Closed Xymmer closed 5 years ago
The idea is to display a consent dialog to an anonymous user, once they visit Spartacus. The dialog should contain a list of all anonymous consents (anonymous consents are the same as regular consents, but with exposed
property set to true
; see the last column here) and an option to give/withdraw each consent. The anonymous user should be able to close and re-open the dialog at any time, in case they change their mind.
The anonymous consents are exchanged between Spartacus and the server in a stateless way, using X-Anonymous-Consents
HTTP header. With each request to the server, the X-Anonymous-Consents
should be sent to the server. When an anonymous user gives/withdraws a consent, the corresponding consent's consentState
field is changed to reflect the new state. (if we want to support the case when the user logs out and the previously given anonymous consents are restored, the only way to do that is to append the X-Anonymous-Consents
header with every request, not just anonymous ones.).
There are three edge cases:
/users/anonymous/consenttemplates
localStorage
.
user
state slice is cleared. The state slice for anonymous consents should be a new feature state called e.g. anonymous-consents
.x
button. This toggle information should be stored in the dialogs.anonymous-consents
. consentState
of it? Should the state be the same as before, e.g. if it was given before, should the consentState
be GIVEN
? Or it should null
, because it's the new version?]Pending.
Some WIP wireframes can be seen here.
localStorage
in the register.component.ts
and wired, so that when a user registers, the consent's state is persisted and the user can see that the status of it on the consent management page.To see the flow in action, use this postman collection, starting from the linked API call ("Anonymous consents - Get List").
To have the necessary anonymous consents in your local back-end, you can use this impex.
decodeURIComponent()
. When sending the anonymous consents back to the server, use encodeURIComponent()
. NOTE that these methods are not available in SSR
mode.consentState
property of the corresponding consent should be changed:
consentState
should have GIVEN
string value.consentState
should have WITHDRAWN
string value.X-Anonymous-Consents
header is not sent to the server, and the request is for an anonymous user, the server will respond with all anonymous consents (but their status is going to be set to null
)AnonymousConsentsInterceptor
) should handle the exchange of X-Anonymous-Consents
header between Spartacus and the server by storing/pulling the consents to/from localStorage
. Please, consider the fact that the Window
object is not available in SSR
mode, thus making the localStorage
API also not available in SSR
mode.consentState
properties. An e2e test should cover this case.loading
, loaded
and success
flags."Cookie" consent is not the topic here, this section is just a clarification.
A quick note about "cookie" being quoted in this section: we're probably not going to use the actual cookies as an authentication method and a way to track user's sessions.
The cookie banner in the old accelerator looks like this:
Looking at the old accelerator implementation, it seems that the "cookie" consent is not implemented using consents per se.
"Cookie consent" is just a CMS component that's rendered on a jsp
page.
The consent text is pulled from a *properties
file using a translation key.
After giving the consent (or maybe even just closing the cookie banner), a javascript is activated that places a cookie in the browser. There's no actual way of declining the cookie, and the decision is enforced to the user.
We could improve this by leveraging the actual consents:
STORE_USER_INFORMATION
(this requires from clients to put this consent as part of their "sample" data)anonymous consents
effortSTORE_USER_INFORMATION
consent from the consent management pageMore about the cookie consent issue here.
Linking spike ticket: #2124
Really sorry, this is irelevant of this but I was trying using the UserConsentService but i am getting this error core.js:6498 ERROR TypeError: Cannot read properties of undefined (reading 'consents'), and this warning @ngrx/store: The feature name "user" does not exist in the state, therefore createFeatureSelector cannot access it. Be sure it is imported in a loaded module using StoreModule.forRoot('user', ...) or StoreModule.forFeature('user', ...). If the default state is intended to be undefined, as is the case with router state, this development-only warning message can be ignored.
can anyone please help, I have accessed this service in a guard after the login guard
Master ticket for implementing Anonymous Consent. Project is https://github.com/SAP/cloud-commerce-spartacus-storefront/projects/35