[PM-28184] Update feature flag used for no logout on KDF change

[matt-livefront]

🎟️ Tracking

PM-28184

📔 Objective

Updates the feature flag used for checking if the user should not logged out when receiving a logout push notification because the user's KDF settings have changed (#2041). pm-18021-force-update-kdf-settings was being used previously, but pm-23995-no-logout-on-kdf-change should be used instead.

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[claude]

Claude finished @matt-livefront's task —— View job

---

PR Review: Update KDF Change Feature Flag

PR Metadata Quality: ✅ Good - Title is clear, objective explains the change and reasoning, includes Jira reference.

---

Summary

This PR correctly updates the feature flag used in NotificationService from forceUpdateKdfSettings to noLogoutOnKdfChange when handling KDF change push notifications. The two flags serve distinct purposes:

• forceUpdateKdfSettings - Forces users to update KDF when below minimum thresholds
• noLogoutOnKdfChange - Prevents logout when KDF is changed remotely

---

Findings

Finding 1: 🎨 Feature flag documentation could clarify the distinction between KDF-related flags

Current vs. Suggested Documentation

Current (FeatureFlag.swift:21-24):

/// Flag to enable/disable forced KDF updates.
static let forceUpdateKdfSettings = FeatureFlag(rawValue: "pm-18021-force-update-kdf-settings")

/// Flag to enable/disable not logging out when a user's KDF settings are changed.
static let noLogoutOnKdfChange = FeatureFlag(rawValue: "pm-23995-no-logout-on-kdf-change")

Suggested Enhancement:

/// Flag to enable/disable forcing users to update their KDF settings when below minimum thresholds.
/// This flag controls proactive KDF updates initiated by the client.
static let forceUpdateKdfSettings = FeatureFlag(rawValue: "pm-18021-force-update-kdf-settings")

/// Flag to enable/disable logging out users when their KDF settings are changed remotely by the server.
/// When enabled, users will NOT be logged out when receiving a KDF change notification.
static let noLogoutOnKdfChange = FeatureFlag(rawValue: "pm-23995-no-logout-on-kdf-change")

This would prevent future confusion about why two KDF-related flags coexist.

Finding 2: 💭 TODO comment references user ID check removal

The TODO at NotificationService.swift:229 mentions removing the user ID check when the feature flag is removed:

// TODO: PM-26960 Remove user ID check with noLogoutOnKdfChange feature flag.

What is the security/functional rationale for the current user ID check (data.userId == userId)? Understanding this would help ensure safe cleanup when PM-26960 is addressed.

---

Good Practices

• Proper test coverage for both feature flag states
• Clean separation of concerns between different KDF-related features
• Backward compatibility maintained

---

Recommendation: ✅ Approve after CI passes

The implementation is correct, well-tested, and follows established patterns. The suggestions above are optional improvements for code clarity.

---

[github-actions]

Checkmarx One – Scan Summary & Details – 78b6643a-7aae-4868-a020-49058d70fa7d

Great job! No new security vulnerabilities introduced in this pull request

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.23%. Comparing base (bb67af1) to head (f22e014).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2135      +/-   ##
==========================================
- Coverage   85.24%   85.23%   -0.01%     
==========================================
  Files        1709     1709              
  Lines      145427   145428       +1     
==========================================
- Hits       123962   123959       -3     
- Misses      21465    21469       +4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.