Skip to content

Ban user that uses a previously banned phone number

What does this MR do and why?

Screenshots or screen recordings

Before After (self-managed) After (SaaS)
related-to-banned-user-before self-managed-after saas-after

How to set up and validate locally

  1. Enable feature-flags identity_verification and identity_verification_phone_number.
Feature.enable(:identity_verification)
Feature.enable(:identity_verification_phone_number)
  1. Create a phone verification record in the database for an already existing user, and then ban that user.
banned_user = User.last
Users::PhoneNumberValidation.create(user: banned_user, country: 'AU', phone_number: '400000000', international_dial_code: 61)
banned_user.ban!
  1. Register as a new user from /users/sign_up. You should see a page to verify your email address.
  2. Mark the user as medium-risk so the user is asked to complete phone verification
UserCustomAttribute.create(key: 'arkose_risk_band', value: 'MEDIUM', user: User.last)
  1. Then, refresh the page. You should see a section asking you to verify your phone number. Enter the same phone number from step 1 (remember to select the same country as well) and verify that the user is banned.

  2. Different error messages are shown when a user is on a self-managed instance vs SaaS. To test this, unban the user, simulate SaaS and repeat step 4

$ export GITLAB_SIMULATE_SAAS=1
$ gdk restart

$ bundle exec rails c
User.last.unban

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Hinam Mehra

Merge request reports

Loading