gitpod icon indicating copy to clipboard operation
gitpod copied to clipboard

Published 20 hours ago verified publisher icon gitpod-io

Add phone verification

Open svenefftinge opened this issue 3 years ago • 4 comments

Description

Adds phone number verification to make abusing Gitpod harder

Related Issue(s)

Fixes #11339

How to test

Release Notes

Documentation

Werft options:

  • [x] /werft with-preview

svenefftinge avatar Jul 13 '22 12:07 svenefftinge

@svenefftinge: Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

roboquat avatar Jul 13 '22 12:07 roboquat

started the job as gitpod-build-sefftinge-add-phone-verification-11339.1 because the annotations in the pull request description changed (with .werft/ from main)

werft-gitpod-dev-com[bot] avatar Jul 13 '22 12:07 werft-gitpod-dev-com[bot]

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Jul 30 '22 17:07 stale[bot]

️✅ There are no secrets present in this pull request anymore.

If these secrets were true positive and are still valid, we highly recommend you to revoke them. Once a secret has been leaked into a git repository, you should consider it compromised, even if it was deleted immediately. Find here more information about risks.

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

Our GitHub checks need improvements? Share your feedbacks!

gitguardian[bot] avatar Aug 09 '22 08:08 gitguardian[bot]

I'm assuming this is only "turned on" in SaaS?

lucasvaltl avatar Aug 20 '22 14:08 lucasvaltl

/hold Due to this comment.

@svenefftinge While (un-)commenting this part of the code is not harmful we (WebApp) decided after a recent incident that we hide all "dev commits" behind Feature Flags: either the whole feature, or the "dev" part.

geropl avatar Aug 22 '22 06:08 geropl

Starting to review now.

geropl avatar Aug 22 '22 06:08 geropl

Thanks for the hold. FWIW the logic for "trusted" if going to get a bit more complex as we don't want to ask every new user. I'll try to judge trustworthiness also based on age of GitHub/GitLab account. The rest is ready for review.

svenefftinge avatar Aug 22 '22 06:08 svenefftinge

/werft run

:+1: started the job as gitpod-build-sefftinge-add-phone-verification-11339.14 (with .werft/ from main)

svenefftinge avatar Aug 22 '22 06:08 svenefftinge

FWIW the logic for "trusted" if going to get a bit more complex as we don't want to ask every new user.

Jep! I guess that's also something we need/want to fine-tune as we go.

geropl avatar Aug 22 '22 06:08 geropl

I'm spinning up a preview env and will update the env var on the server deployment, so trillio works.

svenefftinge avatar Aug 22 '22 06:08 svenefftinge

I have updated the server deployment, but noticed that there are still styling issues with the phone input. Strangely they are not there when running in dev mode 🙄

svenefftinge avatar Aug 22 '22 06:08 svenefftinge

I have updated the server deployment, but noticed that there are still styling issues with the phone input.

Reminds me of last week, where a werft job "missed" to pick-up the "with-preview" config: build was green, but was still looking at old code.

Update: last job worked, though.

geropl avatar Aug 22 '22 07:08 geropl