From 7bd8b00fbf615bbf3f14b85a67dcd2a45f955541 Mon Sep 17 00:00:00 2001
From: Todd Martin <106564991+trmartin4@users.noreply.github.com>
Date: Wed, 10 Jan 2024 12:33:11 -0500
Subject: [PATCH] [PM-2260] Remove TDE feature flag and all conditional logic
 based on it (#7352)

---
 apps/browser/src/popup/app-routing.module.ts           |  7 +------
 apps/desktop/src/app/app-routing.module.ts             |  7 +------
 .../organizations/settings/settings.component.html     |  2 +-
 apps/web/src/app/oss-routing.module.ts                 |  7 +------
 .../organizations/organizations-routing.module.ts      |  7 +------
 .../bit-web/src/app/auth/sso/sso.component.html        |  1 -
 .../bit-web/src/app/auth/sso/sso.component.ts          | 10 +---------
 libs/angular/src/auth/components/sso.component.ts      |  7 +------
 .../src/auth/components/two-factor.component.ts        | 10 +---------
 libs/common/src/enums/feature-flag.enum.ts             |  1 -
 10 files changed, 8 insertions(+), 51 deletions(-)

diff --git a/apps/browser/src/popup/app-routing.module.ts b/apps/browser/src/popup/app-routing.module.ts
index bbfdee98b9..ac402e9583 100644
--- a/apps/browser/src/popup/app-routing.module.ts
+++ b/apps/browser/src/popup/app-routing.module.ts
@@ -8,8 +8,6 @@ import {
   tdeDecryptionRequiredGuard,
   unauthGuardFn,
 } from "@bitwarden/angular/auth/guards";
-import { canAccessFeature } from "@bitwarden/angular/platform/guard/feature-flag.guard";
-import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 
 import { fido2AuthGuard } from "../auth/guards/fido2-auth.guard";
 import { AccountSwitcherComponent } from "../auth/popup/account-switching/account-switcher.component";
@@ -129,10 +127,7 @@ const routes: Routes = [
   {
     path: "login-initiated",
     component: LoginDecryptionOptionsComponent,
-    canActivate: [
-      tdeDecryptionRequiredGuard(),
-      canAccessFeature(FeatureFlag.TrustedDeviceEncryption),
-    ],
+    canActivate: [tdeDecryptionRequiredGuard()],
   },
   {
     path: "sso",
diff --git a/apps/desktop/src/app/app-routing.module.ts b/apps/desktop/src/app/app-routing.module.ts
index 372f8b14da..4fc19c8433 100644
--- a/apps/desktop/src/app/app-routing.module.ts
+++ b/apps/desktop/src/app/app-routing.module.ts
@@ -7,8 +7,6 @@ import {
   redirectGuard,
   tdeDecryptionRequiredGuard,
 } from "@bitwarden/angular/auth/guards";
-import { canAccessFeature } from "@bitwarden/angular/platform/guard/feature-flag.guard";
-import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 
 import { AccessibilityCookieComponent } from "../auth/accessibility-cookie.component";
 import { LoginGuard } from "../auth/guards/login.guard";
@@ -56,10 +54,7 @@ const routes: Routes = [
   {
     path: "login-initiated",
     component: LoginDecryptionOptionsComponent,
-    canActivate: [
-      tdeDecryptionRequiredGuard(),
-      canAccessFeature(FeatureFlag.TrustedDeviceEncryption),
-    ],
+    canActivate: [tdeDecryptionRequiredGuard()],
   },
   { path: "register", component: RegisterComponent },
   {
diff --git a/apps/web/src/app/admin-console/organizations/settings/settings.component.html b/apps/web/src/app/admin-console/organizations/settings/settings.component.html
index 036d05d0f7..47592df378 100644
--- a/apps/web/src/app/admin-console/organizations/settings/settings.component.html
+++ b/apps/web/src/app/admin-console/organizations/settings/settings.component.html
@@ -60,7 +60,7 @@
           >
             {{ "singleSignOn" | i18n }}
           </a>
-          <ng-container *appIfFeature="FeatureFlag.TrustedDeviceEncryption">
+          <ng-container>
             <a
               routerLink="device-approvals"
               class="list-group-item"
diff --git a/apps/web/src/app/oss-routing.module.ts b/apps/web/src/app/oss-routing.module.ts
index 9bf318f657..aa4df5de14 100644
--- a/apps/web/src/app/oss-routing.module.ts
+++ b/apps/web/src/app/oss-routing.module.ts
@@ -8,8 +8,6 @@ import {
   tdeDecryptionRequiredGuard,
   UnauthGuard,
 } from "@bitwarden/angular/auth/guards";
-import { canAccessFeature } from "@bitwarden/angular/platform/guard/feature-flag.guard";
-import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 
 import { flagEnabled, Flags } from "../utils/flags";
 
@@ -84,10 +82,7 @@ const routes: Routes = [
       {
         path: "login-initiated",
         component: LoginDecryptionOptionsComponent,
-        canActivate: [
-          tdeDecryptionRequiredGuard(),
-          canAccessFeature(FeatureFlag.TrustedDeviceEncryption),
-        ],
+        canActivate: [tdeDecryptionRequiredGuard()],
       },
       {
         path: "register",
diff --git a/bitwarden_license/bit-web/src/app/admin-console/organizations/organizations-routing.module.ts b/bitwarden_license/bit-web/src/app/admin-console/organizations/organizations-routing.module.ts
index ba6a5f64e0..86e1d5d24b 100644
--- a/bitwarden_license/bit-web/src/app/admin-console/organizations/organizations-routing.module.ts
+++ b/bitwarden_license/bit-web/src/app/admin-console/organizations/organizations-routing.module.ts
@@ -2,10 +2,8 @@ import { NgModule } from "@angular/core";
 import { RouterModule, Routes } from "@angular/router";
 
 import { AuthGuard } from "@bitwarden/angular/auth/guards";
-import { canAccessFeature } from "@bitwarden/angular/platform/guard/feature-flag.guard";
 import { canAccessSettingsTab } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
-import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { OrganizationPermissionsGuard } from "@bitwarden/web-vault/app/admin-console/organizations/guards/org-permissions.guard";
 import { OrganizationLayoutComponent } from "@bitwarden/web-vault/app/admin-console/organizations/layouts/organization-layout.component";
 import { SettingsComponent } from "@bitwarden/web-vault/app/admin-console/organizations/settings/settings.component";
@@ -57,10 +55,7 @@ const routes: Routes = [
           {
             path: "device-approvals",
             component: DeviceApprovalsComponent,
-            canActivate: [
-              OrganizationPermissionsGuard,
-              canAccessFeature(FeatureFlag.TrustedDeviceEncryption),
-            ],
+            canActivate: [OrganizationPermissionsGuard],
             data: {
               organizationPermissions: (org: Organization) => org.canManageDeviceApprovals,
               titleId: "deviceApprovals",
diff --git a/bitwarden_license/bit-web/src/app/auth/sso/sso.component.html b/bitwarden_license/bit-web/src/app/auth/sso/sso.component.html
index 48567dcd50..9109346077 100644
--- a/bitwarden_license/bit-web/src/app/auth/sso/sso.component.html
+++ b/bitwarden_license/bit-web/src/app/auth/sso/sso.component.html
@@ -78,7 +78,6 @@
         class="tw-block"
         id="memberDecryptionTde"
         [value]="memberDecryptionType.TrustedDeviceEncryption"
-        *ngIf="showTdeOptions"
       >
         <bit-label>
           {{ "trustedDevices" | i18n }}
diff --git a/bitwarden_license/bit-web/src/app/auth/sso/sso.component.ts b/bitwarden_license/bit-web/src/app/auth/sso/sso.component.ts
index 7c97d78eee..d1171aefae 100644
--- a/bitwarden_license/bit-web/src/app/auth/sso/sso.component.ts
+++ b/bitwarden_license/bit-web/src/app/auth/sso/sso.component.ts
@@ -26,7 +26,6 @@ import { SsoConfigApi } from "@bitwarden/common/auth/models/api/sso-config.api";
 import { OrganizationSsoRequest } from "@bitwarden/common/auth/models/request/organization-sso.request";
 import { OrganizationSsoResponse } from "@bitwarden/common/auth/models/response/organization-sso.response";
 import { SsoConfigView } from "@bitwarden/common/auth/models/view/sso-config.view";
-import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
@@ -235,14 +234,7 @@ export class SsoComponent implements OnInit, OnDestroy {
       )
       .subscribe();
 
-    const tdeFeatureFlag = await this.configService.getFeatureFlag<boolean>(
-      FeatureFlag.TrustedDeviceEncryption,
-    );
-
-    this.showTdeOptions = tdeFeatureFlag;
-    // If the tde flag is not enabled, continue showing the key connector options to keep the UI the same
-    // Once the flag is removed, we can rely on the platformUtilsService.isSelfHost() check alone
-    this.showKeyConnectorOptions = !tdeFeatureFlag || this.platformUtilsService.isSelfHost();
+    this.showKeyConnectorOptions = this.platformUtilsService.isSelfHost();
   }
 
   ngOnDestroy(): void {
diff --git a/libs/angular/src/auth/components/sso.component.ts b/libs/angular/src/auth/components/sso.component.ts
index 8a7e4ae0a1..49047144ff 100644
--- a/libs/angular/src/auth/components/sso.component.ts
+++ b/libs/angular/src/auth/components/sso.component.ts
@@ -9,7 +9,6 @@ import { ForceSetPasswordReason } from "@bitwarden/common/auth/models/domain/for
 import { SsoLoginCredentials } from "@bitwarden/common/auth/models/domain/login-credentials";
 import { TrustedDeviceUserDecryptionOption } from "@bitwarden/common/auth/models/domain/user-decryption-options/trusted-device-user-decryption-option";
 import { SsoPreValidateResponse } from "@bitwarden/common/auth/models/response/sso-pre-validate.response";
-import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
@@ -248,11 +247,7 @@ export class SsoComponent {
   private async isTrustedDeviceEncEnabled(
     trustedDeviceOption: TrustedDeviceUserDecryptionOption,
   ): Promise<boolean> {
-    const trustedDeviceEncryptionFeatureActive = await this.configService.getFeatureFlag<boolean>(
-      FeatureFlag.TrustedDeviceEncryption,
-    );
-
-    return trustedDeviceEncryptionFeatureActive && trustedDeviceOption !== undefined;
+    return trustedDeviceOption !== undefined;
   }
 
   private async handleTwoFactorRequired(orgIdentifier: string) {
diff --git a/libs/angular/src/auth/components/two-factor.component.ts b/libs/angular/src/auth/components/two-factor.component.ts
index 75e10419aa..38c1618fc8 100644
--- a/libs/angular/src/auth/components/two-factor.component.ts
+++ b/libs/angular/src/auth/components/two-factor.component.ts
@@ -17,7 +17,6 @@ import { TokenTwoFactorRequest } from "@bitwarden/common/auth/models/request/ide
 import { TwoFactorEmailRequest } from "@bitwarden/common/auth/models/request/two-factor-email.request";
 import { TwoFactorProviders } from "@bitwarden/common/auth/services/two-factor.service";
 import { WebAuthnIFrame } from "@bitwarden/common/auth/webauthn-iframe";
-import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
 import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
@@ -275,15 +274,8 @@ export class TwoFactorComponent extends CaptchaProtectedComponent implements OnI
     trustedDeviceOption: TrustedDeviceUserDecryptionOption,
   ): Promise<boolean> {
     const ssoTo2faFlowActive = this.route.snapshot.queryParamMap.get("sso") === "true";
-    const trustedDeviceEncryptionFeatureActive = await this.configService.getFeatureFlag<boolean>(
-      FeatureFlag.TrustedDeviceEncryption,
-    );
 
-    return (
-      ssoTo2faFlowActive &&
-      trustedDeviceEncryptionFeatureActive &&
-      trustedDeviceOption !== undefined
-    );
+    return ssoTo2faFlowActive && trustedDeviceOption !== undefined;
   }
 
   private async handleTrustedDeviceEncryptionEnabled(
diff --git a/libs/common/src/enums/feature-flag.enum.ts b/libs/common/src/enums/feature-flag.enum.ts
index 7f8ca7735e..09a6a8b2a3 100644
--- a/libs/common/src/enums/feature-flag.enum.ts
+++ b/libs/common/src/enums/feature-flag.enum.ts
@@ -1,5 +1,4 @@
 export enum FeatureFlag {
-  TrustedDeviceEncryption = "trusted-device-encryption",
   PasswordlessLogin = "passwordless-login",
   AutofillV2 = "autofill-v2",
   AutofillOverlay = "autofill-overlay",