Merge branch 'master' into feature/org-admin-refresh

libs/common/spec/importers/bitwardenJsonImporter.spec.ts

@@ -1,3 +1,4 @@
+// eslint-disable-next-line no-restricted-imports
 import { Substitute, SubstituteOf } from "@fluffy-spoon/substitute";
 
 import { CryptoService } from "@bitwarden/common/abstractions/crypto.service";

libs/common/spec/importers/bitwardenPasswordProtectedImporter.spec.ts

@@ -1,3 +1,4 @@
+// eslint-disable-next-line no-restricted-imports
 import { Substitute, Arg, SubstituteOf } from "@fluffy-spoon/substitute";
 
 import { CryptoService } from "@bitwarden/common/abstractions/crypto.service";

libs/common/spec/misc/logInStrategies/apiLogIn.strategy.spec.ts

@@ -1,3 +1,4 @@
+// eslint-disable-next-line no-restricted-imports
 import { Arg, Substitute, SubstituteOf } from "@fluffy-spoon/substitute";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";

libs/common/spec/misc/logInStrategies/logIn.strategy.spec.ts

@@ -1,3 +1,4 @@
+// eslint-disable-next-line no-restricted-imports
 import { Arg, Substitute, SubstituteOf } from "@fluffy-spoon/substitute";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";

libs/common/spec/misc/logInStrategies/passwordLogIn.strategy.spec.ts

@@ -1,3 +1,4 @@
+// eslint-disable-next-line no-restricted-imports
 import { Arg, Substitute, SubstituteOf } from "@fluffy-spoon/substitute";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";

libs/common/spec/misc/logInStrategies/ssoLogIn.strategy.spec.ts

@@ -1,3 +1,4 @@
+// eslint-disable-next-line no-restricted-imports
 import { Arg, Substitute, SubstituteOf } from "@fluffy-spoon/substitute";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";

libs/common/spec/models/domain/cipher.spec.ts

@@ -1,3 +1,4 @@
+// eslint-disable-next-line no-restricted-imports
 import { Substitute, Arg } from "@fluffy-spoon/substitute";
 import { Jsonify } from "type-fest";
 

libs/common/spec/models/domain/encString.spec.ts

@@ -1,3 +1,4 @@
+// eslint-disable-next-line no-restricted-imports
 import { Substitute, Arg } from "@fluffy-spoon/substitute";
 import { mock, MockProxy } from "jest-mock-extended";
 

libs/common/spec/models/domain/login.spec.ts

@@ -1,3 +1,4 @@
+// eslint-disable-next-line no-restricted-imports
 import { Substitute, Arg } from "@fluffy-spoon/substitute";
 
 import { UriMatchType } from "@bitwarden/common/enums/uriMatchType";

libs/common/spec/models/domain/send.spec.ts

@@ -1,3 +1,4 @@
+// eslint-disable-next-line no-restricted-imports
 import { Substitute, Arg, SubstituteOf } from "@fluffy-spoon/substitute";
 
 import { AbstractEncryptService } from "@bitwarden/common/abstractions/abstractEncrypt.service";

libs/common/spec/models/domain/sendAccess.spec.ts

@@ -1,3 +1,4 @@
+// eslint-disable-next-line no-restricted-imports
 import { Substitute, Arg } from "@fluffy-spoon/substitute";
 
 import { SendType } from "@bitwarden/common/enums/sendType";

libs/common/spec/services/cipher.service.spec.ts

@@ -1,3 +1,4 @@
+// eslint-disable-next-line no-restricted-imports
 import { Arg, Substitute, SubstituteOf } from "@fluffy-spoon/substitute";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";

libs/common/spec/services/export.service.spec.ts

@@ -1,3 +1,4 @@
+// eslint-disable-next-line no-restricted-imports
 import { Arg, Substitute, SubstituteOf } from "@fluffy-spoon/substitute";
 import { BehaviorSubject } from "rxjs";
 

libs/common/spec/services/folder.service.spec.ts

@@ -1,3 +1,4 @@
+// eslint-disable-next-line no-restricted-imports
 import { Arg, Substitute, SubstituteOf } from "@fluffy-spoon/substitute";
 import { BehaviorSubject, firstValueFrom } from "rxjs";
 

libs/common/spec/services/import.service.spec.ts

@@ -1,3 +1,4 @@
+// eslint-disable-next-line no-restricted-imports
 import { Substitute, SubstituteOf } from "@fluffy-spoon/substitute";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";

libs/common/spec/services/policy.service.spec.ts

@@ -0,0 +1,357 @@
+// eslint-disable-next-line no-restricted-imports
+import { Arg, Substitute, SubstituteOf } from "@fluffy-spoon/substitute";
+import { BehaviorSubject, firstValueFrom } from "rxjs";
+
+import { CryptoService } from "@bitwarden/common/abstractions/crypto.service";
+import { OrganizationService } from "@bitwarden/common/abstractions/organization/organization.service.abstraction";
+import { OrganizationUserStatusType } from "@bitwarden/common/enums/organizationUserStatusType";
+import { PolicyType } from "@bitwarden/common/enums/policyType";
+import { PermissionsApi } from "@bitwarden/common/models/api/permissionsApi";
+import { OrganizationData } from "@bitwarden/common/models/data/organizationData";
+import { PolicyData } from "@bitwarden/common/models/data/policyData";
+import { MasterPasswordPolicyOptions } from "@bitwarden/common/models/domain/masterPasswordPolicyOptions";
+import { Organization } from "@bitwarden/common/models/domain/organization";
+import { Policy } from "@bitwarden/common/models/domain/policy";
+import { ResetPasswordPolicyOptions } from "@bitwarden/common/models/domain/resetPasswordPolicyOptions";
+import { ListResponse } from "@bitwarden/common/models/response/listResponse";
+import { PolicyResponse } from "@bitwarden/common/models/response/policyResponse";
+import { ContainerService } from "@bitwarden/common/services/container.service";
+import { EncryptService } from "@bitwarden/common/services/encrypt.service";
+import { PolicyService } from "@bitwarden/common/services/policy/policy.service";
+import { StateService } from "@bitwarden/common/services/state.service";
+
+describe("PolicyService", () => {
+  let policyService: PolicyService;
+
+  let cryptoService: SubstituteOf<CryptoService>;
+  let stateService: SubstituteOf<StateService>;
+  let organizationService: SubstituteOf<OrganizationService>;
+  let encryptService: SubstituteOf<EncryptService>;
+  let activeAccount: BehaviorSubject<string>;
+  let activeAccountUnlocked: BehaviorSubject<boolean>;
+
+  beforeEach(() => {
+    stateService = Substitute.for();
+    organizationService = Substitute.for();
+    organizationService
+      .getAll("user")
+      .resolves([
+        new Organization(
+          organizationData(
+            "test-organization",
+            true,
+            true,
+            OrganizationUserStatusType.Accepted,
+            false
+          )
+        ),
+      ]);
+    organizationService.getAll(undefined).resolves([]);
+    organizationService.getAll(null).resolves([]);
+    activeAccount = new BehaviorSubject("123");
+    activeAccountUnlocked = new BehaviorSubject(true);
+    stateService.getEncryptedPolicies().resolves({
+      "1": policyData("1", "test-organization", PolicyType.MaximumVaultTimeout, true, {
+        minutes: 14,
+      }),
+    });
+    stateService.activeAccount$.returns(activeAccount);
+    stateService.activeAccountUnlocked$.returns(activeAccountUnlocked);
+    stateService.getUserId().resolves("user");
+    (window as any).bitwardenContainerService = new ContainerService(cryptoService, encryptService);
+
+    policyService = new PolicyService(stateService, organizationService);
+  });
+
+  afterEach(() => {
+    activeAccount.complete();
+    activeAccountUnlocked.complete();
+  });
+
+  it("upsert", async () => {
+    await policyService.upsert(policyData("99", "test-organization", PolicyType.DisableSend, true));
+
+    expect(await firstValueFrom(policyService.policies$)).toEqual([
+      {
+        id: "1",
+        organizationId: "test-organization",
+        type: PolicyType.MaximumVaultTimeout,
+        enabled: true,
+        data: { minutes: 14 },
+      },
+      {
+        id: "99",
+        organizationId: "test-organization",
+        type: PolicyType.DisableSend,
+        enabled: true,
+      },
+    ]);
+  });
+
+  it("replace", async () => {
+    await policyService.replace({
+      "2": policyData("2", "test-organization", PolicyType.DisableSend, true),
+    });
+
+    expect(await firstValueFrom(policyService.policies$)).toEqual([
+      {
+        id: "2",
+        organizationId: "test-organization",
+        type: PolicyType.DisableSend,
+        enabled: true,
+      },
+    ]);
+  });
+
+  it("locking should clear", async () => {
+    activeAccountUnlocked.next(false);
+    // Sleep for 100ms to avoid timing issues
+    await new Promise((r) => setTimeout(r, 100));
+
+    expect((await firstValueFrom(policyService.policies$)).length).toBe(0);
+  });
+
+  describe("clear", () => {
+    it("null userId", async () => {
+      await policyService.clear();
+
+      stateService.received(1).setEncryptedPolicies(Arg.any(), Arg.any());
+
+      expect((await firstValueFrom(policyService.policies$)).length).toBe(0);
+    });
+
+    it("matching userId", async () => {
+      await policyService.clear("user");
+
+      stateService.received(1).setEncryptedPolicies(Arg.any(), Arg.any());
+
+      expect((await firstValueFrom(policyService.policies$)).length).toBe(0);
+    });
+
+    it("mismatching userId", async () => {
+      await policyService.clear("12");
+
+      stateService.received(1).setEncryptedPolicies(Arg.any(), Arg.any());
+
+      expect((await firstValueFrom(policyService.policies$)).length).toBe(1);
+    });
+  });
+
+  describe("masterPasswordPolicyOptions", () => {
+    it("returns default policy options", async () => {
+      const data: any = {
+        minComplexity: 5,
+        minLength: 20,
+        requireUpper: true,
+      };
+      const model = [
+        new Policy(policyData("1", "test-organization-3", PolicyType.MasterPassword, true, data)),
+      ];
+      const result = await firstValueFrom(policyService.masterPasswordPolicyOptions$(model));
+
+      expect(result).toEqual({
+        minComplexity: 5,
+        minLength: 20,
+        requireLower: false,
+        requireNumbers: false,
+        requireSpecial: false,
+        requireUpper: true,
+      });
+    });
+
+    it("returns null", async () => {
+      const data: any = {};
+      const model = [
+        new Policy(
+          policyData("3", "test-organization-3", PolicyType.DisablePersonalVaultExport, true, data)
+        ),
+        new Policy(
+          policyData("4", "test-organization-3", PolicyType.MaximumVaultTimeout, true, data)
+        ),
+      ];
+
+      const result = await firstValueFrom(policyService.masterPasswordPolicyOptions$(model));
+
+      expect(result).toEqual(null);
+    });
+
+    it("returns specified policy options", async () => {
+      const data: any = {
+        minLength: 14,
+      };
+      const model = [
+        new Policy(
+          policyData("3", "test-organization-3", PolicyType.DisablePersonalVaultExport, true, data)
+        ),
+        new Policy(policyData("4", "test-organization-3", PolicyType.MasterPassword, true, data)),
+      ];
+
+      const result = await firstValueFrom(policyService.masterPasswordPolicyOptions$(model));
+
+      expect(result).toEqual({
+        minComplexity: 0,
+        minLength: 14,
+        requireLower: false,
+        requireNumbers: false,
+        requireSpecial: false,
+        requireUpper: false,
+      });
+    });
+  });
+
+  describe("evaluateMasterPassword", () => {
+    it("false", async () => {
+      const enforcedPolicyOptions = new MasterPasswordPolicyOptions();
+      enforcedPolicyOptions.minLength = 14;
+      const result = policyService.evaluateMasterPassword(10, "password", enforcedPolicyOptions);
+
+      expect(result).toEqual(false);
+    });
+
+    it("true", async () => {
+      const enforcedPolicyOptions = new MasterPasswordPolicyOptions();
+      const result = policyService.evaluateMasterPassword(0, "password", enforcedPolicyOptions);
+
+      expect(result).toEqual(true);
+    });
+  });
+
+  describe("getResetPasswordPolicyOptions", () => {
+    it("default", async () => {
+      const result = policyService.getResetPasswordPolicyOptions(null, null);
+
+      expect(result).toEqual([new ResetPasswordPolicyOptions(), false]);
+    });
+
+    it("returns autoEnrollEnabled true", async () => {
+      const data: any = {
+        autoEnrollEnabled: true,
+      };
+      const policies = [
+        new Policy(policyData("5", "test-organization-3", PolicyType.ResetPassword, true, data)),
+      ];
+      const result = policyService.getResetPasswordPolicyOptions(policies, "test-organization-3");
+
+      expect(result).toEqual([{ autoEnrollEnabled: true }, true]);
+    });
+  });
+
+  describe("mapPoliciesFromToken", () => {
+    it("null", async () => {
+      const result = policyService.mapPoliciesFromToken(null);
+
+      expect(result).toEqual(null);
+    });
+
+    it("null data", async () => {
+      const model = new ListResponse(null, PolicyResponse);
+      model.data = null;
+      const result = policyService.mapPoliciesFromToken(model);
+
+      expect(result).toEqual(null);
+    });
+
+    it("empty array", async () => {
+      const model = new ListResponse(null, PolicyResponse);
+      const result = policyService.mapPoliciesFromToken(model);
+
+      expect(result).toEqual([]);
+    });
+
+    it("success", async () => {
+      const policyResponse: any = {
+        Data: [
+          {
+            Id: "1",
+            OrganizationId: "organization-1",
+            Type: PolicyType.DisablePersonalVaultExport,
+            Enabled: true,
+            Data: { requireUpper: true },
+          },
+          {
+            Id: "2",
+            OrganizationId: "organization-2",
+            Type: PolicyType.DisableSend,
+            Enabled: false,
+            Data: { minComplexity: 5, minLength: 20 },
+          },
+        ],
+      };
+      const model = new ListResponse(policyResponse, PolicyResponse);
+      const result = policyService.mapPoliciesFromToken(model);
+
+      expect(result).toEqual([
+        new Policy(
+          policyData("1", "organization-1", PolicyType.DisablePersonalVaultExport, true, {
+            requireUpper: true,
+          })
+        ),
+        new Policy(
+          policyData("2", "organization-2", PolicyType.DisableSend, false, {
+            minComplexity: 5,
+            minLength: 20,
+          })
+        ),
+      ]);
+    });
+  });
+
+  describe("policyAppliesToActiveUser", () => {
+    it("MasterPassword does not apply", async () => {
+      const result = await firstValueFrom(
+        policyService.policyAppliesToActiveUser$(PolicyType.MasterPassword)
+      );
+
+      expect(result).toEqual(false);
+    });
+
+    it("MaximumVaultTimeout applies", async () => {
+      const result = await firstValueFrom(
+        policyService.policyAppliesToActiveUser$(PolicyType.MaximumVaultTimeout)
+      );
+
+      expect(result).toEqual(true);
+    });
+
+    it("DisablePersonalVaultExport does not apply", async () => {
+      const result = await firstValueFrom(
+        policyService.policyAppliesToActiveUser$(PolicyType.DisablePersonalVaultExport)
+      );
+
+      expect(result).toEqual(false);
+    });
+  });
+
+  function policyData(
+    id: string,
+    organizationId: string,
+    type: PolicyType,
+    enabled: boolean,
+    data?: any
+  ) {
+    const policyData = new PolicyData({} as any);
+    policyData.id = id;
+    policyData.organizationId = organizationId;
+    policyData.type = type;
+    policyData.enabled = enabled;
+    policyData.data = data;
+
+    return policyData;
+  }
+
+  function organizationData(
+    id: string,
+    enabled: boolean,
+    usePolicies: boolean,
+    status: OrganizationUserStatusType,
+    managePolicies: boolean
+  ) {
+    const organizationData = new OrganizationData({} as any);
+    organizationData.id = id;
+    organizationData.enabled = enabled;
+    organizationData.usePolicies = usePolicies;
+    organizationData.status = status;
+    organizationData.permissions = new PermissionsApi({ managePolicies: managePolicies } as any);
+    return organizationData;
+  }
+});

libs/common/spec/services/settings.service.spec.ts

@@ -1,3 +1,4 @@
+// eslint-disable-next-line no-restricted-imports
 import { Arg, Substitute, SubstituteOf } from "@fluffy-spoon/substitute";
 import { BehaviorSubject, firstValueFrom } from "rxjs";
 

libs/common/spec/services/stateMigration.service.spec.ts

@@ -1,3 +1,4 @@
+// eslint-disable-next-line no-restricted-imports
 import { Arg, Substitute, SubstituteOf } from "@fluffy-spoon/substitute";
 
 import { AbstractStorageService } from "@bitwarden/common/abstractions/storage.service";

libs/common/spec/utils.ts

@@ -1,3 +1,4 @@
+// eslint-disable-next-line no-restricted-imports
 import { Substitute, Arg } from "@fluffy-spoon/substitute";
 
 import { EncString } from "@bitwarden/common/models/domain/encString";

libs/common/spec/web/services/webCryptoFunction.service.spec.ts

@@ -1,3 +1,4 @@
+// eslint-disable-next-line no-restricted-imports
 import { Substitute } from "@fluffy-spoon/substitute";
 
 import { PlatformUtilsService } from "@bitwarden/common/abstractions/platformUtils.service";

libs/common/src/abstractions/policy/policy-api.service.abstraction.ts

@@ -1,6 +1,5 @@
 import { PolicyType } from "../../enums/policyType";
 import { MasterPasswordPolicyOptions } from "../../models/domain/masterPasswordPolicyOptions";
-import { Policy } from "../../models/domain/policy";
 import { PolicyRequest } from "../../models/request/policyRequest";
 import { ListResponse } from "../../models/response/listResponse";
 import { PolicyResponse } from "../../models/response/policyResponse";
@@ -18,7 +17,6 @@ export class PolicyApiServiceAbstraction {
     organizationId: string,
     userId: string
   ) => Promise<ListResponse<PolicyResponse>>;
-  getPolicyForOrganization: (policyType: PolicyType, organizationId: string) => Promise<Policy>;
   getMasterPasswordPoliciesForInvitedUsers: (orgId: string) => Promise<MasterPasswordPolicyOptions>;
   putPolicy: (organizationId: string, type: PolicyType, request: PolicyRequest) => Promise<any>;
 }

libs/common/src/abstractions/policy/policy.service.abstraction.ts

@@ -1,3 +1,5 @@
+import { Observable } from "rxjs";
+
 import { PolicyType } from "../../enums/policyType";
 import { PolicyData } from "../../models/data/policyData";
 import { MasterPasswordPolicyOptions } from "../../models/domain/masterPasswordPolicyOptions";
@@ -7,9 +9,17 @@ import { ListResponse } from "../../models/response/listResponse";
 import { PolicyResponse } from "../../models/response/policyResponse";
 
 export abstract class PolicyService {
-  getAll: (type?: PolicyType, userId?: string) => Promise<Policy[]>;
+  policies$: Observable<Policy[]>;
+  masterPasswordPolicyOptions$: (policies?: Policy[]) => Observable<MasterPasswordPolicyOptions>;
+  policyAppliesToActiveUser$: (
+    policyType: PolicyType,
+    policyFilter?: (policy: Policy) => boolean
+  ) => Observable<boolean>;
 
-  getMasterPasswordPolicyOptions: (policies?: Policy[]) => Promise<MasterPasswordPolicyOptions>;
+  /**
+   * @deprecated Do not call this, use the policies$ observable collection
+   */
+  getAll: (type?: PolicyType, userId?: string) => Promise<Policy[]>;
   evaluateMasterPassword: (
     passwordStrength: number,
     newPassword: string,
@@ -29,6 +39,6 @@ export abstract class PolicyService {
 
 export abstract class InternalPolicyService extends PolicyService {
   upsert: (policy: PolicyData) => Promise<any>;
-  replace: (policies: { [id: string]: PolicyData }) => Promise<any>;
+  replace: (policies: { [id: string]: PolicyData }) => Promise<void>;
   clear: (userId?: string) => Promise<any>;
 }

libs/common/src/abstractions/state.service.ts

@@ -103,7 +103,13 @@ export abstract class StateService<T extends Account = Account> {
   ) => Promise<void>;
   getDecryptedPinProtected: (options?: StorageOptions) => Promise<EncString>;
   setDecryptedPinProtected: (value: EncString, options?: StorageOptions) => Promise<void>;
+  /**
+   * @deprecated Do not call this, use PolicyService
+   */
   getDecryptedPolicies: (options?: StorageOptions) => Promise<Policy[]>;
+  /**
+   * @deprecated Do not call this, use PolicyService
+   */
   setDecryptedPolicies: (value: Policy[], options?: StorageOptions) => Promise<void>;
   getDecryptedPrivateKey: (options?: StorageOptions) => Promise<ArrayBuffer>;
   setDecryptedPrivateKey: (value: ArrayBuffer, options?: StorageOptions) => Promise<void>;
@@ -214,7 +220,13 @@ export abstract class StateService<T extends Account = Account> {
   ) => Promise<void>;
   getEncryptedPinProtected: (options?: StorageOptions) => Promise<string>;
   setEncryptedPinProtected: (value: string, options?: StorageOptions) => Promise<void>;
+  /**
+   * @deprecated Do not call this directly, use PolicyService
+   */
   getEncryptedPolicies: (options?: StorageOptions) => Promise<{ [id: string]: PolicyData }>;
+  /**
+   * @deprecated Do not call this directly, use PolicyService
+   */
   setEncryptedPolicies: (
     value: { [id: string]: PolicyData },
     options?: StorageOptions

libs/common/src/abstractions/validation.service.ts

@@ -0,0 +1,3 @@
+export abstract class ValidationService {
+  showError: (data: any) => string[];
+}

libs/common/src/misc/utils.ts

@@ -339,6 +339,12 @@ export class Utils {
     return str == null || typeof str !== "string" || str == "";
   }
 
+  static isPromise(obj: any): obj is Promise<unknown> {
+    return (
+      obj != undefined && typeof obj["then"] === "function" && typeof obj["catch"] === "function"
+    );
+  }
+
   static nameOf<T>(name: string & keyof T) {
     return name;
   }

libs/common/src/services/noopEvent.service.ts

@@ -1,24 +0,0 @@
-import { EventService } from "../abstractions/event.service";
-import { EventType } from "../enums/eventType";
-
-/**
- * If you want to use this, don't.
- * If you think you should use that after the warning, don't.
- */
-export class NoopEventService implements EventService {
-  constructor() {
-    if (chrome.runtime.getManifest().manifest_version !== 3) {
-      throw new Error("You are not allowed to use this when not in manifest_version 3");
-    }
-  }
-
-  collect(eventType: EventType, cipherId?: string, uploadImmediately?: boolean) {
-    return Promise.resolve();
-  }
-  uploadEvents(userId?: string) {
-    return Promise.resolve();
-  }
-  clearEvents(userId?: string) {
-    return Promise.resolve();
-  }
-}

libs/common/src/services/passwordGeneration.service.ts

@@ -1,3 +1,4 @@
+import { firstValueFrom, map } from "rxjs";
 import * as zxcvbn from "zxcvbn";
 
 import { CryptoService } from "../abstractions/crypto.service";
@@ -258,7 +259,11 @@ export class PasswordGenerationService implements PasswordGenerationServiceAbstr
     const policies: Policy[] =
       this.policyService == null
         ? null
-        : await this.policyService.getAll(PolicyType.PasswordGenerator);
+        : await firstValueFrom(
+            this.policyService.policies$.pipe(
+              map((p) => p.filter((policy) => policy.type === PolicyType.PasswordGenerator))
+            )
+          );
     let enforcedOptions: PasswordGeneratorPolicyOptions = null;
 
     if (policies == null || policies.length === 0) {

libs/common/src/services/policy/policy-api.service.ts

@@ -1,3 +1,5 @@
+import { firstValueFrom } from "rxjs";
+
 import { ApiService } from "../../abstractions/api.service";
 import { OrganizationService } from "../../abstractions/organization/organization.service.abstraction";
 import { PolicyApiServiceAbstraction } from "../../abstractions/policy/policy-api.service.abstraction";
@@ -6,7 +8,6 @@ import { StateService } from "../../abstractions/state.service";
 import { PolicyType } from "../../enums/policyType";
 import { PolicyData } from "../../models/data/policyData";
 import { MasterPasswordPolicyOptions } from "../../models/domain/masterPasswordPolicyOptions";
-import { Policy } from "../../models/domain/policy";
 import { PolicyRequest } from "../../models/request/policyRequest";
 import { ListResponse } from "../../models/response/listResponse";
 import { PolicyResponse } from "../../models/response/policyResponse";
@@ -79,30 +80,13 @@ export class PolicyApiService implements PolicyApiServiceAbstraction {
     return new ListResponse(r, PolicyResponse);
   }
 
-  async getPolicyForOrganization(policyType: PolicyType, organizationId: string): Promise<Policy> {
-    const org = await this.organizationService.get(organizationId);
-    if (org?.isProviderUser) {
-      const orgPolicies = await this.getPolicies(organizationId);
-      const policy = orgPolicies.data.find((p) => p.organizationId === organizationId);
-
-      if (policy == null) {
-        return null;
-      }
-
-      return new Policy(new PolicyData(policy));
-    }
-
-    const policies = await this.policyService.getAll(policyType);
-    return policies.find((p) => p.organizationId === organizationId);
-  }
-
   async getMasterPasswordPoliciesForInvitedUsers(
     orgId: string
   ): Promise<MasterPasswordPolicyOptions> {
     const userId = await this.stateService.getUserId();
     const response = await this.getPoliciesByInvitedUser(orgId, userId);
     const policies = await this.policyService.mapPoliciesFromToken(response);
-    return this.policyService.getMasterPasswordPolicyOptions(policies);
+    return await firstValueFrom(this.policyService.masterPasswordPolicyOptions$(policies));
   }
 
   async putPolicy(organizationId: string, type: PolicyType, request: PolicyRequest): Promise<any> {

libs/common/src/services/policy/policy.service.ts

@@ -1,9 +1,12 @@
+import { of, concatMap, BehaviorSubject, Observable, map } from "rxjs";
+
 import { OrganizationService } from "../../abstractions/organization/organization.service.abstraction";
 import { InternalPolicyService as InternalPolicyServiceAbstraction } from "../../abstractions/policy/policy.service.abstraction";
 import { StateService } from "../../abstractions/state.service";
 import { OrganizationUserStatusType } from "../../enums/organizationUserStatusType";
 import { OrganizationUserType } from "../../enums/organizationUserType";
 import { PolicyType } from "../../enums/policyType";
+import { Utils } from "../../misc/utils";
 import { PolicyData } from "../../models/data/policyData";
 import { MasterPasswordPolicyOptions } from "../../models/domain/masterPasswordPolicyOptions";
 import { Organization } from "../../models/domain/organization";
@@ -13,13 +16,37 @@ import { ListResponse } from "../../models/response/listResponse";
 import { PolicyResponse } from "../../models/response/policyResponse";
 
 export class PolicyService implements InternalPolicyServiceAbstraction {
-  policyCache: Policy[];
+  private _policies: BehaviorSubject<Policy[]> = new BehaviorSubject([]);
+
+  policies$ = this._policies.asObservable();
 
   constructor(
     private stateService: StateService,
     private organizationService: OrganizationService
-  ) {}
+  ) {
+    this.stateService.activeAccountUnlocked$
+      .pipe(
+        concatMap(async (unlocked) => {
+          if (Utils.global.bitwardenContainerService == null) {
+            return;
+          }
 
+          if (!unlocked) {
+            this._policies.next([]);
+            return;
+          }
+
+          const data = await this.stateService.getEncryptedPolicies();
+
+          await this.updateObservables(data);
+        })
+      )
+      .subscribe();
+  }
+
+  /**
+   * @deprecated Do not call this, use the policies$ observable collection
+   */
   async getAll(type?: PolicyType, userId?: string): Promise<Policy[]> {
     let response: Policy[] = [];
     const decryptedPolicies = await this.stateService.getDecryptedPolicies({ userId: userId });
@@ -28,8 +55,7 @@ export class PolicyService implements InternalPolicyServiceAbstraction {
     } else {
       const diskPolicies = await this.stateService.getEncryptedPolicies({ userId: userId });
       for (const id in diskPolicies) {
-        // eslint-disable-next-line
-        if (diskPolicies.hasOwnProperty(id)) {
+        if (Object.prototype.hasOwnProperty.call(diskPolicies, id)) {
           response.push(new Policy(diskPolicies[id]));
         }
       }
@@ -42,60 +68,72 @@ export class PolicyService implements InternalPolicyServiceAbstraction {
     }
   }
 
-  async getMasterPasswordPolicyOptions(policies?: Policy[]): Promise<MasterPasswordPolicyOptions> {
-    let enforcedOptions: MasterPasswordPolicyOptions = null;
+  masterPasswordPolicyOptions$(policies?: Policy[]): Observable<MasterPasswordPolicyOptions> {
+    const observable = policies ? of(policies) : this.policies$;
+    return observable.pipe(
+      map((obsPolicies) => {
+        let enforcedOptions: MasterPasswordPolicyOptions = null;
+        const filteredPolicies = obsPolicies.filter((p) => p.type === PolicyType.MasterPassword);
 
-    if (policies == null) {
-      policies = await this.getAll(PolicyType.MasterPassword);
-    } else {
-      policies = policies.filter((p) => p.type === PolicyType.MasterPassword);
-    }
+        if (filteredPolicies == null || filteredPolicies.length === 0) {
+          return enforcedOptions;
+        }
 
-    if (policies == null || policies.length === 0) {
-      return enforcedOptions;
-    }
+        filteredPolicies.forEach((currentPolicy) => {
+          if (!currentPolicy.enabled || currentPolicy.data == null) {
+            return;
+          }
 
-    policies.forEach((currentPolicy) => {
-      if (!currentPolicy.enabled || currentPolicy.data == null) {
-        return;
-      }
+          if (enforcedOptions == null) {
+            enforcedOptions = new MasterPasswordPolicyOptions();
+          }
 
-      if (enforcedOptions == null) {
-        enforcedOptions = new MasterPasswordPolicyOptions();
-      }
+          if (
+            currentPolicy.data.minComplexity != null &&
+            currentPolicy.data.minComplexity > enforcedOptions.minComplexity
+          ) {
+            enforcedOptions.minComplexity = currentPolicy.data.minComplexity;
+          }
 
-      if (
-        currentPolicy.data.minComplexity != null &&
-        currentPolicy.data.minComplexity > enforcedOptions.minComplexity
-      ) {
-        enforcedOptions.minComplexity = currentPolicy.data.minComplexity;
-      }
+          if (
+            currentPolicy.data.minLength != null &&
+            currentPolicy.data.minLength > enforcedOptions.minLength
+          ) {
+            enforcedOptions.minLength = currentPolicy.data.minLength;
+          }
 
-      if (
-        currentPolicy.data.minLength != null &&
-        currentPolicy.data.minLength > enforcedOptions.minLength
-      ) {
-        enforcedOptions.minLength = currentPolicy.data.minLength;
-      }
+          if (currentPolicy.data.requireUpper) {
+            enforcedOptions.requireUpper = true;
+          }
 
-      if (currentPolicy.data.requireUpper) {
-        enforcedOptions.requireUpper = true;
-      }
+          if (currentPolicy.data.requireLower) {
+            enforcedOptions.requireLower = true;
+          }
 
-      if (currentPolicy.data.requireLower) {
-        enforcedOptions.requireLower = true;
-      }
+          if (currentPolicy.data.requireNumbers) {
+            enforcedOptions.requireNumbers = true;
+          }
 
-      if (currentPolicy.data.requireNumbers) {
-        enforcedOptions.requireNumbers = true;
-      }
+          if (currentPolicy.data.requireSpecial) {
+            enforcedOptions.requireSpecial = true;
+          }
+        });
 
-      if (currentPolicy.data.requireSpecial) {
-        enforcedOptions.requireSpecial = true;
-      }
-    });
+        return enforcedOptions;
+      })
+    );
+  }
 
-    return enforcedOptions;
+  policyAppliesToActiveUser$(
+    policyType: PolicyType,
+    policyFilter: (policy: Policy) => boolean = (p) => true
+  ) {
+    return this.policies$.pipe(
+      concatMap(async (policies) => {
+        const userId = await this.stateService.getUserId();
+        return await this.checkPoliciesThatApplyToUser(policies, policyType, policyFilter, userId);
+      })
+    );
   }
 
   evaluateMasterPassword(
@@ -174,25 +212,8 @@ export class PolicyService implements InternalPolicyServiceAbstraction {
     userId?: string
   ) {
     const policies = await this.getAll(policyType, userId);
-    const organizations = await this.organizationService.getAll(userId);
-    let filteredPolicies;
 
-    if (policyFilter != null) {
-      filteredPolicies = policies.filter((p) => p.enabled && policyFilter(p));
-    } else {
-      filteredPolicies = policies.filter((p) => p.enabled);
-    }
-
-    const policySet = new Set(filteredPolicies.map((p) => p.organizationId));
-
-    return organizations.some(
-      (o) =>
-        o.enabled &&
-        o.status >= OrganizationUserStatusType.Accepted &&
-        o.usePolicies &&
-        !this.isExcemptFromPolicies(o, policyType) &&
-        policySet.has(o.id)
-    );
+    return this.checkPoliciesThatApplyToUser(policies, policyType, policyFilter, userId);
   }
 
   async upsert(policy: PolicyData): Promise<any> {
@@ -203,17 +224,19 @@ export class PolicyService implements InternalPolicyServiceAbstraction {
 
     policies[policy.id] = policy;
 
-    await this.stateService.setDecryptedPolicies(null);
+    await this.updateObservables(policies);
     await this.stateService.setEncryptedPolicies(policies);
   }
 
-  async replace(policies: { [id: string]: PolicyData }): Promise<any> {
-    await this.stateService.setDecryptedPolicies(null);
+  async replace(policies: { [id: string]: PolicyData }): Promise<void> {
+    await this.updateObservables(policies);
     await this.stateService.setEncryptedPolicies(policies);
   }
 
-  async clear(userId?: string): Promise<any> {
-    await this.stateService.setDecryptedPolicies(null, { userId: userId });
+  async clear(userId?: string): Promise<void> {
+    if (userId == null || userId == (await this.stateService.getUserId())) {
+      this._policies.next([]);
+    }
     await this.stateService.setEncryptedPolicies(null, { userId: userId });
   }
 
@@ -224,4 +247,32 @@ export class PolicyService implements InternalPolicyServiceAbstraction {
 
     return organization.isExemptFromPolicies;
   }
+
+  private async updateObservables(policiesMap: { [id: string]: PolicyData }) {
+    const policies = Object.values(policiesMap || {}).map((f) => new Policy(f));
+
+    this._policies.next(policies);
+  }
+
+  private async checkPoliciesThatApplyToUser(
+    policies: Policy[],
+    policyType: PolicyType,
+    policyFilter: (policy: Policy) => boolean = (p) => true,
+    userId?: string
+  ) {
+    const organizations = await this.organizationService.getAll(userId);
+    const filteredPolicies = policies.filter(
+      (p) => p.type === policyType && p.enabled && policyFilter(p)
+    );
+    const policySet = new Set(filteredPolicies.map((p) => p.organizationId));
+
+    return organizations.some(
+      (o) =>
+        o.enabled &&
+        o.status >= OrganizationUserStatusType.Accepted &&
+        o.usePolicies &&
+        policySet.has(o.id) &&
+        !this.isExcemptFromPolicies(o, policyType)
+    );
+  }
 }

libs/common/src/services/validation.service.ts

@@ -0,0 +1,36 @@
+import { I18nService } from "../abstractions/i18n.service";
+import { PlatformUtilsService } from "../abstractions/platformUtils.service";
+import { ValidationService as ValidationServiceAbstraction } from "../abstractions/validation.service";
+import { ErrorResponse } from "../models/response/errorResponse";
+
+export class ValidationService implements ValidationServiceAbstraction {
+  constructor(
+    private i18nService: I18nService,
+    private platformUtilsService: PlatformUtilsService
+  ) {}
+
+  showError(data: any): string[] {
+    const defaultErrorMessage = this.i18nService.t("unexpectedError");
+    let errors: string[] = [];
+
+    if (data != null && typeof data === "string") {
+      errors.push(data);
+    } else if (data == null || typeof data !== "object") {
+      errors.push(defaultErrorMessage);
+    } else if (data.validationErrors != null) {
+      errors = errors.concat((data as ErrorResponse).getAllMessages());
+    } else {
+      errors.push(data.message ? data.message : defaultErrorMessage);
+    }
+
+    if (errors.length === 1) {
+      this.platformUtilsService.showToast("error", this.i18nService.t("errorOccurred"), errors[0]);
+    } else if (errors.length > 1) {
+      this.platformUtilsService.showToast("error", this.i18nService.t("errorOccurred"), errors, {
+        timeout: 5000 * errors.length,
+      });
+    }
+
+    return errors;
+  }
+}