From 913b7ec5d67336547dbe31b94ef7a46a3e2e1b48 Mon Sep 17 00:00:00 2001
From: Patrick Pimentel <ppimentel@bitwarden.com>
Date: Thu, 22 May 2025 19:11:09 -0400
Subject: [PATCH] feat(change-password-component): Change Password Update
 [18720] - More extension work

---
 apps/browser/src/_locales/en/messages.json    |  3 ++
 apps/browser/src/popup/app-routing.module.ts  | 23 ++++++++---
 apps/web/src/app/oss-routing.module.ts        | 40 ++-----------------
 libs/angular/src/auth/guards/auth.guard.ts    | 39 +++---------------
 .../change-password.component.ts              | 21 ++++++++++
 .../input-password.component.html             |  2 +-
 .../auth/src/angular/login/login.component.ts |  3 +-
 libs/auth/src/common/utilities/route-list.ts  |  8 ++--
 8 files changed, 57 insertions(+), 82 deletions(-)

diff --git a/apps/browser/src/_locales/en/messages.json b/apps/browser/src/_locales/en/messages.json
index f5cab851631..7b11b9e3fed 100644
--- a/apps/browser/src/_locales/en/messages.json
+++ b/apps/browser/src/_locales/en/messages.json
@@ -1176,6 +1176,9 @@
   "changePasswordWarning": {
     "message": "After changing your password, you will need to log in with your new password. Active sessions on other devices will be logged out within one hour."
   },
+  "accountRecoveryUpdateMasterPasswordSubtitle": {
+    "message": "Admins have recovered your account. Change you master password to continue."
+  },
   "enableChangedPasswordNotification": {
     "message": "Ask to update existing login"
   },
diff --git a/apps/browser/src/popup/app-routing.module.ts b/apps/browser/src/popup/app-routing.module.ts
index 118e55817fd..7ea0b9379ad 100644
--- a/apps/browser/src/popup/app-routing.module.ts
+++ b/apps/browser/src/popup/app-routing.module.ts
@@ -43,7 +43,6 @@ import {
   VaultIcon,
   ChangePasswordComponent,
 } from "@bitwarden/auth/angular";
-import { RouteList } from "@bitwarden/auth/common";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { LockComponent } from "@bitwarden/key-management-ui";
 
@@ -332,17 +331,31 @@ const routes: Routes = [
     data: { elevation: 1 } satisfies RouteDataProperties,
   },
   {
-    path: RouteList.NonCompliantPasswordRoute,
-    component: ChangePasswordComponent,
+    path: "",
+    component: ExtensionAnonLayoutWrapperComponent,
+    children: [
+      {
+        path: "change-password",
+        children: [
+          {
+            path: "",
+            component: ChangePasswordComponent,
+          },
+        ],
+        data: {
+          showBackButton: true,
+        } satisfies ExtensionAnonLayoutWrapperData,
+      },
+    ],
   },
   {
-    path: RouteList.OLDUpdateTempPassword,
+    path: "update-temp-password",
     component: UpdateTempPasswordComponent,
     canActivate: [
       canAccessFeature(
         FeatureFlag.PM16117_ChangeExistingPasswordRefactor,
         false,
-        `/${RouteList.NonCompliantPasswordRoute}`,
+        `/change-password`,
         false,
       ),
       authGuard,
diff --git a/apps/web/src/app/oss-routing.module.ts b/apps/web/src/app/oss-routing.module.ts
index 7aa4903955b..69d0aa761f2 100644
--- a/apps/web/src/app/oss-routing.module.ts
+++ b/apps/web/src/app/oss-routing.module.ts
@@ -41,7 +41,6 @@ import {
   DeviceVerificationIcon,
   ChangePasswordComponent,
 } from "@bitwarden/auth/angular";
-import { RouteList } from "@bitwarden/auth/common";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { LockComponent } from "@bitwarden/key-management-ui";
 import { VaultIcons } from "@bitwarden/vault";
@@ -148,44 +147,13 @@ const routes: Routes = [
         component: AnonLayoutWrapperComponent,
         children: [
           {
-            path: RouteList.AdminRecoveryChangePasswordRoute,
+            path: "change-password",
             children: [
               {
                 path: "",
                 component: ChangePasswordComponent,
               },
             ],
-            data: {
-              pageIcon: LockIcon,
-              pageTitle: { key: "updateMasterPassword" },
-              pageSubtitle: { key: "accountRecoveryUpdateMasterPasswordSubtitle" },
-              hideFooter: true,
-              maxWidth: "lg",
-            } satisfies AnonLayoutWrapperData,
-          },
-        ],
-        data: { titleId: "updatePassword" } satisfies RouteDataProperties,
-      },
-      {
-        path: "",
-        component: AnonLayoutWrapperComponent,
-        children: [
-          {
-            path: RouteList.NonCompliantPasswordRoute,
-            children: [
-              {
-                path: "",
-                component: ChangePasswordComponent,
-              },
-            ],
-            data: {
-              pageIcon: LockIcon,
-              pageTitle: { key: "updateMasterPassword" },
-              pageSubtitle: { key: "updateMasterPasswordSubtitle" },
-
-              hideFooter: true,
-              maxWidth: "lg",
-            } satisfies AnonLayoutWrapperData,
           },
         ],
         data: { titleId: "updatePassword" } satisfies RouteDataProperties,
@@ -197,7 +165,7 @@ const routes: Routes = [
           canAccessFeature(
             FeatureFlag.PM16117_ChangeExistingPasswordRefactor,
             false,
-            RouteList.AdminRecoveryChangePasswordRoute,
+            "change-password",
             false,
           ),
           authGuard,
@@ -205,13 +173,13 @@ const routes: Routes = [
         data: { titleId: "updateTempPassword" } satisfies RouteDataProperties,
       },
       {
-        path: RouteList.OLDNonCompliantPasswordOnLogin,
+        path: "update-password",
         component: UpdatePasswordComponent,
         canActivate: [
           canAccessFeature(
             FeatureFlag.PM16117_ChangeExistingPasswordRefactor,
             false,
-            RouteList.NonCompliantPasswordRoute,
+            "change-password",
             false,
           ),
           authGuard,
diff --git a/libs/angular/src/auth/guards/auth.guard.ts b/libs/angular/src/auth/guards/auth.guard.ts
index 693a19e4f05..690db37d090 100644
--- a/libs/angular/src/auth/guards/auth.guard.ts
+++ b/libs/angular/src/auth/guards/auth.guard.ts
@@ -10,15 +10,12 @@ import {
 } from "@angular/router";
 import { firstValueFrom } from "rxjs";
 
-import { RouteList } from "@bitwarden/auth/common";
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
 import { ForceSetPasswordReason } from "@bitwarden/common/auth/models/domain/force-set-password-reason";
-import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { KeyConnectorService } from "@bitwarden/common/key-management/key-connector/abstractions/key-connector.service";
 import { MasterPasswordServiceAbstraction } from "@bitwarden/common/key-management/master-password/abstractions/master-password.service.abstraction";
-import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 
 export const authGuard: CanActivateFn = async (
@@ -31,7 +28,6 @@ export const authGuard: CanActivateFn = async (
   const keyConnectorService = inject(KeyConnectorService);
   const accountService = inject(AccountService);
   const masterPasswordService = inject(MasterPasswordServiceAbstraction);
-  const configService = inject(ConfigService);
 
   const authStatus = await authService.getAuthStatus();
 
@@ -69,37 +65,12 @@ export const authGuard: CanActivateFn = async (
     return router.createUrlTree(["/set-password"]);
   }
 
-  if (await configService.getFeatureFlag(FeatureFlag.PM16117_ChangeExistingPasswordRefactor)) {
-    // Check for force set password reason to properly navigate to the right component.
-
-    if (
-      forceSetPasswordReason === ForceSetPasswordReason.AdminForcePasswordReset &&
-      !routerState.url.includes(RouteList.AdminRecoveryChangePasswordRoute)
-    ) {
-      return router.createUrlTree([`/${RouteList.AdminRecoveryChangePasswordRoute}`]);
-    }
-
-    if (
-      forceSetPasswordReason === ForceSetPasswordReason.WeakMasterPassword &&
-      !routerState.url.includes(RouteList.NonCompliantPasswordRoute)
-    ) {
-      return router.createUrlTree([`/${RouteList.NonCompliantPasswordRoute}`]);
-    }
-  } else {
-    if (
-      forceSetPasswordReason !== ForceSetPasswordReason.None &&
-      !routerState.url.includes("update-temp-password")
-    ) {
-      return router.createUrlTree(["/update-temp-password"]);
-    }
+  if (
+    forceSetPasswordReason !== ForceSetPasswordReason.None &&
+    !routerState.url.includes("update-temp-password")
+  ) {
+    return router.createUrlTree(["/update-temp-password"]);
   }
 
-  // if (
-  //   forceSetPasswordReason !== ForceSetPasswordReason.None &&
-  //   !routerState.url.includes("update-temp-password")
-  // ) {
-  //   return router.createUrlTree(["/update-temp-password"]);
-  // }
-
   return true;
 };
diff --git a/libs/auth/src/angular/change-password/change-password.component.ts b/libs/auth/src/angular/change-password/change-password.component.ts
index 2e4cc18cee8..761991d0478 100644
--- a/libs/auth/src/angular/change-password/change-password.component.ts
+++ b/libs/auth/src/angular/change-password/change-password.component.ts
@@ -13,6 +13,8 @@ import { UserId } from "@bitwarden/common/types/guid";
 import { DialogService, ToastService, Translation } from "@bitwarden/components";
 import { I18nPipe } from "@bitwarden/ui-common";
 
+import { AnonLayoutWrapperDataService } from "../anon-layout/anon-layout-wrapper-data.service";
+import { LockIcon } from "../icons";
 import {
   InputPasswordComponent,
   InputPasswordFlow,
@@ -45,6 +47,7 @@ export class ChangePasswordComponent implements OnInit {
     private changePasswordService: ChangePasswordService,
     private i18nService: I18nService,
     private masterPasswordService: InternalMasterPasswordServiceAbstraction,
+    private anonLayoutWrapperDataService: AnonLayoutWrapperDataService,
     private messagingService: MessagingService,
     private policyService: PolicyService,
     private toastService: ToastService,
@@ -74,6 +77,24 @@ export class ChangePasswordComponent implements OnInit {
     if (this.masterPasswordPolicyOptions?.enforceOnLogin) {
       this.warningText = { key: "masterPasswordInvalidWarning" };
     }
+
+    if (this.forceSetPasswordReason === ForceSetPasswordReason.AdminForcePasswordReset) {
+      this.anonLayoutWrapperDataService.setAnonLayoutWrapperData({
+        pageIcon: LockIcon,
+        pageTitle: { key: "updateMasterPassword" },
+        pageSubtitle: { key: "accountRecoveryUpdateMasterPasswordSubtitle" },
+        hideFooter: true,
+        maxWidth: "lg",
+      });
+    } else if (this.forceSetPasswordReason === ForceSetPasswordReason.WeakMasterPassword) {
+      this.anonLayoutWrapperDataService.setAnonLayoutWrapperData({
+        pageIcon: LockIcon,
+        pageTitle: { key: "updateMasterPassword" },
+        pageSubtitle: { key: "updateMasterPasswordSubtitle" },
+        hideFooter: true,
+        maxWidth: "lg",
+      });
+    }
   }
 
   async logOut() {
diff --git a/libs/auth/src/angular/input-password/input-password.component.html b/libs/auth/src/angular/input-password/input-password.component.html
index d7742a97876..88b5f3f1ce2 100644
--- a/libs/auth/src/angular/input-password/input-password.component.html
+++ b/libs/auth/src/angular/input-password/input-password.component.html
@@ -29,7 +29,7 @@
   </bit-form-field>
 
   <div class="tw-mb-6">
-    <bit-form-field>
+    <bit-form-field disableMargin>
       <bit-label>{{ "newMasterPass" | i18n }}</bit-label>
       <input
         id="input-password-form_new-password"
diff --git a/libs/auth/src/angular/login/login.component.ts b/libs/auth/src/angular/login/login.component.ts
index fb8afab294d..d5180f56785 100644
--- a/libs/auth/src/angular/login/login.component.ts
+++ b/libs/auth/src/angular/login/login.component.ts
@@ -10,7 +10,6 @@ import {
   LoginStrategyServiceAbstraction,
   LoginSuccessHandlerService,
   PasswordLoginCredentials,
-  RouteList,
 } from "@bitwarden/auth/common";
 import { InternalPolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { PolicyData } from "@bitwarden/common/admin-console/models/data/policy.data";
@@ -329,7 +328,7 @@ export class LoginComponent implements OnInit, OnDestroy {
           orgPolicies.enforcedPasswordPolicyOptions,
         );
         if (isPasswordChangeRequired) {
-          await this.router.navigate([RouteList.OLDNonCompliantPasswordOnLogin]);
+          await this.router.navigate(["update-password"]);
           return;
         }
       }
diff --git a/libs/auth/src/common/utilities/route-list.ts b/libs/auth/src/common/utilities/route-list.ts
index a8313d0f40e..d87b31a8618 100644
--- a/libs/auth/src/common/utilities/route-list.ts
+++ b/libs/auth/src/common/utilities/route-list.ts
@@ -1,6 +1,6 @@
 export const RouteList = {
-  AdminRecoveryChangePasswordRoute: "recovery-change-password",
-  NonCompliantPasswordRoute: "change-password",
-  OLDUpdateTempPassword: "update-temp-password",
-  OLDNonCompliantPasswordOnLogin: "update-password",
+  // AdminRecoveryChangePasswordRoute: "recovery-change-password",
+  // NonCompliantChangePasswordRoute: "change-password",
+  // OLDUpdateTempPassword: "update-temp-password",
+  // OLDNonCompliantPasswordOnLogin: "update-password",
 };