cleanup(2fa): Remove feature flags and associated old 2FA flows

Because:

* The updated flows are fully rolled out in production
* The totp/create endpoint is no longer responsible for creating recovery codes

This commit:

* Remove updated2faSetupFlow, updatedInlineTotpSetupFlow, updatedInlineRecoverySetupFlow flags
* Remove code from endpoint that optionally generated and returned recovery codes
* Remove skipRecoveryCodes option
* Remove old components
* Remove tests for old flows
* Remove conditional logic around flows

Closes #FXA-12813

Author: vpomerleau

packages/functional-tests/tests/oauth/totp.spec.ts

@@ -74,294 +74,10 @@ test.describe('severity-1 #smoke', () => {
       expect(await relier.isLoggedIn()).toBe(true);
     });
 
-    test('can setup TOTP inline and login', async ({
-      target,
-      pages: {
-        page,
-        relier,
-        settings,
-        signin,
-        totp,
-        inlineTotpSetup,
-        configPage,
-      },
-      testAccountTracker,
-    }) => {
-      const config = await configPage.getConfig();
-      test.skip(
-        !config.featureFlags?.updatedInlineTotpSetupFlow ||
-          config.featureFlags?.updatedInlineRecoverySetupFlow,
-        'The updated Inline TOTP setup flow is not enabled'
-      );
-      const credentials = await testAccountTracker.signUp();
-
-      await relier.goto();
-      await relier.clickRequire2FA();
-      await signin.fillOutEmailFirstForm(credentials.email);
-      await signin.fillOutPasswordForm(credentials.password);
-
-      await page.waitForURL(/inline_totp_setup/);
-
-      await expect(inlineTotpSetup.introHeading).toBeVisible();
-      await inlineTotpSetup.continueButton.click();
-      await expect(totp.setup2faAppHeading).toBeVisible();
-      await totp.step1CantScanCodeLink.click();
-      const secret = (await totp.step1ManualCode.innerText())?.replace(
-        /\s/g,
-        ''
-      );
-      const code = await getTotpCode(secret);
-      await totp.step1AuthenticationCodeTextbox.fill(code);
-      await totp.step1SubmitButton.click();
-
-      await page.waitForURL(/inline_recovery_setup/);
-
-      const codesRaw = await signin.page.getByTestId('datablock').innerText();
-      const recoveryCodes = codesRaw.trim().split(/\s+/);
-
-      await signin.page.getByRole('button', { name: 'Continue' }).click();
-
-      await expect(
-        signin.page.getByText('Confirm backup authentication code')
-      ).toBeVisible();
-
-      await signin.page
-        .getByRole('textbox', { name: 'Backup authentication code' })
-        .fill(recoveryCodes[0]);
-
-      await signin.page.getByRole('button', { name: 'Confirm' }).click();
-
-      expect(await relier.isLoggedIn()).toBe(true);
-
-      await settings.goto();
-      await settings.disconnectTotp();
-    });
-
-    test('can setup TOTP inline and login (old)', async ({
-      target,
-      pages: { page, relier, settings, signin, configPage },
-      testAccountTracker,
-    }) => {
-      const config = await configPage.getConfig();
-      test.skip(
-        config.featureFlags?.updatedInlineTotpSetupFlow ||
-          config.featureFlags?.updatedInlineRecoverySetupFlow,
-        'The updated Inline TOTP setup flow is enabled, skipping old tests'
-      );
-      const credentials = await testAccountTracker.signUp();
-
-      await relier.goto();
-      await relier.clickRequire2FA();
-      await signin.fillOutEmailFirstForm(credentials.email);
-      await signin.fillOutPasswordForm(credentials.password);
-
-      await page.waitForURL(/inline_totp_setup/);
-
-      await expect(
-        signin.page.getByText('Enable two-step authentication')
-      ).toBeVisible();
-
-      await signin.page.getByRole('button', { name: 'Continue' }).click();
-
-      await expect(
-        signin.page.getByText('Scan authentication code')
-      ).toBeVisible();
-
-      await signin.page
-        .getByRole('button', { name: 'Can’t scan code?' })
-        .click();
-
-      await expect(signin.page.getByText('Enter code manually')).toBeVisible();
-
-      const secret = (
-        await signin.page.getByTestId('manual-datablock').innerText()
-      )?.replace(/\s/g, '');
-      const code = await getTotpCode(secret);
-
-      await signin.page
-        .getByRole('textbox', { name: 'Authentication code' })
-        .fill(code);
-
-      await signin.page.getByRole('button', { name: 'Ready' }).click();
-
-      await page.waitForURL(/inline_recovery_setup/);
-
-      const codesRaw = await signin.page.getByTestId('datablock').innerText();
-      const recoveryCodes = codesRaw.trim().split(/\s+/);
-
-      await signin.page.getByRole('button', { name: 'Continue' }).click();
-
-      await expect(
-        signin.page.getByText('Confirm backup authentication code')
-      ).toBeVisible();
-
-      await signin.page
-        .getByRole('textbox', { name: 'Backup authentication code' })
-        .fill(recoveryCodes[0]);
-
-      await signin.page.getByRole('button', { name: 'Confirm' }).click();
-
-      expect(await relier.isLoggedIn()).toBe(true);
-
-      await settings.goto();
-      await settings.disconnectTotp();
-    });
-
-    test('can setup TOTP inline with backup codes choice (old setup)', async ({
-      target,
-      pages: { page, relier, settings, signin, configPage, totp },
-      testAccountTracker,
-    }) => {
-      const config = await configPage.getConfig();
-      test.skip(
-        config.featureFlags?.updatedInlineTotpSetupFlow ||
-          !config.featureFlags?.updatedInlineRecoverySetupFlow,
-        'Skip unless old totp setup with new recovery flow'
-      );
-      const credentials = await testAccountTracker.signUp();
-
-      await relier.goto();
-      await relier.clickRequire2FA();
-      await signin.fillOutEmailFirstForm(credentials.email);
-      await signin.fillOutPasswordForm(credentials.password);
-
-      await page.waitForURL(/inline_totp_setup/);
-
-      await expect(
-        signin.page.getByText('Enable two-step authentication')
-      ).toBeVisible();
-
-      await signin.page.getByRole('button', { name: 'Continue' }).click();
-
-      await expect(
-        signin.page.getByText('Scan authentication code')
-      ).toBeVisible();
-
-      await signin.page
-        .getByRole('button', { name: 'Can’t scan code?' })
-        .click();
-
-      await expect(signin.page.getByText('Enter code manually')).toBeVisible();
-
-      const secret = (
-        await signin.page.getByTestId('manual-datablock').innerText()
-      )?.replace(/\s/g, '');
-      const code = await getTotpCode(secret);
-
-      await signin.page
-        .getByRole('textbox', { name: 'Authentication code' })
-        .fill(code);
-
-      await signin.page.getByRole('button', { name: 'Ready' }).click();
-
-      await page.waitForURL(/inline_recovery_setup/);
-
-      await totp.chooseBackupCodesOption();
-      const recoveryCodes = await totp.backupCodesDownloadStep();
-      await totp.confirmBackupCodeStep(recoveryCodes[0]);
-      await page.getByRole('button', { name: 'Continue' }).click();
-
-      expect(await relier.isLoggedIn()).toBe(true);
-
-      await settings.goto();
-      await settings.disconnectTotp();
-    });
-
-    test('can setup TOTP inline with recovery phone choice (old setup)', async ({
-      target,
-      pages: {
-        page,
-        relier,
-        settings,
-        signin,
-        configPage,
-        totp,
-        recoveryPhone,
-      },
+    test('can setup TOTP inline with backup codes choice', async ({
+      pages: { page, relier, settings, signin, totp, inlineTotpSetup },
       testAccountTracker,
     }) => {
-      const config = await configPage.getConfig();
-      test.skip(
-        config.featureFlags?.updatedInlineTotpSetupFlow ||
-          !config.featureFlags?.updatedInlineRecoverySetupFlow,
-        'Skip unless old totp setup with new recovery flow'
-      );
-      const credentials = await testAccountTracker.signUp();
-
-      await relier.goto();
-      await relier.clickRequire2FA();
-      await signin.fillOutEmailFirstForm(credentials.email);
-      await signin.fillOutPasswordForm(credentials.password);
-
-      await page.waitForURL(/inline_totp_setup/);
-
-      await expect(
-        signin.page.getByText('Enable two-step authentication')
-      ).toBeVisible();
-
-      await signin.page.getByRole('button', { name: 'Continue' }).click();
-
-      await expect(
-        signin.page.getByText('Scan authentication code')
-      ).toBeVisible();
-
-      await signin.page
-        .getByRole('button', { name: 'Can’t scan code?' })
-        .click();
-
-      await expect(signin.page.getByText('Enter code manually')).toBeVisible();
-
-      const secret = (
-        await signin.page.getByTestId('manual-datablock').innerText()
-      )?.replace(/\s/g, '');
-      const code = await getTotpCode(secret);
-
-      await signin.page
-        .getByRole('textbox', { name: 'Authentication code' })
-        .fill(code);
-
-      await signin.page.getByRole('button', { name: 'Ready' }).click();
-
-      await page.waitForURL(/inline_recovery_setup/);
-
-      await totp.chooseRecoveryPhoneOption();
-      await recoveryPhone.enterPhoneNumber(target.smsClient.getPhoneNumber());
-      await recoveryPhone.clickSendCode();
-
-      await expect(recoveryPhone.confirmHeader).toBeVisible();
-
-      const smsCode = await target.smsClient.getCode({ ...credentials });
-
-      await recoveryPhone.enterCode(smsCode);
-      await recoveryPhone.clickConfirm();
-
-      await page.getByRole('button', { name: 'Continue' }).click();
-
-      expect(await relier.isLoggedIn()).toBe(true);
-
-      await settings.goto();
-      await settings.disconnectTotp();
-    });
-
-    test('can setup TOTP inline with backup codes choice (new setup)', async ({
-      target,
-      pages: {
-        page,
-        relier,
-        settings,
-        signin,
-        configPage,
-        totp,
-        inlineTotpSetup,
-      },
-      testAccountTracker,
-    }) => {
-      const config = await configPage.getConfig();
-      test.skip(
-        !config.featureFlags?.updatedInlineTotpSetupFlow ||
-          !config.featureFlags?.updatedInlineRecoverySetupFlow,
-        'Skip unless new totp setup with new recovery flow'
-      );
       const credentials = await testAccountTracker.signUp();
 
       await relier.goto();
@@ -396,26 +112,19 @@ test.describe('severity-1 #smoke', () => {
       await settings.disconnectTotp();
     });
 
-    test('can setup TOTP inline with recovery phone choice (new setup)', async ({
+    test('can setup TOTP inline with recovery phone choice', async ({
       target,
       pages: {
         page,
         relier,
         settings,
         signin,
-        configPage,
         totp,
         recoveryPhone,
         inlineTotpSetup,
       },
       testAccountTracker,
     }) => {
-      const config = await configPage.getConfig();
-      test.skip(
-        !config.featureFlags?.updatedInlineTotpSetupFlow ||
-          !config.featureFlags?.updatedInlineRecoverySetupFlow,
-        'Skip unless new totp setup with new recovery flow'
-      );
       const credentials = await testAccountTracker.signUp();
 
       await relier.goto();

packages/fxa-auth-client/lib/client.ts

@@ -1744,13 +1744,11 @@ export default class AuthClient {
     sessionToken: hexstring,
     options: {
       metricsContext?: MetricsContext;
-      skipRecoveryCodes?: boolean;
     },
     headers?: Headers
   ): Promise<{
     qrCodeUrl: string;
     secret: string;
-    recoveryCodes: string[];
   }> {
     return this.sessionPost('/totp/create', sessionToken, options, headers);
   }
@@ -1790,7 +1788,7 @@ export default class AuthClient {
    * @param sessionToken - required, must be a verified session token
    * @param options - Optional request options such as metrics context
    * @param headers - Optional additional headers for the request
-   * @returns A promise resolving to the QR code URL, secret, and optional recovery codes
+   * @returns A promise resolving to the QR code URL and secret
    */
   async startReplaceTotpToken(
     sessionToken: hexstring,
@@ -1801,7 +1799,6 @@ export default class AuthClient {
   ): Promise<{
     qrCodeUrl: string;
     secret: string;
-    recoveryCodes: string[];
   }> {
     return this.sessionPost(
       '/totp/replace/start',
@@ -1842,7 +1839,7 @@ export default class AuthClient {
    * @param jwt - MFA access token (must include the `mfa:2fa` scope)
    * @param options - Optional request options such as metrics context
    * @param headers - Optional additional headers for the request
-   * @returns A promise resolving to the QR code URL, secret, and optional recovery codes
+   * @returns A promise resolving to the QR code URL and secret
    */
   async startReplaceTotpTokenWithJwt(
     jwt: string,
@@ -1853,7 +1850,6 @@ export default class AuthClient {
   ): Promise<{
     qrCodeUrl: string;
     secret: string;
-    recoveryCodes: string[];
   }> {
     return this.jwtPost('/mfa/totp/replace/start', jwt, options, headers);
   }