Use CaptchaMetrics to measure captcha scores for sending messages and verification

jon-signal · jon-signal · commit efc39573e434 · 2026-04-15T16:40:06.000-04:00
diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/captcha/AssessmentResult.java b/service/src/main/java/org/whispersystems/textsecuregcm/captcha/AssessmentResult.java
@@ -93,6 +93,9 @@ public float getScore() {
     return this.actualScore;
   }
 
+  public int getNormalizedIntScore() {
+    return normalizedIntScore(this.actualScore);
+  }
 
   /**
    * Map a captcha score in [0.0, 1.0] to a low cardinality discrete space in [0, 100] suitable for use in metrics
diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/VerificationController.java b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/VerificationController.java
@@ -77,6 +77,7 @@
 import org.whispersystems.textsecuregcm.filters.RemoteAddressFilter;
 import org.whispersystems.textsecuregcm.limits.RateLimiters;
 import org.whispersystems.textsecuregcm.mappers.RegistrationServiceSenderExceptionMapper;
+import org.whispersystems.textsecuregcm.metrics.CaptchaMetrics;
 import org.whispersystems.textsecuregcm.metrics.DevicePlatformUtil;
 import org.whispersystems.textsecuregcm.metrics.UserAgentTagUtil;
 import org.whispersystems.textsecuregcm.push.PushNotification;
@@ -492,6 +493,11 @@ private VerificationSession handleCaptcha(
               Tag.of(SCORE_TAG_NAME, assessmentResult.getScoreString())))
           .increment();
 
+      CaptchaMetrics.measureCaptchaOutcome(assessmentResult.getNormalizedIntScore(),
+          assessmentResult.isValid(captchaScoreThreshold),
+          Util.getRegion(registrationServiceSession.number()),
+          "verification");
+
     } catch (final IOException e) {
       logger.error("error assessing captcha during registration verification", e);
       throw new ServerErrorException(Response.Status.SERVICE_UNAVAILABLE, e);
diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/limits/RateLimitChallengeManager.java b/service/src/main/java/org/whispersystems/textsecuregcm/limits/RateLimitChallengeManager.java
@@ -14,8 +14,10 @@
 import java.util.List;
 import java.util.Optional;
 import org.whispersystems.textsecuregcm.captcha.Action;
+import org.whispersystems.textsecuregcm.captcha.AssessmentResult;
 import org.whispersystems.textsecuregcm.captcha.CaptchaChecker;
 import org.whispersystems.textsecuregcm.controllers.RateLimitExceededException;
+import org.whispersystems.textsecuregcm.metrics.CaptchaMetrics;
 import org.whispersystems.textsecuregcm.metrics.UserAgentTagUtil;
 import org.whispersystems.textsecuregcm.push.NotPushRegisteredException;
 import org.whispersystems.textsecuregcm.spam.ChallengeType;
@@ -61,13 +63,18 @@ public void answerPushChallenge(final Account account, final String challenge) t
     }
   }
 
-  public boolean answerCaptchaChallenge(final Account account, final String captcha, final String mostRecentProxyIp,
-      final String userAgent, final Optional<Float> scoreThreshold)
-      throws RateLimitExceededException, IOException {
+  public boolean answerCaptchaChallenge(final Account account,
+      final String captcha,
+      final String mostRecentProxyIp,
+      final String userAgent,
+      final Optional<Float> scoreThreshold) throws RateLimitExceededException, IOException {
 
     rateLimiters.getCaptchaChallengeAttemptLimiter().validate(account.getUuid());
 
-    final boolean challengeSuccess = captchaChecker.verify(Optional.of(account.getUuid()), Action.CHALLENGE, captcha, mostRecentProxyIp, userAgent).isValid(scoreThreshold);
+    final AssessmentResult assessmentResult =
+        captchaChecker.verify(Optional.of(account.getUuid()), Action.CHALLENGE, captcha, mostRecentProxyIp, userAgent);
+
+    final boolean challengeSuccess = assessmentResult.isValid(scoreThreshold);
 
     final Tags tags = Tags.of(
         Tag.of(SOURCE_COUNTRY_TAG_NAME, Util.getCountryCode(account.getNumber())),
@@ -77,6 +84,13 @@ public boolean answerCaptchaChallenge(final Account account, final String captch
 
     Metrics.counter(CAPTCHA_ATTEMPT_COUNTER_NAME, tags).increment();
 
+    CaptchaMetrics.measureCaptchaOutcome(assessmentResult.getNormalizedIntScore(),
+        challengeSuccess,
+        Util.getRegion(account.getNumber()),
+        // Note: currently all challenges are for message-sending, but if we add more use cases, we'll need to make the
+        // accept a context from callers rather than hard-coding it here
+        "sendMessage");
+
     if (challengeSuccess) {
       rateLimiters.getCaptchaChallengeSuccessLimiter().validate(account.getUuid());
       resetRateLimits(account, ChallengeType.CAPTCHA);

Original file line number	Diff line number	Diff line change
`@@ -93,6 +93,9 @@ public float getScore() {`
`93`	`93`	`return this.actualScore;`
`94`	`94`	`}`
`95`	`95`
	`96`	`+ public int getNormalizedIntScore() {`
	`97`	`+ return normalizedIntScore(this.actualScore);`
	`98`	`+ }`
`96`	`99`
`97`	`100`	`/**`
`98`	`101`	`* Map a captcha score in [0.0, 1.0] to a low cardinality discrete space in [0, 100] suitable for use in metrics`