Fix tde offboarding

2026-02-11 05:53:42 +00:00 · 2025-01-20 12:07:49 +01:00
parent 374ea6af7c
commit 6bfda240d4
2 changed files with 25 additions and 1 deletions
--- a/libs/angular/src/auth/components/login-via-auth-request-v1.component.ts
+++ b/libs/angular/src/auth/components/login-via-auth-request-v1.component.ts
@@ -15,6 +15,7 @@ import { AccountService } from "@bitwarden/common/auth/abstractions/account.serv
 import { AnonymousHubService } from "@bitwarden/common/auth/abstractions/anonymous-hub.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { DeviceTrustServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust.service.abstraction";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { AuthRequestType } from "@bitwarden/common/auth/enums/auth-request-type";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
 import { AdminAuthRequestStorable } from "@bitwarden/common/auth/models/domain/admin-auth-req-storable";
@@ -92,6 +93,7 @@ export class LoginViaAuthRequestComponentV1
    private authRequestService: AuthRequestServiceAbstraction,
    private loginStrategyService: LoginStrategyServiceAbstraction,
    protected toastService: ToastService,
+    private masterPasswordService: InternalMasterPasswordServiceAbstraction,
  ) {
    super(environmentService, i18nService, platformUtilsService, toastService);

@@ -513,6 +515,17 @@ export class LoginViaAuthRequestComponentV1
      await this.loginEmailService.saveEmailSettings();
    }

+    if (
+      (await firstValueFrom(
+        this.masterPasswordService.forceSetPasswordReason$(
+          (await firstValueFrom(this.accountService.activeAccount$)).id,
+        ),
+      )) !== ForceSetPasswordReason.None
+    ) {
+      await this.router.navigate([this.forcePasswordResetRoute]);
+      return;
+    }
+
    if (this.onSuccessfulLogin != null) {
      // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
      // eslint-disable-next-line @typescript-eslint/no-floating-promises
--- a/libs/auth/src/angular/login-via-auth-request/login-via-auth-request.component.ts
+++ b/libs/auth/src/angular/login-via-auth-request/login-via-auth-request.component.ts
@@ -18,6 +18,7 @@ import { AccountService } from "@bitwarden/common/auth/abstractions/account.serv
 import { AnonymousHubService } from "@bitwarden/common/auth/abstractions/anonymous-hub.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { DeviceTrustServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust.service.abstraction";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { AuthRequestType } from "@bitwarden/common/auth/enums/auth-request-type";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
 import { AdminAuthRequestStorable } from "@bitwarden/common/auth/models/domain/admin-auth-req-storable";
@@ -71,6 +72,7 @@ export class LoginViaAuthRequestComponent implements OnInit, OnDestroy {
  protected showResendNotification = false;
  protected Flow = Flow;
  protected flow = Flow.StandardAuthRequest;
+  private forceResetPasswordRoute = "/update-temp-password";

  constructor(
    private accountService: AccountService,
@@ -91,6 +93,7 @@ export class LoginViaAuthRequestComponent implements OnInit, OnDestroy {
    private toastService: ToastService,
    private validationService: ValidationService,
    private loginSuccessHandlerService: LoginSuccessHandlerService,
+    private masterPasswordService: InternalMasterPasswordServiceAbstraction,
  ) {
    this.clientType = this.platformUtilsService.getClientType();

@@ -485,6 +488,14 @@ export class LoginViaAuthRequestComponent implements OnInit, OnDestroy {
    const activeAccount = await firstValueFrom(this.accountService.activeAccount$);
    await this.deviceTrustService.trustDeviceIfRequired(activeAccount.id);

+    if (
+      (await firstValueFrom(
+        this.masterPasswordService.forceSetPasswordReason$(activeAccount.id),
+      )) !== ForceSetPasswordReason.None
+    ) {
+      await this.router.navigate([this.forceResetPasswordRoute]);
+    }
+
    await this.handleSuccessfulLoginNavigation(userId);
  }

@@ -553,7 +564,7 @@ export class LoginViaAuthRequestComponent implements OnInit, OnDestroy {
    if (loginResponse.requiresTwoFactor) {
      await this.router.navigate(["2fa"]);
    } else if (loginResponse.forcePasswordReset != ForceSetPasswordReason.None) {
-      await this.router.navigate(["update-temp-password"]);
+      await this.router.navigate([this.forceResetPasswordRoute]);
    } else {
      await this.handleSuccessfulLoginNavigation(loginResponse.userId);
    }