Merge branch 'dlrussel/convert-arkose-labs-ff' into 'master'

Add arkose_labs_enabled application setting

See merge request !175748



Merged-by: Igor Drozdov <idrozdov@gitlab.com>
Approved-by: Ian Anderson <ianderson@gitlab.com>
Approved-by: Igor Drozdov <idrozdov@gitlab.com>
Co-authored-by: Diane Russel <drussel@gitlab.com>

ee/app/helpers/ee/application_settings_helper.rb

@@ -317,6 +317,7 @@ def identity_verification_attributes
       %i[
         arkose_labs_client_secret
         arkose_labs_client_xid
+        arkose_labs_enabled
         arkose_labs_namespace
         arkose_labs_private_api_key
         arkose_labs_public_api_key

ee/app/models/ee/application_setting.rb

@@ -54,7 +54,8 @@ module ApplicationSetting
         phone_verification_enabled: [:boolean, { default: true }],
         ci_requires_identity_verification_on_free_plan: [:boolean, { default: true }],
         telesign_intelligence_enabled: [:boolean, { default: true }],
-        credit_card_verification_enabled: [:boolean, { default: true }]
+        credit_card_verification_enabled: [:boolean, { default: true }],
+        arkose_labs_enabled: [:boolean, { default: true }]
 
       validates :identity_verification_settings, json_schema: { filename: "identity_verification_settings" }
 

ee/app/validators/json_schemas/identity_verification_settings.json

@@ -31,6 +31,10 @@
     "credit_card_verification_enabled": {
       "type": "boolean",
       "description": "Whether credit card verification is an available identity verification method"
+    },
+    "arkose_labs_enabled": {
+      "type": "boolean",
+      "description": "Whether Arkose checks are required for identity verification"
     }
   }
 }

ee/config/feature_flags/ops/arkose_labs.yml

----
-name: arkose_labs
-feature_issue_url: https://gitlab.com/gitlab-com/gl-infra/production-engineering/-/issues/25655
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/161395
-rollout_issue_url:
-milestone: '17.3'
-group: group::anti-abuse
-type: ops
-default_enabled: true

ee/lib/anti_abuse/identity_verification/settings.rb

@@ -29,7 +29,7 @@ def arkose_data_exchange_key
         end
 
         def arkose_enabled?(user:, user_agent:)
-          return false unless ::Feature.enabled?(:arkose_labs, user, type: :ops)
+          return false unless ::Gitlab::CurrentSettings.arkose_labs_enabled
 
           arkose_public_api_key.present? &&
             arkose_private_api_key.present? &&

ee/spec/features/registrations/identity_verification_spec.rb

@@ -291,9 +291,9 @@ def send_request(session, method, path, headers:)
   end
 
   shared_examples 'allows the user to complete registration when Arkose is unavailable' do |flow: :standard|
-    context 'when Arkose is disabled via feature flag' do
+    context 'when Arkose is disabled via application setting' do
       before do
-        stub_feature_flags(arkose_labs: false)
+        stub_application_setting(arkose_labs_enabled: false)
         sign_up(flow: flow, arkose: { disable: true })
       end
 

ee/spec/helpers/ee/application_settings_helper_spec.rb

@@ -34,6 +34,7 @@
         expect(visible_attributes).to include(*%i[
           arkose_labs_client_secret
           arkose_labs_client_xid
+          arkose_labs_enabled
           arkose_labs_namespace
           arkose_labs_private_api_key
           arkose_labs_public_api_key
@@ -51,6 +52,7 @@
         expect(visible_attributes).not_to include(*%i[
           arkose_labs_client_secret
           arkose_labs_client_xid
+          arkose_labs_enabled
           arkose_labs_namespace
           arkose_labs_private_api_key
           arkose_labs_public_api_key

ee/spec/lib/anti_abuse/identity_verification/settings_spec.rb

@@ -110,12 +110,16 @@
       end
 
       context 'when arkose labs is enabled' do
+        before do
+          stub_application_setting(arkose_labs_enabled: true)
+        end
+
         it { is_expected.to eq result }
       end
 
       context 'when arkose labs is disabled' do
         before do
-          stub_feature_flags(arkose_labs: false)
+          stub_application_setting(arkose_labs_enabled: false)
         end
 
         it { is_expected.to be false }

ee/spec/models/application_setting_spec.rb

@@ -37,6 +37,7 @@
     it { expect(setting.soft_phone_verification_transactions_daily_limit).to eq(16000) }
     it { expect(setting.phone_verification_enabled).to eq(true) }
     it { expect(setting.credit_card_verification_enabled).to eq(true) }
+    it { expect(setting.arkose_labs_enabled).to eq(true) }
     it { expect(setting.ci_requires_identity_verification_on_free_plan).to eq(true) }
     it { expect(setting.secret_detection_service_url).to eq('') }
     it { expect(setting.secret_detection_service_auth_token).to eq(nil) }