Skip to content

Store arkose scores as abuse trust scores

Juliet Wanjohi requested to merge log-arkose-score-trust-scores-table into master

What does this MR do and why?

This MR saves the arkose_global_score and arkose_custom_score into the abuse trust scores table that was created in this MR as part of an effort to store abuse scores from various systems and track these over time.

Related issue - https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/225

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

  1. Enable the :arkose_labs_signup_challenge feature flag on the Rails console: 
    $ rails console
Feature.enable(:arkose_labs_signup_challenge)
  2. Configure the Arkose Labs credentials (available in GitLab 1PasswordEngineering Vault): 
    $ rails console
> ApplicationSetting.first.update({ arkose_labs_public_api_key: '*****', arkose_labs_private_api_key: '*****', arkose_labs_namespace: 'client' })
  3. Force Arkose Labs to always require the user to solve the challenge. Update ee/app/assets/javascripts/arkose_labs/components/sign_up_arkose_app.vue: 
     arkoseObject.setConfig({
  data: { id: 'ML_defence' }, // ADD THIS LINE
  mode: 'inline',
  selector: `.${this.arkoseContainerClass}`,
  onShown: this.onArkoseLabsIframeShown,
  onCompleted: this.passArkoseLabsChallenge,
 });
  4. Visit the registration page at http://localhost:3000/users/sign_up.
  5. Register a new user by filling in the user details and solve the sign up challenge.
  6. Check that the Arkose global and custom scores have been stored in the abuse_trust_scores table: 
    $ rails console
> new_user = User.last
> new_user.arkose_global_score
=> 70.0
> new_user.arkose_custom_score
=> 0.0
> new_user.abuse_trust_scores
=> [#<Abuse::TrustScore:0x00000001586d3bd0
id: 13,
user_id: 48,
score: 0.0,
created_at: Thu, 18 May 2023 10:13:54.321101000 UTC +00:00,
updated_at: Thu, 18 May 2023 10:13:54.321101000 UTC +00:00,
source: "arkose_custom_score",
correlation_id_value: "01H0Q5M36ZZ0CB8VFHTVWJWSJV">,
#<Abuse::TrustScore:0x00000001586d3ab8
id: 12,
user_id: 48,
score: 70.0,
created_at: Thu, 18 May 2023 10:13:54.312858000 UTC +00:00,
updated_at: Thu, 18 May 2023 10:13:54.312858000 UTC +00:00,
source: "arkose_global_score",
correlation_id_value: "01H0Q5M36ZZ0CB8VFHTVWJWSJV">]

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Juliet Wanjohi

Merge request reports