WIP

Signed-off-by: Misha M.-Kupriyanov <[email protected]>

Author: printminion-co

lib/AppInfo/Application.php

@@ -10,13 +10,16 @@
 
 use OC\Security\CSP\ContentSecurityPolicyManager;
 use OC\Security\CSP\ContentSecurityPolicyNonceManager;
+use OCA\NCGoogleAnalytics\Service\Consent\IConsentService;
+use OCA\NCGoogleAnalytics\Service\Consent\IonosConsentService;
 use OCP\AppFramework\App;
 use OCP\AppFramework\Bootstrap\IBootContext;
 use OCP\AppFramework\Bootstrap\IBootstrap;
 use OCP\AppFramework\Bootstrap\IRegistrationContext;
 use OCP\AppFramework\Http\ContentSecurityPolicy;
 use OCP\IURLGenerator;
 use OCP\Util;
+use Psr\Container\ContainerInterface;
 
 class Application extends App implements IBootstrap {
 	public const APP_ID = 'googleanalytics';
@@ -26,6 +29,9 @@ public function __construct() {
 	}
 
 	public function register(IRegistrationContext $context): void {
+		$context->registerService(IConsentService::class, function (ContainerInterface $c): IonosConsentService {
+			return new IonosConsentService();
+		});
 	}
 
 	public function boot(IBootContext $context): void {

lib/Controller/JavaScriptController.php

@@ -7,6 +7,7 @@
 namespace OCA\NCGoogleAnalytics\Controller;
 
 use OCA\NCGoogleAnalytics\Config;
+use OCA\NCGoogleAnalytics\Service\Consent\IConsentService;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http\DataDownloadResponse;
 use OCP\AppFramework\Http\TextPlainResponse;
@@ -19,11 +20,13 @@ class JavaScriptController extends Controller {
 	 * @param string $appName
 	 * @param IRequest $request
 	 * @param Config $config
+	 * @param IConsentService $consentService
 	 */
 	public function __construct(
 		$appName,
 		IRequest $request,
 		protected Config $config,
+		protected IConsentService $consentService,
 	) {
 		parent::__construct($appName, $request);
 	}
@@ -44,6 +47,17 @@ public function tracking(): TextPlainResponse|DataDownloadResponse {
 			return $response;
 		}
 
+		try {
+			$consent = $this->consentService->getConsent($_COOKIE);
+			if (!$consent->hasStatisticsConsent()) {
+				throw new \Exception('no statistics consent');
+			}
+		} catch (\Exception $e) {
+			$response = new TextPlainResponse('// tracking disabled: no statistics consent');
+			$response->addHeader('Content-Type', 'text/javascript');
+			return $response;
+		}
+
 		$script = file_get_contents(__DIR__ . '/../../js/track.js');
 		$script = str_replace('%GTM_ID%', $gtmId, $script);
 

lib/Service/Consent/Consent.php

@@ -0,0 +1,35 @@
+<?php
+
+// SPDX-FileCopyrightText: 2024 2024 STRATO AG
+//
+// SPDX-License-Identifier: AGPL-3.0-or-later
+
+declare(strict_types=1);
+
+namespace OCA\NCGoogleAnalytics\Service\Consent;
+
+class Consent implements IConsent {
+	public function __construct(
+		private readonly bool $technical = false,
+		private readonly bool $statistics = false,
+		private readonly bool $marketing = false,
+		private readonly bool $partnerships = false,
+	) {
+	}
+
+	public function hasTechnicalConsent(): bool {
+		return $this->technical;
+	}
+
+	public function hasStatisticsConsent(): bool {
+		return $this->statistics;
+	}
+
+	public function hasMarketingConsent(): bool {
+		return $this->marketing;
+	}
+
+	public function hasPartnershipsConsent(): bool {
+		return $this->partnerships;
+	}
+}

lib/Service/Consent/ConsentCategory.php

@@ -0,0 +1,16 @@
+<?php
+
+// SPDX-FileCopyrightText: 2024 2024 STRATO AG
+//
+// SPDX-License-Identifier: AGPL-3.0-or-later
+
+declare(strict_types=1);
+
+namespace OCA\NCGoogleAnalytics\Service\Consent;
+
+enum ConsentCategory: string {
+	case TECHNICAL = 'technical';
+	case STATISTICS = 'statistics';
+	case MARKETING = 'marketing';
+	case PARTNERSHIPS = 'partnerships';
+}

lib/Service/Consent/IConsent.php

@@ -0,0 +1,19 @@
+<?php
+
+// SPDX-FileCopyrightText: 2024 2024 STRATO AG
+//
+// SPDX-License-Identifier: AGPL-3.0-or-later
+
+declare(strict_types=1);
+
+namespace OCA\NCGoogleAnalytics\Service\Consent;
+
+interface IConsent {
+	public function hasTechnicalConsent(): bool;
+
+	public function hasStatisticsConsent(): bool;
+
+	public function hasMarketingConsent(): bool;
+
+	public function hasPartnershipsConsent(): bool;
+}

lib/Service/Consent/IConsentService.php

@@ -0,0 +1,13 @@
+<?php
+
+// SPDX-FileCopyrightText: 2024 2024 STRATO AG
+//
+// SPDX-License-Identifier: AGPL-3.0-or-later
+
+declare(strict_types=1);
+
+namespace OCA\NCGoogleAnalytics\Service\Consent;
+
+interface IConsentService {
+	public function getConsent(array $cookies): IConsent;
+}

lib/Service/Consent/IonosConsentService.php

@@ -0,0 +1,38 @@
+<?php
+
+// SPDX-FileCopyrightText: 2024 2024 STRATO AG
+//
+// SPDX-License-Identifier: AGPL-3.0-or-later
+
+declare(strict_types=1);
+
+namespace OCA\NCGoogleAnalytics\Service\Consent;
+
+class IonosConsentService implements IConsentService {
+	private const COOKIE_NAME = 'PRIVACY_CONSENT';
+
+	public function getConsent(array $cookies): IConsent {
+		$encodedValue = $cookies[self::COOKIE_NAME] ?? '';
+
+		if (empty($encodedValue)) {
+			throw new \InvalidArgumentException('No consent cookie found');
+		}
+
+		$decoded = base64_decode($encodedValue, true);
+		if ($decoded === false) {
+			throw new \InvalidArgumentException('Invalid base64 string');
+		}
+
+		$data = json_decode($decoded, true);
+		if (json_last_error() !== JSON_ERROR_NONE) {
+			throw new \InvalidArgumentException('Invalid JSON string');
+		}
+
+		return new Consent(
+			$data[ConsentCategory::TECHNICAL->value] ?? false,
+			$data[ConsentCategory::STATISTICS->value] ?? false,
+			$data[ConsentCategory::MARKETING->value] ?? false,
+			$data[ConsentCategory::PARTNERSHIPS->value] ?? false
+		);
+	}
+}

tests/Integration/GoogleAnalyticsTest.php

@@ -17,6 +17,9 @@
 use Psr\Container\ContainerExceptionInterface;
 use Psr\Container\NotFoundExceptionInterface;
 
+/**
+ * @backupGlobals enabled
+ */
 class GoogleAnalyticsTest extends TestCase {
 	private JavaScriptController $controller;
 
@@ -37,14 +40,38 @@ public function setUp(): void {
 		$this->controller = $container->get(JavaScriptController::class);
 	}
 
+	private function mockContentServiceState(bool $statistics = false): void {
+		$cookieValue = base64_encode(json_encode([
+			'technical' => false,
+			'statistics' => $statistics,
+			'marketing' => false,
+			'partnerships' => false,
+		]));
+
+		$_COOKIE = ['PRIVACY_CONSENT' => $cookieValue];
+	}
+
 	public function tearDown(): void {
 		$this->config->setSystemValue('googleanalytics_tracking_key', null);
+		unset($_COOKIE['PRIVACY_CONSENT']);
 	}
 
 	/**
 	 * @throws Exception
 	 */
 	public function testTrackingReturnsDisabledResponseWhenNoKey(): void {
+		$this->mockContentServiceState(true);
+		$response = $this->controller->tracking();
+
+		$this->assertInstanceOf(TextPlainResponse::class, $response);
+		$this->assertEquals('// tracking disabled', $response->render());
+	}
+
+	/**
+	 * @throws Exception
+	 */
+	public function testTrackingReturnsDisabledResponseWhenNoConsent(): void {
+		$this->mockContentServiceState(true);
 		$response = $this->controller->tracking();
 
 		$this->assertInstanceOf(TextPlainResponse::class, $response);
@@ -55,6 +82,7 @@ public function testTrackingReturnsDisabledResponseWhenNoKey(): void {
 	 * @throws Exception
 	 */
 	public function testTrackingReturnsScriptResponseWhenKeyExists(): void {
+		$this->mockContentServiceState(true);
 		$this->config->setSystemValue('googleanalytics_tracking_key', 'UA-123456-1');
 
 		$response = $this->controller->tracking();

tests/Unit/AppInfo/ApplicationTest.php

@@ -9,7 +9,10 @@
 use OC\Security\CSP\ContentSecurityPolicyManager;
 use OC\Security\CSP\ContentSecurityPolicyNonceManager;
 use OCA\NCGoogleAnalytics\AppInfo\Application;
+use OCA\NCGoogleAnalytics\Service\Consent\IConsentService;
+use OCA\NCGoogleAnalytics\Service\Consent\IonosConsentService;
 use OCP\AppFramework\Bootstrap\IBootContext;
+use OCP\AppFramework\Bootstrap\IRegistrationContext;
 use OCP\AppFramework\Http\ContentSecurityPolicy;
 use OCP\IURLGenerator;
 use PHPUnit\Framework\MockObject\MockObject;
@@ -21,12 +24,14 @@ class ApplicationTest extends TestCase {
 	private ContentSecurityPolicyNonceManager|MockObject $nonceManager;
 	private ContentSecurityPolicyManager|MockObject $contentSecurityPolicyManager;
 	private IBootContext|MockObject $context;
+	private $registrationContext;
 
 	protected function setUp(): void {
 		$this->urlGenerator = $this->createMock(IURLGenerator::class);
 		$this->nonceManager = $this->createMock(ContentSecurityPolicyNonceManager::class);
 		$this->contentSecurityPolicyManager = $this->createMock(ContentSecurityPolicyManager::class);
 		$this->context = $this->createMock(IBootContext::class);
+		$this->registrationContext = $this->createMock(IRegistrationContext::class);
 		$this->application = new Application();
 	}
 
@@ -40,6 +45,25 @@ public function testBoot(): void {
 
 		$this->application->boot($this->context);
 	}
+
+	public function testRegister(): void {
+		$this->registrationContext->expects($this->exactly(1))
+			->method('registerService')
+			->with(
+				IConsentService::class,
+				$this->isInstanceOf(\Closure::class),
+				true
+			);
+
+		$this->application->register($this->registrationContext);
+	}
+
+	public function testConsentServiceRegistration(): void {
+		$consentService = \OC::$server->getRegisteredAppContainer(Application::APP_ID)->get(IConsentService::class);
+
+		$this->assertInstanceOf(IonosConsentService::class, $consentService, 'FATAL: IonosConsentService is not registered!');
+	}
+
 	public function testTrackingScriptAddition(): void {
 		$this->urlGenerator->method('linkToRoute')->willReturn('someUrl');
 		$this->nonceManager->method('getNonce')->willReturn('someNonce');