[PM-18576] Fix missing user id on remove password (#13777)

* Passed in userId on RemovePasswordComponent. * Added userId on other references to KeyConnectorService methods * remove password component refactor, test coverage, enabled strict * explicit user id provided to key connector service * redirect to / instead when user not logged in or not managing organization * key connector service explicit user id * key connector service no longer requires account service * key connector service missing null type * cli convert to key connector unit tests * remove unnecessary SyncService * error toast not showing on ErrorResponse * bad import due to merge conflict * bad import due to merge conflict * missing loading in remove password component for browser extension * error handling in remove password component * organization observable race condition in key-connector * usesKeyConnector always returns boolean * unit test coverage * key connector reactive * reactive key connector service * introducing convertAccountRequired$ * cli build fix * moving message sending side effect to sync * key connector service unit tests * fix unit tests * unit tests in wrong place after KM code ownership move * infinite page reload * failing unit tests * failing unit tests --------- Co-authored-by: Todd Martin <tmartin@bitwarden.com>
2025-12-11 05:43:41 +00:00 · 2025-05-19 08:51:46 +02:00
parent a02c230e4d
commit e73f902aee
17 changed files with 782 additions and 245 deletions
--- a/apps/browser/src/key-management/key-connector/remove-password.component.html
+++ b/apps/browser/src/key-management/key-connector/remove-password.component.html
@@ -8,17 +8,17 @@
 <main tabindex="-1">
  <div class="box">
-    <div class="box-content">
+    <div class="box-content" *ngIf="loading">
      <div class="box-content-row">
        <i class="bwi bwi-spinner bwi-spin" title="{{ 'loading' | i18n }}" aria-hidden="true"></i>
      </div>
    </div>
    <div class="box-content" *ngIf="!loading">
      <div class="box-content-row" appBoxRow>
        <p>{{ "convertOrganizationEncryptionDesc" | i18n: organization.name }}</p>
      </div>
      <div class="box-content-row">
-        <button
+        <button type="button" class="btn block primary" (click)="convert()" [disabled]="action">
          type="button"
          class="btn block primary"
          (click)="convert()"
          [disabled]="actionPromise"
        >
          <i
            class="bwi bwi-spinner bwi-spin"
            title="{{ 'loading' | i18n }}"
@@ -33,7 +33,7 @@
          type="button"
          class="btn btn-outline-secondary block"
          (click)="leave()"
-          [disabled]="actionPromise"
+          [disabled]="action"
        >
          <i
            class="bwi bwi-spinner bwi-spin"
--- a/apps/cli/src/auth/commands/unlock.command.ts
+++ b/apps/cli/src/auth/commands/unlock.command.ts
@@ -14,7 +14,6 @@ import { EnvironmentService } from "@bitwarden/common/platform/abstractions/envi
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { ConsoleLogService } from "@bitwarden/common/platform/services/console-log.service";
 import { MasterKey } from "@bitwarden/common/types/key";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 import { KeyService } from "@bitwarden/key-management";
 import { ConvertToKeyConnectorCommand } from "../../key-management/convert-to-key-connector.command";
@@ -32,7 +31,6 @@ export class UnlockCommand {
    private logService: ConsoleLogService,
    private keyConnectorService: KeyConnectorService,
    private environmentService: EnvironmentService,
    private syncService: SyncService,
    private organizationApiService: OrganizationApiServiceAbstraction,
    private logout: () => Promise<void>,
  ) {}
@@ -73,12 +71,11 @@ export class UnlockCommand {
    const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(masterKey, userId);
    await this.keyService.setUserKey(userKey, userId);
-    if (await this.keyConnectorService.getConvertAccountRequired()) {
+    if (await firstValueFrom(this.keyConnectorService.convertAccountRequired$)) {
      const convertToKeyConnectorCommand = new ConvertToKeyConnectorCommand(
        userId,
        this.keyConnectorService,
        this.environmentService,
        this.syncService,
        this.organizationApiService,
        this.logout,
      );
--- a/apps/cli/src/base-program.ts
+++ b/apps/cli/src/base-program.ts
@@ -179,7 +179,6 @@ export abstract class BaseProgram {
        this.serviceContainer.logService,
        this.serviceContainer.keyConnectorService,
        this.serviceContainer.environmentService,
        this.serviceContainer.syncService,
        this.serviceContainer.organizationApiService,
        this.serviceContainer.logout,
      );
--- a/apps/cli/src/key-management/convert-to-key-connector.command.spec.ts
+++ b/apps/cli/src/key-management/convert-to-key-connector.command.spec.ts
@@ -0,0 +1,140 @@
 import { createPromptModule } from "inquirer";
 import { mock } from "jest-mock-extended";
 import { of } from "rxjs";
 import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { KeyConnectorService } from "@bitwarden/common/key-management/key-connector/abstractions/key-connector.service";
 import {
  Environment,
  EnvironmentService,
  Region,
  Urls,
 } from "@bitwarden/common/platform/abstractions/environment.service";
 import { UserId } from "@bitwarden/common/types/guid";
 import { Response } from "../models/response";
 import { MessageResponse } from "../models/response/message.response";
 import { ConvertToKeyConnectorCommand } from "./convert-to-key-connector.command";
 jest.mock("inquirer", () => {
  return {
    createPromptModule: jest.fn(() => jest.fn(() => Promise.resolve({ convert: "" }))),
  };
 });
 describe("ConvertToKeyConnectorCommand", () => {
  let command: ConvertToKeyConnectorCommand;
  const userId = "test-user-id" as UserId;
  const organization = {
    id: "test-organization-id",
    name: "Test Organization",
    keyConnectorUrl: "https://keyconnector.example.com",
  } as Organization;
  const keyConnectorService = mock<KeyConnectorService>();
  const environmentService = mock<EnvironmentService>();
  const organizationApiService = mock<OrganizationApiServiceAbstraction>();
  const logout = jest.fn();
  beforeEach(async () => {
    command = new ConvertToKeyConnectorCommand(
      userId,
      keyConnectorService,
      environmentService,
      organizationApiService,
      logout,
    );
  });
  describe("run", () => {
    it("should logout and return error response if no interaction available", async () => {
      process.env.BW_NOINTERACTION = "true";
      const response = await command.run();
      expect(response).not.toBeNull();
      expect(response.success).toEqual(false);
      expect(response).toEqual(
        Response.error(
          new MessageResponse(
            "An organization you are a member of is using Key Connector. In order to access the vault, you must opt-in to Key Connector now via the web vault. You have been logged out.",
            null,
          ),
        ),
      );
      expect(logout).toHaveBeenCalled();
    });
    it("should logout and return error response if interaction answer is exit", async () => {
      process.env.BW_NOINTERACTION = "false";
      keyConnectorService.getManagingOrganization.mockResolvedValue(organization);
      (createPromptModule as jest.Mock).mockImplementation(() =>
        jest.fn(() => Promise.resolve({ convert: "exit" })),
      );
      const response = await command.run();
      expect(response).not.toBeNull();
      expect(response.success).toEqual(false);
      expect(response).toEqual(Response.error("You have been logged out."));
      expect(logout).toHaveBeenCalled();
    });
    it("should key connector migrate user and return success response if answer is remove", async () => {
      process.env.BW_NOINTERACTION = "false";
      keyConnectorService.getManagingOrganization.mockResolvedValue(organization);
      environmentService.environment$ = of({
        getUrls: () =>
          ({
            keyConnector: "old-key-connector-url",
          }) as Urls,
      } as Environment);
      (createPromptModule as jest.Mock).mockImplementation(() =>
        jest.fn(() => Promise.resolve({ convert: "remove" })),
      );
      const response = await command.run();
      expect(response).not.toBeNull();
      expect(response.success).toEqual(true);
      expect(keyConnectorService.migrateUser).toHaveBeenCalledWith(userId);
      expect(environmentService.setEnvironment).toHaveBeenCalledWith(Region.SelfHosted, {
        keyConnector: organization.keyConnectorUrl,
      } as Urls);
    });
    it("should logout and throw error if key connector migrate user fails", async () => {
      process.env.BW_NOINTERACTION = "false";
      keyConnectorService.getManagingOrganization.mockResolvedValue(organization);
      (createPromptModule as jest.Mock).mockImplementation(() =>
        jest.fn(() => Promise.resolve({ convert: "remove" })),
      );
      keyConnectorService.migrateUser.mockRejectedValue(new Error("Migration failed"));
      await expect(command.run()).rejects.toThrow("Migration failed");
      expect(logout).toHaveBeenCalled();
    });
    it("should leave organization and return success response if answer is leave", async () => {
      process.env.BW_NOINTERACTION = "false";
      keyConnectorService.getManagingOrganization.mockResolvedValue(organization);
      (createPromptModule as jest.Mock).mockImplementation(() =>
        jest.fn(() => Promise.resolve({ convert: "leave" })),
      );
      const response = await command.run();
      expect(response).not.toBeNull();
      expect(response.success).toEqual(true);
      expect(organizationApiService.leave).toHaveBeenCalledWith(organization.id);
    });
  });
 });
--- a/apps/cli/src/key-management/convert-to-key-connector.command.ts
+++ b/apps/cli/src/key-management/convert-to-key-connector.command.ts
@@ -1,5 +1,3 @@
 // FIXME: Update this file to be type safe and remove this and next line
 // @ts-strict-ignore
 import * as inquirer from "inquirer";
 import { firstValueFrom } from "rxjs";
@@ -10,7 +8,6 @@ import {
  Region,
 } from "@bitwarden/common/platform/abstractions/environment.service";
 import { UserId } from "@bitwarden/common/types/guid";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 import { Response } from "../models/response";
 import { MessageResponse } from "../models/response/message.response";
@@ -20,7 +17,6 @@ export class ConvertToKeyConnectorCommand {
    private readonly userId: UserId,
    private keyConnectorService: KeyConnectorService,
    private environmentService: EnvironmentService,
    private syncService: SyncService,
    private organizationApiService: OrganizationApiServiceAbstraction,
    private logout: () => Promise<void>,
  ) {}
@@ -39,7 +35,7 @@ export class ConvertToKeyConnectorCommand {
      );
    }
-    const organization = await this.keyConnectorService.getManagingOrganization();
+    const organization = await this.keyConnectorService.getManagingOrganization(this.userId);
    const answer: inquirer.Answers = await inquirer.createPromptModule({ output: process.stderr })({
      type: "list",
@@ -65,15 +61,12 @@ export class ConvertToKeyConnectorCommand {
    if (answer.convert === "remove") {
      try {
-        await this.keyConnectorService.migrateUser();
+        await this.keyConnectorService.migrateUser(this.userId);
      } catch (e) {
        await this.logout();
        throw e;
      }
      await this.keyConnectorService.removeConvertAccountRequired();
      await this.keyConnectorService.setUsesKeyConnector(true, this.userId);
      // Update environment URL - required for api key login
      const env = await firstValueFrom(this.environmentService.environment$);
      const urls = env.getUrls();
@@ -83,7 +76,6 @@ export class ConvertToKeyConnectorCommand {
      return Response.success();
    } else if (answer.convert === "leave") {
      await this.organizationApiService.leave(organization.id);
      await this.keyConnectorService.removeConvertAccountRequired();
      return Response.success();
    } else {
      await this.logout();
--- a/apps/cli/src/models/response/message.response.ts
+++ b/apps/cli/src/models/response/message.response.ts
@@ -5,11 +5,11 @@ import { BaseResponse } from "./base.response";
 export class MessageResponse implements BaseResponse {
  object: string;
  title: string;
-  message: string;
+  message: string | null;
  raw: string;
  noColor = false;
-  constructor(title: string, message: string) {
+  constructor(title: string, message: string | null) {
    this.object = "message";
    this.title = title;
    this.message = message;
--- a/apps/cli/src/oss-serve-configurator.ts
+++ b/apps/cli/src/oss-serve-configurator.ts
@@ -144,7 +144,6 @@ export class OssServeConfigurator {
      this.serviceContainer.logService,
      this.serviceContainer.keyConnectorService,
      this.serviceContainer.environmentService,
      this.serviceContainer.syncService,
      this.serviceContainer.organizationApiService,
      async () => await this.serviceContainer.logout(),
    );
--- a/apps/cli/src/program.ts
+++ b/apps/cli/src/program.ts
@@ -281,7 +281,6 @@ export class Program extends BaseProgram {
            this.serviceContainer.logService,
            this.serviceContainer.keyConnectorService,
            this.serviceContainer.environmentService,
            this.serviceContainer.syncService,
            this.serviceContainer.organizationApiService,
            async () => await this.serviceContainer.logout(),
          );
--- a/apps/desktop/src/key-management/key-connector/remove-password.component.html
+++ b/apps/desktop/src/key-management/key-connector/remove-password.component.html
@@ -3,21 +3,11 @@
    <h1>{{ "removeMasterPassword" | i18n }}</h1>
    <p>{{ "convertOrganizationEncryptionDesc" | i18n: organization.name }}</p>
    <div class="buttons">
-      <button
+      <button type="submit" class="btn primary block" [disabled]="action" (click)="convert()">
        type="submit"
        class="btn primary block"
        [disabled]="actionPromise"
        (click)="convert()"
      >
        <b [hidden]="continuing">{{ "removeMasterPassword" | i18n }}</b>
        <i class="bwi bwi-spinner bwi-spin" [hidden]="!continuing" aria-hidden="true"></i>
      </button>
-      <button
+      <button type="button" class="btn secondary block" [disabled]="action" (click)="leave()">
        type="button"
        class="btn secondary block"
        [disabled]="actionPromise"
        (click)="leave()"
      >
        <b [hidden]="leaving">{{ "leaveOrganization" | i18n }}</b>
        <i class="bwi bwi-spinner bwi-spin" [hidden]="!leaving" aria-hidden="true"></i>
      </button>
--- a/libs/angular/src/auth/guards/auth.guard.spec.ts
+++ b/libs/angular/src/auth/guards/auth.guard.spec.ts
@@ -2,7 +2,7 @@ import { TestBed } from "@angular/core/testing";
 import { Router } from "@angular/router";
 import { RouterTestingModule } from "@angular/router/testing";
 import { MockProxy, mock } from "jest-mock-extended";
-import { BehaviorSubject } from "rxjs";
+import { BehaviorSubject, of } from "rxjs";
 import { EmptyComponent } from "@bitwarden/angular/platform/guard/feature-flag.guard.spec";
 import {
@@ -30,9 +30,7 @@ describe("AuthGuard", () => {
    authService.getAuthStatus.mockResolvedValue(authStatus);
    const messagingService: MockProxy<MessagingService> = mock<MessagingService>();
    const keyConnectorService: MockProxy<KeyConnectorService> = mock<KeyConnectorService>();
-    keyConnectorService.getConvertAccountRequired.mockResolvedValue(
+    keyConnectorService.convertAccountRequired$ = of(keyConnectorServiceRequiresAccountConversion);
      keyConnectorServiceRequiresAccountConversion,
    );
    const accountService: MockProxy<AccountService> = mock<AccountService>();
    const activeAccountSubject = new BehaviorSubject<Account | null>(null);
    accountService.activeAccount$ = activeAccountSubject;
--- a/libs/angular/src/auth/guards/auth.guard.ts
+++ b/libs/angular/src/auth/guards/auth.guard.ts
@@ -47,7 +47,7 @@ export const authGuard: CanActivateFn = async (
  if (
    !routerState.url.includes("remove-password") &&
-    (await keyConnectorService.getConvertAccountRequired())
+    (await firstValueFrom(keyConnectorService.convertAccountRequired$))
  ) {
    return router.createUrlTree(["/remove-password"]);
  }
--- a/libs/common/src/key-management/key-connector/abstractions/key-connector.service.ts
+++ b/libs/common/src/key-management/key-connector/abstractions/key-connector.service.ts
@@ -1,22 +1,25 @@
-// FIXME: Update this file to be type safe and remove this and next line
+import { Observable } from "rxjs";
-// @ts-strict-ignore
+
 import { Organization } from "../../../admin-console/models/domain/organization";
 import { IdentityTokenResponse } from "../../../auth/models/response/identity-token.response";
 import { UserId } from "../../../types/guid";
 export abstract class KeyConnectorService {
-  setMasterKeyFromUrl: (url: string, userId: UserId) => Promise<void>;
+  abstract setMasterKeyFromUrl(url: string, userId: UserId): Promise<void>;
-  getManagingOrganization: (userId?: UserId) => Promise<Organization>;
+
-  getUsesKeyConnector: (userId: UserId) => Promise<boolean>;
+  abstract getManagingOrganization(userId: UserId): Promise<Organization>;
-  migrateUser: (userId?: UserId) => Promise<void>;
+
-  userNeedsMigration: (userId: UserId) => Promise<boolean>;
+  abstract getUsesKeyConnector(userId: UserId): Promise<boolean>;
-  convertNewSsoUserToKeyConnector: (
+
  abstract migrateUser(userId: UserId): Promise<void>;
  abstract convertNewSsoUserToKeyConnector(
    tokenResponse: IdentityTokenResponse,
    orgId: string,
    userId: UserId,
-  ) => Promise<void>;
+  ): Promise<void>;
-  setUsesKeyConnector: (enabled: boolean, userId: UserId) => Promise<void>;
+
-  setConvertAccountRequired: (status: boolean, userId?: UserId) => Promise<void>;
+  abstract setUsesKeyConnector(enabled: boolean, userId: UserId): Promise<void>;
-  getConvertAccountRequired: () => Promise<boolean>;
+
-  removeConvertAccountRequired: (userId?: UserId) => Promise<void>;
+  abstract convertAccountRequired$: Observable<boolean>;
 }
--- a/libs/common/src/key-management/key-connector/services/key-connector.service.spec.ts
+++ b/libs/common/src/key-management/key-connector/services/key-connector.service.spec.ts
@@ -1,7 +1,8 @@
 import { mock } from "jest-mock-extended";
-import { of } from "rxjs";
+import { firstValueFrom, of, timeout, TimeoutError } from "rxjs";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { OrganizationUserType } from "@bitwarden/common/admin-console/enums";
 import { KeyService } from "@bitwarden/key-management";
 import { FakeAccountService, FakeStateProvider, mockAccountServiceWith } from "../../../../spec";
@@ -20,11 +21,7 @@ import { MasterKey } from "../../../types/key";
 import { FakeMasterPasswordService } from "../../master-password/services/fake-master-password.service";
 import { KeyConnectorUserKeyRequest } from "../models/key-connector-user-key.request";
-import {
+import { USES_KEY_CONNECTOR, KeyConnectorService } from "./key-connector.service";
  USES_KEY_CONNECTOR,
  CONVERT_ACCOUNT_TO_KEY_CONNECTOR,
  KeyConnectorService,
 } from "./key-connector.service";
 describe("KeyConnectorService", () => {
  let keyConnectorService: KeyConnectorService;
@@ -73,32 +70,87 @@ describe("KeyConnectorService", () => {
    expect(keyConnectorService).not.toBeFalsy();
  });
-  describe("setUsesKeyConnector()", () => {
+  describe("setUsesKeyConnector", () => {
-    it("should update the usesKeyConnectorState with the provided value", async () => {
+    it("should update the usesKeyConnectorState with the provided false value", async () => {
-      const state = stateProvider.activeUser.getFake(USES_KEY_CONNECTOR);
+      const state = stateProvider.singleUser.getFake(mockUserId, USES_KEY_CONNECTOR);
      state.nextState(false);
-      const newValue = true;
+      await keyConnectorService.setUsesKeyConnector(true, mockUserId);
-      await keyConnectorService.setUsesKeyConnector(newValue, mockUserId);
+      expect(await firstValueFrom(state.state$)).toBe(true);
    });
-      expect(await keyConnectorService.getUsesKeyConnector(mockUserId)).toBe(newValue);
+    it("should update the usesKeyConnectorState with the provided true value", async () => {
      const state = stateProvider.singleUser.getFake(mockUserId, USES_KEY_CONNECTOR);
      state.nextState(true);
      await keyConnectorService.setUsesKeyConnector(false, mockUserId);
      expect(await firstValueFrom(state.state$)).toBe(false);
    });
  });
-  describe("getManagingOrganization()", () => {
+  describe("getUsesKeyConnector", () => {
    it("should return false when uses key connector state is not set", async () => {
      const state = stateProvider.singleUser.getFake(mockUserId, USES_KEY_CONNECTOR);
      state.nextState(null);
      const usesKeyConnector = await keyConnectorService.getUsesKeyConnector(mockUserId);
      expect(usesKeyConnector).toEqual(false);
    });
    it("should return false when uses key connector state is set to false", async () => {
      stateProvider.getUserState$(USES_KEY_CONNECTOR, mockUserId);
      const state = stateProvider.singleUser.getFake(mockUserId, USES_KEY_CONNECTOR);
      state.nextState(false);
      const usesKeyConnector = await keyConnectorService.getUsesKeyConnector(mockUserId);
      expect(usesKeyConnector).toEqual(false);
    });
    it("should return true when uses key connector state is set to true", async () => {
      const state = stateProvider.singleUser.getFake(mockUserId, USES_KEY_CONNECTOR);
      state.nextState(true);
      const usesKeyConnector = await keyConnectorService.getUsesKeyConnector(mockUserId);
      expect(usesKeyConnector).toEqual(true);
    });
  });
  describe("getManagingOrganization", () => {
    it("should return the managing organization with key connector enabled", async () => {
      // Arrange
      const orgs = [
-        organizationData(true, true, "https://key-connector-url.com", 2, false),
+        organizationData(
-        organizationData(false, true, "https://key-connector-url.com", 2, false),
+          true,
-        organizationData(true, false, "https://key-connector-url.com", 2, false),
+          true,
-        organizationData(true, true, "https://other-url.com", 2, false),
+          "https://key-connector-url.com",
          OrganizationUserType.User,
          false,
        ),
        organizationData(
          false,
          true,
          "https://key-connector-url.com",
          OrganizationUserType.User,
          false,
        ),
        organizationData(
          true,
          false,
          "https://key-connector-url.com",
          OrganizationUserType.User,
          false,
        ),
        organizationData(true, true, "https://other-url.com", OrganizationUserType.User, false),
      ];
      organizationService.organizations$.mockReturnValue(of(orgs));
      // Act
-      const result = await keyConnectorService.getManagingOrganization();
+      const result = await keyConnectorService.getManagingOrganization(mockUserId);
      // Assert
      expect(result).toEqual(orgs[0]);
@@ -107,13 +159,25 @@ describe("KeyConnectorService", () => {
    it("should return undefined if no managing organization with key connector enabled is found", async () => {
      // Arrange
      const orgs = [
-        organizationData(true, false, "https://key-connector-url.com", 2, false),
+        organizationData(
-        organizationData(false, false, "https://key-connector-url.com", 2, false),
+          true,
          false,
          "https://key-connector-url.com",
          OrganizationUserType.User,
          false,
        ),
        organizationData(
          false,
          false,
          "https://key-connector-url.com",
          OrganizationUserType.User,
          false,
        ),
      ];
      organizationService.organizations$.mockReturnValue(of(orgs));
      // Act
-      const result = await keyConnectorService.getManagingOrganization();
+      const result = await keyConnectorService.getManagingOrganization(mockUserId);
      // Assert
      expect(result).toBeUndefined();
@@ -128,7 +192,7 @@ describe("KeyConnectorService", () => {
      organizationService.organizations$.mockReturnValue(of(orgs));
      // Act
-      const result = await keyConnectorService.getManagingOrganization();
+      const result = await keyConnectorService.getManagingOrganization(mockUserId);
      // Assert
      expect(result).toBeUndefined();
@@ -137,74 +201,31 @@ describe("KeyConnectorService", () => {
    it("should return undefined if user is a Provider", async () => {
      // Arrange
      const orgs = [
-        organizationData(true, true, "https://key-connector-url.com", 2, true),
+        organizationData(
-        organizationData(false, true, "https://key-connector-url.com", 2, true),
+          true,
          true,
          "https://key-connector-url.com",
          OrganizationUserType.User,
          true,
        ),
        organizationData(
          false,
          true,
          "https://key-connector-url.com",
          OrganizationUserType.User,
          true,
        ),
      ];
      organizationService.organizations$.mockReturnValue(of(orgs));
      // Act
-      const result = await keyConnectorService.getManagingOrganization();
+      const result = await keyConnectorService.getManagingOrganization(mockUserId);
      // Assert
      expect(result).toBeUndefined();
    });
  });
  describe("setConvertAccountRequired()", () => {
    it("should update the convertAccountToKeyConnectorState with the provided value", async () => {
      const state = stateProvider.activeUser.getFake(CONVERT_ACCOUNT_TO_KEY_CONNECTOR);
      state.nextState(false);
      const newValue = true;
      await keyConnectorService.setConvertAccountRequired(newValue);
      expect(await keyConnectorService.getConvertAccountRequired()).toBe(newValue);
    });
    it("should remove the convertAccountToKeyConnectorState", async () => {
      const state = stateProvider.activeUser.getFake(CONVERT_ACCOUNT_TO_KEY_CONNECTOR);
      state.nextState(false);
      const newValue: boolean = null;
      await keyConnectorService.setConvertAccountRequired(newValue);
      expect(await keyConnectorService.getConvertAccountRequired()).toBe(newValue);
    });
  });
  describe("userNeedsMigration()", () => {
    it("should return true if the user needs migration", async () => {
      // token
      tokenService.getIsExternal.mockResolvedValue(true);
      // create organization object
      const data = organizationData(true, true, "https://key-connector-url.com", 2, false);
      organizationService.organizations$.mockReturnValue(of([data]));
      // uses KeyConnector
      const state = stateProvider.activeUser.getFake(USES_KEY_CONNECTOR);
      state.nextState(false);
      const result = await keyConnectorService.userNeedsMigration(mockUserId);
      expect(result).toBe(true);
    });
    it("should return false if the user does not need migration", async () => {
      tokenService.getIsExternal.mockResolvedValue(false);
      const data = organizationData(false, false, "https://key-connector-url.com", 2, false);
      organizationService.organizations$.mockReturnValue(of([data]));
      const state = stateProvider.activeUser.getFake(USES_KEY_CONNECTOR);
      state.nextState(true);
      const result = await keyConnectorService.userNeedsMigration(mockUserId);
      expect(result).toBe(false);
    });
  });
  describe("setMasterKeyFromUrl", () => {
    it("should set the master key from the provided URL", async () => {
      // Arrange
@@ -221,10 +242,7 @@ describe("KeyConnectorService", () => {
      // Assert
      expect(apiService.getMasterKeyFromKeyConnector).toHaveBeenCalledWith(url);
-      expect(masterPasswordService.mock.setMasterKey).toHaveBeenCalledWith(
+      expect(masterPasswordService.mock.setMasterKey).toHaveBeenCalledWith(masterKey, mockUserId);
        masterKey,
        expect.any(String),
      );
    });
    it("should handle errors thrown during the process", async () => {
@@ -246,10 +264,16 @@ describe("KeyConnectorService", () => {
    });
  });
-  describe("migrateUser()", () => {
+  describe("migrateUser", () => {
    it("should migrate the user to the key connector", async () => {
      // Arrange
-      const organization = organizationData(true, true, "https://key-connector-url.com", 2, false);
+      const organization = organizationData(
        true,
        true,
        "https://key-connector-url.com",
        OrganizationUserType.User,
        false,
      );
      const masterKey = getMockMasterKey();
      masterPasswordService.masterKeySubject.next(masterKey);
      const keyConnectorRequest = new KeyConnectorUserKeyRequest(
@@ -260,7 +284,7 @@ describe("KeyConnectorService", () => {
      jest.spyOn(apiService, "postUserKeyToKeyConnector").mockResolvedValue();
      // Act
-      await keyConnectorService.migrateUser();
+      await keyConnectorService.migrateUser(mockUserId);
      // Assert
      expect(keyConnectorService.getManagingOrganization).toHaveBeenCalled();
@@ -273,7 +297,13 @@ describe("KeyConnectorService", () => {
    it("should handle errors thrown during migration", async () => {
      // Arrange
-      const organization = organizationData(true, true, "https://key-connector-url.com", 2, false);
+      const organization = organizationData(
        true,
        true,
        "https://key-connector-url.com",
        OrganizationUserType.User,
        false,
      );
      const masterKey = getMockMasterKey();
      const keyConnectorRequest = new KeyConnectorUserKeyRequest(
        Utils.fromBufferToB64(masterKey.inner().encryptionKey),
@@ -288,7 +318,7 @@ describe("KeyConnectorService", () => {
      try {
        // Act
-        await keyConnectorService.migrateUser();
+        await keyConnectorService.migrateUser(mockUserId);
      } catch {
        // Assert
        expect(logService.error).toHaveBeenCalledWith(error);
@@ -301,6 +331,136 @@ describe("KeyConnectorService", () => {
    });
  });
  describe("convertAccountRequired$", () => {
    beforeEach(async () => {
      const organization = organizationData(
        true,
        true,
        "https://key-connector-url.com",
        OrganizationUserType.User,
        false,
      );
      organizationService.organizations$.mockReturnValue(of([organization]));
      await stateProvider.getUser(mockUserId, USES_KEY_CONNECTOR).update(() => false);
      tokenService.getIsExternal.mockResolvedValue(true);
      tokenService.hasAccessToken$.mockReturnValue(of(true));
    });
    it("should return true when user logged in with sso, belong to organization using key connector and user does not use key connector", async () => {
      await expect(
        firstValueFrom(keyConnectorService.convertAccountRequired$.pipe(timeout(100))),
      ).resolves.toEqual(true);
    });
    it("should return false when user logged in with password", async () => {
      tokenService.getIsExternal.mockResolvedValue(false);
      await expect(
        firstValueFrom(keyConnectorService.convertAccountRequired$.pipe(timeout(100))),
      ).resolves.toEqual(false);
    });
    it("should return false when organization's key connector disabled", async () => {
      const organization = organizationData(
        true,
        false,
        "https://key-connector-url.com",
        OrganizationUserType.User,
        false,
      );
      organizationService.organizations$.mockReturnValue(of([organization]));
      await expect(
        firstValueFrom(keyConnectorService.convertAccountRequired$.pipe(timeout(100))),
      ).resolves.toEqual(false);
    });
    it("should return false when user is admin of the organization", async () => {
      const organization = organizationData(
        true,
        true,
        "https://key-connector-url.com",
        OrganizationUserType.Admin,
        false,
      );
      organizationService.organizations$.mockReturnValue(of([organization]));
      await expect(
        firstValueFrom(keyConnectorService.convertAccountRequired$.pipe(timeout(100))),
      ).resolves.toEqual(false);
    });
    it("should return false when user is owner of the organization", async () => {
      const organization = organizationData(
        true,
        true,
        "https://key-connector-url.com",
        OrganizationUserType.Owner,
        false,
      );
      organizationService.organizations$.mockReturnValue(of([organization]));
      await expect(
        firstValueFrom(keyConnectorService.convertAccountRequired$.pipe(timeout(100))),
      ).resolves.toEqual(false);
    });
    it("should return false when user is provider user of the organization", async () => {
      const organization = organizationData(
        true,
        true,
        "https://key-connector-url.com",
        OrganizationUserType.User,
        true,
      );
      organizationService.organizations$.mockReturnValue(of([organization]));
      await expect(
        firstValueFrom(keyConnectorService.convertAccountRequired$.pipe(timeout(100))),
      ).resolves.toEqual(false);
    });
    it("should return false when user already uses key connector", async () => {
      await stateProvider.getUser(mockUserId, USES_KEY_CONNECTOR).update(() => true);
      await expect(
        firstValueFrom(keyConnectorService.convertAccountRequired$.pipe(timeout(100))),
      ).resolves.toEqual(false);
    });
    it("should not return any value when user not logged in", async () => {
      await accountService.switchAccount(null as unknown as UserId);
      await expect(
        firstValueFrom(keyConnectorService.convertAccountRequired$.pipe(timeout(100))),
      ).rejects.toBeInstanceOf(TimeoutError);
    });
    it("should not return any value when organization state is empty", async () => {
      organizationService.organizations$.mockReturnValue(of(null as unknown as Organization[]));
      await expect(
        firstValueFrom(keyConnectorService.convertAccountRequired$.pipe(timeout(100))),
      ).rejects.toBeInstanceOf(TimeoutError);
    });
    it("should not return any value when user is not using key connector", async () => {
      await stateProvider.getUser(mockUserId, USES_KEY_CONNECTOR).update(() => null);
      await expect(
        firstValueFrom(keyConnectorService.convertAccountRequired$.pipe(timeout(100))),
      ).rejects.toBeInstanceOf(TimeoutError);
    });
    it("should not return any value when user does not have access token", async () => {
      tokenService.hasAccessToken$.mockReturnValue(of(false));
      await expect(
        firstValueFrom(keyConnectorService.convertAccountRequired$.pipe(timeout(100))),
      ).rejects.toBeInstanceOf(TimeoutError);
    });
  });
  function organizationData(
    usesKeyConnector: boolean,
    keyConnectorEnabled: boolean,
--- a/libs/common/src/key-management/key-connector/services/key-connector.service.ts
+++ b/libs/common/src/key-management/key-connector/services/key-connector.service.ts
@@ -1,8 +1,9 @@
 // FIXME: Update this file to be type safe and remove this and next line
 // @ts-strict-ignore
-import { firstValueFrom } from "rxjs";
+import { combineLatest, filter, firstValueFrom, Observable, of, switchMap } from "rxjs";
 import { LogoutReason } from "@bitwarden/auth/common";
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import {
  Argon2KdfConfig,
  KdfConfig,
@@ -15,7 +16,6 @@ import { ApiService } from "../../../abstractions/api.service";
 import { OrganizationService } from "../../../admin-console/abstractions/organization/organization.service.abstraction";
 import { OrganizationUserType } from "../../../admin-console/enums";
 import { Organization } from "../../../admin-console/models/domain/organization";
 import { AccountService } from "../../../auth/abstractions/account.service";
 import { TokenService } from "../../../auth/abstractions/token.service";
 import { IdentityTokenResponse } from "../../../auth/models/response/identity-token.response";
 import { KeysRequest } from "../../../models/request/keys.request";
@@ -23,12 +23,7 @@ import { KeyGenerationService } from "../../../platform/abstractions/key-generat
 import { LogService } from "../../../platform/abstractions/log.service";
 import { Utils } from "../../../platform/misc/utils";
 import { SymmetricCryptoKey } from "../../../platform/models/domain/symmetric-crypto-key";
-import {
+import { KEY_CONNECTOR_DISK, StateProvider, UserKeyDefinition } from "../../../platform/state";
  ActiveUserState,
  KEY_CONNECTOR_DISK,
  StateProvider,
  UserKeyDefinition,
 } from "../../../platform/state";
 import { UserId } from "../../../types/guid";
 import { MasterKey } from "../../../types/key";
 import { InternalMasterPasswordServiceAbstraction } from "../../master-password/abstractions/master-password.service.abstraction";
@@ -42,23 +37,15 @@ export const USES_KEY_CONNECTOR = new UserKeyDefinition<boolean | null>(
  {
    deserializer: (usesKeyConnector) => usesKeyConnector,
    clearOn: ["logout"],
-  },
+    cleanupDelayMs: 0,
 );
 export const CONVERT_ACCOUNT_TO_KEY_CONNECTOR = new UserKeyDefinition<boolean | null>(
  KEY_CONNECTOR_DISK,
  "convertAccountToKeyConnector",
  {
    deserializer: (convertAccountToKeyConnector) => convertAccountToKeyConnector,
    clearOn: ["logout"],
  },
 );
 export class KeyConnectorService implements KeyConnectorServiceAbstraction {
-  private usesKeyConnectorState: ActiveUserState<boolean>;
+  readonly convertAccountRequired$: Observable<boolean>;
-  private convertAccountToKeyConnectorState: ActiveUserState<boolean>;
+
  constructor(
-    private accountService: AccountService,
+    accountService: AccountService,
    private masterPasswordService: InternalMasterPasswordServiceAbstraction,
    private keyService: KeyService,
    private apiService: ApiService,
@@ -69,9 +56,27 @@ export class KeyConnectorService implements KeyConnectorServiceAbstraction {
    private logoutCallback: (logoutReason: LogoutReason, userId?: string) => Promise<void>,
    private stateProvider: StateProvider,
  ) {
-    this.usesKeyConnectorState = this.stateProvider.getActive(USES_KEY_CONNECTOR);
+    this.convertAccountRequired$ = accountService.activeAccount$.pipe(
-    this.convertAccountToKeyConnectorState = this.stateProvider.getActive(
+      filter((account) => account != null),
-      CONVERT_ACCOUNT_TO_KEY_CONNECTOR,
+      switchMap((account) =>
        combineLatest([
          of(account.id),
          this.organizationService
            .organizations$(account.id)
            .pipe(filter((organizations) => organizations != null)),
          this.stateProvider
            .getUserState$(USES_KEY_CONNECTOR, account.id)
            .pipe(filter((usesKeyConnector) => usesKeyConnector != null)),
          tokenService.hasAccessToken$(account.id).pipe(filter((hasToken) => hasToken)),
        ]),
      ),
      switchMap(async ([userId, organizations, usesKeyConnector]) => {
        const loggedInUsingSso = await this.tokenService.getIsExternal(userId);
        const requiredByOrganization = this.findManagingOrganization(organizations) != null;
        const userIsNotUsingKeyConnector = !usesKeyConnector;
        return loggedInUsingSso && requiredByOrganization && userIsNotUsingKeyConnector;
      }),
    );
  }
@@ -79,20 +84,13 @@ export class KeyConnectorService implements KeyConnectorServiceAbstraction {
    await this.stateProvider.getUser(userId, USES_KEY_CONNECTOR).update(() => usesKeyConnector);
  }
-  getUsesKeyConnector(userId: UserId): Promise<boolean> {
+  async getUsesKeyConnector(userId: UserId): Promise<boolean> {
-    return firstValueFrom(this.stateProvider.getUserState$(USES_KEY_CONNECTOR, userId));
+    return (
      (await firstValueFrom(this.stateProvider.getUserState$(USES_KEY_CONNECTOR, userId))) ?? false
    );
  }
-  async userNeedsMigration(userId: UserId) {
+  async migrateUser(userId: UserId) {
    const loggedInUsingSso = await this.tokenService.getIsExternal(userId);
    const requiredByOrganization = (await this.getManagingOrganization(userId)) != null;
    const userIsNotUsingKeyConnector = !(await this.getUsesKeyConnector(userId));
    return loggedInUsingSso && requiredByOrganization && userIsNotUsingKeyConnector;
  }
  async migrateUser(userId?: UserId) {
    userId ??= (await firstValueFrom(this.accountService.activeAccount$))?.id;
    const organization = await this.getManagingOrganization(userId);
    const masterKey = await firstValueFrom(this.masterPasswordService.masterKey$(userId));
    const keyConnectorRequest = new KeyConnectorUserKeyRequest(
@@ -109,6 +107,8 @@ export class KeyConnectorService implements KeyConnectorServiceAbstraction {
    }
    await this.apiService.postConvertToKeyConnector();
    await this.setUsesKeyConnector(true, userId);
  }
  // TODO: UserKey should be renamed to MasterKey and typed accordingly
@@ -123,15 +123,9 @@ export class KeyConnectorService implements KeyConnectorServiceAbstraction {
    }
  }
-  async getManagingOrganization(userId?: UserId): Promise<Organization> {
+  async getManagingOrganization(userId: UserId): Promise<Organization> {
-    const orgs = await firstValueFrom(this.organizationService.organizations$(userId));
+    const organizations = await firstValueFrom(this.organizationService.organizations$(userId));
-    return orgs.find(
+    return this.findManagingOrganization(organizations);
      (o) =>
        o.keyConnectorEnabled &&
        o.type !== OrganizationUserType.Admin &&
        o.type !== OrganizationUserType.Owner &&
        !o.isProviderUser,
    );
  }
  async convertNewSsoUserToKeyConnector(
@@ -188,18 +182,6 @@ export class KeyConnectorService implements KeyConnectorServiceAbstraction {
    await this.apiService.postSetKeyConnectorKey(setPasswordRequest);
  }
  async setConvertAccountRequired(status: boolean, userId?: UserId) {
    await this.stateProvider.setUserState(CONVERT_ACCOUNT_TO_KEY_CONNECTOR, status, userId);
  }
  getConvertAccountRequired(): Promise<boolean> {
    return firstValueFrom(this.convertAccountToKeyConnectorState.state$);
  }
  async removeConvertAccountRequired(userId?: UserId) {
    await this.setConvertAccountRequired(null, userId);
  }
  private handleKeyConnectorError(e: any) {
    this.logService.error(e);
    if (this.logoutCallback != null) {
@@ -209,4 +191,14 @@ export class KeyConnectorService implements KeyConnectorServiceAbstraction {
    }
    throw new Error("Key Connector error");
  }
  private findManagingOrganization(organizations: Organization[]) {
    return organizations.find(
      (o) =>
        o.keyConnectorEnabled &&
        o.type !== OrganizationUserType.Admin &&
        o.type !== OrganizationUserType.Owner &&
        !o.isProviderUser,
    );
  }
 }
--- a/libs/common/src/platform/sync/default-sync.service.ts
+++ b/libs/common/src/platform/sync/default-sync.service.ts
@@ -224,13 +224,8 @@ export class DefaultSyncService extends CoreSyncService {
    await this.syncProfileOrganizations(response, response.id);
-    if (await this.keyConnectorService.userNeedsMigration(response.id)) {
+    if (await firstValueFrom(this.keyConnectorService.convertAccountRequired$)) {
      await this.keyConnectorService.setConvertAccountRequired(true, response.id);
      this.messageSender.send("convertAccountToKeyConnector");
    } else {
      // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
      // eslint-disable-next-line @typescript-eslint/no-floating-promises
      this.keyConnectorService.removeConvertAccountRequired(response.id);
    }
  }
--- a/libs/key-management-ui/src/key-connector/remove-password.component.spec.ts
+++ b/libs/key-management-ui/src/key-connector/remove-password.component.spec.ts
@@ -0,0 +1,252 @@
 import { Router } from "@angular/router";
 import { mock } from "jest-mock-extended";
 import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { KeyConnectorService } from "@bitwarden/common/key-management/key-connector/abstractions/key-connector.service";
 import { ErrorResponse } from "@bitwarden/common/models/response/error.response";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { SyncService } from "@bitwarden/common/platform/sync";
 import { UserId } from "@bitwarden/common/types/guid";
 import { DialogService, ToastService } from "@bitwarden/components";
 import { mockAccountServiceWith } from "../../../common/spec";
 import { RemovePasswordComponent } from "./remove-password.component";
 describe("RemovePasswordComponent", () => {
  let component: RemovePasswordComponent;
  const userId = "test-user-id" as UserId;
  const organization = {
    id: "test-organization-id",
    name: "test-organization-name",
  } as Organization;
  const accountService = mockAccountServiceWith(userId);
  const mockRouter = mock<Router>();
  const mockSyncService = mock<SyncService>();
  const mockI18nService = mock<I18nService>();
  const mockKeyConnectorService = mock<KeyConnectorService>();
  const mockOrganizationApiService = mock<OrganizationApiServiceAbstraction>();
  const mockDialogService = mock<DialogService>();
  const mockToastService = mock<ToastService>();
  beforeEach(async () => {
    jest.clearAllMocks();
    await accountService.switchAccount(userId);
    component = new RemovePasswordComponent(
      mock<LogService>(),
      mockRouter,
      accountService,
      mockSyncService,
      mockI18nService,
      mockKeyConnectorService,
      mockOrganizationApiService,
      mockDialogService,
      mockToastService,
    );
  });
  describe("ngOnInit", () => {
    it("should set activeUserId and organization", async () => {
      mockKeyConnectorService.getManagingOrganization.mockResolvedValue(organization);
      await component.ngOnInit();
      expect(component["activeUserId"]).toBe("test-user-id");
      expect(component.organization).toEqual(organization);
      expect(component.loading).toEqual(false);
      expect(mockKeyConnectorService.getManagingOrganization).toHaveBeenCalledWith(userId);
      expect(mockSyncService.fullSync).toHaveBeenCalledWith(false);
      expect(mockRouter.navigate).not.toHaveBeenCalled();
    });
    it("should redirect to login when no active account is found", async () => {
      await accountService.switchAccount(null as unknown as UserId);
      await component.ngOnInit();
      expect(mockRouter.navigate).toHaveBeenCalledWith(["/"]);
    });
    it("should redirect to login when no organization is found", async () => {
      mockKeyConnectorService.getManagingOrganization.mockResolvedValue(
        null as unknown as Organization,
      );
      await component.ngOnInit();
      expect(mockKeyConnectorService.getManagingOrganization).toHaveBeenCalledWith(userId);
      expect(mockSyncService.fullSync).toHaveBeenCalledWith(false);
      expect(mockRouter.navigate).toHaveBeenCalledWith(["/"]);
    });
  });
  describe("get action", () => {
    it.each([
      [true, false],
      [false, true],
      [true, true],
    ])(
      "should return true when continuing is $continuing and leaving is $leaving",
      (continuing, leaving) => {
        component.continuing = continuing;
        component.leaving = leaving;
        expect(component.action).toBe(true);
      },
    );
    it("should return false when continuing and leaving are both false", () => {
      component.continuing = false;
      component.leaving = false;
      expect(component.action).toBe(false);
    });
  });
  describe("convert", () => {
    beforeEach(async () => {
      mockKeyConnectorService.getManagingOrganization.mockResolvedValue(organization);
      await component.ngOnInit();
    });
    it("should call migrateUser and show success toast", async () => {
      mockI18nService.t.mockReturnValue("removed master password");
      await component.convert();
      expect(component.continuing).toBe(true);
      expect(mockKeyConnectorService.migrateUser).toHaveBeenCalledWith(userId);
      expect(mockToastService.showToast).toHaveBeenCalledWith({
        variant: "success",
        message: "removed master password",
      });
      expect(mockRouter.navigate).toHaveBeenCalledWith(["/"]);
    });
    it("should handle errors and show error toast", async () => {
      const errorMessage = "Can't migrate user error";
      mockKeyConnectorService.migrateUser.mockRejectedValue(new Error(errorMessage));
      mockI18nService.t.mockReturnValue("error occurred");
      await component.convert();
      expect(component.continuing).toBe(false);
      expect(mockKeyConnectorService.migrateUser).toHaveBeenCalledWith(userId);
      expect(mockToastService.showToast).toHaveBeenCalledWith({
        variant: "error",
        title: "error occurred",
        message: errorMessage,
      });
      expect(mockRouter.navigate).not.toHaveBeenCalled();
    });
    it("should handle error response and show error toast", async () => {
      const errorMessage = "Can't migrate user error";
      mockKeyConnectorService.migrateUser.mockRejectedValue(
        new ErrorResponse(
          {
            message: errorMessage,
          },
          404,
        ),
      );
      mockI18nService.t.mockReturnValue("error occurred");
      await component.convert();
      expect(component.continuing).toBe(false);
      expect(mockKeyConnectorService.migrateUser).toHaveBeenCalledWith(userId);
      expect(mockToastService.showToast).toHaveBeenCalledWith({
        variant: "error",
        title: "error occurred",
        message: errorMessage,
      });
      expect(mockRouter.navigate).not.toHaveBeenCalled();
    });
  });
  describe("leave", () => {
    beforeEach(async () => {
      mockKeyConnectorService.getManagingOrganization.mockResolvedValue(organization);
      await component.ngOnInit();
    });
    it("should call leave and show success toast", async () => {
      mockDialogService.openSimpleDialog.mockResolvedValue(true);
      mockI18nService.t.mockReturnValue("left organization");
      await component.leave();
      expect(component.leaving).toBe(true);
      expect(mockOrganizationApiService.leave).toHaveBeenCalledWith(organization.id);
      expect(mockToastService.showToast).toHaveBeenCalledWith({
        variant: "success",
        message: "left organization",
      });
      expect(mockRouter.navigate).toHaveBeenCalledWith(["/"]);
    });
    it("should handle error response and show error toast", async () => {
      const errorMessage = "Can't leave organization error";
      mockDialogService.openSimpleDialog.mockResolvedValue(true);
      mockOrganizationApiService.leave.mockRejectedValue(new Error(errorMessage));
      mockI18nService.t.mockReturnValue("error occurred");
      await component.leave();
      expect(component.leaving).toBe(false);
      expect(mockOrganizationApiService.leave).toHaveBeenCalledWith(organization.id);
      expect(mockToastService.showToast).toHaveBeenCalledWith({
        variant: "error",
        title: "error occurred",
        message: errorMessage,
      });
      expect(mockRouter.navigate).not.toHaveBeenCalled();
    });
    it("should handle error response and show error toast", async () => {
      const errorMessage = "Can't leave organization error";
      mockDialogService.openSimpleDialog.mockResolvedValue(true);
      mockOrganizationApiService.leave.mockRejectedValue(
        new ErrorResponse(
          {
            message: errorMessage,
          },
          404,
        ),
      );
      mockI18nService.t.mockReturnValue("error occurred");
      await component.leave();
      expect(component.leaving).toBe(false);
      expect(mockOrganizationApiService.leave).toHaveBeenCalledWith(organization.id);
      expect(mockToastService.showToast).toHaveBeenCalledWith({
        variant: "error",
        title: "error occurred",
        message: errorMessage,
      });
      expect(mockRouter.navigate).not.toHaveBeenCalled();
    });
    it("should not call leave when dialog is canceled", async () => {
      mockDialogService.openSimpleDialog.mockResolvedValue(false);
      await component.leave();
      expect(component.leaving).toBe(false);
      expect(mockOrganizationApiService.leave).not.toHaveBeenCalled();
      expect(mockRouter.navigate).not.toHaveBeenCalled();
    });
  });
 });
--- a/libs/key-management-ui/src/key-connector/remove-password.component.ts
+++ b/libs/key-management-ui/src/key-connector/remove-password.component.ts
@@ -1,33 +1,32 @@
 // FIXME: Update this file to be type safe and remove this and next line
 // @ts-strict-ignore
 import { Directive, OnInit } from "@angular/core";
 import { Router } from "@angular/router";
-import { firstValueFrom, map } from "rxjs";
+import { firstValueFrom } from "rxjs";
 import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { KeyConnectorService } from "@bitwarden/common/key-management/key-connector/abstractions/key-connector.service";
 import { ErrorResponse } from "@bitwarden/common/models/response/error.response";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
-import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { UserId } from "@bitwarden/common/types/guid";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 import { DialogService, ToastService } from "@bitwarden/components";
@Directive()
 export class RemovePasswordComponent implements OnInit {
  actionPromise: Promise<void | boolean>;
  continuing = false;
  leaving = false;
  loading = true;
-  organization: Organization;
+  organization!: Organization;
-  email: string;
+  private activeUserId!: UserId;
  constructor(
    private logService: LogService,
    private router: Router,
    private accountService: AccountService,
    private syncService: SyncService,
    private platformUtilsService: PlatformUtilsService,
    private i18nService: I18nService,
    private keyConnectorService: KeyConnectorService,
    private organizationApiService: OrganizationApiServiceAbstraction,
@@ -36,35 +35,49 @@ export class RemovePasswordComponent implements OnInit {
  ) {}
  async ngOnInit() {
-    this.organization = await this.keyConnectorService.getManagingOrganization();
+    const activeAccount = await firstValueFrom(this.accountService.activeAccount$);
-    this.email = await firstValueFrom(
+    if (activeAccount == null) {
-      this.accountService.activeAccount$.pipe(map((a) => a?.email)),
+      this.logService.info(
-    );
+        "[Key Connector remove password] No active account found, redirecting to login.",
      );
      await this.router.navigate(["/"]);
      return;
    }
    this.activeUserId = activeAccount.id;
    await this.syncService.fullSync(false);
    this.organization = await this.keyConnectorService.getManagingOrganization(this.activeUserId);
    if (this.organization == null) {
      this.logService.info(
        "[Key Connector remove password] No organization found, redirecting to login.",
      );
      await this.router.navigate(["/"]);
      return;
    }
    this.loading = false;
  }
  get action() {
    return this.continuing || this.leaving;
  }
  convert = async () => {
    this.continuing = true;
    this.actionPromise = this.keyConnectorService.migrateUser();
    try {
-      await this.actionPromise;
+      await this.keyConnectorService.migrateUser(this.activeUserId);
      this.toastService.showToast({
        variant: "success",
        title: null,
        message: this.i18nService.t("removedMasterPassword"),
      });
-      await this.keyConnectorService.removeConvertAccountRequired();
+
-      // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
+      await this.router.navigate(["/"]);
      // eslint-disable-next-line @typescript-eslint/no-floating-promises
      this.router.navigate([""]);
    } catch (e) {
-      this.toastService.showToast({
+      this.continuing = false;
-        variant: "error",
+
-        title: this.i18nService.t("errorOccurred"),
+      this.handleActionError(e);
        message: e.message,
      });
    }
  };
@@ -79,25 +92,33 @@ export class RemovePasswordComponent implements OnInit {
      return false;
    }
    this.leaving = true;
    try {
-      this.leaving = true;
+      await this.organizationApiService.leave(this.organization.id);
-      this.actionPromise = this.organizationApiService.leave(this.organization.id);
+
      await this.actionPromise;
      this.toastService.showToast({
        variant: "success",
        title: null,
        message: this.i18nService.t("leftOrganization"),
      });
-      await this.keyConnectorService.removeConvertAccountRequired();
+
-      // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
+      await this.router.navigate(["/"]);
      // eslint-disable-next-line @typescript-eslint/no-floating-promises
      this.router.navigate([""]);
    } catch (e) {
-      this.toastService.showToast({
+      this.leaving = false;
-        variant: "error",
+
-        title: this.i18nService.t("errorOccurred"),
+      this.handleActionError(e);
        message: e,
      });
    }
  };
  handleActionError(e: unknown) {
    let message = "";
    if (e instanceof ErrorResponse || e instanceof Error) {
      message = e.message;
    }
    this.toastService.showToast({
      variant: "error",
      title: this.i18nService.t("errorOccurred"),
      message: message,
    });
  }
 }