refactor(input-password-flows) [Auth/PM-27086] Use new KM Data Types in InputPasswordComponent flows - TDE & Permission User (#18400)

Updates the SetInitialPasswordService TDE + Permission user flow to use the new KM data types: - `MasterPasswordAuthenticationData` - `MasterPasswordUnlockData` This allows us to move away from the deprecated `makeMasterKey()` method (which takes email as salt) as we seek to eventually separate the email from the salt. The new `setInitialPasswordTdeUserWithPermission()` method essentially takes the existing deprecated `setInitialPassword()` method and: - Removes logic that is specific to a `JIT_PROVISIONED_MP_ORG_USER` case. This way the method only handles `TDE_ORG_USER_RESET_PASSWORD_PERMISSION_REQUIRES_MP` cases. - Updates the logic to use `MasterPasswordAuthenticationData` and `MasterPasswordUnlockData` Behind feature flag: `pm-27086-update-authentication-apis-for-input-password`
2026-02-18 18:33:50 +00:00 · 2026-02-17 10:44:21 -08:00
parent 3715ed1441
commit 4a651fbfb3
6 changed files with 568 additions and 3 deletions
--- a/apps/desktop/src/app/services/set-initial-password/desktop-set-initial-password.service.spec.ts
+++ b/apps/desktop/src/app/services/set-initial-password/desktop-set-initial-password.service.spec.ts
@@ -7,6 +7,7 @@ import {
  InitializeJitPasswordCredentials,
  SetInitialPasswordCredentials,
  SetInitialPasswordService,
+  SetInitialPasswordTdeUserWithPermissionCredentials,
  SetInitialPasswordUserType,
 } from "@bitwarden/angular/auth/password-management/set-initial-password/set-initial-password.service.abstraction";
 import {
@@ -30,6 +31,7 @@ import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/sym
 import { CsprngArray } from "@bitwarden/common/types/csprng";
 import { OrganizationId, UserId } from "@bitwarden/common/types/guid";
 import { MasterKey, UserKey } from "@bitwarden/common/types/key";
+import { newGuid } from "@bitwarden/guid";
 import { DEFAULT_KDF_CONFIG, KdfConfigService, KeyService } from "@bitwarden/key-management";

 import { DesktopSetInitialPasswordService } from "./desktop-set-initial-password.service";
@@ -224,4 +226,68 @@ describe("DesktopSetInitialPasswordService", () => {
      superSpy.mockRestore();
    });
  });
+
+  describe("setInitialPasswordTdeUserWithPermission()", () => {
+    let credentials: SetInitialPasswordTdeUserWithPermissionCredentials;
+    let userId: UserId;
+    let superSpy: jest.SpyInstance;
+
+    beforeEach(() => {
+      credentials = {
+        newPassword: "newPassword123!",
+        salt: "user@example.com" as MasterPasswordSalt,
+        kdfConfig: DEFAULT_KDF_CONFIG,
+        newPasswordHint: "newPasswordHint",
+        orgSsoIdentifier: "orgSsoIdentifier",
+        orgId: "orgId" as OrganizationId,
+        resetPasswordAutoEnroll: false,
+      };
+      userId = newGuid() as UserId;
+
+      superSpy = jest
+        .spyOn(
+          DefaultSetInitialPasswordService.prototype,
+          "setInitialPasswordTdeUserWithPermission",
+        )
+        .mockResolvedValue(undefined); // undefined = successful
+    });
+
+    afterEach(() => {
+      superSpy.mockRestore();
+    });
+
+    it("should call the setInitialPasswordTdeUserWithPermission() method on the default service", async () => {
+      // Act
+      await sut.setInitialPasswordTdeUserWithPermission(credentials, userId);
+
+      // Assert
+      expect(superSpy).toHaveBeenCalledWith(credentials, userId);
+    });
+
+    describe("given the initial password was successfully set", () => {
+      it("should send a 'redrawMenu' message", async () => {
+        // Act
+        await sut.setInitialPasswordTdeUserWithPermission(credentials, userId);
+
+        // Assert
+        expect(messagingService.send).toHaveBeenCalledTimes(1);
+        expect(messagingService.send).toHaveBeenCalledWith("redrawMenu");
+      });
+    });
+
+    describe("given the initial password was NOT successfully set (due an error on the default service)", () => {
+      it("should NOT send a 'redrawMenu' message", async () => {
+        // Arrange
+        const error = new Error("error on DefaultSetInitialPasswordService");
+        superSpy.mockRejectedValue(error);
+
+        // Act
+        const promise = sut.setInitialPasswordTdeUserWithPermission(credentials, userId);
+
+        // Assert
+        await expect(promise).rejects.toThrow(error);
+        expect(messagingService.send).not.toHaveBeenCalled();
+      });
+    });
+  });
 });
--- a/apps/desktop/src/app/services/set-initial-password/desktop-set-initial-password.service.ts
+++ b/apps/desktop/src/app/services/set-initial-password/desktop-set-initial-password.service.ts
@@ -4,6 +4,7 @@ import {
  InitializeJitPasswordCredentials,
  SetInitialPasswordCredentials,
  SetInitialPasswordService,
+  SetInitialPasswordTdeUserWithPermissionCredentials,
  SetInitialPasswordUserType,
 } from "@bitwarden/angular/auth/password-management/set-initial-password/set-initial-password.service.abstraction";
 import { InternalUserDecryptionOptionsServiceAbstraction } from "@bitwarden/auth/common";
@@ -75,4 +76,13 @@ export class DesktopSetInitialPasswordService

    this.messagingService.send("redrawMenu");
  }
+
+  override async setInitialPasswordTdeUserWithPermission(
+    credentials: SetInitialPasswordTdeUserWithPermissionCredentials,
+    userId: UserId,
+  ) {
+    await super.setInitialPasswordTdeUserWithPermission(credentials, userId);
+
+    this.messagingService.send("redrawMenu");
+  }
 }