@tantainnovative/ndpr-toolkit 1.0.2 → 1.0.3

package/packages/ndpr-toolkit/src/__tests__/utils/dpia.test.ts

@@ -0,0 +1,160 @@
+import { assessDPIARisk } from '../../utils/dpia';
+import { DPIAResult, DPIARisk } from '../../types/dpia';
+
+describe('assessDPIARisk', () => {
+  it('should correctly assess risk based on high risk data', () => {
+    // Create a DPIA result with high risks
+    const dpiaResult: DPIAResult = {
+      id: '123',
+      title: 'Test DPIA',
+      processingDescription: 'Processing sensitive customer data',
+      startedAt: Date.now(),
+      assessor: {
+        name: 'John Doe',
+        role: 'DPO',
+        email: 'john@example.com'
+      },
+      answers: {
+        q1: 'yes',
+        q2: 'large'
+      },
+      risks: [
+        {
+          id: 'risk_1',
+          description: 'Processing involves sensitive personal data',
+          likelihood: 5,
+          impact: 5,
+          score: 25,
+          level: 'high',
+          mitigated: false,
+          relatedQuestionIds: ['q1']
+        },
+        {
+          id: 'risk_2',
+          description: 'Large volume of data being processed',
+          likelihood: 5,
+          impact: 5,
+          score: 25,
+          level: 'high',
+          mitigated: false,
+          relatedQuestionIds: ['q2']
+        },
+        {
+          id: 'risk_3',
+          description: 'Another high risk factor',
+          likelihood: 5,
+          impact: 5,
+          score: 25,
+          level: 'high',
+          mitigated: false,
+          relatedQuestionIds: ['q3']
+        }
+      ],
+      overallRiskLevel: 'low', // Will be updated by the function
+      canProceed: true, // Will be updated by the function
+      conclusion: 'Initial conclusion',
+      version: '1.0'
+    };
+
+    const result = assessDPIARisk(dpiaResult);
+    
+    expect(result.overallRiskLevel).toBe('high');
+    expect(result.requiresConsultation).toBe(true);
+    expect(result.canProceed).toBe(false);
+    expect(result.recommendations.length).toBeGreaterThan(0);
+  });
+
+  it('should handle medium risk levels', () => {
+    // Create a DPIA result with medium risks
+    const dpiaResult: DPIAResult = {
+      id: '456',
+      title: 'Test DPIA',
+      processingDescription: 'Processing customer data',
+      startedAt: Date.now(),
+      assessor: {
+        name: 'Jane Smith',
+        role: 'Privacy Officer',
+        email: 'jane@example.com'
+      },
+      answers: {
+        q1: 'no',
+        q2: 'medium'
+      },
+      risks: [
+        {
+          id: 'risk_1',
+          description: 'Medium volume of data being processed',
+          likelihood: 3,
+          impact: 3,
+          score: 9,
+          level: 'medium',
+          mitigated: false,
+          relatedQuestionIds: ['q2']
+        },
+        {
+          id: 'risk_2',
+          description: 'Another medium risk factor',
+          likelihood: 3,
+          impact: 3,
+          score: 9,
+          level: 'medium',
+          mitigated: false,
+          relatedQuestionIds: ['q3']
+        }
+      ],
+      overallRiskLevel: 'low', // Will be updated by the function
+      canProceed: true, // Will be updated by the function
+      conclusion: 'Initial conclusion',
+      version: '1.0'
+    };
+
+    const result = assessDPIARisk(dpiaResult);
+    
+    expect(result.overallRiskLevel).toBe('medium');
+    expect(result.requiresConsultation).toBe(false);
+    expect(result.canProceed).toBe(true);
+    expect(result.recommendations.length).toBeGreaterThan(0);
+  });
+
+  it('should handle low risk levels', () => {
+    // Create a DPIA result with no significant risks
+    const dpiaResult: DPIAResult = {
+      id: '789',
+      title: 'Test DPIA',
+      processingDescription: 'Processing minimal customer data',
+      startedAt: Date.now(),
+      assessor: {
+        name: 'Alex Johnson',
+        role: 'Compliance Manager',
+        email: 'alex@example.com'
+      },
+      answers: {
+        q1: 'Marketing purposes',
+        q2: 'small'
+      },
+      risks: [
+        {
+          id: 'risk_1',
+          description: 'Small volume of data being processed',
+          likelihood: 1,
+          impact: 1,
+          score: 1,
+          level: 'low',
+          mitigated: true,
+          relatedQuestionIds: ['q2']
+        }
+      ],
+      overallRiskLevel: 'low', // Will be updated by the function
+      canProceed: true, // Will be updated by the function
+      conclusion: 'Initial conclusion',
+      version: '1.0'
+    };
+
+    const result = assessDPIARisk(dpiaResult);
+    
+    expect(result.overallRiskLevel).toBe('low');
+    expect(result.requiresConsultation).toBe(false);
+    expect(result.canProceed).toBe(true);
+    expect(result.recommendations.length).toBeGreaterThan(0);
+  });
+});

package/packages/ndpr-toolkit/src/__tests__/utils/dsr.test.ts

@@ -0,0 +1,110 @@
+import { formatDSRRequest } from '../../utils/dsr';
+import { DSRRequest, DSRType, DSRStatus } from '../../types/dsr';
+
+describe('formatDSRRequest', () => {
+  it('should format a DSR request correctly', () => {
+    const request: DSRRequest = {
+      id: '123',
+      type: 'access',
+      status: 'pending',
+      createdAt: 1620000000000,
+      updatedAt: 1620000000000,
+      subject: {
+        name: 'John Doe',
+        email: 'john@example.com',
+        phone: '1234567890'
+      },
+      description: 'I want to access my data'
+    };
+
+    const result = formatDSRRequest(request);
+    
+    expect(result.isValid).toBe(true);
+    expect(result.formattedRequest.dataSubject.name).toBe('John Doe');
+    expect(result.formattedRequest.requestType).toBe('access');
+    expect(result.formattedRequest.status).toBe('pending');
+    expect(result.formattedRequest.dataSubject.email).toBe('john@example.com');
+    expect(result.formattedRequest.additionalInformation).toEqual({});
+    expect(result.validationErrors.length).toBe(0);
+  });
+
+  it('should handle missing optional fields', () => {
+    const request: DSRRequest = {
+      id: '456',
+      type: 'erasure',
+      status: 'completed',
+      createdAt: 1620000000000,
+      updatedAt: 1620100000000,
+      completedAt: 1620200000000,
+      subject: {
+        name: 'Jane Smith',
+        email: 'jane@example.com'
+        // phone is missing
+      }
+      // description is missing
+    };
+
+    const result = formatDSRRequest(request);
+    
+    expect(result.isValid).toBe(true);
+    expect(result.formattedRequest.dataSubject.name).toBe('Jane Smith');
+    expect(result.formattedRequest.requestType).toBe('erasure');
+    expect(result.formattedRequest.status).toBe('completed');
+    expect(result.formattedRequest.dataSubject.email).toBe('jane@example.com');
+    expect(result.formattedRequest.dataSubject.phone).toBe('Not provided');
+    expect(JSON.stringify(result.formattedRequest)).not.toContain('undefined');
+  });
+
+  it('should include completion date when available', () => {
+    const request: DSRRequest = {
+      id: '789',
+      type: 'rectification',
+      status: 'completed',
+      createdAt: 1620000000000,
+      updatedAt: 1620100000000,
+      completedAt: 1620200000000,
+      subject: {
+        name: 'Bob Johnson',
+        email: 'bob@example.com'
+      }
+    };
+
+    const result = formatDSRRequest(request);
+    
+    expect(result.isValid).toBe(true);
+    // Check that the completedAt date is properly formatted in ISO format
+    expect(result.formattedRequest.lastUpdated).toBe(new Date(1620100000000).toISOString());
+    expect(result.formattedRequest.dataSubject.name).toBe('Bob Johnson');
+    expect(result.formattedRequest.requestType).toBe('rectification');
+    expect(result.formattedRequest.status).toBe('completed');
+  });
+
+  it('should handle additional info when present', () => {
+    const request: DSRRequest = {
+      id: '101',
+      type: 'portability',
+      status: 'inProgress',
+      createdAt: 1620000000000,
+      updatedAt: 1620100000000,
+      subject: {
+        name: 'Alice Brown',
+        email: 'alice@example.com'
+      },
+      additionalInfo: {
+        format: 'CSV',
+        timeRange: 'Last 12 months'
+      }
+    };
+
+    const result = formatDSRRequest(request);
+    
+    expect(result.isValid).toBe(true);
+    expect(result.formattedRequest.dataSubject.name).toBe('Alice Brown');
+    expect(result.formattedRequest.requestType).toBe('portability');
+    expect(result.formattedRequest.status).toBe('inProgress');
+    expect(result.formattedRequest.additionalInformation).toEqual({
+      format: 'CSV',
+      timeRange: 'Last 12 months'
+    });
+  });
+});

package/packages/ndpr-toolkit/src/__tests__/utils/privacy.test.ts

@@ -0,0 +1,97 @@
+import { generatePolicyText } from '../../utils/privacy';
+import { PolicySection } from '../../types/privacy';
+
+describe('generatePolicyText', () => {
+  it('should replace variables in templates', () => {
+    const sections: PolicySection[] = [
+      {
+        id: 'introduction',
+        title: 'Introduction',
+        template: 'This Privacy Policy explains how {{organizationName}} collects and uses your data.',
+        required: true,
+        included: true
+      },
+      {
+        id: 'contact',
+        title: 'Contact Information',
+        template: 'For questions about this policy, please contact us at {{contactEmail}}.',
+        required: true,
+        included: true
+      }
+    ];
+    
+    const variables = {
+      organizationName: 'Acme Corporation',
+      contactEmail: 'privacy@acme.com'
+    };
+    
+    const result = generatePolicyText(sections, variables) as {
+      fullText: string;
+      sectionTexts: Record<string, string>;
+      missingVariables: string[];
+    };
+    
+    expect(result.fullText).toContain('This Privacy Policy explains how Acme Corporation collects and uses your data.');
+    expect(result.fullText).toContain('For questions about this policy, please contact us at privacy@acme.com.');
+    // Check the number of sections by counting keys in sectionTexts
+    expect(Object.keys(result.sectionTexts).length).toBe(2);
+    // Check the content of the first section
+    expect(Object.values(result.sectionTexts)[0]).toBe('This Privacy Policy explains how Acme Corporation collects and uses your data.');
+  });
+  
+  it('should skip sections that are not included', () => {
+    const sections: PolicySection[] = [
+      {
+        id: 'introduction',
+        title: 'Introduction',
+        template: 'This is the introduction.',
+        required: true,
+        included: true
+      },
+      {
+        id: 'optional',
+        title: 'Optional Section',
+        template: 'This is optional.',
+        required: false,
+        included: false
+      }
+    ];
+    
+    const result = generatePolicyText(sections, {}) as {
+      fullText: string;
+      sectionTexts: Record<string, string>;
+      missingVariables: string[];
+    };
+    
+    expect(result.fullText).toContain('This is the introduction.');
+    expect(result.fullText).not.toContain('This is optional.');
+    expect(Object.keys(result.sectionTexts).length).toBe(1);
+  });
+  
+  it('should handle missing variables gracefully', () => {
+    const sections: PolicySection[] = [
+      {
+        id: 'test',
+        title: 'Test',
+        template: 'Hello {{name}}, welcome to {{company}}.',
+        required: true,
+        included: true
+      }
+    ];
+    
+    const variables = {
+      name: 'John'
+      // company is missing
+    };
+    
+    const result = generatePolicyText(sections, variables) as {
+      fullText: string;
+      sectionTexts: Record<string, string>;
+      missingVariables: string[];
+    };
+    
+    expect(result.fullText).toContain('Hello John, welcome to .');
+    // Verify that 'company' is in the missing variables list
+    expect(result.missingVariables).toContain('company');
+  });
+});