feat(change-password): [PM-18720] (#5319) Change Password Implementation for Non Dialog Cases (#15319)

* feat(change-password-component): Change Password Update [18720] - Very close to complete.

* fix(policy-enforcement): [PM-21085] Fix Bug with Policy Enforcement - Removed temp code to force the state I need to verify correctness.

* fix(policy-enforcement): [PM-21085] Fix Bug with Policy Enforcement - Recover account working with change password component.

* fix(policy-enforcement): [PM-21085] Fix Bug with Policy Enforcement - Made code more dry.

* fix(change-password-component): Change Password Update [18720] - Updates to routing and the extension. Extension is still a wip.

* fix(change-password-component): Change Password Update [18720] - Extension routing changes.

* feat(change-password-component): Change Password Update [18720] - More extension work

* feat(change-password-component): Change Password Update [18720] - Pausing work for now while we wait for product to hear back.

* feat(change-password-component): Change Password Update [18720] - Removed duplicated anon layouts.

* feat(change-password-component): Change Password Update [18720] - Tidied up code.

* feat(change-password-component): Change Password Update [18720] - Small fixes to the styling

* feat(change-password-component): Change Password Update [18720] - Adding more content for the routing.

* feat(change-password-component): Change Password Update [18720] - Removed circular loop for now.

* feat(change-password-component): Change Password Update [18720] - Made comments regarding the change password routing complexities with change-password and auth guard.

* feat(change-password-component): Change Password Update [18720] - Undid some changes because they will be conflicts later on.

* feat(change-password-component): Change Password Update [18720] - Small directive change.

* feat(change-password-component): Change Password Update [18720] - Small changes and added some clarification on where I'm blocked

* feat(change-password-component): Change Password Update [18720] - Org invite is seemingly working, found one bug to iron out.

* refactor(change-password-component): Change Password Update [18720] - Fixed up policy service to be made more clear.

* docs(change-password-component): Change Password Update [18720] - Updated documentation.

* refactor(change-password-component): Change Password Update [18720] - Routing changes and policy service changes.

* fix(change-password-component): Change Password Update [18720] - Wrapping up changes.

* feat(change-password-component): Change Password Update [18720] - Should be working fully

* feat(change-password-component): Change Password Update [18720] - Found a bug, working on password policy being present on login.

* feat(change-password-component): Change Password Update [18720] - Turned on auth guard on other clients for change-password route.

* feat(change-password-component): Change Password Update [18720] - Committing intermediate changes.

* feat(change-password-component): Change Password Update [18720] - The master password policy endpoint has been added! Should be working. Testing now.

* feat(change-password-component): Change Password Update [18720] - Minor fixes.

* feat(change-password-component): Change Password Update [18720] - Undid naming change.

* feat(change-password-component): Change Password Update [18720] - Removed comment.

* feat(change-password-component): Change Password Update [18720] - Removed unneeded code.

* fix(change-password-component): Change Password Update [18720] - Took org invite state out of service and made it accessible.

* fix(change-password-component): Change Password Update [18720] - Small changes.

* fix(change-password-component): Change Password Update [18720] - Split up org invite service into client specific implementations and have them injected into clients properly

* feat(change-password-component): Change Password Update [18720] - Stopping work and going to switch to a new branch to pare down some of the solutions that were made to get this over the finish line

* feat(change-password-component): Change Password Update [18720] - Started to remove functionality in the login.component and the password login strategy.

* feat(change-password-component): Change Password Update [18720] - Removed more unneded changes.

* feat(change-password-component): Change Password Update [18720] - Change password clearing state working properly.

* fix(change-password-component): Change Password Update [18720] - Added docs and moved web implementation.

* comments(change-password-component): Change Password Update [18720] - Added more notes.

* test(change-password-component): Change Password Update [18720] - Added in tests for policy service.

* comment(change-password-component): Change Password Update [18720] - Updated doc with correct ticket number.

* comment(change-password-component): Change Password Update [18720] - Fixed doc.

* test(change-password-component): Change Password Update [18720] - Fixed tests.

* test(change-password-component): Change Password Update [18720] - Fixed linting errors. Have more tests to fix.

* test(change-password-component): Change Password Update [18720] - Added back in ignore for typesafety.

* fix(change-password-component): Change Password Update [18720] - Fixed other type issues.

* test(change-password-component): Change Password Update [18720] - Fixed tests.

* test(change-password-component): Change Password Update [18720] - Fixed more tests.

* test(change-password-component): Change Password Update [18720] - Fixed tiny duplicate code.

* fix(change-password-component): Change Password Update [18720] - Fixed desktop component.

* fix(change-password-component): Change Password Update [18720] - Removed unused code

* fix(change-password-component): Change Password Update [18720] - Fixed locales.

* fix(change-password-component): Change Password Update [18720] - Removed tracing.

* fix(change-password-component): Change Password Update [18720] - Removed duplicative services module entry.

* fix(change-password-component): Change Password Update [18720] - Added comment.

* fix(change-password-component): Change Password Update [18720] - Fixed unneeded call in two factor to get user id.

* fix(change-password-component): Change Password Update [18720] - Fixed a couple of tiny things.

* fix(change-password-component): Change Password Update [18720] - Added comment for later fix.

* fix(change-password-component): Change Password Update [18720] - Fixed linting error.

* PM-18720 - AuthGuard - move call to get isChangePasswordFlagOn down after other conditions for efficiency.

* PM-18720 - PasswordLoginStrategy tests - test new feature flagged combine org invite policies logic for weak password evaluation.

* PM-18720 - CLI - fix dep issue

* PM-18720 - ChangePasswordComp - extract change password warning up out of input password component

* PM-18720 - InputPassword - remove unused dependency.

* PM-18720 - ChangePasswordComp - add callout dep

* PM-18720 - Revert all anon-layout changes

* PM-18720 - Anon Layout - finish reverting changes.

* PM-18720 - WIP move of change password out of libs/auth

* PM-18720 - Clean up remaining imports from moving change password out of libs/auth

* PM-18720 - Add change-password barrel file for better import grouping

* PM-18720 - Change Password comp - restore maxWidth

* PM-18720 - After merge, fix errors

* PM-18720 - Desktop - fix api service import

* PM-18720 - NDV - fix routing.

* PM-18720 - Change Password Comp - add logout service todo

* PM-18720 - PasswordSettings - per feedback, component is already feature flagged behind PM16117_ChangeExistingPasswordRefactor so we can just delete the replaced callout (new text is in change-password comp)

* PM-18720 - Routing Modules - properly flag new component behind feature flag.

* PM-18720 - SSO Login Strategy - fix config service import since it is now in shared deps from main merge.

* PM-18720 - Fix SSO login strategy tests

* PM-18720 - Default Policy Service - address AC PR feedback

---------

Co-authored-by: Jared Snider <jsnider@bitwarden.com>
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>

libs/auth/src/common/login-strategies/auth-request-login.strategy.spec.ts

@@ -14,6 +14,7 @@ import {
   VaultTimeoutSettingsService,
 } from "@bitwarden/common/key-management/vault-timeout";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
@@ -55,6 +56,7 @@ describe("AuthRequestLoginStrategy", () => {
   let vaultTimeoutSettingsService: MockProxy<VaultTimeoutSettingsService>;
   let kdfConfigService: MockProxy<KdfConfigService>;
   let environmentService: MockProxy<EnvironmentService>;
+  let configService: MockProxy<ConfigService>;
 
   const mockUserId = Utils.newGuid() as UserId;
   let accountService: FakeAccountService;
@@ -91,6 +93,7 @@ describe("AuthRequestLoginStrategy", () => {
     vaultTimeoutSettingsService = mock<VaultTimeoutSettingsService>();
     kdfConfigService = mock<KdfConfigService>();
     environmentService = mock<EnvironmentService>();
+    configService = mock<ConfigService>();
 
     accountService = mockAccountServiceWith(mockUserId);
     masterPasswordService = new FakeMasterPasswordService();
@@ -121,6 +124,7 @@ describe("AuthRequestLoginStrategy", () => {
       vaultTimeoutSettingsService,
       kdfConfigService,
       environmentService,
+      configService,
     );
 
     tokenResponse = identityTokenResponseFactory();

libs/auth/src/common/login-strategies/login.strategy.spec.ts

@@ -24,6 +24,7 @@ import {
   VaultTimeoutSettingsService,
 } from "@bitwarden/common/key-management/vault-timeout";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
@@ -123,6 +124,7 @@ describe("LoginStrategy", () => {
   let vaultTimeoutSettingsService: MockProxy<VaultTimeoutSettingsService>;
   let kdfConfigService: MockProxy<KdfConfigService>;
   let environmentService: MockProxy<EnvironmentService>;
+  let configService: MockProxy<ConfigService>;
 
   let passwordLoginStrategy: PasswordLoginStrategy;
   let credentials: PasswordLoginCredentials;
@@ -148,6 +150,7 @@ describe("LoginStrategy", () => {
     passwordStrengthService = mock<PasswordStrengthService>();
     billingAccountProfileStateService = mock<BillingAccountProfileStateService>();
     environmentService = mock<EnvironmentService>();
+    configService = mock<ConfigService>();
 
     vaultTimeoutSettingsService = mock<VaultTimeoutSettingsService>();
 
@@ -177,6 +180,7 @@ describe("LoginStrategy", () => {
       vaultTimeoutSettingsService,
       kdfConfigService,
       environmentService,
+      configService,
     );
     credentials = new PasswordLoginCredentials(email, masterPassword);
   });
@@ -491,6 +495,7 @@ describe("LoginStrategy", () => {
         vaultTimeoutSettingsService,
         kdfConfigService,
         environmentService,
+        configService,
       );
 
       apiService.postIdentityToken.mockResolvedValue(identityTokenResponseFactory());
@@ -551,6 +556,7 @@ describe("LoginStrategy", () => {
         vaultTimeoutSettingsService,
         kdfConfigService,
         environmentService,
+        configService,
       );
 
       const result = await passwordLoginStrategy.logIn(credentials);

libs/auth/src/common/login-strategies/login.strategy.ts

@@ -25,6 +25,7 @@ import {
 } from "@bitwarden/common/key-management/vault-timeout";
 import { KeysRequest } from "@bitwarden/common/models/request/keys.request";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
@@ -91,6 +92,7 @@ export abstract class LoginStrategy {
     protected vaultTimeoutSettingsService: VaultTimeoutSettingsService,
     protected KdfConfigService: KdfConfigService,
     protected environmentService: EnvironmentService,
+    protected configService: ConfigService,
   ) {}
 
   abstract exportCache(): CacheData;

libs/auth/src/common/login-strategies/password-login.strategy.spec.ts

@@ -3,6 +3,7 @@ import { BehaviorSubject } from "rxjs";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
+import { MasterPasswordPolicyOptions } from "@bitwarden/common/admin-console/models/domain/master-password-policy-options";
 import { TokenService } from "@bitwarden/common/auth/abstractions/token.service";
 import { TwoFactorService } from "@bitwarden/common/auth/abstractions/two-factor.service";
 import { TwoFactorProviderType } from "@bitwarden/common/auth/enums/two-factor-provider-type";
@@ -11,6 +12,7 @@ import { IdentityTokenResponse } from "@bitwarden/common/auth/models/response/id
 import { IdentityTwoFactorResponse } from "@bitwarden/common/auth/models/response/identity-two-factor.response";
 import { MasterPasswordPolicyResponse } from "@bitwarden/common/auth/models/response/master-password-policy.response";
 import { BillingAccountProfileStateService } from "@bitwarden/common/billing/abstractions/account/billing-account-profile-state.service";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service";
 import { FakeMasterPasswordService } from "@bitwarden/common/key-management/master-password/services/fake-master-password.service";
 import {
@@ -18,6 +20,7 @@ import {
   VaultTimeoutSettingsService,
 } from "@bitwarden/common/key-management/vault-timeout";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
@@ -54,7 +57,7 @@ const masterKey = new SymmetricCryptoKey(
 ) as MasterKey;
 const userId = Utils.newGuid() as UserId;
 const deviceId = Utils.newGuid();
-const masterPasswordPolicy = new MasterPasswordPolicyResponse({
+const masterPasswordPolicyResponse = new MasterPasswordPolicyResponse({
   EnforceOnLogin: true,
   MinLength: 8,
 });
@@ -82,6 +85,7 @@ describe("PasswordLoginStrategy", () => {
   let vaultTimeoutSettingsService: MockProxy<VaultTimeoutSettingsService>;
   let kdfConfigService: MockProxy<KdfConfigService>;
   let environmentService: MockProxy<EnvironmentService>;
+  let configService: MockProxy<ConfigService>;
 
   let passwordLoginStrategy: PasswordLoginStrategy;
   let credentials: PasswordLoginCredentials;
@@ -109,6 +113,7 @@ describe("PasswordLoginStrategy", () => {
     vaultTimeoutSettingsService = mock<VaultTimeoutSettingsService>();
     kdfConfigService = mock<KdfConfigService>();
     environmentService = mock<EnvironmentService>();
+    configService = mock<ConfigService>();
 
     appIdService.getAppId.mockResolvedValue(deviceId);
     tokenService.decodeAccessToken.mockResolvedValue({
@@ -148,9 +153,10 @@ describe("PasswordLoginStrategy", () => {
       vaultTimeoutSettingsService,
       kdfConfigService,
       environmentService,
+      configService,
     );
     credentials = new PasswordLoginCredentials(email, masterPassword);
-    tokenResponse = identityTokenResponseFactory(masterPasswordPolicy);
+    tokenResponse = identityTokenResponseFactory(masterPasswordPolicyResponse);
 
     apiService.postIdentityToken.mockResolvedValue(tokenResponse);
 
@@ -227,6 +233,67 @@ describe("PasswordLoginStrategy", () => {
     expect(policyService.evaluateMasterPassword).toHaveBeenCalled();
   });
 
+  it("when given master password policies as part of the login credentials from an org invite, it combines them with the token response policies to evaluate the user's password as weak", async () => {
+    const passwordStrengthScore = 0;
+
+    passwordStrengthService.getPasswordStrength.mockReturnValue({
+      score: passwordStrengthScore,
+    } as any);
+    policyService.evaluateMasterPassword.mockReturnValue(false);
+    tokenService.decodeAccessToken.mockResolvedValue({ sub: userId });
+
+    jest
+      .spyOn(configService, "getFeatureFlag")
+      .mockImplementation((flag: FeatureFlag) =>
+        Promise.resolve(flag === FeatureFlag.PM16117_ChangeExistingPasswordRefactor),
+      );
+
+    credentials.masterPasswordPoliciesFromOrgInvite = Object.assign(
+      new MasterPasswordPolicyOptions(),
+      {
+        minLength: 10,
+        minComplexity: 2,
+        requireUpper: true,
+        requireLower: true,
+        requireNumbers: true,
+        requireSpecial: true,
+        enforceOnLogin: true,
+      },
+    );
+
+    const combinedMasterPasswordPolicyOptions = Object.assign(new MasterPasswordPolicyOptions(), {
+      minLength: 10,
+      minComplexity: 2,
+      requireUpper: true,
+      requireLower: true,
+      requireNumbers: true,
+      requireSpecial: true,
+      enforceOnLogin: false,
+    });
+
+    policyService.combineMasterPasswordPolicyOptions.mockReturnValue(
+      combinedMasterPasswordPolicyOptions,
+    );
+
+    await passwordLoginStrategy.logIn(credentials);
+
+    expect(policyService.combineMasterPasswordPolicyOptions).toHaveBeenCalledWith(
+      credentials.masterPasswordPoliciesFromOrgInvite,
+      MasterPasswordPolicyOptions.fromResponse(masterPasswordPolicyResponse),
+    );
+
+    expect(policyService.evaluateMasterPassword).toHaveBeenCalledWith(
+      passwordStrengthScore,
+      credentials.masterPassword,
+      combinedMasterPasswordPolicyOptions,
+    );
+
+    expect(masterPasswordService.mock.setForceSetPasswordReason).toHaveBeenCalledWith(
+      ForceSetPasswordReason.WeakMasterPassword,
+      userId,
+    );
+  });
+
   it("forces the user to update their master password on successful login when it does not meet master password policy requirements", async () => {
     passwordStrengthService.getPasswordStrength.mockReturnValue({ score: 0 } as any);
     policyService.evaluateMasterPassword.mockReturnValue(false);
@@ -251,7 +318,7 @@ describe("PasswordLoginStrategy", () => {
       TwoFactorProviders2: { 0: null },
       error: "invalid_grant",
       error_description: "Two factor required.",
-      MasterPasswordPolicy: masterPasswordPolicy,
+      MasterPasswordPolicy: masterPasswordPolicyResponse,
     });
 
     // First login request fails requiring 2FA
@@ -271,7 +338,7 @@ describe("PasswordLoginStrategy", () => {
       TwoFactorProviders2: { 0: null },
       error: "invalid_grant",
       error_description: "Two factor required.",
-      MasterPasswordPolicy: masterPasswordPolicy,
+      MasterPasswordPolicy: masterPasswordPolicyResponse,
     });
 
     // First login request fails requiring 2FA
@@ -280,7 +347,7 @@ describe("PasswordLoginStrategy", () => {
 
     // Second login request succeeds
     apiService.postIdentityToken.mockResolvedValueOnce(
-      identityTokenResponseFactory(masterPasswordPolicy),
+      identityTokenResponseFactory(masterPasswordPolicyResponse),
     );
     await passwordLoginStrategy.logInTwoFactor({
       provider: TwoFactorProviderType.Authenticator,

libs/auth/src/common/login-strategies/password-login.strategy.ts

@@ -12,6 +12,7 @@ import { TokenTwoFactorRequest } from "@bitwarden/common/auth/models/request/ide
 import { IdentityDeviceVerificationResponse } from "@bitwarden/common/auth/models/response/identity-device-verification.response";
 import { IdentityTokenResponse } from "@bitwarden/common/auth/models/response/identity-token.response";
 import { IdentityTwoFactorResponse } from "@bitwarden/common/auth/models/response/identity-two-factor.response";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { HashPurpose } from "@bitwarden/common/platform/enums";
 import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { PasswordStrengthServiceAbstraction } from "@bitwarden/common/tools/password-strength";
@@ -75,7 +76,7 @@ export class PasswordLoginStrategy extends LoginStrategy {
     this.localMasterKeyHash$ = this.cache.pipe(map((state) => state.localMasterKeyHash));
   }
 
-  override async logIn(credentials: PasswordLoginCredentials) {
+  override async logIn(credentials: PasswordLoginCredentials): Promise<AuthResult> {
     const { email, masterPassword, twoFactor } = credentials;
 
     const data = new PasswordLoginStrategyData();
@@ -163,18 +164,42 @@ export class PasswordLoginStrategy extends LoginStrategy {
     credentials: PasswordLoginCredentials,
     authResult: AuthResult,
   ): Promise<void> {
-    // TODO: PM-21084 - investigate if we should be sending down masterPasswordPolicy on the IdentityDeviceVerificationResponse like we do for the IdentityTwoFactorResponse
+    // TODO: PM-21084 - investigate if we should be sending down masterPasswordPolicy on the
+    // IdentityDeviceVerificationResponse like we do for the IdentityTwoFactorResponse
     // If the response is a device verification response, we don't need to evaluate the password
     if (identityResponse instanceof IdentityDeviceVerificationResponse) {
       return;
     }
 
     // The identity result can contain master password policies for the user's organizations
-    const masterPasswordPolicyOptions =
-      this.getMasterPasswordPolicyOptionsFromResponse(identityResponse);
+    let masterPasswordPolicyOptions: MasterPasswordPolicyOptions | undefined;
 
-    if (!masterPasswordPolicyOptions?.enforceOnLogin) {
-      return;
+    if (
+      await this.configService.getFeatureFlag(FeatureFlag.PM16117_ChangeExistingPasswordRefactor)
+    ) {
+      // Get the master password policy options from both the org invite and the identity response.
+      masterPasswordPolicyOptions = this.policyService.combineMasterPasswordPolicyOptions(
+        credentials.masterPasswordPoliciesFromOrgInvite,
+        this.getMasterPasswordPolicyOptionsFromResponse(identityResponse),
+      );
+
+      // We deliberately do not check enforceOnLogin as existing users who are logging
+      // in after getting an org invite should always be forced to set a password that
+      // meets the org's policy. Org Invite -> Registration also works this way for
+      // new BW users as well.
+      if (
+        !credentials.masterPasswordPoliciesFromOrgInvite &&
+        !masterPasswordPolicyOptions?.enforceOnLogin
+      ) {
+        return;
+      }
+    } else {
+      masterPasswordPolicyOptions =
+        this.getMasterPasswordPolicyOptionsFromResponse(identityResponse);
+
+      if (!masterPasswordPolicyOptions?.enforceOnLogin) {
+        return;
+      }
     }
 
     // If there is a policy active, evaluate the supplied password before its no longer in memory

libs/auth/src/common/login-strategies/sso-login.strategy.spec.ts

@@ -139,7 +139,6 @@ describe("SsoLoginStrategy", () => {
       deviceTrustService,
       authRequestService,
       i18nService,
-      configService,
       accountService,
       masterPasswordService,
       keyService,
@@ -157,6 +156,7 @@ describe("SsoLoginStrategy", () => {
       vaultTimeoutSettingsService,
       kdfConfigService,
       environmentService,
+      configService,
     );
     credentials = new SsoLoginCredentials(ssoCode, ssoCodeVerifier, ssoRedirectUrl, ssoOrgId);
   });

libs/auth/src/common/login-strategies/sso-login.strategy.ts

@@ -13,7 +13,6 @@ import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { DeviceTrustServiceAbstraction } from "@bitwarden/common/key-management/device-trust/abstractions/device-trust.service.abstraction";
 import { KeyConnectorService } from "@bitwarden/common/key-management/key-connector/abstractions/key-connector.service";
 import { ErrorResponse } from "@bitwarden/common/models/response/error.response";
-import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { UserId } from "@bitwarden/common/types/guid";
 
@@ -74,7 +73,6 @@ export class SsoLoginStrategy extends LoginStrategy {
     private deviceTrustService: DeviceTrustServiceAbstraction,
     private authRequestService: AuthRequestServiceAbstraction,
     private i18nService: I18nService,
-    private configService: ConfigService,
     ...sharedDeps: ConstructorParameters<typeof LoginStrategy>
   ) {
     super(...sharedDeps);

libs/auth/src/common/login-strategies/user-api-login.strategy.spec.ts

@@ -13,6 +13,7 @@ import {
   VaultTimeoutSettingsService,
 } from "@bitwarden/common/key-management/vault-timeout";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import {
   Environment,
   EnvironmentService,
@@ -56,6 +57,7 @@ describe("UserApiLoginStrategy", () => {
   let billingAccountProfileStateService: MockProxy<BillingAccountProfileStateService>;
   let vaultTimeoutSettingsService: MockProxy<VaultTimeoutSettingsService>;
   let kdfConfigService: MockProxy<KdfConfigService>;
+  let configService: MockProxy<ConfigService>;
 
   let apiLogInStrategy: UserApiLoginStrategy;
   let credentials: UserApiLoginCredentials;
@@ -88,6 +90,7 @@ describe("UserApiLoginStrategy", () => {
     billingAccountProfileStateService = mock<BillingAccountProfileStateService>();
     vaultTimeoutSettingsService = mock<VaultTimeoutSettingsService>();
     kdfConfigService = mock<KdfConfigService>();
+    configService = mock<ConfigService>();
 
     appIdService.getAppId.mockResolvedValue(deviceId);
     tokenService.getTwoFactorToken.mockResolvedValue(null);
@@ -115,6 +118,7 @@ describe("UserApiLoginStrategy", () => {
       vaultTimeoutSettingsService,
       kdfConfigService,
       environmentService,
+      configService,
     );
 
     credentials = new UserApiLoginCredentials(apiClientId, apiClientSecret);

libs/auth/src/common/login-strategies/webauthn-login.strategy.spec.ts

@@ -16,6 +16,7 @@ import {
   VaultTimeoutSettingsService,
 } from "@bitwarden/common/key-management/vault-timeout";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
@@ -54,6 +55,7 @@ describe("WebAuthnLoginStrategy", () => {
   let vaultTimeoutSettingsService: MockProxy<VaultTimeoutSettingsService>;
   let kdfConfigService: MockProxy<KdfConfigService>;
   let environmentService: MockProxy<EnvironmentService>;
+  let configService: MockProxy<ConfigService>;
 
   let webAuthnLoginStrategy!: WebAuthnLoginStrategy;
 
@@ -98,6 +100,7 @@ describe("WebAuthnLoginStrategy", () => {
     vaultTimeoutSettingsService = mock<VaultTimeoutSettingsService>();
     kdfConfigService = mock<KdfConfigService>();
     environmentService = mock<EnvironmentService>();
+    configService = mock<ConfigService>();
 
     tokenService.getTwoFactorToken.mockResolvedValue(null);
     appIdService.getAppId.mockResolvedValue(deviceId);
@@ -124,6 +127,7 @@ describe("WebAuthnLoginStrategy", () => {
       vaultTimeoutSettingsService,
       kdfConfigService,
       environmentService,
+      configService,
     );
 
     // Create credentials

libs/auth/src/common/models/domain/login-credentials.ts

@@ -2,6 +2,7 @@
 // @ts-strict-ignore
 import { Jsonify } from "type-fest";
 
+import { MasterPasswordPolicyOptions } from "@bitwarden/common/admin-console/models/domain/master-password-policy-options";
 import { AuthenticationType } from "@bitwarden/common/auth/enums/authentication-type";
 import { TokenTwoFactorRequest } from "@bitwarden/common/auth/models/request/identity-token/token-two-factor.request";
 import { WebAuthnLoginAssertionResponseRequest } from "@bitwarden/common/auth/services/webauthn-login/request/webauthn-login-assertion-response.request";
@@ -15,6 +16,7 @@ export class PasswordLoginCredentials {
     public email: string,
     public masterPassword: string,
     public twoFactor?: TokenTwoFactorRequest,
+    public masterPasswordPoliciesFromOrgInvite?: MasterPasswordPolicyOptions,
   ) {}
 }
 

libs/auth/src/common/services/login-strategies/login-strategy.service.ts

@@ -402,6 +402,7 @@ export class LoginStrategyService implements LoginStrategyServiceAbstraction {
       this.vaultTimeoutSettingsService,
       this.kdfConfigService,
       this.environmentService,
+      this.configService,
     ];
 
     return source.pipe(
@@ -425,7 +426,6 @@ export class LoginStrategyService implements LoginStrategyServiceAbstraction {
               this.deviceTrustService,
               this.authRequestService,
               this.i18nService,
-              this.configService,
               ...sharedDeps,
             );
           case AuthenticationType.UserApiKey: