fix(glean): Add missing 2FA Glean events

Because:

* We want full metrics coverage for the 2FA flows before rolling out recovery phone

This commit:

* Add missing 2FA setup custom events, automated click events, and reason codes (ensure events have reason codes for setup from settings, inline or to replace codes)

Closes #FXA-11087

Author: vpomerleau

packages/fxa-auth-server/lib/metrics/glean/index.ts

@@ -301,6 +301,9 @@ export function gleanMetrics(config: ConfigType) {
     },
     twoFactorAuth: {
       codeComplete: createEventFn('two_factor_auth_code_complete'),
+      replaceCodeComplete: createEventFn(
+        'two_factor_auth_replace_code_complete'
+      ),
     },
     twoStepAuthPhoneCode: {
       sent: createEventFn('two_step_auth_phone_code_sent'),

packages/fxa-auth-server/lib/metrics/glean/server_events.ts

@@ -4066,6 +4066,88 @@ class EventsServerEventLogger {
       event,
     });
   }
+  /**
+   * Record and submit a two_factor_auth_replace_code_complete event:
+   * Event that indicates the user successfully replaced their two-step authentication codes
+   * Event is logged using internal mozlog logger.
+   *
+   * @param {string} user_agent - The user agent.
+   * @param {string} ip_address - The IP address. Will be used to decode Geo
+   *                              information and scrubbed at ingestion.
+   * @param {string} account_user_id - The firefox/mozilla account id.
+   * @param {string} account_user_id_sha256 - A hex string of a sha256 hash of the account's uid.
+   * @param {string} relying_party_oauth_client_id - The client id of the relying party.
+   * @param {string} relying_party_service - The service name of the relying party.
+   * @param {string} session_device_type - one of 'mobile', 'tablet', or ''.
+   * @param {string} session_entrypoint - Entrypoint to the service.
+   * @param {string} session_entrypoint_experiment - Identifier for the experiment the user is part of at the entrypoint.
+   * @param {string} session_entrypoint_variation - Identifier for the experiment variation the user is part of at the entrypoint.
+   * @param {string} session_flow_id - an ID generated by FxA for its flow metrics.
+   * @param {string} utm_campaign - A marketing campaign.  For example, if a user signs into FxA from selecting a Mozilla VPN plan on Mozilla VPN's product site, then the value of this metric could be 'vpn-product-page'.  The value has a max length of 128 characters with the alphanumeric characters, _ (underscore), forward slash (/), . (period), % (percentage sign), and - (hyphen) in the allowed set of characters.  The special value of 'page+referral+-+not+part+of+a+campaign' is also allowed..
+   * @param {string} utm_content - The content on which the user acted.  For example, if the user clicked on the (previously available) "Get started here" link in "Looking for Firefox Sync? Get started here", then the value for this metric would be 'fx-sync-get-started'. The value has a max length of 128 characters with the alphanumeric characters, _ (underscore), forward slash (/), . (period), % (percentage sign), and - (hyphen) in the allowed set of characters..
+   * @param {string} utm_medium - The "medium" on which the user acted.  For example, if the user clicked on a link in an email, then the value of this metric would be 'email'.  The value has a max length of 128 characters with the alphanumeric characters, _ (underscore), forward slash (/), . (period), % (percentage sign), and - (hyphen) in the allowed set of characters..
+   * @param {string} utm_source - The source from where the user started.  For example, if the user clicked on a link on the Mozilla accounts web site, this value could be 'fx-website'.  The value has a max length of 128 characters with the alphanumeric characters, _ (underscore), forward slash (/), . (period), % (percentage sign), and - (hyphen) in the allowed set of characters..
+   * @param {string} utm_term - This metric is similar to the `utm.source`; it is used in the Firefox browser.  For example, if the user started from about:welcome, then the value could be 'aboutwelcome-default-screen'.  The value has a max length of 128 characters with the alphanumeric characters, _ (underscore), forward slash (/), . (period), % (percentage sign), and - (hyphen) in the allowed set of characters..
+   */
+  recordTwoFactorAuthReplaceCodeComplete({
+    user_agent,
+    ip_address,
+    account_user_id,
+    account_user_id_sha256,
+    relying_party_oauth_client_id,
+    relying_party_service,
+    session_device_type,
+    session_entrypoint,
+    session_entrypoint_experiment,
+    session_entrypoint_variation,
+    session_flow_id,
+    utm_campaign,
+    utm_content,
+    utm_medium,
+    utm_source,
+    utm_term,
+  }: {
+    user_agent: string;
+    ip_address: string;
+    account_user_id: string;
+    account_user_id_sha256: string;
+    relying_party_oauth_client_id: string;
+    relying_party_service: string;
+    session_device_type: string;
+    session_entrypoint: string;
+    session_entrypoint_experiment: string;
+    session_entrypoint_variation: string;
+    session_flow_id: string;
+    utm_campaign: string;
+    utm_content: string;
+    utm_medium: string;
+    utm_source: string;
+    utm_term: string;
+  }) {
+    const event = {
+      category: 'two_factor_auth',
+      name: 'replace_code_complete',
+    };
+    this.#record({
+      user_agent,
+      ip_address,
+      account_user_id,
+      account_user_id_sha256,
+      relying_party_oauth_client_id,
+      relying_party_service,
+      session_device_type,
+      session_entrypoint,
+      session_entrypoint_experiment,
+      session_entrypoint_variation,
+      session_flow_id,
+      utm_campaign,
+      utm_content,
+      utm_medium,
+      utm_source,
+      utm_term,
+      event,
+    });
+  }
   /**
    * Record and submit a two_step_auth_phone_code_complete event:
    * User successfully entered and submitted an authentication code

packages/fxa-auth-server/lib/routes/recovery-codes.js

@@ -104,6 +104,7 @@ module.exports = (log, db, config, customs, mailer, glean) => {
 
         const { recoveryCodes } = request.payload;
         await db.updateRecoveryCodes(uid, recoveryCodes);
+        glean.twoFactorAuth.replaceCodeComplete(request, { uid });
 
         const account = await db.account(uid);
         const { acceptLanguage, clientAddress: geo, ua } = request.app;

packages/fxa-auth-server/lib/routes/totp.js

@@ -269,7 +269,7 @@ module.exports = (
         }
 
         // Record that the 2fa was successfully removed
-        glean.twoStepAuthRemove.success();
+        glean.twoStepAuthRemove.success(request, { uid });
 
         return {};
       },

packages/fxa-auth-server/test/local/metrics/glean.ts

@@ -42,6 +42,7 @@ const recordAccountDeleteCompleteStub = sinon.stub();
 const recordPasswordResetEmailConfirmationSentStub = sinon.stub();
 const recordPasswordResetEmailConfirmationSuccessStub = sinon.stub();
 const recordTwoFactorAuthCodeCompleteStub = sinon.stub();
+const recordTwoFactorAuthReplaceCodeCompleteStub = sinon.stub();
 const recordTwoStepAuthPhoneCodeSentStub = sinon.stub();
 const recordTwoStepAuthPhoneCodeSendErrorStub = sinon.stub();
 const recordTwoStepAuthPhoneCodeCompleteStub = sinon.stub();
@@ -107,6 +108,8 @@ const gleanProxy = proxyquire('../../../lib/metrics/glean', {
       recordPasswordResetEmailConfirmationSuccess:
         recordPasswordResetEmailConfirmationSuccessStub,
       recordTwoFactorAuthCodeComplete: recordTwoFactorAuthCodeCompleteStub,
+      recordTwoFactorAuthReplaceCodeComplete:
+        recordTwoFactorAuthReplaceCodeCompleteStub,
       recordTwoStepAuthPhoneCodeSent: recordTwoStepAuthPhoneCodeSentStub,
       recordTwoStepAuthPhoneCodeSendError:
         recordTwoStepAuthPhoneCodeSendErrorStub,
@@ -476,6 +479,14 @@ describe('Glean server side events', () => {
       assert.equal(metrics['event_name'], 'account_delete_complete');
       sinon.assert.calledOnce(recordAccountDeleteCompleteStub);
     });
+  });
+
+  describe('two factor auth', () => {
+    let glean: GleanMetricsType;
+
+    beforeEach(() => {
+      glean = gleanMetrics(config);
+    });
 
     it('logs a "two_factor_auth_code_complete" event', async () => {
       await glean.twoFactorAuth.codeComplete(request);
@@ -484,6 +495,17 @@ describe('Glean server side events', () => {
       assert.equal(metrics['event_name'], 'two_factor_auth_code_complete');
       sinon.assert.calledOnce(recordTwoFactorAuthCodeCompleteStub);
     });
+
+    it('logs a "two_factor_auth_replace_code_complete" event', async () => {
+      await glean.twoFactorAuth.replaceCodeComplete(request);
+      sinon.assert.calledOnce(recordStub);
+      const metrics = recordStub.args[0][0];
+      assert.equal(
+        metrics['event_name'],
+        'two_factor_auth_replace_code_complete'
+      );
+      sinon.assert.calledOnce(recordTwoFactorAuthReplaceCodeCompleteStub);
+    });
   });
 
   describe('registration', () => {

packages/fxa-auth-server/test/local/routes/totp.js

@@ -135,7 +135,6 @@ describe('totp', () => {
           1,
           'called delete TOTP token'
         );
-
         assert.equal(
           profile.deleteCache.callCount,
           1,

packages/fxa-content-server/app/scripts/lib/glean/accountBanner.js

@@ -21,3 +21,20 @@ export const createRecoveryKeyView = new EventMetricType(
   },
   []
 );
+
+/**
+ * User sees the reactivation banner after receiving the inactive
+ * account email and clicking the provided link inside it.
+ *
+ * Generated from `account_banner.reactivation_success_view`.
+ */
+export const reactivationSuccessView = new EventMetricType(
+  {
+    category: 'account_banner',
+    name: 'reactivation_success_view',
+    sendInPings: ['events'],
+    lifetime: 'ping',
+    disabled: false,
+  },
+  []
+);

packages/fxa-content-server/app/scripts/lib/glean/accountPref.js

@@ -363,9 +363,59 @@ export const twoStepAuthCodesView = new EventMetricType(
     lifetime: 'ping',
     disabled: false,
   },
+  ['reason']
+);
+
+/**
+ * User viewed the modal to disable two-step authentication on their account.
+ *
+ * Generated from `account_pref.two_step_auth_disable_modal_view`.
+ */
+export const twoStepAuthDisableModalView = new EventMetricType(
+  {
+    category: 'account_pref',
+    name: 'two_step_auth_disable_modal_view',
+    sendInPings: ['events'],
+    lifetime: 'ping',
+    disabled: false,
+  },
+  []
+);
+
+/**
+ * User viewed the banner to confirm that two-step authentication has been
+ * disabled on their account.
+ *
+ * Generated from `account_pref.two_step_auth_disable_success_view`.
+ */
+export const twoStepAuthDisableSuccessView = new EventMetricType(
+  {
+    category: 'account_pref',
+    name: 'two_step_auth_disable_success_view',
+    sendInPings: ['events'],
+    lifetime: 'ping',
+    disabled: false,
+  },
   []
 );
 
+/**
+ * User viewed the banner to confirm that their authentication code was
+ * successfully entered, either during setup or to get new codes.
+ *
+ * Generated from `account_pref.two_step_auth_enter_code_success_view`.
+ */
+export const twoStepAuthEnterCodeSuccessView = new EventMetricType(
+  {
+    category: 'account_pref',
+    name: 'two_step_auth_enter_code_success_view',
+    sendInPings: ['events'],
+    lifetime: 'ping',
+    disabled: false,
+  },
+  ['reason']
+);
+
 /**
  * User viewed form to enter one of their authentication codes (step 3).
  *
@@ -379,6 +429,57 @@ export const twoStepAuthEnterCodeView = new EventMetricType(
     lifetime: 'ping',
     disabled: false,
   },
+  ['reason']
+);
+
+/**
+ * User started the 2FA setup process by viewing step 1 of the funnel with manual
+ * key entry in their authenticator app.
+ *
+ * Generated from `account_pref.two_step_auth_manual_code_view`.
+ */
+export const twoStepAuthManualCodeView = new EventMetricType(
+  {
+    category: 'account_pref',
+    name: 'two_step_auth_manual_code_view',
+    sendInPings: ['events'],
+    lifetime: 'ping',
+    disabled: false,
+  },
+  ['reason']
+);
+
+/**
+ * User viewed the banner to confirm the removal of their phone number from the
+ * account.
+ *
+ * Generated from `account_pref.two_step_auth_phone_remove_success_view`.
+ */
+export const twoStepAuthPhoneRemoveSuccessView = new EventMetricType(
+  {
+    category: 'account_pref',
+    name: 'two_step_auth_phone_remove_success_view',
+    sendInPings: ['events'],
+    lifetime: 'ping',
+    disabled: false,
+  },
+  []
+);
+
+/**
+ * User viewed the phone verification page (step 2) of the flow to add a recovery
+ * phone from settings.
+ *
+ * Generated from `account_pref.two_step_auth_phone_verify_view`.
+ */
+export const twoStepAuthPhoneVerifyView = new EventMetricType(
+  {
+    category: 'account_pref',
+    name: 'two_step_auth_phone_verify_view',
+    sendInPings: ['events'],
+    lifetime: 'ping',
+    disabled: false,
+  },
   []
 );
 
@@ -412,7 +513,7 @@ export const twoStepAuthQrView = new EventMetricType(
     lifetime: 'ping',
     disabled: false,
   },
-  []
+  ['reason']
 );
 
 /**

packages/fxa-content-server/app/scripts/lib/glean/cad.js

@@ -7,7 +7,8 @@
 import EventMetricType from '@mozilla/glean/private/metrics/event';
 
 /**
- * User clicks "Start browsing" on "Connect another device page"
+ * User clicks "Manage your account" on "Connect another device page". This CTA
+ * used to be "Start browsing".
  *
  * Generated from `cad.startbrowsing_submit`.
  */

packages/fxa-content-server/app/scripts/lib/glean/error.js

@@ -0,0 +1,23 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// AUTOGENERATED BY glean_parser v14.5.2. DO NOT EDIT. DO NOT COMMIT.
+
+import EventMetricType from '@mozilla/glean/private/metrics/event';
+
+/**
+ * User viewed the "General Application" error page
+ *
+ * Generated from `error.view`.
+ */
+export const view = new EventMetricType(
+  {
+    category: 'error',
+    name: 'view',
+    sendInPings: ['events'],
+    lifetime: 'ping',
+    disabled: false,
+  },
+  ['reason']
+);