Phone Verification: Backend TeleSign services
What does this MR do and why?
Part of the bigger epic https://gitlab.com/groups/gitlab-org/modelops/anti-abuse/-/epics/3 to ask users to verify their phone number if they are considered medium/high risk. We are going to use an external service called TeleSign to verify users phone numbers and store a risk score. This MR:
- Adds the TeleSign's customer_id & api_key to the
application_settings
table. - Creates services to send the verification code to the user's phone number, verify the code, and get risk score for the phone number, all using TeleSign.
Screenshots or screen recordings
How to set up and validate locally
- Configure Telesign. The
customer_id
andapi_key
are in 1Password.
::Gitlab::CurrentSettings.update(telesign_customer_xid: CUSTOMER_ID, telesign_api_key: API_KEY)
- To send a verification code, enter your international phone number -> country code + phone number. eg.
61450331311
for Australia
result = PhoneVerification::TelesignClient::SendVerificationCodeService.new(phone_number: INTERNATIONAL_PHONE_NUMBER, user: User.find(1)).execute
telesign_reference_xid = result[:telesign_reference_xid]
- To verify the code, use the
telesign_reference_xid
from the previous response
PhoneVerification::TelesignClient::VerifyCodeService.new(telesign_reference_id: telesign_reference_xid, verification_code: SMS_CODE, user: User.find(1)).execute
- To get a risk score for a phone number. If you enter a blocked/invalid/unsual phone number such as 911, it should result in a 400.
PhoneVerification::TelesignClient::RiskScoreService.new(phone_number: INTERNATIONAL_PHONE_NUMBER, user: User.find(1)).execute
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/78
Edited by Hinam Mehra