Removed optout policy check and disable optout feature flag

Author: RSam25

conf/docker-config.json

@@ -42,7 +42,6 @@
   "salts_expired_shutdown_hours": 12,
   "store_refresh_stale_shutdown_hours": 12,
   "operator_type": "public",
-  "disable_optout_token": true,
   "enable_remote_config": true,
   "uid_instance_id_prefix": "local-operator"
 }

conf/integ-config.json

@@ -18,7 +18,6 @@
   "salts_expired_shutdown_hours": 12,
   "store_refresh_stale_shutdown_hours": 12,
   "operator_type": "public",
-  "disable_optout_token": true,
   "enable_remote_config": false,
   "uid_instance_id_prefix": "local-operator"
 }

conf/local-config.json

@@ -41,7 +41,6 @@
   "store_refresh_stale_shutdown_hours": 12,
   "operator_type": "public",
   "encrypted_files": false,
-  "disable_optout_token": true,
   "enable_remote_config": true,
   "uid_instance_id_prefix": "local-operator"
 }

conf/local-e2e-docker-public-config.json

@@ -38,7 +38,6 @@
   "salts_expired_shutdown_hours": 12,
   "store_refresh_stale_shutdown_hours": 12,
   "operator_type": "public",
-  "disable_optout_token": true,
   "enable_remote_config": true,
   "uid_instance_id_prefix": "local-public-operator"
 }

conf/local-e2e-public-config.json

@@ -44,7 +44,7 @@
   "salts_expired_shutdown_hours": 12,
   "store_refresh_stale_shutdown_hours": 12,
   "operator_type": "public",
-  "disable_optout_token": true,
+
   "enable_remote_config": true,
   "uid_instance_id_prefix": "local-public-operator"
 }

conf/validator-latest-e2e-docker-public-config.json

@@ -43,7 +43,6 @@
     },
     "config_scan_period_ms": 300000
   },
-  "disable_optout_token": true,
   "enable_remote_config": true,
   "uid_instance_id_prefix": "local-public-operator"
 }

src/main/java/com/uid2/operator/Const.java

@@ -34,7 +34,6 @@ public class Config extends com.uid2.shared.Const.Config {
 
         public static final String ConfigScanPeriodMsProp = "config_scan_period_ms";
         public static final String IdentityV3Prop = "identity_v3";
-        public static final String DisableOptoutTokenProp = "disable_optout_token";
         public static final String EnableRemoteConfigProp = "enable_remote_config";
         public static final String RuntimeConfigMetadataPathProp = "runtime_config_metadata_path";
 

src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java

@@ -105,7 +105,6 @@ public class UIDOperatorVerticle extends AbstractVerticle {
     private final IClientKeyProvider clientKeyProvider;
     private final Clock clock;
     private final boolean identityV3Enabled;
-    private final boolean disableOptoutToken;
     private final UidInstanceIdProvider uidInstanceIdProvider;
     protected IUIDOperatorService idService;
 
@@ -196,7 +195,6 @@ public UIDOperatorVerticle(IConfigStore configStore,
         this.optOutStatusApiEnabled = config.getBoolean(Const.Config.OptOutStatusApiEnabled, true);
         this.optOutStatusMaxRequestSize = config.getInteger(Const.Config.OptOutStatusMaxRequestSize, 5000);
         this.identityV3Enabled = config.getBoolean(IdentityV3Prop, false);
-        this.disableOptoutToken = config.getBoolean(DisableOptoutTokenProp, false);
         this.uidInstanceIdProvider = uidInstanceIdProvider;
     }
 
@@ -945,14 +943,6 @@ private void handleTokenGenerateV2(RoutingContext rc) {
                     }
                 }
 
-                final Tuple.Tuple2<OptoutCheckPolicy, String> optoutCheckPolicy = readOptoutCheckPolicy(req);
-                recordTokenGeneratePolicy(apiContact, optoutCheckPolicy.getItem1(), optoutCheckPolicy.getItem2());
-
-                if (!meetPolicyCheckRequirements(rc)) {
-                    SendClientErrorResponseAndRecordStats(ResponseStatus.ClientError, 400, rc, "Required opt-out policy argument for token/generate is missing or not set to 1", siteId, TokenResponseStatsCollector.Endpoint.GenerateV2, TokenResponseStatsCollector.ResponseStatus.BadPayload, siteProvider, platformType);
-                    return;
-                }
-
                 final IdentityTokens t = this.idService.generateIdentity(
                         new IdentityRequest(
                                 new PublisherIdentity(siteId, 0, 0),
@@ -964,31 +954,8 @@ private void handleTokenGenerateV2(RoutingContext rc) {
                         identityExpiresAfter);
 
                 if (t.isEmptyToken()) {
-                    if (optoutCheckPolicy.getItem1() == OptoutCheckPolicy.DoNotRespect && !this.disableOptoutToken) { // only legacy can use this policy
-                        final InputUtil.InputVal optOutTokenInput = input.getIdentityType() == IdentityType.Email
-                                ? InputUtil.InputVal.validEmail(OptOutTokenIdentityForEmail, OptOutTokenIdentityForEmail)
-                                : InputUtil.InputVal.validPhone(OptOutTokenIdentityForPhone, OptOutTokenIdentityForPhone);
-
-                        PrivacyBits pb = new PrivacyBits();
-                        pb.setLegacyBit();
-                        pb.setClientSideTokenGenerateOptout();
-
-                        final IdentityTokens optOutTokens = this.idService.generateIdentity(
-                                new IdentityRequest(
-                                        new PublisherIdentity(siteId, 0, 0),
-                                        optOutTokenInput.toUserIdentity(this.identityScope, pb.getAsInt(), Instant.now()),
-                                        OptoutCheckPolicy.DoNotRespect,
-                                        identityEnvironment),
-                                refreshIdentityAfter,
-                                refreshExpiresAfter,
-                                identityExpiresAfter);
-
-                        ResponseUtil.SuccessV2(rc, toTokenResponseJson(optOutTokens));
-                        recordTokenResponseStats(siteId, TokenResponseStatsCollector.Endpoint.GenerateV2, TokenResponseStatsCollector.ResponseStatus.Success, siteProvider, optOutTokens.getAdvertisingTokenVersion(), platformType);
-                    } else { // new participant, or legacy specified policy/optout_check=1
-                        ResponseUtil.SuccessNoBodyV2("optout", rc);
-                        recordTokenResponseStats(siteId, TokenResponseStatsCollector.Endpoint.GenerateV2, TokenResponseStatsCollector.ResponseStatus.OptOut, siteProvider, null, platformType);
-                    }
+                    ResponseUtil.SuccessNoBodyV2("optout", rc);
+                    recordTokenResponseStats(siteId, TokenResponseStatsCollector.Endpoint.GenerateV2, TokenResponseStatsCollector.ResponseStatus.OptOut, siteProvider, null, platformType);
                 } else {
                     ResponseUtil.SuccessV2(rc, toTokenResponseJson(t));
                     recordTokenResponseStats(siteId, TokenResponseStatsCollector.Endpoint.GenerateV2, TokenResponseStatsCollector.ResponseStatus.Success, siteProvider, t.getAdvertisingTokenVersion(), platformType);
@@ -1642,59 +1609,6 @@ private UserConsentStatus validateUserConsent(JsonObject req, String apiContact)
         return UserConsentStatus.SUFFICIENT;
     }
 
-    private static final String POLICY_PARAM = "policy";
-    private static final String OPTOUT_CHECK_POLICY_PARAM = "optout_check";
-
-    private boolean meetPolicyCheckRequirements(RoutingContext rc) {
-        JsonObject requestJsonObject = (JsonObject) rc.data().get(REQUEST);
-        boolean respectOptOut = false;
-        if (requestJsonObject.containsKey(OPTOUT_CHECK_POLICY_PARAM)) {
-            respectOptOut = OptoutCheckPolicy.fromValue(requestJsonObject.getInteger(OPTOUT_CHECK_POLICY_PARAM)) == OptoutCheckPolicy.respectOptOut();
-        } else if (requestJsonObject.containsKey(POLICY_PARAM)) {
-            respectOptOut = OptoutCheckPolicy.fromValue(requestJsonObject.getInteger(POLICY_PARAM)) == OptoutCheckPolicy.respectOptOut();
-        }
-
-        if (respectOptOut) {
-            return true;
-        } else {
-            final ClientKey clientKey = (ClientKey) AuthMiddleware.getAuthClient(rc);
-            final ClientKey oldestClientKey = this.clientKeyProvider.getOldestClientKey(clientKey.getSiteId());
-            boolean newClient = oldestClientKey.getCreated() >= OPT_OUT_CHECK_CUTOFF_DATE;
-
-            if (!newClient) {
-                Counter.builder("uid2_legacy_opt_out_bypass_total")
-                        .description("Counter for the number of successful requests that have optout set to zero (legacy clients)")
-                        .tag("site_id", clientKey.getSiteId().toString())
-                        .register(Metrics.globalRegistry)
-                        .increment();
-                return true;
-            } else {
-                // log policy violation
-                LOGGER.warn(String.format("Failed to respect opt-out policy: siteId=%d, clientKeyName=%s, clientKeyCreated=%d",
-                        oldestClientKey.getSiteId(), oldestClientKey.getName(), oldestClientKey.getCreated()));
-                return false;
-            }
-        }
-    }
-
-    private Tuple.Tuple2<OptoutCheckPolicy, String> readOptoutCheckPolicy(JsonObject req) {
-        if(req.containsKey(OPTOUT_CHECK_POLICY_PARAM)) {
-            return new Tuple.Tuple2<>(OptoutCheckPolicy.fromValue(req.getInteger(OPTOUT_CHECK_POLICY_PARAM)), OPTOUT_CHECK_POLICY_PARAM);
-        } else if(req.containsKey(POLICY_PARAM)) {
-            return new Tuple.Tuple2<>(OptoutCheckPolicy.fromValue(req.getInteger(POLICY_PARAM)), POLICY_PARAM);
-        } else {
-            return new Tuple.Tuple2<>(OptoutCheckPolicy.defaultPolicy(), "null");
-        }
-    }
-
-    private void recordTokenGeneratePolicy(String apiContact, OptoutCheckPolicy policy, String policyParameterKey) {
-        _tokenGeneratePolicyCounters.computeIfAbsent(new Tuple.Tuple3<>(apiContact, policy, policyParameterKey), triple -> Counter
-                .builder("uid2_token_generate_policy_usage_total")
-                .description("Counter for token generate policy usage")
-                .tags("api_contact", triple.getItem1(), "policy", String.valueOf(triple.getItem2()), "policy_parameter", triple.getItem3())
-                .register(Metrics.globalRegistry)).increment();
-    }
-
     private void recordTokenGenerateTCFUsage(String apiContact) {
         _tokenGenerateTCFUsage.computeIfAbsent(apiContact, contact -> Counter
                 .builder("uid2_token_generate_tcf_usage_total")

src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java

@@ -153,11 +153,6 @@ void deployVerticle(Vertx vertx, VertxTestContext testContext, TestInfo testInfo
 
         setupConfig(config);
         runtimeConfig = setupRuntimeConfig(config);
-        // TODO: Remove this when we remove tokenGenerateOptOutTokenWithDisableOptoutTokenFF test
-        if (testInfo.getTestMethod().isPresent() &&
-                testInfo.getTestMethod().get().getName().equals("tokenGenerateOptOutTokenWithDisableOptoutTokenFF")) {
-            config.put(Const.Config.DisableOptoutTokenProp, true);
-        }
         if (testInfo.getDisplayName().equals("cstgNoPhoneSupport(Vertx, VertxTestContext)")) {
             config.put("enable_phone_support", false);
         }
@@ -201,7 +196,6 @@ private void setupConfig(JsonObject config) {
         config.put(Const.Config.AllowClockSkewSecondsProp, 3600);
         config.put(Const.Config.OptOutStatusApiEnabled, true);
         config.put(Const.Config.OptOutStatusMaxRequestSize, optOutStatusMaxRequestSize);
-        config.put(Const.Config.DisableOptoutTokenProp, false);
         config.put(Const.Config.ConfigScanPeriodMsProp, 10000);
     }
 
@@ -1366,47 +1360,6 @@ void v3IdentityMapOutdatedRefreshFrom(Vertx vertx, VertxTestContext testContext)
         });
     }
 
-    @Test
-    void tokenGenerateNewClientNoPolicySpecified(Vertx vertx, VertxTestContext testContext) {
-        final int clientSiteId = 201;
-        fakeAuth(clientSiteId, newClientCreationDateTime, Role.GENERATOR);
-        setupSalts();
-        setupKeys();
-
-        JsonObject v2Payload = new JsonObject();
-        v2Payload.put("email", "test@email.com");
-
-        sendTokenGenerate(vertx, v2Payload, 400,
-                json -> {
-                    assertFalse(json.containsKey("body"));
-                    assertEquals("client_error", json.getString("status"));
-                    assertEquals("Required opt-out policy argument for token/generate is missing or not set to 1", json.getString("message"));
-                    testContext.completeNow();
-                });
-    }
-
-    @ParameterizedTest
-    @ValueSource(strings = {"policy", "optout_check"})
-    void tokenGenerateNewClientWrongPolicySpecified(String policyParamterKey, Vertx vertx, VertxTestContext testContext) {
-        final int clientSiteId = 201;
-        fakeAuth(clientSiteId, newClientCreationDateTime, Role.GENERATOR);
-        setupSalts();
-        setupKeys();
-
-        JsonObject v2Payload = new JsonObject();
-        v2Payload.put("email", "test@email.com");
-        v2Payload.put(policyParamterKey, OptoutCheckPolicy.DoNotRespect.policy);
-
-        sendTokenGenerate(vertx,
-                v2Payload, 400,
-                json -> {
-                    assertFalse(json.containsKey("body"));
-                    assertEquals("client_error", json.getString("status"));
-                    assertEquals("Required opt-out policy argument for token/generate is missing or not set to 1", json.getString("message"));
-                    testContext.completeNow();
-                });
-    }
-
     @Test
     void tokenGenerateNewClientNoPolicySpecifiedOlderKeySuccessful(Vertx vertx, VertxTestContext testContext) {
         ClientKey newClientKey = new ClientKey(
@@ -1489,130 +1442,6 @@ void tokenGenerateNewClientWrongPolicySpecifiedOlderKeySuccessful(String policyP
                 });
     }
 
-    @ParameterizedTest // TODO: remove test after optout check phase 3
-    @CsvSource({
-            "policy,someoptout@example.com,Email",
-            "policy,+01234567890,Phone",
-            "optout_check,someoptout@example.com,Email",
-            "optout_check,+01234567890,Phone"
-    })
-    void tokenGenerateOptOutToken(String policyParameterKey, String identity, IdentityType identityType,
-                                  Vertx vertx, VertxTestContext testContext) {
-        ClientKey oldClientKey = new ClientKey(
-                null,
-                null,
-                Utils.toBase64String(clientSecret),
-                "test-contact",
-                newClientCreationDateTime.minusSeconds(5),
-                Set.of(Role.GENERATOR),
-                201,
-                null
-        );
-        when(clientKeyProvider.get(any())).thenReturn(oldClientKey);
-        when(clientKeyProvider.getClientKey(any())).thenReturn(oldClientKey);
-        when(clientKeyProvider.getOldestClientKey(201)).thenReturn(oldClientKey);
-        when(this.optOutStore.getLatestEntry(any())).thenReturn(Instant.now());
-        setupSalts();
-        setupKeys();
-
-        JsonObject v2Payload = new JsonObject();
-        v2Payload.put(identityType.name().toLowerCase(), identity);
-        v2Payload.put(policyParameterKey, OptoutCheckPolicy.DoNotRespect.policy);
-
-        sendTokenGenerate(vertx,
-                v2Payload, 200,
-                json -> {
-                    InputUtil.InputVal optOutTokenInput = identityType == IdentityType.Email ?
-                            InputUtil.InputVal.validEmail(OptOutTokenIdentityForEmail, OptOutTokenIdentityForEmail) :
-                            InputUtil.InputVal.validPhone(OptOutIdentityForPhone, OptOutTokenIdentityForPhone);
-
-                    assertEquals("success", json.getString("status"));
-
-                    JsonObject body = json.getJsonObject("body");
-                    assertNotNull(body);
-
-                    decodeV2RefreshToken(json);
-
-                    AdvertisingToken advertisingToken = validateAndGetToken(encoder, body, identityType);
-                    RefreshToken refreshToken = encoder.decodeRefreshToken(body.getString("decrypted_refresh_token"));
-                    final byte[] advertisingId = getAdvertisingIdFromIdentity(identityType,
-                            optOutTokenInput.getNormalized(),
-                            firstLevelSalt,
-                            rotatingSalt123.currentSalt());
-                    final byte[] firstLevelHash = TokenUtils.getFirstLevelHashFromIdentity(optOutTokenInput.getNormalized(), firstLevelSalt);
-                    assertArrayEquals(advertisingId, advertisingToken.userIdentity.id);
-                    assertArrayEquals(firstLevelHash, refreshToken.userIdentity.id);
-
-                    assertFalse(PrivacyBits.fromInt(advertisingToken.userIdentity.privacyBits).isClientSideTokenGenerated());
-                    assertTrue(PrivacyBits.fromInt(advertisingToken.userIdentity.privacyBits).isClientSideTokenOptedOut());
-
-                    assertTokenStatusMetrics(
-                            201,
-                            TokenResponseStatsCollector.Endpoint.GenerateV2,
-                            TokenResponseStatsCollector.ResponseStatus.Success,
-                            TokenResponseStatsCollector.PlatformType.Other);
-
-                    sendTokenRefresh(vertx, testContext, body.getString("refresh_token"), body.getString("refresh_response_key"), 200, refreshRespJson -> {
-                        assertEquals("optout", refreshRespJson.getString("status"));
-                        JsonObject refreshBody = refreshRespJson.getJsonObject("body");
-                        assertNull(refreshBody);
-                        assertTokenStatusMetrics(
-                                201,
-                                TokenResponseStatsCollector.Endpoint.RefreshV2,
-                                TokenResponseStatsCollector.ResponseStatus.OptOut,
-                                TokenResponseStatsCollector.PlatformType.InApp);
-                        testContext.completeNow();
-                    }, Map.of(ClientVersionHeader, tvosClientVersionHeaderValue));
-                });
-    }
-
-    @ParameterizedTest // TODO: remove test after optout check phase 3
-    @CsvSource({
-            "policy,someoptout@example.com,Email",
-            "policy,+01234567890,Phone",
-            "optout_check,someoptout@example.com,Email",
-            "optout_check,+01234567890,Phone"
-    })
-    void tokenGenerateOptOutTokenWithDisableOptoutTokenFF(String policyParameterKey, String identity, IdentityType identityType,
-                                                          Vertx vertx, VertxTestContext testContext) {
-        ClientKey oldClientKey = new ClientKey(
-                null,
-                null,
-                Utils.toBase64String(clientSecret),
-                "test-contact",
-                newClientCreationDateTime.minusSeconds(5),
-                Set.of(Role.GENERATOR),
-                201,
-                null
-        );
-        when(clientKeyProvider.get(any())).thenReturn(oldClientKey);
-        when(clientKeyProvider.getClientKey(any())).thenReturn(oldClientKey);
-        when(clientKeyProvider.getOldestClientKey(201)).thenReturn(oldClientKey);
-        when(this.optOutStore.getLatestEntry(any())).thenReturn(Instant.now());
-        setupSalts();
-        setupKeys();
-
-        JsonObject v2Payload = new JsonObject();
-        v2Payload.put(identityType.name().toLowerCase(), identity);
-        v2Payload.put(policyParameterKey, OptoutCheckPolicy.DoNotRespect.policy);
-
-        sendTokenGenerate(vertx,
-                v2Payload, 200,
-                json -> {
-                    assertEquals("optout", json.getString("status"));
-
-                    decodeV2RefreshToken(json);
-
-                    assertTokenStatusMetrics(
-                            201,
-                            TokenResponseStatsCollector.Endpoint.GenerateV2,
-                            TokenResponseStatsCollector.ResponseStatus.OptOut,
-                            TokenResponseStatsCollector.PlatformType.Other);
-
-                    testContext.completeNow();
-                });
-    }
-
     @ParameterizedTest
     @CsvSource({
             "true,text/plain",