue)
 	}
 	if err != nil {

diff --git a/exchange/gdpr_test.go b/exchange/gdpr_test.go
@@ -14,6 +14,7 @@ func TestExtractGDPR(t *testing.T) {
 		description string
 		giveRegs    *openrtb.Regs
 		wantGDPR    gdpr.Signal
+		wantError   bool
 	}{
 		{
 			description: "Regs Ext GDPR = 0",
@@ -44,6 +45,7 @@ func TestExtractGDPR(t *testing.T) {
 			description: "JSON unmarshal error",
 			giveRegs:    &openrtb.Regs{Ext: json.RawMessage(`{"`)},
 			wantGDPR:    gdpr.SignalAmbiguous,
+			wantError:   true,
 		},
 	}
 
@@ -52,8 +54,14 @@ func TestExtractGDPR(t *testing.T) {
 			Regs: tt.giveRegs,
 		}
 
-		result := extractGDPR(&bidReq)
+		result, err := extractGDPR(&bidReq)
 		assert.Equal(t, tt.wantGDPR, result, tt.description)
+
+		if tt.wantError {
+			assert.NotNil(t, err, tt.description)
+		} else {
+			assert.Nil(t, err, tt.description)
+		}
 	}
 }
 
@@ -62,6 +70,7 @@ func TestExtractConsent(t *testing.T) {
 		description string
 		giveUser    *openrtb.User
 		wantConsent string
+		wantError   bool
 	}{
 		{
 			description: "User Ext Consent is not empty",
@@ -87,6 +96,7 @@ func TestExtractConsent(t *testing.T) {
 			description: "JSON unmarshal error",
 			giveUser:    &openrtb.User{Ext: json.RawMessage(`{`)},
 			wantConsent: "",
+			wantError:   true,
 		},
 	}
 
@@ -95,7 +105,13 @@ func TestExtractConsent(t *testing.T) {
 			User: tt.giveUser,
 		}
 
-		result := extractConsent(&bidReq)
+		result, err := extractConsent(&bidReq)
 		assert.Equal(t, tt.wantConsent, result, tt.description)
+
+		if tt.wantError {
+			assert.NotNil(t, err, tt.description)
+		} else {
+			assert.Nil(t, err, tt.description)
+		}
 	}
 }
diff --git a/exchange/utils.go b/exchange/utils.go
@@ -75,14 +75,19 @@ func cleanOpenRTBRequests(ctx context.Context,
 		return
 	}
 
-	gdprSignal := extractGDPR(req.BidRequest)
-	consent := extractConsent(req.BidRequest)
+	gdprSignal, err := extractGDPR(req.BidRequest)
+	if err != nil {
+		errs = append(errs, err)
+	}
+	consent, err := extractConsent(req.BidRequest)
+	if err != nil {
+		errs = append(errs, err)
+	}
 	gdprEnforced := gdprSignal == gdpr.SignalYes || (gdprSignal == gdpr.SignalAmbiguous && !usersyncIfAmbiguous)
 
 	ccpaEnforcer, err := extractCCPA(req.BidRequest, privacyConfig, &req.Account, aliases, integrationTypeMap[req.LegacyLabels.RType])
 	if err != nil {
 		errs = append(errs, err)
-		return
 	}
 
 	lmtEnforcer := extractLMT(req.BidRequest, privacyConfig)

diff --git a/exchange/utils_test.go b/exchange/utils_test.go
@@ -1060,6 +1060,7 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) {
 		permissionsError    error
 		userSyncIfAmbiguous bool
 		expectPrivacyLabels metrics.PrivacyLabels
+		expectError         bool
 	}{
 		{
 			description:        "Enforce - TCF Invalid",
@@ -1109,6 +1110,19 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) {
 				GDPRTCFVersion: "",
 			},
 		},
+		{
+			description:        "Enforce - TCF 1; GDPR signal extraction error",
+			gdprAccountEnabled: &trueValue,
+			gdprHostEnabled:    true,
+			gdpr:               "0{",
+			gdprConsent:        "BONV8oqONXwgmADACHENAO7pqzAAppY",
+			gdprScrub:          true,
+			expectPrivacyLabels: metrics.PrivacyLabels{
+				GDPREnforced:   true,
+				GDPRTCFVersion: metrics.TCFVersionV1,
+			},
+			expectError: true,
+		},
 		{
 			description:        "Enforce - TCF 1; account GDPR enabled, host GDPR setting disregarded",
 			gdprAccountEnabled: &trueValue,
@@ -1236,7 +1250,12 @@ func TestCleanOpenRTBRequestsGDPR(t *testing.T) {
 			privacyConfig)
 		result := results[0]
 
-		assert.Nil(t, errs)
+		if test.expectError {
+			assert.NotNil(t, errs)
+		} else {
+			assert.Nil(t, errs)
+		}
+
 		if test.gdprScrub {
 			assert.Equal(t, result.BidRequest.User.BuyerUID, "", test.description+":User.BuyerUID")
 			assert.Equal(t, result.BidRequest.Device.DIDMD5, "", test.description+":Device.DIDMD5")