Implement tracking for 2FA recovery code buttons
What does this MR do?
In !49078 (merged) the 2FA recovery codes flow was improved by adding copy, download, and print buttons. One of these buttons needs to be clicked before the "Proceed" button becomes active. This will hopefully encourage users to save their 2FA recovery codes.
To complete the last bullet in #267730 (closed) this MR adds Snowplow tracking for all of the buttons.
Screenshots (strongly suggested)
Copy button
Download button
Print button
Proceed button
Manually copy with keyboard shortcut
Local testing
- Enable
vue_2fa_recovery_codes
feature flagbin/rails console
Feature.enable(:vue_2fa_recovery_codes)
- Install Snowplow analytics debugger extension
- Navigate to
/-/profile/account
- Click "Enable two-factor authentication"
- Open up 1Password
- Click + icon and then "Login"
- Create a new "One-Time Password" section
- Click the QR icon left of the dropdown that was just used
- Drag the QR window over the QR code
- Paste the OTP in the "Pin code" field and click "Register with two-factor app"
- Open up dev tools and click "Snowplow Analytics Debugger" tab
- Click any of the buttons, the tracking event should show in the dev tools
Lock yourself out of GDK by accident?
No need to panic, I did this a bunch of times
bin/rails console
-
user = User.find(1)
(or whatever ID your user is, default admin is1
) TwoFactor::DestroyService.new(user, user: user).execute
Does this MR meet the acceptance criteria?
Conformity
- [-] Changelog entry
- Not needed, behind a feature flag
- [-] Documentation (if required)
-
Code review guidelines -
Merge request performance guidelines -
Style guides - [-] Database guides
-
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers - [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec
- [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team
Edited by Peter Hegman