[PM-19212] Consolidate password set routing to AuthGuard using ForceSetPasswordReason (#14356)

* Consolidates component routing, removing routing to update-temp-password from components. All routing to update-temp-password should happen in the AuthGuard now. --------- Co-authored-by: Jared Snider <jsnider@bitwarden.com> Co-authored-by: Todd Martin <tmartin@bitwarden.com>
2025-12-17 08:43:33 +00:00 · 2025-05-08 11:24:52 -05:00
parent 78dafe2265
commit 3030eb7552
23 changed files with 324 additions and 165 deletions
--- a/libs/auth/src/angular/login-via-auth-request/login-via-auth-request.component.ts
+++ b/libs/auth/src/angular/login-via-auth-request/login-via-auth-request.component.ts
@@ -19,7 +19,6 @@ import { AuthRequestType } from "@bitwarden/common/auth/enums/auth-request-type"
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
 import { AdminAuthRequestStorable } from "@bitwarden/common/auth/models/domain/admin-auth-req-storable";
 import { AuthResult } from "@bitwarden/common/auth/models/domain/auth-result";
-import { ForceSetPasswordReason } from "@bitwarden/common/auth/models/domain/force-set-password-reason";
 import { AuthRequest } from "@bitwarden/common/auth/models/request/auth.request";
 import { AuthRequestResponse } from "@bitwarden/common/auth/models/response/auth-request.response";
 import { LoginViaAuthRequestView } from "@bitwarden/common/auth/models/view/login-via-auth-request.view";
@@ -820,8 +819,6 @@ export class LoginViaAuthRequestComponent implements OnInit, OnDestroy {
  private async handlePostLoginNavigation(loginResponse: AuthResult) {
    if (loginResponse.requiresTwoFactor) {
      await this.router.navigate(["2fa"]);
-    } else if (loginResponse.forcePasswordReset != ForceSetPasswordReason.None) {
-      await this.router.navigate(["update-temp-password"]);
    } else {
      await this.handleSuccessfulLoginNavigation(loginResponse.userId);
    }
--- a/libs/auth/src/angular/login/login.component.ts
+++ b/libs/auth/src/angular/login/login.component.ts
@@ -17,7 +17,6 @@ import { MasterPasswordPolicyOptions } from "@bitwarden/common/admin-console/mod
 import { Policy } from "@bitwarden/common/admin-console/models/domain/policy";
 import { DevicesApiServiceAbstraction } from "@bitwarden/common/auth/abstractions/devices-api.service.abstraction";
 import { AuthResult } from "@bitwarden/common/auth/models/domain/auth-result";
-import { ForceSetPasswordReason } from "@bitwarden/common/auth/models/domain/force-set-password-reason";
 import { ClientType, HttpStatusCode } from "@bitwarden/common/enums";
 import { ErrorResponse } from "@bitwarden/common/models/response/error.response";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
@@ -307,10 +306,7 @@ export class LoginComponent implements OnInit, OnDestroy {
    await this.loginSuccessHandlerService.run(authResult.userId);

    // Determine where to send the user next
-    if (authResult.forcePasswordReset != ForceSetPasswordReason.None) {
-      await this.router.navigate(["update-temp-password"]);
-      return;
-    }
+    // The AuthGuard will handle routing to update-temp-password based on state

    // TODO: PM-18269 - evaluate if we can combine this with the
    // password evaluation done in the password login strategy.
--- a/libs/auth/src/angular/new-device-verification/new-device-verification.component.ts
+++ b/libs/auth/src/angular/new-device-verification/new-device-verification.component.ts
@@ -136,11 +136,6 @@ export class NewDeviceVerificationComponent implements OnInit, OnDestroy {
        return;
      }

-      if (authResult.forcePasswordReset) {
-        await this.router.navigate(["/update-temp-password"]);
-        return;
-      }
-
      this.loginSuccessHandlerService.run(authResult.userId);

      // If verification succeeds, navigate to vault
--- a/libs/auth/src/angular/sso/sso.component.ts
+++ b/libs/auth/src/angular/sso/sso.component.ts
@@ -541,14 +541,6 @@ export class SsoComponent implements OnInit {
    });
  }

-  private async handleForcePasswordReset(orgIdentifier: string) {
-    await this.router.navigate(["update-temp-password"], {
-      queryParams: {
-        identifier: orgIdentifier,
-      },
-    });
-  }
-
  private async handleSuccessfulLogin() {
    await this.router.navigate(["lock"]);
  }
--- a/libs/auth/src/angular/two-factor-auth/two-factor-auth.component.ts
+++ b/libs/auth/src/angular/two-factor-auth/two-factor-auth.component.ts
@@ -575,25 +575,6 @@ export class TwoFactorAuthComponent implements OnInit, OnDestroy {
    });
  }

-  /**
-   * Determines if a user needs to reset their password based on certain conditions.
-   * Users can be forced to reset their password via an admin or org policy disallowing weak passwords.
-   * Note: this is different from the SSO component login flow as a user can
-   * login with MP and then have to pass 2FA to finish login and we can actually
-   * evaluate if they have a weak password at that time.
-   *
-   * @param {AuthResult} authResult - The authentication result.
-   * @returns {boolean} Returns true if a password reset is required, false otherwise.
-   */
-  private isForcePasswordResetRequired(authResult: AuthResult): boolean {
-    const forceResetReasons = [
-      ForceSetPasswordReason.AdminForcePasswordReset,
-      ForceSetPasswordReason.WeakMasterPassword,
-    ];
-
-    return forceResetReasons.includes(authResult.forcePasswordReset);
-  }
-
  showContinueButton() {
    return (
      this.selectedProviderType != null &&