diff --git a/app/controllers/concerns/saml_idp_logout_concern.rb b/app/controllers/concerns/saml_idp_logout_concern.rb index 3354e6996bc..2737d4d01e2 100644 --- a/app/controllers/concerns/saml_idp_logout_concern.rb +++ b/app/controllers/concerns/saml_idp_logout_concern.rb @@ -49,11 +49,7 @@ def name_id_user def sp_slo_identity @_sp_slo_identity ||= begin - if FeatureManagement.enable_agency_based_uuids? - AgencyIdentityLinker.sp_identity_from_uuid(name_id) - else - Identity.includes(:user).find_by(uuid: name_id) - end + AgencyIdentityLinker.sp_identity_from_uuid(name_id) end end diff --git a/app/forms/openid_connect_logout_form.rb b/app/forms/openid_connect_logout_form.rb index 2a22a83f781..225d412ee3a 100644 --- a/app/forms/openid_connect_logout_form.rb +++ b/app/forms/openid_connect_logout_form.rb @@ -55,11 +55,7 @@ def load_identity def identity_from_payload(payload) uuid = payload[:sub] sp = payload[:aud] - if FeatureManagement.enable_agency_based_uuids? - AgencyIdentityLinker.sp_identity_from_uuid_and_sp(uuid, sp) - else - Identity.where(uuid: uuid, service_provider: sp).first - end + AgencyIdentityLinker.sp_identity_from_uuid_and_sp(uuid, sp) end def build_openid_connect_redirector diff --git a/app/models/agency_identity.rb b/app/models/agency_identity.rb index fee7a835973..b36d11bf973 100644 --- a/app/models/agency_identity.rb +++ b/app/models/agency_identity.rb @@ -2,8 +2,4 @@ class AgencyIdentity < ApplicationRecord belongs_to :user belongs_to :agency validates :uuid, presence: true - - def agency_enabled? - !FeatureManagement.agencies_with_agency_based_uuids.index(agency_id).nil? - end end diff --git a/app/presenters/openid_connect_user_info_presenter.rb b/app/presenters/openid_connect_user_info_presenter.rb index e229c6a9114..95ee6b49932 100644 --- a/app/presenters/openid_connect_user_info_presenter.rb +++ b/app/presenters/openid_connect_user_info_presenter.rb @@ -21,11 +21,7 @@ def user_info private def uuid_from_sp_identity(identity) - if FeatureManagement.enable_agency_based_uuids? - AgencyIdentityLinker.new(identity).link_identity.uuid - else - identity.uuid - end + AgencyIdentityLinker.new(identity).link_identity.uuid end # rubocop:disable Metrics/AbcSize diff --git a/app/services/agency_identity_linker.rb b/app/services/agency_identity_linker.rb index 78f74147c43..18ac76844a4 100644 --- a/app/services/agency_identity_linker.rb +++ b/app/services/agency_identity_linker.rb @@ -5,14 +5,13 @@ def initialize(sp_identity) end def link_identity - ai = find_or_create_agency_identity - return ai if ai&.agency_enabled? - AgencyIdentity.new(user_id: @sp_identity.user_id, uuid: @sp_identity.uuid) + find_or_create_agency_identity || + AgencyIdentity.new(user_id: @sp_identity.user_id, uuid: @sp_identity.uuid) end def self.sp_identity_from_uuid_and_sp(uuid, service_provider) ai = AgencyIdentity.where(uuid: uuid).first - criteria = if ai&.agency_enabled? + criteria = if ai { user_id: ai.user_id, service_provider: service_provider } else { uuid: uuid, service_provider: service_provider } @@ -31,9 +30,7 @@ def self.sp_identity_from_uuid(uuid) private def find_or_create_agency_identity - ai = agency_identity - return ai if ai - create_agency_identity_for_sp + agency_identity || create_agency_identity_for_sp end def create_agency_identity_for_sp diff --git a/app/services/attribute_asserter.rb b/app/services/attribute_asserter.rb index a286c97d87d..5cad70e2a7c 100644 --- a/app/services/attribute_asserter.rb +++ b/app/services/attribute_asserter.rb @@ -53,11 +53,7 @@ def add_bundle(attrs) def uuid_getter_function lambda do |principal| identity = principal.decorate.active_identity_for(service_provider) - if FeatureManagement.enable_agency_based_uuids? - AgencyIdentityLinker.new(identity).link_identity.uuid - else - identity.uuid - end + AgencyIdentityLinker.new(identity).link_identity.uuid end end diff --git a/app/services/identity_linker.rb b/app/services/identity_linker.rb index 6c9a0416a17..afffdd037c9 100644 --- a/app/services/identity_linker.rb +++ b/app/services/identity_linker.rb @@ -9,7 +9,7 @@ def initialize(user, provider) def link_identity(**extra_attrs) attributes = merged_attributes(extra_attrs) identity.update!(attributes) - AgencyIdentityLinker.new(identity).link_identity if FeatureManagement.enable_agency_based_uuids? + AgencyIdentityLinker.new(identity).link_identity identity end diff --git a/config/application.yml.example b/config/application.yml.example index 6529c9f3d7d..31bd097b1ce 100644 --- a/config/application.yml.example +++ b/config/application.yml.example @@ -63,7 +63,6 @@ development: aamva_public_key: '123abc' aamva_private_key: '123abc' aamva_verification_url: 'https://example.org:12345/verification/url' - agencies_with_agency_based_uuids: '1,2,3,4,5' async_job_refresh_interval_seconds: '5' async_job_refresh_max_wait_seconds: '15' attribute_cost: '4000$8$4$' # SCrypt::Engine.calibrate(max_time: 0.5) @@ -87,7 +86,6 @@ development: database_timeout: '5000' database_username: '' domain_name: 'localhost:3000' - enable_agency_based_uuids: 'true' enable_identity_verification: 'true' enable_rate_limiting: 'false' enable_test_routes: 'true' @@ -161,7 +159,6 @@ production: aamva_public_key: # Base64 encoded public key for AAMVA aamva_private_key: # Base64 encoded private key for AAMVA aamva_verification_url: # DLDV Verification URL - agencies_with_agency_based_uuids: '1,2,3,4,5' async_job_refresh_interval_seconds: '5' async_job_refresh_max_wait_seconds: '15' attribute_cost: '4000$8$4$' # SCrypt::Engine.calibrate(max_time: 0.5) @@ -176,7 +173,6 @@ production: disable_email_sending: 'false' dashboard_api_token: domain_name: 'login.gov' - enable_agency_based_uuids: 'true' enable_identity_verification: 'false' enable_rate_limiting: 'true' enable_test_routes: 'false' @@ -248,7 +244,6 @@ test: aamva_public_key: '123abc' aamva_private_key: '123abc' aamva_verification_url: 'https://example.org:12345/verification/url' - agencies_with_agency_based_uuids: '1,2,3,4,5' async_job_refresh_interval_seconds: '1' async_job_refresh_max_wait_seconds: '15' attribute_cost: '800$8$1$' # SCrypt::Engine.calibrate(max_time: 0.01) @@ -271,7 +266,6 @@ test: database_timeout: '5000' database_username: '' dashboard_api_token: '123ABC' - enable_agency_based_uuids: 'true' enable_identity_verification: 'true' enable_rate_limiting: 'true' enable_test_routes: 'true' diff --git a/config/initializers/figaro.rb b/config/initializers/figaro.rb index 3d648127799..f1b96a97a04 100644 --- a/config/initializers/figaro.rb +++ b/config/initializers/figaro.rb @@ -4,7 +4,6 @@ 'attribute_cost', 'attribute_encryption_key', 'domain_name', - 'enable_agency_based_uuids', 'enable_identity_verification', 'enable_rate_limiting', 'enable_test_routes', diff --git a/lib/feature_management.rb b/lib/feature_management.rb index 3ab08793df4..1e299d4a06e 100644 --- a/lib/feature_management.rb +++ b/lib/feature_management.rb @@ -68,14 +68,6 @@ def self.no_pii_mode? enable_identity_verification? && Figaro.env.profile_proofing_vendor == :mock end - def self.enable_agency_based_uuids? - Figaro.env.enable_agency_based_uuids == 'true' - end - - def self.agencies_with_agency_based_uuids - (Figaro.env.agencies_with_agency_based_uuids || '').split(',').map(&:to_i) - end - def self.enable_saml_cert_rotation? Figaro.env.saml_secret_rotation_enabled == 'true' end diff --git a/spec/features/openid_connect/openid_connect_spec.rb b/spec/features/openid_connect/openid_connect_spec.rb index 0d4fce612c3..778fea3ed32 100644 --- a/spec/features/openid_connect/openid_connect_spec.rb +++ b/spec/features/openid_connect/openid_connect_spec.rb @@ -8,11 +8,6 @@ oidc_end_client_secret_jwt(prompt: 'select_account') end - it 'succeeds with new agency based uuids' do - allow(FeatureManagement).to receive(:enable_agency_based_uuids?).and_return(true) - oidc_end_client_secret_jwt(prompt: 'select_account') - end - it 'succeeds in returning back to sp with prompt select_account and prior session' do user = oidc_end_client_secret_jwt(prompt: 'select_account') oidc_end_client_secret_jwt(prompt: 'select_account', user: user, redirs_to: '/auth/result') diff --git a/spec/features/saml/loa1_sso_spec.rb b/spec/features/saml/loa1_sso_spec.rb index 087eb5f24f5..dc593198337 100644 --- a/spec/features/saml/loa1_sso_spec.rb +++ b/spec/features/saml/loa1_sso_spec.rb @@ -175,19 +175,6 @@ end end - context 'fully signed up user is signed in with email/pwd and new agency based uuids' do - it 'prompts to enter OTP' do - allow(FeatureManagement).to receive(:enable_agency_based_uuids?).and_return(true) - user = create(:user, :signed_up) - sign_in_user(user) - - saml_authn_request = auth_request.create(saml_settings) - visit saml_authn_request - - expect(current_path).to eq login_two_factor_path(otp_delivery_preference: 'sms') - end - end - context 'user that has not yet set up 2FA is signed in with email and password only' do it 'prompts to set up 2FA' do sign_in_user diff --git a/spec/features/saml/sp_initiated_slo_spec.rb b/spec/features/saml/sp_initiated_slo_spec.rb index c6bf4107a24..187c999de90 100644 --- a/spec/features/saml/sp_initiated_slo_spec.rb +++ b/spec/features/saml/sp_initiated_slo_spec.rb @@ -88,7 +88,6 @@ let(:user) { create(:user, :signed_up) } before do - allow(FeatureManagement).to receive(:enable_agency_based_uuids?).and_return(true) sign_in_and_2fa_user(user) visit sp1_authnrequest diff --git a/spec/forms/openid_connect_logout_form_spec.rb b/spec/forms/openid_connect_logout_form_spec.rb index 642943d8f96..1a385df42ed 100644 --- a/spec/forms/openid_connect_logout_form_spec.rb +++ b/spec/forms/openid_connect_logout_form_spec.rb @@ -45,11 +45,6 @@ it 'has a successful response' do expect(result).to be_success end - - it 'has a successful response when agency based uuids are enabled' do - allow(FeatureManagement).to receive(:enable_agency_based_uuids?).and_return(true) - expect(result).to be_success - end end context 'with an invalid form' do @@ -118,13 +113,6 @@ expect(form.errors[:id_token_hint]). to include(t('openid_connect.logout.errors.id_token_hint')) end - - it 'is not valid when agency based uuids are enabled' do - allow(FeatureManagement).to receive(:enable_agency_based_uuids?).and_return(true) - expect(valid?).to eq(false) - expect(form.errors[:id_token_hint]). - to include(t('openid_connect.logout.errors.id_token_hint')) - end end context 'with an expired, but otherwise valid id_token_hint' do diff --git a/spec/lib/feature_management_spec.rb b/spec/lib/feature_management_spec.rb index d23db1d1b81..68e2b83d086 100644 --- a/spec/lib/feature_management_spec.rb +++ b/spec/lib/feature_management_spec.rb @@ -226,58 +226,4 @@ end end end - - describe '#enable_agency_based_uuids?' do - context 'when enabled' do - before do - allow(Figaro.env).to receive(:enable_agency_based_uuids).and_return('true') - end - - it 'enables the feature' do - expect(FeatureManagement.enable_agency_based_uuids?).to eq(true) - end - end - - context 'when disabled' do - before do - allow(Figaro.env).to receive(:enable_agency_based_uuids).and_return('false') - end - - it 'disables the feature' do - expect(FeatureManagement.enable_agency_based_uuids?).to eq(false) - end - end - end - - describe 'agencies_with_agency_based_uuids' do - context 'when multiple agencies are enabled' do - before do - allow(Figaro.env).to receive(:agencies_with_agency_based_uuids).and_return('1,2,3') - end - - it 'it returns an array of agencies' do - expect(FeatureManagement.agencies_with_agency_based_uuids).to eq([1, 2, 3]) - end - end - - context 'when one agency is enabled' do - before do - allow(Figaro.env).to receive(:agencies_with_agency_based_uuids).and_return('1') - end - - it 'returns an array containing a single agency' do - expect(FeatureManagement.agencies_with_agency_based_uuids).to eq([1]) - end - end - - context 'when blank' do - before do - allow(Figaro.env).to receive(:agencies_with_agency_based_uuids).and_return('') - end - - it 'returns an empty array' do - expect(FeatureManagement.agencies_with_agency_based_uuids).to eq([]) - end - end - end end diff --git a/spec/models/agency_identity_spec.rb b/spec/models/agency_identity_spec.rb index f3383a614a2..36f0974cf49 100644 --- a/spec/models/agency_identity_spec.rb +++ b/spec/models/agency_identity_spec.rb @@ -9,18 +9,4 @@ it { is_expected.to validate_presence_of(:uuid) } end - - describe '#agency_enabled?' do - it 'returns true if the agency is enabled' do - allow(Figaro.env).to receive(:agencies_with_agency_based_uuids).and_return('1') - ai = AgencyIdentity.new(agency_id: 1, user_id: 1, uuid: 'UUID1') - expect(ai.agency_enabled?).to eq(true) - end - - it 'returns false if the agency is disabled' do - allow(Figaro.env).to receive(:agencies_with_agency_based_uuids).and_return('') - ai = AgencyIdentity.new(agency_id: 1, user_id: 1, uuid: 'UUID1') - expect(ai.agency_enabled?).to eq(false) - end - end end diff --git a/spec/services/agency_identity_linker_spec.rb b/spec/services/agency_identity_linker_spec.rb index a10950b7a15..1f99627e550 100644 --- a/spec/services/agency_identity_linker_spec.rb +++ b/spec/services/agency_identity_linker_spec.rb @@ -106,8 +106,6 @@ end def init_env(user) - allow(Figaro.env).to receive(:enable_agency_based_uuids).and_return('true') - allow(Figaro.env).to receive(:agencies_with_agency_based_uuids).and_return('1,2,3') Identity.where(user_id: user.id).delete_all AgencyIdentity.where(user_id: user.id).delete_all end diff --git a/spec/services/link_agency_identities_spec.rb b/spec/services/link_agency_identities_spec.rb index 4b5b928d40b..0567bc90c76 100644 --- a/spec/services/link_agency_identities_spec.rb +++ b/spec/services/link_agency_identities_spec.rb @@ -78,8 +78,6 @@ end def init_env(user) - allow(Figaro.env).to receive(:enable_agency_based_uuids).and_return('true') - allow(Figaro.env).to receive(:agencies_with_agency_based_uuids).and_return('1,2,3') AgencySeeder.new(rails_env: Rails.env, deploy_env: Rails.env).run Identity.where(user_id: user.id).delete_all AgencyIdentity.where(user_id: user.id).delete_all diff --git a/spec/support/idv_examples/sp_handoff.rb b/spec/support/idv_examples/sp_handoff.rb index b8f5d608796..de1dca459ce 100644 --- a/spec/support/idv_examples/sp_handoff.rb +++ b/spec/support/idv_examples/sp_handoff.rb @@ -3,8 +3,6 @@ include IdvHelper before do - allow(Figaro.env).to receive(:enable_agency_based_uuids).and_return('true') - allow(Figaro.env).to receive(:agencies_with_agency_based_uuids).and_return('1,2,3') allow(FeatureManagement).to receive(:prefill_otp_codes?).and_return(true) end diff --git a/spec/support/idv_examples/sp_requested_attributes.rb b/spec/support/idv_examples/sp_requested_attributes.rb index 2c4710edb17..230ccd59396 100644 --- a/spec/support/idv_examples/sp_requested_attributes.rb +++ b/spec/support/idv_examples/sp_requested_attributes.rb @@ -3,8 +3,6 @@ include IdvHelper before do - allow(Figaro.env).to receive(:enable_agency_based_uuids).and_return('true') - allow(Figaro.env).to receive(:agencies_with_agency_based_uuids).and_return('1,2,3') allow(FeatureManagement).to receive(:prefill_otp_codes?).and_return(true) end