♻️ api: removal of FT_ENABLE_CERTIF_TOKEN_SCOPE

api/sample.env

@@ -776,13 +776,6 @@ TEST_REDIS_URL=redis://localhost:6379
 # default: false
 # FT_PIX_1D_ENABLED=false
 
-# Enable the verification of the scope in certification tokens
-#
-# presence: optional
-# type: boolean
-# default: false
-# FT_ENABLE_CERTIF_TOKEN_SCOPE=false
-
 # Control the scope of certification result tokens
 #
 # presence: optional

api/src/shared/config.js

@@ -211,7 +211,6 @@ const configuration = (function () {
         process.env.FT_ALWAYS_OK_VALIDATE_NEXT_CHALLENGE_ENDPOINT,
       ),
       isAsyncQuestRewardingCalculationEnabled: toBoolean(process.env.FT_ENABLE_ASYNC_QUESTS_REWARDS_CALCULATION),
-      isCertificationTokenScopeEnabled: toBoolean(process.env.FT_ENABLE_CERTIF_TOKEN_SCOPE),
       isNeedToAdjustCertificationAccessibilityEnabled: toBoolean(
         process.env.FT_ENABLE_NEED_TO_ADJUST_CERTIFICATION_ACCESSIBILITY,
       ),
@@ -438,7 +437,6 @@ const configuration = (function () {
 
     config.featureToggles.deprecatePoleEmploiPushNotification = false;
     config.featureToggles.isAlwaysOkValidateNextChallengeEndpointEnabled = false;
-    config.featureToggles.isCertificationTokenScopeEnabled = false;
     config.featureToggles.isNeedToAdjustCertificationAccessibilityEnabled = false;
     config.featureToggles.isPix1dEnabled = true;
     config.featureToggles.isPixCompanionEnabled = false;

api/src/shared/domain/services/token-service.js

@@ -152,10 +152,8 @@ function extractCertificationResultsByRecipientEmailLink(token) {
     throw new InvalidResultRecipientTokenError();
   }
 
-  if (config.featureToggles.isCertificationTokenScopeEnabled) {
-    if (decoded.scope !== CERTIFICATION_RESULTS_BY_RECIPIENT_EMAIL_LINK_SCOPE) {
-      throw new InvalidResultRecipientTokenError();
-    }
+  if (decoded.scope !== CERTIFICATION_RESULTS_BY_RECIPIENT_EMAIL_LINK_SCOPE) {
+    throw new InvalidResultRecipientTokenError();
   }
 
   return {
@@ -170,10 +168,8 @@ function extractCertificationResultsLink(token) {
     throw new InvalidSessionResultTokenError();
   }
 
-  if (config.featureToggles.isCertificationTokenScopeEnabled) {
-    if (decoded.scope !== config.jwtConfig.certificationResults.scope) {
-      throw new InvalidSessionResultTokenError();
-    }
+  if (decoded.scope !== config.jwtConfig.certificationResults.scope) {
+    throw new InvalidSessionResultTokenError();
   }
 
   return {

api/tests/shared/unit/domain/services/token-service_test.js

@@ -215,77 +215,44 @@ describe('Unit | Shared | Domain | Services | Token Service', function () {
   });
 
   describe('#extractCertificationResultsLink', function () {
-    context('when FT_ENABLE_CERTIF_TOKEN_SCOPE is true', function () {
-      beforeEach(function () {
-        sinon.stub(settings.featureToggles, 'isCertificationTokenScopeEnabled').value(true);
-      });
+    context('when the scope is valid', function () {
+      it('should return the session id', function () {
+        // given
+        const token = jsonwebtoken.sign(
+          {
+            session_id: 12345,
+            scope: 'certificationResultsLink',
+          },
+          settings.authentication.secret,
+          { expiresIn: config.jwtConfig.certificationResults.tokenLifespan },
+        );
 
-      context('when the scope is valid', function () {
-        it('should return the session id', function () {
-          // given
-          const token = jsonwebtoken.sign(
-            {
-              session_id: 12345,
-              scope: 'certificationResultsLink',
-            },
-            settings.authentication.secret,
-            { expiresIn: config.jwtConfig.certificationResults.tokenLifespan },
-          );
-
-          // when
-          const tokenData = tokenService.extractCertificationResultsLink(token);
-
-          // then
-          expect(tokenData).to.deep.equal({
-            sessionId: 12345,
-          });
-        });
-      });
+        // when
+        const tokenData = tokenService.extractCertificationResultsLink(token);
 
-      context('when the scope is invalid', function () {
-        it('should throw an InvalidSessionResultTokenError', async function () {
-          // given
-          const invalidToken = jsonwebtoken.sign(
-            {
-              session_id: 12345,
-            },
-            settings.authentication.secret,
-            { expiresIn: '30d' },
-          );
-
-          // when
-          const error = await catchErr(tokenService.extractCertificationResultsLink)(invalidToken);
-
-          // then
-          expect(error).to.be.an.instanceof(InvalidSessionResultTokenError);
+        // then
+        expect(tokenData).to.deep.equal({
+          sessionId: 12345,
         });
       });
     });
 
-    context('when FT_ENABLE_CERTIF_TOKEN_SCOPE is false', function () {
-      beforeEach(function () {
-        sinon.stub(settings.featureToggles, 'isCertificationTokenScopeEnabled').value(false);
-      });
+    context('when the scope is invalid', function () {
+      it('should throw an InvalidSessionResultTokenError', async function () {
+        // given
+        const invalidToken = jsonwebtoken.sign(
+          {
+            session_id: 12345,
+          },
+          settings.authentication.secret,
+          { expiresIn: '30d' },
+        );
 
-      context('when there is no scope', function () {
-        it('should return the session id', function () {
-          // given
-          const token = jsonwebtoken.sign(
-            {
-              session_id: 12345,
-            },
-            settings.authentication.secret,
-            { expiresIn: '30d' },
-          );
-
-          // when
-          const tokenData = tokenService.extractCertificationResultsLink(token);
-
-          // then
-          expect(tokenData).to.deep.equal({
-            sessionId: 12345,
-          });
-        });
+        // when
+        const error = await catchErr(tokenService.extractCertificationResultsLink)(invalidToken);
+
+        // then
+        expect(error).to.be.an.instanceof(InvalidSessionResultTokenError);
       });
     });
 
@@ -322,76 +289,44 @@ describe('Unit | Shared | Domain | Services | Token Service', function () {
   });
 
   describe('#extractCertificationResultsByRecipientEmailLink', function () {
-    context('when FT_ENABLE_CERTIF_TOKEN_SCOPE is true', function () {
-      beforeEach(function () {
-        sinon.stub(settings.featureToggles, 'isCertificationTokenScopeEnabled').value(true);
-      });
-
-      context('when the scope is valid', function () {
-        it('should return the session id and result recipient email if the token is valid', function () {
-          // given
-          const token = jsonwebtoken.sign(
-            {
-              result_recipient_email: '[email protected]',
-              session_id: 12345,
-              scope: 'certificationResultsByRecipientEmailLink',
-            },
-            settings.authentication.secret,
-            { expiresIn: '30d' },
-          );
-
-          // when
-          const tokenData = tokenService.extractCertificationResultsByRecipientEmailLink(token);
-
-          // then
-          expect(tokenData).to.deep.equal({
-            resultRecipientEmail: '[email protected]',
-            sessionId: 12345,
-          });
-        });
-      });
-
-      context('when the scope is invalid', function () {
-        it('should throw an InvalidResultRecipientTokenError', async function () {
-          // given
-          const invalidToken = jsonwebtoken.sign(
-            { result_recipient_email: '[email protected]', session_id: 12345 },
-            settings.authentication.secret,
-            { expiresIn: '30d' },
-          );
+    context('when the scope is valid', function () {
+      it('should return the session id and result recipient email if the token is valid', function () {
+        // given
+        const token = jsonwebtoken.sign(
+          {
+            result_recipient_email: '[email protected]',
+            session_id: 12345,
+            scope: 'certificationResultsByRecipientEmailLink',
+          },
+          settings.authentication.secret,
+          { expiresIn: '30d' },
+        );
 
-          // when
-          const error = await catchErr(tokenService.extractCertificationResultsByRecipientEmailLink)(invalidToken);
+        // when
+        const tokenData = tokenService.extractCertificationResultsByRecipientEmailLink(token);
 
-          // then
-          expect(error).to.be.an.instanceof(InvalidResultRecipientTokenError);
+        // then
+        expect(tokenData).to.deep.equal({
+          resultRecipientEmail: '[email protected]',
+          sessionId: 12345,
         });
       });
     });
 
-    context('when FT_ENABLE_CERTIF_TOKEN_SCOPE is false', function () {
-      beforeEach(function () {
-        sinon.stub(settings.featureToggles, 'isCertificationTokenScopeEnabled').value(false);
-      });
+    context('when the scope is invalid', function () {
+      it('should throw an InvalidResultRecipientTokenError', async function () {
+        // given
+        const invalidToken = jsonwebtoken.sign(
+          { result_recipient_email: '[email protected]', session_id: 12345 },
+          settings.authentication.secret,
+          { expiresIn: '30d' },
+        );
 
-      context('when there is no scope', function () {
-        it('should return the session id', function () {
-          // given
-          const token = jsonwebtoken.sign(
-            { result_recipient_email: '[email protected]', session_id: 12345 },
-            settings.authentication.secret,
-            { expiresIn: '30d' },
-          );
-
-          // when
-          const tokenData = tokenService.extractCertificationResultsByRecipientEmailLink(token);
-
-          // then
-          expect(tokenData).to.deep.equal({
-            resultRecipientEmail: '[email protected]',
-            sessionId: 12345,
-          });
-        });
+        // when
+        const error = await catchErr(tokenService.extractCertificationResultsByRecipientEmailLink)(invalidToken);
+
+        // then
+        expect(error).to.be.an.instanceof(InvalidResultRecipientTokenError);
       });
     });