npm - @prosopo/provider - Versions diffs - 3.3.0 → 3.12.14 - Mend

@prosopo/provider 3.3.0 → 3.12.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (377) hide show

package/dist/cjs/tasks/detection/getBotScore.cjs CHANGED Viewed

@@ -1,13 +1,37 @@
 "use strict";
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 const decodePayload = require("./decodePayload.cjs");
-const getBotScore = async (payload, privateKeyString) => {
-  const result = await decodePayload(payload, privateKeyString);
+const DEFAULT_ENTROPY = 13837;
+const getBotScore = async (payload, headHash, privateKeyString) => {
+  const result = await decodePayload(
+    payload,
+    headHash,
+    privateKeyString
+  );
   const baseBotScore = result.score;
   const timestamp = result.timestamp;
+  const providerSelectEntropy = result.providerSelectEntropy;
+  const userId = result.userId;
+  const userAgent = result.userAgent;
+  const isWebView = result.isWebView ?? false;
+  const isIframe = result.isIframe ?? false;
+  const decryptedHeadHash = result.decryptedHeadHash;
   if (baseBotScore === void 0) {
-    return { baseBotScore: 1, timestamp: 0 };
+    return {
+      baseBotScore: 1,
+      timestamp: 0,
+      providerSelectEntropy: DEFAULT_ENTROPY
+    };
   }
-  return { baseBotScore, timestamp };
+  return {
+    baseBotScore,
+    timestamp,
+    providerSelectEntropy,
+    userId,
+    userAgent,
+    isWebView,
+    isIframe,
+    decryptedHeadHash
+  };
 };
 exports.getBotScore = getBotScore;

package/dist/cjs/tasks/frictionless/frictionlessTasks.cjs CHANGED Viewed

@@ -1,93 +1,223 @@
 "use strict";
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const loadBalancer = require("@prosopo/load-balancer");
 const types = require("@prosopo/types");
 const uuid = require("uuid");
 const lang = require("../../rules/lang.cjs");
 const captchaManager = require("../captchaManager.cjs");
 const getBotScore = require("../detection/getBotScore.cjs");
+const getDefaultEntropy = () => {
+  if (process.env.PROSOPO_ENTROPY) {
+    const parsed = Number.parseInt(process.env.PROSOPO_ENTROPY);
+    if (!Number.isNaN(parsed)) {
+      return parsed;
+    }
+  }
+  return 13337;
+};
 const DEFAULT_MAX_TIMESTAMP_AGE = 60 * 10 * 1e3;
+const DEFAULT_ENTROPY = getDefaultEntropy();
 class FrictionlessManager extends captchaManager.CaptchaManager {
   constructor(db, pair, config, logger) {
     super(db, pair, logger);
     this.config = config;
   }
+  setSessionParams(params) {
+    this.sessionParams = {
+      token: params.token,
+      score: params.score,
+      threshold: params.threshold,
+      scoreComponents: params.scoreComponents,
+      providerSelectEntropy: params.providerSelectEntropy,
+      ipAddress: params.ipAddress,
+      webView: params.webView ?? false,
+      iFrame: params.iFrame ?? false,
+      decryptedHeadHash: params.decryptedHeadHash
+    };
+  }
+  updateScore(score, scoreComponents) {
+    if (this.sessionParams) {
+      this.sessionParams.score = score;
+      this.sessionParams.scoreComponents = scoreComponents;
+    }
+  }
   checkLangRules(acceptLanguage) {
     return lang.checkLangRules(this.config, acceptLanguage);
   }
-  async createSession(tokenId, captchaType) {
+  async createSession(token, score, threshold, scoreComponents, providerSelectEntropy, ipAddress, captchaType, solvedImagesCount, powDifficulty, webView = false, iFrame = false, decryptedHeadHash = "") {
     const sessionRecord = {
       sessionId: uuid.v4(),
       createdAt: /* @__PURE__ */ new Date(),
-      tokenId,
-      captchaType
+      token,
+      score,
+      threshold,
+      scoreComponents,
+      providerSelectEntropy,
+      ipAddress,
+      captchaType,
+      solvedImagesCount,
+      powDifficulty,
+      webView,
+      iFrame,
+      decryptedHeadHash
     };
     await this.db.storeSessionRecord(sessionRecord);
     return sessionRecord;
   }
-  async sendImageCaptcha(tokenId) {
-    const sessionRecord = await this.createSession(tokenId, types.CaptchaType.image);
+  async hostVerified(entropy) {
+    const chosen = await loadBalancer.getRandomActiveProvider(
+      this.config.defaultEnvironment,
+      entropy
+    );
+    const domain = new URL(chosen.provider.url).hostname;
+    this.logger.info(() => ({
+      data: { entropy, host: this.config.host, domain }
+    }));
+    if (domain !== this.config.host) {
+      this.logger.info(() => ({
+        msg: "Host mismatch",
+        data: { expected: this.config.host, got: domain, entropy }
+      }));
+      return { verified: false, domain };
+    }
+    return { verified: true, domain };
+  }
+  async sendImageCaptcha(params) {
+    const effectiveParams = { ...this.sessionParams, ...params };
+    if (!effectiveParams.token || effectiveParams.score === void 0 || effectiveParams.threshold === void 0 || !effectiveParams.scoreComponents || effectiveParams.providerSelectEntropy === void 0 || !effectiveParams.ipAddress) {
+      throw new Error(
+        "Session parameters must be set before calling sendImageCaptcha"
+      );
+    }
+    const sessionRecord = await this.createSession(
+      effectiveParams.token,
+      effectiveParams.score,
+      effectiveParams.threshold,
+      effectiveParams.scoreComponents,
+      effectiveParams.providerSelectEntropy,
+      effectiveParams.ipAddress,
+      types.CaptchaType.image,
+      params?.solvedImagesCount,
+      void 0,
+      effectiveParams.webView ?? false,
+      effectiveParams.iFrame ?? false,
+      effectiveParams.decryptedHeadHash
+    );
     return {
       [types.ApiParams.captchaType]: types.CaptchaType.image,
       [types.ApiParams.sessionId]: sessionRecord.sessionId,
       [types.ApiParams.status]: "ok"
     };
   }
-  async sendPowCaptcha(tokenId) {
-    const sessionRecord = await this.createSession(tokenId, types.CaptchaType.pow);
+  async sendPowCaptcha(params) {
+    const effectiveParams = { ...this.sessionParams, ...params };
+    if (!effectiveParams.token || effectiveParams.score === void 0 || effectiveParams.threshold === void 0 || !effectiveParams.scoreComponents || effectiveParams.providerSelectEntropy === void 0 || !effectiveParams.ipAddress) {
+      throw new Error(
+        "Session parameters must be set before calling sendPowCaptcha"
+      );
+    }
+    const sessionRecord = await this.createSession(
+      effectiveParams.token,
+      effectiveParams.score,
+      effectiveParams.threshold,
+      effectiveParams.scoreComponents,
+      effectiveParams.providerSelectEntropy,
+      effectiveParams.ipAddress,
+      types.CaptchaType.pow,
+      void 0,
+      params?.powDifficulty,
+      effectiveParams.webView ?? false,
+      effectiveParams.iFrame ?? false,
+      effectiveParams.decryptedHeadHash
+    );
     return {
       [types.ApiParams.captchaType]: types.CaptchaType.pow,
       [types.ApiParams.sessionId]: sessionRecord.sessionId,
       [types.ApiParams.status]: "ok"
     };
   }
-  async scoreIncreaseAccessPolicy(accessPolicy, baseBotScore, botScore, tokenId) {
+  scoreIncreaseAccessPolicy(accessPolicy, baseBotScore, botScore, scoreComponents) {
     const accessPolicyPenalty = accessPolicy?.frictionlessScore || this.config.penalties.PENALTY_ACCESS_RULE;
     botScore += accessPolicyPenalty;
-    await this.db.updateFrictionlessTokenRecord(tokenId, {
+    return {
       score: botScore,
       scoreComponents: {
-        baseScore: baseBotScore,
+        ...scoreComponents,
         accessPolicy: accessPolicyPenalty
       }
-    });
-    return botScore;
+    };
   }
-  async scoreIncreaseTimestamp(timestamp, baseBotScore, botScore, tokenId) {
+  scoreIncreaseUnverifiedHost(host, baseBotScore, botScore, scoreComponents) {
+    this.logger.info(() => ({
+      msg: "Host not verified",
+      data: { requested: this.config.host, selected: host }
+    }));
+    botScore += this.config.penalties.PENALTY_UNVERIFIED_HOST;
+    return {
+      score: botScore,
+      scoreComponents: {
+        ...scoreComponents,
+        unverifiedHost: this.config.penalties.PENALTY_UNVERIFIED_HOST
+      }
+    };
+  }
+  scoreIncreaseWebView(baseBotScore, botScore, scoreComponents) {
+    this.logger.debug(() => ({
+      msg: "WebView detected"
+    }));
+    botScore += this.config.penalties.PENALTY_WEBVIEW;
+    return {
+      score: botScore,
+      scoreComponents: {
+        ...scoreComponents,
+        webView: this.config.penalties.PENALTY_WEBVIEW
+      }
+    };
+  }
+  scoreIncreaseTimestamp(timestamp, baseBotScore, botScore, scoreComponents) {
     this.logger.info(() => ({
       msg: "Timestamp is older than 10 minutes",
       data: { timestamp: new Date(timestamp) }
     }));
     botScore += this.config.penalties.PENALTY_OLD_TIMESTAMP;
-    await this.db.updateFrictionlessTokenRecord(tokenId, {
+    return {
       score: botScore,
       scoreComponents: {
-        baseScore: baseBotScore,
+        ...scoreComponents,
         timeout: this.config.penalties.PENALTY_OLD_TIMESTAMP
       }
-    });
-    return botScore;
+    };
   }
   static timestampTooOld(timestamp) {
     const now = Date.now();
     const diff = now - timestamp;
     return diff > DEFAULT_MAX_TIMESTAMP_AGE;
   }
-  async decryptPayload(token) {
+  /**
+   * Redacts a key for logging purposes by showing only the first 5, middle 10, and last 5 characters
+   * @param key - The key to redact
+   * @returns Redacted key string or empty string if key is falsy
+   */
+  redactKeyForLogging(key) {
+    if (!key) return "";
+    const start = key.slice(0, 5);
+    const middle = key.slice(
+      Math.floor(key.length / 2) - 5,
+      Math.floor(key.length / 2) + 5
+    );
+    const end = key.slice(-5);
+    return `${start}...${middle}...${end}`;
+  }
+  async decryptPayload(token, headHash) {
     const decryptKeys = [
-      process.env.BOT_DECRYPTION_KEY,
-      ...await this.getDetectorKeys()
+      // Process DB keys first, then env var key last as env key will likely be invalid
+      ...await this.getDetectorKeys(),
+      process.env.BOT_DECRYPTION_KEY
     ].filter((k) => k);
     this.logger.debug(() => {
-      const loggedKeys = decryptKeys.map((key) => {
-        if (!key) return "";
-        const start = key.slice(0, 5);
-        const middle = key.slice(
-          Math.floor(key.length / 2) - 5,
-          Math.floor(key.length / 2) + 5
-        );
-        const end = key.slice(-5);
-        return `${start}...${middle}...${end}`;
-      });
+      const loggedKeys = decryptKeys.map(
+        (key) => this.redactKeyForLogging(key)
+      );
       return {
         msg: "Decrypting score",
         data: {
@@ -98,19 +228,49 @@ class FrictionlessManager extends captchaManager.CaptchaManager {
     });
     let baseBotScore;
     let timestamp;
+    let providerSelectEntropy;
+    let userId;
+    let userAgent;
+    let webView;
+    let iFrame;
+    let decryptedHeadHash = "";
     for (const [keyIndex, key] of decryptKeys.entries()) {
       try {
-        const { baseBotScore: s, timestamp: t } = await getBotScore.getBotScore(token, key);
         this.logger.info(() => ({
+          msg: "Attempting to decrypt score",
+          data: {
+            key: this.redactKeyForLogging(key)
+          }
+        }));
+        const decrypted = await getBotScore.getBotScore(token, headHash, key);
+        decryptedHeadHash = decrypted.decryptedHeadHash || "";
+        const s = decrypted.baseBotScore;
+        const t = decrypted.timestamp;
+        const p = decrypted.providerSelectEntropy;
+        const a = decrypted.userId;
+        const u = decrypted.userAgent;
+        const w = decrypted.isWebView;
+        const i = decrypted.isIframe;
+        this.logger.debug(() => ({
           msg: "Successfully decrypted score",
           data: {
-            key: key ? `${key.slice(0, 5)}...${key.slice(-5)}` : "",
+            key: this.redactKeyForLogging(key),
             baseBotScore: s,
-            timestamp: t
+            timestamp: t,
+            entropy: p,
+            userId: a,
+            userAgent: u,
+            webView: w,
+            iFrame: i
           }
         }));
         baseBotScore = s;
         timestamp = t;
+        providerSelectEntropy = p;
+        userId = a;
+        userAgent = u;
+        webView = w;
+        iFrame = i;
         break;
       } catch (err) {
         if (keyIndex === decryptKeys.length - 1) {
@@ -119,17 +279,48 @@ class FrictionlessManager extends captchaManager.CaptchaManager {
           }));
           baseBotScore = 1;
           timestamp = 0;
+          providerSelectEntropy = DEFAULT_ENTROPY + 1;
+          decryptedHeadHash = "";
         }
       }
     }
-    if (baseBotScore === void 0 || timestamp === void 0) {
+    const baseBotScoreUndefined = baseBotScore === void 0;
+    const timestampUndefined = timestamp === void 0;
+    const providerSelectEntropyUndefined = providerSelectEntropy === void 0;
+    const undefinedCount = Number(baseBotScoreUndefined) + Number(timestampUndefined) + Number(providerSelectEntropyUndefined);
+    if (undefinedCount > 0) {
       this.logger.error(() => ({
-        msg: "Error decrypting score: baseBotScore or timestamp is undefined"
+        msg: "Error decrypting score: baseBotScore or timestamp or providerSelectEntropy is undefined"
       }));
       baseBotScore = 1;
       timestamp = 0;
+      providerSelectEntropy = DEFAULT_ENTROPY - undefinedCount;
+      decryptedHeadHash = "";
     }
-    return { baseBotScore, timestamp };
+    this.logger.info(() => ({
+      msg: "decryptPayload result",
+      data: {
+        baseBotScore,
+        timestamp,
+        entropy: providerSelectEntropy,
+        userId,
+        userAgent,
+        webView,
+        iFrame,
+        decryptedHeadHash
+      }
+    }));
+    return {
+      baseBotScore: Number(baseBotScore),
+      timestamp: Number(timestamp),
+      providerSelectEntropy: Number(providerSelectEntropy),
+      userId,
+      userAgent,
+      webView,
+      iFrame,
+      decryptedHeadHash
+    };
   }
 }
+exports.DEFAULT_ENTROPY = DEFAULT_ENTROPY;
 exports.FrictionlessManager = FrictionlessManager;

package/dist/cjs/tasks/frictionless/frictionlessTasksUtils.cjs CHANGED Viewed

@@ -8,4 +8,21 @@ const computeFrictionlessScore = (scoreComponents) => {
     ).toFixed(2)
   );
 };
+const timestampDecayFunction = (timestamp) => {
+  const max = (/* @__PURE__ */ new Date()).getTime();
+  if (max - timestamp > 36e5) {
+    return 12;
+  }
+  const min = 1e3;
+  const age = max - timestamp;
+  const decay = Math.log10(2e3) / max;
+  const bigScore = max * (1 - (1 - Math.exp(decay * age) ** 24));
+  return Math.max(
+    2,
+    Math.round(
+      (Math.log(bigScore) - Math.log(min)) / (Math.log(max) - Math.log(min)) * 2.5
+    )
+  );
+};
 exports.computeFrictionlessScore = computeFrictionlessScore;
+exports.timestampDecayFunction = timestampDecayFunction;

package/dist/cjs/tasks/imgCaptcha/imgCaptchaTasks.cjs CHANGED Viewed

@@ -6,6 +6,8 @@ const datasets = require("@prosopo/datasets");
 const types = require("@prosopo/types");
 const util$2 = require("@prosopo/util");
 const utilCrypto = require("@prosopo/util-crypto");
+const compositeIpAddress = require("../../compositeIpAddress.cjs");
+const pairs = require("../../pairs.cjs");
 const lang = require("../../rules/lang.cjs");
 const util = require("../../util.cjs");
 const captchaManager = require("../captchaManager.cjs");
@@ -30,7 +32,7 @@ class ImgCaptchaManager extends captchaManager.CaptchaManager {
     }
     return captchaDocs;
   }
-  async getRandomCaptchasAndRequestHash(datasetId, userAccount, ipAddress, captchaConfig, threshold, frictionlessTokenId) {
+  async getRandomCaptchasAndRequestHash(datasetId, userAccount, ipAddress, captchaConfig, threshold, sessionId) {
     const dataset = await this.db.getDatasetDetails(datasetId);
     if (!dataset) {
       throw new common.ProsopoEnvError("DATABASE.DATASET_GET_FAILED", {
@@ -78,9 +80,9 @@ class ImgCaptchaManager extends captchaManager.CaptchaManager {
       salt,
       deadlineTs,
       currentTime,
-      ipAddress.bigInt(),
+      compositeIpAddress.getCompositeIpAddress(ipAddress),
       threshold,
-      frictionlessTokenId
+      sessionId
     );
     return {
       captchas,
@@ -100,7 +102,7 @@ class ImgCaptchaManager extends captchaManager.CaptchaManager {
    * @param providerRequestHashSignature
    * @param ipAddress
    * @param headers
-   * @param threshold the percentage of captchas that must be correct to return true
+   * @param ja4
    * @return {Promise<DappUserSolutionResult>} result containing the contract event
    */
   async dappUserSolution(userAccount, dappAccount, requestHash, captchas, userTimestampSignature, timestamp, providerRequestHashSignature, ipAddress, headers, ja4) {
@@ -152,6 +154,8 @@ class ImgCaptchaManager extends captchaManager.CaptchaManager {
     );
     if (pendingRequest) {
       const { storedCaptchas, receivedCaptchas, captchaIds } = await this.validateReceivedCaptchasAgainstStoredCaptchas(captchas);
+      const flat = receivedCaptchas.map((c) => util$2.extractData(c.salt));
+      const pairs$1 = flat.map((list) => pairs.constructPairList(list));
       const { tree, commitmentId } = imgCaptchaTasksUtils.buildTreeAndGetCommitmentId(receivedCaptchas);
       const datasetId = util$2.at(storedCaptchas, 0).datasetId;
       if (!datasetId) {
@@ -170,10 +174,10 @@ class ImgCaptchaManager extends captchaManager.CaptchaManager {
         userSignature: userTimestampSignature,
         userSubmitted: true,
         serverChecked: false,
-        requestedAtTimestamp: timestamp,
-        ipAddress,
+        requestedAtTimestamp: new Date(timestamp),
+        ipAddress: compositeIpAddress.getCompositeIpAddress(ipAddress),
         headers,
-        frictionlessTokenId: pendingRecord.frictionlessTokenId,
+        sessionId: pendingRecord.sessionId,
         ja4
       };
       await this.db.storeUserImageCaptchaSolution(receivedCaptchas, commit);
@@ -191,6 +195,21 @@ class ImgCaptchaManager extends captchaManager.CaptchaManager {
         })
       );
       const totalImages = storedCaptchas[0]?.items.length || 0;
+      if (pairs.containsIdenticalPairs(pairs$1)) {
+        await this.db.disapproveDappUserCommitment(
+          commitmentId,
+          "CAPTCHA.INVALID_SOLUTION",
+          pairs$1
+        );
+        response = {
+          captchas: captchaIds.map((id) => ({
+            captchaId: id,
+            proof: [[]]
+          })),
+          verified: false
+        };
+        return response;
+      }
       if (datasets.compareCaptchaSolutions(
         receivedCaptchas,
         solutionRecords,
@@ -204,11 +223,12 @@ class ImgCaptchaManager extends captchaManager.CaptchaManager {
           })),
           verified: true
         };
-        await this.db.approveDappUserCommitment(commitmentId);
+        await this.db.approveDappUserCommitment(commitmentId, pairs$1);
       } else {
         await this.db.disapproveDappUserCommitment(
           commitmentId,
-          "CAPTCHA.INVALID_SOLUTION"
+          "CAPTCHA.INVALID_SOLUTION",
+          pairs$1
         );
         response = {
           captchas: captchaIds.map((id) => ({
@@ -314,7 +334,7 @@ class ImgCaptchaManager extends captchaManager.CaptchaManager {
     }
     return void 0;
   }
-  async verifyImageCaptchaSolution(user, dapp, commitmentId, maxVerifiedTime, ip) {
+  async verifyImageCaptchaSolution(user, dapp, commitmentId, env, maxVerifiedTime, ip, disallowWebView) {
     const solution = await (commitmentId ? this.getDappUserCommitmentById(commitmentId) : this.getDappUserCommitmentByAccount(user, dapp));
     if (!solution) {
       this.logger.debug(() => ({
@@ -322,10 +342,6 @@ class ImgCaptchaManager extends captchaManager.CaptchaManager {
       }));
       return { status: "API.USER_NOT_VERIFIED_NO_SOLUTION", verified: false };
     }
-    const ipValidation = util.validateIpAddress(ip, solution.ipAddress, this.logger);
-    if (!ipValidation.isValid) {
-      return { status: "API.USER_NOT_VERIFIED", verified: false };
-    }
     if (solution.serverChecked) {
       return { status: "API.USER_ALREADY_VERIFIED", verified: false };
     }
@@ -334,33 +350,65 @@ class ImgCaptchaManager extends captchaManager.CaptchaManager {
       return { status: "API.USER_NOT_VERIFIED", verified: false };
     }
     maxVerifiedTime = maxVerifiedTime || 60 * 1e3;
-    if (maxVerifiedTime) {
-      const currentTime = Date.now();
-      const timeSinceCompletion = currentTime - solution.requestedAtTimestamp;
-      if (timeSinceCompletion > maxVerifiedTime) {
-        this.logger.debug(() => ({
-          msg: "Not verified - timed out"
+    const currentTime = Date.now();
+    const timeSinceCompletion = currentTime - solution.requestedAtTimestamp.getTime();
+    if (timeSinceCompletion > maxVerifiedTime) {
+      this.logger.debug(() => ({
+        msg: "Not verified - timed out"
+      }));
+      return {
+        status: "API.USER_NOT_VERIFIED_TIME_EXPIRED",
+        verified: false
+      };
+    }
+    if (ip) {
+      const solutionIpAddress = compositeIpAddress.getIpAddressFromComposite(solution.ipAddress);
+      const clientRecord = await this.db.getClientRecord(dapp);
+      const ipValidationRules = clientRecord?.settings?.ipValidationRules;
+      await this.db.updateDappUserCommitment(solution.id, {
+        providedIp: compositeIpAddress.getCompositeIpAddress(ip)
+      });
+      const ipValidation = await util.deepValidateIpAddress(
+        ip,
+        solutionIpAddress,
+        this.logger,
+        env.config.ipApi.apiKey,
+        env.config.ipApi.baseUrl,
+        ipValidationRules
+      );
+      if (!ipValidation.isValid) {
+        this.logger.error(() => ({
+          msg: "IP validation failed for image captcha",
+          data: {
+            ip,
+            solutionIp: solutionIpAddress.address,
+            error: ipValidation.errorMessage,
+            distanceKm: ipValidation.distanceKm
+          }
         }));
-        return {
-          status: "API.USER_NOT_VERIFIED_TIME_EXPIRED",
-          verified: false
-        };
+        return { status: "API.USER_NOT_VERIFIED", verified: false };
       }
     }
     const isApproved = solution.result.status === types.CaptchaStatus.approved;
     let score;
-    if (solution.frictionlessTokenId) {
-      const tokenRecord = await this.db.getFrictionlessTokenRecordByTokenId(
-        solution.frictionlessTokenId
+    if (solution.sessionId) {
+      const sessionRecord = await this.db.getSessionRecordBySessionId(
+        solution.sessionId
       );
-      if (tokenRecord) {
-        score = frictionlessTasksUtils.computeFrictionlessScore(tokenRecord?.scoreComponents);
+      if (sessionRecord) {
+        score = frictionlessTasksUtils.computeFrictionlessScore(sessionRecord?.scoreComponents);
         this.logger.info(() => ({
           data: {
-            tscoreComponents: tokenRecord?.scoreComponents,
+            scoreComponents: sessionRecord?.scoreComponents,
             score
           }
         }));
+        if (disallowWebView === true && (sessionRecord.scoreComponents.webView || 0) > 0) {
+          this.logger.info(() => ({
+            msg: "Disallowing webview access - user not verified"
+          }));
+          return { status: "API.USER_NOT_VERIFIED", verified: false };
+        }
       }
     }
     return {