From d7949ab2f3763be8599c848289fcb00c67f792ba Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Thu, 20 Nov 2025 09:42:57 -0500 Subject: [PATCH] [PM-27766] Add policy for blocking account creation from claimed domains (#17211) * Added policy for blocking account creation for claimed domains. * add feature flag * fix desc * learn more link * fix localization key to learnMore * onpush change detection --- apps/web/src/locales/en/messages.json | 9 ++++++ ...med-domain-account-creation.component.html | 15 +++++++++ ...aimed-domain-account-creation.component.ts | 32 +++++++++++++++++++ .../policies/policy-edit-definitions/index.ts | 1 + .../policies/policy-edit-register.ts | 2 ++ .../admin-console/enums/policy-type.enum.ts | 1 + libs/common/src/enums/feature-flag.enum.ts | 2 ++ 7 files changed, 62 insertions(+) create mode 100644 bitwarden_license/bit-web/src/app/admin-console/policies/policy-edit-definitions/block-claimed-domain-account-creation.component.html create mode 100644 bitwarden_license/bit-web/src/app/admin-console/policies/policy-edit-definitions/block-claimed-domain-account-creation.component.ts diff --git a/apps/web/src/locales/en/messages.json b/apps/web/src/locales/en/messages.json index 1b0460e2aa..59db19aa38 100644 --- a/apps/web/src/locales/en/messages.json +++ b/apps/web/src/locales/en/messages.json @@ -12122,6 +12122,15 @@ "startFreeFamiliesTrial": { "message": "Start free Families trial" }, + "blockClaimedDomainAccountCreation": { + "message": "Block account creation for claimed domains" + }, + "blockClaimedDomainAccountCreationDesc": { + "message": "Prevent users from creating accounts outside of your organization using email addresses from claimed domains." + }, + "blockClaimedDomainAccountCreationPrerequisite": { + "message": "A domain must be claimed before activating this policy." + }, "unlockMethodNeededToChangeTimeoutActionDesc": { "message": "Set up an unlock method to change your vault timeout action." }, diff --git a/bitwarden_license/bit-web/src/app/admin-console/policies/policy-edit-definitions/block-claimed-domain-account-creation.component.html b/bitwarden_license/bit-web/src/app/admin-console/policies/policy-edit-definitions/block-claimed-domain-account-creation.component.html new file mode 100644 index 0000000000..1722590599 --- /dev/null +++ b/bitwarden_license/bit-web/src/app/admin-console/policies/policy-edit-definitions/block-claimed-domain-account-creation.component.html @@ -0,0 +1,15 @@ + + {{ "blockClaimedDomainAccountCreationPrerequisite" | i18n }} + {{ "learnMore" | i18n }} + + + + + {{ "turnOn" | i18n }} + diff --git a/bitwarden_license/bit-web/src/app/admin-console/policies/policy-edit-definitions/block-claimed-domain-account-creation.component.ts b/bitwarden_license/bit-web/src/app/admin-console/policies/policy-edit-definitions/block-claimed-domain-account-creation.component.ts new file mode 100644 index 0000000000..5e2925aa0b --- /dev/null +++ b/bitwarden_license/bit-web/src/app/admin-console/policies/policy-edit-definitions/block-claimed-domain-account-creation.component.ts @@ -0,0 +1,32 @@ +import { ChangeDetectionStrategy, Component } from "@angular/core"; +import { map, Observable } from "rxjs"; + +import { PolicyType } from "@bitwarden/common/admin-console/enums"; +import { Organization } from "@bitwarden/common/admin-console/models/domain/organization"; +import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum"; +import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service"; +import { + BasePolicyEditDefinition, + BasePolicyEditComponent, +} from "@bitwarden/web-vault/app/admin-console/organizations/policies"; +import { SharedModule } from "@bitwarden/web-vault/app/shared"; + +export class BlockClaimedDomainAccountCreationPolicy extends BasePolicyEditDefinition { + name = "blockClaimedDomainAccountCreation"; + description = "blockClaimedDomainAccountCreationDesc"; + type = PolicyType.BlockClaimedDomainAccountCreation; + component = BlockClaimedDomainAccountCreationPolicyComponent; + + override display$(organization: Organization, configService: ConfigService): Observable { + return configService + .getFeatureFlag$(FeatureFlag.BlockClaimedDomainAccountCreation) + .pipe(map((enabled) => enabled && organization.useOrganizationDomains)); + } +} + +@Component({ + changeDetection: ChangeDetectionStrategy.OnPush, + templateUrl: "block-claimed-domain-account-creation.component.html", + imports: [SharedModule], +}) +export class BlockClaimedDomainAccountCreationPolicyComponent extends BasePolicyEditComponent {} diff --git a/bitwarden_license/bit-web/src/app/admin-console/policies/policy-edit-definitions/index.ts b/bitwarden_license/bit-web/src/app/admin-console/policies/policy-edit-definitions/index.ts index 52325eae16..b03f368042 100644 --- a/bitwarden_license/bit-web/src/app/admin-console/policies/policy-edit-definitions/index.ts +++ b/bitwarden_license/bit-web/src/app/admin-console/policies/policy-edit-definitions/index.ts @@ -1,3 +1,4 @@ export { ActivateAutofillPolicy } from "./activate-autofill.component"; export { AutomaticAppLoginPolicy } from "./automatic-app-login.component"; +export { BlockClaimedDomainAccountCreationPolicy } from "./block-claimed-domain-account-creation.component"; export { DisablePersonalVaultExportPolicy } from "./disable-personal-vault-export.component"; diff --git a/bitwarden_license/bit-web/src/app/admin-console/policies/policy-edit-register.ts b/bitwarden_license/bit-web/src/app/admin-console/policies/policy-edit-register.ts index 015b4fc17b..c2a31d936b 100644 --- a/bitwarden_license/bit-web/src/app/admin-console/policies/policy-edit-register.ts +++ b/bitwarden_license/bit-web/src/app/admin-console/policies/policy-edit-register.ts @@ -9,6 +9,7 @@ import { SessionTimeoutPolicy } from "../../key-management/policies/session-time import { ActivateAutofillPolicy, AutomaticAppLoginPolicy, + BlockClaimedDomainAccountCreationPolicy, DisablePersonalVaultExportPolicy, } from "./policy-edit-definitions"; @@ -23,6 +24,7 @@ const policyEditRegister: BasePolicyEditDefinition[] = [ new FreeFamiliesSponsorshipPolicy(), new ActivateAutofillPolicy(), new AutomaticAppLoginPolicy(), + new BlockClaimedDomainAccountCreationPolicy(), ]; export const bitPolicyEditRegister = ossPolicyEditRegister.concat(policyEditRegister); diff --git a/libs/common/src/admin-console/enums/policy-type.enum.ts b/libs/common/src/admin-console/enums/policy-type.enum.ts index ae0070dda8..af8147c41e 100644 --- a/libs/common/src/admin-console/enums/policy-type.enum.ts +++ b/libs/common/src/admin-console/enums/policy-type.enum.ts @@ -20,4 +20,5 @@ export enum PolicyType { UriMatchDefaults = 16, // Sets the default URI matching strategy for all users within an organization AutotypeDefaultSetting = 17, // Sets the default autotype setting for desktop app AutoConfirm = 18, // Enables the auto confirmation feature for admins to enable in their client + BlockClaimedDomainAccountCreation = 19, // Prevents users from creating personal accounts using email addresses from verified domains } diff --git a/libs/common/src/enums/feature-flag.enum.ts b/libs/common/src/enums/feature-flag.enum.ts index 7d2d831bfb..d06a14d242 100644 --- a/libs/common/src/enums/feature-flag.enum.ts +++ b/libs/common/src/enums/feature-flag.enum.ts @@ -13,6 +13,7 @@ export enum FeatureFlag { /* Admin Console Team */ CreateDefaultLocation = "pm-19467-create-default-location", AutoConfirm = "pm-19934-auto-confirm-organization-users", + BlockClaimedDomainAccountCreation = "block-claimed-domain-account-creation", /* Auth */ PM22110_DisableAlternateLoginMethods = "pm-22110-disable-alternate-login-methods", @@ -91,6 +92,7 @@ export const DefaultFeatureFlagValue = { /* Admin Console Team */ [FeatureFlag.CreateDefaultLocation]: FALSE, [FeatureFlag.AutoConfirm]: FALSE, + [FeatureFlag.BlockClaimedDomainAccountCreation]: FALSE, /* Autofill */ [FeatureFlag.MacOsNativeCredentialSync]: FALSE,