[Require SSO] Enterprise policy adjustment (#676)

* Commits for policies/edit/strings

* more initial commits of policy/edit/strings

* More changes for require sso

* Updated strings to match policy string patterns

* Updated false enable on error

* Removed sso prevalidate prereq // adjusted callout

* Updated policy array creation and added display value

src/app/organizations/manage/policies.component.html

@@ -13,7 +13,7 @@
 <table class="table table-hover table-list" *ngIf="!loading">
     <tbody>
         <tr *ngFor="let p of policies">
-            <td>
+            <td *ngIf="p.display">
                 <a href="#" appStopClick (click)="edit(p)">{{p.name}}</a>
                 <span class="badge badge-success" *ngIf="p.enabled">{{'enabled' | i18n}}</span>
                 <small class="text-muted d-block">{{p.description}}</small>

src/app/organizations/manage/policies.component.ts

@@ -47,34 +47,7 @@ export class PoliciesComponent implements OnInit {
     constructor(private apiService: ApiService, private route: ActivatedRoute,
         private i18nService: I18nService, private componentFactoryResolver: ComponentFactoryResolver,
         private platformUtilsService: PlatformUtilsService, private userService: UserService,
-        private router: Router, private environmentService: EnvironmentService) {
+        private router: Router, private environmentService: EnvironmentService) { }
-        this.policies = [
-            {
-                name: i18nService.t('twoStepLogin'),
-                description: i18nService.t('twoStepLoginPolicyDesc'),
-                type: PolicyType.TwoFactorAuthentication,
-                enabled: false,
-            },
-            {
-                name: i18nService.t('masterPass'),
-                description: i18nService.t('masterPassPolicyDesc'),
-                type: PolicyType.MasterPassword,
-                enabled: false,
-            },
-            {
-                name: i18nService.t('passwordGenerator'),
-                description: i18nService.t('passwordGeneratorPolicyDesc'),
-                type: PolicyType.PasswordGenerator,
-                enabled: false,
-            },
-            {
-                name: i18nService.t('onlyOrg'),
-                description: i18nService.t('onlyOrgDesc'),
-                type: PolicyType.OnlyOrg,
-                enabled: false,
-            },
-        ];
-    }
 
     async ngOnInit() {
         this.route.parent.parent.params.subscribe(async (params) => {
@@ -84,6 +57,43 @@ export class PoliciesComponent implements OnInit {
                 this.router.navigate(['/organizations', this.organizationId]);
                 return;
             }
+            this.policies = [
+                {
+                    name: this.i18nService.t('twoStepLogin'),
+                    description: this.i18nService.t('twoStepLoginPolicyDesc'),
+                    type: PolicyType.TwoFactorAuthentication,
+                    enabled: false,
+                    display: true,
+                },
+                {
+                    name: this.i18nService.t('masterPass'),
+                    description: this.i18nService.t('masterPassPolicyDesc'),
+                    type: PolicyType.MasterPassword,
+                    enabled: false,
+                    display: true,
+                },
+                {
+                    name: this.i18nService.t('passwordGenerator'),
+                    description: this.i18nService.t('passwordGeneratorPolicyDesc'),
+                    type: PolicyType.PasswordGenerator,
+                    enabled: false,
+                    display: true,
+                },
+                {
+                    name: this.i18nService.t('onlyOrg'),
+                    description: this.i18nService.t('onlyOrgDesc'),
+                    type: PolicyType.OnlyOrg,
+                    enabled: false,
+                    display: true,
+                },
+                {
+                    name: this.i18nService.t('requireSso'),
+                    description: this.i18nService.t('requireSsoPolicyDesc'),
+                    type: PolicyType.RequireSso,
+                    enabled: false,
+                    display: organization.useSso,
+                },
+            ];
             await this.load();
         });
 
@@ -122,6 +132,7 @@ export class PoliciesComponent implements OnInit {
         childComponent.description = p.description;
         childComponent.type = p.type;
         childComponent.organizationId = this.organizationId;
+        childComponent.policiesEnabledMap = this.policiesEnabledMap;
         childComponent.onSavedPolicy.subscribe(() => {
             this.modal.close();
             this.load();

src/app/organizations/manage/policy-edit.component.html

@@ -17,10 +17,13 @@
                     title="{{'warning' | i18n}}" icon="fa-warning">
                     {{'twoStepLoginPolicyWarning' | i18n}}
                 </app-callout>
-                <app-callout type="warning" *ngIf="type === policyType.OnlyOrg"
+                <app-callout type="warning" *ngIf="type === policyType.OnlyOrg" title="{{'warning' | i18n}}"
-                    title="{{'warning' | i18n}}" icon="fa-warning">
+                    icon="fa-warning">
                     {{'onlyOrgPolicyWarning' | i18n}}
                 </app-callout>
+                <app-callout type="tip" title="{{'prerequisite' | i18n}}" *ngIf="type === policyType.RequireSso">
+                    {{'requireSsoPolicyReq' | i18n}}
+                </app-callout>
                 <div class="form-group">
                     <div class="form-check">
                         <input class="form-check-input" type="checkbox" id="enabled" [(ngModel)]="enabled"

src/app/organizations/manage/policy-edit.component.ts

@@ -27,6 +27,7 @@ export class PolicyEditComponent implements OnInit {
     @Input() description: string;
     @Input() type: PolicyType;
     @Input() organizationId: string;
+    @Input() policiesEnabledMap: Map<PolicyType, boolean> = new Map<PolicyType, boolean>();
     @Output() onSavedPolicy = new EventEmitter();
 
     policyType = PolicyType;
@@ -127,6 +128,7 @@ export class PolicyEditComponent implements OnInit {
     }
 
     async submit() {
+        if (this.preValidate()) {
             const request = new PolicyRequest();
             request.enabled = this.enabled;
             request.type = this.type;
@@ -168,4 +170,24 @@ export class PolicyEditComponent implements OnInit {
                 this.onSavedPolicy.emit();
             } catch { }
         }
+    }
+
+    private preValidate(): boolean {
+        switch (this.type) {
+            case PolicyType.RequireSso:
+                if (!this.enabled) { // Don't need prevalidation checks if submitting to disable
+                    return true;
+                }
+                // Have OnlyOrg policy enabled?
+                if (!(this.policiesEnabledMap.has(PolicyType.OnlyOrg)
+                    && this.policiesEnabledMap.get(PolicyType.OnlyOrg))) {
+                    this.toasterService.popAsync('error', null, this.i18nService.t('requireSsoPolicyReqError'));
+                    return false;
+                }
+                return true;
+
+            default:
+                return true;
+        }
+    }
 }

src/locales/en/messages.json

@@ -3221,5 +3221,20 @@
   },
   "onlyOrgPolicyWarning": {
     "message": "Organization members who are already a member of another organization will be removed from your organization."
+  },
+  "requireSso": {
+    "message": "Single Sign-On Authentication"
+  },
+  "requireSsoPolicyDesc": {
+    "message": "Require users to log in with the Enterprise Single Sign-On method."
+  },
+  "prerequisite": {
+    "message": "Prerequisite"
+  },
+  "requireSsoPolicyReq": {
+    "message": "The Single Organization enterprise policy must be enabled before activating this policy."
+  },
+  "requireSsoPolicyReqError": {
+    "message": "Single Organization policy not enabled."
   }
 }