Bypass reCAPTCHA for Gitlab QA
Resolves: https://gitlab.com/gitlab-org/quality/team-tasks/-/issues/1469
What does this MR do and why?
Update the condition to present reCAPTCHA to check for the presence of ENV['GITLAB_QA_USER_AGENT']
value. If it is present and the current request's user agent matches it's value, the condition returns false
. This enables QA tests to bypass reCAPTCHA.
This change affects the following features that use reCAPTCHA when recaptcha_enabled
application setting is true
:
- Sign in
- When
login_recaptcha_protection_enabled
setting istrue
ANDexceeded_failed_login_attempts? || exceeded_anonymous_sessions?
- When
'X-GitLab-Show-Login-Captcha'
header is set
- When
- Signup
- Password reset
- Resend email confirmation instructions
- Top-level group creation
- When
recaptcha_on_top_level_group_creation
ops feature flag is enabled
- When
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
How to set up and validate locally
-
Take note of your browser user agent
In Firefox and Chrome you can do this by typing
navigator.userAgent
in the developer console -
Start GDK
-
Enable
recaptcha_enabled
application setting and configure reCAPTCHA credentials$ rails console > ApplicationSetting.first.update(recaptcha_enabled: true) => true # These are test keys from Google. See https://developers.google.com/recaptcha/docs/faq#id-like-to-run-automated-tests-with-recaptcha.-what-should-i-do ApplicationSetting.first.update(recaptcha_site_key: "6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI") => true ApplicationSetting.first.update(recaptcha_private_key: "6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe") => true
-
Go to the registration page: http://localhost/users/sign_up
-
Verify that reCAPTCHA is presented
-
Stop GDK, set
GITLAB_QA_USER_AGENT
environment variable with the value you took note of in (1), then restart GDK$ gdk stop $ echo GITLAB_QA_USER_AGENT="<your browser's user agent>" $ gdk restart
-
Go to the registration page: http://localhost/users/sign_up
-
Verify that reCAPTCHA is NOT presented
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.