Skip to content

Skip ArkoseLabs steps for trial registrations

Eugie Limpin requested to merge el-skip-arkose-for-trial-signups into master

This bug was reported in Slack (internal).

What does this MR do

This MR updates RegistrationsController to skip ArkoseLabs token verification and user data recording steps when the current controller executing is an instance of TrialRegistrationsController (a subclass of RegistrationsController).

... and why?

This change is needed because TrialRegistrationsController reuses new and create actions and views of RegistrationsController that go through the previously mentioned ArkoseLabs token verification and user data recording steps. However, these steps require an ArkoseLabs session token that comes from a Vue application inside the registration form which is not initialized for TrialRegistrationsController#new view (planned in https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/230). The absence of the session token prevents the trial registration process from being completed and the user is stuck with Complete verification to signup error.

Screenshots or screen recordings

before after
Screen_Recording_2023-02-06_at_8.30.07_PM Screen_Recording_2023-02-06_at_8.27.59_PM

How to set up and validate locally

Set up

  1. Toggle relevant feature flags and configure ArkoseLabs integration: 
    $ rails console
> Feature.enable(:arkose_labs_signup_challenge)
> ApplicationSetting.first.update({ arkose_labs_public_api_key: '****', arkose_labs_private_api_key: '****', arkose_labs_namespace: 'client' })
    Notes:
    • Credentials are available in GitLab 1Password Engineering Vault
  2. Start GDK with GITLAB_SIMULATE_SAAS=1 to simulate SaaS

Validate

  1. Go to the trials registration page (http://localhost:3000/-/trial_registrations/new)
  2. Fill up the form the registration form
  3. Click on Continue
  4. Validate that the registration succeeds and no Complete verification to signup error is shown

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Eugie Limpin

Merge request reports