diff --git a/app/controllers/concerns/verify_profile_concern.rb b/app/controllers/concerns/verify_profile_concern.rb index 107aa91506e..96c957f0ea0 100644 --- a/app/controllers/concerns/verify_profile_concern.rb +++ b/app/controllers/concerns/verify_profile_concern.rb @@ -24,8 +24,6 @@ def user_last_signed_in_more_than_5_months_ago? def profile_needs_verification? return false if current_user.blank? - return false if sp_session[:ial2_strict] && - !IdentityConfig.store.gpo_allowed_for_strict_ial2 current_user.decorate.pending_profile_requires_verification? || user_needs_to_reactivate_account? end diff --git a/app/controllers/idv/doc_auth_controller.rb b/app/controllers/idv/doc_auth_controller.rb index 7d225b4ab30..627c98e6b85 100644 --- a/app/controllers/idv/doc_auth_controller.rb +++ b/app/controllers/idv/doc_auth_controller.rb @@ -31,8 +31,6 @@ def return_to_sp end def redirect_if_pending_profile - return if sp_session[:ial2_strict] && - !IdentityConfig.store.gpo_allowed_for_strict_ial2 redirect_to idv_gpo_verify_url if current_user.decorate.pending_profile_requires_verification? end diff --git a/app/controllers/idv/gpo_controller.rb b/app/controllers/idv/gpo_controller.rb index dbb41fbec35..1c4594094ca 100644 --- a/app/controllers/idv/gpo_controller.rb +++ b/app/controllers/idv/gpo_controller.rb @@ -7,7 +7,6 @@ class GpoController < ApplicationController before_action :confirm_idv_needed before_action :confirm_user_completed_idv_profile_step before_action :confirm_mail_not_spammed - before_action :confirm_gpo_allowed_if_strict_ial2 def index @presenter = GpoPresenter.new(current_user, url_options) @@ -57,12 +56,6 @@ def resend_requested? current_user.decorate.pending_profile_requires_verification? end - def confirm_gpo_allowed_if_strict_ial2 - return unless sp_session[:ial2_strict] - return if IdentityConfig.store.gpo_allowed_for_strict_ial2 - redirect_to idv_phone_url - end - def confirm_mail_not_spammed redirect_to idv_review_url if idv_session.address_mechanism_chosen? && gpo_mail_service.mail_spammed? diff --git a/app/controllers/idv/otp_delivery_method_controller.rb b/app/controllers/idv/otp_delivery_method_controller.rb index dae6b4d1a1c..51cbbbcd48b 100644 --- a/app/controllers/idv/otp_delivery_method_controller.rb +++ b/app/controllers/idv/otp_delivery_method_controller.rb @@ -115,9 +115,7 @@ def otp_delivery_selection_form def gpo_letter_available return @gpo_letter_available if defined?(@gpo_letter_available) @gpo_letter_available ||= FeatureManagement.enable_gpo_verification? && - !Idv::GpoMail.new(current_user).mail_spammed? && - !(sp_session[:ial2_strict] && - !IdentityConfig.store.gpo_allowed_for_strict_ial2) + !Idv::GpoMail.new(current_user).mail_spammed? end end end diff --git a/app/controllers/idv/phone_controller.rb b/app/controllers/idv/phone_controller.rb index 3af426ccf82..b6791bb5b6c 100644 --- a/app/controllers/idv/phone_controller.rb +++ b/app/controllers/idv/phone_controller.rb @@ -146,9 +146,7 @@ def new_phone_added? def gpo_letter_available return @gpo_letter_available if defined?(@gpo_letter_available) @gpo_letter_available ||= FeatureManagement.enable_gpo_verification? && - !Idv::GpoMail.new(current_user).mail_spammed? && - !(sp_session[:ial2_strict] && - !IdentityConfig.store.gpo_allowed_for_strict_ial2) + !Idv::GpoMail.new(current_user).mail_spammed? end end end diff --git a/app/controllers/idv/phone_errors_controller.rb b/app/controllers/idv/phone_errors_controller.rb index 1975f1ca19b..f059122fdb9 100644 --- a/app/controllers/idv/phone_errors_controller.rb +++ b/app/controllers/idv/phone_errors_controller.rb @@ -51,9 +51,7 @@ def track_event(type:) def set_gpo_letter_available return @gpo_letter_available if defined?(@gpo_letter_available) @gpo_letter_available ||= FeatureManagement.enable_gpo_verification? && - !Idv::GpoMail.new(current_user).mail_spammed? && - !(sp_session[:ial2_strict] && - !IdentityConfig.store.gpo_allowed_for_strict_ial2) + !Idv::GpoMail.new(current_user).mail_spammed? end # rubocop:enable Naming/MemoizedInstanceVariableName end diff --git a/app/models/profile.rb b/app/models/profile.rb index 10b496b228c..2ffc54c38d5 100644 --- a/app/models/profile.rb +++ b/app/models/profile.rb @@ -102,9 +102,7 @@ def includes_phone_check? def strict_ial2_proofed? return false unless active - return false unless includes_liveness_check? - return true if IdentityConfig.store.gpo_allowed_for_strict_ial2 - includes_phone_check? + includes_liveness_check? end def has_proofed_before? diff --git a/config/application.yml.default b/config/application.yml.default index aa7ab3f59a5..b2b3408a652 100644 --- a/config/application.yml.default +++ b/config/application.yml.default @@ -303,7 +303,6 @@ usps_mock_fallback: true get_usps_proofing_results_job_cron: '0/10 * * * *' get_usps_proofing_results_job_reprocess_delay_minutes: 5 get_usps_proofing_results_job_request_delay_milliseconds: 1000 -gpo_allowed_for_strict_ial2: true voice_otp_pause_time: '0.5s' voice_otp_speech_rate: 'slow' voip_check: true diff --git a/lib/identity_config.rb b/lib/identity_config.rb index bec9abfec42..4cd644ca915 100644 --- a/lib/identity_config.rb +++ b/lib/identity_config.rb @@ -390,7 +390,6 @@ def self.build_store(config_map) config.add(:get_usps_proofing_results_job_cron, type: :string) config.add(:get_usps_proofing_results_job_reprocess_delay_minutes, type: :integer) config.add(:get_usps_proofing_results_job_request_delay_milliseconds, type: :integer) - config.add(:gpo_allowed_for_strict_ial2, type: :boolean) config.add(:usps_upload_sftp_directory, type: :string) config.add(:usps_upload_sftp_host, type: :string) config.add(:usps_upload_sftp_password, type: :string) diff --git a/spec/features/idv/strict_ial2/upgrade_spec.rb b/spec/features/idv/strict_ial2/upgrade_spec.rb deleted file mode 100644 index 43c10d14c53..00000000000 --- a/spec/features/idv/strict_ial2/upgrade_spec.rb +++ /dev/null @@ -1,58 +0,0 @@ -require 'rails_helper' - -feature 'Strict IAL2 upgrade', js: true do - include IdvHelper - include OidcAuthHelper - include SamlAuthHelper - include DocAuthHelper - - before { allow(IdentityConfig.store).to receive(:liveness_checking_enabled).and_return(true) } - - context 'strict IAL2 does not allow a phone check' do - before do - allow(IdentityConfig.store).to receive( - :gpo_allowed_for_strict_ial2, - ).and_return(false) - end - - scenario 'an IAL2 strict request for a user without a phone check triggers an upgrade' do - user = create( - :profile, :active, :verified, - pii: { first_name: 'John', ssn: '111223333' }, - proofing_components: { liveness_check: :acuant, address_check: :gpo_letter } - ).user - visit_idp_from_oidc_sp_with_ial2_strict - sign_in_user(user) - fill_in_code_with_last_phone_otp - click_submit_default - click_agree_and_continue_optional - - expect(page.current_path).to eq(idv_doc_auth_welcome_step) - - complete_all_doc_auth_steps_before_password_step - fill_in 'Password', with: user.password - click_continue - acknowledge_and_confirm_personal_key - click_agree_and_continue - - expect(current_url).to start_with('http://localhost:7654/auth/result') - expect(user.active_profile.strict_ial2_proofed?).to be_truthy - end - - scenario 'an IAL2 strict request for a user with a phone check does not trigger an upgrade' do - user = create( - :profile, :active, :verified, - pii: { first_name: 'John', ssn: '111223333' }, - proofing_components: { liveness_check: :acuant, address_check: :lexis_nexis_address } - ).user - visit_idp_from_oidc_sp_with_ial2_strict - sign_in_user(user) - fill_in_code_with_last_phone_otp - click_submit_default - click_agree_and_continue - - expect(current_url).to start_with('http://localhost:7654/auth/result') - expect(user.active_profile.strict_ial2_proofed?).to be_truthy - end - end -end diff --git a/spec/features/idv/strict_ial2/usps_upload_disallowed_spec.rb b/spec/features/idv/strict_ial2/usps_upload_disallowed_spec.rb deleted file mode 100644 index a8adef0377d..00000000000 --- a/spec/features/idv/strict_ial2/usps_upload_disallowed_spec.rb +++ /dev/null @@ -1,75 +0,0 @@ -require 'rails_helper' - -feature 'Strict IAL2 with usps upload disallowed', js: true do - include IdvHelper - include OidcAuthHelper - include IdvHelper - include IdvStepHelper - - before do - allow(IdentityConfig.store).to receive(:liveness_checking_enabled).and_return(true) - allow(IdentityConfig.store).to receive( - :gpo_allowed_for_strict_ial2, - ).and_return(false) - end - - it 'does not allow the user to select the letter flow during proofing' do - user = create(:user, :signed_up) - visit_idp_from_oidc_sp_with_ial2_strict - sign_in_user(user) - fill_in_code_with_last_phone_otp - click_submit_default - complete_idv_steps_before_phone_step - - # Link is not present on the phone page - expect(page).to_not have_content(t('idv.troubleshooting.options.verify_by_mail')) - - # Link is not present on the OTP delivery selection page - fill_out_phone_form_ok('7032231234') - click_idv_continue - expect(page).to_not have_content(t('idv.troubleshooting.options.verify_by_mail')) - - # Link is not visible on the OTP entry page - choose_idv_otp_delivery_method_sms - expect(page).to_not have_content(t('idv.troubleshooting.options.verify_by_mail')) - - # Link is not visible on error or warning page - visit idv_phone_errors_warning_path - expect(page).to_not have_content(t('idv.troubleshooting.options.verify_by_mail')) - visit idv_phone_errors_jobfail_path - expect(page).to_not have_content(t('idv.troubleshooting.options.verify_by_mail')) - visit idv_phone_errors_timeout_path - expect(page).to_not have_content(t('idv.troubleshooting.options.verify_by_mail')) - visit idv_phone_errors_failure_path - expect(page).to_not have_content(t('idv.troubleshooting.options.verify_by_mail')) - - # Visiting the GPO page redirects - visit idv_gpo_path - expect(current_path).to eq(idv_phone_path) - end - - it 'does not prompt a pending user for a mailed code' do - user = create( - :profile, - deactivation_reason: :gpo_verification_pending, - pii: { first_name: 'John', ssn: '111223333' }, - ).user - - visit_idp_from_oidc_sp_with_ial2_strict - sign_in_user(user) - fill_in_code_with_last_phone_otp - click_submit_default - - # Directed to the start of the proofing flow instead of GPO code verification - expect(current_path).to eq(idv_doc_auth_step_path(step: :welcome)) - - complete_all_doc_auth_steps_before_password_step - fill_in 'Password', with: user.password - click_continue - acknowledge_and_confirm_personal_key - click_agree_and_continue - - expect(current_url).to start_with('http://localhost:7654/auth/result') - expect(user.active_profile.strict_ial2_proofed?).to be_truthy - end -end diff --git a/spec/models/profile_spec.rb b/spec/models/profile_spec.rb index db26c0b9879..214ef2ec6dc 100644 --- a/spec/models/profile_spec.rb +++ b/spec/models/profile_spec.rb @@ -93,55 +93,18 @@ expect(profile.strict_ial2_proofed?).to eq(false) end - it 'returns false if the profile does not have liveness' do - proofing_components = { liveness_check: nil, address_check: :lexis_nexis_address } + it 'returns true if the profile does have liveness' do + proofing_components = { liveness_check: :acuant } profile = create(:profile, :active, proofing_components: proofing_components) - expect(profile.strict_ial2_proofed?).to eq(false) - end - - context 'the letter flow is allowed for strict IAL2' do - before do - allow(IdentityConfig.store).to receive( - :gpo_allowed_for_strict_ial2, - ).and_return(true) - end - - it 'returns true for a profile with a phone' do - proofing_components = { liveness_check: :acuant, address_check: :lexis_nexis_address } - profile = create(:profile, :active, proofing_components: proofing_components) - - expect(profile.strict_ial2_proofed?).to eq(true) - end - - it 'return true for a profile with a letter' do - proofing_components = { liveness_check: :acuant, address_check: :gpo_letter } - profile = create(:profile, :active, proofing_components: proofing_components) - - expect(profile.strict_ial2_proofed?).to eq(true) - end + expect(profile.strict_ial2_proofed?).to eq(true) end - context 'the letter flow is not allowed for strict IAL2' do - before do - allow(IdentityConfig.store).to receive( - :gpo_allowed_for_strict_ial2, - ).and_return(false) - end - - it 'returns true for a profile with a phone' do - proofing_components = { liveness_check: :acuant, address_check: :lexis_nexis_address } - profile = create(:profile, :active, proofing_components: proofing_components) - - expect(profile.strict_ial2_proofed?).to eq(true) - end - - it 'return false for a profile with a letter' do - proofing_components = { liveness_check: :acuant, address_check: :gpo_letter } - profile = create(:profile, :active, proofing_components: proofing_components) + it 'returns false if the profile does not have liveness' do + proofing_components = { liveness_check: nil } + profile = create(:profile, :active, proofing_components: proofing_components) - expect(profile.strict_ial2_proofed?).to eq(false) - end + expect(profile.strict_ial2_proofed?).to eq(false) end end