Auth/pm 17111/add browser to list of approving clients (#5825)

* refactor(update-auth-approving-clients): [PM-17111] Add Browser to List of Approving Clients - Refactored how it works to fit different priorities.

src/Identity/IdentityServer/UserDecryptionOptionsBuilder.cs

@@ -22,6 +22,7 @@ public class UserDecryptionOptionsBuilder : IUserDecryptionOptionsBuilder
     private readonly ICurrentContext _currentContext;
     private readonly IDeviceRepository _deviceRepository;
     private readonly IOrganizationUserRepository _organizationUserRepository;
+    private readonly ILoginApprovingClientTypes _loginApprovingClientTypes;
 
     private UserDecryptionOptions _options = new UserDecryptionOptions();
     private User? _user;
@@ -31,12 +32,14 @@ public class UserDecryptionOptionsBuilder : IUserDecryptionOptionsBuilder
     public UserDecryptionOptionsBuilder(
         ICurrentContext currentContext,
         IDeviceRepository deviceRepository,
-        IOrganizationUserRepository organizationUserRepository
+        IOrganizationUserRepository organizationUserRepository,
+        ILoginApprovingClientTypes loginApprovingClientTypes
     )
     {
         _currentContext = currentContext;
         _deviceRepository = deviceRepository;
         _organizationUserRepository = organizationUserRepository;
+        _loginApprovingClientTypes = loginApprovingClientTypes;
     }
 
     public IUserDecryptionOptionsBuilder ForUser(User user)
@@ -119,8 +122,7 @@ public class UserDecryptionOptionsBuilder : IUserDecryptionOptionsBuilder
             // Checks if the current user has any devices that are capable of approving login with device requests except for
             // their current device.
             // NOTE: this doesn't check for if the users have configured the devices to be capable of approving requests as that is a client side setting.
-            hasLoginApprovingDevice = allDevices
-                .Any(d => d.Identifier != _device.Identifier && LoginApprovingClientTypes.TypesThatCanApprove.Contains(DeviceTypes.ToClientType(d.Type)));
+            hasLoginApprovingDevice = allDevices.Any(d => d.Identifier != _device.Identifier && _loginApprovingClientTypes.TypesThatCanApprove.Contains(DeviceTypes.ToClientType(d.Type)));
         }
 
         // Determine if user has manage reset password permission as post sso logic requires it for forcing users with this permission to set a MP

src/Identity/Utilities/LoginApprovingClientTypes.cs

@@ -1,22 +1,39 @@
-using Bit.Core.Enums;
+using Bit.Core;
+using Bit.Core.Enums;
+using Bit.Core.Services;
 
 namespace Bit.Identity.Utilities;
 
-public static class LoginApprovingClientTypes
+public interface ILoginApprovingClientTypes
 {
-    private static readonly IReadOnlyCollection<ClientType> _clientTypesThatCanApprove;
+    IReadOnlyCollection<ClientType> TypesThatCanApprove { get; }
+}
 
-    static LoginApprovingClientTypes()
+public class LoginApprovingClientTypes : ILoginApprovingClientTypes
+{
+    public LoginApprovingClientTypes(
+        IFeatureService featureService)
     {
-        var clientTypes = new List<ClientType>
+        if (featureService.IsEnabled(FeatureFlagKeys.BrowserExtensionLoginApproval))
         {
-            ClientType.Desktop,
-            ClientType.Mobile,
-            ClientType.Web,
-            ClientType.Browser,
-        };
-        _clientTypesThatCanApprove = clientTypes.AsReadOnly();
+            TypesThatCanApprove = new List<ClientType>
+            {
+                ClientType.Desktop,
+                ClientType.Mobile,
+                ClientType.Web,
+                ClientType.Browser,
+            };
+        }
+        else
+        {
+            TypesThatCanApprove = new List<ClientType>
+            {
+                ClientType.Desktop,
+                ClientType.Mobile,
+                ClientType.Web,
+            };
+        }
     }
 
-    public static IReadOnlyCollection<ClientType> TypesThatCanApprove => _clientTypesThatCanApprove;
+    public IReadOnlyCollection<ClientType> TypesThatCanApprove { get; }
 }

src/Identity/Utilities/ServiceCollectionExtensions.cs

@@ -23,6 +23,7 @@ public static class ServiceCollectionExtensions
         services.AddTransient<IUserDecryptionOptionsBuilder, UserDecryptionOptionsBuilder>();
         services.AddTransient<IDeviceValidator, DeviceValidator>();
         services.AddTransient<ITwoFactorAuthenticationValidator, TwoFactorAuthenticationValidator>();
+        services.AddTransient<ILoginApprovingClientTypes, LoginApprovingClientTypes>();
 
         var issuerUri = new Uri(globalSettings.BaseServiceUri.InternalIdentity);
         var identityServerBuilder = services