From f759e62aeb9e10ac0bcc7aba6e892025e6ebdb9d Mon Sep 17 00:00:00 2001 From: Addison Beck Date: Fri, 28 Mar 2025 14:17:18 -0400 Subject: [PATCH 001/104] fix(browser): restore timer based background syncs (#14031) * docs: fix a typo * fix(browser): restore timer-based background syncs The browser extension was not performing scheduled background syncs every 30 minutes as expected. This was due to missing task scheduling code that was accidentally removed during the web push implementation (PR #11346). This commit: - Creates a new BackgroundSyncService to manage sync scheduling - Properly initializes the sync interval in main.background.ts - Adds a test to ensure the sync initialization code isn't accidentally removed again - Organizes platform module structure to support the new service Fixes PM-19396 * review: remove unecassary await keyword --- .../src/background/main.background.spec.ts | 13 +++ .../browser/src/background/main.background.ts | 10 +- apps/browser/tsconfig.json | 1 + .../scheduling/task-scheduler.service.ts | 2 +- .../background-sync.service.spec.ts | 107 ++++++++++++++++++ .../background-sync.service.ts | 44 +++++++ libs/platform/src/background-sync/index.ts | 1 + libs/platform/src/index.ts | 1 + libs/platform/tsconfig.json | 4 +- tsconfig.json | 1 + 10 files changed, 178 insertions(+), 6 deletions(-) create mode 100644 apps/browser/src/background/main.background.spec.ts create mode 100644 libs/platform/src/background-sync/background-sync.service.spec.ts create mode 100644 libs/platform/src/background-sync/background-sync.service.ts create mode 100644 libs/platform/src/background-sync/index.ts diff --git a/apps/browser/src/background/main.background.spec.ts b/apps/browser/src/background/main.background.spec.ts new file mode 100644 index 00000000000..c2cd38b7a30 --- /dev/null +++ b/apps/browser/src/background/main.background.spec.ts @@ -0,0 +1,13 @@ +// This test skips all the initilization of the background script and just +// focuses on making sure we don't accidently delete the initilization of +// background vault syncing. This has happened before! +describe("MainBackground sync task scheduling", () => { + it("includes code to schedule the sync interval task", () => { + // Get the bootstrap method source code as string + const { default: MainBackground } = jest.requireActual("./main.background"); + const bootstrapSource = MainBackground.prototype.bootstrap.toString(); + + // Check that the source includes the critical sync interval scheduling code + expect(bootstrapSource).toContain("this.backgroundSyncService.init();"); + }); +}); diff --git a/apps/browser/src/background/main.background.ts b/apps/browser/src/background/main.background.ts index e1f0b8bfc64..cae554c872c 100644 --- a/apps/browser/src/background/main.background.ts +++ b/apps/browser/src/background/main.background.ts @@ -127,7 +127,6 @@ import { WebPushNotificationsApiService, WorkerWebPushConnectionService, } from "@bitwarden/common/platform/notifications/internal"; -import { ScheduledTaskNames } from "@bitwarden/common/platform/scheduling"; import { AppIdService } from "@bitwarden/common/platform/services/app-id.service"; import { ConfigApiService } from "@bitwarden/common/platform/services/config/config-api.service"; import { DefaultConfigService } from "@bitwarden/common/platform/services/config/default-config.service"; @@ -222,6 +221,7 @@ import { KdfConfigService, KeyService as KeyServiceAbstraction, } from "@bitwarden/key-management"; +import { BackgroundSyncService } from "@bitwarden/platform/background-sync"; import { IndividualVaultExportService, IndividualVaultExportServiceAbstraction, @@ -391,6 +391,7 @@ export default class MainBackground { offscreenDocumentService: OffscreenDocumentService; syncServiceListener: SyncServiceListener; browserInitialInstallService: BrowserInitialInstallService; + backgroundSyncService: BackgroundSyncService; webPushConnectionService: WorkerWebPushConnectionService | UnsupportedWebPushConnectionService; themeStateService: DefaultThemeStateService; @@ -585,9 +586,9 @@ export default class MainBackground { this.logService, this.stateProvider, ); - this.taskSchedulerService.registerTaskHandler(ScheduledTaskNames.scheduleNextSyncInterval, () => - this.fullSync(), - ); + + this.backgroundSyncService = new BackgroundSyncService(this.taskSchedulerService); + this.backgroundSyncService.register(() => this.fullSync()); this.environmentService = new BrowserEnvironmentService( this.logService, @@ -1368,6 +1369,7 @@ export default class MainBackground { setTimeout(async () => { await this.refreshBadge(); await this.fullSync(false); + this.backgroundSyncService.init(); this.notificationsService.startListening(); resolve(); }, 500); diff --git a/apps/browser/tsconfig.json b/apps/browser/tsconfig.json index e836af1327c..e24985f58af 100644 --- a/apps/browser/tsconfig.json +++ b/apps/browser/tsconfig.json @@ -29,6 +29,7 @@ "@bitwarden/key-management": ["../../libs/key-management/src"], "@bitwarden/key-management-ui": ["../../libs/key-management-ui/src"], "@bitwarden/platform": ["../../libs/platform/src"], + "@bitwarden/platform/*": ["../../libs/platform/src/*"], "@bitwarden/send-ui": ["../../libs/tools/send/send-ui/src"], "@bitwarden/tools-card": ["../../libs/tools/card/src"], "@bitwarden/ui-common": ["../../libs/ui/common/src"], diff --git a/libs/common/src/platform/scheduling/task-scheduler.service.ts b/libs/common/src/platform/scheduling/task-scheduler.service.ts index 35a577dda7d..3ea80c3ee0a 100644 --- a/libs/common/src/platform/scheduling/task-scheduler.service.ts +++ b/libs/common/src/platform/scheduling/task-scheduler.service.ts @@ -11,7 +11,7 @@ import { ScheduledTaskName } from "./scheduled-task-name.enum"; * in the future but the task that is ran is NOT the remainder of your RXJS pipeline. The * task you want ran must instead be registered in a location reachable on a service worker * startup (on browser). An example of an acceptible location is the constructor of a service - * you know is created in `MainBackground`. Uses of this API is other clients _can_ have the + * you know is created in `MainBackground`. Uses of this API in other clients _can_ have the * `registerTaskHandler` call in more places, but in order to have it work across clients * it is recommended to register it according to the rules of browser. * diff --git a/libs/platform/src/background-sync/background-sync.service.spec.ts b/libs/platform/src/background-sync/background-sync.service.spec.ts new file mode 100644 index 00000000000..1deb907b151 --- /dev/null +++ b/libs/platform/src/background-sync/background-sync.service.spec.ts @@ -0,0 +1,107 @@ +import { mock, MockProxy } from "jest-mock-extended"; + +import { TaskSchedulerService, ScheduledTaskNames } from "@bitwarden/common/platform/scheduling"; + +import { BackgroundSyncService, DEFAULT_SYNC_INTERVAL_MS } from "./background-sync.service"; + +describe("BackgroundSyncService", () => { + let taskSchedulerService: MockProxy; + let backgroundSyncService: BackgroundSyncService; + + beforeEach(() => { + taskSchedulerService = mock(); + backgroundSyncService = new BackgroundSyncService(taskSchedulerService); + }); + + describe("register", () => { + it("registers a task handler with the correct task name", () => { + // Arrange + const syncCallback = jest.fn().mockResolvedValue(undefined); + + // Act + backgroundSyncService.register(syncCallback); + + // Assert + expect(taskSchedulerService.registerTaskHandler).toHaveBeenCalledTimes(1); + expect(taskSchedulerService.registerTaskHandler).toHaveBeenCalledWith( + ScheduledTaskNames.scheduleNextSyncInterval, + syncCallback, + ); + }); + }); + + describe("init", () => { + it("schedules the sync interval task with default interval", () => { + // Act + backgroundSyncService.init(); + + // Assert + expect(taskSchedulerService.setInterval).toHaveBeenCalledTimes(1); + expect(taskSchedulerService.setInterval).toHaveBeenCalledWith( + ScheduledTaskNames.scheduleNextSyncInterval, + DEFAULT_SYNC_INTERVAL_MS, + ); + }); + + it("schedules the sync interval task with custom interval", () => { + // Arrange + const customInterval = 60000; // 1 minute + + // Act + backgroundSyncService.init(customInterval); + + // Assert + expect(taskSchedulerService.setInterval).toHaveBeenCalledTimes(1); + expect(taskSchedulerService.setInterval).toHaveBeenCalledWith( + ScheduledTaskNames.scheduleNextSyncInterval, + customInterval, + ); + }); + + it("correctly handles zero interval by using default", () => { + // Act + backgroundSyncService.init(0); + + // Assert + expect(taskSchedulerService.setInterval).toHaveBeenCalledTimes(1); + expect(taskSchedulerService.setInterval).toHaveBeenCalledWith( + ScheduledTaskNames.scheduleNextSyncInterval, + DEFAULT_SYNC_INTERVAL_MS, + ); + }); + + it("correctly handles negative interval by using default", () => { + // Act + backgroundSyncService.init(-1000); + + // Assert + expect(taskSchedulerService.setInterval).toHaveBeenCalledTimes(1); + expect(taskSchedulerService.setInterval).toHaveBeenCalledWith( + ScheduledTaskNames.scheduleNextSyncInterval, + DEFAULT_SYNC_INTERVAL_MS, + ); + }); + }); + + describe("full integration", () => { + it("registers and initializes correctly in sequence", () => { + // Arrange + const syncCallback = jest.fn().mockResolvedValue(undefined); + const customInterval = 45000; // 45 seconds + + // Act + backgroundSyncService.register(syncCallback); + backgroundSyncService.init(customInterval); + + // Assert + expect(taskSchedulerService.registerTaskHandler).toHaveBeenCalledWith( + ScheduledTaskNames.scheduleNextSyncInterval, + syncCallback, + ); + expect(taskSchedulerService.setInterval).toHaveBeenCalledWith( + ScheduledTaskNames.scheduleNextSyncInterval, + customInterval, + ); + }); + }); +}); diff --git a/libs/platform/src/background-sync/background-sync.service.ts b/libs/platform/src/background-sync/background-sync.service.ts new file mode 100644 index 00000000000..dc1b49d399e --- /dev/null +++ b/libs/platform/src/background-sync/background-sync.service.ts @@ -0,0 +1,44 @@ +import { TaskSchedulerService, ScheduledTaskNames } from "@bitwarden/common/platform/scheduling"; + +/** + * The default interval between background syncs. + * 300,000ms = 5 minutes + */ +export const DEFAULT_SYNC_INTERVAL_MS = 300000; + +/** + * Service responsible for registering and managing background synchronization for the browser extension. + * Handles scheduling of periodic sync operations using the task scheduler infrastructure. + */ + +export class BackgroundSyncService { + /** + * Creates a new instance of BackgroundSyncService. + * @param taskSchedulerService - Service that handles scheduling and execution of periodic tasks + */ + constructor(private taskSchedulerService: TaskSchedulerService) {} + + /** + * Registers a callback function to be executed when the sync interval task is triggered. + * This associates the sync task name with the provided callback in the task scheduler. + * + * @param syncCallback - The function to execute when the sync task is triggered + */ + register(syncCallback: () => Promise) { + this.taskSchedulerService.registerTaskHandler( + ScheduledTaskNames.scheduleNextSyncInterval, + syncCallback, + ); + } + + /** + * Initializes the background sync service by scheduling the sync interval task. + * This sets up a recurring timer that triggers the registered sync callback at regular intervals. + * + * @param intervalMs - The interval in milliseconds between sync operations (defaults to 300000ms/5 minutes) + */ + init(intervalMs: number = DEFAULT_SYNC_INTERVAL_MS) { + intervalMs = intervalMs < 1 ? DEFAULT_SYNC_INTERVAL_MS : intervalMs; + this.taskSchedulerService.setInterval(ScheduledTaskNames.scheduleNextSyncInterval, intervalMs); + } +} diff --git a/libs/platform/src/background-sync/index.ts b/libs/platform/src/background-sync/index.ts new file mode 100644 index 00000000000..adfeec608be --- /dev/null +++ b/libs/platform/src/background-sync/index.ts @@ -0,0 +1 @@ +export * from "./background-sync.service"; diff --git a/libs/platform/src/index.ts b/libs/platform/src/index.ts index f11ec102845..3fabe3fad1a 100644 --- a/libs/platform/src/index.ts +++ b/libs/platform/src/index.ts @@ -1 +1,2 @@ export * from "./services/browser-service"; +export * from "./background-sync"; diff --git a/libs/platform/tsconfig.json b/libs/platform/tsconfig.json index eaa021247d8..898f9e41c6a 100644 --- a/libs/platform/tsconfig.json +++ b/libs/platform/tsconfig.json @@ -1,7 +1,9 @@ { "extends": "../shared/tsconfig", "compilerOptions": { - "paths": {} + "paths": { + "@bitwarden/common/*": ["../common/src/*"] + } }, "include": ["src", "spec"], "exclude": ["node_modules", "dist"] diff --git a/tsconfig.json b/tsconfig.json index fb50f1e7033..c82851d50c8 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -35,6 +35,7 @@ "@bitwarden/key-management-ui": ["./libs/key-management-ui/src"], "@bitwarden/node/*": ["./libs/node/src/*"], "@bitwarden/platform": ["./libs/platform/src"], + "@bitwarden/platform/*": ["./libs/platform/src/*"], "@bitwarden/send-ui": ["./libs/tools/send/send-ui/src"], "@bitwarden/tools-card": ["./libs/tools/card/src"], "@bitwarden/ui-common": ["./libs/ui/common/src"], From 66a914badfd65046ce5969163e957ef8f919f5a8 Mon Sep 17 00:00:00 2001 From: Jason Ng Date: Fri, 28 Mar 2025 15:50:30 -0400 Subject: [PATCH 002/104] [PM-19654] add hideIcon option to extension anon layout (#14045) --- .../extension-anon-layout-wrapper.component.html | 1 + .../extension-anon-layout-wrapper.component.ts | 10 ++++++++++ .../extension-anon-layout-wrapper.stories.ts | 2 ++ .../anon-layout/anon-layout.component.html | 2 +- .../angular/anon-layout/anon-layout.component.ts | 1 + .../angular/anon-layout/anon-layout.stories.ts | 16 ++++++++++++++++ 6 files changed, 31 insertions(+), 1 deletion(-) diff --git a/apps/browser/src/auth/popup/extension-anon-layout-wrapper/extension-anon-layout-wrapper.component.html b/apps/browser/src/auth/popup/extension-anon-layout-wrapper/extension-anon-layout-wrapper.component.html index 88a3b1c3076..54cb5203a87 100644 --- a/apps/browser/src/auth/popup/extension-anon-layout-wrapper/extension-anon-layout-wrapper.component.html +++ b/apps/browser/src/auth/popup/extension-anon-layout-wrapper/extension-anon-layout-wrapper.component.html @@ -21,6 +21,7 @@ [hideLogo]="true" [maxWidth]="maxWidth" [hideFooter]="hideFooter" + [hideIcon]="hideIcon" > diff --git a/apps/browser/src/auth/popup/extension-anon-layout-wrapper/extension-anon-layout-wrapper.component.ts b/apps/browser/src/auth/popup/extension-anon-layout-wrapper/extension-anon-layout-wrapper.component.ts index 10ef65d0654..51dbb6503d7 100644 --- a/apps/browser/src/auth/popup/extension-anon-layout-wrapper/extension-anon-layout-wrapper.component.ts +++ b/apps/browser/src/auth/popup/extension-anon-layout-wrapper/extension-anon-layout-wrapper.component.ts @@ -26,6 +26,7 @@ export interface ExtensionAnonLayoutWrapperData extends AnonLayoutWrapperData { showBackButton?: boolean; showLogo?: boolean; hideFooter?: boolean; + hideIcon?: boolean; } @Component({ @@ -48,6 +49,7 @@ export class ExtensionAnonLayoutWrapperComponent implements OnInit, OnDestroy { protected showAcctSwitcher: boolean; protected showBackButton: boolean; protected showLogo: boolean = true; + protected hideIcon: boolean = false; protected pageTitle: string; protected pageSubtitle: string; @@ -129,6 +131,10 @@ export class ExtensionAnonLayoutWrapperComponent implements OnInit, OnDestroy { if (firstChildRouteData["showLogo"] !== undefined) { this.showLogo = Boolean(firstChildRouteData["showLogo"]); } + + if (firstChildRouteData["hideIcon"] !== undefined) { + this.hideIcon = Boolean(firstChildRouteData["hideIcon"]); + } } private listenForServiceDataChanges() { @@ -180,6 +186,10 @@ export class ExtensionAnonLayoutWrapperComponent implements OnInit, OnDestroy { if (data.showLogo !== undefined) { this.showLogo = data.showLogo; } + + if (data.hideIcon !== undefined) { + this.hideIcon = data.hideIcon; + } } private handleStringOrTranslation(value: string | Translation): string { diff --git a/apps/browser/src/auth/popup/extension-anon-layout-wrapper/extension-anon-layout-wrapper.stories.ts b/apps/browser/src/auth/popup/extension-anon-layout-wrapper/extension-anon-layout-wrapper.stories.ts index 841eefda0ad..a0990485d49 100644 --- a/apps/browser/src/auth/popup/extension-anon-layout-wrapper/extension-anon-layout-wrapper.stories.ts +++ b/apps/browser/src/auth/popup/extension-anon-layout-wrapper/extension-anon-layout-wrapper.stories.ts @@ -242,6 +242,7 @@ const initialData: ExtensionAnonLayoutWrapperData = { showAcctSwitcher: true, showBackButton: true, showLogo: true, + hideIcon: false, }; const changedData: ExtensionAnonLayoutWrapperData = { @@ -255,6 +256,7 @@ const changedData: ExtensionAnonLayoutWrapperData = { showAcctSwitcher: false, showBackButton: false, showLogo: false, + hideIcon: false, }; @Component({ diff --git a/libs/auth/src/angular/anon-layout/anon-layout.component.html b/libs/auth/src/angular/anon-layout/anon-layout.component.html index 4120ea59002..f31a5500b43 100644 --- a/libs/auth/src/angular/anon-layout/anon-layout.component.html +++ b/libs/auth/src/angular/anon-layout/anon-layout.component.html @@ -17,7 +17,7 @@ class="tw-text-center tw-mb-4 sm:tw-mb-6" [ngClass]="{ 'tw-max-w-md tw-mx-auto': titleAreaMaxWidth === 'md' }" > -
+
diff --git a/libs/auth/src/angular/anon-layout/anon-layout.component.ts b/libs/auth/src/angular/anon-layout/anon-layout.component.ts index 05ddb9614f1..1ca4ccd2432 100644 --- a/libs/auth/src/angular/anon-layout/anon-layout.component.ts +++ b/libs/auth/src/angular/anon-layout/anon-layout.component.ts @@ -39,6 +39,7 @@ export class AnonLayoutComponent implements OnInit, OnChanges { @Input() showReadonlyHostname: boolean; @Input() hideLogo: boolean = false; @Input() hideFooter: boolean = false; + @Input() hideIcon: boolean = false; /** * Max width of the title area content diff --git a/libs/auth/src/angular/anon-layout/anon-layout.stories.ts b/libs/auth/src/angular/anon-layout/anon-layout.stories.ts index c7e15d9dcfa..34d561d5210 100644 --- a/libs/auth/src/angular/anon-layout/anon-layout.stories.ts +++ b/libs/auth/src/angular/anon-layout/anon-layout.stories.ts @@ -163,6 +163,22 @@ export const WithCustomIcon: Story = { }), }; +export const HideIcon: Story = { + render: (args) => ({ + props: args, + template: + // Projected content (the
) and styling is just a sample and can be replaced with any content/styling. + ` + +
+
Primary Projected Content Area (customizable)
+
Lorem ipsum dolor sit amet consectetur adipisicing elit. Necessitatibus illum vero, placeat recusandae esse ratione eius minima veniam nemo, quas beatae! Impedit molestiae alias sapiente explicabo. Sapiente corporis ipsa numquam?
+
+ + `, + }), +}; + export const HideLogo: Story = { render: (args) => ({ props: args, From 907abc9dae3ecb5b994d9e6d852d60576ec64bdb Mon Sep 17 00:00:00 2001 From: Todd Martin <106564991+trmartin4@users.noreply.github.com> Date: Sun, 30 Mar 2025 15:49:52 -0400 Subject: [PATCH 003/104] Complete feature flag grouping by team (#14054) * Completed feature flag grouping * Added organization of default value section. * Clarified comment. --- libs/common/src/enums/feature-flag.enum.ts | 52 +++++++++++++--------- 1 file changed, 31 insertions(+), 21 deletions(-) diff --git a/libs/common/src/enums/feature-flag.enum.ts b/libs/common/src/enums/feature-flag.enum.ts index c5119cd5206..1907f6539c5 100644 --- a/libs/common/src/enums/feature-flag.enum.ts +++ b/libs/common/src/enums/feature-flag.enum.ts @@ -2,6 +2,8 @@ * Feature flags. * * Flags MUST be short lived and SHALL be removed once enabled. + * + * Flags should be grouped by team to have visibility of ownership and cleanup. */ export enum FeatureFlag { /* Admin Console Team */ @@ -9,6 +11,11 @@ export enum FeatureFlag { VerifiedSsoDomainEndpoint = "pm-12337-refactor-sso-details-endpoint", LimitItemDeletion = "pm-15493-restrict-item-deletion-to-can-manage-permission", SsoExternalIdVisibility = "pm-18630-sso-external-id-visibility", + AccountDeprovisioningBanner = "pm-17120-account-deprovisioning-admin-console-banner", + + /* Auth */ + PM9112_DeviceApprovalPersistence = "pm-9112-device-approval-persistence", + UnauthenticatedExtensionUIRefresh = "unauth-ui-refresh", /* Autofill */ BlockBrowserInjectionsByDomain = "block-browser-injections-by-domain", @@ -21,6 +28,18 @@ export enum FeatureFlag { NotificationBarAddLoginImprovements = "notification-bar-add-login-improvements", NotificationRefresh = "notification-refresh", UseTreeWalkerApiForPageDetailsCollection = "use-tree-walker-api-for-page-details-collection", + MacOsNativeCredentialSync = "macos-native-credential-sync", + + /* Billing */ + TrialPaymentOptional = "PM-8163-trial-payment", + PM15179_AddExistingOrgsFromProviderPortal = "pm-15179-add-existing-orgs-from-provider-portal", + PM12276_BreadcrumbEventLogs = "pm-12276-breadcrumbing-for-business-features", + PM18794_ProviderPaymentMethod = "pm-18794-provider-payment-method", + + /* Key Management */ + PrivateKeyRegeneration = "pm-12241-private-key-regeneration", + UserKeyRotationV2 = "userkey-rotation-v2", + PM4154_BulkEncryptionService = "PM-4154-bulk-encryption-service", /* Tools */ ItemShare = "item-share", @@ -36,21 +55,7 @@ export enum FeatureFlag { NewDeviceVerificationPermanentDismiss = "new-device-permanent-dismiss", VaultBulkManagementAction = "vault-bulk-management-action", SecurityTasks = "security-tasks", - - /* Auth */ - PM9112_DeviceApprovalPersistence = "pm-9112-device-approval-persistence", - - UserKeyRotationV2 = "userkey-rotation-v2", - PM4154_BulkEncryptionService = "PM-4154-bulk-encryption-service", - UnauthenticatedExtensionUIRefresh = "unauth-ui-refresh", CipherKeyEncryption = "cipher-key-encryption", - TrialPaymentOptional = "PM-8163-trial-payment", - MacOsNativeCredentialSync = "macos-native-credential-sync", - PrivateKeyRegeneration = "pm-12241-private-key-regeneration", - AccountDeprovisioningBanner = "pm-17120-account-deprovisioning-admin-console-banner", - PM15179_AddExistingOrgsFromProviderPortal = "pm-15179-add-existing-orgs-from-provider-portal", - PM12276_BreadcrumbEventLogs = "pm-12276-breadcrumbing-for-business-features", - PM18794_ProviderPaymentMethod = "pm-18794-provider-payment-method", } export type AllowedFeatureFlagTypes = boolean | number | string; @@ -63,6 +68,8 @@ const FALSE = false as boolean; * * DO NOT enable previously disabled flags, REMOVE them instead. * We support true as a value as we prefer flags to "enable" not "disable". + * + * Flags should be grouped by team to have visibility of ownership and cleanup. */ export const DefaultFeatureFlagValue = { /* Admin Console Team */ @@ -70,6 +77,7 @@ export const DefaultFeatureFlagValue = { [FeatureFlag.VerifiedSsoDomainEndpoint]: FALSE, [FeatureFlag.LimitItemDeletion]: FALSE, [FeatureFlag.SsoExternalIdVisibility]: FALSE, + [FeatureFlag.AccountDeprovisioningBanner]: FALSE, /* Autofill */ [FeatureFlag.BlockBrowserInjectionsByDomain]: FALSE, @@ -82,6 +90,7 @@ export const DefaultFeatureFlagValue = { [FeatureFlag.NotificationBarAddLoginImprovements]: FALSE, [FeatureFlag.NotificationRefresh]: FALSE, [FeatureFlag.UseTreeWalkerApiForPageDetailsCollection]: FALSE, + [FeatureFlag.MacOsNativeCredentialSync]: FALSE, /* Tools */ [FeatureFlag.ItemShare]: FALSE, @@ -97,21 +106,22 @@ export const DefaultFeatureFlagValue = { [FeatureFlag.NewDeviceVerificationPermanentDismiss]: FALSE, [FeatureFlag.VaultBulkManagementAction]: FALSE, [FeatureFlag.SecurityTasks]: FALSE, + [FeatureFlag.CipherKeyEncryption]: FALSE, /* Auth */ [FeatureFlag.PM9112_DeviceApprovalPersistence]: FALSE, - - [FeatureFlag.UserKeyRotationV2]: FALSE, - [FeatureFlag.PM4154_BulkEncryptionService]: FALSE, [FeatureFlag.UnauthenticatedExtensionUIRefresh]: FALSE, - [FeatureFlag.CipherKeyEncryption]: FALSE, + + /* Billing */ [FeatureFlag.TrialPaymentOptional]: FALSE, - [FeatureFlag.MacOsNativeCredentialSync]: FALSE, - [FeatureFlag.PrivateKeyRegeneration]: FALSE, - [FeatureFlag.AccountDeprovisioningBanner]: FALSE, [FeatureFlag.PM15179_AddExistingOrgsFromProviderPortal]: FALSE, [FeatureFlag.PM12276_BreadcrumbEventLogs]: FALSE, [FeatureFlag.PM18794_ProviderPaymentMethod]: FALSE, + + /* Key Management */ + [FeatureFlag.PrivateKeyRegeneration]: FALSE, + [FeatureFlag.UserKeyRotationV2]: FALSE, + [FeatureFlag.PM4154_BulkEncryptionService]: FALSE, } satisfies Record; export type DefaultFeatureFlagValueType = typeof DefaultFeatureFlagValue; From 56672a3568da7ef0a79de6d18f0ab6a6baab47b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?= Date: Mon, 31 Mar 2025 12:59:47 +0200 Subject: [PATCH 004/104] [BRE-714] Enhance TestFlight desktop publishing (#13871) * Update TestFlight deployment to use Fastlane for app uploads * Update TestFlight deployment to use Fastlane for app uploads * Fix * Fix create secret for fastlane * Fix create secret for fastlane * Fix create secret for fastlane * Install gsed to use sed on macos runner * Create test file * Fix test * Use actual token * Add TestFlight distribution option for QA testing * Update .github/workflows/build-desktop.yml Co-authored-by: MtnBurrit0 <77340197+mimartin12@users.noreply.github.com> * Add if to secret construction for fastlane --------- Co-authored-by: MtnBurrit0 <77340197+mimartin12@users.noreply.github.com> --- .github/workflows/build-desktop.yml | 42 ++++++++++++++++++++++++----- 1 file changed, 35 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml index 48ecca540e8..72b60da97a1 100644 --- a/.github/workflows/build-desktop.yml +++ b/.github/workflows/build-desktop.yml @@ -33,6 +33,10 @@ on: description: "Custom SDK branch" required: false type: string + testflight_distribute: + description: "Force distribute to TestFlight regardless of branch (useful for QA testing on feature branches)" + type: boolean + default: true defaults: run: @@ -1208,21 +1212,45 @@ jobs: path: apps/desktop/dist/mas-universal/Bitwarden-${{ env._PACKAGE_VERSION }}-universal.pkg if-no-files-found: error + - name: Create secrets for Fastlane + if: | + github.event_name != 'pull_request_target' + && (inputs.testflight_distribute || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc-desktop') + run: | + brew install gsed + + KEY_WITHOUT_NEWLINES=$(gsed -E ':a;N;$!ba;s/\r{0,1}\n/\\n/g' ~/private_keys/AuthKey_6TV9MKN3GP.p8) + + cat << EOF > ~/secrets/appstoreconnect-fastlane.json + { + "issuer_id": "${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }}", + "key_id": "6TV9MKN3GP", + "key": "$KEY_WITHOUT_NEWLINES" + } + EOF + - name: Deploy to TestFlight id: testflight-deploy if: | github.event_name != 'pull_request_target' - && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc-desktop') + && (inputs.testflight_distribute || github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc-desktop') env: APP_STORE_CONNECT_TEAM_ISSUER: ${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }} APP_STORE_CONNECT_AUTH_KEY: 6TV9MKN3GP + BRANCH: ${{ github.ref }} run: | - xcrun altool \ - --upload-app \ - --type macos \ - --file "$(find ./dist/mas-universal/Bitwarden*.pkg)" \ - --apiKey $APP_STORE_CONNECT_AUTH_KEY \ - --apiIssuer $APP_STORE_CONNECT_TEAM_ISSUER + + GIT_CHANGE="$(git show -s --format=%s)" + + BRANCH=$(echo $BRANCH | sed 's/refs\/heads\///') + + CHANGELOG="$BRANCH: $GIT_CHANGE" + + fastlane pilot upload \ + --app_identifier "com.bitwarden.desktop" \ + --changelog "$CHANGELOG" \ + --api_key_path $HOME/secrets/appstoreconnect-fastlane.json \ + --pkg "$(find ./dist/mas-universal/Bitwarden*.pkg)" - name: Post message to a Slack channel id: slack-message From 51bfbcf09056775e60fd24b11e37570e46835e85 Mon Sep 17 00:00:00 2001 From: Todd Martin <106564991+trmartin4@users.noreply.github.com> Date: Mon, 31 Mar 2025 09:11:47 -0400 Subject: [PATCH 005/104] chore(UI Refresh): [PM-19679] Remove unauth-ui-refresh flag from clients * Completed feature flag grouping * Added organization of default value section. * Clarified comment. * Removed flag * Removed merge error that duplicated comment. --- libs/common/src/enums/feature-flag.enum.ts | 2 -- 1 file changed, 2 deletions(-) diff --git a/libs/common/src/enums/feature-flag.enum.ts b/libs/common/src/enums/feature-flag.enum.ts index 1907f6539c5..798053c09d0 100644 --- a/libs/common/src/enums/feature-flag.enum.ts +++ b/libs/common/src/enums/feature-flag.enum.ts @@ -15,7 +15,6 @@ export enum FeatureFlag { /* Auth */ PM9112_DeviceApprovalPersistence = "pm-9112-device-approval-persistence", - UnauthenticatedExtensionUIRefresh = "unauth-ui-refresh", /* Autofill */ BlockBrowserInjectionsByDomain = "block-browser-injections-by-domain", @@ -110,7 +109,6 @@ export const DefaultFeatureFlagValue = { /* Auth */ [FeatureFlag.PM9112_DeviceApprovalPersistence]: FALSE, - [FeatureFlag.UnauthenticatedExtensionUIRefresh]: FALSE, /* Billing */ [FeatureFlag.TrialPaymentOptional]: FALSE, From 49924512b87098077440bcd702bd11ef318d19de Mon Sep 17 00:00:00 2001 From: Daniel James Smith <2670567+djsmith85@users.noreply.github.com> Date: Mon, 31 Mar 2025 15:55:20 +0200 Subject: [PATCH 006/104] [PM-19656] Fix zip option not being set correctly after navigating to Admin Console (#14058) * Simplify if to reduce nesting * Start subscribing to changes of the vaultSelector as soon as possible during ngOnInit --------- Co-authored-by: Daniel James Smith --- .../src/components/export.component.ts | 30 +++++++++---------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/libs/tools/export/vault-export/vault-export-ui/src/components/export.component.ts b/libs/tools/export/vault-export/vault-export-ui/src/components/export.component.ts index aecc6dcc330..c8efe093762 100644 --- a/libs/tools/export/vault-export/vault-export-ui/src/components/export.component.ts +++ b/libs/tools/export/vault-export/vault-export-ui/src/components/export.component.ts @@ -225,6 +225,20 @@ export class ExportComponent implements OnInit, OnDestroy, AfterViewInit { ), ); + combineLatest([ + this.exportForm.controls.vaultSelector.valueChanges, + this.isExportAttachmentsEnabled$, + ]) + .pipe(takeUntil(this.destroy$)) + .subscribe(([value, isExportAttachmentsEnabled]) => { + this.organizationId = value !== "myVault" ? value : undefined; + + this.formatOptions = this.formatOptions.filter((option) => option.value !== "zip"); + if (value === "myVault" && isExportAttachmentsEnabled) { + this.formatOptions.push({ name: ".zip (with attachments)", value: "zip" }); + } + }); + merge( this.exportForm.get("format").valueChanges, this.exportForm.get("fileEncryptionType").valueChanges, @@ -322,22 +336,6 @@ export class ExportComponent implements OnInit, OnDestroy, AfterViewInit { takeUntil(this.destroy$), ) .subscribe(); - - combineLatest([ - this.exportForm.controls.vaultSelector.valueChanges, - this.isExportAttachmentsEnabled$, - ]) - .pipe(takeUntil(this.destroy$)) - .subscribe(([value, isExportAttachmentsEnabled]) => { - this.organizationId = value !== "myVault" ? value : undefined; - if (value === "myVault" && isExportAttachmentsEnabled) { - if (!this.formatOptions.some((option) => option.value === "zip")) { - this.formatOptions.push({ name: ".zip (with attachments)", value: "zip" }); - } - } else { - this.formatOptions = this.formatOptions.filter((option) => option.value !== "zip"); - } - }); } ngAfterViewInit(): void { From 740d0251b8d57ceab78443f6023e86078ecfa481 Mon Sep 17 00:00:00 2001 From: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com> Date: Mon, 31 Mar 2025 15:08:03 +0100 Subject: [PATCH 007/104] [PM-19368]Add new collection from individual vault is not displaying Upgrade option rather than Save (#13965) * Resolve the pop up issue and update button * Rename a method properly --- .../collection-dialog.component.ts | 29 ++++++++++++++++--- 1 file changed, 25 insertions(+), 4 deletions(-) diff --git a/apps/web/src/app/admin-console/organizations/shared/components/collection-dialog/collection-dialog.component.ts b/apps/web/src/app/admin-console/organizations/shared/components/collection-dialog/collection-dialog.component.ts index 88746dc708b..1214c0ca411 100644 --- a/apps/web/src/app/admin-console/organizations/shared/components/collection-dialog/collection-dialog.component.ts +++ b/apps/web/src/app/admin-console/organizations/shared/components/collection-dialog/collection-dialog.component.ts @@ -13,6 +13,8 @@ import { Subject, switchMap, takeUntil, + tap, + filter, } from "rxjs"; import { first } from "rxjs/operators"; @@ -189,10 +191,29 @@ export class CollectionDialogComponent implements OnInit, OnDestroy { this.formGroup.updateValueAndValidity(); } - this.organizationSelected.valueChanges.pipe(takeUntil(this.destroy$)).subscribe((_) => { - this.organizationSelected.markAsTouched(); - this.formGroup.updateValueAndValidity(); - }); + this.organizationSelected.valueChanges + .pipe( + tap((_) => { + if (this.organizationSelected.errors?.cannotCreateCollections) { + this.buttonDisplayName = ButtonType.Upgrade; + } else { + this.buttonDisplayName = ButtonType.Save; + } + }), + filter(() => this.organizationSelected.errors?.cannotCreateCollections), + switchMap((value) => this.findOrganizationById(value)), + takeUntil(this.destroy$), + ) + .subscribe((org) => { + this.orgExceedingCollectionLimit = org; + this.organizationSelected.markAsTouched(); + this.formGroup.updateValueAndValidity(); + }); + } + + async findOrganizationById(orgId: string): Promise { + const organizations = await firstValueFrom(this.organizations$); + return organizations.find((org) => org.id === orgId); } async loadOrg(orgId: string) { From 646c7198aa2bb7953b6ee69bb619acf2ea9d1b8e Mon Sep 17 00:00:00 2001 From: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com> Date: Mon, 31 Mar 2025 15:10:36 +0100 Subject: [PATCH 008/104] Changes to add validation (#13762) --- .../app/billing/organizations/change-plan-dialog.component.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/web/src/app/billing/organizations/change-plan-dialog.component.ts b/apps/web/src/app/billing/organizations/change-plan-dialog.component.ts index dc748e9ee41..a11858f3be8 100644 --- a/apps/web/src/app/billing/organizations/change-plan-dialog.component.ts +++ b/apps/web/src/app/billing/organizations/change-plan-dialog.component.ts @@ -733,6 +733,7 @@ export class ChangePlanDialogComponent implements OnInit, OnDestroy { submit = async () => { if (this.taxComponent !== undefined && !this.taxComponent.validate()) { + this.taxComponent.markAllAsTouched(); return; } From 0311681803f4e97d3ceb15c15efcd63655c3b95c Mon Sep 17 00:00:00 2001 From: Daniel James Smith <2670567+djsmith85@users.noreply.github.com> Date: Mon, 31 Mar 2025 16:55:04 +0200 Subject: [PATCH 009/104] Fix filename not including "_encrypted_" when selecting encrypted vault exports (#14066) Co-authored-by: Daniel James Smith --- .../src/services/individual-vault-export.service.ts | 2 +- .../vault-export-core/src/services/org-vault-export.service.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libs/tools/export/vault-export/vault-export-core/src/services/individual-vault-export.service.ts b/libs/tools/export/vault-export/vault-export-core/src/services/individual-vault-export.service.ts index 765de042d32..489a28b4c79 100644 --- a/libs/tools/export/vault-export/vault-export-core/src/services/individual-vault-export.service.ts +++ b/libs/tools/export/vault-export/vault-export-core/src/services/individual-vault-export.service.ts @@ -250,7 +250,7 @@ export class IndividualVaultExportService return { type: "text/plain", data: JSON.stringify(jsonDoc, null, " "), - fileName: ExportHelper.getFileName("", "json"), + fileName: ExportHelper.getFileName("", "encrypted_json"), } as ExportedVaultAsString; } diff --git a/libs/tools/export/vault-export/vault-export-core/src/services/org-vault-export.service.ts b/libs/tools/export/vault-export/vault-export-core/src/services/org-vault-export.service.ts index f9ecd778c23..8f6494edb70 100644 --- a/libs/tools/export/vault-export/vault-export-core/src/services/org-vault-export.service.ts +++ b/libs/tools/export/vault-export/vault-export-core/src/services/org-vault-export.service.ts @@ -109,7 +109,7 @@ export class OrganizationVaultExportService data: onlyManagedCollections ? await this.getEncryptedManagedExport(organizationId) : await this.getOrganizationEncryptedExport(organizationId), - fileName: ExportHelper.getFileName("org", "json"), + fileName: ExportHelper.getFileName("org", "encrypted_json"), } as ExportedVaultAsString; } From 22039d038d7d88c92247c856f9358fb8e11c018b Mon Sep 17 00:00:00 2001 From: Bernd Schoolmann Date: Mon, 31 Mar 2025 16:58:02 +0200 Subject: [PATCH 010/104] [PM-3475] Remove deprecated keys (#13266) * Remove deprecated keys * Fix cli build * Fix build --- .../browser/src/background/main.background.ts | 2 - .../service-container/service-container.ts | 2 - .../src/services/jslib-services.module.ts | 2 - .../abstractions/pin.service.abstraction.ts | 13 +- .../pin/pin.service.implementation.ts | 171 ++---------------- .../common/services/pin/pin.service.spec.ts | 164 ++--------------- .../services/master-password.service.ts | 13 -- .../services/vault-timeout.service.ts | 1 - .../platform/abstractions/state.service.ts | 8 - .../src/platform/models/domain/account.ts | 2 - .../src/platform/services/state.service.ts | 41 ----- .../src/abstractions/key.service.ts | 8 - libs/key-management/src/key.service.spec.ts | 8 - libs/key-management/src/key.service.ts | 24 --- 14 files changed, 32 insertions(+), 427 deletions(-) diff --git a/apps/browser/src/background/main.background.ts b/apps/browser/src/background/main.background.ts index cae554c872c..eec07b5b1ed 100644 --- a/apps/browser/src/background/main.background.ts +++ b/apps/browser/src/background/main.background.ts @@ -655,9 +655,7 @@ export default class MainBackground { this.kdfConfigService, this.keyGenerationService, this.logService, - this.masterPasswordService, this.stateProvider, - this.stateService, ); this.keyService = new DefaultKeyService( diff --git a/apps/cli/src/service-container/service-container.ts b/apps/cli/src/service-container/service-container.ts index 5bc07f63c32..6a4651bcd5a 100644 --- a/apps/cli/src/service-container/service-container.ts +++ b/apps/cli/src/service-container/service-container.ts @@ -436,9 +436,7 @@ export class ServiceContainer { this.kdfConfigService, this.keyGenerationService, this.logService, - this.masterPasswordService, this.stateProvider, - this.stateService, ); this.keyService = new KeyService( diff --git a/libs/angular/src/services/jslib-services.module.ts b/libs/angular/src/services/jslib-services.module.ts index 37220b5195d..6334e5815d6 100644 --- a/libs/angular/src/services/jslib-services.module.ts +++ b/libs/angular/src/services/jslib-services.module.ts @@ -1173,9 +1173,7 @@ const safeProviders: SafeProvider[] = [ KdfConfigService, KeyGenerationServiceAbstraction, LogService, - MasterPasswordServiceAbstraction, StateProvider, - StateServiceAbstraction, ], }), safeProvider({ diff --git a/libs/auth/src/common/abstractions/pin.service.abstraction.ts b/libs/auth/src/common/abstractions/pin.service.abstraction.ts index 0d0f29dff40..16550888b94 100644 --- a/libs/auth/src/common/abstractions/pin.service.abstraction.ts +++ b/libs/auth/src/common/abstractions/pin.service.abstraction.ts @@ -1,4 +1,4 @@ -import { EncString, EncryptedString } from "@bitwarden/common/platform/models/domain/enc-string"; +import { EncString } from "@bitwarden/common/platform/models/domain/enc-string"; import { UserId } from "@bitwarden/common/types/guid"; import { PinKey, UserKey } from "@bitwarden/common/types/key"; import { KdfConfig } from "@bitwarden/key-management"; @@ -90,17 +90,6 @@ export abstract class PinServiceAbstraction { */ abstract clearUserKeyEncryptedPin(userId: UserId): Promise; - /** - * Gets the old MasterKey, encrypted by the PinKey (formerly called `pinProtected`). - * Deprecated and used for migration purposes only. - */ - abstract getOldPinKeyEncryptedMasterKey: (userId: UserId) => Promise; - - /** - * Clears the old MasterKey, encrypted by the PinKey. - */ - abstract clearOldPinKeyEncryptedMasterKey: (userId: UserId) => Promise; - /** * Makes a PinKey from the provided PIN. */ diff --git a/libs/auth/src/common/services/pin/pin.service.implementation.ts b/libs/auth/src/common/services/pin/pin.service.implementation.ts index 0f6ac05f381..99fb725c295 100644 --- a/libs/auth/src/common/services/pin/pin.service.implementation.ts +++ b/libs/auth/src/common/services/pin/pin.service.implementation.ts @@ -4,11 +4,9 @@ import { firstValueFrom, map } from "rxjs"; import { AccountService } from "@bitwarden/common/auth/abstractions/account.service"; import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service"; -import { MasterPasswordServiceAbstraction } from "@bitwarden/common/key-management/master-password/abstractions/master-password.service.abstraction"; import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service"; import { KeyGenerationService } from "@bitwarden/common/platform/abstractions/key-generation.service"; import { LogService } from "@bitwarden/common/platform/abstractions/log.service"; -import { StateService } from "@bitwarden/common/platform/abstractions/state.service"; import { EncString, EncryptedString } from "@bitwarden/common/platform/models/domain/enc-string"; import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key"; import { @@ -18,7 +16,7 @@ import { UserKeyDefinition, } from "@bitwarden/common/platform/state"; import { UserId } from "@bitwarden/common/types/guid"; -import { MasterKey, PinKey, UserKey } from "@bitwarden/common/types/key"; +import { PinKey, UserKey } from "@bitwarden/common/types/key"; import { KdfConfig, KdfConfigService } from "@bitwarden/key-management"; import { PinServiceAbstraction } from "../../abstractions/pin.service.abstraction"; @@ -73,19 +71,6 @@ export const USER_KEY_ENCRYPTED_PIN = new UserKeyDefinition( }, ); -/** - * The old MasterKey, encrypted by the PinKey (formerly called `pinProtected`). - * Deprecated and used for migration purposes only. - */ -export const OLD_PIN_KEY_ENCRYPTED_MASTER_KEY = new UserKeyDefinition( - PIN_DISK, - "oldPinKeyEncryptedMasterKey", - { - deserializer: (jsonValue) => jsonValue, - clearOn: ["logout"], - }, -); - export class PinService implements PinServiceAbstraction { constructor( private accountService: AccountService, @@ -94,9 +79,7 @@ export class PinService implements PinServiceAbstraction { private kdfConfigService: KdfConfigService, private keyGenerationService: KeyGenerationService, private logService: LogService, - private masterPasswordService: MasterPasswordServiceAbstraction, private stateProvider: StateProvider, - private stateService: StateService, ) {} async getPinKeyEncryptedUserKeyPersistent(userId: UserId): Promise { @@ -190,9 +173,7 @@ export class PinService implements PinServiceAbstraction { this.accountService.accounts$.pipe(map((accounts) => accounts[userId].email)), ); const kdfConfig = await this.kdfConfigService.getKdfConfig(); - const pinKey = await this.makePinKey(pin, email, kdfConfig); - return await this.encryptService.encrypt(userKey.key, pinKey); } @@ -242,20 +223,6 @@ export class PinService implements PinServiceAbstraction { return await this.encryptService.encrypt(pin, userKey); } - async getOldPinKeyEncryptedMasterKey(userId: UserId): Promise { - this.validateUserId(userId, "Cannot get oldPinKeyEncryptedMasterKey."); - - return await firstValueFrom( - this.stateProvider.getUserState$(OLD_PIN_KEY_ENCRYPTED_MASTER_KEY, userId), - ); - } - - async clearOldPinKeyEncryptedMasterKey(userId: UserId): Promise { - this.validateUserId(userId, "Cannot clear oldPinKeyEncryptedMasterKey."); - - await this.stateProvider.setUserState(OLD_PIN_KEY_ENCRYPTED_MASTER_KEY, null, userId); - } - async makePinKey(pin: string, salt: string, kdfConfig: KdfConfig): Promise { const pinKey = await this.keyGenerationService.deriveKeyFromPassword(pin, salt, kdfConfig); return (await this.keyGenerationService.stretchKey(pinKey)) as PinKey; @@ -264,23 +231,13 @@ export class PinService implements PinServiceAbstraction { async getPinLockType(userId: UserId): Promise { this.validateUserId(userId, "Cannot get PinLockType."); - /** - * We can't check the `userKeyEncryptedPin` (formerly called `protectedPin`) for both because old - * accounts only used it for MP on Restart - */ const aUserKeyEncryptedPinIsSet = !!(await this.getUserKeyEncryptedPin(userId)); const aPinKeyEncryptedUserKeyPersistentIsSet = !!(await this.getPinKeyEncryptedUserKeyPersistent(userId)); - const anOldPinKeyEncryptedMasterKeyIsSet = - !!(await this.getOldPinKeyEncryptedMasterKey(userId)); - if (aPinKeyEncryptedUserKeyPersistentIsSet || anOldPinKeyEncryptedMasterKeyIsSet) { + if (aPinKeyEncryptedUserKeyPersistentIsSet) { return "PERSISTENT"; - } else if ( - aUserKeyEncryptedPinIsSet && - !aPinKeyEncryptedUserKeyPersistentIsSet && - !anOldPinKeyEncryptedMasterKeyIsSet - ) { + } else if (aUserKeyEncryptedPinIsSet && !aPinKeyEncryptedUserKeyPersistentIsSet) { return "EPHEMERAL"; } else { return "DISABLED"; @@ -302,7 +259,7 @@ export class PinService implements PinServiceAbstraction { case "DISABLED": return false; case "PERSISTENT": - // The above getPinLockType call ensures that we have either a PinKeyEncryptedUserKey or OldPinKeyEncryptedMasterKey set. + // The above getPinLockType call ensures that we have either a PinKeyEncryptedUserKey set. return true; case "EPHEMERAL": { // The above getPinLockType call ensures that we have a UserKeyEncryptedPin set. @@ -326,31 +283,21 @@ export class PinService implements PinServiceAbstraction { try { const pinLockType = await this.getPinLockType(userId); - const requireMasterPasswordOnClientRestart = pinLockType === "EPHEMERAL"; - const { pinKeyEncryptedUserKey, oldPinKeyEncryptedMasterKey } = - await this.getPinKeyEncryptedKeys(pinLockType, userId); + const pinKeyEncryptedUserKey = await this.getPinKeyEncryptedKeys(pinLockType, userId); const email = await firstValueFrom( this.accountService.accounts$.pipe(map((accounts) => accounts[userId].email)), ); const kdfConfig = await this.kdfConfigService.getKdfConfig(); - let userKey: UserKey; - - if (oldPinKeyEncryptedMasterKey) { - userKey = await this.decryptAndMigrateOldPinKeyEncryptedMasterKey( - userId, - pin, - email, - kdfConfig, - requireMasterPasswordOnClientRestart, - oldPinKeyEncryptedMasterKey, - ); - } else { - userKey = await this.decryptUserKey(userId, pin, email, kdfConfig, pinKeyEncryptedUserKey); - } - + const userKey: UserKey = await this.decryptUserKey( + userId, + pin, + email, + kdfConfig, + pinKeyEncryptedUserKey, + ); if (!userKey) { this.logService.warning(`User key null after pin key decryption.`); return null; @@ -394,109 +341,23 @@ export class PinService implements PinServiceAbstraction { } /** - * Creates a new `pinKeyEncryptedUserKey` and clears the `oldPinKeyEncryptedMasterKey`. - * @returns UserKey - */ - private async decryptAndMigrateOldPinKeyEncryptedMasterKey( - userId: UserId, - pin: string, - email: string, - kdfConfig: KdfConfig, - requireMasterPasswordOnClientRestart: boolean, - oldPinKeyEncryptedMasterKey: EncString, - ): Promise { - this.validateUserId(userId, "Cannot decrypt and migrate oldPinKeyEncryptedMasterKey."); - - const masterKey = await this.decryptMasterKeyWithPin( - userId, - pin, - email, - kdfConfig, - oldPinKeyEncryptedMasterKey, - ); - - const encUserKey = await this.stateService.getEncryptedCryptoSymmetricKey({ userId: userId }); - - const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey( - masterKey, - userId, - encUserKey ? new EncString(encUserKey) : undefined, - ); - - const pinKeyEncryptedUserKey = await this.createPinKeyEncryptedUserKey(pin, userKey, userId); - await this.storePinKeyEncryptedUserKey( - pinKeyEncryptedUserKey, - requireMasterPasswordOnClientRestart, - userId, - ); - - const userKeyEncryptedPin = await this.createUserKeyEncryptedPin(pin, userKey); - await this.setUserKeyEncryptedPin(userKeyEncryptedPin, userId); - - await this.clearOldPinKeyEncryptedMasterKey(userId); - - return userKey; - } - - // Only for migration purposes - private async decryptMasterKeyWithPin( - userId: UserId, - pin: string, - salt: string, - kdfConfig: KdfConfig, - oldPinKeyEncryptedMasterKey?: EncString, - ): Promise { - this.validateUserId(userId, "Cannot decrypt master key with PIN."); - - if (!oldPinKeyEncryptedMasterKey) { - const oldPinKeyEncryptedMasterKeyString = await this.getOldPinKeyEncryptedMasterKey(userId); - - if (oldPinKeyEncryptedMasterKeyString == null) { - throw new Error("No oldPinKeyEncrytedMasterKey found."); - } - - oldPinKeyEncryptedMasterKey = new EncString(oldPinKeyEncryptedMasterKeyString); - } - - const pinKey = await this.makePinKey(pin, salt, kdfConfig); - const masterKey = await this.encryptService.decryptToBytes(oldPinKeyEncryptedMasterKey, pinKey); - - return new SymmetricCryptoKey(masterKey) as MasterKey; - } - - /** - * Gets the user's `pinKeyEncryptedUserKey` (persistent or ephemeral) and `oldPinKeyEncryptedMasterKey` + * Gets the user's `pinKeyEncryptedUserKey` (persistent or ephemeral) * (if one exists) based on the user's PinLockType. * - * @remarks The `oldPinKeyEncryptedMasterKey` (formerly `pinProtected`) is only used for migration and - * will be null for all migrated accounts. * @throws If PinLockType is 'DISABLED' or if userId is not provided */ private async getPinKeyEncryptedKeys( pinLockType: PinLockType, userId: UserId, - ): Promise<{ pinKeyEncryptedUserKey: EncString; oldPinKeyEncryptedMasterKey?: EncString }> { + ): Promise { this.validateUserId(userId, "Cannot get PinKey encrypted keys."); switch (pinLockType) { case "PERSISTENT": { - const pinKeyEncryptedUserKey = await this.getPinKeyEncryptedUserKeyPersistent(userId); - const oldPinKeyEncryptedMasterKey = await this.getOldPinKeyEncryptedMasterKey(userId); - - return { - pinKeyEncryptedUserKey, - oldPinKeyEncryptedMasterKey: oldPinKeyEncryptedMasterKey - ? new EncString(oldPinKeyEncryptedMasterKey) - : undefined, - }; + return await this.getPinKeyEncryptedUserKeyPersistent(userId); } case "EPHEMERAL": { - const pinKeyEncryptedUserKey = await this.getPinKeyEncryptedUserKeyEphemeral(userId); - - return { - pinKeyEncryptedUserKey, - oldPinKeyEncryptedMasterKey: undefined, // Going forward, we only migrate non-ephemeral version - }; + return await this.getPinKeyEncryptedUserKeyEphemeral(userId); } case "DISABLED": throw new Error("Pin is disabled"); diff --git a/libs/auth/src/common/services/pin/pin.service.spec.ts b/libs/auth/src/common/services/pin/pin.service.spec.ts index 794d08b63b2..ebdc36219ef 100644 --- a/libs/auth/src/common/services/pin/pin.service.spec.ts +++ b/libs/auth/src/common/services/pin/pin.service.spec.ts @@ -1,11 +1,9 @@ import { mock } from "jest-mock-extended"; import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service"; -import { FakeMasterPasswordService } from "@bitwarden/common/key-management/master-password/services/fake-master-password.service"; import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service"; import { KeyGenerationService } from "@bitwarden/common/platform/abstractions/key-generation.service"; import { LogService } from "@bitwarden/common/platform/abstractions/log.service"; -import { StateService } from "@bitwarden/common/platform/abstractions/state.service"; import { Utils } from "@bitwarden/common/platform/misc/utils"; import { EncString } from "@bitwarden/common/platform/models/domain/enc-string"; import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key"; @@ -15,14 +13,13 @@ import { mockAccountServiceWith, } from "@bitwarden/common/spec"; import { UserId } from "@bitwarden/common/types/guid"; -import { MasterKey, PinKey, UserKey } from "@bitwarden/common/types/key"; +import { PinKey, UserKey } from "@bitwarden/common/types/key"; import { DEFAULT_KDF_CONFIG, KdfConfigService } from "@bitwarden/key-management"; import { PinService, PIN_KEY_ENCRYPTED_USER_KEY_PERSISTENT, PIN_KEY_ENCRYPTED_USER_KEY_EPHEMERAL, - OLD_PIN_KEY_ENCRYPTED_MASTER_KEY, USER_KEY_ENCRYPTED_PIN, PinLockType, } from "./pin.service.implementation"; @@ -31,7 +28,6 @@ describe("PinService", () => { let sut: PinService; let accountService: FakeAccountService; - let masterPasswordService: FakeMasterPasswordService; let stateProvider: FakeStateProvider; const cryptoFunctionService = mock(); @@ -39,11 +35,9 @@ describe("PinService", () => { const kdfConfigService = mock(); const keyGenerationService = mock(); const logService = mock(); - const stateService = mock(); const mockUserId = Utils.newGuid() as UserId; const mockUserKey = new SymmetricCryptoKey(randomBytes(64)) as UserKey; - const mockMasterKey = new SymmetricCryptoKey(randomBytes(32)) as MasterKey; const mockPinKey = new SymmetricCryptoKey(randomBytes(32)) as PinKey; const mockUserEmail = "user@example.com"; const mockPin = "1234"; @@ -57,15 +51,10 @@ describe("PinService", () => { "2.fb5kOEZvh9zPABbP8WRmSQ==|Yi6ZAJY+UtqCKMUSqp1ahY9Kf8QuneKXs6BMkpNsakLVOzTYkHHlilyGABMF7GzUO8QHyZi7V/Ovjjg+Naf3Sm8qNhxtDhibITv4k8rDnM0=|TFkq3h2VNTT1z5BFbebm37WYuxyEHXuRo0DZJI7TQnw=", ); - const oldPinKeyEncryptedMasterKeyPostMigration: any = null; - const oldPinKeyEncryptedMasterKeyPreMigrationPersistent = - "2.fb5kOEZvh9zPABbP8WRmSQ==|Yi6ZAJY+UtqCKMUSqp1ahY9Kf8QuneKXs6BMkpNsakLVOzTYkHHlilyGABMF7GzUO8QHyZi7V/Ovjjg+Naf3Sm8qNhxtDhibITv4k8rDnM0=|TFkq3h2VNTT1z5BFbebm37WYuxyEHXuRo0DZJI7TQnw="; - beforeEach(() => { jest.clearAllMocks(); accountService = mockAccountServiceWith(mockUserId, { email: mockUserEmail }); - masterPasswordService = new FakeMasterPasswordService(); stateProvider = new FakeStateProvider(accountService); sut = new PinService( @@ -75,9 +64,7 @@ describe("PinService", () => { kdfConfigService, keyGenerationService, logService, - masterPasswordService, stateProvider, - stateService, ); }); @@ -111,12 +98,6 @@ describe("PinService", () => { await expect(sut.clearUserKeyEncryptedPin(undefined)).rejects.toThrow( "User ID is required. Cannot clear userKeyEncryptedPin.", ); - await expect(sut.getOldPinKeyEncryptedMasterKey(undefined)).rejects.toThrow( - "User ID is required. Cannot get oldPinKeyEncryptedMasterKey.", - ); - await expect(sut.clearOldPinKeyEncryptedMasterKey(undefined)).rejects.toThrow( - "User ID is required. Cannot clear oldPinKeyEncryptedMasterKey.", - ); await expect( sut.createPinKeyEncryptedUserKey(mockPin, mockUserKey, undefined), ).rejects.toThrow("User ID is required. Cannot create pinKeyEncryptedUserKey."); @@ -288,31 +269,6 @@ describe("PinService", () => { }); }); - describe("oldPinKeyEncryptedMasterKey methods", () => { - describe("getOldPinKeyEncryptedMasterKey()", () => { - it("should get the oldPinKeyEncryptedMasterKey of the specified userId", async () => { - await sut.getOldPinKeyEncryptedMasterKey(mockUserId); - - expect(stateProvider.mock.getUserState$).toHaveBeenCalledWith( - OLD_PIN_KEY_ENCRYPTED_MASTER_KEY, - mockUserId, - ); - }); - }); - - describe("clearOldPinKeyEncryptedMasterKey()", () => { - it("should clear the oldPinKeyEncryptedMasterKey of the specified userId", async () => { - await sut.clearOldPinKeyEncryptedMasterKey(mockUserId); - - expect(stateProvider.mock.setUserState).toHaveBeenCalledWith( - OLD_PIN_KEY_ENCRYPTED_MASTER_KEY, - null, - mockUserId, - ); - }); - }); - }); - describe("makePinKey()", () => { it("should make a PinKey", async () => { // Arrange @@ -346,26 +302,10 @@ describe("PinService", () => { expect(result).toBe("PERSISTENT"); }); - it("should return 'PERSISTENT' if an old oldPinKeyEncryptedMasterKey is found", async () => { - // Arrange - sut.getUserKeyEncryptedPin = jest.fn().mockResolvedValue(null); - sut.getPinKeyEncryptedUserKeyPersistent = jest.fn().mockResolvedValue(null); - sut.getOldPinKeyEncryptedMasterKey = jest - .fn() - .mockResolvedValue(oldPinKeyEncryptedMasterKeyPreMigrationPersistent); - - // Act - const result = await sut.getPinLockType(mockUserId); - - // Assert - expect(result).toBe("PERSISTENT"); - }); - - it("should return 'EPHEMERAL' if neither a pinKeyEncryptedUserKey (persistent version) nor an old oldPinKeyEncryptedMasterKey are found, but a userKeyEncryptedPin is found", async () => { + it("should return 'EPHEMERAL' if a pinKeyEncryptedUserKey (persistent version) is not found but a userKeyEncryptedPin is found", async () => { // Arrange sut.getUserKeyEncryptedPin = jest.fn().mockResolvedValue(mockUserKeyEncryptedPin); sut.getPinKeyEncryptedUserKeyPersistent = jest.fn().mockResolvedValue(null); - sut.getOldPinKeyEncryptedMasterKey = jest.fn().mockResolvedValue(null); // Act const result = await sut.getPinLockType(mockUserId); @@ -374,11 +314,10 @@ describe("PinService", () => { expect(result).toBe("EPHEMERAL"); }); - it("should return 'DISABLED' if ALL three of these are NOT found: userKeyEncryptedPin, pinKeyEncryptedUserKey (persistent version), oldPinKeyEncryptedMasterKey", async () => { + it("should return 'DISABLED' if both of these are NOT found: userKeyEncryptedPin, pinKeyEncryptedUserKey (persistent version)", async () => { // Arrange sut.getUserKeyEncryptedPin = jest.fn().mockResolvedValue(null); sut.getPinKeyEncryptedUserKeyPersistent = jest.fn().mockResolvedValue(null); - sut.getOldPinKeyEncryptedMasterKey = jest.fn().mockResolvedValue(null); // Act const result = await sut.getPinLockType(mockUserId); @@ -476,46 +415,20 @@ describe("PinService", () => { }); describe("decryptUserKeyWithPin()", () => { - async function setupDecryptUserKeyWithPinMocks( - pinLockType: PinLockType, - migrationStatus: "PRE" | "POST" = "POST", - ) { + async function setupDecryptUserKeyWithPinMocks(pinLockType: PinLockType) { sut.getPinLockType = jest.fn().mockResolvedValue(pinLockType); - mockPinEncryptedKeyDataByPinLockType(pinLockType, migrationStatus); + mockPinEncryptedKeyDataByPinLockType(pinLockType); kdfConfigService.getKdfConfig.mockResolvedValue(DEFAULT_KDF_CONFIG); - if (pinLockType === "PERSISTENT" && migrationStatus === "PRE") { - await mockDecryptAndMigrateOldPinKeyEncryptedMasterKeyFn(); - } else { - mockDecryptUserKeyFn(); - } + mockDecryptUserKeyFn(); sut.getUserKeyEncryptedPin = jest.fn().mockResolvedValue(mockUserKeyEncryptedPin); encryptService.decryptToUtf8.mockResolvedValue(mockPin); cryptoFunctionService.compareFast.calledWith(mockPin, "1234").mockResolvedValue(true); } - async function mockDecryptAndMigrateOldPinKeyEncryptedMasterKeyFn() { - sut.makePinKey = jest.fn().mockResolvedValue(mockPinKey); - encryptService.decryptToBytes.mockResolvedValue(mockMasterKey.key); - - stateService.getEncryptedCryptoSymmetricKey.mockResolvedValue(mockUserKey.keyB64); - masterPasswordService.mock.decryptUserKeyWithMasterKey.mockResolvedValue(mockUserKey); - - sut.createPinKeyEncryptedUserKey = jest - .fn() - .mockResolvedValue(pinKeyEncryptedUserKeyPersistant); - - await sut.storePinKeyEncryptedUserKey(pinKeyEncryptedUserKeyPersistant, false, mockUserId); - - sut.createUserKeyEncryptedPin = jest.fn().mockResolvedValue(mockUserKeyEncryptedPin); - await sut.setUserKeyEncryptedPin(mockUserKeyEncryptedPin, mockUserId); - - await sut.clearOldPinKeyEncryptedMasterKey(mockUserId); - } - function mockDecryptUserKeyFn() { sut.getPinKeyEncryptedUserKeyPersistent = jest .fn() @@ -524,26 +437,12 @@ describe("PinService", () => { encryptService.decryptToBytes.mockResolvedValue(mockUserKey.key); } - function mockPinEncryptedKeyDataByPinLockType( - pinLockType: PinLockType, - migrationStatus: "PRE" | "POST" = "POST", - ) { + function mockPinEncryptedKeyDataByPinLockType(pinLockType: PinLockType) { switch (pinLockType) { case "PERSISTENT": sut.getPinKeyEncryptedUserKeyPersistent = jest .fn() .mockResolvedValue(pinKeyEncryptedUserKeyPersistant); - - if (migrationStatus === "PRE") { - sut.getOldPinKeyEncryptedMasterKey = jest - .fn() - .mockResolvedValue(oldPinKeyEncryptedMasterKeyPreMigrationPersistent); - } else { - sut.getOldPinKeyEncryptedMasterKey = jest - .fn() - .mockResolvedValue(oldPinKeyEncryptedMasterKeyPostMigration); // null - } - break; case "EPHEMERAL": sut.getPinKeyEncryptedUserKeyEphemeral = jest @@ -557,49 +456,16 @@ describe("PinService", () => { } } - const testCases: { pinLockType: PinLockType; migrationStatus: "PRE" | "POST" }[] = [ - { pinLockType: "PERSISTENT", migrationStatus: "PRE" }, - { pinLockType: "PERSISTENT", migrationStatus: "POST" }, - { pinLockType: "EPHEMERAL", migrationStatus: "POST" }, + const testCases: { pinLockType: PinLockType }[] = [ + { pinLockType: "PERSISTENT" }, + { pinLockType: "EPHEMERAL" }, ]; - testCases.forEach(({ pinLockType, migrationStatus }) => { - describe(`given a ${pinLockType} PIN (${migrationStatus} migration)`, () => { - if (pinLockType === "PERSISTENT" && migrationStatus === "PRE") { - it("should clear the oldPinKeyEncryptedMasterKey from state", async () => { - // Arrange - await setupDecryptUserKeyWithPinMocks(pinLockType, migrationStatus); - - // Act - await sut.decryptUserKeyWithPin(mockPin, mockUserId); - - // Assert - expect(stateProvider.mock.setUserState).toHaveBeenCalledWith( - OLD_PIN_KEY_ENCRYPTED_MASTER_KEY, - null, - mockUserId, - ); - }); - - it("should set the new pinKeyEncrypterUserKeyPersistent to state", async () => { - // Arrange - await setupDecryptUserKeyWithPinMocks(pinLockType, migrationStatus); - - // Act - await sut.decryptUserKeyWithPin(mockPin, mockUserId); - - // Assert - expect(stateProvider.mock.setUserState).toHaveBeenCalledWith( - PIN_KEY_ENCRYPTED_USER_KEY_PERSISTENT, - pinKeyEncryptedUserKeyPersistant.encryptedString, - mockUserId, - ); - }); - } - + testCases.forEach(({ pinLockType }) => { + describe(`given a ${pinLockType} PIN)`, () => { it(`should successfully decrypt and return user key when using a valid PIN`, async () => { // Arrange - await setupDecryptUserKeyWithPinMocks(pinLockType, migrationStatus); + await setupDecryptUserKeyWithPinMocks(pinLockType); // Act const result = await sut.decryptUserKeyWithPin(mockPin, mockUserId); @@ -610,7 +476,7 @@ describe("PinService", () => { it(`should return null when PIN is incorrect and user key cannot be decrypted`, async () => { // Arrange - await setupDecryptUserKeyWithPinMocks(pinLockType, migrationStatus); + await setupDecryptUserKeyWithPinMocks(pinLockType); sut.decryptUserKeyWithPin = jest.fn().mockResolvedValue(null); // Act @@ -623,7 +489,7 @@ describe("PinService", () => { // not sure if this is a realistic scenario but going to test it anyway it(`should return null when PIN doesn't match after successful user key decryption`, async () => { // Arrange - await setupDecryptUserKeyWithPinMocks(pinLockType, migrationStatus); + await setupDecryptUserKeyWithPinMocks(pinLockType); encryptService.decryptToUtf8.mockResolvedValue("9999"); // non matching PIN // Act diff --git a/libs/common/src/key-management/master-password/services/master-password.service.ts b/libs/common/src/key-management/master-password/services/master-password.service.ts index 72987b13827..9ed01cf0c83 100644 --- a/libs/common/src/key-management/master-password/services/master-password.service.ts +++ b/libs/common/src/key-management/master-password/services/master-password.service.ts @@ -163,19 +163,6 @@ export class MasterPasswordService implements InternalMasterPasswordServiceAbstr throw new Error("No master key found."); } - // Try one more way to get the user key if it still wasn't found. - if (userKey == null) { - const deprecatedKey = await this.stateService.getEncryptedCryptoSymmetricKey({ - userId: userId, - }); - - if (deprecatedKey == null) { - throw new Error("No encrypted user key found."); - } - - userKey = new EncString(deprecatedKey); - } - let decUserKey: Uint8Array; if (userKey.encryptionType === EncryptionType.AesCbc256_B64) { diff --git a/libs/common/src/key-management/vault-timeout/services/vault-timeout.service.ts b/libs/common/src/key-management/vault-timeout/services/vault-timeout.service.ts index 1762b9156db..d71b8972727 100644 --- a/libs/common/src/key-management/vault-timeout/services/vault-timeout.service.ts +++ b/libs/common/src/key-management/vault-timeout/services/vault-timeout.service.ts @@ -147,7 +147,6 @@ export class VaultTimeoutService implements VaultTimeoutServiceAbstraction { await this.masterPasswordService.clearMasterKey(lockingUserId); await this.stateService.setUserKeyAutoUnlock(null, { userId: lockingUserId }); - await this.stateService.setCryptoMasterKeyAuto(null, { userId: lockingUserId }); await this.cipherService.clearCache(lockingUserId); diff --git a/libs/common/src/platform/abstractions/state.service.ts b/libs/common/src/platform/abstractions/state.service.ts index 3b0ce07623b..e4dbe76d7e4 100644 --- a/libs/common/src/platform/abstractions/state.service.ts +++ b/libs/common/src/platform/abstractions/state.service.ts @@ -50,14 +50,6 @@ export abstract class StateService { value: boolean, options?: StorageOptions, ) => Promise; - /** - * @deprecated For migration purposes only, use getUserKeyMasterKey instead - */ - getEncryptedCryptoSymmetricKey: (options?: StorageOptions) => Promise; - /** - * @deprecated For migration purposes only, use setUserKeyAuto instead - */ - setCryptoMasterKeyAuto: (value: string | null, options?: StorageOptions) => Promise; getDuckDuckGoSharedKey: (options?: StorageOptions) => Promise; setDuckDuckGoSharedKey: (value: string, options?: StorageOptions) => Promise; diff --git a/libs/common/src/platform/models/domain/account.ts b/libs/common/src/platform/models/domain/account.ts index 9873e5c8574..b9d10f47e97 100644 --- a/libs/common/src/platform/models/domain/account.ts +++ b/libs/common/src/platform/models/domain/account.ts @@ -48,8 +48,6 @@ export class EncryptionPair { export class AccountKeys { publicKey?: Uint8Array; - /** @deprecated July 2023, left for migration purposes*/ - cryptoMasterKeyAuto?: string; /** @deprecated July 2023, left for migration purposes*/ cryptoSymmetricKey?: EncryptionPair = new EncryptionPair< string, diff --git a/libs/common/src/platform/services/state.service.ts b/libs/common/src/platform/services/state.service.ts index a78a9b37a8c..284c8a7f2dc 100644 --- a/libs/common/src/platform/services/state.service.ts +++ b/libs/common/src/platform/services/state.service.ts @@ -222,45 +222,6 @@ export class StateService< await this.saveSecureStorageKey(partialKeys.userBiometricKey, value, options); } - /** - * @deprecated Use UserKeyAuto instead - */ - async setCryptoMasterKeyAuto(value: string | null, options?: StorageOptions): Promise { - options = this.reconcileOptions( - this.reconcileOptions(options, { keySuffix: "auto" }), - await this.defaultSecureStorageOptions(), - ); - if (options?.userId == null) { - return; - } - await this.saveSecureStorageKey(partialKeys.autoKey, value, options); - } - - /** - * @deprecated I don't see where this is even used - */ - async getCryptoMasterKeyB64(options?: StorageOptions): Promise { - options = this.reconcileOptions(options, await this.defaultSecureStorageOptions()); - if (options?.userId == null) { - return null; - } - return await this.secureStorageService.get( - `${options?.userId}${partialKeys.masterKey}`, - options, - ); - } - - /** - * @deprecated I don't see where this is even used - */ - async setCryptoMasterKeyB64(value: string, options?: StorageOptions): Promise { - options = this.reconcileOptions(options, await this.defaultSecureStorageOptions()); - if (options?.userId == null) { - return; - } - await this.saveSecureStorageKey(partialKeys.masterKey, value, options); - } - async getDuckDuckGoSharedKey(options?: StorageOptions): Promise { options = this.reconcileOptions(options, await this.defaultSecureStorageOptions()); if (options?.userId == null) { @@ -619,8 +580,6 @@ export class StateService< await this.setUserKeyAutoUnlock(null, { userId: userId }); await this.setUserKeyBiometric(null, { userId: userId }); - await this.setCryptoMasterKeyAuto(null, { userId: userId }); - await this.setCryptoMasterKeyB64(null, { userId: userId }); } protected async removeAccountFromMemory(userId: string = null): Promise { diff --git a/libs/key-management/src/abstractions/key.service.ts b/libs/key-management/src/abstractions/key.service.ts index 659dd1bbb29..4b257fbbebd 100644 --- a/libs/key-management/src/abstractions/key.service.ts +++ b/libs/key-management/src/abstractions/key.service.ts @@ -390,14 +390,6 @@ export abstract class KeyService { publicKey: string; privateKey: EncString; }>; - /** - * Previously, the master key was used for any additional key like the biometrics or pin key. - * We have switched to using the user key for these purposes. This method is for clearing the state - * of the older keys on logout or post migration. - * @param keySuffix The desired type of key to clear - * @param userId The desired user - */ - abstract clearDeprecatedKeys(keySuffix: KeySuffixOptions, userId?: string): Promise; /** * Retrieves all the keys needed for decrypting Ciphers diff --git a/libs/key-management/src/key.service.spec.ts b/libs/key-management/src/key.service.spec.ts index 2eab9de7487..a0afc160794 100644 --- a/libs/key-management/src/key.service.spec.ts +++ b/libs/key-management/src/key.service.spec.ts @@ -252,14 +252,6 @@ describe("keyService", () => { userId: mockUserId, }); }); - - it("clears the old deprecated Auto key whenever a User Key is set", async () => { - await keyService.setUserKey(mockUserKey, mockUserId); - - expect(stateService.setCryptoMasterKeyAuto).toHaveBeenCalledWith(null, { - userId: mockUserId, - }); - }); }); it("throws if key is null", async () => { diff --git a/libs/key-management/src/key.service.ts b/libs/key-management/src/key.service.ts index b18405a4200..870513f3913 100644 --- a/libs/key-management/src/key.service.ts +++ b/libs/key-management/src/key.service.ts @@ -254,16 +254,10 @@ export class DefaultKeyService implements KeyServiceAbstraction { // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling. // eslint-disable-next-line @typescript-eslint/no-floating-promises this.stateService.setUserKeyAutoUnlock(null, { userId: userId }); - // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling. - // eslint-disable-next-line @typescript-eslint/no-floating-promises - this.clearDeprecatedKeys(KeySuffixOptions.Auto, userId); } if (keySuffix === KeySuffixOptions.Pin && userId != null) { // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling. this.pinService.clearPinKeyEncryptedUserKeyEphemeral(userId); - // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling. - // eslint-disable-next-line @typescript-eslint/no-floating-promises - this.clearDeprecatedKeys(KeySuffixOptions.Pin, userId); } } @@ -565,7 +559,6 @@ export class DefaultKeyService implements KeyServiceAbstraction { await this.pinService.clearPinKeyEncryptedUserKeyPersistent(userId); await this.pinService.clearPinKeyEncryptedUserKeyEphemeral(userId); await this.pinService.clearUserKeyEncryptedPin(userId); - await this.clearDeprecatedKeys(KeySuffixOptions.Pin, userId); } async makeSendKey(keyMaterial: CsprngArray): Promise { @@ -726,7 +719,6 @@ export class DefaultKeyService implements KeyServiceAbstraction { } else { await this.stateService.setUserKeyAutoUnlock(null, { userId: userId }); } - await this.clearDeprecatedKeys(KeySuffixOptions.Auto, userId); const storePin = await this.shouldStoreKey(KeySuffixOptions.Pin, userId); if (storePin) { @@ -749,9 +741,6 @@ export class DefaultKeyService implements KeyServiceAbstraction { noPreExistingPersistentKey, userId, ); - // We can't always clear deprecated keys because the pin is only - // migrated once used to unlock - await this.clearDeprecatedKeys(KeySuffixOptions.Pin, userId); } else { await this.pinService.clearPinKeyEncryptedUserKeyPersistent(userId); await this.pinService.clearPinKeyEncryptedUserKeyEphemeral(userId); @@ -835,19 +824,6 @@ export class DefaultKeyService implements KeyServiceAbstraction { return [new SymmetricCryptoKey(newSymKey) as T, protectedSymKey]; } - // --LEGACY METHODS-- - // We previously used the master key for additional keys, but now we use the user key. - // These methods support migrating the old keys to the new ones. - // TODO: Remove after 2023.10 release (https://bitwarden.atlassian.net/browse/PM-3475) - - async clearDeprecatedKeys(keySuffix: KeySuffixOptions, userId?: UserId) { - if (keySuffix === KeySuffixOptions.Auto) { - await this.stateService.setCryptoMasterKeyAuto(null, { userId: userId }); - } else if (keySuffix === KeySuffixOptions.Pin && userId != null) { - await this.pinService.clearOldPinKeyEncryptedMasterKey(userId); - } - } - userKey$(userId: UserId): Observable { return this.stateProvider.getUser(userId, USER_KEY).state$; } From 15738f16aee4d23e1e32d3c4634340b3bb8be46c Mon Sep 17 00:00:00 2001 From: Bernd Schoolmann Date: Mon, 31 Mar 2025 16:59:01 +0200 Subject: [PATCH 011/104] [PM-18038] Fix safari using outdated biometrics protocol (#13287) * Fix safari using outdated biometrics protocol * Remove logging * Remove log * Move canEnableBiometricUnlock to biometric service * Fix build * Add tests * Fix type error * Attempt to fix build * Fix build * Fix test failure --- .../settings/account-security.component.ts | 13 ++-- .../browser/src/background/main.background.ts | 17 +++--- .../background/nativeMessaging.background.ts | 17 ++++-- .../src/background/runtime.background.ts | 4 ++ ...kground-browser-biometrics.service.spec.ts | 61 +++++++++++++++++++ .../background-browser-biometrics.service.ts | 12 ++++ .../foreground-browser-biometrics.spec.ts | 60 ++++++++++++++++++ .../foreground-browser-biometrics.ts | 20 ++++++ .../src/popup/services/services.module.ts | 6 +- .../safari/SafariWebExtensionHandler.swift | 8 +-- .../key-management/cli-biometrics-service.ts | 3 + .../app/accounts/settings.component.spec.ts | 1 + .../src/app/accounts/settings.component.ts | 16 +---- .../biometrics/main-biometrics.service.ts | 4 ++ .../renderer-biometrics.service.spec.ts | 44 +++++++++++++ .../biometrics/renderer-biometrics.service.ts | 9 +++ .../key-management/web-biometric.service.ts | 4 ++ .../src/biometrics/biometric.service.ts | 1 + .../src/biometrics/biometrics-commands.ts | 3 + 19 files changed, 264 insertions(+), 39 deletions(-) create mode 100644 apps/browser/src/key-management/biometrics/background-browser-biometrics.service.spec.ts create mode 100644 apps/browser/src/key-management/biometrics/foreground-browser-biometrics.spec.ts create mode 100644 apps/desktop/src/key-management/biometrics/renderer-biometrics.service.spec.ts diff --git a/apps/browser/src/auth/popup/settings/account-security.component.ts b/apps/browser/src/auth/popup/settings/account-security.component.ts index 75b59b8efdc..66e5b0bb214 100644 --- a/apps/browser/src/auth/popup/settings/account-security.component.ts +++ b/apps/browser/src/auth/popup/settings/account-security.component.ts @@ -233,11 +233,7 @@ export class AccountSecurityComponent implements OnInit, OnDestroy { .pipe( switchMap(async () => { const status = await this.biometricsService.getBiometricsStatusForUser(activeAccount.id); - const biometricSettingAvailable = - !(await BrowserApi.permissionsGranted(["nativeMessaging"])) || - (status !== BiometricsStatus.DesktopDisconnected && - status !== BiometricsStatus.NotEnabledInConnectedDesktopApp) || - (await this.vaultTimeoutSettingsService.isBiometricLockSet()); + const biometricSettingAvailable = await this.biometricsService.canEnableBiometricUnlock(); if (!biometricSettingAvailable) { this.form.controls.biometric.disable({ emitEvent: false }); } else { @@ -256,6 +252,13 @@ export class AccountSecurityComponent implements OnInit, OnDestroy { "biometricsStatusHelptextNotEnabledInDesktop", activeAccount.email, ); + } else if ( + status === BiometricsStatus.HardwareUnavailable && + !biometricSettingAvailable + ) { + this.biometricUnavailabilityReason = this.i18nService.t( + "biometricsStatusHelptextHardwareUnavailable", + ); } else { this.biometricUnavailabilityReason = ""; } diff --git a/apps/browser/src/background/main.background.ts b/apps/browser/src/background/main.background.ts index eec07b5b1ed..5cc964c2c2d 100644 --- a/apps/browser/src/background/main.background.ts +++ b/apps/browser/src/background/main.background.ts @@ -672,14 +672,6 @@ export default class MainBackground { this.kdfConfigService, ); - this.biometricsService = new BackgroundBrowserBiometricsService( - runtimeNativeMessagingBackground, - this.logService, - this.keyService, - this.biometricStateService, - this.messagingService, - ); - this.appIdService = new AppIdService(this.storageService, this.logService); this.userDecryptionOptionsService = new UserDecryptionOptionsService(this.stateProvider); @@ -699,6 +691,15 @@ export default class MainBackground { VaultTimeoutStringType.OnRestart, // default vault timeout ); + this.biometricsService = new BackgroundBrowserBiometricsService( + runtimeNativeMessagingBackground, + this.logService, + this.keyService, + this.biometricStateService, + this.messagingService, + this.vaultTimeoutSettingsService, + ); + this.apiService = new ApiService( this.tokenService, this.platformUtilsService, diff --git a/apps/browser/src/background/nativeMessaging.background.ts b/apps/browser/src/background/nativeMessaging.background.ts index 8100ff3cffa..69521228bc5 100644 --- a/apps/browser/src/background/nativeMessaging.background.ts +++ b/apps/browser/src/background/nativeMessaging.background.ts @@ -120,9 +120,15 @@ export class NativeMessagingBackground { this.connecting = true; const connectedCallback = () => { - this.logService.info( - "[Native Messaging IPC] Connection to Bitwarden Desktop app established!", - ); + if (!this.platformUtilsService.isSafari()) { + this.logService.info( + "[Native Messaging IPC] Connection to Bitwarden Desktop app established!", + ); + } else { + this.logService.info( + "[Native Messaging IPC] Connection to Safari swift module established!", + ); + } this.connected = true; this.connecting = false; resolve(); @@ -131,6 +137,7 @@ export class NativeMessagingBackground { // Safari has a bundled native component which is always available, no need to // check if the desktop app is running. if (this.platformUtilsService.isSafari()) { + this.isConnectedToOutdatedDesktopClient = false; connectedCallback(); } @@ -428,7 +435,9 @@ export class NativeMessagingBackground { } if (this.callbacks.has(messageId)) { - this.callbacks.get(messageId)!.resolver(message); + const callback = this.callbacks!.get(messageId)!; + this.callbacks.delete(messageId); + callback.resolver(message); } else { this.logService.info("[Native Messaging IPC] Received message without a callback", message); } diff --git a/apps/browser/src/background/runtime.background.ts b/apps/browser/src/background/runtime.background.ts index 7db72f38139..d31ccdd97b0 100644 --- a/apps/browser/src/background/runtime.background.ts +++ b/apps/browser/src/background/runtime.background.ts @@ -78,6 +78,7 @@ export default class RuntimeBackground { BiometricsCommands.GetBiometricsStatus, BiometricsCommands.UnlockWithBiometricsForUser, BiometricsCommands.GetBiometricsStatusForUser, + BiometricsCommands.CanEnableBiometricUnlock, "getUseTreeWalkerApiForPageDetailsCollectionFeatureFlag", "getInlineMenuFieldQualificationFeatureFlag", "getUserPremiumStatus", @@ -201,6 +202,9 @@ export default class RuntimeBackground { case BiometricsCommands.GetBiometricsStatusForUser: { return await this.main.biometricsService.getBiometricsStatusForUser(msg.userId); } + case BiometricsCommands.CanEnableBiometricUnlock: { + return await this.main.biometricsService.canEnableBiometricUnlock(); + } case "getUseTreeWalkerApiForPageDetailsCollectionFeatureFlag": { return await this.configService.getFeatureFlag( FeatureFlag.UseTreeWalkerApiForPageDetailsCollection, diff --git a/apps/browser/src/key-management/biometrics/background-browser-biometrics.service.spec.ts b/apps/browser/src/key-management/biometrics/background-browser-biometrics.service.spec.ts new file mode 100644 index 00000000000..4017953ee28 --- /dev/null +++ b/apps/browser/src/key-management/biometrics/background-browser-biometrics.service.spec.ts @@ -0,0 +1,61 @@ +import { mock } from "jest-mock-extended"; + +import { VaultTimeoutSettingsService } from "@bitwarden/common/key-management/vault-timeout"; +import { LogService } from "@bitwarden/common/platform/abstractions/log.service"; +import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service"; +import { KeyService, BiometricStateService, BiometricsStatus } from "@bitwarden/key-management"; + +import { NativeMessagingBackground } from "../../background/nativeMessaging.background"; + +import { BackgroundBrowserBiometricsService } from "./background-browser-biometrics.service"; + +describe("background browser biometrics service tests", function () { + let service: BackgroundBrowserBiometricsService; + + const nativeMessagingBackground = mock(); + const logService = mock(); + const keyService = mock(); + const biometricStateService = mock(); + const messagingService = mock(); + const vaultTimeoutSettingsService = mock(); + + beforeEach(() => { + jest.resetAllMocks(); + service = new BackgroundBrowserBiometricsService( + () => nativeMessagingBackground, + logService, + keyService, + biometricStateService, + messagingService, + vaultTimeoutSettingsService, + ); + }); + + describe("canEnableBiometricUnlock", () => { + const table: [BiometricsStatus, boolean, boolean][] = [ + // status, already enabled, expected + + // if the setting is not already on, it should only be possible to enable it if biometrics are available + [BiometricsStatus.Available, false, true], + [BiometricsStatus.HardwareUnavailable, false, false], + [BiometricsStatus.NotEnabledInConnectedDesktopApp, false, false], + [BiometricsStatus.DesktopDisconnected, false, false], + + // if the setting is already on, it should always be possible to disable it + [BiometricsStatus.Available, true, true], + [BiometricsStatus.HardwareUnavailable, true, true], + [BiometricsStatus.NotEnabledInConnectedDesktopApp, true, true], + [BiometricsStatus.DesktopDisconnected, true, true], + ]; + test.each(table)( + "status: %s, already enabled: %s, expected: %s", + async (status, alreadyEnabled, expected) => { + service.getBiometricsStatus = jest.fn().mockResolvedValue(status); + vaultTimeoutSettingsService.isBiometricLockSet.mockResolvedValue(alreadyEnabled); + const result = await service.canEnableBiometricUnlock(); + + expect(result).toBe(expected); + }, + ); + }); +}); diff --git a/apps/browser/src/key-management/biometrics/background-browser-biometrics.service.ts b/apps/browser/src/key-management/biometrics/background-browser-biometrics.service.ts index 3031134dc34..a8a89d45274 100644 --- a/apps/browser/src/key-management/biometrics/background-browser-biometrics.service.ts +++ b/apps/browser/src/key-management/biometrics/background-browser-biometrics.service.ts @@ -1,5 +1,6 @@ import { Injectable } from "@angular/core"; +import { VaultTimeoutSettingsService } from "@bitwarden/common/key-management/vault-timeout"; import { LogService } from "@bitwarden/common/platform/abstractions/log.service"; import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service"; import { Utils } from "@bitwarden/common/platform/misc/utils"; @@ -25,6 +26,7 @@ export class BackgroundBrowserBiometricsService extends BiometricsService { private keyService: KeyService, private biometricStateService: BiometricStateService, private messagingService: MessagingService, + private vaultTimeoutSettingsService: VaultTimeoutSettingsService, ) { super(); } @@ -169,4 +171,14 @@ export class BackgroundBrowserBiometricsService extends BiometricsService { } async setShouldAutopromptNow(value: boolean): Promise {} + async canEnableBiometricUnlock(): Promise { + const status = await this.getBiometricsStatus(); + const isBiometricsAlreadyEnabled = await this.vaultTimeoutSettingsService.isBiometricLockSet(); + const statusAllowsBiometric = + status !== BiometricsStatus.DesktopDisconnected && + status !== BiometricsStatus.NotEnabledInConnectedDesktopApp && + status !== BiometricsStatus.HardwareUnavailable; + + return statusAllowsBiometric || isBiometricsAlreadyEnabled; + } } diff --git a/apps/browser/src/key-management/biometrics/foreground-browser-biometrics.spec.ts b/apps/browser/src/key-management/biometrics/foreground-browser-biometrics.spec.ts new file mode 100644 index 00000000000..672eec8c1fc --- /dev/null +++ b/apps/browser/src/key-management/biometrics/foreground-browser-biometrics.spec.ts @@ -0,0 +1,60 @@ +import { mock } from "jest-mock-extended"; + +import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service"; + +import { BrowserApi } from "../../platform/browser/browser-api"; + +import { ForegroundBrowserBiometricsService } from "./foreground-browser-biometrics"; + +jest.mock("../../platform/browser/browser-api", () => ({ + BrowserApi: { + sendMessageWithResponse: jest.fn(), + permissionsGranted: jest.fn(), + }, +})); + +describe("foreground browser biometrics service tests", function () { + const platformUtilsService = mock(); + + beforeEach(() => { + jest.resetAllMocks(); + }); + + describe("canEnableBiometricUnlock", () => { + const table: [boolean, boolean, boolean, boolean][] = [ + // canEnableBiometricUnlock from background, native permission granted, isSafari, expected + + // needs permission prompt; always allowed + [true, false, false, true], + [false, false, false, true], + + // is safari; depends on the status that the background service reports + [false, false, true, false], + [true, false, true, true], + + // native permissions granted; depends on the status that the background service reports + [false, true, false, false], + [true, true, false, true], + + // should never happen since safari does not use the permissions + [false, true, true, false], + [true, true, true, true], + ]; + test.each(table)( + "canEnableBiometric: %s, native permission granted: %s, isSafari: %s, expected: %s", + async (canEnableBiometricUnlockBackground, granted, isSafari, expected) => { + const service = new ForegroundBrowserBiometricsService(platformUtilsService); + + (BrowserApi.permissionsGranted as jest.Mock).mockResolvedValue(granted); + (BrowserApi.sendMessageWithResponse as jest.Mock).mockResolvedValue({ + result: canEnableBiometricUnlockBackground, + }); + platformUtilsService.isSafari.mockReturnValue(isSafari); + + const result = await service.canEnableBiometricUnlock(); + + expect(result).toBe(expected); + }, + ); + }); +}); diff --git a/apps/browser/src/key-management/biometrics/foreground-browser-biometrics.ts b/apps/browser/src/key-management/biometrics/foreground-browser-biometrics.ts index d248a630cc6..b6e84fee31a 100644 --- a/apps/browser/src/key-management/biometrics/foreground-browser-biometrics.ts +++ b/apps/browser/src/key-management/biometrics/foreground-browser-biometrics.ts @@ -1,3 +1,4 @@ +import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service"; import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key"; import { UserId } from "@bitwarden/common/types/guid"; import { UserKey } from "@bitwarden/common/types/key"; @@ -8,6 +9,10 @@ import { BrowserApi } from "../../platform/browser/browser-api"; export class ForegroundBrowserBiometricsService extends BiometricsService { shouldAutopromptNow = true; + constructor(private platformUtilsService: PlatformUtilsService) { + super(); + } + async authenticateWithBiometrics(): Promise { const response = await BrowserApi.sendMessageWithResponse<{ result: boolean; @@ -52,4 +57,19 @@ export class ForegroundBrowserBiometricsService extends BiometricsService { async setShouldAutopromptNow(value: boolean): Promise { this.shouldAutopromptNow = value; } + + async canEnableBiometricUnlock(): Promise { + const needsPermissionPrompt = + !(await BrowserApi.permissionsGranted(["nativeMessaging"])) && + !this.platformUtilsService.isSafari(); + return ( + needsPermissionPrompt || + ( + await BrowserApi.sendMessageWithResponse<{ + result: boolean; + error: string; + }>(BiometricsCommands.CanEnableBiometricUnlock) + ).result + ); + } } diff --git a/apps/browser/src/popup/services/services.module.ts b/apps/browser/src/popup/services/services.module.ts index 42a05f14007..26e84ea964c 100644 --- a/apps/browser/src/popup/services/services.module.ts +++ b/apps/browser/src/popup/services/services.module.ts @@ -316,10 +316,8 @@ const safeProviders: SafeProvider[] = [ }), safeProvider({ provide: BiometricsService, - useFactory: () => { - return new ForegroundBrowserBiometricsService(); - }, - deps: [], + useClass: ForegroundBrowserBiometricsService, + deps: [PlatformUtilsService], }), safeProvider({ provide: SyncService, diff --git a/apps/browser/src/safari/safari/SafariWebExtensionHandler.swift b/apps/browser/src/safari/safari/SafariWebExtensionHandler.swift index d4ce360c32a..54e91611325 100644 --- a/apps/browser/src/safari/safari/SafariWebExtensionHandler.swift +++ b/apps/browser/src/safari/safari/SafariWebExtensionHandler.swift @@ -152,7 +152,7 @@ class SafariWebExtensionHandler: NSObject, NSExtensionRequestHandling { response.userInfo = [ SFExtensionMessageKey: [ "message": [ - "command": "biometricUnlock", + "command": "unlockWithBiometricsForUser", "response": false, "timestamp": Int64(NSDate().timeIntervalSince1970 * 1000), "messageId": messageId, @@ -177,7 +177,7 @@ class SafariWebExtensionHandler: NSObject, NSExtensionRequestHandling { response.userInfo = [ SFExtensionMessageKey: [ "message": [ - "command": "biometricUnlock", + "command": "unlockWithBiometricsForUser", "response": false, "timestamp": Int64(NSDate().timeIntervalSince1970 * 1000), "messageId": messageId, @@ -209,7 +209,7 @@ class SafariWebExtensionHandler: NSObject, NSExtensionRequestHandling { response.userInfo = [ SFExtensionMessageKey: [ "message": [ - "command": "biometricUnlock", + "command": "unlockWithBiometricsForUser", "response": true, "timestamp": Int64(NSDate().timeIntervalSince1970 * 1000), "userKeyB64": result!.replacingOccurrences(of: "\"", with: ""), @@ -220,7 +220,7 @@ class SafariWebExtensionHandler: NSObject, NSExtensionRequestHandling { response.userInfo = [ SFExtensionMessageKey: [ "message": [ - "command": "biometricUnlock", + "command": "unlockWithBiometricsForUser", "response": true, "timestamp": Int64(NSDate().timeIntervalSince1970 * 1000), "messageId": messageId, diff --git a/apps/cli/src/key-management/cli-biometrics-service.ts b/apps/cli/src/key-management/cli-biometrics-service.ts index bda8fe82895..b4f802eb053 100644 --- a/apps/cli/src/key-management/cli-biometrics-service.ts +++ b/apps/cli/src/key-management/cli-biometrics-service.ts @@ -24,4 +24,7 @@ export class CliBiometricsService extends BiometricsService { } async setShouldAutopromptNow(value: boolean): Promise {} + async canEnableBiometricUnlock(): Promise { + return false; + } } diff --git a/apps/desktop/src/app/accounts/settings.component.spec.ts b/apps/desktop/src/app/accounts/settings.component.spec.ts index d29147c1823..b05d90b7e1c 100644 --- a/apps/desktop/src/app/accounts/settings.component.spec.ts +++ b/apps/desktop/src/app/accounts/settings.component.spec.ts @@ -248,6 +248,7 @@ describe("SettingsComponent", () => { describe("biometrics enabled", () => { beforeEach(() => { desktopBiometricsService.getBiometricsStatus.mockResolvedValue(BiometricsStatus.Available); + desktopBiometricsService.canEnableBiometricUnlock.mockResolvedValue(true); vaultTimeoutSettingsService.isBiometricLockSet.mockResolvedValue(true); }); diff --git a/apps/desktop/src/app/accounts/settings.component.ts b/apps/desktop/src/app/accounts/settings.component.ts index 20b6d509f4d..a592e542d58 100644 --- a/apps/desktop/src/app/accounts/settings.component.ts +++ b/apps/desktop/src/app/accounts/settings.component.ts @@ -388,24 +388,12 @@ export class SettingsComponent implements OnInit, OnDestroy { } }); - this.supportsBiometric = this.shouldAllowBiometricSetup( - await this.biometricsService.getBiometricsStatus(), - ); + this.supportsBiometric = await this.biometricsService.canEnableBiometricUnlock(); this.timerId = setInterval(async () => { - this.supportsBiometric = this.shouldAllowBiometricSetup( - await this.biometricsService.getBiometricsStatus(), - ); + this.supportsBiometric = await this.biometricsService.canEnableBiometricUnlock(); }, 1000); } - private shouldAllowBiometricSetup(biometricStatus: BiometricsStatus): boolean { - return [ - BiometricsStatus.Available, - BiometricsStatus.AutoSetupNeeded, - BiometricsStatus.ManualSetupNeeded, - ].includes(biometricStatus); - } - async saveVaultTimeout(newValue: VaultTimeout) { if (newValue === VaultTimeoutStringType.Never) { const confirmed = await this.dialogService.openSimpleDialog({ diff --git a/apps/desktop/src/key-management/biometrics/main-biometrics.service.ts b/apps/desktop/src/key-management/biometrics/main-biometrics.service.ts index dd2e15a2fe8..cf80fa5f7f3 100644 --- a/apps/desktop/src/key-management/biometrics/main-biometrics.service.ts +++ b/apps/desktop/src/key-management/biometrics/main-biometrics.service.ts @@ -163,4 +163,8 @@ export class MainBiometricsService extends DesktopBiometricsService { async getShouldAutopromptNow(): Promise { return this.shouldAutoPrompt; } + + async canEnableBiometricUnlock(): Promise { + return true; + } } diff --git a/apps/desktop/src/key-management/biometrics/renderer-biometrics.service.spec.ts b/apps/desktop/src/key-management/biometrics/renderer-biometrics.service.spec.ts new file mode 100644 index 00000000000..7a3f00c7c44 --- /dev/null +++ b/apps/desktop/src/key-management/biometrics/renderer-biometrics.service.spec.ts @@ -0,0 +1,44 @@ +import { BiometricsStatus } from "@bitwarden/key-management"; + +import { RendererBiometricsService } from "./renderer-biometrics.service"; + +describe("renderer biometrics service tests", function () { + beforeEach(() => { + (global as any).ipc = { + keyManagement: { + biometric: { + authenticateWithBiometrics: jest.fn(), + getBiometricsStatus: jest.fn(), + unlockWithBiometricsForUser: jest.fn(), + getBiometricsStatusForUser: jest.fn(), + deleteBiometricUnlockKeyForUser: jest.fn(), + setupBiometrics: jest.fn(), + setClientKeyHalfForUser: jest.fn(), + getShouldAutoprompt: jest.fn(), + setShouldAutoprompt: jest.fn(), + }, + }, + }; + }); + + describe("canEnableBiometricUnlock", () => { + const table: [BiometricsStatus, boolean][] = [ + [BiometricsStatus.Available, true], + [BiometricsStatus.AutoSetupNeeded, true], + [BiometricsStatus.ManualSetupNeeded, true], + + [BiometricsStatus.UnlockNeeded, false], + [BiometricsStatus.HardwareUnavailable, false], + [BiometricsStatus.PlatformUnsupported, false], + [BiometricsStatus.NotEnabledLocally, false], + ]; + test.each(table)("canEnableBiometricUnlock(%s) === %s", async (status, expected) => { + const service = new RendererBiometricsService(); + (global as any).ipc.keyManagement.biometric.getBiometricsStatus.mockResolvedValue(status); + + const result = await service.canEnableBiometricUnlock(); + + expect(result).toBe(expected); + }); + }); +}); diff --git a/apps/desktop/src/key-management/biometrics/renderer-biometrics.service.ts b/apps/desktop/src/key-management/biometrics/renderer-biometrics.service.ts index 2a0b1282778..db17ee480cb 100644 --- a/apps/desktop/src/key-management/biometrics/renderer-biometrics.service.ts +++ b/apps/desktop/src/key-management/biometrics/renderer-biometrics.service.ts @@ -51,4 +51,13 @@ export class RendererBiometricsService extends DesktopBiometricsService { async setShouldAutopromptNow(value: boolean): Promise { return await ipc.keyManagement.biometric.setShouldAutoprompt(value); } + + async canEnableBiometricUnlock(): Promise { + const biometricStatus = await this.getBiometricsStatus(); + return [ + BiometricsStatus.Available, + BiometricsStatus.AutoSetupNeeded, + BiometricsStatus.ManualSetupNeeded, + ].includes(biometricStatus); + } } diff --git a/apps/web/src/app/key-management/web-biometric.service.ts b/apps/web/src/app/key-management/web-biometric.service.ts index 0c58c0da759..64fa0d243cd 100644 --- a/apps/web/src/app/key-management/web-biometric.service.ts +++ b/apps/web/src/app/key-management/web-biometric.service.ts @@ -24,4 +24,8 @@ export class WebBiometricsService extends BiometricsService { } async setShouldAutopromptNow(value: boolean): Promise {} + + async canEnableBiometricUnlock(): Promise { + return false; + } } diff --git a/libs/key-management/src/biometrics/biometric.service.ts b/libs/key-management/src/biometrics/biometric.service.ts index 3543185b632..119d89e0c9f 100644 --- a/libs/key-management/src/biometrics/biometric.service.ts +++ b/libs/key-management/src/biometrics/biometric.service.ts @@ -39,4 +39,5 @@ export abstract class BiometricsService { abstract getShouldAutopromptNow(): Promise; abstract setShouldAutopromptNow(value: boolean): Promise; + abstract canEnableBiometricUnlock(): Promise; } diff --git a/libs/key-management/src/biometrics/biometrics-commands.ts b/libs/key-management/src/biometrics/biometrics-commands.ts index 2309e8d30bc..81f0ea747e4 100644 --- a/libs/key-management/src/biometrics/biometrics-commands.ts +++ b/libs/key-management/src/biometrics/biometrics-commands.ts @@ -8,6 +8,9 @@ export enum BiometricsCommands { /** Get biometric status for a specific user account. This includes both information about availability of cryptographic material (is the user configured for biometric unlock? is a masterpassword unlock needed? But also information about the biometric system's availability in a single status) */ GetBiometricsStatusForUser = "getBiometricsStatusForUser", + /** Checks whether the biometric unlock can be enabled. */ + CanEnableBiometricUnlock = "canEnableBiometricUnlock", + // legacy Unlock = "biometricUnlock", IsAvailable = "biometricUnlockAvailable", From 7992e0247e8de7121f14b8efc7a2ca0aebf65048 Mon Sep 17 00:00:00 2001 From: Daniel James Smith <2670567+djsmith85@users.noreply.github.com> Date: Mon, 31 Mar 2025 17:06:27 +0200 Subject: [PATCH 012/104] Fix wrong file extension being set when exporting with attachments (#14067) Co-authored-by: Daniel James Smith --- .../src/services/individual-vault-export.service.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libs/tools/export/vault-export/vault-export-core/src/services/individual-vault-export.service.ts b/libs/tools/export/vault-export/vault-export-core/src/services/individual-vault-export.service.ts index 489a28b4c79..1fcdb84d375 100644 --- a/libs/tools/export/vault-export/vault-export-core/src/services/individual-vault-export.service.ts +++ b/libs/tools/export/vault-export/vault-export-core/src/services/individual-vault-export.service.ts @@ -126,7 +126,7 @@ export class IndividualVaultExportService return { type: "application/zip", data: blobData, - fileName: ExportHelper.getFileName("", "json"), + fileName: ExportHelper.getFileName("", "zip"), } as ExportedVaultAsBlob; } From 2381d6b3cdb729c01d61be3f4229f5b06cadc89b Mon Sep 17 00:00:00 2001 From: Brandon Treston Date: Mon, 31 Mar 2025 11:07:02 -0400 Subject: [PATCH 013/104] migrate provider clients component (#14030) --- .../providers/clients/clients.component.html | 38 +++++++++---------- 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/bitwarden_license/bit-web/src/app/admin-console/providers/clients/clients.component.html b/bitwarden_license/bit-web/src/app/admin-console/providers/clients/clients.component.html index e6b5ae122f3..668d59b8830 100644 --- a/bitwarden_license/bit-web/src/app/admin-console/providers/clients/clients.component.html +++ b/bitwarden_license/bit-web/src/app/admin-console/providers/clients/clients.component.html @@ -21,7 +21,7 @@ @@ -31,35 +31,31 @@

{{ "noClientsInList" | i18n }}

- + {{ "name" | i18n }} {{ "numberOfUsers" | i18n }} {{ "billingPlan" | i18n }} - - + {{ row.organizationName }} - + {{ row.userCount }} / {{ row.seats }} - + {{ row.plan }} - - -
+
-
- - - {{ "remove" | i18n }} - -
+ + +
From 78c74f7acddd0ef34f4da4c5a30b8e5c20952fc5 Mon Sep 17 00:00:00 2001 From: Brandon Treston Date: Mon, 31 Mar 2025 11:11:17 -0400 Subject: [PATCH 014/104] fix qa bug (#14047) --- .../app/vault/components/vault-items/vault-items.component.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/web/src/app/vault/components/vault-items/vault-items.component.ts b/apps/web/src/app/vault/components/vault-items/vault-items.component.ts index 2fcaa8d74af..138c7514eb6 100644 --- a/apps/web/src/app/vault/components/vault-items/vault-items.component.ts +++ b/apps/web/src/app/vault/components/vault-items/vault-items.component.ts @@ -138,6 +138,7 @@ export class VaultItemsComponent { return canRestore$; }), + map((canRestore) => canRestore && this.showBulkTrashOptions), ); } From 753875219a80945fb05e869cebbdb44407751170 Mon Sep 17 00:00:00 2001 From: Brandon Treston Date: Mon, 31 Mar 2025 11:12:24 -0400 Subject: [PATCH 015/104] migrate setup-provider.component (#14026) --- .../providers/providers.module.ts | 3 +- .../setup/setup-provider.component.html | 38 +++++++------------ .../setup/setup-provider.component.ts | 6 +++ 3 files changed, 22 insertions(+), 25 deletions(-) diff --git a/bitwarden_license/bit-web/src/app/admin-console/providers/providers.module.ts b/bitwarden_license/bit-web/src/app/admin-console/providers/providers.module.ts index 9b5559af946..b8fe60814a8 100644 --- a/bitwarden_license/bit-web/src/app/admin-console/providers/providers.module.ts +++ b/bitwarden_license/bit-web/src/app/admin-console/providers/providers.module.ts @@ -4,7 +4,7 @@ import { NgModule } from "@angular/core"; import { FormsModule } from "@angular/forms"; import { JslibModule } from "@bitwarden/angular/jslib.module"; -import { SearchModule } from "@bitwarden/components"; +import { CardComponent, SearchModule } from "@bitwarden/components"; import { DangerZoneComponent } from "@bitwarden/web-vault/app/auth/settings/account/danger-zone.component"; import { OrganizationPlansComponent } from "@bitwarden/web-vault/app/billing"; import { VerifyBankAccountComponent } from "@bitwarden/web-vault/app/billing/shared/verify-bank-account/verify-bank-account.component"; @@ -51,6 +51,7 @@ import { VerifyRecoverDeleteProviderComponent } from "./verify-recover-delete-pr DangerZoneComponent, ScrollingModule, VerifyBankAccountComponent, + CardComponent, ], declarations: [ AcceptProviderComponent, diff --git a/bitwarden_license/bit-web/src/app/admin-console/providers/setup/setup-provider.component.html b/bitwarden_license/bit-web/src/app/admin-console/providers/setup/setup-provider.component.html index a3e2a180c39..1fa2fd3415a 100644 --- a/bitwarden_license/bit-web/src/app/admin-console/providers/setup/setup-provider.component.html +++ b/bitwarden_license/bit-web/src/app/admin-console/providers/setup/setup-provider.component.html @@ -1,9 +1,9 @@ -
+
- -

+ +

@@ -11,25 +11,15 @@

-
-
-
-

{{ "setupProvider" | i18n }}

-
-
-

{{ "setupProviderLoginDesc" | i18n }}

-
-
- - {{ "logIn" | i18n }} - -
-
-
-
+
+
+

{{ "setupProvider" | i18n }}

+ +

{{ "setupProviderLoginDesc" | i18n }}

+
+ +
diff --git a/bitwarden_license/bit-web/src/app/admin-console/providers/setup/setup-provider.component.ts b/bitwarden_license/bit-web/src/app/admin-console/providers/setup/setup-provider.component.ts index 0490b6c6ec0..a41c7cba362 100644 --- a/bitwarden_license/bit-web/src/app/admin-console/providers/setup/setup-provider.component.ts +++ b/bitwarden_license/bit-web/src/app/admin-console/providers/setup/setup-provider.component.ts @@ -1,6 +1,7 @@ import { Component } from "@angular/core"; import { Params } from "@angular/router"; +import { BitwardenLogo } from "@bitwarden/auth/angular"; import { BaseAcceptComponent } from "@bitwarden/web-vault/app/common/base.accept.component"; @Component({ @@ -8,6 +9,7 @@ import { BaseAcceptComponent } from "@bitwarden/web-vault/app/common/base.accept templateUrl: "setup-provider.component.html", }) export class SetupProviderComponent extends BaseAcceptComponent { + protected logo = BitwardenLogo; failedShortMessage = "inviteAcceptFailedShort"; failedMessage = "inviteAcceptFailed"; @@ -20,4 +22,8 @@ export class SetupProviderComponent extends BaseAcceptComponent { async unauthedHandler(qParams: Params) { // Empty } + + login() { + this.router.navigate(["/login"], { queryParams: { email: this.email } }); + } } From 6849d3aa98d6b42b5069bc2fdd9a4ef9f9e02ea1 Mon Sep 17 00:00:00 2001 From: Bernd Schoolmann Date: Mon, 31 Mar 2025 18:16:11 +0200 Subject: [PATCH 016/104] [PM-2199] Implement userkey rotation for all TDE devices (#13576) * Implement key rotation v2 * Pass through masterpassword hint * Properly split old and new code * Mark legacy rotation as deprecated * Throw when data is null * Cleanup * Add tests * Fix build * Update libs/key-management/src/key.service.spec.ts Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update apps/web/src/app/auth/settings/change-password.component.ts Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Add documentation * Centralize loading logic * Add proof-of-concept for tde rotation * Fix build * Only include trusted devices in rotation request * Undo featureflag change * Fix tests * Prettier format * Fix build * Undo changes to migrate legacy component * Address feedback & add tests --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> --- .../request/unlock-data.request.ts | 4 + .../key-rotation/user-key-rotation.service.ts | 16 ++-- .../devices-api.service.abstraction.ts | 6 +- .../request/update-devices-trust.request.ts | 2 +- .../response/protected-device.response.ts | 10 +++ .../devices-api.service.implementation.ts | 8 +- .../device-trust.service.abstraction.ts | 7 ++ .../device-trust.service.implementation.ts | 53 +++++++++-- .../services/device-trust.service.spec.ts | 88 +++++++++++++++++-- 9 files changed, 164 insertions(+), 30 deletions(-) diff --git a/apps/web/src/app/key-management/key-rotation/request/unlock-data.request.ts b/apps/web/src/app/key-management/key-rotation/request/unlock-data.request.ts index 5cdb56a3e23..6faf0c29401 100644 --- a/apps/web/src/app/key-management/key-rotation/request/unlock-data.request.ts +++ b/apps/web/src/app/key-management/key-rotation/request/unlock-data.request.ts @@ -1,4 +1,5 @@ import { OrganizationUserResetPasswordWithIdRequest } from "@bitwarden/admin-console/common"; +import { DeviceKeysUpdateRequest } from "@bitwarden/common/auth/models/request/update-devices-trust.request"; import { WebauthnRotateCredentialRequest } from "@bitwarden/common/auth/models/request/webauthn-rotate-credential.request"; import { EmergencyAccessWithIdRequest } from "../../../auth/emergency-access/request/emergency-access-update.request"; @@ -11,16 +12,19 @@ export class UnlockDataRequest { emergencyAccessUnlockData: EmergencyAccessWithIdRequest[]; organizationAccountRecoveryUnlockData: OrganizationUserResetPasswordWithIdRequest[]; passkeyUnlockData: WebauthnRotateCredentialRequest[]; + deviceKeyUnlockData: DeviceKeysUpdateRequest[]; constructor( masterPasswordUnlockData: MasterPasswordUnlockDataRequest, emergencyAccessUnlockData: EmergencyAccessWithIdRequest[], organizationAccountRecoveryUnlockData: OrganizationUserResetPasswordWithIdRequest[], passkeyUnlockData: WebauthnRotateCredentialRequest[], + deviceTrustUnlockData: DeviceKeysUpdateRequest[], ) { this.masterPasswordUnlockData = masterPasswordUnlockData; this.emergencyAccessUnlockData = emergencyAccessUnlockData; this.organizationAccountRecoveryUnlockData = organizationAccountRecoveryUnlockData; this.passkeyUnlockData = passkeyUnlockData; + this.deviceKeyUnlockData = deviceTrustUnlockData; } } diff --git a/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts b/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts index c1b7a04d62b..9dc844c0104 100644 --- a/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts +++ b/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts @@ -180,11 +180,19 @@ export class UserKeyRotationService { newUnencryptedUserKey, user.id, ); + + const trustedDeviceUnlockData = await this.deviceTrustService.getRotatedData( + originalUserKey, + newUnencryptedUserKey, + user.id, + ); + const unlockDataRequest = new UnlockDataRequest( masterPasswordUnlockData, emergencyAccessUnlockData, organizationAccountRecoveryUnlockData, passkeyUnlockData, + trustedDeviceUnlockData, ); const request = new RotateUserAccountKeysRequest( @@ -198,14 +206,6 @@ export class UserKeyRotationService { await this.apiService.postUserKeyUpdateV2(request); this.logService.info("[Userkey rotation] Userkey rotation request posted to server"); - // TODO PM-2199: Add device trust rotation support to the user key rotation endpoint - this.logService.info("[Userkey rotation] Rotating device trust..."); - await this.deviceTrustService.rotateDevicesTrust( - user.id, - newUnencryptedUserKey, - newMasterKeyAuthenticationHash, - ); - this.logService.info("[Userkey rotation] Device trust rotation completed"); this.toastService.showToast({ variant: "success", title: this.i18nService.t("rotationCompletedTitle"), diff --git a/libs/common/src/auth/abstractions/devices-api.service.abstraction.ts b/libs/common/src/auth/abstractions/devices-api.service.abstraction.ts index 92f0ebf1667..f5d58e3fc6b 100644 --- a/libs/common/src/auth/abstractions/devices-api.service.abstraction.ts +++ b/libs/common/src/auth/abstractions/devices-api.service.abstraction.ts @@ -2,7 +2,6 @@ // @ts-strict-ignore import { ListResponse } from "../../models/response/list.response"; import { DeviceResponse } from "../abstractions/devices/responses/device.response"; -import { SecretVerificationRequest } from "../models/request/secret-verification.request"; import { UpdateDevicesTrustRequest } from "../models/request/update-devices-trust.request"; import { ProtectedDeviceResponse } from "../models/response/protected-device.response"; @@ -25,10 +24,7 @@ export abstract class DevicesApiServiceAbstraction { deviceIdentifier: string, ) => Promise; - getDeviceKeys: ( - deviceIdentifier: string, - secretVerificationRequest: SecretVerificationRequest, - ) => Promise; + getDeviceKeys: (deviceIdentifier: string) => Promise; /** * Notifies the server that the device has a device key, but didn't receive any associated decryption keys. diff --git a/libs/common/src/auth/models/request/update-devices-trust.request.ts b/libs/common/src/auth/models/request/update-devices-trust.request.ts index 21fe0f600dc..f3cee00f948 100644 --- a/libs/common/src/auth/models/request/update-devices-trust.request.ts +++ b/libs/common/src/auth/models/request/update-devices-trust.request.ts @@ -13,5 +13,5 @@ export class DeviceKeysUpdateRequest { } export class OtherDeviceKeysUpdateRequest extends DeviceKeysUpdateRequest { - id: string; + deviceId: string; } diff --git a/libs/common/src/auth/models/response/protected-device.response.ts b/libs/common/src/auth/models/response/protected-device.response.ts index 14662236197..3cc3a3e0792 100644 --- a/libs/common/src/auth/models/response/protected-device.response.ts +++ b/libs/common/src/auth/models/response/protected-device.response.ts @@ -2,6 +2,8 @@ // @ts-strict-ignore import { Jsonify } from "type-fest"; +import { RotateableKeySet } from "@bitwarden/auth/common"; + import { DeviceType } from "../../../enums"; import { BaseResponse } from "../../../models/response/base.response"; import { EncString } from "../../../platform/models/domain/enc-string"; @@ -38,4 +40,12 @@ export class ProtectedDeviceResponse extends BaseResponse { * This enabled a user to rotate the keys for all of their devices. */ encryptedPublicKey: EncString; + + getRotateableKeyset(): RotateableKeySet { + return new RotateableKeySet(this.encryptedUserKey, this.encryptedPublicKey); + } + + isTrusted(): boolean { + return this.encryptedUserKey != null && this.encryptedPublicKey != null; + } } diff --git a/libs/common/src/auth/services/devices-api.service.implementation.ts b/libs/common/src/auth/services/devices-api.service.implementation.ts index cf760effbdf..9830a8c1ffd 100644 --- a/libs/common/src/auth/services/devices-api.service.implementation.ts +++ b/libs/common/src/auth/services/devices-api.service.implementation.ts @@ -5,7 +5,6 @@ import { ListResponse } from "../../models/response/list.response"; import { Utils } from "../../platform/misc/utils"; import { DeviceResponse } from "../abstractions/devices/responses/device.response"; import { DevicesApiServiceAbstraction } from "../abstractions/devices-api.service.abstraction"; -import { SecretVerificationRequest } from "../models/request/secret-verification.request"; import { UpdateDevicesTrustRequest } from "../models/request/update-devices-trust.request"; import { ProtectedDeviceResponse } from "../models/response/protected-device.response"; @@ -90,14 +89,11 @@ export class DevicesApiServiceImplementation implements DevicesApiServiceAbstrac ); } - async getDeviceKeys( - deviceIdentifier: string, - secretVerificationRequest: SecretVerificationRequest, - ): Promise { + async getDeviceKeys(deviceIdentifier: string): Promise { const result = await this.apiService.send( "POST", `/devices/${deviceIdentifier}/retrieve-keys`, - secretVerificationRequest, + null, true, true, ); diff --git a/libs/common/src/key-management/device-trust/abstractions/device-trust.service.abstraction.ts b/libs/common/src/key-management/device-trust/abstractions/device-trust.service.abstraction.ts index 882625fa231..407ae007622 100644 --- a/libs/common/src/key-management/device-trust/abstractions/device-trust.service.abstraction.ts +++ b/libs/common/src/key-management/device-trust/abstractions/device-trust.service.abstraction.ts @@ -2,6 +2,8 @@ // @ts-strict-ignore import { Observable } from "rxjs"; +import { DeviceKeysUpdateRequest } from "@bitwarden/common/auth/models/request/update-devices-trust.request"; + import { DeviceResponse } from "../../../auth/abstractions/devices/responses/device.response"; import { EncString } from "../../../platform/models/domain/enc-string"; import { UserId } from "../../../types/guid"; @@ -55,4 +57,9 @@ export abstract class DeviceTrustServiceAbstraction { * Note: For debugging purposes only. */ recordDeviceTrustLoss: () => Promise; + getRotatedData: ( + oldUserKey: UserKey, + newUserKey: UserKey, + userId: UserId, + ) => Promise; } diff --git a/libs/common/src/key-management/device-trust/services/device-trust.service.implementation.ts b/libs/common/src/key-management/device-trust/services/device-trust.service.implementation.ts index 579fe9360a6..501c5cfabc8 100644 --- a/libs/common/src/key-management/device-trust/services/device-trust.service.implementation.ts +++ b/libs/common/src/key-management/device-trust/services/device-trust.service.implementation.ts @@ -2,7 +2,7 @@ // @ts-strict-ignore import { firstValueFrom, map, Observable, Subject } from "rxjs"; -import { UserDecryptionOptionsServiceAbstraction } from "@bitwarden/auth/common"; +import { RotateableKeySet, UserDecryptionOptionsServiceAbstraction } from "@bitwarden/auth/common"; import { KeyService } from "@bitwarden/key-management"; import { DeviceResponse } from "../../../auth/abstractions/devices/responses/device.response"; @@ -10,6 +10,7 @@ import { DevicesApiServiceAbstraction } from "../../../auth/abstractions/devices import { SecretVerificationRequest } from "../../../auth/models/request/secret-verification.request"; import { DeviceKeysUpdateRequest, + OtherDeviceKeysUpdateRequest, UpdateDevicesTrustRequest, } from "../../../auth/models/request/update-devices-trust.request"; import { AppIdService } from "../../../platform/abstractions/app-id.service"; @@ -187,6 +188,51 @@ export class DeviceTrustService implements DeviceTrustServiceAbstraction { return deviceResponse; } + async getRotatedData( + oldUserKey: UserKey, + newUserKey: UserKey, + userId: UserId, + ): Promise { + if (!userId) { + throw new Error("UserId is required. Cannot get rotated data."); + } + if (!oldUserKey) { + throw new Error("Old user key is required. Cannot get rotated data."); + } + if (!newUserKey) { + throw new Error("New user key is required. Cannot get rotated data."); + } + + const devices = await this.devicesApiService.getDevices(); + return await Promise.all( + devices.data + .filter((device) => device.isTrusted) + .map(async (device) => { + const deviceWithKeys = await this.devicesApiService.getDeviceKeys(device.identifier); + const publicKey = await this.encryptService.decryptToBytes( + deviceWithKeys.encryptedPublicKey, + oldUserKey, + ); + const newEncryptedPublicKey = await this.encryptService.encrypt(publicKey, newUserKey); + const newEncryptedUserKey = await this.encryptService.rsaEncrypt( + newUserKey.key, + publicKey, + ); + + const newRotateableKeySet = new RotateableKeySet( + newEncryptedUserKey, + newEncryptedPublicKey, + ); + + const request = new OtherDeviceKeysUpdateRequest(); + request.encryptedPublicKey = newRotateableKeySet.encryptedPublicKey.encryptedString; + request.encryptedUserKey = newRotateableKeySet.encryptedUserKey.encryptedString; + request.deviceId = device.id; + return request; + }), + ); + } + async rotateDevicesTrust( userId: UserId, newUserKey: UserKey, @@ -216,10 +262,7 @@ export class DeviceTrustService implements DeviceTrustServiceAbstraction { secretVerificationRequest.masterPasswordHash = masterPasswordHash; // Get the keys that are used in rotating a devices keys from the server - const currentDeviceKeys = await this.devicesApiService.getDeviceKeys( - deviceIdentifier, - secretVerificationRequest, - ); + const currentDeviceKeys = await this.devicesApiService.getDeviceKeys(deviceIdentifier); // Decrypt the existing device public key with the old user key const decryptedDevicePublicKey = await this.encryptService.decryptToBytes( diff --git a/libs/common/src/key-management/device-trust/services/device-trust.service.spec.ts b/libs/common/src/key-management/device-trust/services/device-trust.service.spec.ts index 1893b097ec6..2f3034e67ba 100644 --- a/libs/common/src/key-management/device-trust/services/device-trust.service.spec.ts +++ b/libs/common/src/key-management/device-trust/services/device-trust.service.spec.ts @@ -7,6 +7,7 @@ import { UserDecryptionOptionsServiceAbstraction, UserDecryptionOptions, } from "@bitwarden/auth/common"; +import { ListResponse } from "@bitwarden/common/models/response/list.response"; import { KeyService } from "@bitwarden/key-management"; import { FakeAccountService, mockAccountServiceWith } from "../../../../spec/fake-account-service"; @@ -655,6 +656,86 @@ describe("deviceTrustService", () => { }); }); + describe("getRotatedData", () => { + let fakeNewUserKey: UserKey = new SymmetricCryptoKey(new Uint8Array(64)) as UserKey; + let fakeOldUserKey: UserKey = new SymmetricCryptoKey(new Uint8Array(64)) as UserKey; + const userId: UserId = Utils.newGuid() as UserId; + + it("throws an error when a null user id is passed in", async () => { + await expect( + deviceTrustService.getRotatedData(fakeOldUserKey, fakeNewUserKey, null), + ).rejects.toThrow("UserId is required. Cannot get rotated data."); + }); + + it("throws an error when a null old user key is passed in", async () => { + await expect( + deviceTrustService.getRotatedData(null, fakeNewUserKey, userId), + ).rejects.toThrow("Old user key is required. Cannot get rotated data."); + }); + + it("throws an error when a null new user key is passed in", async () => { + await expect( + deviceTrustService.getRotatedData(fakeOldUserKey, null, userId), + ).rejects.toThrow("New user key is required. Cannot get rotated data."); + }); + + it("returns the expected data when all required parameters are provided", async () => { + const deviceResponse = { + id: "", + userId: "", + name: "", + identifier: "", + type: DeviceType.Android, + creationDate: "", + revisionDate: "", + isTrusted: true, + }; + devicesApiService.getDevices.mockResolvedValue( + new ListResponse( + { + data: [deviceResponse], + }, + DeviceResponse, + ), + ); + encryptService.decryptToBytes.mockResolvedValue(new Uint8Array(64)); + encryptService.encrypt.mockResolvedValue(new EncString("test_encrypted_data")); + encryptService.rsaEncrypt.mockResolvedValue(new EncString("test_encrypted_data")); + + const protectedDeviceResponse = new ProtectedDeviceResponse({ + id: "", + creationDate: "", + identifier: "test_device_identifier", + name: "Firefox", + type: DeviceType.FirefoxBrowser, + encryptedPublicKey: "", + encryptedUserKey: "", + }); + devicesApiService.getDeviceKeys.mockResolvedValue(protectedDeviceResponse); + const fakeOldUserKeyData = new Uint8Array(64); + fakeOldUserKeyData.fill(5, 0, 1); + fakeOldUserKey = new SymmetricCryptoKey(fakeOldUserKeyData) as UserKey; + + const fakeNewUserKeyData = new Uint8Array(64); + fakeNewUserKeyData.fill(1, 0, 1); + fakeNewUserKey = new SymmetricCryptoKey(fakeNewUserKeyData) as UserKey; + + const result = await deviceTrustService.getRotatedData( + fakeOldUserKey, + fakeNewUserKey, + userId, + ); + + expect(result).toEqual([ + { + deviceId: "", + encryptedUserKey: "test_encrypted_data", + encryptedPublicKey: "test_encrypted_data", + }, + ]); + }); + }); + describe("rotateDevicesTrust", () => { let fakeNewUserKey: UserKey = null; @@ -708,11 +789,8 @@ describe("deviceTrustService", () => { appIdService.getAppId.mockResolvedValue("test_device_identifier"); - devicesApiService.getDeviceKeys.mockImplementation((deviceIdentifier, secretRequest) => { - if ( - deviceIdentifier !== "test_device_identifier" || - secretRequest.masterPasswordHash !== "my_password_hash" - ) { + devicesApiService.getDeviceKeys.mockImplementation((deviceIdentifier) => { + if (deviceIdentifier !== "test_device_identifier") { return Promise.resolve(null); } From 4e413283a8fdf7fbef53c2c7bd2fa8fa57449596 Mon Sep 17 00:00:00 2001 From: Miles Blackwood Date: Mon, 31 Mar 2025 12:36:31 -0400 Subject: [PATCH 017/104] [PM-16635] Remove InlineMenuFieldQualification feature flag references. (#13230) * Remove InlineMenuFieldQualification feature flag references. Removes all business logic related to InlineMenuFieldQualification Feature Flag, while leaving the flag in enum itself intact. No corresponding pull on server, where there exists no current references. * Removes the feature flag from enum. * Remove inlineMenuFieldQualificationFlagSet from InlineMenuFieldQualificationService. * Removes deprecated isFieldForLoginFormFallback method. --- ...e-menu-field-qualification.service.spec.ts | 1 - ...inline-menu-field-qualification.service.ts | 20 ------------------- .../src/background/runtime.background.ts | 4 ---- libs/common/src/enums/feature-flag.enum.ts | 2 -- 4 files changed, 27 deletions(-) diff --git a/apps/browser/src/autofill/services/inline-menu-field-qualification.service.spec.ts b/apps/browser/src/autofill/services/inline-menu-field-qualification.service.spec.ts index f3047947c82..6bedb939c30 100644 --- a/apps/browser/src/autofill/services/inline-menu-field-qualification.service.spec.ts +++ b/apps/browser/src/autofill/services/inline-menu-field-qualification.service.spec.ts @@ -17,7 +17,6 @@ describe("InlineMenuFieldQualificationService", () => { fields: [], }); inlineMenuFieldQualificationService = new InlineMenuFieldQualificationService(); - inlineMenuFieldQualificationService["inlineMenuFieldQualificationFlagSet"] = true; }); describe("isFieldForLoginForm", () => { diff --git a/apps/browser/src/autofill/services/inline-menu-field-qualification.service.ts b/apps/browser/src/autofill/services/inline-menu-field-qualification.service.ts index 046381d956c..9b16a0cfbdd 100644 --- a/apps/browser/src/autofill/services/inline-menu-field-qualification.service.ts +++ b/apps/browser/src/autofill/services/inline-menu-field-qualification.service.ts @@ -150,7 +150,6 @@ export class InlineMenuFieldQualificationService this.identityPostalCodeAutocompleteValue, ]); private totpFieldAutocompleteValue = "one-time-code"; - private inlineMenuFieldQualificationFlagSet = false; private premiumEnabled = false; constructor() { @@ -158,7 +157,6 @@ export class InlineMenuFieldQualificationService sendExtensionMessage("getInlineMenuFieldQualificationFeatureFlag"), sendExtensionMessage("getUserPremiumStatus"), ]).then(([fieldQualificationFlag, premiumStatus]) => { - this.inlineMenuFieldQualificationFlagSet = !!fieldQualificationFlag?.result; this.premiumEnabled = !!premiumStatus?.result; }); } @@ -170,10 +168,6 @@ export class InlineMenuFieldQualificationService * @param pageDetails - The details of the page that the field is on. */ isFieldForLoginForm(field: AutofillField, pageDetails: AutofillPageDetails): boolean { - if (!this.inlineMenuFieldQualificationFlagSet) { - return this.isFieldForLoginFormFallback(field); - } - /** * Totp inline menu is available only for premium users. */ @@ -1223,18 +1217,4 @@ export class InlineMenuFieldQualificationService return false; } - - /** - * This method represents the previous rudimentary approach to qualifying fields for login forms. - * - * @param field - The field to validate - * @deprecated - This method will only be used when the fallback flag is set to true. - */ - private isFieldForLoginFormFallback(field: AutofillField): boolean { - if (field.type === "password") { - return true; - } - - return this.isUsernameField(field); - } } diff --git a/apps/browser/src/background/runtime.background.ts b/apps/browser/src/background/runtime.background.ts index d31ccdd97b0..c1719abbb3a 100644 --- a/apps/browser/src/background/runtime.background.ts +++ b/apps/browser/src/background/runtime.background.ts @@ -80,7 +80,6 @@ export default class RuntimeBackground { BiometricsCommands.GetBiometricsStatusForUser, BiometricsCommands.CanEnableBiometricUnlock, "getUseTreeWalkerApiForPageDetailsCollectionFeatureFlag", - "getInlineMenuFieldQualificationFeatureFlag", "getUserPremiumStatus", ]; @@ -210,9 +209,6 @@ export default class RuntimeBackground { FeatureFlag.UseTreeWalkerApiForPageDetailsCollection, ); } - case "getInlineMenuFieldQualificationFeatureFlag": { - return await this.configService.getFeatureFlag(FeatureFlag.InlineMenuFieldQualification); - } case "getUserPremiumStatus": { const activeUserId = await firstValueFrom( this.accountService.activeAccount$.pipe(map((a) => a?.id)), diff --git a/libs/common/src/enums/feature-flag.enum.ts b/libs/common/src/enums/feature-flag.enum.ts index 798053c09d0..88a52f2948d 100644 --- a/libs/common/src/enums/feature-flag.enum.ts +++ b/libs/common/src/enums/feature-flag.enum.ts @@ -22,7 +22,6 @@ export enum FeatureFlag { EnableNewCardCombinedExpiryAutofill = "enable-new-card-combined-expiry-autofill", GenerateIdentityFillScriptRefactor = "generate-identity-fill-script-refactor", IdpAutoSubmitLogin = "idp-auto-submit-login", - InlineMenuFieldQualification = "inline-menu-field-qualification", InlineMenuPositioningImprovements = "inline-menu-positioning-improvements", NotificationBarAddLoginImprovements = "notification-bar-add-login-improvements", NotificationRefresh = "notification-refresh", @@ -84,7 +83,6 @@ export const DefaultFeatureFlagValue = { [FeatureFlag.EnableNewCardCombinedExpiryAutofill]: FALSE, [FeatureFlag.GenerateIdentityFillScriptRefactor]: FALSE, [FeatureFlag.IdpAutoSubmitLogin]: FALSE, - [FeatureFlag.InlineMenuFieldQualification]: FALSE, [FeatureFlag.InlineMenuPositioningImprovements]: FALSE, [FeatureFlag.NotificationBarAddLoginImprovements]: FALSE, [FeatureFlag.NotificationRefresh]: FALSE, From 80e58427fb926b1c521dcbfb25d380ce7b6ac112 Mon Sep 17 00:00:00 2001 From: Miles Blackwood Date: Mon, 31 Mar 2025 12:36:52 -0400 Subject: [PATCH 018/104] Use bit-select (+ReactiveForms) in Autofill on page load settings. (#13593) * Use bit-select (+ReactiveForms) in Autofill on page load settings. * Use ReactiveForms for Additional options. * Disable margin reinclude from rebase. --- .../popup/settings/autofill.component.html | 218 +++++++++--------- .../popup/settings/autofill.component.ts | 139 ++++++++--- 2 files changed, 219 insertions(+), 138 deletions(-) diff --git a/apps/browser/src/autofill/popup/settings/autofill.component.html b/apps/browser/src/autofill/popup/settings/autofill.component.html index c690eb3d2ca..90a536ad25d 100644 --- a/apps/browser/src/autofill/popup/settings/autofill.component.html +++ b/apps/browser/src/autofill/popup/settings/autofill.component.html @@ -154,121 +154,115 @@ - -

{{ "enableAutoFillOnPageLoadSectionTitle" | i18n }}

- - - - {{ "enableAutoFillOnPageLoadDesc" | i18n }} - {{ "warningCapitalized" | i18n }}: {{ "experimentalFeature" | i18n }} - - {{ "learnMoreAboutAutofillOnPageLoadLinkText" | i18n }} - - - - - {{ "enableAutoFillOnPageLoad" | i18n }} - {{ - "enterprisePolicyRequirementsApplied" | i18n - }} - - - {{ "defaultAutoFillOnPageLoad" | i18n }} - - - {{ "defaultAutoFillOnPageLoadDesc" | i18n }} +
+ + +

{{ "enableAutoFillOnPageLoadSectionTitle" | i18n }}

+ + + + + {{ "enableAutoFillOnPageLoadDesc" | i18n }} + {{ "warningCapitalized" | i18n }}: {{ "experimentalFeature" | i18n }} + + {{ "learnMoreAboutAutofillOnPageLoadLinkText" | i18n }} + - - + + + {{ "enableAutoFillOnPageLoad" | i18n }} + {{ + "enterprisePolicyRequirementsApplied" | i18n + }} + + + {{ "defaultAutoFillOnPageLoad" | i18n }} + + + + + + {{ "defaultAutoFillOnPageLoadDesc" | i18n }} + + + +
- -

{{ "additionalOptions" | i18n }}

- - - - - {{ "enableContextMenuItem" | i18n }} - - - - {{ "enableAutoTotpCopy" | i18n }} - - - {{ "clearClipboard" | i18n }} - - - {{ "clearClipboardDesc" | i18n }} - - - - {{ "defaultUriMatchDetection" | i18n }} - - - {{ "defaultUriMatchDetectionDesc" | i18n }} - - - +
+ +

{{ "additionalOptions" | i18n }}

+ + + + + {{ "enableContextMenuItem" | i18n }} + + + + {{ "enableAutoTotpCopy" | i18n }} + + + {{ "clearClipboard" | i18n }} + + + + + {{ "clearClipboardDesc" | i18n }} + + + + {{ "defaultUriMatchDetection" | i18n }} + + + + + {{ "defaultUriMatchDetectionDesc" | i18n }} + + + +
diff --git a/apps/browser/src/autofill/popup/settings/autofill.component.ts b/apps/browser/src/autofill/popup/settings/autofill.component.ts index 7bd6c93bb64..eb18ea9f23e 100644 --- a/apps/browser/src/autofill/popup/settings/autofill.component.ts +++ b/apps/browser/src/autofill/popup/settings/autofill.component.ts @@ -1,8 +1,15 @@ // FIXME: Update this file to be type safe and remove this and next line // @ts-strict-ignore import { CommonModule } from "@angular/common"; -import { Component, OnInit } from "@angular/core"; -import { FormsModule } from "@angular/forms"; +import { Component, DestroyRef, OnInit } from "@angular/core"; +import { takeUntilDestroyed } from "@angular/core/rxjs-interop"; +import { + FormsModule, + ReactiveFormsModule, + FormBuilder, + FormGroup, + FormControl, +} from "@angular/forms"; import { RouterModule } from "@angular/router"; import { firstValueFrom } from "rxjs"; @@ -73,6 +80,7 @@ import { PopupPageComponent } from "../../../platform/popup/layout/popup-page.co SectionHeaderComponent, SelectModule, TypographyModule, + ReactiveFormsModule, ], }) export class AutofillComponent implements OnInit { @@ -94,6 +102,18 @@ export class AutofillComponent implements OnInit { protected autofillOnPageLoadFromPolicy$ = this.autofillSettingsService.activateAutofillOnPageLoadFromPolicy$; + protected autofillOnPageLoadForm = new FormGroup({ + autofillOnPageLoad: new FormControl(), + defaultAutofill: new FormControl(), + }); + + protected additionalOptionsForm = new FormGroup({ + enableContextMenuItem: new FormControl(), + enableAutoTotpCopy: new FormControl(), + clearClipboard: new FormControl(), + defaultUriMatch: new FormControl(), + }); + enableAutofillOnPageLoad: boolean = false; enableInlineMenu: boolean = false; enableInlineMenuOnIconSelect: boolean = false; @@ -121,10 +141,12 @@ export class AutofillComponent implements OnInit { private messagingService: MessagingService, private vaultSettingsService: VaultSettingsService, private configService: ConfigService, + private formBuilder: FormBuilder, + private destroyRef: DestroyRef, ) { this.autofillOnPageLoadOptions = [ - { name: i18nService.t("autoFillOnPageLoadYes"), value: true }, - { name: i18nService.t("autoFillOnPageLoadNo"), value: false }, + { name: this.i18nService.t("autoFillOnPageLoadYes"), value: true }, + { name: this.i18nService.t("autoFillOnPageLoadNo"), value: false }, ]; this.clearClipboardOptions = [ { name: i18nService.t("never"), value: ClearClipboardDelay.Never }, @@ -181,27 +203,106 @@ export class AutofillComponent implements OnInit { this.inlineMenuVisibility === AutofillOverlayVisibility.OnFieldFocus || this.enableInlineMenuOnIconSelect; + this.autofillSettingsService.activateAutofillOnPageLoadFromPolicy$ + .pipe(takeUntilDestroyed(this.destroyRef)) + .subscribe((value) => { + value + ? this.autofillOnPageLoadForm.controls.autofillOnPageLoad.disable({ emitEvent: false }) + : this.autofillOnPageLoadForm.controls.autofillOnPageLoad.enable({ emitEvent: false }); + }); + this.enableAutofillOnPageLoad = await firstValueFrom( this.autofillSettingsService.autofillOnPageLoad$, ); + this.autofillOnPageLoadForm.controls.autofillOnPageLoad.patchValue( + this.enableAutofillOnPageLoad, + { emitEvent: false }, + ); + this.autofillOnPageLoadDefault = await firstValueFrom( this.autofillSettingsService.autofillOnPageLoadDefault$, ); + if (this.enableAutofillOnPageLoad === false) { + this.autofillOnPageLoadForm.controls.defaultAutofill.disable(); + } + + this.autofillOnPageLoadForm.controls.defaultAutofill.patchValue( + this.autofillOnPageLoadDefault, + { emitEvent: false }, + ); + + this.autofillOnPageLoadForm.controls.autofillOnPageLoad.valueChanges + .pipe(takeUntilDestroyed(this.destroyRef)) + .subscribe((value) => { + void this.autofillSettingsService.setAutofillOnPageLoad(value); + this.enableDefaultAutofillControl(value); + }); + + this.autofillOnPageLoadForm.controls.defaultAutofill.valueChanges + .pipe(takeUntilDestroyed(this.destroyRef)) + .subscribe((value) => { + void this.autofillSettingsService.setAutofillOnPageLoadDefault(value); + }); + + /** Additional options form */ + this.enableContextMenuItem = await firstValueFrom( this.autofillSettingsService.enableContextMenu$, ); + this.additionalOptionsForm.controls.enableContextMenuItem.patchValue( + this.enableContextMenuItem, + { emitEvent: false }, + ); + this.enableAutoTotpCopy = await firstValueFrom(this.autofillSettingsService.autoCopyTotp$); + this.additionalOptionsForm.controls.enableAutoTotpCopy.patchValue(this.enableAutoTotpCopy, { + emitEvent: false, + }); + this.clearClipboard = await firstValueFrom(this.autofillSettingsService.clearClipboardDelay$); + this.additionalOptionsForm.controls.clearClipboard.patchValue(this.clearClipboard, { + emitEvent: false, + }); + const defaultUriMatch = await firstValueFrom( this.domainSettingsService.defaultUriMatchStrategy$, ); this.defaultUriMatch = defaultUriMatch == null ? UriMatchStrategy.Domain : defaultUriMatch; + this.additionalOptionsForm.controls.defaultUriMatch.patchValue(this.defaultUriMatch, { + emitEvent: false, + }); + + this.additionalOptionsForm.controls.enableContextMenuItem.valueChanges + .pipe(takeUntilDestroyed(this.destroyRef)) + .subscribe((value) => { + void this.autofillSettingsService.setEnableContextMenu(value); + this.messagingService.send("bgUpdateContextMenu"); + }); + + this.additionalOptionsForm.controls.enableAutoTotpCopy.valueChanges + .pipe(takeUntilDestroyed(this.destroyRef)) + .subscribe((value) => { + void this.autofillSettingsService.setAutoCopyTotp(value); + }); + + this.additionalOptionsForm.controls.clearClipboard.valueChanges + .pipe(takeUntilDestroyed(this.destroyRef)) + .subscribe((value) => { + void this.autofillSettingsService.setClearClipboardDelay(value); + }); + + this.additionalOptionsForm.controls.defaultUriMatch.valueChanges + .pipe(takeUntilDestroyed(this.destroyRef)) + .subscribe((value) => { + void this.domainSettingsService.setDefaultUriMatchStrategy(value); + }); + const command = await this.platformUtilsService.getAutofillKeyboardShortcut(); await this.setAutofillKeyboardHelperText(command); @@ -230,17 +331,16 @@ export class AutofillComponent implements OnInit { await this.requestPrivacyPermission(); } } - - async updateAutofillOnPageLoad() { - await this.autofillSettingsService.setAutofillOnPageLoad(this.enableAutofillOnPageLoad); + async getAutofillOnPageLoadFromPolicy() { + await firstValueFrom(this.autofillOnPageLoadFromPolicy$); } - async updateAutofillOnPageLoadDefault() { - await this.autofillSettingsService.setAutofillOnPageLoadDefault(this.autofillOnPageLoadDefault); - } - - async saveDefaultUriMatch() { - await this.domainSettingsService.setDefaultUriMatchStrategy(this.defaultUriMatch); + enableDefaultAutofillControl(enable: boolean = true) { + if (enable) { + this.autofillOnPageLoadForm.controls.defaultAutofill.enable(); + } else { + this.autofillOnPageLoadForm.controls.defaultAutofill.disable(); + } } private async setAutofillKeyboardHelperText(command: string) { @@ -388,19 +488,6 @@ export class AutofillComponent implements OnInit { return await BrowserApi.permissionsGranted(["privacy"]); } - async updateContextMenuItem() { - await this.autofillSettingsService.setEnableContextMenu(this.enableContextMenuItem); - this.messagingService.send("bgUpdateContextMenu"); - } - - async updateAutoTotpCopy() { - await this.autofillSettingsService.setAutoCopyTotp(this.enableAutoTotpCopy); - } - - async saveClearClipboard() { - await this.autofillSettingsService.setClearClipboardDelay(this.clearClipboard); - } - async updateShowCardsCurrentTab() { await this.vaultSettingsService.setShowCardsCurrentTab(this.showCardsCurrentTab); } From fa17bd7a3af16000e4e199712163c9dd2b530804 Mon Sep 17 00:00:00 2001 From: Conner Turnbull <133619638+cturnbull-bitwarden@users.noreply.github.com> Date: Mon, 31 Mar 2025 15:20:01 -0400 Subject: [PATCH 019/104] [PM-17526] Updated to use tailwind (#13685) * Updated to use tailwind * Removed "tw-w-full" and "tw-border-collapse" --- .../billing/providers/clients/manage-clients.component.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bitwarden_license/bit-web/src/app/billing/providers/clients/manage-clients.component.html b/bitwarden_license/bit-web/src/app/billing/providers/clients/manage-clients.component.html index 077aeb6c124..85309e55bd9 100644 --- a/bitwarden_license/bit-web/src/app/billing/providers/clients/manage-clients.component.html +++ b/bitwarden_license/bit-web/src/app/billing/providers/clients/manage-clients.component.html @@ -38,7 +38,7 @@ @@ -46,7 +46,7 @@ - + {{ "client" | i18n }} {{ "assigned" | i18n }} From c3e562e75d0e71726b7a67661d0413db0a418a5f Mon Sep 17 00:00:00 2001 From: Shane Melton Date: Tue, 1 Apr 2025 07:27:05 -0700 Subject: [PATCH 020/104] [PM-17563] [PM-19754] Migrate Security Task Module to libs/common (#14036) * [PM-17563] Remove references to Angular from TaskService * [PM-17563] Move Task module to libs/common/vault to avoid Angular dependency * [PM-17563] Fix bad imports * [PM-17563] Fix a few more missed imports --- .../vault/guards/at-risk-passwords.guard.ts | 3 +- .../at-risk-password-callout.component.ts | 3 +- .../at-risk-passwords.component.spec.ts | 4 +- .../at-risk-passwords.component.ts | 5 +- .../vault-v2/view-v2/view-v2.component.ts | 5 +- .../emergency-view-dialog.component.spec.ts | 8 +- .../view/emergency-view-dialog.component.ts | 3 - .../vault-item-dialog.component.ts | 6 -- .../individual-vault/view.component.spec.ts | 9 +- .../vault/individual-vault/view.component.ts | 5 +- .../critical-applications.component.ts | 2 +- .../abstractions/admin-task.abstraction.ts | 2 +- .../default-admin-task.service.spec.ts | 4 +- .../services/default-admin-task.service.ts | 2 +- .../src/services/jslib-services.module.ts | 95 +++++++++---------- .../vault}/tasks/abstractions/task.service.ts | 3 +- .../src/vault}/tasks/enums/index.ts | 0 .../tasks/enums/security-task-status.enum.ts | 0 .../tasks/enums/security-task-type.enum.ts | 0 .../src => common/src/vault}/tasks/index.ts | 0 .../src/vault}/tasks/models/index.ts | 0 .../vault}/tasks/models/security-task.data.ts | 0 .../tasks/models/security-task.response.ts | 0 .../src/vault}/tasks/models/security-task.ts | 0 .../services/default-task.service.spec.ts | 71 ++++---------- .../tasks/services/default-task.service.ts | 8 +- .../vault}/tasks/state/security-task.state.ts | 0 .../src/vault}/utils/observable-utilities.ts | 0 .../src/cipher-view/cipher-view.component.ts | 2 +- libs/vault/src/index.ts | 3 - .../default-end-user-notification.service.ts | 5 +- 31 files changed, 97 insertions(+), 151 deletions(-) rename libs/{vault/src => common/src/vault}/tasks/abstractions/task.service.ts (96%) rename libs/{vault/src => common/src/vault}/tasks/enums/index.ts (100%) rename libs/{vault/src => common/src/vault}/tasks/enums/security-task-status.enum.ts (100%) rename libs/{vault/src => common/src/vault}/tasks/enums/security-task-type.enum.ts (100%) rename libs/{vault/src => common/src/vault}/tasks/index.ts (100%) rename libs/{vault/src => common/src/vault}/tasks/models/index.ts (100%) rename libs/{vault/src => common/src/vault}/tasks/models/security-task.data.ts (100%) rename libs/{vault/src => common/src/vault}/tasks/models/security-task.response.ts (100%) rename libs/{vault/src => common/src/vault}/tasks/models/security-task.ts (100%) rename libs/{vault/src => common/src/vault}/tasks/services/default-task.service.spec.ts (80%) rename libs/{vault/src => common/src/vault}/tasks/services/default-task.service.ts (92%) rename libs/{vault/src => common/src/vault}/tasks/state/security-task.state.ts (100%) rename libs/{vault/src => common/src/vault}/utils/observable-utilities.ts (100%) diff --git a/apps/browser/src/vault/guards/at-risk-passwords.guard.ts b/apps/browser/src/vault/guards/at-risk-passwords.guard.ts index ee991c81239..6bcdddfde81 100644 --- a/apps/browser/src/vault/guards/at-risk-passwords.guard.ts +++ b/apps/browser/src/vault/guards/at-risk-passwords.guard.ts @@ -4,8 +4,9 @@ import { switchMap, tap } from "rxjs"; import { AccountService } from "@bitwarden/common/auth/abstractions/account.service"; import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service"; +import { TaskService } from "@bitwarden/common/vault/tasks"; +import { filterOutNullish } from "@bitwarden/common/vault/utils/observable-utilities"; import { ToastService } from "@bitwarden/components"; -import { filterOutNullish, TaskService } from "@bitwarden/vault"; export const canAccessAtRiskPasswords: CanActivateFn = () => { const accountService = inject(AccountService); diff --git a/apps/browser/src/vault/popup/components/at-risk-callout/at-risk-password-callout.component.ts b/apps/browser/src/vault/popup/components/at-risk-callout/at-risk-password-callout.component.ts index 5e46f3cd3d9..eb5cd459111 100644 --- a/apps/browser/src/vault/popup/components/at-risk-callout/at-risk-password-callout.component.ts +++ b/apps/browser/src/vault/popup/components/at-risk-callout/at-risk-password-callout.component.ts @@ -4,9 +4,10 @@ import { RouterModule } from "@angular/router"; import { map, switchMap } from "rxjs"; import { AccountService } from "@bitwarden/common/auth/abstractions/account.service"; +import { SecurityTaskType, TaskService } from "@bitwarden/common/vault/tasks"; +import { filterOutNullish } from "@bitwarden/common/vault/utils/observable-utilities"; import { AnchorLinkDirective, CalloutModule } from "@bitwarden/components"; import { I18nPipe } from "@bitwarden/ui-common"; -import { filterOutNullish, SecurityTaskType, TaskService } from "@bitwarden/vault"; // TODO: This component will need to be reworked to use the new EndUserNotificationService in PM-10609 diff --git a/apps/browser/src/vault/popup/components/at-risk-passwords/at-risk-passwords.component.spec.ts b/apps/browser/src/vault/popup/components/at-risk-passwords/at-risk-passwords.component.spec.ts index 3bf786ad5b7..25bf3ce3716 100644 --- a/apps/browser/src/vault/popup/components/at-risk-passwords/at-risk-passwords.component.spec.ts +++ b/apps/browser/src/vault/popup/components/at-risk-passwords/at-risk-passwords.component.spec.ts @@ -16,14 +16,12 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service"; import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service"; import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view"; +import { SecurityTask, SecurityTaskType, TaskService } from "@bitwarden/common/vault/tasks"; import { DialogService, ToastService } from "@bitwarden/components"; import { ChangeLoginPasswordService, DefaultChangeLoginPasswordService, PasswordRepromptService, - SecurityTask, - SecurityTaskType, - TaskService, } from "@bitwarden/vault"; import { PopupHeaderComponent } from "../../../../platform/popup/layout/popup-header.component"; diff --git a/apps/browser/src/vault/popup/components/at-risk-passwords/at-risk-passwords.component.ts b/apps/browser/src/vault/popup/components/at-risk-passwords/at-risk-passwords.component.ts index dd3d53fed7d..6711673751c 100644 --- a/apps/browser/src/vault/popup/components/at-risk-passwords/at-risk-passwords.component.ts +++ b/apps/browser/src/vault/popup/components/at-risk-passwords/at-risk-passwords.component.ts @@ -15,6 +15,8 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service"; import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service"; import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view"; +import { SecurityTaskType, TaskService } from "@bitwarden/common/vault/tasks"; +import { filterOutNullish } from "@bitwarden/common/vault/utils/observable-utilities"; import { BadgeModule, ButtonModule, @@ -28,10 +30,7 @@ import { import { ChangeLoginPasswordService, DefaultChangeLoginPasswordService, - filterOutNullish, PasswordRepromptService, - SecurityTaskType, - TaskService, VaultCarouselModule, } from "@bitwarden/vault"; diff --git a/apps/browser/src/vault/popup/components/vault-v2/view-v2/view-v2.component.ts b/apps/browser/src/vault/popup/components/vault-v2/view-v2/view-v2.component.ts index b9eae380ca0..6b64e1191fc 100644 --- a/apps/browser/src/vault/popup/components/vault-v2/view-v2/view-v2.component.ts +++ b/apps/browser/src/vault/popup/components/vault-v2/view-v2/view-v2.component.ts @@ -33,19 +33,17 @@ import { CipherAuthorizationService } from "@bitwarden/common/vault/services/cip import { AsyncActionsModule, ButtonModule, + CalloutModule, DialogService, IconButtonModule, SearchModule, ToastService, - CalloutModule, } from "@bitwarden/components"; import { ChangeLoginPasswordService, CipherViewComponent, CopyCipherFieldService, DefaultChangeLoginPasswordService, - DefaultTaskService, - TaskService, } from "@bitwarden/vault"; import { BrowserApi } from "../../../../../platform/browser/browser-api"; @@ -95,7 +93,6 @@ type LoadAction = providers: [ { provide: ViewPasswordHistoryService, useClass: BrowserViewPasswordHistoryService }, { provide: PremiumUpgradePromptService, useClass: BrowserPremiumUpgradePromptService }, - { provide: TaskService, useClass: DefaultTaskService }, { provide: ChangeLoginPasswordService, useClass: DefaultChangeLoginPasswordService }, ], }) diff --git a/apps/web/src/app/auth/settings/emergency-access/view/emergency-view-dialog.component.spec.ts b/apps/web/src/app/auth/settings/emergency-access/view/emergency-view-dialog.component.spec.ts index 6e96b357e3e..ed62b94fb73 100644 --- a/apps/web/src/app/auth/settings/emergency-access/view/emergency-view-dialog.component.spec.ts +++ b/apps/web/src/app/auth/settings/emergency-access/view/emergency-view-dialog.component.spec.ts @@ -17,8 +17,9 @@ import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.servi import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction"; import { CipherType } from "@bitwarden/common/vault/enums"; import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view"; +import { TaskService } from "@bitwarden/common/vault/tasks"; import { DialogService } from "@bitwarden/components"; -import { ChangeLoginPasswordService, TaskService } from "@bitwarden/vault"; +import { ChangeLoginPasswordService } from "@bitwarden/vault"; import { EmergencyViewDialogComponent } from "./emergency-view-dialog.component"; @@ -55,6 +56,7 @@ describe("EmergencyViewDialogComponent", () => { { provide: DialogRef, useValue: { close } }, { provide: DIALOG_DATA, useValue: { cipher: mockCipher } }, { provide: AccountService, useValue: accountService }, + { provide: TaskService, useValue: mock() }, ], }) .overrideComponent(EmergencyViewDialogComponent, { @@ -71,10 +73,6 @@ describe("EmergencyViewDialogComponent", () => { }, add: { providers: [ - { - provide: TaskService, - useValue: mock(), - }, { provide: PlatformUtilsService, useValue: mock() }, { provide: ChangeLoginPasswordService, diff --git a/apps/web/src/app/auth/settings/emergency-access/view/emergency-view-dialog.component.ts b/apps/web/src/app/auth/settings/emergency-access/view/emergency-view-dialog.component.ts index d2a6389806d..387d7b5b177 100644 --- a/apps/web/src/app/auth/settings/emergency-access/view/emergency-view-dialog.component.ts +++ b/apps/web/src/app/auth/settings/emergency-access/view/emergency-view-dialog.component.ts @@ -13,8 +13,6 @@ import { ChangeLoginPasswordService, CipherViewComponent, DefaultChangeLoginPasswordService, - DefaultTaskService, - TaskService, } from "@bitwarden/vault"; import { WebViewPasswordHistoryService } from "../../../../vault/services/web-view-password-history.service"; @@ -39,7 +37,6 @@ class PremiumUpgradePromptNoop implements PremiumUpgradePromptService { providers: [ { provide: ViewPasswordHistoryService, useClass: WebViewPasswordHistoryService }, { provide: PremiumUpgradePromptService, useClass: PremiumUpgradePromptNoop }, - { provide: TaskService, useClass: DefaultTaskService }, { provide: ChangeLoginPasswordService, useClass: DefaultChangeLoginPasswordService }, ], }) diff --git a/apps/web/src/app/vault/components/vault-item-dialog/vault-item-dialog.component.ts b/apps/web/src/app/vault/components/vault-item-dialog/vault-item-dialog.component.ts index b2adeecbf69..25ffd677458 100644 --- a/apps/web/src/app/vault/components/vault-item-dialog/vault-item-dialog.component.ts +++ b/apps/web/src/app/vault/components/vault-item-dialog/vault-item-dialog.component.ts @@ -39,7 +39,6 @@ import { } from "@bitwarden/components"; import { ChangeLoginPasswordService, - CipherAttachmentsComponent, CipherFormComponent, CipherFormConfig, CipherFormGenerationService, @@ -47,8 +46,6 @@ import { CipherViewComponent, DecryptionFailureDialogComponent, DefaultChangeLoginPasswordService, - DefaultTaskService, - TaskService, } from "@bitwarden/vault"; import { SharedModule } from "../../../shared/shared.module"; @@ -132,17 +129,14 @@ export enum VaultItemDialogResult { CommonModule, SharedModule, CipherFormModule, - CipherAttachmentsComponent, AsyncActionsModule, ItemModule, - DecryptionFailureDialogComponent, ], providers: [ { provide: PremiumUpgradePromptService, useClass: WebVaultPremiumUpgradePromptService }, { provide: ViewPasswordHistoryService, useClass: WebViewPasswordHistoryService }, { provide: CipherFormGenerationService, useClass: WebCipherFormGenerationService }, RoutedVaultFilterService, - { provide: TaskService, useClass: DefaultTaskService }, { provide: ChangeLoginPasswordService, useClass: DefaultChangeLoginPasswordService }, ], }) diff --git a/apps/web/src/app/vault/individual-vault/view.component.spec.ts b/apps/web/src/app/vault/individual-vault/view.component.spec.ts index d1117258124..c66a951f923 100644 --- a/apps/web/src/app/vault/individual-vault/view.component.spec.ts +++ b/apps/web/src/app/vault/individual-vault/view.component.spec.ts @@ -20,9 +20,10 @@ import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.servi import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction"; import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view"; import { CipherAuthorizationService } from "@bitwarden/common/vault/services/cipher-authorization.service"; +import { TaskService } from "@bitwarden/common/vault/tasks"; import { DialogService, ToastService } from "@bitwarden/components"; import { KeyService } from "@bitwarden/key-management"; -import { ChangeLoginPasswordService, DefaultTaskService, TaskService } from "@bitwarden/vault"; +import { ChangeLoginPasswordService } from "@bitwarden/vault"; import { ViewCipherDialogParams, ViewCipherDialogResult, ViewComponent } from "./view.component"; @@ -83,12 +84,12 @@ describe("ViewComponent", () => { canDeleteCipher$: jest.fn().mockReturnValue(true), }, }, + { provide: TaskService, useValue: mock() }, ], }) .overrideComponent(ViewComponent, { remove: { providers: [ - { provide: TaskService, useClass: DefaultTaskService }, { provide: PlatformUtilsService, useValue: PlatformUtilsService }, { provide: ChangeLoginPasswordService, @@ -98,10 +99,6 @@ describe("ViewComponent", () => { }, add: { providers: [ - { - provide: TaskService, - useValue: mock(), - }, { provide: PlatformUtilsService, useValue: mock() }, { provide: ChangeLoginPasswordService, diff --git a/apps/web/src/app/vault/individual-vault/view.component.ts b/apps/web/src/app/vault/individual-vault/view.component.ts index 7a2cf3bb2f4..7536a5ec5c1 100644 --- a/apps/web/src/app/vault/individual-vault/view.component.ts +++ b/apps/web/src/app/vault/individual-vault/view.component.ts @@ -3,7 +3,7 @@ import { DIALOG_DATA, DialogConfig, DialogRef } from "@angular/cdk/dialog"; import { CommonModule } from "@angular/common"; import { Component, EventEmitter, Inject, OnInit } from "@angular/core"; -import { Observable, firstValueFrom, map } from "rxjs"; +import { firstValueFrom, map, Observable } from "rxjs"; import { CollectionView } from "@bitwarden/admin-console/common"; import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction"; @@ -26,7 +26,7 @@ import { DialogService, ToastService, } from "@bitwarden/components"; -import { CipherViewComponent, DefaultTaskService, TaskService } from "@bitwarden/vault"; +import { CipherViewComponent } from "@bitwarden/vault"; import { SharedModule } from "../../shared/shared.module"; import { WebVaultPremiumUpgradePromptService } from "../services/web-premium-upgrade-prompt.service"; @@ -74,7 +74,6 @@ export interface ViewCipherDialogCloseResult { providers: [ { provide: ViewPasswordHistoryService, useClass: WebViewPasswordHistoryService }, { provide: PremiumUpgradePromptService, useClass: WebVaultPremiumUpgradePromptService }, - { provide: TaskService, useClass: DefaultTaskService }, ], }) export class ViewComponent implements OnInit { diff --git a/bitwarden_license/bit-web/src/app/tools/access-intelligence/critical-applications.component.ts b/bitwarden_license/bit-web/src/app/tools/access-intelligence/critical-applications.component.ts index af5c9a90015..ff5a4458a33 100644 --- a/bitwarden_license/bit-web/src/app/tools/access-intelligence/critical-applications.component.ts +++ b/bitwarden_license/bit-web/src/app/tools/access-intelligence/critical-applications.component.ts @@ -19,6 +19,7 @@ import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum"; import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service"; import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service"; import { CipherId, OrganizationId } from "@bitwarden/common/types/guid"; +import { SecurityTaskType } from "@bitwarden/common/vault/tasks"; import { Icons, NoItemsModule, @@ -27,7 +28,6 @@ import { ToastService, } from "@bitwarden/components"; import { CardComponent } from "@bitwarden/tools-card"; -import { SecurityTaskType } from "@bitwarden/vault"; import { HeaderModule } from "@bitwarden/web-vault/app/layouts/header/header.module"; import { SharedModule } from "@bitwarden/web-vault/app/shared"; import { PipesModule } from "@bitwarden/web-vault/app/vault/individual-vault/pipes/pipes.module"; diff --git a/bitwarden_license/bit-web/src/app/vault/services/abstractions/admin-task.abstraction.ts b/bitwarden_license/bit-web/src/app/vault/services/abstractions/admin-task.abstraction.ts index 014c9daa783..6f5963c3321 100644 --- a/bitwarden_license/bit-web/src/app/vault/services/abstractions/admin-task.abstraction.ts +++ b/bitwarden_license/bit-web/src/app/vault/services/abstractions/admin-task.abstraction.ts @@ -1,5 +1,5 @@ import { CipherId, OrganizationId } from "@bitwarden/common/types/guid"; -import { SecurityTask, SecurityTaskStatus, SecurityTaskType } from "@bitwarden/vault"; +import { SecurityTask, SecurityTaskStatus, SecurityTaskType } from "@bitwarden/common/vault/tasks"; /** * Request type for creating tasks. diff --git a/bitwarden_license/bit-web/src/app/vault/services/default-admin-task.service.spec.ts b/bitwarden_license/bit-web/src/app/vault/services/default-admin-task.service.spec.ts index 49a4c16e159..7e1775a31d6 100644 --- a/bitwarden_license/bit-web/src/app/vault/services/default-admin-task.service.spec.ts +++ b/bitwarden_license/bit-web/src/app/vault/services/default-admin-task.service.spec.ts @@ -1,8 +1,8 @@ -import { MockProxy, mock } from "jest-mock-extended"; +import { mock, MockProxy } from "jest-mock-extended"; import { ApiService } from "@bitwarden/common/abstractions/api.service"; import { CipherId, OrganizationId } from "@bitwarden/common/types/guid"; -import { SecurityTaskStatus, SecurityTaskType } from "@bitwarden/vault"; +import { SecurityTaskStatus, SecurityTaskType } from "@bitwarden/common/vault/tasks"; import { CreateTasksRequest } from "./abstractions/admin-task.abstraction"; import { DefaultAdminTaskService } from "./default-admin-task.service"; diff --git a/bitwarden_license/bit-web/src/app/vault/services/default-admin-task.service.ts b/bitwarden_license/bit-web/src/app/vault/services/default-admin-task.service.ts index 520fb744486..fb7e5eba450 100644 --- a/bitwarden_license/bit-web/src/app/vault/services/default-admin-task.service.ts +++ b/bitwarden_license/bit-web/src/app/vault/services/default-admin-task.service.ts @@ -8,7 +8,7 @@ import { SecurityTaskData, SecurityTaskResponse, SecurityTaskStatus, -} from "@bitwarden/vault"; +} from "@bitwarden/common/vault/tasks"; import { AdminTaskService, CreateTasksRequest } from "./abstractions/admin-task.abstraction"; diff --git a/libs/angular/src/services/jslib-services.module.ts b/libs/angular/src/services/jslib-services.module.ts index 6334e5815d6..885b46d0106 100644 --- a/libs/angular/src/services/jslib-services.module.ts +++ b/libs/angular/src/services/jslib-services.module.ts @@ -4,48 +4,48 @@ import { ErrorHandler, LOCALE_ID, NgModule } from "@angular/core"; import { Subject } from "rxjs"; import { - OrganizationUserApiService, - DefaultOrganizationUserApiService, CollectionService, DefaultCollectionService, + DefaultOrganizationUserApiService, + OrganizationUserApiService, } from "@bitwarden/admin-console/common"; import { - SetPasswordJitService, - DefaultSetPasswordJitService, - RegistrationFinishService as RegistrationFinishServiceAbstraction, - DefaultRegistrationFinishService, AnonLayoutWrapperDataService, DefaultAnonLayoutWrapperDataService, - LoginComponentService, + DefaultLoginApprovalComponentService, DefaultLoginComponentService, - LoginDecryptionOptionsService, DefaultLoginDecryptionOptionsService, - TwoFactorAuthComponentService, + DefaultRegistrationFinishService, + DefaultSetPasswordJitService, DefaultTwoFactorAuthComponentService, DefaultTwoFactorAuthEmailComponentService, - TwoFactorAuthEmailComponentService, DefaultTwoFactorAuthWebAuthnComponentService, + LoginComponentService, + LoginDecryptionOptionsService, + RegistrationFinishService as RegistrationFinishServiceAbstraction, + SetPasswordJitService, + TwoFactorAuthComponentService, + TwoFactorAuthEmailComponentService, TwoFactorAuthWebAuthnComponentService, - DefaultLoginApprovalComponentService, } from "@bitwarden/auth/angular"; import { - AuthRequestServiceAbstraction, - AuthRequestService, - PinServiceAbstraction, - PinService, - LoginStrategyServiceAbstraction, - LoginStrategyService, - LoginEmailServiceAbstraction, - LoginEmailService, - InternalUserDecryptionOptionsServiceAbstraction, - UserDecryptionOptionsService, - UserDecryptionOptionsServiceAbstraction, - LogoutReason, AuthRequestApiService, + AuthRequestService, + AuthRequestServiceAbstraction, DefaultAuthRequestApiService, DefaultLoginSuccessHandlerService, - LoginSuccessHandlerService, + InternalUserDecryptionOptionsServiceAbstraction, LoginApprovalComponentServiceAbstraction, + LoginEmailService, + LoginEmailServiceAbstraction, + LoginStrategyService, + LoginStrategyServiceAbstraction, + LoginSuccessHandlerService, + LogoutReason, + PinService, + PinServiceAbstraction, + UserDecryptionOptionsService, + UserDecryptionOptionsServiceAbstraction, } from "@bitwarden/auth/common"; import { ApiService as ApiServiceAbstraction } from "@bitwarden/common/abstractions/api.service"; import { AuditService as AuditServiceAbstraction } from "@bitwarden/common/abstractions/audit.service"; @@ -118,16 +118,16 @@ import { WebAuthnLoginApiService } from "@bitwarden/common/auth/services/webauth import { WebAuthnLoginPrfKeyService } from "@bitwarden/common/auth/services/webauthn-login/webauthn-login-prf-key.service"; import { WebAuthnLoginService } from "@bitwarden/common/auth/services/webauthn-login/webauthn-login.service"; import { - AutofillSettingsServiceAbstraction, AutofillSettingsService, + AutofillSettingsServiceAbstraction, } from "@bitwarden/common/autofill/services/autofill-settings.service"; import { - BadgeSettingsServiceAbstraction, BadgeSettingsService, + BadgeSettingsServiceAbstraction, } from "@bitwarden/common/autofill/services/badge-settings.service"; import { - DomainSettingsService, DefaultDomainSettingsService, + DomainSettingsService, } from "@bitwarden/common/autofill/services/domain-settings.service"; import { BillingApiServiceAbstraction, @@ -200,8 +200,8 @@ import { WebPushNotificationsApiService, } from "@bitwarden/common/platform/notifications/internal"; import { - TaskSchedulerService, DefaultTaskSchedulerService, + TaskSchedulerService, } from "@bitwarden/common/platform/scheduling"; import { AppIdService } from "@bitwarden/common/platform/services/app-id.service"; import { ConfigApiService } from "@bitwarden/common/platform/services/config/config-api.service"; @@ -222,10 +222,10 @@ import { ValidationService } from "@bitwarden/common/platform/services/validatio import { WebCryptoFunctionService } from "@bitwarden/common/platform/services/web-crypto-function.service"; import { ActiveUserStateProvider, + DerivedStateProvider, GlobalStateProvider, SingleUserStateProvider, StateProvider, - DerivedStateProvider, } from "@bitwarden/common/platform/state"; /* eslint-disable import/no-restricted-paths -- We need the implementations to inject, but generally these should not be accessed */ import { DefaultActiveUserStateProvider } from "@bitwarden/common/platform/state/implementations/default-active-user-state.provider"; @@ -280,6 +280,7 @@ import { FolderApiService } from "@bitwarden/common/vault/services/folder/folder import { FolderService } from "@bitwarden/common/vault/services/folder/folder.service"; import { TotpService } from "@bitwarden/common/vault/services/totp.service"; import { VaultSettingsService } from "@bitwarden/common/vault/services/vault-settings/vault-settings.service"; +import { DefaultTaskService, TaskService } from "@bitwarden/common/vault/tasks"; import { ToastService } from "@bitwarden/components"; import { GeneratorHistoryService, @@ -292,34 +293,32 @@ import { UsernameGenerationServiceAbstraction, } from "@bitwarden/generator-legacy"; import { - KeyService, - DefaultKeyService, + BiometricsService, BiometricStateService, DefaultBiometricStateService, - BiometricsService, DefaultKdfConfigService, - KdfConfigService, - UserAsymmetricKeysRegenerationService, - DefaultUserAsymmetricKeysRegenerationService, - UserAsymmetricKeysRegenerationApiService, + DefaultKeyService, DefaultUserAsymmetricKeysRegenerationApiService, + DefaultUserAsymmetricKeysRegenerationService, + KdfConfigService, + KeyService, + UserAsymmetricKeysRegenerationApiService, + UserAsymmetricKeysRegenerationService, } from "@bitwarden/key-management"; import { SafeInjectionToken } from "@bitwarden/ui-common"; import { - DefaultTaskService, DefaultEndUserNotificationService, EndUserNotificationService, NewDeviceVerificationNoticeService, PasswordRepromptService, - TaskService, } from "@bitwarden/vault"; import { - VaultExportService, - VaultExportServiceAbstraction, - OrganizationVaultExportService, - OrganizationVaultExportServiceAbstraction, IndividualVaultExportService, IndividualVaultExportServiceAbstraction, + OrganizationVaultExportService, + OrganizationVaultExportServiceAbstraction, + VaultExportService, + VaultExportServiceAbstraction, } from "@bitwarden/vault-export-core"; import { DeviceTrustToastService as DeviceTrustToastServiceAbstraction } from "../auth/services/device-trust-toast.service.abstraction"; @@ -334,24 +333,24 @@ import { AbstractThemingService } from "../platform/services/theming/theming.ser import { safeProvider, SafeProvider } from "../platform/utils/safe-provider"; import { + CLIENT_TYPE, + DEFAULT_VAULT_TIMEOUT, + ENV_ADDITIONAL_REGIONS, + INTRAPROCESS_MESSAGING_SUBJECT, LOCALES_DIRECTORY, LOCKED_CALLBACK, - LOGOUT_CALLBACK, LOG_MAC_FAILURES, + LOGOUT_CALLBACK, MEMORY_STORAGE, OBSERVABLE_DISK_STORAGE, OBSERVABLE_MEMORY_STORAGE, + REFRESH_ACCESS_TOKEN_ERROR_CALLBACK, SECURE_STORAGE, STATE_FACTORY, SUPPORTS_SECURE_STORAGE, SYSTEM_LANGUAGE, SYSTEM_THEME_OBSERVABLE, WINDOW, - DEFAULT_VAULT_TIMEOUT, - INTRAPROCESS_MESSAGING_SUBJECT, - CLIENT_TYPE, - REFRESH_ACCESS_TOKEN_ERROR_CALLBACK, - ENV_ADDITIONAL_REGIONS, } from "./injection-tokens"; import { ModalService } from "./modal.service"; diff --git a/libs/vault/src/tasks/abstractions/task.service.ts b/libs/common/src/vault/tasks/abstractions/task.service.ts similarity index 96% rename from libs/vault/src/tasks/abstractions/task.service.ts rename to libs/common/src/vault/tasks/abstractions/task.service.ts index 3d6ae72900f..4a0c086330e 100644 --- a/libs/vault/src/tasks/abstractions/task.service.ts +++ b/libs/common/src/vault/tasks/abstractions/task.service.ts @@ -1,7 +1,8 @@ import { Observable } from "rxjs"; import { SecurityTaskId, UserId } from "@bitwarden/common/types/guid"; -import { SecurityTask } from "@bitwarden/vault"; + +import { SecurityTask } from "../models"; export abstract class TaskService { /** diff --git a/libs/vault/src/tasks/enums/index.ts b/libs/common/src/vault/tasks/enums/index.ts similarity index 100% rename from libs/vault/src/tasks/enums/index.ts rename to libs/common/src/vault/tasks/enums/index.ts diff --git a/libs/vault/src/tasks/enums/security-task-status.enum.ts b/libs/common/src/vault/tasks/enums/security-task-status.enum.ts similarity index 100% rename from libs/vault/src/tasks/enums/security-task-status.enum.ts rename to libs/common/src/vault/tasks/enums/security-task-status.enum.ts diff --git a/libs/vault/src/tasks/enums/security-task-type.enum.ts b/libs/common/src/vault/tasks/enums/security-task-type.enum.ts similarity index 100% rename from libs/vault/src/tasks/enums/security-task-type.enum.ts rename to libs/common/src/vault/tasks/enums/security-task-type.enum.ts diff --git a/libs/vault/src/tasks/index.ts b/libs/common/src/vault/tasks/index.ts similarity index 100% rename from libs/vault/src/tasks/index.ts rename to libs/common/src/vault/tasks/index.ts diff --git a/libs/vault/src/tasks/models/index.ts b/libs/common/src/vault/tasks/models/index.ts similarity index 100% rename from libs/vault/src/tasks/models/index.ts rename to libs/common/src/vault/tasks/models/index.ts diff --git a/libs/vault/src/tasks/models/security-task.data.ts b/libs/common/src/vault/tasks/models/security-task.data.ts similarity index 100% rename from libs/vault/src/tasks/models/security-task.data.ts rename to libs/common/src/vault/tasks/models/security-task.data.ts diff --git a/libs/vault/src/tasks/models/security-task.response.ts b/libs/common/src/vault/tasks/models/security-task.response.ts similarity index 100% rename from libs/vault/src/tasks/models/security-task.response.ts rename to libs/common/src/vault/tasks/models/security-task.response.ts diff --git a/libs/vault/src/tasks/models/security-task.ts b/libs/common/src/vault/tasks/models/security-task.ts similarity index 100% rename from libs/vault/src/tasks/models/security-task.ts rename to libs/common/src/vault/tasks/models/security-task.ts diff --git a/libs/vault/src/tasks/services/default-task.service.spec.ts b/libs/common/src/vault/tasks/services/default-task.service.spec.ts similarity index 80% rename from libs/vault/src/tasks/services/default-task.service.spec.ts rename to libs/common/src/vault/tasks/services/default-task.service.spec.ts index c6b74f82909..c38fa0e9e72 100644 --- a/libs/vault/src/tasks/services/default-task.service.spec.ts +++ b/libs/common/src/vault/tasks/services/default-task.service.spec.ts @@ -1,19 +1,18 @@ -import { TestBed } from "@angular/core/testing"; import { BehaviorSubject, firstValueFrom } from "rxjs"; import { ApiService } from "@bitwarden/common/abstractions/api.service"; import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction"; import { Organization } from "@bitwarden/common/admin-console/models/domain/organization"; import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service"; -import { StateProvider } from "@bitwarden/common/platform/state"; import { SecurityTaskId, UserId } from "@bitwarden/common/types/guid"; -import { DefaultTaskService, SecurityTaskStatus } from "@bitwarden/vault"; -import { FakeStateProvider, mockAccountServiceWith } from "../../../../common/spec"; -import { SecurityTaskData } from "../models/security-task.data"; -import { SecurityTaskResponse } from "../models/security-task.response"; +import { FakeStateProvider, mockAccountServiceWith } from "../../../../spec"; +import { SecurityTaskStatus } from "../enums"; +import { SecurityTaskData, SecurityTaskResponse } from "../models"; import { SECURITY_TASKS } from "../state/security-task.state"; +import { DefaultTaskService } from "./default-task.service"; + describe("Default task service", () => { let fakeStateProvider: FakeStateProvider; @@ -21,7 +20,7 @@ describe("Default task service", () => { const mockGetAllOrgs$ = jest.fn(); const mockGetFeatureFlag$ = jest.fn(); - let testBed: TestBed; + let service: DefaultTaskService; beforeEach(async () => { mockApiSend.mockClear(); @@ -29,34 +28,12 @@ describe("Default task service", () => { mockGetFeatureFlag$.mockClear(); fakeStateProvider = new FakeStateProvider(mockAccountServiceWith("user-id" as UserId)); - testBed = TestBed.configureTestingModule({ - imports: [], - providers: [ - DefaultTaskService, - { - provide: ConfigService, - useValue: { - getFeatureFlag$: mockGetFeatureFlag$, - }, - }, - { - provide: StateProvider, - useValue: fakeStateProvider, - }, - { - provide: ApiService, - useValue: { - send: mockApiSend, - }, - }, - { - provide: OrganizationService, - useValue: { - organizations$: mockGetAllOrgs$, - }, - }, - ], - }); + service = new DefaultTaskService( + fakeStateProvider, + { send: mockApiSend } as unknown as ApiService, + { organizations$: mockGetAllOrgs$ } as unknown as OrganizationService, + { getFeatureFlag$: mockGetFeatureFlag$ } as unknown as ConfigService, + ); }); describe("tasksEnabled$", () => { @@ -73,7 +50,7 @@ describe("Default task service", () => { ] as Organization[]), ); - const { tasksEnabled$ } = testBed.inject(DefaultTaskService); + const { tasksEnabled$ } = service; const result = await firstValueFrom(tasksEnabled$("user-id" as UserId)); @@ -93,7 +70,7 @@ describe("Default task service", () => { ] as Organization[]), ); - const { tasksEnabled$ } = testBed.inject(DefaultTaskService); + const { tasksEnabled$ } = service; const result = await firstValueFrom(tasksEnabled$("user-id" as UserId)); @@ -110,7 +87,7 @@ describe("Default task service", () => { ] as Organization[]), ); - const { tasksEnabled$ } = testBed.inject(DefaultTaskService); + const { tasksEnabled$ } = service; const result = await firstValueFrom(tasksEnabled$("user-id" as UserId)); @@ -130,7 +107,7 @@ describe("Default task service", () => { fakeStateProvider.singleUser.mockFor("user-id" as UserId, SECURITY_TASKS, null as any); - const { tasks$ } = testBed.inject(DefaultTaskService); + const { tasks$ } = service; const result = await firstValueFrom(tasks$("user-id" as UserId)); @@ -145,7 +122,7 @@ describe("Default task service", () => { } as SecurityTaskData, ]); - const { tasks$ } = testBed.inject(DefaultTaskService); + const { tasks$ } = service; const result = await firstValueFrom(tasks$("user-id" as UserId)); @@ -154,7 +131,7 @@ describe("Default task service", () => { }); it("should share the same observable for the same user", async () => { - const { tasks$ } = testBed.inject(DefaultTaskService); + const { tasks$ } = service; const first = tasks$("user-id" as UserId); const second = tasks$("user-id" as UserId); @@ -176,7 +153,7 @@ describe("Default task service", () => { }, ] as SecurityTaskData[]); - const { pendingTasks$ } = testBed.inject(DefaultTaskService); + const { pendingTasks$ } = service; const result = await firstValueFrom(pendingTasks$("user-id" as UserId)); @@ -195,8 +172,6 @@ describe("Default task service", () => { ] as SecurityTaskResponse[], }); - const service = testBed.inject(DefaultTaskService); - await service.refreshTasks("user-id" as UserId); expect(mockApiSend).toHaveBeenCalledWith("GET", "/tasks", null, true, true); @@ -217,8 +192,6 @@ describe("Default task service", () => { null as any, ); - const service = testBed.inject(DefaultTaskService); - await service.refreshTasks("user-id" as UserId); expect(mock.nextMock).toHaveBeenCalledWith([ @@ -237,8 +210,6 @@ describe("Default task service", () => { } as SecurityTaskData, ]); - const service = testBed.inject(DefaultTaskService); - await service.clear("user-id" as UserId); expect(mock.nextMock).toHaveBeenCalledWith([]); @@ -247,8 +218,6 @@ describe("Default task service", () => { describe("markAsComplete()", () => { it("should send an API request to mark the task as complete", async () => { - const service = testBed.inject(DefaultTaskService); - await service.markAsComplete("task-id" as SecurityTaskId, "user-id" as UserId); expect(mockApiSend).toHaveBeenCalledWith( @@ -278,8 +247,6 @@ describe("Default task service", () => { } as SecurityTaskData, ]); - const service = testBed.inject(DefaultTaskService); - await service.markAsComplete("task-id" as SecurityTaskId, "user-id" as UserId); expect(mockApiSend).toHaveBeenCalledWith("GET", "/tasks", null, true, true); diff --git a/libs/vault/src/tasks/services/default-task.service.ts b/libs/common/src/vault/tasks/services/default-task.service.ts similarity index 92% rename from libs/vault/src/tasks/services/default-task.service.ts rename to libs/common/src/vault/tasks/services/default-task.service.ts index b6d0ff77e9d..ff370229663 100644 --- a/libs/vault/src/tasks/services/default-task.service.ts +++ b/libs/common/src/vault/tasks/services/default-task.service.ts @@ -1,4 +1,3 @@ -import { Injectable } from "@angular/core"; import { combineLatest, map, switchMap } from "rxjs"; import { ApiService } from "@bitwarden/common/abstractions/api.service"; @@ -8,14 +7,13 @@ import { ListResponse } from "@bitwarden/common/models/response/list.response"; import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service"; import { StateProvider } from "@bitwarden/common/platform/state"; import { SecurityTaskId, UserId } from "@bitwarden/common/types/guid"; -import { SecurityTask, SecurityTaskStatus, TaskService } from "@bitwarden/vault"; import { filterOutNullish, perUserCache$ } from "../../utils/observable-utilities"; -import { SecurityTaskData } from "../models/security-task.data"; -import { SecurityTaskResponse } from "../models/security-task.response"; +import { TaskService } from "../abstractions/task.service"; +import { SecurityTaskStatus } from "../enums"; +import { SecurityTask, SecurityTaskData, SecurityTaskResponse } from "../models"; import { SECURITY_TASKS } from "../state/security-task.state"; -@Injectable() export class DefaultTaskService implements TaskService { constructor( private stateProvider: StateProvider, diff --git a/libs/vault/src/tasks/state/security-task.state.ts b/libs/common/src/vault/tasks/state/security-task.state.ts similarity index 100% rename from libs/vault/src/tasks/state/security-task.state.ts rename to libs/common/src/vault/tasks/state/security-task.state.ts diff --git a/libs/vault/src/utils/observable-utilities.ts b/libs/common/src/vault/utils/observable-utilities.ts similarity index 100% rename from libs/vault/src/utils/observable-utilities.ts rename to libs/common/src/vault/utils/observable-utilities.ts diff --git a/libs/vault/src/cipher-view/cipher-view.component.ts b/libs/vault/src/cipher-view/cipher-view.component.ts index 57c2b4dbae4..657c0d11527 100644 --- a/libs/vault/src/cipher-view/cipher-view.component.ts +++ b/libs/vault/src/cipher-view/cipher-view.component.ts @@ -20,10 +20,10 @@ import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.servi import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction"; import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view"; import { FolderView } from "@bitwarden/common/vault/models/view/folder.view"; +import { SecurityTaskType, TaskService } from "@bitwarden/common/vault/tasks"; import { AnchorLinkDirective, CalloutModule, SearchModule } from "@bitwarden/components"; import { ChangeLoginPasswordService } from "../abstractions/change-login-password.service"; -import { TaskService, SecurityTaskType } from "../tasks"; import { AdditionalOptionsComponent } from "./additional-options/additional-options.component"; import { AttachmentsV2ViewComponent } from "./attachments/attachments-v2-view.component"; diff --git a/libs/vault/src/index.ts b/libs/vault/src/index.ts index f359b7289ae..12f3ddbf805 100644 --- a/libs/vault/src/index.ts +++ b/libs/vault/src/index.ts @@ -6,8 +6,6 @@ export { OrgIconDirective } from "./components/org-icon.directive"; export { CanDeleteCipherDirective } from "./components/can-delete-cipher.directive"; export { DarkImageSourceDirective } from "./components/dark-image-source.directive"; -export * from "./utils/observable-utilities"; - export * from "./cipher-view"; export * from "./cipher-form"; export { @@ -25,7 +23,6 @@ export * from "./components/add-edit-folder-dialog/add-edit-folder-dialog.compon export * from "./components/carousel"; export * as VaultIcons from "./icons"; -export * from "./tasks"; export * from "./notifications"; export { DefaultSshImportPromptService } from "./services/default-ssh-import-prompt.service"; diff --git a/libs/vault/src/notifications/services/default-end-user-notification.service.ts b/libs/vault/src/notifications/services/default-end-user-notification.service.ts index 404cb7c75c7..471ed0e5856 100644 --- a/libs/vault/src/notifications/services/default-end-user-notification.service.ts +++ b/libs/vault/src/notifications/services/default-end-user-notification.service.ts @@ -7,8 +7,11 @@ import { ListResponse } from "@bitwarden/common/models/response/list.response"; import { NotificationsService } from "@bitwarden/common/platform/notifications"; import { StateProvider } from "@bitwarden/common/platform/state"; import { UserId } from "@bitwarden/common/types/guid"; +import { + filterOutNullish, + perUserCache$, +} from "@bitwarden/common/vault/utils/observable-utilities"; -import { filterOutNullish, perUserCache$ } from "../../utils/observable-utilities"; import { EndUserNotificationService } from "../abstractions/end-user-notification.service"; import { NotificationView, NotificationViewData, NotificationViewResponse } from "../models"; import { NOTIFICATIONS } from "../state/end-user-notification.state"; From 0f204677fbdc094b731ef86fa08530c392af1f9a Mon Sep 17 00:00:00 2001 From: Nick Krantz <125900171+nick-livefront@users.noreply.github.com> Date: Tue, 1 Apr 2025 10:24:36 -0500 Subject: [PATCH 021/104] [PM-18919] Browser Prompt - Show manual error state (#13776) * show manual open error state if opening via button doesn't work * shorten manual error timeout * remove commented line --- ...browser-extension-prompt.component.spec.ts | 13 ++++++++- .../browser-extension-prompt.component.ts | 2 +- .../browser-extension-prompt.service.spec.ts | 27 +++++++++++++++++++ .../browser-extension-prompt.service.ts | 12 ++++++++- 4 files changed, 51 insertions(+), 3 deletions(-) diff --git a/apps/web/src/app/vault/components/browser-extension-prompt/browser-extension-prompt.component.spec.ts b/apps/web/src/app/vault/components/browser-extension-prompt/browser-extension-prompt.component.spec.ts index 0bea6c186eb..ee81ff5237b 100644 --- a/apps/web/src/app/vault/components/browser-extension-prompt/browser-extension-prompt.component.spec.ts +++ b/apps/web/src/app/vault/components/browser-extension-prompt/browser-extension-prompt.component.spec.ts @@ -15,12 +15,14 @@ describe("BrowserExtensionPromptComponent", () => { let fixture: ComponentFixture; let component: BrowserExtensionPromptComponent; const start = jest.fn(); + const openExtension = jest.fn(); const pageState$ = new BehaviorSubject(BrowserPromptState.Loading); const setAttribute = jest.fn(); const getAttribute = jest.fn().mockReturnValue("width=1010"); beforeEach(async () => { start.mockClear(); + openExtension.mockClear(); setAttribute.mockClear(); getAttribute.mockClear(); @@ -39,7 +41,7 @@ describe("BrowserExtensionPromptComponent", () => { providers: [ { provide: BrowserExtensionPromptService, - useValue: { start, pageState$ }, + useValue: { start, openExtension, pageState$ }, }, { provide: I18nService, @@ -83,6 +85,15 @@ describe("BrowserExtensionPromptComponent", () => { const errorText = fixture.debugElement.query(By.css("p")).nativeElement; expect(errorText.textContent.trim()).toBe("openingExtensionError"); }); + + it("opens extension on button click", () => { + const button = fixture.debugElement.query(By.css("button")).nativeElement; + + button.click(); + + expect(openExtension).toHaveBeenCalledTimes(1); + expect(openExtension).toHaveBeenCalledWith(true); + }); }); describe("success state", () => { diff --git a/apps/web/src/app/vault/components/browser-extension-prompt/browser-extension-prompt.component.ts b/apps/web/src/app/vault/components/browser-extension-prompt/browser-extension-prompt.component.ts index 4d3a5fa07dd..9800d0c64fe 100644 --- a/apps/web/src/app/vault/components/browser-extension-prompt/browser-extension-prompt.component.ts +++ b/apps/web/src/app/vault/components/browser-extension-prompt/browser-extension-prompt.component.ts @@ -61,6 +61,6 @@ export class BrowserExtensionPromptComponent implements OnInit, OnDestroy { } openExtension(): void { - this.browserExtensionPromptService.openExtension(); + this.browserExtensionPromptService.openExtension(true); } } diff --git a/apps/web/src/app/vault/services/browser-extension-prompt.service.spec.ts b/apps/web/src/app/vault/services/browser-extension-prompt.service.spec.ts index 647af007eca..3114547df1d 100644 --- a/apps/web/src/app/vault/services/browser-extension-prompt.service.spec.ts +++ b/apps/web/src/app/vault/services/browser-extension-prompt.service.spec.ts @@ -169,5 +169,32 @@ describe("BrowserExtensionPromptService", () => { pageTitle: { key: "somethingWentWrong" }, }); }); + + it("sets manual open state when open extension is called", (done) => { + service.openExtension(true); + + jest.advanceTimersByTime(1000); + + service.pageState$.subscribe((state) => { + expect(state).toBe(BrowserPromptState.ManualOpen); + done(); + }); + }); + + it("shows success state when extension auto opens", (done) => { + service.openExtension(true); + + jest.advanceTimersByTime(500); // don't let timeout occur + + window.dispatchEvent( + new MessageEvent("message", { data: { command: VaultMessages.PopupOpened } }), + ); + + service.pageState$.subscribe((state) => { + expect(state).toBe(BrowserPromptState.Success); + expect(service["extensionCheckTimeout"]).toBeUndefined(); + done(); + }); + }); }); }); diff --git a/apps/web/src/app/vault/services/browser-extension-prompt.service.ts b/apps/web/src/app/vault/services/browser-extension-prompt.service.ts index fec27758d3c..d59175d4e73 100644 --- a/apps/web/src/app/vault/services/browser-extension-prompt.service.ts +++ b/apps/web/src/app/vault/services/browser-extension-prompt.service.ts @@ -54,8 +54,18 @@ export class BrowserExtensionPromptService { } /** Post a message to the extension to open */ - openExtension() { + openExtension(setManualErrorTimeout = false) { window.postMessage({ command: VaultMessages.OpenPopup }); + + // Optionally, configure timeout to show the manual open error state if + // the extension does not open within one second. + if (setManualErrorTimeout) { + this.clearExtensionCheckTimeout(); + + this.extensionCheckTimeout = window.setTimeout(() => { + this.setErrorState(BrowserPromptState.ManualOpen); + }, 750); + } } /** Send message checking for the browser extension */ From 575e8b691fee9ba00199da92948953aa9d0fc539 Mon Sep 17 00:00:00 2001 From: Vicki League Date: Tue, 1 Apr 2025 11:34:04 -0400 Subject: [PATCH 022/104] [CL-570] Deprecate old icons (#13663) --- .../app/tools/send/add-edit.component.html | 9 +- .../src/app/tools/send/send.component.html | 2 +- apps/desktop/src/locales/en/messages.json | 3 + .../vault/app/vault/add-edit.component.html | 16 +- .../app/vault/attachments.component.html | 13 +- .../app/vault/collections.component.html | 13 +- .../app/vault/folder-add-edit.component.html | 13 +- .../src/vault/app/vault/share.component.html | 7 +- .../vault/view-custom-fields.component.html | 30 +-- .../src/vault/app/vault/view.component.html | 2 +- .../guards/is-enterprise-org.guard.ts | 2 +- .../organizations/guards/is-paid-org.guard.ts | 2 +- .../organization-layout.component.html | 2 +- .../delete-managed-member-warning.service.ts | 2 +- .../policies/reset-password.component.html | 2 +- .../change-plan-dialog.component.ts | 3 +- .../organization-payment-method.component.ts | 3 +- .../shared/billing-history.component.html | 8 +- .../shared/billing-history.component.ts | 2 +- .../shared/payment-method.component.ts | 3 +- .../shared/payment/payment.component.html | 2 +- apps/web/src/app/core/event.service.ts | 40 ++-- .../app/settings/domain-rules.component.html | 8 +- .../onboarding/onboarding.component.html | 1 - .../src/app/tools/send/send.component.html | 2 +- .../vault-cipher-row.component.html | 2 +- .../individual-vault/add-edit.component.html | 2 +- .../organization-options.component.html | 2 - .../providers/providers-layout.component.html | 4 +- .../clients/manage-clients.component.html | 2 +- .../provider-subscription.component.ts | 3 +- .../layout/navigation.component.html | 2 +- .../shared/new-menu.component.html | 2 +- .../invoices/invoices.component.html | 2 +- libs/components/src/stories/icons.mdx | 202 ++++++------------ 35 files changed, 149 insertions(+), 264 deletions(-) diff --git a/apps/desktop/src/app/tools/send/add-edit.component.html b/apps/desktop/src/app/tools/send/add-edit.component.html index 3d8231d07ce..0bf2e1778e0 100644 --- a/apps/desktop/src/app/tools/send/add-edit.component.html +++ b/apps/desktop/src/app/tools/send/add-edit.component.html @@ -282,14 +282,9 @@
-