Cleanup ThreatMetrix CSP before_action name now that in_person SSN step is out of the FSM

app/controllers/concerns/idv/threat_metrix_concern.rb

@@ -8,16 +8,6 @@ module ThreatMetrixConcern
     def override_csp_for_threat_metrix
       return unless FeatureManagement.proofing_device_profiling_collecting_enabled?
 
-      return if params[:step] != 'ssn'
-
-      threat_metrix_csp_overrides
-    end
-
-    # Remove this duplication once in_person_controller is no longer in use
-    # for their SSN step
-    def override_csp_for_threat_metrix_no_fsm
-      return unless FeatureManagement.proofing_device_profiling_collecting_enabled?
-
       threat_metrix_csp_overrides
     end
 

app/controllers/idv/in_person/ssn_controller.rb

@@ -9,7 +9,7 @@ class SsnController < ApplicationController
       before_action :confirm_verify_info_step_needed
       before_action :confirm_in_person_address_step_complete
       before_action :confirm_repeat_ssn, only: :show
-      before_action :override_csp_for_threat_metrix_no_fsm
+      before_action :override_csp_for_threat_metrix
 
       attr_accessor :error_message
 

app/controllers/idv/in_person_controller.rb

@@ -12,7 +12,6 @@ class InPersonController < ApplicationController
     include Idv::ThreatMetrixConcern
 
     before_action :redirect_if_flow_completed
-    before_action :override_csp_for_threat_metrix
 
     FLOW_STATE_MACHINE_SETTINGS = {
       step_url: :idv_in_person_step_url,

app/controllers/idv/ssn_controller.rb

@@ -8,7 +8,7 @@ class SsnController < ApplicationController
     before_action :confirm_verify_info_step_needed
     before_action :confirm_document_capture_complete
     before_action :confirm_repeat_ssn, only: :show
-    before_action :override_csp_for_threat_metrix_no_fsm
+    before_action :override_csp_for_threat_metrix
 
     attr_accessor :error_message
 

spec/controllers/concerns/idv/threat_metrix_concern_spec.rb

@@ -20,50 +20,33 @@ def index; end
     end
 
     context 'ff is set' do
-      it 'modifies CSP headers for SSN step' do
-        assert_csp_is_modified 'ssn'
-      end
+      it 'modifies CSP headers' do
+        get :index
 
-      it 'does not modify CSP headers for any other step' do
-        assert_csp_is_not_modified 'some_other_step'
-      end
-    end
-
-    context 'ff is not set' do
-      let(:ff_enabled) { false }
-      it 'does not modify CSP headers for SSN step' do
-        assert_csp_is_not_modified 'ssn'
-      end
-      it 'does not modify CSP headers for any other step' do
-        assert_csp_is_not_modified 'some_other_step'
-      end
-    end
-  end
+        csp = response.request.content_security_policy
 
-  private
+        aggregate_failures do
+          expect(csp.directives['script-src']).to include('h.online-metrix.net')
+          expect(csp.directives['script-src']).to include("'unsafe-eval'")
 
-  def assert_csp_is_modified(step)
-    get :index, params: { step: step }
+          expect(csp.directives['style-src']).to include("'unsafe-inline'")
 
-    csp = response.request.content_security_policy
+          expect(csp.directives['child-src']).to include('h.online-metrix.net')
 
-    aggregate_failures do
-      expect(csp.directives['script-src']).to include('h.online-metrix.net')
-      expect(csp.directives['script-src']).to include("'unsafe-eval'")
+          expect(csp.directives['connect-src']).to include('h.online-metrix.net')
 
-      expect(csp.directives['style-src']).to include("'unsafe-inline'")
-
-      expect(csp.directives['child-src']).to include('h.online-metrix.net')
-
-      expect(csp.directives['connect-src']).to include('h.online-metrix.net')
-
-      expect(csp.directives['img-src']).to include('*.online-metrix.net')
+          expect(csp.directives['img-src']).to include('*.online-metrix.net')
+        end
+      end
     end
-  end
 
-  def assert_csp_is_not_modified(step)
-    get :index, params: { step: step }
-    secure_header_config = response.request.headers.env['secure_headers_request_config']
-    expect(secure_header_config).to be_nil
+    context 'ff is not set' do
+      let(:ff_enabled) { false }
+      it 'does not modify CSP headers' do
+        get :index
+        secure_header_config = response.request.headers.env['secure_headers_request_config']
+        expect(secure_header_config).to be_nil
+      end
+    end
   end
 end

spec/controllers/idv/in_person_controller_spec.rb

@@ -19,7 +19,6 @@
         :confirm_two_factor_authenticated,
         :initialize_flow_state_machine,
         :ensure_correct_step,
-        :override_csp_for_threat_metrix,
       )
     end
   end

spec/controllers/idv/ssn_controller_spec.rb

@@ -50,7 +50,7 @@
     it 'overrides CSPs for ThreatMetrix' do
       expect(subject).to have_actions(
         :before,
-        :override_csp_for_threat_metrix_no_fsm,
+        :override_csp_for_threat_metrix,
       )
     end
   end