feat(2FA-UI-Refresh): [Auth/PM-8113] - 2FA Components Consolidation and UI Refresh (#12087)

* PM-8113 - Deprecate TwoFactorComponentRefactor feature flag in favor of UnauthenticatedExtensionUIRefresh flag

* PM-8113 - Rename all existing 2FA components as V1.

* PM-8113 - TwoFactorAuthComp - Add comment explaining that tagged unused import is used a dialog.

* PM-8113 - 2FA Auth Comp - deprecate captcha

* PM-8113 - LoginStrategySvc - add todo for deprecation of captcha response

* PM-8113 - TwoFactorAuth tests - remove captcha

* PM-8113  - TwoFactorAuthComp HTML - remove captcha

* PM-8113  - Web Two Factor Auth - update deps

* PM-8113 - Move all new two-factor-auth components into libs/auth instead of libs/angular/src/auth

* PM-8113 - Add new child-components folder to help differentiate between top level page component and child components

* PM-8113 - Add todo for browser TwoFactorAuthEmailComponent

* PM-8113 - TwoFactorAuth - progress on consolidation

* PM-8113 - TwoFactorAuth - add TODO to ensure I don't miss web on success logic

* PM-8113 - TwoFactorAuth - Deprecate browser implementation of two-factor-auth and move all logic into single component - WIP

* PM-8113 - Bring across 2FA session timeout to new 2FA orchestrator comp

* PM-8113 - Export TwoFactorAuth from libs/auth

* PM-8113 - Fix 2FA Auth Comp tests by adding new service deps.

* PM-8113 - Fix TwoFactorAuthExpiredComp imports + TwoFactorAuthComponent imports on other clients.

* PM-8113 - 2FA Auth Comp - Progress on removing onSuccessfulLogin callback

* PM-8113 - 2FA Auth - update deps to private as inheritance will no longer be used.

* PM-8113 - TwoFactorAuthComp - Refactor init a bit.

* PM-8113  - TwoFactorAuthComp - More naming refactors

* PM-8113  - TwoFactorAuth - (1) more refactoring (2) removed onSuccessfulLoginNavigate (3) after successful login we always loginEmailService.clearValues()

* PM-8113 - TwoFactorAuthComp Tests - clean up tests for removed callbacks.

* PM-8113 - TwoFactorAuthComponent - refactor default success route handling

* PM-8113 - TwoFactorAuthComp - More refactoring

* PM-8113 - TwoFactorAuthComp - more refactors

* PM-8113 - TwoFactorAuth - Remove unused service dep

* PM-8113 - TwoFactorAuthComp - Refactor out unused button action text and move checks for continue button visibility into component

* PM-8113 - TwoFactorAuthComponent - Add type for providerData

* PM-8113 - TwoFactorAuthComponent - Add todo

* PM-8113 - TwoFactorAuthComponent - Add client type

* PM-8113 - TwoFactorAuth - implement browser specific SSO + 2FA logic

* PM-8113 - TwoFactorService Abstraction - refactor to use proper functions + mark methods as abstract properly + add null return to getProviders

* PM-8113 - Refactor 2FA Guard logic out of ngOnInit and into own tested guard. Updated all routes.

* PM-8113 - TwoFactorAuthComponent - WIP on webauthn init.

* PM-8113 - TwoFactorAuthComponent - pull webauthn fallback response handling into primary init with checks based on client for if it should be processed.

* PM-8113 - TwoFactorAuthComponent - move linux popup width extension logic into ExtensionTwoFactorAuthComponentService

* PM-8113 - WebTwoFactorAuthComponentService - add explicit override for web's determineLegacyKeyMigrationAction method.

* PM-8113 - Implement new TwoFactorAuthComponentService .openPopoutIfApprovedForEmail2fa to replace extension specific init logic.

* PM-8113 - TwoFactorAuthComponent - misc cleanup

* PM-8113 - TwoFactorAuthComponent - more clean up

* PM-8113 - TwoFactorAuthComponent - WIP on removing TDE callbacks

* PM-8113 - TwoFactorAuthComponent - finish refactoring out all callbacks

* PM-8113 - TwoFactorAuthComponent - remove now unused method

* PM-8113 - TwoFactorAuthComponent - refactor routes.

* PM-8113 - TwoFactorAuthComponent - add TODO

* PM-8113 - TwoFactorAuthComp - isTrustedDeviceEncEnabled - add undefined check for optional window close. + Add todo

* PM-8113 - TwoFactorAuthComponent tests - updated to pass

* PM-8113 - (1) Consolidate TwoFactorAuthEmail component into new service architecture (2) Move openPopoutIfApprovedForEmail2fa to new TwoFactorAuthEmailComponentService

* PM-8113 - Refactor libs/auth/2fa into barrel files.

* PM-8113 - Move TwoFactorAuthEmail content to own folder.

* PM-8113 - Move 2FA Duo to own comp folder.

* PM-8113 - ExtensionTwoFactorAuthEmailComponentService - Add comment

* PM-8113 - TwoFactorAuthEmailComponentService - add docs

* PM-8113  - TwoFactorAuthDuoComponentService - define top level abstraction and each clients implementation of the duo2faResultListener

* PM-8113 - TwoFactorAuthDuoCompService - add client specific handling for launchDuoFrameless

* PM-8113 - Delete no longer used client specific two factor auth duo components.

* PM-8113 - Register TwoFactorAuthDuoComponentService implementation in each client.

* PM-8113 - TwoFactorAuthComp - add destroy ref to fix warnings.

* PM-8113 - Remove accidentally checked in dev change

* PM-8113 - TwoFactorAuthComp - (1) Add loading state (2) Add missing  CheckboxModule import

* PM-8113 - TwoFactorAuthDuoComponent - update takeUntilDestroyed to pass in destroy context as you can't use takeUntilDestroyed in ngOnInit without it.

* PM-8113 - TwoFactorAuthWebAuthnComponent - remove no longer necessary webauthn new tab check as webauthn seems to work without it

* PM-8113 - TwoFactorAuthWebAuthnComp - refactor names and add todo

* PM-8113 - (1) Move WebAuthn 2FA comp to own folder (2) build out client service for new tab logic

* PM-8113 - Register TwoFactorAuthWebAuthnComponentServices

* PM-8113 - Tweak TwoFactorAuthWebAuthnComponentService and add to TwoFactorAuthWebAuthnComponent

* PM-8113 - WebTwoFactorAuthDuoComponentService - fix type issue

* PM-8113 - ExtensionTwoFactorAuthDuoComponentService - attempt to fix type issue.

* PM-8113 - Remove ts-strict-ignore

* PM-8113 - TwoFactorAuthWebAuthnComponent - satisfy strict typescript reqs.

* PM-8113 - TwoFactorAuthComponent - some progress on strict TS conversion

* PM-8113 - TwoFactorAuthComp - fixed all strict typescript issues.

* PM-8113 - TwoFactorAuthComp - remove no longer necessary webauthn code

* PM-8113 - ExtensionTwoFactorAuthComponentService - handleSso2faFlowSuccess - add more context

* PM-8113 - TwoFactorAuthComp - TDE should use same success handler method

* PM-8113 - Fix SSO + 2FA result handling by closing proper popout window

* PM-8113 - Add todo

* PM-8113 - Webauthn 2FA - As webauthn popout doesn't persist SSO state, have to genercize success logic (which should be a good thing but requires confirmation testing).

* PM-8113 - Per main changes, remove deprecated I18nPipe from 2fa comps that use it.

* PM-8113 - Remove more incorrect i18nPipes

* PM-8113 - TwoFactorAuth + Webauthn - Refactor logic

* PM-8113 - TwoFactorAuth - build submitting loading logic

* PM-8113 - TwoFactorAuth - remove loading as submitting.

* PM-8113 - TwoFactorAuth - update to latest authN session timeout logic

* PM-8113 - AuthPopoutWindow - Add new single action popout for email 2FA so we can close it programmatically

* PM-8113 - Update  ExtensionTwoFactorAuthComponentService to close email 2FA single action popouts.

* PM-8113 - Fix build after merge conflict issue

* PM-8113 - 2FA - Duo & Email comps - strict typescript adherence.

* PM-8113 - TwoFactorAuth - Clean up unused stuff and get tests passing

* PM-8113 - Clean up used service method + TODO as I've confirmed it works for other flows.

* PM-8113 - TODO: test all comp services

* PM-8113 - TwoFactorAuthComponent Tests - fix tests by removing mock of removed method.

* PM-8113 - Revert changes to login strategies to avoid scope creep for the sake of typescript strictness.

* PM-8113 - ExtensionTwoFactorAuthComponentService tests

* PM-8113 - Test ExtensionTwoFactorAuthDuoComponentService

* PM-8113 - ExtensionTwoFactorAuthEmailComponentService - add tests

* PM-8113 - Test ExtensionTwoFactorAuthWebAuthnComponentService

* PM-8113 - Add 2fa icons (icons need tweaking still)

* PM-8113 - TwoFactorAuthComponent - add setAnonLayoutDataByTwoFactorProviderType and handle email case as POC

* PM-8113 - TwoFactorEmailComp - work on converting to new design

* PM-8113 - Update icons with proper svg with scaling via viewbox

* PM-8113 - Update icons to use proper classes

* PM-8113 - 2FA Auth Comp - Progress on implementing design changes

* PM-8113 - TwoFactorOptionsComponent - add todos

* PM-8113 - 2fa Email Comp - add style changes per discussion with design

* PM-8113 - TwoFactorAuthComponent - use2faRecoveryCode - build out method per discussion with design

* PM-8113 - TwoFactorAuthComp - fix comp tests

* PM-8113 - TwoFactorAuthComp - progress on adding 2fa provider page icons and subtitles

* PM-8113 - Browser Translations - update duoTwoFactorRequiredPageSubtitle to match design discussion

* PM-8113 - TwoFactorAuthComp - more work on getting page title / icons working

* PM-8113 - Add todo

* PM-8113 - TwoFactorAuthDuoComponent Html - remove text that was moved to page subtitle.

* PM-8113 - 2FA Auth Comp - Duo icon works

* PM-8113 - (1) Add Yubico logo icon (2) Rename Yubikey icon to security key icon

* PM-8113 - TwoFactorAuthComp - remove icon from launch duo button per figma

* PM-8113 - Mark old two-factor-options component as v1.

* PM-8113 - Web - TwoFactorOptionsComponentV1 - Fix import

* PM-8113 - Fix more imports

* PM-8113 - Adjust translations based on meeting with Design

* PM-8113 - TwoFactorOptionsComponent - deprecate recovery code functionality

* PM-8113 - TwoFactorOptionsComponent - remove icon disable logic and unused imports

* PM-8113 - 2FA Options Comp rewritten to match figma

* PM-8113 - TwoFactorOptions - (1) Sort providers like setup screen (2) Add responsive scaling

* PM-8113 - Webauthn 2FA - WIP on updating connectors to latest style

* PM-8113 - Webauthn connector - clean up commented out code and restore block style

* PM-8113 - TwoFactorAuthWebAuthn - Add loading state for iframe until webauthn ready

* PM-8113 - Webauthn Iframe - update translation per figma

* PM-8113 - TwoFactorAuthComp - per figma, put webauthn after checkbox.

* PM-8113 - WebAuthn Fallback connector - UI refreshed

* PM-8113 - Two Factor Options - Implement wrapping

* PM-8113 - TwoFactorAuthAuthenticator - Remove text per figma

* PM-8113 - TwoFactorAuthYubikey - Clean up design per figma

* PM-8113 - Refactor all 2FA flows to use either reactive forms or programmatic submission so we get the benefit of onSubmit form validation like we have elsewhere.

* PM-8113 - 2FA Auth Comp - for form validated 2FA methods, add enter support.

* PM-8113 - TwoFactorAuthComp - Add loginSuccessHandlerService

* PM-8113 - DesktopTwoFactorAuthDuoComponentService - add tests

* PM-8113 - WebTwoFactorAuthDuoComponentService test file - WIP on tests

* PM-8113 - WebTwoFactorAuthDuoComponentService - test listenForDuo2faResult

* PM-8113 - TwoFactorAuthComp - (1) remove unused deps (2) get tests passing

* PM-8113 - Add required to inputs

* PM-8113 - TwoFactorAuth - Save off 2FA providers map so we can only show the select another 2FA method if the user actually has more than 1 configured 2FA method.

* PM-8113 - Webauthn iframe styling must be adjusted per client so adjust desktop and browser extension

* PM-8113 - TwoFactorAuthComp - Integrate latest ssoLoginService changes

* PM-8113 - Desktop & Browser routing modules - add new page title per figma

* PM-8113 - WebAuthn - added optional awaiting security key interaction button state to improve UX.

* PM-8113 - TwoFactorAuthComp - refactor to avoid reactive race condition with retrieval of active user id.

* PM-8113 - ExtensionTwoFactorAuthEmailComponentService - force close the popup since it has stopped closing when the popup opens.

* PM-8113 - TwoFactorAuth - refactor enter key press to exempt non-applicable flows from enter key handling

* PM-8113 - Refactor ExtensionTwoFactorAuthComponentService methods to solve issues with submission

* PM-8113 - TwoFactorAuth - fix programmatic submit of form

* PM-8113 - Fix ExtensionTwoFactorAuthComponentService tests

* PM-8113 - Extension - Webauthn iframe - remove -10px margin

* PM-8113 - Extension Routing module - 2FA screens need back button

* PM-8113 - Get Duo working in extension

* PM-8113 - TwoFactorOptions - tweak styling of row styling to better work for extension

* PM-8113 - TwoFactorWebauthnComp - new tab button styling per figma

* PM-8113 - 2FA Comp - Update logic for hiding / showing the remember me checkbox

* PM-8113 - TwoFactorAuthWebAuthnComp - new tab flow - fix remember me

* PM-8113 - Per PR feedback, add TODO for better provider and module structure for auth component client logic services.

* PM-8113 - TwoFactorAuth - add missing TDE offboarding logic.

* PM-8113 - TwoFactorAuthComponent tests - fix tests

* PM-8113 - 2FA Auth Comp HTML - per PR feedback, remove unnecessary margin bottom

* PM-8113 - 2FA Comp - per PR feedback, remove inSsoFlow as it isn't used.

* PM-8113 - TwoFactorOptionsComp - Clean up no longer needed emitters.

* PM-8113 - TwoFactorOptions - per PR feedback, clean up any usage

* PM-8113 - TwoFactorAuthComp - per PR feedback, rename method from selectOtherTwofactorMethod to selectOtherTwoFactorMethod

* PM-8113 - Per PR feedback, fix translations misspelling

* PM-8113 - TwoFactorAuthSecurityKeyIcon - fix hardcoded value

* PM-8113 - TwoFactorAuthSecurityKeyIcon - fix extra "

* PM-8113 - TwoFactorAuthDuo - Per PR feedback, remove empty template.

* PM-8113 - LooseComponentsModule - re-add accidentally removed component

* PM-8113 - TwoFactorAuthWebAuthnIcon - per PR feedback, fix hardcoded stroke value.

* PM-8113 - Desktop AppRoutingModule - per PR feedback, remove unnecessary AnonLayoutWrapperComponent component property.

* PM-8113 - Update apps/browser/src/auth/services/extension-two-factor-auth-duo-component.service.spec.ts to fix misspelling

Co-authored-by: rr-bw <102181210+rr-bw@users.noreply.github.com>

* PM-8113 - TwoFactorAuthComp - Per PR feedback, add trim to token value

* PM-8113 - TwoFactorService - add typescript strict

* PM-8113 - TwoFactorService - per PR feedback, add jsdocs

* PM-8113 - Per PR feedback, fix misspelling

* PM-8113 - Webauthn fallback - per PR feedback fix stroke

* PM-8113 - Update apps/web/src/connectors/webauthn-fallback.html

Co-authored-by: rr-bw <102181210+rr-bw@users.noreply.github.com>

* PM-8113 - Update libs/auth/src/angular/icons/two-factor-auth/two-factor-auth-webauthn.icon.ts

Co-authored-by: rr-bw <102181210+rr-bw@users.noreply.github.com>

---------

Co-authored-by: rr-bw <102181210+rr-bw@users.noreply.github.com>

apps/desktop/src/app/app-routing.module.ts

@@ -16,7 +16,6 @@ import {
   unauthGuardFn,
 } from "@bitwarden/angular/auth/guards";
 import { canAccessFeature } from "@bitwarden/angular/platform/guard/feature-flag.guard";
-import { twofactorRefactorSwap } from "@bitwarden/angular/utils/two-factor-component-refactor-route-swap";
 import { NewDeviceVerificationNoticeGuard } from "@bitwarden/angular/vault/guards";
 import {
   AnonLayoutWrapperComponent,
@@ -39,6 +38,8 @@ import {
   DevicesIcon,
   SsoComponent,
   TwoFactorTimeoutIcon,
+  TwoFactorAuthComponent,
+  TwoFactorAuthGuard,
   NewDeviceVerificationComponent,
   DeviceVerificationIcon,
 } from "@bitwarden/auth/angular";
@@ -59,8 +60,7 @@ import { LoginViaAuthRequestComponentV1 } from "../auth/login/login-via-auth-req
 import { RemovePasswordComponent } from "../auth/remove-password.component";
 import { SetPasswordComponent } from "../auth/set-password.component";
 import { SsoComponentV1 } from "../auth/sso-v1.component";
-import { TwoFactorAuthComponent } from "../auth/two-factor-auth.component";
-import { TwoFactorComponent } from "../auth/two-factor.component";
+import { TwoFactorComponentV1 } from "../auth/two-factor-v1.component";
 import { UpdateTempPasswordComponent } from "../auth/update-temp-password.component";
 import { VaultComponent } from "../vault/app/vault/vault.component";
 
@@ -82,22 +82,26 @@ const routes: Routes = [
     children: [], // Children lets us have an empty component.
     canActivate: [redirectGuard({ loggedIn: "/vault", loggedOut: "/login", locked: "/lock" })],
   },
-  ...twofactorRefactorSwap(
-    TwoFactorComponent,
+  ...unauthUiRefreshSwap(
+    TwoFactorComponentV1,
     AnonLayoutWrapperComponent,
     {
       path: "2fa",
     },
     {
       path: "2fa",
-      component: AnonLayoutWrapperComponent,
+      canActivate: [unauthGuardFn(), TwoFactorAuthGuard],
       children: [
         {
           path: "",
           component: TwoFactorAuthComponent,
-          canActivate: [unauthGuardFn()],
         },
       ],
+      data: {
+        pageTitle: {
+          key: "verifyIdentity",
+        },
+      } satisfies RouteDataProperties & AnonLayoutWrapperData,
     },
   ),
   {

apps/desktop/src/app/app.module.ts

@@ -18,8 +18,8 @@ import { LoginModule } from "../auth/login/login.module";
 import { RemovePasswordComponent } from "../auth/remove-password.component";
 import { SetPasswordComponent } from "../auth/set-password.component";
 import { SsoComponentV1 } from "../auth/sso-v1.component";
-import { TwoFactorOptionsComponent } from "../auth/two-factor-options.component";
-import { TwoFactorComponent } from "../auth/two-factor.component";
+import { TwoFactorOptionsComponentV1 } from "../auth/two-factor-options-v1.component";
+import { TwoFactorComponentV1 } from "../auth/two-factor-v1.component";
 import { UpdateTempPasswordComponent } from "../auth/update-temp-password.component";
 import { PremiumComponent } from "../billing/app/accounts/premium.component";
 import { SshAgentService } from "../platform/services/ssh-agent.service";
@@ -86,9 +86,9 @@ import { SendComponent } from "./tools/send/send.component";
     SetPasswordComponent,
     SettingsComponent,
     ShareComponent,
+    TwoFactorComponentV1,
     SsoComponentV1,
-    TwoFactorComponent,
-    TwoFactorOptionsComponent,
+    TwoFactorOptionsComponentV1,
     UpdateTempPasswordComponent,
     VaultComponent,
     VaultTimeoutInputComponent,

apps/desktop/src/app/services/services.module.ts

@@ -26,6 +26,7 @@ import {
   SetPasswordJitService,
   SsoComponentService,
   DefaultSsoComponentService,
+  TwoFactorAuthDuoComponentService,
 } from "@bitwarden/auth/angular";
 import {
   InternalUserDecryptionOptionsServiceAbstraction,
@@ -103,6 +104,7 @@ import { LockComponentService } from "@bitwarden/key-management-ui";
 
 import { DesktopLoginApprovalComponentService } from "../../auth/login/desktop-login-approval-component.service";
 import { DesktopLoginComponentService } from "../../auth/login/desktop-login-component.service";
+import { DesktopTwoFactorAuthDuoComponentService } from "../../auth/services/desktop-two-factor-auth-duo-component.service";
 import { DesktopAutofillSettingsService } from "../../autofill/services/desktop-autofill-settings.service";
 import { DesktopAutofillService } from "../../autofill/services/desktop-autofill.service";
 import { DesktopFido2UserInterfaceService } from "../../autofill/services/desktop-fido2-user-interface.service";
@@ -398,6 +400,16 @@ const safeProviders: SafeProvider[] = [
       SsoUrlService,
     ],
   }),
+  safeProvider({
+    provide: TwoFactorAuthDuoComponentService,
+    useClass: DesktopTwoFactorAuthDuoComponentService,
+    deps: [
+      MessageListener,
+      EnvironmentService,
+      I18nServiceAbstraction,
+      PlatformUtilsServiceAbstraction,
+    ],
+  }),
   safeProvider({
     provide: SdkClientFactory,
     useClass: flagEnabled("sdk") ? DefaultSdkClientFactory : NoopSdkClientFactory,

apps/desktop/src/auth/services/desktop-two-factor-auth-duo-component.service.spec.ts

@@ -0,0 +1,93 @@
+import { MockProxy, mock } from "jest-mock-extended";
+import { BehaviorSubject, firstValueFrom } from "rxjs";
+
+import {
+  Environment,
+  EnvironmentService,
+} from "@bitwarden/common/platform/abstractions/environment.service";
+import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
+import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { MessageListener } from "@bitwarden/common/platform/messaging";
+
+import { DesktopTwoFactorAuthDuoComponentService } from "./desktop-two-factor-auth-duo-component.service";
+
+describe("DesktopTwoFactorAuthDuoComponentService", () => {
+  let desktopTwoFactorAuthDuoComponentService: DesktopTwoFactorAuthDuoComponentService;
+  let messageListener: MockProxy<MessageListener>;
+  let environmentService: MockProxy<EnvironmentService>;
+  let i18nService: MockProxy<I18nService>;
+  let platformUtilsService: MockProxy<PlatformUtilsService>;
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+
+    messageListener = mock<MessageListener>();
+    environmentService = mock<EnvironmentService>();
+    i18nService = mock<I18nService>();
+    platformUtilsService = mock<PlatformUtilsService>();
+
+    desktopTwoFactorAuthDuoComponentService = new DesktopTwoFactorAuthDuoComponentService(
+      messageListener,
+      environmentService,
+      i18nService,
+      platformUtilsService,
+    );
+  });
+
+  describe("listenForDuo2faResult$", () => {
+    it("should return an observable that emits a duo 2FA result when a duo result message is received", async () => {
+      const message: { code: string; state: string } = {
+        code: "123456",
+        state: "abcdef",
+      };
+      const expectedDuo2faResult = {
+        code: message.code,
+        state: message.state,
+        token: `${message.code}|${message.state}`,
+      };
+
+      const messages = new BehaviorSubject(message);
+      messageListener.messages$.mockReturnValue(messages);
+
+      const duo2faResult = await firstValueFrom(
+        desktopTwoFactorAuthDuoComponentService.listenForDuo2faResult$(),
+      );
+      expect(duo2faResult).toEqual(expectedDuo2faResult);
+    });
+  });
+
+  describe("launchDuoFrameless", () => {
+    it("should build and launch the duo frameless URL", async () => {
+      // Arrange
+      const duoFramelessUrl = "https://duoFramelessUrl";
+      const webVaultUrl = "https://webVaultUrl";
+
+      i18nService.t.mockImplementation((key) => key);
+
+      const handOffMessage = {
+        title: "youSuccessfullyLoggedIn",
+        message: "youMayCloseThisWindow",
+        isCountdown: false,
+      };
+
+      const mockEnvironment = {
+        getWebVaultUrl: () => webVaultUrl,
+      } as unknown as Environment;
+      const environmentBSubject = new BehaviorSubject(mockEnvironment);
+      environmentService.environment$ = environmentBSubject.asObservable();
+
+      // Act
+      await desktopTwoFactorAuthDuoComponentService.launchDuoFrameless(duoFramelessUrl);
+
+      // Assert
+      const launchUrl =
+        webVaultUrl +
+        "/duo-redirect-connector.html" +
+        "?duoFramelessUrl=" +
+        encodeURIComponent(duoFramelessUrl) +
+        "&handOffMessage=" +
+        encodeURIComponent(JSON.stringify(handOffMessage));
+      expect(platformUtilsService.launchUri).toHaveBeenCalledWith(launchUrl);
+    });
+  });
+});

apps/desktop/src/auth/services/desktop-two-factor-auth-duo-component.service.ts

@@ -0,0 +1,56 @@
+import { firstValueFrom, map, Observable } from "rxjs";
+
+import { TwoFactorAuthDuoComponentService, Duo2faResult } from "@bitwarden/auth/angular";
+import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
+import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
+import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { CommandDefinition, MessageListener } from "@bitwarden/common/platform/messaging";
+
+// TODO: PM-16209 We should create a Duo2faMessageListenerService that listens for messages from duo
+// and this command definition should move to that file.
+// We should explore consolidating the messaging approach across clients - i.e., we
+// should use the same command definition across all clients. We use duoResult on extension for no real
+// benefit.
+export const DUO_2FA_RESULT_COMMAND = new CommandDefinition<{ code: string; state: string }>(
+  "duoCallback",
+);
+
+export class DesktopTwoFactorAuthDuoComponentService implements TwoFactorAuthDuoComponentService {
+  constructor(
+    private messageListener: MessageListener,
+    private environmentService: EnvironmentService,
+    private i18nService: I18nService,
+    private platformUtilsService: PlatformUtilsService,
+  ) {}
+  listenForDuo2faResult$(): Observable<Duo2faResult> {
+    return this.messageListener.messages$(DUO_2FA_RESULT_COMMAND).pipe(
+      map((msg) => {
+        return {
+          code: msg.code,
+          state: msg.state,
+          token: `${msg.code}|${msg.state}`,
+        } as Duo2faResult;
+      }),
+    );
+  }
+
+  async launchDuoFrameless(duoFramelessUrl: string): Promise<void> {
+    const duoHandOffMessage = {
+      title: this.i18nService.t("youSuccessfullyLoggedIn"),
+      message: this.i18nService.t("youMayCloseThisWindow"),
+      isCountdown: false,
+    };
+
+    // we're using the connector here as a way to set a cookie with translations
+    // before continuing to the duo frameless url
+    const env = await firstValueFrom(this.environmentService.environment$);
+    const launchUrl =
+      env.getWebVaultUrl() +
+      "/duo-redirect-connector.html" +
+      "?duoFramelessUrl=" +
+      encodeURIComponent(duoFramelessUrl) +
+      "&handOffMessage=" +
+      encodeURIComponent(JSON.stringify(duoHandOffMessage));
+    this.platformUtilsService.launchUri(launchUrl);
+  }
+}

apps/desktop/src/auth/two-factor-auth-duo.component.ts

@@ -1,117 +0,0 @@
-// FIXME: Update this file to be type safe and remove this and next line
-// @ts-strict-ignore
-import { DialogModule } from "@angular/cdk/dialog";
-import { CommonModule } from "@angular/common";
-import { Component, NgZone, OnDestroy, OnInit } from "@angular/core";
-import { ReactiveFormsModule, FormsModule } from "@angular/forms";
-import { firstValueFrom } from "rxjs";
-
-import { JslibModule } from "@bitwarden/angular/jslib.module";
-import { I18nPipe } from "@bitwarden/angular/platform/pipes/i18n.pipe";
-import { BroadcasterService } from "@bitwarden/common/platform/abstractions/broadcaster.service";
-import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
-import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
-import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
-import {
-  AsyncActionsModule,
-  ButtonModule,
-  FormFieldModule,
-  LinkModule,
-  ToastService,
-  TypographyModule,
-} from "@bitwarden/components";
-
-// FIXME: remove `src` and fix import
-// eslint-disable-next-line no-restricted-imports
-import { TwoFactorAuthDuoComponent as TwoFactorAuthDuoBaseComponent } from "../../../../libs/angular/src/auth/components/two-factor-auth/two-factor-auth-duo.component";
-
-const BroadcasterSubscriptionId = "TwoFactorComponent";
-
-@Component({
-  standalone: true,
-  selector: "app-two-factor-auth-duo",
-  templateUrl:
-    "../../../../libs/angular/src/auth/components/two-factor-auth/two-factor-auth-duo.component.html",
-  imports: [
-    CommonModule,
-    JslibModule,
-    DialogModule,
-    ButtonModule,
-    LinkModule,
-    TypographyModule,
-    ReactiveFormsModule,
-    FormFieldModule,
-    AsyncActionsModule,
-    FormsModule,
-  ],
-  providers: [I18nPipe],
-})
-export class TwoFactorAuthDuoComponent
-  extends TwoFactorAuthDuoBaseComponent
-  implements OnInit, OnDestroy
-{
-  constructor(
-    protected i18nService: I18nService,
-    protected platformUtilsService: PlatformUtilsService,
-    private broadcasterService: BroadcasterService,
-    private ngZone: NgZone,
-    private environmentService: EnvironmentService,
-    toastService: ToastService,
-  ) {
-    super(i18nService, platformUtilsService, toastService);
-  }
-
-  async ngOnInit(): Promise<void> {
-    await super.ngOnInit();
-  }
-
-  duoCallbackSubscriptionEnabled: boolean = false;
-
-  protected override setupDuoResultListener() {
-    if (!this.duoCallbackSubscriptionEnabled) {
-      this.broadcasterService.subscribe(BroadcasterSubscriptionId, async (message: any) => {
-        await this.ngZone.run(async () => {
-          if (message.command === "duoCallback") {
-            this.token.emit(message.code + "|" + message.state);
-          }
-        });
-      });
-      this.duoCallbackSubscriptionEnabled = true;
-    }
-  }
-
-  override async launchDuoFrameless() {
-    if (this.duoFramelessUrl === null) {
-      this.toastService.showToast({
-        variant: "error",
-        title: null,
-        message: this.i18nService.t("duoHealthCheckResultsInNullAuthUrlError"),
-      });
-      return;
-    }
-    const duoHandOffMessage = {
-      title: this.i18nService.t("youSuccessfullyLoggedIn"),
-      message: this.i18nService.t("youMayCloseThisWindow"),
-      isCountdown: false,
-    };
-
-    // we're using the connector here as a way to set a cookie with translations
-    // before continuing to the duo frameless url
-    const env = await firstValueFrom(this.environmentService.environment$);
-    const launchUrl =
-      env.getWebVaultUrl() +
-      "/duo-redirect-connector.html" +
-      "?duoFramelessUrl=" +
-      encodeURIComponent(this.duoFramelessUrl) +
-      "&handOffMessage=" +
-      encodeURIComponent(JSON.stringify(duoHandOffMessage));
-    this.platformUtilsService.launchUri(launchUrl);
-  }
-
-  async ngOnDestroy() {
-    if (this.duoCallbackSubscriptionEnabled) {
-      this.broadcasterService.unsubscribe(BroadcasterSubscriptionId);
-      this.duoCallbackSubscriptionEnabled = false;
-    }
-  }
-}

apps/desktop/src/auth/two-factor-auth.component.ts

@@ -1,74 +0,0 @@
-import { DialogModule } from "@angular/cdk/dialog";
-import { CommonModule } from "@angular/common";
-import { Component } from "@angular/core";
-import { ReactiveFormsModule } from "@angular/forms";
-import { RouterLink } from "@angular/router";
-
-// FIXME: remove `src` and fix import
-// eslint-disable-next-line no-restricted-imports
-import { TwoFactorAuthAuthenticatorComponent } from "../../../../libs/angular/src/auth/components/two-factor-auth/two-factor-auth-authenticator.component";
-// FIXME: remove `src` and fix import
-// eslint-disable-next-line no-restricted-imports
-import { TwoFactorAuthEmailComponent } from "../../../../libs/angular/src/auth/components/two-factor-auth/two-factor-auth-email.component";
-// FIXME: remove `src` and fix import
-// eslint-disable-next-line no-restricted-imports
-import { TwoFactorAuthWebAuthnComponent } from "../../../../libs/angular/src/auth/components/two-factor-auth/two-factor-auth-webauthn.component";
-// FIXME: remove `src` and fix import
-// eslint-disable-next-line no-restricted-imports
-import { TwoFactorAuthYubikeyComponent } from "../../../../libs/angular/src/auth/components/two-factor-auth/two-factor-auth-yubikey.component";
-// FIXME: remove `src` and fix import
-// eslint-disable-next-line no-restricted-imports
-import { TwoFactorAuthComponent as BaseTwoFactorAuthComponent } from "../../../../libs/angular/src/auth/components/two-factor-auth/two-factor-auth.component";
-// FIXME: remove `src` and fix import
-// eslint-disable-next-line no-restricted-imports
-import { TwoFactorOptionsComponent } from "../../../../libs/angular/src/auth/components/two-factor-auth/two-factor-options.component";
-// FIXME: remove `src` and fix import
-// eslint-disable-next-line no-restricted-imports
-import { JslibModule } from "../../../../libs/angular/src/jslib.module";
-// FIXME: remove `src` and fix import
-// eslint-disable-next-line no-restricted-imports
-import { AsyncActionsModule } from "../../../../libs/components/src/async-actions";
-// FIXME: remove `src` and fix import
-// eslint-disable-next-line no-restricted-imports
-import { ButtonModule } from "../../../../libs/components/src/button";
-// FIXME: remove `src` and fix import
-// eslint-disable-next-line no-restricted-imports
-import { CheckboxModule } from "../../../../libs/components/src/checkbox";
-// FIXME: remove `src` and fix import
-// eslint-disable-next-line no-restricted-imports
-import { FormFieldModule } from "../../../../libs/components/src/form-field";
-// FIXME: remove `src` and fix import
-// eslint-disable-next-line no-restricted-imports
-import { LinkModule } from "../../../../libs/components/src/link";
-// FIXME: remove `src` and fix import
-// eslint-disable-next-line no-restricted-imports
-import { TypographyModule } from "../../../../libs/components/src/typography";
-
-import { TwoFactorAuthDuoComponent } from "./two-factor-auth-duo.component";
-
-@Component({
-  standalone: true,
-  templateUrl:
-    "../../../../libs/angular/src/auth/components/two-factor-auth/two-factor-auth.component.html",
-  selector: "app-two-factor-auth",
-  imports: [
-    CommonModule,
-    JslibModule,
-    DialogModule,
-    ButtonModule,
-    LinkModule,
-    TypographyModule,
-    ReactiveFormsModule,
-    FormFieldModule,
-    AsyncActionsModule,
-    RouterLink,
-    CheckboxModule,
-    TwoFactorOptionsComponent,
-    TwoFactorAuthEmailComponent,
-    TwoFactorAuthAuthenticatorComponent,
-    TwoFactorAuthYubikeyComponent,
-    TwoFactorAuthDuoComponent,
-    TwoFactorAuthWebAuthnComponent,
-  ],
-})
-export class TwoFactorAuthComponent extends BaseTwoFactorAuthComponent {}

apps/desktop/src/auth/two-factor-options-v1.component.ts

@@ -1,7 +1,7 @@
 import { Component } from "@angular/core";
 import { Router } from "@angular/router";
 
-import { TwoFactorOptionsComponent as BaseTwoFactorOptionsComponent } from "@bitwarden/angular/auth/components/two-factor-options.component";
+import { TwoFactorOptionsComponentV1 as BaseTwoFactorOptionsComponentV1 } from "@bitwarden/angular/auth/components/two-factor-options-v1.component";
 import { TwoFactorService } from "@bitwarden/common/auth/abstractions/two-factor.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
@@ -9,9 +9,9 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 
 @Component({
   selector: "app-two-factor-options",
-  templateUrl: "two-factor-options.component.html",
+  templateUrl: "two-factor-options-v1.component.html",
 })
-export class TwoFactorOptionsComponent extends BaseTwoFactorOptionsComponent {
+export class TwoFactorOptionsComponentV1 extends BaseTwoFactorOptionsComponentV1 {
   constructor(
     twoFactorService: TwoFactorService,
     router: Router,

apps/desktop/src/auth/two-factor-v1.component.ts

@@ -4,7 +4,7 @@ import { Component, Inject, NgZone, OnDestroy, ViewChild, ViewContainerRef } fro
 import { ActivatedRoute, Router } from "@angular/router";
 import { firstValueFrom } from "rxjs";
 
-import { TwoFactorComponent as BaseTwoFactorComponent } from "@bitwarden/angular/auth/components/two-factor.component";
+import { TwoFactorComponentV1 as BaseTwoFactorComponent } from "@bitwarden/angular/auth/components/two-factor-v1.component";
 import { WINDOW } from "@bitwarden/angular/services/injection-tokens";
 import { ModalService } from "@bitwarden/angular/services/modal.service";
 import {
@@ -29,16 +29,16 @@ import { StateService } from "@bitwarden/common/platform/abstractions/state.serv
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 import { ToastService } from "@bitwarden/components";
 
-import { TwoFactorOptionsComponent } from "./two-factor-options.component";
+import { TwoFactorOptionsComponentV1 } from "./two-factor-options-v1.component";
 
 const BroadcasterSubscriptionId = "TwoFactorComponent";
 
 @Component({
   selector: "app-two-factor",
-  templateUrl: "two-factor.component.html",
+  templateUrl: "two-factor-v1.component.html",
 })
 // eslint-disable-next-line rxjs-angular/prefer-takeuntil
-export class TwoFactorComponent extends BaseTwoFactorComponent implements OnDestroy {
+export class TwoFactorComponentV1 extends BaseTwoFactorComponent implements OnDestroy {
   @ViewChild("twoFactorOptions", { read: ViewContainerRef, static: true })
   twoFactorOptionsModal: ViewContainerRef;
 
@@ -106,7 +106,7 @@ export class TwoFactorComponent extends BaseTwoFactorComponent implements OnDest
 
   async anotherMethod() {
     const [modal, childComponent] = await this.modalService.openViewRef(
-      TwoFactorOptionsComponent,
+      TwoFactorOptionsComponentV1,
       this.twoFactorOptionsModal,
     );
 

apps/desktop/src/locales/en/messages.json

@@ -652,6 +652,15 @@
   "logInToBitwarden": {
     "message": "Log in to Bitwarden"
   },
+  "enterTheCodeSentToYourEmail": {
+    "message": "Enter the code sent to your email"
+  },
+  "enterTheCodeFromYourAuthenticatorApp": {
+    "message": "Enter the code from your authenticator app"
+  },
+  "pressYourYubiKeyToAuthenticate": {
+    "message": "Press your YubiKey to authenticate"
+  },
   "logInWithPasskey": {
     "message": "Log in with passkey"
   },
@@ -825,6 +834,9 @@
   "webauthnCancelOrTimeout": {
     "message": "The authentication was cancelled or took too long. Please try again."
   },
+  "openInNewTab": {
+    "message": "Open in new tab"
+  },
   "invalidVerificationCode": {
     "message": "Invalid verification code"
   },
@@ -855,12 +867,22 @@
   "rememberMe": {
     "message": "Remember me"
   },
+  "dontAskAgainOnThisDeviceFor30Days": {
+    "message": "Don't ask again on this device for 30 days"
+  },
   "sendVerificationCodeEmailAgain": {
     "message": "Send verification code email again"
   },
   "useAnotherTwoStepMethod": {
     "message": "Use another two-step login method"
   },
+  "selectAnotherMethod": {
+    "message": "Select another method",
+    "description": "Select another two-step login method"
+  },
+  "useYourRecoveryCode": {
+    "message": "Use your recovery code"
+  }, 
   "insertYubiKey": {
     "message": "Insert your YubiKey into your computer's USB port, then touch its button."
   },
@@ -927,6 +949,9 @@
   "twoStepOptions": {
     "message": "Two-step login options"
   },
+  "selectTwoStepLoginMethod": {
+    "message": "Select two-step login method"
+  },
   "selfHostedEnvironment": {
     "message": "Self-hosted environment"
   },
@@ -2256,6 +2281,12 @@
   "webAuthnAuthenticate": {
     "message": "Authenticate WebAuthn"
   },
+  "readSecurityKey": {
+    "message": "Read security key"
+  },
+  "awaitingSecurityKeyInteraction": {
+    "message": "Awaiting security key interaction..."
+  },
   "hideEmail": {
     "message": "Hide my email address from recipients."
   },
@@ -3215,6 +3246,12 @@
   "duoRequiredByOrgForAccount": {
     "message": "Duo two-step login is required for your account."
   },
+  "duoTwoFactorRequiredPageSubtitle": {
+    "message": "Duo two-step login is required for your account. Follow the steps below to finish logging in."
+  },
+  "followTheStepsBelowToFinishLoggingIn": {
+    "message": "Follow the steps below to finish logging in."
+  },
   "launchDuo": {
     "message": "Launch Duo in Browser"
   },

apps/desktop/src/scss/misc.scss

@@ -243,14 +243,12 @@ p.lead {
 }
 
 #web-authn-frame {
-  background: url("../images/loading.svg") 0 0 no-repeat;
-  height: 250px;
-  margin: 0 0 15px 0;
+  height: 40px;
 
   iframe {
-    width: 100%;
-    height: 100%;
     border: none;
+    height: 100%;
+    width: 100%;
   }
 }