[AC-2008] [AC-2123] [Pt 2] Transition PolicyService to use StateProvider (#7977)

* fully wire up StateProvider within PolicyService * migrate old policy data to new location * minor update to existing interfaces
2025-12-21 18:53:29 +00:00 · 2024-03-08 10:26:00 +10:00
parent 73504d9bb0
commit eedd6f0881
21 changed files with 678 additions and 653 deletions
--- a/libs/common/src/state-migrations/migrations/30-move-policy-state-to-state-provider.ts
+++ b/libs/common/src/state-migrations/migrations/30-move-policy-state-to-state-provider.ts
@@ -0,0 +1,76 @@
+import { KeyDefinitionLike, MigrationHelper } from "../migration-helper";
+import { Migrator } from "../migrator";
+
+enum PolicyType {
+  TwoFactorAuthentication = 0, // Requires users to have 2fa enabled
+  MasterPassword = 1, // Sets minimum requirements for master password complexity
+  PasswordGenerator = 2, // Sets minimum requirements/default type for generated passwords/passphrases
+  SingleOrg = 3, // Allows users to only be apart of one organization
+  RequireSso = 4, // Requires users to authenticate with SSO
+  PersonalOwnership = 5, // Disables personal vault ownership for adding/cloning items
+  DisableSend = 6, // Disables the ability to create and edit Bitwarden Sends
+  SendOptions = 7, // Sets restrictions or defaults for Bitwarden Sends
+  ResetPassword = 8, // Allows orgs to use reset password : also can enable auto-enrollment during invite flow
+  MaximumVaultTimeout = 9, // Sets the maximum allowed vault timeout
+  DisablePersonalVaultExport = 10, // Disable personal vault export
+  ActivateAutofill = 11, // Activates autofill with page load on the browser extension
+}
+
+type PolicyDataType = {
+  id: string;
+  organizationId: string;
+  type: PolicyType;
+  data: Record<string, string | number | boolean>;
+  enabled: boolean;
+};
+
+type ExpectedAccountType = {
+  data?: {
+    policies?: {
+      encrypted?: Record<string, PolicyDataType>;
+    };
+  };
+};
+
+const POLICIES_KEY: KeyDefinitionLike = {
+  key: "policies",
+  stateDefinition: {
+    name: "policies",
+  },
+};
+
+export class PolicyMigrator extends Migrator<29, 30> {
+  async migrate(helper: MigrationHelper): Promise<void> {
+    const accounts = await helper.getAccounts<ExpectedAccountType>();
+
+    async function migrateAccount(userId: string, account: ExpectedAccountType): Promise<void> {
+      const value = account?.data?.policies?.encrypted;
+      if (value != null) {
+        await helper.setToUser(userId, POLICIES_KEY, value);
+        delete account.data.policies;
+        await helper.set(userId, account);
+      }
+    }
+
+    await Promise.all(accounts.map(({ userId, account }) => migrateAccount(userId, account)));
+  }
+
+  async rollback(helper: MigrationHelper): Promise<void> {
+    const accounts = await helper.getAccounts<ExpectedAccountType>();
+
+    async function rollbackAccount(userId: string, account: ExpectedAccountType): Promise<void> {
+      const value = await helper.getFromUser(userId, POLICIES_KEY);
+      if (account) {
+        account.data = Object.assign(account.data ?? {}, {
+          policies: {
+            encrypted: value,
+          },
+        });
+
+        await helper.set(userId, account);
+      }
+      await helper.setToUser(userId, POLICIES_KEY, null);
+    }
+    await Promise.all(accounts.map(({ userId, account }) => rollbackAccount(userId, account)));
+  }
+}