Include user's ip address in Telesign Intelligence API request
Implements https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/761.
What does this MR do and why?
This MR updates the payload of Telesign Intelligence API request to include the user's ip address.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Sample log with new fields related to Telesign Intel API response
{
"severity": "INFO",
"time": "2024-06-10T07:06:15.385Z",
"correlation_id": "01J00FG2YGF8CA6H674GZ42MJ0",
"meta.caller_id": "Users::RegistrationsIdentityVerificationController#send_phone_verification_code",
"meta.remote_ip": "127.0.0.1",
"meta.feature_category": "instance_resiliency",
"meta.client_id": "ip/127.0.0.1",
"class": "PhoneVerification::TelesignClient::RiskScoreService",
"message": "IdentityVerification::Phone",
"event": "Received a risk score for a phone number from Telesign",
"telesign_reference_id": "364003E03B44071C930740856890149C",
"telesign_response": "Transaction successfully completed",
"telesign_status_code": "200",
"username": "jun246329",
"telesign_risk_score": 145,
"telesign_risk_level": "very-low",
"telesign_risk_category": [
10021
],
"email": "jun246329@ex.com",
"ip_address": "127.0.0.1"
}
How to set up and validate locally
-
Start GDK simulating SaaS
$ export GITLAB_SIMULATE_SAAS=1 $ gdk start
-
Enable FFs and update some settings
$ rails c > Feature.enable(:identity_verification) > Feature.enable(:identity_verification_phone_number) > ApplicationSetting.first.update(email_confirmation_setting: 'hard', require_admin_approval_after_user_signup: false)
-
Setup Telesign
$ rails c > ApplicationSetting.first.update(telesign_customer_xid: '<value_is_in_1Pass>', telesign_api_key: '<value_is_in_1Pass>')
Credentials are in 1Password under Telesign API Keys (use
GITLAB - DEVELOPMENT
) -
Setup Arkose
> ApplicationSetting.first.update(arkose_labs_public_api_key: "XXX", arkose_labs_private_api_key: "YYY", ) > ApplicationSetting.first.update(arkose_labs_data_exchange_key: "ZZZ")
Note: credentials are in 1Password under
ArkoseLabs API keys (DEVELOPMENT)
-
Tail logs
tail -f log/application_json.log
-
Go to http://localhost:3000/users/sign_up, fill in the signup form, and then click
Register
-
Set the new user's Arkose risk score to
'Medium'
. This will require the user to verify their email, and phone number.$ rails c > User.last.custom_attributes.find_by_key('arkose_risk_band').update(value: 'Medium')
-
Update the user's
confirmed_at
in Rails console. This marks them as email-verified and move them on to phone number verification step$ rails c > User.last.update(confirmed_at: Time.now)
-
Refresh the page
-
Enter a phone number and click
Send code
-
Verify that a log similar to the following is recorded
{ "severity": "INFO", ... "meta.caller_id": "Users::RegistrationsIdentityVerificationController#send_phone_verification_code", ... "class": "PhoneVerification::TelesignClient::RiskScoreService", "message": "IdentityVerification::Phone", "event": "Received a risk score for a phone number from Telesign", "telesign_reference_id": "364003E03B44071C930740856890149C", "telesign_response": "Transaction successfully completed", "telesign_status_code": "200", "username": "jun246329", "telesign_risk_score": 145, "telesign_risk_level": "very-low", "telesign_risk_category": [ 10021 ], "email": "jun246329@ex.com", "ip_address": "127.0.0.1" }