Auth/PM-17693 - Web - Existing users accepting an org invite are required to update password to meet org policy requirements

[JaredSnider-Bitwarden]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-17693

📔 Objective

To restore the functionality that we broke during the UI refresh where existing BW users that are invited to an organization should be forced to update their password to meet org master password policy requirements (regardless of the enforceOnLogin setting).

📸 Screenshots

As info, org invites are only accepted on the web.

PM-17693.-.Web.-.Existing.BW.Member.forced.to.update.password.on.org.invite.acceptance.when.enforceOnLogin.not.checked.mov

PM-17693.-.Web.-.Existing.BW.Member.forced.to.update.password.on.org.invite.acceptance.when.enforceOnLogin.checked.mov

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 22 lines in your changes missing coverage. Please review.

Project coverage is 35.31%. Comparing base (2284fe3) to head (b488e0a).
Report is 11 commits behind head on main.

Files with missing lines	Patch %	Lines
libs/auth/src/angular/login/login.component.ts	0.00%	22 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #13388      +/-   ##
==========================================
+ Coverage   35.29%   35.31%   +0.02%     
==========================================
  Files        3124     3128       +4     
  Lines       92483    92599     +116     
  Branches    16818    16824       +6     
==========================================
+ Hits        32638    32701      +63     
- Misses      57388    57438      +50     
- Partials     2457     2460       +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

Checkmarx One – Scan Summary & Details – 42a1786a-90c1-45e1-99d8-e06f08664236

New Issues (4)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2025-0995	Npm-electron-34.0.0	Vulnerable Package
	CVE-2025-0996	Npm-electron-34.0.0	Vulnerable Package
	CVE-2025-0997	Npm-electron-34.0.0	Vulnerable Package
	CVE-2025-0998	Npm-electron-34.0.0	Vulnerable Package

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud