Skip to content

Show identity verification required alert on shared runners enabled

Context

Currently, users go through identity verification (signup IV from here on) as part of the signup process. Moving forward, we want to require users1 that have already started using Gitlab to go through the same identity verification process (active user IV from here on) where they verify a phone number/credit card in exchange for in-app benefits (e.g. run pipelines using free compute minutes, create more than two top-level groups, etc.).

This is similar to the (disabled) feature that required users to provide credit card details before they can run pipelines (explained more in https://about.gitlab.com/blog/2021/05/17/prevent-crypto-mining-abuse) except that users can verify their identity using a phone number or, optionally, a credit card.

See https://gitlab.com/groups/gitlab-org/modelops/anti-abuse/-/epics/32+ for more info.

1 Limited to free users that did not go through phone number and/or credit card verification during signup.

What does this MR do and why?

This MR implements Show identity verification required alert when user tries to enable shared runners project setting.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screen_Recording_2024-05-24_at_11.52.31_AM

How to set up and validate locally

  1. Start GDK simulating SaaS
    $ export GITLAB_SIMULATE_SAAS=1
    $ gdk start
  2. Enable relevant FFs
    $ rails c
    > Feature.enable(:opt_in_identity_verification)
    > Feature.enable(:identity_verification_phone_number)
    > Feature.enable(:ci_requires_identity_verification_on_free_plan)
  3. Update ee/app/models/concerns/identity_verifiable.rb to skip the check to ensure a user was created after the release date.
       # ee/app/models/concerns/identity_verifiable.rb
       def identity_verified?
         ...
    
    -    return true if created_at < IDENTITY_VERIFICATION_RELEASE_DATE
    +    # return true if created_at < IDENTITY_VERIFICATION_RELEASE_DATE
    
         ...
       end
  4. Login with root user
  5. Create a project then go to the project's Settings -> CI/CD page Screenshot_2024-05-24_at_11.37.19_AM
  6. Toggle off the instance runners setting if it is already enabled. This operation should succeed
  7. Toggle on the instance runners setting
  8. Verify that the update fails and the correct alert is shown Screenshot_2024-05-24_at_11.40.03_AM
  9. Mark the user as identity verified
    $ rails c
    > FactoryBot.create(:phone_number_validation, :validated, user: User.first)
  10. Attempt to toggle on the instance runners setting
  11. Verify that the update succeeds and no alert is shown
Edited by Eugie Limpin

Merge request reports

Loading