Ban user that uses a previously banned phone number
What does this MR do and why?
- During identity verification, if a user uses a phone number that is linked to a previously banned user, then ban that user as well and ask them to contact support.
- Earlier we would just show them an error message and let them keep trying with a different phone number
- Partially resolves https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/317
Screenshots or screen recordings
Before | After (self-managed) | After (SaaS) |
---|---|---|
related-to-banned-user-before | self-managed-after | saas-after |
How to set up and validate locally
- Enable feature-flags
identity_verification
andidentity_verification_phone_number
.
Feature.enable(:identity_verification)
Feature.enable(:identity_verification_phone_number)
- Create a phone verification record in the database for an already existing user, and then ban that user.
banned_user = User.last
Users::PhoneNumberValidation.create(user: banned_user, country: 'AU', phone_number: '400000000', international_dial_code: 61)
banned_user.ban!
- Register as a new user from
/users/sign_up
. You should see a page to verify your email address. - Mark the user as medium-risk so the user is asked to complete phone verification
UserCustomAttribute.create(key: 'arkose_risk_band', value: 'MEDIUM', user: User.last)
-
Then, refresh the page. You should see a section asking you to verify your phone number. Enter the same phone number from step 1 (remember to select the same country as well) and verify that the user is banned.
-
Different error messages are shown when a user is on a self-managed instance vs SaaS. To test this, unban the user, simulate SaaS and repeat step 4
$ export GITLAB_SIMULATE_SAAS=1
$ gdk restart
$ bundle exec rails c
User.last.unban
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Hinam Mehra