Enable phone/cc verification auto-swap for opt-in identity verification
Context
Currently, users go through identity verification as part of the signup process. Moving forward, we want to allow users1 that have already started using Gitlab to go through an opt-in identity verification process where they can verify a phone number in exchange for in-app benefits (e.g. ability to run more pipelines, create more groups, etc.).
See https://gitlab.com/groups/gitlab-org/modelops/anti-abuse/-/epics/32+ for more info.
1 Limited to users that did not go through phone number and/or credit card verification during signup.
What does this MR do and why?
Implements Enable auto-swap phone/cc verification when phone number is from a blocked country
task of https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/629.
Auto-swap phone number for CC for users from Te... (!142788 - merged) introduced auto-swapping of phone number verification with credit card verification when a user is from a Telesign (our SMS provider) blocked country during signup.
This MR adds the necessary changes to enable the same feature for Opt-in Identity Verification.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screen_Recording_2024-04-22_at_5.05.58_PM
How to set up and validate locally
-
Start GDK with SaaS simulation
$ export GITLAB_SIMULATE_SAAS=1 $ gdk start
-
Enable the relevant feature flags and configure required settings
$ rails c > Feature.enable(:opt_in_identity_verification) > Feature.enable(:identity_verification_phone_number) > Feature.enable(:identity_verification_credit_card) > Feature.enable(:auto_request_phone_number_verification_exemption)
-
Setup Telesign
$ rails c > ApplicationSetting.first.update(telesign_customer_xid: '<value_is_in_1Pass>', telesign_api_key: '<value_is_in_1Pass>')
Credentials are in 1Password under Telesign API Keys (use
GITLAB - DEVELOPMENT
) -
Update
ee/lib/telesign/transaction_callback.rb
to skip authentication of requests to/-/phone_verification/telesign_callback
diff --git a/ee/lib/telesign/transaction_callback.rb b/ee/lib/telesign/transaction_callback.rb index 679ef54a23770..843c276183b1d 100644 --- a/ee/lib/telesign/transaction_callback.rb +++ b/ee/lib/telesign/transaction_callback.rb @@ -14,6 +14,7 @@ def initialize(request, params) end def valid? + return true return false unless signature.present? # https://developer.telesign.com/enterprise/docs/authenticate-callbacks
-
Login with
root
user -
Send a code to a valid phone number
-
Update the reference id of the created phone number validation record
$ rails c > User.first.phone_number_validation.update(telesign_reference_xid: '2557312299CC1304904080F4BE17BFB4')
-
Send a test callback request
$ curl -X POST http://localhost:3000/-/phone_verification/telesign_callback -H 'Content-Type: application/json' -d '{ "status": { "updated_on": "2016-07-08T20:52:46.417428Z", "code": 237, "description": "Error delivering SMS to handset (reason unknown)" }, "errors": {}, "reference_id": "2557312299CC1304904080F4BE17BFB4" }'
-
Validate that
"Phone number verification is unavailable at this time. Please verify with a credit card instead."
info alert is displayed -
Validate that
Step 2: Verify phone number
replaced withStep 2: Verify a payment method