fix(change-password-component): Change Password Update [18720] - Wrapping up changes.

2026-02-16 00:24:52 +00:00 · 2025-06-04 10:28:44 -04:00
parent ef469e07b1
commit 29748e152f
4 changed files with 29 additions and 16 deletions
--- a/libs/angular/src/auth/guards/auth.guard.ts
+++ b/libs/angular/src/auth/guards/auth.guard.ts
@@ -68,16 +68,18 @@ export const authGuard: CanActivateFn = async (
    return router.createUrlTree(["/set-password"]);
  }

+  // When the PM16117_ChangeExistingPasswordRefactor flag is removed also remove the conditional check
+  // for update-temp-password here. That route will no longer be in effect.
  if (
-    (forceSetPasswordReason !== ForceSetPasswordReason.None &&
-      !routerState.url.includes("update-temp-password")) ||
+    forceSetPasswordReason !== ForceSetPasswordReason.None &&
+    !routerState.url.includes("update-temp-password") &&
    !routerState.url.includes("change-password")
  ) {
-    const SetInitialPasswordRefactorFlagOn = await configService.getFeatureFlag(
+    const setInitialPasswordRefactorFlagOn = await configService.getFeatureFlag(
      FeatureFlag.PM16117_ChangeExistingPasswordRefactor,
    );

-    const route = SetInitialPasswordRefactorFlagOn ? "/change-password" : "/update-temp-password";
+    const route = setInitialPasswordRefactorFlagOn ? "/change-password" : "/update-temp-password";

    return router.createUrlTree([route]);
  }
--- a/libs/auth/src/angular/login/login.component.ts
+++ b/libs/auth/src/angular/login/login.component.ts
@@ -234,15 +234,15 @@ export class LoginComponent implements OnInit, OnDestroy {
    let credentials: PasswordLoginCredentials;

    if (
-      (await this.configService.getFeatureFlag(
-        FeatureFlag.PM16117_ChangeExistingPasswordRefactor,
-      )) &&
-      this.loginComponentService.getOrgPoliciesFromOrgInvite
+      await this.configService.getFeatureFlag(FeatureFlag.PM16117_ChangeExistingPasswordRefactor)
    ) {
-      const orgPoliciesFromInvite = await this.loginComponentService.getOrgPoliciesFromOrgInvite();
-      const orgMasterPasswordPolicyOptions =
-        orgPoliciesFromInvite?.enforcedPasswordPolicyOptions ?? undefined;
+      const orgPoliciesFromInvite = this.loginComponentService.getOrgPoliciesFromOrgInvite
+        ? await this.loginComponentService.getOrgPoliciesFromOrgInvite()
+        : null;
+
+      const orgMasterPasswordPolicyOptions = orgPoliciesFromInvite?.enforcedPasswordPolicyOptions;
      this.passwordPoliciesFromOrgInvite = orgPoliciesFromInvite?.policies;
+
      credentials = new PasswordLoginCredentials(
        email,
        masterPassword,
@@ -336,9 +336,14 @@ export class LoginComponent implements OnInit, OnDestroy {
    if (
      await this.configService.getFeatureFlag(FeatureFlag.PM16117_ChangeExistingPasswordRefactor)
    ) {
-      // Check if we had a
+      // Check if we have policies to set from an org invite scenario.
      if (this.passwordPoliciesFromOrgInvite) {
        await this.setPoliciesIntoState(authResult.userId, this.passwordPoliciesFromOrgInvite);
+
+        // Short circuit here so that we prevent the accept organization invite from prematurely
+        // accepting the org invite by getting routed away to vault.
+        // await this.router.navigate(["change-password"]);
+        // return;
      }
    } else {
      // TODO: PM-18269 - evaluate if we can combine this with the
--- a/libs/auth/src/common/login-strategies/password-login.strategy.ts
+++ b/libs/auth/src/common/login-strategies/password-login.strategy.ts
@@ -40,6 +40,8 @@ export class PasswordLoginStrategyData implements LoginStrategyData {
   */
  forcePasswordResetReason: ForceSetPasswordReason = ForceSetPasswordReason.None;

+  passwordPolicy: MasterPasswordPolicyOptions;
+
  static fromJSON(obj: Jsonify<PasswordLoginStrategyData>): PasswordLoginStrategyData {
    const data = Object.assign(new PasswordLoginStrategyData(), obj, {
      tokenRequest: PasswordTokenRequest.fromJSON(obj.tokenRequest),
@@ -99,6 +101,12 @@ export class PasswordLoginStrategy extends LoginStrategy {
    );

    // TODO: add master password policy conditions to the cache so that it is available after 2fa for password evaluation
+    // This should work, need to verify the case where a user is invited to an org and has 2fa.
+    if (
+      await this.configService.getFeatureFlag(FeatureFlag.PM16117_ChangeExistingPasswordRefactor)
+    ) {
+      data.passwordPolicy = credentials.masterPasswordPolicies;
+    }

    this.cache.next(data);

@@ -170,15 +178,14 @@ export class PasswordLoginStrategy extends LoginStrategy {
    }

    // The identity result can contain master password policies for the user's organizations
-    let masterPasswordPolicyOptions;
+    let masterPasswordPolicyOptions: MasterPasswordPolicyOptions | undefined;

    if (
      await this.configService.getFeatureFlag(FeatureFlag.PM16117_ChangeExistingPasswordRefactor)
    ) {
      masterPasswordPolicyOptions = credentials.masterPasswordPolicies;
-      authResult.orgInviteAndWeakPassword = true;

-      if (!masterPasswordPolicyOptions.enforceOnLogin) {
+      if (!masterPasswordPolicyOptions?.enforceOnLogin) {
        return;
      }
    } else {
--- a/libs/common/src/auth/models/domain/auth-result.ts
+++ b/libs/common/src/auth/models/domain/auth-result.ts
@@ -18,7 +18,6 @@ export class AuthResult {
  email: string;
  requiresEncryptionKeyMigration: boolean;
  requiresDeviceVerification: boolean;
-  orgInviteAndWeakPassword?: boolean;

  get requiresTwoFactor() {
    return this.twoFactorProviders != null;