diff --git a/libs/auth/src/angular/input-password/input-password.component.ts b/libs/auth/src/angular/input-password/input-password.component.ts index b81e01156f1..ea614bf0024 100644 --- a/libs/auth/src/angular/input-password/input-password.component.ts +++ b/libs/auth/src/angular/input-password/input-password.component.ts @@ -11,6 +11,7 @@ import { AuditService } from "@bitwarden/common/abstractions/audit.service"; import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction"; import { MasterPasswordPolicyOptions } from "@bitwarden/common/admin-console/models/domain/master-password-policy-options"; import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum"; +import { MasterPasswordUnlockService } from "@bitwarden/common/key-management/master-password/abstractions/master-password-unlock.service"; import { MasterPasswordServiceAbstraction } from "@bitwarden/common/key-management/master-password/abstractions/master-password.service.abstraction"; import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service"; import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service"; @@ -218,6 +219,7 @@ export class InputPasswordComponent implements OnInit { private kdfConfigService: KdfConfigService, private keyService: KeyService, private masterPasswordService: MasterPasswordServiceAbstraction, + private masterPasswordUnlockService: MasterPasswordUnlockService, private passwordGenerationService: PasswordGenerationServiceAbstraction, private platformUtilsService: PlatformUtilsService, private policyService: PolicyService, @@ -340,17 +342,32 @@ export class InputPasswordComponent implements OnInit { throw new Error("Salt not found."); } + // When you unwind the flag in PM-28143, also remove the ConfigService if it is un-used. + const newApisWithInputPasswordFlagEnabled = await this.configService.getFeatureFlag( + FeatureFlag.PM27086_UpdateAuthenticationApisForInputPassword, + ); + // 2. Verify current password is correct (if necessary) if ( this.flow === InputPasswordFlow.ChangePassword || this.flow === InputPasswordFlow.ChangePasswordWithOptionalUserKeyRotation ) { - const currentPasswordVerified = await this.verifyCurrentPassword( - currentPassword, - this.kdfConfig, - ); - if (!currentPasswordVerified) { - return; + if (newApisWithInputPasswordFlagEnabled) { + const currentPasswordVerified = await this.masterPasswordUnlockService.proofOfDecryption( + currentPassword, + this.userId, + ); + if (!currentPasswordVerified) { + return; + } + } else { + const currentPasswordVerified = await this.verifyCurrentPassword( + currentPassword, + this.kdfConfig, + ); + if (!currentPasswordVerified) { + return; + } } } @@ -364,11 +381,6 @@ export class InputPasswordComponent implements OnInit { return; } - // When you unwind the flag in PM-28143, also remove the ConfigService if it is un-used. - const newApisWithInputPasswordFlagEnabled = await this.configService.getFeatureFlag( - FeatureFlag.PM27086_UpdateAuthenticationApisForInputPassword, - ); - if (newApisWithInputPasswordFlagEnabled) { // 4. Build a PasswordInputResult object const passwordInputResult: PasswordInputResult = { @@ -537,6 +549,8 @@ export class InputPasswordComponent implements OnInit { } /** + * @deprecated To be removed in PM-28143 (use `MasterPasswordUnlockService.proofOfDecryption()` instead) + * * Returns `true` if the current password is correct (it can be used to successfully decrypt * the masterKeyEncryptedUserKey), `false` otherwise */