fix(auth-routing): [PM-19018] SSO TDE Routing Fix - Fixed routing logic. (#13778)

* fix(auth-routing): [PM-19018] SSO TDE Routing Fix - Fixed routing logic. * PM-19018 - TwoFactorAuthTests - remove tests that are no longer applicable as 2FA comp isn't responsible for setting admin account recovery flag into state. * PM-19018 - LoginStrategyTests - add test for processing forcePasswordReset response --------- Co-authored-by: Jared Snider <jsnider@bitwarden.com>
2025-12-17 08:43:33 +00:00 · 2025-03-10 21:20:11 -04:00
parent 992be1d054
commit 3b9be21fd7
5 changed files with 44 additions and 88 deletions
--- a/libs/auth/src/angular/two-factor-auth/two-factor-auth.component.spec.ts
+++ b/libs/auth/src/angular/two-factor-auth/two-factor-auth.component.spec.ts
@@ -226,20 +226,6 @@ describe("TwoFactorAuthComponent", () => {
    });
  };

-  const testForceResetOnSuccessfulLogin = (reasonString: string) => {
-    it(`navigates to the component's defined forcePasswordResetRoute route when response.forcePasswordReset is ${reasonString}`, async () => {
-      // Act
-      await component.submit("testToken");
-
-      // expect(mockRouter.navigate).toHaveBeenCalledTimes(1);
-      expect(mockRouter.navigate).toHaveBeenCalledWith(["update-temp-password"], {
-        queryParams: {
-          identifier: component.orgSsoIdentifier,
-        },
-      });
-    });
-  };
-
  describe("Standard 2FA scenarios", () => {
    describe("submit", () => {
      const token = "testToken";
@@ -311,26 +297,6 @@ describe("TwoFactorAuthComponent", () => {
        });
      });

-      describe("Force Master Password Reset scenarios", () => {
-        [
-          ForceSetPasswordReason.AdminForcePasswordReset,
-          ForceSetPasswordReason.WeakMasterPassword,
-        ].forEach((forceResetPasswordReason) => {
-          const reasonString = ForceSetPasswordReason[forceResetPasswordReason];
-
-          beforeEach(() => {
-            // use standard user with MP because this test is not concerned with password reset.
-            selectedUserDecryptionOptions.next(mockUserDecryptionOpts.withMasterPassword);
-
-            const authResult = new AuthResult();
-            authResult.forcePasswordReset = forceResetPasswordReason;
-            mockLoginStrategyService.logInTwoFactor.mockResolvedValue(authResult);
-          });
-
-          testForceResetOnSuccessfulLogin(reasonString);
-        });
-      });
-
      it("navigates to the component's defined success route (vault is default) when the login is successful", async () => {
        mockLoginStrategyService.logInTwoFactor.mockResolvedValue(new AuthResult());

@@ -407,29 +373,7 @@ describe("TwoFactorAuthComponent", () => {
          });
        });

-        describe("Given Trusted Device Encryption is enabled, user doesn't need to set a MP, and forcePasswordReset is required", () => {
-          [
-            ForceSetPasswordReason.AdminForcePasswordReset,
-            ForceSetPasswordReason.WeakMasterPassword,
-          ].forEach((forceResetPasswordReason) => {
-            const reasonString = ForceSetPasswordReason[forceResetPasswordReason];
-
-            beforeEach(() => {
-              // use standard user with MP because this test is not concerned with password reset.
-              selectedUserDecryptionOptions.next(
-                mockUserDecryptionOpts.withMasterPasswordAndTrustedDevice,
-              );
-
-              const authResult = new AuthResult();
-              authResult.forcePasswordReset = forceResetPasswordReason;
-              mockLoginStrategyService.logInTwoFactor.mockResolvedValue(authResult);
-            });
-
-            testForceResetOnSuccessfulLogin(reasonString);
-          });
-        });
-
-        describe("Given Trusted Device Encryption is enabled, user doesn't need to set a MP, and forcePasswordReset is not required", () => {
+        describe("Given Trusted Device Encryption is enabled and user doesn't need to set a MP", () => {
          let authResult;
          beforeEach(() => {
            selectedUserDecryptionOptions.next(
@@ -437,7 +381,6 @@ describe("TwoFactorAuthComponent", () => {
            );

            authResult = new AuthResult();
-            authResult.forcePasswordReset = ForceSetPasswordReason.None;
            mockLoginStrategyService.logInTwoFactor.mockResolvedValue(authResult);
          });

--- a/libs/auth/src/angular/two-factor-auth/two-factor-auth.component.ts
+++ b/libs/auth/src/angular/two-factor-auth/two-factor-auth.component.ts
@@ -396,11 +396,6 @@ export class TwoFactorAuthComponent implements OnInit, OnDestroy {
      );
    }

-    // note: this flow affects both TDE & standard users
-    if (this.isForcePasswordResetRequired(authResult)) {
-      return await this.handleForcePasswordReset(this.orgSsoIdentifier);
-    }
-
    const userDecryptionOpts = await firstValueFrom(
      this.userDecryptionOptionsService.userDecryptionOptions$,
    );
@@ -415,6 +410,7 @@ export class TwoFactorAuthComponent implements OnInit, OnDestroy {
    const requireSetPassword =
      !userDecryptionOpts.hasMasterPassword && userDecryptionOpts.keyConnectorOption === undefined;

+    // New users without a master password must set a master password before advancing.
    if (requireSetPassword || authResult.resetMasterPassword) {
      // Change implies going no password -> password in this case
      return await this.handleChangePasswordRequired(this.orgSsoIdentifier);
@@ -524,14 +520,6 @@ export class TwoFactorAuthComponent implements OnInit, OnDestroy {
    return forceResetReasons.includes(authResult.forcePasswordReset);
  }

-  private async handleForcePasswordReset(orgIdentifier: string | undefined) {
-    await this.router.navigate(["update-temp-password"], {
-      queryParams: {
-        identifier: orgIdentifier,
-      },
-    });
-  }
-
  showContinueButton() {
    return (
      this.selectedProviderType != null &&