Add phone verification #11346
Add phone verification #11346
Conversation
|
@svenefftinge: Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
started the job as gitpod-build-sefftinge-add-phone-verification-11339.1 because the annotations in the pull request description changed |
svenefftinge
force-pushed
the
sefftinge/add-phone-verification-11339
branch
2 times, most recently
from
6d50167
to
b1626e3
Compare
| if (!user.additionalData) { | ||
| user.additionalData = {}; | ||
| } | ||
| if (!user.additionalData?.profile) { |
There was a problem hiding this comment.
nit: this cascade could be wrapped in a User.updateProfile(partial: Partial<User.Profile>) method.
|
|
||
| volumes = append(volumes, | ||
| corev1.Volume{ | ||
| Name: "stripe-config", |
svenefftinge
force-pushed
the
sefftinge/add-phone-verification-11339
branch
from
b1626e3
to
783f480
Compare
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
svenefftinge
removed
the
meta: stale
svenefftinge
force-pushed
the
sefftinge/add-phone-verification-11339
branch
from
783f480
to
8d2c434
Compare
svenefftinge
force-pushed
the
sefftinge/add-phone-verification-11339
branch
2 times, most recently
from
59c58c3
to
cb6fefd
Compare
️✅ There are no secrets present in this pull request anymore.If these secrets were true positive and are still valid, we highly recommend you to revoke them. 🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request. |
svenefftinge
force-pushed
the
sefftinge/add-phone-verification-11339
branch
2 times, most recently
from
c214fa3
to
e6664fc
Compare
svenefftinge
force-pushed
the
sefftinge/add-phone-verification-11339
branch
2 times, most recently
from
f157d5d
to
887c0a2
Compare
github-actions
bot
added
team: delivery
| if (!this.config.twilioConfig) { | ||
| return false; | ||
| } | ||
| // if (!!user.additionalData?.lastVerificationTime) { |
There was a problem hiding this comment.
I have disabled this code, so it is easier to test multiple times. After a first review I would enable the code again to test the functionality.
| // // we only want to ask new users, so if a user has ever started workspaces before, we trust them. | ||
| // // there might be a few false positives because all workspaces might have been deleted. | ||
| // const workspaces = await this.workspaceDB.findWorkspacesByUser(user.id); | ||
| // return workspaces.length !== 0; |
There was a problem hiding this comment.
@geropl I think it makes sense to check for usage instead?
There was a problem hiding this comment.
Jep, that could work as an indicator, with a threshold > what we see from abusers.
svenefftinge
force-pushed
the
sefftinge/add-phone-verification-11339
branch
from
806714c
to
7f2ab4d
Compare
|
I'm assuming this is only "turned on" in SaaS? |
|
/hold Due to this comment. @svenefftinge While (un-)commenting this part of the code is not harmful we (WebApp) decided after a recent incident that we hide all "dev commits" behind Feature Flags: either the whole feature, or the "dev" part. |
|
Starting to review now. |
|
Thanks for the hold. FWIW the logic for "trusted" if going to get a bit more complex as we don't want to ask every new user. I'll try to judge trustworthiness also based on age of GitHub/GitLab account. The rest is ready for review. |
|
/werft run 👍 started the job as gitpod-build-sefftinge-add-phone-verification-11339.14 |
Jep! I guess that's also something we need/want to fine-tune as we go. |
|
I'm spinning up a preview env and will update the env var on the server deployment, so trillio works. |
| @@ -6,7 +6,7 @@ | |||
|
|
|||
| const inspect: (object: any) => string = require("util").inspect; // undefined in frontend | |||
|
|
|||
| let plainLogging: boolean = false; // set to true during development to get non JSON output | |||
| let plainLogging: boolean = true; // set to true during development to get non JSON output | |||
There was a problem hiding this comment.
This should also be part of the "dev commit". Ideally, we should not need this, at all.
☁️ I think we had a de-jsonifier in the past. Could we use that together with yarn telepresence to avoid the need for this code change? Or maybe set an env var, or similar?
There was a problem hiding this comment.
Yes, I'll remove it as well, of course.
| @@ -85,6 +85,9 @@ export interface GitpodServer extends JsonRpcServer<GitpodClient>, AdminServer, | |||
| getLoggedInUser(): Promise<User>; | |||
| getTerms(): Promise<Terms>; | |||
| updateLoggedInUser(user: Partial<User>): Promise<User>; | |||
| needsVerification(): Promise<boolean>; | |||
There was a problem hiding this comment.
Do we need the method needsVerification()? I don't see it being used in the frontend (anymore). Feels like a leftover from an ealier version?
|
|
||
| async mayStartWorkspace( | ||
| user: User, | ||
| date: Date = new Date(), | ||
| runningInstances: Promise<WorkspaceInstance[]>, | ||
| ): Promise<MayStartWorkspaceResult> { | ||
| try { | ||
| const verification = await this.verificationService.needsVerification(user); |
| } | ||
|
|
||
| public async sendPhoneNumberVerificationToken(ctx: TraceContext, phoneNumber: string): Promise<void> { | ||
| this.checkUser("sendPhoneNumberVerificationToken"); |
There was a problem hiding this comment.
This whole concern feels like it should be part of the EE code-base, and this methods should be empty stubs (like
).There was a problem hiding this comment.
What is the reasoning you believe it should be EE? I have no concerns about making this open-source as I don't see how it could be something we want to monetize.
There was a problem hiding this comment.
Mainly because I thought it would not be that interesting. But have no hard feelings here!
💡 Then the binding should move to the other container: #11346 (comment)
There was a problem hiding this comment.
We should align on a general strategy / view so this is easier to decide for everyone. My take is to put as much as possible into the open-source version, so we have as little concerns as possible in the EE layer which makes code harder to grasp.
There was a problem hiding this comment.
My take is to put as much as possible into the open-source version
That has been our strategy so far, yes, and I agree that it applies to phone verification as well. Put it into the "billing" basket at first, but it's unrelated. 💯 . Sorry for creating confusion here. 🧘
| import { UserDB, WorkspaceDB } from "@gitpod/gitpod-db/lib"; | ||
|
|
||
| @injectable() | ||
| export class VerificationService { |
There was a problem hiding this comment.
Currently this class is part of the community edition, but only bound in the EE container.
As mentioned in GitpodServerImpl, I think it should move to the EE side entirely.
| @@ -86,6 +87,7 @@ export const productionEEContainerModule = new ContainerModule((bind, unbind, is | |||
| bind(BitbucketAppSupport).toSelf().inSingletonScope(); | |||
| bind(GitHubEnterpriseApp).toSelf().inSingletonScope(); | |||
| bind(BitbucketServerApp).toSelf().inSingletonScope(); | |||
| bind(VerificationService).toSelf().inSingletonScope(); | |||
There was a problem hiding this comment.
This was it's only bound for the EE edition. See other comments maybe adjust.
components/server/src/config.ts
Outdated
| @@ -240,6 +253,22 @@ export namespace ConfigFile { | |||
| log.error("Could not load Stripe config", error); | |||
| } | |||
| } | |||
| let twilioConfig: Config["twilioConfig"]; | |||
| log.info("loading twilio config"); | |||
| if (!!env.TWILIO_CONFIG) { | |||
There was a problem hiding this comment.
Why the fallback with the env var? If it's for dev purposes, I think the same can be achieved with pushing and manipulating a Secret.
☁️ We invested a bit of effort last year to move to a central config file which is far easier to reason about (not part of config file? Does not influence the config).
|
I have updated the server deployment, but noticed that there are still styling issues with the phone input. Strangely they are not there when running in dev mode 🙄 |
Reminds me of last week, where a werft job "missed" to pick-up the "with-preview" config: build was green, but was still looking at old code. Update: last job worked, though. |
svenefftinge
force-pushed
the
sefftinge/add-phone-verification-11339
branch
from
7f2ab4d
to
135bc0f
Compare
Description
Adds phone number verification to make abusing Gitpod harder
Related Issue(s)
Fixes #11339
How to test
Release Notes
Documentation
Werft options: