From 977e0c359b76a61c6167fa30aff5b2e6912ed283 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cec=C3=ADlia=20Rom=C3=A3o?= Date: Fri, 12 Apr 2024 14:32:37 -0300 Subject: [PATCH] [SDP-701]: Inject organization privacy policy link into the SEP-24 webpages (#252) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit What The organization will provide the privacy policy link. Why The privacy policy file doesn’t need to be stored in the database or s3. --- .../htmltemplate/tmpl/receiver_register.tmpl | 18 +++++++++++ .../receiver_registered_successfully.tmpl | 9 ++++++ .../httphandler/receiver_registration.go | 31 ++++++++++++++----- .../httphandler/receiver_registration_test.go | 17 ++++++++-- .../publicfiles/js/receiver_registration.js | 18 +++++++++++ internal/serve/serve.go | 1 + 6 files changed, 83 insertions(+), 11 deletions(-) diff --git a/internal/htmltemplate/tmpl/receiver_register.tmpl b/internal/htmltemplate/tmpl/receiver_register.tmpl index 20d08cb76..b92c4140b 100644 --- a/internal/htmltemplate/tmpl/receiver_register.tmpl +++ b/internal/htmltemplate/tmpl/receiver_register.tmpl @@ -89,6 +89,15 @@
+ +
+

Your data is processed by {{.OrganizationName}} in accordance with their Privacy Policy

+

{{.PrivacyPolicyLink}}

+
+ @@ -213,6 +222,15 @@ > + + +
+

Your data is processed by {{.OrganizationName}} in accordance with their Privacy Policy

+

{{.PrivacyPolicyLink}}

+
diff --git a/internal/htmltemplate/tmpl/receiver_registered_successfully.tmpl b/internal/htmltemplate/tmpl/receiver_registered_successfully.tmpl index dc5d1eb9d..c3c26ab3e 100644 --- a/internal/htmltemplate/tmpl/receiver_registered_successfully.tmpl +++ b/internal/htmltemplate/tmpl/receiver_registered_successfully.tmpl @@ -37,6 +37,15 @@ + + +
+

Your data is processed by {{.OrganizationName}} in accordance with their Privacy Policy

+

{{.PrivacyPolicyLink}}

+
diff --git a/internal/serve/httphandler/receiver_registration.go b/internal/serve/httphandler/receiver_registration.go index bffb11593..25d181a88 100644 --- a/internal/serve/httphandler/receiver_registration.go +++ b/internal/serve/httphandler/receiver_registration.go @@ -13,16 +13,19 @@ import ( ) type ReceiverRegistrationHandler struct { + Models *data.Models ReceiverWalletModel *data.ReceiverWalletModel ReCAPTCHASiteKey string } type ReceiverRegistrationData struct { - StellarAccount string - JWTToken string - Title string - Message string - ReCAPTCHASiteKey string + StellarAccount string + JWTToken string + Title string + Message string + ReCAPTCHASiteKey string + PrivacyPolicyLink string + OrganizationName string } // ServeHTTP will serve the SEP-24 deposit page needed to register users. @@ -58,10 +61,22 @@ func (h ReceiverRegistrationHandler) ServeHTTP(w http.ResponseWriter, r *http.Re return } + organization, err := h.Models.Organizations.Get(ctx) + if err != nil { + httperror.InternalError(ctx, "Cannot get organization", err, nil).Render(w) + return + } + + privacyPolicyLink := "" + if organization.PrivacyPolicyLink != nil { + privacyPolicyLink = *organization.PrivacyPolicyLink + } tmplData := ReceiverRegistrationData{ - StellarAccount: sep24Claims.SEP10StellarAccount(), - JWTToken: token, - ReCAPTCHASiteKey: h.ReCAPTCHASiteKey, + StellarAccount: sep24Claims.SEP10StellarAccount(), + JWTToken: token, + ReCAPTCHASiteKey: h.ReCAPTCHASiteKey, + PrivacyPolicyLink: privacyPolicyLink, + OrganizationName: organization.Name, } htmlTemplateName := "receiver_register.tmpl" diff --git a/internal/serve/httphandler/receiver_registration_test.go b/internal/serve/httphandler/receiver_registration_test.go index 736e4037d..8ad482387 100644 --- a/internal/serve/httphandler/receiver_registration_test.go +++ b/internal/serve/httphandler/receiver_registration_test.go @@ -31,7 +31,7 @@ func Test_ReceiverRegistrationHandler_ServeHTTP(t *testing.T) { reCAPTCHASiteKey := "reCAPTCHASiteKey" r := chi.NewRouter() - r.Get("/receiver-registration/start", ReceiverRegistrationHandler{ReceiverWalletModel: receiverWalletModel, ReCAPTCHASiteKey: reCAPTCHASiteKey}.ServeHTTP) + r.Get("/receiver-registration/start", ReceiverRegistrationHandler{Models: models, ReceiverWalletModel: receiverWalletModel, ReCAPTCHASiteKey: reCAPTCHASiteKey}.ServeHTTP) t.Run("returns 401 - Unauthorized if the token is not in the request context", func(t *testing.T) { req, reqErr := http.NewRequest("GET", "/receiver-registration/start", nil) @@ -64,6 +64,16 @@ func Test_ReceiverRegistrationHandler_ServeHTTP(t *testing.T) { assert.JSONEq(t, `{"error":"Not authorized."}`, string(respBody)) }) + ctx := context.Background() + link := "http://www.test.com/privacy-policy" + err = models.Organizations.Update(ctx, &data.OrganizationUpdate{ + PrivacyPolicyLink: &link, + }) + require.NoError(t, err) + + _, err = models.Organizations.Get(ctx) + require.NoError(t, err) + t.Run("returns 200 - Ok (And show the Wallet Registration page) if the token is in the request context and it's valid πŸŽ‰", func(t *testing.T) { req, reqErr := http.NewRequest("GET", "/receiver-registration/start?token=test-token", nil) require.NoError(t, reqErr) @@ -90,10 +100,9 @@ func Test_ReceiverRegistrationHandler_ServeHTTP(t *testing.T) { assert.Contains(t, string(respBody), "Wallet Registration") assert.Contains(t, string(respBody), `
`) assert.Contains(t, string(respBody), ``) + assert.Contains(t, string(respBody), `

Your data is processed by MyCustomAid in accordance with their Privacy Policy

`) }) - ctx := context.Background() - // Create a receiver wallet wallet := data.CreateWalletFixture(t, ctx, dbConnectionPool, "My Wallet", @@ -131,6 +140,7 @@ func Test_ReceiverRegistrationHandler_ServeHTTP(t *testing.T) { assert.Equal(t, http.StatusOK, resp.StatusCode) assert.Equal(t, "text/html; charset=utf-8", resp.Header.Get("Content-Type")) assert.Contains(t, string(respBody), "Wallet Registration Confirmation") + assert.Contains(t, string(respBody), `

Your data is processed by MyCustomAid in accordance with their Privacy Policy

`) }) t.Run("returns 200 - Ok (And show the Wallet Registration page) if the token is in the request context and wants to register second wallet in the same address", func(t *testing.T) { @@ -159,5 +169,6 @@ func Test_ReceiverRegistrationHandler_ServeHTTP(t *testing.T) { assert.Contains(t, string(respBody), "Wallet Registration") assert.Contains(t, string(respBody), `
`) assert.Contains(t, string(respBody), ``) + assert.Contains(t, string(respBody), `

Your data is processed by MyCustomAid in accordance with their Privacy Policy

`) }) } diff --git a/internal/serve/publicfiles/js/receiver_registration.js b/internal/serve/publicfiles/js/receiver_registration.js index 60ef64c03..a0a32b972 100644 --- a/internal/serve/publicfiles/js/receiver_registration.js +++ b/internal/serve/publicfiles/js/receiver_registration.js @@ -2,6 +2,7 @@ const WalletRegistration = { jwtToken: "", intlTelInput: null, phoneNumberErrorEl: null, + privacyPolicyLink: "", }; function getJwtToken() { @@ -12,6 +13,22 @@ function getJwtToken() { } } +function getPrivacyPolicyLink() { + const linkEl = document.querySelector("[data-privacy-policy-link]"); + + if (linkEl) { + return linkEl.innerHTML; + } +} + +document.addEventListener("DOMContentLoaded", function () { + const footer = document.getElementById("WalletRegistration__PrivacyPolicy"); + + if (WalletRegistration.privacyPolicyLink == "") { + footer.style = "display: none" + } +}); + function toggleNotification(type, { parentEl, title, message, isVisible }) { const titleEl = parentEl.querySelector(`[data-section-${type}-title]`); const messageEl = parentEl.querySelector(`[data-section-${type}-message`); @@ -385,4 +402,5 @@ window.onload = async () => { WalletRegistration.phoneNumberErrorEl = document.querySelector( "[data-section-error='phoneNumber']" ); + WalletRegistration.privacyPolicyLink = getPrivacyPolicyLink(); }; diff --git a/internal/serve/serve.go b/internal/serve/serve.go index a5a779eee..f01c5d4a3 100644 --- a/internal/serve/serve.go +++ b/internal/serve/serve.go @@ -425,6 +425,7 @@ func handleHTTP(o ServeOptions) *chi.Mux { r.Route("/wallet-registration", func(r chi.Router) { sep24QueryTokenAuthenticationMiddleware := anchorplatform.SEP24QueryTokenAuthenticateMiddleware(o.sep24JWTManager, o.NetworkPassphrase, o.tenantManager, o.SingleTenantMode) r.With(sep24QueryTokenAuthenticationMiddleware).Get("/start", httphandler.ReceiverRegistrationHandler{ + Models: o.Models, ReceiverWalletModel: o.Models.ReceiverWallet, ReCAPTCHASiteKey: o.ReCAPTCHASiteKey, }.ServeHTTP) // This loads the SEP-24 PII registration webpage.