LG507: Remove PIV/CAC feature flag

app/controllers/test/piv_cac_authentication_test_subject_controller.rb

@@ -32,7 +32,7 @@ def referrer_uri
     end
 
     def must_be_in_development
-      redirect_to root_url unless FeatureManagement.development_and_piv_cac_entry_enabled?
+      redirect_to root_url unless FeatureManagement.development_and_identity_pki_disabled?
     end
 
     def token_from_params

app/models/piv_cac_configuration.rb

@@ -8,7 +8,7 @@ def initialize(user)
   end
 
   def mfa_enabled?
-    FeatureManagement.piv_cac_enabled? && user&.x509_dn_uuid.present?
+    user&.x509_dn_uuid.present?
   end
 
   def mfa_confirmed?(proposed_uuid)

app/policies/two_factor_authentication/piv_cac_policy.rb

@@ -5,7 +5,7 @@ def initialize(user)
     end
 
     def configured?
-      FeatureManagement.piv_cac_enabled? && user&.x509_dn_uuid.present?
+      user&.x509_dn_uuid.present?
     end
 
     def enabled?

app/services/piv_cac_service.rb

@@ -14,7 +14,7 @@ def decode_token(token)
     end
 
     def piv_cac_service_link(nonce)
-      if FeatureManagement.development_and_piv_cac_entry_enabled?
+      if FeatureManagement.development_and_identity_pki_disabled?
         test_piv_cac_entry_url
       else
         uri = URI(randomize_uri(Figaro.env.piv_cac_service_url))
@@ -29,7 +29,6 @@ def piv_cac_verify_token_link
     end
 
     def piv_cac_available_for_agency?(agency, email = nil)
-      return unless FeatureManagement.piv_cac_enabled?
       available_for_agency?(agency) || available_for_email?(agency, email)
     end
 
@@ -120,7 +119,7 @@ def decode_token_response(res)
     end
 
     def decode_test_token(token)
-      if FeatureManagement.development_and_piv_cac_entry_enabled?
+      if FeatureManagement.development_and_identity_pki_disabled?
         JSON.parse(token[5..-1])
       else
         { 'error' => 'token.bad' }

config/application.yml.example

@@ -143,7 +143,6 @@ development:
   password_strength_enabled: 'true'
   piv_cac_agencies: '["Test Government Agency"]'
   piv_cac_email_domains: '[".mil"]'
-  piv_cac_enabled: 'true'
   piv_cac_verify_token_secret: 'ee7f20f44cdc2ba0c6830f70470d1d1d059e1279cdb58134db92b35947b1528ef5525ece5910cf4f2321ab989a618feea12ef95711dbc62b9601e8520a34ee12'
   piv_cac_service_url: 'https://localhost:8443/'
   piv_cac_verify_token_url: 'https://localhost:8443/'
@@ -261,7 +260,6 @@ production:
   piv_cac_agencies: '["DOD","NGA","EOP"]'
   piv_cac_agencies_scoped_by_email: '["GSA"]'
   piv_cac_email_domains: '[".mil"]'
-  piv_cac_enabled: 'false'
   pkcs11_lib: '/opt/cloudhsm/lib/libcloudhsm_pkcs11.so'
   programmable_sms_countries: 'US,CA,MX'
   proofer_mock_fallback: 'true'
@@ -372,7 +370,6 @@ test:
   password_strength_enabled: 'false'
   piv_cac_agencies: '["Test Government Agency"]'
   piv_cac_email_domains: '[".mil"]'
-  piv_cac_enabled: 'true'
   piv_cac_service_url: 'https://localhost:8443/'
   piv_cac_verify_token_secret: '3ac13bfa23e22adae321194c083e783faf89469f6f85dcc0802b27475c94b5c3891b5657bd87d0c1ad65de459166440512f2311018db90d57b15d8ab6660748f'
   piv_cac_verify_token_url: 'https://localhost:8443/'

config/routes.rb

@@ -69,9 +69,7 @@
       post '/login/two_factor/authenticator' => 'two_factor_authentication/totp_verification#create'
       get '/login/two_factor/personal_key' => 'two_factor_authentication/personal_key_verification#show'
       post '/login/two_factor/personal_key' => 'two_factor_authentication/personal_key_verification#create'
-      if FeatureManagement.piv_cac_enabled?
-        get '/login/two_factor/piv_cac' => 'two_factor_authentication/piv_cac_verification#show'
-      end
+      get '/login/two_factor/piv_cac' => 'two_factor_authentication/piv_cac_verification#show'
       if FeatureManagement.webauthn_enabled?
         get '/login/two_factor/webauthn' => 'two_factor_authentication/webauthn_verification#show'
         patch '/login/two_factor/webauthn' => 'two_factor_authentication/webauthn_verification#confirm'
@@ -93,10 +91,8 @@
         get '/saml/decode_assertion' => 'saml_test#start'
         post '/saml/decode_assertion' => 'saml_test#decode_response'
         post '/saml/decode_slo_request' => 'saml_test#decode_slo_request'
-        if FeatureManagement.piv_cac_enabled?
-          get '/piv_cac_entry' => 'piv_cac_authentication_test_subject#new'
-          post '/piv_cac_entry' => 'piv_cac_authentication_test_subject#create'
-        end
+        get '/piv_cac_entry' => 'piv_cac_authentication_test_subject#new'
+        post '/piv_cac_entry' => 'piv_cac_authentication_test_subject#create'
       end
     end
 
@@ -117,11 +113,9 @@
          as: :create_verify_personal_key
     get '/account_recovery_setup' => 'account_recovery_setup#index'
 
-    if FeatureManagement.piv_cac_enabled?
-      get '/piv_cac' => 'users/piv_cac_authentication_setup#new', as: :setup_piv_cac
-      delete '/piv_cac' => 'users/piv_cac_authentication_setup#delete', as: :disable_piv_cac
-      get '/present_piv_cac' => 'users/piv_cac_authentication_setup#redirect_to_piv_cac_service', as: :redirect_to_piv_cac_service
-    end
+    get '/piv_cac' => 'users/piv_cac_authentication_setup#new', as: :setup_piv_cac
+    delete '/piv_cac' => 'users/piv_cac_authentication_setup#delete', as: :disable_piv_cac
+    get '/present_piv_cac' => 'users/piv_cac_authentication_setup#redirect_to_piv_cac_service', as: :redirect_to_piv_cac_service
 
     if FeatureManagement.webauthn_enabled?
       get '/webauthn_setup' => 'users/webauthn_setup#new', as: :webauthn_setup

lib/feature_management.rb

@@ -13,21 +13,17 @@ def self.telephony_disabled?
     Figaro.env.telephony_disabled == 'true'
   end
 
-  def self.piv_cac_enabled?
-    Figaro.env.piv_cac_enabled == 'true'
-  end
-
   def self.identity_pki_disabled?
     env = Figaro.env
     env.identity_pki_disabled == 'true' ||
       !env.piv_cac_service_url ||
       !env.piv_cac_verify_token_url
   end
 
-  def self.development_and_piv_cac_entry_enabled?
+  def self.development_and_identity_pki_disabled?
     # This controls if we try to hop over to identity-pki or just throw up
     # a screen asking for a Subject or one of a list of error conditions.
-    Rails.env.development? && piv_cac_enabled? && identity_pki_disabled?
+    Rails.env.development? && identity_pki_disabled?
   end
 
   def self.prefill_otp_codes?

spec/controllers/test/piv_cac_authentication_test_subject_controller_spec.rb

@@ -5,12 +5,11 @@
     before(:each) do
       allow(Rails.env).to receive(:development?) { false }
       allow(Figaro.env).to receive(:enable_test_routes) { 'true' }
-      allow(Figaro.env).to receive(:piv_cac_enabled) { 'true' }
     end
 
-    describe 'FeatureManagement#development_and_piv_cac_entry_enabled?' do
+    describe 'FeatureManagement#development_and_identity_pki_disabled?' do
       it 'is disabled' do
-        expect(FeatureManagement.development_and_piv_cac_entry_enabled?).to be_falsey
+        expect(FeatureManagement.development_and_identity_pki_disabled?).to be_falsey
       end
     end
 
@@ -39,12 +38,11 @@
     before(:each) do
       allow(Rails.env).to receive(:development?) { true }
       allow(Figaro.env).to receive(:enable_test_routes) { 'true' }
-      allow(Figaro.env).to receive(:piv_cac_enabled) { 'true' }
     end
 
-    describe 'FeatureManagement#development_and_piv_cac_entry_enabled?' do
+    describe 'FeatureManagement#development_and_identity_pki_disabled?' do
       it 'is enabled' do
-        expect(FeatureManagement.development_and_piv_cac_entry_enabled?).to be_truthy
+        expect(FeatureManagement.development_and_identity_pki_disabled?).to be_truthy
       end
     end
 

spec/controllers/two_factor_authentication/options_controller_spec.rb

@@ -94,7 +94,6 @@
   end
 
   def piv_cac_webauthn_enabled(bool)
-    allow(Figaro.env).to receive(:piv_cac_enabled) { bool }
     allow(Figaro.env).to receive(:webauthn_enabled) { bool }
     Rails.application.reload_routes!
   end

spec/features/users/piv_cac_management_spec.rb

@@ -7,10 +7,6 @@ def find_form(page, attributes)
     end
   end
 
-  before(:each) do
-    allow(Figaro.env).to receive(:piv_cac_enabled).and_return('true')
-  end
-
   context 'with no piv/cac associated yet' do
     let(:uuid) { SecureRandom.uuid }
     let(:user) { create(:user, :signed_up, :with_phone, with: { phone: '+1 202-555-1212' }) }

spec/features/users/sign_up_spec.rb

@@ -168,7 +168,6 @@
 
   it 'does not allow a user to choose piv/cac as 2FA method during sign up' do
     allow(PivCacService).to receive(:piv_cac_available_for_agency?).and_return(false)
-    allow(FeatureManagement).to receive(:piv_cac_enabled?).and_return(true)
     begin_sign_up_with_sp_and_loa(loa3: false)
 
     expect(page).to have_current_path two_factor_options_path

spec/lib/feature_management_spec.rb

@@ -214,28 +214,6 @@
   end
 
   describe 'piv/cac feature' do
-    describe '#piv_cac_enabled?' do
-      context 'when enabled' do
-        before(:each) do
-          allow(Figaro.env).to receive(:piv_cac_enabled) { 'true' }
-        end
-
-        it 'has the feature disabled' do
-          expect(FeatureManagement.piv_cac_enabled?).to be_truthy
-        end
-      end
-
-      context 'when disabled' do
-        before(:each) do
-          allow(Figaro.env).to receive(:piv_cac_enabled) { 'false' }
-        end
-
-        it 'has the feature disabled' do
-          expect(FeatureManagement.piv_cac_enabled?).to be_falsey
-        end
-      end
-    end
-
     describe '#identity_pki_disabled?' do
       context 'when enabled' do
         before(:each) do
@@ -258,29 +236,23 @@
       end
     end
 
-    describe '#development_and_piv_cac_entry_enabled?' do
+    describe '#development_and_identity_pki_disabled?' do
       context 'in development environment' do
         before(:each) do
           allow(Rails.env).to receive(:development?).and_return(true)
         end
 
-        context 'has piv/cac enabled' do
-          before(:each) do
-            allow(Figaro.env).to receive(:piv_cac_enabled) { 'true' }
-          end
-
-          it 'has piv/cac test entry enabled' do
-            expect(FeatureManagement.development_and_piv_cac_entry_enabled?).to be_truthy
+        context 'identity_pki disabled' do
+          it 'returns true' do
+            allow(Figaro.env).to receive(:identity_pki_disabled) { 'true' }
+            expect(FeatureManagement.development_and_identity_pki_disabled?).to be_truthy
           end
         end
 
-        context 'has piv/cac disabled' do
-          before(:each) do
-            allow(Figaro.env).to receive(:piv_cac_enabled) { 'false' }
-          end
-
-          it 'has piv/cac test entry disabled' do
-            expect(FeatureManagement.development_and_piv_cac_entry_enabled?).to be_falsey
+        context 'identity_pki not disabled' do
+          it 'returns false' do
+            allow(Figaro.env).to receive(:identity_pki_disabled) { 'false' }
+            expect(FeatureManagement.development_and_identity_pki_disabled?).to be_falsey
           end
         end
       end
@@ -291,23 +263,17 @@
           allow(Rails.env).to receive(:development?).and_return(false)
         end
 
-        context 'has piv/cac enabled' do
-          before(:each) do
-            allow(Figaro.env).to receive(:piv_cac_enabled) { 'true' }
-          end
-
-          it 'has piv/cac test entry disabled' do
-            expect(FeatureManagement.development_and_piv_cac_entry_enabled?).to be_falsey
+        context 'identity_pki disabled' do
+          it 'returns false' do
+            allow(Figaro.env).to receive(:identity_pki_disabled) { 'true' }
+            expect(FeatureManagement.development_and_identity_pki_disabled?).to be_falsey
           end
         end
 
-        context 'has piv/cac disabled' do
-          before(:each) do
-            allow(Figaro.env).to receive(:piv_cac_enabled) { 'false' }
-          end
-
-          it 'has piv/cac test entry disabled' do
-            expect(FeatureManagement.development_and_piv_cac_entry_enabled?).to be_falsey
+        context 'identity_pki not disabled' do
+          it 'returns false' do
+            allow(Figaro.env).to receive(:identity_pki_disabled) { 'false' }
+            expect(FeatureManagement.development_and_identity_pki_disabled?).to be_falsey
           end
         end
       end

spec/policies/two_factor_authentication/piv_cac_policy_spec.rb

@@ -4,10 +4,6 @@
   let(:subject) { described_class.new(user) }
 
   describe '#available?' do
-    before(:each) do
-      allow(Figaro.env).to receive(:piv_cac_enabled).and_return('true')
-    end
-
     context 'when a user has no identities' do
       let(:user) { create(:user) }
 
@@ -51,16 +47,6 @@
         it 'does allows piv/cac' do
           expect(subject.available?).to be_truthy
         end
-
-        context 'but piv/cac feature is not enabled' do
-          before(:each) do
-            allow(Figaro.env).to receive(:piv_cac_enabled).and_return('false')
-          end
-
-          it 'does not allow piv/cac' do
-            expect(subject.available?).to be_falsey
-          end
-        end
       end
     end
 
@@ -74,17 +60,6 @@
       it 'allow piv/cac visibility' do
         expect(subject.visible?).to be_truthy
       end
-
-      context 'but the piv/cac feature is disabled' do
-        before(:each) do
-          allow(Figaro.env).to receive(:piv_cac_enabled).and_return('false')
-        end
-
-        it 'does not allow piv/cac' do
-          expect(subject.available?).to be_falsey
-          expect(subject.visible?).to be_falsey
-        end
-      end
     end
   end