LG-6803: Revise SP context requirement to configuration

app/controllers/concerns/idv_session.rb

@@ -53,8 +53,7 @@ def redirect_unless_effective_user
 
   def redirect_if_sp_context_needed
     return if sp_from_sp_session.present?
-    return unless Identity::Hostdata.in_datacenter?
-    return if Identity::Hostdata.env != IdentityConfig.store.sp_context_needed_environment
+    return unless IdentityConfig.store.idv_sp_required
     return if effective_user.profiles.any?
 
     redirect_to account_url

config/application.yml.default

@@ -102,6 +102,7 @@ idv_public_key: 'LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZ3d0RRWUpLb1pJaHZjTkFRRUJ
 idv_private_key: 'LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlCT2dJQkFBSkJBS3p4d25rbUxqeGx1NmhsRlQ2d2JreUlweHNtYkMyaGNhblMwaG5abUNEYitMSFowTnNBCjdHWURpZkMxQlRBMHRuRFo0Zm9HNTRmYjNzYk9ubGpGWXVNQ0F3RUFBUUpCQUp6TUMvOSs2RWlHQzkrZTFlWWkKVzc0ejN4MjBkanZndFlhOHh4UDh2ZnA3TjdKQXMvaGNUbjVLOCtDM2swaXUyR2RNb21qSlp2ckxwT0IyTWh4RQo3QkVDSVFEVERhbVRCMHhKSlVpV0ljNk15Y0dFa2J4SEZ3eEtURVNCaHhzREFISDZEUUloQU5IR2NwVUs5dmVSCkdrZlZTOS9MSVNZQlk2YzRUZk1NUFJZU21KVHFNRVN2QWlBZFdiY05aV1JzZjZ6YWhCVVBhemRvVWtRV3R0UFUKdVVxRm9ONVd5b2NQT1FJZ1FrUjlaK1haMUtVcTl5eERWc1FWaWFzQXJ3K1RXRWN5ZU9tUTkrSHZNNU1DSUcrMQpxVldqNW9PL0FBSU1QbXZVZmp5L0JnMnhEQVRiOEp6alFrQ3dLSnNwCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg=='
 idv_send_link_attempt_window_in_minutes: 10
 idv_send_link_max_attempts: 5
+idv_sp_required: false
 in_person_proofing_enabled: true
 include_slo_in_saml_metadata: false
 irs_attempt_api_audience: 'https://irs.gov'
@@ -234,7 +235,6 @@ session_timeout_in_minutes: 15
 session_timeout_warning_seconds: 150
 session_total_duration_timeout_in_minutes: 720
 set_remember_device_session_expiration: false
-sp_context_needed_environment: 'prod'
 sp_handoff_bounce_max_seconds: 2
 show_user_attribute_deprecation_warnings: false
 test_ssn_allowed_list: ''
@@ -369,6 +369,7 @@ production:
   enable_usps_verification: false
   hmac_fingerprinter_key:
   hmac_fingerprinter_key_queue: '[]'
+  idv_sp_required: true
   in_person_proofing_enabled: false
   irs_attempt_api_public_key: change-me-pls
   kantara_2fa_phone_restricted: false

lib/identity_config.rb

@@ -176,6 +176,7 @@ def self.build_store(config_map)
     config.add(:idv_public_key, type: :string)
     config.add(:idv_send_link_attempt_window_in_minutes, type: :integer)
     config.add(:idv_send_link_max_attempts, type: :integer)
+    config.add(:idv_sp_required, type: :boolean)
     config.add(:in_person_proofing_enabled, type: :boolean)
     config.add(:include_slo_in_saml_metadata, type: :boolean)
     config.add(:irs_attempt_api_audience)
@@ -327,7 +328,6 @@ def self.build_store(config_map)
     config.add(:set_remember_device_session_expiration, type: :boolean)
     config.add(:show_user_attribute_deprecation_warnings, type: :boolean)
     config.add(:skip_encryption_allowed_list, type: :json)
-    config.add(:sp_context_needed_environment, type: :string)
     config.add(:sp_handoff_bounce_max_seconds, type: :integer)
     config.add(:sps_over_quota_limit_notify_email_list, type: :json)
     config.add(:state_tracking_enabled, type: :boolean)

spec/controllers/idv_controller_spec.rb

@@ -72,18 +72,16 @@
 
     context 'no SP context' do
       let(:user) { build(:user, password: ControllerHelper::VALID_PASSWORD) }
+      let(:idv_sp_required) { false }
 
       before do
         stub_sign_in(user)
         session[:sp] = {}
-        allow(Identity::Hostdata).to receive(:in_datacenter?).and_return(true)
-        allow(IdentityConfig.store).to receive(:sp_context_needed_environment).and_return('prod')
+        allow(IdentityConfig.store).to receive(:idv_sp_required).and_return(idv_sp_required)
       end
 
-      context 'prod environment' do
-        before do
-          allow(Identity::Hostdata).to receive(:env).and_return('prod')
-        end
+      context 'sp required' do
+        let(:idv_sp_required) { true }
 
         it 'redirects back to the account page' do
           get :index
@@ -105,23 +103,8 @@
         end
       end
 
-      context 'non-prod environment' do
-        before do
-          allow(Identity::Hostdata).to receive(:env).and_return('staging')
-        end
-
-        it 'begins the identity proofing process' do
-          get :index
-
-          expect(response).to redirect_to idv_doc_auth_url
-        end
-      end
-
-      context 'local development' do
-        before do
-          allow(Identity::Hostdata).to receive(:env).and_return(nil)
-          allow(Identity::Hostdata).to receive(:in_datacenter?).and_return(false)
-        end
+      context 'sp not required' do
+        let(:idv_sp_required) { false }
 
         it 'begins the identity proofing process' do
           get :index