Anonymise customer first and last names

[dacook]

These were added a couple of years ago in #8763 But I guess we never noticed the names weren't getting anonymised.

Now they will be anonymised whenever we run the rake task ofn:data:anonymize. This task is used when refreshing staging servers.

The old 'name' field is still in the DB. It was kept for compatibility during migraiton but never cleaned up. I've added the tech debt task to the welcome new devs board now: #8835

What should we test?

Run the script and check that customer names can not be viewed in the system.

This must be executed on uk_staging because it was recently refreshed from prod and the customer names will still be present. IE:

1. First, add the pr-staged-uk label and wait for the PR to be deployed.
2. While waiting, check that customer names are still visible in the admin interface
3. Once staged, execute the rake task:

   ssh openfoodnetwork@staging.openfoodnetwork.org.uk
   cd apps/openfoodnetwork/current
   RAILS_ENV=staging bundle exec rake ofn:data:anonymize
   

4. Then the customer names should be masked.

Dependencies

• Requires deploying a PR to uk_staging, which is not yet set up: [Upgrade Ubuntu] changes for uk_staging2 ofn-install#937

[dacook]

Testing on fr_staging

Before: real customer names appeared in Admin > Customers (not shown here for privacy reasons of course).

I ran the updated queries directly and it worked:

irb(main):020:0>       Customer.where(user_id: nil)
irb(main):021:1"         .update_all("email = concat(id, '_ofn_customer@example.com'),
irb(main):022:1"                      name = concat('Customer Number ', id, ' (without connected User)'),
irb(main):023:1"                      first_name = concat('Customer Number ', id),
irb(main):024:1"                      last_name = '(without connected User)'")
=> 12744
irb(main):025:0>       Customer.where.not(user_id: nil)
irb(main):026:1"         .update_all("email = concat(user_id, '_ofn_user@example.com'),
irb(main):027:1"                      name = concat('Customer Number ', id, ' - User ', user_id),
irb(main):028:1"                      first_name = concat('Customer Number ', id),
irb(main):029:1"                      last_name = concat('User ', user_id)")
=> 36829

[filipefurtad0]

Hey @dacook ,

I guess this PR is dependent on completing openfoodfoundation/ofn-install#937, right?
Adding the feedback needed label.

[dacook]

Yes you're right, sorry we can't deploy PRs to the new uk staging server yet.

BTW I just noticed a mistake in the description above, have now fixed that.

[RachL]

@filipefurtad0 @dacook i'm removing the feedback needed label as I think this is unblocked now - correct?

[dacook]

Yes, that's correct thanks.
I've updated the testing notes. It would be a good opportunity for Konrad or Filipe to try this out on the server.

[filipefurtad0]

Not sure this is something with the PR - I've noticed this with other PRs today as well - but staging is failing:
https://openfoodnetwork.slack.com/archives/CEF14NU3V/p1730419014612589

So, I was not able to test this...

[mkllnk]

That's odd. You tried to deploy to uk-staging but it looks like it tried to deploy to all staging servers. And maybe another process was deploying at the same time?

[mkllnk]

The deploy script on uk-staging was wrong. It did deploy to all staging servers at the same time. I fixed it manually. I'll ask in Slack what the cause may be.

[filipefurtad0]

Hey, it seems the staging-UK key has changed so I'm getting:

ffurtado@ff-LAT:~$ ssh openfoodnetwork@staging.openfoodnetwork.org.uk
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:FFJDp2QrS/plQeQ/cW8wUE0ihYqDdtEPl5hE34Y+cPo.
Please contact your system administrator.
Add correct host key in /home/ffurtado/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/ffurtado/.ssh/known_hosts:3
  remove with:
  ssh-keygen -f "/home/ffurtado/.ssh/known_hosts" -R "staging.openfoodnetwork.org.uk"
Host key for staging.openfoodnetwork.org.uk has changed and you have requested strict checking.
Host key verification failed.

Where can I find the new key? (posted in #devops too, in case someone is online)

[mkllnk]

You don't need to get a new key from somewhere. The host will supply it. You just have to delete the old keys first:

ssh-keygen -f "/home/ffurtado/.ssh/known_hosts" -R "staging.openfoodnetwork.org.uk"

This warning is to prevent you from connecting to a malicious server pretending to be staging-uk. So if we hadn't changed servers then this warning would be worrying. But since we did change servers, we can forget the old key and ssh will automatically use the new key.

[filipefurtad0]

Thanks for that hint @mkllnk ,

I've managed to log in to the staging server and run the command.

Before running it:

After running the script:

I've noticed though, that email accounts were also anonymized, for example, the account I was using was changed as well - I've noticed this on the top right corner:

(This means our log in information needs to be updated). I'm not sure this was intended. It's not a major issue, but not mentioned on the description - I was expecting only the customer names to be anonymized. Do you think this is ok to be merged as is @dacook ? Please feel free to, if this is ok.

[mkllnk]

I've noticed though, that email accounts were also anonymized

That's necessary because the email address often contains the person's name as well.

[dacook]

Thanks. Perhaps it would be appropriate to skip admin accounts, for convenience. But as we don't frequently refresh staging databases we probably don't need to consider that right now.