[PM-26057] Enforce session timeout policy (#17424)

* enforce session timeout policy * better angular validation * lint fix * missing switch break * fallback when timeout not supported with highest available timeout * failing unit tests * incorrect policy message * vault timeout type adjustments * fallback to "on browser refresh" for browser, when policy is set to "on system locked", but not available (Safari) * docs, naming improvements * fallback for current user session timeout to "on refresh", when policy is set to "on system locked", but not available. * don't display policy message when the policy does not affect available timeout options * 8 hours default when changing from non-numeric timeout to Custom. * failing unit test * missing locales, changing functions access to private, docs * removal of redundant magic number * missing await * await once for available timeout options * adjusted messaging * unit test coverage * vault timeout numeric module exports * unit test coverage
2026-02-21 11:54:02 +00:00 · 2025-12-05 14:55:59 +01:00
parent c036ffd775
commit bbea11388a
48 changed files with 3344 additions and 569 deletions
--- a/libs/common/src/key-management/session-timeout/abstractions/session-timeout-type.service.ts
+++ b/libs/common/src/key-management/session-timeout/abstractions/session-timeout-type.service.ts
@@ -0,0 +1,15 @@
+import { VaultTimeout } from "../../vault-timeout";
+
+export abstract class SessionTimeoutTypeService {
+  /**
+   * Is provided timeout type available on this client type, OS ?
+   * @param timeout the timeout type
+   */
+  abstract isAvailable(timeout: VaultTimeout): Promise<boolean>;
+
+  /**
+   * Returns the highest available and permissive timeout type, that is higher than or equals the provided timeout type.
+   * @param timeout the provided timeout type
+   */
+  abstract getOrPromoteToAvailable(timeout: VaultTimeout): Promise<VaultTimeout>;
+}
--- a/libs/common/src/key-management/session-timeout/index.ts
+++ b/libs/common/src/key-management/session-timeout/index.ts
@@ -0,0 +1,3 @@
+export { SessionTimeoutTypeService } from "./abstractions/session-timeout-type.service";
+export { MaximumSessionTimeoutPolicyData } from "./types/maximum-session-timeout-policy.type";
+export { SessionTimeoutAction, SessionTimeoutType } from "./types/session-timeout.type";
--- a/libs/common/src/key-management/session-timeout/types/maximum-session-timeout-policy.type.ts
+++ b/libs/common/src/key-management/session-timeout/types/maximum-session-timeout-policy.type.ts
@@ -0,0 +1,7 @@
+import { SessionTimeoutAction, SessionTimeoutType } from "./session-timeout.type";
+
+export interface MaximumSessionTimeoutPolicyData {
+  type?: SessionTimeoutType;
+  minutes: number;
+  action?: SessionTimeoutAction;
+}
--- a/libs/common/src/key-management/session-timeout/types/session-timeout.type.ts
+++ b/libs/common/src/key-management/session-timeout/types/session-timeout.type.ts
@@ -0,0 +1,8 @@
+export type SessionTimeoutAction = null | "lock" | "logOut";
+export type SessionTimeoutType =
+  | null
+  | "never"
+  | "onAppRestart"
+  | "onSystemLock"
+  | "immediately"
+  | "custom";