Use User#identity_verified? to ensure user is allowed to visit IV pages
What does this MR do and why?
Implements parts of https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/674 and https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/673.
Updates IdentityVerificationController
to use User#identity_verified?
to ensure user is allowed to visit Identity Verification pages.
A user trying to access Identity Verification will get redirected to root_path
when any of the following conditions are met:
- The user has already completed Identity Verification
-
::Gitlab::Saas.feature_available?(:identity_verification)
isfalse
-
::Feature.enabled?(:opt_in_identity_verification, self, type: :wip)
isfalse
- There are no verification methods available that the user can perform to complete Identity Verification. E.g. feature flags for both phone number verification and credit card verification are disabled.
These conditions are all checked in User#identity_verified?
.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
How to set up and validate locally
-
Start GDK simulating SaaS
$ export GITLAB_SIMULATE_SAAS=1 $ gdk start
-
Enable FFs
$ rails c > Feature.enable(:opt_in_identity_verification) > Feature.enable(:identity_verification_phone_number)
-
Log in with
root
-
Ensure
root
is unverified$ rails c > user = User.first > user.identity_verified? => false
If it returns
true
, runuser.phone_number_validation.destroy
and confirm thatidentity_verified?
now returnsfalse
. -
Go to http://localhost:3000/-/identity_verification and validate that you can see the Identity Verification page
-
Create a phone number validation record for
root
to make them identity verified$ rails c > FactoryBot.create(:phone_number_validation, :validated, user: User.first)
-
Go to http://localhost:3000/-/identity_verification and validate that you are redirected to the dashboard