fix(active-user-state-refactor): [PM-18052] Jit Bug with SSO Service (#13292)

* fix(active-user-state-refactor): [PM-18052] Jit Bug with SSO Service - Fixed location of retrieving the active user id in one component.

* fix(active-user-state-refactor): [PM-18052] Jit Bug with SSO Service - Fixed up type safety.

* fix(active-user-state-refactor): [PM-18052] Jit Bug with SSO Service - Removed unnessesary subscriptions.

* fix(active-user-state-refactor): [PM-18052] Jit Bug with SSO Service - Fixed test.

* fix(active-user-state-refactor): [PM-18052] Jit Bug with SSO Service - Made code a little cleaner.

libs/angular/src/auth/components/sso.component.ts

@@ -1,7 +1,6 @@
 // FIXME: Update this file to be type safe and remove this and next line
 // @ts-strict-ignore
 import { Directive, OnInit } from "@angular/core";
-import { takeUntilDestroyed } from "@angular/core/rxjs-interop";
 import { ActivatedRoute, NavigationExtras, Router } from "@angular/router";
 import { firstValueFrom } from "rxjs";
 import { first } from "rxjs/operators";
@@ -28,7 +27,6 @@ import { LogService } from "@bitwarden/common/platform/abstractions/log.service"
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
-import { UserId } from "@bitwarden/common/types/guid";
 import { ToastService } from "@bitwarden/components";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/generator-legacy";
 
@@ -57,7 +55,6 @@ export class SsoComponent implements OnInit {
   protected redirectUri: string;
   protected state: string;
   protected codeChallenge: string;
-  protected activeUserId: UserId;
 
   constructor(
     protected ssoLoginService: SsoLoginServiceAbstraction,
@@ -77,11 +74,7 @@ export class SsoComponent implements OnInit {
     protected masterPasswordService: InternalMasterPasswordServiceAbstraction,
     protected accountService: AccountService,
     protected toastService: ToastService,
-  ) {
-    this.accountService.activeAccount$.pipe(takeUntilDestroyed()).subscribe((account) => {
-      this.activeUserId = account?.id;
-    });
-  }
+  ) {}
 
   async ngOnInit() {
     // eslint-disable-next-line rxjs/no-async-subscribe
@@ -233,10 +226,8 @@ export class SsoComponent implements OnInit {
       // - TDE login decryption options component
       // - Browser SSO on extension open
       // Note: you cannot set this in state before 2FA b/c there won't be an account in state.
-      await this.ssoLoginService.setActiveUserOrganizationSsoIdentifier(
-        orgSsoIdentifier,
-        this.activeUserId,
-      );
+      const userId = (await firstValueFrom(this.accountService.activeAccount$))?.id;
+      await this.ssoLoginService.setActiveUserOrganizationSsoIdentifier(orgSsoIdentifier, userId);
 
       // Users enrolled in admin acct recovery can be forced to set a new password after
       // having the admin set a temp password for them (affects TDE & standard users)

libs/angular/src/auth/components/two-factor-auth/two-factor-auth.component.ts

@@ -2,7 +2,6 @@
 // @ts-strict-ignore
 import { CommonModule } from "@angular/common";
 import { Component, Inject, OnInit, ViewChild } from "@angular/core";
-import { takeUntilDestroyed } from "@angular/core/rxjs-interop";
 import { FormBuilder, ReactiveFormsModule, Validators } from "@angular/forms";
 import { ActivatedRoute, NavigationExtras, Router, RouterLink } from "@angular/router";
 import { Subject, takeUntil, lastValueFrom, first, firstValueFrom } from "rxjs";
@@ -32,7 +31,6 @@ import { EnvironmentService } from "@bitwarden/common/platform/abstractions/envi
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
-import { UserId } from "@bitwarden/common/types/guid";
 import {
   AsyncActionsModule,
   ButtonModule,
@@ -128,7 +126,6 @@ export class TwoFactorAuthComponent extends CaptchaProtectedComponent implements
   protected changePasswordRoute = "set-password";
   protected forcePasswordResetRoute = "update-temp-password";
   protected successRoute = "vault";
-  protected activeUserId: UserId;
 
   constructor(
     protected loginStrategyService: LoginStrategyServiceAbstraction,
@@ -151,10 +148,6 @@ export class TwoFactorAuthComponent extends CaptchaProtectedComponent implements
     protected toastService: ToastService,
   ) {
     super(environmentService, i18nService, platformUtilsService, toastService);
-
-    this.accountService.activeAccount$.pipe(takeUntilDestroyed()).subscribe((account) => {
-      this.activeUserId = account?.id;
-    });
   }
 
   async ngOnInit() {
@@ -269,10 +262,8 @@ export class TwoFactorAuthComponent extends CaptchaProtectedComponent implements
     // Save off the OrgSsoIdentifier for use in the TDE flows
     // - TDE login decryption options component
     // - Browser SSO on extension open
-    await this.ssoLoginService.setActiveUserOrganizationSsoIdentifier(
-      this.orgIdentifier,
-      this.activeUserId,
-    );
+    const userId = (await firstValueFrom(this.accountService.activeAccount$))?.id;
+    await this.ssoLoginService.setActiveUserOrganizationSsoIdentifier(this.orgIdentifier, userId);
     this.loginEmailService.clearValues();
 
     // note: this flow affects both TDE & standard users

libs/angular/src/auth/components/two-factor.component.ts

@@ -35,7 +35,6 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
-import { UserId } from "@bitwarden/common/types/guid";
 import { ToastService } from "@bitwarden/components";
 
 import { CaptchaProtectedComponent } from "./captcha-protected.component";
@@ -74,8 +73,6 @@ export class TwoFactorComponent extends CaptchaProtectedComponent implements OnI
   protected successRoute = "vault";
   protected twoFactorTimeoutRoute = "authentication-timeout";
 
-  protected activeUserId: UserId;
-
   get isDuoProvider(): boolean {
     return (
       this.selectedProviderType === TwoFactorProviderType.Duo ||
@@ -108,10 +105,6 @@ export class TwoFactorComponent extends CaptchaProtectedComponent implements OnI
 
     this.webAuthnSupported = this.platformUtilsService.supportsWebAuthn(win);
 
-    this.accountService.activeAccount$.pipe(takeUntilDestroyed()).subscribe((account) => {
-      this.activeUserId = account?.id;
-    });
-
     // Add subscription to authenticationSessionTimeout$ and navigate to twoFactorTimeoutRoute if expired
     this.loginStrategyService.authenticationSessionTimeout$
       .pipe(takeUntilDestroyed())
@@ -295,10 +288,8 @@ export class TwoFactorComponent extends CaptchaProtectedComponent implements OnI
     // Save off the OrgSsoIdentifier for use in the TDE flows
     // - TDE login decryption options component
     // - Browser SSO on extension open
-    await this.ssoLoginService.setActiveUserOrganizationSsoIdentifier(
-      this.orgIdentifier,
-      this.activeUserId,
-    );
+    const userId = (await firstValueFrom(this.accountService.activeAccount$))?.id;
+    await this.ssoLoginService.setActiveUserOrganizationSsoIdentifier(this.orgIdentifier, userId);
     this.loginEmailService.clearValues();
 
     // note: this flow affects both TDE & standard users