Do not set experiment cookie on self managed

8d26442b · Nicolas Dular · David Fernandez · d058aeb3 · 8d26442b · 8d26442b
Commit 8d26442b authored Apr 30, 2021 by Nicolas Dular Committed by David Fernandez Apr 30, 2021
3 changed files
--- a/changelogs/unreleased/nicolasdular-do-not-set-experiment-cookie-on-self-managed.yml
+++ b/changelogs/unreleased/nicolasdular-do-not-set-experiment-cookie-on-self-managed.yml
+---
+title: Do not set experiment cookie on self managed and delete existing cookies
+merge_request: 60419
+author:
+type: fixed
--- a/lib/gitlab/experimentation/controller_concern.rb
+++ b/lib/gitlab/experimentation/controller_concern.rb
@@ -19,13 +19,18 @@ module Gitlab
      end

      def set_experimentation_subject_id_cookie
-        return if cookies[:experimentation_subject_id].present?
-
-        cookies.permanent.signed[:experimentation_subject_id] = {
-          value: SecureRandom.uuid,
-          secure: ::Gitlab.config.gitlab.https,
-          httponly: true
-        }
+        if Gitlab.dev_env_or_com?
+          return if cookies[:experimentation_subject_id].present?
+
+          cookies.permanent.signed[:experimentation_subject_id] = {
+            value: SecureRandom.uuid,
+            secure: ::Gitlab.config.gitlab.https,
+            httponly: true
+          }
+        else
+          # We set the cookie before, although experiments are not conducted on self managed instances.
+          cookies.delete(:experimentation_subject_id)
+        end
      end

      def push_frontend_experiment(experiment_key, subject: nil)

--- a/spec/lib/gitlab/experimentation/controller_concern_spec.rb
+++ b/spec/lib/gitlab/experimentation/controller_concern_spec.rb
@@ -19,12 +19,15 @@ RSpec.describe Gitlab::Experimentation::ControllerConcern, type: :controller do
      }
    )

+    allow(Gitlab).to receive(:dev_env_or_com?).and_return(is_gitlab_com)
+
    Feature.enable_percentage_of_time(:backwards_compatible_test_experiment_experiment_percentage, enabled_percentage)
    Feature.enable_percentage_of_time(:test_experiment_experiment_percentage, enabled_percentage)
  end

  let(:enabled_percentage) { 10 }
  let(:rollout_strategy) { nil }
+  let(:is_gitlab_com) { true }

  controller(ApplicationController) do
    include Gitlab::Experimentation::ControllerConcern
@@ -37,17 +40,17 @@ RSpec.describe Gitlab::Experimentation::ControllerConcern, type: :controller do
  describe '#set_experimentation_subject_id_cookie' do
    let(:do_not_track) { nil }
    let(:cookie) { cookies.permanent.signed[:experimentation_subject_id] }
+    let(:cookie_value) { nil }

    before do
      request.headers['DNT'] = do_not_track if do_not_track.present?
+      request.cookies[:experimentation_subject_id] = cookie_value if cookie_value

      get :index
    end

    context 'cookie is present' do
-      before do
-        cookies[:experimentation_subject_id] = 'test'
-      end
+      let(:cookie_value) { 'test' }

      it 'does not change the cookie' do
        expect(cookies[:experimentation_subject_id]).to eq 'test'
@@ -75,6 +78,24 @@ RSpec.describe Gitlab::Experimentation::ControllerConcern, type: :controller do
        end
      end
    end
+
+    context 'when not on gitlab.com' do
+      let(:is_gitlab_com) { false }
+
+      context 'when cookie was set' do
+        let(:cookie_value) { 'test' }
+
+        it 'cookie gets deleted' do
+          expect(cookie).not_to be_present
+        end
+      end
+
+      context 'when no cookie was set before' do
+        it 'does nothing' do
+          expect(cookie).not_to be_present
+        end
+      end
+    end
  end

  describe '#push_frontend_experiment' do