Merge pull request #143 from digi-trust/master

Third party vendor/publisher consent

Author: SupahNickie

.eslintrc

@@ -55,7 +55,7 @@
     "indent": [2, "tab", {"SwitchCase": 1}],
     "no-mixed-spaces-and-tabs": [2, "smart-tabs"],
     "no-trailing-spaces": [2, { "skipBlankLines": true }],
-    "max-nested-callbacks": [1, 3],
+    "max-nested-callbacks": 0,
     "no-eval": 2,
     "no-implied-eval": 2,
     "no-new-func": 2,

src/components/popup/details/purposes/purposes.jsx

@@ -108,10 +108,10 @@ export default class Purposes extends Component {
 		const allPurposes = [...purposes, ...customPurposes];
 		const selectedPurpose = allPurposes[selectedPurposeIndex];
 		const selectedPurposeId = selectedPurpose && selectedPurpose.id;
-		const purposeIsActive = selectedPurposeIndex < purposes.length ?
+		const currentPurposeLocalizePrefix = `${selectedPurposeIndex >= purposes.length ? 'customPurpose' : 'purpose'}${selectedPurposeId}`;
+		let purposeIsActive = selectedPurposeIndex < purposes.length ?
 			selectedPurposeIds.has(selectedPurposeId) :
 			selectedCustomPurposeIds.has(selectedPurposeId);
-		const currentPurposeLocalizePrefix = `${selectedPurposeIndex >= purposes.length ? 'customPurpose' : 'purpose'}${selectedPurposeId}`;
 
 		return (
 			<div class={style.container} >

src/docs/assets/portal.js

@@ -8,7 +8,8 @@ const parts = host.split('.');
 const GLOBAL_VENDOR_LIST_DOMAIN = 'https://vendorlist.consensu.org/vendorlist.json';
 const COOKIE_DOMAIN = parts.length > 1 ? `;domain=.${parts.slice(-2).join('.')}` : '';
 const COOKIE_MAX_AGE = 33696000;
-const COOKIE_NAME = 'euconsent';
+const VENDOR_COOKIE_NAME = 'euconsent';
+const PUBLISHER_COOKIE_NAME = 'pubconsent';
 
 const readVendorListPromise = fetch(config.globalVendorListLocation)
 	.then(res => res.json())
@@ -43,11 +44,19 @@ const commands = {
 	readVendorList: () => readVendorListPromise,
 
 	readVendorConsent: () => {
-		return readCookie(COOKIE_NAME);
+		return readCookie(VENDOR_COOKIE_NAME);
 	},
 
-	writeVendorConsent: ({encodedValue }) => {
-		return writeCookie({name: COOKIE_NAME, value: encodedValue});
+	writeVendorConsent: ({encodedValue}) => {
+		return writeCookie({name: VENDOR_COOKIE_NAME, value: encodedValue});
+	},
+
+	readPublisherConsent: () => {
+		return readCookie(PUBLISHER_COOKIE_NAME);
+	},
+
+	writePublisherConsent: ({encodedValue}) => {
+		return writeCookie({name: PUBLISHER_COOKIE_NAME, value: encodedValue});
 	}
 };
 

src/docs/assets/purposes.json

@@ -2,22 +2,22 @@
   "version": 1,
   "purposes": [
 	{
-	  "id": 1,
+	  "id": 25,
 	  "name": "Custom Purpose 1",
 	  "description": "Here's a description of the first purpose"
 	},
 	{
-	  "id": 2,
+	  "id": 26,
 	  "name": "Custom Purpose 2",
 	  "description": "Here's a description of the second purpose"
 	},
 	{
-	  "id": 3,
+	  "id": 27,
 	  "name": "Custom Purpose 3",
 	  "description": "Here's a description of the third purpose"
 	},
 	{
-	  "id": 4,
+	  "id": 28,
 	  "name": "Custom Purpose 4",
 	  "description": "Here's a description of the fourth purpose"
 	}

src/lib/cmp.test.js

@@ -89,7 +89,7 @@ describe('cmp', () => {
 
 		it('getPublisherConsents executes', (done) => {
 			cmp.processCommand('getPublisherConsents', null, data => {
-				expect(Object.keys(data.standardPurposes).length).to.equal(vendorList.purposes.length);
+				expect(Object.keys(data.standardPurposes).length).to.equal(24); // Per the spec, future purposes may be added, up to 24 total
 				expect(Object.keys(data.customPurposes).length).to.equal(customPurposeList.purposes.length);
 				done();
 			});

src/lib/config.js

@@ -1,11 +1,13 @@
 import log from './log';
 const metadata = require('../../metadata.json');
 const defaultConfig = {
+	storePublisherData: true,
 	customPurposeListLocation: null,
+	storeConsentGlobally: true,
+	storePublisherConsentGlobally: false,
 	globalVendorListLocation: metadata.globalVendorListLocation,
 	globalConsentLocation: metadata.globalConsentLocation,
-	storeConsentGlobally: true,
-	storePublisherData: true,
+	globalPublisherConsentLocation: null,
 	logging: false,
 	localization: {},
 	forceLocale: null,

src/lib/cookie/cookie.js

@@ -19,6 +19,8 @@ const PUBLISHER_CONSENT_COOKIE_MAX_AGE = 33696000;
 const VENDOR_CONSENT_COOKIE_NAME = 'euconsent';
 const VENDOR_CONSENT_COOKIE_MAX_AGE = 33696000;
 
+const MAX_STANDARD_PURPOSE_ID = 24;
+const START_CUSTOM_PURPOSE_ID = 25;
 
 function encodeVendorIdsToBits(maxVendorId, selectedVendorIds = new Set()) {
 	let vendorString = '';
@@ -29,20 +31,28 @@ function encodeVendorIdsToBits(maxVendorId, selectedVendorIds = new Set()) {
 }
 
 function encodePurposeIdsToBits(purposes, selectedPurposeIds = new Set()) {
+	let purposeString = '';
+	for (let id = 1; id <= MAX_STANDARD_PURPOSE_ID; id++) {
+		purposeString += (selectedPurposeIds.has(id) ? '1' : '0');
+	}
+	return purposeString;
+}
+
+function encodeCustomPurposeIdsToBits(purposes, selectedPurposeIds = new Set()) {
 	const maxPurposeId = Math.max(0,
 		...purposes.map(({id}) => id),
 		...Array.from(selectedPurposeIds));
 	let purposeString = '';
-	for (let id = 1; id <= maxPurposeId; id++) {
+	for (let id = START_CUSTOM_PURPOSE_ID; id <= maxPurposeId; id++) {
 		purposeString += (selectedPurposeIds.has(id) ? '1' : '0');
 	}
 	return purposeString;
 }
 
-function decodeBitsToIds(bitString) {
+function decodeBitsToIds(bitString, addToIndex = 0) {
 	return bitString.split('').reduce((acc, bit, index) => {
 		if (bit === '1') {
-			acc.add(index + 1);
+			acc.add(index + addToIndex + 1);
 		}
 		return acc;
 	}, new Set());
@@ -176,11 +186,11 @@ function encodePublisherConsentData(publisherData) {
 		...publisherData,
 		numCustomPurposes: customPurposes.length,
 		standardPurposeIdBitString: encodePurposeIdsToBits(purposes, selectedPurposeIds),
-		customPurposeIdBitString: encodePurposeIdsToBits(customPurposes, selectedCustomPurposeIds)
+		customPurposeIdBitString: encodeCustomPurposeIdsToBits(customPurposes, selectedCustomPurposeIds)
 	});
 }
 
-function decodePublisherConsentData(cookieValue) {
+function decodePublisherConsentData(cookieValue, source) {
 	const {
 		cookieVersion,
 		cmpId,
@@ -196,6 +206,7 @@ function decodePublisherConsentData(cookieValue) {
 	} = decodePublisherCookieValue(cookieValue);
 
 	return {
+		consentString: cookieValue,
 		cookieVersion,
 		cmpId,
 		cmpVersion,
@@ -205,8 +216,9 @@ function decodePublisherConsentData(cookieValue) {
 		publisherPurposesVersion,
 		created,
 		lastUpdated,
+		source,
 		selectedPurposeIds: decodeBitsToIds(standardPurposeIdBitString),
-		selectedCustomPurposeIds: decodeBitsToIds(customPurposeIdBitString)
+		selectedCustomPurposeIds: decodeBitsToIds(customPurposeIdBitString, MAX_STANDARD_PURPOSE_ID)
 	};
 
 }
@@ -225,25 +237,81 @@ function writeCookie(name, value, maxAgeSeconds, path = '/') {
 	document.cookie = `${name}=${value};path=${path}${maxAge}`;
 }
 
-function readPublisherConsentCookie() {
-	// If configured try to read publisher cookie
-	if (config.storePublisherData) {
-		const cookie = readCookie(PUBLISHER_CONSENT_COOKIE_NAME);
-		log.debug('Read publisher consent data from local cookie', cookie);
-		if (cookie) {
-			return decodePublisherConsentData(cookie);
+/**
+ * Read publisher consent data from third-party cookie on the
+ * configured third party domain. Fallback to first-party cookie
+ * if the operation fails.
+ *
+ * @returns Promise resolved with decoded cookie object
+ */
+function readGlobalPublisherConsentCookie() {
+	log.debug('Request publisher consent data from global cookie');
+	return sendPortalCommand({
+		command: 'readPublisherConsent',
+	}).then(result => {
+		log.debug('Read publisher consent data from global cookie', result);
+		if (result) {
+			return decodePublisherConsentData(result, "global");
 		}
-	}
+		return readLocalPublisherConsentCookie();
+	}).catch(err => {
+		log.error('Failed reading third party publisher consent cookie', err);
+	});
 }
 
-function writePublisherConsentCookie(publisherConsentData) {
+/**
+ * Write publisher consent data to third-party cookie on the
+ * configured third party domain. Fallback to first-party cookie
+ * if the operation fails.
+ *
+ * @returns Promise resolved after cookie is written
+ */
+function writeGlobalPublisherConsentCookie(publisherConsentData) {
+	log.debug('Write publisher consent data to third party cookie', publisherConsentData);
+	return sendPortalCommand({
+		command: 'writePublisherConsent',
+		encodedValue: encodePublisherConsentData(publisherConsentData),
+		publisherConsentData
+	})
+		.then((succeeded) => {
+			if ( !succeeded ) {
+				return writeLocalPublisherConsentCookie(publisherConsentData);
+			}
+			return Promise.resolve();
+		})
+		.catch(err => {
+			log.error('Failed writing third party publisher consent cookie', err);
+		});
+}
+
+function readLocalPublisherConsentCookie() {
+	// If configured try to read publisher cookie
+	const cookie = readCookie(PUBLISHER_CONSENT_COOKIE_NAME);
+	log.debug('Read publisher consent data from local cookie', cookie);
+	return Promise.resolve(cookie && decodePublisherConsentData(cookie, 'local'));
+}
+
+function writeLocalPublisherConsentCookie(publisherConsentData) {
 	log.debug('Write publisher consent data to local cookie', publisherConsentData);
-	writeCookie(PUBLISHER_CONSENT_COOKIE_NAME,
+	return Promise.resolve(writeCookie(PUBLISHER_CONSENT_COOKIE_NAME,
 		encodePublisherConsentData(publisherConsentData),
 		PUBLISHER_CONSENT_COOKIE_MAX_AGE,
-		'/');
+		'/'));
 }
 
+function readPublisherConsentCookie() {
+	if (config.storePublisherData) {
+		return config.storePublisherConsentGlobally ?
+			readGlobalPublisherConsentCookie() : readLocalPublisherConsentCookie();
+	}
+}
+
+function writePublisherConsentCookie(publisherConsentData) {
+	if (config.storePublisherData) {
+		return config.storePublisherConsentGlobally ?
+			writeGlobalPublisherConsentCookie(publisherConsentData) : writeLocalPublisherConsentCookie(publisherConsentData);
+	}
+}
 
 /**
  * Read vendor consent data from third-party cookie on the

src/lib/cookie/cookie.test.js

@@ -128,17 +128,18 @@ describe('cookie', () => {
 			publisherPurposesVersion: 1,
 			created: aDate,
 			lastUpdated: aDate,
-			selectedCustomPurposeIds: new Set([2, 3])
+			source: 'local',
+			selectedCustomPurposeIds: new Set([25, 26])
 		};
 
 		const encodedString = encodePublisherConsentData({
 			...vendorConsentData, ...publisherConsentData,
 			vendorList,
 			customPurposeList
 		});
-		const decoded = decodePublisherConsentData(encodedString);
+		const decoded = decodePublisherConsentData(encodedString, 'local');
 
-		expect(decoded).to.deep.equal({...vendorConsentData, ...publisherConsentData});
+		expect(decoded).to.deep.include({...vendorConsentData, ...publisherConsentData});
 	});
 
 	it('writes and reads the local cookie when globalConsent = false', () => {
@@ -199,26 +200,70 @@ describe('cookie', () => {
 		});
 	});
 
-	it('writes and reads the publisher consent cookie', () => {
+	it('writes and reads the publisher consent cookie locally', () => {
 		config.update({
-			storeConsentGlobally: false,
+			storePublisherConsentGlobally: false,
 			storePublisherData: true
 		});
 
 		const publisherConsentData = {
 			cookieVersion: 1,
-			cmpId: 1,
+			cmpId: 15,
+			cmpVersion: 2,
+			consentScreen: 1,
+			consentLanguage: "EN",
 			vendorListVersion: 1,
 			publisherPurposesVersion: 1,
 			created: aDate,
 			lastUpdated: aDate,
+			source: 'local',
+			vendorList,
+			customPurposeList,
+			selectedPurposeIds: new Set([1, 2]),
+			selectedCustomPurposeIds: new Set([25, 26])
 		};
 
-		writePublisherConsentCookie(publisherConsentData);
-		const fromCookie = readPublisherConsentCookie();
+		return writePublisherConsentCookie(publisherConsentData).then(() => {
+			return readPublisherConsentCookie().then((cookie) => {
+				expect(document.cookie).to.contain(PUBLISHER_CONSENT_COOKIE_NAME);
+				expect(cookie).to.deep.include({
+					"cookieVersion":1,
+					"cmpId":15,
+					"cmpVersion":2,
+					"consentScreen":1,
+					"consentLanguage":"EN",
+					"vendorListVersion":1,
+					"publisherPurposesVersion":1,
+					"created": aDate,
+					"lastUpdated": aDate,
+					"source":"local",
+					"selectedPurposeIds": new Set([1, 2]),
+					"selectedCustomPurposeIds": new Set([25, 26])
+				});
+			});
+		});
+	});
 
-		expect(document.cookie).to.contain(PUBLISHER_CONSENT_COOKIE_NAME);
-		expect(fromCookie).to.deep.include(publisherConsentData);
+	it('writes and reads the publisher consent cookie on a third party domain', () => {
+		config.update({
+			storePublisherConsentGlobally: true,
+			globalPublisherConsentLocation: "https://www.example.com",
+			storePublisherData: true
+		});
+
+		const publisherConsentData = {
+			cmpId: 1,
+			vendorListVersion: 1,
+			publisherPurposesVersion: 1,
+			created: aDate,
+			lastUpdated: aDate,
+			source: 'global'
+		};
+
+		return writePublisherConsentCookie(publisherConsentData).then(() => {
+			expect(mockPortal.sendPortalCommand.mock.calls[0][0].command).to.deep.equal('writePublisherConsent');
+			expect(document.cookie).to.contain(PUBLISHER_CONSENT_COOKIE_NAME);
+		});
 	});
 
 	it('converts selected vendor list to a range', () => {