Merge branch 'auth/pm-19877/notification-processing' into auth/pm-23620/auth-request-answering-service

2026-02-27 10:03:23 +00:00 · 2025-08-11 10:54:23 -04:00
parent 7484433604 a3bc3e7975
commit a61bd546b2
86 changed files with 869 additions and 584 deletions
--- a/libs/auth/src/angular/login/login-component.service.ts
+++ b/libs/auth/src/angular/login/login-component.service.ts
@@ -23,7 +23,7 @@ export abstract class LoginComponentService {
   * Gets the organization policies if there is an organization invite.
   * - Used by: Web
   */
-  getOrgPoliciesFromOrgInvite?: () => Promise<PasswordPolicies | null>;
+  getOrgPoliciesFromOrgInvite?: (email: string) => Promise<PasswordPolicies | null>;

  /**
   * Indicates whether login with passkey is supported on the given client
--- a/libs/auth/src/angular/login/login.component.ts
+++ b/libs/auth/src/angular/login/login.component.ts
@@ -80,6 +80,7 @@ export class LoginComponent implements OnInit, OnDestroy {

  clientType: ClientType;
  ClientType = ClientType;
+  orgPoliciesFromInvite: PasswordPolicies | null = null;
  LoginUiState = LoginUiState;
  isKnownDevice = false;
  loginUiState: LoginUiState = LoginUiState.EMAIL_ENTRY;
@@ -232,11 +233,12 @@ export class LoginComponent implements OnInit, OnDestroy {
    // Try to retrieve any org policies from an org invite now so we can send it to the
    // login strategies. Since it is optional and we only want to be doing this on the
    // web we will only send in content in the right context.
-    const orgPoliciesFromInvite = this.loginComponentService.getOrgPoliciesFromOrgInvite
-      ? await this.loginComponentService.getOrgPoliciesFromOrgInvite()
+    this.orgPoliciesFromInvite = this.loginComponentService.getOrgPoliciesFromOrgInvite
+      ? await this.loginComponentService.getOrgPoliciesFromOrgInvite(email)
      : null;

-    const orgMasterPasswordPolicyOptions = orgPoliciesFromInvite?.enforcedPasswordPolicyOptions;
+    const orgMasterPasswordPolicyOptions =
+      this.orgPoliciesFromInvite?.enforcedPasswordPolicyOptions;

    const credentials = new PasswordLoginCredentials(
      email,
@@ -327,25 +329,18 @@ export class LoginComponent implements OnInit, OnDestroy {

    // TODO: PM-18269 - evaluate if we can combine this with the
    // password evaluation done in the password login strategy.
-    // If there's an existing org invite, use it to get the org's password policies
-    // so we can evaluate the MP against the org policies
-    if (this.loginComponentService.getOrgPoliciesFromOrgInvite) {
-      const orgPolicies: PasswordPolicies | null =
-        await this.loginComponentService.getOrgPoliciesFromOrgInvite();
+    if (this.orgPoliciesFromInvite) {
+      // Since we have retrieved the policies, we can go ahead and set them into state for future use
+      // e.g., the change-password page currently only references state for policy data and
+      // doesn't fallback to pulling them from the server like it should if they are null.
+      await this.setPoliciesIntoState(authResult.userId, this.orgPoliciesFromInvite.policies);

-      if (orgPolicies) {
-        // Since we have retrieved the policies, we can go ahead and set them into state for future use
-        // e.g., the change-password page currently only references state for policy data and
-        // doesn't fallback to pulling them from the server like it should if they are null.
-        await this.setPoliciesIntoState(authResult.userId, orgPolicies.policies);
-
-        const isPasswordChangeRequired = await this.isPasswordChangeRequiredByOrgPolicy(
-          orgPolicies.enforcedPasswordPolicyOptions,
-        );
-        if (isPasswordChangeRequired) {
-          await this.router.navigate(["change-password"]);
-          return;
-        }
+      const isPasswordChangeRequired = await this.isPasswordChangeRequiredByOrgPolicy(
+        this.orgPoliciesFromInvite.enforcedPasswordPolicyOptions,
+      );
+      if (isPasswordChangeRequired) {
+        await this.router.navigate(["change-password"]);
+        return;
      }
    }

--- a/libs/auth/src/common/abstractions/auth-request.service.abstraction.ts
+++ b/libs/auth/src/common/abstractions/auth-request.service.abstraction.ts
@@ -109,9 +109,9 @@ export abstract class AuthRequestServiceAbstraction {
  ): Promise<{ masterKey: MasterKey; masterKeyHash: string }>;

  /**
-   * Handles incoming auth request push notifications.
+   * Handles incoming auth request push server notifications.
   * @param notification push notification.
-   * @remark We should only be receiving approved push notifications to prevent enumeration.
+   * @remark We should only be receiving approved push server notifications to prevent enumeration.
   */
  abstract sendAuthRequestPushNotification(notification: AuthRequestPushNotification): void;

--- a/libs/auth/src/common/services/auth-request/auth-request-api.service.ts
+++ b/libs/auth/src/common/services/auth-request/auth-request-api.service.ts
@@ -63,7 +63,7 @@ export class DefaultAuthRequestApiService implements AuthRequestApiServiceAbstra
    try {
      // Submit the current device identifier in the header as well as in the POST body.
      // The value in the header will be used to build the request context and ensure that the resulting
-      // notifications have the current device as a source.
+      // server notifications have the current device as a source.
      const response = await this.apiService.send(
        "POST",
        "/auth-requests/",