Handle arkose outage on sign-in
What does this MR do and why?
-
Partially resolves https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/384. This MR only handles arkose outage on sign-in.
-
Arkose is a third-party service we use to display captcha's on sign-in and sign-up.
-
Previously, if Arkose would fail to load, we would display the error message to the user and prevent sign-in. This was a degraded user-experience since we don't want users to be prevented from logging-in if there is an Arkose outage.
-
In this MR:
- If there is an error loading Arkose, we will log the error, then check if Arkose's status API shows an outage. If there is an outage -> then let the user sign-in. If not, then display an error.
- Reference: Arkose's troubleshooting docs
Screenshots or screen recordings
Before | After (arkose has an outage) | After (arkose is operational) |
---|---|---|
arkose-outage-before | arkose-outage-after | arkose-operational-after |
How to set up and validate locally
Setting-up Arkose
- In rails console, enable the feature flag and configure Arkose (credentials can be found in 1Password)
> Feature.enable(:arkose_labs_login_challenge)
> ApplicationSetting.first.update(arkose_labs_public_api_key: "X", arkose_labs_private_api_key: "X")
- To trigger Arkose on sign-in, update a user's failed_attempt to > 3
> User.first.update(failed_attempts: 4)
Simulate Arkose Error
- Then try to enter your username on the
users/sign_in
page. You should seehttps://client-api.arkoselabs.com/v2/../api.js
being loaded in theNetwork
tab. - Block the Arkose script:
![](/-/project/278964/uploads/48e2e790b274e546611e4805d6336797/Screenshot_2023-07-19_at_1.09.44_pm.png)
-
Refresh the page and try signing-in. You should see an error message saying
Unable to verify the user.
. -
Simulate an arkose outage by applying the following patch:
diff --git a/ee/app/services/arkose/status_service.rb b/ee/app/services/arkose/status_service.rb
index 33f6e0fdaec6..0d5af086c2f3 100644
--- a/ee/app/services/arkose/status_service.rb
+++ b/ee/app/services/arkose/status_service.rb
@@ -7,7 +7,8 @@ class StatusService
def self.execute
response = Gitlab::HTTP.perform_request(Net::HTTP::Get, ARKOSE_STATUS_URL, {}).parsed_response
- indicator = response.dig('status', 'indicator')
+ # indicator = response.dig('status', 'indicator')
+ indicator = 'critical'
return ServiceResponse.success if indicator == ARKOSE_SUCCESS_INDICATOR
- Now try to sign-in again. You will see an error in the console, but it will let you sign-in.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.