Require verification methods depending on user's Arkose Labs risk band
- Resolves: gitlab-org/modelops/anti-abuse/team-tasks#83
Depends on: !99202 (merged)
What does this MR do and why?
Update the Identity Verification feature to require new users the appropriate set of verification steps depending on their Arkose Labs risk band.
New user's Arkose Labs risk band | Required verification steps (in order) |
---|---|
'Low' |
|
'Medium' |
Phone Number, Email |
'High' |
Credit Card, Phone Number, Email |
Screenshots or screen recordings
Users with 'Low' Arkose Labs risk band
https://www.loom.com/share/c8cc0847894a4089b3fec41b64de9bac
Users with 'Medium' Arkose Labs risk band
https://www.loom.com/share/ceabfbb0c62741c096a6816e94e44019
Users with 'High' Arkose Labs risk band
https://www.loom.com/share/fd24e91f200c49e8ace09cedfda2f425
Set up
- Enable
arkose_labs_signup_challenge
feature. This feature is responsible for interfacing with Arkose Labs to assign arisk_band
for new users.$ rails console > Feature.enable(:arkose_labs_signup_challenge) > ApplicationSetting.first.update({ arkose_labs_public_api_key: '****', arkose_labs_private_api_key: '****', arkose_labs_namespace: 'client' })
- Enable feature flags for identity verification
$ rails console > Feature.enable(:identity_verification) > Feature.enable(:identity_verification_phone_number) > Feature.enable(:identity_verification_credit_card)
Validate
'Low'
Arkose Labs risk band
User with - Sign up for a new account. After, you should be redirected to the Identity Verification page (
http://localhost:3000/users/identity_verification
) - Update the new user's risk band data to have
'Low'
value$ rails console > u = User.last > risk_band = u.custom_attributes.by_key('arkose_risk_band').first > risk_band.update(value: 'Low')
- Refresh the Identity Verification page
- Validate that only email verification step is shown
'Medium'
Arkose Labs risk band
User with - Update the user's (the same user you created previously) risk band data to have
'Medium'
value$ rails console > u = User.last > risk_band = u.custom_attributes.by_key('arkose_risk_band').first > risk_band.update(value: 'Medium')
- Refresh the Identity Verification page
- Validate that phone number AND email verification steps (in that order) are shown
'High'
Arkose Labs risk band
User with - Update the user's (the same user you created previously) risk band data to have
'High'
value$ rails console > u = User.last > risk_band = u.custom_attributes.by_key('arkose_risk_band').first > risk_band.update(value: 'High')
- Refresh the Identity Verification page
- Validate that credit card, phone number AND email verification steps (in that order) are shown
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Eugie Limpin