doc/development/identity_verification.md
For information on this feature that are not development-specific, see the feature documentation.
You can triage and debug issues raised by identity verification with the GitLab production logs.
To view logs associated to the email stage for a user:
Query the GitLab production logs with the following KQL:
json.controller:"RegistrationsIdentityVerificationController" AND json.username:replace_username_here
Valuable debugging information can be found in the json.action and json.location columns.
To view logs associated to the phone stage for a user:
Query the GitLab production logs with the following KQL:
json.message: "IdentityVerification::Phone" AND json.username:replace_username_here
On rows where json.event is Failed Attempt, you can find valuable debugging information in the json.reason column such as:
| Reason | Description |
|---|---|
invalid_phone_number | Either there was a typo in the phone number, or the user used a VOIP number. GitLab does not allow users to sign up with non-mobile phone numbers. |
invalid_code | The user entered an incorrect verification code. |
rate_limited | The user had 10 or more failed attempts, so they were rate-limited for one hour. |
related_to_banned_user | The user tried a phone number already related to a banned user. |
To view Telesign status updates logs for SMS sent to a user, query the GitLab production logs with:
json.message: "IdentityVerification::Phone" AND json.event: "Telesign transaction status update" AND json.username:<username>
Status update logs include the following fields:
| Field | Description |
|---|---|
telesign_status | Delivery status of the SMS. See the Telesign documentation for possible status codes and their descriptions. |
telesign_status_updated_on | A timestamp indicating when the SMS delivery status was last updated. |
telesign_errors | Errors that occurred during delivery. See the Telesign documentation for possible error codes and their descriptions. |
To view logs associated to the credit card stage for a user:
Query the GitLab production logs with the following KQL:
json.message: "IdentityVerification::CreditCard" AND json.username:replace_username_here
On rows where json.event is Failed Attempt, you can find valuable debugging information in the json.reason column such as:
| Reason | Description |
|---|---|
rate_limited | The user had 10 or more failed attempts, so they were rate-limited for one hour. |
related_to_banned_user | The user tried a credit card number already related to a banned user. |
To view logs associated with the credit card stage for high-risk users:
Query the GitLab production logs with the following KQL:
json.controller:"GitlabSubscriptions::SubscriptionsController" AND json.action:"payment_form" AND json.params.value:"cc_registration_validation"
<i class="fa-youtube-play" aria-hidden="true"></i> For a walkthrough and high level explanation of the code, see Identity Verification - Code walkthrough.
For end-to-end production and staging tests to function properly, GitLab allows QA users to bypass Account email Verification when:
User-Agent for the request matches the configured GITLAB_QA_USER_AGENT.The Anti-abuse team owns identity verification. You can join our channel on Slack: #g_anti-abuse.
For help with Telesign:
#gitlab-telesign-support[email protected]