Log Face/Touch setup A/B test from session value

app/controllers/users/webauthn_platform_recommended_controller.rb

@@ -15,12 +15,22 @@ def new
 
     def create
       analytics.webauthn_platform_recommended_submitted(opted_to_add: opted_to_add?)
+      store_webauthn_platform_recommended_in_session if opted_to_add?
       current_user.update(webauthn_platform_recommended_dismissed_at: Time.zone.now)
       redirect_to dismiss_redirect_path
     end
 
     private
 
+    def store_webauthn_platform_recommended_in_session
+      user_session[:webauthn_platform_recommended] =
+        if in_account_creation_flow?
+          :account_creation
+        else
+          :authentication
+        end
+    end
+
     def opted_to_add?
       params[:add_method].present?
     end

app/controllers/users/webauthn_setup_controller.rb

@@ -161,6 +161,7 @@ def process_valid_webauthn(form)
     def analytics_properties
       {
         in_account_creation_flow: user_session[:in_account_creation_flow] || false,
+        webauthn_platform_recommended: user_session[:webauthn_platform_recommended],
         attempts: mfa_attempts_count,
       }
     end

app/services/analytics_events.rb

@@ -5361,6 +5361,8 @@ def multi_factor_auth_phone_setup(
   # @param [String, nil] aaguid AAGUID value of WebAuthn device
   # @param [String[], nil] unknown_transports Array of unrecognized WebAuthn transports, intended to
   # be used in case of future specification changes.
+  # @param [:authentication, :account_creation, nil] webauthn_platform_recommended A/B test for
+  # recommended Face or Touch Unlock setup, if applicable.
   def multi_factor_auth_setup(
     success:,
     multi_factor_auth_method:,
@@ -5384,6 +5386,7 @@ def multi_factor_auth_setup(
     attempts: nil,
     aaguid: nil,
     unknown_transports: nil,
+    webauthn_platform_recommended: nil,
     **extra
   )
     track_event(
@@ -5410,6 +5413,7 @@ def multi_factor_auth_setup(
       attempts:,
       aaguid:,
       unknown_transports:,
+      webauthn_platform_recommended:,
       **extra,
     )
   end

config/initializers/ab_tests.rb

@@ -87,7 +87,7 @@ def self.all
     should_log: [
       :webauthn_platform_recommended_visited,
       :webauthn_platform_recommended_submitted,
-      :webauthn_setup_submitted,
+      'Multi-Factor Authentication Setup',
     ].to_set,
     buckets: {
       recommend_for_account_creation:

spec/controllers/users/webauthn_platform_recommended_controller_spec.rb

@@ -58,6 +58,11 @@
       end
     end
 
+    it 'does not assign recommended session value' do
+      expect { response }.not_to change { controller.user_session[:webauthn_platform_recommended] }.
+        from(nil)
+    end
+
     it 'redirects user to after sign in path' do
       expect(controller).to receive(:after_sign_in_path_for).with(user).and_return(account_path)
 
@@ -92,6 +97,22 @@
       it 'redirects user to set up platform authenticator' do
         expect(response).to redirect_to(webauthn_setup_path(platform: true))
       end
+
+      it 'assigns recommended session value to recommendation flow' do
+        expect { response }.to change { controller.user_session[:webauthn_platform_recommended] }.
+          from(nil).to(:authentication)
+      end
+
+      context 'user is creating account' do
+        before do
+          allow(controller).to receive(:in_account_creation_flow?).and_return(true)
+        end
+
+        it 'assigns recommended session value to recommendation flow' do
+          expect { response }.to change { controller.user_session[:webauthn_platform_recommended] }.
+            from(nil).to(:account_creation)
+        end
+      end
     end
   end
 end

spec/controllers/users/webauthn_setup_controller_spec.rb

@@ -138,6 +138,21 @@
           success: true,
         )
       end
+
+      context 'with setup from sms recommendation' do
+        before do
+          controller.user_session[:webauthn_platform_recommended] = :authentication
+        end
+
+        it 'logs setup event with session value' do
+          patch :confirm, params: params
+
+          expect(@analytics).to have_logged_event(
+            'Multi-Factor Authentication Setup',
+            hash_including(webauthn_platform_recommended: :authentication),
+          )
+        end
+      end
     end
   end