Merge branch 'mc_rocha-improve-arkose-response-log' into 'master'

Improve Arkose verify response logs See merge request gitlab-org/gitlab!84615

Merge branch 'mc_rocha-improve-arkose-response-log' into 'master'
Improve Arkose verify response logs See merge request gitlab-org/gitlab!84615
0b25654e · Stan Hu · 9816077a · a08734ad · 0b25654e · 0b25654e
Commit 0b25654e authored Apr 08, 2022 by Stan Hu
3 changed files
--- a/ee/app/services/arkose/user_verification_service.rb
+++ b/ee/app/services/arkose/user_verification_service.rb
@@ -13,7 +13,7 @@ module Arkose

    def execute
      response = Gitlab::HTTP.perform_request(Net::HTTP::Post, VERIFY_URL, body: body).parsed_response
-      logger.info(build_message("Arkose verify response: #{response}"))
+      logger.info(build_message(response))

      return false if invalid_token(response)

@@ -24,7 +24,7 @@ module Arkose
      payload = { session_token: session_token, log_data: user.id }
      Gitlab::ExceptionLogFormatter.format!(error, payload)
      Gitlab::ErrorTracking.track_exception(error)
-      logger.error(build_message("Error verifying user on Arkose: #{payload}"))
+      logger.error("Error verifying user on Arkose: #{payload}")

      true
    end
@@ -66,6 +66,18 @@ module Arkose
      response&.dig('session_details', 'session') || 'Unavailable'
    end

+    def risk_category(response)
+      response&.dig('session_risk', 'risk_category') || 'Unavailable'
+    end
+
+    def global_telltale_list(response)
+      response&.dig('session_risk', 'global', 'telltales') || 'Unavailable'
+    end
+
+    def custom_telltale_list(response)
+      response&.dig('session_risk', 'custom', 'telltales') || 'Unavailable'
+    end
+
    def body
      {
        private_key: Settings.arkose['private_key'],
@@ -78,8 +90,26 @@ module Arkose
      Gitlab::AppLogger
    end

-    def build_message(message)
-      Gitlab::ApplicationContext.current.merge(message: message)
+    def build_message(response)
+      Gitlab::ApplicationContext.current.symbolize_keys.merge(
+        {
+          message: 'Arkose verify response',
+          response: response,
+          username: user.username
+        }.merge(arkose_payload(response))
+      )
+    end
+
+    def arkose_payload(response)
+      {
+        'arkose.session_id': session_id(response),
+        'arkose.global_score': global_score(response),
+        'arkose.global_telltale_list': global_telltale_list(response),
+        'arkose.custom_score': custom_score(response),
+        'arkose.custom_telltale_list': custom_telltale_list(response),
+        'arkose.risk_band': risk_band(response),
+        'arkose.risk_category': risk_category(response)
+      }
    end

    def invalid_token(response)
@@ -92,7 +122,7 @@ module Arkose
    end

    def low_risk?(response)
-      risk_band = response&.dig('session_risk', 'risk_band')
+      risk_band = risk_band(response)
      risk_band.present? ? risk_band != 'High' : true
    end


--- a/ee/spec/fixtures/arkose/successfully_solved_ec_response.json
+++ b/ee/spec/fixtures/arkose/successfully_solved_ec_response.json
@@ -75,6 +75,7 @@
    "timezone": "Australia/Sydney"
  },
  "session_risk": {
+    "risk_category": "NO-THREAT",
    "risk_band": "Low",
    "global": {
      "score": "0",

--- a/ee/spec/services/arkose/user_verification_service_spec.rb
+++ b/ee/spec/services/arkose/user_verification_service_spec.rb
@@ -41,6 +41,26 @@ RSpec.describe Arkose::UserVerificationService do
          expect(user.custom_attributes.find_by(key: 'arkose_custom_score').value).to eq('0')
        end

+        it 'logs Arkose verify response' do
+          allow(Gitlab::HTTP).to receive(:perform_request).and_return(response)
+          allow(Gitlab::AppLogger).to receive(:info)
+          allow(Gitlab::ApplicationContext).to receive(:current).and_return({ 'correlation_id': 'be025cf83013ac4f52ffd2bf712b11a2' })
+
+          subject
+
+          expect(Gitlab::AppLogger).to have_received(:info).with(correlation_id: 'be025cf83013ac4f52ffd2bf712b11a2',
+                                                                 message: 'Arkose verify response',
+                                                                 response: arkose_ec_response,
+                                                                 username: user.username,
+                                                                 'arkose.session_id': '22612c147bb418c8.2570749403',
+                                                                 'arkose.global_score': '0',
+                                                                 'arkose.global_telltale_list': [],
+                                                                 'arkose.custom_score': '0',
+                                                                 'arkose.custom_telltale_list': [],
+                                                                 'arkose.risk_band': 'Low',
+                                                                 'arkose.risk_category': 'NO-THREAT')
+        end
+
        context 'when the risk score is high' do
          let(:arkose_ec_response) { Gitlab::Json.parse(File.read(Rails.root.join('ee/spec/fixtures/arkose/successfully_solved_ec_response_high_risk.json'))) }