From 4c960906fa2a3d18cd43a7875082ad6ce6665cda Mon Sep 17 00:00:00 2001
From: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
Date: Wed, 27 Aug 2025 16:32:18 +0200
Subject: [PATCH] Account Recovery with Key Connector enabled not working prior
 to removal of Master Password (#15616)

---
 libs/angular/src/auth/guards/auth.guard.ts | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/libs/angular/src/auth/guards/auth.guard.ts b/libs/angular/src/auth/guards/auth.guard.ts
index 8e8e70a6d29..37c464a804d 100644
--- a/libs/angular/src/auth/guards/auth.guard.ts
+++ b/libs/angular/src/auth/guards/auth.guard.ts
@@ -74,13 +74,6 @@ export const authGuard: CanActivateFn = async (
     return router.createUrlTree(["lock"], { queryParams: { promptBiometric: true } });
   }
 
-  if (
-    !routerState.url.includes("remove-password") &&
-    (await firstValueFrom(keyConnectorService.convertAccountRequired$))
-  ) {
-    return router.createUrlTree(["/remove-password"]);
-  }
-
   // Handle cases where a user needs to set a password when they don't already have one:
   // - TDE org user has been given "manage account recovery" permission
   // - TDE offboarding on a trusted device, where we have access to their encryption key wrap with their new password
@@ -106,5 +99,14 @@ export const authGuard: CanActivateFn = async (
     return router.createUrlTree([route]);
   }
 
+  // Remove password when Key Connector is enabled
+  if (
+    forceSetPasswordReason == ForceSetPasswordReason.None &&
+    !routerState.url.includes("remove-password") &&
+    (await firstValueFrom(keyConnectorService.convertAccountRequired$))
+  ) {
+    return router.createUrlTree(["/remove-password"]);
+  }
+
   return true;
 };