Brave Ads adaptive captcha support

[emerick]

Resolves brave/brave-browser#15600

Submitter Checklist:

• I confirm that no security/privacy review is needed, or that I have requested one
• There is a ticket for my issue
• Used Github auto-closing keywords in the PR description above
• Wrote a good PR/commit description
• Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
• Checked the PR locally: npm run test -- brave_browser_tests, npm run test -- brave_unit_tests, npm run lint, npm run gn_check, npm run tslint
• Ran git rebase master (if needed)

Reviewer Checklist:

• A security review is not needed, or a link to one is included in the PR description
• New files have MPL-2.0 license header
• Adequate test coverage exists to prevent regressions
• Major classes, functions and non-trivial code blocks are well-commented
• Changes in component dependencies are properly reflected in gn
• Code follows the style guide
• Test plan is specified in PR before merging

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on
• All relevant documentation has been updated, for instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Custom-Headers
  • https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
  • https://github.com/brave/brave-browser/wiki/QA-Guide
  • https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

Setup

When testing on the staging server, run Brave with the following flags (plus whatever else you may need for testing):

brave.exe --brave-ads-staging --rewards=staging=true

You'll need to schedule a captcha for a particular payment ID. To do that, you can issue the following command from your command line, where {paymentId} represents the payment ID (wallet ID) as identified in brave://rewards-internals:

curl -XPUT -H "Authorization: Bearer {authToken}" -H "Content-Type: application/json" https://reputation.rewards.bravesoftware.com/v3/captcha/challenge/{paymentId}?type={0|1}

Please ping me via DM for the {authToken} required above.

The type parameter allows you to specify the type of captcha to schedule. This may be either 0 or 1 (the default is 0 if this parameter is omitted).

Note: Any time that you successfully solve a captcha for this payment ID, you'll need to schedule a new one using this command.

Solving the captcha

• Clean profile
• Enable Rewards
• Schedule a captcha for your payment ID (see Setup section above)
• Wait for Ads unblinded tokens to refill
• When captcha notification appears, click Solve to open the Rewards panel and show the captcha
• Solve the captcha
• Ensure that captcha goes away
• Ensure that tokens refill as expected during the next Ads cycle

Snoozing the captcha

• Clean profile
• Enable Rewards
• Schedule a captcha for your payment ID (see Setup section above)
• Wait for Ads unblinded tokens to refill
• When captcha notification appears, click Later to snooze the captcha (this option is only allowed once per captcha)
• Open the Rewards panel to confirm there is no captcha shown
• Ensure that no ads are shown from this point forward until you successfully solve the captcha below
• Ensure that the next time Ads tries to refill tokens, the captcha notification displays without the "Later" option
• Solve the captcha
• Ensure that captcha goes away
• Ensure that tokens refill as expected during the next Ads cycle

[bridiver]

You're including the file as a header for itself

[emerick]

Oops, removed.

[bridiver]

this file does not need a dep on brave_adaptive_captcha

[emerick]

Removed.

[bridiver]

these visibility lists exist to prevent people from doing this. This config is accessed as a public config on headers

[bridiver]

we probably want to split these defines out into a separate config that is allowed from //brave/vendor/bat-native-ads:ads

[bridiver]

they really shouldn't be in a public config anyway because GEMINI_OAUTH_STAGING_URL and BITFLYER_STAGING_URL aren't used outside of bat-native-ledger. The strictly internal ones above should go in the internal config and the new ones should go in a new config that has the :* and //brave/vendor/bat-native-ads:ads

[emerick]

OK, I think I got misled a bit by the name external_config. Moved these into endpoints_config.

[bridiver]

see above

[bridiver]

why is this needed in more places now? It can still be a public config

[emerick]

Made it a public config.

[emerick]

All CI passed (Windows had an unrelated test failure).