prebid · rpanchyk · Jan 13, 2022 · Dec 22, 2021 · Dec 31, 2021
diff --git a/src/test/groovy/org/prebid/server/functional/model/request/amp/AmpRequest.groovy b/src/test/groovy/org/prebid/server/functional/model/request/amp/AmpRequest.groovy
@@ -21,9 +21,10 @@ class AmpRequest {
     String slot
     String curl
     Integer account
-    ConsentString gdprConsent
+    String gdprConsent
+    String consentString
     String targeting
-    Integer consentType
+    ConsentType consentType
     Boolean gdprApplies
     String addtlConsent
 

diff --git a/src/test/groovy/org/prebid/server/functional/model/request/amp/ConsentType.groovy b/src/test/groovy/org/prebid/server/functional/model/request/amp/ConsentType.groovy
@@ -0,0 +1,23 @@
+package org.prebid.server.functional.model.request.amp
+
+import com.fasterxml.jackson.annotation.JsonValue
+
+enum ConsentType {
+
+    TCF_1("1"),
+    TCF_2("2"),
+    US_PRIVACY("3"),
+    BOGUS("4")
+
+    @JsonValue
+    final String value
+
+    ConsentType(String value) {
+        this.value = value
+    }
+
+    @Override
+    String toString() {
+        value
+    }
+}
diff --git a/src/test/groovy/org/prebid/server/functional/tests/privacy/CcpaSpec.groovy b/src/test/groovy/org/prebid/server/functional/tests/privacy/CcpaSpec.groovy
@@ -6,12 +6,17 @@ import org.prebid.server.functional.model.config.AccountConfig
 import org.prebid.server.functional.model.config.AccountPrivacyConfig
 import org.prebid.server.functional.model.db.Account
 import org.prebid.server.functional.model.db.StoredRequest
+import org.prebid.server.functional.model.request.auction.BidRequest
+import org.prebid.server.functional.model.response.auction.ErrorType
 import org.prebid.server.functional.testcontainers.PBSTest
 import org.prebid.server.functional.util.privacy.BogusConsent
 import org.prebid.server.functional.util.privacy.CcpaConsent
+import org.prebid.server.functional.util.privacy.TcfConsent
 import spock.lang.PendingFeature
 
+import static org.prebid.server.functional.model.request.amp.ConsentType.BOGUS
 import static org.prebid.server.functional.util.privacy.CcpaConsent.Signal.ENFORCED
+import static org.prebid.server.functional.util.privacy.TcfConsent.PurposeId.BASIC_ADS
 
 @PBSTest
 class CcpaSpec extends PrivacyBaseSpec {
@@ -177,10 +182,7 @@ class CcpaSpec extends PrivacyBaseSpec {
         when: "PBS processes amp request"
         def response = defaultPbsService.sendAmpRequest(ampRequest)
 
-        then: "Response should not contain error"
-        assert !response.ext?.errors
-
-        and: "Response should contain debug log with error"
+        then: "Response should contain debug log with error"
         assert response.ext?.debug?.privacy
         def privacy = response.ext?.debug?.privacy
 
@@ -194,4 +196,77 @@ class CcpaSpec extends PrivacyBaseSpec {
                     ["Amp request parameter consent_string or gdpr_consent have invalid format: $invalidCcpa" as String]
         }
     }
+
+    def "PBS should emit error for amp request when consent_string contains invalid ccpa consent"() {
+        given: "Default AmpRequest with invalid ccpa consent"
+        def ampRequest = getCcpaAmpRequest(invalidCcpa)
+        def ampStoredRequest = BidRequest.defaultBidRequest.tap {
+            site.publisher.id = ampRequest.account
+        }
+
+        and: "Save storedRequest into DB"
+        def storedRequest = StoredRequest.getDbStoredRequest(ampRequest, ampStoredRequest)
+        storedRequestDao.save(storedRequest)
+
+        when: "PBS processes amp request"
+        def response = defaultPbsService.sendAmpRequest(ampRequest)
+
+        then: "Response should contain error"
+        assert response.ext?.errors[ErrorType.PREBID]*.code == [999]
+        assert response.ext?.errors[ErrorType.PREBID]*.message ==
+                ["Amp request parameter consent_string has invalid format for consent " +
+                         "type usPrivacy: $invalidCcpa" as String]
+
+        where:
+        invalidCcpa << [new BogusConsent(), new TcfConsent.Builder()
+                .setPurposesLITransparency(BASIC_ADS)
+                .build()]
+    }
+
+    def "PBS should emit error for amp request with gdprConsent when consent_type is invalid"() {
+        given: "Default AmpRequest with invalid ccpa type"
+        def validCcpa = new CcpaConsent(explicitNotice: ENFORCED, optOutSale: ENFORCED)
+        def ampRequest = getCcpaAmpRequest(validCcpa).tap {
+            consentType = BOGUS
+        }
+        def ampStoredRequest = BidRequest.defaultBidRequest.tap {
+            site.publisher.id = ampRequest.account
+        }
+
+        and: "Save storedRequest into DB"
+        def storedRequest = StoredRequest.getDbStoredRequest(ampRequest, ampStoredRequest)
+        storedRequestDao.save(storedRequest)
+
+        when: "PBS processes amp request"
+        def response = defaultPbsService.sendAmpRequest(ampRequest)
+
+        then: "Response should contain error"
+        assert response.ext?.errors[ErrorType.PREBID]*.code == [999]
+        assert response.ext?.errors[ErrorType.PREBID]*.message == ["Invalid consent_type param passed"]
+    }
+
+    def "PBS should emit error for amp request when set not appropriate tcf consent"() {
+        given: "Default AmpRequest with gdpr_consent"
+        def tcfConsent = new TcfConsent.Builder()
+                .setPurposesLITransparency(BASIC_ADS)
+                .build()
+        def ampRequest = getCcpaAmpRequest(null).tap {
+            gdprConsent = tcfConsent
+        }
+        def ampStoredRequest = BidRequest.defaultBidRequest.tap {
+            site.publisher.id = ampRequest.account
+        }
+
+        and: "Save storedRequest into DB"
+        def storedRequest = StoredRequest.getDbStoredRequest(ampRequest, ampStoredRequest)
+        storedRequestDao.save(storedRequest)
+
+        when: "PBS processes amp request"
+        def response = defaultPbsService.sendAmpRequest(ampRequest)
+
+        then: "Response should contain error"
+        assert response.ext?.errors[ErrorType.PREBID]*.code == [999]
+        assert response.ext?.errors[ErrorType.PREBID]*.message ==
+                ["Amp request parameter gdpr_consent has invalid format for consent type usPrivacy: $tcfConsent" as String]
+    }
 }
diff --git a/src/test/groovy/org/prebid/server/functional/tests/privacy/GdprSpec.groovy b/src/test/groovy/org/prebid/server/functional/tests/privacy/GdprSpec.groovy
@@ -2,11 +2,17 @@ package org.prebid.server.functional.tests.privacy
 
 import org.prebid.server.functional.model.bidder.BidderName
 import org.prebid.server.functional.model.db.StoredRequest
+import org.prebid.server.functional.model.request.auction.BidRequest
+import org.prebid.server.functional.model.response.auction.ErrorType
 import org.prebid.server.functional.testcontainers.PBSTest
 import org.prebid.server.functional.util.privacy.BogusConsent
+import org.prebid.server.functional.util.privacy.CcpaConsent
 import org.prebid.server.functional.util.privacy.TcfConsent
 import spock.lang.PendingFeature
 
+import static org.prebid.server.functional.model.request.amp.ConsentType.BOGUS
+import static org.prebid.server.functional.model.request.amp.ConsentType.TCF_1
+import static org.prebid.server.functional.util.privacy.CcpaConsent.Signal.ENFORCED
 import static org.prebid.server.functional.util.privacy.TcfConsent.PurposeId.BASIC_ADS
 
 @PBSTest
@@ -141,10 +147,7 @@ class GdprSpec extends PrivacyBaseSpec {
         when: "PBS processes amp request"
         def response = defaultPbsService.sendAmpRequest(ampRequest)
 
-        then: "Response should not contain ext.errors"
-        assert !response.ext?.errors
-
-        and: "Response should contain debug log with error"
+        then: "Response should contain debug log with error"
         assert response.ext?.debug?.privacy
         def privacy = response.ext?.debug?.privacy
 
@@ -164,4 +167,98 @@ class GdprSpec extends PrivacyBaseSpec {
                                        " $invalidConsentString" as String]
         }
     }
+
+    def "PBS should emit error for amp request when gdpr_consent is invalid"() {
+        given: "Default AmpRequest with invalid gdpr_consent"
+        def ampRequest = getGdprAmpRequest(invalidTcfConsent)
+        def ampStoredRequest = BidRequest.defaultBidRequest.tap {
+            site.publisher.id = ampRequest.account
+        }
+
+        and: "Save storedRequest into DB"
+        def storedRequest = StoredRequest.getDbStoredRequest(ampRequest, ampStoredRequest)
+        storedRequestDao.save(storedRequest)
+
+        when: "PBS processes amp request"
+        def response = defaultPbsService.sendAmpRequest(ampRequest)
+
+        then: "Response should contain error"
+        assert response.ext?.errors[ErrorType.PREBID]*.code == [999]
+        assert response.ext?.errors[ErrorType.PREBID]*.message ==
+                ["Amp request parameter gdpr_consent has invalid format for consent type tcfV2: $invalidTcfConsent" as String]
+
+        where:
+        invalidTcfConsent << [new BogusConsent(), new CcpaConsent(explicitNotice: ENFORCED, optOutSale: ENFORCED)]
+    }
+
+    def "PBS should emit error for amp request when consent_type is tcf1"() {
+        given: "Default AmpRequest with consent_type = tcf1"
+        def consentString = new TcfConsent.Builder()
+                .setPurposesLITransparency(BASIC_ADS)
+                .build()
+        def ampRequest = getGdprAmpRequest(consentString).tap {
+            consentType = TCF_1
+        }
+        def ampStoredRequest = BidRequest.defaultBidRequest.tap {
+            site.publisher.id = ampRequest.account
+        }
+
+        and: "Save storedRequest into DB"
+        def storedRequest = StoredRequest.getDbStoredRequest(ampRequest, ampStoredRequest)
+        storedRequestDao.save(storedRequest)
+
+        when: "PBS processes amp request"
+        def response = defaultPbsService.sendAmpRequest(ampRequest)
+
+        then: "Response should contain error"
+        assert response.ext?.errors[ErrorType.PREBID]*.code == [999]
+        assert response.ext?.errors[ErrorType.PREBID]*.message == ["Consent type tcfV1 is no longer supported"]
+    }
+
+    def "PBS should emit error for amp request with consentString when consent_type is bogus"() {
+        given: "Default AmpRequest with invalid consent_type"
+        def consentString = new TcfConsent.Builder()
+                .setPurposesLITransparency(BASIC_ADS)
+                .build()
+        def ampRequest = getGdprAmpRequest(consentString).tap {
+            consentType = BOGUS
+        }
+        def ampStoredRequest = BidRequest.defaultBidRequest.tap {
+            site.publisher.id = ampRequest.account
+        }
+
+        and: "Save storedRequest into DB"
+        def storedRequest = StoredRequest.getDbStoredRequest(ampRequest, ampStoredRequest)
+        storedRequestDao.save(storedRequest)
+
+        when: "PBS processes amp request"
+        def response = defaultPbsService.sendAmpRequest(ampRequest)
+
+        then: "Response should contain error"
+        assert response.ext?.errors[ErrorType.PREBID]*.code == [999]
+        assert response.ext?.errors[ErrorType.PREBID]*.message == ["Invalid consent_type param passed"]
+    }
+
+    def "PBS should emit error for amp request when set not appropriate ccpa consent"() {
+        given: "Default AmpRequest"
+        def ccpaConsent = new CcpaConsent(explicitNotice: ENFORCED, optOutSale: ENFORCED)
+        def ampRequest = getGdprAmpRequest(null).tap {
+            consentString = ccpaConsent
+        }
+        def ampStoredRequest = BidRequest.defaultBidRequest.tap {
+            site.publisher.id = ampRequest.account
+        }
+
+        and: "Save storedRequest into DB"
+        def storedRequest = StoredRequest.getDbStoredRequest(ampRequest, ampStoredRequest)
+        storedRequestDao.save(storedRequest)
+
+        when: "PBS processes amp request"
+        def response = defaultPbsService.sendAmpRequest(ampRequest)
+
+        then: "Response should contain error"
+        assert response.ext?.errors[ErrorType.PREBID]*.code == [999]
+        assert response.ext?.errors[ErrorType.PREBID]*.message ==
+                ["Amp request parameter consent_string has invalid format for consent type tcfV2: $ccpaConsent" as String]
+    }
 }
diff --git a/src/test/groovy/org/prebid/server/functional/tests/privacy/PrivacyBaseSpec.groovy b/src/test/groovy/org/prebid/server/functional/tests/privacy/PrivacyBaseSpec.groovy
@@ -12,6 +12,9 @@ import org.prebid.server.functional.tests.BaseSpec
 import org.prebid.server.functional.util.PBSUtils
 import org.prebid.server.functional.util.privacy.ConsentString
 
+import static org.prebid.server.functional.model.request.amp.ConsentType.TCF_2
+import static org.prebid.server.functional.model.request.amp.ConsentType.US_PRIVACY
+
 @PBSTest
 abstract class PrivacyBaseSpec extends BaseSpec {
 
@@ -29,10 +32,10 @@ abstract class PrivacyBaseSpec extends BaseSpec {
         }
     }
 
-    protected static AmpRequest getCcpaAmpRequest(ConsentString consentString) {
+    protected static AmpRequest getCcpaAmpRequest(ConsentString consentStringVal) {
         AmpRequest.defaultAmpRequest.tap {
-            gdprConsent = consentString
-            consentType = 3
+            consentString = consentStringVal
+            consentType = US_PRIVACY
         }
     }
 
@@ -46,7 +49,7 @@ abstract class PrivacyBaseSpec extends BaseSpec {
     protected static AmpRequest getGdprAmpRequest(ConsentString consentString) {
         AmpRequest.defaultAmpRequest.tap {
             gdprConsent = consentString
-            consentType = 2
+            consentType = TCF_2
             gdprApplies = true
         }
     }