[PM-3273][PM-4679] New owner/admin permission on login (#2837)

* [PM-3273] Add property for password set. Add labels. Update sync service. * [PM-3273] Set password needs set in state. Read value on sync and nav to page. * [PM-3273] Add navigation to Set Password on vault landing if needed. * [PM-3273] Update SetPasswordPage copy * [PM-3273] Add ManageResetPassword to Org Permissions, handle it on sync. * [PM-3273] Change user has master password state when set master password is complete. * [PM-3273] Code clean up * [PM-3273] Remove unnecessary property from account profile * [PM-3273] Add check for remembered org identifier * [PM-4679] Added logging calls for future checks. --------- Co-authored-by: Federico Maccaroni <fedemkr@gmail.com>
2025-12-11 05:43:30 +00:00 · 2023-11-09 17:21:00 +00:00
parent 3a13ba4efa
commit 793c5fef6f
42 changed files with 203544 additions and 33 deletions
--- a/src/App/Pages/Accounts/LoginSsoPageViewModel.cs
+++ b/src/App/Pages/Accounts/LoginSsoPageViewModel.cs
@@ -230,19 +230,18 @@ namespace Bit.App.Pages
                            StartDeviceApprovalOptionsAction?.Invoke();
                            return;
                        }
-                        // If user doesn't have a MP, but has reset password permission, they must set a MP
-                        if (!decryptOptions.HasMasterPassword &&
-                            decryptOptions.TrustedDeviceOption.HasManageResetPasswordPermission)
-                        {
-                            StartSetPasswordAction?.Invoke();
-                            return;
-                        }
                        // Update temp password only if the device is trusted and therefore has a decrypted User Key set
                        if (response.ForcePasswordReset)
                        {
                            UpdateTempPasswordAction?.Invoke();
                            return;
                        }
+                        // If user doesn't have a MP, but has reset password permission, they must set a MP
+                        if (!decryptOptions.HasMasterPassword &&
+                            decryptOptions.TrustedDeviceOption.HasManageResetPasswordPermission)
+                        {
+                            await _stateService.SetForcePasswordResetReasonAsync(ForcePasswordResetReason.TdeUserWithoutPasswordHasPasswordResetPermission);
+                        }
                        // Device is trusted and has keys, so we can decrypt
                        _syncService.FullSyncAsync(true).FireAndForget();
                        SsoAuthSuccessAction?.Invoke();