Ac/pm 26364 extension UI for auto confirm (#17258)

* create nav link for auto confirm in settings page * wip * WIP * create auto confirm library * migrate auto confirm files to lib * update imports * fix tests * fix nudge * cleanup, add documentation * clean up * cleanup * fix import * fix more imports * add tests * design changes * fix tests * fix tw issue * fix typo, add tests * CR feedback * more clean up, fix race condition * CR feedback, cache policies, refactor tests * run prettier with updated version * clean up duplicate logic * clean up * fix test * add missing prop for test mock * clean up
2026-02-19 02:44:01 +00:00 · 2026-01-07 15:27:41 -05:00
parent 68d534a63e
commit 3f225119f8
55 changed files with 1393 additions and 188 deletions
--- a/apps/web/src/app/admin-console/organizations/guards/org-policy.guard.ts
+++ b/apps/web/src/app/admin-console/organizations/guards/org-policy.guard.ts
@@ -1,70 +0,0 @@
-import { inject } from "@angular/core";
-import { CanActivateFn, Router } from "@angular/router";
-import { firstValueFrom, Observable, switchMap, tap } from "rxjs";
-
-import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
-import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
-import { getUserId } from "@bitwarden/common/auth/services/account.service";
-import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
-import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
-import { SyncService } from "@bitwarden/common/platform/sync";
-import { ToastService } from "@bitwarden/components";
-import { UserId } from "@bitwarden/user-core";
-
-/**
- * This guard is intended to prevent members of an organization from accessing
- * routes based on compliance with organization
- * policies. e.g Emergency access, which is a non-organization
- * feature is restricted by the Auto Confirm policy.
- */
-export function organizationPolicyGuard(
-  featureCallback: (
-    userId: UserId,
-    configService: ConfigService,
-    policyService: PolicyService,
-  ) => Observable<boolean>,
-): CanActivateFn {
-  return async () => {
-    const router = inject(Router);
-    const toastService = inject(ToastService);
-    const i18nService = inject(I18nService);
-    const accountService = inject(AccountService);
-    const policyService = inject(PolicyService);
-    const configService = inject(ConfigService);
-    const syncService = inject(SyncService);
-
-    const synced = await firstValueFrom(
-      accountService.activeAccount$.pipe(
-        getUserId,
-        switchMap((userId) => syncService.lastSync$(userId)),
-      ),
-    );
-
-    if (synced == null) {
-      await syncService.fullSync(false);
-    }
-
-    const compliant = await firstValueFrom(
-      accountService.activeAccount$.pipe(
-        getUserId,
-        switchMap((userId) => featureCallback(userId, configService, policyService)),
-        tap((compliant) => {
-          if (typeof compliant !== "boolean") {
-            throw new Error("Feature callback must return a boolean.");
-          }
-        }),
-      ),
-    );
-
-    if (!compliant) {
-      toastService.showToast({
-        variant: "error",
-        message: i18nService.t("noPageAccess"),
-      });
-
-      return router.createUrlTree(["/"]);
-    }
-
-    return compliant;
-  };
-}
--- a/apps/web/src/app/admin-console/organizations/policies/auto-confirm-edit-policy-dialog.component.ts
+++ b/apps/web/src/app/admin-console/organizations/policies/auto-confirm-edit-policy-dialog.component.ts
@@ -22,7 +22,7 @@ import {
  tap,
 } from "rxjs";

-import { AutomaticUserConfirmationService } from "@bitwarden/admin-console/common";
+import { AutomaticUserConfirmationService } from "@bitwarden/auto-confirm";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { PolicyApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/policy/policy-api.service.abstraction";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
--- a/apps/web/src/app/admin-console/organizations/policies/policies.component.spec.ts
+++ b/apps/web/src/app/admin-console/organizations/policies/policies.component.spec.ts
@@ -188,7 +188,7 @@ describe("PoliciesComponent", () => {
  });

  describe("orgPolicies$", () => {
-    it("should fetch policies from API for current organization", async () => {
+    describe("with multiple policies", () => {
      const mockPolicyResponsesData = [
        {
          id: newGuid(),
@@ -206,39 +206,63 @@ describe("PoliciesComponent", () => {
        },
      ];

-      const listResponse = new ListResponse(
-        { Data: mockPolicyResponsesData, ContinuationToken: null },
-        PolicyResponse,
-      );
+      beforeEach(async () => {
+        const listResponse = new ListResponse(
+          { Data: mockPolicyResponsesData, ContinuationToken: null },
+          PolicyResponse,
+        );

-      mockPolicyApiService.getPolicies.mockResolvedValue(listResponse);
+        mockPolicyApiService.getPolicies.mockResolvedValue(listResponse);

-      const policies = await firstValueFrom(component["orgPolicies$"]);
-      expect(policies).toEqual(listResponse.data);
-      expect(mockPolicyApiService.getPolicies).toHaveBeenCalledWith(mockOrgId);
+        fixture = TestBed.createComponent(PoliciesComponent);
+        component = fixture.componentInstance;
+        fixture.detectChanges();
+      });
+
+      it("should fetch policies from API for current organization", async () => {
+        const policies = await firstValueFrom(component["orgPolicies$"]);
+        expect(policies.length).toBe(2);
+        expect(mockPolicyApiService.getPolicies).toHaveBeenCalledWith(mockOrgId);
+      });
    });

-    it("should return empty array when API returns no data", async () => {
-      mockPolicyApiService.getPolicies.mockResolvedValue(
-        new ListResponse({ Data: [], ContinuationToken: null }, PolicyResponse),
-      );
+    describe("with no policies", () => {
+      beforeEach(async () => {
+        mockPolicyApiService.getPolicies.mockResolvedValue(
+          new ListResponse({ Data: [], ContinuationToken: null }, PolicyResponse),
+        );

-      const policies = await firstValueFrom(component["orgPolicies$"]);
-      expect(policies).toEqual([]);
+        fixture = TestBed.createComponent(PoliciesComponent);
+        component = fixture.componentInstance;
+        fixture.detectChanges();
+      });
+
+      it("should return empty array when API returns no data", async () => {
+        const policies = await firstValueFrom(component["orgPolicies$"]);
+        expect(policies).toEqual([]);
+      });
    });

-    it("should return empty array when API returns null data", async () => {
-      mockPolicyApiService.getPolicies.mockResolvedValue(
-        new ListResponse({ Data: null, ContinuationToken: null }, PolicyResponse),
-      );
+    describe("with null data", () => {
+      beforeEach(async () => {
+        mockPolicyApiService.getPolicies.mockResolvedValue(
+          new ListResponse({ Data: null, ContinuationToken: null }, PolicyResponse),
+        );

-      const policies = await firstValueFrom(component["orgPolicies$"]);
-      expect(policies).toEqual([]);
+        fixture = TestBed.createComponent(PoliciesComponent);
+        component = fixture.componentInstance;
+        fixture.detectChanges();
+      });
+
+      it("should return empty array when API returns null data", async () => {
+        const policies = await firstValueFrom(component["orgPolicies$"]);
+        expect(policies).toEqual([]);
+      });
    });
  });

  describe("policiesEnabledMap$", () => {
-    it("should create a map of policy types to their enabled status", async () => {
+    describe("with multiple policies", () => {
      const mockPolicyResponsesData = [
        {
          id: "policy-1",
@@ -263,27 +287,43 @@ describe("PoliciesComponent", () => {
        },
      ];

-      mockPolicyApiService.getPolicies.mockResolvedValue(
-        new ListResponse(
-          { Data: mockPolicyResponsesData, ContinuationToken: null },
-          PolicyResponse,
-        ),
-      );
+      beforeEach(async () => {
+        mockPolicyApiService.getPolicies.mockResolvedValue(
+          new ListResponse(
+            { Data: mockPolicyResponsesData, ContinuationToken: null },
+            PolicyResponse,
+          ),
+        );

-      const map = await firstValueFrom(component.policiesEnabledMap$);
-      expect(map.size).toBe(3);
-      expect(map.get(PolicyType.TwoFactorAuthentication)).toBe(true);
-      expect(map.get(PolicyType.RequireSso)).toBe(false);
-      expect(map.get(PolicyType.SingleOrg)).toBe(true);
+        fixture = TestBed.createComponent(PoliciesComponent);
+        component = fixture.componentInstance;
+        fixture.detectChanges();
+      });
+
+      it("should create a map of policy types to their enabled status", async () => {
+        const map = await firstValueFrom(component.policiesEnabledMap$);
+        expect(map.size).toBe(3);
+        expect(map.get(PolicyType.TwoFactorAuthentication)).toBe(true);
+        expect(map.get(PolicyType.RequireSso)).toBe(false);
+        expect(map.get(PolicyType.SingleOrg)).toBe(true);
+      });
    });

-    it("should create empty map when no policies exist", async () => {
-      mockPolicyApiService.getPolicies.mockResolvedValue(
-        new ListResponse({ Data: [], ContinuationToken: null }, PolicyResponse),
-      );
+    describe("with no policies", () => {
+      beforeEach(async () => {
+        mockPolicyApiService.getPolicies.mockResolvedValue(
+          new ListResponse({ Data: [], ContinuationToken: null }, PolicyResponse),
+        );

-      const map = await firstValueFrom(component.policiesEnabledMap$);
-      expect(map.size).toBe(0);
+        fixture = TestBed.createComponent(PoliciesComponent);
+        component = fixture.componentInstance;
+        fixture.detectChanges();
+      });
+
+      it("should create empty map when no policies exist", async () => {
+        const map = await firstValueFrom(component.policiesEnabledMap$);
+        expect(map.size).toBe(0);
+      });
    });
  });

@@ -292,31 +332,36 @@ describe("PoliciesComponent", () => {
      expect(mockPolicyService.policies$).toHaveBeenCalledWith(mockUserId);
    });

-    it("should refresh policies when policyService emits", async () => {
-      const policiesSubject = new BehaviorSubject<any[]>([]);
-      mockPolicyService.policies$.mockReturnValue(policiesSubject.asObservable());
+    describe("when policyService emits", () => {
+      let policiesSubject: BehaviorSubject<any[]>;
+      let callCount: number;

-      let callCount = 0;
-      mockPolicyApiService.getPolicies.mockImplementation(() => {
-        callCount++;
-        return of(new ListResponse({ Data: [], ContinuationToken: null }, PolicyResponse));
+      beforeEach(async () => {
+        policiesSubject = new BehaviorSubject<any[]>([]);
+        mockPolicyService.policies$.mockReturnValue(policiesSubject.asObservable());
+
+        callCount = 0;
+        mockPolicyApiService.getPolicies.mockImplementation(() => {
+          callCount++;
+          return of(new ListResponse({ Data: [], ContinuationToken: null }, PolicyResponse));
+        });
+
+        fixture = TestBed.createComponent(PoliciesComponent);
+        fixture.detectChanges();
      });

-      const newFixture = TestBed.createComponent(PoliciesComponent);
-      newFixture.detectChanges();
+      it("should refresh policies when policyService emits", () => {
+        const initialCallCount = callCount;

-      const initialCallCount = callCount;
+        policiesSubject.next([{ type: PolicyType.TwoFactorAuthentication }]);

-      policiesSubject.next([{ type: PolicyType.TwoFactorAuthentication }]);
-
-      expect(callCount).toBeGreaterThan(initialCallCount);
-
-      newFixture.destroy();
+        expect(callCount).toBeGreaterThan(initialCallCount);
+      });
    });
  });

  describe("handleLaunchEvent", () => {
-    it("should open policy dialog when policyId is in query params", async () => {
+    describe("when policyId is in query params", () => {
      const mockPolicyId = newGuid();
      const mockPolicy: BasePolicyEditDefinition = {
        name: "Test Policy",
@@ -335,54 +380,59 @@ describe("PoliciesComponent", () => {
        data: null,
      };

-      queryParamsSubject.next({ policyId: mockPolicyId });
+      let dialogOpenSpy: jest.SpyInstance;

-      mockPolicyApiService.getPolicies.mockReturnValue(
-        of(
-          new ListResponse(
-            { Data: [mockPolicyResponseData], ContinuationToken: null },
-            PolicyResponse,
+      beforeEach(async () => {
+        queryParamsSubject.next({ policyId: mockPolicyId });
+
+        mockPolicyApiService.getPolicies.mockReturnValue(
+          of(
+            new ListResponse(
+              { Data: [mockPolicyResponseData], ContinuationToken: null },
+              PolicyResponse,
+            ),
          ),
-        ),
-      );
+        );

-      const dialogOpenSpy = jest
-        .spyOn(PolicyEditDialogComponent, "open")
-        .mockReturnValue({ close: jest.fn() } as any);
+        dialogOpenSpy = jest
+          .spyOn(PolicyEditDialogComponent, "open")
+          .mockReturnValue({ close: jest.fn() } as any);

-      TestBed.resetTestingModule();
-      await TestBed.configureTestingModule({
-        imports: [PoliciesComponent],
-        providers: [
-          { provide: ActivatedRoute, useValue: mockActivatedRoute },
-          { provide: OrganizationService, useValue: mockOrganizationService },
-          { provide: AccountService, useValue: mockAccountService },
-          { provide: PolicyApiServiceAbstraction, useValue: mockPolicyApiService },
-          { provide: PolicyListService, useValue: mockPolicyListService },
-          { provide: DialogService, useValue: mockDialogService },
-          { provide: PolicyService, useValue: mockPolicyService },
-          { provide: ConfigService, useValue: mockConfigService },
-          { provide: I18nService, useValue: mockI18nService },
-          { provide: PlatformUtilsService, useValue: mockPlatformUtilsService },
-          { provide: POLICY_EDIT_REGISTER, useValue: [mockPolicy] },
-        ],
-        schemas: [NO_ERRORS_SCHEMA],
-      })
-        .overrideComponent(PoliciesComponent, {
-          remove: { imports: [] },
-          add: { template: "<div></div>" },
+        TestBed.resetTestingModule();
+        await TestBed.configureTestingModule({
+          imports: [PoliciesComponent],
+          providers: [
+            { provide: ActivatedRoute, useValue: mockActivatedRoute },
+            { provide: OrganizationService, useValue: mockOrganizationService },
+            { provide: AccountService, useValue: mockAccountService },
+            { provide: PolicyApiServiceAbstraction, useValue: mockPolicyApiService },
+            { provide: PolicyListService, useValue: mockPolicyListService },
+            { provide: DialogService, useValue: mockDialogService },
+            { provide: PolicyService, useValue: mockPolicyService },
+            { provide: ConfigService, useValue: mockConfigService },
+            { provide: I18nService, useValue: mockI18nService },
+            { provide: PlatformUtilsService, useValue: mockPlatformUtilsService },
+            { provide: POLICY_EDIT_REGISTER, useValue: [mockPolicy] },
+          ],
+          schemas: [NO_ERRORS_SCHEMA],
        })
-        .compileComponents();
+          .overrideComponent(PoliciesComponent, {
+            remove: { imports: [] },
+            add: { template: "<div></div>" },
+          })
+          .compileComponents();

-      const newFixture = TestBed.createComponent(PoliciesComponent);
-      newFixture.detectChanges();
+        fixture = TestBed.createComponent(PoliciesComponent);
+        component = fixture.componentInstance;
+        fixture.detectChanges();
+      });

-      expect(dialogOpenSpy).toHaveBeenCalled();
-      const callArgs = dialogOpenSpy.mock.calls[0][1];
-      expect(callArgs.data?.policy.type).toBe(mockPolicy.type);
-      expect(callArgs.data?.organizationId).toBe(mockOrgId);
-
-      newFixture.destroy();
+      it("should open policy dialog when policyId is in query params", () => {
+        expect(dialogOpenSpy).toHaveBeenCalled();
+        const callArgs = dialogOpenSpy.mock.calls[0][1];
+        expect(callArgs.data?.policy.type).toBe(mockPolicy.type);
+        expect(callArgs.data?.organizationId).toBe(mockOrgId);
+      });
    });

    it("should not open dialog when policyId is not in query params", async () => {
--- a/apps/web/src/app/admin-console/organizations/policies/policies.component.ts
+++ b/apps/web/src/app/admin-console/organizations/policies/policies.component.ts
@@ -1,7 +1,7 @@
 import { ChangeDetectionStrategy, Component, DestroyRef } from "@angular/core";
 import { takeUntilDestroyed } from "@angular/core/rxjs-interop";
 import { ActivatedRoute } from "@angular/router";
-import { combineLatest, Observable, of, switchMap, first, map } from "rxjs";
+import { combineLatest, Observable, of, switchMap, first, map, shareReplay } from "rxjs";

 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { PolicyApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/policy/policy-api.service.abstraction";
@@ -70,6 +70,7 @@ export class PoliciesComponent {
    switchMap(() => this.organizationId$),
    switchMap((organizationId) => this.policyApiService.getPolicies(organizationId)),
    map((response) => (response.data != null && response.data.length > 0 ? response.data : [])),
+    shareReplay({ bufferSize: 1, refCount: true }),
  );

  protected policiesEnabledMap$: Observable<Map<PolicyType, boolean>> = this.orgPolicies$.pipe(
--- a/apps/web/src/app/core/core.module.ts
+++ b/apps/web/src/app/core/core.module.ts
@@ -9,8 +9,6 @@ import {
  DefaultCollectionAdminService,
  OrganizationUserApiService,
  CollectionService,
-  AutomaticUserConfirmationService,
-  DefaultAutomaticUserConfirmationService,
  OrganizationUserService,
  DefaultOrganizationUserService,
 } from "@bitwarden/admin-console/common";
@@ -46,6 +44,10 @@ import {
  InternalUserDecryptionOptionsServiceAbstraction,
  LoginEmailService,
 } from "@bitwarden/auth/common";
+import {
+  AutomaticUserConfirmationService,
+  DefaultAutomaticUserConfirmationService,
+} from "@bitwarden/auto-confirm";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
 import {
@@ -376,6 +378,7 @@ const safeProviders: SafeProvider[] = [
      StateProvider,
      InternalOrganizationServiceAbstraction,
      OrganizationUserApiService,
+      PolicyService,
    ],
  }),
  safeProvider({
--- a/apps/web/src/app/layouts/user-layout.component.ts
+++ b/apps/web/src/app/layouts/user-layout.component.ts
@@ -4,12 +4,12 @@ import { CommonModule } from "@angular/common";
 import { Component, OnInit, Signal } from "@angular/core";
 import { toSignal } from "@angular/core/rxjs-interop";
 import { RouterModule } from "@angular/router";
-import { combineLatest, map, Observable, switchMap } from "rxjs";
+import { Observable, switchMap } from "rxjs";

 import { JslibModule } from "@bitwarden/angular/jslib.module";
 import { PasswordManagerLogo } from "@bitwarden/assets/svg";
+import { canAccessEmergencyAccess } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
-import { PolicyType } from "@bitwarden/common/admin-console/enums";
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { getUserId } from "@bitwarden/common/auth/services/account.service";
 import { BillingAccountProfileStateService } from "@bitwarden/common/billing/abstractions/account/billing-account-profile-state.service";
@@ -58,21 +58,11 @@ export class UserLayoutComponent implements OnInit {
    );

    this.showEmergencyAccess = toSignal(
-      combineLatest([
-        this.configService.getFeatureFlag$(FeatureFlag.AutoConfirm),
-        this.accountService.activeAccount$.pipe(
-          getUserId,
-          switchMap((userId) =>
-            this.policyService.policyAppliesToUser$(PolicyType.AutoConfirm, userId),
-          ),
+      this.accountService.activeAccount$.pipe(
+        getUserId,
+        switchMap((userId) =>
+          canAccessEmergencyAccess(userId, this.configService, this.policyService),
        ),
-      ]).pipe(
-        map(([enabled, policyAppliesToUser]) => {
-          if (!enabled || !policyAppliesToUser) {
-            return true;
-          }
-          return false;
-        }),
      ),
    );

--- a/apps/web/src/app/oss-routing.module.ts
+++ b/apps/web/src/app/oss-routing.module.ts
@@ -1,6 +1,7 @@
 import { NgModule } from "@angular/core";
 import { Route, RouterModule, Routes } from "@angular/router";

+import { organizationPolicyGuard } from "@bitwarden/angular/admin-console/guards";
 import { AuthenticationTimeoutComponent } from "@bitwarden/angular/auth/components/authentication-timeout.component";
 import { AuthRoute } from "@bitwarden/angular/auth/constants";
 import {
@@ -56,7 +57,6 @@ import { premiumInterestRedirectGuard } from "@bitwarden/web-vault/app/vault/gua

 import { flagEnabled, Flags } from "../utils/flags";

-import { organizationPolicyGuard } from "./admin-console/organizations/guards/org-policy.guard";
 import { VerifyRecoverDeleteOrgComponent } from "./admin-console/organizations/manage/verify-recover-delete-org.component";
 import { AcceptFamilySponsorshipComponent } from "./admin-console/organizations/sponsorships/accept-family-sponsorship.component";
 import { FamiliesForEnterpriseSetupComponent } from "./admin-console/organizations/sponsorships/families-for-enterprise-setup.component";
--- a/apps/web/src/app/vault/individual-vault/vault.component.ts
+++ b/apps/web/src/app/vault/individual-vault/vault.component.ts
@@ -26,7 +26,6 @@ import {
 } from "rxjs/operators";

 import {
-  AutomaticUserConfirmationService,
  CollectionData,
  CollectionDetailsResponse,
  CollectionService,
@@ -42,6 +41,7 @@ import {
  ItemTypes,
  Icon,
 } from "@bitwarden/assets/svg";
+import { AutomaticUserConfirmationService } from "@bitwarden/auto-confirm";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { EventCollectionService } from "@bitwarden/common/abstractions/event/event-collection.service";
 import {