From bd75c71d1076c88b9220acce9c91b3e6b61a441d Mon Sep 17 00:00:00 2001
From: Todd Martin <106564991+trmartin4@users.noreply.github.com>
Date: Mon, 8 Dec 2025 13:42:54 -0500
Subject: [PATCH] chore(feature-flag): [PM-28331] Remove
 pm-24425-send-2fa-failed-email feature flag

* Removed pm-24425-send-2fa-failed-email

* Removed flagged logic.
---
 src/Core/Constants.cs                         |  1 -
 .../RequestValidators/BaseRequestValidator.cs |  7 ++----
 .../BaseRequestValidatorTests.cs              | 23 ++++++-------------
 3 files changed, 9 insertions(+), 22 deletions(-)

diff --git a/src/Core/Constants.cs b/src/Core/Constants.cs
index fb939f50cd..ef47c2d559 100644
--- a/src/Core/Constants.cs
+++ b/src/Core/Constants.cs
@@ -156,7 +156,6 @@ public static class FeatureFlagKeys
     public const string SetInitialPasswordRefactor = "pm-16117-set-initial-password-refactor";
     public const string ChangeExistingPasswordRefactor = "pm-16117-change-existing-password-refactor";
     public const string Otp6Digits = "pm-18612-otp-6-digits";
-    public const string FailedTwoFactorEmail = "pm-24425-send-2fa-failed-email";
     public const string PM24579_PreventSsoOnExistingNonCompliantUsers = "pm-24579-prevent-sso-on-existing-non-compliant-users";
     public const string DisableAlternateLoginMethods = "pm-22110-disable-alternate-login-methods";
     public const string PM23174ManageAccountRecoveryPermissionDrivesTheNeedToSetMasterPassword =
diff --git a/src/Identity/IdentityServer/RequestValidators/BaseRequestValidator.cs b/src/Identity/IdentityServer/RequestValidators/BaseRequestValidator.cs
index fdc70b0edf..429c16a6b3 100644
--- a/src/Identity/IdentityServer/RequestValidators/BaseRequestValidator.cs
+++ b/src/Identity/IdentityServer/RequestValidators/BaseRequestValidator.cs
@@ -736,11 +736,8 @@ public abstract class BaseRequestValidator<T> where T : class
 
     private async Task SendFailedTwoFactorEmail(User user, TwoFactorProviderType failedAttemptType)
     {
-        if (_featureService.IsEnabled(FeatureFlagKeys.FailedTwoFactorEmail))
-        {
-            await _mailService.SendFailedTwoFactorAttemptEmailAsync(user.Email, failedAttemptType, DateTime.UtcNow,
-                CurrentContext.IpAddress);
-        }
+        await _mailService.SendFailedTwoFactorAttemptEmailAsync(user.Email, failedAttemptType, DateTime.UtcNow,
+            CurrentContext.IpAddress);
     }
 
     private async Task<MasterPasswordPolicyResponseModel> GetMasterPasswordPolicyAsync(User user)
diff --git a/test/Identity.Test/IdentityServer/BaseRequestValidatorTests.cs b/test/Identity.Test/IdentityServer/BaseRequestValidatorTests.cs
index 214fa74ff4..2ead26e4d2 100644
--- a/test/Identity.Test/IdentityServer/BaseRequestValidatorTests.cs
+++ b/test/Identity.Test/IdentityServer/BaseRequestValidatorTests.cs
@@ -372,19 +372,16 @@ public class BaseRequestValidatorTests
         // 1 -> initial validation passes
         _sut.isValid = true;
 
-        // 2 -> enable the FailedTwoFactorEmail feature flag
-        _featureService.IsEnabled(FeatureFlagKeys.FailedTwoFactorEmail).Returns(true);
-
-        // 3 -> set up 2FA as required
+        // 2 -> set up 2FA as required
         _twoFactorAuthenticationValidator
             .RequiresTwoFactorAsync(Arg.Any<User>(), tokenRequest)
             .Returns(Task.FromResult(new Tuple<bool, Organization>(true, null)));
 
-        // 4 -> provide invalid 2FA token
+        // 3 -> provide invalid 2FA token
         tokenRequest.Raw["TwoFactorToken"] = "invalid_token";
         tokenRequest.Raw["TwoFactorProvider"] = TwoFactorProviderType.Email.ToString();
 
-        // 5 -> set up 2FA verification to fail
+        // 4 -> set up 2FA verification to fail
         _twoFactorAuthenticationValidator
             .VerifyTwoFactorAsync(user, null, TwoFactorProviderType.Email, "invalid_token")
             .Returns(Task.FromResult(false));
@@ -419,24 +416,21 @@ public class BaseRequestValidatorTests
         // 1 -> initial validation passes
         _sut.isValid = true;
 
-        // 2 -> enable the FailedTwoFactorEmail feature flag
-        _featureService.IsEnabled(FeatureFlagKeys.FailedTwoFactorEmail).Returns(true);
-
-        // 3 -> set up 2FA as required
+        // 2 -> set up 2FA as required
         _twoFactorAuthenticationValidator
             .RequiresTwoFactorAsync(Arg.Any<User>(), tokenRequest)
             .Returns(Task.FromResult(new Tuple<bool, Organization>(true, null)));
 
-        // 4 -> provide invalid remember token (remember token expired)
+        // 3 -> provide invalid remember token (remember token expired)
         tokenRequest.Raw["TwoFactorToken"] = "expired_remember_token";
         tokenRequest.Raw["TwoFactorProvider"] = "5"; // Remember provider
 
-        // 5 -> set up remember token verification to fail
+        // 4 -> set up remember token verification to fail
         _twoFactorAuthenticationValidator
             .VerifyTwoFactorAsync(user, null, TwoFactorProviderType.Remember, "expired_remember_token")
             .Returns(Task.FromResult(false));
 
-        // 6 -> set up dummy BuildTwoFactorResultAsync
+        // 5 -> set up dummy BuildTwoFactorResultAsync
         var twoFactorResultDict = new Dictionary<string, object>
         {
             { "TwoFactorProviders", new[] { "0", "1" } },
@@ -1119,9 +1113,6 @@ public class BaseRequestValidatorTests
             .VerifyTwoFactorAsync(user, null, TwoFactorProviderType.RecoveryCode, "INVALID-recovery-code")
             .Returns(Task.FromResult(false));
 
-        // 6. Setup for failed 2FA email (if feature flag enabled)
-        _featureService.IsEnabled(FeatureFlagKeys.FailedTwoFactorEmail).Returns(true);
-
         // Act
         await _sut.ValidateAsync(context);