[PM-2260] Remove TDE feature flag and all conditional logic based on it (#7352)

apps/browser/src/popup/app-routing.module.ts

@@ -8,8 +8,6 @@ import {
   tdeDecryptionRequiredGuard,
   unauthGuardFn,
 } from "@bitwarden/angular/auth/guards";
-import { canAccessFeature } from "@bitwarden/angular/platform/guard/feature-flag.guard";
-import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 
 import { fido2AuthGuard } from "../auth/guards/fido2-auth.guard";
 import { AccountSwitcherComponent } from "../auth/popup/account-switching/account-switcher.component";
@@ -129,10 +127,7 @@ const routes: Routes = [
   {
     path: "login-initiated",
     component: LoginDecryptionOptionsComponent,
-    canActivate: [
+    canActivate: [tdeDecryptionRequiredGuard()],
-      tdeDecryptionRequiredGuard(),
-      canAccessFeature(FeatureFlag.TrustedDeviceEncryption),
-    ],
   },
   {
     path: "sso",

apps/desktop/src/app/app-routing.module.ts

@@ -7,8 +7,6 @@ import {
   redirectGuard,
   tdeDecryptionRequiredGuard,
 } from "@bitwarden/angular/auth/guards";
-import { canAccessFeature } from "@bitwarden/angular/platform/guard/feature-flag.guard";
-import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 
 import { AccessibilityCookieComponent } from "../auth/accessibility-cookie.component";
 import { LoginGuard } from "../auth/guards/login.guard";
@@ -56,10 +54,7 @@ const routes: Routes = [
   {
     path: "login-initiated",
     component: LoginDecryptionOptionsComponent,
-    canActivate: [
+    canActivate: [tdeDecryptionRequiredGuard()],
-      tdeDecryptionRequiredGuard(),
-      canAccessFeature(FeatureFlag.TrustedDeviceEncryption),
-    ],
   },
   { path: "register", component: RegisterComponent },
   {

apps/web/src/app/admin-console/organizations/settings/settings.component.html

@@ -60,7 +60,7 @@
           >
             {{ "singleSignOn" | i18n }}
           </a>
-          <ng-container *appIfFeature="FeatureFlag.TrustedDeviceEncryption">
+          <ng-container>
             <a
               routerLink="device-approvals"
               class="list-group-item"

apps/web/src/app/oss-routing.module.ts

@@ -8,8 +8,6 @@ import {
   tdeDecryptionRequiredGuard,
   UnauthGuard,
 } from "@bitwarden/angular/auth/guards";
-import { canAccessFeature } from "@bitwarden/angular/platform/guard/feature-flag.guard";
-import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 
 import { flagEnabled, Flags } from "../utils/flags";
 
@@ -84,10 +82,7 @@ const routes: Routes = [
       {
         path: "login-initiated",
         component: LoginDecryptionOptionsComponent,
-        canActivate: [
+        canActivate: [tdeDecryptionRequiredGuard()],
-          tdeDecryptionRequiredGuard(),
-          canAccessFeature(FeatureFlag.TrustedDeviceEncryption),
-        ],
       },
       {
         path: "register",

bitwarden_license/bit-web/src/app/admin-console/organizations/organizations-routing.module.ts

@@ -2,10 +2,8 @@ import { NgModule } from "@angular/core";
 import { RouterModule, Routes } from "@angular/router";
 
 import { AuthGuard } from "@bitwarden/angular/auth/guards";
-import { canAccessFeature } from "@bitwarden/angular/platform/guard/feature-flag.guard";
 import { canAccessSettingsTab } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
-import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { OrganizationPermissionsGuard } from "@bitwarden/web-vault/app/admin-console/organizations/guards/org-permissions.guard";
 import { OrganizationLayoutComponent } from "@bitwarden/web-vault/app/admin-console/organizations/layouts/organization-layout.component";
 import { SettingsComponent } from "@bitwarden/web-vault/app/admin-console/organizations/settings/settings.component";
@@ -57,10 +55,7 @@ const routes: Routes = [
           {
             path: "device-approvals",
             component: DeviceApprovalsComponent,
-            canActivate: [
+            canActivate: [OrganizationPermissionsGuard],
-              OrganizationPermissionsGuard,
-              canAccessFeature(FeatureFlag.TrustedDeviceEncryption),
-            ],
             data: {
               organizationPermissions: (org: Organization) => org.canManageDeviceApprovals,
               titleId: "deviceApprovals",

bitwarden_license/bit-web/src/app/auth/sso/sso.component.html

@@ -78,7 +78,6 @@
         class="tw-block"
         id="memberDecryptionTde"
         [value]="memberDecryptionType.TrustedDeviceEncryption"
-        *ngIf="showTdeOptions"
       >
         <bit-label>
           {{ "trustedDevices" | i18n }}

bitwarden_license/bit-web/src/app/auth/sso/sso.component.ts

@@ -26,7 +26,6 @@ import { SsoConfigApi } from "@bitwarden/common/auth/models/api/sso-config.api";
 import { OrganizationSsoRequest } from "@bitwarden/common/auth/models/request/organization-sso.request";
 import { OrganizationSsoResponse } from "@bitwarden/common/auth/models/response/organization-sso.response";
 import { SsoConfigView } from "@bitwarden/common/auth/models/view/sso-config.view";
-import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
@@ -235,14 +234,7 @@ export class SsoComponent implements OnInit, OnDestroy {
       )
       .subscribe();
 
-    const tdeFeatureFlag = await this.configService.getFeatureFlag<boolean>(
+    this.showKeyConnectorOptions = this.platformUtilsService.isSelfHost();
-      FeatureFlag.TrustedDeviceEncryption,
-    );
-
-    this.showTdeOptions = tdeFeatureFlag;
-    // If the tde flag is not enabled, continue showing the key connector options to keep the UI the same
-    // Once the flag is removed, we can rely on the platformUtilsService.isSelfHost() check alone
-    this.showKeyConnectorOptions = !tdeFeatureFlag || this.platformUtilsService.isSelfHost();
   }
 
   ngOnDestroy(): void {

libs/angular/src/auth/components/sso.component.ts

@@ -9,7 +9,6 @@ import { ForceSetPasswordReason } from "@bitwarden/common/auth/models/domain/for
 import { SsoLoginCredentials } from "@bitwarden/common/auth/models/domain/login-credentials";
 import { TrustedDeviceUserDecryptionOption } from "@bitwarden/common/auth/models/domain/user-decryption-options/trusted-device-user-decryption-option";
 import { SsoPreValidateResponse } from "@bitwarden/common/auth/models/response/sso-pre-validate.response";
-import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
@@ -248,11 +247,7 @@ export class SsoComponent {
   private async isTrustedDeviceEncEnabled(
     trustedDeviceOption: TrustedDeviceUserDecryptionOption,
   ): Promise<boolean> {
-    const trustedDeviceEncryptionFeatureActive = await this.configService.getFeatureFlag<boolean>(
+    return trustedDeviceOption !== undefined;
-      FeatureFlag.TrustedDeviceEncryption,
-    );
-
-    return trustedDeviceEncryptionFeatureActive && trustedDeviceOption !== undefined;
   }
 
   private async handleTwoFactorRequired(orgIdentifier: string) {

libs/angular/src/auth/components/two-factor.component.ts

@@ -17,7 +17,6 @@ import { TokenTwoFactorRequest } from "@bitwarden/common/auth/models/request/ide
 import { TwoFactorEmailRequest } from "@bitwarden/common/auth/models/request/two-factor-email.request";
 import { TwoFactorProviders } from "@bitwarden/common/auth/services/two-factor.service";
 import { WebAuthnIFrame } from "@bitwarden/common/auth/webauthn-iframe";
-import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
 import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
@@ -275,15 +274,8 @@ export class TwoFactorComponent extends CaptchaProtectedComponent implements OnI
     trustedDeviceOption: TrustedDeviceUserDecryptionOption,
   ): Promise<boolean> {
     const ssoTo2faFlowActive = this.route.snapshot.queryParamMap.get("sso") === "true";
-    const trustedDeviceEncryptionFeatureActive = await this.configService.getFeatureFlag<boolean>(
-      FeatureFlag.TrustedDeviceEncryption,
-    );
 
-    return (
+    return ssoTo2faFlowActive && trustedDeviceOption !== undefined;
-      ssoTo2faFlowActive &&
-      trustedDeviceEncryptionFeatureActive &&
-      trustedDeviceOption !== undefined
-    );
   }
 
   private async handleTrustedDeviceEncryptionEnabled(

libs/common/src/enums/feature-flag.enum.ts

@@ -1,5 +1,4 @@
 export enum FeatureFlag {
-  TrustedDeviceEncryption = "trusted-device-encryption",
   PasswordlessLogin = "passwordless-login",
   AutofillV2 = "autofill-v2",
   AutofillOverlay = "autofill-overlay",