PM-3444 - TDE - Admin Acct Recovery should prompt users to change MP for non MP decryption flows (#6109)

* PM-3444 - SSO Login Strategy - Should setForcePasswordResetReason if server sends it down so that the auth.guard can direct the user accordingly after decryption * PM-3444 - (1) Sso Comp - Adjust force password reset logic to handle the only scenario that can occur here - admin acct recovery - not weak mp (can't evaluate as user won't have entered it yet) (2) Add comments explaining the scenarios + update tests. * PM-3444 - Update SSO Login strategy to only check for ForceResetPasswordReason.AdminForcePasswordReset as that's the only scenario that can happen here. * PM-3444 - Finish updating tests to pass * PM-3444 - Resolve PR feedback by updating ForceResetPasswordReason comments
2025-12-17 08:43:33 +00:00 · 2023-09-18 12:21:30 -04:00
parent 2e76bc40b9
commit 4a8741e7b6
6 changed files with 22 additions and 7 deletions
--- a/libs/angular/src/auth/components/sso.component.ts
+++ b/libs/angular/src/auth/components/sso.component.ts
@@ -226,9 +226,9 @@ export class SsoComponent {
        return await this.handleChangePasswordRequired(orgIdentifier);
      }

-      // Users can be forced to reset their password via an admin or org policy
-      // disallowing weak passwords
-      if (authResult.forcePasswordReset !== ForceResetPasswordReason.None) {
+      // Users enrolled in admin acct recovery can be forced to set a new password after
+      // having the admin set a temp password for them
+      if (authResult.forcePasswordReset == ForceResetPasswordReason.AdminForcePasswordReset) {
        return await this.handleForcePasswordReset(orgIdentifier);
      }