[AC-1046] activate autofill on page load policy

[jlf0dev]

Type of change

- [ ] Bug fix
- [x] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

Adds a new policy that will automatically activate auto-fill on page load for all users in the organization when the policy is enabled.

From the end-user perspective, a one-time notification will show to indicate that the organization turned on the setting. The policy will not restrict the user from modifying the setting after activation. This means that the user can:

• Turn off auto-fill
• Modify the “default autofill setting for login items”
• Modify URI match detection on the item level

Server dependency at bitwarden/server#2751

Code changes

Some of the messaging on browser has been lost recently, specifically "loggedIn", "unlocked", and "syncCompleted" messages don't get caught by the bitwardenPopupMainMessageListener. This means that we can't detect when the user completes any of these actions to activate the setting and show the popup. As an alternative, I have attached the flag detection on the current-tab.component so when the user navigates to that page it activates from the policy.

• bitwarden_license/bit-web/src/app/policies/activate-autofill.component.html,ts: New component for the ActivateAutofill policy
• apps/browser/src/services/browser-policy.service.ts: Whenever the policies are updated, we check for the ActivateAutofill policy and set a flag for later when we know the popup is open.
• libs/common/src/enums/policyType.ts: add flag to state service
• apps/browser/src/vault/popup/components/vault/vault-filter.component.ts: Checks for previous flag and enables autofill on page load if true.

Screenshots

Before you submit

• Please add unit tests where it makes sense to do so (encouraged but not required)
• If this change requires a documentation update - notify the documentation team
• If this change has particular deployment requirements - notify the DevOps team

[differsthecat]

We had a good discussion here a couple of weeks ago about some of the impacts of the autofill on page load setting. Enabling it can be a security risk. Should we add a callout here similar to the one in the autofill settings with a warning that it can be exploited?

[jlf0dev]

This is a very good point, @bitwarden/dept-design what would you think about copying everything after WARNING: into a callout on the policy?

[jlf0dev]

@differsthecat added a callout, nice catch!

[differsthecat]

This looks good, thank you @jlf0dev !

[jlf0dev]

Adding hold - we need to restrict this feature to Enterprise 2020 plans

[jlf0dev]

Update: This feature has been locked to the current Enterprise plans. This is more of a 'hard lock' than other features, and doesn't allow CS to toggle the feature on/off. Since this is a hackathon item, Product felt this was appropriate.

[differsthecat]

Looks good!