Skip to content

LG-14216: Assign reCAPTCHA A/B test bucket for missing user #11210

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
aduth merged 1 commit into from
Sep 6, 2024
Merged

LG-14216: Assign reCAPTCHA A/B test bucket for missing user #11210

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion config/initializers/ab_tests.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,8 +75,10 @@ def self.all
) do |user:, user_session:, **|
if user_session&.[](:captcha_validation_performed_at_sign_in) == false
nil
elsif user
user.uuid
else
user&.uuid
SecureRandom.gen_random(1)
Copy link
Copy Markdown
Contributor Author

@aduth aduth Sep 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thought process with the selection of method here:

  1. We do want this to be resilient against timing attacks (SecureRandom)
  2. We don't care much about the actual value. SecureRandom.hex does a lot more work than we need

Benchmarks, since I was curious:

require 'benchmark/ips'
require 'securerandom'

Benchmark.ips do |x|
  x.report('gen_random') do
    SecureRandom.gen_random(1)
  end

  x.report('hex') do
    SecureRandom.hex
  end

  x.compare!
end
ruby 3.1.4p223 (2023-03-30 revision 957bb7cb81) [arm64-darwin21]
Warming up --------------------------------------
          gen_random   486.807k i/100ms
                 hex   169.039k i/100ms
Calculating -------------------------------------
          gen_random      4.867M (± 0.9%) i/s -     24.340M in   5.001117s
                 hex      1.679M (± 1.9%) i/s -      8.452M in   5.035533s

Comparison:
          gen_random:  4867370.6 i/s
                 hex:  1679161.7 i/s - 2.90x  slower

Copy link
Copy Markdown
Contributor

@zachmargolis zachmargolis Sep 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is not exactly a fair test, they'll pulling different numbers of bytes from random? we can close the gap a bit by using SecureRandom.hex(1)

irb(local):005:0> require 'benchmark/ips'
irb(local):006:0> require 'securerandom'
irb(local):007:0> 
irb(local):008:1* Benchmark.ips do |x|
irb(local):009:2*   x.report('gen_random') do
irb(local):010:2*     SecureRandom.gen_random(1)
irb(local):011:1*   end
irb(local):012:1* 
irb(local):013:2*   x.report('hex') do
irb(local):014:2*     SecureRandom.hex(1)
irb(local):015:1*   end
irb(local):016:1* 
irb(local):017:1*   x.compare!
irb(local):018:0> end
irb(local):019:0> 
Warming up --------------------------------------
          gen_random   692.696k i/100ms
                 hex   415.078k i/100ms
Calculating -------------------------------------
          gen_random      6.852M (± 1.7%) i/s -     34.635M in   5.055886s
                 hex      4.109M (± 3.7%) i/s -     20.754M in   5.059781s

Comparison:
          gen_random:  6852411.5 i/s
                 hex:  4109274.2 i/s - 1.67x  slower

Copy link
Copy Markdown
Contributor Author

@aduth aduth Sep 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's fair. I think I opted to use it without arguments since the expected pushback I expected for going for something like gen_random(1) is that it's very common and "simple" for us to use SecureRandom.hex (unparameterized) elsewhere in code.

end
end.freeze
end
4 changes: 2 additions & 2 deletions spec/config/initializers/ab_tests_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -197,8 +197,8 @@
context 'with no associated user' do
let(:user) { nil }

it 'does not return a bucket' do
expect(bucket).to be_nil
it 'returns a bucket' do
expect(bucket).not_to be_nil
end
end

Expand Down