[FEATURE] Make indexed_search ready for GDPR 76/56676/16
authorGeorg Ringer <georg.ringer@gmail.com>
Mon, 16 Apr 2018 08:46:57 +0000 (10:46 +0200)
committerFrank Naegler <frank.naegler@typo3.org>
Thu, 19 Apr 2018 13:15:08 +0000 (15:15 +0200)
To be compatible with the GDPR, 2 new features are added to
the indexed_search extension:

- Make the index_stat_search table part of the garbage collector task
- Make the IP tracking configurable

Resolves: #84740
Releases: master, 8.7, 7.6
Change-Id: I8e1bcd937a3d4095fb1a048064e82845ff1a5344
Reviewed-on: https://review.typo3.org/56676
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Kay Strobach <typo3@kay-strobach.de>
Tested-by: Kay Strobach <typo3@kay-strobach.de>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Frank Naegler <frank.naegler@typo3.org>
Tested-by: Frank Naegler <frank.naegler@typo3.org>
typo3/sysext/core/Documentation/Changelog/7.6.x/Feature-84740-MakeIndexed_searchReadyForGDPR.rst [new file with mode: 0644]
typo3/sysext/indexed_search/Classes/Controller/SearchController.php
typo3/sysext/indexed_search/Resources/Private/Language/locallang_em.xlf
typo3/sysext/indexed_search/composer.json
typo3/sysext/indexed_search/ext_conf_template.txt
typo3/sysext/indexed_search/ext_emconf.php
typo3/sysext/indexed_search/ext_localconf.php

diff --git a/typo3/sysext/core/Documentation/Changelog/7.6.x/Feature-84740-MakeIndexed_searchReadyForGDPR.rst b/typo3/sysext/core/Documentation/Changelog/7.6.x/Feature-84740-MakeIndexed_searchReadyForGDPR.rst
new file mode 100644 (file)
index 0000000..358a459
--- /dev/null
@@ -0,0 +1,32 @@
+.. include:: ../../Includes.txt
+
+====================================================
+Feature: #84740 - Make indexed_search ready for GDPR
+====================================================
+
+See :issue:`84740`
+
+Description
+===========
+
+The following features have been added to the extension `indexed_search` to make it compatible with the GDPR law:
+
+**Add table `index_stat_search` to the available garbage collector tasks**
+
+Entries of the table `index_stat_search` can now be deleted after a given amount of days by using
+the scheduler task *Table garbage collection* of the extension `scheduler`.
+
+**Make the IP tracking configurable**
+
+Every successful search is tracked in the table `index_stat_search` which includes the IP address of the client as well.
+The :php:`\TYPO3\CMS\Core\Utility\IpAnonymizationUtility` is now used to mask the IP.
+The level of privacy can be configured in the extension configuration in the Install Tool with
+the setting `trackIpInStatistic`. By default it is set to `2`, which means that the host and subnet are masked.
+
+
+Impact
+======
+
+Configure your installation as needed. Define the tracking of the IP address and the removal of not needed search statistics.
+
+.. index:: ext:indexed_search
\ No newline at end of file
index 329e18d..0e7c745 100644 (file)
@@ -22,6 +22,7 @@ use TYPO3\CMS\Core\Database\Query\Restriction\FrontendRestrictionContainer;
 use TYPO3\CMS\Core\Html\HtmlParser;
 use TYPO3\CMS\Core\TypoScript\TypoScriptService;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
+use TYPO3\CMS\Core\Utility\IpAnonymizationUtility;
 use TYPO3\CMS\Core\Utility\MathUtility;
 use TYPO3\CMS\Core\Utility\PathUtility;
 use TYPO3\CMS\Extbase\Utility\LocalizationUtility;
@@ -838,6 +839,12 @@ class SearchController extends \TYPO3\CMS\Extbase\Mvc\Controller\ActionControlle
             return;
         }
 
+        $ipAddress = '';
+        try {
+            $ipMask = isset($this->indexerConfig['trackIpInStatistic']) ? (int)$this->indexerConfig['trackIpInStatistic'] : 2;
+            $ipAddress = IpAnonymizationUtility::anonymizeIp(GeneralUtility::getIndpEnv('REMOTE_ADDR'), $ipMask);
+        } catch (\Exception $e) {
+        }
         $insertFields = [
             'searchstring' => $searchWord,
             'searchoptions' => serialize([$searchParams, $searchWords, $pt]),
@@ -845,7 +852,7 @@ class SearchController extends \TYPO3\CMS\Extbase\Mvc\Controller\ActionControlle
             // cookie as set or retrieved. If people has cookies disabled this will vary all the time
             'cookie' => $GLOBALS['TSFE']->fe_user->id,
             // Remote IP address
-            'IP' => GeneralUtility::getIndpEnv('REMOTE_ADDR'),
+            'IP' => $ipAddress,
             // Number of hits on the search
             'hits' => (int)$count,
             // Time stamp
index a6393f6..15d1c56 100644 (file)
@@ -60,6 +60,9 @@
                        <trans-unit id="indexedsearch.config.useMysqlFulltext">
                                <source>Use MySQL specific fulltext search - Update database schema in install tool after toggling this flag</source>
                        </trans-unit>
+                       <trans-unit id="indexedsearch.config.trackIpInStatistic">
+                               <source>Define the privacy level of the logged IP: 0 for no mask which means no privacy, 1 for masking the host and 2 for masking host and subnet (full privacy)</source>
+                       </trans-unit>
                </body>
        </file>
 </xliff>
index 981f5b8..9e46d77 100644 (file)
@@ -21,6 +21,9 @@
        "replace": {
                "indexed_search": "*"
        },
+       "suggest": {
+               "typo3/cms-scheduler": "For garbage collection of search statistics"
+       },
        "extra": {
                "branch-alias": {
                        "dev-master": "9.3.x-dev"
index c6faa9a..f8be8be 100644 (file)
@@ -19,6 +19,9 @@ ppthtml = /usr/bin/
   # cat=basic; type=string; label=LLL:EXT:indexed_search/Resources/Private/Language/locallang_em.xlf:indexedsearch.config.unrtf
 unrtf = /usr/bin/
 
+# cat=basic; type=int; label=LLL:EXT:indexed_search/Resources/Private/Language/locallang_em.xlf:indexedsearch.config.trackIpInStatistic
+trackIpInStatistic = 2
+
    # cat=basic; type=boolean; label=LLL:EXT:indexed_search/Resources/Private/Language/locallang_em.xlf:indexedsearch.config.debugMode
 debugMode = 0
 
index fa9fb56..5d24ab1 100644 (file)
@@ -16,6 +16,8 @@ $EM_CONF[$_EXTKEY] = [
             'typo3' => '9.3.0',
         ],
         'conflicts' => [],
-        'suggests' => [],
+        'suggests' => [
+            'scheduler' => '',
+        ],
     ],
 ];
index 4bff46a..f5e012d 100644 (file)
@@ -87,3 +87,10 @@ if (isset($extConf['enableMetaphoneSearch']) && (int)$extConf['enableMetaphoneSe
     $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['indexed_search']['metaphone'] = \TYPO3\CMS\IndexedSearch\Utility\DoubleMetaPhoneUtility::class;
 }
 unset($extConf);
+
+if (isset($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['scheduler']['tasks'][\TYPO3\CMS\Scheduler\Task\TableGarbageCollectionTask::class]['options']['tables'])) {
+    $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['scheduler']['tasks'][\TYPO3\CMS\Scheduler\Task\TableGarbageCollectionTask::class]['options']['tables']['index_stat_search'] = [
+        'dateField' => 'tstamp',
+        'expirePeriod' => 90
+    ];
+}