Skip phone verification is TeleSign is down
What does this MR do and why?
- We have previously added Phone Verification as a barrier for medium/high-risk users when signing-up. We are using a 3rd party service called TeleSign to send/verify these codes.
- We want to skip the phone verification if TeleSign is down, so as to not create a bottleneck during our registration process.
- Resolves https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/322
Screenshots or screen recordings
Screen_Recording_2023-04-14_at_3.00.27_pm
How to set up and validate locally
- Enable Phone Verification in rails console:
Feature.enable(:identity_verification)
Feature.enable(:identity_verification_phone_number)
ApplicationSetting.first.update(email_confirmation_setting: "hard", require_admin_approval_after_user_signup: false,
telesign_customer_xid: "123", telesign_api_key: "123")
- Sign-up as a new user. You will taken to the identity verification page where you will be asked to verify your email address.
- Mark the user as medium risk in the console:
UserCustomAttribute.create(user: User.last, key: 'arkose_risk_band', value: 'MEDIUM')
- Refresh the page, you should now see a section to verify your phone number.
- Enter any phone number and click on
Send code
. - It should get marked as verified since the incorrect TeleSign credentials were configured (we don't have any other way currently to mimic TeleSign being down).
- The correct TeleSign credentials can be found in
1Password
. You can also re-try phone verification with the correct credentials by:
ApplicationSetting.first.update(telesign_customer_xid: XX, telesign_api_key: XX)
Users::PhoneNumberValidation.last.delete
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Hinam Mehra