From 2ea9387854841f0083a756790bb20a7fd4fb9e65 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Thu, 11 Jul 2024 10:42:05 -0400
Subject: [PATCH 01/48] temp commit

---
 lib/fed_domain_downloader.rb | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 lib/fed_domain_downloader.rb

diff --git a/lib/fed_domain_downloader.rb b/lib/fed_domain_downloader.rb
new file mode 100644
index 00000000000..642a7c5af58
--- /dev/null
+++ b/lib/fed_domain_downloader.rb
@@ -0,0 +1,28 @@
+require 'csv'
+require 'faraday'
+require 'pry'
+
+
+class PwnedPasswordDownloader
+  DOT_GOV_DOWNLOAD_PATH = 'https://raw.githubusercontent.com/cisagov/dotgov-data/main/current-full.csv'
+  
+  def initialize(destination: 'tmp/fed_download_path')
+    @destination = destination
+  end
+
+  def dot_gov_csv_path
+    response = Faraday.get(DOT_GOV_DOWNLOAD_PATH)
+    response.body
+  end
+
+  def run!
+    csv ||= CSV.parse(dot_gov_csv_path, col_sep: ",", headers: true)
+    csv.each do |row|
+      binding.pry
+      row['Domain Name']
+    end
+  end
+end
+
+
+PwnedPasswordDownloader.new.run!
\ No newline at end of file

From 0a2080e1945ef149aa41e737eed5985c4b276cd7 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Thu, 11 Jul 2024 12:57:07 -0400
Subject: [PATCH 02/48] edit downloader

---
 lib/fed_domain_downloader.rb | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/lib/fed_domain_downloader.rb b/lib/fed_domain_downloader.rb
index 642a7c5af58..9c5aa252f52 100644
--- a/lib/fed_domain_downloader.rb
+++ b/lib/fed_domain_downloader.rb
@@ -6,7 +6,7 @@
 class PwnedPasswordDownloader
   DOT_GOV_DOWNLOAD_PATH = 'https://raw.githubusercontent.com/cisagov/dotgov-data/main/current-full.csv'
   
-  def initialize(destination: 'tmp/fed_download_path')
+  def initialize(destination: 'tmp/fed_download_path/fed_domain_downloaded')
     @destination = destination
   end
 
@@ -17,9 +17,11 @@ def dot_gov_csv_path
 
   def run!
     csv ||= CSV.parse(dot_gov_csv_path, col_sep: ",", headers: true)
-    csv.each do |row|
-      binding.pry
-      row['Domain Name']
+    File.open(destination, 'wb') do |file|
+      csv.each do |row|
+        if row['Domain type'].include?('Federal')
+        new_csv << row['Domain Name']
+      end
     end
   end
 end

From d17d32464e55cd9a41bddc918d0306ce58aa54b4 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Tue, 16 Jul 2024 11:02:55 -0400
Subject: [PATCH 03/48] fed email domain

---
 .gitignore                                        |  2 ++
 app/controllers/application_controller.rb         |  2 +-
 app/controllers/concerns/mfa_setup_concern.rb     |  2 +-
 app/models/email_address.rb                       |  4 ++++
 app/presenters/two_factor_options_presenter.rb    |  2 +-
 app/services/fed_email_domains.rb                 |  8 ++++++++
 config/application.yml.default                    |  1 +
 fed_email_domains/fed_email_domains.txt.sample    |  3 +++
 ...wnloader.rb => fed_email_domain_downloader.rb} | 15 ++++++++++-----
 lib/identity_config.rb                            |  1 +
 10 files changed, 32 insertions(+), 8 deletions(-)
 create mode 100644 app/services/fed_email_domains.rb
 create mode 100644 fed_email_domains/fed_email_domains.txt.sample
 rename lib/{fed_domain_downloader.rb => fed_email_domain_downloader.rb} (58%)

diff --git a/.gitignore b/.gitignore
index 602124f201d..d1cb7569051 100644
--- a/.gitignore
+++ b/.gitignore
@@ -68,6 +68,8 @@ Vagrantfile
 /public/user_flows
 /pwned_passwords/*
 !/pwned_passwords/pwned_passwords.txt.sample
+/fed_email_domains/*
+!/fed_email_domains/fed_email_domains.txt.sample
 /spec/tmp
 /test
 /tmp/*
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 14ece152c6a..2b6277bc62b 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -260,7 +260,7 @@ def user_needs_to_reactivate_account?
   end
 
   def user_recommended_for_piv_cac?
-    current_user.piv_cac_recommended_dismissed_at.nil? && current_user.has_gov_or_mil_email? &&
+    current_user.piv_cac_recommended_dismissed_at.nil? && current_user.has_fed_email_domain? &&
       !user_already_has_piv?
   end
 
diff --git a/app/controllers/concerns/mfa_setup_concern.rb b/app/controllers/concerns/mfa_setup_concern.rb
index e999c4c1376..5176cfe4057 100644
--- a/app/controllers/concerns/mfa_setup_concern.rb
+++ b/app/controllers/concerns/mfa_setup_concern.rb
@@ -82,7 +82,7 @@ def show_skip_additional_mfa_link?
   end
 
   def check_if_possible_piv_user
-    if current_user.has_gov_or_mil_email? && current_user.piv_cac_recommended_dismissed_at.nil?
+    if current_user.has_fed_email_domain? && current_user.piv_cac_recommended_dismissed_at.nil?
       redirect_to login_piv_cac_recommended_path
     end
   end
diff --git a/app/models/email_address.rb b/app/models/email_address.rb
index 544c86b7236..40460770061 100644
--- a/app/models/email_address.rb
+++ b/app/models/email_address.rb
@@ -37,6 +37,10 @@ def gov_or_mil?
     email.end_with?('.gov', '.mil')
   end
 
+  def has_fed_email_domain?
+    FedEmailDomains.new.call(email)
+  end
+
   class << self
     def find_with_email(email)
       return nil if !email.is_a?(String) || email.empty?
diff --git a/app/presenters/two_factor_options_presenter.rb b/app/presenters/two_factor_options_presenter.rb
index 83a0d4434f7..b87addc3b5b 100644
--- a/app/presenters/two_factor_options_presenter.rb
+++ b/app/presenters/two_factor_options_presenter.rb
@@ -11,7 +11,7 @@ class TwoFactorOptionsPresenter
               :user_agent
 
   delegate :two_factor_enabled?, to: :mfa_policy
-  delegate :has_gov_or_mil_email?, to: :user, prefix: :user
+  delegate :has_fed_email_domain?, to: :user, prefix: :user
 
   def initialize(
     user_agent:,
diff --git a/app/services/fed_email_domains.rb b/app/services/fed_email_domains.rb
new file mode 100644
index 00000000000..bd61854d00f
--- /dev/null
+++ b/app/services/fed_email_domains.rb
@@ -0,0 +1,8 @@
+class FedEmailDomains
+  FED_EMAIL_DOMAINS_PATH = Rails.root.join(IdentityConfig.store.fed_domain_file_path).freeze
+
+  def self.call(domain)
+    
+  end
+end
+  
\ No newline at end of file
diff --git a/config/application.yml.default b/config/application.yml.default
index debffe0fb3f..bca5316ab8e 100644
--- a/config/application.yml.default
+++ b/config/application.yml.default
@@ -98,6 +98,7 @@ event_disavowal_expiration_hours: 240
 feature_idv_force_gpo_verification_enabled: false
 feature_idv_hybrid_flow_enabled: true
 feature_new_device_alert_aggregation_enabled: true
+fed_domain_file_path: 'fed_email_domains/fed_email_domains.txt'
 geo_data_file_path: 'geo_data/GeoLite2-City.mmdb'
 good_job_max_threads: 5
 good_job_queues: 'default:5;low:1;*'
diff --git a/fed_email_domains/fed_email_domains.txt.sample b/fed_email_domains/fed_email_domains.txt.sample
new file mode 100644
index 00000000000..bd4587ea388
--- /dev/null
+++ b/fed_email_domains/fed_email_domains.txt.sample
@@ -0,0 +1,3 @@
+dns.gov
+dotgov.gov
+gsa.gov
\ No newline at end of file
diff --git a/lib/fed_domain_downloader.rb b/lib/fed_email_domain_downloader.rb
similarity index 58%
rename from lib/fed_domain_downloader.rb
rename to lib/fed_email_domain_downloader.rb
index 9c5aa252f52..85c77b7d60b 100644
--- a/lib/fed_domain_downloader.rb
+++ b/lib/fed_email_domain_downloader.rb
@@ -1,12 +1,15 @@
 require 'csv'
 require 'faraday'
 require 'pry'
+require 'fileutils'
 
 
-class PwnedPasswordDownloader
+class FedEmailDomainDownloader
+  attr_reader :destination
+
   DOT_GOV_DOWNLOAD_PATH = 'https://raw.githubusercontent.com/cisagov/dotgov-data/main/current-full.csv'
   
-  def initialize(destination: 'tmp/fed_download_path/fed_domain_downloaded')
+  def initialize(destination: 'tmp/fed_download_path')
     @destination = destination
   end
 
@@ -16,15 +19,17 @@ def dot_gov_csv_path
   end
 
   def run!
+    FileUtils.mkdir_p(destination)
     csv ||= CSV.parse(dot_gov_csv_path, col_sep: ",", headers: true)
-    File.open(destination, 'wb') do |file|
+    File.open("#{destination}/fed_email_domains.txt", 'w') do |file|
       csv.each do |row|
         if row['Domain type'].include?('Federal')
-        new_csv << row['Domain Name']
+          file.write("#{row['Domain name']}\n")
+        end
       end
     end
   end
 end
 
 
-PwnedPasswordDownloader.new.run!
\ No newline at end of file
+FedEmailDomainDownloader.new.run!
\ No newline at end of file
diff --git a/lib/identity_config.rb b/lib/identity_config.rb
index 8c9fc83ccf6..f0f27ce948a 100644
--- a/lib/identity_config.rb
+++ b/lib/identity_config.rb
@@ -133,6 +133,7 @@ def self.store
     config.add(:feature_idv_force_gpo_verification_enabled, type: :boolean)
     config.add(:feature_idv_hybrid_flow_enabled, type: :boolean)
     config.add(:feature_new_device_alert_aggregation_enabled, type: :boolean)
+    config.add(:fed_domain_file_path, type: :string)
     config.add(:geo_data_file_path, type: :string)
     config.add(:get_usps_proofing_results_job_cron, type: :string)
     config.add(:get_usps_proofing_results_job_reprocess_delay_minutes, type: :integer)

From 254c34a697c24b0a29672c395c52c99d9166eda1 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Wed, 17 Jul 2024 10:07:39 -0400
Subject: [PATCH 04/48] fix

---
 app/models/email_address.rb       | 9 +++++++--
 app/services/fed_email_domains.rb | 4 ++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/app/models/email_address.rb b/app/models/email_address.rb
index 40460770061..bc251b74ab5 100644
--- a/app/models/email_address.rb
+++ b/app/models/email_address.rb
@@ -33,12 +33,17 @@ def confirmation_period_expired?
     Time.zone.now > expiration_time
   end
 
+  def domain
+    email&.split('@')&.last
+  end
+
   def gov_or_mil?
     email.end_with?('.gov', '.mil')
   end
 
-  def has_fed_email_domain?
-    FedEmailDomains.new.call(email)
+  def is_fed_email_domain?
+    return false unless domain
+    FedEmailDomains.email_is_fed_domain?(domain)
   end
 
   class << self
diff --git a/app/services/fed_email_domains.rb b/app/services/fed_email_domains.rb
index bd61854d00f..192818f5b8e 100644
--- a/app/services/fed_email_domains.rb
+++ b/app/services/fed_email_domains.rb
@@ -1,8 +1,8 @@
 class FedEmailDomains
   FED_EMAIL_DOMAINS_PATH = Rails.root.join(IdentityConfig.store.fed_domain_file_path).freeze
 
-  def self.call(domain)
-    
+  def self.email_is_fed_domain(domain)
+    email&.split('@')&.last
   end
 end
   
\ No newline at end of file

From d6cb9b89036bd482cea1027a57e165a1f9f3ab28 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Thu, 18 Jul 2024 16:29:03 -0400
Subject: [PATCH 05/48] changelog: Upcoming Features, Authentication, Piv
 filtering via domains

---
 app/controllers/application_controller.rb               | 2 +-
 app/controllers/concerns/mfa_setup_concern.rb           | 2 +-
 app/controllers/users/piv_cac_recommended_controller.rb | 6 +++---
 app/models/email_address.rb                             | 2 +-
 app/models/user.rb                                      | 4 ++++
 app/presenters/two_factor_options_presenter.rb          | 2 +-
 app/services/fed_email_domains.rb                       | 5 +++--
 7 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 2b6277bc62b..aff0d5ef182 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -260,7 +260,7 @@ def user_needs_to_reactivate_account?
   end
 
   def user_recommended_for_piv_cac?
-    current_user.piv_cac_recommended_dismissed_at.nil? && current_user.has_fed_email_domain? &&
+    current_user.piv_cac_recommended_dismissed_at.nil? && current_user.has_fed_email? &&
       !user_already_has_piv?
   end
 
diff --git a/app/controllers/concerns/mfa_setup_concern.rb b/app/controllers/concerns/mfa_setup_concern.rb
index 5176cfe4057..6a3cec46142 100644
--- a/app/controllers/concerns/mfa_setup_concern.rb
+++ b/app/controllers/concerns/mfa_setup_concern.rb
@@ -82,7 +82,7 @@ def show_skip_additional_mfa_link?
   end
 
   def check_if_possible_piv_user
-    if current_user.has_fed_email_domain? && current_user.piv_cac_recommended_dismissed_at.nil?
+    if current_user.has_fed_email? && current_user.piv_cac_recommended_dismissed_at.nil?
       redirect_to login_piv_cac_recommended_path
     end
   end
diff --git a/app/controllers/users/piv_cac_recommended_controller.rb b/app/controllers/users/piv_cac_recommended_controller.rb
index 4335917d6df..89f350ef4e2 100644
--- a/app/controllers/users/piv_cac_recommended_controller.rb
+++ b/app/controllers/users/piv_cac_recommended_controller.rb
@@ -8,7 +8,7 @@ class PivCacRecommendedController < ApplicationController
 
     before_action :confirm_user_authenticated_for_2fa_setup
     before_action :apply_secure_headers_override
-    before_action :redirect_unless_user_email_is_gov_or_mil
+    before_action :redirect_unless_user_has_fed_email
 
     def show
       @recommended_presenter = PivCacRecommendedPresenter.new(current_user)
@@ -30,8 +30,8 @@ def skip
 
     private
 
-    def redirect_unless_user_email_is_gov_or_mil
-      redirect_to after_sign_in_path_for(current_user) unless current_user.has_gov_or_mil_email?
+    def redirect_unless_user_has_fed_email
+      redirect_to after_sign_in_path_for(current_user) unless current_user.has_fed_email?
     end
   end
 end
diff --git a/app/models/email_address.rb b/app/models/email_address.rb
index bc251b74ab5..70dc4dcf3a3 100644
--- a/app/models/email_address.rb
+++ b/app/models/email_address.rb
@@ -41,7 +41,7 @@ def gov_or_mil?
     email.end_with?('.gov', '.mil')
   end
 
-  def is_fed_email_domain?
+  def is_fed_email?
     return false unless domain
     FedEmailDomains.email_is_fed_domain?(domain)
   end
diff --git a/app/models/user.rb b/app/models/user.rb
index 0721acc7bc3..7bf3289d8a6 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -83,6 +83,10 @@ def has_gov_or_mil_email?
     confirmed_email_addresses.any?(&:gov_or_mil?)
   end
 
+  def has_fed_email?
+    confirmed_email_addresses.any?(&:is_fed_email?)
+  end
+
   def accepted_rules_of_use_still_valid?
     if self.accepted_terms_at.present?
       self.accepted_terms_at > IdentityConfig.store.rules_of_use_updated_at &&
diff --git a/app/presenters/two_factor_options_presenter.rb b/app/presenters/two_factor_options_presenter.rb
index b87addc3b5b..83a0d4434f7 100644
--- a/app/presenters/two_factor_options_presenter.rb
+++ b/app/presenters/two_factor_options_presenter.rb
@@ -11,7 +11,7 @@ class TwoFactorOptionsPresenter
               :user_agent
 
   delegate :two_factor_enabled?, to: :mfa_policy
-  delegate :has_fed_email_domain?, to: :user, prefix: :user
+  delegate :has_gov_or_mil_email?, to: :user, prefix: :user
 
   def initialize(
     user_agent:,
diff --git a/app/services/fed_email_domains.rb b/app/services/fed_email_domains.rb
index 192818f5b8e..dd06a1a7e99 100644
--- a/app/services/fed_email_domains.rb
+++ b/app/services/fed_email_domains.rb
@@ -1,8 +1,9 @@
 class FedEmailDomains
   FED_EMAIL_DOMAINS_PATH = Rails.root.join(IdentityConfig.store.fed_domain_file_path).freeze
 
-  def self.email_is_fed_domain(domain)
-    email&.split('@')&.last
+  def self.email_is_fed_domain?(domain)
+    found_domain = File.read(FED_EMAIL_DOMAINS_PATH).scan /#{domain}/
+    found_domain.present?
   end
 end
   
\ No newline at end of file

From 62df787b7172ac9dcaac769c266bf34f5f242dae Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Fri, 19 Jul 2024 09:15:53 -0400
Subject: [PATCH 06/48] rubocop fix

---
 app/services/fed_email_domains.rb  |  5 +++--
 lib/fed_email_domain_downloader.rb | 10 +++++-----
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/app/services/fed_email_domains.rb b/app/services/fed_email_domains.rb
index dd06a1a7e99..7dec3857c9e 100644
--- a/app/services/fed_email_domains.rb
+++ b/app/services/fed_email_domains.rb
@@ -1,9 +1,10 @@
+# frozen_string_literal: true
+
 class FedEmailDomains
   FED_EMAIL_DOMAINS_PATH = Rails.root.join(IdentityConfig.store.fed_domain_file_path).freeze
 
   def self.email_is_fed_domain?(domain)
-    found_domain = File.read(FED_EMAIL_DOMAINS_PATH).scan /#{domain}/
+    found_domain = File.read(FED_EMAIL_DOMAINS_PATH).scan(/#{domain}/)
     found_domain.present?
   end
 end
-  
\ No newline at end of file
diff --git a/lib/fed_email_domain_downloader.rb b/lib/fed_email_domain_downloader.rb
index 85c77b7d60b..0d2172e4501 100644
--- a/lib/fed_email_domain_downloader.rb
+++ b/lib/fed_email_domain_downloader.rb
@@ -1,14 +1,15 @@
+# frozen_string_literal: true
+
 require 'csv'
 require 'faraday'
 require 'pry'
 require 'fileutils'
 
-
 class FedEmailDomainDownloader
   attr_reader :destination
 
   DOT_GOV_DOWNLOAD_PATH = 'https://raw.githubusercontent.com/cisagov/dotgov-data/main/current-full.csv'
-  
+
   def initialize(destination: 'tmp/fed_download_path')
     @destination = destination
   end
@@ -20,7 +21,7 @@ def dot_gov_csv_path
 
   def run!
     FileUtils.mkdir_p(destination)
-    csv ||= CSV.parse(dot_gov_csv_path, col_sep: ",", headers: true)
+    csv ||= CSV.parse(dot_gov_csv_path, col_sep: ',', headers: true)
     File.open("#{destination}/fed_email_domains.txt", 'w') do |file|
       csv.each do |row|
         if row['Domain type'].include?('Federal')
@@ -31,5 +32,4 @@ def run!
   end
 end
 
-
-FedEmailDomainDownloader.new.run!
\ No newline at end of file
+FedEmailDomainDownloader.new.run!

From c1121366775c5f4acd421922f7bda799eb1338cb Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Mon, 22 Jul 2024 10:56:48 -0400
Subject: [PATCH 07/48] use fed email check

---
 app/models/user.rb                             |  4 ----
 app/presenters/two_factor_options_presenter.rb |  2 +-
 app/services/fed_email_domains.rb              |  3 +--
 spec/models/email_address_spec.rb              | 16 ++++++++++++++++
 4 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/app/models/user.rb b/app/models/user.rb
index 7bf3289d8a6..3d1c6af11f8 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -79,10 +79,6 @@ def confirmed?
     email_addresses.where.not(confirmed_at: nil).any?
   end
 
-  def has_gov_or_mil_email?
-    confirmed_email_addresses.any?(&:gov_or_mil?)
-  end
-
   def has_fed_email?
     confirmed_email_addresses.any?(&:is_fed_email?)
   end
diff --git a/app/presenters/two_factor_options_presenter.rb b/app/presenters/two_factor_options_presenter.rb
index 83a0d4434f7..877c9e54a70 100644
--- a/app/presenters/two_factor_options_presenter.rb
+++ b/app/presenters/two_factor_options_presenter.rb
@@ -11,7 +11,7 @@ class TwoFactorOptionsPresenter
               :user_agent
 
   delegate :two_factor_enabled?, to: :mfa_policy
-  delegate :has_gov_or_mil_email?, to: :user, prefix: :user
+  delegate :is_fed_email?, to: :user, prefix: :user
 
   def initialize(
     user_agent:,
diff --git a/app/services/fed_email_domains.rb b/app/services/fed_email_domains.rb
index 7dec3857c9e..57e4651c996 100644
--- a/app/services/fed_email_domains.rb
+++ b/app/services/fed_email_domains.rb
@@ -4,7 +4,6 @@ class FedEmailDomains
   FED_EMAIL_DOMAINS_PATH = Rails.root.join(IdentityConfig.store.fed_domain_file_path).freeze
 
   def self.email_is_fed_domain?(domain)
-    found_domain = File.read(FED_EMAIL_DOMAINS_PATH).scan(/#{domain}/)
-    found_domain.present?
+    (File.read(FED_EMAIL_DOMAINS_PATH).scan(/#{domain}/)).present?
   end
 end
diff --git a/spec/models/email_address_spec.rb b/spec/models/email_address_spec.rb
index eefbe9832e3..1808190a1d5 100644
--- a/spec/models/email_address_spec.rb
+++ b/spec/models/email_address_spec.rb
@@ -110,4 +110,20 @@
       it { expect(result).to eq(true) }
     end
   end
+
+  describe '#is_fed_email?' do
+    subject(:result) { email_address.is_fed_email? }
+
+    context 'with an email domain not a fed email' do
+      let(:email) { 'example@example.gov' }
+
+      it { expect(result).to eq(false) }
+    end
+
+    context 'with an email domain ending in a fed domain email' do
+      let(:email) { 'example@gsa.gov' }
+
+      it { expect(result).to eq(true) }
+    end
+  end
 end

From fbdcedaa5b29beda4d5c8d410547716d28aa5d0a Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Mon, 22 Jul 2024 11:28:44 -0400
Subject: [PATCH 08/48] fix email address

---
 .../users/two_factor_authentication_setup_controller.rb   | 6 +++---
 app/models/email_address.rb                               | 4 ----
 app/presenters/piv_cac_recommended_presenter.rb           | 8 +-------
 app/presenters/two_factor_options_presenter.rb            | 2 --
 4 files changed, 4 insertions(+), 16 deletions(-)

diff --git a/app/controllers/users/two_factor_authentication_setup_controller.rb b/app/controllers/users/two_factor_authentication_setup_controller.rb
index c6c16fd86fe..7767caa3b5d 100644
--- a/app/controllers/users/two_factor_authentication_setup_controller.rb
+++ b/app/controllers/users/two_factor_authentication_setup_controller.rb
@@ -16,7 +16,7 @@ def index
       @presenter = two_factor_options_presenter
       analytics.user_registration_2fa_setup_visit(
         enabled_mfa_methods_count:,
-        gov_or_mil_email: gov_or_mil_email?,
+        gov_or_mil_email: is_fed_email?,
       )
     end
 
@@ -44,8 +44,8 @@ def two_factor_options_form
 
     private
 
-    def gov_or_mil_email?
-      current_user.confirmed_email_addresses.any?(&:gov_or_mil?)
+    def is_fed_email?
+      current_user.confirmed_email_addresses.any?(&:is_fed_email?)
     end
 
     def mfa_context
diff --git a/app/models/email_address.rb b/app/models/email_address.rb
index 70dc4dcf3a3..ace48bc7d4f 100644
--- a/app/models/email_address.rb
+++ b/app/models/email_address.rb
@@ -37,10 +37,6 @@ def domain
     email&.split('@')&.last
   end
 
-  def gov_or_mil?
-    email.end_with?('.gov', '.mil')
-  end
-
   def is_fed_email?
     return false unless domain
     FedEmailDomains.email_is_fed_domain?(domain)
diff --git a/app/presenters/piv_cac_recommended_presenter.rb b/app/presenters/piv_cac_recommended_presenter.rb
index 882730987e4..55875111ffe 100644
--- a/app/presenters/piv_cac_recommended_presenter.rb
+++ b/app/presenters/piv_cac_recommended_presenter.rb
@@ -15,13 +15,7 @@ def info
   end
 
   def email_type
-    address = user.confirmed_email_addresses.find { |address| address.gov_or_mil? }
-    case address.email.end_with?('.gov')
-    when true
-      '.gov'
-    else
-      '.mil'
-    end
+    address = user.confirmed_email_addresses.find { |address| address.is_fed_email? }
   end
 
   def skip_text
diff --git a/app/presenters/two_factor_options_presenter.rb b/app/presenters/two_factor_options_presenter.rb
index 877c9e54a70..d07e30243d8 100644
--- a/app/presenters/two_factor_options_presenter.rb
+++ b/app/presenters/two_factor_options_presenter.rb
@@ -11,8 +11,6 @@ class TwoFactorOptionsPresenter
               :user_agent
 
   delegate :two_factor_enabled?, to: :mfa_policy
-  delegate :is_fed_email?, to: :user, prefix: :user
-
   def initialize(
     user_agent:,
     user: nil,

From 006df88de9e504f51520721b5c999158cdb9efb1 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Mon, 22 Jul 2024 14:02:02 -0400
Subject: [PATCH 09/48] fed email presenter spec

---
 .../piv_cac_recommended_presenter.rb          |  2 +-
 app/services/fed_email_domains.rb             |  2 +-
 spec/services/fed_email_domains.rb            | 32 +++++++++++++++++++
 3 files changed, 34 insertions(+), 2 deletions(-)
 create mode 100644 spec/services/fed_email_domains.rb

diff --git a/app/presenters/piv_cac_recommended_presenter.rb b/app/presenters/piv_cac_recommended_presenter.rb
index 55875111ffe..f6f5124ab35 100644
--- a/app/presenters/piv_cac_recommended_presenter.rb
+++ b/app/presenters/piv_cac_recommended_presenter.rb
@@ -15,7 +15,7 @@ def info
   end
 
   def email_type
-    address = user.confirmed_email_addresses.find { |address| address.is_fed_email? }
+    user.confirmed_email_addresses.find { |address| address.is_fed_email? }
   end
 
   def skip_text
diff --git a/app/services/fed_email_domains.rb b/app/services/fed_email_domains.rb
index 57e4651c996..7683ed0c64f 100644
--- a/app/services/fed_email_domains.rb
+++ b/app/services/fed_email_domains.rb
@@ -4,6 +4,6 @@ class FedEmailDomains
   FED_EMAIL_DOMAINS_PATH = Rails.root.join(IdentityConfig.store.fed_domain_file_path).freeze
 
   def self.email_is_fed_domain?(domain)
-    (File.read(FED_EMAIL_DOMAINS_PATH).scan(/#{domain}/)).present?
+    File.read(FED_EMAIL_DOMAINS_PATH).scan(/#{domain}/).present?
   end
 end
diff --git a/spec/services/fed_email_domains.rb b/spec/services/fed_email_domains.rb
new file mode 100644
index 00000000000..e360d3522cc
--- /dev/null
+++ b/spec/services/fed_email_domains.rb
@@ -0,0 +1,32 @@
+require 'rails_helper'
+
+RSpec.describe FedEmailDomains do
+  describe '#call' do
+    let(:valid_email_domains) do
+      %w[
+        gsa.gov
+        dotgov.gov
+        fedjobs.gov
+      ]
+    end
+    let(:invalid_email_domains) do
+      %w[
+        gsp.gov
+        fake.mil
+        test.com
+      ]
+    end
+
+    it 'returns true for pwned passwords' do
+      valid_email_domains.each do |domain|
+        expect(FedEmailDomains.email_is_fed_domain?(domain)).to be true
+      end
+    end
+
+    it 'returns false for non pwned passwords' do
+      invalid_email_domains.each do |domain|
+        expect(FedEmailDomains.email_is_fed_domain?(domain)).to be false
+      end
+    end
+  end
+end

From 81f881b2d4f13def78ed7631d3a649d9e5f5bdf3 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Mon, 22 Jul 2024 15:57:35 -0400
Subject: [PATCH 10/48] set up piv cac selection presenter

---
 app/models/email_address.rb                                   | 4 ++++
 .../set_up_piv_cac_selection_presenter.rb                     | 1 +
 2 files changed, 5 insertions(+)

diff --git a/app/models/email_address.rb b/app/models/email_address.rb
index ace48bc7d4f..dbd284c54f1 100644
--- a/app/models/email_address.rb
+++ b/app/models/email_address.rb
@@ -42,6 +42,10 @@ def is_fed_email?
     FedEmailDomains.email_is_fed_domain?(domain)
   end
 
+  def gov_or_mil?
+    email.end_with?('.gov', '.mil')
+  end
+
   class << self
     def find_with_email(email)
       return nil if !email.is_a?(String) || email.empty?
diff --git a/app/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter.rb b/app/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter.rb
index 79b9dc5b540..e8d82ac9e21 100644
--- a/app/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter.rb
+++ b/app/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter.rb
@@ -19,6 +19,7 @@ def phishing_resistant?
     end
 
     def recommended?
+      # Not sure yet if we want to change the recommended for this since that list only does .gov not mil emails
       user.confirmed_email_addresses.any?(&:gov_or_mil?)
     end
 

From 788eb83528c2b613b95104bce49676df98f38cc8 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Tue, 23 Jul 2024 09:11:54 -0400
Subject: [PATCH 11/48] add file to gitlab ci and setup

---
 .gitlab-ci.yml                                                  | 1 +
 .../set_up_piv_cac_selection_presenter.rb                       | 2 +-
 bin/setup                                                       | 1 +
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index ed0580e2514..2e60e155b0f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -288,6 +288,7 @@ specs:
     - cp -a keys.example keys
     - cp -a certs.example certs
     - cp pwned_passwords/pwned_passwords.txt.sample pwned_passwords/pwned_passwords.txt
+    - cp fed_email_domains/fed_email_domains.txt.sample fed_email_domains/fed_email_domains.txt
     - "echo -e \"test:\n  redis_url: 'redis://redis:6379/0'\n  redis_throttle_url: 'redis://redis:6379/1'\" > config/application.yml"
     - bundle exec rake db:create db:migrate --trace
     - bundle exec rake db:seed
diff --git a/app/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter.rb b/app/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter.rb
index e8d82ac9e21..de7a711fcb5 100644
--- a/app/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter.rb
+++ b/app/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter.rb
@@ -20,7 +20,7 @@ def phishing_resistant?
 
     def recommended?
       # Not sure yet if we want to change the recommended for this since that list only does .gov not mil emails
-      user.confirmed_email_addresses.any?(&:gov_or_mil?)
+      user.confirmed_email_addresses.any?(&:has_fed_email?)
     end
 
     def desktop_only?
diff --git a/bin/setup b/bin/setup
index 6dc884c26c4..d8bd9edda83 100755
--- a/bin/setup
+++ b/bin/setup
@@ -48,6 +48,7 @@ Dir.chdir APP_ROOT do
 
   puts "== Copying sample pwned passwords list =="
   run "cp pwned_passwords/pwned_passwords.txt.sample pwned_passwords/pwned_passwords.txt"
+  run "cp fed_email_domains/fed_email_domains.txt.sample fed_email_domains/fed_email_domains.txt"
 
   puts "\n== Installing dependencies =="
   brew_installed = system "brew -v 2>&1"

From 86a789bd27eed5d6263390ba142ab17c5e23f3d4 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Tue, 23 Jul 2024 10:28:33 -0400
Subject: [PATCH 12/48] change to is fed email

---
 .../set_up_piv_cac_selection_presenter.rb                       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter.rb b/app/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter.rb
index de7a711fcb5..7cf421b17c0 100644
--- a/app/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter.rb
+++ b/app/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter.rb
@@ -20,7 +20,7 @@ def phishing_resistant?
 
     def recommended?
       # Not sure yet if we want to change the recommended for this since that list only does .gov not mil emails
-      user.confirmed_email_addresses.any?(&:has_fed_email?)
+      user.confirmed_email_addresses.any?(&:is_fed_email?)
     end
 
     def desktop_only?

From 9c9d636ebb4b1dde8843b50a21c8d4c6874002a2 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Tue, 23 Jul 2024 11:32:08 -0400
Subject: [PATCH 13/48] update specs and sample files

---
 fed_email_domains/fed_email_domains.txt.sample              | 4 +++-
 spec/features/users/sign_in_spec.rb                         | 6 +++---
 .../set_up_piv_cac_selection_presenter_spec.rb              | 2 +-
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/fed_email_domains/fed_email_domains.txt.sample b/fed_email_domains/fed_email_domains.txt.sample
index bd4587ea388..1a02c064897 100644
--- a/fed_email_domains/fed_email_domains.txt.sample
+++ b/fed_email_domains/fed_email_domains.txt.sample
@@ -1,3 +1,5 @@
 dns.gov
 dotgov.gov
-gsa.gov
\ No newline at end of file
+gsa.gov
+test.gov
+example.gov
\ No newline at end of file
diff --git a/spec/features/users/sign_in_spec.rb b/spec/features/users/sign_in_spec.rb
index 2fb3daf39cd..5389d990983 100644
--- a/spec/features/users/sign_in_spec.rb
+++ b/spec/features/users/sign_in_spec.rb
@@ -102,8 +102,8 @@
     expect(oidc_redirect_url).to start_with service_provider.redirect_uris.first
   end
 
-  scenario 'User with gov/mil email directed to recommended PIV page' do
-    user = create(:user, :with_phone, { email: 'example@example.gov' })
+  scenario 'User with fed email directed to recommended PIV page and goes to add piv page' do
+    user = create(:user, :with_phone, { email: 'example@gsa.gov' })
 
     visit new_user_session_path
     fill_in_credentials_and_submit(user.email, user.password)
@@ -114,7 +114,7 @@
     expect(page).to have_current_path(setup_piv_cac_path)
   end
 
-  scenario 'User with gov/mil email and skips recommendation page' do
+  scenario 'User with fed email and skips recommendation page' do
     user = create(:user, :with_phone, { email: 'example@example.gov' })
 
     visit new_user_session_path
diff --git a/spec/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter_spec.rb b/spec/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter_spec.rb
index 3a46e5e2010..8dc53015ce0 100644
--- a/spec/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter_spec.rb
+++ b/spec/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter_spec.rb
@@ -42,7 +42,7 @@
     end
 
     context 'with a confirmed email address ending in .gov or .mil' do
-      let(:user) { create(:user, email: 'example@example.gov') }
+      let(:user) { create(:user, email: 'example@gsa.gov') }
 
       it { expect(recommended).to eq(true) }
     end

From 7ace9150f01c3086cd39fca2c07f072dd18dc93f Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Tue, 23 Jul 2024 12:56:46 -0400
Subject: [PATCH 14/48] address failing spec

---
 .../set_up_piv_cac_selection_presenter.rb                       | 2 +-
 spec/models/email_address_spec.rb                               | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter.rb b/app/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter.rb
index 7cf421b17c0..db865a11dfb 100644
--- a/app/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter.rb
+++ b/app/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter.rb
@@ -19,7 +19,7 @@ def phishing_resistant?
     end
 
     def recommended?
-      # Not sure yet if we want to change the recommended for this since that list only does .gov not mil emails
+      # Not sure yet if we want to allow just fed emails? 
       user.confirmed_email_addresses.any?(&:is_fed_email?)
     end
 
diff --git a/spec/models/email_address_spec.rb b/spec/models/email_address_spec.rb
index 1808190a1d5..5e96d8cdf5e 100644
--- a/spec/models/email_address_spec.rb
+++ b/spec/models/email_address_spec.rb
@@ -115,7 +115,7 @@
     subject(:result) { email_address.is_fed_email? }
 
     context 'with an email domain not a fed email' do
-      let(:email) { 'example@example.gov' }
+      let(:email) { 'example@bad.gov' }
 
       it { expect(result).to eq(false) }
     end

From 3287200700d79e16dfadf288c94488ce11355f05 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Tue, 23 Jul 2024 13:30:09 -0400
Subject: [PATCH 15/48] remove comment

---
 .../set_up_piv_cac_selection_presenter.rb                        | 1 -
 1 file changed, 1 deletion(-)

diff --git a/app/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter.rb b/app/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter.rb
index db865a11dfb..b3d027e3f25 100644
--- a/app/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter.rb
+++ b/app/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter.rb
@@ -19,7 +19,6 @@ def phishing_resistant?
     end
 
     def recommended?
-      # Not sure yet if we want to allow just fed emails? 
       user.confirmed_email_addresses.any?(&:is_fed_email?)
     end
 

From 423fd196df8b86f4c8a1e22c7fa9101560d50582 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Wed, 24 Jul 2024 09:35:29 -0400
Subject: [PATCH 16/48] rename fed email domains spec

---
 spec/services/{fed_email_domains.rb => fed_email_domains_spec.rb} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename spec/services/{fed_email_domains.rb => fed_email_domains_spec.rb} (100%)

diff --git a/spec/services/fed_email_domains.rb b/spec/services/fed_email_domains_spec.rb
similarity index 100%
rename from spec/services/fed_email_domains.rb
rename to spec/services/fed_email_domains_spec.rb

From 936d934c9f2a74906b5fd1917293f0038e43460b Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Thu, 25 Jul 2024 10:18:10 -0400
Subject: [PATCH 17/48] add feature flag

---
 app/controllers/application_controller.rb     |  2 +-
 app/controllers/concerns/mfa_setup_concern.rb |  2 +-
 .../users/piv_cac_recommended_controller.rb   |  2 +-
 ..._factor_authentication_setup_controller.rb |  6 +-
 app/models/email_address.rb                   | 16 ++++--
 app/models/user.rb                            |  4 +-
 .../set_up_piv_cac_selection_presenter.rb     |  2 +-
 config/application.yml.default                |  2 +
 lib/identity_config.rb                        |  1 +
 spec/features/users/sign_in_spec.rb           | 26 ++++++++-
 spec/models/email_address_spec.rb             | 57 ++++++++++++++++++-
 spec/models/user_spec.rb                      | 36 ++++++++++++
 ...set_up_piv_cac_selection_presenter_spec.rb |  4 +-
 13 files changed, 142 insertions(+), 18 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index aff0d5ef182..ee4fa5b9fb5 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -260,7 +260,7 @@ def user_needs_to_reactivate_account?
   end
 
   def user_recommended_for_piv_cac?
-    current_user.piv_cac_recommended_dismissed_at.nil? && current_user.has_fed_email? &&
+    current_user.piv_cac_recommended_dismissed_at.nil? && current_user.has_fed_or_mil_email? &&
       !user_already_has_piv?
   end
 
diff --git a/app/controllers/concerns/mfa_setup_concern.rb b/app/controllers/concerns/mfa_setup_concern.rb
index 6a3cec46142..ac111fae564 100644
--- a/app/controllers/concerns/mfa_setup_concern.rb
+++ b/app/controllers/concerns/mfa_setup_concern.rb
@@ -82,7 +82,7 @@ def show_skip_additional_mfa_link?
   end
 
   def check_if_possible_piv_user
-    if current_user.has_fed_email? && current_user.piv_cac_recommended_dismissed_at.nil?
+    if current_user.has_fed_or_mil_email? && current_user.piv_cac_recommended_dismissed_at.nil?
       redirect_to login_piv_cac_recommended_path
     end
   end
diff --git a/app/controllers/users/piv_cac_recommended_controller.rb b/app/controllers/users/piv_cac_recommended_controller.rb
index 89f350ef4e2..a1bca1820f9 100644
--- a/app/controllers/users/piv_cac_recommended_controller.rb
+++ b/app/controllers/users/piv_cac_recommended_controller.rb
@@ -31,7 +31,7 @@ def skip
     private
 
     def redirect_unless_user_has_fed_email
-      redirect_to after_sign_in_path_for(current_user) unless current_user.has_fed_email?
+      redirect_to after_sign_in_path_for(current_user) unless current_user.has_fed_or_mil_email?
     end
   end
 end
diff --git a/app/controllers/users/two_factor_authentication_setup_controller.rb b/app/controllers/users/two_factor_authentication_setup_controller.rb
index 7767caa3b5d..61ec7a8e9ec 100644
--- a/app/controllers/users/two_factor_authentication_setup_controller.rb
+++ b/app/controllers/users/two_factor_authentication_setup_controller.rb
@@ -16,7 +16,7 @@ def index
       @presenter = two_factor_options_presenter
       analytics.user_registration_2fa_setup_visit(
         enabled_mfa_methods_count:,
-        gov_or_mil_email: is_fed_email?,
+        gov_or_mil_email: is_fed_or_mil_email?,
       )
     end
 
@@ -44,8 +44,8 @@ def two_factor_options_form
 
     private
 
-    def is_fed_email?
-      current_user.confirmed_email_addresses.any?(&:is_fed_email?)
+    def is_fed_or_mil_email?
+      current_user.confirmed_email_addresses.any?(&:is_fed_or_mil_email?)
     end
 
     def mfa_context
diff --git a/app/models/email_address.rb b/app/models/email_address.rb
index dbd284c54f1..5881c0bbd4c 100644
--- a/app/models/email_address.rb
+++ b/app/models/email_address.rb
@@ -37,13 +37,21 @@ def domain
     email&.split('@')&.last
   end
 
+  def is_fed_or_mil_email?
+    is_fed_email? || is_mil_email?
+  end
+
   def is_fed_email?
-    return false unless domain
-    FedEmailDomains.email_is_fed_domain?(domain)
+    if IdentityConfig.use_fed_domain_file
+      return false unless domain
+      FedEmailDomains.email_is_fed_domain?(domain)
+    else
+      email.end_with?('.gov')
+    end
   end
 
-  def gov_or_mil?
-    email.end_with?('.gov', '.mil')
+  def is_mil_email?
+    email.end_with?('.mil')
   end
 
   class << self
diff --git a/app/models/user.rb b/app/models/user.rb
index 3d1c6af11f8..49ed4040d2c 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -79,8 +79,8 @@ def confirmed?
     email_addresses.where.not(confirmed_at: nil).any?
   end
 
-  def has_fed_email?
-    confirmed_email_addresses.any?(&:is_fed_email?)
+  def has_fed_or_mil_email?
+    confirmed_email_addresses.any?(&:is_fis_fed_or_mil_email?)
   end
 
   def accepted_rules_of_use_still_valid?
diff --git a/app/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter.rb b/app/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter.rb
index b3d027e3f25..e607d226bfb 100644
--- a/app/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter.rb
+++ b/app/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter.rb
@@ -19,7 +19,7 @@ def phishing_resistant?
     end
 
     def recommended?
-      user.confirmed_email_addresses.any?(&:is_fed_email?)
+      user.confirmed_email_addresses.any?(&:is_fed_or_mil_email?)
     end
 
     def desktop_only?
diff --git a/config/application.yml.default b/config/application.yml.default
index de937df6d4d..786d1109715 100644
--- a/config/application.yml.default
+++ b/config/application.yml.default
@@ -335,6 +335,7 @@ verify_personal_key_max_attempts: 5
 version_headers_enabled: false
 vtm_url: 'https://developer.login.gov/vot-trust-framework'
 use_dashboard_service_providers: false
+use_fed_domain_file: false
 use_kms: false
 use_vot_in_sp_requests: true
 usps_auth_token_refresh_job_enabled: false
@@ -421,6 +422,7 @@ development:
   state_tracking_enabled: true
   telephony_adapter: test
   use_dashboard_service_providers: true
+  use_fed_domain_file: false
   usps_eipp_sponsor_id: '222222222222222'
   usps_ipp_sponsor_id: '111111111111111'
   usps_ipp_transliteration_enabled: true
diff --git a/lib/identity_config.rb b/lib/identity_config.rb
index ebfe50a203e..3fcb1b86748 100644
--- a/lib/identity_config.rb
+++ b/lib/identity_config.rb
@@ -393,6 +393,7 @@ def self.store
     config.add(:usps_auth_token_refresh_job_enabled, type: :boolean)
     config.add(:usps_confirmation_max_days, type: :integer)
     config.add(:usps_eipp_sponsor_id, type: :string)
+    config.add(:use_fed_domain_file, type: :boolean)
     config.add(:usps_ipp_client_id, type: :string)
     config.add(:usps_ipp_password, type: :string)
     config.add(:usps_ipp_request_timeout, type: :integer)
diff --git a/spec/features/users/sign_in_spec.rb b/spec/features/users/sign_in_spec.rb
index 5389d990983..11b6d08042d 100644
--- a/spec/features/users/sign_in_spec.rb
+++ b/spec/features/users/sign_in_spec.rb
@@ -102,7 +102,7 @@
     expect(oidc_redirect_url).to start_with service_provider.redirect_uris.first
   end
 
-  scenario 'User with fed email directed to recommended PIV page and goes to add piv page' do
+  scenario 'User with valid fed email directed to recommend page and get to setup piv' do
     user = create(:user, :with_phone, { email: 'example@gsa.gov' })
 
     visit new_user_session_path
@@ -114,6 +114,18 @@
     expect(page).to have_current_path(setup_piv_cac_path)
   end
 
+  scenario 'User with mil email directed to recommended PIV page and goes to add piv page' do
+    user = create(:user, :with_phone, { email: 'example@army.mil' })
+
+    visit new_user_session_path
+    fill_in_credentials_and_submit(user.email, user.password)
+    fill_in_code_with_last_phone_otp
+    click_submit_default
+    expect(page).to have_current_path(login_piv_cac_recommended_path)
+    click_button(t('two_factor_authentication.piv_cac_upsell.add_piv'))
+    expect(page).to have_current_path(setup_piv_cac_path)
+  end
+
   scenario 'User with fed email and skips recommendation page' do
     user = create(:user, :with_phone, { email: 'example@example.gov' })
 
@@ -126,6 +138,18 @@
     expect(page).to have_current_path(account_path)
   end
 
+  scenario 'User with mil email and skips recommendation page' do
+    user = create(:user, :with_phone, { email: 'example@army.mil' })
+
+    visit new_user_session_path
+    fill_in_credentials_and_submit(user.email, user.password)
+    fill_in_code_with_last_phone_otp
+    click_submit_default
+    expect(page).to have_current_path(login_piv_cac_recommended_path)
+    click_button(t('two_factor_authentication.piv_cac_upsell.skip'))
+    expect(page).to have_current_path(account_path)
+  end
+
   scenario 'user attempts sign in with piv/cac with no account then creates account' do
     visit_idp_from_sp_with_ial1(:oidc)
     click_on t('account.login.piv_cac')
diff --git a/spec/models/email_address_spec.rb b/spec/models/email_address_spec.rb
index 5e96d8cdf5e..51d3e3c93ff 100644
--- a/spec/models/email_address_spec.rb
+++ b/spec/models/email_address_spec.rb
@@ -111,19 +111,72 @@
     end
   end
 
+  describe '#is_fed_or_mil_email?' do
+    subject(:result) { email_address.is_fed_or_mil_email? }
+
+    context 'with an email domain that is a fed email' do
+      before do
+        allow(IdentityConfig.store.to receive(:use_fed_domain_file).and_return(true))
+      end
+      let(:email) { 'example@example.gov' }
+
+      it { expect(result).to eq(true) }
+    end
+
+    context 'with an email that is a mil email' do
+      let(:email) { 'example@example.mil' }
+
+      it { expect(result).to be_truthy }
+    end
+
+    context 'with an email that is not a mil or fed email' do
+      before do
+        allow(IdentityConfig.store.to receive(:use_fed_domain_file).and_return(true))
+      end
+      let(:email) { 'example@bad.gov' }
+
+      it { expect(result).to be_falsey }
+    end
+
+    context 'with a fed email while use_fed_domain_file set to true' do
+      before do
+        allow(IdentityConfig.store.to receive(:use_fed_domain_file).and_return(false))
+      end
+      let(:email) { 'example@good.gov' }
+
+      it { expect(result).to be_truthy }
+    end
+  end
+
+  describe '#is_mil_email?' do
+    subject(:result) { email_address.is_mil_email? }
+
+    context 'with an email domain not a mil email' do
+      let(:email) { 'example@example.gov' }
+
+      it { expect(result).to be_falsey }
+    end
+
+    context 'with an email domain ending in a mil domain email' do
+      let(:email) { 'example@example.mil' }
+
+      it { expect(result).to be_truthy }
+    end
+  end
+
   describe '#is_fed_email?' do
     subject(:result) { email_address.is_fed_email? }
 
     context 'with an email domain not a fed email' do
       let(:email) { 'example@bad.gov' }
 
-      it { expect(result).to eq(false) }
+      it { expect(result).to be_falsey }
     end
 
     context 'with an email domain ending in a fed domain email' do
       let(:email) { 'example@gsa.gov' }
 
-      it { expect(result).to eq(true) }
+      it { expect(result).to be_truthy }
     end
   end
 end
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index a84e0a83bad..3172b6f0f69 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -1675,4 +1675,40 @@ def it_should_not_send_survey
       expect(user.second_last_signed_in_at).to eq(event2.reload.created_at)
     end
   end
+
+  describe '#has_fed_or_mil_email' do
+    before do
+      allow(IdentityConfig.store.to receive(:use_fed_domain_file).and_return(false))
+    end
+    context 'with a valid fed email in domain file' do
+      let(:user) { create(:user, email: 'example@example.gov') }
+      it 'should return true' do
+        expect(user.has_fed_or_mil_email?).to be_truthy
+      end
+    end
+
+    context 'with use_fed_domain_file set to true and random .gov email' do
+      let(:user) { create(:user, email: 'example@example.gov') }
+      before do
+        allow(IdentityConfig.store.to receive(:use_fed_domain_file).and_return(true))
+      end
+      it 'should return true' do
+        expect(user.has_fed_or_mil_email?).to be_truthy
+      end
+    end
+
+    context 'with a valid mil email' do
+      let(:user) { create(:user, email: 'example@example.mil') }
+      it 'should return true' do
+        expect(user.has_fed_or_mil_email?).to be_truthy
+      end
+    end
+
+    context 'with an invalid fed or mil email' do
+      let(:user) { create(:user, email: 'example@example.com') }
+      it 'should return false' do
+        expect(user.has_fed_or_mil_email?).to be_falsey
+      end
+    end
+  end
 end
diff --git a/spec/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter_spec.rb b/spec/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter_spec.rb
index 8dc53015ce0..0833bdcf4f4 100644
--- a/spec/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter_spec.rb
+++ b/spec/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter_spec.rb
@@ -38,13 +38,13 @@
     context 'with a confirmed email address ending in anything other than .gov or .mil' do
       let(:user) { create(:user, email: 'example@example.com') }
 
-      it { expect(recommended).to eq(false) }
+      it { expect(recommended).to be_falsey }
     end
 
     context 'with a confirmed email address ending in .gov or .mil' do
       let(:user) { create(:user, email: 'example@gsa.gov') }
 
-      it { expect(recommended).to eq(true) }
+      it { expect(recommended).to be_truthy }
     end
   end
 

From 7cdbb5b69867d5b642dd408ca5d9c783af2d3031 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Thu, 25 Jul 2024 11:06:41 -0400
Subject: [PATCH 18/48] change user

---
 app/models/user.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/models/user.rb b/app/models/user.rb
index 49ed4040d2c..35234e3a5af 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -80,7 +80,7 @@ def confirmed?
   end
 
   def has_fed_or_mil_email?
-    confirmed_email_addresses.any?(&:is_fis_fed_or_mil_email?)
+    confirmed_email_addresses.any?(&:is_fed_or_mil_email?)
   end
 
   def accepted_rules_of_use_still_valid?

From 29bc68b3f9ada994eb0dc2733164fc2db2bf6f68 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Thu, 25 Jul 2024 11:18:58 -0400
Subject: [PATCH 19/48] use store for config

---
 app/models/email_address.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/models/email_address.rb b/app/models/email_address.rb
index 5881c0bbd4c..b5f0788982f 100644
--- a/app/models/email_address.rb
+++ b/app/models/email_address.rb
@@ -42,7 +42,7 @@ def is_fed_or_mil_email?
   end
 
   def is_fed_email?
-    if IdentityConfig.use_fed_domain_file
+    if IdentityConfig.store.use_fed_domain_file
       return false unless domain
       FedEmailDomains.email_is_fed_domain?(domain)
     else

From a5c90faf4c420d3eae5b778e2d3465ce94abda1e Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Thu, 25 Jul 2024 13:12:54 -0400
Subject: [PATCH 20/48] fix specs errors

---
 spec/models/email_address_spec.rb       | 53 +++++++++----------------
 spec/models/user_spec.rb                |  5 ++-
 spec/services/fed_email_domains_spec.rb |  5 +--
 3 files changed, 24 insertions(+), 39 deletions(-)

diff --git a/spec/models/email_address_spec.rb b/spec/models/email_address_spec.rb
index 51d3e3c93ff..22393d63f47 100644
--- a/spec/models/email_address_spec.rb
+++ b/spec/models/email_address_spec.rb
@@ -89,34 +89,12 @@
     end
   end
 
-  describe '#gov_or_mil?' do
-    subject(:result) { email_address.gov_or_mil? }
-
-    context 'with an email domain ending in anything other than .gov or .mil' do
-      let(:email) { 'example@example.com' }
-
-      it { expect(result).to eq(false) }
-    end
-
-    context 'with an email domain ending in .gov' do
-      let(:email) { 'example@example.gov' }
-
-      it { expect(result).to eq(true) }
-    end
-
-    context 'with an email domain ending in .mil' do
-      let(:email) { 'example@example.mil' }
-
-      it { expect(result).to eq(true) }
-    end
-  end
-
   describe '#is_fed_or_mil_email?' do
     subject(:result) { email_address.is_fed_or_mil_email? }
 
     context 'with an email domain that is a fed email' do
       before do
-        allow(IdentityConfig.store.to receive(:use_fed_domain_file).and_return(true))
+        allow(IdentityConfig.store).to receive(:use_fed_domain_file).and_return(false)
       end
       let(:email) { 'example@example.gov' }
 
@@ -131,20 +109,21 @@
 
     context 'with an email that is not a mil or fed email' do
       before do
-        allow(IdentityConfig.store.to receive(:use_fed_domain_file).and_return(true))
+        allow(IdentityConfig.store).to receive(:use_fed_domain_file).and_return(true)
       end
+
       let(:email) { 'example@bad.gov' }
 
       it { expect(result).to be_falsey }
     end
 
-    context 'with a fed email while use_fed_domain_file set to true' do
+    context 'with a non fed email while use_fed_domain_file set to true' do
       before do
-        allow(IdentityConfig.store.to receive(:use_fed_domain_file).and_return(false))
+        allow(IdentityConfig.store).to receive(:use_fed_domain_file).and_return(true)
       end
       let(:email) { 'example@good.gov' }
 
-      it { expect(result).to be_truthy }
+      it { expect(result).to be_falsey }
     end
   end
 
@@ -167,16 +146,22 @@
   describe '#is_fed_email?' do
     subject(:result) { email_address.is_fed_email? }
 
-    context 'with an email domain not a fed email' do
-      let(:email) { 'example@bad.gov' }
+    context 'use_domain file set to true' do
+      before do
+        allow(IdentityConfig.store).to receive(:use_fed_domain_file).and_return(true)
+      end
 
-      it { expect(result).to be_falsey }
-    end
+      context 'with an email domain not a fed email' do
+        let(:email) { 'example@bad.gov' }
+
+        it { expect(result).to be_falsey }
+      end
 
-    context 'with an email domain ending in a fed domain email' do
-      let(:email) { 'example@gsa.gov' }
+      context 'with an email domain ending in a fed domain email' do
+        let(:email) { 'example@gsa.gov' }
 
-      it { expect(result).to be_truthy }
+        it { expect(result).to be_truthy }
+      end
     end
   end
 end
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 3172b6f0f69..9f35e02573f 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -1678,8 +1678,9 @@ def it_should_not_send_survey
 
   describe '#has_fed_or_mil_email' do
     before do
-      allow(IdentityConfig.store.to receive(:use_fed_domain_file).and_return(false))
+      allow(IdentityConfig.store).to receive(:use_fed_domain_file).and_return(false)
     end
+
     context 'with a valid fed email in domain file' do
       let(:user) { create(:user, email: 'example@example.gov') }
       it 'should return true' do
@@ -1690,7 +1691,7 @@ def it_should_not_send_survey
     context 'with use_fed_domain_file set to true and random .gov email' do
       let(:user) { create(:user, email: 'example@example.gov') }
       before do
-        allow(IdentityConfig.store.to receive(:use_fed_domain_file).and_return(true))
+        allow(IdentityConfig.store).to receive(:use_fed_domain_file).and_return(false)
       end
       it 'should return true' do
         expect(user.has_fed_or_mil_email?).to be_truthy
diff --git a/spec/services/fed_email_domains_spec.rb b/spec/services/fed_email_domains_spec.rb
index e360d3522cc..3eafe25beaf 100644
--- a/spec/services/fed_email_domains_spec.rb
+++ b/spec/services/fed_email_domains_spec.rb
@@ -6,7 +6,6 @@
       %w[
         gsa.gov
         dotgov.gov
-        fedjobs.gov
       ]
     end
     let(:invalid_email_domains) do
@@ -17,13 +16,13 @@
       ]
     end
 
-    it 'returns true for pwned passwords' do
+    it 'returns true for valid email domains' do
       valid_email_domains.each do |domain|
         expect(FedEmailDomains.email_is_fed_domain?(domain)).to be true
       end
     end
 
-    it 'returns false for non pwned passwords' do
+    it 'returns false for  invalid email domains' do
       invalid_email_domains.each do |domain|
         expect(FedEmailDomains.email_is_fed_domain?(domain)).to be false
       end

From e8f0833604635017f16f6304f36735ee91d8d2cc Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Thu, 25 Jul 2024 15:56:50 -0400
Subject: [PATCH 21/48] sign in spec fix

---
 spec/features/users/sign_in_spec.rb | 154 +++++++++++++++++++++-------
 spec/models/email_address_spec.rb   |   2 +-
 2 files changed, 117 insertions(+), 39 deletions(-)

diff --git a/spec/features/users/sign_in_spec.rb b/spec/features/users/sign_in_spec.rb
index 11b6d08042d..9fa78197aa6 100644
--- a/spec/features/users/sign_in_spec.rb
+++ b/spec/features/users/sign_in_spec.rb
@@ -102,52 +102,130 @@
     expect(oidc_redirect_url).to start_with service_provider.redirect_uris.first
   end
 
-  scenario 'User with valid fed email directed to recommend page and get to setup piv' do
-    user = create(:user, :with_phone, { email: 'example@gsa.gov' })
+  context 'use_fed_domain_file set to true' do
+    before do
+      allow(IdentityConfig.store).to receive(:use_fed_domain_file).and_return(true)
+    end
+    scenario 'User with valid fed email directed to recommend page and get to setup piv' do
+      user = create(:user, :with_phone, { email: 'example@gsa.gov' })
 
-    visit new_user_session_path
-    fill_in_credentials_and_submit(user.email, user.password)
-    fill_in_code_with_last_phone_otp
-    click_submit_default
-    expect(page).to have_current_path(login_piv_cac_recommended_path)
-    click_button(t('two_factor_authentication.piv_cac_upsell.add_piv'))
-    expect(page).to have_current_path(setup_piv_cac_path)
-  end
+      visit new_user_session_path
+      fill_in_credentials_and_submit(user.email, user.password)
+      fill_in_code_with_last_phone_otp
+      click_submit_default
+      expect(page).to have_current_path(login_piv_cac_recommended_path)
+      click_button(t('two_factor_authentication.piv_cac_upsell.add_piv'))
+      expect(page).to have_current_path(setup_piv_cac_path)
+    end
 
-  scenario 'User with mil email directed to recommended PIV page and goes to add piv page' do
-    user = create(:user, :with_phone, { email: 'example@army.mil' })
+    scenario 'User with mil email directed to recommended PIV page and goes to add piv page' do
+      user = create(:user, :with_phone, { email: 'example@army.mil' })
 
-    visit new_user_session_path
-    fill_in_credentials_and_submit(user.email, user.password)
-    fill_in_code_with_last_phone_otp
-    click_submit_default
-    expect(page).to have_current_path(login_piv_cac_recommended_path)
-    click_button(t('two_factor_authentication.piv_cac_upsell.add_piv'))
-    expect(page).to have_current_path(setup_piv_cac_path)
-  end
+      visit new_user_session_path
+      fill_in_credentials_and_submit(user.email, user.password)
+      fill_in_code_with_last_phone_otp
+      click_submit_default
+      expect(page).to have_current_path(login_piv_cac_recommended_path)
+      click_button(t('two_factor_authentication.piv_cac_upsell.add_piv'))
+      expect(page).to have_current_path(setup_piv_cac_path)
+    end
 
-  scenario 'User with fed email and skips recommendation page' do
-    user = create(:user, :with_phone, { email: 'example@example.gov' })
+    scenario 'User with fed email and skips recommendation page' do
+      user = create(:user, :with_phone, { email: 'example@example.gov' })
 
-    visit new_user_session_path
-    fill_in_credentials_and_submit(user.email, user.password)
-    fill_in_code_with_last_phone_otp
-    click_submit_default
-    expect(page).to have_current_path(login_piv_cac_recommended_path)
-    click_button(t('two_factor_authentication.piv_cac_upsell.skip'))
-    expect(page).to have_current_path(account_path)
+      visit new_user_session_path
+      fill_in_credentials_and_submit(user.email, user.password)
+      fill_in_code_with_last_phone_otp
+      click_submit_default
+      expect(page).to have_current_path(login_piv_cac_recommended_path)
+      click_button(t('two_factor_authentication.piv_cac_upsell.skip'))
+      expect(page).to have_current_path(account_path)
+    end
+
+    scenario 'User with mil email and skips recommendation page' do
+      user = create(:user, :with_phone, { email: 'example@army.mil' })
+
+      visit new_user_session_path
+      fill_in_credentials_and_submit(user.email, user.password)
+      fill_in_code_with_last_phone_otp
+      click_submit_default
+      expect(page).to have_current_path(login_piv_cac_recommended_path)
+      click_button(t('two_factor_authentication.piv_cac_upsell.skip'))
+      expect(page).to have_current_path(account_path)
+    end
+
+    scenario 'User with invalid .gov email directed to account page' do
+      user = create(:user, :with_phone, { email: 'example@bad.gov' })
+
+      visit new_user_session_path
+      fill_in_credentials_and_submit(user.email, user.password)
+      fill_in_code_with_last_phone_otp
+      click_submit_default
+      expect(page).to have_current_path(account_path)
+    end
   end
 
-  scenario 'User with mil email and skips recommendation page' do
-    user = create(:user, :with_phone, { email: 'example@army.mil' })
+  context 'use_fed_domain_file set to true' do
+    before do
+      allow(IdentityConfig.store).to receive(:use_fed_domain_file).and_return(false)
+    end
+    scenario 'User with .gov email directed to recommend page and get to setup piv' do
+      user = create(:user, :with_phone, { email: 'example@good.gov' })
 
-    visit new_user_session_path
-    fill_in_credentials_and_submit(user.email, user.password)
-    fill_in_code_with_last_phone_otp
-    click_submit_default
-    expect(page).to have_current_path(login_piv_cac_recommended_path)
-    click_button(t('two_factor_authentication.piv_cac_upsell.skip'))
-    expect(page).to have_current_path(account_path)
+      visit new_user_session_path
+      fill_in_credentials_and_submit(user.email, user.password)
+      fill_in_code_with_last_phone_otp
+      click_submit_default
+      expect(page).to have_current_path(login_piv_cac_recommended_path)
+      click_button(t('two_factor_authentication.piv_cac_upsell.add_piv'))
+      expect(page).to have_current_path(setup_piv_cac_path)
+    end
+
+    scenario 'User with .mil email directed to recommended PIV page and goes to add piv page' do
+      user = create(:user, :with_phone, { email: 'example@army.mil' })
+
+      visit new_user_session_path
+      fill_in_credentials_and_submit(user.email, user.password)
+      fill_in_code_with_last_phone_otp
+      click_submit_default
+      expect(page).to have_current_path(login_piv_cac_recommended_path)
+      click_button(t('two_factor_authentication.piv_cac_upsell.add_piv'))
+      expect(page).to have_current_path(setup_piv_cac_path)
+    end
+
+    scenario 'User with fed email and skips recommendation page' do
+      user = create(:user, :with_phone, { email: 'example@example.gov' })
+
+      visit new_user_session_path
+      fill_in_credentials_and_submit(user.email, user.password)
+      fill_in_code_with_last_phone_otp
+      click_submit_default
+      expect(page).to have_current_path(login_piv_cac_recommended_path)
+      click_button(t('two_factor_authentication.piv_cac_upsell.skip'))
+      expect(page).to have_current_path(account_path)
+    end
+
+    scenario 'User with mil email and skips recommendation page' do
+      user = create(:user, :with_phone, { email: 'example@army.mil' })
+
+      visit new_user_session_path
+      fill_in_credentials_and_submit(user.email, user.password)
+      fill_in_code_with_last_phone_otp
+      click_submit_default
+      expect(page).to have_current_path(login_piv_cac_recommended_path)
+      click_button(t('two_factor_authentication.piv_cac_upsell.skip'))
+      expect(page).to have_current_path(account_path)
+    end
+
+    scenario 'User with invalid no .gov or .mil email directed to account page' do
+      user = create(:user, :with_phone, { email: 'example@bad.com' })
+
+      visit new_user_session_path
+      fill_in_credentials_and_submit(user.email, user.password)
+      fill_in_code_with_last_phone_otp
+      click_submit_default
+      expect(page).to have_current_path(account_path)
+    end
   end
 
   scenario 'user attempts sign in with piv/cac with no account then creates account' do
diff --git a/spec/models/email_address_spec.rb b/spec/models/email_address_spec.rb
index 22393d63f47..83090d1ec58 100644
--- a/spec/models/email_address_spec.rb
+++ b/spec/models/email_address_spec.rb
@@ -146,7 +146,7 @@
   describe '#is_fed_email?' do
     subject(:result) { email_address.is_fed_email? }
 
-    context 'use_domain file set to true' do
+    context 'use_fed_domain_file set to true' do
       before do
         allow(IdentityConfig.store).to receive(:use_fed_domain_file).and_return(true)
       end

From 279b31c4d5e5af7a2a56268df587ac28d351a67e Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Thu, 25 Jul 2024 16:24:21 -0400
Subject: [PATCH 22/48] remove is predicate

---
 .../two_factor_authentication_setup_controller.rb    |  6 +++---
 app/models/email_address.rb                          | 10 +++++-----
 app/models/user.rb                                   |  2 +-
 .../set_up_piv_cac_selection_presenter.rb            |  2 +-
 spec/models/email_address_spec.rb                    | 12 ++++++------
 5 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/app/controllers/users/two_factor_authentication_setup_controller.rb b/app/controllers/users/two_factor_authentication_setup_controller.rb
index 61ec7a8e9ec..0ef866928b7 100644
--- a/app/controllers/users/two_factor_authentication_setup_controller.rb
+++ b/app/controllers/users/two_factor_authentication_setup_controller.rb
@@ -16,7 +16,7 @@ def index
       @presenter = two_factor_options_presenter
       analytics.user_registration_2fa_setup_visit(
         enabled_mfa_methods_count:,
-        gov_or_mil_email: is_fed_or_mil_email?,
+        gov_or_mil_email: fed_or_mil_email?,
       )
     end
 
@@ -44,8 +44,8 @@ def two_factor_options_form
 
     private
 
-    def is_fed_or_mil_email?
-      current_user.confirmed_email_addresses.any?(&:is_fed_or_mil_email?)
+    def fed_or_mil_email?
+      current_user.confirmed_email_addresses.any?(&:fed_or_mil_email?)
     end
 
     def mfa_context
diff --git a/app/models/email_address.rb b/app/models/email_address.rb
index b5f0788982f..4271f294140 100644
--- a/app/models/email_address.rb
+++ b/app/models/email_address.rb
@@ -34,14 +34,14 @@ def confirmation_period_expired?
   end
 
   def domain
-    email&.split('@')&.last
+    Mail::Address.new(email).domain
   end
 
-  def is_fed_or_mil_email?
-    is_fed_email? || is_mil_email?
+  def fed_or_mil_email?
+    fed_email? || mil_email?
   end
 
-  def is_fed_email?
+  def fed_email?
     if IdentityConfig.store.use_fed_domain_file
       return false unless domain
       FedEmailDomains.email_is_fed_domain?(domain)
@@ -50,7 +50,7 @@ def is_fed_email?
     end
   end
 
-  def is_mil_email?
+  def mil_email?
     email.end_with?('.mil')
   end
 
diff --git a/app/models/user.rb b/app/models/user.rb
index 35234e3a5af..c27dadf75fc 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -80,7 +80,7 @@ def confirmed?
   end
 
   def has_fed_or_mil_email?
-    confirmed_email_addresses.any?(&:is_fed_or_mil_email?)
+    confirmed_email_addresses.any?(&:fed_or_mil_email?)
   end
 
   def accepted_rules_of_use_still_valid?
diff --git a/app/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter.rb b/app/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter.rb
index e607d226bfb..a6b599df37d 100644
--- a/app/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter.rb
+++ b/app/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter.rb
@@ -19,7 +19,7 @@ def phishing_resistant?
     end
 
     def recommended?
-      user.confirmed_email_addresses.any?(&:is_fed_or_mil_email?)
+      user.confirmed_email_addresses.any?(&:fed_or_mil_email?)
     end
 
     def desktop_only?
diff --git a/spec/models/email_address_spec.rb b/spec/models/email_address_spec.rb
index 83090d1ec58..a5071db2bee 100644
--- a/spec/models/email_address_spec.rb
+++ b/spec/models/email_address_spec.rb
@@ -89,8 +89,8 @@
     end
   end
 
-  describe '#is_fed_or_mil_email?' do
-    subject(:result) { email_address.is_fed_or_mil_email? }
+  describe '#fed_or_mil_email?' do
+    subject(:result) { email_address.fed_or_mil_email? }
 
     context 'with an email domain that is a fed email' do
       before do
@@ -127,8 +127,8 @@
     end
   end
 
-  describe '#is_mil_email?' do
-    subject(:result) { email_address.is_mil_email? }
+  describe '#mil_email?' do
+    subject(:result) { email_address.mil_email? }
 
     context 'with an email domain not a mil email' do
       let(:email) { 'example@example.gov' }
@@ -143,8 +143,8 @@
     end
   end
 
-  describe '#is_fed_email?' do
-    subject(:result) { email_address.is_fed_email? }
+  describe '#fed_email?' do
+    subject(:result) { email_address.fed_email? }
 
     context 'use_fed_domain_file set to true' do
       before do

From 2e096815d028af4cb4e77bdabf54ab97029c6831 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Tue, 30 Jul 2024 10:44:23 -0400
Subject: [PATCH 23/48] refactor to do db instead of reading a file

---
 app/models/email_address.rb                   |  2 +-
 app/models/fed_email_domain.rb                |  8 +++++
 app/services/fed_email_domains.rb             |  9 ------
 ...29182306_create_fed_email_domains_table.rb | 11 +++++++
 db/schema.rb                                  |  8 ++++-
 .../fed_email_domains.txt.sample              |  5 ---
 lib/fed_email_domain_downloader.rb            |  6 ++--
 lib/tasks/fed_email_domains.rake              | 14 +++++++++
 spec/services/fed_email_domains_spec.rb       | 31 -------------------
 9 files changed, 43 insertions(+), 51 deletions(-)
 create mode 100644 app/models/fed_email_domain.rb
 delete mode 100644 app/services/fed_email_domains.rb
 create mode 100644 db/primary_migrate/20240729182306_create_fed_email_domains_table.rb
 delete mode 100644 fed_email_domains/fed_email_domains.txt.sample
 create mode 100644 lib/tasks/fed_email_domains.rake
 delete mode 100644 spec/services/fed_email_domains_spec.rb

diff --git a/app/models/email_address.rb b/app/models/email_address.rb
index 4271f294140..5856ca97170 100644
--- a/app/models/email_address.rb
+++ b/app/models/email_address.rb
@@ -44,7 +44,7 @@ def fed_or_mil_email?
   def fed_email?
     if IdentityConfig.store.use_fed_domain_file
       return false unless domain
-      FedEmailDomains.email_is_fed_domain?(domain)
+      FedEmailDomain.fed_domain?(domain)
     else
       email.end_with?('.gov')
     end
diff --git a/app/models/fed_email_domain.rb b/app/models/fed_email_domain.rb
new file mode 100644
index 00000000000..d8f2ce2c645
--- /dev/null
+++ b/app/models/fed_email_domain.rb
@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+class FedEmailDomain < ApplicationRecord
+  def self.fed_domain?(domain)
+    exists?(name: domain)
+  end
+end
+  
\ No newline at end of file
diff --git a/app/services/fed_email_domains.rb b/app/services/fed_email_domains.rb
deleted file mode 100644
index 7683ed0c64f..00000000000
--- a/app/services/fed_email_domains.rb
+++ /dev/null
@@ -1,9 +0,0 @@
-# frozen_string_literal: true
-
-class FedEmailDomains
-  FED_EMAIL_DOMAINS_PATH = Rails.root.join(IdentityConfig.store.fed_domain_file_path).freeze
-
-  def self.email_is_fed_domain?(domain)
-    File.read(FED_EMAIL_DOMAINS_PATH).scan(/#{domain}/).present?
-  end
-end
diff --git a/db/primary_migrate/20240729182306_create_fed_email_domains_table.rb b/db/primary_migrate/20240729182306_create_fed_email_domains_table.rb
new file mode 100644
index 00000000000..7b20f7bd010
--- /dev/null
+++ b/db/primary_migrate/20240729182306_create_fed_email_domains_table.rb
@@ -0,0 +1,11 @@
+class CreateFedEmailDomainsTable < ActiveRecord::Migration[7.1]
+  def change
+    enable_extension "citext"
+
+    create_table :fed_email_domains do |t|
+      t.citext :name, null: false
+    end
+
+    add_index :fed_email_domains, :name, unique: true
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index c99936d6691..65d98381b4e 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,10 +10,11 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.1].define(version: 2024_06_04_173515) do
+ActiveRecord::Schema[7.1].define(version: 2024_07_29_182306) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "citext"
   enable_extension "pg_stat_statements"
+  enable_extension "pgcrypto"
   enable_extension "plpgsql"
 
   create_table "account_reset_requests", force: :cascade do |t|
@@ -226,6 +227,11 @@
     t.index ["user_id", "created_at"], name: "index_events_on_user_id_and_created_at"
   end
 
+  create_table "fed_email_domains", force: :cascade do |t|
+    t.citext "name", null: false
+    t.index ["name"], name: "index_fed_email_domains_on_name", unique: true
+  end
+
   create_table "fraud_review_requests", force: :cascade do |t|
     t.integer "user_id"
     t.string "uuid"
diff --git a/fed_email_domains/fed_email_domains.txt.sample b/fed_email_domains/fed_email_domains.txt.sample
deleted file mode 100644
index 1a02c064897..00000000000
--- a/fed_email_domains/fed_email_domains.txt.sample
+++ /dev/null
@@ -1,5 +0,0 @@
-dns.gov
-dotgov.gov
-gsa.gov
-test.gov
-example.gov
\ No newline at end of file
diff --git a/lib/fed_email_domain_downloader.rb b/lib/fed_email_domain_downloader.rb
index 0d2172e4501..8f9190d916f 100644
--- a/lib/fed_email_domain_downloader.rb
+++ b/lib/fed_email_domain_downloader.rb
@@ -8,7 +8,7 @@
 class FedEmailDomainDownloader
   attr_reader :destination
 
-  DOT_GOV_DOWNLOAD_PATH = 'https://raw.githubusercontent.com/cisagov/dotgov-data/main/current-full.csv'
+  DOT_GOV_DOWNLOAD_PATH = 'https://raw.githubusercontent.com/cisagov/dotgov-data/main/current-federal.csv'
 
   def initialize(destination: 'tmp/fed_download_path')
     @destination = destination
@@ -24,9 +24,7 @@ def run!
     csv ||= CSV.parse(dot_gov_csv_path, col_sep: ',', headers: true)
     File.open("#{destination}/fed_email_domains.txt", 'w') do |file|
       csv.each do |row|
-        if row['Domain type'].include?('Federal')
-          file.write("#{row['Domain name']}\n")
-        end
+        file.write("#{row['Domain name']}\n")
       end
     end
   end
diff --git a/lib/tasks/fed_email_domains.rake b/lib/tasks/fed_email_domains.rake
new file mode 100644
index 00000000000..17cdf19a454
--- /dev/null
+++ b/lib/tasks/fed_email_domains.rake
@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+require 'csv'
+namespace :fed_email_domains do
+  task :load, %i[s3_secrets_path] => [:environment] do |_task, args|
+    # Need to increase statement timeout since command takes a long time.
+    ActiveRecord::Base.connection.execute 'SET statement_timeout = 200000'
+    file = Identity::Hostdata.secrets_s3.read_file(args[:s3_secrets_path])
+    names = file.split("\n")
+    FedEmailDomain.insert_all(names.map { |name| { name: } })
+  end
+end
+# rake "fed_email_domains:load[S3_SECRETS_PATH]"
+# rubocop:enable Rails/SkipsModelValidations
diff --git a/spec/services/fed_email_domains_spec.rb b/spec/services/fed_email_domains_spec.rb
deleted file mode 100644
index 3eafe25beaf..00000000000
--- a/spec/services/fed_email_domains_spec.rb
+++ /dev/null
@@ -1,31 +0,0 @@
-require 'rails_helper'
-
-RSpec.describe FedEmailDomains do
-  describe '#call' do
-    let(:valid_email_domains) do
-      %w[
-        gsa.gov
-        dotgov.gov
-      ]
-    end
-    let(:invalid_email_domains) do
-      %w[
-        gsp.gov
-        fake.mil
-        test.com
-      ]
-    end
-
-    it 'returns true for valid email domains' do
-      valid_email_domains.each do |domain|
-        expect(FedEmailDomains.email_is_fed_domain?(domain)).to be true
-      end
-    end
-
-    it 'returns false for  invalid email domains' do
-      invalid_email_domains.each do |domain|
-        expect(FedEmailDomains.email_is_fed_domain?(domain)).to be false
-      end
-    end
-  end
-end

From f4909ded97bb8325d98bb3b6794764cca9160268 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Tue, 30 Jul 2024 10:51:56 -0400
Subject: [PATCH 24/48] rubocop

---
 app/models/fed_email_domain.rb   | 1 -
 lib/tasks/fed_email_domains.rake | 2 ++
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/models/fed_email_domain.rb b/app/models/fed_email_domain.rb
index d8f2ce2c645..69e90205db4 100644
--- a/app/models/fed_email_domain.rb
+++ b/app/models/fed_email_domain.rb
@@ -5,4 +5,3 @@ def self.fed_domain?(domain)
     exists?(name: domain)
   end
 end
-  
\ No newline at end of file
diff --git a/lib/tasks/fed_email_domains.rake b/lib/tasks/fed_email_domains.rake
index 17cdf19a454..ed903d8ae98 100644
--- a/lib/tasks/fed_email_domains.rake
+++ b/lib/tasks/fed_email_domains.rake
@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 require 'csv'
+
+# rubocop:disable Rails/SkipsModelValidations
 namespace :fed_email_domains do
   task :load, %i[s3_secrets_path] => [:environment] do |_task, args|
     # Need to increase statement timeout since command takes a long time.

From 26faf64d44d12f33d9d06f9f11f824ae397a8744 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Wed, 31 Jul 2024 12:51:39 -0400
Subject: [PATCH 25/48] remove downloader and just use a rake task

---
 .gitignore                                    |  2 --
 .gitlab-ci.yml                                |  1 -
 ...mail_domain.rb => federal_email_domain.rb} |  2 +-
 bin/setup                                     |  1 -
 config/application.yml.default                |  1 -
 ...29182306_create_fed_email_domains_table.rb | 11 -------
 ...5830_create_federal_email_domains_table.rb |  9 +++++
 db/schema.rb                                  |  6 ++--
 lib/fed_email_domain_downloader.rb            | 33 -------------------
 lib/federal_email_domain_downloader.rb        | 19 +++++++++++
 lib/tasks/disposable_email_domains.rake       |  1 +
 lib/tasks/fed_email_domains.rake              | 16 ---------
 lib/tasks/federal_email_domains.rake          | 19 +++++++++++
 13 files changed, 52 insertions(+), 69 deletions(-)
 rename app/models/{fed_email_domain.rb => federal_email_domain.rb} (68%)
 delete mode 100644 db/primary_migrate/20240729182306_create_fed_email_domains_table.rb
 create mode 100644 db/primary_migrate/20240730185830_create_federal_email_domains_table.rb
 delete mode 100644 lib/fed_email_domain_downloader.rb
 create mode 100644 lib/federal_email_domain_downloader.rb
 delete mode 100644 lib/tasks/fed_email_domains.rake
 create mode 100644 lib/tasks/federal_email_domains.rake

diff --git a/.gitignore b/.gitignore
index d1cb7569051..602124f201d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -68,8 +68,6 @@ Vagrantfile
 /public/user_flows
 /pwned_passwords/*
 !/pwned_passwords/pwned_passwords.txt.sample
-/fed_email_domains/*
-!/fed_email_domains/fed_email_domains.txt.sample
 /spec/tmp
 /test
 /tmp/*
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 2e60e155b0f..ed0580e2514 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -288,7 +288,6 @@ specs:
     - cp -a keys.example keys
     - cp -a certs.example certs
     - cp pwned_passwords/pwned_passwords.txt.sample pwned_passwords/pwned_passwords.txt
-    - cp fed_email_domains/fed_email_domains.txt.sample fed_email_domains/fed_email_domains.txt
     - "echo -e \"test:\n  redis_url: 'redis://redis:6379/0'\n  redis_throttle_url: 'redis://redis:6379/1'\" > config/application.yml"
     - bundle exec rake db:create db:migrate --trace
     - bundle exec rake db:seed
diff --git a/app/models/fed_email_domain.rb b/app/models/federal_email_domain.rb
similarity index 68%
rename from app/models/fed_email_domain.rb
rename to app/models/federal_email_domain.rb
index 69e90205db4..1ba01ea0801 100644
--- a/app/models/fed_email_domain.rb
+++ b/app/models/federal_email_domain.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class FedEmailDomain < ApplicationRecord
+class FederalEmailDomain < ApplicationRecord
   def self.fed_domain?(domain)
     exists?(name: domain)
   end
diff --git a/bin/setup b/bin/setup
index d8bd9edda83..6dc884c26c4 100755
--- a/bin/setup
+++ b/bin/setup
@@ -48,7 +48,6 @@ Dir.chdir APP_ROOT do
 
   puts "== Copying sample pwned passwords list =="
   run "cp pwned_passwords/pwned_passwords.txt.sample pwned_passwords/pwned_passwords.txt"
-  run "cp fed_email_domains/fed_email_domains.txt.sample fed_email_domains/fed_email_domains.txt"
 
   puts "\n== Installing dependencies =="
   brew_installed = system "brew -v 2>&1"
diff --git a/config/application.yml.default b/config/application.yml.default
index 786d1109715..c704dd4c33c 100644
--- a/config/application.yml.default
+++ b/config/application.yml.default
@@ -98,7 +98,6 @@ event_disavowal_expiration_hours: 240
 feature_idv_force_gpo_verification_enabled: false
 feature_idv_hybrid_flow_enabled: true
 feature_new_device_alert_aggregation_enabled: true
-fed_domain_file_path: 'fed_email_domains/fed_email_domains.txt'
 geo_data_file_path: 'geo_data/GeoLite2-City.mmdb'
 good_job_max_threads: 5
 good_job_queues: 'default:5;low:1;*'
diff --git a/db/primary_migrate/20240729182306_create_fed_email_domains_table.rb b/db/primary_migrate/20240729182306_create_fed_email_domains_table.rb
deleted file mode 100644
index 7b20f7bd010..00000000000
--- a/db/primary_migrate/20240729182306_create_fed_email_domains_table.rb
+++ /dev/null
@@ -1,11 +0,0 @@
-class CreateFedEmailDomainsTable < ActiveRecord::Migration[7.1]
-  def change
-    enable_extension "citext"
-
-    create_table :fed_email_domains do |t|
-      t.citext :name, null: false
-    end
-
-    add_index :fed_email_domains, :name, unique: true
-  end
-end
diff --git a/db/primary_migrate/20240730185830_create_federal_email_domains_table.rb b/db/primary_migrate/20240730185830_create_federal_email_domains_table.rb
new file mode 100644
index 00000000000..93ea5148bb9
--- /dev/null
+++ b/db/primary_migrate/20240730185830_create_federal_email_domains_table.rb
@@ -0,0 +1,9 @@
+class CreateFederalEmailDomainsTable < ActiveRecord::Migration[7.1]
+  def change
+    create_table :federal_email_domains do |t|
+      t.citext :name, null: false
+    end
+
+    add_index :federal_email_domains, :name, unique: true
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 65d98381b4e..a7865f9e207 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.1].define(version: 2024_07_29_182306) do
+ActiveRecord::Schema[7.1].define(version: 2024_07_30_185830) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "citext"
   enable_extension "pg_stat_statements"
@@ -227,9 +227,9 @@
     t.index ["user_id", "created_at"], name: "index_events_on_user_id_and_created_at"
   end
 
-  create_table "fed_email_domains", force: :cascade do |t|
+  create_table "federal_email_domains", force: :cascade do |t|
     t.citext "name", null: false
-    t.index ["name"], name: "index_fed_email_domains_on_name", unique: true
+    t.index ["name"], name: "index_federal_email_domains_on_name", unique: true
   end
 
   create_table "fraud_review_requests", force: :cascade do |t|
diff --git a/lib/fed_email_domain_downloader.rb b/lib/fed_email_domain_downloader.rb
deleted file mode 100644
index 8f9190d916f..00000000000
--- a/lib/fed_email_domain_downloader.rb
+++ /dev/null
@@ -1,33 +0,0 @@
-# frozen_string_literal: true
-
-require 'csv'
-require 'faraday'
-require 'pry'
-require 'fileutils'
-
-class FedEmailDomainDownloader
-  attr_reader :destination
-
-  DOT_GOV_DOWNLOAD_PATH = 'https://raw.githubusercontent.com/cisagov/dotgov-data/main/current-federal.csv'
-
-  def initialize(destination: 'tmp/fed_download_path')
-    @destination = destination
-  end
-
-  def dot_gov_csv_path
-    response = Faraday.get(DOT_GOV_DOWNLOAD_PATH)
-    response.body
-  end
-
-  def run!
-    FileUtils.mkdir_p(destination)
-    csv ||= CSV.parse(dot_gov_csv_path, col_sep: ',', headers: true)
-    File.open("#{destination}/fed_email_domains.txt", 'w') do |file|
-      csv.each do |row|
-        file.write("#{row['Domain name']}\n")
-      end
-    end
-  end
-end
-
-FedEmailDomainDownloader.new.run!
diff --git a/lib/federal_email_domain_downloader.rb b/lib/federal_email_domain_downloader.rb
new file mode 100644
index 00000000000..e04c2b9a5d2
--- /dev/null
+++ b/lib/federal_email_domain_downloader.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+require 'csv'
+require 'faraday'
+
+class FederalEmailDomainDownloader
+  DOT_GOV_DOWNLOAD_PATH = 'https://raw.githubusercontent.com/cisagov/dotgov-data/main/current-federal.csv'
+
+  def dot_gov_csv
+    response = Faraday.get(DOT_GOV_DOWNLOAD_PATH)
+    response.body
+  end
+
+  def load_to_db!
+    csv ||= CSV.parse(dot_gov_csv, col_sep: ',', headers: true)
+    csv.each do |row|
+      ::FederalEmailDomain.insert(names.map { |name| { name: row['Domain name']} })
+    end
+  end
+end
diff --git a/lib/tasks/disposable_email_domains.rake b/lib/tasks/disposable_email_domains.rake
index a53d1ffef67..b7543bc5ecd 100644
--- a/lib/tasks/disposable_email_domains.rake
+++ b/lib/tasks/disposable_email_domains.rake
@@ -4,6 +4,7 @@
 require 'csv'
 namespace :disposable_email_domains do
   task :load, %i[s3_secrets_path] => [:environment] do |_task, args|
+    binding.pry
     # Need to increase statement timeout since command takes a long time.
     ActiveRecord::Base.connection.execute 'SET statement_timeout = 200000'
     file = Identity::Hostdata.secrets_s3.read_file(args[:s3_secrets_path])
diff --git a/lib/tasks/fed_email_domains.rake b/lib/tasks/fed_email_domains.rake
deleted file mode 100644
index ed903d8ae98..00000000000
--- a/lib/tasks/fed_email_domains.rake
+++ /dev/null
@@ -1,16 +0,0 @@
-# frozen_string_literal: true
-
-require 'csv'
-
-# rubocop:disable Rails/SkipsModelValidations
-namespace :fed_email_domains do
-  task :load, %i[s3_secrets_path] => [:environment] do |_task, args|
-    # Need to increase statement timeout since command takes a long time.
-    ActiveRecord::Base.connection.execute 'SET statement_timeout = 200000'
-    file = Identity::Hostdata.secrets_s3.read_file(args[:s3_secrets_path])
-    names = file.split("\n")
-    FedEmailDomain.insert_all(names.map { |name| { name: } })
-  end
-end
-# rake "fed_email_domains:load[S3_SECRETS_PATH]"
-# rubocop:enable Rails/SkipsModelValidations
diff --git a/lib/tasks/federal_email_domains.rake b/lib/tasks/federal_email_domains.rake
new file mode 100644
index 00000000000..eab2c773d62
--- /dev/null
+++ b/lib/tasks/federal_email_domains.rake
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require 'faraday'
+require 'csv'
+
+DOT_GOV_DOWNLOAD_PATH = 'https://raw.githubusercontent.com/cisagov/dotgov-data/main/current-federal.csv'
+# rubocop:disable Rails/SkipsModelValidations
+namespace :federal_email_domains do
+  task load_to_db: :environment do |_task, _args|
+    response = Faraday.get(DOT_GOV_DOWNLOAD_PATH)
+    
+    csv ||= CSV.parse(response.body, col_sep: ',', headers: true)
+    csv.each do |row|
+      FederalEmailDomain.find_or_create_by(name: row['Domain name'])
+    end
+  end
+end
+# rake "fed_email_domains:load_to_database"
+# rubocop:enable Rails/SkipsModelValidations

From 1c8b180e580a016ec810592572bebdf370212d3c Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Wed, 31 Jul 2024 12:52:10 -0400
Subject: [PATCH 26/48] edit domainsg

---
 lib/tasks/disposable_email_domains.rake | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/tasks/disposable_email_domains.rake b/lib/tasks/disposable_email_domains.rake
index b7543bc5ecd..a53d1ffef67 100644
--- a/lib/tasks/disposable_email_domains.rake
+++ b/lib/tasks/disposable_email_domains.rake
@@ -4,7 +4,6 @@
 require 'csv'
 namespace :disposable_email_domains do
   task :load, %i[s3_secrets_path] => [:environment] do |_task, args|
-    binding.pry
     # Need to increase statement timeout since command takes a long time.
     ActiveRecord::Base.connection.execute 'SET statement_timeout = 200000'
     file = Identity::Hostdata.secrets_s3.read_file(args[:s3_secrets_path])

From 75fd8d78a931978f66e2eb2114152957adb72d88 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Wed, 31 Jul 2024 12:57:23 -0400
Subject: [PATCH 27/48] remove downloader

---
 lib/federal_email_domain_downloader.rb | 19 -------------------
 lib/tasks/federal_email_domains.rake   |  4 +---
 2 files changed, 1 insertion(+), 22 deletions(-)
 delete mode 100644 lib/federal_email_domain_downloader.rb

diff --git a/lib/federal_email_domain_downloader.rb b/lib/federal_email_domain_downloader.rb
deleted file mode 100644
index e04c2b9a5d2..00000000000
--- a/lib/federal_email_domain_downloader.rb
+++ /dev/null
@@ -1,19 +0,0 @@
-# frozen_string_literal: true
-require 'csv'
-require 'faraday'
-
-class FederalEmailDomainDownloader
-  DOT_GOV_DOWNLOAD_PATH = 'https://raw.githubusercontent.com/cisagov/dotgov-data/main/current-federal.csv'
-
-  def dot_gov_csv
-    response = Faraday.get(DOT_GOV_DOWNLOAD_PATH)
-    response.body
-  end
-
-  def load_to_db!
-    csv ||= CSV.parse(dot_gov_csv, col_sep: ',', headers: true)
-    csv.each do |row|
-      ::FederalEmailDomain.insert(names.map { |name| { name: row['Domain name']} })
-    end
-  end
-end
diff --git a/lib/tasks/federal_email_domains.rake b/lib/tasks/federal_email_domains.rake
index eab2c773d62..14468233ec5 100644
--- a/lib/tasks/federal_email_domains.rake
+++ b/lib/tasks/federal_email_domains.rake
@@ -4,11 +4,10 @@ require 'faraday'
 require 'csv'
 
 DOT_GOV_DOWNLOAD_PATH = 'https://raw.githubusercontent.com/cisagov/dotgov-data/main/current-federal.csv'
-# rubocop:disable Rails/SkipsModelValidations
 namespace :federal_email_domains do
   task load_to_db: :environment do |_task, _args|
     response = Faraday.get(DOT_GOV_DOWNLOAD_PATH)
-    
+
     csv ||= CSV.parse(response.body, col_sep: ',', headers: true)
     csv.each do |row|
       FederalEmailDomain.find_or_create_by(name: row['Domain name'])
@@ -16,4 +15,3 @@ namespace :federal_email_domains do
   end
 end
 # rake "fed_email_domains:load_to_database"
-# rubocop:enable Rails/SkipsModelValidations

From 53d8294cdb4f44097b77f0e3ed84e795c4b004d6 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Wed, 31 Jul 2024 15:18:00 -0400
Subject: [PATCH 28/48] edit rake task

---
 lib/tasks/federal_email_domains.rake | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/tasks/federal_email_domains.rake b/lib/tasks/federal_email_domains.rake
index 14468233ec5..6b3a5cda225 100644
--- a/lib/tasks/federal_email_domains.rake
+++ b/lib/tasks/federal_email_domains.rake
@@ -14,4 +14,4 @@ namespace :federal_email_domains do
     end
   end
 end
-# rake "fed_email_domains:load_to_database"
+# rake "fed_email_domains:load_to_db"

From b842baf4f3e1ee739cc03969a15a8c5e9c649304 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Wed, 31 Jul 2024 16:58:00 -0400
Subject: [PATCH 29/48] remove unneeded config

---
 app/models/email_address.rb         |  2 +-
 config/application.yml.default      |  4 ++--
 lib/identity_config.rb              |  3 +--
 spec/features/users/sign_in_spec.rb |  8 ++++----
 spec/models/email_address_spec.rb   | 12 ++++++------
 spec/models/user_spec.rb            |  6 +++---
 6 files changed, 17 insertions(+), 18 deletions(-)

diff --git a/app/models/email_address.rb b/app/models/email_address.rb
index 5856ca97170..b20fc1450d9 100644
--- a/app/models/email_address.rb
+++ b/app/models/email_address.rb
@@ -42,7 +42,7 @@ def fed_or_mil_email?
   end
 
   def fed_email?
-    if IdentityConfig.store.use_fed_domain_file
+    if IdentityConfig.store.use_fed_domain_class
       return false unless domain
       FedEmailDomain.fed_domain?(domain)
     else
diff --git a/config/application.yml.default b/config/application.yml.default
index c704dd4c33c..684b1caa88f 100644
--- a/config/application.yml.default
+++ b/config/application.yml.default
@@ -334,7 +334,7 @@ verify_personal_key_max_attempts: 5
 version_headers_enabled: false
 vtm_url: 'https://developer.login.gov/vot-trust-framework'
 use_dashboard_service_providers: false
-use_fed_domain_file: false
+use_fed_domain_class: false
 use_kms: false
 use_vot_in_sp_requests: true
 usps_auth_token_refresh_job_enabled: false
@@ -421,7 +421,7 @@ development:
   state_tracking_enabled: true
   telephony_adapter: test
   use_dashboard_service_providers: true
-  use_fed_domain_file: false
+  use_fed_domain_class: false
   usps_eipp_sponsor_id: '222222222222222'
   usps_ipp_sponsor_id: '111111111111111'
   usps_ipp_transliteration_enabled: true
diff --git a/lib/identity_config.rb b/lib/identity_config.rb
index 3fcb1b86748..3f437ce2cd2 100644
--- a/lib/identity_config.rb
+++ b/lib/identity_config.rb
@@ -133,7 +133,6 @@ def self.store
     config.add(:feature_idv_force_gpo_verification_enabled, type: :boolean)
     config.add(:feature_idv_hybrid_flow_enabled, type: :boolean)
     config.add(:feature_new_device_alert_aggregation_enabled, type: :boolean)
-    config.add(:fed_domain_file_path, type: :string)
     config.add(:geo_data_file_path, type: :string)
     config.add(:get_usps_proofing_results_job_cron, type: :string)
     config.add(:get_usps_proofing_results_job_reprocess_delay_minutes, type: :integer)
@@ -393,7 +392,7 @@ def self.store
     config.add(:usps_auth_token_refresh_job_enabled, type: :boolean)
     config.add(:usps_confirmation_max_days, type: :integer)
     config.add(:usps_eipp_sponsor_id, type: :string)
-    config.add(:use_fed_domain_file, type: :boolean)
+    config.add(:use_fed_domain_class, type: :boolean)
     config.add(:usps_ipp_client_id, type: :string)
     config.add(:usps_ipp_password, type: :string)
     config.add(:usps_ipp_request_timeout, type: :integer)
diff --git a/spec/features/users/sign_in_spec.rb b/spec/features/users/sign_in_spec.rb
index 9fa78197aa6..bacf713d45e 100644
--- a/spec/features/users/sign_in_spec.rb
+++ b/spec/features/users/sign_in_spec.rb
@@ -102,9 +102,9 @@
     expect(oidc_redirect_url).to start_with service_provider.redirect_uris.first
   end
 
-  context 'use_fed_domain_file set to true' do
+  context 'use_fed_domain_class set to true' do
     before do
-      allow(IdentityConfig.store).to receive(:use_fed_domain_file).and_return(true)
+      allow(IdentityConfig.store).to receive(:use_fed_domain_class).and_return(true)
     end
     scenario 'User with valid fed email directed to recommend page and get to setup piv' do
       user = create(:user, :with_phone, { email: 'example@gsa.gov' })
@@ -165,9 +165,9 @@
     end
   end
 
-  context 'use_fed_domain_file set to true' do
+  context 'use_fed_domain_class set to false' do
     before do
-      allow(IdentityConfig.store).to receive(:use_fed_domain_file).and_return(false)
+      allow(IdentityConfig.store).to receive(:use_fed_domain_class).and_return(false)
     end
     scenario 'User with .gov email directed to recommend page and get to setup piv' do
       user = create(:user, :with_phone, { email: 'example@good.gov' })
diff --git a/spec/models/email_address_spec.rb b/spec/models/email_address_spec.rb
index a5071db2bee..dcdaf0a8dde 100644
--- a/spec/models/email_address_spec.rb
+++ b/spec/models/email_address_spec.rb
@@ -94,7 +94,7 @@
 
     context 'with an email domain that is a fed email' do
       before do
-        allow(IdentityConfig.store).to receive(:use_fed_domain_file).and_return(false)
+        allow(IdentityConfig.store).to receive(:use_fed_domain_class).and_return(false)
       end
       let(:email) { 'example@example.gov' }
 
@@ -109,7 +109,7 @@
 
     context 'with an email that is not a mil or fed email' do
       before do
-        allow(IdentityConfig.store).to receive(:use_fed_domain_file).and_return(true)
+        allow(IdentityConfig.store).to receive(:use_fed_domain_class).and_return(true)
       end
 
       let(:email) { 'example@bad.gov' }
@@ -117,9 +117,9 @@
       it { expect(result).to be_falsey }
     end
 
-    context 'with a non fed email while use_fed_domain_file set to true' do
+    context 'with a non fed email while use_fed_domain_class set to true' do
       before do
-        allow(IdentityConfig.store).to receive(:use_fed_domain_file).and_return(true)
+        allow(IdentityConfig.store).to receive(:use_fed_domain_class).and_return(true)
       end
       let(:email) { 'example@good.gov' }
 
@@ -146,9 +146,9 @@
   describe '#fed_email?' do
     subject(:result) { email_address.fed_email? }
 
-    context 'use_fed_domain_file set to true' do
+    context 'use_fed_domain_class set to true' do
       before do
-        allow(IdentityConfig.store).to receive(:use_fed_domain_file).and_return(true)
+        allow(IdentityConfig.store).to receive(:use_fed_domain_class).and_return(true)
       end
 
       context 'with an email domain not a fed email' do
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 9f35e02573f..58910f84be9 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -1678,7 +1678,7 @@ def it_should_not_send_survey
 
   describe '#has_fed_or_mil_email' do
     before do
-      allow(IdentityConfig.store).to receive(:use_fed_domain_file).and_return(false)
+      allow(IdentityConfig.store).to receive(:use_fed_domain_class).and_return(false)
     end
 
     context 'with a valid fed email in domain file' do
@@ -1688,10 +1688,10 @@ def it_should_not_send_survey
       end
     end
 
-    context 'with use_fed_domain_file set to true and random .gov email' do
+    context 'with use_fed_domain_class set to false and random .gov email' do
       let(:user) { create(:user, email: 'example@example.gov') }
       before do
-        allow(IdentityConfig.store).to receive(:use_fed_domain_file).and_return(false)
+        allow(IdentityConfig.store).to receive(:use_fed_domain_class).and_return(false)
       end
       it 'should return true' do
         expect(user.has_fed_or_mil_email?).to be_truthy

From 907468463e8548f198ca870c951b57b68b58ed05 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Wed, 31 Jul 2024 18:07:22 -0400
Subject: [PATCH 30/48] edit email domain

---
 app/models/email_address.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/models/email_address.rb b/app/models/email_address.rb
index b20fc1450d9..d85e02f60c1 100644
--- a/app/models/email_address.rb
+++ b/app/models/email_address.rb
@@ -44,7 +44,7 @@ def fed_or_mil_email?
   def fed_email?
     if IdentityConfig.store.use_fed_domain_class
       return false unless domain
-      FedEmailDomain.fed_domain?(domain)
+      FederalEmailDomain.fed_domain?(domain)
     else
       email.end_with?('.gov')
     end

From 738308dab98853c493ad9dcb638644b5269e0ce9 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Thu, 1 Aug 2024 09:07:19 -0400
Subject: [PATCH 31/48] fix schema

---
 db/schema.rb | 1 -
 1 file changed, 1 deletion(-)

diff --git a/db/schema.rb b/db/schema.rb
index a7865f9e207..3b07fdfd0a3 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -14,7 +14,6 @@
   # These are extensions that must be enabled in order to support this database
   enable_extension "citext"
   enable_extension "pg_stat_statements"
-  enable_extension "pgcrypto"
   enable_extension "plpgsql"
 
   create_table "account_reset_requests", force: :cascade do |t|

From 5f8e5102898545f02eb24d1b19636242e964cfc6 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Fri, 2 Aug 2024 11:10:52 -0400
Subject: [PATCH 32/48] add additional fed email specs

---
 spec/factories/federal_email_domain.rb |   4 +
 spec/features/users/sign_in_spec.rb    |   5 +-
 spec/features/users/sign_up_spec.rb    | 121 +++++++++++++++++++++----
 spec/models/email_address_spec.rb      |   1 +
 4 files changed, 113 insertions(+), 18 deletions(-)
 create mode 100644 spec/factories/federal_email_domain.rb

diff --git a/spec/factories/federal_email_domain.rb b/spec/factories/federal_email_domain.rb
new file mode 100644
index 00000000000..6903d7eb11a
--- /dev/null
+++ b/spec/factories/federal_email_domain.rb
@@ -0,0 +1,4 @@
+FactoryBot.define do
+  factory :federal_email_domain do
+  end
+end
diff --git a/spec/features/users/sign_in_spec.rb b/spec/features/users/sign_in_spec.rb
index bacf713d45e..edf3c84cdc5 100644
--- a/spec/features/users/sign_in_spec.rb
+++ b/spec/features/users/sign_in_spec.rb
@@ -103,9 +103,12 @@
   end
 
   context 'use_fed_domain_class set to true' do
+    let!(:federal_email_domain) { create(:federal_email_domain, name: 'gsa.gov') }
+
     before do
       allow(IdentityConfig.store).to receive(:use_fed_domain_class).and_return(true)
     end
+
     scenario 'User with valid fed email directed to recommend page and get to setup piv' do
       user = create(:user, :with_phone, { email: 'example@gsa.gov' })
 
@@ -131,7 +134,7 @@
     end
 
     scenario 'User with fed email and skips recommendation page' do
-      user = create(:user, :with_phone, { email: 'example@example.gov' })
+      user = create(:user, :with_phone, { email: 'example@gsa.gov' })
 
       visit new_user_session_path
       fill_in_credentials_and_submit(user.email, user.password)
diff --git a/spec/features/users/sign_up_spec.rb b/spec/features/users/sign_up_spec.rb
index 838fd62a7f4..34bd73d4b26 100644
--- a/spec/features/users/sign_up_spec.rb
+++ b/spec/features/users/sign_up_spec.rb
@@ -520,30 +520,117 @@ def clipboard_text
     end
   end
 
-  describe 'mil or gov email account' do
-    before do
-      confirm_email('test@test.gov')
-      submit_form_with_valid_password
-    end
-    it 'should land user on piv cac suggestion page' do
-      expect(current_path).to eq login_piv_cac_recommended_path
-    end
+  describe 'User Directed to Piv Cac recommended' do
+    context 'set config use_fed_domain_class to false' do
+      let(:email) { 'test@test.gov' }
+      before do
+        allow(IdentityConfig.store).to receive(:use_fed_domain_class).and_return(false)
+      end
 
-    context 'user can skip piv cac prompt' do
-      it 'should skip piv cac prompt and land on mfa screen' do
+      it 'should land user on piv cac suggestion page' do
+        confirm_email(email)
+        submit_form_with_valid_password
         expect(current_path).to eq login_piv_cac_recommended_path
-        click_button t('two_factor_authentication.piv_cac_upsell.choose_other_method')
+      end
 
-        expect(current_path).to eq authentication_methods_setup_path
+      context 'user can skip piv cac prompt' do
+        it 'should skip piv cac prompt and land on mfa screen' do
+          confirm_email(email)
+          submit_form_with_valid_password
+          expect(current_path).to eq login_piv_cac_recommended_path
+          click_button t('two_factor_authentication.piv_cac_upsell.choose_other_method')
+
+          expect(current_path).to eq authentication_methods_setup_path
+        end
+      end
+
+      context 'user who selects to add piv is directed to piv screen' do
+        it 'should be directed straight to piv add screen' do
+          confirm_email(email)
+          submit_form_with_valid_password
+          expect(current_path).to eq login_piv_cac_recommended_path
+          click_button t('two_factor_authentication.piv_cac_upsell.add_piv')
+
+          expect(current_path).to eq setup_piv_cac_path
+        end
       end
     end
 
-    context 'user who selects to add piv is directed to piv screen' do
-      it 'should be directed straight to piv add screen' do
-        expect(current_path).to eq login_piv_cac_recommended_path
-        click_button t('two_factor_authentication.piv_cac_upsell.add_piv')
+    context 'set config use_fed_domain_class to true' do
+      let!(:federal_email_domain) { create(:federal_email_domain, name: 'gsa.gov') }
+      let(:email) { 'test@gsa.gov' }
+
+      before do
+        allow(IdentityConfig.store).to receive(:use_fed_domain_class).and_return(true)
+      end
+      context 'valid fed email' do
+        it 'should land user on piv cac suggestion page when fed government' do
+          confirm_email(email)
+          submit_form_with_valid_password
+          expect(current_path).to eq login_piv_cac_recommended_path
+        end
+
+        context 'user can skip piv cac prompt' do
+          it 'should skip piv cac prompt and land on mfa screen' do
+            confirm_email(email)
+            submit_form_with_valid_password
+            expect(current_path).to eq login_piv_cac_recommended_path
+            click_button t('two_factor_authentication.piv_cac_upsell.choose_other_method')
+
+            expect(current_path).to eq authentication_methods_setup_path
+          end
+        end
+
+        context 'user who selects to add piv is directed to piv screen' do
+          it 'should be directed straight to piv add screen' do
+            confirm_email(email)
+            submit_form_with_valid_password
+            expect(current_path).to eq login_piv_cac_recommended_path
+            click_button t('two_factor_authentication.piv_cac_upsell.add_piv')
+
+            expect(current_path).to eq setup_piv_cac_path
+          end
+        end
+      end
+
+      context 'any mil email' do
+        let(:email) { 'test@example.mil' }
+        it 'should land user on piv cac suggestion page when fed government' do
+          confirm_email(email)
+          submit_form_with_valid_password
+          expect(current_path).to eq login_piv_cac_recommended_path
+        end
+
+        context 'user can skip piv cac prompt' do
+          it 'should skip piv cac prompt and land on mfa screen' do
+            confirm_email(email)
+            submit_form_with_valid_password
+            expect(current_path).to eq login_piv_cac_recommended_path
+            click_button t('two_factor_authentication.piv_cac_upsell.choose_other_method')
+
+            expect(current_path).to eq authentication_methods_setup_path
+          end
+        end
+
+        context 'user who selects to add piv is directed to piv screen' do
+          it 'should be directed straight to piv add screen' do
+            confirm_email(email)
+            submit_form_with_valid_password
+            expect(current_path).to eq login_piv_cac_recommended_path
+            click_button t('two_factor_authentication.piv_cac_upsell.add_piv')
+
+            expect(current_path).to eq setup_piv_cac_path
+          end
+        end
+      end
 
-        expect(current_path).to eq setup_piv_cac_path
+      context 'invalid fed email' do
+        let(:email) { 'test@example.gov' }
+        it 'should land user on piv cac suggestion page when fed government' do
+          confirm_email(email)
+          submit_form_with_valid_password
+          expect(current_path).to eq authentication_methods_setup_path
+        end
       end
     end
   end
diff --git a/spec/models/email_address_spec.rb b/spec/models/email_address_spec.rb
index dcdaf0a8dde..db20497bb20 100644
--- a/spec/models/email_address_spec.rb
+++ b/spec/models/email_address_spec.rb
@@ -145,6 +145,7 @@
 
   describe '#fed_email?' do
     subject(:result) { email_address.fed_email? }
+    let!(:federal_email_domain) { create(:federal_email_domain, name: 'gsa.gov') }
 
     context 'use_fed_domain_class set to true' do
       before do

From 026a15df29ab0605d3f60a8c2401e63579aa41f0 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Mon, 5 Aug 2024 09:43:01 -0400
Subject: [PATCH 33/48] change name

---
 spec/models/user_spec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 58910f84be9..60db43b81fc 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -1676,7 +1676,7 @@ def it_should_not_send_survey
     end
   end
 
-  describe '#has_fed_or_mil_email' do
+  describe '#has_fed_or_mil_email?' do
     before do
       allow(IdentityConfig.store).to receive(:use_fed_domain_class).and_return(false)
     end

From 11552b07f6400623f1356e22b63451c83dc21f85 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Mon, 5 Aug 2024 10:05:07 -0400
Subject: [PATCH 34/48] move piv cac recommended to separate spec for ease of
 readibility

---
 .../piv_recommended_after_sign_in_spec.rb     | 134 ++++++++++++++++++
 ...set_up_piv_cac_selection_presenter_spec.rb |   2 +-
 2 files changed, 135 insertions(+), 1 deletion(-)
 create mode 100644 spec/features/sign_in/piv_recommended_after_sign_in_spec.rb

diff --git a/spec/features/sign_in/piv_recommended_after_sign_in_spec.rb b/spec/features/sign_in/piv_recommended_after_sign_in_spec.rb
new file mode 100644
index 00000000000..82d398fc76e
--- /dev/null
+++ b/spec/features/sign_in/piv_recommended_after_sign_in_spec.rb
@@ -0,0 +1,134 @@
+require 'rails_helper'
+
+RSpec.feature 'Piv recommended after Sign in', allowed_extra_analytics: [:*] do
+  include SessionTimeoutWarningHelper
+
+  context 'use_fed_domain_class set to true' do
+    let!(:federal_email_domain) { create(:federal_email_domain, name: 'gsa.gov') }
+
+    before do
+      allow(IdentityConfig.store).to receive(:use_fed_domain_class).and_return(true)
+    end
+
+    scenario 'User with valid fed email directed to recommend page and get to setup piv' do
+      user = create(:user, :with_phone, { email: 'example@gsa.gov' })
+
+      visit new_user_session_path
+      fill_in_credentials_and_submit(user.email, user.password)
+      fill_in_code_with_last_phone_otp
+      click_submit_default
+      expect(page).to have_current_path(login_piv_cac_recommended_path)
+      click_button(t('two_factor_authentication.piv_cac_upsell.add_piv'))
+      expect(page).to have_current_path(setup_piv_cac_path)
+    end
+
+    scenario 'User with mil email directed to recommended PIV page and goes to add piv page' do
+      user = create(:user, :with_phone, { email: 'example@army.mil' })
+
+      visit new_user_session_path
+      fill_in_credentials_and_submit(user.email, user.password)
+      fill_in_code_with_last_phone_otp
+      click_submit_default
+      expect(page).to have_current_path(login_piv_cac_recommended_path)
+      click_button(t('two_factor_authentication.piv_cac_upsell.add_piv'))
+      expect(page).to have_current_path(setup_piv_cac_path)
+    end
+
+    scenario 'User with fed email and skips recommendation page' do
+      user = create(:user, :with_phone, { email: 'example@gsa.gov' })
+
+      visit new_user_session_path
+      fill_in_credentials_and_submit(user.email, user.password)
+      fill_in_code_with_last_phone_otp
+      click_submit_default
+      expect(page).to have_current_path(login_piv_cac_recommended_path)
+      click_button(t('two_factor_authentication.piv_cac_upsell.skip'))
+      expect(page).to have_current_path(account_path)
+    end
+
+    scenario 'User with mil email and skips recommendation page' do
+      user = create(:user, :with_phone, { email: 'example@army.mil' })
+
+      visit new_user_session_path
+      fill_in_credentials_and_submit(user.email, user.password)
+      fill_in_code_with_last_phone_otp
+      click_submit_default
+      expect(page).to have_current_path(login_piv_cac_recommended_path)
+      click_button(t('two_factor_authentication.piv_cac_upsell.skip'))
+      expect(page).to have_current_path(account_path)
+    end
+
+    scenario 'User with invalid .gov email directed to account page' do
+      user = create(:user, :with_phone, { email: 'example@bad.gov' })
+
+      visit new_user_session_path
+      fill_in_credentials_and_submit(user.email, user.password)
+      fill_in_code_with_last_phone_otp
+      click_submit_default
+      expect(page).to have_current_path(account_path)
+    end
+  end
+
+  context 'use_fed_domain_class set to false' do
+    before do
+      allow(IdentityConfig.store).to receive(:use_fed_domain_class).and_return(false)
+    end
+    scenario 'User with .gov email directed to recommend page and get to setup piv' do
+      user = create(:user, :with_phone, { email: 'example@good.gov' })
+
+      visit new_user_session_path
+      fill_in_credentials_and_submit(user.email, user.password)
+      fill_in_code_with_last_phone_otp
+      click_submit_default
+      expect(page).to have_current_path(login_piv_cac_recommended_path)
+      click_button(t('two_factor_authentication.piv_cac_upsell.add_piv'))
+      expect(page).to have_current_path(setup_piv_cac_path)
+    end
+
+    scenario 'User with .mil email directed to recommended PIV page and goes to add piv page' do
+      user = create(:user, :with_phone, { email: 'example@army.mil' })
+
+      visit new_user_session_path
+      fill_in_credentials_and_submit(user.email, user.password)
+      fill_in_code_with_last_phone_otp
+      click_submit_default
+      expect(page).to have_current_path(login_piv_cac_recommended_path)
+      click_button(t('two_factor_authentication.piv_cac_upsell.add_piv'))
+      expect(page).to have_current_path(setup_piv_cac_path)
+    end
+
+    scenario 'User with fed email and skips recommendation page' do
+      user = create(:user, :with_phone, { email: 'example@example.gov' })
+
+      visit new_user_session_path
+      fill_in_credentials_and_submit(user.email, user.password)
+      fill_in_code_with_last_phone_otp
+      click_submit_default
+      expect(page).to have_current_path(login_piv_cac_recommended_path)
+      click_button(t('two_factor_authentication.piv_cac_upsell.skip'))
+      expect(page).to have_current_path(account_path)
+    end
+
+    scenario 'User with mil email and skips recommendation page' do
+      user = create(:user, :with_phone, { email: 'example@army.mil' })
+
+      visit new_user_session_path
+      fill_in_credentials_and_submit(user.email, user.password)
+      fill_in_code_with_last_phone_otp
+      click_submit_default
+      expect(page).to have_current_path(login_piv_cac_recommended_path)
+      click_button(t('two_factor_authentication.piv_cac_upsell.skip'))
+      expect(page).to have_current_path(account_path)
+    end
+
+    scenario 'User with invalid no .gov or .mil email directed to account page' do
+      user = create(:user, :with_phone, { email: 'example@bad.com' })
+
+      visit new_user_session_path
+      fill_in_credentials_and_submit(user.email, user.password)
+      fill_in_code_with_last_phone_otp
+      click_submit_default
+      expect(page).to have_current_path(account_path)
+    end
+  end
+end
diff --git a/spec/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter_spec.rb b/spec/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter_spec.rb
index 0833bdcf4f4..1f50eaad31c 100644
--- a/spec/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter_spec.rb
+++ b/spec/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter_spec.rb
@@ -38,7 +38,7 @@
     context 'with a confirmed email address ending in anything other than .gov or .mil' do
       let(:user) { create(:user, email: 'example@example.com') }
 
-      it { expect(recommended).to be_falsey }
+      it { expect(recommended).to eq(false) }
     end
 
     context 'with a confirmed email address ending in .gov or .mil' do

From e946f2b528c7fc1f92550a4e34a7c173abea54e4 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Mon, 5 Aug 2024 10:16:11 -0400
Subject: [PATCH 35/48] fix rubocop

---
 spec/features/sign_in/piv_recommended_after_sign_in_spec.rb | 2 --
 1 file changed, 2 deletions(-)

diff --git a/spec/features/sign_in/piv_recommended_after_sign_in_spec.rb b/spec/features/sign_in/piv_recommended_after_sign_in_spec.rb
index 82d398fc76e..588f9db7136 100644
--- a/spec/features/sign_in/piv_recommended_after_sign_in_spec.rb
+++ b/spec/features/sign_in/piv_recommended_after_sign_in_spec.rb
@@ -1,8 +1,6 @@
 require 'rails_helper'
 
 RSpec.feature 'Piv recommended after Sign in', allowed_extra_analytics: [:*] do
-  include SessionTimeoutWarningHelper
-
   context 'use_fed_domain_class set to true' do
     let!(:federal_email_domain) { create(:federal_email_domain, name: 'gsa.gov') }
 

From f6d7b8a43502e37350570d4218433c2d20502845 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Mon, 5 Aug 2024 13:29:59 -0400
Subject: [PATCH 36/48] fix specs

---
 spec/features/users/sign_in_spec.rb | 129 ----------------------------
 spec/models/email_address_spec.rb   |   8 +-
 2 files changed, 4 insertions(+), 133 deletions(-)

diff --git a/spec/features/users/sign_in_spec.rb b/spec/features/users/sign_in_spec.rb
index edf3c84cdc5..31825c496a3 100644
--- a/spec/features/users/sign_in_spec.rb
+++ b/spec/features/users/sign_in_spec.rb
@@ -102,135 +102,6 @@
     expect(oidc_redirect_url).to start_with service_provider.redirect_uris.first
   end
 
-  context 'use_fed_domain_class set to true' do
-    let!(:federal_email_domain) { create(:federal_email_domain, name: 'gsa.gov') }
-
-    before do
-      allow(IdentityConfig.store).to receive(:use_fed_domain_class).and_return(true)
-    end
-
-    scenario 'User with valid fed email directed to recommend page and get to setup piv' do
-      user = create(:user, :with_phone, { email: 'example@gsa.gov' })
-
-      visit new_user_session_path
-      fill_in_credentials_and_submit(user.email, user.password)
-      fill_in_code_with_last_phone_otp
-      click_submit_default
-      expect(page).to have_current_path(login_piv_cac_recommended_path)
-      click_button(t('two_factor_authentication.piv_cac_upsell.add_piv'))
-      expect(page).to have_current_path(setup_piv_cac_path)
-    end
-
-    scenario 'User with mil email directed to recommended PIV page and goes to add piv page' do
-      user = create(:user, :with_phone, { email: 'example@army.mil' })
-
-      visit new_user_session_path
-      fill_in_credentials_and_submit(user.email, user.password)
-      fill_in_code_with_last_phone_otp
-      click_submit_default
-      expect(page).to have_current_path(login_piv_cac_recommended_path)
-      click_button(t('two_factor_authentication.piv_cac_upsell.add_piv'))
-      expect(page).to have_current_path(setup_piv_cac_path)
-    end
-
-    scenario 'User with fed email and skips recommendation page' do
-      user = create(:user, :with_phone, { email: 'example@gsa.gov' })
-
-      visit new_user_session_path
-      fill_in_credentials_and_submit(user.email, user.password)
-      fill_in_code_with_last_phone_otp
-      click_submit_default
-      expect(page).to have_current_path(login_piv_cac_recommended_path)
-      click_button(t('two_factor_authentication.piv_cac_upsell.skip'))
-      expect(page).to have_current_path(account_path)
-    end
-
-    scenario 'User with mil email and skips recommendation page' do
-      user = create(:user, :with_phone, { email: 'example@army.mil' })
-
-      visit new_user_session_path
-      fill_in_credentials_and_submit(user.email, user.password)
-      fill_in_code_with_last_phone_otp
-      click_submit_default
-      expect(page).to have_current_path(login_piv_cac_recommended_path)
-      click_button(t('two_factor_authentication.piv_cac_upsell.skip'))
-      expect(page).to have_current_path(account_path)
-    end
-
-    scenario 'User with invalid .gov email directed to account page' do
-      user = create(:user, :with_phone, { email: 'example@bad.gov' })
-
-      visit new_user_session_path
-      fill_in_credentials_and_submit(user.email, user.password)
-      fill_in_code_with_last_phone_otp
-      click_submit_default
-      expect(page).to have_current_path(account_path)
-    end
-  end
-
-  context 'use_fed_domain_class set to false' do
-    before do
-      allow(IdentityConfig.store).to receive(:use_fed_domain_class).and_return(false)
-    end
-    scenario 'User with .gov email directed to recommend page and get to setup piv' do
-      user = create(:user, :with_phone, { email: 'example@good.gov' })
-
-      visit new_user_session_path
-      fill_in_credentials_and_submit(user.email, user.password)
-      fill_in_code_with_last_phone_otp
-      click_submit_default
-      expect(page).to have_current_path(login_piv_cac_recommended_path)
-      click_button(t('two_factor_authentication.piv_cac_upsell.add_piv'))
-      expect(page).to have_current_path(setup_piv_cac_path)
-    end
-
-    scenario 'User with .mil email directed to recommended PIV page and goes to add piv page' do
-      user = create(:user, :with_phone, { email: 'example@army.mil' })
-
-      visit new_user_session_path
-      fill_in_credentials_and_submit(user.email, user.password)
-      fill_in_code_with_last_phone_otp
-      click_submit_default
-      expect(page).to have_current_path(login_piv_cac_recommended_path)
-      click_button(t('two_factor_authentication.piv_cac_upsell.add_piv'))
-      expect(page).to have_current_path(setup_piv_cac_path)
-    end
-
-    scenario 'User with fed email and skips recommendation page' do
-      user = create(:user, :with_phone, { email: 'example@example.gov' })
-
-      visit new_user_session_path
-      fill_in_credentials_and_submit(user.email, user.password)
-      fill_in_code_with_last_phone_otp
-      click_submit_default
-      expect(page).to have_current_path(login_piv_cac_recommended_path)
-      click_button(t('two_factor_authentication.piv_cac_upsell.skip'))
-      expect(page).to have_current_path(account_path)
-    end
-
-    scenario 'User with mil email and skips recommendation page' do
-      user = create(:user, :with_phone, { email: 'example@army.mil' })
-
-      visit new_user_session_path
-      fill_in_credentials_and_submit(user.email, user.password)
-      fill_in_code_with_last_phone_otp
-      click_submit_default
-      expect(page).to have_current_path(login_piv_cac_recommended_path)
-      click_button(t('two_factor_authentication.piv_cac_upsell.skip'))
-      expect(page).to have_current_path(account_path)
-    end
-
-    scenario 'User with invalid no .gov or .mil email directed to account page' do
-      user = create(:user, :with_phone, { email: 'example@bad.com' })
-
-      visit new_user_session_path
-      fill_in_credentials_and_submit(user.email, user.password)
-      fill_in_code_with_last_phone_otp
-      click_submit_default
-      expect(page).to have_current_path(account_path)
-    end
-  end
-
   scenario 'user attempts sign in with piv/cac with no account then creates account' do
     visit_idp_from_sp_with_ial1(:oidc)
     click_on t('account.login.piv_cac')
diff --git a/spec/models/email_address_spec.rb b/spec/models/email_address_spec.rb
index db20497bb20..e96c5cb3610 100644
--- a/spec/models/email_address_spec.rb
+++ b/spec/models/email_address_spec.rb
@@ -114,7 +114,7 @@
 
       let(:email) { 'example@bad.gov' }
 
-      it { expect(result).to be_falsey }
+      it { expect(result).to eq(false) }
     end
 
     context 'with a non fed email while use_fed_domain_class set to true' do
@@ -123,7 +123,7 @@
       end
       let(:email) { 'example@good.gov' }
 
-      it { expect(result).to be_falsey }
+      it { expect(result).to eq(false) }
     end
   end
 
@@ -133,7 +133,7 @@
     context 'with an email domain not a mil email' do
       let(:email) { 'example@example.gov' }
 
-      it { expect(result).to be_falsey }
+      it { expect(result).to eq(false) }
     end
 
     context 'with an email domain ending in a mil domain email' do
@@ -155,7 +155,7 @@
       context 'with an email domain not a fed email' do
         let(:email) { 'example@bad.gov' }
 
-        it { expect(result).to be_falsey }
+        it { expect(result).to eq(false) }
       end
 
       context 'with an email domain ending in a fed domain email' do

From 20bf08d4fc9a2ba847cefe9faa2804eef7f1f57a Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Tue, 6 Aug 2024 08:57:17 -0400
Subject: [PATCH 37/48] fix specs to use false and true

---
 spec/models/email_address_spec.rb                         | 6 +++---
 spec/models/user_spec.rb                                  | 8 ++++----
 .../set_up_piv_cac_selection_presenter_spec.rb            | 2 +-
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/spec/models/email_address_spec.rb b/spec/models/email_address_spec.rb
index e96c5cb3610..50adfa6256f 100644
--- a/spec/models/email_address_spec.rb
+++ b/spec/models/email_address_spec.rb
@@ -104,7 +104,7 @@
     context 'with an email that is a mil email' do
       let(:email) { 'example@example.mil' }
 
-      it { expect(result).to be_truthy }
+      it { expect(result).to eq(true) }
     end
 
     context 'with an email that is not a mil or fed email' do
@@ -139,7 +139,7 @@
     context 'with an email domain ending in a mil domain email' do
       let(:email) { 'example@example.mil' }
 
-      it { expect(result).to be_truthy }
+      it { expect(result).to eq(true) }
     end
   end
 
@@ -161,7 +161,7 @@
       context 'with an email domain ending in a fed domain email' do
         let(:email) { 'example@gsa.gov' }
 
-        it { expect(result).to be_truthy }
+        it { expect(result).to eq(true) }
       end
     end
   end
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 799c023c7fc..c50723eb25b 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -1684,7 +1684,7 @@ def it_should_not_send_survey
     context 'with a valid fed email in domain file' do
       let(:user) { create(:user, email: 'example@example.gov') }
       it 'should return true' do
-        expect(user.has_fed_or_mil_email?).to be_truthy
+        expect(user.has_fed_or_mil_email?).to eq(true)
       end
     end
 
@@ -1694,21 +1694,21 @@ def it_should_not_send_survey
         allow(IdentityConfig.store).to receive(:use_fed_domain_class).and_return(false)
       end
       it 'should return true' do
-        expect(user.has_fed_or_mil_email?).to be_truthy
+        expect(user.has_fed_or_mil_email?).to eq(true)
       end
     end
 
     context 'with a valid mil email' do
       let(:user) { create(:user, email: 'example@example.mil') }
       it 'should return true' do
-        expect(user.has_fed_or_mil_email?).to be_truthy
+        expect(user.has_fed_or_mil_email?).to eq(true)
       end
     end
 
     context 'with an invalid fed or mil email' do
       let(:user) { create(:user, email: 'example@example.com') }
       it 'should return false' do
-        expect(user.has_fed_or_mil_email?).to be_falsey
+        expect(user.has_fed_or_mil_email?).to eq(false)
       end
     end
   end
diff --git a/spec/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter_spec.rb b/spec/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter_spec.rb
index 1f50eaad31c..8dc53015ce0 100644
--- a/spec/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter_spec.rb
+++ b/spec/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter_spec.rb
@@ -44,7 +44,7 @@
     context 'with a confirmed email address ending in .gov or .mil' do
       let(:user) { create(:user, email: 'example@gsa.gov') }
 
-      it { expect(recommended).to be_truthy }
+      it { expect(recommended).to eq(true) }
     end
   end
 

From 5f002a9ca57474c56b78261dc7ecf067f0ba7809 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Wed, 7 Aug 2024 09:07:48 -0400
Subject: [PATCH 38/48] address comments

---
 app/controllers/users/piv_cac_recommended_controller.rb | 4 ++--
 config/application.yml.default                          | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/controllers/users/piv_cac_recommended_controller.rb b/app/controllers/users/piv_cac_recommended_controller.rb
index a1bca1820f9..2b504239ac3 100644
--- a/app/controllers/users/piv_cac_recommended_controller.rb
+++ b/app/controllers/users/piv_cac_recommended_controller.rb
@@ -8,7 +8,7 @@ class PivCacRecommendedController < ApplicationController
 
     before_action :confirm_user_authenticated_for_2fa_setup
     before_action :apply_secure_headers_override
-    before_action :redirect_unless_user_has_fed_email
+    before_action :redirect_unless_user_email_is_fed_or_mil
 
     def show
       @recommended_presenter = PivCacRecommendedPresenter.new(current_user)
@@ -30,7 +30,7 @@ def skip
 
     private
 
-    def redirect_unless_user_has_fed_email
+    def redirect_unless_user_email_is_fed_or_mil
       redirect_to after_sign_in_path_for(current_user) unless current_user.has_fed_or_mil_email?
     end
   end
diff --git a/config/application.yml.default b/config/application.yml.default
index 2a3d84aed3d..bd8608d0571 100644
--- a/config/application.yml.default
+++ b/config/application.yml.default
@@ -426,7 +426,7 @@ development:
   state_tracking_enabled: true
   telephony_adapter: test
   use_dashboard_service_providers: true
-  use_fed_domain_class: false
+  use_fed_domain_class: true
   usps_eipp_sponsor_id: '222222222222222'
   usps_ipp_sponsor_id: '111111111111111'
   usps_ipp_transliteration_enabled: true

From 819b6f762ef9dbdaeb87aa06c5f5d5fcc630f146 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Thu, 8 Aug 2024 13:49:22 -0400
Subject: [PATCH 39/48] remove line

---
 db/schema.rb | 1 -
 1 file changed, 1 deletion(-)

diff --git a/db/schema.rb b/db/schema.rb
index 56d43811d42..bab58e0ff1e 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,6 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-
 ActiveRecord::Schema[7.1].define(version: 2024_08_01_183410) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "citext"

From 24a7714cea8e6cd3f46d74ba5491ea07cc290f1c Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Thu, 8 Aug 2024 13:51:10 -0400
Subject: [PATCH 40/48] make it simple assignment

---
 lib/tasks/federal_email_domains.rake | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/tasks/federal_email_domains.rake b/lib/tasks/federal_email_domains.rake
index 6b3a5cda225..30f7d4fa0a5 100644
--- a/lib/tasks/federal_email_domains.rake
+++ b/lib/tasks/federal_email_domains.rake
@@ -8,7 +8,7 @@ namespace :federal_email_domains do
   task load_to_db: :environment do |_task, _args|
     response = Faraday.get(DOT_GOV_DOWNLOAD_PATH)
 
-    csv ||= CSV.parse(response.body, col_sep: ',', headers: true)
+    csv CSV.parse(response.body, col_sep: ',', headers: true)
     csv.each do |row|
       FederalEmailDomain.find_or_create_by(name: row['Domain name'])
     end

From 8430b3cabf04b707dcd1d66ff98f0015687e72f9 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Thu, 8 Aug 2024 15:37:05 -0400
Subject: [PATCH 41/48] update application yaml default

---
 config/application.yml.default | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/config/application.yml.default b/config/application.yml.default
index bd8608d0571..daa738214d1 100644
--- a/config/application.yml.default
+++ b/config/application.yml.default
@@ -327,7 +327,7 @@ test_ssn_allowed_list: ''
 totp_code_interval: 30
 unauthorized_scope_enabled: false
 use_dashboard_service_providers: false
-use_fed_domain_class: false
+use_fed_domain_class: true
 use_kms: false
 use_vot_in_sp_requests: true
 usps_auth_token_refresh_job_enabled: false
@@ -592,6 +592,7 @@ test:
   telephony_adapter: test
   test_ssn_allowed_list: '999999999'
   totp_code_interval: 3
+  use_fed_domain_class: false
   usps_eipp_sponsor_id: '222222222222222'
   usps_ipp_root_url: 'http://localhost:1000'
   usps_ipp_sponsor_id: '111111111111111'

From 790b61517cde0475e004683b7cb48f12af08f8fd Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Fri, 9 Aug 2024 11:20:04 -0400
Subject: [PATCH 42/48] update rake and application yml default

---
 config/application.yml.default       | 5 +++--
 lib/tasks/federal_email_domains.rake | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/config/application.yml.default b/config/application.yml.default
index daa738214d1..f869f570d35 100644
--- a/config/application.yml.default
+++ b/config/application.yml.default
@@ -327,7 +327,7 @@ test_ssn_allowed_list: ''
 totp_code_interval: 30
 unauthorized_scope_enabled: false
 use_dashboard_service_providers: false
-use_fed_domain_class: true
+use_fed_domain_class: false
 use_kms: false
 use_vot_in_sp_requests: true
 usps_auth_token_refresh_job_enabled: false
@@ -505,6 +505,7 @@ production:
   skip_encryption_allowed_list: '["urn:gov:gsa:SAML:2.0.profiles:sp:sso:dev", "urn:gov:gsa:SAML:2.0.profiles:sp:sso:int"]'
   state_tracking_enabled: false
   telephony_adapter: pinpoint
+  use_fed_domain_class: false
   use_kms: true
   usps_auth_token_refresh_job_enabled: true
   usps_confirmation_max_days: 30
@@ -592,7 +593,7 @@ test:
   telephony_adapter: test
   test_ssn_allowed_list: '999999999'
   totp_code_interval: 3
-  use_fed_domain_class: false
+  use_fed_domain_class: true
   usps_eipp_sponsor_id: '222222222222222'
   usps_ipp_root_url: 'http://localhost:1000'
   usps_ipp_sponsor_id: '111111111111111'
diff --git a/lib/tasks/federal_email_domains.rake b/lib/tasks/federal_email_domains.rake
index 30f7d4fa0a5..76c3ec4f2f7 100644
--- a/lib/tasks/federal_email_domains.rake
+++ b/lib/tasks/federal_email_domains.rake
@@ -8,7 +8,7 @@ namespace :federal_email_domains do
   task load_to_db: :environment do |_task, _args|
     response = Faraday.get(DOT_GOV_DOWNLOAD_PATH)
 
-    csv CSV.parse(response.body, col_sep: ',', headers: true)
+    csv = CSV.parse(response.body, col_sep: ',', headers: true)
     csv.each do |row|
       FederalEmailDomain.find_or_create_by(name: row['Domain name'])
     end

From 29fb27372534889de7ef4b998c7c4dae577dc576 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Fri, 9 Aug 2024 11:29:55 -0400
Subject: [PATCH 43/48] update schema

---
 ...s_table.rb => 20240809152808_create_federal_email_domain.rb} | 2 +-
 db/schema.rb                                                    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
 rename db/primary_migrate/{20240730185830_create_federal_email_domains_table.rb => 20240809152808_create_federal_email_domain.rb} (71%)

diff --git a/db/primary_migrate/20240730185830_create_federal_email_domains_table.rb b/db/primary_migrate/20240809152808_create_federal_email_domain.rb
similarity index 71%
rename from db/primary_migrate/20240730185830_create_federal_email_domains_table.rb
rename to db/primary_migrate/20240809152808_create_federal_email_domain.rb
index 93ea5148bb9..ef255ae82cc 100644
--- a/db/primary_migrate/20240730185830_create_federal_email_domains_table.rb
+++ b/db/primary_migrate/20240809152808_create_federal_email_domain.rb
@@ -1,4 +1,4 @@
-class CreateFederalEmailDomainsTable < ActiveRecord::Migration[7.1]
+class CreateFederalEmailDomain < ActiveRecord::Migration[7.1]
   def change
     create_table :federal_email_domains do |t|
       t.citext :name, null: false
diff --git a/db/schema.rb b/db/schema.rb
index 444636df82d..89149b6c6ff 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.1].define(version: 2024_08_07_202012) do
+ActiveRecord::Schema[7.1].define(version: 2024_08_09_152808) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "citext"
   enable_extension "pg_stat_statements"

From 49bf127fc9ee0970de087ead095b6073b773ce5c Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Mon, 12 Aug 2024 13:43:46 -0400
Subject: [PATCH 44/48] include default loading of default domain values

---
 .../piv_cac_recommended_controller_spec.rb    | 14 ++++---
 ...or_authentication_setup_controller_spec.rb | 41 ++++++++++++++++++-
 ...set_up_piv_cac_selection_presenter_spec.rb |  6 ++-
 spec/support/federal_email_domains_helper.rb  |  6 +++
 4 files changed, 60 insertions(+), 7 deletions(-)
 create mode 100644 spec/support/federal_email_domains_helper.rb

diff --git a/spec/controllers/users/piv_cac_recommended_controller_spec.rb b/spec/controllers/users/piv_cac_recommended_controller_spec.rb
index a9bd996aa9f..a7bbedd656e 100644
--- a/spec/controllers/users/piv_cac_recommended_controller_spec.rb
+++ b/spec/controllers/users/piv_cac_recommended_controller_spec.rb
@@ -1,11 +1,13 @@
 require 'rails_helper'
 
 RSpec.describe Users::PivCacRecommendedController do
+  include FederalEmailDomainHelper
   describe 'New user' do
-    let(:user) { create(:user, email: 'example@example.gov') }
+    let(:user) { create(:user, email: 'example@gsa.gov') }
     before do
       stub_sign_in_before_2fa(user)
       stub_analytics
+      default_federal_domains
       controller.user_session[:in_account_creation_flow] = true
     end
 
@@ -28,10 +30,10 @@
   end
 
   describe 'Sign in flow' do
-    let(:user) { create(:user, :with_phone, { email: 'example@example.gov' }) }
+    let(:user) { create(:user, :with_phone, { email: 'example@gsa.gov' }) }
     before do
       stub_analytics
-
+      default_federal_domains
       stub_sign_in(user)
       user.reload
     end
@@ -49,10 +51,11 @@
   end
 
   context '#confirm' do
-    let(:user) { create(:user, email: 'example@example.gov') }
+    let(:user) { create(:user, email: 'example@gsa.gov') }
     before do
       stub_sign_in_before_2fa(user)
       stub_analytics
+      default_federal_domains
       controller.user_session[:in_account_creation_flow] = true
     end
 
@@ -77,10 +80,11 @@
   end
 
   context '#skip' do
-    let(:user) { create(:user, email: 'example@example.gov') }
+    let(:user) { create(:user, email: 'example@gsa.gov') }
     before do
       stub_sign_in_before_2fa(user)
       stub_analytics
+      default_federal_domains
       controller.user_session[:in_account_creation_flow] = true
     end
 
diff --git a/spec/controllers/users/two_factor_authentication_setup_controller_spec.rb b/spec/controllers/users/two_factor_authentication_setup_controller_spec.rb
index 4f49c06b505..933e7c43758 100644
--- a/spec/controllers/users/two_factor_authentication_setup_controller_spec.rb
+++ b/spec/controllers/users/two_factor_authentication_setup_controller_spec.rb
@@ -1,6 +1,7 @@
 require 'rails_helper'
 
 RSpec.describe Users::TwoFactorAuthenticationSetupController do
+  include FederalEmailDomainHelper
   describe 'GET index' do
     let(:user) { create(:user) }
 
@@ -19,7 +20,11 @@
       )
     end
 
-    context 'with user having gov or mil email' do
+    context 'with user having gov or mil email and use_fed_domain_class set to false' do
+      before do
+        allow(IdentityConfig.store).to receive(:use_fed_domain_class).and_return(false)
+        default_federal_domains
+      end
       let(:user) do
         create(:user, email: 'example@example.gov', piv_cac_recommended_dismissed_at: Time.zone.now)
       end
@@ -48,6 +53,40 @@
       end
     end
 
+    context 'with user having gov or mil email and use_fed_domain_class set to true' do
+      before do
+        allow(IdentityConfig.store).to receive(:use_fed_domain_class).and_return(true)
+        default_federal_domains
+      end
+
+      let(:user) do
+        create(:user, email: 'example@gsa.gov', piv_cac_recommended_dismissed_at: Time.zone.now)
+      end
+      context 'having already visited the PIV interstitial page' do
+        it 'tracks the visit in analytics' do
+          get :index
+
+          expect(@analytics).to have_logged_event(
+            'User Registration: 2FA Setup visited',
+            enabled_mfa_methods_count: 0,
+            gov_or_mil_email: true,
+          )
+        end
+      end
+
+      context 'directed to page without having visited PIV interstitial page' do
+        let(:user) do
+          create(:user, email: 'example@gsa.gov')
+        end
+
+        it 'redirects user to piv_recommended_path' do
+          get :index
+
+          expect(response).to redirect_to(login_piv_cac_recommended_url)
+        end
+      end
+    end
+
     context 'when signed out' do
       let(:user) { nil }
 
diff --git a/spec/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter_spec.rb b/spec/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter_spec.rb
index 8dc53015ce0..c03021dc84c 100644
--- a/spec/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter_spec.rb
+++ b/spec/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter_spec.rb
@@ -1,9 +1,13 @@
 require 'rails_helper'
 
 RSpec.describe TwoFactorAuthentication::SetUpPivCacSelectionPresenter do
+  include FederalEmailDomainHelper
+
   let(:user) { create(:user) }
   subject(:presenter) { described_class.new(user:) }
-
+  before do
+    default_federal_domains
+  end
   describe '#type' do
     it 'returns piv_cac' do
       expect(presenter.type).to eq :piv_cac
diff --git a/spec/support/federal_email_domains_helper.rb b/spec/support/federal_email_domains_helper.rb
new file mode 100644
index 00000000000..a5029122aa3
--- /dev/null
+++ b/spec/support/federal_email_domains_helper.rb
@@ -0,0 +1,6 @@
+module FederalEmailDomainHelper
+  def default_federal_domains
+    FederalEmailDomain.create(name: 'gsa.gov')
+    FederalEmailDomain.create(name: 'cbp.dhs.gov')
+  end
+end

From 8753d519a5bc449401b2deabe4a4eb951cbd9caf Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Wed, 14 Aug 2024 09:10:40 -0400
Subject: [PATCH 45/48] address comments

---
 lib/tasks/federal_email_domains.rake                |  2 +-
 .../users/piv_cac_recommended_controller_spec.rb    |  9 ++++-----
 ...o_factor_authentication_setup_controller_spec.rb | 13 +++++++------
 .../set_up_piv_cac_selection_presenter_spec.rb      |  7 ++-----
 spec/support/federal_email_domains_helper.rb        |  6 ------
 5 files changed, 14 insertions(+), 23 deletions(-)
 delete mode 100644 spec/support/federal_email_domains_helper.rb

diff --git a/lib/tasks/federal_email_domains.rake b/lib/tasks/federal_email_domains.rake
index 76c3ec4f2f7..95ac234d520 100644
--- a/lib/tasks/federal_email_domains.rake
+++ b/lib/tasks/federal_email_domains.rake
@@ -14,4 +14,4 @@ namespace :federal_email_domains do
     end
   end
 end
-# rake "fed_email_domains:load_to_db"
+# rake "federal_email_domains:load_to_db"
diff --git a/spec/controllers/users/piv_cac_recommended_controller_spec.rb b/spec/controllers/users/piv_cac_recommended_controller_spec.rb
index a7bbedd656e..69d179b4506 100644
--- a/spec/controllers/users/piv_cac_recommended_controller_spec.rb
+++ b/spec/controllers/users/piv_cac_recommended_controller_spec.rb
@@ -1,13 +1,12 @@
 require 'rails_helper'
 
 RSpec.describe Users::PivCacRecommendedController do
-  include FederalEmailDomainHelper
   describe 'New user' do
     let(:user) { create(:user, email: 'example@gsa.gov') }
+    let!(:federal_domain) { create(:federal_email_domain, name: 'gsa.gov') }
     before do
       stub_sign_in_before_2fa(user)
       stub_analytics
-      default_federal_domains
       controller.user_session[:in_account_creation_flow] = true
     end
 
@@ -31,9 +30,9 @@
 
   describe 'Sign in flow' do
     let(:user) { create(:user, :with_phone, { email: 'example@gsa.gov' }) }
+    let!(:federal_domain) { create(:federal_email_domain, name: 'gsa.gov') }
     before do
       stub_analytics
-      default_federal_domains
       stub_sign_in(user)
       user.reload
     end
@@ -52,10 +51,10 @@
 
   context '#confirm' do
     let(:user) { create(:user, email: 'example@gsa.gov') }
+    let!(:federal_domain) { create(:federal_email_domain, name: 'gsa.gov') }
     before do
       stub_sign_in_before_2fa(user)
       stub_analytics
-      default_federal_domains
       controller.user_session[:in_account_creation_flow] = true
     end
 
@@ -81,10 +80,10 @@
 
   context '#skip' do
     let(:user) { create(:user, email: 'example@gsa.gov') }
+    let!(:federal_domain) { create(:federal_email_domain, name: 'gsa.gov') }
     before do
       stub_sign_in_before_2fa(user)
       stub_analytics
-      default_federal_domains
       controller.user_session[:in_account_creation_flow] = true
     end
 
diff --git a/spec/controllers/users/two_factor_authentication_setup_controller_spec.rb b/spec/controllers/users/two_factor_authentication_setup_controller_spec.rb
index 933e7c43758..10a9a4166d9 100644
--- a/spec/controllers/users/two_factor_authentication_setup_controller_spec.rb
+++ b/spec/controllers/users/two_factor_authentication_setup_controller_spec.rb
@@ -1,7 +1,6 @@
 require 'rails_helper'
 
 RSpec.describe Users::TwoFactorAuthenticationSetupController do
-  include FederalEmailDomainHelper
   describe 'GET index' do
     let(:user) { create(:user) }
 
@@ -21,13 +20,15 @@
     end
 
     context 'with user having gov or mil email and use_fed_domain_class set to false' do
-      before do
-        allow(IdentityConfig.store).to receive(:use_fed_domain_class).and_return(false)
-        default_federal_domains
-      end
       let(:user) do
         create(:user, email: 'example@example.gov', piv_cac_recommended_dismissed_at: Time.zone.now)
       end
+      let!(:federal_domain) { create(:federal_email_domain, name: 'gsa.gov') }
+
+      before do
+        allow(IdentityConfig.store).to receive(:use_fed_domain_class).and_return(false)
+      end
+
       context 'having already visited the PIV interstitial page' do
         it 'tracks the visit in analytics' do
           get :index
@@ -56,9 +57,9 @@
     context 'with user having gov or mil email and use_fed_domain_class set to true' do
       before do
         allow(IdentityConfig.store).to receive(:use_fed_domain_class).and_return(true)
-        default_federal_domains
       end
 
+      let!(:federal_domain) { create(:federal_email_domain, name: 'gsa.gov') }
       let(:user) do
         create(:user, email: 'example@gsa.gov', piv_cac_recommended_dismissed_at: Time.zone.now)
       end
diff --git a/spec/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter_spec.rb b/spec/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter_spec.rb
index c03021dc84c..8499e9c53fb 100644
--- a/spec/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter_spec.rb
+++ b/spec/presenters/two_factor_authentication/set_up_piv_cac_selection_presenter_spec.rb
@@ -1,13 +1,10 @@
 require 'rails_helper'
 
 RSpec.describe TwoFactorAuthentication::SetUpPivCacSelectionPresenter do
-  include FederalEmailDomainHelper
-
   let(:user) { create(:user) }
+  let!(:federal_domain) { create(:federal_email_domain, name: 'gsa.gov') }
   subject(:presenter) { described_class.new(user:) }
-  before do
-    default_federal_domains
-  end
+
   describe '#type' do
     it 'returns piv_cac' do
       expect(presenter.type).to eq :piv_cac
diff --git a/spec/support/federal_email_domains_helper.rb b/spec/support/federal_email_domains_helper.rb
deleted file mode 100644
index a5029122aa3..00000000000
--- a/spec/support/federal_email_domains_helper.rb
+++ /dev/null
@@ -1,6 +0,0 @@
-module FederalEmailDomainHelper
-  def default_federal_domains
-    FederalEmailDomain.create(name: 'gsa.gov')
-    FederalEmailDomain.create(name: 'cbp.dhs.gov')
-  end
-end

From d32b774563d732a47893310622378931ea64e248 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Mon, 26 Aug 2024 12:57:24 -0400
Subject: [PATCH 46/48] fix merge conflict

---
 db/schema.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/db/schema.rb b/db/schema.rb
index e57e4486528..008601e3195 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.1].define(version: 2024_08_09_152808) do
+ActiveRecord::Schema[7.1].define(version: 2024_08_22_182932) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "citext"
   enable_extension "pg_stat_statements"

From 9077fa12085ac75ee7c88d6ab5c69e4d67523564 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Mon, 26 Aug 2024 12:59:05 -0400
Subject: [PATCH 47/48] update application config

---
 config/application.yml.default | 1 -
 1 file changed, 1 deletion(-)

diff --git a/config/application.yml.default b/config/application.yml.default
index 9c2889a5e9e..4e450103410 100644
--- a/config/application.yml.default
+++ b/config/application.yml.default
@@ -495,7 +495,6 @@ production:
   skip_encryption_allowed_list: '["urn:gov:gsa:SAML:2.0.profiles:sp:sso:dev", "urn:gov:gsa:SAML:2.0.profiles:sp:sso:int"]'
   state_tracking_enabled: false
   telephony_adapter: pinpoint
-  use_fed_domain_class: false
   use_kms: true
   usps_auth_token_refresh_job_enabled: true
   usps_upload_sftp_directory: ''

From 06e41527ed1d64965ec2a001aaef26629d88e557 Mon Sep 17 00:00:00 2001
From: Malick Diarra <malick.diarra@gsa.gov>
Date: Mon, 26 Aug 2024 15:10:37 -0400
Subject: [PATCH 48/48] fix schema

---
 db/schema.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/db/schema.rb b/db/schema.rb
index 008601e3195..565747b4d73 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.1].define(version: 2024_08_22_182932) do
+ActiveRecord::Schema[7.1].define(version: 2024_08_22_122355) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "citext"
   enable_extension "pg_stat_statements"