Skip to content

Add tracking for Phone Verification

Hinam Mehra requested to merge 124-anti-abuse-phone-verification-snowplow-tracking into master

What does this MR do and why?

This adds backend Snowplow tracking for phone verification https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/78 & https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/79, part of barriers to entry.

The following events are tracked:

  1. An invalid code is entered

    se_category: "IdentityVerification::Phone",
se_action: "failed_attempt",
se_property: "invalid_code",

  2. The phone number was invalid

    se_category: "IdentityVerification::Phone",
se_action: "failed_attempt",
se_property: "invalid_phone_number",

  3. The attempt was rate limited

    se_category: "IdentityVerification::Phone",
se_action: "failed_attempt",
se_property: "rate_limited",

  4. A new code has been sent

    se_category: "IdentityVerification::Phone",
se_action: "sent_phone_verification_code",

  5. The attempt was successful

    se_category: "IdentityVerification::Phone",
se_action: "success",

Screenshots or screen recordings

It's a little hard to take screenshots of Snowplow events, but here is one of the success event

How to set up and validate locally

  1. Install Snowplow micro

    gdk config set snowplow_micro.enabled true
gdk reconfigure

  2. In rails console enable identity verification

    Feature.enable(:identity_verification)
Feature.enable(:identity_verification_phone_number)

ApplicationSetting.first.update(require_admin_approval_after_user_signup: false)
ApplicationSetting.first.update(send_user_confirmation_email: true)

  3. Configure Telesign (the external service we use to send verification codes). The credentials can be found in 1Password.

    ApplicationSetting.first.update(telesign_customer_xid: CUSTOMER_ID, telesign_api_key: API_KEY)

  4. Sign up for a new account. After, you should be redirected to the Identity Verification page (http://localhost:3000/users/identity_verification)

  5. Enable phone verification for the user

    user = User.last
risk_band = user.custom_attributes.by_key('arkose_risk_band').first_or_initialize
risk_band.update!(value: 'Medium')

  6. Refresh the page, validate that phone number verification step is shown

    📸

  7. Enter in your phone number and the verification code you receive.

  8. Visit http://localhost:9091/micro/good to check that all events are tracked.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/124

Merge request reports