[PM-10107] evaluate the override password type policy (#10277)

libs/tools/generator/core/src/data/generator-types.ts

@@ -0,0 +1,5 @@
+/** Types of passwords that may be configured by the password generator */
+export const PasswordTypes = Object.freeze(["password", "passphrase"] as const);
+
+/** Types of generators that may be configured by the password generator */
+export const GeneratorTypes = Object.freeze([...PasswordTypes, "username"] as const);

libs/tools/generator/core/src/data/index.ts

@@ -17,3 +17,4 @@ export * from "./forwarders";
 export * from "./integrations";
 export * from "./policies";
 export * from "./username-digits";
+export * from "./generator-types";

libs/tools/generator/core/src/types/generator-type.ts

@@ -1,2 +1,7 @@
+import { GeneratorTypes, PasswordTypes } from "../data/generator-types";
+
 /** The kind of credential being generated. */
-export type GeneratorType = "password" | "passphrase" | "username";
+export type GeneratorType = (typeof GeneratorTypes)[number];
+
+/** The kinds of passwords that can be generated. */
+export type PasswordType = (typeof PasswordTypes)[number];

libs/tools/generator/extensions/legacy/src/legacy-password-generation.service.spec.ts

@@ -270,7 +270,7 @@ describe("LegacyPasswordGenerationService", () => {
       const navigation = createNavigationGenerator(
         {},
         {
-          defaultType: "password",
+          overridePasswordType: "password",
         },
       );
       const generator = new LegacyPasswordGenerationService(
@@ -284,7 +284,7 @@ describe("LegacyPasswordGenerationService", () => {
       const [, policy] = await generator.getOptions();
 
       expect(policy).toEqual({
-        defaultType: "password",
+        overridePasswordType: "password",
         minLength: 20,
         numberCount: 10,
         specialCount: 11,
@@ -402,7 +402,7 @@ describe("LegacyPasswordGenerationService", () => {
       const navigation = createNavigationGenerator(
         {},
         {
-          defaultType: "password",
+          overridePasswordType: "password",
         },
       );
       const generator = new LegacyPasswordGenerationService(
@@ -416,7 +416,7 @@ describe("LegacyPasswordGenerationService", () => {
       const [, policy] = await generator.enforcePasswordGeneratorPoliciesOnOptions({});
 
       expect(policy).toEqual({
-        defaultType: "password",
+        overridePasswordType: "password",
         minLength: 20,
         numberCount: 10,
         specialCount: 11,

libs/tools/generator/extensions/legacy/src/legacy-password-generation.service.ts

@@ -248,7 +248,7 @@ export class LegacyPasswordGenerationService implements PasswordGenerationServic
           ...options,
           ...navigationEvaluator.sanitize(navigationApplied),
         };
-        if (options.type === "password") {
+        if (navigationSanitized.type === "password") {
           const applied = passwordEvaluator.applyPolicy(navigationSanitized);
           const sanitized = passwordEvaluator.sanitize(applied);
           return [sanitized, policy];

libs/tools/generator/extensions/navigation/src/default-generator-navigation.service.spec.ts

@@ -69,7 +69,7 @@ describe("DefaultGeneratorNavigationService", () => {
               organizationId: "" as any,
               enabled: true,
               type: PolicyType.PasswordGenerator,
-              data: { defaultType: "password" },
+              data: { overridePasswordType: "password" },
             }),
           ]);
         },

libs/tools/generator/extensions/navigation/src/generator-navigation-evaluator.spec.ts

@@ -4,18 +4,18 @@ import { GeneratorNavigationEvaluator } from "./generator-navigation-evaluator";
 describe("GeneratorNavigationEvaluator", () => {
   describe("policyInEffect", () => {
     it.each([["passphrase"], ["password"]] as const)(
-      "returns true if the policy has a defaultType (= %p)",
-      (defaultType) => {
-        const evaluator = new GeneratorNavigationEvaluator({ defaultType });
+      "returns true if the policy has a overridePasswordType (= %p)",
+      (overridePasswordType) => {
+        const evaluator = new GeneratorNavigationEvaluator({ overridePasswordType });
 
         expect(evaluator.policyInEffect).toEqual(true);
       },
     );
 
     it.each([[undefined], [null], ["" as any]])(
-      "returns false if the policy has a falsy defaultType (= %p)",
-      (defaultType) => {
-        const evaluator = new GeneratorNavigationEvaluator({ defaultType });
+      "returns false if the policy has a falsy overridePasswordType (= %p)",
+      (overridePasswordType) => {
+        const evaluator = new GeneratorNavigationEvaluator({ overridePasswordType });
 
         expect(evaluator.policyInEffect).toEqual(false);
       },
@@ -23,7 +23,7 @@ describe("GeneratorNavigationEvaluator", () => {
   });
 
   describe("applyPolicy", () => {
-    it("returns the input options", () => {
+    it("returns the input options when a policy is not in effect", () => {
       const evaluator = new GeneratorNavigationEvaluator(null);
       const options = { type: "password" as const };
 
@@ -31,19 +31,27 @@ describe("GeneratorNavigationEvaluator", () => {
 
       expect(result).toEqual(options);
     });
+
+    it.each([["passphrase"], ["password"]] as const)(
+      "defaults options to the policy's default type (= %p) when a policy is in effect",
+      (overridePasswordType) => {
+        const evaluator = new GeneratorNavigationEvaluator({ overridePasswordType });
+
+        const result = evaluator.applyPolicy({});
+
+        expect(result).toEqual({ type: overridePasswordType });
+      },
+    );
   });
 
   describe("sanitize", () => {
-    it.each([["passphrase"], ["password"]] as const)(
-      "defaults options to the policy's default type (= %p) when a policy is in effect",
-      (defaultType) => {
-        const evaluator = new GeneratorNavigationEvaluator({ defaultType });
+    it("retains the options type when it is set", () => {
+      const evaluator = new GeneratorNavigationEvaluator({ overridePasswordType: "passphrase" });
 
-        const result = evaluator.sanitize({});
+      const result = evaluator.sanitize({ type: "password" });
 
-        expect(result).toEqual({ type: defaultType });
-      },
-    );
+      expect(result).toEqual({ type: "password" });
+    });
 
     it("defaults options to the default generator navigation type when a policy is not in effect", () => {
       const evaluator = new GeneratorNavigationEvaluator(null);
@@ -52,13 +60,5 @@ describe("GeneratorNavigationEvaluator", () => {
 
       expect(result.type).toEqual(DefaultGeneratorNavigation.type);
     });
-
-    it("retains the options type when it is set", () => {
-      const evaluator = new GeneratorNavigationEvaluator({ defaultType: "passphrase" });
-
-      const result = evaluator.sanitize({ type: "password" });
-
-      expect(result).toEqual({ type: "password" });
-    });
   });
 });

libs/tools/generator/extensions/navigation/src/generator-navigation-evaluator.ts

@@ -1,4 +1,4 @@
-import { PolicyEvaluator } from "@bitwarden/generator-core";
+import { PasswordTypes, PolicyEvaluator } from "@bitwarden/generator-core";
 
 import { DefaultGeneratorNavigation } from "./default-generator-navigation";
 import { GeneratorNavigation } from "./generator-navigation";
@@ -17,7 +17,7 @@ export class GeneratorNavigationEvaluator
 
   /** {@link PolicyEvaluator.policyInEffect} */
   get policyInEffect(): boolean {
-    return this.policy?.defaultType ? true : false;
+    return PasswordTypes.includes(this.policy?.overridePasswordType);
   }
 
   /** Apply policy to the input options.
@@ -25,7 +25,13 @@ export class GeneratorNavigationEvaluator
    *  @returns A new password generation request with policy applied.
    */
   applyPolicy(options: GeneratorNavigation): GeneratorNavigation {
-    return options;
+    const result = { ...options };
+
+    if (this.policyInEffect) {
+      result.type = this.policy.overridePasswordType ?? result.type;
+    }
+
+    return result;
   }
 
   /** Ensures internal options consistency.
@@ -33,12 +39,9 @@ export class GeneratorNavigationEvaluator
    *  @returns A passphrase generation request with cascade applied.
    */
   sanitize(options: GeneratorNavigation): GeneratorNavigation {
-    const defaultType = this.policyInEffect
-      ? this.policy.defaultType
-      : DefaultGeneratorNavigation.type;
     return {
       ...options,
-      type: options.type ?? defaultType,
+      type: options.type ?? DefaultGeneratorNavigation.type,
     };
   }
 }

libs/tools/generator/extensions/navigation/src/generator-navigation-policy.spec.ts

@@ -38,26 +38,26 @@ describe("leastPrivilege", () => {
   });
 
   it("should take the %p from the policy", () => {
-    const policy = createPolicy({ defaultType: "passphrase" });
+    const policy = createPolicy({ overridePasswordType: "passphrase" });
 
     const result = preferPassword({ ...DisabledGeneratorNavigationPolicy }, policy);
 
-    expect(result).toEqual({ defaultType: "passphrase" });
+    expect(result).toEqual({ overridePasswordType: "passphrase" });
   });
 
   it("should override passphrase with password", () => {
-    const policy = createPolicy({ defaultType: "password" });
+    const policy = createPolicy({ overridePasswordType: "password" });
 
-    const result = preferPassword({ defaultType: "passphrase" }, policy);
+    const result = preferPassword({ overridePasswordType: "passphrase" }, policy);
 
-    expect(result).toEqual({ defaultType: "password" });
+    expect(result).toEqual({ overridePasswordType: "password" });
   });
 
   it("should not override password", () => {
-    const policy = createPolicy({ defaultType: "passphrase" });
+    const policy = createPolicy({ overridePasswordType: "passphrase" });
 
-    const result = preferPassword({ defaultType: "password" }, policy);
+    const result = preferPassword({ overridePasswordType: "password" }, policy);
 
-    expect(result).toEqual({ defaultType: "password" });
+    expect(result).toEqual({ overridePasswordType: "password" });
   });
 });

libs/tools/generator/extensions/navigation/src/generator-navigation-policy.ts

@@ -2,14 +2,14 @@ import { PolicyType } from "@bitwarden/common/admin-console/enums";
 // FIXME: use index.ts imports once policy abstractions and models
 // implement ADR-0002
 import { Policy } from "@bitwarden/common/admin-console/models/domain/policy";
-import { GeneratorType } from "@bitwarden/generator-core";
+import { PasswordType } from "@bitwarden/generator-core";
 
 /** Policy settings affecting password generator navigation */
 export type GeneratorNavigationPolicy = {
   /** The type of generator that should be shown by default when opening
    *  the password generator.
    */
-  defaultType?: GeneratorType;
+  overridePasswordType?: PasswordType;
 };
 
 /** Reduces a policy into an accumulator by preferring the password generator
@@ -27,13 +27,15 @@ export function preferPassword(
     return acc;
   }
 
-  const isOverridable = acc.defaultType !== "password" && policy.data.defaultType;
-  const result = isOverridable ? { ...acc, defaultType: policy.data.defaultType } : acc;
+  const isOverridable = acc.overridePasswordType !== "password" && policy.data.overridePasswordType;
+  const result = isOverridable
+    ? { ...acc, overridePasswordType: policy.data.overridePasswordType }
+    : acc;
 
   return result;
 }
 
 /** The default options for password generation policy. */
 export const DisabledGeneratorNavigationPolicy: GeneratorNavigationPolicy = Object.freeze({
-  defaultType: undefined,
+  overridePasswordType: null,
 });