Auto-swap phone number for CC for users from Telesign-blocked countries
What does this MR do and why?
Resolves https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/556.
Context
- Users required to verify their identity by providing a phone number have the option to provide credit card details instead.
- Some countries are blocked (either by us or by Telesign themselves) in Telesign1 making users from these countries unable to receive the phone verification code sent via SMS
1 Our SMS provider
What this MR does
This MR implements auto-swapping of phone number verification requirement for credit card verification when a user uses a phone number from a Telesign-blocked country.
Why?
To notify the user (via info alert) that phone number verification is unavailable and automatically switch them to credit card verification instead. This should (hopefully) lessen cases where a user is not able to receive the requested phone number verification code via SMS and have no option but to contact support to find out why.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screen_Recording_2024-01-26_at_5.07.11_PM
How to set up and validate locally
-
Enable the relevant feature flags and configure required settings
$ rails c > Feature.enable(:identity_verification) > Feature.enable(:identity_verification_phone_number) > Feature.enable(:identity_verification_credit_card) > Feature.enable(:auto_request_phone_number_verification_exemption, type: :gitlab_com_derisk) > ApplicationSetting.first.update(email_confirmation_setting: "hard", require_admin_approval_after_user_signup: false)
-
Setup Telesign
$ rails c > ApplicationSetting.first.update(telesign_customer_xid: '<value_is_in_1Pass>', telesign_api_key: '<value_is_in_1Pass>')
Credentials are in 1Password under Telesign API Keys (use
GITLAB - DEVELOPMENT
) -
Start GDK then use ngrok to expose your instance
$ ngrok http http://localhost:3000
You also need to add
.ngrok-free.app
toallowed_hosts
# config/initializers/rails_host_authorization.rb Rails.application.config.hosts += [Gitlab.config.gitlab.host, 'unix', 'host.docker.internal', 'docker.for.mac.localhost', '.ngrok-free.app']
-
Copy the ngrok URL for your GDK instance
-
Setup Telesign to send transaction callbacks to the ngrok URL (if you don't have an account for the portal please let me know so I can assist you)
- Login to https://teleportal.telesign.com/
- Select
GitLab - Test Account
- Select
SMS Verify
product on the sidebar then selectOverview
- Click
Manage Settings
on the upper right corner - Go to
Callbacks
tab - Add
<your_ngrok_gdk_url>/-/phone_verification/telesign_callback
toTransaction Callback URLs
field
-
Create a new user. After submitting the registration form you should see the Identity Verification page ("Help us keep GitLab secure")
-
Confirm the user's email and set
arkose_risk_band
toMedium
$ rails console > User.last.update(confirmed_at: Time.zone.now) > UserCustomAttribute.create(user: User.last, key: 'arkose_risk_band', value: 'Medium')
-
Refresh the page. You should now see the phone verification step
-
Enter a phone number from a blocked country (e.g.
09201231234
) then clickSend code
-
Validate that a callback is sent to your
ngrok
endpointHTTP Requests ------------- POST /-/phone_verification/telesign_callback 200 OK
-
Validate that
"Phone number verification is unavailable at this time. Please verify with a credit card instead."
info alert is displayed -
Validate that
Step 2: Verify phone number
replaced withStep 2: Verify a payment method