diff --git a/src/server/controllers/changePassword.ts b/src/server/controllers/changePassword.ts index c318ffacd..5aed2c610 100644 --- a/src/server/controllers/changePassword.ts +++ b/src/server/controllers/changePassword.ts @@ -139,11 +139,7 @@ export const setPasswordController = ( // If the user is using the passcode flow for registration/reset password, // we need to handle the password change/creation. // If there are specific failures, we fall back to the legacy Okta change password flow. - if ( - passcodesEnabled && - !useOktaClassic && - (path === '/welcome' || res.locals.queryParams.usePasscodesResetPassword) - ) { + if (passcodesEnabled && !useOktaClassic) { await oktaIdxApiPasswordHandler({ req, res, diff --git a/src/server/controllers/checkPasswordToken.ts b/src/server/controllers/checkPasswordToken.ts index 2e015fe6a..523f3b653 100644 --- a/src/server/controllers/checkPasswordToken.ts +++ b/src/server/controllers/checkPasswordToken.ts @@ -209,11 +209,7 @@ export const checkTokenInOkta = async ( // If the user is using the passcode flow for registration/reset password, // we need to handle the password change/creation. // If there are specific failures, we fall back to the legacy Okta change password flow. - if ( - passcodesEnabled && - !res.locals.queryParams.useOktaClassic && - (path === '/welcome' || state.queryParams.usePasscodesResetPassword) - ) { + if (passcodesEnabled && !res.locals.queryParams.useOktaClassic) { await oktaIdxApiCheckHandler({ path, pageTitle, diff --git a/src/server/controllers/sendChangePasswordEmail.ts b/src/server/controllers/sendChangePasswordEmail.ts index 73ebaa7a0..aff442933 100644 --- a/src/server/controllers/sendChangePasswordEmail.ts +++ b/src/server/controllers/sendChangePasswordEmail.ts @@ -93,15 +93,6 @@ const setEncryptedCookieOkta = ( * @name changePasswordEmailIdx * @description Start the Okta IDX flow to change the user's password * - * NB: This is currently in testing and is not fully implemented yet, it should be used behind the `usePasscodesResetPassword` query param flag - * Current status: - * - [x] ACTIVE users - * - [x] With email + password authenticator - * - [x] With only password authenticator - * - [x] With only email authenticator - * - [x] Non-ACTIVE user states - * - [x] Non-Existent users - In `sendEmailInOkta` method - * * @param {Request} req - Express request object * @param {ResponseWithRequestState} res - Express response object * @param {UserResponse} user - Okta user object @@ -114,9 +105,6 @@ const changePasswordEmailIdx = async ( user: UserResponse, loopDetectionFlag: boolean = false, ): Promise => { - // placeholder warning message - logger.warn('Passcode reset password flow is not fully implemented yet'); - try { // start the IDX flow by calling interact and introspect const introspectResponse = await startIdxFlow({ @@ -516,14 +504,14 @@ export const sendEmailInOkta = async ( const { email = '' } = req.body; const path = getPath(req); const { - queryParams: { appClientId, ref, refViewId, usePasscodesResetPassword }, + queryParams: { appClientId, ref, refViewId, useOktaClassic }, } = state; try { // get the user object to check user status const user = await getUser(email, req.ip); - if (passcodesEnabled && usePasscodesResetPassword) { + if (passcodesEnabled && !useOktaClassic) { // try to start the IDX flow to send the user a passcode for reset password await changePasswordEmailIdx(req, res, user); // if successful, the user will be redirected to the email sent page @@ -822,7 +810,7 @@ export const sendEmailInOkta = async ( ) { // if we're using passcodes, then show the email sent page with OTP input // even if the user doesn't exist - if (passcodesEnabled && usePasscodesResetPassword) { + if (passcodesEnabled && !useOktaClassic) { // set the encrypted state cookie to persist the email and stateHandle // which we need to persist during the passcode reset flow setEncryptedStateCookie(res, { diff --git a/src/server/lib/queryParams.ts b/src/server/lib/queryParams.ts index d945cc3bd..0a3a6ee18 100644 --- a/src/server/lib/queryParams.ts +++ b/src/server/lib/queryParams.ts @@ -52,7 +52,6 @@ export const parseExpressQueryParams = ( appClientId, maxAge, useOktaClassic, - usePasscodesResetPassword, }: Record, // parameters from req.query // some parameters may be manually passed in req.body too, // generally for tracking purposes @@ -77,7 +76,6 @@ export const parseExpressQueryParams = ( appClientId, maxAge: stringToNumber(maxAge), useOktaClassic: isStringBoolean(useOktaClassic), - usePasscodesResetPassword: isStringBoolean(usePasscodesResetPassword), }; }; diff --git a/src/shared/__tests__/queryParams.test.ts b/src/shared/__tests__/queryParams.test.ts index 24133441f..4fd79ebb3 100644 --- a/src/shared/__tests__/queryParams.test.ts +++ b/src/shared/__tests__/queryParams.test.ts @@ -37,7 +37,6 @@ describe('getPersistableQueryParams', () => { appClientId: 'appClientId', useOktaClassic: undefined, listName: undefined, - usePasscodesResetPassword: undefined, }; expect(output).toStrictEqual(expected); diff --git a/src/shared/lib/queryParams.ts b/src/shared/lib/queryParams.ts index 0be0a0d29..995dbcebb 100644 --- a/src/shared/lib/queryParams.ts +++ b/src/shared/lib/queryParams.ts @@ -42,7 +42,6 @@ export const getPersistableQueryParams = ( fromURI: params.fromURI, appClientId: params.appClientId, useOktaClassic: params.useOktaClassic, - usePasscodesResetPassword: params.usePasscodesResetPassword, }); /** diff --git a/src/shared/model/QueryParams.ts b/src/shared/model/QueryParams.ts index 3e4d59f6c..e6e581bee 100644 --- a/src/shared/model/QueryParams.ts +++ b/src/shared/model/QueryParams.ts @@ -47,8 +47,6 @@ export interface PersistableQueryParams appClientId?: string; // fallback to Okta Classic if needed useOktaClassic?: boolean; - // temporary flag to enable the use of passcodes for reset password flow - usePasscodesResetPassword?: boolean; } /**