Skip to content

Fix timestamp values in Arkose Data Exchange payload

What does this MR do and why?

Resolves https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/831+

This MR is an outcome of the recent 2024-07-30: Users cannot complete OAuth sign up (gitlab-com/gl-infra/production#18341 - closed) incident.

It fixes $.timestamp and $.api_source_validation.timestamp values in the Arkose Data Exchange payload which contained incorrect values as reported by Arkose

Screenshot_2024-08-02_at_4.05.51_PM

$.timestamp and $.api_source_validation.timestamp should be a string and an integer, respectively, specifying the milliseconds (currently seconds) elapsed since the UNIX epoch as documented in https://support.arkoselabs.com/hc/en-us/articles/4410529474323-Data-Exchange-Enhanced-Detection-and-API-Source-Validation#DataExchange:EnhancedDetectionandAPISourceValidation-APISourceValidation.

This MR also adds a new ops type feature flag (named arkose_labs_data_exchange) that is enabled by default to provide a way to disable the Arkose Data Exchange feature in case something goes wrong.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Edited by Eugie Limpin

Merge request reports

Loading