Remove unreachable "otp_code" auth method#9638
Merged
Conversation
changelog: Internal, Analytics, Normalize auth method for phone OTP submission
zachmargolis
approved these changes
Nov 21, 2023
jc-gsa
approved these changes
Nov 21, 2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🛠 Summary of changes
Removes an unused reference to "otp_code" as a
multi_factor_auth_methodvalue, in order to avoid confusion for a value that's never logged.I stumbled across this when searching possible
multi_factor_auth_methodvalues in the codebase. After verifying there are no results in CloudWatch forfilter properties.event_properties.multi_factor_auth_method = 'otp_code', I noticed that this would be unused, due to how the form's extra analytics are overridden:identity-idp/app/controllers/two_factor_authentication/otp_verification_controller.rb
Line 129 in fb94aad
identity-idp/app/controllers/two_factor_authentication/otp_verification_controller.rb
Lines 151 to 156 in fb94aad
📜 Testing Plan
This is a refactor expected to be covered by existing test coverage.
You could also verify that MFA'ing with a phone continues to log events with
multi_factor_auth_methodequal to the delivery method of your authenticator ("sms" or "voice").