[PM-5404, PM-3518] Migrate user decryption options to new service (#7344)

* create new user decryption options service

* rename new service to user decryption options

* add hasMasterPassword to user decryption options service

* migrate device trust service to new user decryption options service

* add migration for user-decryption-options

* migrate sync service and calls to trust-device-service

* rename abstraction file

* migrate two factor component

* migrate two factor spec

* migrate sso component

* migrate set-password component

* migrate base login decryption component

* migrate organization options component

* fix component imports

* add missing imports
- remove state service calls
- add update user decryption options method

* remove acct decryption options from account

* lint

* fix tests and linting

* fix browser

* fix desktop

* add user decryption options service to cli

* remove default value from migration

* bump migration number

* fix merge conflict

* fix vault timeout settings

* fix cli

* more fixes

* add user decryption options service to deps of vault timeout settings service

* update login strategy service with user decryption options

* remove early return from sync bandaid for user decryption options

* move user decryption options service to lib/auth

* move user decryption options to libs/auth

* fix reference

* fix browser

* check user decryption options after 2fa check

* update migration and revert tsconfig changes

* add more documentation

* clear user decryption options on logout

* fix tests by creating helper for user decryption options

* fix tests

* pr feedback

* fix factory

* update migration

* add tests

* update missed migration num in test

libs/common/src/auth/abstractions/device-trust-crypto.service.abstraction.ts

@@ -1,8 +1,11 @@
+import { Observable } from "rxjs";
+
 import { EncString } from "../../platform/models/domain/enc-string";
 import { DeviceKey, UserKey } from "../../types/key";
 import { DeviceResponse } from "../abstractions/devices/responses/device.response";
 
 export abstract class DeviceTrustCryptoServiceAbstraction {
+  supportsDeviceTrust$: Observable<boolean>;
   /**
    * @description Retrieves the users choice to trust the device which can only happen after decryption
    * Note: this value should only be used once and then reset
@@ -20,6 +23,4 @@ export abstract class DeviceTrustCryptoServiceAbstraction {
     deviceKey?: DeviceKey,
   ) => Promise<UserKey | null>;
   rotateDevicesTrust: (newUserKey: UserKey, masterPasswordHash: string) => Promise<void>;
-
-  supportsDeviceTrust: () => Promise<boolean>;
 }

libs/common/src/auth/models/domain/auth-result.ts

@@ -8,7 +8,7 @@ export class AuthResult {
   // TODO: PM-3287 - Remove this after 3 releases of backwards compatibility. - Target release 2023.12 for removal
   /**
    * @deprecated
-   * Replace with using AccountDecryptionOptions to determine if the user does
+   * Replace with using UserDecryptionOptions to determine if the user does
    * not have a master password and is not using Key Connector.
    * */
   resetMasterPassword = false;

libs/common/src/auth/models/domain/user-decryption-options/key-connector-user-decryption-option.ts

@@ -1,3 +0,0 @@
-export class KeyConnectorUserDecryptionOption {
-  constructor(public keyConnectorUrl: string) {}
-}

libs/common/src/auth/models/domain/user-decryption-options/trusted-device-user-decryption-option.ts

@@ -1,7 +0,0 @@
-export class TrustedDeviceUserDecryptionOption {
-  constructor(
-    public hasAdminApproval: boolean,
-    public hasLoginApprovingDevice: boolean,
-    public hasManageResetPasswordPermission: boolean,
-  ) {}
-}

libs/common/src/auth/services/device-trust-crypto.service.implementation.ts

@@ -1,4 +1,6 @@
-import { firstValueFrom } from "rxjs";
+import { firstValueFrom, map, Observable } from "rxjs";
+
+import { UserDecryptionOptionsServiceAbstraction } from "@bitwarden/auth/common";
 
 import { AppIdService } from "../../platform/abstractions/app-id.service";
 import { CryptoFunctionService } from "../../platform/abstractions/crypto-function.service";
@@ -21,6 +23,8 @@ import {
 } from "../models/request/update-devices-trust.request";
 
 export class DeviceTrustCryptoService implements DeviceTrustCryptoServiceAbstraction {
+  supportsDeviceTrust$: Observable<boolean>;
+
   constructor(
     private keyGenerationService: KeyGenerationService,
     private cryptoFunctionService: CryptoFunctionService,
@@ -31,7 +35,12 @@ export class DeviceTrustCryptoService implements DeviceTrustCryptoServiceAbstrac
     private devicesApiService: DevicesApiServiceAbstraction,
     private i18nService: I18nService,
     private platformUtilsService: PlatformUtilsService,
-  ) {}
+    private userDecryptionOptionsService: UserDecryptionOptionsServiceAbstraction,
+  ) {
+    this.supportsDeviceTrust$ = this.userDecryptionOptionsService.userDecryptionOptions$.pipe(
+      map((options) => options?.trustedDeviceOption != null ?? false),
+    );
+  }
 
   /**
    * @description Retrieves the users choice to trust the device which can only happen after decryption
@@ -203,9 +212,4 @@ export class DeviceTrustCryptoService implements DeviceTrustCryptoServiceAbstrac
       return null;
     }
   }
-
-  async supportsDeviceTrust(): Promise<boolean> {
-    const decryptionOptions = await this.stateService.getAccountDecryptionOptions();
-    return decryptionOptions?.trustedDeviceOption != null;
-  }
 }

libs/common/src/auth/services/device-trust-crypto.service.spec.ts

@@ -1,6 +1,9 @@
 import { matches, mock } from "jest-mock-extended";
-import { of } from "rxjs";
+import { BehaviorSubject, of } from "rxjs";
 
+import { UserDecryptionOptionsServiceAbstraction } from "@bitwarden/auth/common";
+
+import { UserDecryptionOptions } from "../../../../auth/src/common/models/domain/user-decryption-options";
 import { DeviceType } from "../../enums";
 import { AppIdService } from "../../platform/abstractions/app-id.service";
 import { CryptoFunctionService } from "../../platform/abstractions/crypto-function.service";
@@ -34,10 +37,16 @@ describe("deviceTrustCryptoService", () => {
   const devicesApiService = mock<DevicesApiServiceAbstraction>();
   const i18nService = mock<I18nService>();
   const platformUtilsService = mock<PlatformUtilsService>();
+  const userDecryptionOptionsService = mock<UserDecryptionOptionsServiceAbstraction>();
+
+  const decryptionOptions = new BehaviorSubject<UserDecryptionOptions>(null);
 
   beforeEach(() => {
     jest.clearAllMocks();
 
+    decryptionOptions.next({} as any);
+    userDecryptionOptionsService.userDecryptionOptions$ = decryptionOptions;
+
     deviceTrustCryptoService = new DeviceTrustCryptoService(
       keyGenerationService,
       cryptoFunctionService,
@@ -48,6 +57,7 @@ describe("deviceTrustCryptoService", () => {
       devicesApiService,
       i18nService,
       platformUtilsService,
+      userDecryptionOptionsService,
     );
   });
 

libs/common/src/auth/services/user-verification/user-verification.service.ts

@@ -1,3 +1,7 @@
+import { firstValueFrom } from "rxjs";
+
+import { UserDecryptionOptionsServiceAbstraction } from "@bitwarden/auth/common";
+
 import { PinCryptoServiceAbstraction } from "../../../../../auth/src/common/abstractions/pin-crypto.service.abstraction";
 import { VaultTimeoutSettingsService as VaultTimeoutSettingsServiceAbstraction } from "../../../abstractions/vault-timeout/vault-timeout-settings.service";
 import { CryptoService } from "../../../platform/abstractions/crypto.service";
@@ -33,6 +37,7 @@ export class UserVerificationService implements UserVerificationServiceAbstracti
     private cryptoService: CryptoService,
     private i18nService: I18nService,
     private userVerificationApiService: UserVerificationApiServiceAbstraction,
+    private userDecryptionOptionsService: UserDecryptionOptionsServiceAbstraction,
     private pinCryptoService: PinCryptoServiceAbstraction,
     private logService: LogService,
     private vaultTimeoutSettingsService: VaultTimeoutSettingsServiceAbstraction,
@@ -135,7 +140,6 @@ export class UserVerificationService implements UserVerificationServiceAbstracti
       case VerificationType.MasterPassword:
         return this.verifyUserByMasterPassword(verification);
       case VerificationType.PIN:
-        return this.verifyUserByPIN(verification);
         break;
       case VerificationType.Biometrics:
         return this.verifyUserByBiometrics();
@@ -210,16 +214,19 @@ export class UserVerificationService implements UserVerificationServiceAbstracti
    * Note: This only checks the server, not the local state
    * @param userId The user id to check. If not provided, the current user is used
    * @returns True if the user has a master password
+   * @deprecated Use UserDecryptionOptionsService.hasMasterPassword$ instead
    */
   async hasMasterPassword(userId?: string): Promise<boolean> {
-    const decryptionOptions = await this.stateService.getAccountDecryptionOptions({ userId });
+    if (userId) {
+      const decryptionOptions = await firstValueFrom(
+        this.userDecryptionOptionsService.userDecryptionOptionsById$(userId),
+      );
 
-    if (decryptionOptions?.hasMasterPassword != undefined) {
-      return decryptionOptions.hasMasterPassword;
+      if (decryptionOptions?.hasMasterPassword != undefined) {
+        return decryptionOptions.hasMasterPassword;
+      }
     }
-
-    // TODO: PM-3518 - Left for backwards compatibility, remove after 2023.12.0
-    return !(await this.stateService.getUsesKeyConnector({ userId }));
+    return await firstValueFrom(this.userDecryptionOptionsService.hasMasterPassword$);
   }
 
   async hasMasterPasswordAndMasterKeyHash(userId?: string): Promise<boolean> {