Skip to content

LiveIntent module: Restrict LI enrichment based on allowed activity #4185

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Oct 3, 2025
Merged

LiveIntent module: Restrict LI enrichment based on allowed activity #4185

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
3006623
DATA-36551: Restrict LI enrichment based on allowed activity
Sep 10, 2025
c9444c4
DATA-36551: PR issues fixed
Sep 11, 2025
3a0d8ec
DATA-36551: PR issues fixed
Sep 17, 2025
618a526
DATA-36551: Fixing linting
Sep 24, 2025
c39bdef
DATA-36551: Build fixed
Sep 26, 2025
d786747
DATA-36551: Fixing tests
Sep 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion ...s/liveintent/omni/channel/identity/config/LiveIntentOmniChannelIdentityConfiguration.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package org.prebid.server.hooks.modules.liveintent.omni.channel.identity.config;

import org.prebid.server.auction.privacy.enforcement.mask.UserFpdActivityMask;
import org.prebid.server.hooks.modules.liveintent.omni.channel.identity.model.config.LiveIntentOmniChannelProperties;
import org.prebid.server.hooks.modules.liveintent.omni.channel.identity.v1.LiveIntentOmniChannelIdentityModule;
import org.prebid.server.hooks.modules.liveintent.omni.channel.identity.v1.hooks.LiveIntentOmniChannelIdentityProcessedAuctionRequestHook;
Expand Down Expand Up @@ -30,12 +31,13 @@ LiveIntentOmniChannelProperties properties() {
@Bean
Module liveIntentOmniChannelIdentityModule(LiveIntentOmniChannelProperties properties,
JacksonMapper mapper,
UserFpdActivityMask userFpdActivityMask,
HttpClient httpClient,
@Value("${logging.sampling-rate:0.01}") double logSamplingRate) {

final LiveIntentOmniChannelIdentityProcessedAuctionRequestHook hook =
new LiveIntentOmniChannelIdentityProcessedAuctionRequestHook(
properties, mapper, httpClient, logSamplingRate);
properties, userFpdActivityMask, mapper, httpClient, logSamplingRate);

return new LiveIntentOmniChannelIdentityModule(Collections.singleton(hook));
}
Expand Down
66 changes: 63 additions & 3 deletions ...i/channel/identity/v1/hooks/LiveIntentOmniChannelIdentityProcessedAuctionRequestHook.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,26 @@
package org.prebid.server.hooks.modules.liveintent.omni.channel.identity.v1.hooks;

import com.iab.openrtb.request.BidRequest;
import com.iab.openrtb.request.Device;
import com.iab.openrtb.request.Eid;
import com.iab.openrtb.request.Source;
import com.iab.openrtb.request.User;
import io.vertx.core.Future;
import io.vertx.core.MultiMap;
import org.apache.commons.collections4.ListUtils;
import org.prebid.server.activity.Activity;
import org.prebid.server.activity.ComponentType;
import org.prebid.server.activity.infrastructure.ActivityInfrastructure;
import org.prebid.server.activity.infrastructure.payload.ActivityInvocationPayload;
import org.prebid.server.activity.infrastructure.payload.impl.ActivityInvocationPayloadImpl;
import org.prebid.server.activity.infrastructure.payload.impl.BidRequestActivityInvocationPayload;
import org.prebid.server.auction.model.AuctionContext;
import org.prebid.server.auction.privacy.enforcement.mask.UserFpdActivityMask;
import org.prebid.server.hooks.execution.v1.InvocationResultImpl;
import org.prebid.server.hooks.execution.v1.auction.AuctionRequestPayloadImpl;
import org.prebid.server.hooks.modules.liveintent.omni.channel.identity.model.IdResResponse;
import org.prebid.server.hooks.modules.liveintent.omni.channel.identity.model.config.LiveIntentOmniChannelProperties;
import org.prebid.server.hooks.modules.liveintent.omni.channel.identity.v1.LiveIntentOmniChannelIdentityModule;
import org.prebid.server.hooks.v1.InvocationAction;
import org.prebid.server.hooks.v1.InvocationResult;
import org.prebid.server.hooks.v1.InvocationStatus;
Expand Down Expand Up @@ -39,9 +50,11 @@ public class LiveIntentOmniChannelIdentityProcessedAuctionRequestHook implements
private final LiveIntentOmniChannelProperties config;
private final JacksonMapper mapper;
private final HttpClient httpClient;
private final UserFpdActivityMask userFpdActivityMask;
private final double logSamplingRate;

public LiveIntentOmniChannelIdentityProcessedAuctionRequestHook(LiveIntentOmniChannelProperties config,
UserFpdActivityMask userFpdActivityMask,
JacksonMapper mapper,
HttpClient httpClient,
double logSamplingRate) {
Expand All @@ -51,29 +64,76 @@ public LiveIntentOmniChannelIdentityProcessedAuctionRequestHook(LiveIntentOmniCh
this.mapper = Objects.requireNonNull(mapper);
this.httpClient = Objects.requireNonNull(httpClient);
this.logSamplingRate = logSamplingRate;
this.userFpdActivityMask = Objects.requireNonNull(userFpdActivityMask);
}

@Override
public Future<InvocationResult<AuctionRequestPayload>> call(AuctionRequestPayload auctionRequestPayload,
AuctionInvocationContext invocationContext) {

return config.getTreatmentRate() > ThreadLocalRandom.current().nextFloat()
? requestIdentities(auctionRequestPayload.bidRequest())
? requestIdentities(auctionRequestPayload.bidRequest(), invocationContext.auctionContext())
.<InvocationResult<AuctionRequestPayload>>map(this::update)
.onFailure(throwable -> conditionalLogger.error(
"Failed enrichment: %s".formatted(throwable.getMessage()), logSamplingRate))
: noAction();
}

private Future<IdResResponse> requestIdentities(BidRequest bidRequest) {
private Future<IdResResponse> requestIdentities(BidRequest bidRequest, AuctionContext auctionContext) {
final BidRequest restrictedBidRequest = applyActivityRestrictions(bidRequest, auctionContext);
return httpClient.post(
config.getIdentityResolutionEndpoint(),
headers(),
mapper.encodeToString(bidRequest),
mapper.encodeToString(restrictedBidRequest),
config.getRequestTimeoutMs())
.map(this::processResponse);
}

private BidRequest applyActivityRestrictions(BidRequest bidRequest, AuctionContext auctionContext) {
final ActivityInvocationPayload activityInvocationPayload = BidRequestActivityInvocationPayload.of(
ActivityInvocationPayloadImpl.of(ComponentType.GENERAL_MODULE, LiveIntentOmniChannelIdentityModule.CODE),
bidRequest);
final ActivityInfrastructure activityInfrastructure = auctionContext.getActivityInfrastructure();

final boolean disallowTransmitUfpd = !activityInfrastructure.isAllowed(
Activity.TRANSMIT_UFPD, activityInvocationPayload);
final boolean disallowTransmitEids = !activityInfrastructure.isAllowed(
Activity.TRANSMIT_EIDS, activityInvocationPayload);
final boolean disallowTransmitGeo = !activityInfrastructure.isAllowed(
Activity.TRANSMIT_GEO, activityInvocationPayload);
final boolean disallowTransmitTid = !activityInfrastructure.isAllowed(
Activity.TRANSMIT_TID, activityInvocationPayload);

return maskUserPersonalInfo(
bidRequest,
disallowTransmitUfpd,
disallowTransmitEids,
disallowTransmitGeo,
disallowTransmitTid);
}

private BidRequest maskUserPersonalInfo(BidRequest bidRequest,
boolean disallowTransmitUfpd,
boolean disallowTransmitEids,
boolean disallowTransmitGeo,
boolean disallowTransmitTid) {

final User maskedUser = userFpdActivityMask.maskUser(
bidRequest.getUser(), disallowTransmitUfpd, disallowTransmitEids);
final Device maskedDevice = userFpdActivityMask.maskDevice(
bidRequest.getDevice(), disallowTransmitUfpd, disallowTransmitGeo);

final Source maskedSource = (disallowTransmitUfpd && disallowTransmitTid)
? bidRequest.getSource().toBuilder().tid(null).build()
: bidRequest.getSource();

return bidRequest.toBuilder()
.user(maskedUser)
.device(maskedDevice)
.source(maskedSource)
.build();
}

private MultiMap headers() {
return MultiMap.caseInsensitiveMultiMap()
.add(HttpUtil.AUTHORIZATION_HEADER, "Bearer " + config.getAuthToken());
Expand Down
154 changes: 152 additions & 2 deletions ...mni/channel/identity/v1/LiveIntentOmniChannelIdentityProcessedAuctionRequestHookTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,10 @@
package org.prebid.server.hooks.modules.liveintent.omni.channel.identity.v1;

import com.iab.openrtb.request.BidRequest;
import com.iab.openrtb.request.Device;
import com.iab.openrtb.request.Eid;
import com.iab.openrtb.request.Geo;
import com.iab.openrtb.request.Source;
import com.iab.openrtb.request.Uid;
import com.iab.openrtb.request.User;
import io.vertx.core.Future;
Expand All @@ -10,6 +13,10 @@
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import org.prebid.server.activity.Activity;
import org.prebid.server.activity.infrastructure.ActivityInfrastructure;
import org.prebid.server.auction.model.AuctionContext;
import org.prebid.server.auction.privacy.enforcement.mask.UserFpdActivityMask;
import org.prebid.server.hooks.execution.v1.auction.AuctionInvocationContextImpl;
import org.prebid.server.hooks.execution.v1.auction.AuctionRequestPayloadImpl;
import org.prebid.server.hooks.modules.liveintent.omni.channel.identity.model.IdResResponse;
Expand Down Expand Up @@ -44,12 +51,24 @@ public class LiveIntentOmniChannelIdentityProcessedAuctionRequestHookTest {

private static final JacksonMapper MAPPER = new JacksonMapper(ObjectMapperProvider.mapper());

@Mock
private UserFpdActivityMask userFpdActivityMask;

@Mock
private HttpClient httpClient;

@Mock(strictness = LENIENT)
private LiveIntentOmniChannelProperties properties;

@Mock
private ActivityInfrastructure activityInfrastructure;

@Mock
private AuctionInvocationContext auctionInvocationContext;

@Mock
private AuctionContext auctionContext;

private LiveIntentOmniChannelIdentityProcessedAuctionRequestHook target;

@BeforeEach
Expand All @@ -59,16 +78,147 @@ public void setUp() {
given(properties.getAuthToken()).willReturn("auth_token");
given(properties.getTreatmentRate()).willReturn(1.0f);

given(auctionInvocationContext.auctionContext()).willReturn(auctionContext);
given(auctionContext.getActivityInfrastructure()).willReturn(activityInfrastructure);
given(activityInfrastructure.isAllowed(any(), any())).willReturn(true);

target = new LiveIntentOmniChannelIdentityProcessedAuctionRequestHook(
properties, MAPPER, httpClient, 0.01d);
properties, userFpdActivityMask, MAPPER, httpClient, 0.01d);
}

@Test
public void creationShouldFailOnInvalidIdentityUrl() {
given(properties.getIdentityResolutionEndpoint()).willReturn("invalid_url");
assertThatIllegalArgumentException().isThrownBy(() ->
new LiveIntentOmniChannelIdentityProcessedAuctionRequestHook(
properties, MAPPER, httpClient, 0.01d));
properties, userFpdActivityMask, MAPPER, httpClient, 0.01d));
}

@Test
public void geoPassingRestrictionShouldBeRespected() {
// given
final Geo givenGeo = Geo.builder()
.lat(52.51671856406936f)
.lon(13.377639726342583f)
.city("Berlin")
.country("Germany")
.build();
final Device givenDevice = Device.builder()
.geo(givenGeo)
.ip("192.168.127.12")
.ifa("foo")
.macsha1("bar")
.macmd5("baz")
.dpidsha1("boo")
.dpidmd5("far")
.didsha1("zoo")
.didmd5("goo")
.build();
final BidRequest givenBidRequest = BidRequest.builder().id("request").device(givenDevice).build();

final Geo expectedGeo = givenGeo.toBuilder()
.country(null)
.city(null)
.lat(52.52f)
.lon(13.38f)
.build();
final Device expectedDevice = givenDevice.toBuilder()
.geo(expectedGeo)
.ip("192.168.127.0")
.ifa(null)
.macsha1(null)
.macmd5(null)
.dpidsha1(null)
.dpidmd5(null)
.didsha1(null)
.didmd5(null)
.build();
final BidRequest expectedBidRequest = givenBidRequest.toBuilder().device(expectedDevice).build();

final Eid expectedEid = Eid.builder().source("liveintent.com").build();

final String responseBody = MAPPER.encodeToString(IdResResponse.of(List.of(expectedEid)));
given(httpClient.post(any(), any(), any(), anyLong()))
.willReturn(Future.succeededFuture(HttpClientResponse.of(200, null, responseBody)));

given(activityInfrastructure.isAllowed(eq(Activity.TRANSMIT_GEO), any())).willReturn(false);
given(activityInfrastructure.isAllowed(eq(Activity.TRANSMIT_UFPD), any())).willReturn(false);

// when
final InvocationResult<AuctionRequestPayload> result =
target.call(AuctionRequestPayloadImpl.of(givenBidRequest), auctionInvocationContext).result();
// then
assertThat(result.status()).isEqualTo(InvocationStatus.success);

verify(httpClient).post(
eq("https://test.com/idres"),
argThat(headers -> headers.contains("Authorization", "Bearer auth_token", true)),
eq(MAPPER.encodeToString(expectedBidRequest)),
eq(5L));
}

@Test
public void tidPassingRestrictionShouldBeRespected() {
// given
final Source givenSource = Source.builder().tid("tid1").build();
final BidRequest givenBidRequest = BidRequest.builder().id("request").source(givenSource).build();

final Source expectedSource = givenSource.toBuilder().tid(null).build();
final BidRequest expectedBidRequest = givenBidRequest.toBuilder().source(expectedSource).build();

final Eid expectedEid = Eid.builder().source("liveintent.com").build();

final String responseBody = MAPPER.encodeToString(IdResResponse.of(List.of(expectedEid)));
given(httpClient.post(any(), any(), any(), anyLong()))
.willReturn(Future.succeededFuture(HttpClientResponse.of(200, null, responseBody)));

given(activityInfrastructure.isAllowed(eq(Activity.TRANSMIT_TID), any())).willReturn(false);
given(activityInfrastructure.isAllowed(eq(Activity.TRANSMIT_UFPD), any())).willReturn(false);

// when
final InvocationResult<AuctionRequestPayload> result =
target.call(AuctionRequestPayloadImpl.of(givenBidRequest), auctionInvocationContext).result();
// then
assertThat(result.status()).isEqualTo(InvocationStatus.success);

verify(httpClient).post(
eq("https://test.com/idres"),
argThat(headers -> headers.contains("Authorization", "Bearer auth_token", true)),
eq(MAPPER.encodeToString(expectedBidRequest)),
eq(5L));
}

@Test
public void eidPassingRestrictionShouldBeRespected() {
// given
final Uid givenUid = Uid.builder().id("id1").atype(2).build();
final Eid givenEid = Eid.builder().source("some.source.com").uids(singletonList(givenUid)).build();
final User givenUser = User.builder().eids(singletonList(givenEid)).build();
final BidRequest givenBidRequest = BidRequest.builder().id("request").user(givenUser).build();

final User expectedUser = givenUser.toBuilder().eids(null).build();
final BidRequest expectedBidRequest = givenBidRequest.toBuilder().user(expectedUser).build();

final Eid expectedEid = Eid.builder().source("liveintent.com").build();

final String responseBody = MAPPER.encodeToString(IdResResponse.of(List.of(expectedEid)));
given(httpClient.post(any(), any(), any(), anyLong()))
.willReturn(Future.succeededFuture(HttpClientResponse.of(200, null, responseBody)));

given(activityInfrastructure.isAllowed(eq(Activity.TRANSMIT_EIDS), any())).willReturn(false);
given(activityInfrastructure.isAllowed(eq(Activity.TRANSMIT_UFPD), any())).willReturn(false);

// when
final InvocationResult<AuctionRequestPayload> result =
target.call(AuctionRequestPayloadImpl.of(givenBidRequest), auctionInvocationContext).result();
// then
assertThat(result.status()).isEqualTo(InvocationStatus.success);

verify(httpClient).post(
eq("https://test.com/idres"),
argThat(headers -> headers.contains("Authorization", "Bearer auth_token", true)),
eq(MAPPER.encodeToString(expectedBidRequest)),
eq(5L));
}

@Test
Expand Down
Loading