From 8dd17bd55af0703aa48634aa2e9808ddfa9458bb Mon Sep 17 00:00:00 2001
From: Jake Fink <jfink@bitwarden.com>
Date: Wed, 25 Oct 2023 13:02:20 -0400
Subject: [PATCH] move legacy check below auth check in lock guard (#6696)

---
 libs/angular/src/auth/guards/lock.guard.ts | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/libs/angular/src/auth/guards/lock.guard.ts b/libs/angular/src/auth/guards/lock.guard.ts
index 551391b8c25..f0fdb8402b4 100644
--- a/libs/angular/src/auth/guards/lock.guard.ts
+++ b/libs/angular/src/auth/guards/lock.guard.ts
@@ -33,6 +33,11 @@ export function lockGuard(): CanActivateFn {
     const router = inject(Router);
     const userVerificationService = inject(UserVerificationService);
 
+    const authStatus = await authService.getAuthStatus();
+    if (authStatus !== AuthenticationStatus.Locked) {
+      return router.createUrlTree(["/"]);
+    }
+
     // If legacy user on web, redirect to migration page
     if (await cryptoService.isLegacyUser()) {
       if (platformUtilService.getClientType() === ClientType.Web) {
@@ -43,11 +48,6 @@ export function lockGuard(): CanActivateFn {
       return false;
     }
 
-    const authStatus = await authService.getAuthStatus();
-    if (authStatus !== AuthenticationStatus.Locked) {
-      return router.createUrlTree(["/"]);
-    }
-
     // User is authN and in locked state.
 
     const tdeEnabled = await deviceTrustCryptoService.supportsDeviceTrust();