Merge branch 'master' into sem-dom-1

Backend.Tests/Otel/OtelKernelTests.cs

@@ -3,7 +3,6 @@
 using System.Diagnostics;
 using System.Linq;
 using Backend.Tests.Mocks;
-using BackendFramework.Otel;
 using Microsoft.AspNetCore.Http;
 using NUnit.Framework;
 using static BackendFramework.Otel.OtelKernel;
@@ -12,9 +11,6 @@ namespace Backend.Tests.Otel
 {
     public class OtelKernelTests : IDisposable
     {
-        private const string FrontendSessionIdKey = "sessionId";
-        private const string OtelSessionIdKey = "sessionId";
-        private const string OtelSessionBaggageKey = "sessionBaggage";
         private LocationEnricher _locationEnricher = null!;
 
         public void Dispose()
@@ -32,41 +28,63 @@ protected virtual void Dispose(bool disposing)
         }
 
         [Test]
-        public void BuildersSetSessionBaggageFromHeader()
+        public void BuildersSetBaggageFromHeaderAllAnalytics()
         {
             // Arrange
             var httpContext = new DefaultHttpContext();
-            httpContext.Request.Headers[FrontendSessionIdKey] = "123";
+            httpContext.Request.Headers[AnalyticsOnHeader] = "true";
+            httpContext.Request.Headers[SessionIdHeader] = "123";
             var activity = new Activity("testActivity").Start();
 
             // Act
+            TrackConsent(activity, httpContext.Request);
             TrackSession(activity, httpContext.Request);
 
             // Assert
-            Assert.That(activity.Baggage.Any(_ => _.Key == OtelSessionBaggageKey));
+            Assert.That(activity.Baggage.Any(_ => _.Key == ConsentBaggage));
+            Assert.That(activity.Baggage.Any(_ => _.Key == SessionIdBaggage));
         }
 
         [Test]
-        public void OnEndSetsSessionTagFromBaggage()
+        public void BuildersSetBaggageFromHeaderNecessaryAnalytics()
         {
             // Arrange
+            var httpContext = new DefaultHttpContext();
+            httpContext.Request.Headers[AnalyticsOnHeader] = "false";
             var activity = new Activity("testActivity").Start();
-            activity.SetBaggage(OtelSessionBaggageKey, "test session id");
 
             // Act
-            _locationEnricher.OnEnd(activity);
+            TrackConsent(activity, httpContext.Request);
+            TrackSession(activity, httpContext.Request);
 
             // Assert
-            Assert.That(activity.Tags.Any(_ => _.Key == OtelSessionIdKey));
+            Assert.That(activity.Baggage.Any(_ => _.Key == ConsentBaggage));
+            Assert.That(!activity.Baggage.Any(_ => _.Key == SessionIdBaggage));
         }
 
+        [Test]
+        public void OnEndSetsTagsFromBaggage()
+        {
+            // Arrange
+            var activity = new Activity("testActivity").Start();
+            activity.SetBaggage(ConsentBaggage, "true");
+            activity.SetBaggage(SessionIdBaggage, "test session id");
+
+            // Act
+            _locationEnricher.OnEnd(activity);
+
+            // Assert
+            Assert.That(activity.Tags.Any(_ => _.Key == ConsentTag));
+            Assert.That(activity.Tags.Any(_ => _.Key == SessionIdTag));
+        }
 
         [Test]
-        public void OnEndSetsLocationTags()
+        public void OnEndSetsLocationTagsAllAnalytics()
         {
             // Arrange
             _locationEnricher = new LocationEnricher(new LocationProviderMock());
             var activity = new Activity("testActivity").Start();
+            activity.SetBaggage(ConsentBaggage, "true");
 
             // Act
             _locationEnricher.OnEnd(activity);
@@ -81,19 +99,21 @@ public void OnEndSetsLocationTags()
             Assert.That(activity.Tags, Is.SupersetOf(testLocation));
         }
 
-        public void OnEndRedactsIp()
+        [Test]
+        public void OnEndSetsLocationTagsNecessaryAnalytics()
         {
             // Arrange
             _locationEnricher = new LocationEnricher(new LocationProviderMock());
             var activity = new Activity("testActivity").Start();
-            activity.SetTag("url.full", $"{LocationProvider.locationGetterUri}100.0.0.0");
+            activity.SetBaggage(ConsentBaggage, "false");
 
             // Act
             _locationEnricher.OnEnd(activity);
 
             // Assert
-            Assert.That(activity.Tags.Any(_ => _.Key == "url.full" && _.Value == ""));
-            Assert.That(activity.Tags.Any(_ => _.Key == "url.redacted.ip" && _.Value == LocationProvider.locationGetterUri));
+            Assert.That(!activity.Tags.Any(_ => _.Key == "country"));
+            Assert.That(!activity.Tags.Any(_ => _.Key == "regionName"));
+            Assert.That(!activity.Tags.Any(_ => _.Key == "city"));
         }
     }
 }

Backend/Models/User.cs

@@ -66,6 +66,19 @@ public class User
         [BsonElement("username")]
         public string Username { get; set; }
 
+        /// <summary>
+        /// Is false if user rejects analytics, true otherwise.
+        /// User can update consent anytime.
+        /// </summary>
+        [BsonElement("analyticsOn")]
+        public bool AnalyticsOn { get; set; }
+
+        /// <summary>
+        /// Is set permanently to true once user first accepts or rejects analytics upon login.
+        /// </summary>
+        [BsonElement("answeredConsent")]
+        public bool AnsweredConsent { get; set; }
+
         [BsonElement("uiLang")]
         public string UILang { get; set; }
 
@@ -97,6 +110,8 @@ public User()
             Agreement = false;
             Password = "";
             Username = "";
+            AnalyticsOn = true;
+            AnsweredConsent = false;
             UILang = "";
             GlossSuggestion = OffOnSetting.On;
             Token = "";
@@ -119,6 +134,8 @@ public User Clone()
                 Agreement = Agreement,
                 Password = Password,
                 Username = Username,
+                AnalyticsOn = AnalyticsOn,
+                AnsweredConsent = AnsweredConsent,
                 UILang = UILang,
                 GlossSuggestion = GlossSuggestion,
                 Token = Token,
@@ -141,6 +158,8 @@ public bool ContentEquals(User other)
                 other.Agreement == Agreement &&
                 other.Password.Equals(Password, StringComparison.Ordinal) &&
                 other.Username.Equals(Username, StringComparison.Ordinal) &&
+                other.AnalyticsOn == AnalyticsOn &&
+                other.AnsweredConsent == AnsweredConsent &&
                 other.UILang.Equals(UILang, StringComparison.Ordinal) &&
                 other.GlossSuggestion.Equals(GlossSuggestion) &&
                 other.Token.Equals(Token, StringComparison.Ordinal) &&
@@ -178,6 +197,8 @@ public override int GetHashCode()
             hash.Add(Agreement);
             hash.Add(Password);
             hash.Add(Username);
+            hash.Add(AnalyticsOn);
+            hash.Add(AnsweredConsent);
             hash.Add(UILang);
             hash.Add(GlossSuggestion);
             hash.Add(Token);

Backend/Otel/OtelKernel.cs

@@ -17,6 +17,12 @@ namespace BackendFramework.Otel
     public static class OtelKernel
     {
         public const string SourceName = "Backend-Otel";
+        public const string AnalyticsOnHeader = "analyticsOn";
+        public const string SessionIdHeader = "sessionId";
+        public const string ConsentBaggage = "consentBaggage";
+        public const string SessionIdBaggage = "sessionIdBaggage";
+        public const string ConsentTag = "otelConsent";
+        public const string SessionIdTag = "sessionId";
 
         public static void AddOpenTelemetryInstrumentation(this IServiceCollection services)
         {
@@ -33,12 +39,19 @@ public static void AddOpenTelemetryInstrumentation(this IServiceCollection servi
             );
         }
 
+        internal static void TrackConsent(Activity activity, HttpRequest request)
+        {
+            request.Headers.TryGetValue(AnalyticsOnHeader, out var consentString);
+            var consent = bool.Parse(consentString!);
+            activity.SetBaggage(ConsentBaggage, consent.ToString());
+        }
+
         internal static void TrackSession(Activity activity, HttpRequest request)
         {
-            var sessionId = request.Headers.TryGetValue("sessionId", out var values) ? values.FirstOrDefault() : null;
+            var sessionId = request.Headers.TryGetValue(SessionIdHeader, out var values) ? values.FirstOrDefault() : null;
             if (sessionId is not null)
             {
-                activity.SetBaggage("sessionBaggage", sessionId);
+                activity.SetBaggage(SessionIdBaggage, sessionId);
             }
         }
 
@@ -67,6 +80,7 @@ private static void AspNetCoreBuilder(AspNetCoreTraceInstrumentationOptions opti
             options.EnrichWithHttpRequest = (activity, request) =>
             {
                 GetContentLengthAspNet(activity, request.Headers, "inbound.http.request.body.size");
+                TrackConsent(activity, request);
                 TrackSession(activity, request);
             };
             options.EnrichWithHttpResponse = (activity, response) =>
@@ -98,22 +112,20 @@ internal class LocationEnricher(ILocationProvider locationProvider) : BaseProces
         {
             public override async void OnEnd(Activity data)
             {
-                var uriPath = (string?)data.GetTagItem("url.full");
-                var locationUri = LocationProvider.locationGetterUri;
-                if (uriPath is null || !uriPath.Contains(locationUri))
+                var consentString = data.GetBaggageItem(ConsentBaggage);
+                data.AddTag(ConsentTag, consentString);
+                if (bool.TryParse(consentString, out bool consent) && consent)
                 {
-                    var location = await locationProvider.GetLocation();
-                    data?.AddTag("country", location?.Country);
-                    data?.AddTag("regionName", location?.RegionName);
-                    data?.AddTag("city", location?.City);
-                }
-                data?.SetTag("sessionId", data?.GetBaggageItem("sessionBaggage"));
-                if (uriPath is not null && uriPath.Contains(locationUri))
-                {
-                    // When getting location externally, url.full includes site URI and user IP. 
-                    // In such cases, only add url without IP information to traces.
-                    data?.SetTag("url.full", "");
-                    data?.SetTag("url.redacted.ip", LocationProvider.locationGetterUri);
+                    var uriPath = (string?)data.GetTagItem("url.full");
+                    var locationUri = LocationProvider.locationGetterUri;
+                    if (uriPath is null || !uriPath.Contains(locationUri))
+                    {
+                        var location = await locationProvider.GetLocation();
+                        data.AddTag("country", location?.Country);
+                        data.AddTag("regionName", location?.RegionName);
+                        data.AddTag("city", location?.City);
+                    }
+                    data.AddTag(SessionIdTag, data.GetBaggageItem(SessionIdBaggage));
                 }
             }
         }

Backend/Repositories/UserRepository.cs

@@ -196,6 +196,8 @@ public async Task<ResultOfUpdate> Update(string userId, User user, bool updateIs
                 .Set(x => x.ProjectRoles, user.ProjectRoles)
                 .Set(x => x.Agreement, user.Agreement)
                 .Set(x => x.Username, user.Username)
+                .Set(x => x.AnalyticsOn, user.AnalyticsOn)
+                .Set(x => x.AnsweredConsent, user.AnsweredConsent)
                 .Set(x => x.UILang, user.UILang)
                 .Set(x => x.GlossSuggestion, user.GlossSuggestion);
 

public/locales/en/translation.json

@@ -33,6 +33,14 @@
     "pressEnter": "Press Enter to save word",
     "vernacular": "Vernacular"
   },
+  "analyticsConsent": {
+    "consentModal": {
+      "acceptAllBtn": "Yes, allow all analytics",
+      "acceptNecessaryBtn": "No, necessary analytics only",
+      "description": "The Combine stores basic info about your current session and usage for maintenance purposes. This info is necessary and isn't shared with anybody. The Combine also uses additional analytics to compile anonymized statistics. Do you consent to our usage of additional analytics?",
+      "title": "Analytics on The Combine"
+    }
+  },
   "appBar": {
     "dataEntry": "Data Entry",
     "dataCleanup": "Data Cleanup",
@@ -129,12 +137,6 @@
   "userSettings": {
     "analyticsConsent": {
       "button": "Change consent",
-      "consentModal": {
-        "acceptAllBtn": "Yes, allow analytics cookies",
-        "acceptNecessaryBtn": "No, reject analytics cookies",
-        "description": "The Combine stores basic info about your current session on your device. This info is necessary and isn't shared with anybody. The Combine also uses analytics cookies, which are only for us to fix bugs and compile anonymized statistics. Do you consent to our usage of analytics cookies?",
-        "title": "Cookies on The Combine"
-      },
       "consentNo": "You have not consented to our use of analytics cookies.",
       "consentYes": "You have consented to our use of analytics cookies.",
       "title": "Analytics cookies"

src/api/models/user.ts

@@ -92,6 +92,18 @@ export interface User {
    * @memberof User
    */
   username: string;
+  /**
+   *
+   * @type {boolean}
+   * @memberof User
+   */
+  analyticsOn?: boolean;
+  /**
+   *
+   * @type {boolean}
+   * @memberof User
+   */
+  answeredConsent?: boolean;
   /**
    *
    * @type {string}

src/backend/index.ts

@@ -54,7 +54,13 @@ const whiteListedErrorUrls = [
 // Create an axios instance to allow for attaching interceptors to it.
 const axiosInstance = axios.create({ baseURL: apiBaseURL });
 axiosInstance.interceptors.request.use((config: InternalAxiosRequestConfig) => {
-  config.headers.sessionId = getSessionId();
+  const consent = LocalStorage.getCurrentUser()?.analyticsOn;
+  if (consent === false) {
+    config.headers.analyticsOn = `${false}`;
+  } else {
+    config.headers.analyticsOn = `${true}`;
+    config.headers.sessionId = getSessionId();
+  }
   return config;
 });
 axiosInstance.interceptors.response.use(undefined, (err: AxiosError) => {