Skip to content

Include user's ip address in Telesign Intelligence API request

Eugie Limpin requested to merge el-include-user-ip-addr-telesign-intel-api-request into master

Implements https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/761.

What does this MR do and why?

This MR updates the payload of Telesign Intelligence API request to include the user's ip address.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Sample log with new fields related to Telesign Intel API response

{
  "severity": "INFO",
  "time": "2024-06-10T07:06:15.385Z",
  "correlation_id": "01J00FG2YGF8CA6H674GZ42MJ0",
  "meta.caller_id": "Users::RegistrationsIdentityVerificationController#send_phone_verification_code",
  "meta.remote_ip": "127.0.0.1",
  "meta.feature_category": "instance_resiliency",
  "meta.client_id": "ip/127.0.0.1",
  "class": "PhoneVerification::TelesignClient::RiskScoreService",
  "message": "IdentityVerification::Phone",
  "event": "Received a risk score for a phone number from Telesign",
  "telesign_reference_id": "364003E03B44071C930740856890149C",
  "telesign_response": "Transaction successfully completed",
  "telesign_status_code": "200",
  "username": "jun246329",
  "telesign_risk_score": 145,
  "telesign_risk_level": "very-low",
  "telesign_risk_category": [
    10021
  ],
  "email": "jun246329@ex.com",
  "ip_address": "127.0.0.1"
}

How to set up and validate locally

  1. Start GDK simulating SaaS

    $ export GITLAB_SIMULATE_SAAS=1
$ gdk start

  2. Enable FFs and update some settings

    $ rails c
> Feature.enable(:identity_verification)
> Feature.enable(:identity_verification_phone_number)
> ApplicationSetting.first.update(email_confirmation_setting: 'hard', require_admin_approval_after_user_signup: false)

  3. Setup Telesign

    $ rails c
> ApplicationSetting.first.update(telesign_customer_xid: '<value_is_in_1Pass>', telesign_api_key: '<value_is_in_1Pass>')

    Credentials are in 1Password under Telesign API Keys (use GITLAB - DEVELOPMENT)

  4. Setup Arkose

    > ApplicationSetting.first.update(arkose_labs_public_api_key: "XXX", arkose_labs_private_api_key: "YYY", )
> ApplicationSetting.first.update(arkose_labs_data_exchange_key: "ZZZ")

    Note: credentials are in 1Password under ArkoseLabs API keys (DEVELOPMENT)

  5. Tail logs

    tail -f log/application_json.log

  6. Go to http://localhost:3000/users/sign_up, fill in the signup form, and then click Register

  7. Set the new user's Arkose risk score to 'Medium'. This will require the user to verify their email, and phone number.

    $ rails c
> User.last.custom_attributes.find_by_key('arkose_risk_band').update(value: 'Medium')

  8. Update the user's confirmed_at in Rails console. This marks them as email-verified and move them on to phone number verification step

    $ rails c
> User.last.update(confirmed_at: Time.now)

  9. Refresh the page

  10. Enter a phone number and click Send code

  11. Verify that a log similar to the following is recorded

    {
  "severity": "INFO",
  ...
  "meta.caller_id": "Users::RegistrationsIdentityVerificationController#send_phone_verification_code",
  ...
  "class": "PhoneVerification::TelesignClient::RiskScoreService",
  "message": "IdentityVerification::Phone",
  "event": "Received a risk score for a phone number from Telesign",
  "telesign_reference_id": "364003E03B44071C930740856890149C",
  "telesign_response": "Transaction successfully completed",
  "telesign_status_code": "200",
  "username": "jun246329",
  "telesign_risk_score": 145,
  "telesign_risk_level": "very-low",
  "telesign_risk_category": [
    10021
  ],
  "email": "jun246329@ex.com",
  "ip_address": "127.0.0.1"
}
Edited by Eugie Limpin

Merge request reports