Skip to content

Wait until ArkoseLabs token is set before resubmitting

Paul Gascou-Vaillancourt requested to merge fix-arkose-labs-resubmit into master

This fixes the ArkoseLabs suppressed challenge logic to ensure that we wait until the token input has been hydrated before re-submitting the form. We previously relied on the onSuppress callback which is called too early for the token to be set. We can instead rely on the onCompleted callback and check the response to determine whether the challenge was suppressed. We then wait a tick before submitting the form to make sure the DOM is up-to-date when making the POST request.

How to reproduce this?

Here's how to reproduce this on Google Chrome:

  1. Make sure you have the 1Password Chrome extension installed.
  2. Checkout the master branch.
  3. Enable the arkose_labs_login_challenge feature flag: 
    echo "Feature.enable(:arkose_labs_login_challenge)" | rails c
  4. Expose the ARKOSE_LABS_PUBLIC_KEY and restart the GDK in the same terminal: 
    export ARKOSE_LABS_PUBLIC_KEY="9F5BDFCD-E895-43B5-8D96-B24E0107B685"
gdk restart
  5. Apply the following patch to bypass the actual token verification step which is not relevant here: 
    diff --git a/ee/app/services/arkose/user_verification_service.rb b/ee/app/services/arkose/user_verification_service.rb
index f531c630675..7a9f25a75bf 100644
--- a/ee/app/services/arkose/user_verification_service.rb
+++ b/ee/app/services/arkose/user_verification_service.rb
@@ -12,6 +12,7 @@ def initialize(session_token:, user:)
     end
 
     def execute
+      return true
       response = Gitlab::HTTP.perform_request(Net::HTTP::Post, arkose_verify_url, body: body).parsed_response
       logger.info(build_message(response))
    Alternatively, you can expose the ARKOSE_LABS_PRIVATE_KEY variable by using the private development key that can be found in GitLab's 1Password engineering vault.
  6. Sign-out of your running GDK instance.
  7. Try signing-in as your usual user with a wrong password at least twice for your account to be marked as needing a challenge.
  8. Load the sign-page again and click on the 1Password icon in the toolbar (do not click on the credentials suggestions right in the form). In the pop-up, click on Auto fill. Screen_Shot_2022-04-18_at_1.40.47_PM
  9. Click on the Sign in button (do not select any other element in the page before clicking on the button).
    • You should see the following error message: Login failed. Please retry from your primary device and network..
  10. Checkout this branch and repeat steps 4 to 7.
    • You should be signed-in without seeing any error message.

Re #359801 (closed)

Edited by Paul Gascou-Vaillancourt

Merge request reports