Send Data Exchange payload to ArkoseLabs during OAuth signup
What does this MR do and why?
Resolves https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/611.
This MR updates the Vue application that initializes the ArkoseLabs challenge required for OAuth users during Identity Verification. The Vue application is updated to include Data Exchange payload during ArkoseLabs session initialization similar to what was done in !139070 (merged).
Data Exchange lets Arkose customers pass extra telemetry data ... between their servers and Arkose Labs servers. This happens when a new Arkose session is created. By augmenting the data Arkose Labs already collects with data that only our customers can collect, we can improve the Platform’s effectiveness.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screen_Recording_2024-02-20_at_3.01.53_PM
How to set up and validate locally
-
Enable the relevant feature flags
> Feature.enable(:identity_verification) > Feature.enable(:arkose_labs_signup_challenge) > Feature.enable(:arkose_labs_signup_data_exchange)
-
Configure application settings
> ApplicationSetting.first.update(arkose_labs_public_api_key: "XXX", arkose_labs_private_api_key: "YYY", ) > ApplicationSetting.first.update(arkose_labs_data_exchange_key: "ZZZ") > ApplicationSetting.first.update(email_confirmation_setting: "hard", require_admin_approval_after_user_signup: false)
Note: credentials are in 1Password under
ArkoseLabs API keys (DEVELOPMENT)
-
(Optional) Force Arkose to always show a challenge
# ee/app/helpers/ee/registrations_helper.rb def arkose_labs_data_exchange_payload use_case = Arkose::DataExchangePayload::USE_CASE_SIGN_UP # show_challenge = # PhoneVerification::Users::RateLimitService.daily_transaction_hard_limit_exceeded? # Remove this show_challenge = true # Add this Arkose::DataExchangePayload.new( request, use_case: use_case, require_challenge: show_challenge ).build end
-
Monitor logs. In your terminal,
tail -f log/application_json.log
-
Create a test user using Rails console
> user = FactoryBot.create(:user, :unconfirmed, email: 'a_unique_email@ex.com', username: 'a_unique_username', password: 'badpassword') > FactoryBot.create(:identity, provider: 'google_oauth2', user: user)
-
Login with the test user
-
(Optional) Verify that you see the ArkoseLabs challenge page
-
(Optional) Solve the puzzle
-
Verify that you see the Identity Verification page where you are required to verify your email
-
On the logs, search for
"message":"Arkose verify response"
-
On the same log entry, verify that
"arkose.data_exchange_blob_received":true,"arkose.data_exchange_blob_decrypted":true
is present