Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

UID2-2832 change domain name to domain or app name #59

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ dotnet test
To run the sample app:

```
dotnet run --project src/SampleApp/SampleApp.csproj https://integ.uidapi.com \
dotnet run --project src/SampleApp/SampleApp.csproj https://operator-integ.uidapi.com \
<your-api-token> <your-secret-key> <advertising-token>
```

Expand Down
8 changes: 4 additions & 4 deletions src/UID2.Client/BidstreamClient.cs
Original file line number Diff line number Diff line change
Expand Up @@ -12,14 +12,14 @@ public BidstreamClient(string endpoint, string authKey, string secretKey)
_tokenHelper = new TokenHelper(endpoint, authKey, secretKey);
}

public DecryptionResponse DecryptTokenIntoRawUid(string token, string domainNameFromBidRequest)
public DecryptionResponse DecryptTokenIntoRawUid(string token, string domainOrAppNameFromBidRequest)
{
return DecryptTokenIntoRawUid(token, domainNameFromBidRequest, DateTime.UtcNow);
return DecryptTokenIntoRawUid(token, domainOrAppNameFromBidRequest, DateTime.UtcNow);
}

internal DecryptionResponse DecryptTokenIntoRawUid(string token, string domainNameFromBidRequest, DateTime utcNow)
internal DecryptionResponse DecryptTokenIntoRawUid(string token, string domainOrAppNameFromBidRequest, DateTime utcNow)
{
return _tokenHelper.Decrypt(token, utcNow, domainNameFromBidRequest, ClientType.Bidstream);
return _tokenHelper.Decrypt(token, utcNow, domainOrAppNameFromBidRequest, ClientType.Bidstream);
}


Expand Down
2 changes: 1 addition & 1 deletion src/UID2.Client/DecryptionStatus.cs
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ public enum DecryptionStatus
/// DSPs are still expected to check their records for user opt out, even when this status is not returned
/// </summary>
UserOptedOut,
DomainNameCheckFailed,
DomainOrAppNameCheckFailed,
Copy link
Contributor

@jon8787 jon8787 May 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will this break consuming code? such as found in gitlab

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there will be changes required there as we upgrade it to use this version of SDK. tho probably we should check with @vishalegbert-ttd @gmsdelmundo if we change this status, do we need to make further changes in other source codes e.g. spark jobs

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From the discussion in the slack, we can keep this change.

InvalidTokenLifetime
}
}
8 changes: 4 additions & 4 deletions src/UID2.Client/IUID2Client.cs
Original file line number Diff line number Diff line change
Expand Up @@ -40,17 +40,17 @@ public interface IUID2Client
DecryptionResponse Decrypt(string token, DateTime utcNow);
DecryptionResponse Decrypt(string token);
/// <summary>
/// Decrypt advertising token to extract UID2 details and does a domain name check with the provided domainNameFromBidRequest param
/// Decrypt advertising token to extract UID2 details and does a domain or app name check with the provided domainOrAppNameFromBidRequest param
/// for tokens from Client Side Token Generation
/// </summary>
/// <param name="token">The UID2 Token </param>
/// <param name="domainNameFromBidRequest">The domain name from bid request which should match the domain name of the publisher (registered with UID2 admin)
/// <param name="domainOrAppNameFromBidRequest">The domain or app name from bid request which should match the domain or app name of the publisher (registered with UID2 admin)
/// generating this token previously using Client Side Token Generation
/// </param>
/// <returns>Response showing if decryption is successful and the resulting UID if successful.
/// Or it could return error codes/string indicating what went wrong (such as DecryptionStatus.DomainNameCheckFailed)
/// Or it could return error codes/string indicating what went wrong (such as DecryptionStatus.DomainOrAppNameCheckFailed)
/// </returns>
DecryptionResponse Decrypt(string token, string domainNameFromBidRequest);
DecryptionResponse Decrypt(string token, string domainOrAppNameFromBidRequest);

EncryptionDataResponse Encrypt(string rawUid);
[Obsolete("Please use Encrypt(string rawUid) instead.")]
Expand Down
6 changes: 3 additions & 3 deletions src/UID2.Client/KeyContainer.cs
Original file line number Diff line number Diff line change
Expand Up @@ -114,14 +114,14 @@ public bool TryGetMasterKey(DateTime now, out Key key)
return TryGetKeysetActiveKey(_masterKeysetId, now, out key);
}

public bool IsDomainNameAllowedForSite(int siteId, string domainName)
public bool IsDomainOrAppNameAllowedForSite(int siteId, string domainOrAppName)
{
if (domainName == null)
if (domainOrAppName == null)
{
return false;
}

return this._siteIdToSite.TryGetValue(siteId, out var site) && site.AllowDomainName(domainName);
return this._siteIdToSite.TryGetValue(siteId, out var site) && site.AllowDomainName(domainOrAppName);
}

private bool TryGetKeysetActiveKey(int keysetId, DateTime now, out Key key)
Expand Down
4 changes: 2 additions & 2 deletions src/UID2.Client/TokenHelper.cs
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ internal TokenHelper(string endpoint, string authKey, string secretKey)
_uid2ClientHelper = new Uid2ClientHelper(endpoint, authKey, secretKey);
}

internal DecryptionResponse Decrypt(string token, DateTime now, string domainNameFromBidRequest, ClientType clientType)
internal DecryptionResponse Decrypt(string token, DateTime now, string domainOrAppNameFromBidRequest, ClientType clientType)
{
var container = Volatile.Read(ref _container);
if (container == null)
Expand All @@ -30,7 +30,7 @@ internal DecryptionResponse Decrypt(string token, DateTime now, string domainNam

try
{
return UID2Encryption.Decrypt(token, container, now, domainNameFromBidRequest, container.IdentityScope, clientType);
return UID2Encryption.Decrypt(token, container, now, domainOrAppNameFromBidRequest, container.IdentityScope, clientType);
}
catch (Exception)
{
Expand Down
12 changes: 6 additions & 6 deletions src/UID2.Client/UID2Client.cs
Original file line number Diff line number Diff line change
Expand Up @@ -34,20 +34,20 @@ public UID2Client(string endpoint, string authKey, string secretKey, IdentitySco

public DecryptionResponse Decrypt(string token)
{
return Decrypt(token, DateTime.UtcNow, null, ClientType.LegacyWithoutDomainCheck);
return Decrypt(token, DateTime.UtcNow, null, ClientType.LegacyWithoutDomainOrAppNameCheck);
}

public DecryptionResponse Decrypt(string token, DateTime utcNow)
{
return Decrypt(token, utcNow, null, ClientType.LegacyWithoutDomainCheck);
return Decrypt(token, utcNow, null, ClientType.LegacyWithoutDomainOrAppNameCheck);
}

public DecryptionResponse Decrypt(string token, string domainNameFromBidRequest)
public DecryptionResponse Decrypt(string token, string domainOrAppNameFromBidRequest)
{
return Decrypt(token, DateTime.UtcNow, domainNameFromBidRequest, ClientType.LegacyWithDomainCheck);
return Decrypt(token, DateTime.UtcNow, domainOrAppNameFromBidRequest, ClientType.LegacyWithDomainOrAppNameCheck);
}

private DecryptionResponse Decrypt(string token, DateTime now, string domainNameFromBidRequest, ClientType clientType)
private DecryptionResponse Decrypt(string token, DateTime now, string domainOrAppNameFromBidRequest, ClientType clientType)
{
var container = Volatile.Read(ref _container);
if (container == null)
Expand All @@ -62,7 +62,7 @@ private DecryptionResponse Decrypt(string token, DateTime now, string domainName

try
{
return UID2Encryption.Decrypt(token, container, now, domainNameFromBidRequest, _identityScope, clientType);
return UID2Encryption.Decrypt(token, container, now, domainOrAppNameFromBidRequest, _identityScope, clientType);
}
catch (Exception)
{
Expand Down
34 changes: 17 additions & 17 deletions src/UID2.Client/UID2Encryption.cs
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,8 @@ internal enum ClientType
{
Sharing,
Bidstream,
LegacyWithoutDomainCheck,
LegacyWithDomainCheck
LegacyWithoutDomainOrAppNameCheck,
LegacyWithDomainOrAppNameCheck
}

internal static class UID2Encryption
Expand All @@ -26,7 +26,7 @@ internal static class UID2Encryption
private static char[] BASE64_URL_SPECIAL_CHARS = { '-', '_' };


internal static DecryptionResponse Decrypt(string token, KeyContainer keys, DateTime now, string domainName, IdentityScope identityScope, ClientType clientType)
internal static DecryptionResponse Decrypt(string token, KeyContainer keys, DateTime now, string domainOrAppName, IdentityScope identityScope, ClientType clientType)
{
if (token.Length < 4)
{
Expand All @@ -39,24 +39,24 @@ internal static DecryptionResponse Decrypt(string token, KeyContainer keys, Date

if (data[0] == 2)
{
return DecryptV2(Convert.FromBase64String(token), keys, now, domainName, clientType);
return DecryptV2(Convert.FromBase64String(token), keys, now, domainOrAppName, clientType);
}

if (data[1] == (int)AdvertisingTokenVersion.V3)
{
return DecryptV3(Convert.FromBase64String(token), keys, now, identityScope, 3, domainName, clientType);
return DecryptV3(Convert.FromBase64String(token), keys, now, identityScope, 3, domainOrAppName, clientType);
}

if (data[1] == (int)AdvertisingTokenVersion.V4)
{
//same as V3 but use Base64URL encoding
return DecryptV3(UID2Base64UrlCoder.Decode(token), keys, now, identityScope, 4, domainName, clientType);
return DecryptV3(UID2Base64UrlCoder.Decode(token), keys, now, identityScope, 4, domainOrAppName, clientType);
}

return DecryptionResponse.MakeError(DecryptionStatus.VersionNotSupported);
}

private static DecryptionResponse DecryptV2(byte[] encryptedId, KeyContainer keys, DateTime now, string domainName, ClientType clientType)
private static DecryptionResponse DecryptV2(byte[] encryptedId, KeyContainer keys, DateTime now, string domainOrAppName, ClientType clientType)
{
if (encryptedId.Length != TOKEN_V2_LENGTH)
{
Expand Down Expand Up @@ -118,9 +118,9 @@ private static DecryptionResponse DecryptV2(byte[] encryptedId, KeyContainer key
return new DecryptionResponse(DecryptionStatus.UserOptedOut, null, established, siteId, siteKey.SiteId, null, advertisingTokenVersion, privacyBits.IsClientSideGenerated, expiry);
}

if (!IsDomainNameAllowedForSite(clientType, privacyBits, siteId, domainName, keys))
if (!IsDomainOrAppNameAllowedForSite(clientType, privacyBits, siteId, domainOrAppName, keys))
{
return new DecryptionResponse(DecryptionStatus.DomainNameCheckFailed, null, established, siteId, siteKey.SiteId, null, advertisingTokenVersion, privacyBits.IsClientSideGenerated, expiry);
return new DecryptionResponse(DecryptionStatus.DomainOrAppNameCheckFailed, null, established, siteId, siteKey.SiteId, null, advertisingTokenVersion, privacyBits.IsClientSideGenerated, expiry);
}

if (!DoesTokenHaveValidLifetime(clientType, keys, now, expiry, now))
Expand All @@ -129,7 +129,7 @@ private static DecryptionResponse DecryptV2(byte[] encryptedId, KeyContainer key
return new DecryptionResponse(DecryptionStatus.Success, idString, established, siteId, siteKey.SiteId, null, advertisingTokenVersion, privacyBits.IsClientSideGenerated, expiry);
}

private static DecryptionResponse DecryptV3(byte[] encryptedId, KeyContainer keys, DateTime now, IdentityScope identityScope, int advertisingTokenVersion, string domainName, ClientType clientType)
private static DecryptionResponse DecryptV3(byte[] encryptedId, KeyContainer keys, DateTime now, IdentityScope identityScope, int advertisingTokenVersion, string domainOrAppName, ClientType clientType)
{
if (encryptedId.Length < TOKEN_V3_MIN_LENGTH)
{
Expand Down Expand Up @@ -203,9 +203,9 @@ private static DecryptionResponse DecryptV3(byte[] encryptedId, KeyContainer key
return new DecryptionResponse(DecryptionStatus.UserOptedOut, null, established, siteId, siteKey.SiteId, identityType, advertisingTokenVersion, privacyBits.IsClientSideGenerated, expiry);
}

if (!IsDomainNameAllowedForSite(clientType, privacyBits, siteId, domainName, keys))
if (!IsDomainOrAppNameAllowedForSite(clientType, privacyBits, siteId, domainOrAppName, keys))
{
return new DecryptionResponse(DecryptionStatus.DomainNameCheckFailed, null, established, siteId, siteKey.SiteId, identityType, advertisingTokenVersion, privacyBits.IsClientSideGenerated, expiry);
return new DecryptionResponse(DecryptionStatus.DomainOrAppNameCheckFailed, null, established, siteId, siteKey.SiteId, identityType, advertisingTokenVersion, privacyBits.IsClientSideGenerated, expiry);
}

if (!DoesTokenHaveValidLifetime(clientType, keys, generated, expiry, now))
Expand Down Expand Up @@ -242,15 +242,15 @@ private static bool DoesTokenHaveValidLifetimeImpl(DateTime generatedOrNow, Date
return (generatedOrNow - now).TotalSeconds <= allowClockSkewSeconds; //returns false if token generated too far in the future
}

private static bool IsDomainNameAllowedForSite(ClientType clientType, PrivacyBits privacyBits, int siteId, string domainName, KeyContainer keys)
private static bool IsDomainOrAppNameAllowedForSite(ClientType clientType, PrivacyBits privacyBits, int siteId, string domainOrAppName, KeyContainer keys)
{
if (!privacyBits.IsClientSideGenerated)
return true;

if (clientType != ClientType.Bidstream && clientType != ClientType.LegacyWithDomainCheck)
if (clientType != ClientType.Bidstream && clientType != ClientType.LegacyWithDomainOrAppNameCheck)
return true;

return keys.IsDomainNameAllowedForSite(siteId, domainName);
return keys.IsDomainOrAppNameAllowedForSite(siteId, domainOrAppName);
}

internal static EncryptionDataResponse Encrypt(string rawUid, KeyContainer keys, IdentityScope identityScope, DateTime now)
Expand Down Expand Up @@ -327,8 +327,8 @@ internal static EncryptionDataResponse EncryptData(EncryptionDataRequest request
{
try
{
// if the enableDomainNameCheck param is enabled , the caller would have to provide siteId as part of the EncryptionDataRequest.
DecryptionResponse decryptedToken = Decrypt(request.AdvertisingToken, keys, now, domainName: null, identityScope, ClientType.LegacyWithoutDomainCheck);
// if the enableDomainOrAppNameCheck param is enabled , the caller would have to provide siteId as part of the EncryptionDataRequest.
DecryptionResponse decryptedToken = Decrypt(request.AdvertisingToken, keys, now, domainOrAppName: null, identityScope, ClientType.LegacyWithoutDomainOrAppNameCheck);
if (!decryptedToken.Success)
{
return EncryptionDataResponse.MakeError(EncryptionStatus.TokenDecryptFailure);
Expand Down
Loading