Merge branch 'main' into auth/pm-9115/implement-view-data-persistence-in-2FA-flows

libs/auth/src/angular/login/login.component.ts

@@ -161,8 +161,9 @@ export class LoginComponent implements OnInit, OnDestroy {
         tap(async (flag) => {
           // If the flag is turned OFF, we must force a reload to ensure the correct UI is shown
           if (!flag) {
+            const qParams = await firstValueFrom(this.activatedRoute.queryParams);
             const uniqueQueryParams = {
-              ...this.activatedRoute.queryParams,
+              ...qParams,
               // adding a unique timestamp to the query params to force a reload
               t: new Date().getTime().toString(), // Adding a unique timestamp as a query parameter
             };
@@ -629,12 +630,7 @@ export class LoginComponent implements OnInit, OnDestroy {
    * Handle the SSO button click.
    */
   async handleSsoClick() {
-    // Make sure the email is not empty, for type safety
     const email = this.formGroup.value.email;
-    if (!email) {
-      this.logService.error("Email is required for SSO");
-      return;
-    }
 
     // Make sure the email is valid
     const isEmailValid = await this.validateEmail();
@@ -642,6 +638,12 @@ export class LoginComponent implements OnInit, OnDestroy {
       return;
     }
 
+    // Make sure the email is not empty, for type safety
+    if (!email) {
+      this.logService.error("Email is required for SSO");
+      return;
+    }
+
     // Save the email configuration for the login component
     await this.saveEmailSettings();
 

libs/auth/src/angular/new-device-verification/new-device-verification.component.ts

@@ -20,7 +20,6 @@ import {
 
 import { LoginEmailServiceAbstraction } from "../../common/abstractions/login-email.service";
 import { LoginStrategyServiceAbstraction } from "../../common/abstractions/login-strategy.service";
-import { PasswordLoginStrategy } from "../../common/login-strategies/password-login.strategy";
 
 /**
  * Component for verifying a new device via a one-time password (OTP).
@@ -58,7 +57,6 @@ export class NewDeviceVerificationComponent implements OnInit, OnDestroy {
   constructor(
     private router: Router,
     private formBuilder: FormBuilder,
-    private passwordLoginStrategy: PasswordLoginStrategy,
     private apiService: ApiService,
     private loginStrategyService: LoginStrategyServiceAbstraction,
     private logService: LogService,

libs/auth/src/angular/sso/sso.component.ts

@@ -155,13 +155,6 @@ export class SsoComponent implements OnInit {
       return;
     }
 
-    // Detect if we are on the first portion of the SSO flow
-    // and have been sent here from another client with the info in query params
-    if (this.hasParametersFromOtherClientRedirect(qParams)) {
-      this.initializeFromRedirectFromOtherClient(qParams);
-      return;
-    }
-
     // Detect if we have landed here but only have an SSO identifier in the URL.
     // This is used by integrations that want to "short-circuit" the login to send users
     // directly to their IdP to simulate IdP-initiated SSO, so we submit automatically.
@@ -172,8 +165,15 @@ export class SsoComponent implements OnInit {
       return;
     }
 
-    // If we're routed here with no additional parameters, we'll try to determine the
-    // identifier using claimed domain or local state saved from their last attempt.
+    // Detect if we are on the first portion of the SSO flow
+    // and have been sent here from another client with the info in query params.
+    // If so, we want to initialize the SSO flow with those values.
+    if (this.hasParametersFromOtherClientRedirect(qParams)) {
+      this.initializeFromRedirectFromOtherClient(qParams);
+    }
+
+    // Try to determine the identifier using claimed domain or local state
+    // persisted from the user's last login attempt.
     await this.initializeIdentifierFromEmailOrStorage();
   }
 
@@ -427,7 +427,6 @@ export class SsoComponent implements OnInit {
       );
       this.formPromise = this.loginStrategyService.logIn(credentials);
       const authResult = await this.formPromise;
-
       if (authResult.requiresTwoFactor) {
         return await this.handleTwoFactorRequired(orgSsoIdentifier);
       }
@@ -441,16 +440,10 @@ export class SsoComponent implements OnInit {
       // - Browser SSO on extension open
       // Note: you cannot set this in state before 2FA b/c there won't be an account in state.
 
-      // Grabbing the active user id right before making the state set to ensure it exists.
-      const userId = (await firstValueFrom(this.accountService.activeAccount$))?.id;
-      await this.ssoLoginService.setActiveUserOrganizationSsoIdentifier(orgSsoIdentifier, userId);
-
-      // Users enrolled in admin acct recovery can be forced to set a new password after
-      // having the admin set a temp password for them (affects TDE & standard users)
-      if (authResult.forcePasswordReset == ForceSetPasswordReason.AdminForcePasswordReset) {
-        // Weak password is not a valid scenario here b/c we cannot have evaluated a MP yet
-        return await this.handleForcePasswordReset(orgSsoIdentifier);
-      }
+      await this.ssoLoginService.setActiveUserOrganizationSsoIdentifier(
+        orgSsoIdentifier,
+        authResult.userId,
+      );
 
       // must come after 2fa check since user decryption options aren't available if 2fa is required
       const userDecryptionOpts = await firstValueFrom(

libs/auth/src/angular/vault-timeout-input/vault-timeout-input.component.spec.ts

@@ -1,10 +1,12 @@
 import { ComponentFixture, TestBed } from "@angular/core/testing";
 import { BehaviorSubject } from "rxjs";
 
-import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout-settings.service";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
+import {
+  VaultTimeoutSettingsService,
+  VaultTimeoutStringType,
+} from "@bitwarden/common/key-management/vault-timeout";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
-import { VaultTimeoutStringType } from "@bitwarden/common/types/vault-timeout.type";
 
 import { VaultTimeoutInputComponent } from "./vault-timeout-input.component";
 

libs/auth/src/angular/vault-timeout-input/vault-timeout-input.component.ts

@@ -17,13 +17,16 @@ import {
 import { filter, map, Observable, Subject, takeUntil } from "rxjs";
 
 import { JslibModule } from "@bitwarden/angular/jslib.module";
-import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout-settings.service";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { PolicyType } from "@bitwarden/common/admin-console/enums";
 import { Policy } from "@bitwarden/common/admin-console/models/domain/policy";
-import { VaultTimeoutAction } from "@bitwarden/common/enums/vault-timeout-action.enum";
+import {
+  VaultTimeout,
+  VaultTimeoutAction,
+  VaultTimeoutOption,
+  VaultTimeoutSettingsService,
+} from "@bitwarden/common/key-management/vault-timeout";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
-import { VaultTimeout, VaultTimeoutOption } from "@bitwarden/common/types/vault-timeout.type";
 import { FormFieldModule, SelectModule } from "@bitwarden/components";
 
 type VaultTimeoutForm = FormGroup<{