From 8f77bc915963e77790c02f1193e093a6e90821cd Mon Sep 17 00:00:00 2001
From: Todd Martin <tmartin@bitwarden.com>
Date: Thu, 7 Nov 2024 15:05:09 -0500
Subject: [PATCH] Added TDE offboarding check to 2FA component

---
 .../src/auth/components/two-factor.component.ts      | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/libs/angular/src/auth/components/two-factor.component.ts b/libs/angular/src/auth/components/two-factor.component.ts
index eaff9d665fd..5f7e5e10af5 100644
--- a/libs/angular/src/auth/components/two-factor.component.ts
+++ b/libs/angular/src/auth/components/two-factor.component.ts
@@ -315,8 +315,18 @@ export class TwoFactorComponent extends CaptchaProtectedComponent implements OnI
     orgIdentifier: string,
     userDecryptionOpts: UserDecryptionOptions,
   ): Promise<void> {
-    // If user doesn't have a MP, but has reset password permission, they must set a MP
+    // Tde offboarding takes precedence
     if (
+      !userDecryptionOpts.hasMasterPassword &&
+      userDecryptionOpts.trustedDeviceOption.isTdeOffboarding
+    ) {
+      const userId = (await firstValueFrom(this.accountService.activeAccount$))?.id;
+      await this.masterPasswordService.setForceSetPasswordReason(
+        ForceSetPasswordReason.TdeOffboarding,
+        userId,
+      );
+    } else if (
+      // If user doesn't have a MP, but has reset password permission, they must set a MP
       !userDecryptionOpts.hasMasterPassword &&
       userDecryptionOpts.trustedDeviceOption.hasManageResetPasswordPermission
     ) {