[AC-1011] Admin Console / Billing code ownership (#4973)

* refactor: move SCIM component to admin-console, refs EC-1011 * refactor: move scimProviderType to admin-console, refs EC-1011 * refactor: move scim-config.api to admin-console, refs EC-1011 * refactor: create models folder and nest existing api contents, refs EC-1011 * refactor: move scim-config to admin-console models, refs EC-1011 * refactor: move billing.component to billing, refs EC-1011 * refactor: remove nested app folder from new billing structure, refs EC-1011 * refactor: move organizations/billing to billing, refs EC-1011 * refactor: move add-credit and adjust-payment to billing/settings, refs EC-1011 * refactor: billing history/sync to billing, refs EC-1011 * refactor: move org plans, payment/method to billing/settings, refs EC-1011 * fix: update legacy file paths for payment-method and tax-info, refs EC-1011 * fix: update imports for scim component, refs EC-1011 * refactor: move subscription and tax-info into billing, refs EC-1011 * refactor: move user-subscription to billing, refs EC-1011 * refactor: move images/cards to billing and update base path, refs EC-1011 * refactor: move payment-method, plan subscription, and plan to billing, refs EC-1011 * refactor: move transaction-type to billing, refs EC-1011 * refactor: move billing-sync-config to billing, refs EC-1011 * refactor: move billing-sync and bit-pay-invoice request to billing, refs EC-1011 * refactor: move org subscription and tax info update requests to billing, refs EC-1011 * fix: broken paths to billing, refs EC-1011 * refactor: move payment request to billing, refs EC-1011 * fix: update remaining imports for payment-request, refs EC-1011 * refactor: move tax-info-update to billing, refs EC-1011 * refactor: move billing-payment, billing-history, and billing responses to billing, refs EC-1011 * refactor: move organization-subscription-responset to billing, refs EC-1011 * refactor: move payment and plan responses to billing, refs EC-1011 * refactor: move subscription response to billing ,refs EC-1011 * refactor: move tax info and rate responses to billing, refs EC-1011 * fix: update remaining path to base response for tax-rate response, refs EC-1011 * refactor: (browser) move organization-service to admin-console, refs EC-1011 * refactor: (browser) move organizaiton-service to admin-console, refs EC-1011 * refactor: (cli) move share command to admin-console, refs EC-1011 * refactor: move organization-collect request model to admin-console, refs EC-1011 * refactor: (web) move organization, collection/user responses to admin-console, refs EC-1011 * refactor: (cli) move selection-read-only to admin-console, refs EC-1011 * refactor: (desktop) move organization-filter to admin-console, refs EC-1011 * refactor: (web) move organization-switcher to admin-console, refs EC-1011 * refactor: (web) move access-selector to admin-console, refs EC-1011 * refactor: (web) move create folder to admin-console, refs EC-1011 * refactor: (web) move org guards folder to admin-console, refs EC-1011 * refactor: (web) move org layout to admin-console, refs EC-1011 * refactor: move manage collections to admin console, refs EC-1011 * refactor: (web) move collection-dialog to admin-console, refs EC-1011 * refactor: (web) move entity users/events and events component to admin-console, refs EC-1011 * refactor: (web) move groups/group-add-edit to admin-console, refs EC-1011 * refactor: (web) move manage, org-manage module, and user-confirm to admin-console, refs EC-1011 * refactor: (web) move people to admin-console, refs EC-1011 * refactor: (web) move reset-password to admin-console, refs EC-1011 * refactor: (web) move organization-routing and module to admin-console, refs EC-1011 * refactor: move admin-console and billing within app scope, refs EC-1011 * fix: update leftover merge conflicts, refs EC-1011 * refactor: (web) member-dialog to admin-console, refs EC-1011 * refactor: (web) move policies to admin-console, refs EC-1011 * refactor: (web) move reporting to admin-console, refs EC-1011 * refactor: (web) move settings to admin-console, refs EC-1011 * refactor: (web) move sponsorships to admin-console, refs EC-1011 * refactor: (web) move tools to admin-console, refs EC-1011 * refactor: (web) move users to admin-console, refs EC-1011 * refactor: (web) move collections to admin-console, refs EC-1011 * refactor: (web) move create-organization to admin-console, refs EC-1011 * refactor: (web) move licensed components to admin-console, refs EC-1011 * refactor: (web) move bit organization modules to admin-console, refs EC-1011 * fix: update leftover import statements for organizations.module, refs EC-1011 * refactor: (web) move personal vault and max timeout to admin-console, refs EC-1011 * refactor: (web) move providers to admin-console, refs EC-1011 * refactor: (libs) move organization service to admin-console, refs EC-1011 * refactor: (libs) move profile org/provider responses and other misc org responses to admin-console, refs EC-1011 * refactor: (libs) move provider request and selectionion-read-only request to admin-console, refs EC-1011 * fix: update missed import path for provider-user-update request, refs EC-1011 * refactor: (libs) move abstractions to admin-console, refs EC-1011 * refactor: (libs) move org/provider enums to admin-console, refs EC-1011 * fix: update downstream import statements from libs changes, refs EC-1011 * refactor: (libs) move data files to admin-console, refs EC-1011 * refactor: (libs) move domain to admin-console, refs EC-1011 * refactor: (libs) move request objects to admin-console, refs EC-1011 * fix: update downstream import changes from libs, refs EC-1011 * refactor: move leftover provider files to admin-console, refs EC-1011 * refactor: (browser) move group policy environment to admin-console, refs EC-1011 * fix: (browser) update downstream import statements, refs EC-1011 * fix: (desktop) update downstream libs moves, refs EC-1011 * fix: (cli) update downstream import changes from libs, refs EC-1011 * refactor: move org-auth related files to admin-console, refs EC-1011 * refactor: (libs) move request objects to admin-console, refs EC-1011 * refactor: move persmissions to admin-console, refs EC-1011 * refactor: move sponsored families to admin-console and fix libs changes, refs EC-1011 * refactor: move collections to admin-console, refs EC-1011 * refactor: move spec file back to spec scope, refs EC-1011 * fix: update downstream imports due to libs changes, refs EC-1011 * fix: udpate downstream import changes due to libs, refs EC-1011 * fix: update downstream imports due to libs changes, refs EC-1011 * fix: update downstream imports from libs changes, refs EC-1011 * fix: update path malformation in jslib-services.module, refs EC-1011 * fix: lint errors from improper casing, refs AC-1011 * fix: update downstream filename changes, refs AC-1011 * fix: (cli) update downstream filename changes, refs AC-1011 * fix: (desktop) update downstream filename changes, refs AC-1011 * fix: (browser) update downstream filename changes, refs AC-1011 * fix: lint errors, refs AC-1011 * fix: prettier, refs AC-1011 * fix: lint fixes for import order, refs AC-1011 * fix: update import path for provider user type, refs AC-1011 * fix: update new codes import paths for admin console structure, refs AC-1011 * fix: lint/prettier, refs AC-1011 * fix: update layout stories path, refs AC-1011 * fix: update comoponents card icons base variable in styles, refs AC-1011 * fix: update provider service path in permissions guard spec, refs AC-1011 * fix: update provider permission guard path, refs AC-1011 * fix: remove unecessary TODO for shared index export statement, refs AC-1011 * refactor: move browser-organization service and cli organization-user response out of admin-console, refs AC-1011 * refactor: move web/browser/desktop collections component to vault domain, refs AC-1011 * refactor: move organization.module out of admin-console scope, refs AC-1011 * fix: prettier, refs AC-1011 * refactor: move organizations-api-key.request out of admin-console scope, refs AC-1011
2026-01-08 11:33:28 +00:00 · 2023-03-22 10:03:50 -05:00
parent a7fea2ff3a
commit 780a563ce0
557 changed files with 1260 additions and 1246 deletions
--- a/apps/web/src/app/admin-console/organizations/tools/exposed-passwords-report.component.ts
+++ b/apps/web/src/app/admin-console/organizations/tools/exposed-passwords-report.component.ts
@@ -0,0 +1,52 @@
+import { Component } from "@angular/core";
+import { ActivatedRoute } from "@angular/router";
+
+import { ModalService } from "@bitwarden/angular/services/modal.service";
+import { AuditService } from "@bitwarden/common/abstractions/audit.service";
+import { MessagingService } from "@bitwarden/common/abstractions/messaging.service";
+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
+import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
+import { PasswordRepromptService } from "@bitwarden/common/vault/abstractions/password-reprompt.service";
+import { Cipher } from "@bitwarden/common/vault/models/domain/cipher";
+import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
+
+// eslint-disable-next-line no-restricted-imports
+import { ExposedPasswordsReportComponent as BaseExposedPasswordsReportComponent } from "../../../reports/pages/exposed-passwords-report.component";
+
+@Component({
+  selector: "app-org-exposed-passwords-report",
+  templateUrl: "../../../reports/pages/exposed-passwords-report.component.html",
+})
+// eslint-disable-next-line rxjs-angular/prefer-takeuntil
+export class ExposedPasswordsReportComponent extends BaseExposedPasswordsReportComponent {
+  manageableCiphers: Cipher[];
+
+  constructor(
+    cipherService: CipherService,
+    auditService: AuditService,
+    modalService: ModalService,
+    messagingService: MessagingService,
+    private organizationService: OrganizationService,
+    private route: ActivatedRoute,
+    passwordRepromptService: PasswordRepromptService
+  ) {
+    super(cipherService, auditService, modalService, messagingService, passwordRepromptService);
+  }
+
+  ngOnInit() {
+    // eslint-disable-next-line rxjs-angular/prefer-takeuntil, rxjs/no-async-subscribe
+    this.route.parent.parent.params.subscribe(async (params) => {
+      this.organization = await this.organizationService.get(params.organizationId);
+      this.manageableCiphers = await this.cipherService.getAll();
+      await this.checkAccess();
+    });
+  }
+
+  getAllCiphers(): Promise<CipherView[]> {
+    return this.cipherService.getAllFromApiForOrganization(this.organization.id);
+  }
+
+  canManageCipher(c: CipherView): boolean {
+    return this.manageableCiphers.some((x) => x.id === c.id);
+  }
+}
--- a/apps/web/src/app/admin-console/organizations/tools/import-export/org-export.component.ts
+++ b/apps/web/src/app/admin-console/organizations/tools/import-export/org-export.component.ts
@@ -0,0 +1,86 @@
+import { Component } from "@angular/core";
+import { UntypedFormBuilder } from "@angular/forms";
+import { ActivatedRoute } from "@angular/router";
+
+import { ModalService } from "@bitwarden/angular/services/modal.service";
+import { CryptoService } from "@bitwarden/common/abstractions/crypto.service";
+import { EventCollectionService } from "@bitwarden/common/abstractions/event/event-collection.service";
+import { ExportService } from "@bitwarden/common/abstractions/export.service";
+import { FileDownloadService } from "@bitwarden/common/abstractions/fileDownload/fileDownload.service";
+import { I18nService } from "@bitwarden/common/abstractions/i18n.service";
+import { LogService } from "@bitwarden/common/abstractions/log.service";
+import { PlatformUtilsService } from "@bitwarden/common/abstractions/platformUtils.service";
+import { UserVerificationService } from "@bitwarden/common/abstractions/userVerification/userVerification.service.abstraction";
+import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
+import { EventType } from "@bitwarden/common/enums/eventType";
+
+import { ExportComponent } from "../../../../tools/import-export/export.component";
+
+@Component({
+  selector: "app-org-export",
+  templateUrl: "../../../../tools/import-export/export.component.html",
+})
+// eslint-disable-next-line rxjs-angular/prefer-takeuntil
+export class OrganizationExportComponent extends ExportComponent {
+  constructor(
+    cryptoService: CryptoService,
+    i18nService: I18nService,
+    platformUtilsService: PlatformUtilsService,
+    exportService: ExportService,
+    eventCollectionService: EventCollectionService,
+    private route: ActivatedRoute,
+    policyService: PolicyService,
+    logService: LogService,
+    userVerificationService: UserVerificationService,
+    formBuilder: UntypedFormBuilder,
+    fileDownloadService: FileDownloadService,
+    modalService: ModalService
+  ) {
+    super(
+      cryptoService,
+      i18nService,
+      platformUtilsService,
+      exportService,
+      eventCollectionService,
+      policyService,
+      logService,
+      userVerificationService,
+      formBuilder,
+      fileDownloadService,
+      modalService
+    );
+  }
+
+  async ngOnInit() {
+    // eslint-disable-next-line rxjs-angular/prefer-takeuntil, rxjs/no-async-subscribe
+    this.route.parent.parent.params.subscribe(async (params) => {
+      this.organizationId = params.organizationId;
+    });
+    await super.ngOnInit();
+  }
+
+  async checkExportDisabled() {
+    return;
+  }
+
+  getExportData() {
+    if (this.isFileEncryptedExport) {
+      return this.exportService.getPasswordProtectedExport(this.filePassword, this.organizationId);
+    } else {
+      return this.exportService.getOrganizationExport(this.organizationId, this.format);
+    }
+  }
+
+  getFileName() {
+    return super.getFileName("org");
+  }
+
+  async collectEvent(): Promise<void> {
+    await this.eventCollectionService.collect(
+      EventType.Organization_ClientExportedVault,
+      null,
+      null,
+      this.organizationId
+    );
+  }
+}
--- a/apps/web/src/app/admin-console/organizations/tools/import-export/org-import-export-routing.module.ts
+++ b/apps/web/src/app/admin-console/organizations/tools/import-export/org-import-export-routing.module.ts
@@ -0,0 +1,35 @@
+import { NgModule } from "@angular/core";
+import { RouterModule, Routes } from "@angular/router";
+
+import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
+
+import { OrganizationPermissionsGuard } from "../../../../admin-console/organizations/guards/org-permissions.guard";
+
+import { OrganizationExportComponent } from "./org-export.component";
+import { OrganizationImportComponent } from "./org-import.component";
+
+const routes: Routes = [
+  {
+    path: "import",
+    component: OrganizationImportComponent,
+    canActivate: [OrganizationPermissionsGuard],
+    data: {
+      titleId: "importData",
+      organizationPermissions: (org: Organization) => org.canAccessImportExport,
+    },
+  },
+  {
+    path: "export",
+    component: OrganizationExportComponent,
+    canActivate: [OrganizationPermissionsGuard],
+    data: {
+      titleId: "exportVault",
+      organizationPermissions: (org: Organization) => org.canAccessImportExport,
+    },
+  },
+];
+
+@NgModule({
+  imports: [RouterModule.forChild(routes)],
+})
+export class OrganizationImportExportRoutingModule {}
--- a/apps/web/src/app/admin-console/organizations/tools/import-export/org-import-export.module.ts
+++ b/apps/web/src/app/admin-console/organizations/tools/import-export/org-import-export.module.ts
@@ -0,0 +1,43 @@
+import { NgModule } from "@angular/core";
+
+import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { CryptoService } from "@bitwarden/common/abstractions/crypto.service";
+import { I18nService } from "@bitwarden/common/abstractions/i18n.service";
+import { ImportApiServiceAbstraction } from "@bitwarden/common/abstractions/import/import-api.service.abstraction";
+import { ImportService as ImportServiceAbstraction } from "@bitwarden/common/abstractions/import/import.service.abstraction";
+import { CollectionService } from "@bitwarden/common/admin-console/abstractions/collection.service";
+import { ImportApiService } from "@bitwarden/common/services/import/import-api.service";
+import { ImportService } from "@bitwarden/common/services/import/import.service";
+import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
+import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
+
+import { LooseComponentsModule, SharedModule } from "../../../../shared";
+
+import { OrganizationExportComponent } from "./org-export.component";
+import { OrganizationImportExportRoutingModule } from "./org-import-export-routing.module";
+import { OrganizationImportComponent } from "./org-import.component";
+
+@NgModule({
+  imports: [SharedModule, LooseComponentsModule, OrganizationImportExportRoutingModule],
+  declarations: [OrganizationImportComponent, OrganizationExportComponent],
+  providers: [
+    {
+      provide: ImportApiServiceAbstraction,
+      useClass: ImportApiService,
+      deps: [ApiService],
+    },
+    {
+      provide: ImportServiceAbstraction,
+      useClass: ImportService,
+      deps: [
+        CipherService,
+        FolderService,
+        ImportApiServiceAbstraction,
+        I18nService,
+        CollectionService,
+        CryptoService,
+      ],
+    },
+  ],
+})
+export class OrganizationImportExportModule {}
--- a/apps/web/src/app/admin-console/organizations/tools/import-export/org-import.component.ts
+++ b/apps/web/src/app/admin-console/organizations/tools/import-export/org-import.component.ts
@@ -0,0 +1,71 @@
+import { Component } from "@angular/core";
+import { ActivatedRoute, Router } from "@angular/router";
+
+import { ModalService } from "@bitwarden/angular/services/modal.service";
+import { I18nService } from "@bitwarden/common/abstractions/i18n.service";
+import { ImportService } from "@bitwarden/common/abstractions/import/import.service.abstraction";
+import { LogService } from "@bitwarden/common/abstractions/log.service";
+import { PlatformUtilsService } from "@bitwarden/common/abstractions/platformUtils.service";
+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
+import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
+import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
+
+import { ImportComponent } from "../../../../tools/import-export/import.component";
+
+@Component({
+  selector: "app-org-import",
+  templateUrl: "../../../../tools/import-export/import.component.html",
+})
+// eslint-disable-next-line rxjs-angular/prefer-takeuntil
+export class OrganizationImportComponent extends ImportComponent {
+  organizationName: string;
+
+  constructor(
+    i18nService: I18nService,
+    importService: ImportService,
+    router: Router,
+    private route: ActivatedRoute,
+    platformUtilsService: PlatformUtilsService,
+    policyService: PolicyService,
+    private organizationService: OrganizationService,
+    logService: LogService,
+    modalService: ModalService,
+    syncService: SyncService
+  ) {
+    super(
+      i18nService,
+      importService,
+      router,
+      platformUtilsService,
+      policyService,
+      logService,
+      modalService,
+      syncService
+    );
+  }
+
+  async ngOnInit() {
+    // eslint-disable-next-line rxjs-angular/prefer-takeuntil, rxjs/no-async-subscribe
+    this.route.parent.parent.params.subscribe(async (params) => {
+      this.organizationId = params.organizationId;
+      this.successNavigate = ["organizations", this.organizationId, "vault"];
+      await super.ngOnInit();
+    });
+    const organization = await this.organizationService.get(this.organizationId);
+    this.organizationName = organization.name;
+  }
+
+  async submit() {
+    const confirmed = await this.platformUtilsService.showDialog(
+      this.i18nService.t("importWarning", this.organizationName),
+      this.i18nService.t("warning"),
+      this.i18nService.t("yes"),
+      this.i18nService.t("no"),
+      "warning"
+    );
+    if (!confirmed) {
+      return;
+    }
+    super.submit();
+  }
+}
--- a/apps/web/src/app/admin-console/organizations/tools/inactive-two-factor-report.component.ts
+++ b/apps/web/src/app/admin-console/organizations/tools/inactive-two-factor-report.component.ts
@@ -0,0 +1,44 @@
+import { Component } from "@angular/core";
+import { ActivatedRoute } from "@angular/router";
+
+import { ModalService } from "@bitwarden/angular/services/modal.service";
+import { LogService } from "@bitwarden/common/abstractions/log.service";
+import { MessagingService } from "@bitwarden/common/abstractions/messaging.service";
+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
+import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
+import { PasswordRepromptService } from "@bitwarden/common/vault/abstractions/password-reprompt.service";
+import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
+
+// eslint-disable-next-line no-restricted-imports
+import { InactiveTwoFactorReportComponent as BaseInactiveTwoFactorReportComponent } from "../../../reports/pages/inactive-two-factor-report.component";
+
+@Component({
+  selector: "app-inactive-two-factor-report",
+  templateUrl: "../../../reports/pages/inactive-two-factor-report.component.html",
+})
+// eslint-disable-next-line rxjs-angular/prefer-takeuntil
+export class InactiveTwoFactorReportComponent extends BaseInactiveTwoFactorReportComponent {
+  constructor(
+    cipherService: CipherService,
+    modalService: ModalService,
+    messagingService: MessagingService,
+    private route: ActivatedRoute,
+    logService: LogService,
+    passwordRepromptService: PasswordRepromptService,
+    private organizationService: OrganizationService
+  ) {
+    super(cipherService, modalService, messagingService, logService, passwordRepromptService);
+  }
+
+  async ngOnInit() {
+    // eslint-disable-next-line rxjs-angular/prefer-takeuntil, rxjs/no-async-subscribe
+    this.route.parent.parent.params.subscribe(async (params) => {
+      this.organization = await this.organizationService.get(params.organizationId);
+      await super.ngOnInit();
+    });
+  }
+
+  getAllCiphers(): Promise<CipherView[]> {
+    return this.cipherService.getAllFromApiForOrganization(this.organization.id);
+  }
+}
--- a/apps/web/src/app/admin-console/organizations/tools/reused-passwords-report.component.ts
+++ b/apps/web/src/app/admin-console/organizations/tools/reused-passwords-report.component.ts
@@ -0,0 +1,52 @@
+import { Component } from "@angular/core";
+import { ActivatedRoute } from "@angular/router";
+
+import { ModalService } from "@bitwarden/angular/services/modal.service";
+import { MessagingService } from "@bitwarden/common/abstractions/messaging.service";
+import { StateService } from "@bitwarden/common/abstractions/state.service";
+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
+import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
+import { PasswordRepromptService } from "@bitwarden/common/vault/abstractions/password-reprompt.service";
+import { Cipher } from "@bitwarden/common/vault/models/domain/cipher";
+import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
+
+// eslint-disable-next-line no-restricted-imports
+import { ReusedPasswordsReportComponent as BaseReusedPasswordsReportComponent } from "../../../reports/pages/reused-passwords-report.component";
+
+@Component({
+  selector: "app-reused-passwords-report",
+  templateUrl: "../../../reports/pages/reused-passwords-report.component.html",
+})
+// eslint-disable-next-line rxjs-angular/prefer-takeuntil
+export class ReusedPasswordsReportComponent extends BaseReusedPasswordsReportComponent {
+  manageableCiphers: Cipher[];
+
+  constructor(
+    cipherService: CipherService,
+    modalService: ModalService,
+    messagingService: MessagingService,
+    stateService: StateService,
+    private route: ActivatedRoute,
+    private organizationService: OrganizationService,
+    passwordRepromptService: PasswordRepromptService
+  ) {
+    super(cipherService, modalService, messagingService, stateService, passwordRepromptService);
+  }
+
+  async ngOnInit() {
+    // eslint-disable-next-line rxjs-angular/prefer-takeuntil, rxjs/no-async-subscribe
+    this.route.parent.parent.params.subscribe(async (params) => {
+      this.organization = await this.organizationService.get(params.organizationId);
+      this.manageableCiphers = await this.cipherService.getAll();
+      await super.ngOnInit();
+    });
+  }
+
+  getAllCiphers(): Promise<CipherView[]> {
+    return this.cipherService.getAllFromApiForOrganization(this.organization.id);
+  }
+
+  canManageCipher(c: CipherView): boolean {
+    return this.manageableCiphers.some((x) => x.id === c.id);
+  }
+}
--- a/apps/web/src/app/admin-console/organizations/tools/tools.component.html
+++ b/apps/web/src/app/admin-console/organizations/tools/tools.component.html
@@ -0,0 +1,79 @@
+<div class="container page-content">
+  <ng-container *ngIf="loading">
+    <i
+      class="bwi bwi-spinner bwi-spin text-muted"
+      title="{{ 'loading' | i18n }}"
+      aria-hidden="true"
+    ></i>
+    <span class="sr-only">{{ "loading" | i18n }}</span>
+  </ng-container>
+  <ng-container *ngIf="!loading">
+    <div class="row">
+      <div class="col-3">
+        <div class="card mb-4" *ngIf="organization.canAccessImportExport">
+          <div class="card-header">{{ "tools" | i18n }}</div>
+          <div class="list-group list-group-flush">
+            <a routerLink="import" class="list-group-item" routerLinkActive="active">
+              {{ "importData" | i18n }}
+            </a>
+            <a routerLink="export" class="list-group-item" routerLinkActive="active">
+              {{ "exportVault" | i18n }}
+            </a>
+          </div>
+        </div>
+        <div class="card" *ngIf="organization.canAccessReports">
+          <div class="card-header d-flex">
+            {{ "reports" | i18n }}
+            <div class="ml-auto">
+              <a
+                href="#"
+                appStopClick
+                bitBadge
+                *ngIf="!accessReports"
+                (click)="upgradeOrganization()"
+              >
+                {{ "upgrade" | i18n }}
+              </a>
+            </div>
+          </div>
+          <div class="list-group list-group-flush">
+            <a
+              routerLink="exposed-passwords-report"
+              class="list-group-item"
+              routerLinkActive="active"
+            >
+              {{ "exposedPasswordsReport" | i18n }}
+            </a>
+            <a
+              routerLink="reused-passwords-report"
+              class="list-group-item"
+              routerLinkActive="active"
+            >
+              {{ "reusedPasswordsReport" | i18n }}
+            </a>
+            <a routerLink="weak-passwords-report" class="list-group-item" routerLinkActive="active">
+              {{ "weakPasswordsReport" | i18n }}
+            </a>
+            <a
+              routerLink="unsecured-websites-report"
+              class="list-group-item"
+              routerLinkActive="active"
+            >
+              {{ "unsecuredWebsitesReport" | i18n }}
+            </a>
+            <a
+              routerLink="inactive-two-factor-report"
+              class="list-group-item"
+              routerLinkActive="active"
+            >
+              {{ "inactive2faReport" | i18n }}
+            </a>
+          </div>
+        </div>
+      </div>
+      <div class="col-9">
+        <router-outlet></router-outlet>
+      </div>
+    </div>
+  </ng-container>
+</div>
--- a/apps/web/src/app/admin-console/organizations/tools/tools.component.ts
+++ b/apps/web/src/app/admin-console/organizations/tools/tools.component.ts
@@ -0,0 +1,38 @@
+import { Component } from "@angular/core";
+import { ActivatedRoute } from "@angular/router";
+
+import { MessagingService } from "@bitwarden/common/abstractions/messaging.service";
+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
+import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
+
+@Component({
+  selector: "app-org-tools",
+  templateUrl: "tools.component.html",
+})
+// eslint-disable-next-line rxjs-angular/prefer-takeuntil
+export class ToolsComponent {
+  organization: Organization;
+  accessReports = false;
+  loading = true;
+
+  constructor(
+    private route: ActivatedRoute,
+    private organizationService: OrganizationService,
+    private messagingService: MessagingService
+  ) {}
+
+  ngOnInit() {
+    // eslint-disable-next-line rxjs-angular/prefer-takeuntil, rxjs/no-async-subscribe
+    this.route.parent.params.subscribe(async (params) => {
+      this.organization = await this.organizationService.get(params.organizationId);
+      // TODO: Maybe we want to just make sure they are not on a free plan? Just compare useTotp for now
+      // since all paid plans include useTotp
+      this.accessReports = this.organization.useTotp;
+      this.loading = false;
+    });
+  }
+
+  upgradeOrganization() {
+    this.messagingService.send("upgradeOrganization", { organizationId: this.organization.id });
+  }
+}
--- a/apps/web/src/app/admin-console/organizations/tools/unsecured-websites-report.component.ts
+++ b/apps/web/src/app/admin-console/organizations/tools/unsecured-websites-report.component.ts
@@ -0,0 +1,42 @@
+import { Component } from "@angular/core";
+import { ActivatedRoute } from "@angular/router";
+
+import { ModalService } from "@bitwarden/angular/services/modal.service";
+import { MessagingService } from "@bitwarden/common/abstractions/messaging.service";
+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
+import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
+import { PasswordRepromptService } from "@bitwarden/common/vault/abstractions/password-reprompt.service";
+import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
+
+// eslint-disable-next-line no-restricted-imports
+import { UnsecuredWebsitesReportComponent as BaseUnsecuredWebsitesReportComponent } from "../../../reports/pages/unsecured-websites-report.component";
+
+@Component({
+  selector: "app-unsecured-websites-report",
+  templateUrl: "../../../reports/pages/unsecured-websites-report.component.html",
+})
+// eslint-disable-next-line rxjs-angular/prefer-takeuntil
+export class UnsecuredWebsitesReportComponent extends BaseUnsecuredWebsitesReportComponent {
+  constructor(
+    cipherService: CipherService,
+    modalService: ModalService,
+    messagingService: MessagingService,
+    private route: ActivatedRoute,
+    private organizationService: OrganizationService,
+    passwordRepromptService: PasswordRepromptService
+  ) {
+    super(cipherService, modalService, messagingService, passwordRepromptService);
+  }
+
+  async ngOnInit() {
+    // eslint-disable-next-line rxjs-angular/prefer-takeuntil, rxjs/no-async-subscribe
+    this.route.parent.parent.params.subscribe(async (params) => {
+      this.organization = await this.organizationService.get(params.organizationId);
+      await super.ngOnInit();
+    });
+  }
+
+  getAllCiphers(): Promise<CipherView[]> {
+    return this.cipherService.getAllFromApiForOrganization(this.organization.id);
+  }
+}
--- a/apps/web/src/app/admin-console/organizations/tools/weak-passwords-report.component.ts
+++ b/apps/web/src/app/admin-console/organizations/tools/weak-passwords-report.component.ts
@@ -0,0 +1,58 @@
+import { Component } from "@angular/core";
+import { ActivatedRoute } from "@angular/router";
+
+import { ModalService } from "@bitwarden/angular/services/modal.service";
+import { MessagingService } from "@bitwarden/common/abstractions/messaging.service";
+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
+import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
+import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
+import { PasswordRepromptService } from "@bitwarden/common/vault/abstractions/password-reprompt.service";
+import { Cipher } from "@bitwarden/common/vault/models/domain/cipher";
+import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
+
+// eslint-disable-next-line no-restricted-imports
+import { WeakPasswordsReportComponent as BaseWeakPasswordsReportComponent } from "../../../reports/pages/weak-passwords-report.component";
+
+@Component({
+  selector: "app-weak-passwords-report",
+  templateUrl: "../../../reports/pages/weak-passwords-report.component.html",
+})
+// eslint-disable-next-line rxjs-angular/prefer-takeuntil
+export class WeakPasswordsReportComponent extends BaseWeakPasswordsReportComponent {
+  manageableCiphers: Cipher[];
+
+  constructor(
+    cipherService: CipherService,
+    passwordGenerationService: PasswordGenerationServiceAbstraction,
+    modalService: ModalService,
+    messagingService: MessagingService,
+    private route: ActivatedRoute,
+    private organizationService: OrganizationService,
+    passwordRepromptService: PasswordRepromptService
+  ) {
+    super(
+      cipherService,
+      passwordGenerationService,
+      modalService,
+      messagingService,
+      passwordRepromptService
+    );
+  }
+
+  async ngOnInit() {
+    // eslint-disable-next-line rxjs-angular/prefer-takeuntil, rxjs/no-async-subscribe
+    this.route.parent.parent.params.subscribe(async (params) => {
+      this.organization = await this.organizationService.get(params.organizationId);
+      this.manageableCiphers = await this.cipherService.getAll();
+      await super.ngOnInit();
+    });
+  }
+
+  getAllCiphers(): Promise<CipherView[]> {
+    return this.cipherService.getAllFromApiForOrganization(this.organization.id);
+  }
+
+  canManageCipher(c: CipherView): boolean {
+    return this.manageableCiphers.some((x) => x.id === c.id);
+  }
+}