Add missing actions for Opt-in Identity Verification controller
Implements the following tasks for https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/629:
- Implement new identity verification flow send and verify phone number verification code
- Implement new identity verification flow verify credit card
- Implement new identity verification flow toggle_phone_verification_exemption and success actions
Context
Currently, users go through identity verification as part of the signup process. Moving forward, we want to allow users1 that have already started using Gitlab to go through an opt-in identity verification process where they can verify a phone number in exchange for in-app benefits (e.g. ability to run more pipelines, create more groups, etc.).
See https://gitlab.com/groups/gitlab-org/modelops/anti-abuse/-/epics/32+ for more info.
1 Limited to users that did not go through phone number and/or credit card verification during signup.
What does this MR do?
Add page for new Identity Verification flow (!147068 - merged) added the controller that handles opt-in identity verification. This controller inherits the same actions used in identity verification during sign-up (see BaseIdentityVerificationController
).
This MR adds the routes to expose the inherited identity verification actions from BaseIdentityVerificationController
. This makes the following functionalities of the opt-in identity verification operational:
- Send phone number verification code (
send_phone_verification_code
) - Verify phone number verification code (
verify_phone_verification_code
) - Verify credit card (
verify_credit_card
) - Toggle between phone number or credit card verification (
toggle_phone_exemption
)
What is not in this MR?
This MR does not include feature specs that cover the new routes. Those will be added in Add feature specs for Opt-in Identity Verification (!148300 - merged).
Frontend changes
Frontend changes mainly comprise of refactors (rename, data restructure) that are required to match the changes made to data passed from the backend.
Before: data sent from backend
{
...
"credit_card": {
"user_id": 185,
"form_id": "cc_registration_validation",
"verify_credit_card_path": "/users/identity_verification/verify_credit_card",
"verify_captcha_path": "/users/identity_verification/verify_credit_card_captcha",
"show_recaptcha_challenge": "false"
},
"phone_number": {
"send_code_path": "/users/identity_verification/send_phone_verification_code",
"verify_code_path": "/users/identity_verification/verify_phone_verification_code",
"enable_arkose_challenge": "false",
"show_arkose_challenge": "false",
"show_recaptcha_challenge": "false"
},
...
}
After: data sent from backend
Changes:
- Paths are unnested from inside
phone_number
andcredit_card
and then renamed -
show_recaptcha_challenge
is renamed tocredit_card_challenge_on_verify
and unnested fromcredit_card
{
...
"phone_exemption_path": "/users/identity_verification/toggle_phone_exemption",
"phone_send_code_path": "/users/identity_verification/send_phone_verification_code",
"phone_verify_code_path": "/users/identity_verification/verify_phone_verification_code",
"credit_card_verify_path": "/users/identity_verification/verify_credit_card",
"credit_card_challenge_on_verify": false,
"credit_card_verify_captcha_path": "/users/identity_verification/verify_credit_card_captcha"
...
"credit_card": {
"user_id": 185,
"form_id": "cc_registration_validation"
},
"phone_number": {
"enable_arkose_challenge": "false",
"show_arkose_challenge": "false",
"show_recaptcha_challenge": "false"
},
...
}
One other change is the update to /users/identity_verification/components/credit_card_verification.vue
where the POST
request to creditCardVerifyCaptchaPath
is only sent when creditCardChallengeOnVerify
is true
. creditCardChallengeOnVerify
is true
for Signup Identity Verification and false
for Opt-in Identity Verification.
Backend changes
- Add routes that expose actions inherited by
IdentityVerificationController
fromBaseIdentityVerificationController
- Override
success
action ofBaseIdentityVerificationController
- Refactor
*identity_verification_data
helper methods to simplify code reuse between Signup Identity Verification and Opt-in Identity Verification flows - Redefine specs in
registrations_identity_verification_controller_spec.rb
asshared_examples
and move them toidentity_verification_shared_examples.rb
so they can be reused to test actions ofIdentityVerificationController
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
-
Enable
opt_in_identity_verification
FF$ rails c > Feature.enable(:opt_in_identity_verification)
-
Setup Telesign
$ rails c > ApplicationSetting.first.update(telesign_customer_xid: '<value_is_in_1Pass>', telesign_api_key: '<value_is_in_1Pass>')
Credentials are in 1Password under Telesign API Keys (use
GITLAB - DEVELOPMENT
) -
Login with
root
user -
Validate that you can go through phone number verification successfully