From 6bfda240d43474cb416a84c007c890ec3a85d9a1 Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Mon, 20 Jan 2025 12:07:49 +0100
Subject: [PATCH] Fix tde offboarding

---
 .../login-via-auth-request-v1.component.ts          | 13 +++++++++++++
 .../login-via-auth-request.component.ts             | 13 ++++++++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/libs/angular/src/auth/components/login-via-auth-request-v1.component.ts b/libs/angular/src/auth/components/login-via-auth-request-v1.component.ts
index 386068ff783..3c020967df5 100644
--- a/libs/angular/src/auth/components/login-via-auth-request-v1.component.ts
+++ b/libs/angular/src/auth/components/login-via-auth-request-v1.component.ts
@@ -15,6 +15,7 @@ import { AccountService } from "@bitwarden/common/auth/abstractions/account.serv
 import { AnonymousHubService } from "@bitwarden/common/auth/abstractions/anonymous-hub.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { DeviceTrustServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust.service.abstraction";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { AuthRequestType } from "@bitwarden/common/auth/enums/auth-request-type";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
 import { AdminAuthRequestStorable } from "@bitwarden/common/auth/models/domain/admin-auth-req-storable";
@@ -92,6 +93,7 @@ export class LoginViaAuthRequestComponentV1
     private authRequestService: AuthRequestServiceAbstraction,
     private loginStrategyService: LoginStrategyServiceAbstraction,
     protected toastService: ToastService,
+    private masterPasswordService: InternalMasterPasswordServiceAbstraction,
   ) {
     super(environmentService, i18nService, platformUtilsService, toastService);
 
@@ -513,6 +515,17 @@ export class LoginViaAuthRequestComponentV1
       await this.loginEmailService.saveEmailSettings();
     }
 
+    if (
+      (await firstValueFrom(
+        this.masterPasswordService.forceSetPasswordReason$(
+          (await firstValueFrom(this.accountService.activeAccount$)).id,
+        ),
+      )) !== ForceSetPasswordReason.None
+    ) {
+      await this.router.navigate([this.forcePasswordResetRoute]);
+      return;
+    }
+
     if (this.onSuccessfulLogin != null) {
       // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
       // eslint-disable-next-line @typescript-eslint/no-floating-promises
diff --git a/libs/auth/src/angular/login-via-auth-request/login-via-auth-request.component.ts b/libs/auth/src/angular/login-via-auth-request/login-via-auth-request.component.ts
index b9a5ee4fe73..6f753379a95 100644
--- a/libs/auth/src/angular/login-via-auth-request/login-via-auth-request.component.ts
+++ b/libs/auth/src/angular/login-via-auth-request/login-via-auth-request.component.ts
@@ -18,6 +18,7 @@ import { AccountService } from "@bitwarden/common/auth/abstractions/account.serv
 import { AnonymousHubService } from "@bitwarden/common/auth/abstractions/anonymous-hub.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { DeviceTrustServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust.service.abstraction";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { AuthRequestType } from "@bitwarden/common/auth/enums/auth-request-type";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
 import { AdminAuthRequestStorable } from "@bitwarden/common/auth/models/domain/admin-auth-req-storable";
@@ -71,6 +72,7 @@ export class LoginViaAuthRequestComponent implements OnInit, OnDestroy {
   protected showResendNotification = false;
   protected Flow = Flow;
   protected flow = Flow.StandardAuthRequest;
+  private forceResetPasswordRoute = "/update-temp-password";
 
   constructor(
     private accountService: AccountService,
@@ -91,6 +93,7 @@ export class LoginViaAuthRequestComponent implements OnInit, OnDestroy {
     private toastService: ToastService,
     private validationService: ValidationService,
     private loginSuccessHandlerService: LoginSuccessHandlerService,
+    private masterPasswordService: InternalMasterPasswordServiceAbstraction,
   ) {
     this.clientType = this.platformUtilsService.getClientType();
 
@@ -485,6 +488,14 @@ export class LoginViaAuthRequestComponent implements OnInit, OnDestroy {
     const activeAccount = await firstValueFrom(this.accountService.activeAccount$);
     await this.deviceTrustService.trustDeviceIfRequired(activeAccount.id);
 
+    if (
+      (await firstValueFrom(
+        this.masterPasswordService.forceSetPasswordReason$(activeAccount.id),
+      )) !== ForceSetPasswordReason.None
+    ) {
+      await this.router.navigate([this.forceResetPasswordRoute]);
+    }
+
     await this.handleSuccessfulLoginNavigation(userId);
   }
 
@@ -553,7 +564,7 @@ export class LoginViaAuthRequestComponent implements OnInit, OnDestroy {
     if (loginResponse.requiresTwoFactor) {
       await this.router.navigate(["2fa"]);
     } else if (loginResponse.forcePasswordReset != ForceSetPasswordReason.None) {
-      await this.router.navigate(["update-temp-password"]);
+      await this.router.navigate([this.forceResetPasswordRoute]);
     } else {
       await this.handleSuccessfulLoginNavigation(loginResponse.userId);
     }