Phone Verification: Backend TeleSign services
What does this MR do and why?
Part of the bigger epic https://gitlab.com/groups/gitlab-org/modelops/anti-abuse/-/epics/3 to ask users to verify their phone number if they are considered medium/high risk. We are going to use an external service called TeleSign to verify users phone numbers and store a risk score. This MR:
- Adds the TeleSign's customer_id & api_key to the
application_settings
table. - Creates services to send the verification code to the user's phone number, verify the code, and get risk score for the phone number, all using TeleSign.
Screenshots or screen recordings
![](/-/project/278964/uploads/ec7c49307d4eb173678e63aaf7223941/SMS_screenshot.jpeg)
How to set up and validate locally
- Configure Telesign. The
customer_id
andapi_key
are in 1Password.
::Gitlab::CurrentSettings.update(telesign_customer_xid: CUSTOMER_ID, telesign_api_key: API_KEY)
- To send a verification code, enter your international phone number -> country code + phone number. eg.
61450331311
for Australia
result = PhoneVerification::TelesignClient::SendVerificationCodeService.new(phone_number: INTERNATIONAL_PHONE_NUMBER, user: User.find(1)).execute
telesign_reference_xid = result[:telesign_reference_xid]
- To verify the code, use the
telesign_reference_xid
from the previous response
PhoneVerification::TelesignClient::VerifyCodeService.new(telesign_reference_id: telesign_reference_xid, verification_code: SMS_CODE, user: User.find(1)).execute
- To get a risk score for a phone number. If you enter a blocked/invalid/unsual phone number such as 911, it should result in a 400.
PhoneVerification::TelesignClient::RiskScoreService.new(phone_number: INTERNATIONAL_PHONE_NUMBER, user: User.find(1)).execute
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/78
Edited by Hinam Mehra