Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backend] Remove Automatic SafeStr serialization from PrivacyExperienceConfig. #3600

Merged
merged 5 commits into from
Jun 19, 2023
Merged

[Backend] Remove Automatic SafeStr serialization from PrivacyExperienceConfig. #3600

merged 5 commits into from
Jun 19, 2023

Conversation

pattisdr
Copy link
Contributor

@pattisdr pattisdr commented Jun 17, 2023
edited
Loading

Closes #3301

Code Changes

  • Escape experience configs before saving in the db. Unescape before returning.
  • Escape default experience configs before saving from yaml file
  • Unescape embedded experience configs and privacy notices in the PrivacyExperience response
  • Unescape notices in the response before returning after create and update.

Steps to Confirm

  • Save suspicious characters when creating or updating ExperienceConfigs in various string fields: POST {host}}/experience-config or PATCH {{host}}/experience-config/{{experience-config-id}} - and verify that when you fetch these experience configs, that the strings are unescaped (but they are escaped in the db)
  • Also privacy notices embedded in an experience with odd characters are unescaped {{host}}/privacy-experience/?region=us_ca

Pre-Merge Checklist

Description Of Changes

Strings that are escaped on ExperienceConfigs are currently surfaced in their escaped form.

@pattisdr
Remove automatic SafeStr serialization from PrivacyExperienceConfig.
6988e4a 
- Escape experience configs before saving in the db. Unescape before returning.
- Unescape embedded experience configs and privacy notices in the PrivacyExperience response
- Unescape notices in the response before returning after create and update.
@pattisdr
Merge branch 'main' into privacy_experience_safe_strings_serialization
8affbf2 
# Conflicts:
#	src/fides/api/api/v1/endpoints/connection_endpoints.py
@cypress
Copy link

cypress bot commented Jun 17, 2023
edited
Loading

Passing run #2780 ↗︎

0 4 0 0 Flakiness 0
⚠️ You've recorded test results over your free plan limit.
Upgrade your plan to view test results.

Details:

Merge 9af8689 into 9cddb24...
Project: fides Commit: e67c57385f ℹ️
Status: Passed Duration: 01:02 💡
Started: Jun 19, 2023 4:37 PM Ended: Jun 19, 2023 4:38 PM

This comment has been generated by cypress-bot as a result of this project's GitHub integration settings.

@pattisdr
Fix user description in PriacyNoticeHistory schema in email batch sen…
c97a5a0 
…d tests - note that we don't have to unescape the description because it doesn't show up in the email.
@pattisdr pattisdr marked this pull request as ready for review June 19, 2023 13:29
@pattisdr
Copy link
Contributor Author

@allisonking requesting your review because I believe it was your pattern I followed from notices!

@codecov
Copy link

codecov bot commented Jun 19, 2023
edited
Loading

Codecov Report

Patch coverage: 100.00% and project coverage change: +0.40 🎉

Comparison is base (9cddb24) 86.66% compared to head (9af8689) 87.06%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3600      +/-   ##
==========================================
+ Coverage   86.66%   87.06%   +0.40%     
==========================================
  Files         310      310              
  Lines       18988    19002      +14     
  Branches     2421     2427       +6     
==========================================
+ Hits        16455    16544      +89     
+ Misses       2107     2029      -78     
- Partials      426      429       +3
Impacted Files Coverage Δ
...rc/fides/api/api/v1/endpoints/dataset_endpoints.py 96.29% <100.00%> (ø)
...1/endpoints/privacy_experience_config_endpoints.py 100.00% <100.00%> (ø)
...i/api/v1/endpoints/privacy_experience_endpoints.py 91.80% <100.00%> (+0.73%) ⬆️
...s/api/api/v1/endpoints/privacy_notice_endpoints.py 100.00% <100.00%> (ø)
src/fides/api/api/v1/endpoints/utils.py 81.96% <100.00%> (ø)
src/fides/api/models/datasetconfig.py 96.69% <100.00%> (ø)
src/fides/api/schemas/privacy_experience.py 100.00% <100.00%> (ø)
src/fides/api/util/consent_util.py 99.43% <100.00%> (+<0.01%) ⬆️
src/fides/api/util/data_category.py 100.00% <100.00%> (ø)

... and 7 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@allisonking allisonking mentioned this pull request Jun 19, 2023
Closed
2 tasks
allisonking
allisonking approved these changes Jun 19, 2023
View reviewed changes
Copy link
Contributor

@allisonking allisonking left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, works great! we'll need to pass the special header in privacy center and fides-js too, otherwise it looks like this 😅

image

ticket here: #3606

but works great in admin-ui which is passing the header!

src/fides/api/api/v1/endpoints/privacy_experience_config_endpoints.py Outdated Show resolved Hide resolved
src/fides/api/api/v1/endpoints/privacy_notice_endpoints.py Show resolved Hide resolved
@pattisdr pattisdr merged commit eb400e1 into main Jun 19, 2023
@pattisdr pattisdr deleted the privacy_experience_safe_strings_serialization branch June 19, 2023 18:29
@allisonking allisonking mentioned this pull request Jun 29, 2023
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@allisonking allisonking allisonking approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Privacy Experience Safe Strings Serialization
2 participants
@pattisdr @allisonking