[AC-1070] Enforce master password policy on login/unlock (#2410)

* [AC-1070] Add EnforceOnLogin property to MasterPasswordPolicyOptions

* [AC-1070] Add MasterPasswordPolicy property to Identity responses

* [AC-1070] Add policy service dependency to auth service

* [AC-1070] Introduce logic to evaluate master password after successful login

* [AC-1070] Add optional ForcePasswordResetReason to profile / state service

* [AC-1070] Save ForcePasswordResetReason to state when a weak master password is found during login

- Additionally, save the AdminForcePasswordReset reason if the identity result indicates an admin password reset is in effect.

* [AC-1070] Check for a saved ForcePasswordReset reason on TabsPage load force show the update password page

* [AC-1070] Make InitAsync virtual

Allow the UpdateTempPasswordPage to override the InitAsync method to check for a reset password reason in the state service

* [AC-1070] Modify UpdateTempPassword page appearance

- Load the force password reset reason from the state service
- Make warning text dynamic based on force password reason
- Conditionally show the Current master password field if updating a weak master password

* [AC-1070] Add update password method to Api service

* [AC-1070] Introduce logic to update both temp and regular passwords

- Check the Reason to use the appropriate request/endpoint when submitting.
- Verify the users current password locally using the user verification service.

* [AC-1070] Introduce VerifyMasterPasswordResponse

* [AC-1070] Add logic to evaluate master password on unlock

* [AC-1070] Add support 2FA login flow

Keep track of the reset password reason after a password login requires 2FA. During 2FA submission, check if there is a saved reason, and if so, force the user to update their password.

* [AC-1070] Formatting

* [AC-1070] Remove string key from service resolution

* [AC-1070] Change master password options to method variable to avoid class field

Add null check for password strength result and log an error as this is an unexpected flow

* [AC-1070] Remove usage of i18nService

* [AC-1070] Use AsyncCommand for SubmitCommand

* [AC-1070] Remove type from ShowToast call

* [AC-1070] Simplify UpdatePassword methods to accept string for the new encryption key

* [AC-1070] Use full text for key for the CurrentMasterPassword resource

* [AC-1070] Convert Reason to a private class field

* [AC-1070] Formatting changes

* [AC-1070] Simplify if statements in master password options policy service method

* [AC-1070] Use the saved force password reset reason after 2FA login

* [AC-1070] Use constant for ForceUpdatePassword message command

* [AC-1070] Move shared RequirePasswordChangeOnLogin method into PolicyService

* Revert "[AC-1070] Move shared RequirePasswordChangeOnLogin method into PolicyService"

This reverts commit e4feac130f.

* [AC-1070] Add check for null password strength response

* [AC-1070] Fix broken show password icon

* [AC-1070] Add show password icon for current master password

src/Core/Models/Domain/Account.cs

@@ -52,6 +52,7 @@ namespace Bit.Core.Models.Domain
                 EmailVerified = copy.EmailVerified;
                 HasPremiumPersonally = copy.HasPremiumPersonally;
                 AvatarColor = copy.AvatarColor;
+                ForcePasswordResetReason = copy.ForcePasswordResetReason;
             }
 
             public string UserId;
@@ -66,6 +67,7 @@ namespace Bit.Core.Models.Domain
             public int? KdfParallelism;
             public bool? EmailVerified;
             public bool? HasPremiumPersonally;
+            public ForcePasswordResetReason? ForcePasswordResetReason;
         }
 
         public class AccountTokens

src/Core/Models/Domain/ForcePasswordResetReason.cs

@@ -0,0 +1,16 @@
+namespace Bit.Core.Models.Domain
+{
+    public enum ForcePasswordResetReason
+    {
+        /// <summary>
+        /// Occurs when an organization admin forces a user to reset their password.
+        /// </summary>
+        AdminForcePasswordReset,
+
+        /// <summary>
+        /// Occurs when a user logs in with a master password that does not meet an organization's master password
+        /// policy that is enforced on login.
+        /// </summary>
+        WeakMasterPasswordOnLogin
+    }
+}

src/Core/Models/Domain/MasterPasswordPolicyOptions.cs

@@ -8,6 +8,7 @@
         public bool RequireLower { get; set; }
         public bool RequireNumbers { get; set; }
         public bool RequireSpecial { get; set; }
+        public bool EnforceOnLogin { get; set; }
 
         public bool InEffect()
         {