Skip to content

Indicate user was banned only when auto-ban setting is enabled

Eugie Limpin requested to merge el-update-git-abuse-rate-limit-email into master

Resolves: https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/46

What does this MR do and why?

Update the email sent to application admins and namespace owners to indicate that the user was auto-banned only when auto-ban setting is enabled.

Screenshots or screen recordings

auto-ban enabled auto-ban disabled
Screen_Shot_2022-10-26_at_6.17.27_PM Screen_Shot_2022-10-26_at_6.19.22_PM

How to set up and validate locally

Validate that email contains correct contents when a user exceeds application-wide projects download throttling threshold

  1. Configure application-wide projects download throttling: 
    $ rails console
> ApplicationSetting.first.update({
   max_number_of_repository_downloads: 1,
   max_number_of_repository_downloads_within_time_period: 60,
   auto_ban_user_on_excessive_projects_download: true
})
  2. Create a private top-level group and two projects under the group
  3. Add a user as a developer to the group
  4. Execute Users::Abuse::ExcessiveProjectsDownloadBanService for each project 
    > rails console
> user = User.find(<id_of_developer_user>)
> project1 = Project.find(<id_of_first_project>)
> project2 = Project.find(<id_of_second_project>)
> Users::Abuse::ExcessiveProjectsDownloadBanService.execute(user, project1)
=> {:banned=>false}
> Users::Abuse::ExcessiveProjectsDownloadBanService.execute(user, project2)
=> {:banned=>true}
  5. Check the sent email in http://localhost:3000/rails/letter_opener
  6. Validate that the email indicates the user was auto-banned
    📸 Screen_Shot_2022-10-26_at_6.17.27_PM
  7. Unban the user 
    > rails console
> User.find(<id_of_developer_user>).unban
=> true
  8. Disable auto-banning 
    $ rails console
> ApplicationSetting.first.update({ auto_ban_user_on_excessive_projects_download: false })
  9. Execute Users::Abuse::ExcessiveProjectsDownloadBanService for each project 
    > rails console
> user = User.find(<id_of_developer_user>)
> project1 = Project.find(<id_of_first_project>)
> project2 = Project.find(<id_of_second_project>)
> Users::Abuse::ExcessiveProjectsDownloadBanService.execute(user, project1)
=> {:banned=>false}
> Users::Abuse::ExcessiveProjectsDownloadBanService.execute(user, project2)
=> {:banned=>false}
  10. Check the sent email in http://localhost:3000/rails/letter_opener
  11. Validate that the email does not indicate the user was auto-banned
    📸 Screen_Shot_2022-10-26_at_6.19.22_PM

Validate that email contains correct contents when a user exceeds namespace-wide projects download throttling threshold

  1. Create a private top-level group and two projects under the group
  2. Configure namespace-wide projects download throttling: 
    $ rails console
> group = Group.find(<id_of_your_group>)
> group.namespace_settings.update({
    unique_project_download_limit: 1,
    unique_project_download_limit_interval_in_seconds: 60,
    auto_ban_user_on_excessive_projects_download: true
  })
  3. Add a user as a developer to the group
  4. Execute Users::Abuse::GitAbuse::NamespaceThrottleService for each project 
    > rails console
> user = User.find(<id_of_developer_user>)
> project1 = Project.find(<id_of_first_project>)
> project2 = Project.find(<id_of_second_project>)
> Users::Abuse::GitAbuse::NamespaceThrottleService.execute(project1, user)
=> {:banned=>false}
> Users::Abuse::ExcessiveProjectsDownloadBanService.execute(project2, user)
=> {:banned=>true}
  5. Check the sent email in http://localhost:3000/rails/letter_opener
  6. Validate that the email indicates the user was auto-banned
    📸 Screen_Shot_2022-10-27_at_12.03.41_PM
  7. Unban the user 
    > rails console
> ::Namespaces::NamespaceBan.destroy_all
  8. Disable auto-banning 
    $ rails console
> group = Group.find(<id_of_your_group>)
> group.namespace_settings.update({
    auto_ban_user_on_excessive_projects_download: false
  })
  9. Execute Users::Abuse::GitAbuse::NamespaceThrottleService for each project 
    > rails console
> user = User.find(<id_of_developer_user>)
> project1 = Project.find(<id_of_first_project>)
> project2 = Project.find(<id_of_second_project>)
> Users::Abuse::GitAbuse::NamespaceThrottleService.execute(project1, user)
=> {:banned=>false}
> Users::Abuse::ExcessiveProjectsDownloadBanService.execute(project2, user)
=> {:banned=>false}
  10. Check the sent email in http://localhost:3000/rails/letter_opener
  11. Validate that the email does not indicate the user was auto-banned
    📸 Screen_Shot_2022-10-27_at_12.06.36_PM

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Michael Kozono

Merge request reports