Merge remote-tracking branch 'origin' into auth/pm-18720/change-password-component-non-dialog-v3

libs/auth/src/common/login-strategies/password-login.strategy.spec.ts

@@ -238,6 +238,26 @@ describe("PasswordLoginStrategy", () => {
     );
   });
 
+  it("should not set a force set password reason if we get an IdentityTwoFactorResponse after entering a weak MP that does not meet policy requirements", async () => {
+    passwordStrengthService.getPasswordStrength.mockReturnValue({ score: 0 } as any);
+    policyService.evaluateMasterPassword.mockReturnValue(false);
+    tokenService.decodeAccessToken.mockResolvedValue({ sub: userId });
+
+    const token2FAResponse = new IdentityTwoFactorResponse({
+      TwoFactorProviders: ["0"],
+      TwoFactorProviders2: { 0: null },
+      error: "invalid_grant",
+      error_description: "Two factor required.",
+      MasterPasswordPolicy: masterPasswordPolicy,
+    });
+
+    // First login request fails requiring 2FA
+    apiService.postIdentityToken.mockResolvedValueOnce(token2FAResponse);
+    await passwordLoginStrategy.logIn(credentials);
+
+    expect(masterPasswordService.mock.setForceSetPasswordReason).not.toHaveBeenCalled();
+  });
+
   it("forces the user to update their master password on successful 2FA login when it does not meet master password policy requirements", async () => {
     passwordStrengthService.getPasswordStrength.mockReturnValue({ score: 0 } as any);
     policyService.evaluateMasterPassword.mockReturnValue(false);

libs/auth/src/common/login-strategies/password-login.strategy.ts

@@ -186,6 +186,7 @@ export class PasswordLoginStrategy extends LoginStrategy {
         ...this.cache.value,
         forcePasswordResetReason: ForceSetPasswordReason.WeakMasterPassword,
       });
+      return;
     }
 
     // Authentication was successful, save the force update password options with the state service