Auth/PM-3515 - Lock component Tech Debt Clean up (#10332)

* PM-3515 - Lock component - remove isUnlocked check on lock comp load b/c lock guard should cover all cases with its existing logic for all clients. * PM-3515 - VaultTimeoutSettingsSvc - Add new canLock method * PM-3515 - Refactor logic out of lock component that belongs in lock guard. Update lock guard to reject route activation if a user can't lock whereas we used to log the user out when they landed on the lock comp. * PM-3515 - WIP on testing all lock guard scenarios * PM-3515 - Refactor lock guard tests + add more tests * PM-3515 - LockGuard - if TDE user that is authN directly navigates from login-init to lock for whatever reason (only possible on web with url bar), reject that navigation directly instead of throwing them up to the redirect guard * PM-3515 - More LockGuard tests * PM-3515 - Update comment
2025-12-15 07:43:35 +00:00 · 2024-08-12 15:51:57 -04:00
parent d5cc2d6518
commit 0d829b7398
6 changed files with 297 additions and 38 deletions
--- a/libs/common/src/abstractions/vault-timeout/vault-timeout-settings.service.ts
+++ b/libs/common/src/abstractions/vault-timeout/vault-timeout-settings.service.ts
@@ -25,6 +25,12 @@ export abstract class VaultTimeoutSettingsService {
   */
  availableVaultTimeoutActions$: (userId?: string) => Observable<VaultTimeoutAction[]>;

+  /**
+   * Evaluates the user's available vault timeout actions and returns a boolean representing
+   * if the user can lock or not
+   */
+  canLock: (userId: string) => Promise<boolean>;
+
  /**
   * Gets the vault timeout action for the given user id. The returned value is
   * calculated based on the current state, if a max vault timeout policy applies to the user,