[EC-1045] add vault timeout action to policy (#2372)

* [EC-1045] lock action if policy and show message

* [EC-1045] add text for policy message

* [EC-1045] add consts to policy service

* [EC-1045] missed a const

* [AC-1045] fix build
This commit is contained in:
Jake Fink 2023-03-10 12:55:48 -05:00 committed by GitHub
parent ad9ca125a0
commit dcb5854557
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 75 additions and 24 deletions

View file

@ -120,7 +120,7 @@ namespace Bit.App.Pages
if (await _policyService.PolicyAppliesToUser(PolicyType.MaximumVaultTimeout)) if (await _policyService.PolicyAppliesToUser(PolicyType.MaximumVaultTimeout))
{ {
_vaultTimeoutPolicy = (await _policyService.GetAll(PolicyType.MaximumVaultTimeout)).First(); _vaultTimeoutPolicy = (await _policyService.GetAll(PolicyType.MaximumVaultTimeout)).First();
var minutes = _policyService.GetPolicyInt(_vaultTimeoutPolicy, "minutes").GetValueOrDefault(); var minutes = _policyService.GetPolicyInt(_vaultTimeoutPolicy, PolicyService.TIMEOUT_POLICY_MINUTES).GetValueOrDefault();
_vaultTimeouts = _vaultTimeouts.Where(t => _vaultTimeouts = _vaultTimeouts.Where(t =>
t.Value <= minutes && t.Value <= minutes &&
(t.Value > 0 || t.Value == CustomVaultTimeoutValue) && (t.Value > 0 || t.Value == CustomVaultTimeoutValue) &&
@ -295,7 +295,7 @@ namespace Bit.App.Pages
if (_vaultTimeoutPolicy != null) if (_vaultTimeoutPolicy != null)
{ {
var maximumTimeout = _policyService.GetPolicyInt(_vaultTimeoutPolicy, "minutes"); var maximumTimeout = _policyService.GetPolicyInt(_vaultTimeoutPolicy, PolicyService.TIMEOUT_POLICY_MINUTES);
if (newTimeout > maximumTimeout) if (newTimeout > maximumTimeout)
{ {
@ -374,6 +374,10 @@ namespace Bit.App.Pages
public async Task VaultTimeoutActionAsync() public async Task VaultTimeoutActionAsync()
{ {
if (!string.IsNullOrEmpty(_policyService.GetPolicyString(_vaultTimeoutPolicy, PolicyService.TIMEOUT_POLICY_ACTION)))
{
return;
}
var options = _vaultTimeoutActions.Select(o => var options = _vaultTimeoutActions.Select(o =>
o.Key == _vaultTimeoutActionDisplayValue ? $"✓ {o.Key}" : o.Key).ToArray(); o.Key == _vaultTimeoutActionDisplayValue ? $"✓ {o.Key}" : o.Key).ToArray();
var selection = await Page.DisplayActionSheet(AppResources.VaultTimeoutAction, var selection = await Page.DisplayActionSheet(AppResources.VaultTimeoutAction,
@ -597,14 +601,38 @@ namespace Bit.App.Pages
} }
if (_vaultTimeoutPolicy != null) if (_vaultTimeoutPolicy != null)
{ {
var maximumTimeout = _policyService.GetPolicyInt(_vaultTimeoutPolicy, "minutes").GetValueOrDefault(); var maximumTimeout = _policyService.GetPolicyInt(_vaultTimeoutPolicy, PolicyService.TIMEOUT_POLICY_MINUTES).GetValueOrDefault();
securityItems.Insert(0, new SettingsPageListItem var timeoutAction = _policyService.GetPolicyString(_vaultTimeoutPolicy, PolicyService.TIMEOUT_POLICY_ACTION);
if (maximumTimeout != default && timeoutAction != default)
{ {
Name = string.Format(AppResources.VaultTimeoutPolicyInEffect, securityItems.Insert(0, new SettingsPageListItem
Math.Floor((float)maximumTimeout / 60), {
maximumTimeout % 60), Name = string.Format(AppResources.VaultTimeoutPolicyWithActionInEffect,
UseFrame = true, Math.Floor((float)maximumTimeout / 60),
}); maximumTimeout % 60,
timeoutAction == PolicyService.TIMEOUT_POLICY_ACTION_LOCK ? AppResources.Lock : AppResources.LogOut),
UseFrame = true,
});
}
else if (maximumTimeout != default && timeoutAction == default)
{
securityItems.Insert(0, new SettingsPageListItem
{
Name = string.Format(AppResources.VaultTimeoutPolicyInEffect,
Math.Floor((float)maximumTimeout / 60),
maximumTimeout % 60),
UseFrame = true,
});
}
else if (maximumTimeout == default && timeoutAction != default)
{
securityItems.Insert(0, new SettingsPageListItem
{
Name = string.Format(AppResources.VaultTimeoutActionPolicyInEffect,
timeoutAction == PolicyService.TIMEOUT_POLICY_ACTION_LOCK ? AppResources.Lock : AppResources.LogOut),
UseFrame = true,
});
}
} }
if (Device.RuntimePlatform == Device.Android) if (Device.RuntimePlatform == Device.Android)
{ {

View file

@ -6677,6 +6677,15 @@ namespace Bit.App.Resources {
} }
} }
/// <summary>
/// Looks up a localized string similar to Your organization policies have set your vault timeout action to {0}..
/// </summary>
public static string VaultTimeoutActionPolicyInEffect {
get {
return ResourceManager.GetString("VaultTimeoutActionPolicyInEffect", resourceCulture);
}
}
/// <summary> /// <summary>
/// Looks up a localized string similar to Logging out will remove all access to your vault and requires online authentication after the timeout period. Are you sure you want to use this setting?. /// Looks up a localized string similar to Logging out will remove all access to your vault and requires online authentication after the timeout period. Are you sure you want to use this setting?.
/// </summary> /// </summary>
@ -6687,7 +6696,7 @@ namespace Bit.App.Resources {
} }
/// <summary> /// <summary>
/// Looks up a localized string similar to Your organization policies are affecting your vault timeout. Maximum allowed vault timeout is {0} hour(s) and {1} minute(s). /// Looks up a localized string similar to Your organization policies have set your maximum allowed vault timeout to {0} hour(s) and {1} minute(s)..
/// </summary> /// </summary>
public static string VaultTimeoutPolicyInEffect { public static string VaultTimeoutPolicyInEffect {
get { get {
@ -6695,6 +6704,15 @@ namespace Bit.App.Resources {
} }
} }
/// <summary>
/// Looks up a localized string similar to Your organization policies are affecting your vault timeout. Maximum allowed vault timeout is {0} hour(s) and {1} minute(s). Your vault timeout action is set to {2}..
/// </summary>
public static string VaultTimeoutPolicyWithActionInEffect {
get {
return ResourceManager.GetString("VaultTimeoutPolicyWithActionInEffect", resourceCulture);
}
}
/// <summary> /// <summary>
/// Looks up a localized string similar to Your vault timeout exceeds the restrictions set by your organization.. /// Looks up a localized string similar to Your vault timeout exceeds the restrictions set by your organization..
/// </summary> /// </summary>

View file

@ -2141,7 +2141,13 @@ Scanning will happen automatically.</value>
<value>This organization has an enterprise policy that will automatically enroll you in password reset. Enrollment will allow organization administrators to change your master password.</value> <value>This organization has an enterprise policy that will automatically enroll you in password reset. Enrollment will allow organization administrators to change your master password.</value>
</data> </data>
<data name="VaultTimeoutPolicyInEffect" xml:space="preserve"> <data name="VaultTimeoutPolicyInEffect" xml:space="preserve">
<value>Your organization policies are affecting your vault timeout. Maximum allowed vault timeout is {0} hour(s) and {1} minute(s)</value> <value>Your organization policies have set your maximum allowed vault timeout to {0} hour(s) and {1} minute(s).</value>
</data>
<data name="VaultTimeoutPolicyWithActionInEffect" xml:space="preserve">
<value>Your organization policies are affecting your vault timeout. Maximum allowed vault timeout is {0} hour(s) and {1} minute(s). Your vault timeout action is set to {2}.</value>
</data>
<data name="VaultTimeoutActionPolicyInEffect" xml:space="preserve">
<value>Your organization policies have set your vault timeout action to {0}.</value>
</data> </data>
<data name="VaultTimeoutToLarge" xml:space="preserve"> <data name="VaultTimeoutToLarge" xml:space="preserve">
<value>Your vault timeout exceeds the restrictions set by your organization.</value> <value>Your vault timeout exceeds the restrictions set by your organization.</value>

View file

@ -20,6 +20,7 @@ namespace Bit.Core.Abstractions
string orgId); string orgId);
Task<bool> PolicyAppliesToUser(PolicyType policyType, Func<Policy, bool> policyFilter = null, string userId = null); Task<bool> PolicyAppliesToUser(PolicyType policyType, Func<Policy, bool> policyFilter = null, string userId = null);
int? GetPolicyInt(Policy policy, string key); int? GetPolicyInt(Policy policy, string key);
string GetPolicyString(Policy policy, string key);
Task<bool> ShouldShowVaultFilterAsync(); Task<bool> ShouldShowVaultFilterAsync();
} }
} }

View file

@ -17,6 +17,11 @@ namespace Bit.Core.Services
private IEnumerable<Policy> _policyCache; private IEnumerable<Policy> _policyCache;
public const string TIMEOUT_POLICY_MINUTES = "minutes";
public const string TIMEOUT_POLICY_ACTION = "action";
public const string TIMEOUT_POLICY_ACTION_LOCK = "lock";
public const string TIMEOUT_POLICY_ACTION_LOGOUT = "logOut";
public PolicyService( public PolicyService(
IStateService stateService, IStateService stateService,
IOrganizationService organizationService) IOrganizationService organizationService)
@ -247,6 +252,10 @@ namespace Bit.Core.Services
return null; return null;
} }
public string GetPolicyString(Policy policy, string key) =>
policy.Data.TryGetValue(key, out var val) ? val as string : null;
public async Task<bool> ShouldShowVaultFilterAsync() public async Task<bool> ShouldShowVaultFilterAsync()
{ {
var personalOwnershipPolicyApplies = await PolicyAppliesToUser(PolicyType.PersonalOwnership); var personalOwnershipPolicyApplies = await PolicyAppliesToUser(PolicyType.PersonalOwnership);
@ -272,17 +281,6 @@ namespace Bit.Core.Services
return null; return null;
} }
private string GetPolicyString(Policy policy, string key)
{
if (policy.Data.ContainsKey(key))
{
var value = policy.Data[key];
if (value != null)
{
return (string)value;
}
}
return null;
}
} }
} }

View file

@ -247,7 +247,7 @@ namespace Bit.Core.Services
{ {
var policy = (await _policyService.GetAll(PolicyType.MaximumVaultTimeout, userId)).First(); var policy = (await _policyService.GetAll(PolicyType.MaximumVaultTimeout, userId)).First();
// Remove negative values, and ensure it's smaller than maximum allowed value according to policy // Remove negative values, and ensure it's smaller than maximum allowed value according to policy
var policyTimeout = _policyService.GetPolicyInt(policy, "minutes"); var policyTimeout = _policyService.GetPolicyInt(policy, PolicyService.TIMEOUT_POLICY_MINUTES);
if (!policyTimeout.HasValue) if (!policyTimeout.HasValue)
{ {
return vaultTimeout; return vaultTimeout;