[EC-1045] add vault timeout action to policy (#2372)

* [EC-1045] lock action if policy and show message

* [EC-1045] add text for policy message

* [EC-1045] add consts to policy service

* [EC-1045] missed a const

* [AC-1045] fix build

src/App/Pages/Settings/SettingsPage/SettingsPageViewModel.cs

@@ -120,7 +120,7 @@ namespace Bit.App.Pages
             if (await _policyService.PolicyAppliesToUser(PolicyType.MaximumVaultTimeout))
             {
                 _vaultTimeoutPolicy = (await _policyService.GetAll(PolicyType.MaximumVaultTimeout)).First();
-                var minutes = _policyService.GetPolicyInt(_vaultTimeoutPolicy, "minutes").GetValueOrDefault();
+                var minutes = _policyService.GetPolicyInt(_vaultTimeoutPolicy, PolicyService.TIMEOUT_POLICY_MINUTES).GetValueOrDefault();
                 _vaultTimeouts = _vaultTimeouts.Where(t =>
                     t.Value <= minutes &&
                     (t.Value > 0 || t.Value == CustomVaultTimeoutValue) &&
@@ -295,7 +295,7 @@ namespace Bit.App.Pages
 
             if (_vaultTimeoutPolicy != null)
             {
-                var maximumTimeout = _policyService.GetPolicyInt(_vaultTimeoutPolicy, "minutes");
+                var maximumTimeout = _policyService.GetPolicyInt(_vaultTimeoutPolicy, PolicyService.TIMEOUT_POLICY_MINUTES);
 
                 if (newTimeout > maximumTimeout)
                 {
@@ -374,6 +374,10 @@ namespace Bit.App.Pages
 
         public async Task VaultTimeoutActionAsync()
         {
+            if (!string.IsNullOrEmpty(_policyService.GetPolicyString(_vaultTimeoutPolicy, PolicyService.TIMEOUT_POLICY_ACTION)))
+            {
+                return;
+            }
             var options = _vaultTimeoutActions.Select(o =>
                 o.Key == _vaultTimeoutActionDisplayValue ? $"✓ {o.Key}" : o.Key).ToArray();
             var selection = await Page.DisplayActionSheet(AppResources.VaultTimeoutAction,
@@ -597,7 +601,21 @@ namespace Bit.App.Pages
             }
             if (_vaultTimeoutPolicy != null)
             {
-                var maximumTimeout = _policyService.GetPolicyInt(_vaultTimeoutPolicy, "minutes").GetValueOrDefault();
+                var maximumTimeout = _policyService.GetPolicyInt(_vaultTimeoutPolicy, PolicyService.TIMEOUT_POLICY_MINUTES).GetValueOrDefault();
+                var timeoutAction = _policyService.GetPolicyString(_vaultTimeoutPolicy, PolicyService.TIMEOUT_POLICY_ACTION);
+                if (maximumTimeout != default && timeoutAction != default)
+                {
+                    securityItems.Insert(0, new SettingsPageListItem
+                    {
+                        Name = string.Format(AppResources.VaultTimeoutPolicyWithActionInEffect,
+                            Math.Floor((float)maximumTimeout / 60),
+                            maximumTimeout % 60,
+                            timeoutAction == PolicyService.TIMEOUT_POLICY_ACTION_LOCK ? AppResources.Lock : AppResources.LogOut),
+                        UseFrame = true,
+                    });
+                }
+                else if (maximumTimeout != default && timeoutAction == default)
+                {
                     securityItems.Insert(0, new SettingsPageListItem
                     {
                         Name = string.Format(AppResources.VaultTimeoutPolicyInEffect,
@@ -606,6 +624,16 @@ namespace Bit.App.Pages
                         UseFrame = true,
                     });
                 }
+                else if (maximumTimeout == default && timeoutAction != default)
+                {
+                    securityItems.Insert(0, new SettingsPageListItem
+                    {
+                        Name = string.Format(AppResources.VaultTimeoutActionPolicyInEffect,
+                            timeoutAction == PolicyService.TIMEOUT_POLICY_ACTION_LOCK ? AppResources.Lock : AppResources.LogOut),
+                        UseFrame = true,
+                    });
+                }
+            }
             if (Device.RuntimePlatform == Device.Android)
             {
                 securityItems.Add(new SettingsPageListItem

src/App/Resources/AppResources.Designer.cs

@@ -6677,6 +6677,15 @@ namespace Bit.App.Resources {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to Your organization policies have set your vault timeout action to {0}..
+        /// </summary>
+        public static string VaultTimeoutActionPolicyInEffect {
+            get {
+                return ResourceManager.GetString("VaultTimeoutActionPolicyInEffect", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Logging out will remove all access to your vault and requires online authentication after the timeout period. Are you sure you want to use this setting?.
         /// </summary>
@@ -6687,7 +6696,7 @@ namespace Bit.App.Resources {
         }
         
         /// <summary>
-        ///   Looks up a localized string similar to Your organization policies are affecting your vault timeout. Maximum allowed vault timeout is {0} hour(s) and {1} minute(s).
+        ///   Looks up a localized string similar to Your organization policies have set your maximum allowed vault timeout to {0} hour(s) and {1} minute(s)..
         /// </summary>
         public static string VaultTimeoutPolicyInEffect {
             get {
@@ -6695,6 +6704,15 @@ namespace Bit.App.Resources {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to Your organization policies are affecting your vault timeout. Maximum allowed vault timeout is {0} hour(s) and {1} minute(s). Your vault timeout action is set to {2}..
+        /// </summary>
+        public static string VaultTimeoutPolicyWithActionInEffect {
+            get {
+                return ResourceManager.GetString("VaultTimeoutPolicyWithActionInEffect", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Your vault timeout exceeds the restrictions set by your organization..
         /// </summary>

src/App/Resources/AppResources.resx

@@ -2141,7 +2141,13 @@ Scanning will happen automatically.</value>
     <value>This organization has an enterprise policy that will automatically enroll you in password reset. Enrollment will allow organization administrators to change your master password.</value>
   </data>
   <data name="VaultTimeoutPolicyInEffect" xml:space="preserve">
-    <value>Your organization policies are affecting your vault timeout. Maximum allowed vault timeout is {0} hour(s) and {1} minute(s)</value>
+    <value>Your organization policies have set your maximum allowed vault timeout to {0} hour(s) and {1} minute(s).</value>
+  </data>
+  <data name="VaultTimeoutPolicyWithActionInEffect" xml:space="preserve">
+    <value>Your organization policies are affecting your vault timeout. Maximum allowed vault timeout is {0} hour(s) and {1} minute(s). Your vault timeout action is set to {2}.</value>
+  </data>
+  <data name="VaultTimeoutActionPolicyInEffect" xml:space="preserve">
+    <value>Your organization policies have set your vault timeout action to {0}.</value>
   </data>
   <data name="VaultTimeoutToLarge" xml:space="preserve">
     <value>Your vault timeout exceeds the restrictions set by your organization.</value>

src/Core/Abstractions/IPolicyService.cs

@@ -20,6 +20,7 @@ namespace Bit.Core.Abstractions
             string orgId);
         Task<bool> PolicyAppliesToUser(PolicyType policyType, Func<Policy, bool> policyFilter = null, string userId = null);
         int? GetPolicyInt(Policy policy, string key);
+        string GetPolicyString(Policy policy, string key);
         Task<bool> ShouldShowVaultFilterAsync();
     }
 }

src/Core/Services/PolicyService.cs

@@ -17,6 +17,11 @@ namespace Bit.Core.Services
 
         private IEnumerable<Policy> _policyCache;
 
+        public const string TIMEOUT_POLICY_MINUTES = "minutes";
+        public const string TIMEOUT_POLICY_ACTION = "action";
+        public const string TIMEOUT_POLICY_ACTION_LOCK = "lock";
+        public const string TIMEOUT_POLICY_ACTION_LOGOUT = "logOut";
+
         public PolicyService(
             IStateService stateService,
             IOrganizationService organizationService)
@@ -247,6 +252,10 @@ namespace Bit.Core.Services
             return null;
         }
 
+        public string GetPolicyString(Policy policy, string key) =>
+            policy.Data.TryGetValue(key, out var val) ? val as string : null;
+
+
         public async Task<bool> ShouldShowVaultFilterAsync()
         {
             var personalOwnershipPolicyApplies = await PolicyAppliesToUser(PolicyType.PersonalOwnership);
@@ -272,17 +281,6 @@ namespace Bit.Core.Services
             return null;
         }
 
-        private string GetPolicyString(Policy policy, string key)
+
-        {
-            if (policy.Data.ContainsKey(key))
-            {
-                var value = policy.Data[key];
-                if (value != null)
-                {
-                    return (string)value;
-                }
-            }
-            return null;
-        }
     }
 }

src/Core/Services/VaultTimeoutService.cs

@@ -247,7 +247,7 @@ namespace Bit.Core.Services
             {
                 var policy = (await _policyService.GetAll(PolicyType.MaximumVaultTimeout, userId)).First();
                 // Remove negative values, and ensure it's smaller than maximum allowed value according to policy
-                var policyTimeout = _policyService.GetPolicyInt(policy, "minutes");
+                var policyTimeout = _policyService.GetPolicyInt(policy, PolicyService.TIMEOUT_POLICY_MINUTES);
                 if (!policyTimeout.HasValue)
                 {
                     return vaultTimeout;