From 9f7d1506c241de787ee7e0be617b9c5a536e0cdd Mon Sep 17 00:00:00 2001
From: Nicholas Shirley <nshirley@mozilla.com>
Date: Fri, 19 Sep 2025 10:01:35 -0600
Subject: [PATCH] bug(securityEvent): Add missing security event names to db

Because:
 - We're missing some security event names from some events in the db
 - And we're missing some security event names in the model
 - And some names have mismatching id

This commit:
 - Updates all security event names in 'fxa.securityEventNames' that are
   missing
 - Aligns all values on the model to match the db as source of truth
---
 .../databases/fxa/patches/patch-175-176.sql   | 14 +++++++++++++
 .../databases/fxa/patches/patch-176-175.sql   | 11 ++++++++++
 .../databases/fxa/target-patch.json           |  2 +-
 .../lib/routes/recovery-phone.ts              |  2 +-
 .../db/models/auth/security-event.ts          | 21 ++++++++++---------
 5 files changed, 38 insertions(+), 12 deletions(-)
 create mode 100644 packages/db-migrations/databases/fxa/patches/patch-175-176.sql
 create mode 100644 packages/db-migrations/databases/fxa/patches/patch-176-175.sql

diff --git a/packages/db-migrations/databases/fxa/patches/patch-175-176.sql b/packages/db-migrations/databases/fxa/patches/patch-175-176.sql
new file mode 100644
index 00000000000..ee4e35c3bc1
--- /dev/null
+++ b/packages/db-migrations/databases/fxa/patches/patch-175-176.sql
@@ -0,0 +1,14 @@
+SET NAMES utf8mb4 COLLATE utf8mb4_bin;
+
+-- Bump these to your next migration numbers
+CALL assertPatchLevel('175');
+
+INSERT INTO securityEventNames (name) VALUES
+  ('account.password_upgrade_success'),
+  ('account.password_upgraded'),
+  ('account.recovery_phone_setup_failed'),
+  ('account.mfa_send_otp_code'),
+  ('account.mfa_verify_otp_code_success'),
+  ('account.mfa_verify_otp_code_failed');
+
+UPDATE dbMetadata SET value = '176' WHERE name = 'schema-patch-level';
diff --git a/packages/db-migrations/databases/fxa/patches/patch-176-175.sql b/packages/db-migrations/databases/fxa/patches/patch-176-175.sql
new file mode 100644
index 00000000000..b18c4384c87
--- /dev/null
+++ b/packages/db-migrations/databases/fxa/patches/patch-176-175.sql
@@ -0,0 +1,11 @@
+-- SET NAMES utf8mb4 COLLATE utf8mb4_bin;
+--
+-- -- Remove only the rows this migration inserted.
+-- DELETE FROM securityEventNames WHERE name = 'account.password_upgrade_success';
+-- DELETE FROM securityEventNames WHERE name = 'account.password_upgraded';
+-- DELETE FROM securityEventNames WHERE name = 'account.recovery_phone_setup_failed';
+-- DELETE FROM securityEventNames WHERE name = 'account.mfa_send_otp_code';
+-- DELETE FROM securityEventNames WHERE name = 'account.mfa_verify_otp_code_success';
+-- DELETE FROM securityEventNames WHERE name = 'account.mfa_verify_otp_code_failed';
+--
+-- UPDATE dbMetadata SET value = '175' WHERE name = 'schema-patch-level';
diff --git a/packages/db-migrations/databases/fxa/target-patch.json b/packages/db-migrations/databases/fxa/target-patch.json
index bcebb79592c..241cc97bfc5 100644
--- a/packages/db-migrations/databases/fxa/target-patch.json
+++ b/packages/db-migrations/databases/fxa/target-patch.json
@@ -1,3 +1,3 @@
 {
-  "level": 175
+  "level": 176
 }
diff --git a/packages/fxa-auth-server/lib/routes/recovery-phone.ts b/packages/fxa-auth-server/lib/routes/recovery-phone.ts
index 5a654349595..e0a65068343 100644
--- a/packages/fxa-auth-server/lib/routes/recovery-phone.ts
+++ b/packages/fxa-auth-server/lib/routes/recovery-phone.ts
@@ -631,7 +631,7 @@ class RecoveryPhoneHandler {
     if (!replacedSuccess) {
       await this.glean.twoStepAuthPhoneReplace.failure(request);
       this.statsd.increment('account.recoveryPhone.changePhoneNumber.failure');
-      await recordSecurityEvent('account.recovery_phone_replace_failed', {
+      await recordSecurityEvent('account.recovery_phone_replace_failure', {
         db: this.db,
         request,
       });
diff --git a/packages/fxa-shared/db/models/auth/security-event.ts b/packages/fxa-shared/db/models/auth/security-event.ts
index f213779167c..ae044f279d3 100644
--- a/packages/fxa-shared/db/models/auth/security-event.ts
+++ b/packages/fxa-shared/db/models/auth/security-event.ts
@@ -47,17 +47,18 @@ export const EVENT_NAMES: Record<string, number> = {
   'account.recovery_codes_created': 33,
   'account.recovery_codes_signin_complete': 34,
   'account.must_reset': 35,
-  'account.recovery_phone_reset_password_success': 36,
+  'account.recovery_phone_reset_password_complete': 36,
   'account.recovery_phone_reset_password_failed': 37,
-  'account.password_upgrade_success': 38,
-  'account.password_upgraded': 39,
-  'account.recovery_phone_setup_failed': 40,
-  'account.recovery_phone_replace_failed': 41,
-  'account.recovery_phone_replace_complete': 42,
-  'account.recovery_phone_reset_password_complete': 43,
-  'account.mfa_send_otp_code': 44,
-  'account.mfa_verify_otp_code_success': 45,
-  'account.mfa_verify_otp_code_failed': 46,
+  'account.recovery_phone_replace_complete': 38,
+  'account.recovery_phone_replace_failure': 39,
+  'account.two_factor_replace_success': 40,
+  'account.two_factor_replace_failure': 41,
+  'account.password_upgrade_success': 42,
+  'account.password_upgraded': 43,
+  'account.recovery_phone_setup_failed': 44,
+  'account.mfa_send_otp_code': 45,
+  'account.mfa_verify_otp_code_success': 46,
+  'account.mfa_verify_otp_code_failed': 47,
 } as const;
 
 export type SecurityEventNames = keyof typeof EVENT_NAMES;