[AC-1011] Admin Console / Billing code ownership (#4973)

* refactor: move SCIM component to admin-console, refs EC-1011

* refactor: move scimProviderType to admin-console, refs EC-1011

* refactor: move scim-config.api to admin-console, refs EC-1011

* refactor: create models folder and nest existing api contents, refs EC-1011

* refactor: move scim-config to admin-console models, refs EC-1011

* refactor: move billing.component to billing, refs EC-1011

* refactor: remove nested app folder from new billing structure, refs EC-1011

* refactor: move organizations/billing to billing, refs EC-1011

* refactor: move add-credit and adjust-payment to billing/settings, refs EC-1011

* refactor: billing history/sync to billing, refs EC-1011

* refactor: move org plans, payment/method to billing/settings, refs EC-1011

* fix: update legacy file paths for payment-method and tax-info, refs EC-1011

* fix: update imports for scim component, refs EC-1011

* refactor: move subscription and tax-info into billing, refs EC-1011

* refactor: move user-subscription to billing, refs EC-1011

* refactor: move images/cards to billing and update base path, refs EC-1011

* refactor: move payment-method, plan subscription, and plan to billing, refs EC-1011

* refactor: move transaction-type to billing, refs EC-1011

* refactor: move billing-sync-config to billing, refs EC-1011

* refactor: move billing-sync and bit-pay-invoice request to billing, refs EC-1011

* refactor: move org subscription and tax info update requests to billing, refs EC-1011

* fix: broken paths to billing, refs EC-1011

* refactor: move payment request to billing, refs EC-1011

* fix: update remaining imports for payment-request, refs EC-1011

* refactor: move tax-info-update to billing, refs EC-1011

* refactor: move billing-payment, billing-history, and billing responses to billing, refs EC-1011

* refactor: move organization-subscription-responset to billing, refs EC-1011

* refactor: move payment and plan responses to billing, refs EC-1011

* refactor: move subscription response to billing ,refs EC-1011

* refactor: move tax info and rate responses to billing, refs EC-1011

* fix: update remaining path to base response for tax-rate response, refs EC-1011

* refactor: (browser) move organization-service to admin-console, refs EC-1011

* refactor: (browser) move organizaiton-service to admin-console, refs EC-1011

* refactor: (cli) move share command to admin-console, refs EC-1011

* refactor: move organization-collect request model to admin-console, refs EC-1011

* refactor: (web) move organization, collection/user responses to admin-console, refs EC-1011

* refactor: (cli) move selection-read-only to admin-console, refs EC-1011

* refactor: (desktop) move organization-filter to admin-console, refs EC-1011

* refactor: (web) move organization-switcher to admin-console, refs EC-1011

* refactor: (web) move access-selector to admin-console, refs EC-1011

* refactor: (web) move create folder to admin-console, refs EC-1011

* refactor: (web) move org guards folder to admin-console, refs EC-1011

* refactor: (web) move org layout to admin-console, refs EC-1011

* refactor: move manage collections to admin console, refs EC-1011

* refactor: (web) move collection-dialog to admin-console, refs EC-1011

* refactor: (web) move entity users/events and events component to admin-console, refs EC-1011

* refactor: (web) move groups/group-add-edit to admin-console, refs EC-1011

* refactor: (web) move manage, org-manage module, and user-confirm to admin-console, refs EC-1011

* refactor: (web) move people to admin-console, refs EC-1011

* refactor: (web) move reset-password to admin-console, refs EC-1011

* refactor: (web) move organization-routing and module to admin-console, refs EC-1011

* refactor: move admin-console and billing within app scope, refs EC-1011

* fix: update leftover merge conflicts, refs EC-1011

* refactor: (web) member-dialog to admin-console, refs EC-1011

* refactor: (web) move policies to admin-console, refs EC-1011

* refactor: (web) move reporting to admin-console, refs EC-1011

* refactor: (web) move settings to admin-console, refs EC-1011

* refactor: (web) move sponsorships to admin-console, refs EC-1011

* refactor: (web) move tools to admin-console, refs EC-1011

* refactor: (web) move users to admin-console, refs EC-1011

* refactor: (web) move collections to admin-console, refs EC-1011

* refactor: (web) move create-organization to admin-console, refs EC-1011

* refactor: (web) move licensed components to admin-console, refs EC-1011

* refactor: (web) move bit organization modules to admin-console, refs EC-1011

* fix: update leftover import statements for organizations.module, refs EC-1011

* refactor: (web) move personal vault and max timeout to admin-console, refs EC-1011

* refactor: (web) move providers to admin-console, refs EC-1011

* refactor: (libs) move organization service to admin-console, refs EC-1011

* refactor: (libs) move profile org/provider responses and other misc org responses to admin-console, refs EC-1011

* refactor: (libs) move provider request and selectionion-read-only request to admin-console, refs EC-1011

* fix: update missed import path for provider-user-update request, refs EC-1011

* refactor: (libs) move abstractions to admin-console, refs EC-1011

* refactor: (libs) move org/provider enums to admin-console, refs EC-1011

* fix: update downstream import statements from libs changes, refs EC-1011

* refactor: (libs) move data files to admin-console, refs EC-1011

* refactor: (libs) move domain to admin-console, refs EC-1011

* refactor: (libs) move request objects to admin-console, refs EC-1011

* fix: update downstream import changes from libs, refs EC-1011

* refactor: move leftover provider files to admin-console, refs EC-1011

* refactor: (browser) move group policy environment to admin-console, refs EC-1011

* fix: (browser) update downstream import statements, refs EC-1011

* fix: (desktop) update downstream libs moves, refs EC-1011

* fix: (cli) update downstream import changes from libs, refs EC-1011

* refactor: move org-auth related files to admin-console, refs EC-1011

* refactor: (libs) move request objects to admin-console, refs EC-1011

* refactor: move persmissions to admin-console, refs EC-1011

* refactor: move sponsored families to admin-console and fix libs changes, refs EC-1011

* refactor: move collections to admin-console, refs EC-1011

* refactor: move spec file back to spec scope, refs EC-1011

* fix: update downstream imports due to libs changes, refs EC-1011

* fix: udpate downstream import changes due to libs, refs EC-1011

* fix: update downstream imports due to libs changes, refs EC-1011

* fix: update downstream imports from libs changes, refs EC-1011

* fix: update path malformation in jslib-services.module, refs EC-1011

* fix: lint errors from improper casing, refs AC-1011

* fix: update downstream filename changes, refs AC-1011

* fix: (cli) update downstream filename changes, refs AC-1011

* fix: (desktop) update downstream filename changes, refs AC-1011

* fix: (browser) update downstream filename changes, refs AC-1011

* fix: lint errors, refs AC-1011

* fix: prettier, refs AC-1011

* fix: lint fixes for import order, refs AC-1011

* fix: update import path for provider user type, refs AC-1011

* fix: update new codes import paths for admin console structure, refs AC-1011

* fix: lint/prettier, refs AC-1011

* fix: update layout stories path, refs AC-1011

* fix: update comoponents card icons base variable in styles, refs AC-1011

* fix: update provider service path in permissions guard spec, refs AC-1011

* fix: update provider permission guard path, refs AC-1011

* fix: remove unecessary TODO for shared index export statement, refs AC-1011

* refactor: move browser-organization service and cli organization-user response out of admin-console, refs AC-1011

* refactor: move web/browser/desktop collections component to vault domain, refs AC-1011

* refactor: move organization.module out of admin-console scope, refs AC-1011

* fix: prettier, refs AC-1011

* refactor: move organizations-api-key.request out of admin-console scope, refs AC-1011

libs/common/src/admin-console/abstractions/collection.service.ts

@@ -0,0 +1,19 @@
+import { TreeNode } from "../../models/domain/tree-node";
+import { CollectionData } from "../models/data/collection.data";
+import { Collection } from "../models/domain/collection";
+import { CollectionView } from "../models/view/collection.view";
+
+export abstract class CollectionService {
+  clearCache: (userId?: string) => Promise<void>;
+  encrypt: (model: CollectionView) => Promise<Collection>;
+  decryptMany: (collections: Collection[]) => Promise<CollectionView[]>;
+  get: (id: string) => Promise<Collection>;
+  getAll: () => Promise<Collection[]>;
+  getAllDecrypted: () => Promise<CollectionView[]>;
+  getAllNested: (collections?: CollectionView[]) => Promise<TreeNode<CollectionView>[]>;
+  getNested: (id: string) => Promise<TreeNode<CollectionView>>;
+  upsert: (collection: CollectionData | CollectionData[]) => Promise<any>;
+  replace: (collections: { [id: string]: CollectionData }) => Promise<any>;
+  clear: (userId: string) => Promise<any>;
+  delete: (id: string | string[]) => Promise<any>;
+}

libs/common/src/admin-console/abstractions/organization/organization-api.service.abstraction.ts

@@ -0,0 +1,67 @@
+import { OrganizationSsoRequest } from "../../../auth/models/request/organization-sso.request";
+import { SecretVerificationRequest } from "../../../auth/models/request/secret-verification.request";
+import { ApiKeyResponse } from "../../../auth/models/response/api-key.response";
+import { OrganizationSsoResponse } from "../../../auth/models/response/organization-sso.response";
+import { OrganizationSubscriptionUpdateRequest } from "../../../billing/models/request/organization-subscription-update.request";
+import { OrganizationTaxInfoUpdateRequest } from "../../../billing/models/request/organization-tax-info-update.request";
+import { PaymentRequest } from "../../../billing/models/request/payment.request";
+import { BillingResponse } from "../../../billing/models/response/billing.response";
+import { OrganizationSubscriptionResponse } from "../../../billing/models/response/organization-subscription.response";
+import { PaymentResponse } from "../../../billing/models/response/payment.response";
+import { TaxInfoResponse } from "../../../billing/models/response/tax-info.response";
+import { ImportDirectoryRequest } from "../../../models/request/import-directory.request";
+import { OrganizationApiKeyRequest } from "../../../models/request/organization-api-key.request";
+import { SeatRequest } from "../../../models/request/seat.request";
+import { StorageRequest } from "../../../models/request/storage.request";
+import { VerifyBankRequest } from "../../../models/request/verify-bank.request";
+import { ListResponse } from "../../../models/response/list.response";
+import { OrganizationApiKeyType } from "../../enums/organization-api-key-type";
+import { OrganizationCreateRequest } from "../../models/request/organization-create.request";
+import { OrganizationKeysRequest } from "../../models/request/organization-keys.request";
+import { OrganizationUpdateRequest } from "../../models/request/organization-update.request";
+import { OrganizationUpgradeRequest } from "../../models/request/organization-upgrade.request";
+import { OrganizationEnrollSecretsManagerRequest } from "../../models/request/organization/organization-enroll-secrets-manager.request";
+import { OrganizationApiKeyInformationResponse } from "../../models/response/organization-api-key-information.response";
+import { OrganizationAutoEnrollStatusResponse } from "../../models/response/organization-auto-enroll-status.response";
+import { OrganizationKeysResponse } from "../../models/response/organization-keys.response";
+import { OrganizationResponse } from "../../models/response/organization.response";
+
+export class OrganizationApiServiceAbstraction {
+  get: (id: string) => Promise<OrganizationResponse>;
+  getBilling: (id: string) => Promise<BillingResponse>;
+  getSubscription: (id: string) => Promise<OrganizationSubscriptionResponse>;
+  getLicense: (id: string, installationId: string) => Promise<unknown>;
+  getAutoEnrollStatus: (identifier: string) => Promise<OrganizationAutoEnrollStatusResponse>;
+  create: (request: OrganizationCreateRequest) => Promise<OrganizationResponse>;
+  createLicense: (data: FormData) => Promise<OrganizationResponse>;
+  save: (id: string, request: OrganizationUpdateRequest) => Promise<OrganizationResponse>;
+  updatePayment: (id: string, request: PaymentRequest) => Promise<void>;
+  upgrade: (id: string, request: OrganizationUpgradeRequest) => Promise<PaymentResponse>;
+  updateSubscription: (id: string, request: OrganizationSubscriptionUpdateRequest) => Promise<void>;
+  updateSeats: (id: string, request: SeatRequest) => Promise<PaymentResponse>;
+  updateStorage: (id: string, request: StorageRequest) => Promise<PaymentResponse>;
+  verifyBank: (id: string, request: VerifyBankRequest) => Promise<void>;
+  cancel: (id: string) => Promise<void>;
+  reinstate: (id: string) => Promise<void>;
+  leave: (id: string) => Promise<void>;
+  delete: (id: string, request: SecretVerificationRequest) => Promise<void>;
+  updateLicense: (id: string, data: FormData) => Promise<void>;
+  importDirectory: (organizationId: string, request: ImportDirectoryRequest) => Promise<void>;
+  getOrCreateApiKey: (id: string, request: OrganizationApiKeyRequest) => Promise<ApiKeyResponse>;
+  getApiKeyInformation: (
+    id: string,
+    organizationApiKeyType?: OrganizationApiKeyType
+  ) => Promise<ListResponse<OrganizationApiKeyInformationResponse>>;
+  rotateApiKey: (id: string, request: OrganizationApiKeyRequest) => Promise<ApiKeyResponse>;
+  getTaxInfo: (id: string) => Promise<TaxInfoResponse>;
+  updateTaxInfo: (id: string, request: OrganizationTaxInfoUpdateRequest) => Promise<void>;
+  getKeys: (id: string) => Promise<OrganizationKeysResponse>;
+  updateKeys: (id: string, request: OrganizationKeysRequest) => Promise<OrganizationKeysResponse>;
+  getSso: (id: string) => Promise<OrganizationSsoResponse>;
+  updateSso: (id: string, request: OrganizationSsoRequest) => Promise<OrganizationSsoResponse>;
+  selfHostedSyncLicense: (id: string) => Promise<void>;
+  updateEnrollSecretsManager: (
+    id: string,
+    request: OrganizationEnrollSecretsManagerRequest
+  ) => Promise<void>;
+}

libs/common/src/admin-console/abstractions/organization/organization.service.abstraction.ts

@@ -0,0 +1,81 @@
+import { map, Observable } from "rxjs";
+
+import { I18nService } from "../../../abstractions/i18n.service";
+import { Utils } from "../../../misc/utils";
+import { OrganizationData } from "../../models/data/organization.data";
+import { Organization } from "../../models/domain/organization";
+
+export function canAccessVaultTab(org: Organization): boolean {
+  return org.canViewAssignedCollections || org.canViewAllCollections || org.canManageGroups;
+}
+
+export function canAccessSettingsTab(org: Organization): boolean {
+  return (
+    org.isOwner ||
+    org.canManagePolicies ||
+    org.canManageSso ||
+    org.canManageScim ||
+    org.canAccessImportExport
+  );
+}
+
+export function canAccessMembersTab(org: Organization): boolean {
+  return org.canManageUsers || org.canManageUsersPassword;
+}
+
+export function canAccessGroupsTab(org: Organization): boolean {
+  return org.canManageGroups;
+}
+
+export function canAccessReportingTab(org: Organization): boolean {
+  return org.canAccessReports || org.canAccessEventLogs;
+}
+
+export function canAccessBillingTab(org: Organization): boolean {
+  return org.isOwner;
+}
+
+export function canAccessOrgAdmin(org: Organization): boolean {
+  return (
+    canAccessMembersTab(org) ||
+    canAccessGroupsTab(org) ||
+    canAccessReportingTab(org) ||
+    canAccessBillingTab(org) ||
+    canAccessSettingsTab(org) ||
+    canAccessVaultTab(org)
+  );
+}
+
+export function getOrganizationById(id: string) {
+  return map<Organization[], Organization | undefined>((orgs) => orgs.find((o) => o.id === id));
+}
+
+export function canAccessAdmin(i18nService: I18nService) {
+  return map<Organization[], Organization[]>((orgs) =>
+    orgs.filter(canAccessOrgAdmin).sort(Utils.getSortFunction(i18nService, "name"))
+  );
+}
+
+export function isNotProviderUser(org: Organization): boolean {
+  return !org.isProviderUser;
+}
+
+export abstract class OrganizationService {
+  organizations$: Observable<Organization[]>;
+
+  get$: (id: string) => Observable<Organization | undefined>;
+  get: (id: string) => Organization;
+  getByIdentifier: (identifier: string) => Organization;
+  getAll: (userId?: string) => Promise<Organization[]>;
+  /**
+   * @deprecated For the CLI only
+   * @param id id of the organization
+   */
+  getFromState: (id: string) => Promise<Organization>;
+  canManageSponsorships: () => Promise<boolean>;
+  hasOrganizations: () => boolean;
+}
+
+export abstract class InternalOrganizationService extends OrganizationService {
+  replace: (organizations: { [id: string]: OrganizationData }) => Promise<void>;
+}

libs/common/src/admin-console/abstractions/policy/policy-api.service.abstraction.ts

@@ -0,0 +1,22 @@
+import { ListResponse } from "../../../models/response/list.response";
+import { PolicyType } from "../../enums/policy-type";
+import { MasterPasswordPolicyOptions } from "../../models/domain/master-password-policy-options";
+import { PolicyRequest } from "../../models/request/policy.request";
+import { PolicyResponse } from "../../models/response/policy.response";
+
+export class PolicyApiServiceAbstraction {
+  getPolicy: (organizationId: string, type: PolicyType) => Promise<PolicyResponse>;
+  getPolicies: (organizationId: string) => Promise<ListResponse<PolicyResponse>>;
+  getPoliciesByToken: (
+    organizationId: string,
+    token: string,
+    email: string,
+    organizationUserId: string
+  ) => Promise<ListResponse<PolicyResponse>>;
+  getPoliciesByInvitedUser: (
+    organizationId: string,
+    userId: string
+  ) => Promise<ListResponse<PolicyResponse>>;
+  getMasterPasswordPoliciesForInvitedUsers: (orgId: string) => Promise<MasterPasswordPolicyOptions>;
+  putPolicy: (organizationId: string, type: PolicyType, request: PolicyRequest) => Promise<any>;
+}

libs/common/src/admin-console/abstractions/policy/policy.service.abstraction.ts

@@ -0,0 +1,44 @@
+import { Observable } from "rxjs";
+
+import { ListResponse } from "../../../models/response/list.response";
+import { PolicyType } from "../../enums/policy-type";
+import { PolicyData } from "../../models/data/policy.data";
+import { MasterPasswordPolicyOptions } from "../../models/domain/master-password-policy-options";
+import { Policy } from "../../models/domain/policy";
+import { ResetPasswordPolicyOptions } from "../../models/domain/reset-password-policy-options";
+import { PolicyResponse } from "../../models/response/policy.response";
+
+export abstract class PolicyService {
+  policies$: Observable<Policy[]>;
+  masterPasswordPolicyOptions$: (policies?: Policy[]) => Observable<MasterPasswordPolicyOptions>;
+  policyAppliesToActiveUser$: (
+    policyType: PolicyType,
+    policyFilter?: (policy: Policy) => boolean
+  ) => Observable<boolean>;
+
+  /**
+   * @deprecated Do not call this, use the policies$ observable collection
+   */
+  getAll: (type?: PolicyType, userId?: string) => Promise<Policy[]>;
+  evaluateMasterPassword: (
+    passwordStrength: number,
+    newPassword: string,
+    enforcedPolicyOptions?: MasterPasswordPolicyOptions
+  ) => boolean;
+  getResetPasswordPolicyOptions: (
+    policies: Policy[],
+    orgId: string
+  ) => [ResetPasswordPolicyOptions, boolean];
+  mapPoliciesFromToken: (policiesResponse: ListResponse<PolicyResponse>) => Policy[];
+  policyAppliesToUser: (
+    policyType: PolicyType,
+    policyFilter?: (policy: Policy) => boolean,
+    userId?: string
+  ) => Promise<boolean>;
+}
+
+export abstract class InternalPolicyService extends PolicyService {
+  upsert: (policy: PolicyData) => Promise<any>;
+  replace: (policies: { [id: string]: PolicyData }) => Promise<void>;
+  clear: (userId?: string) => Promise<any>;
+}

libs/common/src/admin-console/abstractions/provider.service.ts

@@ -0,0 +1,8 @@
+import { Provider } from "../../models/domain/provider";
+import { ProviderData } from "../models/data/provider.data";
+
+export abstract class ProviderService {
+  get: (id: string) => Promise<Provider>;
+  getAll: () => Promise<Provider[]>;
+  save: (providers: { [id: string]: ProviderData }) => Promise<any>;
+}

libs/common/src/admin-console/enums/organization-api-key-type.ts

@@ -0,0 +1,5 @@
+export enum OrganizationApiKeyType {
+  Default = 0,
+  BillingSync = 1,
+  Scim = 2,
+}

libs/common/src/admin-console/enums/organization-connection-type.ts

@@ -0,0 +1,4 @@
+export enum OrganizationConnectionType {
+  CloudBillingSync = 1,
+  Scim = 2,
+}

libs/common/src/admin-console/enums/organization-user-status-type.ts

@@ -0,0 +1,6 @@
+export enum OrganizationUserStatusType {
+  Invited = 0,
+  Accepted = 1,
+  Confirmed = 2,
+  Revoked = -1,
+}

libs/common/src/admin-console/enums/organization-user-type.ts

@@ -0,0 +1,7 @@
+export enum OrganizationUserType {
+  Owner = 0,
+  Admin = 1,
+  User = 2,
+  Manager = 3,
+  Custom = 4,
+}

libs/common/src/admin-console/enums/policy-type.ts

@@ -0,0 +1,14 @@
+export enum PolicyType {
+  TwoFactorAuthentication = 0, // Requires users to have 2fa enabled
+  MasterPassword = 1, // Sets minimum requirements for master password complexity
+  PasswordGenerator = 2, // Sets minimum requirements/default type for generated passwords/passphrases
+  SingleOrg = 3, // Allows users to only be apart of one organization
+  RequireSso = 4, // Requires users to authenticate with SSO
+  PersonalOwnership = 5, // Disables personal vault ownership for adding/cloning items
+  DisableSend = 6, // Disables the ability to create and edit Bitwarden Sends
+  SendOptions = 7, // Sets restrictions or defaults for Bitwarden Sends
+  ResetPassword = 8, // Allows orgs to use reset password : also can enable auto-enrollment during invite flow
+  MaximumVaultTimeout = 9, // Sets the maximum allowed vault timeout
+  DisablePersonalVaultExport = 10, // Disable personal vault export
+  ActivateAutofill = 11, // Activates autofill with page load on the browser extension
+}

libs/common/src/admin-console/enums/provider-user-status-type.ts

@@ -0,0 +1,6 @@
+export enum ProviderUserStatusType {
+  Invited = 0,
+  Accepted = 1,
+  Confirmed = 2,
+  Revoked = -1, // Not used, compile-time support only
+}

libs/common/src/admin-console/enums/provider-user-type.ts

@@ -0,0 +1,4 @@
+export enum ProviderUserType {
+  ProviderAdmin = 0,
+  ServiceUser = 1,
+}

libs/common/src/admin-console/enums/scim-provider-type.ts

@@ -0,0 +1,9 @@
+export enum ScimProviderType {
+  Default = 0,
+  AzureAd = 1,
+  Okta = 2,
+  OneLogin = 3,
+  JumpCloud = 4,
+  GoogleWorkspace = 5,
+  Rippling = 6,
+}

libs/common/src/admin-console/models/api/permissions.api.ts

@@ -0,0 +1,43 @@
+import { BaseResponse } from "../../../models/response/base.response";
+
+export class PermissionsApi extends BaseResponse {
+  accessEventLogs: boolean;
+  accessImportExport: boolean;
+  accessReports: boolean;
+  createNewCollections: boolean;
+  editAnyCollection: boolean;
+  deleteAnyCollection: boolean;
+  editAssignedCollections: boolean;
+  deleteAssignedCollections: boolean;
+  manageCiphers: boolean;
+  manageGroups: boolean;
+  manageSso: boolean;
+  managePolicies: boolean;
+  manageUsers: boolean;
+  manageResetPassword: boolean;
+  manageScim: boolean;
+
+  constructor(data: any = null) {
+    super(data);
+    if (data == null) {
+      return this;
+    }
+    this.accessEventLogs = this.getResponseProperty("AccessEventLogs");
+    this.accessImportExport = this.getResponseProperty("AccessImportExport");
+    this.accessReports = this.getResponseProperty("AccessReports");
+
+    this.createNewCollections = this.getResponseProperty("CreateNewCollections");
+    this.editAnyCollection = this.getResponseProperty("EditAnyCollection");
+    this.deleteAnyCollection = this.getResponseProperty("DeleteAnyCollection");
+    this.editAssignedCollections = this.getResponseProperty("EditAssignedCollections");
+    this.deleteAssignedCollections = this.getResponseProperty("DeleteAssignedCollections");
+
+    this.manageCiphers = this.getResponseProperty("ManageCiphers");
+    this.manageGroups = this.getResponseProperty("ManageGroups");
+    this.manageSso = this.getResponseProperty("ManageSso");
+    this.managePolicies = this.getResponseProperty("ManagePolicies");
+    this.manageUsers = this.getResponseProperty("ManageUsers");
+    this.manageResetPassword = this.getResponseProperty("ManageResetPassword");
+    this.manageScim = this.getResponseProperty("ManageScim");
+  }
+}

libs/common/src/admin-console/models/api/scim-config.api.ts

@@ -0,0 +1,16 @@
+import { BaseResponse } from "../../../models/response/base.response";
+import { ScimProviderType } from "../../enums/scim-provider-type";
+
+export class ScimConfigApi extends BaseResponse {
+  enabled: boolean;
+  scimProvider: ScimProviderType;
+
+  constructor(data: any) {
+    super(data);
+    if (data == null) {
+      return;
+    }
+    this.enabled = this.getResponseProperty("Enabled");
+    this.scimProvider = this.getResponseProperty("ScimProvider");
+  }
+}

libs/common/src/admin-console/models/data/collection.data.ts

@@ -0,0 +1,17 @@
+import { CollectionDetailsResponse } from "../response/collection.response";
+
+export class CollectionData {
+  id: string;
+  organizationId: string;
+  name: string;
+  externalId: string;
+  readOnly: boolean;
+
+  constructor(response: CollectionDetailsResponse) {
+    this.id = response.id;
+    this.organizationId = response.organizationId;
+    this.name = response.name;
+    this.externalId = response.externalId;
+    this.readOnly = response.readOnly;
+  }
+}

libs/common/src/admin-console/models/data/encrypted-organization-key.data.ts

@@ -0,0 +1,14 @@
+export type EncryptedOrganizationKeyData =
+  | OrganizationEncryptedOrganizationKeyData
+  | ProviderEncryptedOrganizationKeyData;
+
+type OrganizationEncryptedOrganizationKeyData = {
+  type: "organization";
+  key: string;
+};
+
+type ProviderEncryptedOrganizationKeyData = {
+  type: "provider";
+  key: string;
+  providerId: string;
+};

libs/common/src/admin-console/models/data/organization.data.ts

@@ -0,0 +1,94 @@
+import { ProductType } from "../../../enums/productType";
+import { OrganizationUserStatusType } from "../../enums/organization-user-status-type";
+import { OrganizationUserType } from "../../enums/organization-user-type";
+import { PermissionsApi } from "../api/permissions.api";
+import { ProfileOrganizationResponse } from "../response/profile-organization.response";
+
+export class OrganizationData {
+  id: string;
+  name: string;
+  status: OrganizationUserStatusType;
+  type: OrganizationUserType;
+  enabled: boolean;
+  usePolicies: boolean;
+  useGroups: boolean;
+  useDirectory: boolean;
+  useEvents: boolean;
+  useTotp: boolean;
+  use2fa: boolean;
+  useApi: boolean;
+  useSso: boolean;
+  useKeyConnector: boolean;
+  useScim: boolean;
+  useCustomPermissions: boolean;
+  useResetPassword: boolean;
+  useSecretsManager: boolean;
+  useActivateAutofillPolicy: boolean;
+  selfHost: boolean;
+  usersGetPremium: boolean;
+  seats: number;
+  maxCollections: number;
+  maxStorageGb?: number;
+  ssoBound: boolean;
+  identifier: string;
+  permissions: PermissionsApi;
+  resetPasswordEnrolled: boolean;
+  userId: string;
+  hasPublicAndPrivateKeys: boolean;
+  providerId: string;
+  providerName: string;
+  isProviderUser: boolean;
+  familySponsorshipFriendlyName: string;
+  familySponsorshipAvailable: boolean;
+  planProductType: ProductType;
+  keyConnectorEnabled: boolean;
+  keyConnectorUrl: string;
+  familySponsorshipLastSyncDate?: Date;
+  familySponsorshipValidUntil?: Date;
+  familySponsorshipToDelete?: boolean;
+  accessSecretsManager: boolean;
+
+  constructor(response: ProfileOrganizationResponse) {
+    this.id = response.id;
+    this.name = response.name;
+    this.status = response.status;
+    this.type = response.type;
+    this.enabled = response.enabled;
+    this.usePolicies = response.usePolicies;
+    this.useGroups = response.useGroups;
+    this.useDirectory = response.useDirectory;
+    this.useEvents = response.useEvents;
+    this.useTotp = response.useTotp;
+    this.use2fa = response.use2fa;
+    this.useApi = response.useApi;
+    this.useSso = response.useSso;
+    this.useKeyConnector = response.useKeyConnector;
+    this.useScim = response.useScim;
+    this.useCustomPermissions = response.useCustomPermissions;
+    this.useResetPassword = response.useResetPassword;
+    this.useSecretsManager = response.useSecretsManager;
+    this.useActivateAutofillPolicy = response.useActivateAutofillPolicy;
+    this.selfHost = response.selfHost;
+    this.usersGetPremium = response.usersGetPremium;
+    this.seats = response.seats;
+    this.maxCollections = response.maxCollections;
+    this.maxStorageGb = response.maxStorageGb;
+    this.ssoBound = response.ssoBound;
+    this.identifier = response.identifier;
+    this.permissions = response.permissions;
+    this.resetPasswordEnrolled = response.resetPasswordEnrolled;
+    this.userId = response.userId;
+    this.hasPublicAndPrivateKeys = response.hasPublicAndPrivateKeys;
+    this.providerId = response.providerId;
+    this.providerName = response.providerName;
+    this.familySponsorshipFriendlyName = response.familySponsorshipFriendlyName;
+    this.familySponsorshipAvailable = response.familySponsorshipAvailable;
+    this.planProductType = response.planProductType;
+    this.keyConnectorEnabled = response.keyConnectorEnabled;
+    this.keyConnectorUrl = response.keyConnectorUrl;
+    this.familySponsorshipLastSyncDate = response.familySponsorshipLastSyncDate;
+    this.familySponsorshipValidUntil = response.familySponsorshipValidUntil;
+    this.familySponsorshipToDelete = response.familySponsorshipToDelete;
+    this.accessSecretsManager = response.accessSecretsManager;
+  }
+}

libs/common/src/admin-console/models/data/policy.data.ts

@@ -0,0 +1,18 @@
+import { PolicyType } from "../../enums/policy-type";
+import { PolicyResponse } from "../response/policy.response";
+
+export class PolicyData {
+  id: string;
+  organizationId: string;
+  type: PolicyType;
+  data: any;
+  enabled: boolean;
+
+  constructor(response: PolicyResponse) {
+    this.id = response.id;
+    this.organizationId = response.organizationId;
+    this.type = response.type;
+    this.data = response.data;
+    this.enabled = response.enabled;
+  }
+}

libs/common/src/admin-console/models/data/provider.data.ts

@@ -0,0 +1,23 @@
+import { ProviderUserStatusType } from "../../enums/provider-user-status-type";
+import { ProviderUserType } from "../../enums/provider-user-type";
+import { ProfileProviderResponse } from "../response/profile-provider.response";
+
+export class ProviderData {
+  id: string;
+  name: string;
+  status: ProviderUserStatusType;
+  type: ProviderUserType;
+  enabled: boolean;
+  userId: string;
+  useEvents: boolean;
+
+  constructor(response: ProfileProviderResponse) {
+    this.id = response.id;
+    this.name = response.name;
+    this.status = response.status;
+    this.type = response.type;
+    this.enabled = response.enabled;
+    this.userId = response.userId;
+    this.useEvents = response.useEvents;
+  }
+}

libs/common/src/admin-console/models/domain/collection.ts

@@ -0,0 +1,44 @@
+import Domain from "../../../models/domain/domain-base";
+import { EncString } from "../../../models/domain/enc-string";
+import { CollectionData } from "../data/collection.data";
+import { CollectionView } from "../view/collection.view";
+
+export class Collection extends Domain {
+  id: string;
+  organizationId: string;
+  name: EncString;
+  externalId: string;
+  readOnly: boolean;
+  hidePasswords: boolean;
+
+  constructor(obj?: CollectionData) {
+    super();
+    if (obj == null) {
+      return;
+    }
+
+    this.buildDomainModel(
+      this,
+      obj,
+      {
+        id: null,
+        organizationId: null,
+        name: null,
+        externalId: null,
+        readOnly: null,
+        hidePasswords: null,
+      },
+      ["id", "organizationId", "externalId", "readOnly", "hidePasswords"]
+    );
+  }
+
+  decrypt(): Promise<CollectionView> {
+    return this.decryptObj(
+      new CollectionView(this),
+      {
+        name: null,
+      },
+      this.organizationId
+    );
+  }
+}

libs/common/src/admin-console/models/domain/encrypted-organization-key.ts

@@ -0,0 +1,55 @@
+import { CryptoService } from "../../../abstractions/crypto.service";
+import { EncString } from "../../../models/domain/enc-string";
+import { SymmetricCryptoKey } from "../../../models/domain/symmetric-crypto-key";
+import { EncryptedOrganizationKeyData } from "../data/encrypted-organization-key.data";
+
+export abstract class BaseEncryptedOrganizationKey {
+  decrypt: (cryptoService: CryptoService) => Promise<SymmetricCryptoKey>;
+
+  static fromData(data: EncryptedOrganizationKeyData) {
+    switch (data.type) {
+      case "organization":
+        return new EncryptedOrganizationKey(data.key);
+
+      case "provider":
+        return new ProviderEncryptedOrganizationKey(data.key, data.providerId);
+
+      default:
+        return null;
+    }
+  }
+}
+
+export class EncryptedOrganizationKey implements BaseEncryptedOrganizationKey {
+  constructor(private key: string) {}
+
+  async decrypt(cryptoService: CryptoService) {
+    const decValue = await cryptoService.rsaDecrypt(this.key);
+    return new SymmetricCryptoKey(decValue);
+  }
+
+  toData(): EncryptedOrganizationKeyData {
+    return {
+      type: "organization",
+      key: this.key,
+    };
+  }
+}
+
+export class ProviderEncryptedOrganizationKey implements BaseEncryptedOrganizationKey {
+  constructor(private key: string, private providerId: string) {}
+
+  async decrypt(cryptoService: CryptoService) {
+    const providerKey = await cryptoService.getProviderKey(this.providerId);
+    const decValue = await cryptoService.decryptToBytes(new EncString(this.key), providerKey);
+    return new SymmetricCryptoKey(decValue);
+  }
+
+  toData(): EncryptedOrganizationKeyData {
+    return {
+      type: "provider",
+      key: this.key,
+      providerId: this.providerId,
+    };
+  }
+}

libs/common/src/admin-console/models/domain/master-password-policy-options.ts

@@ -0,0 +1,10 @@
+import Domain from "../../../models/domain/domain-base";
+
+export class MasterPasswordPolicyOptions extends Domain {
+  minComplexity = 0;
+  minLength = 0;
+  requireUpper = false;
+  requireLower = false;
+  requireNumbers = false;
+  requireSpecial = false;
+}

libs/common/src/admin-console/models/domain/organization.ts

@@ -0,0 +1,223 @@
+import { Jsonify } from "type-fest";
+
+import { ProductType } from "../../../enums/productType";
+import { OrganizationUserStatusType } from "../../enums/organization-user-status-type";
+import { OrganizationUserType } from "../../enums/organization-user-type";
+import { PermissionsApi } from "../api/permissions.api";
+import { OrganizationData } from "../data/organization.data";
+
+export class Organization {
+  id: string;
+  name: string;
+  status: OrganizationUserStatusType;
+  type: OrganizationUserType;
+  enabled: boolean;
+  usePolicies: boolean;
+  useGroups: boolean;
+  useDirectory: boolean;
+  useEvents: boolean;
+  useTotp: boolean;
+  use2fa: boolean;
+  useApi: boolean;
+  useSso: boolean;
+  useKeyConnector: boolean;
+  useScim: boolean;
+  useCustomPermissions: boolean;
+  useResetPassword: boolean;
+  useSecretsManager: boolean;
+  useActivateAutofillPolicy: boolean;
+  selfHost: boolean;
+  usersGetPremium: boolean;
+  seats: number;
+  maxCollections: number;
+  maxStorageGb?: number;
+  ssoBound: boolean;
+  identifier: string;
+  permissions: PermissionsApi;
+  resetPasswordEnrolled: boolean;
+  userId: string;
+  hasPublicAndPrivateKeys: boolean;
+  providerId: string;
+  providerName: string;
+  isProviderUser: boolean;
+  familySponsorshipFriendlyName: string;
+  familySponsorshipAvailable: boolean;
+  planProductType: ProductType;
+  keyConnectorEnabled: boolean;
+  keyConnectorUrl: string;
+  familySponsorshipLastSyncDate?: Date;
+  familySponsorshipValidUntil?: Date;
+  familySponsorshipToDelete?: boolean;
+  accessSecretsManager: boolean;
+
+  constructor(obj?: OrganizationData) {
+    if (obj == null) {
+      return;
+    }
+
+    this.id = obj.id;
+    this.name = obj.name;
+    this.status = obj.status;
+    this.type = obj.type;
+    this.enabled = obj.enabled;
+    this.usePolicies = obj.usePolicies;
+    this.useGroups = obj.useGroups;
+    this.useDirectory = obj.useDirectory;
+    this.useEvents = obj.useEvents;
+    this.useTotp = obj.useTotp;
+    this.use2fa = obj.use2fa;
+    this.useApi = obj.useApi;
+    this.useSso = obj.useSso;
+    this.useKeyConnector = obj.useKeyConnector;
+    this.useScim = obj.useScim;
+    this.useCustomPermissions = obj.useCustomPermissions;
+    this.useResetPassword = obj.useResetPassword;
+    this.useSecretsManager = obj.useSecretsManager;
+    this.useActivateAutofillPolicy = obj.useActivateAutofillPolicy;
+    this.selfHost = obj.selfHost;
+    this.usersGetPremium = obj.usersGetPremium;
+    this.seats = obj.seats;
+    this.maxCollections = obj.maxCollections;
+    this.maxStorageGb = obj.maxStorageGb;
+    this.ssoBound = obj.ssoBound;
+    this.identifier = obj.identifier;
+    this.permissions = obj.permissions;
+    this.resetPasswordEnrolled = obj.resetPasswordEnrolled;
+    this.userId = obj.userId;
+    this.hasPublicAndPrivateKeys = obj.hasPublicAndPrivateKeys;
+    this.providerId = obj.providerId;
+    this.providerName = obj.providerName;
+    this.isProviderUser = obj.isProviderUser;
+    this.familySponsorshipFriendlyName = obj.familySponsorshipFriendlyName;
+    this.familySponsorshipAvailable = obj.familySponsorshipAvailable;
+    this.planProductType = obj.planProductType;
+    this.keyConnectorEnabled = obj.keyConnectorEnabled;
+    this.keyConnectorUrl = obj.keyConnectorUrl;
+    this.familySponsorshipLastSyncDate = obj.familySponsorshipLastSyncDate;
+    this.familySponsorshipValidUntil = obj.familySponsorshipValidUntil;
+    this.familySponsorshipToDelete = obj.familySponsorshipToDelete;
+    this.accessSecretsManager = obj.accessSecretsManager;
+  }
+
+  get canAccess() {
+    if (this.type === OrganizationUserType.Owner) {
+      return true;
+    }
+    return this.enabled && this.status === OrganizationUserStatusType.Confirmed;
+  }
+
+  get isManager() {
+    return (
+      this.type === OrganizationUserType.Manager ||
+      this.type === OrganizationUserType.Owner ||
+      this.type === OrganizationUserType.Admin
+    );
+  }
+
+  get isAdmin() {
+    return this.type === OrganizationUserType.Owner || this.type === OrganizationUserType.Admin;
+  }
+
+  get isOwner() {
+    return this.type === OrganizationUserType.Owner || this.isProviderUser;
+  }
+
+  get canAccessEventLogs() {
+    return (this.isAdmin || this.permissions.accessEventLogs) && this.useEvents;
+  }
+
+  get canAccessImportExport() {
+    return this.isAdmin || this.permissions.accessImportExport;
+  }
+
+  get canAccessReports() {
+    return this.isAdmin || this.permissions.accessReports;
+  }
+
+  get canCreateNewCollections() {
+    return this.isManager || this.permissions.createNewCollections;
+  }
+
+  get canEditAnyCollection() {
+    return this.isAdmin || this.permissions.editAnyCollection;
+  }
+
+  get canUseAdminCollections() {
+    return this.canEditAnyCollection;
+  }
+
+  get canDeleteAnyCollection() {
+    return this.isAdmin || this.permissions.deleteAnyCollection;
+  }
+
+  get canViewAllCollections() {
+    return this.canCreateNewCollections || this.canEditAnyCollection || this.canDeleteAnyCollection;
+  }
+
+  get canEditAssignedCollections() {
+    return this.isManager || this.permissions.editAssignedCollections;
+  }
+
+  get canDeleteAssignedCollections() {
+    return this.isManager || this.permissions.deleteAssignedCollections;
+  }
+
+  get canViewAssignedCollections() {
+    return this.canDeleteAssignedCollections || this.canEditAssignedCollections;
+  }
+
+  get canManageGroups() {
+    return (this.isAdmin || this.permissions.manageGroups) && this.useGroups;
+  }
+
+  get canManageSso() {
+    return (this.isAdmin || this.permissions.manageSso) && this.useSso;
+  }
+
+  get canManageDomainVerification() {
+    return (this.isAdmin || this.permissions.manageSso) && this.useSso;
+  }
+
+  get canManageScim() {
+    return (this.isAdmin || this.permissions.manageScim) && this.useScim;
+  }
+
+  get canManagePolicies() {
+    return (this.isAdmin || this.permissions.managePolicies) && this.usePolicies;
+  }
+
+  get canManageUsers() {
+    return this.isAdmin || this.permissions.manageUsers;
+  }
+
+  get canManageUsersPassword() {
+    return this.isAdmin || this.permissions.manageResetPassword;
+  }
+
+  get isExemptFromPolicies() {
+    return this.canManagePolicies;
+  }
+
+  get canManageBilling() {
+    return this.isOwner && (this.isProviderUser || !this.hasProvider);
+  }
+
+  get hasProvider() {
+    return this.providerId != null || this.providerName != null;
+  }
+
+  get canAccessSecretsManager() {
+    return this.useSecretsManager && this.accessSecretsManager;
+  }
+
+  static fromJSON(json: Jsonify<Organization>) {
+    if (json == null) {
+      return null;
+    }
+
+    return Object.assign(new Organization(), json, {
+      familySponsorshipLastSyncDate: new Date(json.familySponsorshipLastSyncDate),
+      familySponsorshipValidUntil: new Date(json.familySponsorshipValidUntil),
+    });
+  }
+}

libs/common/src/admin-console/models/domain/password-generator-policy-options.ts

@@ -0,0 +1,31 @@
+import Domain from "../../../models/domain/domain-base";
+
+export class PasswordGeneratorPolicyOptions extends Domain {
+  defaultType = "";
+  minLength = 0;
+  useUppercase = false;
+  useLowercase = false;
+  useNumbers = false;
+  numberCount = 0;
+  useSpecial = false;
+  specialCount = 0;
+  minNumberWords = 0;
+  capitalize = false;
+  includeNumber = false;
+
+  inEffect() {
+    return (
+      this.defaultType !== "" ||
+      this.minLength > 0 ||
+      this.numberCount > 0 ||
+      this.specialCount > 0 ||
+      this.useUppercase ||
+      this.useLowercase ||
+      this.useNumbers ||
+      this.useSpecial ||
+      this.minNumberWords > 0 ||
+      this.capitalize ||
+      this.includeNumber
+    );
+  }
+}

libs/common/src/admin-console/models/domain/policy.ts

@@ -0,0 +1,24 @@
+import Domain from "../../../models/domain/domain-base";
+import { PolicyType } from "../../enums/policy-type";
+import { PolicyData } from "../data/policy.data";
+
+export class Policy extends Domain {
+  id: string;
+  organizationId: string;
+  type: PolicyType;
+  data: any;
+  enabled: boolean;
+
+  constructor(obj?: PolicyData) {
+    super();
+    if (obj == null) {
+      return;
+    }
+
+    this.id = obj.id;
+    this.organizationId = obj.organizationId;
+    this.type = obj.type;
+    this.data = obj.data;
+    this.enabled = obj.enabled;
+  }
+}

libs/common/src/admin-console/models/domain/reset-password-policy-options.ts

@@ -0,0 +1,5 @@
+import Domain from "../../../models/domain/domain-base";
+
+export class ResetPasswordPolicyOptions extends Domain {
+  autoEnrollEnabled = false;
+}

libs/common/src/admin-console/models/request/collection.request.ts

@@ -0,0 +1,18 @@
+import { Collection } from "../domain/collection";
+
+import { SelectionReadOnlyRequest } from "./selection-read-only.request";
+
+export class CollectionRequest {
+  name: string;
+  externalId: string;
+  groups: SelectionReadOnlyRequest[] = [];
+  users: SelectionReadOnlyRequest[] = [];
+
+  constructor(collection?: Collection) {
+    if (collection == null) {
+      return;
+    }
+    this.name = collection.name ? collection.name.encryptedString : null;
+    this.externalId = collection.externalId;
+  }
+}

libs/common/src/admin-console/models/request/organization-connection.request.ts

@@ -0,0 +1,16 @@
+import { BillingSyncConfigRequest } from "../../../billing/models/request/billing-sync-config.request";
+import { OrganizationConnectionType } from "../../enums/organization-connection-type";
+
+import { ScimConfigRequest } from "./scim-config.request";
+
+/**API request config types for OrganizationConnectionRequest */
+export type OrganizationConnectionRequestConfigs = BillingSyncConfigRequest | ScimConfigRequest;
+
+export class OrganizationConnectionRequest {
+  constructor(
+    public organizationId: string,
+    public type: OrganizationConnectionType,
+    public enabled: boolean,
+    public config: OrganizationConnectionRequestConfigs
+  ) {}
+}

libs/common/src/admin-console/models/request/organization-create.request.ts

@@ -0,0 +1,27 @@
+import { PaymentMethodType } from "../../../billing/enums/payment-method-type";
+import { PlanType } from "../../../billing/enums/plan-type";
+
+import { OrganizationKeysRequest } from "./organization-keys.request";
+
+export class OrganizationCreateRequest {
+  name: string;
+  businessName: string;
+  billingEmail: string;
+  planType: PlanType;
+  key: string;
+  keys: OrganizationKeysRequest;
+  paymentMethodType: PaymentMethodType;
+  paymentToken: string;
+  additionalSeats: number;
+  maxAutoscaleSeats: number;
+  additionalStorageGb: number;
+  premiumAccessAddon: boolean;
+  collectionName: string;
+  taxIdNumber: string;
+  billingAddressLine1: string;
+  billingAddressLine2: string;
+  billingAddressCity: string;
+  billingAddressState: string;
+  billingAddressPostalCode: string;
+  billingAddressCountry: string;
+}

libs/common/src/admin-console/models/request/organization-keys.request.ts

@@ -0,0 +1,7 @@
+import { KeysRequest } from "../../../models/request/keys.request";
+
+export class OrganizationKeysRequest extends KeysRequest {
+  constructor(publicKey: string, encryptedPrivateKey: string) {
+    super(publicKey, encryptedPrivateKey);
+  }
+}

libs/common/src/admin-console/models/request/organization-update.request.ts

@@ -0,0 +1,8 @@
+import { OrganizationKeysRequest } from "./organization-keys.request";
+
+export class OrganizationUpdateRequest {
+  name: string;
+  businessName: string;
+  billingEmail: string;
+  keys: OrganizationKeysRequest;
+}

libs/common/src/admin-console/models/request/organization-upgrade.request.ts

@@ -0,0 +1,14 @@
+import { PlanType } from "../../../billing/enums/plan-type";
+
+import { OrganizationKeysRequest } from "./organization-keys.request";
+
+export class OrganizationUpgradeRequest {
+  businessName: string;
+  planType: PlanType;
+  additionalSeats: number;
+  additionalStorageGb: number;
+  premiumAccessAddon: boolean;
+  billingAddressCountry: string;
+  billingAddressPostalCode: string;
+  keys: OrganizationKeysRequest;
+}

libs/common/src/admin-console/models/request/organization/organization-enroll-secrets-manager.request.ts

@@ -0,0 +1,3 @@
+export class OrganizationEnrollSecretsManagerRequest {
+  enabled: boolean;
+}

libs/common/src/admin-console/models/request/organization/organization-sponsorship-create.request.ts

@@ -0,0 +1,7 @@
+import { PlanSponsorshipType } from "../../../../billing/enums/plan-sponsorship-type";
+
+export class OrganizationSponsorshipCreateRequest {
+  sponsoredEmail: string;
+  planSponsorshipType: PlanSponsorshipType;
+  friendlyName: string;
+}

libs/common/src/admin-console/models/request/organization/organization-sponsorship-redeem.request.ts

@@ -0,0 +1,6 @@
+import { PlanSponsorshipType } from "../../../../billing/enums/plan-sponsorship-type";
+
+export class OrganizationSponsorshipRedeemRequest {
+  planSponsorshipType: PlanSponsorshipType;
+  sponsoredOrganizationId: string;
+}

libs/common/src/admin-console/models/request/policy.request.ts

@@ -0,0 +1,7 @@
+import { PolicyType } from "../../enums/policy-type";
+
+export class PolicyRequest {
+  type: PolicyType;
+  enabled: boolean;
+  data: any;
+}

libs/common/src/admin-console/models/request/provider/provider-add-organization.request.ts

@@ -0,0 +1,4 @@
+export class ProviderAddOrganizationRequest {
+  organizationId: string;
+  key: string;
+}

libs/common/src/admin-console/models/request/provider/provider-organization-create.request.ts

@@ -0,0 +1,8 @@
+import { OrganizationCreateRequest } from "../../../models/request/organization-create.request";
+
+export class ProviderOrganizationCreateRequest {
+  constructor(
+    public clientOwnerEmail: string,
+    public organizationCreateRequest: OrganizationCreateRequest
+  ) {}
+}

libs/common/src/admin-console/models/request/provider/provider-setup.request.ts

@@ -0,0 +1,7 @@
+export class ProviderSetupRequest {
+  name: string;
+  businessName: string;
+  billingEmail: string;
+  token: string;
+  key: string;
+}

libs/common/src/admin-console/models/request/provider/provider-update.request.ts

@@ -0,0 +1,5 @@
+export class ProviderUpdateRequest {
+  name: string;
+  businessName: string;
+  billingEmail: string;
+}

libs/common/src/admin-console/models/request/provider/provider-user-accept.request.ts

@@ -0,0 +1,3 @@
+export class ProviderUserAcceptRequest {
+  token: string;
+}

libs/common/src/admin-console/models/request/provider/provider-user-bulk-confirm.request.ts

@@ -0,0 +1,12 @@
+type ProviderUserBulkRequestEntry = {
+  id: string;
+  key: string;
+};
+
+export class ProviderUserBulkConfirmRequest {
+  keys: ProviderUserBulkRequestEntry[];
+
+  constructor(keys: ProviderUserBulkRequestEntry[]) {
+    this.keys = keys;
+  }
+}

libs/common/src/admin-console/models/request/provider/provider-user-bulk.request.ts

@@ -0,0 +1,7 @@
+export class ProviderUserBulkRequest {
+  ids: string[];
+
+  constructor(ids: string[]) {
+    this.ids = ids == null ? [] : ids;
+  }
+}

libs/common/src/admin-console/models/request/provider/provider-user-confirm.request.ts

@@ -0,0 +1,3 @@
+export class ProviderUserConfirmRequest {
+  key: string;
+}

libs/common/src/admin-console/models/request/provider/provider-user-invite.request.ts

@@ -0,0 +1,6 @@
+import { ProviderUserType } from "../../../enums/provider-user-type";
+
+export class ProviderUserInviteRequest {
+  emails: string[] = [];
+  type: ProviderUserType;
+}

libs/common/src/admin-console/models/request/provider/provider-user-update.request.ts

@@ -0,0 +1,5 @@
+import { ProviderUserType } from "../../../enums/provider-user-type";
+
+export class ProviderUserUpdateRequest {
+  type: ProviderUserType;
+}

libs/common/src/admin-console/models/request/scim-config.request.ts

@@ -0,0 +1,5 @@
+import { ScimProviderType } from "../../enums/scim-provider-type";
+
+export class ScimConfigRequest {
+  constructor(private enabled: boolean, private scimProvider: ScimProviderType = null) {}
+}

libs/common/src/admin-console/models/request/selection-read-only.request.ts

@@ -0,0 +1,11 @@
+export class SelectionReadOnlyRequest {
+  id: string;
+  readOnly: boolean;
+  hidePasswords: boolean;
+
+  constructor(id: string, readOnly: boolean, hidePasswords: boolean) {
+    this.id = id;
+    this.readOnly = readOnly;
+    this.hidePasswords = hidePasswords;
+  }
+}

libs/common/src/admin-console/models/response/collection.response.ts

@@ -0,0 +1,52 @@
+import { BaseResponse } from "../../../models/response/base.response";
+
+import { SelectionReadOnlyResponse } from "./selection-read-only.response";
+
+export class CollectionResponse extends BaseResponse {
+  id: string;
+  organizationId: string;
+  name: string;
+  externalId: string;
+
+  constructor(response: any) {
+    super(response);
+    this.id = this.getResponseProperty("Id");
+    this.organizationId = this.getResponseProperty("OrganizationId");
+    this.name = this.getResponseProperty("Name");
+    this.externalId = this.getResponseProperty("ExternalId");
+  }
+}
+
+export class CollectionDetailsResponse extends CollectionResponse {
+  readOnly: boolean;
+
+  constructor(response: any) {
+    super(response);
+    this.readOnly = this.getResponseProperty("ReadOnly") || false;
+  }
+}
+
+export class CollectionAccessDetailsResponse extends CollectionResponse {
+  groups: SelectionReadOnlyResponse[] = [];
+  users: SelectionReadOnlyResponse[] = [];
+
+  /**
+   * Flag indicating the user has been explicitly assigned to this Collection
+   */
+  assigned: boolean;
+
+  constructor(response: any) {
+    super(response);
+    this.assigned = this.getResponseProperty("Assigned") || false;
+
+    const groups = this.getResponseProperty("Groups");
+    if (groups != null) {
+      this.groups = groups.map((g: any) => new SelectionReadOnlyResponse(g));
+    }
+
+    const users = this.getResponseProperty("Users");
+    if (users != null) {
+      this.users = users.map((g: any) => new SelectionReadOnlyResponse(g));
+    }
+  }
+}

libs/common/src/admin-console/models/response/organization-api-key-information.response.ts

@@ -0,0 +1,11 @@
+import { BaseResponse } from "../../../models/response/base.response";
+import { OrganizationApiKeyType } from "../../enums/organization-api-key-type";
+
+export class OrganizationApiKeyInformationResponse extends BaseResponse {
+  keyType: OrganizationApiKeyType;
+
+  constructor(response: any) {
+    super(response);
+    this.keyType = this.getResponseProperty("KeyType");
+  }
+}

libs/common/src/admin-console/models/response/organization-auto-enroll-status.response.ts

@@ -0,0 +1,12 @@
+import { BaseResponse } from "../../../models/response/base.response";
+
+export class OrganizationAutoEnrollStatusResponse extends BaseResponse {
+  id: string;
+  resetPasswordEnabled: boolean;
+
+  constructor(response: any) {
+    super(response);
+    this.id = this.getResponseProperty("Id");
+    this.resetPasswordEnabled = this.getResponseProperty("ResetPasswordEnabled");
+  }
+}

libs/common/src/admin-console/models/response/organization-connection.response.ts

@@ -0,0 +1,27 @@
+import { BillingSyncConfigApi } from "../../../billing/models/api/billing-sync-config.api";
+import { BaseResponse } from "../../../models/response/base.response";
+import { OrganizationConnectionType } from "../../enums/organization-connection-type";
+import { ScimConfigApi } from "../api/scim-config.api";
+
+/**API response config types for OrganizationConnectionResponse */
+export type OrganizationConnectionConfigApis = BillingSyncConfigApi | ScimConfigApi;
+
+export class OrganizationConnectionResponse<
+  TConfig extends OrganizationConnectionConfigApis
+> extends BaseResponse {
+  id: string;
+  type: OrganizationConnectionType;
+  organizationId: string;
+  enabled: boolean;
+  config: TConfig;
+
+  constructor(response: any, configType: { new (response: any): TConfig }) {
+    super(response);
+    this.id = this.getResponseProperty("Id");
+    this.type = this.getResponseProperty("Type");
+    this.organizationId = this.getResponseProperty("OrganizationId");
+    this.enabled = this.getResponseProperty("Enabled");
+    const rawConfig = this.getResponseProperty("Config");
+    this.config = rawConfig == null ? null : new configType(rawConfig);
+  }
+}

libs/common/src/admin-console/models/response/organization-export.response.ts

@@ -0,0 +1,21 @@
+import { BaseResponse } from "../../../models/response/base.response";
+import { CipherResponse } from "../../../vault/models/response/cipher.response";
+
+import { CollectionResponse } from "./collection.response";
+
+export class OrganizationExportResponse extends BaseResponse {
+  collections: CollectionResponse[];
+  ciphers: CipherResponse[];
+
+  constructor(response: any) {
+    super(response);
+    const collections = this.getResponseProperty("Collections");
+    if (collections != null) {
+      this.collections = collections.map((c: any) => new CollectionResponse(c));
+    }
+    const ciphers = this.getResponseProperty("Ciphers");
+    if (ciphers != null) {
+      this.ciphers = ciphers.map((c: any) => new CipherResponse(c));
+    }
+  }
+}

libs/common/src/admin-console/models/response/organization-keys.response.ts

@@ -0,0 +1,7 @@
+import { KeysResponse } from "../../../models/response/keys.response";
+
+export class OrganizationKeysResponse extends KeysResponse {
+  constructor(response: any) {
+    super(response);
+  }
+}

libs/common/src/admin-console/models/response/organization-sponsorship-sync-status.response.ts

@@ -0,0 +1,13 @@
+import { BaseResponse } from "../../../models/response/base.response";
+
+export class OrganizationSponsorshipSyncStatusResponse extends BaseResponse {
+  lastSyncDate?: Date;
+
+  constructor(response: any) {
+    super(response);
+    const lastSyncDate = this.getResponseProperty("LastSyncDate");
+    if (lastSyncDate) {
+      this.lastSyncDate = new Date(lastSyncDate);
+    }
+  }
+}

libs/common/src/admin-console/models/response/organization.response.ts

@@ -0,0 +1,59 @@
+import { PlanType } from "../../../billing/enums/plan-type";
+import { PlanResponse } from "../../../billing/models/response/plan.response";
+import { BaseResponse } from "../../../models/response/base.response";
+
+export class OrganizationResponse extends BaseResponse {
+  id: string;
+  name: string;
+  businessName: string;
+  businessAddress1: string;
+  businessAddress2: string;
+  businessAddress3: string;
+  businessCountry: string;
+  businessTaxNumber: string;
+  billingEmail: string;
+  plan: PlanResponse;
+  planType: PlanType;
+  seats: number;
+  maxAutoscaleSeats: number;
+  maxCollections: number;
+  maxStorageGb: number;
+  useGroups: boolean;
+  useDirectory: boolean;
+  useEvents: boolean;
+  useTotp: boolean;
+  use2fa: boolean;
+  useApi: boolean;
+  useResetPassword: boolean;
+  useSecretsManager: boolean;
+  hasPublicAndPrivateKeys: boolean;
+
+  constructor(response: any) {
+    super(response);
+    this.id = this.getResponseProperty("Id");
+    this.name = this.getResponseProperty("Name");
+    this.businessName = this.getResponseProperty("BusinessName");
+    this.businessAddress1 = this.getResponseProperty("BusinessAddress1");
+    this.businessAddress2 = this.getResponseProperty("BusinessAddress2");
+    this.businessAddress3 = this.getResponseProperty("BusinessAddress3");
+    this.businessCountry = this.getResponseProperty("BusinessCountry");
+    this.businessTaxNumber = this.getResponseProperty("BusinessTaxNumber");
+    this.billingEmail = this.getResponseProperty("BillingEmail");
+    const plan = this.getResponseProperty("Plan");
+    this.plan = plan == null ? null : new PlanResponse(plan);
+    this.planType = this.getResponseProperty("PlanType");
+    this.seats = this.getResponseProperty("Seats");
+    this.maxAutoscaleSeats = this.getResponseProperty("MaxAutoscaleSeats");
+    this.maxCollections = this.getResponseProperty("MaxCollections");
+    this.maxStorageGb = this.getResponseProperty("MaxStorageGb");
+    this.useGroups = this.getResponseProperty("UseGroups");
+    this.useDirectory = this.getResponseProperty("UseDirectory");
+    this.useEvents = this.getResponseProperty("UseEvents");
+    this.useTotp = this.getResponseProperty("UseTotp");
+    this.use2fa = this.getResponseProperty("Use2fa");
+    this.useApi = this.getResponseProperty("UseApi");
+    this.useResetPassword = this.getResponseProperty("UseResetPassword");
+    this.useSecretsManager = this.getResponseProperty("UseSecretsManager");
+    this.hasPublicAndPrivateKeys = this.getResponseProperty("HasPublicAndPrivateKeys");
+  }
+}

libs/common/src/admin-console/models/response/policy.response.ts

@@ -0,0 +1,19 @@
+import { BaseResponse } from "../../../models/response/base.response";
+import { PolicyType } from "../../enums/policy-type";
+
+export class PolicyResponse extends BaseResponse {
+  id: string;
+  organizationId: string;
+  type: PolicyType;
+  data: any;
+  enabled: boolean;
+
+  constructor(response: any) {
+    super(response);
+    this.id = this.getResponseProperty("Id");
+    this.organizationId = this.getResponseProperty("OrganizationId");
+    this.type = this.getResponseProperty("Type");
+    this.data = this.getResponseProperty("Data");
+    this.enabled = this.getResponseProperty("Enabled");
+  }
+}

libs/common/src/admin-console/models/response/profile-organization.response.ts

@@ -0,0 +1,106 @@
+import { ProductType } from "../../../enums/productType";
+import { BaseResponse } from "../../../models/response/base.response";
+import { OrganizationUserStatusType } from "../../enums/organization-user-status-type";
+import { OrganizationUserType } from "../../enums/organization-user-type";
+import { PermissionsApi } from "../api/permissions.api";
+
+export class ProfileOrganizationResponse extends BaseResponse {
+  id: string;
+  name: string;
+  usePolicies: boolean;
+  useGroups: boolean;
+  useDirectory: boolean;
+  useEvents: boolean;
+  useTotp: boolean;
+  use2fa: boolean;
+  useApi: boolean;
+  useSso: boolean;
+  useKeyConnector: boolean;
+  useScim: boolean;
+  useCustomPermissions: boolean;
+  useResetPassword: boolean;
+  useSecretsManager: boolean;
+  useActivateAutofillPolicy: boolean;
+  selfHost: boolean;
+  usersGetPremium: boolean;
+  seats: number;
+  maxCollections: number;
+  maxStorageGb?: number;
+  key: string;
+  hasPublicAndPrivateKeys: boolean;
+  status: OrganizationUserStatusType;
+  type: OrganizationUserType;
+  enabled: boolean;
+  ssoBound: boolean;
+  identifier: string;
+  permissions: PermissionsApi;
+  resetPasswordEnrolled: boolean;
+  userId: string;
+  providerId: string;
+  providerName: string;
+  familySponsorshipFriendlyName: string;
+  familySponsorshipAvailable: boolean;
+  planProductType: ProductType;
+  keyConnectorEnabled: boolean;
+  keyConnectorUrl: string;
+  familySponsorshipLastSyncDate?: Date;
+  familySponsorshipValidUntil?: Date;
+  familySponsorshipToDelete?: boolean;
+  accessSecretsManager: boolean;
+
+  constructor(response: any) {
+    super(response);
+    this.id = this.getResponseProperty("Id");
+    this.name = this.getResponseProperty("Name");
+    this.usePolicies = this.getResponseProperty("UsePolicies");
+    this.useGroups = this.getResponseProperty("UseGroups");
+    this.useDirectory = this.getResponseProperty("UseDirectory");
+    this.useEvents = this.getResponseProperty("UseEvents");
+    this.useTotp = this.getResponseProperty("UseTotp");
+    this.use2fa = this.getResponseProperty("Use2fa");
+    this.useApi = this.getResponseProperty("UseApi");
+    this.useSso = this.getResponseProperty("UseSso");
+    this.useKeyConnector = this.getResponseProperty("UseKeyConnector") ?? false;
+    this.useScim = this.getResponseProperty("UseScim") ?? false;
+    this.useCustomPermissions = this.getResponseProperty("UseCustomPermissions") ?? false;
+    this.useResetPassword = this.getResponseProperty("UseResetPassword");
+    this.useSecretsManager = this.getResponseProperty("UseSecretsManager");
+    this.useActivateAutofillPolicy = this.getResponseProperty("UseActivateAutofillPolicy");
+    this.selfHost = this.getResponseProperty("SelfHost");
+    this.usersGetPremium = this.getResponseProperty("UsersGetPremium");
+    this.seats = this.getResponseProperty("Seats");
+    this.maxCollections = this.getResponseProperty("MaxCollections");
+    this.maxStorageGb = this.getResponseProperty("MaxStorageGb");
+    this.key = this.getResponseProperty("Key");
+    this.hasPublicAndPrivateKeys = this.getResponseProperty("HasPublicAndPrivateKeys");
+    this.status = this.getResponseProperty("Status");
+    this.type = this.getResponseProperty("Type");
+    this.enabled = this.getResponseProperty("Enabled");
+    this.ssoBound = this.getResponseProperty("SsoBound");
+    this.identifier = this.getResponseProperty("Identifier");
+    this.permissions = new PermissionsApi(this.getResponseProperty("permissions"));
+    this.resetPasswordEnrolled = this.getResponseProperty("ResetPasswordEnrolled");
+    this.userId = this.getResponseProperty("UserId");
+    this.providerId = this.getResponseProperty("ProviderId");
+    this.providerName = this.getResponseProperty("ProviderName");
+    this.familySponsorshipFriendlyName = this.getResponseProperty("FamilySponsorshipFriendlyName");
+    this.familySponsorshipAvailable = this.getResponseProperty("FamilySponsorshipAvailable");
+    this.planProductType = this.getResponseProperty("PlanProductType");
+    this.keyConnectorEnabled = this.getResponseProperty("KeyConnectorEnabled") ?? false;
+    this.keyConnectorUrl = this.getResponseProperty("KeyConnectorUrl");
+    const familySponsorshipLastSyncDateString = this.getResponseProperty(
+      "FamilySponsorshipLastSyncDate"
+    );
+    if (familySponsorshipLastSyncDateString) {
+      this.familySponsorshipLastSyncDate = new Date(familySponsorshipLastSyncDateString);
+    }
+    const familySponsorshipValidUntilString = this.getResponseProperty(
+      "FamilySponsorshipValidUntil"
+    );
+    if (familySponsorshipValidUntilString) {
+      this.familySponsorshipValidUntil = new Date(familySponsorshipValidUntilString);
+    }
+    this.familySponsorshipToDelete = this.getResponseProperty("FamilySponsorshipToDelete");
+    this.accessSecretsManager = this.getResponseProperty("AccessSecretsManager");
+  }
+}

libs/common/src/admin-console/models/response/profile-provider-organization.response.ts

@@ -0,0 +1,8 @@
+import { ProfileOrganizationResponse } from "./profile-organization.response";
+
+export class ProfileProviderOrganizationResponse extends ProfileOrganizationResponse {
+  constructor(response: any) {
+    super(response);
+    this.keyConnectorEnabled = false;
+  }
+}

libs/common/src/admin-console/models/response/profile-provider.response.ts

@@ -0,0 +1,29 @@
+import { BaseResponse } from "../../../models/response/base.response";
+import { ProviderUserStatusType } from "../../enums/provider-user-status-type";
+import { ProviderUserType } from "../../enums/provider-user-type";
+import { PermissionsApi } from "../api/permissions.api";
+
+export class ProfileProviderResponse extends BaseResponse {
+  id: string;
+  name: string;
+  key: string;
+  status: ProviderUserStatusType;
+  type: ProviderUserType;
+  enabled: boolean;
+  permissions: PermissionsApi;
+  userId: string;
+  useEvents: boolean;
+
+  constructor(response: any) {
+    super(response);
+    this.id = this.getResponseProperty("Id");
+    this.name = this.getResponseProperty("Name");
+    this.key = this.getResponseProperty("Key");
+    this.status = this.getResponseProperty("Status");
+    this.type = this.getResponseProperty("Type");
+    this.enabled = this.getResponseProperty("Enabled");
+    this.permissions = new PermissionsApi(this.getResponseProperty("permissions"));
+    this.userId = this.getResponseProperty("UserId");
+    this.useEvents = this.getResponseProperty("UseEvents");
+  }
+}

libs/common/src/admin-console/models/response/provider/provider-organization.response.ts

@@ -0,0 +1,37 @@
+import { BaseResponse } from "../../../../models/response/base.response";
+
+export class ProviderOrganizationResponse extends BaseResponse {
+  id: string;
+  providerId: string;
+  organizationId: string;
+  key: string;
+  settings: string;
+  creationDate: string;
+  revisionDate: string;
+  userCount: number;
+  seats?: number;
+  plan?: string;
+
+  constructor(response: any) {
+    super(response);
+    this.id = this.getResponseProperty("Id");
+    this.providerId = this.getResponseProperty("ProviderId");
+    this.organizationId = this.getResponseProperty("OrganizationId");
+    this.key = this.getResponseProperty("Key");
+    this.settings = this.getResponseProperty("Settings");
+    this.creationDate = this.getResponseProperty("CreationDate");
+    this.revisionDate = this.getResponseProperty("RevisionDate");
+    this.userCount = this.getResponseProperty("UserCount");
+    this.seats = this.getResponseProperty("Seats");
+    this.plan = this.getResponseProperty("Plan");
+  }
+}
+
+export class ProviderOrganizationOrganizationDetailsResponse extends ProviderOrganizationResponse {
+  organizationName: string;
+
+  constructor(response: any) {
+    super(response);
+    this.organizationName = this.getResponseProperty("OrganizationName");
+  }
+}

libs/common/src/admin-console/models/response/provider/provider-user-bulk-public-key.response.ts

@@ -0,0 +1,3 @@
+import { OrganizationUserBulkPublicKeyResponse } from "../../../../abstractions/organization-user/responses";
+
+export class ProviderUserBulkPublicKeyResponse extends OrganizationUserBulkPublicKeyResponse {}

libs/common/src/admin-console/models/response/provider/provider-user-bulk.response.ts

@@ -0,0 +1,12 @@
+import { BaseResponse } from "../../../../models/response/base.response";
+
+export class ProviderUserBulkResponse extends BaseResponse {
+  id: string;
+  error: string;
+
+  constructor(response: any) {
+    super(response);
+    this.id = this.getResponseProperty("Id");
+    this.error = this.getResponseProperty("Error");
+  }
+}

libs/common/src/admin-console/models/response/provider/provider-user.response.ts

@@ -0,0 +1,32 @@
+import { BaseResponse } from "../../../../models/response/base.response";
+import { ProviderUserStatusType } from "../../../enums/provider-user-status-type";
+import { ProviderUserType } from "../../../enums/provider-user-type";
+import { PermissionsApi } from "../../api/permissions.api";
+
+export class ProviderUserResponse extends BaseResponse {
+  id: string;
+  userId: string;
+  type: ProviderUserType;
+  status: ProviderUserStatusType;
+  permissions: PermissionsApi;
+
+  constructor(response: any) {
+    super(response);
+    this.id = this.getResponseProperty("Id");
+    this.userId = this.getResponseProperty("UserId");
+    this.type = this.getResponseProperty("Type");
+    this.status = this.getResponseProperty("Status");
+    this.permissions = new PermissionsApi(this.getResponseProperty("Permissions"));
+  }
+}
+
+export class ProviderUserUserDetailsResponse extends ProviderUserResponse {
+  name: string;
+  email: string;
+
+  constructor(response: any) {
+    super(response);
+    this.name = this.getResponseProperty("Name");
+    this.email = this.getResponseProperty("Email");
+  }
+}

libs/common/src/admin-console/models/response/provider/provider.response.ts

@@ -0,0 +1,16 @@
+import { BaseResponse } from "../../../../models/response/base.response";
+
+export class ProviderResponse extends BaseResponse {
+  id: string;
+  name: string;
+  businessName: string;
+  billingEmail: string;
+
+  constructor(response: any) {
+    super(response);
+    this.id = this.getResponseProperty("Id");
+    this.name = this.getResponseProperty("Name");
+    this.businessName = this.getResponseProperty("BusinessName");
+    this.billingEmail = this.getResponseProperty("BillingEmail");
+  }
+}

libs/common/src/admin-console/models/response/selection-read-only.response.ts

@@ -0,0 +1,14 @@
+import { BaseResponse } from "../../../models/response/base.response";
+
+export class SelectionReadOnlyResponse extends BaseResponse {
+  id: string;
+  readOnly: boolean;
+  hidePasswords: boolean;
+
+  constructor(response: any) {
+    super(response);
+    this.id = this.getResponseProperty("Id");
+    this.readOnly = this.getResponseProperty("ReadOnly");
+    this.hidePasswords = this.getResponseProperty("HidePasswords");
+  }
+}

libs/common/src/admin-console/models/view/collection.view.ts

@@ -0,0 +1,27 @@
+import { ITreeNodeObject } from "../../../models/domain/tree-node";
+import { View } from "../../../models/view/view";
+import { Collection } from "../domain/collection";
+import { CollectionAccessDetailsResponse } from "../response/collection.response";
+
+export class CollectionView implements View, ITreeNodeObject {
+  id: string = null;
+  organizationId: string = null;
+  name: string = null;
+  externalId: string = null;
+  readOnly: boolean = null;
+  hidePasswords: boolean = null;
+
+  constructor(c?: Collection | CollectionAccessDetailsResponse) {
+    if (!c) {
+      return;
+    }
+
+    this.id = c.id;
+    this.organizationId = c.organizationId;
+    this.externalId = c.externalId;
+    if (c instanceof Collection) {
+      this.readOnly = c.readOnly;
+      this.hidePasswords = c.hidePasswords;
+    }
+  }
+}

libs/common/src/admin-console/services/collection.service.ts

@@ -0,0 +1,162 @@
+import { CryptoService } from "../../abstractions/crypto.service";
+import { I18nService } from "../../abstractions/i18n.service";
+import { StateService } from "../../abstractions/state.service";
+import { ServiceUtils } from "../../misc/serviceUtils";
+import { Utils } from "../../misc/utils";
+import { TreeNode } from "../../models/domain/tree-node";
+import { CollectionService as CollectionServiceAbstraction } from "../abstractions/collection.service";
+import { CollectionData } from "../models/data/collection.data";
+import { Collection } from "../models/domain/collection";
+import { CollectionView } from "../models/view/collection.view";
+
+const NestingDelimiter = "/";
+
+export class CollectionService implements CollectionServiceAbstraction {
+  constructor(
+    private cryptoService: CryptoService,
+    private i18nService: I18nService,
+    private stateService: StateService
+  ) {}
+
+  async clearCache(userId?: string): Promise<void> {
+    await this.stateService.setDecryptedCollections(null, { userId: userId });
+  }
+
+  async encrypt(model: CollectionView): Promise<Collection> {
+    if (model.organizationId == null) {
+      throw new Error("Collection has no organization id.");
+    }
+    const key = await this.cryptoService.getOrgKey(model.organizationId);
+    if (key == null) {
+      throw new Error("No key for this collection's organization.");
+    }
+    const collection = new Collection();
+    collection.id = model.id;
+    collection.organizationId = model.organizationId;
+    collection.readOnly = model.readOnly;
+    collection.name = await this.cryptoService.encrypt(model.name, key);
+    return collection;
+  }
+
+  async decryptMany(collections: Collection[]): Promise<CollectionView[]> {
+    if (collections == null) {
+      return [];
+    }
+    const decCollections: CollectionView[] = [];
+    const promises: Promise<any>[] = [];
+    collections.forEach((collection) => {
+      promises.push(collection.decrypt().then((c) => decCollections.push(c)));
+    });
+    await Promise.all(promises);
+    return decCollections.sort(Utils.getSortFunction(this.i18nService, "name"));
+  }
+
+  async get(id: string): Promise<Collection> {
+    const collections = await this.stateService.getEncryptedCollections();
+    // eslint-disable-next-line
+    if (collections == null || !collections.hasOwnProperty(id)) {
+      return null;
+    }
+
+    return new Collection(collections[id]);
+  }
+
+  async getAll(): Promise<Collection[]> {
+    const collections = await this.stateService.getEncryptedCollections();
+    const response: Collection[] = [];
+    for (const id in collections) {
+      // eslint-disable-next-line
+      if (collections.hasOwnProperty(id)) {
+        response.push(new Collection(collections[id]));
+      }
+    }
+    return response;
+  }
+
+  async getAllDecrypted(): Promise<CollectionView[]> {
+    let decryptedCollections = await this.stateService.getDecryptedCollections();
+    if (decryptedCollections != null) {
+      return decryptedCollections;
+    }
+
+    const hasKey = await this.cryptoService.hasKey();
+    if (!hasKey) {
+      throw new Error("No key.");
+    }
+
+    const collections = await this.getAll();
+    decryptedCollections = await this.decryptMany(collections);
+
+    await this.stateService.setDecryptedCollections(decryptedCollections);
+    return decryptedCollections;
+  }
+
+  async getAllNested(collections: CollectionView[] = null): Promise<TreeNode<CollectionView>[]> {
+    if (collections == null) {
+      collections = await this.getAllDecrypted();
+    }
+    const nodes: TreeNode<CollectionView>[] = [];
+    collections.forEach((c) => {
+      const collectionCopy = new CollectionView();
+      collectionCopy.id = c.id;
+      collectionCopy.organizationId = c.organizationId;
+      const parts = c.name != null ? c.name.replace(/^\/+|\/+$/g, "").split(NestingDelimiter) : [];
+      ServiceUtils.nestedTraverse(nodes, 0, parts, collectionCopy, null, NestingDelimiter);
+    });
+    return nodes;
+  }
+
+  /**
+   * @deprecated August 30 2022: Moved to new Vault Filter Service
+   * Remove when Desktop and Browser are updated
+   */
+  async getNested(id: string): Promise<TreeNode<CollectionView>> {
+    const collections = await this.getAllNested();
+    return ServiceUtils.getTreeNodeObjectFromList(collections, id) as TreeNode<CollectionView>;
+  }
+
+  async upsert(collection: CollectionData | CollectionData[]): Promise<any> {
+    let collections = await this.stateService.getEncryptedCollections();
+    if (collections == null) {
+      collections = {};
+    }
+
+    if (collection instanceof CollectionData) {
+      const c = collection as CollectionData;
+      collections[c.id] = c;
+    } else {
+      (collection as CollectionData[]).forEach((c) => {
+        collections[c.id] = c;
+      });
+    }
+
+    await this.replace(collections);
+  }
+
+  async replace(collections: { [id: string]: CollectionData }): Promise<any> {
+    await this.clearCache();
+    await this.stateService.setEncryptedCollections(collections);
+  }
+
+  async clear(userId?: string): Promise<any> {
+    await this.clearCache(userId);
+    await this.stateService.setEncryptedCollections(null, { userId: userId });
+  }
+
+  async delete(id: string | string[]): Promise<any> {
+    const collections = await this.stateService.getEncryptedCollections();
+    if (collections == null) {
+      return;
+    }
+
+    if (typeof id === "string") {
+      delete collections[id];
+    } else {
+      (id as string[]).forEach((i) => {
+        delete collections[i];
+      });
+    }
+
+    await this.replace(collections);
+  }
+}

libs/common/src/admin-console/services/organization/organization-api.service.ts

@@ -0,0 +1,306 @@
+import { ApiService } from "../../../abstractions/api.service";
+import { OrganizationSsoRequest } from "../../../auth/models/request/organization-sso.request";
+import { SecretVerificationRequest } from "../../../auth/models/request/secret-verification.request";
+import { ApiKeyResponse } from "../../../auth/models/response/api-key.response";
+import { OrganizationSsoResponse } from "../../../auth/models/response/organization-sso.response";
+import { OrganizationSubscriptionUpdateRequest } from "../../../billing/models/request/organization-subscription-update.request";
+import { OrganizationTaxInfoUpdateRequest } from "../../../billing/models/request/organization-tax-info-update.request";
+import { PaymentRequest } from "../../../billing/models/request/payment.request";
+import { BillingResponse } from "../../../billing/models/response/billing.response";
+import { OrganizationSubscriptionResponse } from "../../../billing/models/response/organization-subscription.response";
+import { PaymentResponse } from "../../../billing/models/response/payment.response";
+import { TaxInfoResponse } from "../../../billing/models/response/tax-info.response";
+import { ImportDirectoryRequest } from "../../../models/request/import-directory.request";
+import { OrganizationApiKeyRequest } from "../../../models/request/organization-api-key.request";
+import { SeatRequest } from "../../../models/request/seat.request";
+import { StorageRequest } from "../../../models/request/storage.request";
+import { VerifyBankRequest } from "../../../models/request/verify-bank.request";
+import { ListResponse } from "../../../models/response/list.response";
+import { SyncService } from "../../../vault/abstractions/sync/sync.service.abstraction";
+import { OrganizationApiServiceAbstraction } from "../../abstractions/organization/organization-api.service.abstraction";
+import { OrganizationApiKeyType } from "../../enums/organization-api-key-type";
+import { OrganizationCreateRequest } from "../../models/request/organization-create.request";
+import { OrganizationKeysRequest } from "../../models/request/organization-keys.request";
+import { OrganizationUpdateRequest } from "../../models/request/organization-update.request";
+import { OrganizationUpgradeRequest } from "../../models/request/organization-upgrade.request";
+import { OrganizationEnrollSecretsManagerRequest } from "../../models/request/organization/organization-enroll-secrets-manager.request";
+import { OrganizationApiKeyInformationResponse } from "../../models/response/organization-api-key-information.response";
+import { OrganizationAutoEnrollStatusResponse } from "../../models/response/organization-auto-enroll-status.response";
+import { OrganizationKeysResponse } from "../../models/response/organization-keys.response";
+import { OrganizationResponse } from "../../models/response/organization.response";
+
+export class OrganizationApiService implements OrganizationApiServiceAbstraction {
+  constructor(private apiService: ApiService, private syncService: SyncService) {}
+
+  async get(id: string): Promise<OrganizationResponse> {
+    const r = await this.apiService.send("GET", "/organizations/" + id, null, true, true);
+    return new OrganizationResponse(r);
+  }
+
+  async getBilling(id: string): Promise<BillingResponse> {
+    const r = await this.apiService.send(
+      "GET",
+      "/organizations/" + id + "/billing",
+      null,
+      true,
+      true
+    );
+    return new BillingResponse(r);
+  }
+
+  async getSubscription(id: string): Promise<OrganizationSubscriptionResponse> {
+    const r = await this.apiService.send(
+      "GET",
+      "/organizations/" + id + "/subscription",
+      null,
+      true,
+      true
+    );
+    return new OrganizationSubscriptionResponse(r);
+  }
+
+  async getLicense(id: string, installationId: string): Promise<unknown> {
+    return this.apiService.send(
+      "GET",
+      "/organizations/" + id + "/license?installationId=" + installationId,
+      null,
+      true,
+      true
+    );
+  }
+
+  async getAutoEnrollStatus(identifier: string): Promise<OrganizationAutoEnrollStatusResponse> {
+    const r = await this.apiService.send(
+      "GET",
+      "/organizations/" + identifier + "/auto-enroll-status",
+      null,
+      true,
+      true
+    );
+    return new OrganizationAutoEnrollStatusResponse(r);
+  }
+
+  async create(request: OrganizationCreateRequest): Promise<OrganizationResponse> {
+    const r = await this.apiService.send("POST", "/organizations", request, true, true);
+    // Forcing a sync will notify organization service that they need to repull
+    await this.syncService.fullSync(true);
+    return new OrganizationResponse(r);
+  }
+
+  async createLicense(data: FormData): Promise<OrganizationResponse> {
+    const r = await this.apiService.send(
+      "POST",
+      "/organizations/licenses/self-hosted",
+      data,
+      true,
+      true
+    );
+    return new OrganizationResponse(r);
+  }
+
+  async save(id: string, request: OrganizationUpdateRequest): Promise<OrganizationResponse> {
+    const r = await this.apiService.send("PUT", "/organizations/" + id, request, true, true);
+    const data = new OrganizationResponse(r);
+    await this.syncService.fullSync(true);
+    return data;
+  }
+
+  async updatePayment(id: string, request: PaymentRequest): Promise<void> {
+    return this.apiService.send("POST", "/organizations/" + id + "/payment", request, true, false);
+  }
+
+  async upgrade(id: string, request: OrganizationUpgradeRequest): Promise<PaymentResponse> {
+    const r = await this.apiService.send(
+      "POST",
+      "/organizations/" + id + "/upgrade",
+      request,
+      true,
+      true
+    );
+    return new PaymentResponse(r);
+  }
+
+  async updateSubscription(
+    id: string,
+    request: OrganizationSubscriptionUpdateRequest
+  ): Promise<void> {
+    return this.apiService.send(
+      "POST",
+      "/organizations/" + id + "/subscription",
+      request,
+      true,
+      false
+    );
+  }
+
+  async updateSeats(id: string, request: SeatRequest): Promise<PaymentResponse> {
+    const r = await this.apiService.send(
+      "POST",
+      "/organizations/" + id + "/seat",
+      request,
+      true,
+      true
+    );
+    return new PaymentResponse(r);
+  }
+
+  async updateStorage(id: string, request: StorageRequest): Promise<PaymentResponse> {
+    const r = await this.apiService.send(
+      "POST",
+      "/organizations/" + id + "/storage",
+      request,
+      true,
+      true
+    );
+    return new PaymentResponse(r);
+  }
+
+  async verifyBank(id: string, request: VerifyBankRequest): Promise<void> {
+    await this.apiService.send(
+      "POST",
+      "/organizations/" + id + "/verify-bank",
+      request,
+      true,
+      false
+    );
+  }
+
+  async cancel(id: string): Promise<void> {
+    return this.apiService.send("POST", "/organizations/" + id + "/cancel", null, true, false);
+  }
+
+  async reinstate(id: string): Promise<void> {
+    return this.apiService.send("POST", "/organizations/" + id + "/reinstate", null, true, false);
+  }
+
+  async leave(id: string): Promise<void> {
+    await this.apiService.send("POST", "/organizations/" + id + "/leave", null, true, false);
+    await this.syncService.fullSync(true);
+  }
+
+  async delete(id: string, request: SecretVerificationRequest): Promise<void> {
+    await this.apiService.send("DELETE", "/organizations/" + id, request, true, false);
+    await this.syncService.fullSync(true);
+  }
+
+  async updateLicense(id: string, data: FormData): Promise<void> {
+    await this.apiService.send(
+      "POST",
+      "/organizations/licenses/self-hosted/" + id,
+      data,
+      true,
+      false
+    );
+  }
+
+  async importDirectory(organizationId: string, request: ImportDirectoryRequest): Promise<void> {
+    return this.apiService.send(
+      "POST",
+      "/organizations/" + organizationId + "/import",
+      request,
+      true,
+      false
+    );
+  }
+
+  async getOrCreateApiKey(id: string, request: OrganizationApiKeyRequest): Promise<ApiKeyResponse> {
+    const r = await this.apiService.send(
+      "POST",
+      "/organizations/" + id + "/api-key",
+      request,
+      true,
+      true
+    );
+    return new ApiKeyResponse(r);
+  }
+
+  async getApiKeyInformation(
+    id: string,
+    organizationApiKeyType: OrganizationApiKeyType = null
+  ): Promise<ListResponse<OrganizationApiKeyInformationResponse>> {
+    const uri =
+      organizationApiKeyType === null
+        ? "/organizations/" + id + "/api-key-information"
+        : "/organizations/" + id + "/api-key-information/" + organizationApiKeyType;
+    const r = await this.apiService.send("GET", uri, null, true, true);
+    return new ListResponse(r, OrganizationApiKeyInformationResponse);
+  }
+
+  async rotateApiKey(id: string, request: OrganizationApiKeyRequest): Promise<ApiKeyResponse> {
+    const r = await this.apiService.send(
+      "POST",
+      "/organizations/" + id + "/rotate-api-key",
+      request,
+      true,
+      true
+    );
+    return new ApiKeyResponse(r);
+  }
+
+  async getTaxInfo(id: string): Promise<TaxInfoResponse> {
+    const r = await this.apiService.send("GET", "/organizations/" + id + "/tax", null, true, true);
+    return new TaxInfoResponse(r);
+  }
+
+  async updateTaxInfo(id: string, request: OrganizationTaxInfoUpdateRequest): Promise<void> {
+    // Can't broadcast anything because the response doesn't have content
+    return this.apiService.send("PUT", "/organizations/" + id + "/tax", request, true, false);
+  }
+
+  async getKeys(id: string): Promise<OrganizationKeysResponse> {
+    const r = await this.apiService.send("GET", "/organizations/" + id + "/keys", null, true, true);
+    return new OrganizationKeysResponse(r);
+  }
+
+  async updateKeys(
+    id: string,
+    request: OrganizationKeysRequest
+  ): Promise<OrganizationKeysResponse> {
+    const r = await this.apiService.send(
+      "POST",
+      "/organizations/" + id + "/keys",
+      request,
+      true,
+      true
+    );
+    // Not broadcasting anything because data on this response doesn't correspond to `Organization`
+    return new OrganizationKeysResponse(r);
+  }
+
+  async getSso(id: string): Promise<OrganizationSsoResponse> {
+    const r = await this.apiService.send("GET", "/organizations/" + id + "/sso", null, true, true);
+    return new OrganizationSsoResponse(r);
+  }
+
+  async updateSso(id: string, request: OrganizationSsoRequest): Promise<OrganizationSsoResponse> {
+    const r = await this.apiService.send(
+      "POST",
+      "/organizations/" + id + "/sso",
+      request,
+      true,
+      true
+    );
+    // Not broadcasting anything because data on this response doesn't correspond to `Organization`
+    return new OrganizationSsoResponse(r);
+  }
+
+  async selfHostedSyncLicense(id: string) {
+    await this.apiService.send(
+      "POST",
+      "/organizations/licenses/self-hosted/" + id + "/sync/",
+      null,
+      true,
+      false
+    );
+  }
+
+  async updateEnrollSecretsManager(id: string, request: OrganizationEnrollSecretsManagerRequest) {
+    await this.apiService.send(
+      "POST",
+      "/organizations/" + id + "/enroll-secrets-manager",
+      request,
+      true,
+      true
+    );
+  }
+}

libs/common/src/admin-console/services/organization/organization.service.ts

@@ -0,0 +1,110 @@
+import { BehaviorSubject, concatMap, map, Observable } from "rxjs";
+
+import { StateService } from "../../../abstractions/state.service";
+import { InternalOrganizationService as InternalOrganizationServiceAbstraction } from "../../abstractions/organization/organization.service.abstraction";
+import { OrganizationData } from "../../models/data/organization.data";
+import { Organization } from "../../models/domain/organization";
+
+export class OrganizationService implements InternalOrganizationServiceAbstraction {
+  protected _organizations = new BehaviorSubject<Organization[]>([]);
+
+  organizations$ = this._organizations.asObservable();
+
+  constructor(private stateService: StateService) {
+    this.stateService.activeAccountUnlocked$
+      .pipe(
+        concatMap(async (unlocked) => {
+          if (!unlocked) {
+            this._organizations.next([]);
+            return;
+          }
+
+          const data = await this.stateService.getOrganizations();
+          this.updateObservables(data);
+        })
+      )
+      .subscribe();
+  }
+
+  get$(id: string): Observable<Organization | undefined> {
+    return this.organizations$.pipe(map((orgs) => orgs.find((o) => o.id === id)));
+  }
+
+  async getAll(userId?: string): Promise<Organization[]> {
+    const organizationsMap = await this.stateService.getOrganizations({ userId: userId });
+    return Object.values(organizationsMap || {}).map((o) => new Organization(o));
+  }
+
+  async canManageSponsorships(): Promise<boolean> {
+    const organizations = this._organizations.getValue();
+    return organizations.some(
+      (o) => o.familySponsorshipAvailable || o.familySponsorshipFriendlyName !== null
+    );
+  }
+
+  hasOrganizations(): boolean {
+    const organizations = this._organizations.getValue();
+    return organizations.length > 0;
+  }
+
+  async upsert(organization: OrganizationData): Promise<void> {
+    let organizations = await this.stateService.getOrganizations();
+    if (organizations == null) {
+      organizations = {};
+    }
+
+    organizations[organization.id] = organization;
+
+    await this.replace(organizations);
+  }
+
+  async delete(id: string): Promise<void> {
+    const organizations = await this.stateService.getOrganizations();
+    if (organizations == null) {
+      return;
+    }
+
+    if (organizations[id] == null) {
+      return;
+    }
+
+    delete organizations[id];
+    await this.replace(organizations);
+  }
+
+  get(id: string): Organization {
+    const organizations = this._organizations.getValue();
+
+    return organizations.find((organization) => organization.id === id);
+  }
+
+  /**
+   * @deprecated For the CLI only
+   * @param id id of the organization
+   */
+  async getFromState(id: string): Promise<Organization> {
+    const organizationsMap = await this.stateService.getOrganizations();
+    const organization = organizationsMap[id];
+    if (organization == null) {
+      return null;
+    }
+
+    return new Organization(organization);
+  }
+
+  getByIdentifier(identifier: string): Organization {
+    const organizations = this._organizations.getValue();
+
+    return organizations.find((organization) => organization.identifier === identifier);
+  }
+
+  async replace(organizations: { [id: string]: OrganizationData }) {
+    await this.stateService.setOrganizations(organizations);
+    this.updateObservables(organizations);
+  }
+
+  private updateObservables(organizationsMap: { [id: string]: OrganizationData }) {
+    const organizations = Object.values(organizationsMap || {}).map((o) => new Organization(o));
+    this._organizations.next(organizations);
+  }
+}

libs/common/src/admin-console/services/policy/policy-api.service.ts

@@ -0,0 +1,103 @@
+import { firstValueFrom } from "rxjs";
+
+import { ApiService } from "../../../abstractions/api.service";
+import { StateService } from "../../../abstractions/state.service";
+import { Utils } from "../../../misc/utils";
+import { ListResponse } from "../../../models/response/list.response";
+import { PolicyApiServiceAbstraction } from "../../abstractions/policy/policy-api.service.abstraction";
+import { InternalPolicyService } from "../../abstractions/policy/policy.service.abstraction";
+import { PolicyType } from "../../enums/policy-type";
+import { PolicyData } from "../../models/data/policy.data";
+import { MasterPasswordPolicyOptions } from "../../models/domain/master-password-policy-options";
+import { PolicyRequest } from "../../models/request/policy.request";
+import { PolicyResponse } from "../../models/response/policy.response";
+
+export class PolicyApiService implements PolicyApiServiceAbstraction {
+  constructor(
+    private policyService: InternalPolicyService,
+    private apiService: ApiService,
+    private stateService: StateService
+  ) {}
+
+  async getPolicy(organizationId: string, type: PolicyType): Promise<PolicyResponse> {
+    const r = await this.apiService.send(
+      "GET",
+      "/organizations/" + organizationId + "/policies/" + type,
+      null,
+      true,
+      true
+    );
+    return new PolicyResponse(r);
+  }
+
+  async getPolicies(organizationId: string): Promise<ListResponse<PolicyResponse>> {
+    const r = await this.apiService.send(
+      "GET",
+      "/organizations/" + organizationId + "/policies",
+      null,
+      true,
+      true
+    );
+    return new ListResponse(r, PolicyResponse);
+  }
+
+  async getPoliciesByToken(
+    organizationId: string,
+    token: string,
+    email: string,
+    organizationUserId: string
+  ): Promise<ListResponse<PolicyResponse>> {
+    const r = await this.apiService.send(
+      "GET",
+      "/organizations/" +
+        organizationId +
+        "/policies/token?" +
+        "token=" +
+        encodeURIComponent(token) +
+        "&email=" +
+        Utils.encodeRFC3986URIComponent(email) +
+        "&organizationUserId=" +
+        organizationUserId,
+      null,
+      false,
+      true
+    );
+    return new ListResponse(r, PolicyResponse);
+  }
+
+  async getPoliciesByInvitedUser(
+    organizationId: string,
+    userId: string
+  ): Promise<ListResponse<PolicyResponse>> {
+    const r = await this.apiService.send(
+      "GET",
+      "/organizations/" + organizationId + "/policies/invited-user?" + "userId=" + userId,
+      null,
+      false,
+      true
+    );
+    return new ListResponse(r, PolicyResponse);
+  }
+
+  async getMasterPasswordPoliciesForInvitedUsers(
+    orgId: string
+  ): Promise<MasterPasswordPolicyOptions> {
+    const userId = await this.stateService.getUserId();
+    const response = await this.getPoliciesByInvitedUser(orgId, userId);
+    const policies = await this.policyService.mapPoliciesFromToken(response);
+    return await firstValueFrom(this.policyService.masterPasswordPolicyOptions$(policies));
+  }
+
+  async putPolicy(organizationId: string, type: PolicyType, request: PolicyRequest): Promise<any> {
+    const r = await this.apiService.send(
+      "PUT",
+      "/organizations/" + organizationId + "/policies/" + type,
+      request,
+      true,
+      true
+    );
+    const response = new PolicyResponse(r);
+    const data = new PolicyData(response);
+    await this.policyService.upsert(data);
+  }
+}

libs/common/src/admin-console/services/policy/policy.service.ts

@@ -0,0 +1,277 @@
+import { of, concatMap, BehaviorSubject, Observable, map } from "rxjs";
+
+import { StateService } from "../../../abstractions/state.service";
+import { Utils } from "../../../misc/utils";
+import { ListResponse } from "../../../models/response/list.response";
+import { OrganizationService } from "../../abstractions/organization/organization.service.abstraction";
+import { InternalPolicyService as InternalPolicyServiceAbstraction } from "../../abstractions/policy/policy.service.abstraction";
+import { OrganizationUserStatusType } from "../../enums/organization-user-status-type";
+import { OrganizationUserType } from "../../enums/organization-user-type";
+import { PolicyType } from "../../enums/policy-type";
+import { PolicyData } from "../../models/data/policy.data";
+import { MasterPasswordPolicyOptions } from "../../models/domain/master-password-policy-options";
+import { Organization } from "../../models/domain/organization";
+import { Policy } from "../../models/domain/policy";
+import { ResetPasswordPolicyOptions } from "../../models/domain/reset-password-policy-options";
+import { PolicyResponse } from "../../models/response/policy.response";
+
+export class PolicyService implements InternalPolicyServiceAbstraction {
+  protected _policies: BehaviorSubject<Policy[]> = new BehaviorSubject([]);
+
+  policies$ = this._policies.asObservable();
+
+  constructor(
+    protected stateService: StateService,
+    private organizationService: OrganizationService
+  ) {
+    this.stateService.activeAccountUnlocked$
+      .pipe(
+        concatMap(async (unlocked) => {
+          if (Utils.global.bitwardenContainerService == null) {
+            return;
+          }
+
+          if (!unlocked) {
+            this._policies.next([]);
+            return;
+          }
+
+          const data = await this.stateService.getEncryptedPolicies();
+
+          await this.updateObservables(data);
+        })
+      )
+      .subscribe();
+  }
+
+  /**
+   * @deprecated Do not call this, use the policies$ observable collection
+   */
+  async getAll(type?: PolicyType, userId?: string): Promise<Policy[]> {
+    let response: Policy[] = [];
+    const decryptedPolicies = await this.stateService.getDecryptedPolicies({ userId: userId });
+    if (decryptedPolicies != null) {
+      response = decryptedPolicies;
+    } else {
+      const diskPolicies = await this.stateService.getEncryptedPolicies({ userId: userId });
+      for (const id in diskPolicies) {
+        if (Object.prototype.hasOwnProperty.call(diskPolicies, id)) {
+          response.push(new Policy(diskPolicies[id]));
+        }
+      }
+      await this.stateService.setDecryptedPolicies(response, { userId: userId });
+    }
+    if (type != null) {
+      return response.filter((policy) => policy.type === type);
+    } else {
+      return response;
+    }
+  }
+
+  masterPasswordPolicyOptions$(policies?: Policy[]): Observable<MasterPasswordPolicyOptions> {
+    const observable = policies ? of(policies) : this.policies$;
+    return observable.pipe(
+      map((obsPolicies) => {
+        let enforcedOptions: MasterPasswordPolicyOptions = null;
+        const filteredPolicies = obsPolicies.filter((p) => p.type === PolicyType.MasterPassword);
+
+        if (filteredPolicies == null || filteredPolicies.length === 0) {
+          return enforcedOptions;
+        }
+
+        filteredPolicies.forEach((currentPolicy) => {
+          if (!currentPolicy.enabled || currentPolicy.data == null) {
+            return;
+          }
+
+          if (enforcedOptions == null) {
+            enforcedOptions = new MasterPasswordPolicyOptions();
+          }
+
+          if (
+            currentPolicy.data.minComplexity != null &&
+            currentPolicy.data.minComplexity > enforcedOptions.minComplexity
+          ) {
+            enforcedOptions.minComplexity = currentPolicy.data.minComplexity;
+          }
+
+          if (
+            currentPolicy.data.minLength != null &&
+            currentPolicy.data.minLength > enforcedOptions.minLength
+          ) {
+            enforcedOptions.minLength = currentPolicy.data.minLength;
+          }
+
+          if (currentPolicy.data.requireUpper) {
+            enforcedOptions.requireUpper = true;
+          }
+
+          if (currentPolicy.data.requireLower) {
+            enforcedOptions.requireLower = true;
+          }
+
+          if (currentPolicy.data.requireNumbers) {
+            enforcedOptions.requireNumbers = true;
+          }
+
+          if (currentPolicy.data.requireSpecial) {
+            enforcedOptions.requireSpecial = true;
+          }
+        });
+
+        return enforcedOptions;
+      })
+    );
+  }
+
+  policyAppliesToActiveUser$(policyType: PolicyType, policyFilter?: (policy: Policy) => boolean) {
+    return this.policies$.pipe(
+      concatMap(async (policies) => {
+        const userId = await this.stateService.getUserId();
+        return await this.checkPoliciesThatApplyToUser(policies, policyType, policyFilter, userId);
+      })
+    );
+  }
+
+  evaluateMasterPassword(
+    passwordStrength: number,
+    newPassword: string,
+    enforcedPolicyOptions: MasterPasswordPolicyOptions
+  ): boolean {
+    if (enforcedPolicyOptions == null) {
+      return true;
+    }
+
+    if (
+      enforcedPolicyOptions.minComplexity > 0 &&
+      enforcedPolicyOptions.minComplexity > passwordStrength
+    ) {
+      return false;
+    }
+
+    if (
+      enforcedPolicyOptions.minLength > 0 &&
+      enforcedPolicyOptions.minLength > newPassword.length
+    ) {
+      return false;
+    }
+
+    if (enforcedPolicyOptions.requireUpper && newPassword.toLocaleLowerCase() === newPassword) {
+      return false;
+    }
+
+    if (enforcedPolicyOptions.requireLower && newPassword.toLocaleUpperCase() === newPassword) {
+      return false;
+    }
+
+    if (enforcedPolicyOptions.requireNumbers && !/[0-9]/.test(newPassword)) {
+      return false;
+    }
+
+    // eslint-disable-next-line
+    if (enforcedPolicyOptions.requireSpecial && !/[!@#$%\^&*]/g.test(newPassword)) {
+      return false;
+    }
+
+    return true;
+  }
+
+  getResetPasswordPolicyOptions(
+    policies: Policy[],
+    orgId: string
+  ): [ResetPasswordPolicyOptions, boolean] {
+    const resetPasswordPolicyOptions = new ResetPasswordPolicyOptions();
+
+    if (policies == null || orgId == null) {
+      return [resetPasswordPolicyOptions, false];
+    }
+
+    const policy = policies.find(
+      (p) => p.organizationId === orgId && p.type === PolicyType.ResetPassword && p.enabled
+    );
+    resetPasswordPolicyOptions.autoEnrollEnabled = policy?.data?.autoEnrollEnabled ?? false;
+
+    return [resetPasswordPolicyOptions, policy?.enabled ?? false];
+  }
+
+  mapPoliciesFromToken(policiesResponse: ListResponse<PolicyResponse>): Policy[] {
+    if (policiesResponse == null || policiesResponse.data == null) {
+      return null;
+    }
+
+    const policiesData = policiesResponse.data.map((p) => new PolicyData(p));
+    return policiesData.map((p) => new Policy(p));
+  }
+
+  async policyAppliesToUser(
+    policyType: PolicyType,
+    policyFilter?: (policy: Policy) => boolean,
+    userId?: string
+  ) {
+    const policies = await this.getAll(policyType, userId);
+
+    return this.checkPoliciesThatApplyToUser(policies, policyType, policyFilter, userId);
+  }
+
+  async upsert(policy: PolicyData): Promise<any> {
+    let policies = await this.stateService.getEncryptedPolicies();
+    if (policies == null) {
+      policies = {};
+    }
+
+    policies[policy.id] = policy;
+
+    await this.updateObservables(policies);
+    await this.stateService.setDecryptedPolicies(null);
+    await this.stateService.setEncryptedPolicies(policies);
+  }
+
+  async replace(policies: { [id: string]: PolicyData }): Promise<void> {
+    await this.updateObservables(policies);
+    await this.stateService.setDecryptedPolicies(null);
+    await this.stateService.setEncryptedPolicies(policies);
+  }
+
+  async clear(userId?: string): Promise<void> {
+    if (userId == null || userId == (await this.stateService.getUserId())) {
+      this._policies.next([]);
+    }
+    await this.stateService.setDecryptedPolicies(null, { userId: userId });
+    await this.stateService.setEncryptedPolicies(null, { userId: userId });
+  }
+
+  private isExcemptFromPolicies(organization: Organization, policyType: PolicyType) {
+    if (policyType === PolicyType.MaximumVaultTimeout) {
+      return organization.type === OrganizationUserType.Owner;
+    }
+
+    return organization.isExemptFromPolicies;
+  }
+
+  private async updateObservables(policiesMap: { [id: string]: PolicyData }) {
+    const policies = Object.values(policiesMap || {}).map((f) => new Policy(f));
+
+    this._policies.next(policies);
+  }
+
+  private async checkPoliciesThatApplyToUser(
+    policies: Policy[],
+    policyType: PolicyType,
+    policyFilter?: (policy: Policy) => boolean,
+    userId?: string
+  ) {
+    const organizations = await this.organizationService.getAll(userId);
+    const filteredPolicies = policies.filter(
+      (p) => p.type === policyType && p.enabled && (policyFilter == null || policyFilter(p))
+    );
+    const policySet = new Set(filteredPolicies.map((p) => p.organizationId));
+
+    return organizations.some(
+      (o) =>
+        o.status >= OrganizationUserStatusType.Accepted &&
+        o.usePolicies &&
+        policySet.has(o.id) &&
+        !this.isExcemptFromPolicies(o, policyType)
+    );
+  }
+}

libs/common/src/admin-console/services/provider.service.ts

@@ -0,0 +1,34 @@
+import { StateService } from "../../abstractions/state.service";
+import { Provider } from "../../models/domain/provider";
+import { ProviderService as ProviderServiceAbstraction } from "../abstractions/provider.service";
+import { ProviderData } from "../models/data/provider.data";
+
+export class ProviderService implements ProviderServiceAbstraction {
+  constructor(private stateService: StateService) {}
+
+  async get(id: string): Promise<Provider> {
+    const providers = await this.stateService.getProviders();
+    // eslint-disable-next-line
+    if (providers == null || !providers.hasOwnProperty(id)) {
+      return null;
+    }
+
+    return new Provider(providers[id]);
+  }
+
+  async getAll(): Promise<Provider[]> {
+    const providers = await this.stateService.getProviders();
+    const response: Provider[] = [];
+    for (const id in providers) {
+      // eslint-disable-next-line
+      if (providers.hasOwnProperty(id)) {
+        response.push(new Provider(providers[id]));
+      }
+    }
+    return response;
+  }
+
+  async save(providers: { [id: string]: ProviderData }) {
+    await this.stateService.setProviders(providers);
+  }
+}