Skip to content

Enable phone/cc verification auto-swap for opt-in identity verification

Eugie Limpin requested to merge el-enable-phone-cc-auto-swap into master

Context

Currently, users go through identity verification as part of the signup process. Moving forward, we want to allow users1 that have already started using Gitlab to go through an opt-in identity verification process where they can verify a phone number in exchange for in-app benefits (e.g. ability to run more pipelines, create more groups, etc.).

See https://gitlab.com/groups/gitlab-org/modelops/anti-abuse/-/epics/32+ for more info.

1 Limited to users that did not go through phone number and/or credit card verification during signup.

What does this MR do and why?

Implements Enable auto-swap phone/cc verification when phone number is from a blocked country task of https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/629.

Auto-swap phone number for CC for users from Te... (!142788 - merged) introduced auto-swapping of phone number verification with credit card verification when a user is from a Telesign (our SMS provider) blocked country during signup.

This MR adds the necessary changes to enable the same feature for Opt-in Identity Verification.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screen_Recording_2024-04-22_at_5.05.58_PM

How to set up and validate locally

  1. Start GDK with SaaS simulation

    $ export GITLAB_SIMULATE_SAAS=1
    $ gdk start
  2. Enable the relevant feature flags and configure required settings

    $ rails c
    > Feature.enable(:opt_in_identity_verification)
    > Feature.enable(:identity_verification_phone_number)
    > Feature.enable(:identity_verification_credit_card)
    > Feature.enable(:auto_request_phone_number_verification_exemption)
  3. Setup Telesign

    $ rails c
    > ApplicationSetting.first.update(telesign_customer_xid: '<value_is_in_1Pass>', telesign_api_key: '<value_is_in_1Pass>')

    Credentials are in 1Password under Telesign API Keys (use GITLAB - DEVELOPMENT)

  4. Update ee/lib/telesign/transaction_callback.rb to skip authentication of requests to /-/phone_verification/telesign_callback

    diff --git a/ee/lib/telesign/transaction_callback.rb b/ee/lib/telesign/transaction_callback.rb
    index 679ef54a23770..843c276183b1d 100644
    --- a/ee/lib/telesign/transaction_callback.rb
    +++ b/ee/lib/telesign/transaction_callback.rb
    @@ -14,6 +14,7 @@ def initialize(request, params)
         end
     
         def valid?
    +      return true
           return false unless signature.present?
     
           # https://developer.telesign.com/enterprise/docs/authenticate-callbacks
  5. Login with root user

  6. Go to http://localhost:3000/-/identity_verification

  7. Send a code to a valid phone number

  8. Update the reference id of the created phone number validation record

    $ rails c
    > User.first.phone_number_validation.update(telesign_reference_xid: '2557312299CC1304904080F4BE17BFB4')
  9. Send a test callback request

    $ curl -X POST http://localhost:3000/-/phone_verification/telesign_callback -H 'Content-Type: application/json' -d '{ "status": { "updated_on": "2016-07-08T20:52:46.417428Z", "code": 237, "description": "Error delivering SMS to handset (reason unknown)" }, "errors": {}, "reference_id": "2557312299CC1304904080F4BE17BFB4" }'
  10. Validate that "Phone number verification is unavailable at this time. Please verify with a credit card instead." info alert is displayed

  11. Validate that Step 2: Verify phone number replaced with Step 2: Verify a payment method

Edited by Joe Woodward

Merge request reports

Loading