Move terms_of_use enabled_clients to settings (#16294)

config/settings.yml

@@ -85,6 +85,7 @@ sign_in:
 terms_of_use:
   current_version: v1
   provisioner_cookie_domain: localhost
+  enabled_clients: vaweb, mhv, myvahealth
 
 lockbox:
   master_key: "0d78eaf0e90d4e7b8910c9112e16e66d8b00ec4054a89aa426e32712a13371e9"

lib/saml/post_url_service.rb

@@ -114,11 +114,7 @@ def build_sso_url(link_authn_context, authn_con_compare = 'exact')
     end
 
     def enabled_tou_clients
-      if Settings.vsp_environment == 'production'
-        TERMS_OF_USE_ENABLED_CLIENTS
-      else
-        TERMS_OF_USE_ENABLED_CLIENTS_LOWERS
-      end
+      Settings.terms_of_use.enabled_clients.split(',').collect(&:strip)
     end
   end
 end

lib/saml/url_service.rb

@@ -25,8 +25,6 @@ class URLService
     WEB_CLIENT_ID = 'web'
     MOBILE_CLIENT_ID = 'mobile'
     UNIFIED_SIGN_IN_CLIENTS = %w[vaweb mhv myvahealth ebenefits vamobile vaoccmobile].freeze
-    TERMS_OF_USE_ENABLED_CLIENTS = %w[].freeze
-    TERMS_OF_USE_ENABLED_CLIENTS_LOWERS = %w[vaweb mhv myvahealth].freeze
     TERMS_OF_USE_DECLINED_PATH = '/terms-of-use/declined'
 
     attr_reader :saml_settings, :session, :user, :authn_context, :type, :query_params, :tracker

spec/controllers/v1/sessions_controller_spec.rb

@@ -502,13 +502,16 @@ def expect_logger_msg(level, msg)
 
       context 'when user has not accepted the current terms of use' do
         let(:user) { build(:user, loa, uuid:, idme_uuid: uuid) }
+        let(:application) { 'some-applicaton' }
 
         before do
           SAMLRequestTracker.create(uuid: login_uuid, payload: { type: 'idme', application: })
         end
 
-        context 'and authentication occurred with a application in TERMS_OF_USE_ENABLED_CLIENTS' do
-          let(:application) { SAML::URLService::TERMS_OF_USE_ENABLED_CLIENTS.first }
+        context 'and authentication occurred with a application in Settings.terms_of_use.enabled_clients' do
+          before do
+            allow(Settings.terms_of_use).to receive(:enabled_clients).and_return(application)
+          end
 
           it 'redirects to terms of use page' do
             expect(call_endpoint).to redirect_to(
@@ -517,8 +520,10 @@ def expect_logger_msg(level, msg)
           end
         end
 
-        context 'and authentication occurred with an application not in TERMS_OF_USE_ENABLED_CLIENTS' do
-          let(:application) { 'foobar' }
+        context 'and authentication occurred with an application not in Settings.terms_of_use.enabled_clients' do
+          before do
+            allow(Settings.terms_of_use).to receive(:enabled_clients).and_return('')
+          end
 
           it 'redirects to expected auth page' do
             expect(call_endpoint).to redirect_to(expected_redirect_url)
@@ -540,13 +545,16 @@ def expect_logger_msg(level, msg)
 
       context 'when user has not accepted the current terms of use' do
         let(:user) { build(:user, loa, uuid:, idme_uuid: uuid) }
+        let(:application) { 'some-applicaton' }
 
         before do
           SAMLRequestTracker.create(uuid: login_uuid, payload: { type: 'idme', application: })
         end
 
-        context 'and authentication occurred with a application in TERMS_OF_USE_ENABLED_CLIENTS' do
-          let(:application) { SAML::URLService::TERMS_OF_USE_ENABLED_CLIENTS.first }
+        context 'and authentication occurred with a application in Settings.terms_of_use.enabled_clients' do
+          before do
+            allow(Settings.terms_of_use).to receive(:enabled_clients).and_return(application)
+          end
 
           it 'redirects to terms of use page' do
             expect(call_endpoint).to redirect_to(
@@ -555,8 +563,10 @@ def expect_logger_msg(level, msg)
           end
         end
 
-        context 'and authentication occurred with an application not in TERMS_OF_USE_ENABLED_CLIENTS' do
-          let(:application) { 'foobar' }
+        context 'and authentication occurred with an application not in Settings.terms_of_use.enabled_clients' do
+          before do
+            allow(Settings.terms_of_use).to receive(:enabled_clients).and_return('')
+          end
 
           it 'redirects to expected auth page' do
             expect(call_endpoint).to redirect_to(expected_redirect_url)

spec/lib/saml/post_url_service_spec.rb

@@ -613,8 +613,10 @@
             let(:expected_log_message) { 'Redirecting to /terms-of-use' }
             let(:expected_log_payload) { { type: :ssoe } }
 
-            context 'when tracker application is within TERMS_OF_USE_ENABLED_CLIENTS' do
-              let(:application) { SAML::URLService::TERMS_OF_USE_ENABLED_CLIENTS_LOWERS.first }
+            context 'when tracker application is within Settings.terms_of_use.enabled_clients' do
+              before do
+                allow(Settings.terms_of_use).to receive(:enabled_clients).and_return(application)
+              end
 
               context 'and authentication is occuring on a review instance' do
                 let(:review_instance_slug) { 'some-review-instance-slug' }
@@ -660,8 +662,10 @@
               end
             end
 
-            context 'when tracker application is not within TERMS_OF_USE_ENABLED_CLIENTS' do
-              let(:application) { 'some-application' }
+            context 'when tracker application is not within Settings.terms_of_use.enabled_clients' do
+              before do
+                allow(Settings.terms_of_use).to receive(:enabled_clients).and_return('')
+              end
 
               it 'has a login redirect url with success not embedded in a terms of use page' do
                 expect(subject.terms_of_use_redirect_url)