From 9d8f52ef6af1b72d4ea214923e4f5e60f2341075 Mon Sep 17 00:00:00 2001
From: Shane Melton <smelton@bitwarden.com>
Date: Tue, 18 Jul 2023 08:00:43 -0700
Subject: [PATCH] [AC-1435]  Copy updates for Single Organization policy
 prerequisite for Account Recovery policy (#5774)

* [AC-1435] Update copy/formatting on account recovery policy dialog

* [AC-1435] Cleanup account recovery dialog component

* [AC-1435] Update AccountRecovery policy description

* [AC-1435] Update Tde option description to include notice for Single Org policy

* fix: remove extra hyphen from help link, refs AC-1435

---------

Co-authored-by: Vincent Salucci <vincesalucci21@gmail.com>
---
 .../policies/reset-password.component.html    | 55 ++++--------
 .../policies/reset-password.component.ts      | 11 +--
 apps/web/src/locales/en/messages.json         | 90 ++++++++++---------
 .../src/app/auth/sso/sso.component.html       | 10 ++-
 4 files changed, 75 insertions(+), 91 deletions(-)

diff --git a/apps/web/src/app/admin-console/organizations/policies/reset-password.component.html b/apps/web/src/app/admin-console/organizations/policies/reset-password.component.html
index f8d9918059..68c1923eb4 100644
--- a/apps/web/src/app/admin-console/organizations/policies/reset-password.component.html
+++ b/apps/web/src/app/admin-console/organizations/policies/reset-password.component.html
@@ -1,40 +1,23 @@
-<app-callout type="info" *ngIf="showKeyConnectorInfo">
+<bit-callout type="info" *ngIf="showKeyConnectorInfo">
   {{ "keyConnectorPolicyRestriction" | i18n }}
-</app-callout>
+</bit-callout>
 
-<app-callout type="warning">
-  {{ "resetPasswordPolicyWarning" | i18n }}
-</app-callout>
+<bit-callout type="success" [title]="'prerequisite' | i18n" icon="bwi-lightbulb">
+  {{ "accountRecoverySingleOrgRequirementDesc" | i18n }}
+</bit-callout>
 
-<div class="form-group">
-  <div class="form-check">
-    <input
-      class="form-check-input"
-      type="checkbox"
-      id="enabled"
-      [formControl]="enabled"
-      name="Enabled"
-    />
-    <label class="form-check-label" for="enabled">{{ "turnOn" | i18n }}</label>
-  </div>
-</div>
+<bit-callout type="warning">
+  {{ "accountRecoveryPolicyWarning" | i18n }}
+</bit-callout>
 
-<div [formGroup]="data">
-  <h3 class="mt-4">{{ "resetPasswordPolicyAutoEnroll" | i18n }}</h3>
-  <p>{{ "resetPasswordPolicyAutoEnrollDescription" | i18n }}</p>
-  <app-callout type="warning">
-    {{ "resetPasswordPolicyAutoEnrollWarning" | i18n }}
-  </app-callout>
-  <div class="form-check">
-    <input
-      class="form-check-input"
-      type="checkbox"
-      id="autoEnrollEnabled"
-      name="AutoEnrollEnabled"
-      formControlName="autoEnrollEnabled"
-    />
-    <label class="form-check-label" for="autoEnrollEnabled">
-      {{ "resetPasswordPolicyAutoEnrollCheckbox" | i18n }}
-    </label>
-  </div>
-</div>
+<bit-form-control class="!tw-mb-1">
+  <input type="checkbox" bitCheckbox [formControl]="enabled" id="enabled" />
+  <bit-label>{{ "turnOn" | i18n }}</bit-label>
+</bit-form-control>
+
+<ng-container [formGroup]="data">
+  <bit-form-control class="!tw-mb-1">
+    <input type="checkbox" bitCheckbox formControlName="autoEnrollEnabled" id="autoEnrollEnabled" />
+    <bit-label>{{ "resetPasswordPolicyAutoEnrollCheckbox" | i18n }}</bit-label>
+  </bit-form-control>
+</ng-container>
diff --git a/apps/web/src/app/admin-console/organizations/policies/reset-password.component.ts b/apps/web/src/app/admin-console/organizations/policies/reset-password.component.ts
index 4c3c346dc7..77c8c4ef97 100644
--- a/apps/web/src/app/admin-console/organizations/policies/reset-password.component.ts
+++ b/apps/web/src/app/admin-console/organizations/policies/reset-password.component.ts
@@ -1,5 +1,5 @@
 import { Component } from "@angular/core";
-import { UntypedFormBuilder } from "@angular/forms";
+import { FormBuilder } from "@angular/forms";
 
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { PolicyType } from "@bitwarden/common/admin-console/enums";
@@ -9,7 +9,7 @@ import { BasePolicy, BasePolicyComponent } from "./base-policy.component";
 
 export class ResetPasswordPolicy extends BasePolicy {
   name = "accountRecoveryPolicy";
-  description = "accountRecoveryPolicyDescription";
+  description = "accountRecoveryPolicyDesc";
   type = PolicyType.ResetPassword;
   component = ResetPasswordPolicyComponent;
 
@@ -26,14 +26,9 @@ export class ResetPasswordPolicyComponent extends BasePolicyComponent {
   data = this.formBuilder.group({
     autoEnrollEnabled: false,
   });
-
-  defaultTypes: { name: string; value: string }[];
   showKeyConnectorInfo = false;
 
-  constructor(
-    private formBuilder: UntypedFormBuilder,
-    private organizationService: OrganizationService
-  ) {
+  constructor(private formBuilder: FormBuilder, private organizationService: OrganizationService) {
     super();
   }
 
diff --git a/apps/web/src/locales/en/messages.json b/apps/web/src/locales/en/messages.json
index 42f15b402d..3d6e9f6018 100644
--- a/apps/web/src/locales/en/messages.json
+++ b/apps/web/src/locales/en/messages.json
@@ -404,8 +404,7 @@
   "viewItem": {
     "message": "View item"
   },
-  "new":
-  {
+  "new": {
     "message": "New",
     "description": "for adding new items"
   },
@@ -971,7 +970,7 @@
   "exportWarningDesc": {
     "message": "This export contains your vault data in an unencrypted format. You should not store or send the exported file over unsecure channels (such as email). Delete it immediately after you are done using it."
   },
-   "exportSecretsWarningDesc": {
+  "exportSecretsWarningDesc": {
     "message": "This export contains your secrets data in an unencrypted format. You should not store or send the exported file over unsecure channels (such as email). Delete it immediately after you are done using it."
   },
   "encExportKeyWarningDesc": {
@@ -4595,21 +4594,18 @@
   "accountRecoveryPolicy": {
     "message": "Account recovery administration"
   },
-  "accountRecoveryPolicyDescription": {
-    "message": "Recover member accounts when master password or trusted devices are forgotten or lost. The recovery processes is based on the account encryption method."
+  "accountRecoveryPolicyDesc": {
+    "message": "Based on the encryption method, recover accounts when master passwords or trusted devices are forgotten or lost."
   },
-  "resetPasswordPolicyWarning": {
-    "message": "Members in the organization will need to self-enroll or be auto-enrolled before administrators can reset their master password."
+  "accountRecoveryPolicyWarning": {
+    "message": "Existing accounts with master passwords will require members to self-enroll before administrators can recover their accounts. Automatic enrollment will turn on account recovery for new members."
+  },
+  "accountRecoverySingleOrgRequirementDesc": {
+    "message": "The single organization Enterprise policy must be turned on before activating this policy."
   },
   "resetPasswordPolicyAutoEnroll": {
     "message": "Automatic enrollment"
   },
-  "resetPasswordPolicyAutoEnrollDescription": {
-    "message": "All members will be automatically enrolled in password reset once their invite is accepted and will not be allowed to withdraw."
-  },
-  "resetPasswordPolicyAutoEnrollWarning": {
-    "message": "Members already in the organization will not be retroactively enrolled in password reset. They will need to self-enroll before administrators can reset their master password."
-  },
   "resetPasswordPolicyAutoEnrollCheckbox": {
     "message": "Require new members to be enrolled automatically"
   },
@@ -5225,8 +5221,8 @@
     "message": "Use the",
     "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Use the require single-sign-on authentication policy to require all members to log in with SSO.'"
   },
-  "ssoPolicyHelpLink": {
-    "message": "require single-sign-on authentication policy",
+  "ssoPolicyHelpAnchor": {
+    "message": "require single sign-on authentication policy",
     "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Use the require single-sign-on authentication policy to require all members to log in with SSO.'"
   },
   "ssoPolicyHelpEnd": {
@@ -5855,10 +5851,10 @@
     "message": "Delete secrets",
     "description": "The action to delete multiple secrets from the system."
   },
-  "hardDeleteSecret":{
+  "hardDeleteSecret": {
     "message": "Permanently delete secret"
   },
-  "hardDeleteSecrets":{
+  "hardDeleteSecrets": {
     "message": "Permanently delete secrets"
   },
   "secretProjectAssociationDescription": {
@@ -5937,14 +5933,14 @@
     "message": "To get started, add a new secret or import secrets.",
     "description": "Message to encourage the user to start adding secrets."
   },
-  "secretsTrashNoItemsMessage":{
+  "secretsTrashNoItemsMessage": {
     "message": "There are no secrets in the trash."
   },
   "serviceAccountsNoItemsMessage": {
     "message": "Create a new service account to get started automating secret access.",
     "description": "Message to encourage the user to start creating service accounts."
   },
-   "serviceAccountsNoItemsTitle": {
+  "serviceAccountsNoItemsTitle": {
     "message": "Nothing to show yet",
     "description": "Title to indicate that there are no service accounts to display."
   },
@@ -5965,7 +5961,7 @@
     "description": "Action to view the details of a service account."
   },
   "deleteServiceAccountDialogMessage": {
-    "message":  "Deleting service account $SERVICE_ACCOUNT$ is permanent and irreversible.",
+    "message": "Deleting service account $SERVICE_ACCOUNT$ is permanent and irreversible.",
     "placeholders": {
       "service_account": {
         "content": "$1",
@@ -5973,11 +5969,11 @@
       }
     }
   },
-  "deleteServiceAccountsDialogMessage":{
+  "deleteServiceAccountsDialogMessage": {
     "message": "Deleting service accounts is permanent and irreversible."
   },
-  "deleteServiceAccountsConfirmMessage":{
-    "message":  "Delete $COUNT$ service accounts",
+  "deleteServiceAccountsConfirmMessage": {
+    "message": "Delete $COUNT$ service accounts",
     "placeholders": {
       "count": {
         "content": "$1",
@@ -5985,19 +5981,19 @@
       }
     }
   },
-  "deleteServiceAccountToast":{
+  "deleteServiceAccountToast": {
     "message": "Service account deleted"
   },
-  "deleteServiceAccountsToast":{
+  "deleteServiceAccountsToast": {
     "message": "Service accounts deleted"
   },
   "searchServiceAccounts": {
     "message": "Search service accounts",
     "description": "Placeholder text for searching service accounts."
   },
-  "editServiceAccount":{
-    "message":"Edit service account",
-    "description" : "Title for editing a service account."
+  "editServiceAccount": {
+    "message": "Edit service account",
+    "description": "Title for editing a service account."
   },
   "addProject": {
     "message": "Add project",
@@ -6037,8 +6033,8 @@
   "hardDeleteSecretsConfirmation": {
     "message": "Are you sure you want to permanently delete these secrets?"
   },
-  "hardDeletesSuccessToast":{
-    "message":"Secrets permanently deleted"
+  "hardDeletesSuccessToast": {
+    "message": "Secrets permanently deleted"
   },
   "smAccess": {
     "message": "Access",
@@ -6052,7 +6048,7 @@
     "message": "Service account name",
     "description": "Label for the name of a service account"
   },
-   "serviceAccountCreated": {
+  "serviceAccountCreated": {
     "message": "Service account created",
     "description": "Notifies that a new service account has been created"
   },
@@ -6140,8 +6136,8 @@
     "message": "Secret sent to trash",
     "description": "Notification to be displayed when a secret is successfully sent to the trash."
   },
-  "hardDeleteSuccessToast":{
-    "message":"Secret permanently deleted"
+  "hardDeleteSuccessToast": {
+    "message": "Secret permanently deleted"
   },
   "accessTokens": {
     "message": "Access tokens",
@@ -6832,20 +6828,28 @@
   "trustedDeviceEncryption": {
     "message": "Trusted device encryption"
   },
-  "memberDecryptionTdeDescriptionStart": {
+  "memberDecryptionTdeDescriptionPartOne": {
     "message": "Once authenticated, members will decrypt vault data using a key stored on their device. The",
-    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Once authenticated, members will decrypt vault data using a key stored on their device. The account recovery administration policy with automatic enrollment will turn on when this option is used.'"
+    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Once authenticated, members will decrypt vault data using a key stored on their device. The single organization policy and account recovery administration policy with automatic enrollment will turn on when this option is used.'"
   },
-  "memberDecryptionTdeDescriptionLink": {
-    "message": "account recovery administration policy",
-    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Once authenticated, members will decrypt vault data using a key stored on their device. The account recovery administration policy with automatic enrollment will turn on when this option is used.'"
+  "memberDecryptionTdeDescriptionLinkOne": {
+    "message": "single organization",
+    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Once authenticated, members will decrypt vault data using a key stored on their device. The single organization policy and account recovery administration policy with automatic enrollment will turn on when this option is used.'"
   },
-  "memberDecryptionTdeDescriptionEnd": {
-    "message": "with automatic enrollment will turn on when this option is used.",
-    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Once authenticated, members will decrypt vault data using a key stored on their device. The master password reset policy with automatic enrollment will turn on when this option is used.'"
+  "memberDecryptionTdeDescriptionPartTwo": {
+    "message": "policy and ",
+    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Once authenticated, members will decrypt vault data using a key stored on their device. The single organization policy and account recovery administration policy with automatic enrollment will turn on when this option is used.'"
   },
-  "notFound":{
-    "message":  "$RESOURCE$ not found",
+  "memberDecryptionTdeDescriptionLinkTwo": {
+    "message": "account recovery administration",
+    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Once authenticated, members will decrypt vault data using a key stored on their device. The single organization policy and account recovery administration policy with automatic enrollment will turn on when this option is used.'"
+  },
+  "memberDecryptionTdeDescriptionPartThree": {
+    "message": "policy with automatic enrollment will turn on when this option is used.",
+    "description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Once authenticated, members will decrypt vault data using a key stored on their device. The single organization policy and account recovery administration policy with automatic enrollment will turn on when this option is used.'"
+  },
+  "notFound": {
+    "message": "$RESOURCE$ not found",
     "placeholders": {
       "resource": {
         "content": "$1",
diff --git a/bitwarden_license/bit-web/src/app/auth/sso/sso.component.html b/bitwarden_license/bit-web/src/app/auth/sso/sso.component.html
index de2c560ef8..b14af43cae 100644
--- a/bitwarden_license/bit-web/src/app/auth/sso/sso.component.html
+++ b/bitwarden_license/bit-web/src/app/auth/sso/sso.component.html
@@ -14,7 +14,7 @@
 <form [formGroup]="ssoConfigForm" [bitSubmit]="submit" *ngIf="!loading">
   <p>
     {{ "ssoPolicyHelpStart" | i18n }}
-    <a routerLink="../policies">{{ "ssoPolicyHelpLink" | i18n }}</a>
+    <a routerLink="../policies">{{ "ssoPolicyHelpAnchor" | i18n }}</a>
     {{ "ssoPolicyHelpEnd" | i18n }}
     <br />
   </p>
@@ -81,9 +81,11 @@
           {{ "trustedDeviceEncryption" | i18n }}
         </bit-label>
         <bit-hint>
-          {{ "memberDecryptionTdeDescriptionStart" | i18n }}
-          <a routerLink="../policies">{{ "memberDecryptionTdeDescriptionLink" | i18n }}</a>
-          {{ "memberDecryptionTdeDescriptionEnd" | i18n }}
+          {{ "memberDecryptionTdeDescriptionPartOne" | i18n }}
+          <a routerLink="../policies">{{ "memberDecryptionTdeDescriptionLinkOne" | i18n }}</a>
+          {{ "memberDecryptionTdeDescriptionPartTwo" | i18n }}
+          <a routerLink="../policies">{{ "memberDecryptionTdeDescriptionLinkTwo" | i18n }}</a>
+          {{ "memberDecryptionTdeDescriptionPartThree" | i18n }}
         </bit-hint>
       </bit-radio-button>
     </bit-radio-group>