Show reCAPTCHA on trial registration (!113176) · Merge requests · GitLab.org / GitLab

Eugie Limpin requested to merge el-fix-recaptcha-trial-registration into master Mar 01, 2023

Resolves https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/246

Context

In collaboration with groupacquisition rollout of ArkoseLabs integration will be separate for trial registration flow (/-/trial_registrations/new) and free registration flow (/users/sign_up). To allow that separation, ArkoseLabs was skipped during trial registration flow in !111156 (merged).

What does this MR do and why?

This MR fixes the regression introduced in !111156 (merged).

It updates the logic that determines whether ArkoseLabs challenge or reCAPTCHA should be shown to the user during free signup flow and trial signup flow.

Problem: `reCAPTCHA` is not required for users when signing up through `TrialRegistrationsController`

# Assume ::Arkose::Settings.enabled_for_signup? returns true

# TrialRegistrationsController
def arkose_labs_enabled?
  false
end

# EE::RegistrationsController
def arkose_labs_enabled?
  ::Arkose::Settings.enabled_for_signup?
end

# Used by TrialRegistrationsController AND EE::RegistrationsController
# ee/app/helpers/ee/registrations_helper.rb
def arkose_labs_challenge_enabled?
  ::Arkose::Settings.enabled_for_signup?
end

# Used by TrialRegistrationsController AND EE::RegistrationsController
# app/views/devise/shared/_signup_box.html.haml
- if arkose_labs_challenge_enabled?
  # render ArkoseLabs challenge FE code
- elsif show_recaptcha_sign_up?
  # render reCAPTCHA FE code

‼ take note of the subtle difference (_challenge) between the method names arkose_labs_enabled? and arkose_labs_challenge_enabled?

TrialRegistrationsController skips ArkoseLabs (correct behavior) verification step in the backend by overriding arkose_labs_enabled? to return false. However, because arkose_labs_challenge_enabled? is used in app/views/devise/shared/_signup_box.html.haml (returns true when used by TrialRegistrationsController), ArkoseLabs frontend code is loaded instead of reCAPTCHA.

Controller	`arkose_labs_challenge_enabled?` (FE)	`arkose_labs_enabled?` (BE)	Frontend challenge displayed	Backend challenge verification
`CE::RegistrationsController`	`false`	-	reCAPTCHA	reCAPTCHA
`TrialRegistrationsController`	`true`	`false`	ArkoseLabs	skipped
`EE::RegistrationsController`	`true`	`true`	ArkoseLabs	ArkoseLabs

Solution

# Assume ::Arkose::Settings.enabled_for_signup? returns true

# CE::RegistrationsController
helper_method :arkose_labs_enabled?

def arkose_labs_enabled?
  false
end

# TrialRegistrationsController
def arkose_labs_enabled?
  false
end

# EE::RegistrationsController
def arkose_labs_enabled?
  ::Arkose::Settings.enabled_for_signup?
end

# Used by TrialRegistrationsController AND EE::RegistrationsController
# app/views/devise/shared/_signup_box.html.haml
- if arkose_labs_enabled?
  # render ArkoseLabs challenge FE code
- elsif show_recaptcha_sign_up?
  # render reCAPTCHA FE code

Here, we define arkose_labs_enabled? in CE::RegistrationsController and use it in app/views/devise/shared/_signup_box.html.haml.

This fixes the problem because arkose_labs_enabled? is now used both in FE and BE and is correctly overridden by TrialRegistrationsController to return false and EE::RegistrationsController to return true.

Controller	`arkose_labs_enabled?` (FE & BE)	Frontend challenge displayed	Backend challenge verification
`CE::RegistrationsController`	`false`	reCAPTCHA	reCAPTCHA
`TrialRegistrationsController`	`false`	reCAPTCHA	reCAPTCHA
`EE::RegistrationsController`	`true`	ArkoseLabs	ArkoseLabs

Screenshots or screen recordings

Note: reCAPTCHA is enabled for all demos shown below

Flow	ArkoseLabs enabled	ArkoseLabs disabled
Trial (`/-/trial_registrations/new`)	Screen_Recording_2023-03-01_at_2.25.40_PM	same
Free (`/users/sign_up`)	Screen_Recording_2023-03-01_at_2.39.49_PM	Screen_Recording_2023-03-01_at_2.37.14_PM

How to set up and validate locally

Set up

Toggle relevant feature flags and configure ArkoseLabs integration:

$ rails console
> Feature.enable(:arkose_labs_signup_challenge)
> ApplicationSetting.first.update({ arkose_labs_public_api_key: '****', arkose_labs_private_api_key: '****', arkose_labs_namespace: 'client' })

Notes:

Credentials are available in GitLab 1Password Engineering Vault

Start GDK with GITLAB_SIMULATE_SAAS=1 to simulate SaaS
Enable reCAPTCHA on signup

Validate

Go to the trials registration page (http://localhost:3000/-/trial_registrations/new)
Validate that reCAPTCHA is shown
Fill up the form the registration form
Click on Continue
Validate that the registration succeeds

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Mar 06, 2023 by Eugie Limpin

Show reCAPTCHA on trial registration