Accept allow listed sessions

Allows ArkoseLabs sessions that have the allowlisted telltale to
sign-in.

ee/app/services/arkose/user_verification_service.rb

@@ -4,6 +4,7 @@ module Arkose
     attr_reader :url, :session_token, :userid
 
     VERIFY_URL = 'http://verify-api.arkoselabs.com/api/v4/verify'
+    ALLOWLIST_TELLTALE = 'gitlab1-whitelist-qa-team'
 
     def initialize(session_token:, userid:)
       @session_token = session_token
@@ -16,7 +17,7 @@ module Arkose
 
       return false if invalid_token(response)
 
-      challenge_solved?(response) && low_risk?(response)
+      challenge_solved?(response) && (low_risk?(response) || allowlisted?(response))
     rescue StandardError => error
       payload = { session_token: session_token, log_data: userid }
       Gitlab::ExceptionLogFormatter.format!(error, payload)
@@ -57,5 +58,10 @@ module Arkose
       risk_band = response.parsed_response&.dig('session_risk', 'risk_band')
       risk_band.present? ? risk_band != 'High' : true
     end
+
+    def allowlisted?(response)
+      telltale_list = response.parsed_response&.dig('session_details', 'telltale_list') || []
+      telltale_list.include?(ALLOWLIST_TELLTALE)
+    end
   end
 end

ee/spec/services/arkose/user_verification_service_spec.rb

@@ -36,6 +36,17 @@ RSpec.describe Arkose::UserVerificationService do
             allow(Gitlab::HTTP).to receive(:perform_request).and_return(response)
             expect(subject).to be_falsey
           end
+
+          context 'when the session is allowlisted' do
+            before do
+              arkose_ec_response['session_details']['telltale_list'].push(Arkose::UserVerificationService::ALLOWLIST_TELLTALE)
+            end
+
+            it 'returns true' do
+              allow(Gitlab::HTTP).to receive(:perform_request).and_return(response)
+              expect(subject).to be_truthy
+            end
+          end
         end
       end
     end