@tantainnovative/ndpr-toolkit 1.0.1 → 1.0.3

package/packages/ndpr-toolkit/src/__tests__/hooks/useDSR.test.tsx

@@ -0,0 +1,330 @@
+import { renderHook, act } from '@testing-library/react';
+import { useDSR } from '../../hooks/useDSR';
+import React from 'react';
+import { DSRRequest, RequestType } from '../../types/dsr';
+
+// Mock localStorage
+const mockLocalStorage = (() => {
+  let store: Record<string, string> = {};
+  return {
+    getItem: jest.fn((key: string) => store[key] || null),
+    setItem: jest.fn((key: string, value: string) => {
+      store[key] = value.toString();
+    }),
+    removeItem: jest.fn((key: string) => {
+      delete store[key];
+    }),
+    clear: jest.fn(() => {
+      store = {};
+    }),
+  };
+})();
+
+Object.defineProperty(window, 'localStorage', {
+  value: mockLocalStorage,
+});
+
+describe('useDSR', () => {
+  beforeEach(() => {
+    mockLocalStorage.clear();
+    jest.clearAllMocks();
+  });
+
+  const mockRequestTypes: RequestType[] = [
+    {
+      id: 'access',
+      name: 'Access Request',
+      description: 'Request to access your personal data',
+      estimatedCompletionTime: 30,
+      requiresAdditionalInfo: false
+    },
+    {
+      id: 'erasure',
+      name: 'Erasure Request',
+      description: 'Request to delete your personal data',
+      estimatedCompletionTime: 45,
+      requiresAdditionalInfo: false
+    },
+    {
+      id: 'rectification',
+      name: 'Rectification Request',
+      description: 'Request to correct your personal data',
+      estimatedCompletionTime: 15,
+      requiresAdditionalInfo: true
+    }
+  ];
+
+  it('should initialize with empty requests array', () => {
+    const { result } = renderHook(() => useDSR({
+      requestTypes: mockRequestTypes,
+      storageKey: 'test-dsr',
+      useLocalStorage: true
+    }));
+
+    expect(result.current.requests).toEqual([]);
+  });
+
+  it('should submit a new DSR request', () => {
+    const { result } = renderHook(() => useDSR({
+      requestTypes: mockRequestTypes,
+      storageKey: 'test-dsr',
+      useLocalStorage: true
+    }));
+
+    act(() => {
+      result.current.submitRequest({
+        type: 'access',
+        subject: {
+          name: 'John Doe',
+          email: 'john@example.com',
+        },
+        createdAt: Date.now(),
+        description: 'I want to access my data',
+      });
+    });
+
+    expect(result.current.requests.length).toBe(1);
+    expect(result.current.requests[0].type).toBe('access');
+    expect(result.current.requests[0].status).toBe('pending');
+    expect(result.current.requests[0].subject.name).toBe('John Doe');
+    expect(result.current.requests[0].id).toBeDefined();
+    expect(result.current.requests[0].createdAt).toBeDefined();
+    expect(result.current.requests[0].updatedAt).toBeDefined();
+  });
+
+  it('should get a request by ID', () => {
+    const { result } = renderHook(() => useDSR({
+      requestTypes: mockRequestTypes,
+      storageKey: 'test-dsr',
+      useLocalStorage: true
+    }));
+
+    // Initialize requestId with a default value
+    let requestId: string = '';
+
+    act(() => {
+      const request = result.current.submitRequest({
+        type: 'access',
+        subject: {
+          name: 'John Doe',
+          email: 'john@example.com',
+        },
+        createdAt: Date.now(),
+      });
+      requestId = request.id;
+    });
+
+    const retrievedRequest = result.current.getRequest(requestId);
+    expect(retrievedRequest).toBeDefined();
+    expect(retrievedRequest?.id).toBe(requestId);
+  });
+
+  it('should update a request', () => {
+    const { result } = renderHook(() => useDSR({
+      requestTypes: mockRequestTypes,
+      storageKey: 'test-dsr',
+      useLocalStorage: true
+    }));
+
+    let requestId = '';
+
+    act(() => {
+      const request = result.current.submitRequest({
+        type: 'access',
+        subject: {
+          name: 'John Doe',
+          email: 'john@example.com',
+        },
+        createdAt: Date.now(),
+      });
+      requestId = request.id;
+    });
+
+    act(() => {
+      result.current.updateRequest(requestId!, {
+        status: 'inProgress',
+        internalNotes: [
+          {
+            timestamp: Date.now(),
+            author: 'Admin',
+            note: 'Working on this request',
+          },
+        ],
+      });
+    });
+
+    const updatedRequest = result.current.getRequest(requestId!);
+    expect(updatedRequest?.status).toBe('inProgress');
+    expect(updatedRequest?.internalNotes?.length).toBe(1);
+    expect(updatedRequest?.internalNotes?.[0].author).toBe('Admin');
+  });
+
+  it('should clear all requests', () => {
+    const { result } = renderHook(() => useDSR({
+      requestTypes: mockRequestTypes,
+      storageKey: 'test-dsr',
+      useLocalStorage: true
+    }));
+
+    act(() => {
+      result.current.submitRequest({
+        type: 'access',
+        subject: {
+          name: 'John Doe',
+          email: 'john@example.com',
+        },
+        createdAt: Date.now(),
+      });
+    });
+
+    expect(result.current.requests.length).toBe(1);
+
+    act(() => {
+      result.current.clearRequests();
+    });
+
+    expect(result.current.requests.length).toBe(0);
+  });
+
+  it('should filter requests by type', () => {
+    const { result } = renderHook(() => useDSR({
+      requestTypes: mockRequestTypes,
+      storageKey: 'test-dsr',
+      useLocalStorage: true
+    }));
+
+    act(() => {
+      result.current.submitRequest({
+        type: 'access',
+        subject: {
+          name: 'John Doe',
+          email: 'john@example.com',
+        },
+        createdAt: Date.now(),
+      });
+
+      result.current.submitRequest({
+        type: 'erasure',
+        subject: {
+          name: 'Jane Smith',
+          email: 'jane@example.com',
+        },
+        createdAt: Date.now(),
+      });
+
+      result.current.submitRequest({
+        type: 'access',
+        subject: {
+          name: 'Bob Johnson',
+          email: 'bob@example.com',
+        },
+        createdAt: Date.now(),
+      });
+    });
+
+    const accessRequests = result.current.getRequestsByType('access');
+    expect(accessRequests.length).toBe(2);
+    expect(accessRequests[0].subject.name).toBe('John Doe');
+    expect(accessRequests[1].subject.name).toBe('Bob Johnson');
+
+    const erasureRequests = result.current.getRequestsByType('erasure');
+    expect(erasureRequests.length).toBe(1);
+    expect(erasureRequests[0].subject.name).toBe('Jane Smith');
+  });
+
+  it('should filter requests by status', () => {
+    const { result } = renderHook(() => useDSR({
+      requestTypes: mockRequestTypes,
+      storageKey: 'test-dsr',
+      useLocalStorage: true
+    }));
+
+    let requestId: string = '';
+
+    act(() => {
+      result.current.submitRequest({
+        type: 'access',
+        subject: {
+          name: 'John Doe',
+          email: 'john@example.com',
+        },
+        createdAt: Date.now(),
+      });
+
+      const request = result.current.submitRequest({
+        type: 'erasure',
+        subject: {
+          name: 'Jane Smith',
+          email: 'jane@example.com',
+        },
+        createdAt: Date.now(),
+      });
+      requestId = request.id;
+
+      result.current.submitRequest({
+        type: 'rectification',
+        subject: {
+          name: 'Bob Johnson',
+          email: 'bob@example.com',
+        },
+        createdAt: Date.now(),
+      });
+    });
+
+    act(() => {
+      result.current.updateRequest(requestId!, {
+        status: 'completed',
+      });
+    });
+
+    const pendingRequests = result.current.getRequestsByStatus('pending');
+    expect(pendingRequests.length).toBe(2);
+
+    const completedRequests = result.current.getRequestsByStatus('completed');
+    expect(completedRequests.length).toBe(1);
+    expect(completedRequests[0].subject.name).toBe('Jane Smith');
+  });
+
+  it('should format a request', () => {
+    const { result } = renderHook(() => useDSR({
+      requestTypes: mockRequestTypes,
+      storageKey: 'test-dsr',
+      useLocalStorage: true
+    }));
+
+    let request: DSRRequest | null = null;
+
+    act(() => {
+      request = result.current.submitRequest({
+        type: 'access',
+        subject: {
+          name: 'John Doe',
+          email: 'john@example.com',
+        },
+        createdAt: Date.now(),
+      });
+    });
+
+    expect(request).not.toBeNull();
+    
+    if (request) {
+      const formattedRequest = result.current.formatRequest(request);
+      expect(formattedRequest).toBeDefined();
+      expect(formattedRequest.requestType).toBe('access');
+      expect(formattedRequest.dataSubject.name).toBe('John Doe');
+    }
+  });
+
+  it('should get request type by ID', () => {
+    const { result } = renderHook(() => useDSR({
+      requestTypes: mockRequestTypes,
+      storageKey: 'test-dsr',
+      useLocalStorage: true
+    }));
+
+    const requestType = result.current.getRequestType('access');
+    expect(requestType).toBeDefined();
+    expect(requestType?.name).toBe('Access Request');
+    expect(requestType?.estimatedCompletionTime).toBe(30);
+  });
+});

package/packages/ndpr-toolkit/src/__tests__/utils/breach.test.ts

@@ -0,0 +1,149 @@
+import { calculateBreachSeverity } from '../../utils/breach';
+import { BreachReport, RiskAssessment } from '../../types/breach';
+
+describe('calculateBreachSeverity', () => {
+  const breachReport: BreachReport = {
+    id: 'breach-123',
+    title: 'Database Breach',
+    description: 'Unauthorized access to customer database',
+    category: 'unauthorized_access',
+    discoveredAt: 1620000000000,
+    occurredAt: 1619900000000,
+    reportedAt: 1620010000000,
+    reporter: {
+      name: 'John Smith',
+      email: 'john@example.com',
+      department: 'IT Security',
+      phone: '1234567890'
+    },
+    affectedSystems: ['customer-db', 'payment-system'],
+    dataTypes: ['personal', 'financial'],
+    estimatedAffectedSubjects: 1000,
+    status: 'contained'
+  };
+
+  it('should calculate high severity for sensitive data and large number of affected subjects', () => {
+    const assessment: RiskAssessment = {
+      id: 'risk-123',
+      breachId: 'breach-123',
+      assessor: {
+        name: 'John Doe',
+        role: 'DPO',
+        email: 'dpo@example.com'
+      },
+      assessedAt: 1620000000000,
+      confidentialityImpact: 4,
+      integrityImpact: 3,
+      availabilityImpact: 3,
+      harmLikelihood: 4,
+      harmSeverity: 4,
+      overallRiskScore: 16,
+      riskLevel: 'high',
+      risksToRightsAndFreedoms: true,
+      highRisksToRightsAndFreedoms: true,
+      justification: 'High risk due to sensitive financial data'
+    };
+
+    const result = calculateBreachSeverity(breachReport, assessment);
+    
+    expect(result.severityLevel).toBe('high');
+    expect(result.notificationRequired).toBe(true);
+    expect(result.urgentNotificationRequired).toBe(true);
+    expect(result.timeframeHours).toBe(72);
+    expect(result.justification).toBe('High risk due to sensitive financial data');
+  });
+
+  it('should calculate medium severity for non-sensitive data with medium impact', () => {
+    const assessment: RiskAssessment = {
+      id: 'risk-456',
+      breachId: 'breach-456',
+      assessor: {
+        name: 'Jane Smith',
+        role: 'Security Officer',
+        email: 'security@example.com'
+      },
+      assessedAt: 1620100000000,
+      confidentialityImpact: 3,
+      integrityImpact: 2,
+      availabilityImpact: 2,
+      harmLikelihood: 3,
+      harmSeverity: 3,
+      overallRiskScore: 9,
+      riskLevel: 'medium',
+      risksToRightsAndFreedoms: true,
+      highRisksToRightsAndFreedoms: false,
+      justification: 'Medium risk due to personal data exposure'
+    };
+
+    const result = calculateBreachSeverity(breachReport, assessment);
+    
+    expect(result.severityLevel).toBe('medium');
+    expect(result.notificationRequired).toBe(true);
+    expect(result.urgentNotificationRequired).toBe(false);
+    expect(result.timeframeHours).toBe(72);
+    expect(result.justification).toBe('Medium risk due to personal data exposure');
+  });
+
+  it('should calculate low severity for contained breach with low impact', () => {
+    const assessment: RiskAssessment = {
+      id: 'risk-789',
+      breachId: 'breach-789',
+      assessor: {
+        name: 'Alex Johnson',
+        role: 'Compliance Manager',
+        email: 'compliance@example.com'
+      },
+      assessedAt: 1620200000000,
+      confidentialityImpact: 1,
+      integrityImpact: 1,
+      availabilityImpact: 2,
+      harmLikelihood: 2,
+      harmSeverity: 1,
+      overallRiskScore: 2,
+      riskLevel: 'low',
+      risksToRightsAndFreedoms: false,
+      highRisksToRightsAndFreedoms: false,
+      justification: 'Low risk due to minimal data exposure'
+    };
+
+    const result = calculateBreachSeverity(breachReport, assessment);
+    
+    expect(result.severityLevel).toBe('low');
+    expect(result.notificationRequired).toBe(false);
+    expect(result.urgentNotificationRequired).toBe(false);
+    expect(result.timeframeHours).toBe(72);
+    expect(result.justification).toBe('Low risk due to minimal data exposure');
+  });
+
+  it('should calculate severity based on breach report when no assessment is provided', () => {
+    // Create a breach report with sensitive data and large scale
+    const sensitiveBreachReport: BreachReport = {
+      ...breachReport,
+      dataTypes: ['personal', 'financial', 'health'],
+      estimatedAffectedSubjects: 5000,
+      status: 'ongoing'
+    };
+
+    const result = calculateBreachSeverity(sensitiveBreachReport);
+    
+    // With 3 severity factors (sensitive data, large scale, ongoing), it should be critical
+    expect(result.severityLevel).toBe('critical');
+    expect(result.notificationRequired).toBe(true);
+    expect(result.urgentNotificationRequired).toBe(true);
+    expect(result.timeframeHours).toBe(72);
+    expect(result.justification).toContain('Critical risk');
+  });
+
+  it('should always require notification for ongoing breaches', () => {
+    const ongoingBreachReport: BreachReport = {
+      ...breachReport,
+      status: 'ongoing',
+      dataTypes: ['personal']
+    };
+
+    const result = calculateBreachSeverity(ongoingBreachReport);
+    
+    expect(result.notificationRequired).toBe(true);
+    expect(result.justification).toContain('Medium risk');
+  });
+});

package/packages/ndpr-toolkit/src/__tests__/utils/consent.test.ts

@@ -0,0 +1,88 @@
+import { validateConsent } from '../../utils/consent';
+import { ConsentSettings } from '../../types/consent';
+
+describe('validateConsent', () => {
+  it('should validate valid consent settings', () => {
+    const settings: ConsentSettings = {
+      consents: {
+        necessary: true,
+        analytics: false,
+        marketing: true
+      },
+      timestamp: Date.now(),
+      version: '1.0',
+      method: 'banner',
+      hasInteracted: true
+    };
+
+    const result = validateConsent(settings);
+    expect(result.valid).toBe(true);
+    expect(result.errors).toEqual([]);
+  });
+
+  it('should invalidate settings with missing consents', () => {
+    const settings: ConsentSettings = {
+      consents: {},
+      timestamp: Date.now(),
+      version: '1.0',
+      method: 'banner',
+      hasInteracted: true
+    };
+
+    const result = validateConsent(settings);
+    expect(result.valid).toBe(false);
+    expect(result.errors).toContain('Consent settings must include at least one consent option');
+  });
+
+  it('should invalidate settings with missing timestamp', () => {
+    const settings = {
+      consents: { necessary: true },
+      version: '1.0',
+      method: 'banner',
+      hasInteracted: true
+    } as unknown as ConsentSettings;
+
+    const result = validateConsent(settings);
+    expect(result.valid).toBe(false);
+    expect(result.errors).toContain('Consent timestamp is required');
+  });
+
+  it('should invalidate settings with missing version', () => {
+    const settings = {
+      consents: { necessary: true },
+      timestamp: Date.now(),
+      method: 'banner',
+      hasInteracted: true
+    } as unknown as ConsentSettings;
+
+    const result = validateConsent(settings);
+    expect(result.valid).toBe(false);
+    expect(result.errors).toContain('Consent version is required');
+  });
+
+  it('should invalidate settings with missing method', () => {
+    const settings = {
+      consents: { necessary: true },
+      timestamp: Date.now(),
+      version: '1.0',
+      hasInteracted: true
+    } as unknown as ConsentSettings;
+
+    const result = validateConsent(settings);
+    expect(result.valid).toBe(false);
+    expect(result.errors).toContain('Consent collection method is required');
+  });
+
+  it('should invalidate settings with missing hasInteracted', () => {
+    const settings = {
+      consents: { necessary: true },
+      timestamp: Date.now(),
+      version: '1.0',
+      method: 'banner'
+    } as unknown as ConsentSettings;
+
+    const result = validateConsent(settings);
+    expect(result.valid).toBe(false);
+    expect(result.errors).toContain('User interaction status is required');
+  });
+});