Skip to content

Commit

Permalink
PublinkId - validate hash and fix decode
Browse files Browse the repository at this point in the history
  • Loading branch information
pycnvr committed Sep 20, 2021
1 parent a22705a commit dbf3281
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 11 deletions.
1 change: 1 addition & 0 deletions modules/conversantBidAdapter.js
Original file line number Diff line number Diff line change
Expand Up @@ -373,6 +373,7 @@ function collectEids(bidRequests) {
if (utils.isArray(request.userIdAsEids) && request.userIdAsEids.length > 0) {
// later following white-list can be converted to block-list if needed
const requiredSourceValues = {
'epsilon.com': 1,
'adserver.org': 1,
'liveramp.com': 1,
'criteo.com': 1,
Expand Down
17 changes: 14 additions & 3 deletions modules/publinkIdSystem.js
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,10 @@ const PUBLINK_S2S_COOKIE = '_publink_srv';

export const storage = getStorageManager(GVLID);

function isHex(s) {
return (typeof s === 'string' && /^[A-F0-9]+$/i.test(s));
}

function publinkIdUrl(params, consentData) {
let url = utils.parseUrl('https://proc.ad.cpe.dotomi.com/cvx/client/sync/publink');
url.search = {
Expand Down Expand Up @@ -49,8 +53,13 @@ function makeCallback(config = {}, consentData) {
}
}
};

if (config.params && config.params.e) {
ajax(publinkIdUrl(config.params, consentData), handleResponse, undefined, options);
if (isHex(config.params.e)) {
ajax(publinkIdUrl(config.params, consentData), handleResponse, undefined, options);
} else {
utils.logError('params.e must be a hex string');
}
}
};
}
Expand Down Expand Up @@ -96,18 +105,20 @@ export const publinkIdSubmodule = {
/**
* decode the stored id value for passing to bid requests
* @function
* @param {string} id encrypted userid
* @param {string} publinkId encrypted userid
* @returns {{publinkId: string} | undefined}
*/
decode(publinkId) {
return {publink: publinkId};
return {publinkId: publinkId};
},

/**
* performs action to obtain id
* Use a publink cookie first if it is present, otherwise use prebids copy, if neither are available callout to get a new id
* @function
* @param {SubmoduleConfig} [config] Config object with params and storage properties
* @param {ConsentData|undefined} consentData GDPR consent
* @param {(Object|undefined)} storedId Previously cached id
* @returns {IdResponse}
*/
getId: function(config, consentData, storedId) {
Expand Down
27 changes: 19 additions & 8 deletions test/spec/modules/publinkIdSystem_spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ describe('PublinkIdSystem', () => {
describe('decode', () => {
it('decode', () => {
const result = publinkIdSubmodule.decode(TEST_COOKIE_VALUE);
expect(result).deep.equals({publink: TEST_COOKIE_VALUE});
expect(result).deep.equals({publinkId: TEST_COOKIE_VALUE});
});
});

Expand Down Expand Up @@ -69,6 +69,7 @@ describe('PublinkIdSystem', () => {
expect(result).to.exist;
expect(result.callback).to.be.a('function');
});

it('Use local copy', () => {
const result = publinkIdSubmodule.getId({}, undefined, TEST_COOKIE_VALUE);
expect(result).to.be.undefined;
Expand All @@ -82,31 +83,41 @@ describe('PublinkIdSystem', () => {
});

it('Fetch with consent data', () => {
const config = {storage: {type: 'cookie'}, params: {e: 'hashedemailvalue'}};
const config = {storage: {type: 'cookie'}, params: {e: 'ca11c0ca7'}};
const consentData = {gdprApplies: 1, consentString: 'myconsentstring'};
let submoduleCallback = publinkIdSubmodule.getId(config, consentData).callback;
submoduleCallback(callbackSpy);

let request = server.requests[0];
request.url = request.url.replace(':443', '');
expect(request.url).to.equal('https://proc.ad.cpe.dotomi.com/cvx/client/sync/publink?deh=hashedemailvalue&mpn=Prebid.js&mpv=$prebid.version$&gdpr=1&gdpr_consent=myconsentstring');
expect(request.url).to.equal('https://proc.ad.cpe.dotomi.com/cvx/client/sync/publink?deh=ca11c0ca7&mpn=Prebid.js&mpv=$prebid.version$&gdpr=1&gdpr_consent=myconsentstring');

request.respond(200, {}, JSON.stringify(serverResponse));
expect(callbackSpy.calledOnce).to.be.true;
expect(callbackSpy.lastCall.lastArg).to.equal(serverResponse.publink);
});

it('server doesnt respond', () => {
const config = {storage: {type: 'cookie'}, params: {e: 'hashedemailvalue'}};
const config = {storage: {type: 'cookie'}, params: {e: 'ca11c0ca7'}};
let submoduleCallback = publinkIdSubmodule.getId(config).callback;
submoduleCallback(callbackSpy);

let request = server.requests[0];
request.url = request.url.replace(':443', '');
expect(request.url).to.equal('https://proc.ad.cpe.dotomi.com/cvx/client/sync/publink?deh=hashedemailvalue&mpn=Prebid.js&mpv=$prebid.version$');
expect(request.url).to.equal('https://proc.ad.cpe.dotomi.com/cvx/client/sync/publink?deh=ca11c0ca7&mpn=Prebid.js&mpv=$prebid.version$');

request.respond(204, {}, JSON.stringify(serverResponse));
expect(callbackSpy.calledOnce).to.be.false;
expect(callbackSpy.called).to.be.false;
});

it('reject plain email address', () => {
const config = {storage: {type: 'cookie'}, params: {e: '[email protected]'}};
const consentData = {gdprApplies: 1, consentString: 'myconsentstring'};
let submoduleCallback = publinkIdSubmodule.getId(config, consentData).callback;
submoduleCallback(callbackSpy);

expect(server.requests).to.have.lengthOf(0);
expect(callbackSpy.called).to.be.false;
});
});

Expand All @@ -122,13 +133,13 @@ describe('PublinkIdSystem', () => {
});

it('Fetch with usprivacy data', () => {
const config = {storage: {type: 'cookie'}, params: {e: 'hashedemailvalue'}};
const config = {storage: {type: 'cookie'}, params: {e: 'ca11c0ca7'}};
let submoduleCallback = publinkIdSubmodule.getId(config).callback;
submoduleCallback(callbackSpy);

let request = server.requests[0];
request.url = request.url.replace(':443', '');
expect(request.url).to.equal('https://proc.ad.cpe.dotomi.com/cvx/client/sync/publink?deh=hashedemailvalue&mpn=Prebid.js&mpv=$prebid.version$&us_privacy=1YNN');
expect(request.url).to.equal('https://proc.ad.cpe.dotomi.com/cvx/client/sync/publink?deh=ca11c0ca7&mpn=Prebid.js&mpv=$prebid.version$&us_privacy=1YNN');

request.respond(200, {}, JSON.stringify(serverResponse));
expect(callbackSpy.calledOnce).to.be.true;
Expand Down

0 comments on commit dbf3281

Please sign in to comment.