Remove references to deprecated hashed_account_id (GoogleCloudPlatform#8844)

serargz · web-flow · commit e1d930f139eb · 2023-12-11T11:53:05.000-05:00
The new recommended way to provide the user identifier is through the
`userInfo.accountId` field in the assessment's `event`. In addition to
the user's account id, new fields like phone number, email address and
username can be specified too.

Change-Id: Icd7bdecb8a783e9a148db2f2b50d1df3d222347c
diff --git a/recaptcha_enterprise/snippets/src/main/java/recaptcha/account_defender/AccountDefenderAssessment.java b/recaptcha_enterprise/snippets/src/main/java/recaptcha/account_defender/AccountDefenderAssessment.java
@@ -27,6 +27,8 @@
 import com.google.recaptchaenterprise.v1.ProjectName;
 import com.google.recaptchaenterprise.v1.RiskAnalysis.ClassificationReason;
 import com.google.recaptchaenterprise.v1.TokenProperties;
+import com.google.recaptchaenterprise.v1.UserId;
+import com.google.recaptchaenterprise.v1.UserInfo;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
 import java.security.InvalidKeyException;
@@ -56,21 +58,16 @@ public static void main(String[] args)
     // recaptchaAction: The action name corresponding to the token.
     String recaptchaAction = "recaptcha-action";
 
-    // Unique ID of the customer, such as email, customer ID, etc.
-    String userIdentifier = "default" + UUID.randomUUID().toString().split("-")[0];
+    // Unique ID of the user, such as email, customer ID, etc.
+    String accountId = "default" + UUID.randomUUID().toString().split("-")[0];
 
-    // Change this to a secret not shared with Google.
-    final String HMAC_KEY = "SOME_INTERNAL_UNSHARED_KEY";
+    // User phone number
+    String phoneNumber = "555-987-XXXX";
 
-    // Get instance of Mac object implementing HmacSHA256, and initialize it with the above
-    // secret key.
-    Mac mac = Mac.getInstance("HmacSHA256");
-    mac.init(new SecretKeySpec(HMAC_KEY.getBytes(StandardCharsets.UTF_8),
-        "HmacSHA256"));
-    byte[] hashBytes = mac.doFinal(userIdentifier.getBytes(StandardCharsets.UTF_8));
-    ByteString hashedAccountId = ByteString.copyFrom(hashBytes);
+    // User email address
+    String emailAddress = "john.doe@example.com";
 
-    accountDefenderAssessment(projectId, recaptchaSiteKey, token, recaptchaAction, hashedAccountId);
+    accountDefenderAssessment(projectId, recaptchaSiteKey, token, recaptchaAction, accountId, phoneNumber, emailAddress);
   }
 
   /**
@@ -84,19 +81,26 @@ public static void accountDefenderAssessment(
       String recaptchaSiteKey,
       String token,
       String recaptchaAction,
-      ByteString hashedAccountId)
+      String accountId,
+      String phoneNumber,
+      String emailAddress)
       throws IOException {
     try (RecaptchaEnterpriseServiceClient client = RecaptchaEnterpriseServiceClient.create()) {
 
       // Set the properties of the event to be tracked.
-      Event event =
+      Event.Builder eventBuilder =
           Event.newBuilder()
               .setSiteKey(recaptchaSiteKey)
-              .setToken(token)
-              // Set the hashed account id (of the user).
-              // Recommended approach: HMAC SHA256 along with salt (or secret key).
-              .setHashedAccountId(hashedAccountId)
-              .build();
+              .setToken(token);
+
+      // Set the account id, email address and phone number (of the user).
+      eventBuilder.setUserInfo(
+        UserInfo.newBuilder()
+          .setAccountId(accountId)
+          .addUserIds(UserId.newBuilder().setEmail(emailAddress))
+          .addUserIds(UserId.newBuilder().setPhoneNumber(phoneNumber)));
+
+      Event event = eventBuilder.build();
 
       // Build the assessment request.
       CreateAssessmentRequest createAssessmentRequest =
diff --git a/recaptcha_enterprise/snippets/src/main/java/recaptcha/account_defender/AnnotateAccountDefenderAssessment.java b/recaptcha_enterprise/snippets/src/main/java/recaptcha/account_defender/AnnotateAccountDefenderAssessment.java
@@ -27,6 +27,7 @@
 import com.google.recaptchaenterprise.v1.AssessmentName;
 import java.io.IOException;
 import java.security.NoSuchAlgorithmException;
+import java.util.UUID;
 
 public class AnnotateAccountDefenderAssessment {
 
@@ -38,18 +39,18 @@ public static void main(String[] args) throws IOException, NoSuchAlgorithmExcept
     // assessmentId: Value of the 'name' field returned from the CreateAssessment call.
     String assessmentId = "account-defender-assessment-id";
 
-    // hashedAccountId: Set the hashedAccountId corresponding to the assessment id.
-    ByteString hashedAccountId = ByteString.copyFrom(new byte[] {});
+    // accountId: Set the accountId corresponding to the assessment id.
+    String accountId = "default" + UUID.randomUUID().toString().split("-")[0];
 
-    annotateAssessment(projectID, assessmentId, hashedAccountId);
+    annotateAssessment(projectID, assessmentId, accountId);
   }
 
   /**
    * Pre-requisite: Create an assessment before annotating. Annotate an assessment to provide
    * feedback on the correctness of recaptcha prediction.
    */
   public static void annotateAssessment(
-      String projectID, String assessmentId, ByteString hashedAccountId) throws IOException {
+      String projectID, String assessmentId, String accountId) throws IOException {
 
     try (RecaptchaEnterpriseServiceClient client = RecaptchaEnterpriseServiceClient.create()) {
       // Build the annotation request.
@@ -60,7 +61,7 @@ public static void annotateAssessment(
               .setName(AssessmentName.of(projectID, assessmentId).toString())
               .setAnnotation(Annotation.LEGITIMATE)
               .addReasons(Reason.PASSED_TWO_FACTOR)
-              .setHashedAccountId(hashedAccountId)
+              .setAccountId(accountId)
               .build();
 
       // Empty response is sent back.
diff --git a/recaptcha_enterprise/snippets/src/test/java/app/SnippetsIT.java b/recaptcha_enterprise/snippets/src/test/java/app/SnippetsIT.java
@@ -182,6 +182,7 @@ public void testCreateAnnotateAccountDefender()
       ExecutionException, InvalidKeyException {
 
     String testURL = "http://localhost:" + randomServerPort + "/";
+    String accountId = "default-" + UUID.randomUUID().toString().split("-")[0];
 
     // Secret not shared with Google.
     String HMAC_KEY = "123456789";
@@ -191,21 +192,19 @@ public void testCreateAnnotateAccountDefender()
     SecretKeySpec secretKeySpec = new SecretKeySpec(HMAC_KEY.getBytes(StandardCharsets.UTF_8),
         "HmacSHA256");
     mac.init(secretKeySpec);
-    byte[] hashBytes = mac.doFinal(
-        ("default-" + UUID.randomUUID().toString().split("-")[0])
-            .getBytes(StandardCharsets.UTF_8));
-    ByteString hashedAccountId = ByteString.copyFrom(hashBytes);
+    byte[] hashBytes = mac.doFinal(accountId.getBytes(StandardCharsets.UTF_8));
+    asdfByteString hashedAccountId = ByteString.copyFrom(hashBytes);
 
     // Create the assessment.
     JSONObject createAssessmentResult =
-        createAssessment(testURL, hashedAccountId, AssessmentType.ACCOUNT_DEFENDER);
+        createAssessment(testURL, accountId, AssessmentType.ACCOUNT_DEFENDER);
     String assessmentName = createAssessmentResult.getString("assessmentName");
     // Verify that the assessment name has been modified post the assessment creation.
     assertThat(assessmentName).isNotEmpty();
 
     // Annotate the assessment.
     AnnotateAccountDefenderAssessment.annotateAssessment(
-        PROJECT_ID, assessmentName, hashedAccountId);
+        PROJECT_ID, assessmentName, accountId);
     assertThat(stdOut.toString()).contains("Annotated response sent successfully ! ");
 
     // NOTE: The below assert statements have no significant effect,
@@ -247,7 +246,7 @@ public void testPasswordLeakAssessment()
   }
 
   public JSONObject createAssessment(
-      String testURL, ByteString hashedAccountId, AssessmentType assessmentType)
+      String testURL, String accountId, AssessmentType assessmentType)
       throws IOException, JSONException, InterruptedException, ExecutionException {
 
     // Setup the automated browser test and retrieve the token and action.
@@ -262,7 +261,7 @@ public JSONObject createAssessment(
               RECAPTCHA_SITE_KEY_1,
               tokenActionPair.getString("token"),
               tokenActionPair.getString("action"),
-              hashedAccountId);
+              accountId);
           break;
         }
       case ASSESSMENT:
@@ -280,7 +279,7 @@ public JSONObject createAssessment(
     String response = stdOut.toString();
     assertThat(response).contains("Assessment name: ");
     assertThat(response).contains("The reCAPTCHA score is: ");
-    if (!hashedAccountId.isEmpty()) {
+    if (!accountId.isEmpty()) {
       assertThat(response).contains("Account Defender Assessment Result: ");
     }
 
