From 9d0b665da02199638df9720581df15c90e7d0c10 Mon Sep 17 00:00:00 2001
From: Vraj Mohan <vraj.mohan@gsa.gov>
Date: Tue, 20 May 2025 20:48:07 -0700
Subject: [PATCH] Use separate feature flag for logging duplicate profiles

changelog: Internal, One Verified Account, Use separate feature flag for logging duplicate profiles

Separating the feature flags so that we can turn on the recording of
duplicates without having to also have the user confirm the duplicate
accounts. This is intended to be a short-lived feature flag; we will
remove it as soon as we can confirm that it works as intended.
---
 app/services/duplicate_profile_checker.rb       |  6 +-----
 config/application.yml.default                  |  2 ++
 lib/identity_config.rb                          |  1 +
 spec/services/duplicate_profile_checker_spec.rb | 11 ++++++-----
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/app/services/duplicate_profile_checker.rb b/app/services/duplicate_profile_checker.rb
index 989f7c2dbc1..b6a9f620fad 100644
--- a/app/services/duplicate_profile_checker.rb
+++ b/app/services/duplicate_profile_checker.rb
@@ -11,7 +11,7 @@ def initialize(user:, user_session:, sp:)
   end
 
   def check_for_duplicate_profiles
-    return unless sp_eligible_for_one_account?
+    return unless IdentityConfig.store.feature_one_verified_account_log_duplicate_profiles
     return unless user_has_ial2_profile?
     cacher = Pii::Cacher.new(user, user_session)
 
@@ -40,10 +40,6 @@ def check_for_duplicate_profiles
 
   private
 
-  def sp_eligible_for_one_account?
-    sp.present? && IdentityConfig.store.eligible_one_account_providers.include?(sp.issuer)
-  end
-
   def user_has_ial2_profile?
     user.identity_verified_with_facial_match?
   end
diff --git a/config/application.yml.default b/config/application.yml.default
index 2a9ee13429e..73774900634 100644
--- a/config/application.yml.default
+++ b/config/application.yml.default
@@ -157,6 +157,7 @@ event_disavowal_expiration_hours: 240
 facial_match_general_availability_enabled: true
 feature_idv_force_gpo_verification_enabled: false
 feature_idv_hybrid_flow_enabled: true
+feature_one_verified_account_log_duplicate_profiles: true
 geo_data_file_path: 'geo_data/GeoLite2-City.mmdb'
 get_usps_proofing_results_job_cron: '0/30 * * * *'
 get_usps_proofing_results_job_reprocess_delay_minutes: 5
@@ -559,6 +560,7 @@ production:
   enable_usps_verification: false
   encrypted_document_storage_s3_bucket: ''
   facial_match_general_availability_enabled: false
+  feature_one_verified_account_log_duplicate_profiles: false
   idv_sp_required: true
   in_person_passports_enabled: false
   invalid_gpo_confirmation_zipcode: ''
diff --git a/lib/identity_config.rb b/lib/identity_config.rb
index 5e17686dc6b..9f90616481b 100644
--- a/lib/identity_config.rb
+++ b/lib/identity_config.rb
@@ -175,6 +175,7 @@ def self.store
     config.add(:facial_match_general_availability_enabled, type: :boolean)
     config.add(:feature_idv_force_gpo_verification_enabled, type: :boolean)
     config.add(:feature_idv_hybrid_flow_enabled, type: :boolean)
+    config.add(:feature_one_verified_account_log_duplicate_profiles, type: :boolean)
     config.add(:irs_authentication_issuers, type: :json)
     config.add(:irs_authentication_emails, type: :json)
     config.add(:irs_fraud_metrics_issuers, type: :json)
diff --git a/spec/services/duplicate_profile_checker_spec.rb b/spec/services/duplicate_profile_checker_spec.rb
index fa9a78b8832..48117cab68e 100644
--- a/spec/services/duplicate_profile_checker_spec.rb
+++ b/spec/services/duplicate_profile_checker_spec.rb
@@ -26,10 +26,10 @@
       profile.save
     end
 
-    context 'when service provider eligible for duplicate profile check' do
+    context 'when feature flag feature_one_verified_account_log_duplicate_profiles is enabled' do
       before do
-        allow(IdentityConfig.store).to receive(:eligible_one_account_providers)
-          .and_return([sp.issuer])
+        allow(IdentityConfig.store).to receive(:feature_one_verified_account_log_duplicate_profiles)
+          .and_return(true)
 
         session[:encrypted_profiles] = {
           profile.id.to_s => SessionEncryptor.new.kms_encrypt(active_pii.to_json),
@@ -186,9 +186,10 @@
       end
     end
 
-    context 'when service provider not eligible for duplicate profile check' do
+    context 'when feature flag feature_one_verified_account_log_duplicate_profiles is disabled' do
       before do
-        allow(IdentityConfig.store).to receive(:eligible_one_account_providers).and_return([])
+        allow(IdentityConfig.store).to receive(:feature_one_verified_account_log_duplicate_profiles)
+          .and_return(false)
       end
 
       it 'does not create a new duplicate profile confirmation' do