Wait until ArkoseLabs token is set before resubmitting
This fixes the ArkoseLabs suppressed challenge logic to ensure that we
wait until the token input has been hydrated before re-submitting the
form.
We previously relied on the onSuppress
callback which is called too
early for the token to be set. We can instead rely on the onCompleted
callback and check the response to determine whether the challenge was
suppressed. We then wait a tick before submitting the form to make sure
the DOM is up-to-date when making the POST request.
How to reproduce this?
Here's how to reproduce this on Google Chrome:
- Make sure you have the 1Password Chrome extension installed.
- Checkout the
master
branch. - Enable the
arkose_labs_login_challenge
feature flag:echo "Feature.enable(:arkose_labs_login_challenge)" | rails c
- Expose the
ARKOSE_LABS_PUBLIC_KEY
and restart the GDK in the same terminal:export ARKOSE_LABS_PUBLIC_KEY="9F5BDFCD-E895-43B5-8D96-B24E0107B685" gdk restart
- Apply the following patch to bypass the actual token verification step which is not relevant here:
diff --git a/ee/app/services/arkose/user_verification_service.rb b/ee/app/services/arkose/user_verification_service.rb index f531c630675..7a9f25a75bf 100644 --- a/ee/app/services/arkose/user_verification_service.rb +++ b/ee/app/services/arkose/user_verification_service.rb @@ -12,6 +12,7 @@ def initialize(session_token:, user:) end def execute + return true response = Gitlab::HTTP.perform_request(Net::HTTP::Post, arkose_verify_url, body: body).parsed_response logger.info(build_message(response))
ARKOSE_LABS_PRIVATE_KEY
variable by using the private development key that can be found in GitLab's 1Password engineering vault. - Sign-out of your running GDK instance.
- Try signing-in as your usual user with a wrong password at least twice for your account to be marked as needing a challenge.
- Load the sign-page again and click on the 1Password icon in the toolbar (do not click on the credentials suggestions right in the form). In the pop-up, click on
Auto fill
. -
Click on the
Sign in
button (do not select any other element in the page before clicking on the button).- You should see the following error message:
Login failed. Please retry from your primary device and network.
.
- You should see the following error message:
- Checkout this branch and repeat steps 4 to 7.
- You should be signed-in without seeing any error message.
Edited by Paul Gascou-Vaillancourt