Show identity verification required alert
Context
Currently, users go through identity verification (signup IV
from here on) as part of the signup process. Moving forward, we want to require users1 that have already started using Gitlab to go through the same identity verification process (active user IV
from here on) where they verify a phone number/credit card in exchange for in-app benefits (e.g. run pipelines using free compute minutes, create more groups, etc.).
This is similar to the (disabled) feature that required users to provide credit card details before they can run pipelines (explained more in https://about.gitlab.com/blog/2021/05/17/prevent-crypto-mining-abuse) except that users can verify their identity using a phone number or, optionally, a credit card.
See https://gitlab.com/groups/gitlab-org/modelops/anti-abuse/-/epics/32+ for more info.
1 Limited to free users that did not go through phone number and/or credit card verification during signup.
What does this MR do and why?
This MR implements https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/682+ and https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/683+.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Run pipeline page | Show pipeline page |
---|---|
How to set up and validate locally
-
Ensure that you have a runner set up
-
Start GDK simulating SaaS
$ export GITLAB_SIMULATE_SAAS=1 $ gdk start
-
Enable FFs
$ rails c > Feature.enable(:opt_in_identity_verification) > Feature.enable(:identity_verification_phone_number) > Feature.enable(:ci_requires_identity_verification_on_free_plan)
-
Update
ee/app/models/concerns/identity_verifiable.rb
to skip the check to ensure a user was created after the release date.# ee/app/models/concerns/identity_verifiable.rb def identity_verified? return false unless active_user? return true unless identity_verification_enabled? - return true if created_at < IDENTITY_VERIFICATION_RELEASE_DATE + # return true if created_at < IDENTITY_VERIFICATION_RELEASE_DATE identity_verification_state.values.all? end
-
Login with
root
user -
Create a blank project and add a
.gitlab-ci.yml
file containing the following:build: stage: build script: echo "Test 1"
-
Go to pipelines page of the project and view the failed pipeline that was created after
.gitlab-ci.yml
was created -
Verify that an alert saying
Before you can run pipelines, we need to verify your account.
is displayed -
Go to pipelines page of the project and attempt to run a new pipeline
-
Verify that an alert saying
Before you can run pipelines, we need to verify your account.
is displayed