UID2-2112 Allow generating v4 tokens by percentage (fall back to default token version otherwise) (#289)

jon8787 · web-flow · commit 68a47aec9f43 · 2023-11-28T17:33:35.000+11:00
diff --git a/conf/local-config.json b/conf/local-config.json
@@ -13,7 +13,7 @@
   "refresh_token_expires_after_seconds": 86400,
   "refresh_identity_token_after_seconds": 900,
   "advertising_token_v3": false,
-  "advertising_token_v4": false,
+  "advertising_token_v4_percentage": 0,
   "refresh_token_v3": false,
   "identity_v3": false,
   "identity_scope": "uid2",
@@ -35,4 +35,4 @@
   "client_side_token_generate": true,
   "client_side_token_generate_domain_name_check_enabled": true,
   "key_sharing_endpoint_provide_site_domain_names": true
-}
+}
diff --git a/src/main/java/com/uid2/operator/service/UIDOperatorService.java b/src/main/java/com/uid2/operator/service/UIDOperatorService.java
@@ -1,9 +1,7 @@
 package com.uid2.operator.service;
 
-import com.uid2.operator.IdentityConst;
 import com.uid2.operator.model.*;
 import com.uid2.operator.util.PrivacyBits;
-import com.uid2.operator.vertx.UIDOperatorVerticle;
 import com.uid2.shared.model.SaltEntry;
 import com.uid2.operator.store.IOptOutStore;
 import com.uid2.shared.store.ISaltProvider;
@@ -22,6 +20,7 @@
 import java.time.ZoneOffset;
 import java.time.format.DateTimeFormatter;
 import java.util.*;
+import java.util.concurrent.ThreadLocalRandom;
 
 import static com.uid2.operator.IdentityConst.*;
 
@@ -48,7 +47,8 @@ public class UIDOperatorService implements IUIDOperatorService {
     private final Duration refreshIdentityAfter;
 
     private final OperatorIdentity operatorIdentity;
-    private final TokenVersion advertisingTokenVersion;
+    private final TokenVersion tokenVersionToUseIfNotV4;
+    private final int advertisingTokenV4Percentage;
     private final TokenVersion refreshTokenVersion;
     private final boolean identityV3Enabled;
 
@@ -88,11 +88,9 @@ public UIDOperatorService(JsonObject config, IOptOutStore optOutStore, ISaltProv
             throw new IllegalStateException(REFRESH_TOKEN_EXPIRES_AFTER_SECONDS + " must be >= " + REFRESH_IDENTITY_TOKEN_AFTER_SECONDS);
         }
 
-        if (config.getBoolean("advertising_token_v4", false)) {
-            this.advertisingTokenVersion = TokenVersion.V4;
-        } else {
-            this.advertisingTokenVersion = config.getBoolean("advertising_token_v3", false) ? TokenVersion.V3 : TokenVersion.V2;
-        }
+        this.advertisingTokenV4Percentage = config.getInteger("advertising_token_v4_percentage", 0); //0 indicates token v4 will not be used
+        this.tokenVersionToUseIfNotV4 = config.getBoolean("advertising_token_v3", false) ? TokenVersion.V3 : TokenVersion.V2;
+
         this.refreshTokenVersion = TokenVersion.V3;
         this.identityV3Enabled = config.getBoolean("identity_v3", false);
     }
@@ -295,16 +293,13 @@ private RefreshToken createRefreshToken(PublisherIdentity publisherIdentity, Use
     }
 
     private AdvertisingToken createAdvertisingToken(PublisherIdentity publisherIdentity, UserIdentity userIdentity, Instant now) {
-        return new AdvertisingToken(
-                this.advertisingTokenVersion,
-                now,
-                now.plusMillis(identityExpiresAfter.toMillis()),
-                this.operatorIdentity,
-                publisherIdentity,
-                userIdentity);
+        int randomNum = ThreadLocalRandom.current().nextInt(1, 101);
+        var tokenVersion = (randomNum <= this.advertisingTokenV4Percentage) ? TokenVersion.V4 : this.tokenVersionToUseIfNotV4;
+
+        return new AdvertisingToken(tokenVersion, now, now.plusMillis(identityExpiresAfter.toMillis()), this.operatorIdentity, publisherIdentity, userIdentity);
     }
 
-    protected class GlobalOptoutResult {
+    static protected class GlobalOptoutResult {
         private final boolean isOptedOut;
         //can be null if isOptedOut is false!
         private final Instant time;
@@ -338,8 +333,8 @@ private GlobalOptoutResult getGlobalOptOutResult(UserIdentity userIdentity, bool
         return new GlobalOptoutResult(result);
     }
 
-    public TokenVersion getAdvertisingTokenVersion() {
-        return advertisingTokenVersion;
+    public TokenVersion getAdvertisingTokenVersionForTests() {
+        assert this.advertisingTokenV4Percentage == 0 || this.advertisingTokenV4Percentage == 100; //we want tests to be deterministic
+        return this.advertisingTokenV4Percentage == 100 ? TokenVersion.V4 : this.tokenVersionToUseIfNotV4;
     }
-
 }
diff --git a/src/test/java/com/uid2/operator/UIDOperatorServiceTest.java b/src/test/java/com/uid2/operator/UIDOperatorServiceTest.java
@@ -75,7 +75,7 @@ void setup() throws Exception {
         uid2Config.put(UIDOperatorService.IDENTITY_TOKEN_EXPIRES_AFTER_SECONDS, IDENTITY_TOKEN_EXPIRES_AFTER_SECONDS);
         uid2Config.put(UIDOperatorService.REFRESH_TOKEN_EXPIRES_AFTER_SECONDS, REFRESH_TOKEN_EXPIRES_AFTER_SECONDS);
         uid2Config.put(UIDOperatorService.REFRESH_IDENTITY_TOKEN_AFTER_SECONDS, REFRESH_IDENTITY_TOKEN_AFTER_SECONDS);
-        uid2Config.put("advertising_token_v4", false);
+        uid2Config.put("advertising_token_v4_percentage", 0);
         uid2Config.put("advertising_token_v3", false); // prod is using v2 token version for now
         uid2Config.put("identity_v3", false);
 
@@ -92,7 +92,7 @@ void setup() throws Exception {
         euidConfig.put(UIDOperatorService.IDENTITY_TOKEN_EXPIRES_AFTER_SECONDS, IDENTITY_TOKEN_EXPIRES_AFTER_SECONDS);
         euidConfig.put(UIDOperatorService.REFRESH_TOKEN_EXPIRES_AFTER_SECONDS, REFRESH_TOKEN_EXPIRES_AFTER_SECONDS);
         euidConfig.put(UIDOperatorService.REFRESH_IDENTITY_TOKEN_AFTER_SECONDS, REFRESH_IDENTITY_TOKEN_AFTER_SECONDS);
-        euidConfig.put("advertising_token_v4", false);
+        euidConfig.put("advertising_token_v4_percentage", 0);
         euidConfig.put("advertising_token_v3", true);
         euidConfig.put("identity_v3", true);
 
@@ -127,7 +127,8 @@ private UserIdentity createUserIdentity(String rawIdentityHash, IdentityScope sc
         );
     }
 
-    private AdvertisingToken validateAndGetToken(EncryptedTokenEncoder tokenEncoder, String advertisingTokenString, TokenVersion tokenVersion, IdentityScope scope, IdentityType type) {
+    private AdvertisingToken validateAndGetToken(EncryptedTokenEncoder tokenEncoder, String advertisingTokenString, IdentityScope scope, IdentityType type) {
+        TokenVersion tokenVersion = (scope == IdentityScope.UID2) ? uid2Service.getAdvertisingTokenVersionForTests() : euidService.getAdvertisingTokenVersionForTests();
         UIDOperatorVerticleTest.validateAdvertisingToken(advertisingTokenString, tokenVersion, scope, type);
         return tokenEncoder.decodeAdvertisingToken(advertisingTokenString);
     }
@@ -142,7 +143,7 @@ public void testGenerateAndRefresh() {
         final IdentityTokens tokens = uid2Service.generateIdentity(identityRequest);
         assertNotNull(tokens);
 
-        AdvertisingToken advertisingToken = validateAndGetToken(tokenEncoder, tokens.getAdvertisingToken(), uid2Service.getAdvertisingTokenVersion(), IdentityScope.UID2, IdentityType.Email);
+        AdvertisingToken advertisingToken = validateAndGetToken(tokenEncoder, tokens.getAdvertisingToken(), IdentityScope.UID2, IdentityType.Email);
         assertEquals(this.now.plusSeconds(IDENTITY_TOKEN_EXPIRES_AFTER_SECONDS), advertisingToken.expiresAt);
         assertEquals(identityRequest.publisherIdentity.siteId, advertisingToken.publisherIdentity.siteId);
         assertEquals(identityRequest.userIdentity.identityScope, advertisingToken.userIdentity.identityScope);
@@ -164,7 +165,7 @@ public void testGenerateAndRefresh() {
         assertEquals(RefreshResponse.Status.Refreshed, refreshResponse.getStatus());
         assertNotNull(refreshResponse.getTokens());
 
-        AdvertisingToken advertisingToken2 = validateAndGetToken(tokenEncoder, refreshResponse.getTokens().getAdvertisingToken(), uid2Service.getAdvertisingTokenVersion(), IdentityScope.UID2, IdentityType.Email);
+        AdvertisingToken advertisingToken2 = validateAndGetToken(tokenEncoder, refreshResponse.getTokens().getAdvertisingToken(), IdentityScope.UID2, IdentityType.Email);
         assertEquals(this.now.plusSeconds(IDENTITY_TOKEN_EXPIRES_AFTER_SECONDS), advertisingToken2.expiresAt);
         assertEquals(advertisingToken.publisherIdentity.siteId, advertisingToken2.publisherIdentity.siteId);
         assertEquals(advertisingToken.userIdentity.identityScope, advertisingToken2.userIdentity.identityScope);
@@ -242,12 +243,12 @@ public void testGenerateTokenForOptOutUser(IdentityType type, String identity, I
         final IdentityTokens tokensAfterOptOut;
         if (scope == IdentityScope.UID2) {
             tokens = uid2Service.generateIdentity(identityRequestForceGenerate);
-            advertisingToken = validateAndGetToken(tokenEncoder, tokens.getAdvertisingToken(), uid2Service.getAdvertisingTokenVersion(), IdentityScope.UID2, userIdentity.identityType);
+            advertisingToken = validateAndGetToken(tokenEncoder, tokens.getAdvertisingToken(), IdentityScope.UID2, userIdentity.identityType);
             tokensAfterOptOut = uid2Service.generateIdentity(identityRequestRespectOptOut);
 
         } else {
             tokens = euidService.generateIdentity(identityRequestForceGenerate);
-            advertisingToken = validateAndGetToken(tokenEncoder, tokens.getAdvertisingToken(), euidService.getAdvertisingTokenVersion(), IdentityScope.EUID, userIdentity.identityType);
+            advertisingToken = validateAndGetToken(tokenEncoder, tokens.getAdvertisingToken(), IdentityScope.EUID, userIdentity.identityType);
             tokensAfterOptOut = euidService.generateIdentity(identityRequestRespectOptOut);
         }
         assertNotNull(tokens);
@@ -335,7 +336,7 @@ private InputUtil.InputVal generateInputVal(TestIdentityInputType type, String i
             "PhoneHash,+00000000000,UID2",
             "Phone,+00000000000,EUID",
             "PhoneHash,+00000000000,EUID"})
-    public void testSpecialIdentityOptOutTokenGenerate(TestIdentityInputType type, String id, IdentityScope scope) {
+    void testSpecialIdentityOptOutTokenGenerate(TestIdentityInputType type, String id, IdentityScope scope) {
         InputUtil.InputVal inputVal = generateInputVal(type, id);
 
         final IdentityRequest identityRequest = new IdentityRequest(
@@ -366,7 +367,7 @@ public void testSpecialIdentityOptOutTokenGenerate(TestIdentityInputType type, S
             "PhoneHash,+00000000000,UID2",
             "Phone,+00000000000,EUID",
             "PhoneHash,+00000000000,EUID"})
-    public void testSpecialIdentityOptOutIdentityMap(TestIdentityInputType type, String id, IdentityScope scope) {
+    void testSpecialIdentityOptOutIdentityMap(TestIdentityInputType type, String id, IdentityScope scope) {
         InputUtil.InputVal inputVal = generateInputVal(type, id);
 
         final MapRequest mapRequestRespectOptOut = new MapRequest(
@@ -397,7 +398,7 @@ public void testSpecialIdentityOptOutIdentityMap(TestIdentityInputType type, Str
             "PhoneHash,+00000000000,UID2",
             "Phone,+00000000000,EUID",
             "PhoneHash,+00000000000,EUID"})
-    public void testSpecialIdentityOptOutTokenRefresh(TestIdentityInputType type, String id, IdentityScope scope) {
+    void testSpecialIdentityOptOutTokenRefresh(TestIdentityInputType type, String id, IdentityScope scope) {
         InputUtil.InputVal inputVal = generateInputVal(type, id);
 
         final IdentityRequest identityRequest = new IdentityRequest(
@@ -432,7 +433,7 @@ public void testSpecialIdentityOptOutTokenRefresh(TestIdentityInputType type, St
             "PhoneHash,+00000000002,UID2",
             "Phone,+00000000002,EUID",
             "PhoneHash,+00000000002,EUID"})
-    public void testSpecialIdentityRefreshOptOutGenerate(TestIdentityInputType type, String id, IdentityScope scope) {
+    void testSpecialIdentityRefreshOptOutGenerate(TestIdentityInputType type, String id, IdentityScope scope) {
         InputUtil.InputVal inputVal = generateInputVal(type, id);
 
         final IdentityRequest identityRequest = new IdentityRequest(
@@ -470,7 +471,7 @@ public void testSpecialIdentityRefreshOptOutGenerate(TestIdentityInputType type,
             "PhoneHash,+00000000002,UID2",
             "Phone,+00000000002,EUID",
             "PhoneHash,+00000000002,EUID"})
-    public void testSpecialIdentityRefreshOptOutIdentityMap(TestIdentityInputType type, String id, IdentityScope scope) {
+    void testSpecialIdentityRefreshOptOutIdentityMap(TestIdentityInputType type, String id, IdentityScope scope) {
         InputUtil.InputVal inputVal = generateInputVal(type, id);
 
         final MapRequest mapRequestRespectOptOut = new MapRequest(
@@ -501,7 +502,7 @@ public void testSpecialIdentityRefreshOptOutIdentityMap(TestIdentityInputType ty
             "PhoneHash,+12345678901,UID2",
             "Phone,+12345678901,EUID",
             "PhoneHash,+12345678901,EUID"})
-    public void testSpecialIdentityValidateGenerate(TestIdentityInputType type, String id, IdentityScope scope) {
+    void testSpecialIdentityValidateGenerate(TestIdentityInputType type, String id, IdentityScope scope) {
         InputUtil.InputVal inputVal = generateInputVal(type, id);
 
         final IdentityRequest identityRequest = new IdentityRequest(
@@ -517,11 +518,11 @@ public void testSpecialIdentityValidateGenerate(TestIdentityInputType type, Stri
         AdvertisingToken advertisingToken;
         if(scope == IdentityScope.EUID) {
             tokens = euidService.generateIdentity(identityRequest);
-            advertisingToken = validateAndGetToken(tokenEncoder, tokens.getAdvertisingToken(), euidService.getAdvertisingTokenVersion(), scope, identityRequest.userIdentity.identityType);
+            advertisingToken = validateAndGetToken(tokenEncoder, tokens.getAdvertisingToken(), scope, identityRequest.userIdentity.identityType);
         }
         else {
             tokens = uid2Service.generateIdentity(identityRequest);
-            advertisingToken = validateAndGetToken(tokenEncoder, tokens.getAdvertisingToken(), uid2Service.getAdvertisingTokenVersion(), scope, identityRequest.userIdentity.identityType);
+            advertisingToken = validateAndGetToken(tokenEncoder, tokens.getAdvertisingToken(), scope, identityRequest.userIdentity.identityType);
         }
         assertNotNull(tokens);
         assertNotEquals(IdentityTokens.LogoutToken, tokens);
@@ -538,7 +539,7 @@ public void testSpecialIdentityValidateGenerate(TestIdentityInputType type, Stri
             "PhoneHash,+12345678901,UID2",
             "Phone,+12345678901,EUID",
             "PhoneHash,+12345678901,EUID"})
-    public void testSpecialIdentityValidateIdentityMap(TestIdentityInputType type, String id, IdentityScope scope) {
+    void testSpecialIdentityValidateIdentityMap(TestIdentityInputType type, String id, IdentityScope scope) {
         InputUtil.InputVal inputVal = generateInputVal(type, id);
 
         final MapRequest mapRequestRespectOptOut = new MapRequest(
@@ -567,7 +568,7 @@ public void testSpecialIdentityValidateIdentityMap(TestIdentityInputType type, S
             "PhoneHash,+61401234567,EUID",
             "Email,blah@unifiedid.com,EUID",
             "EmailHash,blah@unifiedid.com,EUID"})
-    public void testNormalIdentityOptIn(TestIdentityInputType type, String id, IdentityScope scope) {
+    void testNormalIdentityOptIn(TestIdentityInputType type, String id, IdentityScope scope) {
         InputUtil.InputVal inputVal = generateInputVal(type, id);
         final IdentityRequest identityRequest = new IdentityRequest(
                 new PublisherIdentity(123, 124, 125),
diff --git a/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java b/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java
