[AC-1145] Add trusted devices option to SSO Config Data (#2909)

* [AC-1145] Add TDE feature flag

* [AC-1145] Update .gitignore to ignore flags.json in the Api project

* [AC-1145] Introduce MemberDecryptionType property on SsoConfigurationData

* [AC-1145] Add MemberDecryptionType to the SsoConfigurationDataRequest model

* [AC-1145] Automatically enable password reset policy on TDE selection

* [AC-1145] Remove references to obsolete KeyConnectorEnabled field

* [AC-1145] Formatting

* [AC-1145] Update XML doc reference to MemberDecryptionType

test/Core.Test/Auth/Services/SsoConfigServiceTests.cs

@@ -1,4 +1,5 @@
 using Bit.Core.Auth.Entities;
+using Bit.Core.Auth.Enums;
 using Bit.Core.Auth.Models.Data;
 using Bit.Core.Auth.Repositories;
 using Bit.Core.Auth.Services;
@@ -83,7 +84,7 @@ public class SsoConfigServiceTests
             Id = 1,
             Data = new SsoConfigurationData
             {
-                KeyConnectorEnabled = true,
+                MemberDecryptionType = MemberDecryptionType.KeyConnector
             }.Serialize(),
             Enabled = true,
             OrganizationId = organization.Id,
@@ -127,7 +128,7 @@ public class SsoConfigServiceTests
             Id = 1,
             Data = new SsoConfigurationData
             {
-                KeyConnectorEnabled = true,
+                MemberDecryptionType = MemberDecryptionType.KeyConnector,
             }.Serialize(),
             Enabled = true,
             OrganizationId = organization.Id,
@@ -165,7 +166,7 @@ public class SsoConfigServiceTests
             Id = default,
             Data = new SsoConfigurationData
             {
-                KeyConnectorEnabled = true,
+                MemberDecryptionType = MemberDecryptionType.KeyConnector,
             }.Serialize(),
             Enabled = true,
             OrganizationId = organization.Id,
@@ -193,7 +194,7 @@ public class SsoConfigServiceTests
             Id = default,
             Data = new SsoConfigurationData
             {
-                KeyConnectorEnabled = true,
+                MemberDecryptionType = MemberDecryptionType.KeyConnector,
             }.Serialize(),
             Enabled = true,
             OrganizationId = organization.Id,
@@ -227,7 +228,7 @@ public class SsoConfigServiceTests
             Id = default,
             Data = new SsoConfigurationData
             {
-                KeyConnectorEnabled = true,
+                MemberDecryptionType = MemberDecryptionType.KeyConnector,
             }.Serialize(),
             Enabled = false,
             OrganizationId = organization.Id,
@@ -262,7 +263,7 @@ public class SsoConfigServiceTests
             Id = default,
             Data = new SsoConfigurationData
             {
-                KeyConnectorEnabled = true,
+                MemberDecryptionType = MemberDecryptionType.KeyConnector,
             }.Serialize(),
             Enabled = true,
             OrganizationId = organization.Id,
@@ -297,7 +298,7 @@ public class SsoConfigServiceTests
             Id = default,
             Data = new SsoConfigurationData
             {
-                KeyConnectorEnabled = true,
+                MemberDecryptionType = MemberDecryptionType.KeyConnector,
             }.Serialize(),
             Enabled = true,
             OrganizationId = organization.Id,

test/Core.Test/Models/Data/SelfHostedOrganizationDetailsTests.cs

@@ -1,5 +1,6 @@
 using Bit.Core.AdminConsole.Models.OrganizationConnectionConfigs;
 using Bit.Core.Auth.Entities;
+using Bit.Core.Auth.Enums;
 using Bit.Core.Auth.Models.Data;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
@@ -173,7 +174,7 @@ public class SelfHostedOrganizationDetailsTests
     {
         var (orgDetails, orgLicense) = GetOrganizationAndLicense(orgUsers, policies, ssoConfig, scimConnections, license);
         orgLicense.UseKeyConnector = false;
-        orgDetails.SsoConfig.SetData(new SsoConfigurationData() { KeyConnectorEnabled = false });
+        orgDetails.SsoConfig.SetData(new SsoConfigurationData() { MemberDecryptionType = MemberDecryptionType.MasterPassword });
 
         var result = orgDetails.CanUseLicense(license, out var exception);
 
@@ -318,7 +319,7 @@ public class SelfHostedOrganizationDetailsTests
         ssoConfig.Enabled = true;
         ssoConfig.SetData(new SsoConfigurationData()
         {
-            KeyConnectorEnabled = true
+            MemberDecryptionType = MemberDecryptionType.KeyConnector,
         });
 
         var enabledScimConfig = new ScimConfig() { Enabled = true };

test/Core.Test/Services/OrganizationServiceTests.cs

@@ -1,5 +1,6 @@
 using System.Text.Json;
 using Bit.Core.Auth.Entities;
+using Bit.Core.Auth.Enums;
 using Bit.Core.Auth.Models.Business;
 using Bit.Core.Auth.Models.Data;
 using Bit.Core.Auth.Repositories;
@@ -1192,7 +1193,7 @@ public class OrganizationServiceTests
         SsoConfig ssoConfig)
     {
         ssoConfig.Enabled = true;
-        ssoConfig.SetData(new SsoConfigurationData { KeyConnectorEnabled = true });
+        ssoConfig.SetData(new SsoConfigurationData { MemberDecryptionType = MemberDecryptionType.KeyConnector });
         var ssoConfigRepository = sutProvider.GetDependency<ISsoConfigRepository>();
         var organizationRepository = sutProvider.GetDependency<IOrganizationRepository>();
         var applicationCacheService = sutProvider.GetDependency<IApplicationCacheService>();

test/Core.Test/Services/PolicyServiceTests.cs

@@ -1,4 +1,5 @@
 using Bit.Core.Auth.Entities;
+using Bit.Core.Auth.Enums;
 using Bit.Core.Auth.Models.Data;
 using Bit.Core.Auth.Repositories;
 using Bit.Core.Entities;
@@ -147,7 +148,7 @@ public class PolicyServiceTests
         });
 
         var ssoConfig = new SsoConfig { Enabled = true };
-        var data = new SsoConfigurationData { KeyConnectorEnabled = true };
+        var data = new SsoConfigurationData { MemberDecryptionType = MemberDecryptionType.KeyConnector };
         ssoConfig.SetData(data);
 
         sutProvider.GetDependency<ISsoConfigRepository>()