[PM-14347][PM-14348] New Device Verification Logic (#12451)

* add account created date to the account information

* set permanent dismissal flag when the user selects that they can access their email

* update the logic of device verification notice

* add service to cache the profile creation date to avoid calling the API multiple times

* update step one logic for new device verification + add tests

* update step two logic for new device verification + add tests
- remove remind me later link for permanent logic

* migrate 2FA check to use the profile property rather than hitting the API directly.

The API for 2FA providers is only available on web so it didn't work for browser & native.

* remove unneeded account related changes

- profile creation is used from other sources

* remove obsolete test

* store the profile id within the vault service

* remove unused map

* store the associated profile id so account for profile switching in the extension

* add comment for temporary service and ticket number to remove

* formatting

* move up logic for feature flags

libs/angular/src/vault/guards/new-device-verification-notice.guard.ts

@@ -1,12 +1,16 @@
 import { inject } from "@angular/core";
 import { ActivatedRouteSnapshot, CanActivateFn, Router } from "@angular/router";
-import { Observable, firstValueFrom, map } from "rxjs";
+import { Observable, firstValueFrom } from "rxjs";
 
+import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
+import { PolicyType } from "@bitwarden/common/admin-console/enums";
 import { Account, AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
+import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 
 import { NewDeviceVerificationNoticeService } from "../../../../vault/src/services/new-device-verification-notice.service";
+import { VaultProfileService } from "../services/vault-profile.service";
 
 export const NewDeviceVerificationNoticeGuard: CanActivateFn = async (
   route: ActivatedRouteSnapshot,
@@ -15,6 +19,9 @@ export const NewDeviceVerificationNoticeGuard: CanActivateFn = async (
   const configService = inject(ConfigService);
   const newDeviceVerificationNoticeService = inject(NewDeviceVerificationNoticeService);
   const accountService = inject(AccountService);
+  const platformUtilsService = inject(PlatformUtilsService);
+  const policyService = inject(PolicyService);
+  const vaultProfileService = inject(VaultProfileService);
 
   if (route.queryParams["fromNewDeviceVerification"]) {
     return true;
@@ -27,25 +34,88 @@ export const NewDeviceVerificationNoticeGuard: CanActivateFn = async (
     FeatureFlag.NewDeviceVerificationPermanentDismiss,
   );
 
-  const currentAcct$: Observable<Account | null> = accountService.activeAccount$.pipe(
-    map((acct) => acct),
-  );
+  if (!tempNoticeFlag && !permNoticeFlag) {
+    return true;
+  }
+
+  const currentAcct$: Observable<Account | null> = accountService.activeAccount$;
   const currentAcct = await firstValueFrom(currentAcct$);
 
   if (!currentAcct) {
     return router.createUrlTree(["/login"]);
   }
 
+  const has2FAEnabled = await hasATwoFactorProviderEnabled(vaultProfileService, currentAcct.id);
+  const isSelfHosted = await platformUtilsService.isSelfHost();
+  const requiresSSO = await isSSORequired(policyService);
+  const isProfileLessThanWeekOld = await profileIsLessThanWeekOld(
+    vaultProfileService,
+    currentAcct.id,
+  );
+
+  // When any of the following are true, the device verification notice is
+  // not applicable for the user.
+  if (has2FAEnabled || isSelfHosted || requiresSSO || isProfileLessThanWeekOld) {
+    return true;
+  }
+
   const userItems$ = newDeviceVerificationNoticeService.noticeState$(currentAcct.id);
   const userItems = await firstValueFrom(userItems$);
 
+  // Show the notice when:
+  // - The temp notice flag is enabled
+  // - The user hasn't dismissed the notice or the user dismissed it more than 7 days ago
   if (
-    userItems?.last_dismissal == null &&
-    (userItems?.permanent_dismissal == null || !userItems?.permanent_dismissal) &&
-    (tempNoticeFlag || permNoticeFlag)
+    tempNoticeFlag &&
+    (!userItems?.last_dismissal || isMoreThan7DaysAgo(userItems?.last_dismissal))
   ) {
     return router.createUrlTree(["/new-device-notice"]);
   }
 
+  // Show the notice when:
+  // - The permanent notice flag is enabled
+  // - The user hasn't dismissed the notice
+  if (permNoticeFlag && !userItems?.permanent_dismissal) {
+    return router.createUrlTree(["/new-device-notice"]);
+  }
+
   return true;
 };
+
+/** Returns true has one 2FA provider enabled */
+async function hasATwoFactorProviderEnabled(
+  vaultProfileService: VaultProfileService,
+  userId: string,
+): Promise<boolean> {
+  return vaultProfileService.getProfileTwoFactorEnabled(userId);
+}
+
+/** Returns true when the user's profile is less than a week old */
+async function profileIsLessThanWeekOld(
+  vaultProfileService: VaultProfileService,
+  userId: string,
+): Promise<boolean> {
+  const creationDate = await vaultProfileService.getProfileCreationDate(userId);
+  return !isMoreThan7DaysAgo(creationDate);
+}
+
+/** Returns true when the user is required to login via SSO */
+async function isSSORequired(policyService: PolicyService) {
+  return firstValueFrom(policyService.policyAppliesToActiveUser$(PolicyType.RequireSso));
+}
+
+/** Returns the true when the date given is older than 7 days */
+function isMoreThan7DaysAgo(date?: string | Date): boolean {
+  if (!date) {
+    return false;
+  }
+
+  const inputDate = new Date(date).getTime();
+  const today = new Date().getTime();
+
+  const differenceInMS = today - inputDate;
+  const msInADay = 1000 * 60 * 60 * 24;
+  const differenceInDays = Math.round(differenceInMS / msInADay);
+
+  return differenceInDays > 7;
+}