[PM-32833] Remove Input Password Flag from Emergency Access

[rr-bw]

🎟️ Tracking

PM-32833

📔 Objective

This PR removes pm-27086-update-authentication-apis-for-input-password feature flag usage from the Emergency Access takeover flow.

Note

This PR is part of a larger group of PRs (split up for easier review) that will each get merged into a base branch for this flag removal work: auth/pm-32833/remove-input-password-flag-base (base PR). That base branch is the one that will get merged to main.

Breakdown of branching structure:

main
 └── auth/pm-32833/remove-input-password-flag-base  ← targets main; accumulates sub-PRs
     ├── auth/pm-32833/registration-finish            ← targets base
     ├── auth/pm-32833/set-initial-password           ← targets base
     ├── auth/pm-32833/change-password                ← targets base
     ├── auth/pm-32833/emergency-access               ← targets base [THIS PR 🟢]
     ├── auth/pm-32833/account-recovery               ← targets base
     └── auth/pm-32833/input-password-component       ← targets base; reviewed LAST

[github-actions]

Checkmarx One – Scan Summary & Details – f3c4e507-b04a-44db-9970-77f701ab691d

Great job! No new security vulnerabilities introduced in this pull request

[github-actions]

🤖 Bitwarden Claude Code Review

Overall Assessment: APPROVE

Reviewed removal of the PM27086_UpdateAuthenticationApisForInputPassword feature flag from EmergencyAccessService.takeover() and its spec. The previously-flagged "enabled" path was retained verbatim, the ConfigService dependency was cleanly removed from the constructor and imports, and unused test imports (CsprngArray, MasterKey, PBKDF2KdfConfig, ConfigService) were pruned. Angular DI in emergency-access.module.ts handles constructor resolution automatically and no manual callers of new EmergencyAccessService(...) exist outside of the spec file, which was updated accordingly. Remaining references to the flag elsewhere in the codebase are intentionally scoped to sibling sub-PRs per the branching plan in the description.

Code Review Details

No findings.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 47.01%. Comparing base (9280b12) to head (3a74355).
⚠️ Report is 1 commits behind head on auth/pm-32833/remove-input-password-flag-base.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@                                Coverage Diff                                @@
##           auth/pm-32833/remove-input-password-flag-base   #20291      +/-   ##
=================================================================================
- Coverage                                          47.02%   47.01%   -0.02%     
=================================================================================
  Files                                               3913     3913              
  Lines                                             118323   118308      -15     
  Branches                                           18103    18101       -2     
=================================================================================
- Hits                                               55647    55623      -24     
- Misses                                             58486    58494       +8     
- Partials                                            4190     4191       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[rr-bw]

Tip: Check "Hide whitespace" when reviewing this file.