Auth/PM-13659 - 2FA Timeout - Attempted Fix (#12263)

fix(auth): attempt to resolve 2FA session timeout issue
2025-12-06 00:13:28 +00:00 · 2024-12-05 20:22:13 -05:00
parent d6e1fe70ca
commit 8d68a2dd58
4 changed files with 31 additions and 8 deletions
--- a/libs/angular/src/services/injection-tokens.ts
+++ b/libs/angular/src/services/injection-tokens.ts
@@ -1,7 +1,7 @@
 import { InjectionToken } from "@angular/core";
 import { Observable, Subject } from "rxjs";

-import { LogoutReason } from "@bitwarden/auth/common";
+import { Executor, LogoutReason } from "@bitwarden/auth/common";
 import { ClientType } from "@bitwarden/common/enums";
 import { RegionConfig } from "@bitwarden/common/platform/abstractions/environment.service";
 import {
@@ -68,3 +68,7 @@ export const REFRESH_ACCESS_TOKEN_ERROR_CALLBACK = new SafeInjectionToken<() =>
 export const ENV_ADDITIONAL_REGIONS = new SafeInjectionToken<RegionConfig[]>(
  "ENV_ADDITIONAL_REGIONS",
 );
+
+export const AUTHN_SESSION_TIMEOUT_EXECUTOR = new SafeInjectionToken<Executor>(
+  "AuthnSessionTimeoutExecutor",
+);
--- a/libs/angular/src/services/jslib-services.module.ts
+++ b/libs/angular/src/services/jslib-services.module.ts
@@ -1,4 +1,4 @@
-import { ErrorHandler, LOCALE_ID, NgModule } from "@angular/core";
+import { ErrorHandler, LOCALE_ID, NgModule, NgZone } from "@angular/core";
 import { Subject } from "rxjs";

 import {
@@ -319,6 +319,7 @@ import {
  CLIENT_TYPE,
  REFRESH_ACCESS_TOKEN_ERROR_CALLBACK,
  ENV_ADDITIONAL_REGIONS,
+  AUTHN_SESSION_TIMEOUT_EXECUTOR,
 } from "./injection-tokens";
 import { ModalService } from "./modal.service";

@@ -411,6 +412,11 @@ const safeProviders: SafeProvider[] = [
      TokenServiceAbstraction,
    ],
  }),
+  safeProvider({
+    provide: AUTHN_SESSION_TIMEOUT_EXECUTOR,
+    useFactory: (ngZone: NgZone) => (fn: () => void) => ngZone.run(fn),
+    deps: [NgZone],
+  }),
  safeProvider({
    provide: LoginStrategyServiceAbstraction,
    useClass: LoginStrategyService,
@@ -440,6 +446,7 @@ const safeProviders: SafeProvider[] = [
      VaultTimeoutSettingsServiceAbstraction,
      KdfConfigService,
      TaskSchedulerService,
+      AUTHN_SESSION_TIMEOUT_EXECUTOR,
    ],
  }),
  safeProvider({
--- a/libs/auth/src/common/services/login-strategies/login-strategy.service.ts
+++ b/libs/auth/src/common/services/login-strategies/login-strategy.service.ts
@@ -71,6 +71,8 @@ import {

 const sessionTimeoutLength = 5 * 60 * 1000; // 5 minutes

+export type Executor = (fn: () => void) => void;
+
 export class LoginStrategyService implements LoginStrategyServiceAbstraction {
  private sessionTimeoutSubscription: Subscription;
  private currentAuthnTypeState: GlobalState<AuthenticationType | null>;
@@ -118,6 +120,7 @@ export class LoginStrategyService implements LoginStrategyServiceAbstraction {
    protected vaultTimeoutSettingsService: VaultTimeoutSettingsService,
    protected kdfConfigService: KdfConfigService,
    protected taskSchedulerService: TaskSchedulerService,
+    private authnSessionTimeoutExecutor: Executor = (fn) => fn(), // Default to no-op
  ) {
    this.currentAuthnTypeState = this.stateProvider.get(CURRENT_LOGIN_STRATEGY_KEY);
    this.loginStrategyCacheState = this.stateProvider.get(CACHE_KEY);
@@ -128,12 +131,14 @@ export class LoginStrategyService implements LoginStrategyServiceAbstraction {
    this.taskSchedulerService.registerTaskHandler(
      ScheduledTaskNames.loginStrategySessionTimeout,
      async () => {
-        this.twoFactorTimeoutSubject.next(true);
-        try {
-          await this.clearCache();
-        } catch (e) {
-          this.logService.error("Failed to clear cache during session timeout", e);
-        }
+        this.authnSessionTimeoutExecutor(async () => {
+          this.twoFactorTimeoutSubject.next(true);
+          try {
+            await this.clearCache();
+          } catch (e) {
+            this.logService.error("Failed to clear cache during session timeout", e);
+          }
+        });
      },
    );