Skip to content

Show identity verification required alert

Eugie Limpin requested to merge el-iv-required-to-run-pipeline-alerts into master

Context

Currently, users go through identity verification (signup IV from here on) as part of the signup process. Moving forward, we want to require users1 that have already started using Gitlab to go through the same identity verification process (active user IV from here on) where they verify a phone number/credit card in exchange for in-app benefits (e.g. run pipelines using free compute minutes, create more groups, etc.).

This is similar to the (disabled) feature that required users to provide credit card details before they can run pipelines (explained more in https://about.gitlab.com/blog/2021/05/17/prevent-crypto-mining-abuse) except that users can verify their identity using a phone number or, optionally, a credit card.

See https://gitlab.com/groups/gitlab-org/modelops/anti-abuse/-/epics/32+ for more info.

1 Limited to free users that did not go through phone number and/or credit card verification during signup.

What does this MR do and why?

This MR implements https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/682+ and https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/683+.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Run pipeline page Show pipeline page
Screenshot_2024-05-07_at_10.38.52_AM Screenshot_2024-05-07_at_10.37.58_AM

How to set up and validate locally

  1. Ensure that you have a runner set up

  2. Start GDK simulating SaaS

    $ export GITLAB_SIMULATE_SAAS=1
    $ gdk start
  3. Enable FFs

    $ rails c
    > Feature.enable(:opt_in_identity_verification)
    > Feature.enable(:identity_verification_phone_number)
    > Feature.enable(:ci_requires_identity_verification_on_free_plan)
  4. Update ee/app/models/concerns/identity_verifiable.rb to skip the check to ensure a user was created after the release date.

       # ee/app/models/concerns/identity_verifiable.rb
       def identity_verified?
         return false unless active_user?
         return true unless identity_verification_enabled?
    -    return true if created_at < IDENTITY_VERIFICATION_RELEASE_DATE
    +    # return true if created_at < IDENTITY_VERIFICATION_RELEASE_DATE
    
         identity_verification_state.values.all?
       end
  5. Login with root user

  6. Create a blank project and add a .gitlab-ci.yml file containing the following:

    build:
      stage: build
      script: echo "Test 1"
  7. Go to pipelines page of the project and view the failed pipeline that was created after .gitlab-ci.yml was created

  8. Verify that an alert saying Before you can run pipelines, we need to verify your account. is displayed

    Screen_Recording_2024-05-07_at_11.11.07_AM

  9. Go to pipelines page of the project and attempt to run a new pipeline

  10. Verify that an alert saying Before you can run pipelines, we need to verify your account. is displayed

    Screen_Recording_2024-05-07_at_11.07.53_AM

Edited by Eugie Limpin

Merge request reports

Loading