[PM-32833] Remove Input Password Flag from Change Password

apps/web/src/app/auth/core/services/change-password/web-change-password.service.spec.ts

@@ -40,10 +40,6 @@ describe("WebChangePasswordService", () => {
     }),
   };
 
-  const currentPassword = "currentPassword";
-  const newPassword = "newPassword";
-  const newPasswordHint = "newPasswordHint";
-
   beforeEach(() => {
     keyService = mock<KeyService>();
     masterPasswordApiService = mock<MasterPasswordApiService>();
@@ -64,23 +60,6 @@ describe("WebChangePasswordService", () => {
     );
   });
 
-  describe("rotateUserKeyMasterPasswordAndEncryptedData()", () => {
-    it("should call the method with the same name on the UserKeyRotationService with the correct arguments", async () => {
-      // Act
-      await sut.rotateUserKeyMasterPasswordAndEncryptedData(
-        currentPassword,
-        newPassword,
-        user,
-        newPasswordHint,
-      );
-
-      // Assert
-      expect(
-        userKeyRotationService.rotateUserKeyMasterPasswordAndEncryptedData,
-      ).toHaveBeenCalledWith(currentPassword, newPassword, user, newPasswordHint);
-    });
-  });
-
   describe("changePasswordAndRotateUserKey()", () => {
     // Mock method params
     let passwordInputResult: PasswordInputResult;
@@ -93,7 +72,6 @@ describe("WebChangePasswordService", () => {
         newPasswordHint: "new-password-hint",
         kdfConfig: DEFAULT_KDF_CONFIG,
         salt: "salt" as MasterPasswordSalt,
-        newApisWithInputPasswordFlagEnabled: true,
       };
 
       // Mock returned/resolved values
@@ -119,11 +97,11 @@ describe("WebChangePasswordService", () => {
       });
     });
 
-    it("should throw if newPasswordHint is null on the PasswordInputResult object", async () => {
+    it("should throw if newPasswordHint is undefined on the PasswordInputResult object", async () => {
       // Arrange
       const invalidPasswordInputResult: PasswordInputResult = {
         ...passwordInputResult,
-        newPasswordHint: null,
+        newPasswordHint: undefined,
       };
 
       // Act

apps/web/src/app/auth/core/services/change-password/web-change-password.service.ts

@@ -57,23 +57,6 @@ export class WebChangePasswordService
     );
   }
 
-  /**
-   * @deprecated To be removed in PM-28143
-   */
-  override async rotateUserKeyMasterPasswordAndEncryptedData(
-    currentPassword: string,
-    newPassword: string,
-    user: Account,
-    newPasswordHint: string,
-  ): Promise<void> {
-    await this.userKeyRotationService.rotateUserKeyMasterPasswordAndEncryptedData(
-      currentPassword,
-      newPassword,
-      user,
-      newPasswordHint,
-    );
-  }
-
   async clearDeeplinkState() {
     await this.routerService.getAndClearLoginRedirectUrl();
   }

libs/angular/src/auth/password-management/change-password/change-password.component.ts

@@ -23,7 +23,6 @@ import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/key-
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
-import { SyncService } from "@bitwarden/common/platform/sync";
 import { UserId } from "@bitwarden/common/types/guid";
 import {
   AnonLayoutWrapperDataService,
@@ -82,7 +81,6 @@ export class ChangePasswordComponent implements OnInit {
     private messagingService: MessagingService,
     private policyService: PolicyService,
     private toastService: ToastService,
-    private syncService: SyncService,
     private dialogService: DialogService,
     private logService: LogService,
     private logoutService: LogoutService,
@@ -159,31 +157,10 @@ export class ChangePasswordComponent implements OnInit {
           throw new Error("activeAccount not found");
         }
 
-        if (passwordInputResult.newApisWithInputPasswordFlagEnabled) {
-          await this.changePasswordService.changePasswordAndRotateUserKey(
-            passwordInputResult,
-            this.activeAccount,
-          );
-          this.passwordChanged.emit();
-          return; // EARLY RETURN for flagged logic
-        }
-
-        if (
-          passwordInputResult.currentPassword == null ||
-          passwordInputResult.newPasswordHint == null
-        ) {
-          throw new Error("currentPassword or newPasswordHint not found");
-        }
-
-        await this.syncService.fullSync(true);
-
-        await this.changePasswordService.rotateUserKeyMasterPasswordAndEncryptedData(
-          passwordInputResult.currentPassword,
-          passwordInputResult.newPassword,
+        await this.changePasswordService.changePasswordAndRotateUserKey(
+          passwordInputResult,
           this.activeAccount,
-          passwordInputResult.newPasswordHint,
         );
-
         this.passwordChanged.emit();
       } else {
         if (!this.userId) {
@@ -210,17 +187,13 @@ export class ChangePasswordComponent implements OnInit {
 
         this.passwordChanged.emit();
 
-        if (passwordInputResult.newApisWithInputPasswordFlagEnabled) {
-          // TODO: investigate refactoring logout and follow-up routing in https://bitwarden.atlassian.net/browse/PM-32660
-          await this.logoutService.logout(this.userId);
+        // TODO: investigate refactoring logout and follow-up routing in https://bitwarden.atlassian.net/browse/PM-32660
+        await this.logoutService.logout(this.userId);
 
-          const shouldNavigateToRoot = this.changePasswordService.shouldNavigateToRoot();
-          if (shouldNavigateToRoot) {
-            // navigate to root so redirect guard can properly route next active user (account switching) or null user to correct page
-            await this.router.navigate(["/"]);
-          }
-        } else {
-          this.messagingService.send("logout");
+        const shouldNavigateToRoot = this.changePasswordService.shouldNavigateToRoot();
+        if (shouldNavigateToRoot) {
+          // navigate to root so redirect guard can properly route next active user (account switching) or null user to correct page
+          await this.router.navigate(["/"]);
         }
 
         // Close the popout if we are in a browser extension popout.

libs/angular/src/auth/password-management/change-password/change-password.service.abstraction.ts

@@ -27,26 +27,6 @@ export abstract class ChangePasswordService {
     user: Account,
   ): Promise<void>;
 
-  /**
-   * @deprecated To be removed in PM-28143
-   *
-   * Creates a new user key and re-encrypts all required data with it.
-   * - does so by calling the underlying method on the `UserKeyRotationService`
-   * - implemented in Web only
-   *
-   * @param currentPassword the current password
-   * @param newPassword the new password
-   * @param user the user account
-   * @param newPasswordHint the new password hint
-   * @throws if called from a non-Web client
-   */
-  abstract rotateUserKeyMasterPasswordAndEncryptedData(
-    currentPassword: string,
-    newPassword: string,
-    user: Account,
-    newPasswordHint: string,
-  ): Promise<void>;
-
   /**
    * Changes the user's password by building a `PasswordRequest` object that gets POSTed to the server.
    *
@@ -55,18 +35,6 @@ export abstract class ChangePasswordService {
    * @throws if required values are not found on the `PasswordInputResult`
    * @throws an `InvalidCurrentPasswordError` if `proofOfDecryption` fails (i.e. if the current password is incorrect)
    * @throws if there is an error during the API call
-   *
-   * OLD DESCRIPTION FOR UNFLAGGED LOGIC: (the rest of this JSDoc below can be removed in PM-28143)
-   *
-   * Changes the user's password and re-encrypts the user key with the `newMasterKey`.
-   * - Specifically, this method uses credentials from the `passwordInputResult` to:
-   *   1. Decrypt the user key with the `currentMasterKey`
-   *   2. Re-encrypt that user key with the `newMasterKey`, resulting in a `newMasterKeyEncryptedUserKey`
-   *   3. Build a `PasswordRequest` object that gets POSTed to `"/accounts/password"`
-   *
-   * @param passwordInputResult credentials object received from the `InputPasswordComponent`
-   * @param userId the `userId`
-   * @throws if the `userId`, `currentMasterKey`, or `currentServerMasterKeyHash` is not found
    */
   abstract changePassword(passwordInputResult: PasswordInputResult, userId: UserId): Promise<void>;
 
@@ -83,17 +51,6 @@ export abstract class ChangePasswordService {
    * @throws if required values are not found on the `PasswordInputResult`
    * @throws an `InvalidCurrentPasswordError` if `proofOfDecryption` fails (i.e. if the current password is incorrect)
    * @throws if there is an error during the API call
-   *
-   * OLD DESCRIPTION FOR UNFLAGGED LOGIC: (the rest of this JSDoc below can be removed in PM-28143)
-   *
-   * Changes the user's password and re-encrypts the user key with the `newMasterKey`.
-   * - Specifically, this method uses credentials from the `passwordInputResult` to:
-   *   1. Decrypt the user key with the `currentMasterKey`
-   *   2. Re-encrypt that user key with the `newMasterKey`, resulting in a `newMasterKeyEncryptedUserKey`
-   *   3. Build a `PasswordRequest` object that gets PUTed to `"/accounts/update-temp-password"` so that the
-   *        ForcePasswordReset gets set to false.
-   * @param passwordInputResult
-   * @param userId
    */
   abstract changePasswordForAccountRecovery(
     passwordInputResult: PasswordInputResult,