[PM-18017] Show key connector domain in remove password page (#14695)

* Passed in userId on RemovePasswordComponent. * Added userId on other references to KeyConnectorService methods * remove password component refactor, test coverage, enabled strict * explicit user id provided to key connector service * redirect to / instead when user not logged in or not managing organization * key connector service explicit user id * key connector service no longer requires account service * key connector service missing null type * cli convert to key connector unit tests * remove unnecessary SyncService * error toast not showing on ErrorResponse * bad import due to merge conflict * bad import due to merge conflict * missing loading in remove password component for browser extension * error handling in remove password component * organization observable race condition in key-connector * usesKeyConnector always returns boolean * unit test coverage * key connector reactive * reactive key connector service * introducing convertAccountRequired$ * cli build fix * moving message sending side effect to sync * key connector service unit tests * fix unit tests * move key connector components to KM team ownership * new unit tests in wrong place * key connector domain shown in remove password component * type safety improvements * convert to key connector command localization * key connector domain in convert to key connector command * convert to key connector command unit tests with prompt assert * organization name placement change in the remove password component * unit test update * key connector url required to be provided when migrating user * unit tests in wrong place after KM code ownership move * infinite page reload * failing unit tests * failing unit tests --------- Co-authored-by: Todd Martin <tmartin@bitwarden.com>
2025-12-06 00:13:28 +00:00 · 2025-05-19 14:58:51 +02:00
parent ef592bf23a
commit 239556b55f
18 changed files with 201 additions and 140 deletions
--- a/apps/browser/src/_locales/en/messages.json
+++ b/apps/browser/src/_locales/en/messages.json
@@ -3014,14 +3014,14 @@
  "copyCustomFieldNameNotUnique": {
    "message": "No unique identifier found."
  },
-  "convertOrganizationEncryptionDesc": {
-    "message": "$ORGANIZATION$ is using SSO with a self-hosted key server. A master password is no longer required to log in for members of this organization.",
-    "placeholders": {
-      "organization": {
-        "content": "$1",
-        "example": "My Org Name"
-      }
-    }
+  "removeMasterPasswordForOrganizationUserKeyConnector": {
+    "message": "A master password is no longer required for members of the following organization. Please confirm the domain below with your organization administrator."
+  },
+  "organizationName": {
+    "message": "Organization name"
+  },
+  "keyConnectorDomain": {
+    "message": "Key Connector domain"
  },
  "leaveOrganization": {
    "message": "Leave organization"
--- a/apps/browser/src/key-management/key-connector/remove-password.component.html
+++ b/apps/browser/src/key-management/key-connector/remove-password.component.html
@@ -15,7 +15,11 @@
    </div>
    <div class="box-content" *ngIf="!loading">
      <div class="box-content-row" appBoxRow>
-        <p>{{ "convertOrganizationEncryptionDesc" | i18n: organization.name }}</p>
+        <p>{{ "removeMasterPasswordForOrganizationUserKeyConnector" | i18n }}</p>
+        <p class="tw-mb-0">{{ "organizationName" | i18n }}:</p>
+        <p class="tw-text-muted tw-mb-6">{{ organization.name }}</p>
+        <p class="tw-mb-0">{{ "keyConnectorDomain" | i18n }}:</p>
+        <p class="tw-text-muted tw-mb-6">{{ organization.keyConnectorUrl }}</p>
      </div>
      <div class="box-content-row">
        <button type="button" class="btn block primary" (click)="convert()" [disabled]="action">
--- a/apps/cli/src/auth/commands/unlock.command.ts
+++ b/apps/cli/src/auth/commands/unlock.command.ts
@@ -19,6 +19,7 @@ import { KeyService } from "@bitwarden/key-management";
 import { ConvertToKeyConnectorCommand } from "../../key-management/convert-to-key-connector.command";
 import { Response } from "../../models/response";
 import { MessageResponse } from "../../models/response/message.response";
+import { I18nService } from "../../platform/services/i18n.service";
 import { CliUtils } from "../../utils";

 export class UnlockCommand {
@@ -33,6 +34,7 @@ export class UnlockCommand {
    private environmentService: EnvironmentService,
    private organizationApiService: OrganizationApiServiceAbstraction,
    private logout: () => Promise<void>,
+    private i18nService: I18nService,
  ) {}

  async run(password: string, cmdOptions: Record<string, any>) {
@@ -78,6 +80,7 @@ export class UnlockCommand {
        this.environmentService,
        this.organizationApiService,
        this.logout,
+        this.i18nService,
      );
      const convertResponse = await convertToKeyConnectorCommand.run();
      if (!convertResponse.success) {
--- a/apps/cli/src/base-program.ts
+++ b/apps/cli/src/base-program.ts
@@ -181,6 +181,7 @@ export abstract class BaseProgram {
        this.serviceContainer.environmentService,
        this.serviceContainer.organizationApiService,
        this.serviceContainer.logout,
+        this.serviceContainer.i18nService,
      );
      const response = await command.run(null, null);
      if (!response.success) {
--- a/apps/cli/src/key-management/convert-to-key-connector.command.spec.ts
+++ b/apps/cli/src/key-management/convert-to-key-connector.command.spec.ts
@@ -15,6 +15,7 @@ import { UserId } from "@bitwarden/common/types/guid";

 import { Response } from "../models/response";
 import { MessageResponse } from "../models/response/message.response";
+import { I18nService } from "../platform/services/i18n.service";

 import { ConvertToKeyConnectorCommand } from "./convert-to-key-connector.command";

@@ -38,6 +39,7 @@ describe("ConvertToKeyConnectorCommand", () => {
  const environmentService = mock<EnvironmentService>();
  const organizationApiService = mock<OrganizationApiServiceAbstraction>();
  const logout = jest.fn();
+  const i18nService = mock<I18nService>();

  beforeEach(async () => {
    command = new ConvertToKeyConnectorCommand(
@@ -46,7 +48,27 @@ describe("ConvertToKeyConnectorCommand", () => {
      environmentService,
      organizationApiService,
      logout,
+      i18nService,
    );
+
+    i18nService.t.mockImplementation((key: string) => {
+      switch (key) {
+        case "removeMasterPasswordForOrganizationUserKeyConnector":
+          return "A master password is no longer required for members of the following organization. Please confirm the domain below with your organization administrator. Organization name: Test Organization. Key Connector domain: https://keyconnector.example.com";
+        case "removeMasterPasswordAndUnlock":
+          return "Remove master password and unlock";
+        case "leaveOrganizationAndUnlock":
+          return "Leave organization and unlock";
+        case "logOut":
+          return "Log out";
+        case "youHaveBeenLoggedOut":
+          return "You have been logged out.";
+        case "organizationUsingKeyConnectorOptInLoggedOut":
+          return "An organization you are a member of is using Key Connector. In order to access the vault, you must opt-in to Key Connector now via the web vault. You have been logged out.";
+        default:
+          return "";
+      }
+    });
  });

  describe("run", () => {
@@ -73,7 +95,10 @@ describe("ConvertToKeyConnectorCommand", () => {
      keyConnectorService.getManagingOrganization.mockResolvedValue(organization);

      (createPromptModule as jest.Mock).mockImplementation(() =>
-        jest.fn(() => Promise.resolve({ convert: "exit" })),
+        jest.fn((prompt) => {
+          assertPrompt(prompt);
+          return Promise.resolve({ convert: "exit" });
+        }),
      );

      const response = await command.run();
@@ -95,14 +120,20 @@ describe("ConvertToKeyConnectorCommand", () => {
      } as Environment);

      (createPromptModule as jest.Mock).mockImplementation(() =>
-        jest.fn(() => Promise.resolve({ convert: "remove" })),
+        jest.fn((prompt) => {
+          assertPrompt(prompt);
+          return Promise.resolve({ convert: "remove" });
+        }),
      );

      const response = await command.run();

      expect(response).not.toBeNull();
      expect(response.success).toEqual(true);
-      expect(keyConnectorService.migrateUser).toHaveBeenCalledWith(userId);
+      expect(keyConnectorService.migrateUser).toHaveBeenCalledWith(
+        organization.keyConnectorUrl,
+        userId,
+      );
      expect(environmentService.setEnvironment).toHaveBeenCalledWith(Region.SelfHosted, {
        keyConnector: organization.keyConnectorUrl,
      } as Urls);
@@ -113,7 +144,10 @@ describe("ConvertToKeyConnectorCommand", () => {
      keyConnectorService.getManagingOrganization.mockResolvedValue(organization);

      (createPromptModule as jest.Mock).mockImplementation(() =>
-        jest.fn(() => Promise.resolve({ convert: "remove" })),
+        jest.fn((prompt) => {
+          assertPrompt(prompt);
+          return Promise.resolve({ convert: "remove" });
+        }),
      );

      keyConnectorService.migrateUser.mockRejectedValue(new Error("Migration failed"));
@@ -127,7 +161,10 @@ describe("ConvertToKeyConnectorCommand", () => {
      keyConnectorService.getManagingOrganization.mockResolvedValue(organization);

      (createPromptModule as jest.Mock).mockImplementation(() =>
-        jest.fn(() => Promise.resolve({ convert: "leave" })),
+        jest.fn((prompt) => {
+          assertPrompt(prompt);
+          return Promise.resolve({ convert: "leave" });
+        }),
      );

      const response = await command.run();
@@ -136,5 +173,34 @@ describe("ConvertToKeyConnectorCommand", () => {
      expect(response.success).toEqual(true);
      expect(organizationApiService.leave).toHaveBeenCalledWith(organization.id);
    });
+
+    function assertPrompt(prompt: unknown) {
+      expect(typeof prompt).toEqual("object");
+      expect(prompt).toHaveProperty("type");
+      expect(prompt).toHaveProperty("name");
+      expect(prompt).toHaveProperty("message");
+      expect(prompt).toHaveProperty("choices");
+      const promptObj = prompt as Record<string, unknown>;
+      expect(promptObj["type"]).toEqual("list");
+      expect(promptObj["name"]).toEqual("convert");
+      expect(promptObj["message"]).toEqual(
+        `A master password is no longer required for members of the following organization. Please confirm the domain below with your organization administrator. Organization name: ${organization.name}. Key Connector domain: ${organization.keyConnectorUrl}`,
+      );
+      expect(promptObj["choices"]).toBeInstanceOf(Array);
+      const choices = promptObj["choices"] as Array<Record<string, unknown>>;
+      expect(choices).toHaveLength(3);
+      expect(choices[0]).toEqual({
+        name: "Remove master password and unlock",
+        value: "remove",
+      });
+      expect(choices[1]).toEqual({
+        name: "Leave organization and unlock",
+        value: "leave",
+      });
+      expect(choices[2]).toEqual({
+        name: "Log out",
+        value: "exit",
+      });
+    }
  });
 });
--- a/apps/cli/src/key-management/convert-to-key-connector.command.ts
+++ b/apps/cli/src/key-management/convert-to-key-connector.command.ts
@@ -11,6 +11,7 @@ import { UserId } from "@bitwarden/common/types/guid";

 import { Response } from "../models/response";
 import { MessageResponse } from "../models/response/message.response";
+import { I18nService } from "../platform/services/i18n.service";

 export class ConvertToKeyConnectorCommand {
  constructor(
@@ -19,6 +20,7 @@ export class ConvertToKeyConnectorCommand {
    private environmentService: EnvironmentService,
    private organizationApiService: OrganizationApiServiceAbstraction,
    private logout: () => Promise<void>,
+    private i18nService: I18nService,
  ) {}

  async run(): Promise<Response> {
@@ -28,8 +30,7 @@ export class ConvertToKeyConnectorCommand {
      await this.logout();
      return Response.error(
        new MessageResponse(
-          "An organization you are a member of is using Key Connector. " +
-            "In order to access the vault, you must opt-in to Key Connector now via the web vault. You have been logged out.",
+          this.i18nService.t("organizationUsingKeyConnectorOptInLoggedOut"),
          null,
        ),
      );
@@ -40,20 +41,22 @@ export class ConvertToKeyConnectorCommand {
    const answer: inquirer.Answers = await inquirer.createPromptModule({ output: process.stderr })({
      type: "list",
      name: "convert",
-      message:
-        organization.name +
-        " is using a self-hosted key server. A master password is no longer required to log in for members of this organization. ",
+      message: this.i18nService.t(
+        "removeMasterPasswordForOrganizationUserKeyConnector",
+        organization.name,
+        organization.keyConnectorUrl,
+      ),
      choices: [
        {
-          name: "Remove master password and unlock",
+          name: this.i18nService.t("removeMasterPasswordAndUnlock"),
          value: "remove",
        },
        {
-          name: "Leave organization and unlock",
+          name: this.i18nService.t("leaveOrganizationAndUnlock"),
          value: "leave",
        },
        {
-          name: "Log out",
+          name: this.i18nService.t("logOut"),
          value: "exit",
        },
      ],
@@ -61,7 +64,7 @@ export class ConvertToKeyConnectorCommand {

    if (answer.convert === "remove") {
      try {
-        await this.keyConnectorService.migrateUser(this.userId);
+        await this.keyConnectorService.migrateUser(organization.keyConnectorUrl, this.userId);
      } catch (e) {
        await this.logout();
        throw e;
@@ -79,7 +82,7 @@ export class ConvertToKeyConnectorCommand {
      return Response.success();
    } else {
      await this.logout();
-      return Response.error("You have been logged out.");
+      return Response.error(this.i18nService.t("youHaveBeenLoggedOut"));
    }
  }
 }
--- a/apps/cli/src/locales/en/messages.json
+++ b/apps/cli/src/locales/en/messages.json
@@ -184,5 +184,33 @@
        "example": "JustTrust.us"
      }
    }
+  },
+  "organizationUsingKeyConnectorOptInLoggedOut": {
+    "message": "An organization you are a member of is using Key Connector. In order to access the vault, you must opt-in to Key Connector now via the web vault. You have been logged out."
+  },
+  "removeMasterPasswordForOrganizationUserKeyConnector": {
+    "message": "A master password is no longer required for members of the following organization. Please confirm the domain below with your organization administrator. Organization name: $ORGANIZATION$. Key Connector domain: $KEYCONNECTORDOMAIN$",
+    "placeholders": {
+      "organization": {
+        "content": "$1",
+        "example": "My Org Name"
+      },
+      "keyConnectorDomain": {
+        "content": "$2",
+        "example": "Key Connector domain"
+      }
+    }
+  },
+  "removeMasterPasswordAndUnlock": {
+    "message": "Remove master password and unlock"
+  },
+  "leaveOrganizationAndUnlock": {
+    "message": "Leave organization and unlock"
+  },
+  "logOut": {
+    "message": "Log out"
+  },
+  "youHaveBeenLoggedOut": {
+    "message": "You have been logged out."
  }
 }
--- a/apps/cli/src/oss-serve-configurator.ts
+++ b/apps/cli/src/oss-serve-configurator.ts
@@ -146,6 +146,7 @@ export class OssServeConfigurator {
      this.serviceContainer.environmentService,
      this.serviceContainer.organizationApiService,
      async () => await this.serviceContainer.logout(),
+      this.serviceContainer.i18nService,
    );

    this.sendCreateCommand = new SendCreateCommand(
--- a/apps/cli/src/program.ts
+++ b/apps/cli/src/program.ts
@@ -283,6 +283,7 @@ export class Program extends BaseProgram {
            this.serviceContainer.environmentService,
            this.serviceContainer.organizationApiService,
            async () => await this.serviceContainer.logout(),
+            this.serviceContainer.i18nService,
          );
          const response = await command.run(password, cmd);
          this.processResponse(response);
--- a/apps/desktop/src/key-management/key-connector/remove-password.component.html
+++ b/apps/desktop/src/key-management/key-connector/remove-password.component.html
@@ -1,7 +1,11 @@
 <div id="remove-password-page" *ngIf="!loading">
  <div class="content">
    <h1>{{ "removeMasterPassword" | i18n }}</h1>
-    <p>{{ "convertOrganizationEncryptionDesc" | i18n: organization.name }}</p>
+    <p>{{ "removeMasterPasswordForOrganizationUserKeyConnector" | i18n }}</p>
+    <p class="tw-mb-0">{{ "organizationName" | i18n }}:</p>
+    <p class="tw-text-muted tw-mb-6">{{ organization.name }}</p>
+    <p class="tw-mb-0">{{ "keyConnectorDomain" | i18n }}:</p>
+    <p class="tw-text-muted tw-mb-6">{{ organization.keyConnectorUrl }}</p>
    <div class="buttons">
      <button type="submit" class="btn primary block" [disabled]="action" (click)="convert()">
        <b [hidden]="continuing">{{ "removeMasterPassword" | i18n }}</b>
--- a/apps/desktop/src/locales/en/messages.json
+++ b/apps/desktop/src/locales/en/messages.json
@@ -2512,14 +2512,14 @@
  "removedMasterPassword": {
    "message": "Master password removed"
  },
-  "convertOrganizationEncryptionDesc": {
-    "message": "$ORGANIZATION$ is using SSO with a self-hosted key server. A master password is no longer required to log in for members of this organization.",
-    "placeholders": {
-      "organization": {
-        "content": "$1",
-        "example": "My Org Name"
-      }
-    }
+  "removeMasterPasswordForOrganizationUserKeyConnector": {
+    "message": "A master password is no longer required for members of the following organization. Please confirm the domain below with your organization administrator."
+  },
+  "organizationName": {
+    "message": "Organization name"
+  },
+  "keyConnectorDomain": {
+    "message": "Key Connector domain"
  },
  "leaveOrganization": {
    "message": "Leave organization"
--- a/apps/web/src/app/key-management/key-connector/remove-password.component.html
+++ b/apps/web/src/app/key-management/key-connector/remove-password.component.html
@@ -8,7 +8,11 @@
 </div>

 <div *ngIf="!loading">
-  <p>{{ "convertOrganizationEncryptionDesc" | i18n: organization.name }}</p>
+  <p>{{ "removeMasterPasswordForOrganizationUserKeyConnector" | i18n }}</p>
+  <p class="tw-mb-0">{{ "organizationName" | i18n }}:</p>
+  <p class="tw-text-muted tw-mb-6">{{ organization.name }}</p>
+  <p class="tw-mb-0">{{ "keyConnectorDomain" | i18n }}:</p>
+  <p class="tw-text-muted tw-mb-6">{{ organization.keyConnectorUrl }}</p>

  <button
    bitButton
--- a/apps/web/src/locales/en/messages.json
+++ b/apps/web/src/locales/en/messages.json
@@ -6477,14 +6477,11 @@
  "invalidVerificationCode": {
    "message": "Invalid verification code"
  },
-  "convertOrganizationEncryptionDesc": {
-    "message": "$ORGANIZATION$ is using SSO with a self-hosted key server. A master password is no longer required to log in for members of this organization.",
-    "placeholders": {
-      "organization": {
-        "content": "$1",
-        "example": "My Org Name"
-      }
-    }
+  "removeMasterPasswordForOrganizationUserKeyConnector": {
+    "message": "A master password is no longer required for members of the following organization. Please confirm the domain below with your organization administrator."
+  },
+  "keyConnectorDomain": {
+    "message": "Key Connector domain"
  },
  "leaveOrganization": {
    "message": "Leave organization"