Commit a08734ad authored by Marcos Rocha's avatar Marcos Rocha Committed by Stan Hu

Improve Arkose verify response logs

Previously it was difficult to associate an Arkose response with a user.
This commit adds the username to the logs, as well as other fields
extracted from the Arkose response (tell-tale labels, risk score, etc.)
in a structured format so that they can indexed and searched properly.
parent 3ca6af6c
......@@ -13,7 +13,7 @@ module Arkose
def execute
response = Gitlab::HTTP.perform_request(Net::HTTP::Post, VERIFY_URL, body: body).parsed_response
logger.info(build_message("Arkose verify response: #{response}"))
logger.info(build_message(response))
return false if invalid_token(response)
......@@ -24,7 +24,7 @@ module Arkose
payload = { session_token: session_token, log_data: user.id }
Gitlab::ExceptionLogFormatter.format!(error, payload)
Gitlab::ErrorTracking.track_exception(error)
logger.error(build_message("Error verifying user on Arkose: #{payload}"))
logger.error("Error verifying user on Arkose: #{payload}")
true
end
......@@ -66,6 +66,18 @@ module Arkose
response&.dig('session_details', 'session') || 'Unavailable'
end
def risk_category(response)
response&.dig('session_risk', 'risk_category') || 'Unavailable'
end
def global_telltale_list(response)
response&.dig('session_risk', 'global', 'telltales') || 'Unavailable'
end
def custom_telltale_list(response)
response&.dig('session_risk', 'custom', 'telltales') || 'Unavailable'
end
def body
{
private_key: Settings.arkose['private_key'],
......@@ -78,8 +90,26 @@ module Arkose
Gitlab::AppLogger
end
def build_message(message)
Gitlab::ApplicationContext.current.merge(message: message)
def build_message(response)
Gitlab::ApplicationContext.current.symbolize_keys.merge(
{
message: 'Arkose verify response',
response: response,
username: user.username
}.merge(arkose_payload(response))
)
end
def arkose_payload(response)
{
'arkose.session_id': session_id(response),
'arkose.global_score': global_score(response),
'arkose.global_telltale_list': global_telltale_list(response),
'arkose.custom_score': custom_score(response),
'arkose.custom_telltale_list': custom_telltale_list(response),
'arkose.risk_band': risk_band(response),
'arkose.risk_category': risk_category(response)
}
end
def invalid_token(response)
......@@ -92,7 +122,7 @@ module Arkose
end
def low_risk?(response)
risk_band = response&.dig('session_risk', 'risk_band')
risk_band = risk_band(response)
risk_band.present? ? risk_band != 'High' : true
end
......
......@@ -75,6 +75,7 @@
"timezone": "Australia/Sydney"
},
"session_risk": {
"risk_category": "NO-THREAT",
"risk_band": "Low",
"global": {
"score": "0",
......
......@@ -41,6 +41,26 @@ RSpec.describe Arkose::UserVerificationService do
expect(user.custom_attributes.find_by(key: 'arkose_custom_score').value).to eq('0')
end
it 'logs Arkose verify response' do
allow(Gitlab::HTTP).to receive(:perform_request).and_return(response)
allow(Gitlab::AppLogger).to receive(:info)
allow(Gitlab::ApplicationContext).to receive(:current).and_return({ 'correlation_id': 'be025cf83013ac4f52ffd2bf712b11a2' })
subject
expect(Gitlab::AppLogger).to have_received(:info).with(correlation_id: 'be025cf83013ac4f52ffd2bf712b11a2',
message: 'Arkose verify response',
response: arkose_ec_response,
username: user.username,
'arkose.session_id': '22612c147bb418c8.2570749403',
'arkose.global_score': '0',
'arkose.global_telltale_list': [],
'arkose.custom_score': '0',
'arkose.custom_telltale_list': [],
'arkose.risk_band': 'Low',
'arkose.risk_category': 'NO-THREAT')
end
context 'when the risk score is high' do
let(:arkose_ec_response) { Gitlab::Json.parse(File.read(Rails.root.join('ee/spec/fixtures/arkose/successfully_solved_ec_response_high_risk.json'))) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment