[PM-6979] Remove HIBP 404 handling (#17769)

libs/common/src/dirt/services/hibp-api.service.spec.ts

@@ -35,5 +35,26 @@ describe("HibpApiService", () => {
       expect(result).toHaveLength(1);
       expect(result[0]).toBeInstanceOf(BreachAccountResponse);
     });
+
+    it("should return empty array when no breaches found (REST semantics)", async () => {
+      // Server now returns 200 OK with empty array [] instead of 404
+      const mockResponse: any[] = [];
+      const username = "safe@example.com";
+
+      apiService.send.mockResolvedValue(mockResponse);
+
+      const result = await sut.getHibpBreach(username);
+
+      expect(apiService.send).toHaveBeenCalledWith(
+        "GET",
+        "/hibp/breach?username=" + encodeURIComponent(username),
+        null,
+        true,
+        true,
+      );
+      expect(result).toEqual([]);
+      expect(result).toBeInstanceOf(Array);
+      expect(result).toHaveLength(0);
+    });
   });
 });

libs/common/src/services/audit.service.spec.ts

@@ -1,7 +1,6 @@
 import { ApiService } from "../abstractions/api.service";
 import { HibpApiService } from "../dirt/services/hibp-api.service";
 import { CryptoFunctionService } from "../key-management/crypto/abstractions/crypto-function.service";
-import { ErrorResponse } from "../models/response/error.response";
 
 import { AuditService } from "./audit.service";
 
@@ -73,14 +72,16 @@ describe("AuditService", () => {
     expect(mockApi.nativeFetch).toHaveBeenCalledTimes(4);
   });
 
-  it("should return empty array for breachedAccounts on 404", async () => {
-    mockHibpApi.getHibpBreach.mockRejectedValueOnce({ statusCode: 404 } as ErrorResponse);
+  it("should return empty array for breachedAccounts when no breaches found", async () => {
+    // Server returns 200 with empty array (correct REST semantics)
+    mockHibpApi.getHibpBreach.mockResolvedValueOnce([]);
     const result = await auditService.breachedAccounts("user@example.com");
     expect(result).toEqual([]);
   });
 
-  it("should throw error for breachedAccounts on non-404 error", async () => {
-    mockHibpApi.getHibpBreach.mockRejectedValueOnce({ statusCode: 500 } as ErrorResponse);
-    await expect(auditService.breachedAccounts("user@example.com")).rejects.toThrow();
+  it("should propagate errors from breachedAccounts", async () => {
+    const error = new Error("API error");
+    mockHibpApi.getHibpBreach.mockRejectedValueOnce(error);
+    await expect(auditService.breachedAccounts("user@example.com")).rejects.toBe(error);
   });
 });

libs/common/src/services/audit.service.ts

@@ -6,7 +6,6 @@ import { AuditService as AuditServiceAbstraction } from "../abstractions/audit.s
 import { BreachAccountResponse } from "../dirt/models/response/breach-account.response";
 import { HibpApiService } from "../dirt/services/hibp-api.service";
 import { CryptoFunctionService } from "../key-management/crypto/abstractions/crypto-function.service";
-import { ErrorResponse } from "../models/response/error.response";
 import { Utils } from "../platform/misc/utils";
 
 const PwnedPasswordsApi = "https://api.pwnedpasswords.com/range/";
@@ -70,14 +69,6 @@ export class AuditService implements AuditServiceAbstraction {
   }
 
   async breachedAccounts(username: string): Promise<BreachAccountResponse[]> {
-    try {
-      return await this.hibpApiService.getHibpBreach(username);
-    } catch (e) {
-      const error = e as ErrorResponse;
-      if (error.statusCode === 404) {
-        return [];
-      }
-      throw new Error();
-    }
+    return this.hibpApiService.getHibpBreach(username);
   }
 }