PM-3444 - TDE - Admin Acct Recovery should prompt users to change MP for non MP decryption flows (#6109)

* PM-3444 - SSO Login Strategy - Should setForcePasswordResetReason if server sends it down so that the auth.guard can direct the user accordingly after decryption * PM-3444 - (1) Sso Comp - Adjust force password reset logic to handle the only scenario that can occur here - admin acct recovery - not weak mp (can't evaluate as user won't have entered it yet) (2) Add comments explaining the scenarios + update tests. * PM-3444 - Update SSO Login strategy to only check for ForceResetPasswordReason.AdminForcePasswordReset as that's the only scenario that can happen here. * PM-3444 - Finish updating tests to pass * PM-3444 - Resolve PR feedback by updating ForceResetPasswordReason comments
2025-12-12 14:23:32 +00:00 · 2023-09-18 12:21:30 -04:00
parent 2e76bc40b9
commit 4a8741e7b6
6 changed files with 22 additions and 7 deletions
--- a/libs/angular/src/auth/components/two-factor.component.ts
+++ b/libs/angular/src/auth/components/two-factor.component.ts
@@ -282,8 +282,10 @@ export class TwoFactorComponent extends CaptchaProtectedComponent implements OnI
      return await this.handleChangePasswordRequired(orgIdentifier);
    }

-    // Users can be forced to reset their password via an admin or org policy
-    // disallowing weak passwords
+    // Users can be forced to reset their password via an admin or org policy disallowing weak passwords
+    // Note: this is different from SSO component login flow as a user can
+    // login with MP and then have to pass 2FA to finish login and we can actually
+    // evaluate if they have a weak password at this time.
    if (authResult.forcePasswordReset !== ForceResetPasswordReason.None) {
      return await this.handleForcePasswordReset(orgIdentifier);
    }