[AC-1435] Copy updates for Single Organization policy prerequisite for Account Recovery policy (#5774)

* [AC-1435] Update copy/formatting on account recovery policy dialog * [AC-1435] Cleanup account recovery dialog component * [AC-1435] Update AccountRecovery policy description * [AC-1435] Update Tde option description to include notice for Single Org policy * fix: remove extra hyphen from help link, refs AC-1435 --------- Co-authored-by: Vincent Salucci <vincesalucci21@gmail.com>
2024-06-25 10:25:36 +02:00 · 2023-07-18 08:00:43 -07:00 · 2023-07-18 08:00:43 -07:00 · 9d8f52ef6a
commit 9d8f52ef6a
parent 7aad24727d
4 changed files with 75 additions and 91 deletions
--- a/apps/web/src/app/admin-console/organizations/policies/reset-password.component.html
+++ b/apps/web/src/app/admin-console/organizations/policies/reset-password.component.html
@ -1,40 +1,23 @@
-<app-callout type="info" *ngIf="showKeyConnectorInfo">
+<bit-callout type="info" *ngIf="showKeyConnectorInfo">
  {{ "keyConnectorPolicyRestriction" | i18n }}
-</app-callout>
+</bit-callout>

-<app-callout type="warning">
-  {{ "resetPasswordPolicyWarning" | i18n }}
-</app-callout>
+<bit-callout type="success" [title]="'prerequisite' | i18n" icon="bwi-lightbulb">
+  {{ "accountRecoverySingleOrgRequirementDesc" | i18n }}
+</bit-callout>

-<div class="form-group">
-  <div class="form-check">
-    <input
-      class="form-check-input"
-      type="checkbox"
-      id="enabled"
-      [formControl]="enabled"
-      name="Enabled"
-    />
-    <label class="form-check-label" for="enabled">{{ "turnOn" | i18n }}</label>
-  </div>
-</div>
+<bit-callout type="warning">
+  {{ "accountRecoveryPolicyWarning" | i18n }}
+</bit-callout>

-<div [formGroup]="data">
-  <h3 class="mt-4">{{ "resetPasswordPolicyAutoEnroll" | i18n }}</h3>
-  <p>{{ "resetPasswordPolicyAutoEnrollDescription" | i18n }}</p>
-  <app-callout type="warning">
-    {{ "resetPasswordPolicyAutoEnrollWarning" | i18n }}
-  </app-callout>
-  <div class="form-check">
-    <input
-      class="form-check-input"
-      type="checkbox"
-      id="autoEnrollEnabled"
-      name="AutoEnrollEnabled"
-      formControlName="autoEnrollEnabled"
-    />
-    <label class="form-check-label" for="autoEnrollEnabled">
-      {{ "resetPasswordPolicyAutoEnrollCheckbox" | i18n }}
-    </label>
-  </div>
-</div>
+<bit-form-control class="!tw-mb-1">
+  <input type="checkbox" bitCheckbox [formControl]="enabled" id="enabled" />
+  <bit-label>{{ "turnOn" | i18n }}</bit-label>
+</bit-form-control>
+
+<ng-container [formGroup]="data">
+  <bit-form-control class="!tw-mb-1">
+    <input type="checkbox" bitCheckbox formControlName="autoEnrollEnabled" id="autoEnrollEnabled" />
+    <bit-label>{{ "resetPasswordPolicyAutoEnrollCheckbox" | i18n }}</bit-label>
+  </bit-form-control>
+</ng-container>
--- a/apps/web/src/app/admin-console/organizations/policies/reset-password.component.ts
+++ b/apps/web/src/app/admin-console/organizations/policies/reset-password.component.ts
@ -1,5 +1,5 @@
 import { Component } from "@angular/core";
-import { UntypedFormBuilder } from "@angular/forms";
+import { FormBuilder } from "@angular/forms";

 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { PolicyType } from "@bitwarden/common/admin-console/enums";
@ -9,7 +9,7 @@ import { BasePolicy, BasePolicyComponent } from "./base-policy.component";

 export class ResetPasswordPolicy extends BasePolicy {
  name = "accountRecoveryPolicy";
-  description = "accountRecoveryPolicyDescription";
+  description = "accountRecoveryPolicyDesc";
  type = PolicyType.ResetPassword;
  component = ResetPasswordPolicyComponent;

@ -26,14 +26,9 @@ export class ResetPasswordPolicyComponent extends BasePolicyComponent {
  data = this.formBuilder.group({
    autoEnrollEnabled: false,
  });
-
-  defaultTypes: { name: string; value: string }[];
  showKeyConnectorInfo = false;

-  constructor(
-    private formBuilder: UntypedFormBuilder,
-    private organizationService: OrganizationService
-  ) {
+  constructor(private formBuilder: FormBuilder, private organizationService: OrganizationService) {
    super();
  }

--- a/apps/web/src/locales/en/messages.json
+++ b/apps/web/src/locales/en/messages.json
@ -404,8 +404,7 @@
  "viewItem": {
    "message": "View item"
  },
-  "new":
-  {
+  "new": {
    "message": "New",
    "description": "for adding new items"
  },
@ -971,7 +970,7 @@
  "exportWarningDesc": {
    "message": "This export contains your vault data in an unencrypted format. You should not store or send the exported file over unsecure channels (such as email). Delete it immediately after you are done using it."
  },
-   "exportSecretsWarningDesc": {
+  "exportSecretsWarningDesc": {
    "message": "This export contains your secrets data in an unencrypted format. You should not store or send the exported file over unsecure channels (such as email). Delete it immediately after you are done using it."
  },
  "encExportKeyWarningDesc": {
@ -4595,21 +4594,18 @@
  "accountRecoveryPolicy": {
    "message": "Account recovery administration"
  },
-  "accountRecoveryPolicyDescription": {
-    "message": "Recover member accounts when master password or trusted devices are forgotten or lost. The recovery processes is based on the account encryption method."
+  "accountRecoveryPolicyDesc": {
+    "message": "Based on the encryption method, recover accounts when master passwords or trusted devices are forgotten or lost."
  },
-  "resetPasswordPolicyWarning": {
-    "message": "Members in the organization will need to self-enroll or be auto-enrolled before administrators can reset their master password."
+  "accountRecoveryPolicyWarning": {
+    "message": "Existing accounts with master passwords will require members to self-enroll before administrators can recover their accounts. Automatic enrollment will turn on account recovery for new members."
+  },
+  "accountRecoverySingleOrgRequirementDesc": {
+    "message": "The single organization Enterprise policy must be turned on before activating this policy."
  },
  "resetPasswordPolicyAutoEnroll": {
    "message": "Automatic enrollment"
  },
-  "resetPasswordPolicyAutoEnrollDescription": {
-    "message": "All members will be automatically enrolled in password reset once their invite is accepted and will not be allowed to withdraw."
-  },
-  "resetPasswordPolicyAutoEnrollWarning": {
-    "message": "Members already in the organization will not be retroactively enrolled in password reset. They will need to self-enroll before administrators can reset their master password."
-  },
  "resetPasswordPolicyAutoEnrollCheckbox": {
    "message": "Require new members to be enrolled automatically"
  },
@ -5225,8 +5221,8 @@
    "message": "Use the",
    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Use the require single-sign-on authentication policy to require all members to log in with SSO.'"
  },
-  "ssoPolicyHelpLink": {
-    "message": "require single-sign-on authentication policy",
+  "ssoPolicyHelpAnchor": {
+    "message": "require single sign-on authentication policy",
    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Use the require single-sign-on authentication policy to require all members to log in with SSO.'"
  },
  "ssoPolicyHelpEnd": {
@ -5855,10 +5851,10 @@
    "message": "Delete secrets",
    "description": "The action to delete multiple secrets from the system."
  },
-  "hardDeleteSecret":{
+  "hardDeleteSecret": {
    "message": "Permanently delete secret"
  },
-  "hardDeleteSecrets":{
+  "hardDeleteSecrets": {
    "message": "Permanently delete secrets"
  },
  "secretProjectAssociationDescription": {
@ -5937,14 +5933,14 @@
    "message": "To get started, add a new secret or import secrets.",
    "description": "Message to encourage the user to start adding secrets."
  },
-  "secretsTrashNoItemsMessage":{
+  "secretsTrashNoItemsMessage": {
    "message": "There are no secrets in the trash."
  },
  "serviceAccountsNoItemsMessage": {
    "message": "Create a new service account to get started automating secret access.",
    "description": "Message to encourage the user to start creating service accounts."
  },
-   "serviceAccountsNoItemsTitle": {
+  "serviceAccountsNoItemsTitle": {
    "message": "Nothing to show yet",
    "description": "Title to indicate that there are no service accounts to display."
  },
@ -5965,7 +5961,7 @@
    "description": "Action to view the details of a service account."
  },
  "deleteServiceAccountDialogMessage": {
-    "message":  "Deleting service account $SERVICE_ACCOUNT$ is permanent and irreversible.",
+    "message": "Deleting service account $SERVICE_ACCOUNT$ is permanent and irreversible.",
    "placeholders": {
      "service_account": {
        "content": "$1",
@ -5973,11 +5969,11 @@
      }
    }
  },
-  "deleteServiceAccountsDialogMessage":{
+  "deleteServiceAccountsDialogMessage": {
    "message": "Deleting service accounts is permanent and irreversible."
  },
-  "deleteServiceAccountsConfirmMessage":{
-    "message":  "Delete $COUNT$ service accounts",
+  "deleteServiceAccountsConfirmMessage": {
+    "message": "Delete $COUNT$ service accounts",
    "placeholders": {
      "count": {
        "content": "$1",
@ -5985,19 +5981,19 @@
      }
    }
  },
-  "deleteServiceAccountToast":{
+  "deleteServiceAccountToast": {
    "message": "Service account deleted"
  },
-  "deleteServiceAccountsToast":{
+  "deleteServiceAccountsToast": {
    "message": "Service accounts deleted"
  },
  "searchServiceAccounts": {
    "message": "Search service accounts",
    "description": "Placeholder text for searching service accounts."
  },
-  "editServiceAccount":{
-    "message":"Edit service account",
-    "description" : "Title for editing a service account."
+  "editServiceAccount": {
+    "message": "Edit service account",
+    "description": "Title for editing a service account."
  },
  "addProject": {
    "message": "Add project",
@ -6037,8 +6033,8 @@
  "hardDeleteSecretsConfirmation": {
    "message": "Are you sure you want to permanently delete these secrets?"
  },
-  "hardDeletesSuccessToast":{
-    "message":"Secrets permanently deleted"
+  "hardDeletesSuccessToast": {
+    "message": "Secrets permanently deleted"
  },
  "smAccess": {
    "message": "Access",
@ -6052,7 +6048,7 @@
    "message": "Service account name",
    "description": "Label for the name of a service account"
  },
-   "serviceAccountCreated": {
+  "serviceAccountCreated": {
    "message": "Service account created",
    "description": "Notifies that a new service account has been created"
  },
@ -6140,8 +6136,8 @@
    "message": "Secret sent to trash",
    "description": "Notification to be displayed when a secret is successfully sent to the trash."
  },
-  "hardDeleteSuccessToast":{
-    "message":"Secret permanently deleted"
+  "hardDeleteSuccessToast": {
+    "message": "Secret permanently deleted"
  },
  "accessTokens": {
    "message": "Access tokens",
@ -6832,20 +6828,28 @@
  "trustedDeviceEncryption": {
    "message": "Trusted device encryption"
  },
-  "memberDecryptionTdeDescriptionStart": {
+  "memberDecryptionTdeDescriptionPartOne": {
    "message": "Once authenticated, members will decrypt vault data using a key stored on their device. The",
-    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Once authenticated, members will decrypt vault data using a key stored on their device. The account recovery administration policy with automatic enrollment will turn on when this option is used.'"
+    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Once authenticated, members will decrypt vault data using a key stored on their device. The single organization policy and account recovery administration policy with automatic enrollment will turn on when this option is used.'"
  },
-  "memberDecryptionTdeDescriptionLink": {
-    "message": "account recovery administration policy",
-    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Once authenticated, members will decrypt vault data using a key stored on their device. The account recovery administration policy with automatic enrollment will turn on when this option is used.'"
+  "memberDecryptionTdeDescriptionLinkOne": {
+    "message": "single organization",
+    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Once authenticated, members will decrypt vault data using a key stored on their device. The single organization policy and account recovery administration policy with automatic enrollment will turn on when this option is used.'"
  },
-  "memberDecryptionTdeDescriptionEnd": {
-    "message": "with automatic enrollment will turn on when this option is used.",
-    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Once authenticated, members will decrypt vault data using a key stored on their device. The master password reset policy with automatic enrollment will turn on when this option is used.'"
+  "memberDecryptionTdeDescriptionPartTwo": {
+    "message": "policy and ",
+    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Once authenticated, members will decrypt vault data using a key stored on their device. The single organization policy and account recovery administration policy with automatic enrollment will turn on when this option is used.'"
  },
-  "notFound":{
-    "message":  "$RESOURCE$ not found",
+  "memberDecryptionTdeDescriptionLinkTwo": {
+    "message": "account recovery administration",
+    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Once authenticated, members will decrypt vault data using a key stored on their device. The single organization policy and account recovery administration policy with automatic enrollment will turn on when this option is used.'"
+  },
+  "memberDecryptionTdeDescriptionPartThree": {
+    "message": "policy with automatic enrollment will turn on when this option is used.",
+    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Once authenticated, members will decrypt vault data using a key stored on their device. The single organization policy and account recovery administration policy with automatic enrollment will turn on when this option is used.'"
+  },
+  "notFound": {
+    "message": "$RESOURCE$ not found",
    "placeholders": {
      "resource": {
        "content": "$1",
--- a/bitwarden_license/bit-web/src/app/auth/sso/sso.component.html
+++ b/bitwarden_license/bit-web/src/app/auth/sso/sso.component.html
@ -14,7 +14,7 @@
 <form [formGroup]="ssoConfigForm" [bitSubmit]="submit" *ngIf="!loading">
  <p>
    {{ "ssoPolicyHelpStart" | i18n }}
-    <a routerLink="../policies">{{ "ssoPolicyHelpLink" | i18n }}</a>
+    <a routerLink="../policies">{{ "ssoPolicyHelpAnchor" | i18n }}</a>
    {{ "ssoPolicyHelpEnd" | i18n }}
    <br />
  </p>
@ -81,9 +81,11 @@
          {{ "trustedDeviceEncryption" | i18n }}
        </bit-label>
        <bit-hint>
-          {{ "memberDecryptionTdeDescriptionStart" | i18n }}
-          <a routerLink="../policies">{{ "memberDecryptionTdeDescriptionLink" | i18n }}</a>
-          {{ "memberDecryptionTdeDescriptionEnd" | i18n }}
+          {{ "memberDecryptionTdeDescriptionPartOne" | i18n }}
+          <a routerLink="../policies">{{ "memberDecryptionTdeDescriptionLinkOne" | i18n }}</a>
+          {{ "memberDecryptionTdeDescriptionPartTwo" | i18n }}
+          <a routerLink="../policies">{{ "memberDecryptionTdeDescriptionLinkTwo" | i18n }}</a>
+          {{ "memberDecryptionTdeDescriptionPartThree" | i18n }}
        </bit-hint>
      </bit-radio-button>
    </bit-radio-group>