LG-14189: A/B test for allowing F/T setup and authentication on desktop

app/components/webauthn_input_component.rb

@@ -1,21 +1,18 @@
 # frozen_string_literal: true
 
 class WebauthnInputComponent < BaseComponent
-  attr_reader :platform, :passkey_supported_only, :show_unsupported_passkey, :tag_options
+  attr_reader :platform, :passkey_supported_only, :tag_options
 
   alias_method :platform?, :platform
   alias_method :passkey_supported_only?, :passkey_supported_only
-  alias_method :show_unsupported_passkey?, :show_unsupported_passkey
 
   def initialize(
     platform: false,
     passkey_supported_only: false,
-    show_unsupported_passkey: false,
     **tag_options
   )
     @platform = platform
     @passkey_supported_only = passkey_supported_only
-    @show_unsupported_passkey = show_unsupported_passkey
     @tag_options = tag_options
   end
 
@@ -25,7 +22,6 @@ def call
       content,
       **tag_options,
       **initial_hidden_tag_options,
-      'show-unsupported-passkey': show_unsupported_passkey?.presence,
     )
   end
 

app/controllers/users/webauthn_setup_controller.rb

@@ -86,7 +86,7 @@ def validate_existing_platform_authenticator
       if platform_authenticator? && in_account_creation_flow? &&
          current_user.webauthn_configurations.platform_authenticators.present?
         redirect_to authentication_methods_setup_path
-     end
+      end
     end
 
     def platform_authenticator?

app/javascript/packages/webauthn/index.ts

@@ -3,7 +3,7 @@ export { default as extractCredentials } from './extract-credentials';
 export { default as verifyWebauthnDevice } from './verify-webauthn-device';
 export { default as isExpectedWebauthnError } from './is-expected-error';
 export { default as isWebauthnPlatformAuthenticatorAvailable } from './is-webauthn-platform-authenticator-available';
-export { default as isWebauthnPasskeySupported } from './is-webauthn-passkey-supported';
+
 export * from './converters';
 
 export type { VerifyCredentialDescriptor } from './verify-webauthn-device';

app/javascript/packages/webauthn/webauthn-input-element.spec.ts

@@ -1,22 +1,15 @@
 import sinon from 'sinon';
 import quibble from 'quibble';
 import { waitFor } from '@testing-library/dom';
-import type { IsWebauthnPasskeySupported } from './is-webauthn-passkey-supported';
 import type { IsWebauthnPlatformAvailable } from './is-webauthn-platform-authenticator-available';
 
 describe('WebauthnInputElement', () => {
-  const isWebauthnPasskeySupported = sinon.stub<
-    Parameters<IsWebauthnPasskeySupported>,
-    ReturnType<IsWebauthnPasskeySupported>
-  >();
-
   const isWebauthnPlatformAvailable = sinon.stub<
     Parameters<IsWebauthnPlatformAvailable>,
     ReturnType<IsWebauthnPlatformAvailable>
   >();
 
   before(async () => {
-    quibble('./is-webauthn-passkey-supported', isWebauthnPasskeySupported);
     quibble('./is-webauthn-platform-authenticator-available', isWebauthnPlatformAvailable);
     await import('./webauthn-input-element');
   });
@@ -25,42 +18,10 @@ describe('WebauthnInputElement', () => {
     quibble.reset();
   });
 
-  context('device does not support passkey', () => {
-    context('unsupported passkey not shown', () => {
-      beforeEach(() => {
-        isWebauthnPasskeySupported.returns(false);
-        isWebauthnPlatformAvailable.resolves(false);
-        document.body.innerHTML = `<lg-webauthn-input hidden></lg-webauthn-input>`;
-      });
-
-      it('stays hidden', () => {
-        const element = document.querySelector('lg-webauthn-input')!;
-
-        expect(element.hidden).to.be.true();
-      });
-    });
-
-    context('unsupported passkey shown', () => {
-      beforeEach(() => {
-        isWebauthnPasskeySupported.returns(false);
-        isWebauthnPlatformAvailable.resolves(false);
-        document.body.innerHTML = `<lg-webauthn-input show-unsupported-passkey hidden></lg-webauthn-input>`;
-      });
-
-      it('becomes visible, with modifier class', () => {
-        const element = document.querySelector('lg-webauthn-input')!;
-
-        expect(element.hidden).to.be.false();
-        expect(element.classList.contains('webauthn-input--unsupported-passkey')).to.be.true();
-      });
-    });
-  });
-
   context('device supports passkey', () => {
     context('unsupported publickeycredential not shown', () => {
       beforeEach(() => {
         isWebauthnPlatformAvailable.resolves(false);
-        isWebauthnPasskeySupported.returns(true);
         document.body.innerHTML = `<lg-webauthn-input hidden></lg-webauthn-input>`;
       });
 
@@ -73,7 +34,6 @@ describe('WebauthnInputElement', () => {
 
     context('publickeycredential input is shown', () => {
       beforeEach(() => {
-        isWebauthnPasskeySupported.returns(true);
         isWebauthnPlatformAvailable.resolves(true);
         document.body.innerHTML = `<lg-webauthn-input hidden></lg-webauthn-input>`;
       });

app/javascript/packages/webauthn/webauthn-input-element.ts

@@ -1,4 +1,3 @@
-import isWebauthnPasskeySupported from './is-webauthn-passkey-supported';
 import isWebauthnPlatformAuthenticatorAvailable from './is-webauthn-platform-authenticator-available';
 
 export class WebauthnInputElement extends HTMLElement {
@@ -19,11 +18,10 @@ export class WebauthnInputElement extends HTMLElement {
       return;
     }
 
-    if (isWebauthnPasskeySupported() && (await isWebauthnPlatformAuthenticatorAvailable())) {
+    if (await isWebauthnPlatformAuthenticatorAvailable()) {
       this.hidden = false;
-    } else if (this.showUnsupportedPasskey) {
+    } else {
       this.hidden = false;
-      this.classList.add('webauthn-input--unsupported-passkey');
     }
   }
 }

app/presenters/two_factor_authentication/set_up_webauthn_platform_selection_presenter.rb

@@ -11,8 +11,6 @@ def render_in(view_context, &block)
         WebauthnInputComponent.new(
           platform: true,
           passkey_supported_only: true,
-          show_unsupported_passkey:
-            IdentityConfig.store.show_unsupported_passkey_platform_authentication_setup,
         ),
         &block
       )

app/presenters/two_factor_authentication/sign_in_webauthn_platform_selection_presenter.rb

@@ -11,7 +11,6 @@ def render_in(view_context, &block)
         WebauthnInputComponent.new(
           platform: true,
           passkey_supported_only: false,
-          show_unsupported_passkey: false,
         ),
         &block
       )

config/application.yml.default

@@ -337,7 +337,7 @@ session_timeout_warning_seconds: 150
 session_total_duration_timeout_in_minutes: 720
 short_term_phone_otp_max_attempt_window_in_seconds: 10
 short_term_phone_otp_max_attempts: 2
-show_unsupported_passkey_platform_authentication_setup: false
+show_desktop_ft_unlock_setup_option_percent_tested: 0
 show_user_attribute_deprecation_warnings: false
 sign_in_recaptcha_percent_tested: 0
 sign_in_recaptcha_score_threshold: 0.0
@@ -441,7 +441,6 @@ development:
   scrypt_cost: 10000$8$1$
   secret_key_base: development_secret_key_base
   session_encryption_key: 27bad3c25711099429c1afdfd1890910f3b59f5a4faec1c85e945cb8b02b02f261ba501d99cfbb4fab394e0102de6fecf8ffe260f322f610db3e96b2a775c120
-  show_unsupported_passkey_platform_authentication_setup: true
   sign_in_recaptcha_percent_tested: 100
   sign_in_recaptcha_score_threshold: 0.3
   skip_encryption_allowed_list: '["urn:gov:gsa:SAML:2.0.profiles:sp:sso:localhost"]'

config/initializers/ab_tests.rb

@@ -81,4 +81,20 @@ def self.all
       SecureRandom.alphanumeric(8)
     end
   end.freeze
+
+  DESKTOP_FT_UNLOCK_SETUP = AbTest.new(
+    experiment_name: 'Desktop F/T unlock setup',
+    should_log: [
+      'WebAuthn Setup Visited',
+      'Multi-Factor Authentication Setup',
+    ].to_set,
+    buckets: { desktop_ft_unlock:
+        IdentityConfig.store.show_desktop_ft_unlock_setup_option_percent_tested },
+  ) do |user:, user_session:, **|
+    if user_session&.[](:platform_authenticator_available) == false
+      nil
+    else
+      user.uuid
+    end
+  end.freeze
 end

lib/identity_config.rb

@@ -388,7 +388,7 @@ def self.store
     config.add(:session_timeout_in_minutes, type: :integer)
     config.add(:session_timeout_warning_seconds, type: :integer)
     config.add(:session_total_duration_timeout_in_minutes, type: :integer)
-    config.add(:show_unsupported_passkey_platform_authentication_setup, type: :boolean)
+    config.add(:show_desktop_ft_unlock_setup_option_percent_tested, type: :integer)
     config.add(:show_user_attribute_deprecation_warnings, type: :boolean)
     config.add(:short_term_phone_otp_max_attempts, type: :integer)
     config.add(:short_term_phone_otp_max_attempt_window_in_seconds, type: :integer)

spec/components/webauthn_input_component_spec.rb

@@ -17,10 +17,6 @@
     expect(component.passkey_supported_only?).to eq(false)
   end
 
-  it 'exposes boolean alias for show_unsupported_passkey option' do
-    expect(component.show_unsupported_passkey?).to eq(false)
-  end
-
   context 'with platform option' do
     context 'with platform option false' do
       let(:options) { super().merge(platform: false) }
@@ -67,17 +63,6 @@
                 )
               end
             end
-
-            context 'with show_unsupported_passkey option true' do
-              let(:options) { super().merge(show_unsupported_passkey: true) }
-
-              it 'renders with show-unsupported-passkey attribute' do
-                expect(rendered).to have_css(
-                  'lg-webauthn-input[hidden][show-unsupported-passkey]',
-                  visible: false,
-                )
-              end
-            end
           end
         end
       end