From 28da2c96151667f555aba5cf2ed8adada7f4a3db Mon Sep 17 00:00:00 2001
From: Patrick Pimentel <ppimentel@bitwarden.com>
Date: Thu, 5 Jun 2025 15:24:43 -0400
Subject: [PATCH] feat(change-password-component): Change Password Update
 [18720] - Found a bug, working on password policy being present on login.

---
 apps/web/src/app/oss-routing.module.ts                    | 3 +--
 .../angular/change-password/change-password.component.ts  | 8 --------
 libs/auth/src/angular/login/login.component.ts            | 5 ++++-
 .../common/login-strategies/password-login.strategy.ts    | 8 ++++----
 libs/auth/src/common/models/domain/login-credentials.ts   | 2 +-
 5 files changed, 10 insertions(+), 16 deletions(-)

diff --git a/apps/web/src/app/oss-routing.module.ts b/apps/web/src/app/oss-routing.module.ts
index 50de97afe8f..c3b8f4b7deb 100644
--- a/apps/web/src/app/oss-routing.module.ts
+++ b/apps/web/src/app/oss-routing.module.ts
@@ -594,8 +594,7 @@ const routes: Routes = [
       {
         path: "change-password",
         component: ChangePasswordComponent,
-        // TODO: Turn this on with PM-22155 and resolve routing complexities.
-        // canActivate: [authGuard],
+        canActivate: [authGuard],
       },
     ],
   },
diff --git a/libs/auth/src/angular/change-password/change-password.component.ts b/libs/auth/src/angular/change-password/change-password.component.ts
index ab3799cda22..37f2cee69d5 100644
--- a/libs/auth/src/angular/change-password/change-password.component.ts
+++ b/libs/auth/src/angular/change-password/change-password.component.ts
@@ -84,14 +84,6 @@ export class ChangePasswordComponent implements OnInit {
       this.policyService.masterPasswordPolicyOptions$(this.userId),
     );
 
-    /**
-     * In the event of the org invitation flow, this will always be ForceSetPasswordReason.None
-     * because the `password-login.strategy` short circuits before setting the force set password
-     * reason. We used to have two separate components, update-temp-password and update-password
-     * which could show discrete messages based on the flow, but we cannot do that with one shared
-     * component. I cannot use the AcceptOrganizationInviteService to determine if we have an org
-     * invite so how can I determine that?
-     */
     this.forceSetPasswordReason = await firstValueFrom(
       this.masterPasswordService.forceSetPasswordReason$(this.userId),
     );
diff --git a/libs/auth/src/angular/login/login.component.ts b/libs/auth/src/angular/login/login.component.ts
index e98aecd0cc1..4c5afa85bc3 100644
--- a/libs/auth/src/angular/login/login.component.ts
+++ b/libs/auth/src/angular/login/login.component.ts
@@ -236,6 +236,9 @@ export class LoginComponent implements OnInit, OnDestroy {
     if (
       await this.configService.getFeatureFlag(FeatureFlag.PM16117_ChangeExistingPasswordRefactor)
     ) {
+      // Try to retrieve any org policies from an org invite now so we can send it to the
+      // login strategies. Since it is optional and we only want to be doing this on the
+      // web we will only send in content in the right context.
       const orgPoliciesFromInvite = this.loginComponentService.getOrgPoliciesFromOrgInvite
         ? await this.loginComponentService.getOrgPoliciesFromOrgInvite()
         : null;
@@ -310,7 +313,7 @@ export class LoginComponent implements OnInit, OnDestroy {
          This is now unsupported and requires a downgraded client */
       this.toastService.showToast({
         variant: "error",
-        title: this.i18nService.t("errorOccured"),
+        title: this.i18nService.t("errorOccurred"),
         message: this.i18nService.t("legacyEncryptionUnsupported"),
       });
       return;
diff --git a/libs/auth/src/common/login-strategies/password-login.strategy.ts b/libs/auth/src/common/login-strategies/password-login.strategy.ts
index 882d2775b7c..0432b2c2002 100644
--- a/libs/auth/src/common/login-strategies/password-login.strategy.ts
+++ b/libs/auth/src/common/login-strategies/password-login.strategy.ts
@@ -105,7 +105,7 @@ export class PasswordLoginStrategy extends LoginStrategy {
     if (
       await this.configService.getFeatureFlag(FeatureFlag.PM16117_ChangeExistingPasswordRefactor)
     ) {
-      data.passwordPolicy = credentials.masterPasswordPolicies;
+      data.passwordPolicy = credentials.masterPasswordPoliciesFromOrgInvite;
     }
 
     this.cache.next(data);
@@ -183,9 +183,9 @@ export class PasswordLoginStrategy extends LoginStrategy {
     if (
       await this.configService.getFeatureFlag(FeatureFlag.PM16117_ChangeExistingPasswordRefactor)
     ) {
-      // Take credentials from a potential org invite first, then take from
-      masterPasswordPolicyOptions = credentials.masterPasswordPolicies
-        ? credentials.masterPasswordPolicies
+      // !IMPORTANT! Take credentials from a potential org invite first, then take from
+      masterPasswordPolicyOptions = credentials.masterPasswordPoliciesFromOrgInvite
+        ? credentials.masterPasswordPoliciesFromOrgInvite
         : this.getMasterPasswordPolicyOptionsFromResponse(identityResponse);
 
       if (!masterPasswordPolicyOptions?.enforceOnLogin) {
diff --git a/libs/auth/src/common/models/domain/login-credentials.ts b/libs/auth/src/common/models/domain/login-credentials.ts
index 3b255e5bdf9..96ee88945eb 100644
--- a/libs/auth/src/common/models/domain/login-credentials.ts
+++ b/libs/auth/src/common/models/domain/login-credentials.ts
@@ -16,7 +16,7 @@ export class PasswordLoginCredentials {
     public email: string,
     public masterPassword: string,
     public twoFactor?: TokenTwoFactorRequest,
-    public masterPasswordPolicies?: MasterPasswordPolicyOptions,
+    public masterPasswordPoliciesFromOrgInvite?: MasterPasswordPolicyOptions,
   ) {}
 }