Sign upLogin

18F/identity-idp

View on GitHub
Star
lib/feature_management.rb

Summary

Maintainability
A
0 mins
Test Coverage
A
96%
# frozen_string_literal: true

class FeatureManagement
  def self.telephony_test_adapter?
    IdentityConfig.store.telephony_adapter == 'test'
  end

  def self.identity_pki_disabled?
    IdentityConfig.store.identity_pki_disabled ||
      !IdentityConfig.store.piv_cac_service_url ||
      !IdentityConfig.store.piv_cac_verify_token_url
  end

  def self.idv_available?
    return false if !IdentityConfig.store.idv_available
    !OutageStatus.new.any_idv_vendor_outage?
  end

  def self.development_and_identity_pki_disabled?
    # This controls if we try to hop over to identity-pki or just throw up
    # a screen asking for a Subject or one of a list of error conditions.
    Rails.env.development? && identity_pki_disabled?
  end

  def self.prefill_otp_codes?
    # In development, when SMS is disabled we pre-fill the correct codes so that
    # developers can log in without needing to configure SMS delivery.
    # We also allow this in production on a single server that is used for load testing.
    development_and_telephony_test_adapter? || prefill_otp_codes_allowed_in_sandbox?
  end

  def self.development_and_telephony_test_adapter?
    Rails.env.development? && telephony_test_adapter?
  end

  def self.prefill_otp_codes_allowed_in_sandbox?
    Identity::Hostdata.domain == 'identitysandbox.gov' && telephony_test_adapter?
  end

  def self.enable_load_testing_mode?
    IdentityConfig.store.enable_load_testing_mode
  end

  def self.enable_additional_mfa_redirect_for_personal_key_mfa?
    IdentityConfig.store.enable_add_mfa_redirect_for_personal_key
  end

  def self.use_kms?
    IdentityConfig.store.use_kms
  end

  def self.use_dashboard_service_providers?
    IdentityConfig.store.use_dashboard_service_providers
  end

  def self.gpo_verification_enabled?
    # leaving the usps name for backwards compatibility
    IdentityConfig.store.enable_usps_verification
  end

  def self.reveal_gpo_code?
    Rails.env.development? || current_env_allowed_to_see_gpo_code?
  end

  def self.current_env_allowed_to_see_gpo_code?
    Identity::Hostdata.domain == 'identitysandbox.gov'
  end

  def self.show_demo_banner?
    Identity::Hostdata.in_datacenter? && Identity::Hostdata.env != 'prod'
  end

  def self.show_no_pii_banner?
    Identity::Hostdata.in_datacenter? && Identity::Hostdata.domain != 'login.gov'
  end

  def self.enable_saml_cert_rotation?
    IdentityConfig.store.saml_secret_rotation_enabled
  end

  def self.gpo_upload_enabled?
    # leaving the usps name for backwards compatibility
    IdentityConfig.store.usps_upload_enabled
  end

  def self.identity_pki_local_dev?
    # This option should only be used in the development environment
    # it controls if we hop over to identity-pki on a developers local machins
    Rails.env.development? && IdentityConfig.store.identity_pki_local_dev
  end

  def self.check_password_enabled?
    IdentityConfig.store.check_user_password_compromised_enabled
  end

  def self.doc_capture_polling_enabled?
    IdentityConfig.store.doc_capture_polling_enabled
  end

  def self.logo_upload_enabled?
    IdentityConfig.store.logo_upload_enabled
  end

  def self.log_to_stdout?
    !Rails.env.test? && IdentityConfig.store.log_to_stdout
  end

  def self.phone_recaptcha_enabled?
    IdentityConfig.store.phone_recaptcha_score_threshold.positive? && recaptcha_enabled?
  end

  def self.sign_in_recaptcha_enabled?
    IdentityConfig.store.sign_in_recaptcha_score_threshold.positive? && recaptcha_enabled?
  end

  def self.recaptcha_enabled?
    IdentityConfig.store.recaptcha_site_key.present? && (
      recaptcha_enterprise? ||
      IdentityConfig.store.recaptcha_secret_key.present?
    )
  end

  def self.recaptcha_enterprise?
    IdentityConfig.store.recaptcha_enterprise_api_key.present? &&
      IdentityConfig.store.recaptcha_enterprise_project_id.present?
  end

  # Whether we collect device profiling information as part of the account creation process
  def self.account_creation_device_profiling_collecting_enabled?
    case IdentityConfig.store.account_creation_device_profiling
    when :enabled, :collect_only then true
    when :disabled then false
    else
      raise 'Invalid value for account_creation_device_profiling'
    end
  end

  # Whether we collect device profiling information as part of the proofing process.
  def self.proofing_device_profiling_collecting_enabled?
    case IdentityConfig.store.proofing_device_profiling
    when :enabled, :collect_only then true
    when :disabled then false
    else
      raise 'Invalid value for proofing_device_profiling'
    end
  end

  # Whether we prevent users from proceeding with identity verification based on the outcomes of
  # device profiling.
  def self.proofing_device_profiling_decisioning_enabled?
    case IdentityConfig.store.proofing_device_profiling
    when :enabled then true
    when :collect_only, :disabled then false
    else
      raise 'Invalid value for proofing_device_profiling'
    end
  end

  # Whether or not idv hybrid mode is available
  def self.idv_allow_hybrid_flow?
    return false unless IdentityConfig.store.feature_idv_hybrid_flow_enabled
    return false if OutageStatus.new.any_phone_vendor_outage?
    true
  end

  def self.idv_by_mail_only?
    outage_status = OutageStatus.new
    IdentityConfig.store.feature_idv_force_gpo_verification_enabled ||
      outage_status.any_phone_vendor_outage? ||
      outage_status.phone_finder_outage?
  end

  # Whether to use the valid Authn Context Classrefs that include
  # the newest ACR values
  def self.use_semantic_authn_contexts?
    IdentityConfig.store.dig(:feature_valid_authn_contexts_semantic_enabled) ? true : false
  end
end