From ad9a886a38bd295b263264540283a7a8888d019f Mon Sep 17 00:00:00 2001 From: "Matt H." Date: Mon, 18 Nov 2024 16:03:17 -0500 Subject: [PATCH 1/2] Stop having `cron/all` send MFA metrics to Google Analytics --- .../console/controllers/CronController.php | 78 ------------------- 1 file changed, 78 deletions(-) diff --git a/application/console/controllers/CronController.php b/application/console/controllers/CronController.php index 8d87b58f..924c83e7 100644 --- a/application/console/controllers/CronController.php +++ b/application/console/controllers/CronController.php @@ -3,15 +3,12 @@ namespace console\controllers; use common\components\ExternalGroupsSync; -use common\helpers\Utils; use common\models\Invite; use common\models\Method; use common\models\Mfa; use common\models\User; use common\components\Emailer; use yii\console\Controller; -use Br33f\Ga4\MeasurementProtocol\Dto\Event\BaseEvent; -use TheIconic\Tracking\GoogleAnalytics\Analytics; class CronController extends Controller { @@ -26,80 +23,6 @@ public function actionRemoveOldUnverifiedRecords() Mfa::removeOldManagerMfaRecords(); } - /** - * Send events to Google Analytics that give the number of ... - * - active users - * - active users that have a verified Mfa of any type - * - active users with a backup code Mfa - * - active users with a verified totp Mfa - * - active users with a verified u2f/webauthn Mfa - * - * If you need to debug the Google Analytics call, do this ... - * $response = $analytics->setProtocolVersion('1') - * ->setDebug(true) - * ... - * ... - * \Yii::warning([ - * 'results' => $response->getDebugResponse(), - * ]); - * - * - * @throws \Exception - */ - public function actionGoogleAnalytics() - { - $eventCategory = 'mfa-usage'; - - \Yii::warning( - 'Reporting ID Broker metrics to Google Analytics is deprecated and ' - . 'will be removed in a future release.' - ); - - $gaEvents = [ - 'active_users' => User::find()->where(['active' => 'yes'])->count(), - 'active_users_with_require_mfa' => User::countUsersWithRequireMfa(), - 'active_users_with_mfas' => User::getQueryOfUsersWithMfa()->count(), - 'active_users_with_backup_codes' => User::getQueryOfUsersWithMfa(Mfa::TYPE_BACKUPCODE)->count(), - 'active_users_with_totp' => User::getQueryOfUsersWithMfa(Mfa::TYPE_TOTP)->count(), - 'active_users_with_u2f' => User::getQueryOfUsersWithMfa(Mfa::TYPE_WEBAUTHN)->count(), - 'active_users_with_password' => User::countUsersWithPassword(), - // Since GA doesn't accept event values as floats, multiply this by 10 and round it - 'average_mfas_per_user_with_mfas_times_ten' => round(User::getAverageNumberOfMfasPerUserWithMfas() * 10.0), - 'active_users_personal_email_no_methods' => User::numberWithPersonalEmailButNoMethods(), - 'active_users_only_2sv_or_u2f' => User::numberWithOneMfaNotBackupCodes() - ]; - - list($gaService, $gaRequest) = Utils::GoogleAnalyticsServiceAndRequest("cron"); - if ($gaService === null) { - return; - } - - foreach ($gaEvents as $label => $value) { - $gaEvent = new BaseEvent($label); - $gaEvent->setCategory($eventCategory) - ->setLabel($label) - ->setValue($value); - - $gaRequest->addEvent($gaEvent); - } - - $debugResponse = $gaService->sendDebug($gaRequest); - $gaMessages = $debugResponse->getValidationMessages(); - if (empty($gaMessages)) { - $gaService->send($gaRequest); - } else { - \Yii::warning([ - 'google-analytics' => "Aborting GA cron since the request was not accepted: " . - var_export($gaMessages, true) - ]); - return; - } - - $gaEvents['action'] = 'completed posting to Google Analytics'; - - \Yii::warning($gaEvents); - } - public function actionSendDelayedMfaRelatedEmails() { /* @var $emailer Emailer */ @@ -164,7 +87,6 @@ public function actionAll() 'actionSendDelayedMfaRelatedEmails', 'actionSendMethodReminderEmails', 'actionSendPasswordExpiryEmails', - 'actionGoogleAnalytics', 'actionSyncExternalGroups', ]; From 6055d5e595c411545c17cd4a935c253777b927c0 Mon Sep 17 00:00:00 2001 From: "Matt H." Date: Mon, 18 Nov 2024 16:05:40 -0500 Subject: [PATCH 2/2] Remove "Google Analytics Calls - DEPRECATED" section of README file --- README.md | 6 ------ 1 file changed, 6 deletions(-) diff --git a/README.md b/README.md index 3bfc1640..56cac749 100644 --- a/README.md +++ b/README.md @@ -66,12 +66,6 @@ The API is described by [api.raml](api.raml), and an auto-generated [api.html](a * `./vendor/bin/behat features/authentication.feature` * `./vendor/bin/behat features/authentication.feature:298` -## Google Analytics Calls - DEPRECATED -Calls are made to Google Analytics regarding users' mfas and whether a password has been pwned. - -If you want to have an indication that those calls are likely to succeed, run -`$ make callGA`. - ## Adding groups to SAML `member` attribute from a Google Sheet The `local.env.dist` file shows how to add the necessary environment variables