Merge pull request #82 from scong-ttd/uid2-647-optionally-generate-token

scong-ttd · web-flow · commit eb620fe10f21 · 2023-02-06T20:43:54.000-08:00
New token-generate parameter to respect earlier optout records
diff --git a/src/main/java/com/uid2/operator/model/IdentityRequest.java b/src/main/java/com/uid2/operator/model/IdentityRequest.java
@@ -3,9 +3,19 @@
 public final class IdentityRequest {
     public final PublisherIdentity publisherIdentity;
     public final UserIdentity userIdentity;
+    public final TokenGeneratePolicy tokenGeneratePolicy;
 
-    public IdentityRequest(PublisherIdentity publisherIdentity, UserIdentity userIdentity) {
+    public IdentityRequest(
+            PublisherIdentity publisherIdentity,
+            UserIdentity userIdentity,
+            TokenGeneratePolicy tokenGeneratePolicy)
+    {
         this.publisherIdentity = publisherIdentity;
         this.userIdentity = userIdentity;
+        this.tokenGeneratePolicy = tokenGeneratePolicy;
+    }
+
+    public boolean shouldCheckOptOut() {
+        return tokenGeneratePolicy.equals(TokenGeneratePolicy.RespectOptOut);
     }
 }
diff --git a/src/main/java/com/uid2/operator/model/IdentityTokens.java b/src/main/java/com/uid2/operator/model/IdentityTokens.java
@@ -44,4 +44,8 @@ public Instant getRefreshExpires() {
     public Instant getRefreshFrom() {
         return refreshFrom;
     }
+
+    public boolean isEmptyToken() {
+        return advertisingToken == null || advertisingToken.isEmpty();
+    }
 }
diff --git a/src/main/java/com/uid2/operator/model/TokenGeneratePolicy.java b/src/main/java/com/uid2/operator/model/TokenGeneratePolicy.java
@@ -0,0 +1,22 @@
+package com.uid2.operator.model;
+
+public enum TokenGeneratePolicy {
+    JustGenerate(0),
+    RespectOptOut(1);
+
+    public final int policy;
+
+    TokenGeneratePolicy(int policy) { this.policy = policy; }
+
+    public static TokenGeneratePolicy fromValue(int value) {
+        switch (value) {
+            case 0: return JustGenerate;
+            case 1: return RespectOptOut;
+            default: throw new IllegalArgumentException();
+        }
+    }
+
+    public static TokenGeneratePolicy defaultPolicy() {
+        return JustGenerate;
+    }
+}
diff --git a/src/main/java/com/uid2/operator/service/EncryptionKeyUtil.java b/src/main/java/com/uid2/operator/service/EncryptionKeyUtil.java
@@ -9,6 +9,9 @@ public class EncryptionKeyUtil {
     public static EncryptionKey getActiveSiteKey(IKeyStore.IKeyStoreSnapshot keyStoreSnapshot, int siteId, int fallbackSiteId, Instant now) {
         EncryptionKey key = keyStoreSnapshot.getActiveSiteKey(siteId, now);
         if (key == null) key = keyStoreSnapshot.getActiveSiteKey(fallbackSiteId, now);
+        if (key == null) {
+            throw new RuntimeException(String.format("cannot get active site key with ID %d or %d", siteId, fallbackSiteId));
+        }
         return key;
     }
 }
diff --git a/src/main/java/com/uid2/operator/service/ResponseUtil.java b/src/main/java/com/uid2/operator/service/ResponseUtil.java
@@ -49,6 +49,16 @@ public static void SuccessV2(RoutingContext rc, Object body) {
         rc.data().put("response", json);
     }
 
+    public static void OptOutV2(RoutingContext rc, Object body) {
+        final JsonObject json = new JsonObject(new HashMap<String, Object>() {
+            {
+                put("status", UIDOperatorVerticle.ResponseStatus.OptOut);
+                put("body", body);
+            }
+        });
+        rc.data().put("response", json);
+    }
+
     public static void ClientError(RoutingContext rc, String message) {
         Error(UIDOperatorVerticle.ResponseStatus.ClientError, 400, rc, message);
     }
diff --git a/src/main/java/com/uid2/operator/service/UIDOperatorService.java b/src/main/java/com/uid2/operator/service/UIDOperatorService.java
@@ -80,7 +80,12 @@ public IdentityTokens generateIdentity(IdentityRequest request) {
         final UserIdentity firstLevelHashIdentity = new UserIdentity(
                 request.userIdentity.identityScope, request.userIdentity.identityType, firstLevelHash, request.userIdentity.privacyBits,
                 request.userIdentity.establishedAt, request.userIdentity.refreshedAt);
-        return generateIdentity(request.publisherIdentity, firstLevelHashIdentity);
+
+        if (request.shouldCheckOptOut() && hasGlobalOptOut(firstLevelHashIdentity)) {
+            return IdentityTokens.LogoutToken;
+        } else {
+            return generateIdentity(request.publisherIdentity, firstLevelHashIdentity);
+        }
     }
 
     @Override
@@ -225,4 +230,8 @@ private UserToken createUserToken(PublisherIdentity publisherIdentity, UserIdent
                 userIdentity);
     }
 
+    private boolean hasGlobalOptOut(UserIdentity userIdentity) {
+        return this.optOutStore.getLatestEntry(userIdentity) != null;
+    }
+
 }
diff --git a/src/main/java/com/uid2/operator/service/V2RequestUtil.java b/src/main/java/com/uid2/operator/service/V2RequestUtil.java
@@ -99,7 +99,7 @@ public static V2Request parseRequest(String bodyString, ClientKey ck) {
                 String bodyStr = new String(decryptedBody, 16, decryptedBody.length - 16, StandardCharsets.UTF_8);
                 payload = new JsonObject(bodyStr);
             } catch (Exception ex) {
-                LOGGER.error(ex);
+                LOGGER.error("Invalid payload in body: Data is not valid json string.", ex);
                 return new V2Request("Invalid payload in body: Data is not valid json string.");
             }
         }
@@ -132,7 +132,7 @@ public static V2Request parseRefreshRequest(String bodyString, IKeyStore keyStor
         try {
             decrypted = AesGcm.decrypt(bytes, 5, key);
         } catch (Exception ex) {
-            LOGGER.error(ex);
+            LOGGER.error("Invalid data: Check encryption method and encryption key", ex);
             return new V2Request("Invalid data: Check encryption method and encryption key");
         }
 
@@ -143,7 +143,7 @@ public static V2Request parseRefreshRequest(String bodyString, IKeyStore keyStor
 
             return new V2Request(null, refreshToken, responseKey);
         } catch (Exception ex) {
-            LOGGER.error(ex);
+            LOGGER.error("Invalid format: Payload is not valid json or missing required data", ex);
             return new V2Request("Invalid format: Payload is not valid json or missing required data");
         }
     }
diff --git a/src/main/java/com/uid2/operator/store/IOptOutStore.java b/src/main/java/com/uid2/operator/store/IOptOutStore.java
@@ -8,6 +8,11 @@
 
 public interface IOptOutStore {
 
+    /**
+     * Get latest Opt-out record with respect to the UID (hashed identity)
+     * @param firstLevelHashIdentity UID
+     * @return The timestamp of latest opt-out record. <b>NULL</b> if no record.
+     */
     Instant getLatestEntry(UserIdentity firstLevelHashIdentity);
 
     void addEntry(UserIdentity firstLevelHashIdentity, byte[] advertisingId, Handler<AsyncResult<Instant>> handler);
diff --git a/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java b/src/main/java/com/uid2/operator/vertx/UIDOperatorVerticle.java
@@ -233,7 +233,7 @@ public void handleKeysRequestV1(RoutingContext rc) {
         try {
             handleKeysRequestCommon(rc, keys -> ResponseUtil.Success(rc, keys));
         } catch (Exception e) {
-            LOGGER.error(e);
+            LOGGER.error("Unknown error while handling keys request v1", e);
             rc.fail(500);
         }
     }
@@ -242,7 +242,7 @@ public void handleKeysRequestV2(RoutingContext rc) {
         try {
             handleKeysRequestCommon(rc, keys -> ResponseUtil.SuccessV2(rc, keys));
         } catch (Exception e) {
-            LOGGER.error(e);
+            LOGGER.error("Unknown error while handling keys request v2", e);
             rc.fail(500);
         }
     }
@@ -251,7 +251,7 @@ public void handleKeysRequest(RoutingContext rc) {
         try {
             handleKeysRequestCommon(rc, keys -> sendJsonResponse(rc, keys));
         } catch (Exception e) {
-            LOGGER.error(e);
+            LOGGER.error("Unknown error while handling keys request", e);
             rc.fail(500);
         }
     }
@@ -309,7 +309,7 @@ private void handleTokenRefreshV1(RoutingContext rc) {
                 ResponseUtil.Success(rc, toJsonV1(r.getTokens()));
             }
         } catch (Exception e) {
-            LOGGER.error(e);
+            LOGGER.error("unknown error while refreshing token", e);
             ResponseUtil.Error(ResponseStatus.UnknownError, 500, rc, "Service Error");
         }
     }
@@ -336,7 +336,7 @@ private void handleTokenRefreshV2(RoutingContext rc) {
                 ResponseUtil.SuccessV2(rc, toJsonV1(r.getTokens()));
             }
         } catch (Exception e) {
-            LOGGER.error(e);
+            LOGGER.error("Unknown error while refreshing token v2", e);
             ResponseUtil.Error(ResponseStatus.UnknownError, 500, rc, "Service Error");
         }
     }
@@ -363,7 +363,7 @@ private void handleTokenValidateV1(RoutingContext rc) {
                 ResponseUtil.Success(rc, Boolean.FALSE);
             }
         } catch (Exception e) {
-            LOGGER.error(e);
+            LOGGER.error("Unknown error while validating token", e);
             rc.fail(500);
         }
     }
@@ -394,7 +394,7 @@ private void handleTokenValidateV2(RoutingContext rc) {
                 ResponseUtil.SuccessV2(rc, Boolean.FALSE);
             }
         } catch (Exception e) {
-            LOGGER.error(e);
+            LOGGER.error("Unknown error while validating token v2", e);
             rc.fail(500);
         }
     }
@@ -409,14 +409,15 @@ private void handleTokenGenerateV1(RoutingContext rc) {
                 final IdentityTokens t = this.idService.generateIdentity(
                     new IdentityRequest(
                         new PublisherIdentity(clientKey.getSiteId(), 0, 0),
-                        input.toUserIdentity(this.identityScope, 1, Instant.now())));
+                        input.toUserIdentity(this.identityScope, 1, Instant.now()),
+                        TokenGeneratePolicy.defaultPolicy()));
 
                 //Integer.parseInt(rc.queryParam("privacy_bits").get(0))));
 
                 ResponseUtil.Success(rc, toJsonV1(t));
             }
         } catch (Exception e) {
-            LOGGER.error(e);
+            LOGGER.error("Unknown error while generating token v1", e);
             rc.fail(500);
         }
     }
@@ -452,11 +453,20 @@ private void handleTokenGenerateV2(RoutingContext rc) {
                 final IdentityTokens t = this.idService.generateIdentity(
                     new IdentityRequest(
                         new PublisherIdentity(clientKey.getSiteId(), 0, 0),
-                        input.toUserIdentity(this.identityScope, 1, Instant.now())));
-                ResponseUtil.SuccessV2(rc, toJsonV1(t));
+                        input.toUserIdentity(this.identityScope, 1, Instant.now()),
+                        readTokenGeneratePolicy(req)));
+
+                if (t.isEmptyToken()) {
+                    ResponseUtil.OptOutV2(rc, toJsonV1(t));
+                } else {
+                    ResponseUtil.SuccessV2(rc, toJsonV1(t));
+                }
             }
+        } catch (IllegalArgumentException iae) {
+            LOGGER.warn("request body contains invalid argument(s)", iae);
+            ResponseUtil.ClientError(rc, "request body contains invalid argument(s)");
         } catch (Exception e) {
-            LOGGER.error(e);
+            LOGGER.error("Unknown error while generating token v2", e);
             rc.fail(500);
         }
     }
@@ -473,14 +483,15 @@ private void handleTokenGenerate(RoutingContext rc) {
             final IdentityTokens t = this.idService.generateIdentity(
                     new IdentityRequest(
                             new PublisherIdentity(clientKey.getSiteId(), 0, 0),
-                            input.toUserIdentity(this.identityScope, 1, Instant.now())));
+                            input.toUserIdentity(this.identityScope, 1, Instant.now()),
+                            TokenGeneratePolicy.defaultPolicy()));
 
             //Integer.parseInt(rc.queryParam("privacy_bits").get(0))));
 
             sendJsonResponse(rc, toJson(t));
 
         } catch (Exception e) {
-            LOGGER.error(e);
+            LOGGER.error("Unknown error while generating token", e);
             rc.fail(500);
         }
     }
@@ -496,7 +507,7 @@ private void handleTokenRefresh(RoutingContext rc) {
             final RefreshResponse r = this.refreshIdentity(rc, tokenList.get(0));
             sendJsonResponse(rc, toJson(r.getTokens()));
         } catch (Exception e) {
-            LOGGER.error(e);
+            LOGGER.error("Unknown error while refreshing token", e);
             rc.fail(500);
         }
     }
@@ -519,7 +530,7 @@ private void handleValidate(RoutingContext rc) {
                 rc.response().end("not allowed");
             }
         } catch (Exception e) {
-            LOGGER.error(e);
+            LOGGER.error("Unknown error while validating token", e);
             rc.fail(500);
         }
     }
@@ -577,7 +588,7 @@ private void handleOptOutGet(RoutingContext rc) {
                     .write(String.valueOf(timestamp))
                     .end();
             } catch (Exception ex) {
-                LOGGER.error(ex);
+                LOGGER.error("Unexpected error while handling optout get", ex);
                 rc.fail(500);
             }
         } else {
@@ -659,7 +670,7 @@ private void handleIdentityMapV1(RoutingContext rc) {
             jsonObject.put("bucket_id", mappedIdentity.bucketId);
             ResponseUtil.Success(rc, jsonObject);
         } catch (Exception e) {
-            LOGGER.error(e);
+            LOGGER.error("Unknown error while mapping identity v1", e);
             ResponseUtil.Error(ResponseStatus.UnknownError, 500, rc, "Unknown State");
         }
     }
@@ -677,7 +688,7 @@ private void handleIdentityMap(RoutingContext rc) {
             }
         }
         catch (Exception ex) {
-            LOGGER.error(ex);
+            LOGGER.error("Unexpected error while mapping identity", ex);
             rc.fail(500);
         }
     }
@@ -887,7 +898,7 @@ private void handleIdentityMapBatchV1(RoutingContext rc) {
             resp.put("mapped", mapped);
             ResponseUtil.Success(rc, resp);
         } catch (Exception e) {
-            LOGGER.error(e);
+            LOGGER.error("Unknown error while mapping batched identity", e);
             ResponseUtil.Error(ResponseStatus.UnknownError, 500, rc, "Unknown State");
         }
     }
@@ -924,7 +935,7 @@ private void handleIdentityMapV2(RoutingContext rc) {
             resp.put("mapped", mapped);
             ResponseUtil.SuccessV2(rc, resp);
         } catch (Exception e) {
-            LOGGER.error(e);
+            LOGGER.error("Unknown error while mapping identity v2", e);
             ResponseUtil.Error(ResponseStatus.UnknownError, 500, rc, "Unknown State");
         }
     }
@@ -1011,7 +1022,7 @@ private void handleIdentityMapBatch(RoutingContext rc) {
             resp.put("mapped", mapped);
             sendJsonResponse(rc, resp);
         } catch (Exception e) {
-            LOGGER.error(e);
+            LOGGER.error("Unknown error while mapping batched identity", e);
             rc.fail(500);
         }
     }
@@ -1148,6 +1159,13 @@ private UserConsentStatus validateUserConsent(JsonObject req) {
         return UserConsentStatus.SUFFICIENT;
     }
 
+    private static final String TOKEN_GENERATE_POLICY_PARAM = "policy";
+    private TokenGeneratePolicy readTokenGeneratePolicy(JsonObject req) {
+        return req.containsKey(TOKEN_GENERATE_POLICY_PARAM) ?
+            TokenGeneratePolicy.fromValue(req.getInteger(TOKEN_GENERATE_POLICY_PARAM)) :
+                TokenGeneratePolicy.defaultPolicy();
+    }
+
     private TransparentConsentParseResult getUserConsentV2(JsonObject req) {
         final String rawTcString = req.getString("tcf_consent_string");
         if (rawTcString == null || rawTcString.isEmpty()) {
diff --git a/src/main/java/com/uid2/operator/vertx/V2PayloadHandler.java b/src/main/java/com/uid2/operator/vertx/V2PayloadHandler.java
@@ -94,7 +94,7 @@ public void handleTokenGenerate(RoutingContext rc, Handler<RoutingContext> apiHa
             JsonObject respJson = (JsonObject) rc.data().get("response");
 
             // DevNote: 200 does not guarantee a token.
-            if (respJson.containsKey("body")) {
+            if (respJson.getString("status").equals(UIDOperatorVerticle.ResponseStatus.Success) && respJson.containsKey("body")) {
                 V2RequestUtil.handleRefreshTokenInResponseBody(respJson.getJsonObject("body"), keyStore, this.identityScope);
             }
 
diff --git a/src/test/java/com/uid2/operator/UIDOperatorServiceTest.java b/src/test/java/com/uid2/operator/UIDOperatorServiceTest.java
diff --git a/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java b/src/test/java/com/uid2/operator/UIDOperatorVerticleTest.java

Original file line number	Diff line number	Diff line change
`@@ -44,4 +44,8 @@ public Instant getRefreshExpires() {`
`44`	`44`	`public Instant getRefreshFrom() {`
`45`	`45`	`return refreshFrom;`
`46`	`46`	`}`
	`47`	`+`
	`48`	`+ public boolean isEmptyToken() {`
	`49`	`+ return advertisingToken == null \|\| advertisingToken.isEmpty();`
	`50`	`+ }`
`47`	`51`	`}`
Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,9 @@ public class EncryptionKeyUtil {`
`9`	`9`	`public static EncryptionKey getActiveSiteKey(IKeyStore.IKeyStoreSnapshot keyStoreSnapshot, int siteId, int fallbackSiteId, Instant now) {`
`10`	`10`	`EncryptionKey key = keyStoreSnapshot.getActiveSiteKey(siteId, now);`
`11`	`11`	`if (key == null) key = keyStoreSnapshot.getActiveSiteKey(fallbackSiteId, now);`
	`12`	`+ if (key == null) {`
	`13`	`+ throw new RuntimeException(String.format("cannot get active site key with ID %d or %d", siteId, fallbackSiteId));`
	`14`	`+ }`
`12`	`15`	`return key;`
`13`	`16`	`}`
`14`	`17`	`}`
Original file line number	Diff line number	Diff line change
`@@ -99,7 +99,7 @@ public static V2Request parseRequest(String bodyString, ClientKey ck) {`
`99`	`99`	`String bodyStr = new String(decryptedBody, 16, decryptedBody.length - 16, StandardCharsets.UTF_8);`
`100`	`100`	`payload = new JsonObject(bodyStr);`
`101`	`101`	`} catch (Exception ex) {`
`102`		`- LOGGER.error(ex);`
	`102`	`+ LOGGER.error("Invalid payload in body: Data is not valid json string.", ex);`
`103`	`103`	`return new V2Request("Invalid payload in body: Data is not valid json string.");`
`104`	`104`	`}`
`105`	`105`	`}`
`@@ -132,7 +132,7 @@ public static V2Request parseRefreshRequest(String bodyString, IKeyStore keyStor`
`132`	`132`	`try {`
`133`	`133`	`decrypted = AesGcm.decrypt(bytes, 5, key);`
`134`	`134`	`} catch (Exception ex) {`
`135`		`- LOGGER.error(ex);`
	`135`	`+ LOGGER.error("Invalid data: Check encryption method and encryption key", ex);`
`136`	`136`	`return new V2Request("Invalid data: Check encryption method and encryption key");`
`137`	`137`	`}`
`138`	`138`
`@@ -143,7 +143,7 @@ public static V2Request parseRefreshRequest(String bodyString, IKeyStore keyStor`
`143`	`143`
`144`	`144`	`return new V2Request(null, refreshToken, responseKey);`
`145`	`145`	`} catch (Exception ex) {`
`146`		`- LOGGER.error(ex);`
	`146`	`+ LOGGER.error("Invalid format: Payload is not valid json or missing required data", ex);`
`147`	`147`	`return new V2Request("Invalid format: Payload is not valid json or missing required data");`
`148`	`148`	`}`
`149`	`149`	`}`
Original file line number	Diff line number	Diff line change
`@@ -233,7 +233,7 @@ public void handleKeysRequestV1(RoutingContext rc) {`
`233`	`233`	`try {`
`234`	`234`	`handleKeysRequestCommon(rc, keys -> ResponseUtil.Success(rc, keys));`
`235`	`235`	`} catch (Exception e) {`
`236`		`- LOGGER.error(e);`
	`236`	`+ LOGGER.error("Unknown error while handling keys request v1", e);`
`237`	`237`	`rc.fail(500);`
`238`	`238`	`}`
`239`	`239`	`}`
`@@ -242,7 +242,7 @@ public void handleKeysRequestV2(RoutingContext rc) {`
`242`	`242`	`try {`
`243`	`243`	`handleKeysRequestCommon(rc, keys -> ResponseUtil.SuccessV2(rc, keys));`
`244`	`244`	`} catch (Exception e) {`
`245`		`- LOGGER.error(e);`
	`245`	`+ LOGGER.error("Unknown error while handling keys request v2", e);`
`246`	`246`	`rc.fail(500);`
`247`	`247`	`}`
`248`	`248`	`}`
`@@ -251,7 +251,7 @@ public void handleKeysRequest(RoutingContext rc) {`
`251`	`251`	`try {`
`252`	`252`	`handleKeysRequestCommon(rc, keys -> sendJsonResponse(rc, keys));`
`253`	`253`	`} catch (Exception e) {`
`254`		`- LOGGER.error(e);`
	`254`	`+ LOGGER.error("Unknown error while handling keys request", e);`
`255`	`255`	`rc.fail(500);`
`256`	`256`	`}`
`257`	`257`	`}`
`@@ -309,7 +309,7 @@ private void handleTokenRefreshV1(RoutingContext rc) {`
`309`	`309`	`ResponseUtil.Success(rc, toJsonV1(r.getTokens()));`
`310`	`310`	`}`
`311`	`311`	`} catch (Exception e) {`
`312`		`- LOGGER.error(e);`
	`312`	`+ LOGGER.error("unknown error while refreshing token", e);`
`313`	`313`	`ResponseUtil.Error(ResponseStatus.UnknownError, 500, rc, "Service Error");`
`314`	`314`	`}`
`315`	`315`	`}`
`@@ -336,7 +336,7 @@ private void handleTokenRefreshV2(RoutingContext rc) {`
`336`	`336`	`ResponseUtil.SuccessV2(rc, toJsonV1(r.getTokens()));`
`337`	`337`	`}`
`338`	`338`	`} catch (Exception e) {`
`339`		`- LOGGER.error(e);`
	`339`	`+ LOGGER.error("Unknown error while refreshing token v2", e);`
`340`	`340`	`ResponseUtil.Error(ResponseStatus.UnknownError, 500, rc, "Service Error");`
`341`	`341`	`}`
`342`	`342`	`}`
`@@ -363,7 +363,7 @@ private void handleTokenValidateV1(RoutingContext rc) {`
`363`	`363`	`ResponseUtil.Success(rc, Boolean.FALSE);`
`364`	`364`	`}`
`365`	`365`	`} catch (Exception e) {`
`366`		`- LOGGER.error(e);`
	`366`	`+ LOGGER.error("Unknown error while validating token", e);`
`367`	`367`	`rc.fail(500);`
`368`	`368`	`}`
`369`	`369`	`}`
`@@ -394,7 +394,7 @@ private void handleTokenValidateV2(RoutingContext rc) {`
`394`	`394`	`ResponseUtil.SuccessV2(rc, Boolean.FALSE);`
`395`	`395`	`}`
`396`	`396`	`} catch (Exception e) {`
`397`		`- LOGGER.error(e);`
	`397`	`+ LOGGER.error("Unknown error while validating token v2", e);`
`398`	`398`	`rc.fail(500);`
`399`	`399`	`}`
`400`	`400`	`}`
`@@ -409,14 +409,15 @@ private void handleTokenGenerateV1(RoutingContext rc) {`
`409`	`409`	`final IdentityTokens t = this.idService.generateIdentity(`
`410`	`410`	`new IdentityRequest(`
`411`	`411`	`new PublisherIdentity(clientKey.getSiteId(), 0, 0),`
`412`		`- input.toUserIdentity(this.identityScope, 1, Instant.now())));`
	`412`	`+ input.toUserIdentity(this.identityScope, 1, Instant.now()),`
	`413`	`+ TokenGeneratePolicy.defaultPolicy()));`
`413`	`414`
`414`	`415`	`//Integer.parseInt(rc.queryParam("privacy_bits").get(0))));`
`415`	`416`
`416`	`417`	`ResponseUtil.Success(rc, toJsonV1(t));`
`417`	`418`	`}`
`418`	`419`	`} catch (Exception e) {`
`419`		`- LOGGER.error(e);`
	`420`	`+ LOGGER.error("Unknown error while generating token v1", e);`
`420`	`421`	`rc.fail(500);`
`421`	`422`	`}`
`422`	`423`	`}`
`@@ -452,11 +453,20 @@ private void handleTokenGenerateV2(RoutingContext rc) {`
`452`	`453`	`final IdentityTokens t = this.idService.generateIdentity(`
`453`	`454`	`new IdentityRequest(`
`454`	`455`	`new PublisherIdentity(clientKey.getSiteId(), 0, 0),`
`455`		`- input.toUserIdentity(this.identityScope, 1, Instant.now())));`
`456`		`- ResponseUtil.SuccessV2(rc, toJsonV1(t));`
	`456`	`+ input.toUserIdentity(this.identityScope, 1, Instant.now()),`
	`457`	`+ readTokenGeneratePolicy(req)));`
	`458`	`+`
	`459`	`+ if (t.isEmptyToken()) {`
	`460`	`+ ResponseUtil.OptOutV2(rc, toJsonV1(t));`
	`461`	`+ } else {`
	`462`	`+ ResponseUtil.SuccessV2(rc, toJsonV1(t));`
	`463`	`+ }`
`457`	`464`	`}`
	`465`	`+ } catch (IllegalArgumentException iae) {`
	`466`	`+ LOGGER.warn("request body contains invalid argument(s)", iae);`
	`467`	`+ ResponseUtil.ClientError(rc, "request body contains invalid argument(s)");`
`458`	`468`	`} catch (Exception e) {`
`459`		`- LOGGER.error(e);`
	`469`	`+ LOGGER.error("Unknown error while generating token v2", e);`
`460`	`470`	`rc.fail(500);`
`461`	`471`	`}`
`462`	`472`	`}`
`@@ -473,14 +483,15 @@ private void handleTokenGenerate(RoutingContext rc) {`
`473`	`483`	`final IdentityTokens t = this.idService.generateIdentity(`
`474`	`484`	`new IdentityRequest(`
`475`	`485`	`new PublisherIdentity(clientKey.getSiteId(), 0, 0),`
`476`		`- input.toUserIdentity(this.identityScope, 1, Instant.now())));`
	`486`	`+ input.toUserIdentity(this.identityScope, 1, Instant.now()),`
	`487`	`+ TokenGeneratePolicy.defaultPolicy()));`
`477`	`488`
`478`	`489`	`//Integer.parseInt(rc.queryParam("privacy_bits").get(0))));`
`479`	`490`
`480`	`491`	`sendJsonResponse(rc, toJson(t));`
`481`	`492`
`482`	`493`	`} catch (Exception e) {`
`483`		`- LOGGER.error(e);`
	`494`	`+ LOGGER.error("Unknown error while generating token", e);`
`484`	`495`	`rc.fail(500);`
`485`	`496`	`}`
`486`	`497`	`}`
`@@ -496,7 +507,7 @@ private void handleTokenRefresh(RoutingContext rc) {`
`496`	`507`	`final RefreshResponse r = this.refreshIdentity(rc, tokenList.get(0));`
`497`	`508`	`sendJsonResponse(rc, toJson(r.getTokens()));`
`498`	`509`	`} catch (Exception e) {`
`499`		`- LOGGER.error(e);`
	`510`	`+ LOGGER.error("Unknown error while refreshing token", e);`
`500`	`511`	`rc.fail(500);`
`501`	`512`	`}`
`502`	`513`	`}`
`@@ -519,7 +530,7 @@ private void handleValidate(RoutingContext rc) {`
`519`	`530`	`rc.response().end("not allowed");`
`520`	`531`	`}`
`521`	`532`	`} catch (Exception e) {`
`522`		`- LOGGER.error(e);`
	`533`	`+ LOGGER.error("Unknown error while validating token", e);`
`523`	`534`	`rc.fail(500);`
`524`	`535`	`}`
`525`	`536`	`}`
`@@ -577,7 +588,7 @@ private void handleOptOutGet(RoutingContext rc) {`
`577`	`588`	`.write(String.valueOf(timestamp))`
`578`	`589`	`.end();`
`579`	`590`	`} catch (Exception ex) {`
`580`		`- LOGGER.error(ex);`
	`591`	`+ LOGGER.error("Unexpected error while handling optout get", ex);`
`581`	`592`	`rc.fail(500);`
`582`	`593`	`}`
`583`	`594`	`} else {`
`@@ -659,7 +670,7 @@ private void handleIdentityMapV1(RoutingContext rc) {`
`659`	`670`	`jsonObject.put("bucket_id", mappedIdentity.bucketId);`
`660`	`671`	`ResponseUtil.Success(rc, jsonObject);`
`661`	`672`	`} catch (Exception e) {`
`662`		`- LOGGER.error(e);`
	`673`	`+ LOGGER.error("Unknown error while mapping identity v1", e);`
`663`	`674`	`ResponseUtil.Error(ResponseStatus.UnknownError, 500, rc, "Unknown State");`
`664`	`675`	`}`
`665`	`676`	`}`
`@@ -677,7 +688,7 @@ private void handleIdentityMap(RoutingContext rc) {`
`677`	`688`	`}`
`678`	`689`	`}`
`679`	`690`	`catch (Exception ex) {`
`680`		`- LOGGER.error(ex);`
	`691`	`+ LOGGER.error("Unexpected error while mapping identity", ex);`
`681`	`692`	`rc.fail(500);`
`682`	`693`	`}`
`683`	`694`	`}`
`@@ -887,7 +898,7 @@ private void handleIdentityMapBatchV1(RoutingContext rc) {`
`887`	`898`	`resp.put("mapped", mapped);`
`888`	`899`	`ResponseUtil.Success(rc, resp);`
`889`	`900`	`} catch (Exception e) {`
`890`		`- LOGGER.error(e);`
	`901`	`+ LOGGER.error("Unknown error while mapping batched identity", e);`
`891`	`902`	`ResponseUtil.Error(ResponseStatus.UnknownError, 500, rc, "Unknown State");`
`892`	`903`	`}`
`893`	`904`	`}`
`@@ -924,7 +935,7 @@ private void handleIdentityMapV2(RoutingContext rc) {`
`924`	`935`	`resp.put("mapped", mapped);`
`925`	`936`	`ResponseUtil.SuccessV2(rc, resp);`
`926`	`937`	`} catch (Exception e) {`
`927`		`- LOGGER.error(e);`
	`938`	`+ LOGGER.error("Unknown error while mapping identity v2", e);`
`928`	`939`	`ResponseUtil.Error(ResponseStatus.UnknownError, 500, rc, "Unknown State");`
`929`	`940`	`}`
`930`	`941`	`}`
`@@ -1011,7 +1022,7 @@ private void handleIdentityMapBatch(RoutingContext rc) {`
`1011`	`1022`	`resp.put("mapped", mapped);`
`1012`	`1023`	`sendJsonResponse(rc, resp);`
`1013`	`1024`	`} catch (Exception e) {`
`1014`		`- LOGGER.error(e);`
	`1025`	`+ LOGGER.error("Unknown error while mapping batched identity", e);`
`1015`	`1026`	`rc.fail(500);`
`1016`	`1027`	`}`
`1017`	`1028`	`}`
`@@ -1148,6 +1159,13 @@ private UserConsentStatus validateUserConsent(JsonObject req) {`
`1148`	`1159`	`return UserConsentStatus.SUFFICIENT;`
`1149`	`1160`	`}`
`1150`	`1161`
	`1162`	`+ private static final String TOKEN_GENERATE_POLICY_PARAM = "policy";`
	`1163`	`+ private TokenGeneratePolicy readTokenGeneratePolicy(JsonObject req) {`
	`1164`	`+ return req.containsKey(TOKEN_GENERATE_POLICY_PARAM) ?`
	`1165`	`+ TokenGeneratePolicy.fromValue(req.getInteger(TOKEN_GENERATE_POLICY_PARAM)) :`
	`1166`	`+ TokenGeneratePolicy.defaultPolicy();`
	`1167`	`+ }`
	`1168`	`+`
`1151`	`1169`	`private TransparentConsentParseResult getUserConsentV2(JsonObject req) {`
`1152`	`1170`	`final String rawTcString = req.getString("tcf_consent_string");`
`1153`	`1171`	`if (rawTcString == null \|\| rawTcString.isEmpty()) {`
Original file line number	Diff line number	Diff line change
`@@ -94,7 +94,7 @@ public void handleTokenGenerate(RoutingContext rc, Handler<RoutingContext> apiHa`
`94`	`94`	`JsonObject respJson = (JsonObject) rc.data().get("response");`
`95`	`95`
`96`	`96`	`// DevNote: 200 does not guarantee a token.`
`97`		`- if (respJson.containsKey("body")) {`
	`97`	`+ if (respJson.getString("status").equals(UIDOperatorVerticle.ResponseStatus.Success) && respJson.containsKey("body")) {`
`98`	`98`	`V2RequestUtil.handleRefreshTokenInResponseBody(respJson.getJsonObject("body"), keyStore, this.identityScope);`
`99`	`99`	`}`
`100`	`100`