Add third party cookie check for CNIL (#23820)

* Update config getter trait to support site specific config

* Add third party cookie settings + tests

* Hook up TrackerConfig to ThirdPartyConfig

Author: caddoo

core/Policy/PolicyManager.php

@@ -25,6 +25,7 @@
 use Piwik\Settings\Plugin\SystemConfigSetting;
 use Piwik\Settings\Plugin\SystemSetting;
 use Piwik\Settings\Setting;
+use Piwik\Tracker\Config\ThirdPartyCookies;
 
 class PolicyManager
 {
@@ -103,6 +104,9 @@ protected static function getAllSettings(?string $settingType = null): array
         $settings = Manager::getInstance()->findMultipleComponents('Settings', SettingValueInterface::class);
         $underPolicy = [];
 
+        // Add core specific settings
+        $settings[] = ThirdPartyCookies::class;
+
         foreach ($settings as $setting) {
             if (!is_a($setting, PolicyComparisonInterface::class, true)) {
                 continue;

core/Settings/Interfaces/ConfigSettingInterface.php

@@ -17,5 +17,5 @@ interface ConfigSettingInterface
     /**
      * @return T
      */
-    public static function getConfigValue();
+    public static function getConfigValue(int $idSite = null);
 }

core/Settings/Interfaces/Traits/Getters/ConfigGetterTrait.php

@@ -22,9 +22,15 @@ trait ConfigGetterTrait
     /**
      * @return T|null
      */
-    public static function getConfigValue()
+    public static function getConfigValue(int $idSite = null)
     {
-        $config = Config::getInstance()->{self::getConfigSection()};
+        $configKey = self::getConfigSection();
+
+        if ($idSite !== null) {
+            $configKey .= '_' . $idSite;
+        }
+
+        $config = Config::getInstance()->{$configKey};
 
         if (is_null($config) || !array_key_exists(self::getConfigSettingName(), $config)) {
             return null;

core/Tracker/Config/ThirdPartyCookies.php

@@ -0,0 +1,114 @@
+<?php
+
+namespace Piwik\Tracker\Config;
+
+use Piwik\Piwik;
+use Piwik\Settings\Interfaces\ConfigSettingInterface;
+use Piwik\Settings\Interfaces\PolicyComparisonInterface;
+use Piwik\Settings\Interfaces\SettingValueInterface;
+use Piwik\Settings\Interfaces\Traits\PolicyComparisonTrait;
+use Piwik\Settings\Interfaces\Traits\Getters\ConfigGetterTrait;
+use Piwik\Policy\CnilPolicy;
+
+/**
+ * @implements ConfigSettingInterface<bool|null>
+ * @implements PolicyComparisonInterface<bool|null>
+ * @implements SettingValueInterface<bool|null>
+ */
+class ThirdPartyCookies implements
+    ConfigSettingInterface,
+    PolicyComparisonInterface,
+    SettingValueInterface
+{
+    /**
+     * @use ConfigGetterTrait<bool|null>
+     */
+    use ConfigGetterTrait;
+
+    /**
+     * @use PolicyComparisonTrait<bool|null>
+     */
+    use PolicyComparisonTrait;
+
+    /**
+     * @var bool|null
+     */
+    private $value;
+
+    private function __construct(?bool $value)
+    {
+        $this->value = $value;
+    }
+
+    protected static function getConfigSection(): string
+    {
+        return 'Tracker';
+    }
+
+    protected static function getConfigSettingName(): string
+    {
+        return 'use_third_party_id_cookie';
+    }
+
+    public static function getPolicyRequirements(): array
+    {
+        return [
+            CnilPolicy::class => false,
+        ];
+    }
+
+    public static function isCompliant(string $policy, ?int $idSite = null): bool
+    {
+        $policyValues = self::getPolicyRequirements();
+
+        if (!array_key_exists($policy, $policyValues)) {
+            return true;
+        }
+
+        $currentValue = self::getInstance($idSite)->getValue();
+
+        return $currentValue === $policyValues[$policy];
+    }
+
+    public static function getComplianceRequirementNote(?int $idSite = null): string
+    {
+        return Piwik::translate('General_ThirdPartyCookieSettingNote');
+    }
+
+    protected static function compareStrictness($value1, $value2): bool
+    {
+        if ($value1 === true && $value2 === true) {
+            return true;
+        }
+        return false;
+    }
+
+    public static function getTitle(): string
+    {
+        return Piwik::translate('General_ThirdPartyCookieSettingTitle');
+    }
+
+    public static function getInstance(?int $idSite = null): self
+    {
+        $values = self::getPolicyRequiredValues($idSite);
+        $configValue = self::getConfigValue($idSite);
+
+        if ($configValue === null) {
+            // Without site ID
+            $configValue = self::getConfigValue();
+        }
+        $values['config'] = $configValue;
+        $strictest = self::getStrictestValueFromArray($values);
+        return new self($strictest);
+    }
+
+    public function getValue()
+    {
+        return $this->value;
+    }
+
+    public static function getInlineHelp(): string
+    {
+        return '';
+    }
+}

core/Tracker/TrackerConfig.php

@@ -10,6 +10,10 @@
 namespace Piwik\Tracker;
 
 use Piwik\Config;
+use Piwik\Container\StaticContainer;
+use Piwik\Plugins\FeatureFlags\FeatureFlagManager;
+use Piwik\Plugins\PrivacyManager\FeatureFlags\PrivacyCompliance;
+use Piwik\Tracker\Config\ThirdPartyCookies;
 
 class TrackerConfig
 {
@@ -28,6 +32,13 @@ public static function setConfigValue($name, $value)
 
     public static function getConfigValue($name, $idSite = null)
     {
+        if ($name === 'use_third_party_id_cookie') {
+            $featureFlagManager = StaticContainer::get(FeatureFlagManager::class);
+            if ($featureFlagManager->isFeatureActive(PrivacyCompliance::class)) {
+                return ThirdPartyCookies::getInstance($idSite)->getValue();
+            }
+        }
+
         $config = self::getConfig();
         if (!empty($idSite)) {
             $siteSpecificConfig = self::getSiteSpecificConfig($idSite);

lang/en.json

@@ -473,6 +473,8 @@
         "Testing": "Testing…",
         "ThankYouForUsingMatomo": "Thank you for using Matomo",
         "TheMatomoTeam": "The Matomo Team",
+        "ThirdPartyCookieSettingTitle": "Third party cookies",
+        "ThirdPartyCookieSettingNote": "Third party cookies must be disabled",
         "TimeAgo": "%s ago",
         "TimeFormat": "Time format",
         "TimeOnPage": "Time on page",

plugins/PrivacyManager/tests/System/expected/test___PrivacyManager.getComplianceStatus.xml

@@ -63,6 +63,11 @@
 			<value>non_compliant</value>
 			<notes>Collection of User ID while tracking must be disabled.</notes>
 		</row>
+		<row>
+			<name>Third party cookies</name>
+			<value>compliant</value>
+			<notes>Third party cookies must be disabled</notes>
+		</row>
 		<row>
 			<name>Opt out</name>
 			<value>unknown</value>

plugins/PrivacyManager/tests/System/expected/test_configControlledDisabled__PrivacyManager.getComplianceStatus.xml

@@ -63,6 +63,11 @@
 			<value>non_compliant</value>
 			<notes>Collection of User ID while tracking must be disabled.</notes>
 		</row>
+		<row>
+			<name>Third party cookies</name>
+			<value>compliant</value>
+			<notes>Third party cookies must be disabled</notes>
+		</row>
 		<row>
 			<name>Opt out</name>
 			<value>unknown</value>

plugins/PrivacyManager/tests/System/expected/test_configControlledEnabled__PrivacyManager.getComplianceStatus.xml

@@ -63,6 +63,11 @@
 			<value>compliant</value>
 			<notes>Collection of User ID while tracking must be disabled.</notes>
 		</row>
+		<row>
+			<name>Third party cookies</name>
+			<value>compliant</value>
+			<notes>Third party cookies must be disabled</notes>
+		</row>
 		<row>
 			<name>Opt out</name>
 			<value>unknown</value>