Accept allow listed sessions

Allows ArkoseLabs sessions that have the allowlisted telltale to
sign-in.
parent 0ca1e792
...@@ -4,6 +4,7 @@ module Arkose ...@@ -4,6 +4,7 @@ module Arkose
attr_reader :url, :session_token, :userid attr_reader :url, :session_token, :userid
VERIFY_URL = 'http://verify-api.arkoselabs.com/api/v4/verify' VERIFY_URL = 'http://verify-api.arkoselabs.com/api/v4/verify'
ALLOWLIST_TELLTALE = 'gitlab1-whitelist-qa-team'
def initialize(session_token:, userid:) def initialize(session_token:, userid:)
@session_token = session_token @session_token = session_token
...@@ -16,7 +17,7 @@ module Arkose ...@@ -16,7 +17,7 @@ module Arkose
return false if invalid_token(response) return false if invalid_token(response)
challenge_solved?(response) && low_risk?(response) challenge_solved?(response) && (low_risk?(response) || allowlisted?(response))
rescue StandardError => error rescue StandardError => error
payload = { session_token: session_token, log_data: userid } payload = { session_token: session_token, log_data: userid }
Gitlab::ExceptionLogFormatter.format!(error, payload) Gitlab::ExceptionLogFormatter.format!(error, payload)
...@@ -57,5 +58,10 @@ module Arkose ...@@ -57,5 +58,10 @@ module Arkose
risk_band = response.parsed_response&.dig('session_risk', 'risk_band') risk_band = response.parsed_response&.dig('session_risk', 'risk_band')
risk_band.present? ? risk_band != 'High' : true risk_band.present? ? risk_band != 'High' : true
end end
def allowlisted?(response)
telltale_list = response.parsed_response&.dig('session_details', 'telltale_list') || []
telltale_list.include?(ALLOWLIST_TELLTALE)
end
end end
end end
...@@ -36,6 +36,17 @@ RSpec.describe Arkose::UserVerificationService do ...@@ -36,6 +36,17 @@ RSpec.describe Arkose::UserVerificationService do
allow(Gitlab::HTTP).to receive(:perform_request).and_return(response) allow(Gitlab::HTTP).to receive(:perform_request).and_return(response)
expect(subject).to be_falsey expect(subject).to be_falsey
end end
context 'when the session is allowlisted' do
before do
arkose_ec_response['session_details']['telltale_list'].push(Arkose::UserVerificationService::ALLOWLIST_TELLTALE)
end
it 'returns true' do
allow(Gitlab::HTTP).to receive(:perform_request).and_return(response)
expect(subject).to be_truthy
end
end
end end
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment