Skip to content

Add missing actions for Opt-in Identity Verification controller

Eugie Limpin requested to merge el-optional-iv-send-verify-phone-code-actions into master

Implements the following tasks for https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/629:

  1. Implement new identity verification flow send and verify phone number verification code
  2. Implement new identity verification flow verify credit card
  3. Implement new identity verification flow toggle_phone_verification_exemption and success actions

Context

Currently, users go through identity verification as part of the signup process. Moving forward, we want to allow users1 that have already started using Gitlab to go through an opt-in identity verification process where they can verify a phone number in exchange for in-app benefits (e.g. ability to run more pipelines, create more groups, etc.).

See https://gitlab.com/groups/gitlab-org/modelops/anti-abuse/-/epics/32+ for more info.

1 Limited to users that did not go through phone number and/or credit card verification during signup.

What does this MR do?

Add page for new Identity Verification flow (!147068 - merged) added the controller that handles opt-in identity verification. This controller inherits the same actions used in identity verification during sign-up (see BaseIdentityVerificationController).

This MR adds the routes to expose the inherited identity verification actions from BaseIdentityVerificationController. This makes the following functionalities of the opt-in identity verification operational:

  1. Send phone number verification code (send_phone_verification_code)
  2. Verify phone number verification code (verify_phone_verification_code)
  3. Verify credit card (verify_credit_card)
  4. Toggle between phone number or credit card verification (toggle_phone_exemption)

What is not in this MR?

This MR does not include feature specs that cover the new routes. Those will be added in Add feature specs for Opt-in Identity Verification (!148300 - merged).

Frontend changes

Frontend changes mainly comprise of refactors (rename, data restructure) that are required to match the changes made to data passed from the backend.

Before: data sent from backend 
{
  ...
  "credit_card": {
    "user_id": 185,
    "form_id": "cc_registration_validation",
    "verify_credit_card_path": "/users/identity_verification/verify_credit_card",
    "verify_captcha_path": "/users/identity_verification/verify_credit_card_captcha",
    "show_recaptcha_challenge": "false"
  },
  "phone_number": {
    "send_code_path": "/users/identity_verification/send_phone_verification_code",
    "verify_code_path": "/users/identity_verification/verify_phone_verification_code",
    "enable_arkose_challenge": "false",
    "show_arkose_challenge": "false",
    "show_recaptcha_challenge": "false"
  },
  ...
}
After: data sent from backend

Changes:

  1. Paths are unnested from inside phone_number and credit_card and then renamed
  2. show_recaptcha_challenge is renamed to credit_card_challenge_on_verify and unnested from credit_card 
{
  ...
  "phone_exemption_path": "/users/identity_verification/toggle_phone_exemption",
  "phone_send_code_path": "/users/identity_verification/send_phone_verification_code",
  "phone_verify_code_path": "/users/identity_verification/verify_phone_verification_code",
  "credit_card_verify_path": "/users/identity_verification/verify_credit_card",
  "credit_card_challenge_on_verify": false,
  "credit_card_verify_captcha_path": "/users/identity_verification/verify_credit_card_captcha"
  ...
  "credit_card": {
    "user_id": 185,
    "form_id": "cc_registration_validation"
  },
  "phone_number": {
    "enable_arkose_challenge": "false",
    "show_arkose_challenge": "false",
    "show_recaptcha_challenge": "false"
  },
  ...
}

One other change is the update to /users/identity_verification/components/credit_card_verification.vue where the POST request to creditCardVerifyCaptchaPath is only sent when creditCardChallengeOnVerify is true. creditCardChallengeOnVerify is true for Signup Identity Verification and false for Opt-in Identity Verification.

Backend changes

  1. Add routes that expose actions inherited by IdentityVerificationController from BaseIdentityVerificationController
  2. Override success action of BaseIdentityVerificationController
  3. Refactor *identity_verification_data helper methods to simplify code reuse between Signup Identity Verification and Opt-in Identity Verification flows
  4. Redefine specs in registrations_identity_verification_controller_spec.rb as shared_examples and move them to identity_verification_shared_examples.rb so they can be reused to test actions of IdentityVerificationController

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

  1. Enable opt_in_identity_verification FF

    $ rails c
> Feature.enable(:opt_in_identity_verification)

  2. Setup Telesign

    $ rails c
> ApplicationSetting.first.update(telesign_customer_xid: '<value_is_in_1Pass>', telesign_api_key: '<value_is_in_1Pass>')

    Credentials are in 1Password under Telesign API Keys (use GITLAB - DEVELOPMENT)

  3. Login with root user

  4. Go to http://localhost:3000/-/identity_verification

  5. Validate that you can go through phone number verification successfully

Edited by Eugie Limpin

Merge request reports