feat(user-decryption-options) [PM-26413]: Remove ActiveUserState from UserDecryptionOptionsService (#16894)

* feat(user-decryption-options) [PM-26413]: Update UserDecryptionOptionsService and tests to use UserId-only APIs.

* feat(user-decryption-options) [PM-26413]: Update InternalUserDecryptionOptionsService call sites to use UserId-only API.

* feat(user-decryption-options) [PM-26413] Update userDecryptionOptions$ call sites to use the UserId-only API.

* feat(user-decryption-options) [PM-26413]: Update additional call sites.

* feat(user-decryption-options) [PM-26413]: Update dependencies and an additional call site.

* feat(user-verification-service) [PM-26413]: Replace where allowed by unrestricted imports invocation of UserVerificationService.hasMasterPassword (deprecated) with UserDecryptionOptions.hasMasterPasswordById$. Additional work to complete as tech debt tracked in PM-27009.

* feat(user-decryption-options) [PM-26413]: Update for non-null strict adherence.

* feat(user-decryption-options) [PM-26413]: Update type safety and defensive returns.

* chore(user-decryption-options) [PM-26413]: Comment cleanup.

* feat(user-decryption-options) [PM-26413]: Update tests.

* feat(user-decryption-options) [PM-26413]: Standardize null-checking on active account id for new API consumption.

* feat(vault-timeout-settings-service) [PM-26413]: Add test cases to illustrate null active account from AccountService.

* fix(fido2-user-verification-service-spec) [PM-26413]: Update test harness to use FakeAccountService.

* fix(downstream-components) [PM-26413]: Prefer use of the getUserId operator in all authenticated contexts for user id provided to UserDecryptionOptionsService.

---------

Co-authored-by: bnagawiecki <107435978+bnagawiecki@users.noreply.github.com>

libs/common/src/auth/abstractions/user-verification/user-verification.service.abstraction.ts

@@ -48,6 +48,9 @@ export abstract class UserVerificationService {
    * @param userId The user id to check. If not provided, the current user is used
    * @returns True if the user has a master password
    * @deprecated Use UserDecryptionOptionsService.hasMasterPassword$ instead
+   * @remark To facilitate deprecation, many call sites were removed as part of PM-26413.
+   * Those remaining are blocked by currently-disallowed imports of auth/common.
+   * PM-27009 has been filed to track completion of this deprecation.
    */
   abstract hasMasterPassword(userId?: string): Promise<boolean>;
   /**

libs/common/src/auth/services/user-verification/user-verification.service.spec.ts

@@ -3,10 +3,7 @@ import { of } from "rxjs";
 
 // This import has been flagged as unallowed for this class. It may be involved in a circular dependency loop.
 // eslint-disable-next-line no-restricted-imports
-import {
-  UserDecryptionOptions,
-  UserDecryptionOptionsServiceAbstraction,
-} from "@bitwarden/auth/common";
+import { UserDecryptionOptionsServiceAbstraction } from "@bitwarden/auth/common";
 // This import has been flagged as unallowed for this class. It may be involved in a circular dependency loop.
 // eslint-disable-next-line no-restricted-imports
 import {
@@ -146,11 +143,7 @@ describe("UserVerificationService", () => {
 
     describe("server verification type", () => {
       it("correctly returns master password availability", async () => {
-        userDecryptionOptionsService.userDecryptionOptionsById$.mockReturnValue(
-          of({
-            hasMasterPassword: true,
-          } as UserDecryptionOptions),
-        );
+        userDecryptionOptionsService.hasMasterPasswordById$.mockReturnValue(of(true));
 
         const result = await sut.getAvailableVerificationOptions("server");
 
@@ -168,11 +161,7 @@ describe("UserVerificationService", () => {
       });
 
       it("correctly returns OTP availability", async () => {
-        userDecryptionOptionsService.userDecryptionOptionsById$.mockReturnValue(
-          of({
-            hasMasterPassword: false,
-          } as UserDecryptionOptions),
-        );
+        userDecryptionOptionsService.hasMasterPasswordById$.mockReturnValue(of(false));
 
         const result = await sut.getAvailableVerificationOptions("server");
 
@@ -526,11 +515,7 @@ describe("UserVerificationService", () => {
 
   // Helpers
   function setMasterPasswordAvailability(hasMasterPassword: boolean) {
-    userDecryptionOptionsService.userDecryptionOptionsById$.mockReturnValue(
-      of({
-        hasMasterPassword: hasMasterPassword,
-      } as UserDecryptionOptions),
-    );
+    userDecryptionOptionsService.hasMasterPasswordById$.mockReturnValue(of(hasMasterPassword));
     masterPasswordService.masterKeyHash$.mockReturnValue(
       of(hasMasterPassword ? "masterKeyHash" : null),
     );

libs/common/src/auth/services/user-verification/user-verification.service.ts

@@ -258,16 +258,19 @@ export class UserVerificationService implements UserVerificationServiceAbstracti
   }
 
   async hasMasterPassword(userId?: string): Promise<boolean> {
-    if (userId) {
-      const decryptionOptions = await firstValueFrom(
-        this.userDecryptionOptionsService.userDecryptionOptionsById$(userId),
-      );
+    const resolvedUserId = userId ?? (await firstValueFrom(this.accountService.activeAccount$))?.id;
 
-      if (decryptionOptions?.hasMasterPassword != undefined) {
-        return decryptionOptions.hasMasterPassword;
-      }
+    if (!resolvedUserId) {
+      return false;
     }
-    return await firstValueFrom(this.userDecryptionOptionsService.hasMasterPassword$);
+
+    // Ideally, this method would accept a UserId over string. To avoid scope creep in PM-26413, we are
+    // doing the cast here. Future work should be done to make this type-safe, and should be considered
+    // as part of PM-27009.
+
+    return await firstValueFrom(
+      this.userDecryptionOptionsService.hasMasterPasswordById$(resolvedUserId as UserId),
+    );
   }
 
   async hasMasterPasswordAndMasterKeyHash(userId?: string): Promise<boolean> {