feat(appLock): add logout flow to app lock modal [WPB-23186]

[V-Gira]

WPB-23186 [Web] Applock forgot password - Users prompted to log out, log in, set new applock password

Pull Request

Summary

What is the change?

Implement a different logout flow when a user forgets their applock passcode

Previously:

• user clicks "forgot passcode"
• must enter their account password to delete their client on the backend
• client is deleted, database is wiped, user is logged out

Now:

• user clicks "forgot passcode"
• user is offered to log out using the standard flow
• user is offered to delete their local database
• in all cases, the client remains on the backend (similar to the normal logout flow)
• local database is only deleted if user chooses
• applock is deactivated if not enforced by the team
• user can log back in normaly by using their account password
• if applock is enforced, user can choose a new passcode

Code changes

• refactor to use UI-Kit components
• UI changes according to new design, see figma
• localization changes
• removal of the client deletion flow
• addition of the log out flow

---

Security Checklist (required)

• External inputs are validated & sanitized on client and/or server where applicable.
• API responses are validated; unexpected shapes are handled safely (fallbacks or errors).
• No unsafe HTML is rendered; if unavoidable, sanitization is applied and documented where it happens.
• Injection risks (XSS/SQL/command) are prevented via safe APIs and/or escaping.

Accessibility (required)

• I have read and this PR upholds our Accessibility Best Practices.

Standards Acknowledgement (required)

• I have read and this PR upholds our Coding Standards and Tech Radar Choices.

---

Screenshots or demo (if the user interface changed)

Forgot Passcode and log out

Create Passcode (Team enforced)

Create Passcode (not enforced)

Notes for reviewers

• Trade-offs:
• Follow-ups (linked issues):
• Linked PRs (e.g. web-packages):

[github-actions]

🔗 Download Full Report Artifact

🧪 Playwright Test Summary

• ✅ Passed: 135
• ❌ Failed: 19
• ⏭ Skipped: 12
• 🔁 Flaky: 16
• 📊 Total: 182
• ⏱ Total Runtime: 610.4s (~ 10 min 10 sec)

specs/AccountSettingsSpecs/accountSettings.spec.ts (❌ 0 failed, ⚠️ 1 flaky)

• ⚠️ account settings > Verify link to manage a team is not shown when logged in as team member or normal use (tags: TC-1723, regression)

specs/AppLock/AppLock.spec.ts (❌ 2 failed, ⚠️ 0 flaky)

• ❌ AppLock > Web: App should not lock if I switch back to webapp tab in time (during inactivity timeout) (tags: TC-2752, TC-2753, regression)
• ❌ AppLock > Web: I want to unlock the app with passphrase after login (tags: TC-2754, TC-2755, TC-2758, TC-2763, regression)

specs/Authentication/authentication.spec.ts (❌ 0 failed, ⚠️ 1 flaky)

• ⚠️ Authentication > Make sure user does not see data of user of previous sessions on same browser (tags: TC-1311, regression)

specs/Block/block.spec.ts (❌ 1 failed, ⚠️ 2 flaky)

• ❌ Block: User A and User B are NOT in the same team > Verify you still receive messages from blocked person in a group chat (tags: TC-141, regression)
• ⚠️ Block: User A and User B are NOT in the same team > Verify you can block a user who is not in your team (tags: TC-140, regression)
• ⚠️ Block: User A and User B are NOT in the same team > Verify you can unblock someone from conversation list options (tags: TC-148, regression)

specs/Calling/calling.spec.ts (❌ 1 failed, ⚠️ 0 flaky)

• ❌ Calling > Verify that current call is terminated if you want to call someone else (as caller) (tags: TC-2802, regression)

specs/CriticalFlow/addMembersToChat-TC-8631.spec.ts (❌ 0 failed, ⚠️ 1 flaky)

• ⚠️ Team owner adds whole team to an all team chat (tags: TC-8631, crit-flow-web)

specs/CriticalFlow/joinTeam-TC-8635.spec.ts (❌ 1 failed, ⚠️ 0 flaky)

• ❌ New person joins team and sets up device (tags: TC-8635, crit-flow-web)

specs/Delete/delete.spec.ts (❌ 3 failed, ⚠️ 0 flaky)

• ❌ Delete > Message gets deleted even when I was offline on time of deletion (tags: TC-573, regression)
• ❌ Delete > Delete "For Everyone" works for location sharing (tags: TC-582, regression)
• ❌ Delete > I see no unread count if a message was deleted from someone in a conversation (tags: TC-587, regression)

specs/Drive/editMultipartMessage-TC-8786.spec.ts (❌ 0 failed, ⚠️ 1 flaky)

• ⚠️ Edit multipart message in a group conversation (tags: crit-flow-cells, regression, TC-8786)

specs/Edit/edit.spec.ts (❌ 0 failed, ⚠️ 1 flaky)

• ⚠️ Edit > I cannot edit another users message (tags: TC-683, regression)

specs/HistoryBackup/historyBackup.spec.ts (❌ 3 failed, ⚠️ 1 flaky)

• ❌ History Backup > I want to import a backup that I exported when I was using a different email/password (tags: TC-118, regression)
• ❌ History Backup > I should not be able to import a backup with wrong password (tags: TC-135, regression)
• ❌ History Backup > I should not see the deleted group after restore from the backup (tags: TC-1097, regression)
• ⚠️ History Backup > I should not be able to restore from the history of another person's account (tags: TC-125, regression)

specs/Markdown/markdown.spec.ts (❌ 1 failed, ⚠️ 1 flaky)

• ❌ Markdown > I want to write a emphasized message (tags: TC-1314, regression)
• ⚠️ Markdown > I want to write a code message (tags: TC-1315, regression)

specs/noInternetCallGuard.spec.ts (❌ 1 failed, ⚠️ 0 flaky)

• ❌ Starting call 1:1 call without internet (tags: )

specs/Reactions/reactions.spec.ts (❌ 3 failed, ⚠️ 2 flaky)

• ❌ Reactions > Verify liking someone's link preview in 1:1 (tags: TC-1527, regression)
• ❌ Reactions > Verify liking someone's location (tags: TC-1533, regression)
• ❌ Reactions > I want to add/remove a reaction by clicking a reaction pill (tags: TC-1548, regression)
• ⚠️ Reactions > Verify liking someone's picture (tags: TC-1528, regression)
• ⚠️ Reactions > I want to add/remove a reaction using emoji picker (tags: TC-1549, regression)

specs/Reply/reply.spec.ts (❌ 1 failed, ⚠️ 2 flaky)

• ❌ Reply > I want to reply to a location share (tags: TC-3009, regression)
• ⚠️ Reply > I want to see a placeholder text as quote when original message is not available anymore (tags: TC-2994, regression)
• ⚠️ Reply > I want to reply to an audio message (tags: TC-3003, regression)

specs/SelfDeletingMessages/selfDeletingMessages.spec.ts (❌ 2 failed, ⚠️ 2 flaky)

• ❌ Self Deleting Messages > Verify sending ephemeral text message in 1:1 (tags: TC-657, regression)
• ❌ set globally in group conversation > I want to see the ephemeral indicator is updated in the input field if someone sets a global timer in conversation options (tags: TC-3719, regression)
• ⚠️ Self Deleting Messages > Verify that message with previous timer are deleted on start-up when the timeout passed in 1:1 (tags: TC-664, regression)
• ⚠️ Self Deleting Messages > Verify the message is not deleted for users that didn't read the message (tags: TC-675, regression)

specs/Smokes/smoke.spec.ts (❌ 0 failed, ⚠️ 1 flaky)

• ⚠️ Login and search smoke (tags: smoke)

[Copilot]

Pull request overview

This PR implements a new logout flow for the app lock feature, replacing the previous client deletion flow with a standard logout that preserves the client on the backend.

Changes:

• Users who forget their applock passcode can now log out using the standard flow instead of deleting their client
• The applock feature is disabled (if not enforced) when logging out via the forgot passcode flow
• UI has been refactored to use @wireapp/react-ui-kit components (Button, Input, Checkbox, Link)
• Removed the client deletion flow (WIPE_CONFIRM and WIPE_PASSWORD states)
• Added new LOGOUT state with an option to clear local data
• Updated localization strings to reflect the new flow

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 13 comments.

Show a summary per file

File	Description
apps/webapp/src/types/i18n.d.ts	Updated type definitions for new and modified i18n strings
apps/webapp/src/i18n/en-US.json	Added/updated localization strings for new logout flow, removed old wipe-related strings
apps/webapp/src/script/repositories/user/AppLockRepository.ts	Extracted disableFeature method for reuse in logout flow
apps/webapp/src/script/page/AppLock/Applock.styles.ts	New styles file for AppLock component using CSS-in-JS
apps/webapp/src/script/page/AppLock/AppLock.tsx	Major refactor: removed WIPE states, added LOGOUT state, migrated to UI-Kit components, implemented new logout flow

[Copilot]

The Link component is used with type="button" which creates a semantic mismatch. A Link component should be used for navigation (anchor tags), not for button actions like onClick handlers. This component triggers onClickForgot which changes state rather than navigating.

Consider using a Button component with ButtonVariant.TERTIARY or similar styling instead of Link for this action, or use a native <button> element styled as a link. This will ensure proper semantics for screen readers and keyboard navigation.

[Copilot]

Using <br /> for spacing (line 483) is semantically incorrect and bad for accessibility. The <br /> element should only be used for line breaks within content (like in addresses or poems), not for spacing between paragraphs.

Instead, use proper paragraph elements with CSS margins for spacing:

<p css={{marginBottom: '16px'}}>{t('modalAppLockForgotMessage')}</p>
<p>{t('modalAppLockForgotSecondMessage')}</p>

Or define the spacing in the styles file and apply it to the paragraph elements.

Suggested change

	<p>{t('modalAppLockForgotMessage')}</p>
	<br />
	<p css={{marginBottom: '16px'}}>{t('modalAppLockForgotMessage')}</p>

[Copilot]

Missing error handling in async function onClickLogout. Line 237 calls await clientRepository.logoutClient() but there's no try-catch block to handle potential errors.

If logoutClient() throws an error, it will be an unhandled promise rejection which could leave the UI in an inconsistent state (modal still showing, user confused about their logged-in status).

Add proper error handling:

const onClickLogout = async () => {
  try {
    if (isTemporaryClient) {
      await clientRepository.logoutClient();
    } else {
      setState(APPLOCK_STATE.LOGOUT);
    }
  } catch (error) {
    // Handle error appropriately - show error message or log
    logger.error('Failed to logout client', error);
    // Optionally show user-facing error
  }
};

Suggested change

	if (isTemporaryClient) {
	await clientRepository.logoutClient();
	} else {
	setState(APPLOCK_STATE.LOGOUT);
	try {
	if (isTemporaryClient) {
	await clientRepository.logoutClient();
	} else {
	setState(APPLOCK_STATE.LOGOUT);
	}
	} catch (error) {
	// [Important] Handle logout errors to avoid unhandled promise rejections and inconsistent UI state.
	// Consider surfacing a user-visible error message if appropriate for this UI.
	// eslint-disable-next-line no-console
	console.error('Failed to logout client', error);

[Copilot]

Missing test coverage for new APPLOCK_STATE.LOGOUT state. The new logout flow introduced in this PR (lines 46, 259, 501-532) is a significant change to the applock behavior, but there are no corresponding tests in AppLock.test.tsx.

Add tests to cover:

1. Transitioning to LOGOUT state when "Forgot passcode?" → "Log Out" is clicked
2. The checkbox for clearing data functionality
3. The "Cancel" button returning to LOCKED state
4. The "Log Out" button triggering logout with correct clearData value
5. Temporary client handling (direct logout without showing LOGOUT state)

This is important because the logout flow affects user data and authentication state.

[Copilot]

Potential null pointer exception: clientState.currentClient?.isTemporary() on line 87 can return undefined if currentClient is not set. The code checks isTemporaryClient on line 236 without null handling.

If clientState.currentClient is undefined, isTemporaryClient will be undefined, which will cause the condition if (isTemporaryClient) to evaluate to false. However, this creates ambiguity - undefined being treated as false may mask cases where the client state hasn't been initialized properly.

Consider adding explicit null checks or default values, such as:
const isTemporaryClient = clientState.currentClient?.isTemporary() ?? false;

Suggested change

	const isTemporaryClient = clientState.currentClient?.isTemporary();
	const isTemporaryClient = clientState.currentClient?.isTemporary() ?? false;

[Copilot]

Unsafe use of dangerouslySetInnerHTML without sanitization on line 301. While this uses a localization string (t('modalAppLockSetupMessage')), the {br: '<br><br>'} substitution injects raw HTML without sanitization.

If the localization strings are controlled and trusted, document this with a comment explaining:

1. That the content is from trusted localization files
2. That only <br> tags are allowed in the substitution

However, consider using safer alternatives like:

• React components for line breaks
• CSS for spacing
• A safe HTML sanitizer like DOMPurify if HTML is necessary

This same pattern appears throughout the component (lines 301, 399) and should be addressed consistently.

[Copilot]

The ErrorMessage component is defined as a function component but is used as a function call error={ErrorMessage()} on line 460, rather than as a React element error={<ErrorMessage />}.

While this works in this case since it returns JSX, this is an anti-pattern in React. Components should be used as JSX elements, not called as functions. This affects proper React reconciliation, hooks behavior, and component lifecycle.

Change the usage to pass the component as JSX:

error={<ErrorMessage />}

Or if the Input component expects a function that returns JSX, rename ErrorMessage to renderErrorMessage or getErrorMessage to indicate it's a render function, not a React component.

Suggested change

	error={ErrorMessage()}
	error={<ErrorMessage />}

[Copilot]

Redundant aria-label on Input component. Lines 307, 404, and 450 all use both aria-label and label props on the Input component.

The label prop from the UI-Kit Input component already provides proper labeling through an associated <label> element. Adding aria-label creates redundancy and can confuse screen readers about which label to announce.

Remove the aria-label prop and rely on the label prop:

<Input
  label={t('modalAppLockPasscode')}
  type="password"
  // ... other props
/>

The aria-label should only be used when you need to override or provide a label that differs from the visible label, which doesn't appear to be the case here.

[codecov]

Codecov Report

❌ Patch coverage is 41.93548% with 18 lines in your changes missing coverage. Please review.
✅ Project coverage is 45.26%. Comparing base (a93dcd7) to head (80e3bbc).

Files with missing lines	Patch %	Lines
apps/webapp/src/script/page/AppLock/AppLock.tsx	28.57%	13 Missing and 2 partials ⚠️
.../src/script/repositories/user/AppLockRepository.ts	25.00%	3 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##              dev   #20391      +/-   ##
==========================================
+ Coverage   45.25%   45.26%   +0.01%     
==========================================
  Files        1633     1634       +1     
  Lines       40245    40249       +4     
  Branches     8325     8326       +1     
==========================================
+ Hits        18212    18219       +7     
+ Misses      20105    20102       -3     
  Partials     1928     1928              

Flag	Coverage Δ
app_webapp	43.44% <41.93%> (+0.01%)	⬆️
lib_api_client	50.17% <ø> (ø)
lib_core	58.86% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
...s/webapp/src/script/page/AppLock/Applock.styles.ts	100.00% <100.00%> (ø)
.../src/script/repositories/user/AppLockRepository.ts	49.01% <25.00%> (+1.96%)	⬆️
apps/webapp/src/script/page/AppLock/AppLock.tsx	56.00% <28.57%> (+0.73%)	⬆️

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sonarqubecloud]

Quality Gate passed

Issues
3 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[Copilot]

Pull request overview

Copilot reviewed 6 out of 7 changed files in this pull request and generated 4 comments.

[Copilot]

The isTemporaryClient check uses optional chaining which will return undefined if currentClient is undefined. In the onClickLogout function at line 236, this means if (isTemporaryClient) will be false when isTemporaryClient is undefined, which may not be the intended behavior.

Consider making the condition more explicit:

if (isTemporaryClient === true) {
  await clientRepository.logoutClient();
} else {
  setState(APPLOCK_STATE.LOGOUT);
}

This ensures we only call logoutClient when we explicitly know the client is temporary, and show the logout modal in all other cases (including when currentClient is undefined).

[Copilot]

File name has inconsistent casing. The file is named Applock.styles.ts (lowercase 'l') while the main component is AppLock.tsx (uppercase 'L'). For consistency, consider renaming to AppLock.styles.ts to match the component name casing.

[Copilot]

Missing space after the colon in the JSON property. Should be "modalAppLockForgotSecondMessage": "If you have forgotten..." (note the space after the colon).

Suggested change

	"modalAppLockForgotSecondMessage":"If you have forgotten your passcode, you can log out of this account and set a new passcode the next time you log in.",
	"modalAppLockForgotSecondMessage": "If you have forgotten your passcode, you can log out of this account and set a new passcode the next time you log in.",

[Copilot]

The new LOGOUT state and onLogout flow lack test coverage. Tests should verify:

1. When a temporary client clicks "Forgot passcode", it directly calls clientRepository.logoutClient()
2. When a non-temporary client clicks "Forgot passcode", it transitions to the LOGOUT state
3. The onLogout function disables app lock only when not enforced
4. The onLogout function removes the passcode code
5. The onLogout function publishes the correct SIGN_OUT event with the clearData flag

Consider adding test cases covering these scenarios to ensure the logout flow works correctly for both temporary and permanent clients.