Auth/PM-19555 - Fix multi account logout on lock screens not redirecting properly

[JaredSnider-Bitwarden]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-19555

📔 Objective

To resolve a bug where the following happens:

1. User has 2 accounts logged into the extension
2. User locks one account and then logs out on the lock component (or the TDE login initiated component)
3. The next up active account is not properly redirected out of the component they are on

Lock Component bug example:

PM-19555.Lock.component.bad.behavior.mov

This PR starts the consolidation of the distributed logout logic. This is not finished, and I've flagged future work for us under https://bitwarden.atlassian.net/browse/PM-21212.

Secondary bugs fixed:
Extension - The login decryption options component didn't properly show the account switcher.
Extension & Desktop - User's could swap to an account in a TDE locked state, but it wouldn't properly get the user to the login initiated screen

📸 Screenshots

Lock Component fixed

PM-19555.Lock.component.fixed.behavior.mov

TDE Login Decryption Options component fixed (note: the account switcher is now properly shown on this component):

PM-19555.Extension.-.Account.switching.now.works.for.users.in.a.TDE.locked.state.mov

Account switcher new behavior (redirects instead of just going back):

PM-19555.Account.switcher.component.new.behavior.mov

Secondary Bugs fixed behavior (account switching now works for users in a TDE locked state):

PM-19555.Desktop.-.Account.switching.now.works.for.users.in.a.TDE.locked.state.mov

PM-19555.Extension.-.Account.switching.now.works.for.users.in.a.TDE.locked.state.mov

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[codecov]

Codecov Report

Attention: Patch coverage is 34.54545% with 36 lines in your changes missing coverage. Please review.

Project coverage is 36.34%. Comparing base (21da518) to head (d07cc16).
Report is 27 commits behind head on main.

✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
apps/browser/src/popup/app.component.ts	0.00%	12 Missing ⚠️
apps/desktop/src/app/app.component.ts	0.00%	8 Missing ⚠️
.../auth/popup/account-switching/account.component.ts	0.00%	5 Missing ⚠️
...tion-options/login-decryption-options.component.ts	0.00%	5 Missing ⚠️
...up/account-switching/account-switcher.component.ts	0.00%	4 Missing ⚠️
apps/browser/src/popup/services/services.module.ts	0.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #14630      +/-   ##
==========================================
+ Coverage   36.28%   36.34%   +0.06%     
==========================================
  Files        3197     3190       -7     
  Lines       92345    92116     -229     
  Branches    16566    16526      -40     
==========================================
- Hits        33503    33479      -24     
+ Misses      56448    56246     -202     
+ Partials     2394     2391       -3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

Checkmarx One – Scan Summary & Details – ab621e55-d568-4117-adc5-8f7dc93656d5

New Issues (1)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	Client_DOM_Open_Redirect	/apps/desktop/src/auth/accessibility-cookie.component.html: 18	details The potentially tainted value provided by link in /apps/desktop/src/auth/accessibility-cookie.component.html at line 18 is used as a destination... ID: n8z%2BtT3KdiqSNpDTrTSQQymGG%2BY%3D Attack Vector

[JaredSnider-Bitwarden]

Product signed off on this change in behavior so next up users are left in the correct default state instead of on any screen that the first user was using.

[quexten]

I have only reviewed KM-owned changes (lock component), but they look good!

[rr-bw]

❓- In this case, do we need to go through the redirect guard? Since we are dealing with an Unlocked user, can we just navigate to vault here?

[JaredSnider-Bitwarden]

Good call! Done and retested!

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[rr-bw]

Left hand is always a boolean (never null/undefined), so right hand will never be hit. Is this a mistake? See also Desktop app.component.ts.

As a sidenote, we have similar logic 2x in device-trust.service.implementation.ts