NAS-133624 / 25.10 / Support for single time user passwords in STIG mode

[AlexKarpov98]

See ticket.

Result:

NAS-133624_1.mov

NAS-133624-2.mov

[bugclerk]

Jira URL: https://ixsystems.atlassian.net/browse/NAS-133624

[codecov]

Codecov Report

Attention: Patch coverage is 97.19626% with 6 lines in your changes missing coverage. Please review.

Project coverage is 83.29%. Comparing base (ff7fb2c) to head (6c95183).
Report is 2 commits behind head on master.

✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
...credentials/users/user-form/user-form.component.ts	94.25%	5 Missing ⚠️
src/app/modules/auth/auth.service.ts	75.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #11427      +/-   ##
==========================================
+ Coverage   83.22%   83.29%   +0.06%     
==========================================
  Files        1673     1676       +3     
  Lines       59987    60116     +129     
  Branches     6308     6323      +15     
==========================================
+ Hits        49927    50073     +146     
+ Misses      10060    10043      -17     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[undsoft]

Looks promising, nice work. Will test after code updates.

[undsoft]

1. I would avoid stig in naming here because it's conceivable that this feature may be extended for other scenarios in the future.
2. How about unifying the flow so that FirstLoginDialogComponent is always shown when it's either otpw user or 2FA setup is needed? And then letting FirstLoginDialogComponent decide which steps to show.

[AlexKarpov98]

@undsoft
We have such modal as well, if user missed 2fa configuration:

And then navigated to the 2fa setup page.

[AlexKarpov98]

@undsoft - for STIG user, it's impossible to login without one time password or 2fa.
So if I changed password but didn't set up 2fa, I'll see the following.

[AlexKarpov98]

So I've updated this dialog to work for both:
OtpwUser and NonOtpwUser, but it's useless at this point.

[undsoft]

What I mean is that we can get rid of showTwoFactorWarning() and only have one branch. If this is an OTPW user OR if 2FA setup is required for normal user, take them to FirstLoginDialogComponent.
If this is an OTPW user, show password form, if this is a normal user, only show the 2FA part.

[AlexKarpov98]

Okay, got it, probably I need to add more descriptions there as well.

[AlexKarpov98]

Can we request it as a separate ticket? I think it worth a separate ticket since a lot of changes were made already as for this one ticket.

[AlexKarpov98]

@undsoft

[undsoft]

It would make your code simpler, but okay, please create a ticket then.

[AlexKarpov98]

Sure 👌

[undsoft]

It's kinda weird to have this here so that two other pieces of code can talk to each other.
See if it's possible to inject TwoFactorGuardService in FirstLoginDialogComponent directly and have that property there directly.

[AlexKarpov98]

@undsoft I tried to move it to the TwoFactorGuardService but faced issues.
The main issue is that we should reset that value if user logs out, because if it's a new login with OTPW - the full screen dialog will not show up since password is considered as already changed.

[AlexKarpov98]

@undsoft - use latest middleware to make sure it all works.

[undsoft]

👍🏼

[bugclerk]

JIRA ticket https://ixsystems.atlassian.net/browse/NAS-133624 is targeted to the following versions which have not received their corresponding PRs: 25.04-RC.1

[bugclerk]

This PR has been merged and conversations have been locked.
If you would like to discuss more about this issue please use our forums or raise a Jira ticket.

[AlexKarpov98]

backport