Enable/Disable analytics based on user consent

Backend.Tests/Otel/OtelKernelTests.cs

@@ -12,9 +12,14 @@ namespace Backend.Tests.Otel
 {
     public class OtelKernelTests : IDisposable
     {
+
+        private const string FrontendConsentKey = "otelConsent";
         private const string FrontendSessionIdKey = "sessionId";
+        private const string OtelConsentKey = "otelConsent";
         private const string OtelSessionIdKey = "sessionId";
+        private const string OtelConsentBaggageKey = "otelConsentBaggage";
         private const string OtelSessionBaggageKey = "sessionBaggage";
+
         private LocationEnricher _locationEnricher = null!;
 
         public void Dispose()
@@ -32,41 +37,46 @@ protected virtual void Dispose(bool disposing)
         }
 
         [Test]
-        public void BuildersSetSessionBaggageFromHeader()
+        public void BuildersSetBaggageFromHeader()
         {
             // Arrange
             var httpContext = new DefaultHttpContext();
+            httpContext.Request.Headers[FrontendConsentKey] = "true";
             httpContext.Request.Headers[FrontendSessionIdKey] = "123";
             var activity = new Activity("testActivity").Start();
 
             // Act
+            TrackConsent(activity, httpContext.Request);
             TrackSession(activity, httpContext.Request);
 
             // Assert
+            Assert.That(activity.Baggage.Any(_ => _.Key == OtelConsentBaggageKey));
             Assert.That(activity.Baggage.Any(_ => _.Key == OtelSessionBaggageKey));
         }
 
         [Test]
-        public void OnEndSetsSessionTagFromBaggage()
+        public void OnEndSetsTagsFromBaggage()
         {
             // Arrange
             var activity = new Activity("testActivity").Start();
+            activity.SetBaggage(OtelConsentBaggageKey, "true");
             activity.SetBaggage(OtelSessionBaggageKey, "test session id");
 
             // Act
             _locationEnricher.OnEnd(activity);
 
             // Assert
+            Assert.That(activity.Tags.Any(_ => _.Key == OtelConsentKey));
             Assert.That(activity.Tags.Any(_ => _.Key == OtelSessionIdKey));
         }
 
-
         [Test]
         public void OnEndSetsLocationTags()
         {
             // Arrange
             _locationEnricher = new LocationEnricher(new LocationProviderMock());
             var activity = new Activity("testActivity").Start();
+            activity.SetBaggage(OtelConsentBaggageKey, "true");
 
             // Act
             _locationEnricher.OnEnd(activity);
@@ -81,11 +91,13 @@ public void OnEndSetsLocationTags()
             Assert.That(activity.Tags, Is.SupersetOf(testLocation));
         }
 
+        [Test]
         public void OnEndRedactsIp()
         {
             // Arrange
             _locationEnricher = new LocationEnricher(new LocationProviderMock());
             var activity = new Activity("testActivity").Start();
+            activity.SetBaggage(OtelConsentBaggageKey, "true");
             activity.SetTag("url.full", $"{LocationProvider.locationGetterUri}100.0.0.0");
 
             // Act

Backend/Models/User.cs

@@ -66,6 +66,19 @@ public class User
         [BsonElement("username")]
         public string Username { get; set; }
 
+        /// <summary>
+        /// Is true if user accepts analytics, false otherwise. 
+        /// User can update consent anytime.
+        /// </summary>
+        [BsonElement("otelConsent")]
+        public bool OtelConsent { get; set; }
+
+        /// <summary>
+        /// Is set permanently to true once user first accepts or rejects analytics upon login.
+        /// </summary>
+        [BsonElement("answeredConsent")]
+        public bool AnsweredConsent { get; set; }
+
         [BsonElement("uiLang")]
         public string UILang { get; set; }
 
@@ -97,6 +110,8 @@ public User()
             Agreement = false;
             Password = "";
             Username = "";
+            OtelConsent = true;
+            AnsweredConsent = false;
             UILang = "";
             GlossSuggestion = AutocompleteSetting.On;
             Token = "";
@@ -119,6 +134,8 @@ public User Clone()
                 Agreement = Agreement,
                 Password = Password,
                 Username = Username,
+                OtelConsent = OtelConsent,
+                AnsweredConsent = AnsweredConsent,
                 UILang = UILang,
                 GlossSuggestion = GlossSuggestion,
                 Token = Token,
@@ -141,6 +158,8 @@ public bool ContentEquals(User other)
                 other.Agreement == Agreement &&
                 other.Password.Equals(Password, StringComparison.Ordinal) &&
                 other.Username.Equals(Username, StringComparison.Ordinal) &&
+                other.OtelConsent == OtelConsent &&
+                other.AnsweredConsent == AnsweredConsent &&
                 other.UILang.Equals(UILang, StringComparison.Ordinal) &&
                 other.GlossSuggestion.Equals(GlossSuggestion) &&
                 other.Token.Equals(Token, StringComparison.Ordinal) &&
@@ -178,6 +197,8 @@ public override int GetHashCode()
             hash.Add(Agreement);
             hash.Add(Password);
             hash.Add(Username);
+            hash.Add(OtelConsent);
+            hash.Add(AnsweredConsent);
             hash.Add(UILang);
             hash.Add(GlossSuggestion);
             hash.Add(Token);

Backend/Otel/OtelKernel.cs

@@ -33,6 +33,12 @@ public static void AddOpenTelemetryInstrumentation(this IServiceCollection servi
             );
         }
 
+        internal static void TrackConsent(Activity activity, HttpRequest request)
+        {
+            var consent = request.Headers.TryGetValue("otelConsent", out var values) ? bool.TryParse(values.FirstOrDefault(), out bool _) : true;
+            activity.SetBaggage("otelConsentBaggage", consent.ToString());
+        }
+
         internal static void TrackSession(Activity activity, HttpRequest request)
         {
             var sessionId = request.Headers.TryGetValue("sessionId", out var values) ? values.FirstOrDefault() : null;
@@ -67,6 +73,7 @@ private static void AspNetCoreBuilder(AspNetCoreTraceInstrumentationOptions opti
             options.EnrichWithHttpRequest = (activity, request) =>
             {
                 GetContentLengthAspNet(activity, request.Headers, "inbound.http.request.body.size");
+                TrackConsent(activity, request);
                 TrackSession(activity, request);
             };
             options.EnrichWithHttpResponse = (activity, response) =>
@@ -98,22 +105,21 @@ internal class LocationEnricher(ILocationProvider locationProvider) : BaseProces
         {
             public override async void OnEnd(Activity data)
             {
-                var uriPath = (string?)data.GetTagItem("url.full");
-                var locationUri = LocationProvider.locationGetterUri;
-                if (uriPath is null || !uriPath.Contains(locationUri))
+                var consentString = data?.GetBaggageItem("otelConsentBaggage");
+                data?.AddTag("otelConsent", consentString);
+                var consent = bool.TryParse(consentString, out bool value) ? value : false;
+                if (consent)
                 {
-                    var location = await locationProvider.GetLocation();
-                    data?.AddTag("country", location?.Country);
-                    data?.AddTag("regionName", location?.RegionName);
-                    data?.AddTag("city", location?.City);
-                }
-                data?.SetTag("sessionId", data?.GetBaggageItem("sessionBaggage"));
-                if (uriPath is not null && uriPath.Contains(locationUri))
-                {
-                    // When getting location externally, url.full includes site URI and user IP. 
-                    // In such cases, only add url without IP information to traces.
-                    data?.SetTag("url.full", "");
-                    data?.SetTag("url.redacted.ip", LocationProvider.locationGetterUri);
+                    var uriPath = (string?)data?.GetTagItem("url.full");
+                    var locationUri = LocationProvider.locationGetterUri;
+                    if (uriPath is null || !uriPath.Contains(locationUri))
+                    {
+                        var location = await locationProvider.GetLocation();
+                        data?.AddTag("country", location?.Country);
+                        data?.AddTag("regionName", location?.RegionName);
+                        data?.AddTag("city", location?.City);
+                    }
+                    data?.SetTag("sessionId", data?.GetBaggageItem("sessionBaggage"));
                 }
             }
         }

Backend/Repositories/UserRepository.cs

@@ -196,6 +196,8 @@ public async Task<ResultOfUpdate> Update(string userId, User user, bool updateIs
                 .Set(x => x.ProjectRoles, user.ProjectRoles)
                 .Set(x => x.Agreement, user.Agreement)
                 .Set(x => x.Username, user.Username)
+                .Set(x => x.OtelConsent, user.OtelConsent)
+                .Set(x => x.AnsweredConsent, user.AnsweredConsent)
                 .Set(x => x.UILang, user.UILang)
                 .Set(x => x.GlossSuggestion, user.GlossSuggestion);
 

public/locales/en/translation.json

@@ -33,6 +33,14 @@
     "pressEnter": "Press Enter to save word",
     "vernacular": "Vernacular"
   },
+  "analyticsConsent": {
+    "consentModal": {
+      "acceptAllBtn": "Yes, allow analytics cookies",
+      "acceptNecessaryBtn": "No, reject analytics cookies",
+      "description": "The Combine stores basic info about your current session on your device. This info is necessary and isn't shared with anybody. The Combine also uses analytics cookies, which are only for us to fix bugs and compile anonymized statistics. Do you consent to our usage of analytics cookies?",
+      "title": "Cookies on The Combine"
+    }
+  },
   "appBar": {
     "dataEntry": "Data Entry",
     "dataCleanup": "Data Cleanup",
@@ -129,12 +137,6 @@
   "userSettings": {
     "analyticsConsent": {
       "button": "Change consent",
-      "consentModal": {
-        "acceptAllBtn": "Yes, allow analytics cookies",
-        "acceptNecessaryBtn": "No, reject analytics cookies",
-        "description": "The Combine stores basic info about your current session on your device. This info is necessary and isn't shared with anybody. The Combine also uses analytics cookies, which are only for us to fix bugs and compile anonymized statistics. Do you consent to our usage of analytics cookies?",
-        "title": "Cookies on The Combine"
-      },
       "consentNo": "You have not consented to our use of analytics cookies.",
       "consentYes": "You have consented to our use of analytics cookies.",
       "title": "Analytics cookies"

src/api/models/user.ts

@@ -94,26 +94,38 @@ export interface User {
   username: string;
   /**
    *
-   * @type {string}
+   * @type {boolean}
    * @memberof User
    */
-  uiLang?: string | null;
+  otelConsent?: boolean;
   /**
    *
-   * @type {string}
+   * @type {boolean}
    * @memberof User
    */
-  token: string;
+  answeredConsent?: boolean;
   /**
    *
-   * @type {boolean}
+   * @type {string}
    * @memberof User
    */
-  isAdmin: boolean;
+  uiLang?: string | null;
   /**
    *
    * @type {AutocompleteSetting}
    * @memberof User
    */
   glossSuggestion: AutocompleteSetting;
+  /**
+   *
+   * @type {string}
+   * @memberof User
+   */
+  token: string;
+  /**
+   *
+   * @type {boolean}
+   * @memberof User
+   */
+  isAdmin: boolean;
 }

src/backend/index.ts

@@ -54,7 +54,12 @@ const whiteListedErrorUrls = [
 // Create an axios instance to allow for attaching interceptors to it.
 const axiosInstance = axios.create({ baseURL: apiBaseURL });
 axiosInstance.interceptors.request.use((config: InternalAxiosRequestConfig) => {
-  config.headers.sessionId = getSessionId();
+  if (LocalStorage.getCurrentUser()?.otelConsent) {
+    config.headers.otelConsent = true;
+    config.headers.sessionId = getSessionId();
+  } else {
+    config.headers.otelConsent = false;
+  }
   return config;
 });
 axiosInstance.interceptors.response.use(undefined, (err: AxiosError) => {

src/components/AnalyticsConsent/index.tsx

@@ -0,0 +1,102 @@
+import { Button, Grid, Theme, Typography, useMediaQuery } from "@mui/material";
+import Drawer from "@mui/material/Drawer";
+import { ReactElement } from "react";
+import { useTranslation } from "react-i18next";
+import { themeColors } from "types/theme";
+
+interface ConsentProps {
+  onChangeConsent: (consentVal: boolean | undefined) => void;
+  required: boolean;
+}
+
+export default function AnalyticsConsent(props: ConsentProps): ReactElement {
+  const { t } = useTranslation();
+
+  const acceptAnalytics = (): void => {
+    props.onChangeConsent(true);
+  };
+  const rejectAnalytics = (): void => {
+    props.onChangeConsent(false);
+  };
+
+  const clickedAway = (): void => {
+    props.onChangeConsent(undefined);
+  };
+
+  const isXs = useMediaQuery<Theme>((th) => th.breakpoints.only("xs"));
+
+  return (
+    <div>
+      <Drawer
+        anchor={"bottom"}
+        open
+        onClose={!props.required ? clickedAway : undefined}
+      >
+        <div style={{ padding: 20 }}>
+          <Grid
+            container
+            direction={isXs ? "column" : "row"}
+            justifyContent="space-around"
+            alignItems="center"
+            spacing={0}
+          >
+            <Grid item xs>
+              <Typography
+                variant="h6"
+                style={{ color: themeColors.primary, fontWeight: 600 }}
+                gutterBottom
+              >
+                {t("analyticsConsent.consentModal.title")}
+              </Typography>
+              <Typography
+                variant="body1"
+                align="left"
+                style={{ marginRight: 25 }}
+                gutterBottom
+              >
+                {t("analyticsConsent.consentModal.description")}
+              </Typography>
+            </Grid>
+            <Grid
+              container
+              xs="auto"
+              display="flex"
+              justifyContent="space-around"
+              alignItems="center"
+              spacing={1}
+            >
+              <Grid item>
+                <Button
+                  onClick={acceptAnalytics}
+                  style={{
+                    height: 60,
+                    width: 155,
+                  }}
+                  variant={"contained"}
+                >
+                  <Typography variant="body2">
+                    {t("analyticsConsent.consentModal.acceptAllBtn")}
+                  </Typography>
+                </Button>
+              </Grid>
+              <Grid item>
+                <Button
+                  onClick={rejectAnalytics}
+                  style={{
+                    height: 60,
+                    width: 155,
+                  }}
+                  variant={"contained"}
+                >
+                  <Typography variant="body2">
+                    {t("analyticsConsent.consentModal.acceptNecessaryBtn")}
+                  </Typography>
+                </Button>
+              </Grid>
+            </Grid>
+          </Grid>
+        </div>
+      </Drawer>
+    </div>
+  );
+}