Show reCAPTCHA on trial registration
Resolves https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/246
Context
In collaboration with groupacquisition rollout of ArkoseLabs integration will be separate for trial registration flow (/-/trial_registrations/new
) and free registration flow (/users/sign_up
). To allow that separation, ArkoseLabs was skipped during trial registration flow in !111156 (merged).
What does this MR do and why?
This MR fixes the regression introduced in !111156 (merged).
It updates the logic that determines whether ArkoseLabs challenge or reCAPTCHA should be shown to the user during free signup flow and trial signup flow.
reCAPTCHA
is not required for users when signing up through TrialRegistrationsController
Problem: # Assume ::Arkose::Settings.enabled_for_signup? returns true
# TrialRegistrationsController
def arkose_labs_enabled?
false
end
# EE::RegistrationsController
def arkose_labs_enabled?
::Arkose::Settings.enabled_for_signup?
end
# Used by TrialRegistrationsController AND EE::RegistrationsController
# ee/app/helpers/ee/registrations_helper.rb
def arkose_labs_challenge_enabled?
::Arkose::Settings.enabled_for_signup?
end
# Used by TrialRegistrationsController AND EE::RegistrationsController
# app/views/devise/shared/_signup_box.html.haml
- if arkose_labs_challenge_enabled?
# render ArkoseLabs challenge FE code
- elsif show_recaptcha_sign_up?
# render reCAPTCHA FE code
_challenge
) between the method names arkose_labs_enabled?
and arkose_labs_challenge_enabled?
TrialRegistrationsController
skips ArkoseLabs (correct behavior) verification step in the backend by overriding arkose_labs_enabled?
to return false
. However, because arkose_labs_challenge_enabled?
is used in app/views/devise/shared/_signup_box.html.haml
(returns true
when used by TrialRegistrationsController
), ArkoseLabs frontend code is loaded instead of reCAPTCHA.
Controller |
arkose_labs_challenge_enabled? (FE) |
arkose_labs_enabled? (BE) |
Frontend challenge displayed | Backend challenge verification |
---|---|---|---|---|
CE::RegistrationsController |
false |
- | reCAPTCHA | reCAPTCHA |
TrialRegistrationsController |
true |
false |
ArkoseLabs | skipped |
EE::RegistrationsController |
true |
true |
ArkoseLabs | ArkoseLabs |
Solution
# Assume ::Arkose::Settings.enabled_for_signup? returns true
# CE::RegistrationsController
helper_method :arkose_labs_enabled?
def arkose_labs_enabled?
false
end
# TrialRegistrationsController
def arkose_labs_enabled?
false
end
# EE::RegistrationsController
def arkose_labs_enabled?
::Arkose::Settings.enabled_for_signup?
end
# Used by TrialRegistrationsController AND EE::RegistrationsController
# app/views/devise/shared/_signup_box.html.haml
- if arkose_labs_enabled?
# render ArkoseLabs challenge FE code
- elsif show_recaptcha_sign_up?
# render reCAPTCHA FE code
Here, we define arkose_labs_enabled?
in CE::RegistrationsController
and use it in app/views/devise/shared/_signup_box.html.haml
.
This fixes the problem because arkose_labs_enabled?
is now used both in FE and BE and is correctly overridden by TrialRegistrationsController
to return false
and EE::RegistrationsController
to return true
.
Controller |
arkose_labs_enabled? (FE & BE) |
Frontend challenge displayed | Backend challenge verification |
---|---|---|---|
CE::RegistrationsController |
false |
reCAPTCHA | reCAPTCHA |
TrialRegistrationsController |
false |
reCAPTCHA | reCAPTCHA |
EE::RegistrationsController |
true |
ArkoseLabs | ArkoseLabs |
Screenshots or screen recordings
Note: reCAPTCHA
is enabled for all demos shown below
Flow | ArkoseLabs enabled | ArkoseLabs disabled |
---|---|---|
Trial (/-/trial_registrations/new ) |
Screen_Recording_2023-03-01_at_2.25.40_PM | same |
Free (/users/sign_up ) |
Screen_Recording_2023-03-01_at_2.39.49_PM | Screen_Recording_2023-03-01_at_2.37.14_PM |
How to set up and validate locally
Set up
- Toggle relevant feature flags and configure ArkoseLabs integration:
$ rails console > Feature.enable(:arkose_labs_signup_challenge) > ApplicationSetting.first.update({ arkose_labs_public_api_key: '****', arkose_labs_private_api_key: '****', arkose_labs_namespace: 'client' })
- Credentials are available in GitLab 1Password Engineering Vault
- Start GDK with
GITLAB_SIMULATE_SAAS=1
to simulate SaaS - Enable reCAPTCHA on signup
Validate
- Go to the trials registration page (
http://localhost:3000/-/trial_registrations/new
) - Validate that reCAPTCHA is shown
- Fill up the form the registration form
- Click on
Continue
- Validate that the registration succeeds
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.