Merge branch 'main' into auth/pm-9115/implement-view-data-persistence-in-2FA-flows

2026-02-28 18:43:26 +00:00 · 2025-03-11 11:28:01 -05:00
parent 79748c5ab8 c4e87d3f90
commit 227cd9cf09
94 changed files with 1920 additions and 1283 deletions
--- a/libs/auth/src/angular/two-factor-auth/two-factor-auth.component.spec.ts
+++ b/libs/auth/src/angular/two-factor-auth/two-factor-auth.component.spec.ts
@@ -231,20 +231,6 @@ describe("TwoFactorAuthComponent", () => {
    });
  };

-  const testForceResetOnSuccessfulLogin = (reasonString: string) => {
-    it(`navigates to the component's defined forcePasswordResetRoute route when response.forcePasswordReset is ${reasonString}`, async () => {
-      // Act
-      await component.submit("testToken");
-
-      // expect(mockRouter.navigate).toHaveBeenCalledTimes(1);
-      expect(mockRouter.navigate).toHaveBeenCalledWith(["update-temp-password"], {
-        queryParams: {
-          identifier: component.orgSsoIdentifier,
-        },
-      });
-    });
-  };
-
  describe("Standard 2FA scenarios", () => {
    describe("submit", () => {
      const token = "testToken";
@@ -316,26 +302,6 @@ describe("TwoFactorAuthComponent", () => {
        });
      });

-      describe("Force Master Password Reset scenarios", () => {
-        [
-          ForceSetPasswordReason.AdminForcePasswordReset,
-          ForceSetPasswordReason.WeakMasterPassword,
-        ].forEach((forceResetPasswordReason) => {
-          const reasonString = ForceSetPasswordReason[forceResetPasswordReason];
-
-          beforeEach(() => {
-            // use standard user with MP because this test is not concerned with password reset.
-            selectedUserDecryptionOptions.next(mockUserDecryptionOpts.withMasterPassword);
-
-            const authResult = new AuthResult();
-            authResult.forcePasswordReset = forceResetPasswordReason;
-            mockLoginStrategyService.logInTwoFactor.mockResolvedValue(authResult);
-          });
-
-          testForceResetOnSuccessfulLogin(reasonString);
-        });
-      });
-
      it("navigates to the component's defined success route (vault is default) when the login is successful", async () => {
        mockLoginStrategyService.logInTwoFactor.mockResolvedValue(new AuthResult());

@@ -412,29 +378,7 @@ describe("TwoFactorAuthComponent", () => {
          });
        });

-        describe("Given Trusted Device Encryption is enabled, user doesn't need to set a MP, and forcePasswordReset is required", () => {
-          [
-            ForceSetPasswordReason.AdminForcePasswordReset,
-            ForceSetPasswordReason.WeakMasterPassword,
-          ].forEach((forceResetPasswordReason) => {
-            const reasonString = ForceSetPasswordReason[forceResetPasswordReason];
-
-            beforeEach(() => {
-              // use standard user with MP because this test is not concerned with password reset.
-              selectedUserDecryptionOptions.next(
-                mockUserDecryptionOpts.withMasterPasswordAndTrustedDevice,
-              );
-
-              const authResult = new AuthResult();
-              authResult.forcePasswordReset = forceResetPasswordReason;
-              mockLoginStrategyService.logInTwoFactor.mockResolvedValue(authResult);
-            });
-
-            testForceResetOnSuccessfulLogin(reasonString);
-          });
-        });
-
-        describe("Given Trusted Device Encryption is enabled, user doesn't need to set a MP, and forcePasswordReset is not required", () => {
+        describe("Given Trusted Device Encryption is enabled and user doesn't need to set a MP", () => {
          let authResult;
          beforeEach(() => {
            selectedUserDecryptionOptions.next(
@@ -442,7 +386,6 @@ describe("TwoFactorAuthComponent", () => {
            );

            authResult = new AuthResult();
-            authResult.forcePasswordReset = ForceSetPasswordReason.None;
            mockLoginStrategyService.logInTwoFactor.mockResolvedValue(authResult);
          });

--- a/libs/auth/src/angular/two-factor-auth/two-factor-auth.component.ts
+++ b/libs/auth/src/angular/two-factor-auth/two-factor-auth.component.ts
@@ -505,11 +505,6 @@ export class TwoFactorAuthComponent implements OnInit, OnDestroy {
      );
    }

-    // note: this flow affects both TDE & standard users
-    if (this.isForcePasswordResetRequired(authResult)) {
-      return await this.handleForcePasswordReset(this.orgSsoIdentifier);
-    }
-
    const userDecryptionOpts = await firstValueFrom(
      this.userDecryptionOptionsService.userDecryptionOptions$,
    );
@@ -524,6 +519,7 @@ export class TwoFactorAuthComponent implements OnInit, OnDestroy {
    const requireSetPassword =
      !userDecryptionOpts.hasMasterPassword && userDecryptionOpts.keyConnectorOption === undefined;

+    // New users without a master password must set a master password before advancing.
    if (requireSetPassword || authResult.resetMasterPassword) {
      // Change implies going no password -> password in this case
      return await this.handleChangePasswordRequired(this.orgSsoIdentifier);
@@ -633,14 +629,6 @@ export class TwoFactorAuthComponent implements OnInit, OnDestroy {
    return forceResetReasons.includes(authResult.forcePasswordReset);
  }

-  private async handleForcePasswordReset(orgIdentifier: string | undefined) {
-    await this.router.navigate(["update-temp-password"], {
-      queryParams: {
-        identifier: orgIdentifier,
-      },
-    });
-  }
-
  showContinueButton() {
    return (
      this.selectedProviderType != null &&