From 65074b0d12d261d99c1c7f420a92069a20a2e144 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Garc=C3=ADa?=
 <dani-garcia@users.noreply.github.com>
Date: Mon, 28 Oct 2024 14:52:45 +0100
Subject: [PATCH 01/39] Initialize SDK even when orgKeys is null (#11748)

---
 .../src/platform/services/sdk/default-sdk.service.ts     | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/libs/common/src/platform/services/sdk/default-sdk.service.ts b/libs/common/src/platform/services/sdk/default-sdk.service.ts
index adea07becc7..a1617315448 100644
--- a/libs/common/src/platform/services/sdk/default-sdk.service.ts
+++ b/libs/common/src/platform/services/sdk/default-sdk.service.ts
@@ -96,7 +96,7 @@ export class DefaultSdkService implements SdkService {
           let client: BitwardenClient;
 
           const createAndInitializeClient = async () => {
-            if (privateKey == null || userKey == null || orgKeys == null) {
+            if (privateKey == null || userKey == null) {
               return undefined;
             }
 
@@ -150,7 +150,7 @@ export class DefaultSdkService implements SdkService {
     kdfParams: KdfConfig,
     privateKey: EncryptedString,
     userKey: UserKey,
-    orgKeys: Record<OrganizationId, EncryptedOrganizationKeyData>,
+    orgKeys?: Record<OrganizationId, EncryptedOrganizationKeyData>,
   ) {
     await client.crypto().initialize_user_crypto({
       email: account.email,
@@ -169,9 +169,12 @@ export class DefaultSdkService implements SdkService {
             },
       privateKey,
     });
+
+    // We initialize the org crypto even if the org_keys are
+    // null to make sure any existing org keys are cleared.
     await client.crypto().initialize_org_crypto({
       organizationKeys: new Map(
-        Object.entries(orgKeys)
+        Object.entries(orgKeys ?? {})
           .filter(([_, v]) => v.type === "organization")
           .map(([k, v]) => [k, v.key]),
       ),

From 3f3f5cb7f0b3f922153612f5b185bd0d0de8ec41 Mon Sep 17 00:00:00 2001
From: watsondm <129207532+watsondm@users.noreply.github.com>
Date: Mon, 28 Oct 2024 10:43:26 -0400
Subject: [PATCH 02/39] SRE-1060 Add usdev to additional regions config
 (#11612)

---
 apps/web/config/usdev.json | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/apps/web/config/usdev.json b/apps/web/config/usdev.json
index af96a38c6af..c19deba27b1 100644
--- a/apps/web/config/usdev.json
+++ b/apps/web/config/usdev.json
@@ -4,6 +4,15 @@
     "notifications": "https://notifications.usdev.bitwarden.pw",
     "scim": "https://scim.usdev.bitwarden.pw"
   },
+  "additionalRegions": [
+    {
+      "key": "USDEV",
+      "domain": "usdev.bitwarden.pw",
+      "urls": {
+        "webVault": "https://vault.usdev.bitwarden.pw"
+      }
+    }
+  ],
   "flags": {
     "showPasswordless": true
   }

From f4dfd042bb68f1de28beea55aeddebd86eae7acd Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 28 Oct 2024 11:12:43 -0400
Subject: [PATCH 03/39] [deps]: Update uuid to v11 (#11737)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .../native-messaging-test-runner/package-lock.json     | 10 +++++-----
 apps/desktop/native-messaging-test-runner/package.json |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/apps/desktop/native-messaging-test-runner/package-lock.json b/apps/desktop/native-messaging-test-runner/package-lock.json
index b243b51acc9..3b37ecb5f4d 100644
--- a/apps/desktop/native-messaging-test-runner/package-lock.json
+++ b/apps/desktop/native-messaging-test-runner/package-lock.json
@@ -14,7 +14,7 @@
         "module-alias": "2.2.3",
         "node-ipc": "9.2.1",
         "ts-node": "10.9.2",
-        "uuid": "10.0.0",
+        "uuid": "11.0.1",
         "yargs": "17.7.2"
       },
       "devDependencies": {
@@ -421,16 +421,16 @@
       "license": "MIT"
     },
     "node_modules/uuid": {
-      "version": "10.0.0",
-      "resolved": "https://registry.npmjs.org/uuid/-/uuid-10.0.0.tgz",
-      "integrity": "sha512-8XkAphELsDnEGrDxUOHB3RGvXz6TeuYSGEZBOjtTtPm2lwhGBjLgOzLHB63IUWfBpNucQjND6d3AOudO+H3RWQ==",
+      "version": "11.0.1",
+      "resolved": "https://registry.npmjs.org/uuid/-/uuid-11.0.1.tgz",
+      "integrity": "sha512-wt9UB5EcLhnboy1UvA1mvGPXkIIrHSu+3FmUksARfdVw9tuPf3CH/CohxO0Su1ApoKAeT6BVzAJIvjTuQVSmuQ==",
       "funding": [
         "https://github.com/sponsors/broofa",
         "https://github.com/sponsors/ctavan"
       ],
       "license": "MIT",
       "bin": {
-        "uuid": "dist/bin/uuid"
+        "uuid": "dist/esm/bin/uuid"
       }
     },
     "node_modules/v8-compile-cache-lib": {
diff --git a/apps/desktop/native-messaging-test-runner/package.json b/apps/desktop/native-messaging-test-runner/package.json
index ccd480e31b6..ad657d0a98f 100644
--- a/apps/desktop/native-messaging-test-runner/package.json
+++ b/apps/desktop/native-messaging-test-runner/package.json
@@ -19,7 +19,7 @@
     "module-alias": "2.2.3",
     "node-ipc": "9.2.1",
     "ts-node": "10.9.2",
-    "uuid": "10.0.0",
+    "uuid": "11.0.1",
     "yargs": "17.7.2"
   },
   "devDependencies": {

From dd653b5269f469fe97f3e00f0e2a158a8088e24c Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 28 Oct 2024 11:13:21 -0400
Subject: [PATCH 04/39] [deps] Autofill: Update tldts to v6.1.56 (#11728)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 apps/cli/package.json |  2 +-
 package-lock.json     | 18 +++++++++---------
 package.json          |  2 +-
 3 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/apps/cli/package.json b/apps/cli/package.json
index 55bcee689d0..fb9f682f961 100644
--- a/apps/cli/package.json
+++ b/apps/cli/package.json
@@ -80,7 +80,7 @@
     "papaparse": "5.4.1",
     "proper-lockfile": "4.1.2",
     "rxjs": "7.8.1",
-    "tldts": "6.1.52",
+    "tldts": "6.1.56",
     "zxcvbn": "4.4.2"
   }
 }
diff --git a/package-lock.json b/package-lock.json
index f60ec732132..a92dd243112 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -68,7 +68,7 @@
         "qrious": "4.0.2",
         "rxjs": "7.8.1",
         "tabbable": "6.2.0",
-        "tldts": "6.1.52",
+        "tldts": "6.1.56",
         "utf-8-validate": "6.0.4",
         "zone.js": "0.13.3",
         "zxcvbn": "4.4.2"
@@ -225,7 +225,7 @@
         "papaparse": "5.4.1",
         "proper-lockfile": "4.1.2",
         "rxjs": "7.8.1",
-        "tldts": "6.1.52",
+        "tldts": "6.1.56",
         "zxcvbn": "4.4.2"
       },
       "bin": {
@@ -36439,21 +36439,21 @@
       }
     },
     "node_modules/tldts": {
-      "version": "6.1.52",
-      "resolved": "https://registry.npmjs.org/tldts/-/tldts-6.1.52.tgz",
-      "integrity": "sha512-fgrDJXDjbAverY6XnIt0lNfv8A0cf7maTEaZxNykLGsLG7XP+5xhjBTrt/ieAsFjAlZ+G5nmXomLcZDkxXnDzw==",
+      "version": "6.1.56",
+      "resolved": "https://registry.npmjs.org/tldts/-/tldts-6.1.56.tgz",
+      "integrity": "sha512-2PT1oRZCxtsbLi5R2SQjE/v4vvgRggAtVcYj+3Rrcnu2nPZvu7m64+gDa/EsVSWd3QzEc0U0xN+rbEKsJC47kA==",
       "license": "MIT",
       "dependencies": {
-        "tldts-core": "^6.1.52"
+        "tldts-core": "^6.1.56"
       },
       "bin": {
         "tldts": "bin/cli.js"
       }
     },
     "node_modules/tldts-core": {
-      "version": "6.1.52",
-      "resolved": "https://registry.npmjs.org/tldts-core/-/tldts-core-6.1.52.tgz",
-      "integrity": "sha512-j4OxQI5rc1Ve/4m/9o2WhWSC4jGc4uVbCINdOEJRAraCi0YqTqgMcxUx7DbmuP0G3PCixoof/RZB0Q5Kh9tagw==",
+      "version": "6.1.56",
+      "resolved": "https://registry.npmjs.org/tldts-core/-/tldts-core-6.1.56.tgz",
+      "integrity": "sha512-Ihxv/Bwiyj73icTYVgBUkQ3wstlCglLoegSgl64oSrGUBX1hc7Qmf/CnrnJLaQdZrCnTaLqMYOwKMKlkfkFrxQ==",
       "license": "MIT"
     },
     "node_modules/tmp": {
diff --git a/package.json b/package.json
index bf9c8b76735..77cf21e2bae 100644
--- a/package.json
+++ b/package.json
@@ -202,7 +202,7 @@
     "qrious": "4.0.2",
     "rxjs": "7.8.1",
     "tabbable": "6.2.0",
-    "tldts": "6.1.52",
+    "tldts": "6.1.56",
     "utf-8-validate": "6.0.4",
     "zone.js": "0.13.3",
     "zxcvbn": "4.4.2"

From db6c6a84cc69a1d1a607c37787b573bc5641e2de Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 28 Oct 2024 11:13:54 -0400
Subject: [PATCH 05/39] [deps] Platform: Update @types/node to v20.17.1
 (#11733)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .../native-messaging-test-runner/package-lock.json        | 8 ++++----
 apps/desktop/native-messaging-test-runner/package.json    | 2 +-
 package-lock.json                                         | 8 ++++----
 package.json                                              | 2 +-
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/apps/desktop/native-messaging-test-runner/package-lock.json b/apps/desktop/native-messaging-test-runner/package-lock.json
index 3b37ecb5f4d..06c6cd1d2e5 100644
--- a/apps/desktop/native-messaging-test-runner/package-lock.json
+++ b/apps/desktop/native-messaging-test-runner/package-lock.json
@@ -18,7 +18,7 @@
         "yargs": "17.7.2"
       },
       "devDependencies": {
-        "@types/node": "20.16.11",
+        "@types/node": "20.17.1",
         "@types/node-ipc": "9.2.3",
         "typescript": "4.7.4"
       }
@@ -106,9 +106,9 @@
       "license": "MIT"
     },
     "node_modules/@types/node": {
-      "version": "20.16.11",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.16.11.tgz",
-      "integrity": "sha512-y+cTCACu92FyA5fgQSAI8A1H429g7aSK2HsO7K4XYUWc4dY5IUz55JSDIYT6/VsOLfGy8vmvQYC2hfb0iF16Uw==",
+      "version": "20.17.1",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.17.1.tgz",
+      "integrity": "sha512-j2VlPv1NnwPJbaCNv69FO/1z4lId0QmGvpT41YxitRtWlg96g/j8qcv2RKsLKe2F6OJgyXhupN1Xo17b2m139Q==",
       "license": "MIT",
       "dependencies": {
         "undici-types": "~6.19.2"
diff --git a/apps/desktop/native-messaging-test-runner/package.json b/apps/desktop/native-messaging-test-runner/package.json
index ad657d0a98f..0c38902ea4c 100644
--- a/apps/desktop/native-messaging-test-runner/package.json
+++ b/apps/desktop/native-messaging-test-runner/package.json
@@ -23,7 +23,7 @@
     "yargs": "17.7.2"
   },
   "devDependencies": {
-    "@types/node": "20.16.11",
+    "@types/node": "20.17.1",
     "@types/node-ipc": "9.2.3",
     "typescript": "4.7.4"
   },
diff --git a/package-lock.json b/package-lock.json
index a92dd243112..be4bdd07f69 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -110,7 +110,7 @@
         "@types/koa-json": "2.0.23",
         "@types/lowdb": "1.0.15",
         "@types/lunr": "2.3.7",
-        "@types/node": "20.16.11",
+        "@types/node": "20.17.1",
         "@types/node-fetch": "2.6.4",
         "@types/node-forge": "1.3.11",
         "@types/node-ipc": "9.2.3",
@@ -9642,9 +9642,9 @@
       "license": "MIT"
     },
     "node_modules/@types/node": {
-      "version": "20.16.11",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.16.11.tgz",
-      "integrity": "sha512-y+cTCACu92FyA5fgQSAI8A1H429g7aSK2HsO7K4XYUWc4dY5IUz55JSDIYT6/VsOLfGy8vmvQYC2hfb0iF16Uw==",
+      "version": "20.17.1",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.17.1.tgz",
+      "integrity": "sha512-j2VlPv1NnwPJbaCNv69FO/1z4lId0QmGvpT41YxitRtWlg96g/j8qcv2RKsLKe2F6OJgyXhupN1Xo17b2m139Q==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
diff --git a/package.json b/package.json
index 77cf21e2bae..a27397e61c6 100644
--- a/package.json
+++ b/package.json
@@ -71,7 +71,7 @@
     "@types/koa-json": "2.0.23",
     "@types/lowdb": "1.0.15",
     "@types/lunr": "2.3.7",
-    "@types/node": "20.16.11",
+    "@types/node": "20.17.1",
     "@types/node-fetch": "2.6.4",
     "@types/node-forge": "1.3.11",
     "@types/node-ipc": "9.2.3",

From 2a956744bdb8057fb33c2b8fae6db277e0bc18a7 Mon Sep 17 00:00:00 2001
From: Brandon Treston <btreston@bitwarden.com>
Date: Mon, 28 Oct 2024 11:24:14 -0400
Subject: [PATCH 06/39] [PM-13645] Fix invite counter to check remaining number
 of seats in plan (#11577)

* Fix invite counter to check remaining number of seats in plan

* Remove redundant async pipe subscriptions
---
 .../member-dialog/member-dialog.component.html        | 11 ++++++-----
 .../member-dialog/member-dialog.component.ts          |  5 +++++
 apps/web/src/locales/en/messages.json                 |  3 +++
 3 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/apps/web/src/app/admin-console/organizations/members/components/member-dialog/member-dialog.component.html b/apps/web/src/app/admin-console/organizations/members/components/member-dialog/member-dialog.component.html
index 2c5daf93c6f..a8ecf255f33 100644
--- a/apps/web/src/app/admin-console/organizations/members/components/member-dialog/member-dialog.component.html
+++ b/apps/web/src/app/admin-console/organizations/members/components/member-dialog/member-dialog.component.html
@@ -23,14 +23,15 @@
         <bit-tab [label]="'role' | i18n">
           <ng-container *ngIf="!editMode">
             <p bitTypography="body1">{{ "inviteUserDesc" | i18n }}</p>
-            <bit-form-field>
+            <bit-form-field *ngIf="remainingSeats$ | async as remainingSeats">
               <bit-label>{{ "email" | i18n }}</bit-label>
               <input id="emails" type="text" appAutoFocus bitInput formControlName="emails" />
-              <bit-hint>{{
-                "inviteMultipleEmailDesc"
-                  | i18n
-                    : (organization.productTierType === ProductTierType.TeamsStarter ? "10" : "20")
+              <bit-hint *ngIf="remainingSeats > 1; else singleSeat">{{
+                "inviteMultipleEmailDesc" | i18n: remainingSeats
               }}</bit-hint>
+              <ng-template #singleSeat>
+                <bit-hint>{{ "inviteSingleEmailDesc" | i18n: remainingSeats }}</bit-hint>
+              </ng-template>
             </bit-form-field>
           </ng-container>
           <bit-radio-group formControlName="type">
diff --git a/apps/web/src/app/admin-console/organizations/members/components/member-dialog/member-dialog.component.ts b/apps/web/src/app/admin-console/organizations/members/components/member-dialog/member-dialog.component.ts
index 8df40e35fef..4a95c9cb9cb 100644
--- a/apps/web/src/app/admin-console/organizations/members/components/member-dialog/member-dialog.component.ts
+++ b/apps/web/src/app/admin-console/organizations/members/components/member-dialog/member-dialog.component.ts
@@ -89,6 +89,7 @@ export class MemberDialogComponent implements OnDestroy {
   PermissionMode = PermissionMode;
   showNoMasterPasswordWarning = false;
   isOnSecretsManagerStandalone: boolean;
+  remainingSeats$: Observable<number>;
 
   protected organization$: Observable<Organization>;
   protected collectionAccessItems: AccessItemView[] = [];
@@ -250,6 +251,10 @@ export class MemberDialogComponent implements OnDestroy {
 
         this.loading = false;
       });
+
+    this.remainingSeats$ = this.organization$.pipe(
+      map((organization) => organization.seats - this.params.numConfirmedMembers),
+    );
   }
 
   private setFormValidators(organization: Organization) {
diff --git a/apps/web/src/locales/en/messages.json b/apps/web/src/locales/en/messages.json
index 9ea33149de8..dc1722bc7a8 100644
--- a/apps/web/src/locales/en/messages.json
+++ b/apps/web/src/locales/en/messages.json
@@ -3214,6 +3214,9 @@
       }
     }
   },
+  "inviteSingleEmailDesc": {
+    "message": "You have 1 invite remaining."
+  },
   "userUsingTwoStep": {
     "message": "This user is using two-step login to protect their account."
   },

From f86bc9bf28af22dc39123316f4aa8921d90498b3 Mon Sep 17 00:00:00 2001
From: Brandon Treston <btreston@bitwarden.com>
Date: Mon, 28 Oct 2024 11:58:16 -0400
Subject: [PATCH 07/39] [PM-13651] migrate verify recover delete provider
 component (#11586)

* Refactor VerifyRevocerDeleteProvider component to use component library

* Remove components form loose-components.module

* Refactor submit function definition into expression

* Move module out of oss, implement AnonLayoutComponentWrapper route

* Add type to button

* Remove try/catch with error logging

* remove logger service, remove formPromise field
---
 ...ify-recover-delete-provider.component.html | 34 -------------------
 apps/web/src/app/oss-routing.module.ts        |  7 ----
 .../src/app/shared/loose-components.module.ts |  6 ----
 .../providers/providers-routing.module.ts     |  2 +-
 .../providers/providers.component.html        |  0
 .../providers/providers.component.ts          |  0
 .../providers/providers.module.ts             |  4 +++
 ...ify-recover-delete-provider.component.html | 15 ++++++++
 ...erify-recover-delete-provider.component.ts | 33 ++++++------------
 .../bit-web/src/app/app-routing.module.ts     | 16 +++++++++
 10 files changed, 46 insertions(+), 71 deletions(-)
 delete mode 100644 apps/web/src/app/admin-console/providers/verify-recover-delete-provider.component.html
 rename {apps/web => bitwarden_license/bit-web}/src/app/admin-console/providers/providers.component.html (100%)
 rename {apps/web => bitwarden_license/bit-web}/src/app/admin-console/providers/providers.component.ts (100%)
 create mode 100644 bitwarden_license/bit-web/src/app/admin-console/providers/verify-recover-delete-provider.component.html
 rename {apps/web => bitwarden_license/bit-web}/src/app/admin-console/providers/verify-recover-delete-provider.component.ts (63%)

diff --git a/apps/web/src/app/admin-console/providers/verify-recover-delete-provider.component.html b/apps/web/src/app/admin-console/providers/verify-recover-delete-provider.component.html
deleted file mode 100644
index a287a537a4d..00000000000
--- a/apps/web/src/app/admin-console/providers/verify-recover-delete-provider.component.html
+++ /dev/null
@@ -1,34 +0,0 @@
-<form #form (ngSubmit)="submit()" [appApiAction]="formPromise" class="container" ngNativeValidate>
-  <div class="row justify-content-md-center mt-5">
-    <div class="col-5">
-      <p class="lead text-center mb-4">{{ "deleteProvider" | i18n }}</p>
-      <div class="card">
-        <div class="card-body">
-          <app-callout type="warning">{{ "deleteProviderWarning" | i18n }}</app-callout>
-          <p class="text-center">
-            <strong>{{ name }}</strong>
-          </p>
-          <p>{{ "deleteProviderRecoverConfirmDesc" | i18n }}</p>
-          <hr />
-          <div class="d-flex">
-            <button
-              type="submit"
-              class="btn btn-danger btn-block btn-submit"
-              [disabled]="form.loading"
-            >
-              <span>{{ "deleteProvider" | i18n }}</span>
-              <i
-                class="bwi bwi-spinner bwi-spin"
-                title="{{ 'loading' | i18n }}"
-                aria-hidden="true"
-              ></i>
-            </button>
-            <a routerLink="/login" class="btn btn-outline-secondary btn-block ml-2 mt-0">
-              {{ "cancel" | i18n }}
-            </a>
-          </div>
-        </div>
-      </div>
-    </div>
-  </div>
-</form>
diff --git a/apps/web/src/app/oss-routing.module.ts b/apps/web/src/app/oss-routing.module.ts
index b3a8db20028..71d26030b03 100644
--- a/apps/web/src/app/oss-routing.module.ts
+++ b/apps/web/src/app/oss-routing.module.ts
@@ -40,7 +40,6 @@ import { flagEnabled, Flags } from "../utils/flags";
 import { VerifyRecoverDeleteOrgComponent } from "./admin-console/organizations/manage/verify-recover-delete-org.component";
 import { AcceptFamilySponsorshipComponent } from "./admin-console/organizations/sponsorships/accept-family-sponsorship.component";
 import { FamiliesForEnterpriseSetupComponent } from "./admin-console/organizations/sponsorships/families-for-enterprise-setup.component";
-import { VerifyRecoverDeleteProviderComponent } from "./admin-console/providers/verify-recover-delete-provider.component";
 import { CreateOrganizationComponent } from "./admin-console/settings/create-organization.component";
 import { deepLinkGuard } from "./auth/guards/deep-link.guard";
 import { HintComponent } from "./auth/hint.component";
@@ -156,12 +155,6 @@ const routes: Routes = [
         canActivate: [unauthGuardFn()],
         data: { titleId: "deleteOrganization" },
       },
-      {
-        path: "verify-recover-delete-provider",
-        component: VerifyRecoverDeleteProviderComponent,
-        canActivate: [unauthGuardFn()],
-        data: { titleId: "deleteAccount" } satisfies RouteDataProperties,
-      },
       {
         path: "update-temp-password",
         component: UpdateTempPasswordComponent,
diff --git a/apps/web/src/app/shared/loose-components.module.ts b/apps/web/src/app/shared/loose-components.module.ts
index 638a523cd4f..a238f2110ce 100644
--- a/apps/web/src/app/shared/loose-components.module.ts
+++ b/apps/web/src/app/shared/loose-components.module.ts
@@ -17,8 +17,6 @@ import { InactiveTwoFactorReportComponent as OrgInactiveTwoFactorReportComponent
 import { ReusedPasswordsReportComponent as OrgReusedPasswordsReportComponent } from "../admin-console/organizations/tools/reused-passwords-report.component";
 import { UnsecuredWebsitesReportComponent as OrgUnsecuredWebsitesReportComponent } from "../admin-console/organizations/tools/unsecured-websites-report.component";
 import { WeakPasswordsReportComponent as OrgWeakPasswordsReportComponent } from "../admin-console/organizations/tools/weak-passwords-report.component";
-import { ProvidersComponent } from "../admin-console/providers/providers.component";
-import { VerifyRecoverDeleteProviderComponent } from "../admin-console/providers/verify-recover-delete-provider.component";
 import { HintComponent } from "../auth/hint.component";
 import { RecoverDeleteComponent } from "../auth/recover-delete.component";
 import { RecoverTwoFactorComponent } from "../auth/recover-two-factor.component";
@@ -149,7 +147,6 @@ import { SharedModule } from "./shared.module";
     PremiumBadgeComponent,
     ProfileComponent,
     ChangeAvatarDialogComponent,
-    ProvidersComponent,
     PurgeVaultComponent,
     RecoverDeleteComponent,
     RecoverTwoFactorComponent,
@@ -176,7 +173,6 @@ import { SharedModule } from "./shared.module";
     UpdateTempPasswordComponent,
     VerifyEmailTokenComponent,
     VerifyRecoverDeleteComponent,
-    VerifyRecoverDeleteProviderComponent,
   ],
   exports: [
     UserVerificationModule,
@@ -218,7 +214,6 @@ import { SharedModule } from "./shared.module";
     PremiumBadgeComponent,
     ProfileComponent,
     ChangeAvatarDialogComponent,
-    ProvidersComponent,
     PurgeVaultComponent,
     RecoverDeleteComponent,
     RecoverTwoFactorComponent,
@@ -246,7 +241,6 @@ import { SharedModule } from "./shared.module";
     UserLayoutComponent,
     VerifyEmailTokenComponent,
     VerifyRecoverDeleteComponent,
-    VerifyRecoverDeleteProviderComponent,
     HeaderModule,
     DangerZoneComponent,
   ],
diff --git a/bitwarden_license/bit-web/src/app/admin-console/providers/providers-routing.module.ts b/bitwarden_license/bit-web/src/app/admin-console/providers/providers-routing.module.ts
index 55c22ec4cea..00c944e69bb 100644
--- a/bitwarden_license/bit-web/src/app/admin-console/providers/providers-routing.module.ts
+++ b/bitwarden_license/bit-web/src/app/admin-console/providers/providers-routing.module.ts
@@ -4,7 +4,6 @@ import { RouterModule, Routes } from "@angular/router";
 import { authGuard } from "@bitwarden/angular/auth/guards";
 import { AnonLayoutWrapperComponent } from "@bitwarden/auth/angular";
 import { Provider } from "@bitwarden/common/admin-console/models/domain/provider";
-import { ProvidersComponent } from "@bitwarden/web-vault/app/admin-console/providers/providers.component";
 import { FrontendLayoutComponent } from "@bitwarden/web-vault/app/layouts/frontend-layout.component";
 import { UserLayoutComponent } from "@bitwarden/web-vault/app/layouts/user-layout.component";
 
@@ -22,6 +21,7 @@ import { AcceptProviderComponent } from "./manage/accept-provider.component";
 import { EventsComponent } from "./manage/events.component";
 import { MembersComponent } from "./manage/members.component";
 import { ProvidersLayoutComponent } from "./providers-layout.component";
+import { ProvidersComponent } from "./providers.component";
 import { AccountComponent } from "./settings/account.component";
 import { SetupProviderComponent } from "./setup/setup-provider.component";
 import { SetupComponent } from "./setup/setup.component";
diff --git a/apps/web/src/app/admin-console/providers/providers.component.html b/bitwarden_license/bit-web/src/app/admin-console/providers/providers.component.html
similarity index 100%
rename from apps/web/src/app/admin-console/providers/providers.component.html
rename to bitwarden_license/bit-web/src/app/admin-console/providers/providers.component.html
diff --git a/apps/web/src/app/admin-console/providers/providers.component.ts b/bitwarden_license/bit-web/src/app/admin-console/providers/providers.component.ts
similarity index 100%
rename from apps/web/src/app/admin-console/providers/providers.component.ts
rename to bitwarden_license/bit-web/src/app/admin-console/providers/providers.component.ts
diff --git a/bitwarden_license/bit-web/src/app/admin-console/providers/providers.module.ts b/bitwarden_license/bit-web/src/app/admin-console/providers/providers.module.ts
index b6c7125c48c..80108e66eda 100644
--- a/bitwarden_license/bit-web/src/app/admin-console/providers/providers.module.ts
+++ b/bitwarden_license/bit-web/src/app/admin-console/providers/providers.module.ts
@@ -32,10 +32,12 @@ import { MembersComponent } from "./manage/members.component";
 import { UserAddEditComponent } from "./manage/user-add-edit.component";
 import { ProvidersLayoutComponent } from "./providers-layout.component";
 import { ProvidersRoutingModule } from "./providers-routing.module";
+import { ProvidersComponent } from "./providers.component";
 import { WebProviderService } from "./services/web-provider.service";
 import { AccountComponent } from "./settings/account.component";
 import { SetupProviderComponent } from "./setup/setup-provider.component";
 import { SetupComponent } from "./setup/setup.component";
+import { VerifyRecoverDeleteProviderComponent } from "./verify-recover-delete-provider.component";
 
 @NgModule({
   imports: [
@@ -73,6 +75,8 @@ import { SetupComponent } from "./setup/setup.component";
     ProviderBillingHistoryComponent,
     ProviderSubscriptionComponent,
     ProviderSubscriptionStatusComponent,
+    ProvidersComponent,
+    VerifyRecoverDeleteProviderComponent,
   ],
   providers: [WebProviderService],
 })
diff --git a/bitwarden_license/bit-web/src/app/admin-console/providers/verify-recover-delete-provider.component.html b/bitwarden_license/bit-web/src/app/admin-console/providers/verify-recover-delete-provider.component.html
new file mode 100644
index 00000000000..116e1660d7a
--- /dev/null
+++ b/bitwarden_license/bit-web/src/app/admin-console/providers/verify-recover-delete-provider.component.html
@@ -0,0 +1,15 @@
+<p class="lead tw-text-center tw-mb-4">{{ "deleteProvider" | i18n }}</p>
+<app-callout type="warning">{{ "deleteProviderWarning" | i18n }}</app-callout>
+<p class="tw-text-center">
+  <strong>{{ name }}</strong>
+</p>
+<p>{{ "deleteProviderRecoverConfirmDesc" | i18n }}</p>
+<hr />
+<div class="tw-flex">
+  <button bitButton [bitAction]="submit" buttonType="danger" type="button" [block]="true">
+    <span>{{ "deleteProvider" | i18n }}</span>
+  </button>
+  <a routerLink="/login" bitButton buttonType="secondary" [block]="true" class="tw-ml-2 tw-mt-0">
+    {{ "cancel" | i18n }}
+  </a>
+</div>
diff --git a/apps/web/src/app/admin-console/providers/verify-recover-delete-provider.component.ts b/bitwarden_license/bit-web/src/app/admin-console/providers/verify-recover-delete-provider.component.ts
similarity index 63%
rename from apps/web/src/app/admin-console/providers/verify-recover-delete-provider.component.ts
rename to bitwarden_license/bit-web/src/app/admin-console/providers/verify-recover-delete-provider.component.ts
index dc6fa099610..a4461b3e11a 100644
--- a/apps/web/src/app/admin-console/providers/verify-recover-delete-provider.component.ts
+++ b/bitwarden_license/bit-web/src/app/admin-console/providers/verify-recover-delete-provider.component.ts
@@ -5,8 +5,6 @@ import { firstValueFrom } from "rxjs";
 import { ProviderApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/provider/provider-api.service.abstraction";
 import { ProviderVerifyRecoverDeleteRequest } from "@bitwarden/common/admin-console/models/request/provider/provider-verify-recover-delete.request";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
-import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
-import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { ToastService } from "@bitwarden/components";
 
 @Component({
@@ -16,7 +14,6 @@ import { ToastService } from "@bitwarden/components";
 // eslint-disable-next-line rxjs-angular/prefer-takeuntil
 export class VerifyRecoverDeleteProviderComponent implements OnInit {
   name: string;
-  formPromise: Promise<any>;
 
   private providerId: string;
   private token: string;
@@ -24,10 +21,8 @@ export class VerifyRecoverDeleteProviderComponent implements OnInit {
   constructor(
     private router: Router,
     private providerApiService: ProviderApiServiceAbstraction,
-    private platformUtilsService: PlatformUtilsService,
     private i18nService: I18nService,
     private route: ActivatedRoute,
-    private logService: LogService,
     private toastService: ToastService,
   ) {}
 
@@ -42,22 +37,14 @@ export class VerifyRecoverDeleteProviderComponent implements OnInit {
     }
   }
 
-  async submit() {
-    try {
-      const request = new ProviderVerifyRecoverDeleteRequest(this.token);
-      this.formPromise = this.providerApiService.providerRecoverDeleteToken(
-        this.providerId,
-        request,
-      );
-      await this.formPromise;
-      this.toastService.showToast({
-        variant: "success",
-        title: this.i18nService.t("providerDeleted"),
-        message: this.i18nService.t("providerDeletedDesc"),
-      });
-      await this.router.navigate(["/"]);
-    } catch (e) {
-      this.logService.error(e);
-    }
-  }
+  submit = async () => {
+    const request = new ProviderVerifyRecoverDeleteRequest(this.token);
+    await this.providerApiService.providerRecoverDeleteToken(this.providerId, request);
+    this.toastService.showToast({
+      variant: "success",
+      title: this.i18nService.t("providerDeleted"),
+      message: this.i18nService.t("providerDeletedDesc"),
+    });
+    await this.router.navigate(["/"]);
+  };
 }
diff --git a/bitwarden_license/bit-web/src/app/app-routing.module.ts b/bitwarden_license/bit-web/src/app/app-routing.module.ts
index f3f3c158708..6aed12511c1 100644
--- a/bitwarden_license/bit-web/src/app/app-routing.module.ts
+++ b/bitwarden_license/bit-web/src/app/app-routing.module.ts
@@ -1,9 +1,13 @@
 import { NgModule } from "@angular/core";
 import { RouterModule, Routes } from "@angular/router";
 
+import { unauthGuardFn } from "@bitwarden/angular/auth/guards";
+import { AnonLayoutWrapperComponent } from "@bitwarden/auth/angular";
 import { deepLinkGuard } from "@bitwarden/web-vault/app/auth/guards/deep-link.guard";
+import { RouteDataProperties } from "@bitwarden/web-vault/app/core";
 
 import { ProvidersModule } from "./admin-console/providers/providers.module";
+import { VerifyRecoverDeleteProviderComponent } from "./admin-console/providers/verify-recover-delete-provider.component";
 
 const routes: Routes = [
   {
@@ -17,6 +21,18 @@ const routes: Routes = [
     loadChildren: async () =>
       (await import("./secrets-manager/secrets-manager.module")).SecretsManagerModule,
   },
+  {
+    path: "verify-recover-delete-provider",
+    component: AnonLayoutWrapperComponent,
+    canActivate: [unauthGuardFn()],
+    children: [
+      {
+        path: "",
+        component: VerifyRecoverDeleteProviderComponent,
+        data: { titleId: "deleteAccount" } satisfies RouteDataProperties,
+      },
+    ],
+  },
 ];
 
 @NgModule({

From 53f13f4ea549fca217b8716ca00b691e94320071 Mon Sep 17 00:00:00 2001
From: Jared McCannon <jmccannon@bitwarden.com>
Date: Mon, 28 Oct 2024 11:00:39 -0500
Subject: [PATCH 08/39] [PM-10314] Update Warnings for Verifying Domains and
 Single Org Policy Auto Enable (#11688)

* Updated description and warning for single org policy.

* Added check for verified domains in disabling single org.
---
 .../policies/policy-edit.component.html       |  2 +-
 .../policies/policy-edit.component.ts         |  3 ++
 .../policies/single-org.component.html        |  9 +++-
 .../policies/single-org.component.ts          | 31 ++++++++++++-
 apps/web/src/locales/en/messages.json         | 12 ++++++
 .../domain-verification.component.ts          | 43 +++++++++++++++++--
 .../models/response/policy.response.ts        |  2 +
 7 files changed, 93 insertions(+), 9 deletions(-)

diff --git a/apps/web/src/app/admin-console/organizations/policies/policy-edit.component.html b/apps/web/src/app/admin-console/organizations/policies/policy-edit.component.html
index 20f62c1be0b..f656d488e06 100644
--- a/apps/web/src/app/admin-console/organizations/policies/policy-edit.component.html
+++ b/apps/web/src/app/admin-console/organizations/policies/policy-edit.component.html
@@ -15,7 +15,7 @@
       </div>
     </ng-container>
     <ng-container bitDialogFooter>
-      <button bitButton buttonType="primary" bitFormButton type="submit">
+      <button bitButton buttonType="primary" [disabled]="saveDisabled" bitFormButton type="submit">
         {{ "save" | i18n }}
       </button>
       <button bitButton buttonType="secondary" bitDialogClose type="button">
diff --git a/apps/web/src/app/admin-console/organizations/policies/policy-edit.component.ts b/apps/web/src/app/admin-console/organizations/policies/policy-edit.component.ts
index 6ef77fca52d..644ec1d5140 100644
--- a/apps/web/src/app/admin-console/organizations/policies/policy-edit.component.ts
+++ b/apps/web/src/app/admin-console/organizations/policies/policy-edit.component.ts
@@ -42,6 +42,7 @@ export class PolicyEditComponent implements AfterViewInit {
   policyType = PolicyType;
   loading = true;
   enabled = false;
+  saveDisabled = false;
   defaultTypes: any[];
   policyComponent: BasePolicyComponent;
 
@@ -72,6 +73,8 @@ export class PolicyEditComponent implements AfterViewInit {
     this.policyComponent.policy = this.data.policy;
     this.policyComponent.policyResponse = this.policyResponse;
 
+    this.saveDisabled = !this.policyResponse.canToggleState;
+
     this.cdr.detectChanges();
   }
 
diff --git a/apps/web/src/app/admin-console/organizations/policies/single-org.component.html b/apps/web/src/app/admin-console/organizations/policies/single-org.component.html
index 5cf0c98f980..db48c835750 100644
--- a/apps/web/src/app/admin-console/organizations/policies/single-org.component.html
+++ b/apps/web/src/app/admin-console/organizations/policies/single-org.component.html
@@ -1,6 +1,11 @@
-<bit-callout type="warning">
-  {{ "singleOrgPolicyWarning" | i18n }}
+<bit-callout *ngIf="accountDeprovisioningEnabled$ | async; else disabledBlock" type="warning">
+  {{ "singleOrgPolicyMemberWarning" | i18n }}
 </bit-callout>
+<ng-template #disabledBlock>
+  <bit-callout type="warning">
+    {{ "singleOrgPolicyWarning" | i18n }}
+  </bit-callout>
+</ng-template>
 
 <bit-form-control>
   <input type="checkbox" bitCheckbox [formControl]="enabled" id="enabled" />
diff --git a/apps/web/src/app/admin-console/organizations/policies/single-org.component.ts b/apps/web/src/app/admin-console/organizations/policies/single-org.component.ts
index 9899c4b9193..9a854795e0f 100644
--- a/apps/web/src/app/admin-console/organizations/policies/single-org.component.ts
+++ b/apps/web/src/app/admin-console/organizations/policies/single-org.component.ts
@@ -1,4 +1,5 @@
-import { Component } from "@angular/core";
+import { Component, OnInit } from "@angular/core";
+import { firstValueFrom, Observable } from "rxjs";
 
 import { PolicyType } from "@bitwarden/common/admin-console/enums";
 import { PolicyRequest } from "@bitwarden/common/admin-console/models/request/policy.request";
@@ -19,7 +20,7 @@ export class SingleOrgPolicy extends BasePolicy {
   selector: "policy-single-org",
   templateUrl: "single-org.component.html",
 })
-export class SingleOrgPolicyComponent extends BasePolicyComponent {
+export class SingleOrgPolicyComponent extends BasePolicyComponent implements OnInit {
   constructor(
     private i18nService: I18nService,
     private configService: ConfigService,
@@ -27,6 +28,23 @@ export class SingleOrgPolicyComponent extends BasePolicyComponent {
     super();
   }
 
+  protected accountDeprovisioningEnabled$: Observable<boolean> = this.configService.getFeatureFlag$(
+    FeatureFlag.AccountDeprovisioning,
+  );
+
+  async ngOnInit() {
+    super.ngOnInit();
+
+    const isAccountDeprovisioningEnabled = await firstValueFrom(this.accountDeprovisioningEnabled$);
+    this.policy.description = isAccountDeprovisioningEnabled
+      ? "singleOrgPolicyDesc"
+      : "singleOrgDesc";
+
+    if (!this.policyResponse.canToggleState) {
+      this.enabled.disable();
+    }
+  }
+
   async buildRequest(policiesEnabledMap: Map<PolicyType, boolean>): Promise<PolicyRequest> {
     if (await this.configService.getFeatureFlag(FeatureFlag.Pm13322AddPolicyDefinitions)) {
       // We are now relying on server-side validation only
@@ -48,6 +66,15 @@ export class SingleOrgPolicyComponent extends BasePolicyComponent {
           ),
         );
       }
+
+      if (
+        (await firstValueFrom(this.accountDeprovisioningEnabled$)) &&
+        !this.policyResponse.canToggleState
+      ) {
+        throw new Error(
+          this.i18nService.t("disableRequiredError", this.i18nService.t("singleOrg")),
+        );
+      }
     }
 
     return super.buildRequest(policiesEnabledMap);
diff --git a/apps/web/src/locales/en/messages.json b/apps/web/src/locales/en/messages.json
index dc1722bc7a8..f25f03c281f 100644
--- a/apps/web/src/locales/en/messages.json
+++ b/apps/web/src/locales/en/messages.json
@@ -4684,12 +4684,18 @@
   "singleOrgDesc": {
     "message": "Restrict members from joining other organizations."
   },
+  "singleOrgPolicyDesc": {
+    "message": "Restrict members from joining other organizations. This policy is required for organizations that have enabled domain verification."
+  },
   "singleOrgBlockCreateMessage": {
     "message": "Your current organization has a policy that does not allow you to join more than one organization. Please contact your organization admins or sign up from a different Bitwarden account."
   },
   "singleOrgPolicyWarning": {
     "message": "Organization members who are not owners or admins and are already a member of another organization will be removed from your organization."
   },
+  "singleOrgPolicyMemberWarning": {
+    "message": "Non-compliant members will be placed in revoked status until they leave all other organizations. Administrators are exempt and can restore members once compliance is met."
+  },
   "requireSso": {
     "message": "Require single sign-on authentication"
   },
@@ -9531,5 +9537,11 @@
   },
   "selfHostingTitleProper": {
     "message": "Self-Hosting"
+  },
+  "verified-domain-single-org-warning" : {
+    "message": "Verifying a domain will turn on the single organization policy."
+  },
+  "single-org-revoked-user-warning": {
+    "message": "Non-compliant members will be revoked. Administrators can restore members once they leave all other organizations."
   }
 }
diff --git a/bitwarden_license/bit-web/src/app/admin-console/organizations/manage/domain-verification/domain-verification.component.ts b/bitwarden_license/bit-web/src/app/admin-console/organizations/manage/domain-verification/domain-verification.component.ts
index 703808900c9..987888741a4 100644
--- a/bitwarden_license/bit-web/src/app/admin-console/organizations/manage/domain-verification/domain-verification.component.ts
+++ b/bitwarden_license/bit-web/src/app/admin-console/organizations/manage/domain-verification/domain-verification.component.ts
@@ -1,14 +1,24 @@
 import { Component, OnDestroy, OnInit } from "@angular/core";
 import { ActivatedRoute, Params } from "@angular/router";
-import { concatMap, Observable, Subject, take, takeUntil } from "rxjs";
+import {
+  concatMap,
+  firstValueFrom,
+  map,
+  Observable,
+  Subject,
+  take,
+  takeUntil,
+  withLatestFrom,
+} from "rxjs";
 
 import { OrgDomainApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization-domain/org-domain-api.service.abstraction";
 import { OrgDomainServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization-domain/org-domain.service.abstraction";
 import { OrganizationDomainResponse } from "@bitwarden/common/admin-console/abstractions/organization-domain/responses/organization-domain.response";
 import { HttpStatusCode } from "@bitwarden/common/enums";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { ErrorResponse } from "@bitwarden/common/models/response/error.response";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
-import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { ValidationService } from "@bitwarden/common/platform/abstractions/validation.service";
 import { DialogService, ToastService } from "@bitwarden/components";
 
@@ -31,13 +41,13 @@ export class DomainVerificationComponent implements OnInit, OnDestroy {
 
   constructor(
     private route: ActivatedRoute,
-    private platformUtilsService: PlatformUtilsService,
     private i18nService: I18nService,
     private orgDomainApiService: OrgDomainApiServiceAbstraction,
     private orgDomainService: OrgDomainServiceAbstraction,
     private dialogService: DialogService,
     private validationService: ValidationService,
     private toastService: ToastService,
+    private configService: ConfigService,
   ) {}
 
   // eslint-disable-next-line @typescript-eslint/no-empty-function
@@ -64,13 +74,38 @@ export class DomainVerificationComponent implements OnInit, OnDestroy {
     this.loading = false;
   }
 
-  addDomain() {
+  async addDomain() {
     const domainAddEditDialogData: DomainAddEditDialogData = {
       organizationId: this.organizationId,
       orgDomain: null,
       existingDomainNames: this.getExistingDomainNames(),
     };
 
+    await firstValueFrom(
+      this.configService.getFeatureFlag$(FeatureFlag.AccountDeprovisioning).pipe(
+        withLatestFrom(this.orgDomains$),
+        map(async ([accountDeprovisioningEnabled, organizationDomains]) => {
+          if (
+            accountDeprovisioningEnabled &&
+            organizationDomains.every((domain) => domain.verifiedDate === null)
+          ) {
+            await this.dialogService.openSimpleDialog({
+              title: { key: "verified-domain-single-org-warning" },
+              content: { key: "single-org-revoked-user-warning" },
+              cancelButtonText: { key: "cancel" },
+              acceptButtonText: { key: "confirm" },
+              acceptAction: () => this.openAddDomainDialog(domainAddEditDialogData),
+              type: "info",
+            });
+          } else {
+            await this.openAddDomainDialog(domainAddEditDialogData);
+          }
+        }),
+      ),
+    );
+  }
+
+  private async openAddDomainDialog(domainAddEditDialogData: DomainAddEditDialogData) {
     this.dialogService.open(DomainAddEditDialogComponent, {
       data: domainAddEditDialogData,
     });
diff --git a/libs/common/src/admin-console/models/response/policy.response.ts b/libs/common/src/admin-console/models/response/policy.response.ts
index 25a1f208a0b..0544cd996f4 100644
--- a/libs/common/src/admin-console/models/response/policy.response.ts
+++ b/libs/common/src/admin-console/models/response/policy.response.ts
@@ -8,6 +8,7 @@ export class PolicyResponse extends BaseResponse {
   type: PolicyType;
   data: any;
   enabled: boolean;
+  canToggleState: boolean;
 
   constructor(response: any) {
     super(response);
@@ -16,5 +17,6 @@ export class PolicyResponse extends BaseResponse {
     this.type = this.getResponseProperty("Type");
     this.data = this.getResponseProperty("Data");
     this.enabled = this.getResponseProperty("Enabled");
+    this.canToggleState = this.getResponseProperty("CanToggleState") ?? true;
   }
 }

From 203a7b0c01efa7f0e7008a9c9629e33d01c9a1b0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rui=20Tom=C3=A9?=
 <108268980+r-tome@users.noreply.github.com>
Date: Mon, 28 Oct 2024 16:12:16 +0000
Subject: [PATCH 09/39] [PM-11405] Account Management: Prevent a verified user
 from changing their email address (#11486)

* Update AccountService to include a method for setting the managedByOrganizationId

* Update AccountComponent to conditionally show the purgeVault button based on a feature flag and if the user is managed by an organization

* Add missing method to FakeAccountService

* Remove the setAccountManagedByOrganizationId method from the AccountService abstract class.

* Refactor AccountComponent to use OrganizationService to check for managing organization

* Rename managesActiveUser to userIsManagedByOrganization

* Hide the change email section if the user is managed by an organization

* Refactor userIsManagedByOrganization property to be non-nullable in organization data and response models

* Refactor organization.data.spec.ts to include non-nullable userIsManagedByOrganization property

* Refactor account component initialization logic

* Remove opening modal that was added by mistake
---
 .../settings/account/account.component.html   |  2 +-
 .../settings/account/account.component.ts     | 49 ++++++++++++-------
 2 files changed, 33 insertions(+), 18 deletions(-)

diff --git a/apps/web/src/app/auth/settings/account/account.component.html b/apps/web/src/app/auth/settings/account/account.component.html
index 71508f7ae97..a5e5329fce7 100644
--- a/apps/web/src/app/auth/settings/account/account.component.html
+++ b/apps/web/src/app/auth/settings/account/account.component.html
@@ -3,7 +3,7 @@
 <bit-container>
   <app-profile></app-profile>
 
-  <div *ngIf="showChangeEmail" class="tw-mt-16">
+  <div *ngIf="showChangeEmail$ | async" class="tw-mt-16">
     <h1 bitTypography="h1">{{ "changeEmail" | i18n }}</h1>
     <app-change-email></app-change-email>
   </div>
diff --git a/apps/web/src/app/auth/settings/account/account.component.ts b/apps/web/src/app/auth/settings/account/account.component.ts
index dd8dc881f6e..51bf4276960 100644
--- a/apps/web/src/app/auth/settings/account/account.component.ts
+++ b/apps/web/src/app/auth/settings/account/account.component.ts
@@ -1,5 +1,5 @@
 import { Component, OnInit, ViewChild, ViewContainerRef } from "@angular/core";
-import { lastValueFrom, map, Observable, of, switchMap } from "rxjs";
+import { combineLatest, from, lastValueFrom, map, Observable } from "rxjs";
 
 import { ModalService } from "@bitwarden/angular/services/modal.service";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
@@ -21,7 +21,7 @@ export class AccountComponent implements OnInit {
   @ViewChild("deauthorizeSessionsTemplate", { read: ViewContainerRef, static: true })
   deauthModalRef: ViewContainerRef;
 
-  showChangeEmail = true;
+  showChangeEmail$: Observable<boolean>;
   showPurgeVault$: Observable<boolean>;
 
   constructor(
@@ -33,21 +33,36 @@ export class AccountComponent implements OnInit {
   ) {}
 
   async ngOnInit() {
-    this.showChangeEmail = await this.userVerificationService.hasMasterPassword();
-    this.showPurgeVault$ = this.configService
-      .getFeatureFlag$(FeatureFlag.AccountDeprovisioning)
-      .pipe(
-        switchMap((isAccountDeprovisioningEnabled) =>
-          isAccountDeprovisioningEnabled
-            ? this.organizationService.organizations$.pipe(
-                map(
-                  (organizations) =>
-                    !organizations.some((o) => o.userIsManagedByOrganization === true),
-                ),
-              )
-            : of(true),
-        ),
-      );
+    const isAccountDeprovisioningEnabled$ = this.configService.getFeatureFlag$(
+      FeatureFlag.AccountDeprovisioning,
+    );
+
+    const userIsManagedByOrganization$ = this.organizationService.organizations$.pipe(
+      map((organizations) => organizations.some((o) => o.userIsManagedByOrganization === true)),
+    );
+
+    const hasMasterPassword$ = from(this.userVerificationService.hasMasterPassword());
+
+    this.showChangeEmail$ = combineLatest([
+      hasMasterPassword$,
+      isAccountDeprovisioningEnabled$,
+      userIsManagedByOrganization$,
+    ]).pipe(
+      map(
+        ([hasMasterPassword, isAccountDeprovisioningEnabled, userIsManagedByOrganization]) =>
+          hasMasterPassword && (!isAccountDeprovisioningEnabled || !userIsManagedByOrganization),
+      ),
+    );
+
+    this.showPurgeVault$ = combineLatest([
+      isAccountDeprovisioningEnabled$,
+      userIsManagedByOrganization$,
+    ]).pipe(
+      map(
+        ([isAccountDeprovisioningEnabled, userIsManagedByOrganization]) =>
+          !isAccountDeprovisioningEnabled || !userIsManagedByOrganization,
+      ),
+    );
   }
 
   async deauthorizeSessions() {

From a3375dd5b8e37cfcc147ac3a56de43b485511c55 Mon Sep 17 00:00:00 2001
From: Alec Rippberger <127791530+alec-livefront@users.noreply.github.com>
Date: Mon, 28 Oct 2024 11:30:20 -0500
Subject: [PATCH 10/39] Show master password error inline (#11740)

---
 .../auth/src/angular/login/login.component.ts | 54 ++++++++++++++++---
 1 file changed, 46 insertions(+), 8 deletions(-)

diff --git a/libs/auth/src/angular/login/login.component.ts b/libs/auth/src/angular/login/login.component.ts
index ad17a0a97a3..239383ddd00 100644
--- a/libs/auth/src/angular/login/login.component.ts
+++ b/libs/auth/src/angular/login/login.component.ts
@@ -18,7 +18,8 @@ import { DevicesApiServiceAbstraction } from "@bitwarden/common/auth/abstraction
 import { CaptchaIFrame } from "@bitwarden/common/auth/captcha-iframe";
 import { AuthResult } from "@bitwarden/common/auth/models/domain/auth-result";
 import { ForceSetPasswordReason } from "@bitwarden/common/auth/models/domain/force-set-password-reason";
-import { ClientType } from "@bitwarden/common/enums";
+import { ClientType, HttpStatusCode } from "@bitwarden/common/enums";
+import { ErrorResponse } from "@bitwarden/common/models/response/error.response";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
 import { BroadcasterService } from "@bitwarden/common/platform/abstractions/broadcaster.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
@@ -26,6 +27,7 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { ValidationService } from "@bitwarden/common/platform/abstractions/validation.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { SyncService } from "@bitwarden/common/platform/sync";
 import { PasswordStrengthServiceAbstraction } from "@bitwarden/common/tools/password-strength";
@@ -136,6 +138,7 @@ export class LoginComponent implements OnInit, OnDestroy {
     private syncService: SyncService,
     private toastService: ToastService,
     private logService: LogService,
+    private validationService: ValidationService,
   ) {
     this.clientType = this.platformUtilsService.getClientType();
     this.loginViaAuthRequestSupported = this.loginComponentService.isLoginViaAuthRequestSupported();
@@ -182,19 +185,54 @@ export class LoginComponent implements OnInit, OnDestroy {
       null,
     );
 
-    const authResult = await this.loginStrategyService.logIn(credentials);
+    try {
+      const authResult = await this.loginStrategyService.logIn(credentials);
 
-    await this.saveEmailSettings();
-    await this.handleAuthResult(authResult);
+      await this.saveEmailSettings();
+      await this.handleAuthResult(authResult);
 
-    if (this.clientType === ClientType.Desktop) {
-      if (this.captchaSiteKey) {
-        const content = document.getElementById("content") as HTMLDivElement;
-        content.setAttribute("style", "width:335px");
+      if (this.clientType === ClientType.Desktop) {
+        if (this.captchaSiteKey) {
+          const content = document.getElementById("content") as HTMLDivElement;
+          content.setAttribute("style", "width:335px");
+        }
       }
+    } catch (error) {
+      this.logService.error(error);
+      this.handleSubmitError(error);
     }
   };
 
+  /**
+   * Handles the error from the submit function.
+   *
+   * @param error The error object.
+   */
+  private handleSubmitError(error: unknown) {
+    // Handle error responses
+    if (error instanceof ErrorResponse) {
+      switch (error.statusCode) {
+        case HttpStatusCode.BadRequest: {
+          if (error.message.toLowerCase().includes("username or password is incorrect")) {
+            this.formGroup.controls.masterPassword.setErrors({
+              error: {
+                message: this.i18nService.t("invalidMasterPassword"),
+              },
+            });
+          }
+          break;
+        }
+        default: {
+          // Allow all other errors to be handled by toast
+          this.validationService.showError(error);
+        }
+      }
+    } else {
+      // Allow all other errors to be handled by toast
+      this.validationService.showError(error);
+    }
+  }
+
   /**
    * Handles the result of the authentication process.
    *

From 2a47b9b06ac045a824a68cec6ecefc78d0e66b4e Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 28 Oct 2024 13:55:24 -0400
Subject: [PATCH 11/39] [deps] Platform: Update Rust crate tokio-util to
 v0.7.12 (#11534)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 apps/desktop/desktop_native/Cargo.lock      | 4 ++--
 apps/desktop/desktop_native/core/Cargo.toml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/apps/desktop/desktop_native/Cargo.lock b/apps/desktop/desktop_native/Cargo.lock
index b87112508fe..13023ed5c3c 100644
--- a/apps/desktop/desktop_native/Cargo.lock
+++ b/apps/desktop/desktop_native/Cargo.lock
@@ -1965,9 +1965,9 @@ dependencies = [
 
 [[package]]
 name = "tokio-util"
-version = "0.7.11"
+version = "0.7.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9cf6b47b3771c49ac75ad09a6162f53ad4b8088b76ac60e8ec1455b31a189fe1"
+checksum = "61e7c3654c13bcd040d4a03abee2c75b1d14a37b423cf5a813ceae1cc903ec6a"
 dependencies = [
  "bytes",
  "futures-core",
diff --git a/apps/desktop/desktop_native/core/Cargo.toml b/apps/desktop/desktop_native/core/Cargo.toml
index 2a6e402b445..3180604918e 100644
--- a/apps/desktop/desktop_native/core/Cargo.toml
+++ b/apps/desktop/desktop_native/core/Cargo.toml
@@ -40,7 +40,7 @@ scopeguard = "=1.2.0"
 sha2 = "=0.10.8"
 thiserror = "=1.0.61"
 tokio = { version = "=1.38.0", features = ["io-util", "sync", "macros"] }
-tokio-util = "=0.7.11"
+tokio-util = "=0.7.12"
 typenum = "=1.17.0"
 
 [target.'cfg(windows)'.dependencies]

From 3879f4bd8505c96d6d8cfd6977bfa83087fe813c Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 28 Oct 2024 14:08:49 -0400
Subject: [PATCH 12/39] [deps]: Update @yao-pkg/pkg to v5.16.1 (#11237)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 166 ++++++++++++++++++++++------------------------
 package.json      |   2 +-
 2 files changed, 79 insertions(+), 89 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index be4bdd07f69..cef8d595a8d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -121,7 +121,7 @@
         "@typescript-eslint/eslint-plugin": "7.16.1",
         "@typescript-eslint/parser": "7.16.1",
         "@webcomponents/custom-elements": "1.6.0",
-        "@yao-pkg/pkg": "5.14.0",
+        "@yao-pkg/pkg": "5.16.1",
         "autoprefixer": "10.4.20",
         "babel-loader": "9.1.3",
         "base64-loader": "1.0.0",
@@ -11069,42 +11069,40 @@
       "license": "Apache-2.0"
     },
     "node_modules/@yao-pkg/pkg": {
-      "version": "5.14.0",
-      "resolved": "https://registry.npmjs.org/@yao-pkg/pkg/-/pkg-5.14.0.tgz",
-      "integrity": "sha512-34oflUyAOI64a4cc4AF3ckvS8Qqnk/ISvZ1bDBa1/JAYaaFtzAO+RlhPaU+wCHzhk6VXvZwEywJpb+SlVDTgdA==",
+      "version": "5.16.1",
+      "resolved": "https://registry.npmjs.org/@yao-pkg/pkg/-/pkg-5.16.1.tgz",
+      "integrity": "sha512-crUlnNFSReFNFuXDc4f3X2ignkFlc9kmEG7Bp/mJMA1jYyqR0lqjZGLgrSDYTYiNsYud8AzgA3RY1DrMdcUZWg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@babel/generator": "7.23.0",
-        "@babel/parser": "7.23.0",
-        "@babel/types": "7.23.0",
-        "@yao-pkg/pkg-fetch": "3.5.11",
-        "chalk": "^4.1.2",
-        "fs-extra": "^9.1.0",
-        "globby": "^11.1.0",
+        "@babel/generator": "^7.23.0",
+        "@babel/parser": "^7.23.0",
+        "@babel/types": "^7.23.0",
+        "@yao-pkg/pkg-fetch": "3.5.16",
         "into-stream": "^6.0.0",
-        "minimatch": "9.0.4",
         "minimist": "^1.2.6",
         "multistream": "^4.1.0",
-        "prebuild-install": "7.1.1",
+        "picocolors": "^1.1.0",
+        "picomatch": "^4.0.2",
+        "prebuild-install": "^7.1.1",
         "resolve": "^1.22.0",
-        "stream-meter": "^1.0.4"
+        "stream-meter": "^1.0.4",
+        "tinyglobby": "^0.2.9"
       },
       "bin": {
         "pkg": "lib-es5/bin.js"
       }
     },
     "node_modules/@yao-pkg/pkg-fetch": {
-      "version": "3.5.11",
-      "resolved": "https://registry.npmjs.org/@yao-pkg/pkg-fetch/-/pkg-fetch-3.5.11.tgz",
-      "integrity": "sha512-2tQ/1n7BLTptW6lL0pfTCnVMIxls8Jiw0/ClK1J2Fja9z2S2j4uzNL5dwGRqtvPJPn/q9i8X+Y+c4dwnMb+NOA==",
+      "version": "3.5.16",
+      "resolved": "https://registry.npmjs.org/@yao-pkg/pkg-fetch/-/pkg-fetch-3.5.16.tgz",
+      "integrity": "sha512-mCnZvZz0/Ylpk4TGyt34pqWJyBGYJM8c3dPoMRV8Knodv2QhcYS4iXb5kB/JNWkrRtCKukGZIKkMLXZ3TQlzPg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "chalk": "^4.1.2",
-        "fs-extra": "^9.1.0",
         "https-proxy-agent": "^5.0.0",
         "node-fetch": "^2.6.6",
+        "picocolors": "^1.1.0",
         "progress": "^2.0.3",
         "semver": "^7.3.5",
         "tar-fs": "^2.1.1",
@@ -11126,22 +11124,6 @@
         "wrap-ansi": "^7.0.0"
       }
     },
-    "node_modules/@yao-pkg/pkg-fetch/node_modules/fs-extra": {
-      "version": "9.1.0",
-      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz",
-      "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "at-least-node": "^1.0.0",
-        "graceful-fs": "^4.2.0",
-        "jsonfile": "^6.0.1",
-        "universalify": "^2.0.0"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
     "node_modules/@yao-pkg/pkg-fetch/node_modules/https-proxy-agent": {
       "version": "5.0.1",
       "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz",
@@ -11204,79 +11186,45 @@
       }
     },
     "node_modules/@yao-pkg/pkg/node_modules/@babel/generator": {
-      "version": "7.23.0",
-      "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.23.0.tgz",
-      "integrity": "sha512-lN85QRR+5IbYrMWM6Y4pE/noaQtg4pNiqeNGX60eqOfo6gtEj6uw/JagelB8vVztSd7R6M5n1+PQkDbHbBRU4g==",
+      "version": "7.25.7",
+      "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.25.7.tgz",
+      "integrity": "sha512-5Dqpl5fyV9pIAD62yK9P7fcA768uVPUyrQmqpqstHWgMma4feF1x/oFysBCVZLY5wJ2GkMUCdsNDnGZrPoR6rA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@babel/types": "^7.23.0",
-        "@jridgewell/gen-mapping": "^0.3.2",
-        "@jridgewell/trace-mapping": "^0.3.17",
-        "jsesc": "^2.5.1"
+        "@babel/types": "^7.25.7",
+        "@jridgewell/gen-mapping": "^0.3.5",
+        "@jridgewell/trace-mapping": "^0.3.25",
+        "jsesc": "^3.0.2"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
-    "node_modules/@yao-pkg/pkg/node_modules/@babel/parser": {
-      "version": "7.23.0",
-      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.23.0.tgz",
-      "integrity": "sha512-vvPKKdMemU85V9WE/l5wZEmImpCtLqbnTvqDS2U1fJ96KrxoW7KrXhNsNCblQlg8Ck4b85yxdTyelsMUgFUXiw==",
+    "node_modules/@yao-pkg/pkg/node_modules/jsesc": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-3.0.2.tgz",
+      "integrity": "sha512-xKqzzWXDttJuOcawBt4KnKHHIf5oQ/Cxax+0PWFG+DFDgHNAdi+TXECADI+RYiFUMmx8792xsMbbgXj4CwnP4g==",
       "dev": true,
       "license": "MIT",
       "bin": {
-        "parser": "bin/babel-parser.js"
+        "jsesc": "bin/jsesc"
       },
       "engines": {
-        "node": ">=6.0.0"
+        "node": ">=6"
       }
     },
-    "node_modules/@yao-pkg/pkg/node_modules/@babel/types": {
-      "version": "7.23.0",
-      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.23.0.tgz",
-      "integrity": "sha512-0oIyUfKoI3mSqMvsxBdclDwxXKXAUA8v/apZbc+iSyARYou1o8ZGDxbUYyLFoW2arqS2jDGqJuZvv1d/io1axg==",
+    "node_modules/@yao-pkg/pkg/node_modules/picomatch": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.2.tgz",
+      "integrity": "sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg==",
       "dev": true,
       "license": "MIT",
-      "dependencies": {
-        "@babel/helper-string-parser": "^7.22.5",
-        "@babel/helper-validator-identifier": "^7.22.20",
-        "to-fast-properties": "^2.0.0"
-      },
       "engines": {
-        "node": ">=6.9.0"
-      }
-    },
-    "node_modules/@yao-pkg/pkg/node_modules/fs-extra": {
-      "version": "9.1.0",
-      "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz",
-      "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "at-least-node": "^1.0.0",
-        "graceful-fs": "^4.2.0",
-        "jsonfile": "^6.0.1",
-        "universalify": "^2.0.0"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
-    "node_modules/@yao-pkg/pkg/node_modules/minimatch": {
-      "version": "9.0.4",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz",
-      "integrity": "sha512-KqWh+VchfxcMNRAJjj2tnsSJdNbHsVgnkBhTNrW7AjVo6OvLtxw8zfT9oLw1JSohlFzJ8jCoTgaoXvJ+kHt6fw==",
-      "dev": true,
-      "license": "ISC",
-      "dependencies": {
-        "brace-expansion": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=16 || 14 >=14.17"
+        "node": ">=12"
       },
       "funding": {
-        "url": "https://github.com/sponsors/isaacs"
+        "url": "https://github.com/sponsors/jonschlinkert"
       }
     },
     "node_modules/@yarnpkg/fslib": {
@@ -36428,6 +36376,48 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/tinyglobby": {
+      "version": "0.2.9",
+      "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.9.tgz",
+      "integrity": "sha512-8or1+BGEdk1Zkkw2ii16qSS7uVrQJPre5A9o/XkWPATkk23FZh/15BKFxPnlTy6vkljZxLqYCzzBMj30ZrSvjw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "fdir": "^6.4.0",
+        "picomatch": "^4.0.2"
+      },
+      "engines": {
+        "node": ">=12.0.0"
+      }
+    },
+    "node_modules/tinyglobby/node_modules/fdir": {
+      "version": "6.4.2",
+      "resolved": "https://registry.npmjs.org/fdir/-/fdir-6.4.2.tgz",
+      "integrity": "sha512-KnhMXsKSPZlAhp7+IjUkRZKPb4fUyccpDrdFXbi4QL1qkmFh9kVY09Yox+n4MaOb3lHZ1Tv829C3oaaXoMYPDQ==",
+      "dev": true,
+      "license": "MIT",
+      "peerDependencies": {
+        "picomatch": "^3 || ^4"
+      },
+      "peerDependenciesMeta": {
+        "picomatch": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/tinyglobby/node_modules/picomatch": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.2.tgz",
+      "integrity": "sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/jonschlinkert"
+      }
+    },
     "node_modules/tinyspy": {
       "version": "2.2.1",
       "resolved": "https://registry.npmjs.org/tinyspy/-/tinyspy-2.2.1.tgz",
diff --git a/package.json b/package.json
index a27397e61c6..bf83d37b048 100644
--- a/package.json
+++ b/package.json
@@ -82,7 +82,7 @@
     "@typescript-eslint/eslint-plugin": "7.16.1",
     "@typescript-eslint/parser": "7.16.1",
     "@webcomponents/custom-elements": "1.6.0",
-    "@yao-pkg/pkg": "5.14.0",
+    "@yao-pkg/pkg": "5.16.1",
     "autoprefixer": "10.4.20",
     "babel-loader": "9.1.3",
     "base64-loader": "1.0.0",

From 71db1548566f53789cd57489268059e811c15c6c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=9C=A8=20Audrey=20=E2=9C=A8?= <ajensen@bitwarden.com>
Date: Mon, 28 Oct 2024 15:18:57 -0400
Subject: [PATCH 13/39] default subaddress email to active account email
 (#11755)

---
 .../src/subaddress-settings.component.ts      | 22 +++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/libs/tools/generator/components/src/subaddress-settings.component.ts b/libs/tools/generator/components/src/subaddress-settings.component.ts
index 30db8dc657d..bd6ca899db7 100644
--- a/libs/tools/generator/components/src/subaddress-settings.component.ts
+++ b/libs/tools/generator/components/src/subaddress-settings.component.ts
@@ -1,6 +1,6 @@
 import { Component, EventEmitter, Input, OnDestroy, OnInit, Output } from "@angular/core";
 import { FormBuilder } from "@angular/forms";
-import { BehaviorSubject, skip, Subject, takeUntil } from "rxjs";
+import { BehaviorSubject, map, skip, Subject, takeUntil, withLatestFrom } from "rxjs";
 
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { UserId } from "@bitwarden/common/types/guid";
@@ -53,9 +53,23 @@ export class SubaddressSettingsComponent implements OnInit, OnDestroy {
     const singleUserId$ = this.singleUserId$();
     const settings = await this.generatorService.settings(Generators.subaddress, { singleUserId$ });
 
-    settings.pipe(takeUntil(this.destroyed$)).subscribe((s) => {
-      this.settings.patchValue(s, { emitEvent: false });
-    });
+    settings
+      .pipe(
+        withLatestFrom(this.accountService.activeAccount$),
+        map(([settings, activeAccount]) => {
+          // if the subaddress isn't specified, copy it from
+          // the user's settings
+          if ((settings.subaddressEmail ?? "").length < 1) {
+            settings.subaddressEmail = activeAccount.email;
+          }
+
+          return settings;
+        }),
+        takeUntil(this.destroyed$),
+      )
+      .subscribe((s) => {
+        this.settings.patchValue(s, { emitEvent: false });
+      });
 
     // the first emission is the current value; subsequent emissions are updates
     settings.pipe(skip(1), takeUntil(this.destroyed$)).subscribe(this.onUpdated);

From a9d667900fbde653536c491dfcde70ae3eaf1715 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=9C=A8=20Audrey=20=E2=9C=A8?= <ajensen@bitwarden.com>
Date: Mon, 28 Oct 2024 15:19:17 -0400
Subject: [PATCH 14/39] colorize password history (#11754)

---
 .../src/credential-generator-history.component.html          | 5 ++++-
 .../components/src/credential-generator-history.component.ts | 2 ++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/libs/tools/generator/components/src/credential-generator-history.component.html b/libs/tools/generator/components/src/credential-generator-history.component.html
index 2b8802b9327..c42d6a12729 100644
--- a/libs/tools/generator/components/src/credential-generator-history.component.html
+++ b/libs/tools/generator/components/src/credential-generator-history.component.html
@@ -1,7 +1,10 @@
 <bit-card *ngFor="let credential of credentials$ | async" class="tw-mb-2">
   <div class="tw-flex tw-justify-between tw-items-center">
     <div class="tw-flex tw-flex-col">
-      <h2 bitTypography="h6">{{ credential.credential }}</h2>
+      <bit-color-password
+        class="tw-font-mono"
+        [password]="credential.credential"
+      ></bit-color-password>
       <span class="tw-text-muted" bitTypography="body1">{{
         credential.generationDate | date: "medium"
       }}</span>
diff --git a/libs/tools/generator/components/src/credential-generator-history.component.ts b/libs/tools/generator/components/src/credential-generator-history.component.ts
index 2f76027a941..bcedd91babf 100644
--- a/libs/tools/generator/components/src/credential-generator-history.component.ts
+++ b/libs/tools/generator/components/src/credential-generator-history.component.ts
@@ -9,6 +9,7 @@ import { AccountService } from "@bitwarden/common/auth/abstractions/account.serv
 import { UserId } from "@bitwarden/common/types/guid";
 import {
   CardComponent,
+  ColorPasswordModule,
   IconButtonModule,
   NoItemsModule,
   SectionComponent,
@@ -21,6 +22,7 @@ import { GeneratedCredential, GeneratorHistoryService } from "@bitwarden/generat
   selector: "bit-credential-generator-history",
   templateUrl: "credential-generator-history.component.html",
   imports: [
+    ColorPasswordModule,
     CommonModule,
     IconButtonModule,
     NoItemsModule,

From b5e509409b9720dc21b9e0b3bff380ba2c34386a Mon Sep 17 00:00:00 2001
From: Jordan Aasen <166539328+jaasen-livefront@users.noreply.github.com>
Date: Mon, 28 Oct 2024 12:27:59 -0700
Subject: [PATCH 15/39] fix remove password icon (#11752)

---
 .../src/send-form/components/options/send-options.component.html | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libs/tools/send/send-ui/src/send-form/components/options/send-options.component.html b/libs/tools/send/send-ui/src/send-form/components/options/send-options.component.html
index 022f248aa1c..322fea94e3a 100644
--- a/libs/tools/send/send-ui/src/send-form/components/options/send-options.component.html
+++ b/libs/tools/send/send-ui/src/send-form/components/options/send-options.component.html
@@ -46,6 +46,7 @@
       <button
         *ngIf="hasPassword"
         class="tw-border-l-0 last:tw-rounded-r focus-visible:tw-border-l focus-visible:tw-ml-[-1px]"
+        bitSuffix
         type="button"
         buttonType="danger"
         bitIconButton="bwi-minus-circle"

From 9a835091831a31cc437431882573bd04e0830f0f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=9C=A8=20Audrey=20=E2=9C=A8?= <ajensen@bitwarden.com>
Date: Mon, 28 Oct 2024 15:55:16 -0400
Subject: [PATCH 16/39] add boundary help text to credential settings (#11757)

---
 apps/browser/src/_locales/en/messages.json      | 14 ++++++++++++++
 apps/desktop/src/locales/en/messages.json       | 14 ++++++++++++++
 apps/web/src/locales/en/messages.json           | 14 ++++++++++++++
 .../src/passphrase-settings.component.html      |  1 +
 .../src/passphrase-settings.component.ts        | 17 ++++++++++++++++-
 .../src/password-settings.component.html        |  1 +
 .../src/password-settings.component.ts          | 17 ++++++++++++++++-
 7 files changed, 76 insertions(+), 2 deletions(-)

diff --git a/apps/browser/src/_locales/en/messages.json b/apps/browser/src/_locales/en/messages.json
index 8e52b1ba006..0e4c0da2452 100644
--- a/apps/browser/src/_locales/en/messages.json
+++ b/apps/browser/src/_locales/en/messages.json
@@ -2877,6 +2877,20 @@
   "generateEmail": {
     "message": "Generate email"
   },
+  "generatorBoundariesHint": {
+    "message": "Value must be between $MIN$ and $MAX$",
+    "description": "Explains spin box minimum and maximum values to the user",
+    "placeholders": {
+      "min": {
+        "content": "$1",
+        "example": "8"
+      },
+      "max": {
+        "content": "$2",
+        "example": "128"
+      }
+    }
+  },
   "usernameType": {
     "message": "Username type"
   },
diff --git a/apps/desktop/src/locales/en/messages.json b/apps/desktop/src/locales/en/messages.json
index d24616edab5..414f254e7ad 100644
--- a/apps/desktop/src/locales/en/messages.json
+++ b/apps/desktop/src/locales/en/messages.json
@@ -2393,6 +2393,20 @@
   "generateEmail": {
     "message": "Generate email"
   },
+  "generatorBoundariesHint": {
+    "message": "Value must be between $MIN$ and $MAX$",
+    "description": "Explains spin box minimum and maximum values to the user",
+    "placeholders": {
+      "min": {
+        "content": "$1",
+        "example": "8"
+      },
+      "max": {
+        "content": "$2",
+        "example": "128"
+      }
+    }
+  },
   "usernameType": {
     "message": "Username type"
   },
diff --git a/apps/web/src/locales/en/messages.json b/apps/web/src/locales/en/messages.json
index f25f03c281f..eead4fd80d6 100644
--- a/apps/web/src/locales/en/messages.json
+++ b/apps/web/src/locales/en/messages.json
@@ -6412,6 +6412,20 @@
   "generateEmail": {
     "message": "Generate email"
   },
+  "generatorBoundariesHint": {
+    "message": "Value must be between $MIN$ and $MAX$",
+    "description": "Explains spin box minimum and maximum values to the user",
+    "placeholders": {
+      "min": {
+        "content": "$1",
+        "example": "8"
+      },
+      "max": {
+        "content": "$2",
+        "example": "128"
+      }
+    }
+  },
   "usernameType": {
     "message": "Username type"
   },
diff --git a/libs/tools/generator/components/src/passphrase-settings.component.html b/libs/tools/generator/components/src/passphrase-settings.component.html
index 25e9684e864..d089de7a07b 100644
--- a/libs/tools/generator/components/src/passphrase-settings.component.html
+++ b/libs/tools/generator/components/src/passphrase-settings.component.html
@@ -8,6 +8,7 @@
         <bit-form-field disableMargin>
           <bit-label>{{ "numWords" | i18n }}</bit-label>
           <input bitInput formControlName="numWords" id="num-words" type="number" />
+          <bit-hint>{{ numWordsBoundariesHint$ | async }}</bit-hint>
         </bit-form-field>
       </bit-card>
     </div>
diff --git a/libs/tools/generator/components/src/passphrase-settings.component.ts b/libs/tools/generator/components/src/passphrase-settings.component.ts
index 4c171e0c205..d65e897f4e1 100644
--- a/libs/tools/generator/components/src/passphrase-settings.component.ts
+++ b/libs/tools/generator/components/src/passphrase-settings.component.ts
@@ -1,9 +1,10 @@
 import { coerceBooleanProperty } from "@angular/cdk/coercion";
 import { OnInit, Input, Output, EventEmitter, Component, OnDestroy } from "@angular/core";
 import { FormBuilder } from "@angular/forms";
-import { BehaviorSubject, skip, takeUntil, Subject } from "rxjs";
+import { BehaviorSubject, skip, takeUntil, Subject, ReplaySubject } from "rxjs";
 
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { UserId } from "@bitwarden/common/types/guid";
 import {
   Generators,
@@ -29,11 +30,13 @@ export class PassphraseSettingsComponent implements OnInit, OnDestroy {
   /** Instantiates the component
    *  @param accountService queries user availability
    *  @param generatorService settings and policy logic
+   *  @param i18nService localize hints
    *  @param formBuilder reactive form controls
    */
   constructor(
     private formBuilder: FormBuilder,
     private generatorService: CredentialGeneratorService,
+    private i18nService: I18nService,
     private accountService: AccountService,
   ) {}
 
@@ -97,6 +100,13 @@ export class PassphraseSettingsComponent implements OnInit, OnDestroy {
 
         this.toggleEnabled(Controls.capitalize, !constraints.capitalize?.readonly);
         this.toggleEnabled(Controls.includeNumber, !constraints.includeNumber?.readonly);
+
+        const boundariesHint = this.i18nService.t(
+          "generatorBoundariesHint",
+          constraints.numWords.min,
+          constraints.numWords.max,
+        );
+        this.numWordsBoundariesHint.next(boundariesHint);
       });
 
     // now that outputs are set up, connect inputs
@@ -106,6 +116,11 @@ export class PassphraseSettingsComponent implements OnInit, OnDestroy {
   /** display binding for enterprise policy notice */
   protected policyInEffect: boolean;
 
+  private numWordsBoundariesHint = new ReplaySubject<string>(1);
+
+  /** display binding for min/max constraints of `numWords` */
+  protected numWordsBoundariesHint$ = this.numWordsBoundariesHint.asObservable();
+
   private toggleEnabled(setting: keyof typeof Controls, enabled: boolean) {
     if (enabled) {
       this.settings.get(setting).enable({ emitEvent: false });
diff --git a/libs/tools/generator/components/src/password-settings.component.html b/libs/tools/generator/components/src/password-settings.component.html
index 5e1d1941e74..aa12a3247c3 100644
--- a/libs/tools/generator/components/src/password-settings.component.html
+++ b/libs/tools/generator/components/src/password-settings.component.html
@@ -8,6 +8,7 @@
         <bit-form-field disableMargin>
           <bit-label>{{ "length" | i18n }}</bit-label>
           <input bitInput formControlName="length" type="number" />
+          <bit-hint>{{ lengthBoundariesHint$ | async }}</bit-hint>
         </bit-form-field>
       </bit-card>
     </div>
diff --git a/libs/tools/generator/components/src/password-settings.component.ts b/libs/tools/generator/components/src/password-settings.component.ts
index 7832818d678..6e9d106b71a 100644
--- a/libs/tools/generator/components/src/password-settings.component.ts
+++ b/libs/tools/generator/components/src/password-settings.component.ts
@@ -1,9 +1,10 @@
 import { coerceBooleanProperty } from "@angular/cdk/coercion";
 import { OnInit, Input, Output, EventEmitter, Component, OnDestroy } from "@angular/core";
 import { FormBuilder } from "@angular/forms";
-import { BehaviorSubject, takeUntil, Subject, map, filter, tap, skip } from "rxjs";
+import { BehaviorSubject, takeUntil, Subject, map, filter, tap, skip, ReplaySubject } from "rxjs";
 
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { UserId } from "@bitwarden/common/types/guid";
 import {
   Generators,
@@ -33,11 +34,13 @@ export class PasswordSettingsComponent implements OnInit, OnDestroy {
   /** Instantiates the component
    *  @param accountService queries user availability
    *  @param generatorService settings and policy logic
+   *  @param i18nService localize hints
    *  @param formBuilder reactive form controls
    */
   constructor(
     private formBuilder: FormBuilder,
     private generatorService: CredentialGeneratorService,
+    private i18nService: I18nService,
     private accountService: AccountService,
   ) {}
 
@@ -147,6 +150,13 @@ export class PasswordSettingsComponent implements OnInit, OnDestroy {
         for (const [control, enabled] of toggles) {
           this.toggleEnabled(control, enabled);
         }
+
+        const boundariesHint = this.i18nService.t(
+          "generatorBoundariesHint",
+          constraints.length.min,
+          constraints.length.max,
+        );
+        this.lengthBoundariesHint.next(boundariesHint);
       });
 
     // cascade selections between checkboxes and spinboxes
@@ -208,6 +218,11 @@ export class PasswordSettingsComponent implements OnInit, OnDestroy {
   /** display binding for enterprise policy notice */
   protected policyInEffect: boolean;
 
+  private lengthBoundariesHint = new ReplaySubject<string>(1);
+
+  /** display binding for min/max constraints of `length` */
+  protected lengthBoundariesHint$ = this.lengthBoundariesHint.asObservable();
+
   private toggleEnabled(setting: keyof typeof Controls, enabled: boolean) {
     if (enabled) {
       this.settings.get(setting).enable({ emitEvent: false });

From 95e8e0c9bf72aba45f8ab52a7d010d3e3c17d11f Mon Sep 17 00:00:00 2001
From: Daniel James Smith <2670567+djsmith85@users.noreply.github.com>
Date: Mon, 28 Oct 2024 21:55:35 +0100
Subject: [PATCH 17/39] Remove duplicate entries from web messages.json
 (#11761)

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
---
 apps/web/src/locales/en/messages.json | 36 ---------------------------
 1 file changed, 36 deletions(-)

diff --git a/apps/web/src/locales/en/messages.json b/apps/web/src/locales/en/messages.json
index eead4fd80d6..aa7bce04312 100644
--- a/apps/web/src/locales/en/messages.json
+++ b/apps/web/src/locales/en/messages.json
@@ -1583,38 +1583,6 @@
   "specialCharacters": {
     "message": "Special characters (!@#$%^&*)"
   },
-  "uppercaseDescription": {
-    "message": "Include uppercase characters",
-    "description": "Tooltip for the password generator uppercase character checkbox"
-  },
-  "uppercaseLabel": {
-    "message": "A-Z",
-    "description": "Label for the password generator uppercase character checkbox"
-  },
-  "lowercaseDescription": {
-    "message": "Include lowercase characters",
-    "description": "Full description for the password generator lowercase character checkbox"
-  },
-  "lowercaseLabel": {
-    "message": "a-z",
-    "description": "Label for the password generator lowercase character checkbox"
-  },
-  "numbersDescription": {
-    "message": "Include numbers",
-    "description": "Full description for the password generator numbers checkbox"
-  },
-  "numbersLabel": {
-    "message": "0-9",
-    "description": "Label for the password generator numbers checkbox"
-  },
-  "specialCharactersDescription": {
-    "message": "Include special characters",
-    "description": "Full description for the password generator special characters checkbox"
-  },
-  "specialCharactersLabel": {
-    "message": "!@#$%^&*",
-    "description": "Label for the password generator special characters checkbox"
-  },
   "numWords": {
     "message": "Number of words"
   },
@@ -9529,10 +9497,6 @@
     "message": "!@#$%^&*",
     "description": "Label for the password generator special characters checkbox"
   },
-  "avoidAmbiguous": {
-    "message": "Avoid ambiguous characters",
-    "description": "Label for the avoid ambiguous characters checkbox."
-  },
   "addAttachment": {
     "message": "Add attachment"
   },

From 9da80a6cbae6de1be27944b2c50e21c924191302 Mon Sep 17 00:00:00 2001
From: Alec Rippberger <127791530+alec-livefront@users.noreply.github.com>
Date: Mon, 28 Oct 2024 16:12:57 -0500
Subject: [PATCH 18/39] [PM-8115] Desktop, Extension UI Refresh: Self-hosted
 Setup Dialog (#11597)

* Reimplement RegistrationSelfHostedEnvConfigDialogComponent

* Update EnvironmentSelectorComponent text based on feature flag.

* Initialize RegistrationSelfHostedEnvConfigDialog with existing values if self hosted

* Cleanup debug

* Add comment

* Remove changes to home and login components

* Remove changes to desktop login component

* Remove changes to browser home component

* Simplify accessing string.

* Add environment selector service.

* Cleanup unused imports in environment-selector

* Launch new env selector dialog from desktop

* Fix lint errors

* Address PR feedback: move dialog component, remove EnvironmentSelectorService, remove unused translation string

* Remove changes to AnonLayout

* PM-8115 - Export Re-usable component from Libs/auth for clean import elsewhere in clients.

* Remove unused accessingString variable

* Add success toast

---------

Co-authored-by: Jared Snider <jsnider@bitwarden.com>
---
 apps/browser/src/_locales/en/messages.json    |  3 --
 apps/desktop/src/locales/en/messages.json     |  3 --
 .../environment-selector.component.html       |  2 +-
 .../environment-selector.component.ts         | 33 ++++++++++++++--
 libs/auth/src/angular/index.ts                |  3 ++
 .../registration-env-selector.component.ts    |  6 +--
 ...f-hosted-env-config-dialog.component.html} |  0
 ...elf-hosted-env-config-dialog.component.ts} | 38 ++++++++++++++++---
 8 files changed, 67 insertions(+), 21 deletions(-)
 rename libs/auth/src/angular/{registration/registration-env-selector/registration-self-hosted-env-config-dialog.component.html => self-hosted-env-config-dialog/self-hosted-env-config-dialog.component.html} (100%)
 rename libs/auth/src/angular/{registration/registration-env-selector/registration-self-hosted-env-config-dialog.component.ts => self-hosted-env-config-dialog/self-hosted-env-config-dialog.component.ts} (77%)

diff --git a/apps/browser/src/_locales/en/messages.json b/apps/browser/src/_locales/en/messages.json
index 0e4c0da2452..92fabdae3ee 100644
--- a/apps/browser/src/_locales/en/messages.json
+++ b/apps/browser/src/_locales/en/messages.json
@@ -3234,9 +3234,6 @@
       }
     }
   },
-  "loggingInOn": {
-    "message": "Logging in on"
-  },
   "opensInANewWindow": {
     "message": "Opens in a new window"
   },
diff --git a/apps/desktop/src/locales/en/messages.json b/apps/desktop/src/locales/en/messages.json
index 414f254e7ad..83aaf2157d7 100644
--- a/apps/desktop/src/locales/en/messages.json
+++ b/apps/desktop/src/locales/en/messages.json
@@ -2804,9 +2804,6 @@
     "message": "EU",
     "description": "European Union"
   },
-  "loggingInOn": {
-    "message": "Logging in on"
-  },
   "selfHostedServer": {
     "message": "self-hosted"
   },
diff --git a/libs/angular/src/auth/components/environment-selector.component.html b/libs/angular/src/auth/components/environment-selector.component.html
index 673f6479849..6a93e2a221a 100644
--- a/libs/angular/src/auth/components/environment-selector.component.html
+++ b/libs/angular/src/auth/components/environment-selector.component.html
@@ -4,7 +4,7 @@
   } as data"
 >
   <div class="environment-selector-btn">
-    {{ "loggingInOn" | i18n }}:
+    {{ "accessing" | i18n }}:
     <button
       type="button"
       (click)="toggle(null)"
diff --git a/libs/angular/src/auth/components/environment-selector.component.ts b/libs/angular/src/auth/components/environment-selector.component.ts
index 706ecf7a81f..fa81f1d2c01 100644
--- a/libs/angular/src/auth/components/environment-selector.component.ts
+++ b/libs/angular/src/auth/components/environment-selector.component.ts
@@ -1,14 +1,19 @@
 import { animate, state, style, transition, trigger } from "@angular/animations";
 import { ConnectedPosition } from "@angular/cdk/overlay";
 import { Component, EventEmitter, Output, Input, OnInit, OnDestroy } from "@angular/core";
-import { Router, ActivatedRoute } from "@angular/router";
+import { ActivatedRoute } from "@angular/router";
 import { Observable, map, Subject, takeUntil } from "rxjs";
 
+import { SelfHostedEnvConfigDialogComponent } from "@bitwarden/auth/angular";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import {
   EnvironmentService,
   Region,
   RegionConfig,
 } from "@bitwarden/common/platform/abstractions/environment.service";
+import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
+import { DialogService, ToastService } from "@bitwarden/components";
 
 export const ExtensionDefaultOverlayPosition: ConnectedPosition[] = [
   {
@@ -56,7 +61,7 @@ export interface EnvironmentSelectorRouteData {
   ],
 })
 export class EnvironmentSelectorComponent implements OnInit, OnDestroy {
-  @Output() onOpenSelfHostedSettings = new EventEmitter();
+  @Output() onOpenSelfHostedSettings = new EventEmitter<void>();
   @Input() overlayPosition: ConnectedPosition[] = [
     {
       originX: "start",
@@ -79,8 +84,11 @@ export class EnvironmentSelectorComponent implements OnInit, OnDestroy {
 
   constructor(
     protected environmentService: EnvironmentService,
-    protected router: Router,
     private route: ActivatedRoute,
+    private dialogService: DialogService,
+    private configService: ConfigService,
+    private toastService: ToastService,
+    private i18nService: I18nService,
   ) {}
 
   ngOnInit() {
@@ -102,8 +110,25 @@ export class EnvironmentSelectorComponent implements OnInit, OnDestroy {
       return;
     }
 
+    /**
+     * Opens the self-hosted settings dialog.
+     *
+     * If the `UnauthenticatedExtensionUIRefresh` feature flag is enabled,
+     * the self-hosted settings dialog is opened directly. Otherwise, the
+     * `onOpenSelfHostedSettings` event is emitted.
+     */
     if (option === Region.SelfHosted) {
-      this.onOpenSelfHostedSettings.emit();
+      if (await this.configService.getFeatureFlag(FeatureFlag.UnauthenticatedExtensionUIRefresh)) {
+        if (await SelfHostedEnvConfigDialogComponent.open(this.dialogService)) {
+          this.toastService.showToast({
+            variant: "success",
+            title: null,
+            message: this.i18nService.t("environmentSaved"),
+          });
+        }
+      } else {
+        this.onOpenSelfHostedSettings.emit();
+      }
       return;
     }
 
diff --git a/libs/auth/src/angular/index.ts b/libs/auth/src/angular/index.ts
index ef77a7ab5af..d3d9e600918 100644
--- a/libs/auth/src/angular/index.ts
+++ b/libs/auth/src/angular/index.ts
@@ -55,3 +55,6 @@ export * from "./lock/lock-component.service";
 
 // vault timeout
 export * from "./vault-timeout-input/vault-timeout-input.component";
+
+// self hosted environment configuration dialog
+export * from "./self-hosted-env-config-dialog/self-hosted-env-config-dialog.component";
diff --git a/libs/auth/src/angular/registration/registration-env-selector/registration-env-selector.component.ts b/libs/auth/src/angular/registration/registration-env-selector/registration-env-selector.component.ts
index d5e588cdd96..0fe88552653 100644
--- a/libs/auth/src/angular/registration/registration-env-selector/registration-env-selector.component.ts
+++ b/libs/auth/src/angular/registration/registration-env-selector/registration-env-selector.component.ts
@@ -15,7 +15,7 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { DialogService, FormFieldModule, SelectModule, ToastService } from "@bitwarden/components";
 
-import { RegistrationSelfHostedEnvConfigDialogComponent } from "./registration-self-hosted-env-config-dialog.component";
+import { SelfHostedEnvConfigDialogComponent } from "../../self-hosted-env-config-dialog/self-hosted-env-config-dialog.component";
 
 /**
  * Component for selecting the environment to register with in the email verification registration flow.
@@ -125,9 +125,7 @@ export class RegistrationEnvSelectorComponent implements OnInit, OnDestroy {
             }
 
             if (selectedRegion === Region.SelfHosted) {
-              return from(
-                RegistrationSelfHostedEnvConfigDialogComponent.open(this.dialogService),
-              ).pipe(
+              return from(SelfHostedEnvConfigDialogComponent.open(this.dialogService)).pipe(
                 tap((result: boolean | undefined) =>
                   this.handleSelfHostedEnvConfigDialogResult(result, prevSelectedRegion),
                 ),
diff --git a/libs/auth/src/angular/registration/registration-env-selector/registration-self-hosted-env-config-dialog.component.html b/libs/auth/src/angular/self-hosted-env-config-dialog/self-hosted-env-config-dialog.component.html
similarity index 100%
rename from libs/auth/src/angular/registration/registration-env-selector/registration-self-hosted-env-config-dialog.component.html
rename to libs/auth/src/angular/self-hosted-env-config-dialog/self-hosted-env-config-dialog.component.html
diff --git a/libs/auth/src/angular/registration/registration-env-selector/registration-self-hosted-env-config-dialog.component.ts b/libs/auth/src/angular/self-hosted-env-config-dialog/self-hosted-env-config-dialog.component.ts
similarity index 77%
rename from libs/auth/src/angular/registration/registration-env-selector/registration-self-hosted-env-config-dialog.component.ts
rename to libs/auth/src/angular/self-hosted-env-config-dialog/self-hosted-env-config-dialog.component.ts
index 2bedb4b3583..781dd0f154c 100644
--- a/libs/auth/src/angular/registration/registration-env-selector/registration-self-hosted-env-config-dialog.component.ts
+++ b/libs/auth/src/angular/self-hosted-env-config-dialog/self-hosted-env-config-dialog.component.ts
@@ -10,7 +10,7 @@ import {
   ValidationErrors,
   ValidatorFn,
 } from "@angular/forms";
-import { Subject, firstValueFrom } from "rxjs";
+import { Subject, firstValueFrom, take, filter, takeUntil } from "rxjs";
 
 import { JslibModule } from "@bitwarden/angular/jslib.module";
 import {
@@ -54,8 +54,8 @@ function selfHostedEnvSettingsFormValidator(): ValidatorFn {
  */
 @Component({
   standalone: true,
-  selector: "auth-registration-self-hosted-env-config-dialog",
-  templateUrl: "registration-self-hosted-env-config-dialog.component.html",
+  selector: "self-hosted-env-config-dialog",
+  templateUrl: "self-hosted-env-config-dialog.component.html",
   imports: [
     CommonModule,
     JslibModule,
@@ -68,14 +68,14 @@ function selfHostedEnvSettingsFormValidator(): ValidatorFn {
     AsyncActionsModule,
   ],
 })
-export class RegistrationSelfHostedEnvConfigDialogComponent implements OnInit, OnDestroy {
+export class SelfHostedEnvConfigDialogComponent implements OnInit, OnDestroy {
   /**
    * Opens the dialog.
    * @param dialogService - Dialog service.
    * @returns Promise that resolves to true if the dialog was closed with a successful result, false otherwise.
    */
   static async open(dialogService: DialogService): Promise<boolean> {
-    const dialogRef = dialogService.open<boolean>(RegistrationSelfHostedEnvConfigDialogComponent, {
+    const dialogRef = dialogService.open<boolean>(SelfHostedEnvConfigDialogComponent, {
       disableClose: false,
     });
 
@@ -131,7 +131,33 @@ export class RegistrationSelfHostedEnvConfigDialogComponent implements OnInit, O
     private environmentService: EnvironmentService,
   ) {}
 
-  ngOnInit() {}
+  ngOnInit() {
+    /**
+     * Populate the form with the current self-hosted environment settings.
+     */
+    this.environmentService.environment$
+      .pipe(
+        take(1),
+        filter((env) => {
+          const region = env.getRegion();
+          return region === Region.SelfHosted;
+        }),
+        takeUntil(this.destroy$),
+      )
+      .subscribe({
+        next: (env) => {
+          const urls = env.getUrls();
+          this.formGroup.patchValue({
+            baseUrl: urls.base || "",
+            webVaultUrl: urls.webVault || "",
+            apiUrl: urls.api || "",
+            identityUrl: urls.identity || "",
+            iconsUrl: urls.icons || "",
+            notificationsUrl: urls.notifications || "",
+          });
+        },
+      });
+  }
 
   submit = async () => {
     this.showErrorSummary = false;

From 3fe84b041a17c8c9fe360a6cd73e700c26e1c32f Mon Sep 17 00:00:00 2001
From: Cesar Gonzalez <cesar.a.gonzalezcs@gmail.com>
Date: Mon, 28 Oct 2024 16:43:06 -0500
Subject: [PATCH 19/39] [PM-14054] Fix scroll based re-positioning of the
 inline menu within iframes after setting is changed to on button click
 (#11763)

---
 .../browser/src/autofill/background/overlay.background.ts | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/apps/browser/src/autofill/background/overlay.background.ts b/apps/browser/src/autofill/background/overlay.background.ts
index 6fb4589baa1..c1dc359e945 100644
--- a/apps/browser/src/autofill/background/overlay.background.ts
+++ b/apps/browser/src/autofill/background/overlay.background.ts
@@ -1009,7 +1009,10 @@ export class OverlayBackground implements OverlayBackgroundInterface {
       this.logService.error(error),
     );
 
-    if ((await this.getInlineMenuVisibility()) === AutofillOverlayVisibility.OnButtonClick) {
+    if (
+      (await this.getInlineMenuVisibility()) === AutofillOverlayVisibility.OnButtonClick &&
+      !this.isInlineMenuListVisible
+    ) {
       return;
     }
 
@@ -2579,7 +2582,7 @@ export class OverlayBackground implements OverlayBackgroundInterface {
    * @param sender
    */
   private resetFocusedFieldSubFrameOffsets(sender: chrome.runtime.MessageSender) {
-    if (this.focusedFieldData.frameId > 0 && this.subFrameOffsetsForTab[sender.tab.id]) {
+    if (this.focusedFieldData?.frameId > 0 && this.subFrameOffsetsForTab[sender.tab.id]) {
       this.subFrameOffsetsForTab[sender.tab.id].set(this.focusedFieldData.frameId, null);
     }
   }
@@ -2592,6 +2595,7 @@ export class OverlayBackground implements OverlayBackgroundInterface {
    */
   private async triggerSubFrameFocusInRebuild(sender: chrome.runtime.MessageSender) {
     this.cancelInlineMenuFadeInAndPositionUpdate();
+    this.resetFocusedFieldSubFrameOffsets(sender);
     this.rebuildSubFrameOffsets$.next(sender);
     this.repositionInlineMenu$.next(sender);
   }

From 11f18c478e222eb0a318e6a28e60fb9de5794197 Mon Sep 17 00:00:00 2001
From: Cesar Gonzalez <cesar.a.gonzalezcs@gmail.com>
Date: Mon, 28 Oct 2024 17:05:10 -0500
Subject: [PATCH 20/39] [PM-14054] Fix scroll based re positioning when inline
 menu settings change occurs (#11765)

---
 .../src/autofill/background/overlay.background.spec.ts        | 3 +++
 apps/browser/src/autofill/background/overlay.background.ts    | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/apps/browser/src/autofill/background/overlay.background.spec.ts b/apps/browser/src/autofill/background/overlay.background.spec.ts
index ebd73fa4cc0..d59ed447dde 100644
--- a/apps/browser/src/autofill/background/overlay.background.spec.ts
+++ b/apps/browser/src/autofill/background/overlay.background.spec.ts
@@ -629,6 +629,9 @@ describe("OverlayBackground", () => {
 
           it("skips updating the inline menu list if the user has the inline menu set to open on button click", async () => {
             inlineMenuVisibilityMock$.next(AutofillOverlayVisibility.OnButtonClick);
+            jest
+              .spyOn(overlayBackground as any, "checkIsInlineMenuListVisible")
+              .mockReturnValue(false);
             tabsSendMessageSpy.mockImplementation((_tab, message, _options) => {
               if (message.command === "checkFocusedFieldHasValue") {
                 return Promise.resolve(true);
diff --git a/apps/browser/src/autofill/background/overlay.background.ts b/apps/browser/src/autofill/background/overlay.background.ts
index c1dc359e945..41791b3b75f 100644
--- a/apps/browser/src/autofill/background/overlay.background.ts
+++ b/apps/browser/src/autofill/background/overlay.background.ts
@@ -1010,8 +1010,8 @@ export class OverlayBackground implements OverlayBackgroundInterface {
     );
 
     if (
-      (await this.getInlineMenuVisibility()) === AutofillOverlayVisibility.OnButtonClick &&
-      !this.isInlineMenuListVisible
+      !this.checkIsInlineMenuListVisible() &&
+      (await this.getInlineMenuVisibility()) === AutofillOverlayVisibility.OnButtonClick
     ) {
       return;
     }

From 3736f6854cae341af0e4d09fc11d31d9f423104b Mon Sep 17 00:00:00 2001
From: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Date: Tue, 29 Oct 2024 09:51:03 +1000
Subject: [PATCH 21/39] Add getUserId and getOptionalUserId rxjs functions
 (#11741)

---
 .../src/auth/services/account.service.ts       | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/libs/common/src/auth/services/account.service.ts b/libs/common/src/auth/services/account.service.ts
index dceec2cbf13..04a0c62dd93 100644
--- a/libs/common/src/auth/services/account.service.ts
+++ b/libs/common/src/auth/services/account.service.ts
@@ -45,6 +45,24 @@ const LOGGED_OUT_INFO: AccountInfo = {
   name: undefined,
 };
 
+/**
+ * An rxjs map operator that extracts the UserId from an account, or throws if the account or UserId are null.
+ */
+export const getUserId = map<{ id: UserId | undefined }, UserId>((account) => {
+  if (account?.id == null) {
+    throw new Error("Null account or account ID");
+  }
+
+  return account.id;
+});
+
+/**
+ * An rxjs map operator that extracts the UserId from an account, or returns undefined if the account or UserId are null.
+ */
+export const getOptionalUserId = map<{ id: UserId | undefined }, UserId | undefined>(
+  (account) => account?.id ?? undefined,
+);
+
 export class AccountServiceImplementation implements InternalAccountService {
   private accountsState: GlobalState<Record<UserId, AccountInfo>>;
   private activeAccountIdState: GlobalState<UserId | undefined>;

From c8862174d57ceeb0c0535bc1cee5ab9012374c8f Mon Sep 17 00:00:00 2001
From: "bw-ghapp[bot]" <178206702+bw-ghapp[bot]@users.noreply.github.com>
Date: Tue, 29 Oct 2024 13:40:55 +0000
Subject: [PATCH 22/39] Bumped client version(s) (#11767)

Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
---
 apps/desktop/package.json          | 2 +-
 apps/desktop/src/package-lock.json | 4 ++--
 apps/desktop/src/package.json      | 2 +-
 package-lock.json                  | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/desktop/package.json b/apps/desktop/package.json
index 1c1d7d88312..8c89da0e85f 100644
--- a/apps/desktop/package.json
+++ b/apps/desktop/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@bitwarden/desktop",
   "description": "A secure and free password manager for all of your devices.",
-  "version": "2024.10.2",
+  "version": "2024.10.3",
   "keywords": [
     "bitwarden",
     "password",
diff --git a/apps/desktop/src/package-lock.json b/apps/desktop/src/package-lock.json
index da48e903e3e..092a8c97618 100644
--- a/apps/desktop/src/package-lock.json
+++ b/apps/desktop/src/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@bitwarden/desktop",
-  "version": "2024.10.2",
+  "version": "2024.10.3",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@bitwarden/desktop",
-      "version": "2024.10.2",
+      "version": "2024.10.3",
       "license": "GPL-3.0",
       "dependencies": {
         "@bitwarden/desktop-napi": "file:../desktop_native/napi",
diff --git a/apps/desktop/src/package.json b/apps/desktop/src/package.json
index 72d77b71b4f..5e27de5f415 100644
--- a/apps/desktop/src/package.json
+++ b/apps/desktop/src/package.json
@@ -2,7 +2,7 @@
   "name": "@bitwarden/desktop",
   "productName": "Bitwarden",
   "description": "A secure and free password manager for all of your devices.",
-  "version": "2024.10.2",
+  "version": "2024.10.3",
   "author": "Bitwarden Inc. <hello@bitwarden.com> (https://bitwarden.com)",
   "homepage": "https://bitwarden.com",
   "license": "GPL-3.0",
diff --git a/package-lock.json b/package-lock.json
index cef8d595a8d..ccf6ea3d2a9 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -234,7 +234,7 @@
     },
     "apps/desktop": {
       "name": "@bitwarden/desktop",
-      "version": "2024.10.2",
+      "version": "2024.10.3",
       "hasInstallScript": true,
       "license": "GPL-3.0"
     },

From e39ab59fa8bd280cc4c3b8acab36cb63cb5e4324 Mon Sep 17 00:00:00 2001
From: Brandon Treston <btreston@bitwarden.com>
Date: Tue, 29 Oct 2024 10:08:33 -0400
Subject: [PATCH 23/39] convert timeout values to strings (#11760)

---
 .../auth/popup/settings/account-security-v1.component.ts    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/apps/browser/src/auth/popup/settings/account-security-v1.component.ts b/apps/browser/src/auth/popup/settings/account-security-v1.component.ts
index db45b3adb73..9d8a2ac4c88 100644
--- a/apps/browser/src/auth/popup/settings/account-security-v1.component.ts
+++ b/apps/browser/src/auth/popup/settings/account-security-v1.component.ts
@@ -57,7 +57,7 @@ export class AccountSecurityComponent implements OnInit, OnDestroy {
   availableVaultTimeoutActions: VaultTimeoutAction[] = [];
   vaultTimeoutOptions: VaultTimeoutOption[];
   vaultTimeoutPolicyCallout: Observable<{
-    timeout: { hours: number; minutes: number };
+    timeout: { hours: string; minutes: string };
     action: VaultTimeoutAction;
   }>;
   supportsBiometric: boolean;
@@ -105,8 +105,8 @@ export class AccountSecurityComponent implements OnInit, OnDestroy {
         let timeout;
         if (policy.data?.minutes) {
           timeout = {
-            hours: Math.floor(policy.data?.minutes / 60),
-            minutes: policy.data?.minutes % 60,
+            hours: Math.floor(policy.data?.minutes / 60).toString(),
+            minutes: (policy.data?.minutes % 60).toString(),
           };
         }
         return { timeout: timeout, action: policy.data?.action };

From 021efa2c90be060bb66aec01aefd00068a50abdf Mon Sep 17 00:00:00 2001
From: Andreas Coroiu <acoroiu@bitwarden.com>
Date: Tue, 29 Oct 2024 16:00:02 +0100
Subject: [PATCH 24/39] Document `firstValueFrom` not being supported (#11769)

---
 libs/common/src/platform/abstractions/sdk/sdk.service.ts | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libs/common/src/platform/abstractions/sdk/sdk.service.ts b/libs/common/src/platform/abstractions/sdk/sdk.service.ts
index 5e4e4cb4cbe..04be8a992d0 100644
--- a/libs/common/src/platform/abstractions/sdk/sdk.service.ts
+++ b/libs/common/src/platform/abstractions/sdk/sdk.service.ts
@@ -20,6 +20,11 @@ export abstract class SdkService {
    * Retrieve a client initialized for a specific user.
    * This client can be used for operations that require a user context, such as retrieving ciphers
    * and operations involving crypto. It can also be used for operations that don't require a user context.
+   *
+   * **WARNING:** Do not use `firstValueFrom(userClient$)`! Any operations on the client must be done within the observable.
+   * The client will be destroyed when the observable is no longer subscribed to.
+   * Please let platform know if you need a client that is not destroyed when the observable is no longer subscribed to.
+   *
    * @param userId
    */
   abstract userClient$(userId: UserId): Observable<BitwardenClient>;

From b391c291dfd9682193cbb302db5d4c072c53a625 Mon Sep 17 00:00:00 2001
From: Victoria League <vleague@bitwarden.com>
Date: Tue, 29 Oct 2024 11:10:29 -0400
Subject: [PATCH 25/39] [CL-475] Use buttons instead of anchors for popup tab
 navigation (#11643)

---
 .../popup-tab-navigation.component.html       | 56 ++++++++++---------
 1 file changed, 31 insertions(+), 25 deletions(-)

diff --git a/apps/browser/src/platform/popup/layout/popup-tab-navigation.component.html b/apps/browser/src/platform/popup/layout/popup-tab-navigation.component.html
index 972a60d31ad..a5e08133fe2 100644
--- a/apps/browser/src/platform/popup/layout/popup-tab-navigation.component.html
+++ b/apps/browser/src/platform/popup/layout/popup-tab-navigation.component.html
@@ -3,30 +3,36 @@
 </div>
 <footer class="tw-bg-background tw-border-0 tw-border-t tw-border-secondary-300 tw-border-solid">
   <div class="tw-max-w-screen-sm tw-mx-auto">
-    <div class="tw-flex tw-flex-1">
-      <a
-        *ngFor="let button of navButtons"
-        class="tw-flex-1 tw-group tw-flex tw-flex-col tw-items-center tw-gap-1 tw-px-0.5 tw-pb-2 tw-pt-3 tw-no-underline hover:tw-no-underline hover:tw-text-primary-600 hover:tw-bg-primary-100 tw-border-2 tw-border-solid tw-border-transparent focus-visible:tw-rounded-lg focus-visible:tw-border-primary-500"
-        [ngClass]="rla.isActive ? 'tw-font-bold tw-text-primary-600' : 'tw-text-muted'"
-        [title]="button.label"
-        [routerLink]="button.page"
-        routerLinkActive
-        #rla="routerLinkActive"
-        ariaCurrentWhenActive="page"
-      >
-        <i *ngIf="!rla.isActive" class="bwi bwi-lg bwi-{{ button.iconKey }}" aria-hidden="true"></i>
-        <i
-          *ngIf="rla.isActive"
-          class="bwi bwi-lg bwi-{{ button.iconKeyActive }}"
-          aria-hidden="true"
-        ></i>
-        <span
-          class="tw-truncate tw-max-w-full"
-          [ngClass]="!rla.isActive && 'group-hover:tw-underline'"
-        >
-          {{ button.label }}
-        </span>
-      </a>
-    </div>
+    <nav>
+      <ul class="tw-flex tw-flex-1 tw-mb-0 tw-p-0">
+        <li *ngFor="let button of navButtons" class="tw-flex-1 tw-list-none">
+          <button
+            class="tw-w-full tw-flex tw-flex-col tw-items-center tw-gap-1 tw-px-0.5 tw-pb-2 tw-pt-3 tw-bg-transparent tw-no-underline hover:tw-no-underline hover:tw-text-primary-600 hover:tw-bg-primary-100 tw-border-2 tw-border-solid tw-border-transparent focus-visible:tw-rounded-lg focus-visible:tw-border-primary-600"
+            [ngClass]="rla.isActive ? 'tw-font-bold tw-text-primary-600' : 'tw-text-muted'"
+            [title]="button.label"
+            [routerLink]="button.page"
+            routerLinkActive
+            #rla="routerLinkActive"
+            ariaCurrentWhenActive="page"
+            type="button"
+            role="link"
+          >
+            <i
+              *ngIf="!rla.isActive"
+              class="bwi bwi-lg bwi-{{ button.iconKey }}"
+              aria-hidden="true"
+            ></i>
+            <i
+              *ngIf="rla.isActive"
+              class="bwi bwi-lg bwi-{{ button.iconKeyActive }}"
+              aria-hidden="true"
+            ></i>
+            <span class="tw-truncate tw-max-w-full">
+              {{ button.label }}
+            </span>
+          </button>
+        </li>
+      </ul>
+    </nav>
   </div>
 </footer>

From d50e8bbf4c73342364f6b89a7c86ba28fb8f3bab Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Tue, 29 Oct 2024 19:46:09 +0100
Subject: [PATCH 26/39] Add linux .desktop file (#11774)

---
 apps/desktop/resources/com.bitwarden.desktop.desktop | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 apps/desktop/resources/com.bitwarden.desktop.desktop

diff --git a/apps/desktop/resources/com.bitwarden.desktop.desktop b/apps/desktop/resources/com.bitwarden.desktop.desktop
new file mode 100644
index 00000000000..d61387f3e82
--- /dev/null
+++ b/apps/desktop/resources/com.bitwarden.desktop.desktop
@@ -0,0 +1,11 @@
+[Desktop Entry]
+Name=Bitwarden
+Exec=bitwarden %u
+Terminal=false
+Type=Application
+Icon=com.bitwarden.desktop
+StartupWMClass=Bitwarden
+GenericName=Password Manager
+Comment=A secure and free password manager for all of your devices.
+MimeType=x-scheme-handler/bitwarden;
+Categories=System;Security;

From 896d19551af906a7af367cd772fcd7c639939292 Mon Sep 17 00:00:00 2001
From: Cesar Gonzalez <cesar.a.gonzalezcs@gmail.com>
Date: Tue, 29 Oct 2024 16:55:40 -0500
Subject: [PATCH 27/39] [PM-14054] Fixing scroll-based repositioning of inline
 menu when inline menu is focused (#11770)

---
 .../src/autofill/content/bootstrap-autofill-overlay-menu.ts | 1 +
 .../src/autofill/content/bootstrap-autofill-overlay.ts      | 1 +
 .../services/autofill-overlay-content.service.spec.ts       | 6 +++++-
 .../autofill/services/autofill-overlay-content.service.ts   | 5 ++++-
 4 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/apps/browser/src/autofill/content/bootstrap-autofill-overlay-menu.ts b/apps/browser/src/autofill/content/bootstrap-autofill-overlay-menu.ts
index 35930647921..cd22e1e5353 100644
--- a/apps/browser/src/autofill/content/bootstrap-autofill-overlay-menu.ts
+++ b/apps/browser/src/autofill/content/bootstrap-autofill-overlay-menu.ts
@@ -21,6 +21,7 @@ import AutofillInit from "./autofill-init";
       domQueryService,
       domElementVisibilityService,
       inlineMenuFieldQualificationService,
+      inlineMenuContentService,
     );
 
     windowContext.bitwardenAutofillInit = new AutofillInit(
diff --git a/apps/browser/src/autofill/content/bootstrap-autofill-overlay.ts b/apps/browser/src/autofill/content/bootstrap-autofill-overlay.ts
index 174a695b769..11c8e4afd66 100644
--- a/apps/browser/src/autofill/content/bootstrap-autofill-overlay.ts
+++ b/apps/browser/src/autofill/content/bootstrap-autofill-overlay.ts
@@ -24,6 +24,7 @@ import AutofillInit from "./autofill-init";
       domQueryService,
       domElementVisibilityService,
       inlineMenuFieldQualificationService,
+      inlineMenuContentService,
     );
 
     windowContext.bitwardenAutofillInit = new AutofillInit(
diff --git a/apps/browser/src/autofill/services/autofill-overlay-content.service.spec.ts b/apps/browser/src/autofill/services/autofill-overlay-content.service.spec.ts
index 91ad63955c7..49a0b3ca844 100644
--- a/apps/browser/src/autofill/services/autofill-overlay-content.service.spec.ts
+++ b/apps/browser/src/autofill/services/autofill-overlay-content.service.spec.ts
@@ -1,4 +1,4 @@
-import { mock } from "jest-mock-extended";
+import { mock, MockProxy } from "jest-mock-extended";
 
 import { EVENTS } from "@bitwarden/common/autofill/constants";
 import { CipherType } from "@bitwarden/common/vault/enums";
@@ -13,6 +13,7 @@ import {
 import AutofillField from "../models/autofill-field";
 import AutofillForm from "../models/autofill-form";
 import AutofillPageDetails from "../models/autofill-page-details";
+import { AutofillInlineMenuContentService } from "../overlay/inline-menu/abstractions/autofill-inline-menu-content.service";
 import { createAutofillFieldMock } from "../spec/autofill-mocks";
 import {
   flushPromises,
@@ -35,6 +36,7 @@ describe("AutofillOverlayContentService", () => {
   let domElementVisibilityService: DomElementVisibilityService;
   let autofillInit: AutofillInit;
   let inlineMenuFieldQualificationService: InlineMenuFieldQualificationService;
+  let inlineMenuContentService: MockProxy<AutofillInlineMenuContentService>;
   let autofillOverlayContentService: AutofillOverlayContentService;
   let sendExtensionMessageSpy: jest.SpyInstance;
   const sendResponseSpy = jest.fn();
@@ -44,10 +46,12 @@ describe("AutofillOverlayContentService", () => {
     inlineMenuFieldQualificationService = new InlineMenuFieldQualificationService();
     domQueryService = new DomQueryService();
     domElementVisibilityService = new DomElementVisibilityService();
+    inlineMenuContentService = mock<AutofillInlineMenuContentService>();
     autofillOverlayContentService = new AutofillOverlayContentService(
       domQueryService,
       domElementVisibilityService,
       inlineMenuFieldQualificationService,
+      inlineMenuContentService,
     );
     autofillInit = new AutofillInit(
       domQueryService,
diff --git a/apps/browser/src/autofill/services/autofill-overlay-content.service.ts b/apps/browser/src/autofill/services/autofill-overlay-content.service.ts
index 645795d9f27..ea3c5784949 100644
--- a/apps/browser/src/autofill/services/autofill-overlay-content.service.ts
+++ b/apps/browser/src/autofill/services/autofill-overlay-content.service.ts
@@ -28,6 +28,7 @@ import {
 } from "../enums/autofill-overlay.enum";
 import AutofillField from "../models/autofill-field";
 import AutofillPageDetails from "../models/autofill-page-details";
+import { AutofillInlineMenuContentService } from "../overlay/inline-menu/abstractions/autofill-inline-menu-content.service";
 import { ElementWithOpId, FillableFormFieldElement, FormFieldElement } from "../types";
 import {
   currentlyInSandboxedIframe,
@@ -155,6 +156,7 @@ export class AutofillOverlayContentService implements AutofillOverlayContentServ
     private domQueryService: DomQueryService,
     private domElementVisibilityService: DomElementVisibilityService,
     private inlineMenuFieldQualificationService: InlineMenuFieldQualificationService,
+    private inlineMenuContentService?: AutofillInlineMenuContentService,
   ) {}
 
   /**
@@ -1580,7 +1582,8 @@ export class AutofillOverlayContentService implements AutofillOverlayContentServ
       if (activeElement) {
         return (
           activeElement === this.mostRecentlyFocusedField ||
-          activeElement.contains(this.mostRecentlyFocusedField)
+          activeElement.contains(this.mostRecentlyFocusedField) ||
+          this.inlineMenuContentService?.isElementInlineMenu(activeElement as HTMLElement)
         );
       }
 

From e1863e6c5c015c570cb13a10aa601689058f3bc4 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 30 Oct 2024 10:41:24 +0100
Subject: [PATCH 28/39] [deps] Platform: Update Rust crate futures to v0.3.31
 (#11531)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 apps/desktop/desktop_native/Cargo.lock      | 4 ++--
 apps/desktop/desktop_native/core/Cargo.toml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/apps/desktop/desktop_native/Cargo.lock b/apps/desktop/desktop_native/Cargo.lock
index 13023ed5c3c..a730ee36f87 100644
--- a/apps/desktop/desktop_native/Cargo.lock
+++ b/apps/desktop/desktop_native/Cargo.lock
@@ -710,9 +710,9 @@ checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
 
 [[package]]
 name = "futures"
-version = "0.3.30"
+version = "0.3.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "645c6916888f6cb6350d2550b80fb63e734897a8498abe35cfb732b6487804b0"
+checksum = "65bc07b1a8bc7c85c5f2e110c476c7389b4554ba72af57d8445ea63a576b0876"
 dependencies = [
  "futures-channel",
  "futures-core",
diff --git a/apps/desktop/desktop_native/core/Cargo.toml b/apps/desktop/desktop_native/core/Cargo.toml
index 3180604918e..7df096d2494 100644
--- a/apps/desktop/desktop_native/core/Cargo.toml
+++ b/apps/desktop/desktop_native/core/Cargo.toml
@@ -30,7 +30,7 @@ arboard = { version = "=3.4.1", default-features = false, features = [
 base64 = "=0.22.1"
 cbc = { version = "=0.1.2", features = ["alloc"] }
 dirs = "=5.0.1"
-futures = "=0.3.30"
+futures = "=0.3.31"
 interprocess = { version = "=2.2.1", features = ["tokio"] }
 libc = "=0.2.159"
 log = "=0.4.22"

From 85fa0f6f36ac52a35c08ab0bc95a2a45bc1105e2 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 30 Oct 2024 10:45:48 +0100
Subject: [PATCH 29/39] [deps] Platform: Update @types/jquery to v3.5.32
 (#11315)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index ccf6ea3d2a9..d375daa4e81 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -101,7 +101,7 @@
         "@types/firefox-webext-browser": "120.0.4",
         "@types/inquirer": "8.2.10",
         "@types/jest": "29.5.12",
-        "@types/jquery": "3.5.30",
+        "@types/jquery": "3.5.32",
         "@types/jsdom": "21.1.7",
         "@types/koa": "2.15.0",
         "@types/koa__multer": "2.0.7",
@@ -9467,9 +9467,9 @@
       "license": "MIT"
     },
     "node_modules/@types/jquery": {
-      "version": "3.5.30",
-      "resolved": "https://registry.npmjs.org/@types/jquery/-/jquery-3.5.30.tgz",
-      "integrity": "sha512-nbWKkkyb919DOUxjmRVk8vwtDb0/k8FKncmUKFi+NY+QXqWltooxTrswvz4LspQwxvLdvzBN1TImr6cw3aQx2A==",
+      "version": "3.5.32",
+      "resolved": "https://registry.npmjs.org/@types/jquery/-/jquery-3.5.32.tgz",
+      "integrity": "sha512-b9Xbf4CkMqS02YH8zACqN1xzdxc3cO735Qe5AbSUFmyOiaWAbcpqh9Wna+Uk0vgACvoQHpWDg2rGdHkYPLmCiQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
diff --git a/package.json b/package.json
index bf83d37b048..80bb9661f19 100644
--- a/package.json
+++ b/package.json
@@ -62,7 +62,7 @@
     "@types/firefox-webext-browser": "120.0.4",
     "@types/inquirer": "8.2.10",
     "@types/jest": "29.5.12",
-    "@types/jquery": "3.5.30",
+    "@types/jquery": "3.5.32",
     "@types/jsdom": "21.1.7",
     "@types/koa": "2.15.0",
     "@types/koa__multer": "2.0.7",

From 7ce26f7aea6ec5d6a9e36b97115b43785d1d6221 Mon Sep 17 00:00:00 2001
From: Andreas Coroiu <acoroiu@bitwarden.com>
Date: Wed, 30 Oct 2024 14:00:08 +0100
Subject: [PATCH 30/39] Group macOS bindings (#11785)

* fix: group `security-framework` and `security-framework-sys` dependency in renovate

* reactor: rename to macOS/iOS bindings
---
 .github/renovate.json | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/renovate.json b/.github/renovate.json
index 562622807c2..b044212e58a 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -35,6 +35,10 @@
       "matchPackageNames": ["@types/jest", "jest", "ts-jest", "jest-preset-angular"],
       "matchUpdateTypes": "major"
     },
+    {
+      "groupName": "macOS/iOS bindings",
+      "matchPackageNames": ["core-foundation", "security-framework", "security-framework-sys"]
+    },
     {
       "matchPackageNames": [
         "@ngtools/webpack",

From 8af0b6e3802f331e23d6fa3278a2cfef2ffb3687 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=9C=A8=20Audrey=20=E2=9C=A8?= <ajensen@bitwarden.com>
Date: Wed, 30 Oct 2024 09:43:18 -0400
Subject: [PATCH 31/39] [PM-14190] Replace history card with item component
 (#11775)

---
 ...redential-generator-history.component.html | 43 +++++++++----------
 .../credential-generator-history.component.ts | 21 +++++++--
 2 files changed, 39 insertions(+), 25 deletions(-)

diff --git a/libs/tools/generator/components/src/credential-generator-history.component.html b/libs/tools/generator/components/src/credential-generator-history.component.html
index c42d6a12729..05199763a15 100644
--- a/libs/tools/generator/components/src/credential-generator-history.component.html
+++ b/libs/tools/generator/components/src/credential-generator-history.component.html
@@ -1,23 +1,22 @@
-<bit-card *ngFor="let credential of credentials$ | async" class="tw-mb-2">
-  <div class="tw-flex tw-justify-between tw-items-center">
-    <div class="tw-flex tw-flex-col">
-      <bit-color-password
-        class="tw-font-mono"
-        [password]="credential.credential"
-      ></bit-color-password>
-      <span class="tw-text-muted" bitTypography="body1">{{
-        credential.generationDate | date: "medium"
-      }}</span>
+<bit-item *ngFor="let credential of credentials$ | async">
+  <bit-item-content>
+    <bit-color-password class="tw-font-mono" [password]="credential.credential" />
+    <div slot="secondary">
+      {{ credential.generationDate | date: "medium" }}
     </div>
-    <button
-      bitIconButton="bwi-clone"
-      bitSuffix
-      size="small"
-      type="button"
-      [appCopyClick]="credential.credential"
-      [ariaLabel]="'copyPassword' | i18n"
-      [appA11yTitle]="'copyPassword' | i18n"
-      showToast
-    ></button>
-  </div>
-</bit-card>
+  </bit-item-content>
+  <ng-container slot="end">
+    <bit-item-action>
+      <button
+        type="button"
+        bitIconButton="bwi-clone"
+        [appCopyClick]="credential.credential"
+        [valueLabel]="getGeneratedValueText(credential)"
+        [appA11yTitle]="getCopyText(credential)"
+        showToast
+      >
+        {{ getCopyText(credential) }}
+      </button>
+    </bit-item-action>
+  </ng-container>
+</bit-item>
diff --git a/libs/tools/generator/components/src/credential-generator-history.component.ts b/libs/tools/generator/components/src/credential-generator-history.component.ts
index bcedd91babf..ddac750a60a 100644
--- a/libs/tools/generator/components/src/credential-generator-history.component.ts
+++ b/libs/tools/generator/components/src/credential-generator-history.component.ts
@@ -8,15 +8,18 @@ import { JslibModule } from "@bitwarden/angular/jslib.module";
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { UserId } from "@bitwarden/common/types/guid";
 import {
-  CardComponent,
   ColorPasswordModule,
   IconButtonModule,
+  ItemModule,
   NoItemsModule,
   SectionComponent,
   SectionHeaderComponent,
 } from "@bitwarden/components";
+import { CredentialGeneratorService } from "@bitwarden/generator-core";
 import { GeneratedCredential, GeneratorHistoryService } from "@bitwarden/generator-history";
 
+import { GeneratorModule } from "./generator.module";
+
 @Component({
   standalone: true,
   selector: "bit-credential-generator-history",
@@ -28,9 +31,10 @@ import { GeneratedCredential, GeneratorHistoryService } from "@bitwarden/generat
     NoItemsModule,
     JslibModule,
     RouterLink,
-    CardComponent,
+    ItemModule,
     SectionComponent,
     SectionHeaderComponent,
+    GeneratorModule,
   ],
 })
 export class CredentialGeneratorHistoryComponent {
@@ -39,6 +43,7 @@ export class CredentialGeneratorHistoryComponent {
 
   constructor(
     private accountService: AccountService,
+    private generatorService: CredentialGeneratorService,
     private history: GeneratorHistoryService,
   ) {
     this.accountService.activeAccount$
@@ -53,8 +58,18 @@ export class CredentialGeneratorHistoryComponent {
       .pipe(
         takeUntilDestroyed(),
         switchMap((id) => id && this.history.credentials$(id)),
-        map((credentials) => credentials),
+        map((credentials) => credentials.filter((c) => (c.credential ?? "") !== "")),
       )
       .subscribe(this.credentials$);
   }
+
+  protected getCopyText(credential: GeneratedCredential) {
+    const info = this.generatorService.algorithm(credential.category);
+    return info.copy;
+  }
+
+  protected getGeneratedValueText(credential: GeneratedCredential) {
+    const info = this.generatorService.algorithm(credential.category);
+    return info.generatedValue;
+  }
 }

From dd6def2f5201b621ed1cabfe6b397bc96ee0caa6 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 30 Oct 2024 11:29:15 -0400
Subject: [PATCH 32/39] [deps] DevOps: Update gh minor (#11730)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .github/workflows/auto-branch-updater.yml  |  2 +-
 .github/workflows/build-browser.yml        | 14 +++---
 .github/workflows/build-cli.yml            | 12 ++---
 .github/workflows/build-desktop.yml        | 58 +++++++++++-----------
 .github/workflows/build-web.yml            | 10 ++--
 .github/workflows/chromatic.yml            |  8 +--
 .github/workflows/crowdin-pull.yml         |  2 +-
 .github/workflows/lint.yml                 |  4 +-
 .github/workflows/locales-lint.yml         |  4 +-
 .github/workflows/publish-cli.yml          |  6 +--
 .github/workflows/publish-desktop.yml      |  4 +-
 .github/workflows/publish-web.yml          |  4 +-
 .github/workflows/release-browser.yml      |  4 +-
 .github/workflows/release-cli.yml          |  2 +-
 .github/workflows/release-desktop-beta.yml | 36 +++++++-------
 .github/workflows/release-desktop.yml      |  2 +-
 .github/workflows/release-web.yml          |  2 +-
 .github/workflows/scan.yml                 |  6 +--
 .github/workflows/test.yml                 |  6 +--
 .github/workflows/version-bump.yml         |  6 +--
 20 files changed, 96 insertions(+), 96 deletions(-)

diff --git a/.github/workflows/auto-branch-updater.yml b/.github/workflows/auto-branch-updater.yml
index 97f020fde7b..dc4a43fc34e 100644
--- a/.github/workflows/auto-branch-updater.yml
+++ b/.github/workflows/auto-branch-updater.yml
@@ -28,7 +28,7 @@ jobs:
         run: echo "branch=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT
 
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: 'eu-web-${{ steps.setup.outputs.branch }}'
           fetch-depth: 0
diff --git a/.github/workflows/build-browser.yml b/.github/workflows/build-browser.yml
index 20a36dc5b23..d03efae7f4f 100644
--- a/.github/workflows/build-browser.yml
+++ b/.github/workflows/build-browser.yml
@@ -42,7 +42,7 @@ jobs:
       node_version: ${{ steps.retrieve-node-version.outputs.node_version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Get Package Version
         id: gen_vars
@@ -72,7 +72,7 @@ jobs:
         working-directory: apps/browser
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Testing locales - extName length
         run: |
@@ -110,10 +110,10 @@ jobs:
       _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Set up Node
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
@@ -241,10 +241,10 @@ jobs:
       _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Set up Node
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
@@ -354,7 +354,7 @@ jobs:
       - build-safari
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Login to Azure
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
diff --git a/.github/workflows/build-cli.yml b/.github/workflows/build-cli.yml
index f88c4767407..7994e508b3c 100644
--- a/.github/workflows/build-cli.yml
+++ b/.github/workflows/build-cli.yml
@@ -42,7 +42,7 @@ jobs:
       node_version: ${{ steps.retrieve-node-version.outputs.node_version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Get Package Version
         id: retrieve-package-version
@@ -83,7 +83,7 @@ jobs:
       _WIN_PKG_VERSION: 3.5
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup Unix Vars
         run: |
@@ -92,7 +92,7 @@ jobs:
             awk '{print tolower($0)}')" >> $GITHUB_ENV
 
       - name: Set up Node
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
@@ -161,7 +161,7 @@ jobs:
       _WIN_PKG_VERSION: 3.5
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup Windows builder
         run: |
@@ -170,7 +170,7 @@ jobs:
           choco install nasm --no-progress
 
       - name: Set up Node
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
@@ -311,7 +311,7 @@ jobs:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Print environment
         run: |
diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml
index 2c89e0d156f..4667a937113 100644
--- a/.github/workflows/build-desktop.yml
+++ b/.github/workflows/build-desktop.yml
@@ -37,7 +37,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Verify
         run: |
@@ -66,7 +66,7 @@ jobs:
         working-directory: apps/desktop
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Get Package Version
         id: retrieve-version
@@ -139,10 +139,10 @@ jobs:
         working-directory: apps/desktop
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Set up Node
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
@@ -168,7 +168,7 @@ jobs:
         working-directory: ./
 
       - name: Cache Native Module
-        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         id: cache
         with:
           path: |
@@ -249,10 +249,10 @@ jobs:
       NODE_OPTIONS: --max_old_space_size=4096
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Set up Node
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
@@ -298,7 +298,7 @@ jobs:
         working-directory: ./
 
       - name: Cache Native Module
-        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         id: cache
         with:
           path: |
@@ -457,10 +457,10 @@ jobs:
         working-directory: apps/desktop
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Set up Node
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
@@ -483,14 +483,14 @@ jobs:
 
       - name: Cache Build
         id: build-cache
-        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         with:
           path: apps/desktop/build
           key: ${{ runner.os }}-${{ github.run_id }}-build
 
       - name: Cache Safari
         id: safari-cache
-        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         with:
           path: apps/browser/dist/Safari
           key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
@@ -583,7 +583,7 @@ jobs:
         working-directory: ./
 
       - name: Cache Native Module
-        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         id: cache
         with:
           path: |
@@ -623,10 +623,10 @@ jobs:
         working-directory: apps/desktop
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Set up Node
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
@@ -649,14 +649,14 @@ jobs:
 
       - name: Get Build Cache
         id: build-cache
-        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         with:
           path: apps/desktop/build
           key: ${{ runner.os }}-${{ github.run_id }}-build
 
       - name: Setup Safari Cache
         id: safari-cache
-        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         with:
           path: apps/browser/dist/Safari
           key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
@@ -749,7 +749,7 @@ jobs:
         working-directory: ./
 
       - name: Cache Native Module
-        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         id: cache
         with:
           path: |
@@ -842,10 +842,10 @@ jobs:
         working-directory: apps/desktop
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Set up Node
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
@@ -868,14 +868,14 @@ jobs:
 
       - name: Get Build Cache
         id: build-cache
-        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         with:
           path: apps/desktop/build
           key: ${{ runner.os }}-${{ github.run_id }}-build
 
       - name: Setup Safari Cache
         id: safari-cache
-        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         with:
           path: apps/browser/dist/Safari
           key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
@@ -975,7 +975,7 @@ jobs:
         working-directory: ./
 
       - name: Cache Native Module
-        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         id: cache
         with:
           path: |
@@ -1089,10 +1089,10 @@ jobs:
         working-directory: apps/desktop
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Set up Node
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
@@ -1110,14 +1110,14 @@ jobs:
 
       - name: Get Build Cache
         id: build-cache
-        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         with:
           path: apps/desktop/build
           key: ${{ runner.os }}-${{ github.run_id }}-build
 
       - name: Setup Safari Cache
         id: safari-cache
-        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         with:
           path: apps/browser/dist/Safari
           key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
@@ -1210,7 +1210,7 @@ jobs:
         working-directory: ./
 
       - name: Cache Native Module
-        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         id: cache
         with:
           path: |
@@ -1280,7 +1280,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Login to Azure
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
diff --git a/.github/workflows/build-web.yml b/.github/workflows/build-web.yml
index ec09f25ac19..31f800d5b37 100644
--- a/.github/workflows/build-web.yml
+++ b/.github/workflows/build-web.yml
@@ -44,7 +44,7 @@ jobs:
       node_version: ${{ steps.retrieve-node-version.outputs.node_version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Get GitHub sha as version
         id: version
@@ -90,10 +90,10 @@ jobs:
 
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Set up Node
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
@@ -156,7 +156,7 @@ jobs:
       _VERSION: ${{ needs.setup.outputs.version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Check Branch to Publish
         env:
@@ -254,7 +254,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Login to Azure
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
diff --git a/.github/workflows/chromatic.yml b/.github/workflows/chromatic.yml
index d6f63d48032..0efd9d22f17 100644
--- a/.github/workflows/chromatic.yml
+++ b/.github/workflows/chromatic.yml
@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Check out repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{  github.event.pull_request.head.sha }}
           fetch-depth: 0
@@ -37,13 +37,13 @@ jobs:
           echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT
 
       - name: Set up Node
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           node-version: ${{ steps.retrieve-node-version.outputs.node_version }}
 
       - name: Cache NPM
         id: npm-cache
-        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         with:
           path: "~/.npm"
           key: ${{ runner.os }}-npm-chromatic-${{ hashFiles('**/package-lock.json') }}
@@ -56,7 +56,7 @@ jobs:
         run: npm run build-storybook:ci
 
       - name: Publish to Chromatic
-        uses: chromaui/action@bbbf288765438d5fd2be13e1d80d542a39e74108 # v11.12.1
+        uses: chromaui/action@dd2eecb9bef44f54774581f4163b0327fd8cf607 # v11.16.3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           projectToken: ${{ secrets.CHROMATIC_PROJECT_TOKEN }}
diff --git a/.github/workflows/crowdin-pull.yml b/.github/workflows/crowdin-pull.yml
index dfcd3294b01..540da77b554 100644
--- a/.github/workflows/crowdin-pull.yml
+++ b/.github/workflows/crowdin-pull.yml
@@ -22,7 +22,7 @@ jobs:
             crowdin_project_id: "308189"
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Login to Azure
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index db7fef83fb8..561cd9af0c8 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -20,7 +20,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Lint filenames (no capital characters)
         run: |
@@ -47,7 +47,7 @@ jobs:
           echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT
 
       - name: Set up Node
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
diff --git a/.github/workflows/locales-lint.yml b/.github/workflows/locales-lint.yml
index ef944526111..8c9447ea50f 100644
--- a/.github/workflows/locales-lint.yml
+++ b/.github/workflows/locales-lint.yml
@@ -14,9 +14,9 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Checkout base branch repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ github.event.pull_request.base.sha }}
           path: base
diff --git a/.github/workflows/publish-cli.yml b/.github/workflows/publish-cli.yml
index c9a4e841ea8..0a561306797 100644
--- a/.github/workflows/publish-cli.yml
+++ b/.github/workflows/publish-cli.yml
@@ -91,7 +91,7 @@ jobs:
       _PKG_VERSION: ${{ needs.setup.outputs.release-version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Login to Azure
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
@@ -128,7 +128,7 @@ jobs:
       _PKG_VERSION: ${{ needs.setup.outputs.release-version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Login to Azure
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
@@ -168,7 +168,7 @@ jobs:
       _PKG_VERSION: ${{ needs.setup.outputs.release-version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Login to Azure
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
diff --git a/.github/workflows/publish-desktop.yml b/.github/workflows/publish-desktop.yml
index c46a7a27601..5ef378ad439 100644
--- a/.github/workflows/publish-desktop.yml
+++ b/.github/workflows/publish-desktop.yml
@@ -183,7 +183,7 @@ jobs:
       _RELEASE_TAG: ${{ needs.setup.outputs.tag-name }}
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Login to Azure
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
@@ -227,7 +227,7 @@ jobs:
       _RELEASE_TAG: ${{ needs.setup.outputs.tag-name }}
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Print Environment
         run: |
diff --git a/.github/workflows/publish-web.yml b/.github/workflows/publish-web.yml
index 7e0e8737344..09f5ddc6318 100644
--- a/.github/workflows/publish-web.yml
+++ b/.github/workflows/publish-web.yml
@@ -26,7 +26,7 @@ jobs:
       tag_version: ${{ steps.version.outputs.tag }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Branch check
         if: ${{ inputs.publish_type != 'Dry Run' }}
@@ -66,7 +66,7 @@ jobs:
           echo "Github Release Option: $_RELEASE_OPTION"
 
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       ########## ACR ##########
       - name: Login to Azure - PROD Subscription
diff --git a/.github/workflows/release-browser.yml b/.github/workflows/release-browser.yml
index aed9ab293e8..4c3321c015d 100644
--- a/.github/workflows/release-browser.yml
+++ b/.github/workflows/release-browser.yml
@@ -26,7 +26,7 @@ jobs:
       release-version: ${{ steps.version.outputs.version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Branch check
         if: ${{ github.event.inputs.release_type != 'Dry Run' }}
@@ -55,7 +55,7 @@ jobs:
     needs: setup
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Testing locales - extName length
         run: |
diff --git a/.github/workflows/release-cli.yml b/.github/workflows/release-cli.yml
index 8660744f944..05c53f9752d 100644
--- a/.github/workflows/release-cli.yml
+++ b/.github/workflows/release-cli.yml
@@ -26,7 +26,7 @@ jobs:
       release-version: ${{ steps.version.outputs.version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Branch check
         if: ${{ inputs.release_type != 'Dry Run' }}
diff --git a/.github/workflows/release-desktop-beta.yml b/.github/workflows/release-desktop-beta.yml
index 7518daf0b16..c1646997201 100644
--- a/.github/workflows/release-desktop-beta.yml
+++ b/.github/workflows/release-desktop-beta.yml
@@ -23,7 +23,7 @@ jobs:
       node_version: ${{ steps.retrieve-node-version.outputs.node_version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Branch check
         run: |
@@ -124,12 +124,12 @@ jobs:
         working-directory: apps/desktop
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ needs.setup.outputs.branch-name }}
 
       - name: Set up Node
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
@@ -214,12 +214,12 @@ jobs:
       NODE_OPTIONS: --max_old_space_size=4096
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ needs.setup.outputs.branch-name }}
 
       - name: Set up Node
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
@@ -403,12 +403,12 @@ jobs:
         working-directory: apps/desktop
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ needs.setup.outputs.branch-name }}
 
       - name: Set up Node
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
@@ -426,14 +426,14 @@ jobs:
 
       - name: Cache Build
         id: build-cache
-        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         with:
           path: apps/desktop/build
           key: ${{ runner.os }}-${{ github.run_id }}-build
 
       - name: Cache Safari
         id: safari-cache
-        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         with:
           path: apps/browser/dist/Safari
           key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
@@ -537,12 +537,12 @@ jobs:
         working-directory: apps/desktop
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ needs.setup.outputs.branch-name }}
 
       - name: Set up Node
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
@@ -560,14 +560,14 @@ jobs:
 
       - name: Get Build Cache
         id: build-cache
-        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         with:
           path: apps/desktop/build
           key: ${{ runner.os }}-${{ github.run_id }}-build
 
       - name: Setup Safari Cache
         id: safari-cache
-        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         with:
           path: apps/browser/dist/Safari
           key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
@@ -750,12 +750,12 @@ jobs:
         working-directory: apps/desktop
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ needs.setup.outputs.branch-name }}
 
       - name: Set up Node
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
@@ -773,14 +773,14 @@ jobs:
 
       - name: Get Build Cache
         id: build-cache
-        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         with:
           path: apps/desktop/build
           key: ${{ runner.os }}-${{ github.run_id }}-build
 
       - name: Setup Safari Cache
         id: safari-cache
-        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         with:
           path: apps/browser/dist/Safari
           key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
@@ -1010,7 +1010,7 @@ jobs:
       - release
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup git config
         run: |
diff --git a/.github/workflows/release-desktop.yml b/.github/workflows/release-desktop.yml
index b0ddc4b804d..d9394347f60 100644
--- a/.github/workflows/release-desktop.yml
+++ b/.github/workflows/release-desktop.yml
@@ -26,7 +26,7 @@ jobs:
       release-channel: ${{ steps.release-channel.outputs.channel }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Branch check
         if: ${{ github.event.inputs.release_type != 'Dry Run' }}
diff --git a/.github/workflows/release-web.yml b/.github/workflows/release-web.yml
index e3462a98fb6..faa398f6d67 100644
--- a/.github/workflows/release-web.yml
+++ b/.github/workflows/release-web.yml
@@ -23,7 +23,7 @@ jobs:
       tag_version: ${{ steps.version.outputs.tag }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Branch check
         if: ${{ github.event.inputs.release_type != 'Dry Run' }}
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
index 143d049bd63..bf17459c21c 100644
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@@ -26,7 +26,7 @@ jobs:
 
     steps:
       - name: Check out repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{  github.event.pull_request.head.sha }}
 
@@ -46,7 +46,7 @@ jobs:
             --output-path . ${{ env.INCREMENTAL }}
 
       - name: Upload Checkmarx results to GitHub
-        uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
+        uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
         with:
           sarif_file: cx_result.sarif
 
@@ -60,7 +60,7 @@ jobs:
 
     steps:
       - name: Check out repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
           ref: ${{  github.event.pull_request.head.sha }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 4ea08a24373..0c324cb8748 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -40,7 +40,7 @@ jobs:
 
     steps:
       - name: Check out repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Get Node Version
         id: retrieve-node-version
@@ -50,7 +50,7 @@ jobs:
           echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT
 
       - name: Set up Node
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
@@ -120,7 +120,7 @@ jobs:
           sudo apt-get install -y gnome-keyring dbus-x11
 
       - name: Check out repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Build
         working-directory: ./apps/desktop/desktop_native
diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml
index 7f6dfef79cf..d0be0373e6b 100644
--- a/.github/workflows/version-bump.yml
+++ b/.github/workflows/version-bump.yml
@@ -57,7 +57,7 @@ jobs:
           fi
 
       - name: Checkout Branch
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: main
 
@@ -85,7 +85,7 @@ jobs:
             github-gpg-private-key-passphrase"
 
       - name: Import GPG key
-        uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
+        uses: crazy-max/ghaction-import-gpg@cb9bde2e2525e640591a934b1fd28eef1dcaf5e5 # v6.2.0
         with:
           gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
           passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
@@ -532,7 +532,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout Branch
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: main
 

From 912ff886bc73b1b95d76622cc965ef082ef23ba6 Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Wed, 30 Oct 2024 17:35:15 +0100
Subject: [PATCH 33/39] [PM-12806] Fix minimum KDF validation (#11786)

* Fix minimum KDF validation

* Add better error messages

* Fix tests

* Fix tests
---
 .../login-strategy.service.spec.ts            |  6 +-
 .../src/auth/models/domain/kdf-config.ts      | 26 ++++-----
 .../auth/services/kdf-config.service.spec.ts  | 57 ++-----------------
 3 files changed, 22 insertions(+), 67 deletions(-)

diff --git a/libs/auth/src/common/services/login-strategies/login-strategy.service.spec.ts b/libs/auth/src/common/services/login-strategies/login-strategy.service.spec.ts
index 8647260ce5a..b0d9228f446 100644
--- a/libs/auth/src/common/services/login-strategies/login-strategy.service.spec.ts
+++ b/libs/auth/src/common/services/login-strategies/login-strategy.service.spec.ts
@@ -295,7 +295,7 @@ describe("LoginStrategyService", () => {
       new IdentityTokenResponse({
         ForcePasswordReset: false,
         Kdf: KdfType.PBKDF2_SHA256,
-        KdfIterations: PBKDF2KdfConfig.PRELOGIN_ITERATIONS.min - 1,
+        KdfIterations: PBKDF2KdfConfig.PRELOGIN_ITERATIONS_MIN - 1,
         Key: "KEY",
         PrivateKey: "PRIVATE_KEY",
         ResetMasterPassword: false,
@@ -309,7 +309,7 @@ describe("LoginStrategyService", () => {
     apiService.postPrelogin.mockResolvedValue(
       new PreloginResponse({
         Kdf: KdfType.PBKDF2_SHA256,
-        KdfIterations: PBKDF2KdfConfig.PRELOGIN_ITERATIONS.min - 1,
+        KdfIterations: PBKDF2KdfConfig.PRELOGIN_ITERATIONS_MIN - 1,
       }),
     );
 
@@ -321,7 +321,7 @@ describe("LoginStrategyService", () => {
     });
 
     await expect(sut.logIn(credentials)).rejects.toThrow(
-      `PBKDF2 iterations must be between ${PBKDF2KdfConfig.PRELOGIN_ITERATIONS.min} and ${PBKDF2KdfConfig.PRELOGIN_ITERATIONS.max}`,
+      `PBKDF2 iterations must be at least ${PBKDF2KdfConfig.PRELOGIN_ITERATIONS_MIN}, but was ${PBKDF2KdfConfig.PRELOGIN_ITERATIONS_MIN - 1}; possible pre-login downgrade attack detected.`,
     );
   });
 });
diff --git a/libs/common/src/auth/models/domain/kdf-config.ts b/libs/common/src/auth/models/domain/kdf-config.ts
index 908b187e30c..1909aa875e5 100644
--- a/libs/common/src/auth/models/domain/kdf-config.ts
+++ b/libs/common/src/auth/models/domain/kdf-config.ts
@@ -13,7 +13,7 @@ export type KdfConfig = PBKDF2KdfConfig | Argon2KdfConfig;
  */
 export class PBKDF2KdfConfig {
   static ITERATIONS = new RangeWithDefault(600_000, 2_000_000, 600_000);
-  static PRELOGIN_ITERATIONS = new RangeWithDefault(5000, 2_000_000, 600_000);
+  static PRELOGIN_ITERATIONS_MIN = 5000;
   kdfType: KdfType.PBKDF2_SHA256 = KdfType.PBKDF2_SHA256;
   iterations: number;
 
@@ -38,9 +38,9 @@ export class PBKDF2KdfConfig {
    * A Valid PBKDF2 KDF configuration has KDF iterations between the 5000 and 2_000_000.
    */
   validateKdfConfigForPrelogin(): void {
-    if (!PBKDF2KdfConfig.PRELOGIN_ITERATIONS.inRange(this.iterations)) {
+    if (PBKDF2KdfConfig.PRELOGIN_ITERATIONS_MIN > this.iterations) {
       throw new Error(
-        `PBKDF2 iterations must be between ${PBKDF2KdfConfig.PRELOGIN_ITERATIONS.min} and ${PBKDF2KdfConfig.PRELOGIN_ITERATIONS.max}`,
+        `PBKDF2 iterations must be at least ${PBKDF2KdfConfig.PRELOGIN_ITERATIONS_MIN}, but was ${this.iterations}; possible pre-login downgrade attack detected.`,
       );
     }
   }
@@ -58,9 +58,9 @@ export class Argon2KdfConfig {
   static PARALLELISM = new RangeWithDefault(1, 16, 4);
   static ITERATIONS = new RangeWithDefault(2, 10, 3);
 
-  static PRELOGIN_MEMORY = Argon2KdfConfig.MEMORY;
-  static PRELOGIN_PARALLELISM = Argon2KdfConfig.PARALLELISM;
-  static PRELOGIN_ITERATIONS = Argon2KdfConfig.ITERATIONS;
+  static PRELOGIN_MEMORY_MIN = 16;
+  static PRELOGIN_PARALLELISM_MIN = 1;
+  static PRELOGIN_ITERATIONS_MIN = 2;
 
   kdfType: KdfType.Argon2id = KdfType.Argon2id;
   iterations: number;
@@ -86,7 +86,7 @@ export class Argon2KdfConfig {
 
     if (!Argon2KdfConfig.MEMORY.inRange(this.memory)) {
       throw new Error(
-        `Argon2 memory must be between ${Argon2KdfConfig.MEMORY.min}mb and ${Argon2KdfConfig.MEMORY.max}mb`,
+        `Argon2 memory must be between ${Argon2KdfConfig.MEMORY.min} MiB and ${Argon2KdfConfig.MEMORY.max} MiB`,
       );
     }
 
@@ -101,21 +101,21 @@ export class Argon2KdfConfig {
    * Validates the Argon2 KDF configuration for pre-login.
    */
   validateKdfConfigForPrelogin(): void {
-    if (!Argon2KdfConfig.PRELOGIN_ITERATIONS.inRange(this.iterations)) {
+    if (Argon2KdfConfig.PRELOGIN_ITERATIONS_MIN > this.iterations) {
       throw new Error(
-        `Argon2 iterations must be between ${Argon2KdfConfig.PRELOGIN_ITERATIONS.min} and ${Argon2KdfConfig.PRELOGIN_ITERATIONS.max}`,
+        `Argon2 iterations must be at least ${Argon2KdfConfig.PRELOGIN_ITERATIONS_MIN}, but was ${this.iterations}; possible pre-login downgrade attack detected.`,
       );
     }
 
-    if (!Argon2KdfConfig.PRELOGIN_MEMORY.inRange(this.memory)) {
+    if (Argon2KdfConfig.PRELOGIN_MEMORY_MIN > this.memory) {
       throw new Error(
-        `Argon2 memory must be between ${Argon2KdfConfig.PRELOGIN_MEMORY.min}mb and ${Argon2KdfConfig.PRELOGIN_MEMORY.max}mb`,
+        `Argon2 memory must be at least ${Argon2KdfConfig.PRELOGIN_MEMORY_MIN} MiB, but was ${this.memory} MiB; possible pre-login downgrade attack detected.`,
       );
     }
 
-    if (!Argon2KdfConfig.PRELOGIN_PARALLELISM.inRange(this.parallelism)) {
+    if (Argon2KdfConfig.PRELOGIN_PARALLELISM_MIN > this.parallelism) {
       throw new Error(
-        `Argon2 parallelism must be between ${Argon2KdfConfig.PRELOGIN_PARALLELISM.min} and ${Argon2KdfConfig.PRELOGIN_PARALLELISM.max}.`,
+        `Argon2 parallelism must be at least ${Argon2KdfConfig.PRELOGIN_PARALLELISM_MIN}, but was ${this.parallelism}; possible pre-login downgrade attack detected.`,
       );
     }
   }
diff --git a/libs/common/src/auth/services/kdf-config.service.spec.ts b/libs/common/src/auth/services/kdf-config.service.spec.ts
index 968b0cbd8ff..7f3613294e7 100644
--- a/libs/common/src/auth/services/kdf-config.service.spec.ts
+++ b/libs/common/src/auth/services/kdf-config.service.spec.ts
@@ -82,13 +82,6 @@ describe("KdfConfigService", () => {
     );
   });
 
-  it("validateKdfConfigForSetting(): should throw an error for invalid Argon2 memory", () => {
-    const kdfConfig: Argon2KdfConfig = new Argon2KdfConfig(3, 1025, 4);
-    expect(() => kdfConfig.validateKdfConfigForSetting()).toThrow(
-      `Argon2 memory must be between ${Argon2KdfConfig.MEMORY.min}mb and ${Argon2KdfConfig.MEMORY.max}mb`,
-    );
-  });
-
   it("validateKdfConfigForSetting(): should throw an error for invalid Argon2 parallelism", () => {
     const kdfConfig: Argon2KdfConfig = new Argon2KdfConfig(3, 64, 17);
     expect(() => kdfConfig.validateKdfConfigForSetting()).toThrow(
@@ -108,70 +101,32 @@ describe("KdfConfigService", () => {
 
   it("validateKdfConfigForPrelogin(): should throw an error for too low PBKDF2 iterations", () => {
     const kdfConfig: PBKDF2KdfConfig = new PBKDF2KdfConfig(
-      PBKDF2KdfConfig.PRELOGIN_ITERATIONS.min - 1,
+      PBKDF2KdfConfig.PRELOGIN_ITERATIONS_MIN - 1,
     );
     expect(() => kdfConfig.validateKdfConfigForPrelogin()).toThrow(
-      `PBKDF2 iterations must be between ${PBKDF2KdfConfig.PRELOGIN_ITERATIONS.min} and ${PBKDF2KdfConfig.PRELOGIN_ITERATIONS.max}`,
-    );
-  });
-
-  it("validateKdfConfigForPrelogin(): should throw an error for too high PBKDF2 iterations", () => {
-    const kdfConfig: PBKDF2KdfConfig = new PBKDF2KdfConfig(
-      PBKDF2KdfConfig.PRELOGIN_ITERATIONS.max + 1,
-    );
-    expect(() => kdfConfig.validateKdfConfigForPrelogin()).toThrow(
-      `PBKDF2 iterations must be between ${PBKDF2KdfConfig.PRELOGIN_ITERATIONS.min} and ${PBKDF2KdfConfig.PRELOGIN_ITERATIONS.max}`,
+      `PBKDF2 iterations must be at least ${PBKDF2KdfConfig.PRELOGIN_ITERATIONS_MIN}, but was ${kdfConfig.iterations}; possible pre-login downgrade attack detected.`,
     );
   });
 
   it("validateKdfConfigForPrelogin(): should throw an error for too low Argon2 iterations", () => {
     const kdfConfig: Argon2KdfConfig = new Argon2KdfConfig(
-      Argon2KdfConfig.ITERATIONS.min - 1,
+      Argon2KdfConfig.PRELOGIN_ITERATIONS_MIN - 1,
       64,
       4,
     );
     expect(() => kdfConfig.validateKdfConfigForPrelogin()).toThrow(
-      `Argon2 iterations must be between ${Argon2KdfConfig.ITERATIONS.min} and ${Argon2KdfConfig.ITERATIONS.max}`,
-    );
-  });
-
-  it("validateKdfConfigForPrelogin(): should throw an error for too high Argon2 iterations", () => {
-    const kdfConfig: Argon2KdfConfig = new Argon2KdfConfig(
-      Argon2KdfConfig.PRELOGIN_ITERATIONS.max + 1,
-      64,
-      4,
-    );
-    expect(() => kdfConfig.validateKdfConfigForPrelogin()).toThrow(
-      `Argon2 iterations must be between ${Argon2KdfConfig.ITERATIONS.min} and ${Argon2KdfConfig.ITERATIONS.max}`,
+      `Argon2 iterations must be at least ${Argon2KdfConfig.PRELOGIN_ITERATIONS_MIN}, but was ${kdfConfig.iterations}; possible pre-login downgrade attack detected.`,
     );
   });
 
   it("validateKdfConfigForPrelogin(): should throw an error for too low Argon2 memory", () => {
     const kdfConfig: Argon2KdfConfig = new Argon2KdfConfig(
       3,
-      Argon2KdfConfig.PRELOGIN_MEMORY.min - 1,
+      Argon2KdfConfig.PRELOGIN_MEMORY_MIN - 1,
       4,
     );
     expect(() => kdfConfig.validateKdfConfigForPrelogin()).toThrow(
-      `Argon2 memory must be between ${Argon2KdfConfig.PRELOGIN_MEMORY.min}mb and ${Argon2KdfConfig.PRELOGIN_MEMORY.max}mb`,
-    );
-  });
-
-  it("validateKdfConfigForPrelogin(): should throw an error for too high Argon2 memory", () => {
-    const kdfConfig: Argon2KdfConfig = new Argon2KdfConfig(
-      3,
-      Argon2KdfConfig.PRELOGIN_MEMORY.max + 1,
-      4,
-    );
-    expect(() => kdfConfig.validateKdfConfigForPrelogin()).toThrow(
-      `Argon2 memory must be between ${Argon2KdfConfig.PRELOGIN_MEMORY.min}mb and ${Argon2KdfConfig.PRELOGIN_MEMORY.max}mb`,
-    );
-  });
-
-  it("validateKdfConfigForPrelogin(): should throw an error for too high Argon2 parallelism", () => {
-    const kdfConfig: Argon2KdfConfig = new Argon2KdfConfig(3, 64, 17);
-    expect(() => kdfConfig.validateKdfConfigForPrelogin()).toThrow(
-      `Argon2 parallelism must be between ${Argon2KdfConfig.PRELOGIN_PARALLELISM.min} and ${Argon2KdfConfig.PRELOGIN_PARALLELISM.max}`,
+      `Argon2 memory must be at least ${Argon2KdfConfig.PRELOGIN_MEMORY_MIN} MiB, but was ${kdfConfig.memory} MiB; possible pre-login downgrade attack detected.`,
     );
   });
 });

From 82d4fe4d666a1190bf609047fdf24f44f1e13996 Mon Sep 17 00:00:00 2001
From: Brandon Treston <btreston@bitwarden.com>
Date: Wed, 30 Oct 2024 13:42:22 -0400
Subject: [PATCH 34/39] [PM-11407] add upated copy to managed accounts (#11768)

* add upated copy to managed accounts

* Add link URL

* Update link

* change copy in danger zone component

* Refactor to look at content projection children
---
 .../account/danger-zone.component.html        | 10 +++++++--
 .../settings/account/danger-zone.component.ts | 19 +++++++++++++---
 .../settings/account/profile.component.html   |  6 +++++
 .../settings/account/profile.component.ts     | 22 ++++++++++++++++++-
 apps/web/src/locales/en/messages.json         | 12 ++++++++++
 5 files changed, 63 insertions(+), 6 deletions(-)

diff --git a/apps/web/src/app/auth/settings/account/danger-zone.component.html b/apps/web/src/app/auth/settings/account/danger-zone.component.html
index 14c3b7e0b78..1e7c73a3cc6 100644
--- a/apps/web/src/app/auth/settings/account/danger-zone.component.html
+++ b/apps/web/src/app/auth/settings/account/danger-zone.component.html
@@ -1,9 +1,15 @@
 <h1 bitTypography="h1" class="tw-mt-16 tw-pb-2.5 !tw-text-danger">{{ "dangerZone" | i18n }}</h1>
 
 <div class="tw-rounded tw-border tw-border-solid tw-border-danger-600 tw-p-5">
-  <p>{{ "dangerZoneDesc" | i18n }}</p>
+  <p>
+    {{
+      (accountDeprovisioningEnabled$ | async) && content.children.length === 1
+        ? ("dangerZoneDescSingular" | i18n)
+        : ("dangerZoneDesc" | i18n)
+    }}
+  </p>
 
-  <div class="tw-flex tw-flex-row tw-gap-2">
+  <div #content class="tw-flex tw-flex-row tw-gap-2">
     <ng-content></ng-content>
   </div>
 </div>
diff --git a/apps/web/src/app/auth/settings/account/danger-zone.component.ts b/apps/web/src/app/auth/settings/account/danger-zone.component.ts
index 42f198f4f05..4d1adddd183 100644
--- a/apps/web/src/app/auth/settings/account/danger-zone.component.ts
+++ b/apps/web/src/app/auth/settings/account/danger-zone.component.ts
@@ -1,6 +1,10 @@
-import { Component } from "@angular/core";
+import { CommonModule } from "@angular/common";
+import { Component, OnInit } from "@angular/core";
+import { Observable } from "rxjs";
 
 import { JslibModule } from "@bitwarden/angular/jslib.module";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { TypographyModule } from "@bitwarden/components";
 
 /**
@@ -10,6 +14,15 @@ import { TypographyModule } from "@bitwarden/components";
   selector: "app-danger-zone",
   templateUrl: "danger-zone.component.html",
   standalone: true,
-  imports: [TypographyModule, JslibModule],
+  imports: [TypographyModule, JslibModule, CommonModule],
 })
-export class DangerZoneComponent {}
+export class DangerZoneComponent implements OnInit {
+  constructor(private configService: ConfigService) {}
+  accountDeprovisioningEnabled$: Observable<boolean>;
+
+  ngOnInit(): void {
+    this.accountDeprovisioningEnabled$ = this.configService.getFeatureFlag$(
+      FeatureFlag.AccountDeprovisioning,
+    );
+  }
+}
diff --git a/apps/web/src/app/auth/settings/account/profile.component.html b/apps/web/src/app/auth/settings/account/profile.component.html
index 93025420b26..e6b69807339 100644
--- a/apps/web/src/app/auth/settings/account/profile.component.html
+++ b/apps/web/src/app/auth/settings/account/profile.component.html
@@ -36,6 +36,12 @@
           Customize
         </button>
       </div>
+      <div *ngIf="managingOrganization$ | async as managingOrganization">
+        {{ "accountIsManagedMessage" | i18n: managingOrganization?.name }}
+        <a href="https://bitwarden.com/help/claimed-accounts">
+          <i class="bwi bwi-question-circle" aria-hidden="true"></i>
+        </a>
+      </div>
       <app-account-fingerprint
         [fingerprintMaterial]="fingerprintMaterial"
         fingerprintLabel="{{ 'yourAccountsFingerprint' | i18n }}"
diff --git a/apps/web/src/app/auth/settings/account/profile.component.ts b/apps/web/src/app/auth/settings/account/profile.component.ts
index 70cb70c5817..57f1b7dadde 100644
--- a/apps/web/src/app/auth/settings/account/profile.component.ts
+++ b/apps/web/src/app/auth/settings/account/profile.component.ts
@@ -1,11 +1,15 @@
 import { Component, OnDestroy, OnInit } from "@angular/core";
 import { FormControl, FormGroup } from "@angular/forms";
-import { firstValueFrom, map, Subject, takeUntil } from "rxjs";
+import { firstValueFrom, map, Observable, of, Subject, switchMap, takeUntil } from "rxjs";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
+import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { UpdateProfileRequest } from "@bitwarden/common/auth/models/request/update-profile.request";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { ProfileResponse } from "@bitwarden/common/models/response/profile.response";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { DialogService, ToastService } from "@bitwarden/components";
 
@@ -19,6 +23,7 @@ export class ProfileComponent implements OnInit, OnDestroy {
   loading = true;
   profile: ProfileResponse;
   fingerprintMaterial: string;
+  managingOrganization$: Observable<Organization>;
   private destroy$ = new Subject<void>();
 
   protected formGroup = new FormGroup({
@@ -32,6 +37,8 @@ export class ProfileComponent implements OnInit, OnDestroy {
     private accountService: AccountService,
     private dialogService: DialogService,
     private toastService: ToastService,
+    private configService: ConfigService,
+    private organizationService: OrganizationService,
   ) {}
 
   async ngOnInit() {
@@ -40,6 +47,19 @@ export class ProfileComponent implements OnInit, OnDestroy {
     this.fingerprintMaterial = await firstValueFrom(
       this.accountService.activeAccount$.pipe(map((a) => a?.id)),
     );
+    this.managingOrganization$ = this.configService
+      .getFeatureFlag$(FeatureFlag.AccountDeprovisioning)
+      .pipe(
+        switchMap((isAccountDeprovisioningEnabled) =>
+          isAccountDeprovisioningEnabled
+            ? this.organizationService.organizations$.pipe(
+                map((organizations) =>
+                  organizations.find((o) => o.userIsManagedByOrganization === true),
+                ),
+              )
+            : of(null),
+        ),
+      );
     this.formGroup.get("name").setValue(this.profile.name);
     this.formGroup.get("email").setValue(this.profile.email);
 
diff --git a/apps/web/src/locales/en/messages.json b/apps/web/src/locales/en/messages.json
index aa7bce04312..277f834c694 100644
--- a/apps/web/src/locales/en/messages.json
+++ b/apps/web/src/locales/en/messages.json
@@ -1713,6 +1713,9 @@
   "dangerZoneDesc": {
     "message": "Careful, these actions are not reversible!"
   },
+  "dangerZoneDescSingular": {
+    "message": "Careful, this action is not reversible!"
+  },
   "deauthorizeSessions": {
     "message": "Deauthorize sessions"
   },
@@ -1725,6 +1728,15 @@
   "sessionsDeauthorized": {
     "message": "All sessions deauthorized"
   },
+  "accountIsManagedMessage": {
+    "message": "This account is managed by $ORGANIZATIONNAME$",
+    "placeholders": {
+      "organizationName": {
+        "content": "$1",
+        "example": "Organization"
+      }
+    }
+  },
   "purgeVault": {
     "message": "Purge vault"
   },

From ab3d760dfdae8b51145e1b8d31d26e2bc457af46 Mon Sep 17 00:00:00 2001
From: Vijay Oommen <voommen@livefront.com>
Date: Wed, 30 Oct 2024 13:11:45 -0500
Subject: [PATCH 35/39] [PM-13454] Get hostname for login uri (#11646)

* add uri to raw data

* add  uri

* PM-13454 modify the hostnames to friendly names

* PM-13454 removed commented code

* add password health service

* add spec. fix logic in password reuse

* PM-13454 added member count and group by uris

* PM-13454 removed moved files

* PM-13454 fixed linting errors and failed unit tests

* PM-13454 grouping member count

* PM-13454 added unit test for totalGroupedMembersMap

* PM-13454 removed the grouping - show a flatmap

---------

Co-authored-by: jaasen-livefront <jaasen@livefront.com>
---
 .../access-intelligence.component.html        |   3 +
 .../access-intelligence.component.ts          |   2 +
 ...password-health-members-uri.component.html |  55 +++++++++
 ...sword-health-members-uri.component.spec.ts |  61 ++++++++++
 .../password-health-members-uri.component.ts  | 108 ++++++++++++++++++
 .../services/ciphers.mock.ts                  |   7 ++
 .../member-cipher-details-response.mock.ts    |  11 ++
 .../services/password-health.service.spec.ts  |   8 +-
 .../services/password-health.service.ts       |  26 ++++-
 9 files changed, 273 insertions(+), 8 deletions(-)
 create mode 100644 apps/web/src/app/tools/access-intelligence/password-health-members-uri.component.html
 create mode 100644 apps/web/src/app/tools/access-intelligence/password-health-members-uri.component.spec.ts
 create mode 100644 apps/web/src/app/tools/access-intelligence/password-health-members-uri.component.ts

diff --git a/apps/web/src/app/tools/access-intelligence/access-intelligence.component.html b/apps/web/src/app/tools/access-intelligence/access-intelligence.component.html
index 44ca90cfaa5..520dd039d1d 100644
--- a/apps/web/src/app/tools/access-intelligence/access-intelligence.component.html
+++ b/apps/web/src/app/tools/access-intelligence/access-intelligence.component.html
@@ -22,6 +22,9 @@
   <bit-tab label="Raw Data + members">
     <tools-password-health-members></tools-password-health-members>
   </bit-tab>
+  <bit-tab label="Raw Data + uri">
+    <tools-password-health-members-uri></tools-password-health-members-uri>
+  </bit-tab>
   <!-- <bit-tab label="{{ 'allApplicationsWithCount' | i18n: apps.length }}">
     <h2 bitTypography="h2">{{ "allApplications" | i18n }}</h2>
     <tools-application-table></tools-application-table>
diff --git a/apps/web/src/app/tools/access-intelligence/access-intelligence.component.ts b/apps/web/src/app/tools/access-intelligence/access-intelligence.component.ts
index 90b2979d1b1..beaf2d67d49 100644
--- a/apps/web/src/app/tools/access-intelligence/access-intelligence.component.ts
+++ b/apps/web/src/app/tools/access-intelligence/access-intelligence.component.ts
@@ -11,6 +11,7 @@ import { HeaderModule } from "../../layouts/header/header.module";
 
 import { ApplicationTableComponent } from "./application-table.component";
 import { NotifiedMembersTableComponent } from "./notified-members-table.component";
+import { PasswordHealthMembersURIComponent } from "./password-health-members-uri.component";
 import { PasswordHealthMembersComponent } from "./password-health-members.component";
 import { PasswordHealthComponent } from "./password-health.component";
 
@@ -32,6 +33,7 @@ export enum AccessIntelligenceTabType {
     HeaderModule,
     PasswordHealthComponent,
     PasswordHealthMembersComponent,
+    PasswordHealthMembersURIComponent,
     NotifiedMembersTableComponent,
     TabsModule,
   ],
diff --git a/apps/web/src/app/tools/access-intelligence/password-health-members-uri.component.html b/apps/web/src/app/tools/access-intelligence/password-health-members-uri.component.html
new file mode 100644
index 00000000000..bdccc523e76
--- /dev/null
+++ b/apps/web/src/app/tools/access-intelligence/password-health-members-uri.component.html
@@ -0,0 +1,55 @@
+<bit-container>
+  <p>{{ "passwordsReportDesc" | i18n }}</p>
+  <div *ngIf="loading">
+    <i
+      class="bwi bwi-spinner bwi-spin tw-text-muted"
+      title="{{ 'loading' | i18n }}"
+      aria-hidden="true"
+    ></i>
+    <span class="tw-sr-only">{{ "loading" | i18n }}</span>
+  </div>
+  <div class="tw-mt-4" *ngIf="!loading">
+    <bit-table [dataSource]="dataSource">
+      <ng-container header>
+        <tr bitRow>
+          <th bitCell bitSortable="hostURI">{{ "application" | i18n }}</th>
+          <th bitCell class="tw-text-right">{{ "weakness" | i18n }}</th>
+          <th bitCell class="tw-text-right">{{ "timesReused" | i18n }}</th>
+          <th bitCell class="tw-text-right">{{ "timesExposed" | i18n }}</th>
+          <th bitCell class="tw-text-right">{{ "totalMembers" | i18n }}</th>
+        </tr>
+      </ng-container>
+      <ng-template body let-rows$>
+        <tr bitRow *ngFor="let r of rows$ | async">
+          <td bitCell>
+            <ng-container>
+              <span>{{ r.hostURI }}</span>
+            </ng-container>
+          </td>
+          <td bitCell class="tw-text-right">
+            <span
+              bitBadge
+              *ngIf="passwordStrengthMap.has(r.id)"
+              [variant]="passwordStrengthMap.get(r.id)[1]"
+            >
+              {{ passwordStrengthMap.get(r.id)[0] | i18n }}
+            </span>
+          </td>
+          <td bitCell class="tw-text-right">
+            <span bitBadge *ngIf="passwordUseMap.has(r.login.password)" variant="warning">
+              {{ "reusedXTimes" | i18n: passwordUseMap.get(r.login.password) }}
+            </span>
+          </td>
+          <td bitCell class="tw-text-right">
+            <span bitBadge *ngIf="exposedPasswordMap.has(r.id)" variant="warning">
+              {{ "exposedXTimes" | i18n: exposedPasswordMap.get(r.id) }}
+            </span>
+          </td>
+          <td bitCell class="tw-text-right" data-testid="total-membership">
+            {{ totalMembersMap.get(r.id) || 0 }}
+          </td>
+        </tr>
+      </ng-template>
+    </bit-table>
+  </div>
+</bit-container>
diff --git a/apps/web/src/app/tools/access-intelligence/password-health-members-uri.component.spec.ts b/apps/web/src/app/tools/access-intelligence/password-health-members-uri.component.spec.ts
new file mode 100644
index 00000000000..376ae16e232
--- /dev/null
+++ b/apps/web/src/app/tools/access-intelligence/password-health-members-uri.component.spec.ts
@@ -0,0 +1,61 @@
+import { ComponentFixture, TestBed } from "@angular/core/testing";
+import { ActivatedRoute, convertToParamMap } from "@angular/router";
+import { mock, MockProxy } from "jest-mock-extended";
+import { of } from "rxjs";
+
+// eslint-disable-next-line no-restricted-imports
+import { PasswordHealthService } from "@bitwarden/bit-common/tools/reports/access-intelligence";
+import { AuditService } from "@bitwarden/common/abstractions/audit.service";
+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
+import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
+import { PasswordStrengthServiceAbstraction } from "@bitwarden/common/tools/password-strength";
+import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
+import { TableModule } from "@bitwarden/components";
+
+import { LooseComponentsModule } from "../../shared";
+import { PipesModule } from "../../vault/individual-vault/pipes/pipes.module";
+
+import { PasswordHealthMembersURIComponent } from "./password-health-members-uri.component";
+
+describe("PasswordHealthMembersUriComponent", () => {
+  let component: PasswordHealthMembersURIComponent;
+  let fixture: ComponentFixture<PasswordHealthMembersURIComponent>;
+  let cipherServiceMock: MockProxy<CipherService>;
+  const passwordHealthServiceMock = mock<PasswordHealthService>();
+
+  const activeRouteParams = convertToParamMap({ organizationId: "orgId" });
+
+  beforeEach(async () => {
+    cipherServiceMock = mock<CipherService>();
+    await TestBed.configureTestingModule({
+      imports: [PasswordHealthMembersURIComponent, PipesModule, TableModule, LooseComponentsModule],
+      providers: [
+        { provide: CipherService, useValue: cipherServiceMock },
+        { provide: I18nService, useValue: mock<I18nService>() },
+        { provide: AuditService, useValue: mock<AuditService>() },
+        { provide: OrganizationService, useValue: mock<OrganizationService>() },
+        {
+          provide: PasswordStrengthServiceAbstraction,
+          useValue: mock<PasswordStrengthServiceAbstraction>(),
+        },
+        { provide: PasswordHealthService, useValue: passwordHealthServiceMock },
+        {
+          provide: ActivatedRoute,
+          useValue: {
+            paramMap: of(activeRouteParams),
+            url: of([]),
+          },
+        },
+      ],
+    }).compileComponents();
+  });
+
+  beforeEach(() => {
+    fixture = TestBed.createComponent(PasswordHealthMembersURIComponent);
+    component = fixture.componentInstance;
+  });
+
+  it("should initialize component", () => {
+    expect(component).toBeTruthy();
+  });
+});
diff --git a/apps/web/src/app/tools/access-intelligence/password-health-members-uri.component.ts b/apps/web/src/app/tools/access-intelligence/password-health-members-uri.component.ts
new file mode 100644
index 00000000000..0059964f41b
--- /dev/null
+++ b/apps/web/src/app/tools/access-intelligence/password-health-members-uri.component.ts
@@ -0,0 +1,108 @@
+import { CommonModule } from "@angular/common";
+import { Component, DestroyRef, inject, OnInit } from "@angular/core";
+import { takeUntilDestroyed } from "@angular/core/rxjs-interop";
+import { ActivatedRoute } from "@angular/router";
+import { map } from "rxjs";
+
+import { JslibModule } from "@bitwarden/angular/jslib.module";
+// eslint-disable-next-line no-restricted-imports
+import { PasswordHealthService } from "@bitwarden/bit-common/tools/reports/access-intelligence";
+import { AuditService } from "@bitwarden/common/abstractions/audit.service";
+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
+import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
+import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
+import { PasswordStrengthServiceAbstraction } from "@bitwarden/common/tools/password-strength";
+import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
+import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
+import {
+  BadgeModule,
+  BadgeVariant,
+  ContainerComponent,
+  TableDataSource,
+  TableModule,
+} from "@bitwarden/components";
+
+// eslint-disable-next-line no-restricted-imports
+import { HeaderModule } from "../../layouts/header/header.module";
+// eslint-disable-next-line no-restricted-imports
+import { OrganizationBadgeModule } from "../../vault/individual-vault/organization-badge/organization-badge.module";
+// eslint-disable-next-line no-restricted-imports
+import { PipesModule } from "../../vault/individual-vault/pipes/pipes.module";
+
+@Component({
+  standalone: true,
+  selector: "tools-password-health-members-uri",
+  templateUrl: "password-health-members-uri.component.html",
+  imports: [
+    BadgeModule,
+    OrganizationBadgeModule,
+    CommonModule,
+    ContainerComponent,
+    PipesModule,
+    JslibModule,
+    HeaderModule,
+    TableModule,
+  ],
+  providers: [PasswordHealthService],
+})
+export class PasswordHealthMembersURIComponent implements OnInit {
+  passwordStrengthMap = new Map<string, [string, BadgeVariant]>();
+
+  weakPasswordCiphers: CipherView[] = [];
+
+  passwordUseMap = new Map<string, number>();
+
+  exposedPasswordMap = new Map<string, number>();
+
+  totalMembersMap = new Map<string, number>();
+
+  dataSource = new TableDataSource<CipherView>();
+
+  reportCiphers: (CipherView & { hostURI: string })[] = [];
+  reportCipherURIs: string[] = [];
+
+  organization: Organization;
+
+  loading = true;
+
+  private destroyRef = inject(DestroyRef);
+
+  constructor(
+    protected cipherService: CipherService,
+    protected passwordStrengthService: PasswordStrengthServiceAbstraction,
+    protected organizationService: OrganizationService,
+    protected auditService: AuditService,
+    protected i18nService: I18nService,
+    protected activatedRoute: ActivatedRoute,
+  ) {}
+
+  ngOnInit() {
+    this.activatedRoute.paramMap
+      .pipe(
+        takeUntilDestroyed(this.destroyRef),
+        map(async (params) => {
+          const organizationId = params.get("organizationId");
+          await this.setCiphers(organizationId);
+        }),
+      )
+      .subscribe();
+  }
+
+  async setCiphers(organizationId: string) {
+    const passwordHealthService = new PasswordHealthService(
+      this.passwordStrengthService,
+      this.auditService,
+      this.cipherService,
+      organizationId,
+    );
+
+    await passwordHealthService.generateReport();
+
+    this.dataSource.data = passwordHealthService.groupCiphersByLoginUri();
+    this.exposedPasswordMap = passwordHealthService.exposedPasswordMap;
+    this.passwordStrengthMap = passwordHealthService.passwordStrengthMap;
+    this.passwordUseMap = passwordHealthService.passwordUseMap;
+    this.totalMembersMap = passwordHealthService.totalMembersMap;
+    this.loading = false;
+  }
+}
diff --git a/bitwarden_license/bit-common/src/tools/reports/access-intelligence/services/ciphers.mock.ts b/bitwarden_license/bit-common/src/tools/reports/access-intelligence/services/ciphers.mock.ts
index 22b9148c840..e7693e46a32 100644
--- a/bitwarden_license/bit-common/src/tools/reports/access-intelligence/services/ciphers.mock.ts
+++ b/bitwarden_license/bit-common/src/tools/reports/access-intelligence/services/ciphers.mock.ts
@@ -12,6 +12,13 @@ export const mockCiphers: any[] = [
     organizationUseTotp: false,
     login: {
       password: "123",
+      hasUris: true,
+      uris: [
+        { uri: "www.google.com" },
+        { uri: "accounts.google.com" },
+        { uri: "https://www.google.com" },
+        { uri: "https://www.google.com/login" },
+      ],
     },
     edit: false,
     viewPassword: true,
diff --git a/bitwarden_license/bit-common/src/tools/reports/access-intelligence/services/member-cipher-details-response.mock.ts b/bitwarden_license/bit-common/src/tools/reports/access-intelligence/services/member-cipher-details-response.mock.ts
index 78cc105e9b4..92d87175974 100644
--- a/bitwarden_license/bit-common/src/tools/reports/access-intelligence/services/member-cipher-details-response.mock.ts
+++ b/bitwarden_license/bit-common/src/tools/reports/access-intelligence/services/member-cipher-details-response.mock.ts
@@ -64,5 +64,16 @@ export const mockMemberCipherDetailsResponse: { data: any[] } = {
         "cbea34a8-bde4-46ad-9d19-b05001228xy4",
       ],
     },
+    {
+      UserName: "Chris Finch Tester",
+      Email: "chris.finch@wernhamhogg.uk",
+      UsesKeyConnector: true,
+      cipherIds: [
+        "cbea34a8-bde4-46ad-9d19-b05001228ab2",
+        "cbea34a8-bde4-46ad-9d19-b05001228cd3",
+        "cbea34a8-bde4-46ad-9d19-b05001228xy4",
+        "cbea34a8-bde4-46ad-9d19-b05001228ab1",
+      ],
+    },
   ],
 };
diff --git a/bitwarden_license/bit-common/src/tools/reports/access-intelligence/services/password-health.service.spec.ts b/bitwarden_license/bit-common/src/tools/reports/access-intelligence/services/password-health.service.spec.ts
index 8f391b7d569..692eb5afba7 100644
--- a/bitwarden_license/bit-common/src/tools/reports/access-intelligence/services/password-health.service.spec.ts
+++ b/bitwarden_license/bit-common/src/tools/reports/access-intelligence/services/password-health.service.spec.ts
@@ -99,12 +99,12 @@ describe("PasswordHealthService", () => {
 
     it("should calculate total members per cipher", () => {
       expect(service.totalMembersMap.size).toBeGreaterThan(0);
-      expect(service.totalMembersMap.get("cbea34a8-bde4-46ad-9d19-b05001228ab1")).toBe(2);
-      expect(service.totalMembersMap.get("cbea34a8-bde4-46ad-9d19-b05001228ab2")).toBe(4);
-      expect(service.totalMembersMap.get("cbea34a8-bde4-46ad-9d19-b05001228cd3")).toBe(5);
+      expect(service.totalMembersMap.get("cbea34a8-bde4-46ad-9d19-b05001228ab1")).toBe(3);
+      expect(service.totalMembersMap.get("cbea34a8-bde4-46ad-9d19-b05001228ab2")).toBe(5);
+      expect(service.totalMembersMap.get("cbea34a8-bde4-46ad-9d19-b05001228cd3")).toBe(6);
       expect(service.totalMembersMap.get("cbea34a8-bde4-46ad-9d19-b05001227nm5")).toBe(4);
       expect(service.totalMembersMap.get("cbea34a8-bde4-46ad-9d19-b05001227nm7")).toBe(1);
-      expect(service.totalMembersMap.get("cbea34a8-bde4-46ad-9d19-b05001228xy4")).toBe(6);
+      expect(service.totalMembersMap.get("cbea34a8-bde4-46ad-9d19-b05001228xy4")).toBe(7);
     });
   });
 
diff --git a/bitwarden_license/bit-common/src/tools/reports/access-intelligence/services/password-health.service.ts b/bitwarden_license/bit-common/src/tools/reports/access-intelligence/services/password-health.service.ts
index ce78aba426d..0eaed89b71f 100644
--- a/bitwarden_license/bit-common/src/tools/reports/access-intelligence/services/password-health.service.ts
+++ b/bitwarden_license/bit-common/src/tools/reports/access-intelligence/services/password-health.service.ts
@@ -1,5 +1,9 @@
 import { Inject, Injectable } from "@angular/core";
 
+// eslint-disable-next-line no-restricted-imports
+import { mockCiphers } from "@bitwarden/bit-common/tools/reports/access-intelligence/services/ciphers.mock";
+// eslint-disable-next-line no-restricted-imports
+import { mockMemberCipherDetailsResponse } from "@bitwarden/bit-common/tools/reports/access-intelligence/services/member-cipher-details-response.mock";
 import { AuditService } from "@bitwarden/common/abstractions/audit.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { PasswordStrengthServiceAbstraction } from "@bitwarden/common/tools/password-strength";
@@ -8,9 +12,6 @@ import { CipherType } from "@bitwarden/common/vault/enums";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
 import { BadgeVariant } from "@bitwarden/components";
 
-import { mockCiphers } from "./ciphers.mock";
-import { mockMemberCipherDetailsResponse } from "./member-cipher-details-response.mock";
-
 @Injectable()
 export class PasswordHealthService {
   reportCiphers: CipherView[] = [];
@@ -157,10 +158,27 @@ export class PasswordHealthService {
     }
   }
 
-  private checkForExistingCipher(ciph: CipherView) {
+  checkForExistingCipher(ciph: CipherView) {
     if (!this.reportCipherIds.includes(ciph.id)) {
       this.reportCipherIds.push(ciph.id);
       this.reportCiphers.push(ciph);
     }
   }
+
+  groupCiphersByLoginUri(): CipherView[] {
+    const cipherViews: CipherView[] = [];
+    const cipherUris: string[] = [];
+    const ciphers = this.reportCiphers;
+
+    ciphers.forEach((ciph) => {
+      const uris = ciph.login?.uris ?? [];
+      uris.map((u: { uri: string }) => {
+        const uri = Utils.getHostname(u.uri).replace("www.", "");
+        cipherUris.push(uri);
+        cipherViews.push({ ...ciph, hostURI: uri } as CipherView & { hostURI: string });
+      });
+    });
+
+    return cipherViews;
+  }
 }

From 18f7d64a6d34e940445ffb37f70759a20548e434 Mon Sep 17 00:00:00 2001
From: Jordan Aasen <166539328+jaasen-livefront@users.noreply.github.com>
Date: Wed, 30 Oct 2024 11:25:06 -0700
Subject: [PATCH 36/39] [PM-14038] - priority applications UI (#11723)

* priority applications UI

* add security icon
---
 .../no-priority-apps.component.ts             |  2 +-
 .../password-health-members.component.html    | 66 ++++++++++++++-----
 .../password-health-members.component.ts      | 41 +++++++++++-
 apps/web/src/locales/en/messages.json         |  3 +
 libs/components/src/icon/icons/index.ts       |  1 +
 libs/components/src/icon/icons/security.ts    | 50 ++++++++++++++
 6 files changed, 145 insertions(+), 18 deletions(-)
 create mode 100644 libs/components/src/icon/icons/security.ts

diff --git a/apps/web/src/app/tools/access-intelligence/no-priority-apps.component.ts b/apps/web/src/app/tools/access-intelligence/no-priority-apps.component.ts
index e4e54ca2f13..d0f53d09422 100644
--- a/apps/web/src/app/tools/access-intelligence/no-priority-apps.component.ts
+++ b/apps/web/src/app/tools/access-intelligence/no-priority-apps.component.ts
@@ -11,5 +11,5 @@ import { ButtonModule, NoItemsModule, Icons } from "@bitwarden/components";
   imports: [ButtonModule, CommonModule, JslibModule, NoItemsModule],
 })
 export class NoPriorityAppsComponent {
-  noItemsIcon = Icons.NoResults;
+  noItemsIcon = Icons.Security;
 }
diff --git a/apps/web/src/app/tools/access-intelligence/password-health-members.component.html b/apps/web/src/app/tools/access-intelligence/password-health-members.component.html
index 885c21f0a2c..ca2936b282c 100644
--- a/apps/web/src/app/tools/access-intelligence/password-health-members.component.html
+++ b/apps/web/src/app/tools/access-intelligence/password-health-members.component.html
@@ -1,15 +1,38 @@
-<bit-container>
-  <p>{{ "passwordsReportDesc" | i18n }}</p>
-  <div *ngIf="loading">
-    <i
-      class="bwi bwi-spinner bwi-spin tw-text-muted"
-      title="{{ 'loading' | i18n }}"
-      aria-hidden="true"
-    ></i>
-    <span class="tw-sr-only">{{ "loading" | i18n }}</span>
+<p>{{ "passwordsReportDesc" | i18n }}</p>
+<div *ngIf="loading">
+  <i
+    class="bwi bwi-spinner bwi-spin tw-text-muted"
+    title="{{ 'loading' | i18n }}"
+    aria-hidden="true"
+  ></i>
+  <span class="tw-sr-only">{{ "loading" | i18n }}</span>
+</div>
+<div class="tw-mt-4" *ngIf="!dataSource.data.length">
+  <tools-no-priority-apps></tools-no-priority-apps>
+</div>
+<div class="tw-mt-4 tw-flex tw-flex-col" *ngIf="!loading && dataSource.data.length">
+  <div class="tw-flex tw-gap-6">
+    <tools-card
+      class="tw-flex-1"
+      [title]="'atRiskMembers' | i18n"
+      [value]="totalMembersMap.size - 3"
+      [maxValue]="totalMembersMap.size"
+    >
+    </tools-card>
+    <tools-card
+      class="tw-flex-1"
+      [title]="'atRiskApplications' | i18n"
+      [value]="totalMembersMap.size - 1"
+      [maxValue]="totalMembersMap.size"
+    >
+    </tools-card>
   </div>
-  <div *ngIf="!dataSource.data.length">
-    <tools-no-priority-apps></tools-no-priority-apps>
+  <div class="tw-flex tw-mt-8 tw-mb-4 tw-gap-4">
+    <bit-search class="tw-grow" [formControl]="searchControl"></bit-search>
+    <button class="tw-rounded-lg" type="button" buttonType="secondary" bitButton>
+      <i class="bwi bwi-star-f tw-mr-2"></i>
+      {{ "markAppAsCritical" | i18n }}
+    </button>
   </div>
   <div class="tw-mt-4 tw-flex tw-flex-col" *ngIf="!loading && dataSource.data.length">
     <div class="tw-flex tw-gap-6">
@@ -30,7 +53,15 @@
     </div>
     <div class="tw-flex tw-mt-8 tw-mb-4 tw-gap-4">
       <bit-search class="tw-grow" [formControl]="searchControl"></bit-search>
-      <button class="tw-rounded-lg" type="button" buttonType="secondary" bitButton>
+      <button
+        class="tw-rounded-lg"
+        type="button"
+        buttonType="secondary"
+        [disabled]="!selectedIds.size"
+        bitButton
+        [bitAction]="markAppsAsCritical"
+        appA11yTitle="{{ 'markAppAsCritical' | i18n }}"
+      >
         <i class="bwi bwi-star-f tw-mr-2"></i>
         {{ "markAppAsCritical" | i18n }}
       </button>
@@ -47,9 +78,14 @@
         </tr>
       </ng-container>
       <ng-template body let-rows$>
-        <tr bitRow *ngFor="let r of rows$ | async">
+        <tr bitRow *ngFor="let r of rows$ | async; trackBy: trackByFunction">
           <td bitCell>
-            <app-vault-icon [cipher]="r"></app-vault-icon>
+            <input
+              bitCheckbox
+              type="checkbox"
+              [checked]="selectedIds.has(r.id)"
+              (change)="onCheckboxChange(r.id, $event)"
+            />
           </td>
           <td bitCell>
             <ng-container>
@@ -84,4 +120,4 @@
       </ng-template>
     </bit-table>
   </div>
-</bit-container>
+</div>
diff --git a/apps/web/src/app/tools/access-intelligence/password-health-members.component.ts b/apps/web/src/app/tools/access-intelligence/password-health-members.component.ts
index 17b2456406b..975b9c71254 100644
--- a/apps/web/src/app/tools/access-intelligence/password-health-members.component.ts
+++ b/apps/web/src/app/tools/access-intelligence/password-health-members.component.ts
@@ -11,7 +11,13 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { PasswordStrengthServiceAbstraction } from "@bitwarden/common/tools/password-strength";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
-import { BadgeVariant, SearchModule, TableDataSource, TableModule } from "@bitwarden/components";
+import {
+  BadgeVariant,
+  SearchModule,
+  TableDataSource,
+  TableModule,
+  ToastService,
+} from "@bitwarden/components";
 import { CardComponent } from "@bitwarden/tools-card";
 
 import { HeaderModule } from "../../layouts/header/header.module";
@@ -53,6 +59,8 @@ export class PasswordHealthMembersComponent implements OnInit {
 
   loading = true;
 
+  selectedIds: Set<number> = new Set<number>();
+
   protected searchControl = new FormControl("", { nonNullable: true });
 
   private destroyRef = inject(DestroyRef);
@@ -63,6 +71,7 @@ export class PasswordHealthMembersComponent implements OnInit {
     protected auditService: AuditService,
     protected i18nService: I18nService,
     protected activatedRoute: ActivatedRoute,
+    protected toastService: ToastService,
   ) {
     this.searchControl.valueChanges
       .pipe(debounceTime(200), takeUntilDestroyed())
@@ -91,7 +100,7 @@ export class PasswordHealthMembersComponent implements OnInit {
 
     await passwordHealthService.generateReport();
 
-    this.dataSource.data = passwordHealthService.reportCiphers;
+    this.dataSource.data = []; //passwordHealthService.reportCiphers;
 
     this.exposedPasswordMap = passwordHealthService.exposedPasswordMap;
     this.passwordStrengthMap = passwordHealthService.passwordStrengthMap;
@@ -99,4 +108,32 @@ export class PasswordHealthMembersComponent implements OnInit {
     this.totalMembersMap = passwordHealthService.totalMembersMap;
     this.loading = false;
   }
+
+  markAppsAsCritical = async () => {
+    // TODO: Send to API once implemented
+    return new Promise((resolve) => {
+      setTimeout(() => {
+        this.selectedIds.clear();
+        this.toastService.showToast({
+          variant: "success",
+          title: null,
+          message: this.i18nService.t("appsMarkedAsCritical"),
+        });
+        resolve(true);
+      }, 1000);
+    });
+  };
+
+  trackByFunction(_: number, item: CipherView) {
+    return item.id;
+  }
+
+  onCheckboxChange(id: number, event: Event) {
+    const isChecked = (event.target as HTMLInputElement).checked;
+    if (isChecked) {
+      this.selectedIds.add(id);
+    } else {
+      this.selectedIds.delete(id);
+    }
+  }
 }
diff --git a/apps/web/src/locales/en/messages.json b/apps/web/src/locales/en/messages.json
index 277f834c694..3189777aa7c 100644
--- a/apps/web/src/locales/en/messages.json
+++ b/apps/web/src/locales/en/messages.json
@@ -65,6 +65,9 @@
   "markAppAsCritical": {
     "message": "Mark app as critical"
   },
+  "appsMarkedAsCritical": {
+    "message": "Apps marked as critical"
+  },
   "application": {
     "message": "Application"
   },
diff --git a/libs/components/src/icon/icons/index.ts b/libs/components/src/icon/icons/index.ts
index 0ed0cc18975..b52903e15ee 100644
--- a/libs/components/src/icon/icons/index.ts
+++ b/libs/components/src/icon/icons/index.ts
@@ -1,3 +1,4 @@
 export * from "./search";
+export * from "./security";
 export * from "./no-access";
 export * from "./no-results";
diff --git a/libs/components/src/icon/icons/security.ts b/libs/components/src/icon/icons/security.ts
new file mode 100644
index 00000000000..5732b8066c6
--- /dev/null
+++ b/libs/components/src/icon/icons/security.ts
@@ -0,0 +1,50 @@
+import { svgIcon } from "../icon";
+
+export const Security = svgIcon`
+<svg width="96" height="96" viewBox="0 0 96 96" fill="none" xmlns="http://www.w3.org/2000/svg">
+  <rect width="96" height="96" class="tw-fill-background"/>
+  <rect x="5" y="5" width="86" height="77" rx="7" class="tw-stroke-art-primary" stroke-width="2" stroke-linecap="round"/>
+  <rect x="63" y="15" width="18" height="18" rx="3" class="tw-stroke-art-primary" stroke-width="2" stroke-linecap="round"/>
+  <rect x="39" y="15" width="18" height="18" rx="3" class="tw-stroke-art-primary" stroke-width="2" stroke-linecap="round"/>
+  <rect x="15" y="15" width="18" height="18" rx="3" class="tw-stroke-art-primary" stroke-width="2" stroke-linecap="round"/>
+  <rect x="13" y="41" width="70" height="14" rx="7" class="tw-stroke-art-primary tw-fill-background" stroke-width="2" stroke-linecap="round"/>
+  <path d="M21.0039 48.3526V45.5728" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M21.0039 48.3525L23.6272 47.4933" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M21.0039 48.3524L22.6279 50.6268" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M21.0029 48.3524L19.3789 50.6268" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M21.0022 48.3525L18.3789 47.4933" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M30.0039 48.3526V45.5728" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M30.0039 48.3525L32.6272 47.4933" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M30.0039 48.3524L31.6279 50.6268" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M30.0029 48.3524L28.3789 50.6268" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M30.0022 48.3525L27.3789 47.4933" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M39.0039 48.3526V45.5728" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M39.0039 48.3525L41.6272 47.4933" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M39.0039 48.3524L40.6279 50.6268" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M39.0029 48.3524L37.3789 50.6268" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M39.0022 48.3525L36.3789 47.4933" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M48.0039 48.3526V45.5728" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M48.0039 48.3525L50.6272 47.4933" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M48.0039 48.3524L49.6279 50.6268" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M48.0029 48.3524L46.3789 50.6268" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M48.0022 48.3525L45.3789 47.4933" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M57.0039 48.3526V45.5728" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M57.0039 48.3525L59.6272 47.4933" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M57.0039 48.3524L58.6279 50.6268" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M57.0029 48.3524L55.3789 50.6268" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M57.0022 48.3525L54.3789 47.4933" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M66.0039 48.3526V45.5728" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M66.0039 48.3525L68.6272 47.4933" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M66.0039 48.3524L67.6279 50.6268" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M66.0029 48.3524L64.3789 50.6268" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M66.0022 48.3525L63.3789 47.4933" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M75.0039 48.3526V45.5728" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M75.0039 48.3525L77.6272 47.4933" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M75.0039 48.3524L76.6279 50.6268" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M75.0029 48.3524L73.3789 50.6268" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <path d="M75.0022 48.3525L72.3789 47.4933" class="tw-stroke-art-accent" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+  <rect x="35" y="72" width="26" height="20" rx="2" class="tw-stroke-art-primary tw-fill-background" stroke-width="2"/>
+  <rect x="47" y="78" width="2" height="8" rx="1" class="tw-stroke-art-accent"/>
+  <path d="M55 71V69C55 65.134 51.866 62 48 62V62C44.134 62 41 65.134 41 69V71" class="tw-stroke-art-primary" stroke-width="2"/>
+</svg>
+`;

From 690e175b1d70a0a39b97f285043337f98fffaa80 Mon Sep 17 00:00:00 2001
From: Florian Lang <144521337+FlorianLang06@users.noreply.github.com>
Date: Wed, 30 Oct 2024 20:09:33 +0100
Subject: [PATCH 37/39] fix: totp autofill fill single digits if one field per
 digit exist (#11630)

---
 apps/browser/src/autofill/services/autofill.service.ts | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/apps/browser/src/autofill/services/autofill.service.ts b/apps/browser/src/autofill/services/autofill.service.ts
index 1ff2341d9f8..696bdb8b896 100644
--- a/apps/browser/src/autofill/services/autofill.service.ts
+++ b/apps/browser/src/autofill/services/autofill.service.ts
@@ -940,13 +940,16 @@ export default class AutofillService implements AutofillServiceInterface {
 
     if (options.allowTotpAutofill) {
       await Promise.all(
-        totps.map(async (t) => {
+        totps.map(async (t, i) => {
           if (Object.prototype.hasOwnProperty.call(filledFields, t.opid)) {
             return;
           }
 
           filledFields[t.opid] = t;
-          const totpValue = await this.totpService.getCode(login.totp);
+          let totpValue = await this.totpService.getCode(login.totp);
+          if (totpValue.length == totps.length) {
+            totpValue = totpValue.charAt(i);
+          }
           AutofillService.fillByOpid(fillScript, t, totpValue);
         }),
       );

From 4de7cb8012a0716d0c834d279a04fc4fd62c5112 Mon Sep 17 00:00:00 2001
From: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
Date: Wed, 30 Oct 2024 17:54:39 -0400
Subject: [PATCH 38/39] BEEEP - Auth AccountService Improvements (#11779)

* BEEEP Adjacent - AccountService misc improvements - (1) prefer null over undefined and (2) add new Account type

* LockCompV2 - Fix activeAccount type per PR feedback

* AccountService - update getUserId per PR feedback.
---
 .../services/account-switcher.service.spec.ts   | 10 +++++++---
 .../key-rotation/user-key-rotation.service.ts   |  7 ++-----
 libs/angular/src/auth/guards/auth.guard.spec.ts |  8 ++++++--
 libs/angular/src/auth/guards/lock.guard.spec.ts |  8 ++++++--
 libs/auth/src/angular/lock/lock.component.ts    | 11 +++++++----
 libs/common/spec/fake-account-service.ts        |  4 ++--
 .../src/auth/abstractions/account.service.ts    |  7 +++++--
 .../src/auth/services/account.service.spec.ts   | 10 +++++-----
 .../common/src/auth/services/account.service.ts | 17 +++++++++--------
 ...et-enrollment.service.implementation.spec.ts |  4 ++--
 .../fido2/fido2-authenticator.service.spec.ts   |  4 ++--
 .../default-active-user-state.spec.ts           |  6 +++---
 12 files changed, 56 insertions(+), 40 deletions(-)

diff --git a/apps/browser/src/auth/popup/account-switching/services/account-switcher.service.spec.ts b/apps/browser/src/auth/popup/account-switching/services/account-switcher.service.spec.ts
index 6865adca393..3084c3e5407 100644
--- a/apps/browser/src/auth/popup/account-switching/services/account-switcher.service.spec.ts
+++ b/apps/browser/src/auth/popup/account-switching/services/account-switcher.service.spec.ts
@@ -1,7 +1,11 @@
 import { matches, mock } from "jest-mock-extended";
 import { BehaviorSubject, ReplaySubject, firstValueFrom, of, timeout } from "rxjs";
 
-import { AccountInfo, AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import {
+  Account,
+  AccountInfo,
+  AccountService,
+} from "@bitwarden/common/auth/abstractions/account.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { AvatarService } from "@bitwarden/common/auth/abstractions/avatar.service";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
@@ -14,7 +18,7 @@ import { AccountSwitcherService } from "./account-switcher.service";
 
 describe("AccountSwitcherService", () => {
   let accountsSubject: BehaviorSubject<Record<UserId, AccountInfo>>;
-  let activeAccountSubject: BehaviorSubject<{ id: UserId } & AccountInfo>;
+  let activeAccountSubject: BehaviorSubject<Account | null>;
   let authStatusSubject: ReplaySubject<Record<UserId, AuthenticationStatus>>;
 
   const accountService = mock<AccountService>();
@@ -29,7 +33,7 @@ describe("AccountSwitcherService", () => {
   beforeEach(() => {
     jest.resetAllMocks();
     accountsSubject = new BehaviorSubject<Record<UserId, AccountInfo>>(null);
-    activeAccountSubject = new BehaviorSubject<{ id: UserId } & AccountInfo>(null);
+    activeAccountSubject = new BehaviorSubject<Account | null>(null);
     authStatusSubject = new ReplaySubject<Record<UserId, AuthenticationStatus>>(1);
 
     // Use subject to allow for easy updates
diff --git a/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts b/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts
index e4e5ab2caaa..6c2f15a02a6 100644
--- a/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts
+++ b/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts
@@ -1,7 +1,7 @@
 import { Injectable } from "@angular/core";
 import { firstValueFrom } from "rxjs";
 
-import { AccountInfo } from "@bitwarden/common/auth/abstractions/account.service";
+import { Account } from "@bitwarden/common/auth/abstractions/account.service";
 import { DeviceTrustServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust.service.abstraction";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { VerificationType } from "@bitwarden/common/auth/enums/verification-type";
@@ -46,10 +46,7 @@ export class UserKeyRotationService {
    * Creates a new user key and re-encrypts all required data with the it.
    * @param masterPassword current master password (used for validation)
    */
-  async rotateUserKeyAndEncryptedData(
-    masterPassword: string,
-    user: { id: UserId } & AccountInfo,
-  ): Promise<void> {
+  async rotateUserKeyAndEncryptedData(masterPassword: string, user: Account): Promise<void> {
     this.logService.info("[Userkey rotation] Starting user key rotation...");
     if (!masterPassword) {
       this.logService.info("[Userkey rotation] Invalid master password provided. Aborting!");
diff --git a/libs/angular/src/auth/guards/auth.guard.spec.ts b/libs/angular/src/auth/guards/auth.guard.spec.ts
index 8d024b6b2b1..a6bfd72e23e 100644
--- a/libs/angular/src/auth/guards/auth.guard.spec.ts
+++ b/libs/angular/src/auth/guards/auth.guard.spec.ts
@@ -5,7 +5,11 @@ import { MockProxy, mock } from "jest-mock-extended";
 import { BehaviorSubject } from "rxjs";
 
 import { EmptyComponent } from "@bitwarden/angular/platform/guard/feature-flag.guard.spec";
-import { AccountInfo, AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import {
+  Account,
+  AccountInfo,
+  AccountService,
+} from "@bitwarden/common/auth/abstractions/account.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { KeyConnectorService } from "@bitwarden/common/auth/abstractions/key-connector.service";
 import { MasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
@@ -30,7 +34,7 @@ describe("AuthGuard", () => {
       keyConnectorServiceRequiresAccountConversion,
     );
     const accountService: MockProxy<AccountService> = mock<AccountService>();
-    const activeAccountSubject = new BehaviorSubject<{ id: UserId } & AccountInfo>(null);
+    const activeAccountSubject = new BehaviorSubject<Account | null>(null);
     accountService.activeAccount$ = activeAccountSubject;
     activeAccountSubject.next(
       Object.assign(
diff --git a/libs/angular/src/auth/guards/lock.guard.spec.ts b/libs/angular/src/auth/guards/lock.guard.spec.ts
index 0d41be87a43..d801ef0f8f9 100644
--- a/libs/angular/src/auth/guards/lock.guard.spec.ts
+++ b/libs/angular/src/auth/guards/lock.guard.spec.ts
@@ -6,7 +6,11 @@ import { BehaviorSubject, of } from "rxjs";
 
 import { EmptyComponent } from "@bitwarden/angular/platform/guard/feature-flag.guard.spec";
 import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout-settings.service";
-import { AccountInfo, AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import {
+  Account,
+  AccountInfo,
+  AccountService,
+} from "@bitwarden/common/auth/abstractions/account.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { DeviceTrustServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust.service.abstraction";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
@@ -56,7 +60,7 @@ describe("lockGuard", () => {
     userVerificationService.hasMasterPassword.mockResolvedValue(setupParams.hasMasterPassword);
 
     const accountService: MockProxy<AccountService> = mock<AccountService>();
-    const activeAccountSubject = new BehaviorSubject<{ id: UserId } & AccountInfo>(null);
+    const activeAccountSubject = new BehaviorSubject<Account | null>(null);
     accountService.activeAccount$ = activeAccountSubject;
     activeAccountSubject.next(
       Object.assign(
diff --git a/libs/auth/src/angular/lock/lock.component.ts b/libs/auth/src/angular/lock/lock.component.ts
index f2ffc1fbed7..3d4bf51e804 100644
--- a/libs/auth/src/angular/lock/lock.component.ts
+++ b/libs/auth/src/angular/lock/lock.component.ts
@@ -7,7 +7,7 @@ import { BehaviorSubject, firstValueFrom, Subject, switchMap, take, takeUntil }
 import { JslibModule } from "@bitwarden/angular/jslib.module";
 import { InternalPolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { MasterPasswordPolicyOptions } from "@bitwarden/common/admin-console/models/domain/master-password-policy-options";
-import { AccountInfo, AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { Account, AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { DeviceTrustServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust.service.abstraction";
 import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
@@ -26,7 +26,6 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { KeySuffixOptions } from "@bitwarden/common/platform/enums";
 import { SyncService } from "@bitwarden/common/platform/sync";
 import { PasswordStrengthServiceAbstraction } from "@bitwarden/common/tools/password-strength";
-import { UserId } from "@bitwarden/common/types/guid";
 import { UserKey } from "@bitwarden/common/types/key";
 import {
   AsyncActionsModule,
@@ -73,7 +72,7 @@ const clientTypeToSuccessRouteRecord: Partial<Record<ClientType, string>> = {
 export class LockV2Component implements OnInit, OnDestroy {
   private destroy$ = new Subject<void>();
 
-  activeAccount: { id: UserId | undefined } & AccountInfo;
+  activeAccount: Account | null;
 
   clientType: ClientType;
   ClientType = ClientType;
@@ -202,11 +201,15 @@ export class LockV2Component implements OnInit, OnDestroy {
       .subscribe();
   }
 
-  private async handleActiveAccountChange(activeAccount: { id: UserId | undefined } & AccountInfo) {
+  private async handleActiveAccountChange(activeAccount: Account | null) {
     this.activeAccount = activeAccount;
 
     this.resetDataOnActiveAccountChange();
 
+    if (activeAccount == null) {
+      return;
+    }
+
     this.setEmailAsPageSubtitle(activeAccount.email);
 
     this.unlockOptions = await firstValueFrom(
diff --git a/libs/common/spec/fake-account-service.ts b/libs/common/spec/fake-account-service.ts
index 649a158d757..db84143d3a6 100644
--- a/libs/common/spec/fake-account-service.ts
+++ b/libs/common/spec/fake-account-service.ts
@@ -1,7 +1,7 @@
 import { mock } from "jest-mock-extended";
 import { ReplaySubject, combineLatest, map } from "rxjs";
 
-import { AccountInfo, AccountService } from "../src/auth/abstractions/account.service";
+import { Account, AccountInfo, AccountService } from "../src/auth/abstractions/account.service";
 import { UserId } from "../src/types/guid";
 
 export function mockAccountServiceWith(
@@ -30,7 +30,7 @@ export class FakeAccountService implements AccountService {
   // eslint-disable-next-line rxjs/no-exposed-subjects -- test class
   accountsSubject = new ReplaySubject<Record<UserId, AccountInfo>>(1);
   // eslint-disable-next-line rxjs/no-exposed-subjects -- test class
-  activeAccountSubject = new ReplaySubject<{ id: UserId } & AccountInfo>(1);
+  activeAccountSubject = new ReplaySubject<Account | null>(1);
   // eslint-disable-next-line rxjs/no-exposed-subjects -- test class
   accountActivitySubject = new ReplaySubject<Record<UserId, Date>>(1);
   private _activeUserId: UserId;
diff --git a/libs/common/src/auth/abstractions/account.service.ts b/libs/common/src/auth/abstractions/account.service.ts
index 849abc65f66..aab935817a9 100644
--- a/libs/common/src/auth/abstractions/account.service.ts
+++ b/libs/common/src/auth/abstractions/account.service.ts
@@ -12,6 +12,8 @@ export type AccountInfo = {
   name: string | undefined;
 };
 
+export type Account = { id: UserId } & AccountInfo;
+
 export function accountInfoEqual(a: AccountInfo, b: AccountInfo) {
   if (a == null && b == null) {
     return true;
@@ -32,7 +34,8 @@ export function accountInfoEqual(a: AccountInfo, b: AccountInfo) {
 
 export abstract class AccountService {
   accounts$: Observable<Record<UserId, AccountInfo>>;
-  activeAccount$: Observable<{ id: UserId | undefined } & AccountInfo>;
+
+  activeAccount$: Observable<Account | null>;
 
   /**
    * Observable of the last activity time for each account.
@@ -41,7 +44,7 @@ export abstract class AccountService {
   /** Account list in order of descending recency */
   sortedUserIds$: Observable<UserId[]>;
   /** Next account that is not the current active account */
-  nextUpAccount$: Observable<{ id: UserId } & AccountInfo>;
+  nextUpAccount$: Observable<Account>;
   /**
    * Updates the `accounts$` observable with the new account data.
    *
diff --git a/libs/common/src/auth/services/account.service.spec.ts b/libs/common/src/auth/services/account.service.spec.ts
index 0ae14b0cc12..227949156ee 100644
--- a/libs/common/src/auth/services/account.service.spec.ts
+++ b/libs/common/src/auth/services/account.service.spec.ts
@@ -88,10 +88,10 @@ describe("accountService", () => {
   });
 
   describe("activeAccount$", () => {
-    it("should emit undefined if no account is active", () => {
+    it("should emit null if no account is active", () => {
       const emissions = trackEmissions(sut.activeAccount$);
 
-      expect(emissions).toEqual([undefined]);
+      expect(emissions).toEqual([null]);
     });
 
     it("should emit the active account", async () => {
@@ -100,7 +100,7 @@ describe("accountService", () => {
       activeAccountIdState.stateSubject.next(userId);
 
       expect(emissions).toEqual([
-        undefined, // initial value
+        null, // initial value
         { id: userId, ...userInfo },
       ]);
     });
@@ -258,10 +258,10 @@ describe("accountService", () => {
       activeAccountIdState.stateSubject.next(userId);
     });
 
-    it("should emit undefined if no account is provided", async () => {
+    it("should emit null if no account is provided", async () => {
       await sut.switchAccount(null);
       const currentState = await firstValueFrom(sut.activeAccount$);
-      expect(currentState).toBeUndefined();
+      expect(currentState).toBeNull();
     });
 
     it("should throw if the account does not exist", () => {
diff --git a/libs/common/src/auth/services/account.service.ts b/libs/common/src/auth/services/account.service.ts
index 04a0c62dd93..3da04395fdc 100644
--- a/libs/common/src/auth/services/account.service.ts
+++ b/libs/common/src/auth/services/account.service.ts
@@ -8,6 +8,7 @@ import {
 } from "rxjs";
 
 import {
+  Account,
   AccountInfo,
   InternalAccountService,
   accountInfoEqual,
@@ -48,9 +49,9 @@ const LOGGED_OUT_INFO: AccountInfo = {
 /**
  * An rxjs map operator that extracts the UserId from an account, or throws if the account or UserId are null.
  */
-export const getUserId = map<{ id: UserId | undefined }, UserId>((account) => {
-  if (account?.id == null) {
-    throw new Error("Null account or account ID");
+export const getUserId = map<Account | null, UserId>((account) => {
+  if (account == null) {
+    throw new Error("Null or undefined account");
   }
 
   return account.id;
@@ -59,8 +60,8 @@ export const getUserId = map<{ id: UserId | undefined }, UserId>((account) => {
 /**
  * An rxjs map operator that extracts the UserId from an account, or returns undefined if the account or UserId are null.
  */
-export const getOptionalUserId = map<{ id: UserId | undefined }, UserId | undefined>(
-  (account) => account?.id ?? undefined,
+export const getOptionalUserId = map<Account | null, UserId | null>(
+  (account) => account?.id ?? null,
 );
 
 export class AccountServiceImplementation implements InternalAccountService {
@@ -68,10 +69,10 @@ export class AccountServiceImplementation implements InternalAccountService {
   private activeAccountIdState: GlobalState<UserId | undefined>;
 
   accounts$: Observable<Record<UserId, AccountInfo>>;
-  activeAccount$: Observable<{ id: UserId | undefined } & AccountInfo>;
+  activeAccount$: Observable<Account | null>;
   accountActivity$: Observable<Record<UserId, Date>>;
   sortedUserIds$: Observable<UserId[]>;
-  nextUpAccount$: Observable<{ id: UserId } & AccountInfo>;
+  nextUpAccount$: Observable<Account>;
 
   constructor(
     private messagingService: MessagingService,
@@ -86,7 +87,7 @@ export class AccountServiceImplementation implements InternalAccountService {
     );
     this.activeAccount$ = this.activeAccountIdState.state$.pipe(
       combineLatestWith(this.accounts$),
-      map(([id, accounts]) => (id ? { id, ...(accounts[id] as AccountInfo) } : undefined)),
+      map(([id, accounts]) => (id ? ({ id, ...(accounts[id] as AccountInfo) } as Account) : null)),
       distinctUntilChanged((a, b) => a?.id === b?.id && accountInfoEqual(a, b)),
       shareReplay({ bufferSize: 1, refCount: false }),
     );
diff --git a/libs/common/src/auth/services/password-reset-enrollment.service.implementation.spec.ts b/libs/common/src/auth/services/password-reset-enrollment.service.implementation.spec.ts
index 088ce960794..ed622b21c86 100644
--- a/libs/common/src/auth/services/password-reset-enrollment.service.implementation.spec.ts
+++ b/libs/common/src/auth/services/password-reset-enrollment.service.implementation.spec.ts
@@ -9,12 +9,12 @@ import { KeyService } from "../../../../key-management/src/abstractions/key.serv
 import { OrganizationApiServiceAbstraction } from "../../admin-console/abstractions/organization/organization-api.service.abstraction";
 import { OrganizationAutoEnrollStatusResponse } from "../../admin-console/models/response/organization-auto-enroll-status.response";
 import { I18nService } from "../../platform/abstractions/i18n.service";
-import { AccountInfo, AccountService } from "../abstractions/account.service";
+import { Account, AccountInfo, AccountService } from "../abstractions/account.service";
 
 import { PasswordResetEnrollmentServiceImplementation } from "./password-reset-enrollment.service.implementation";
 
 describe("PasswordResetEnrollmentServiceImplementation", () => {
-  const activeAccountSubject = new BehaviorSubject<{ id: UserId } & AccountInfo>(null);
+  const activeAccountSubject = new BehaviorSubject<Account | null>(null);
 
   let organizationApiService: MockProxy<OrganizationApiServiceAbstraction>;
   let accountService: MockProxy<AccountService>;
diff --git a/libs/common/src/platform/services/fido2/fido2-authenticator.service.spec.ts b/libs/common/src/platform/services/fido2/fido2-authenticator.service.spec.ts
index bd9bb6e5f6f..5f15005d71c 100644
--- a/libs/common/src/platform/services/fido2/fido2-authenticator.service.spec.ts
+++ b/libs/common/src/platform/services/fido2/fido2-authenticator.service.spec.ts
@@ -3,7 +3,7 @@ import { TextEncoder } from "util";
 import { mock, MockProxy } from "jest-mock-extended";
 import { BehaviorSubject, of } from "rxjs";
 
-import { AccountInfo, AccountService } from "../../../auth/abstractions/account.service";
+import { Account, AccountService } from "../../../auth/abstractions/account.service";
 import { UserId } from "../../../types/guid";
 import { CipherService } from "../../../vault/abstractions/cipher.service";
 import { SyncService } from "../../../vault/abstractions/sync/sync.service.abstraction";
@@ -33,7 +33,7 @@ import { guidToRawFormat } from "./guid-utils";
 const RpId = "bitwarden.com";
 
 describe("FidoAuthenticatorService", () => {
-  const activeAccountSubject = new BehaviorSubject<{ id: UserId } & AccountInfo>({
+  const activeAccountSubject = new BehaviorSubject<Account | null>({
     id: "testId" as UserId,
     email: "test@example.com",
     emailVerified: true,
diff --git a/libs/common/src/platform/state/implementations/default-active-user-state.spec.ts b/libs/common/src/platform/state/implementations/default-active-user-state.spec.ts
index 6df34e558a3..99cc785f9ba 100644
--- a/libs/common/src/platform/state/implementations/default-active-user-state.spec.ts
+++ b/libs/common/src/platform/state/implementations/default-active-user-state.spec.ts
@@ -8,7 +8,7 @@ import { Jsonify } from "type-fest";
 
 import { awaitAsync, trackEmissions } from "../../../../spec";
 import { FakeStorageService } from "../../../../spec/fake-storage.service";
-import { AccountInfo } from "../../../auth/abstractions/account.service";
+import { Account } from "../../../auth/abstractions/account.service";
 import { UserId } from "../../../types/guid";
 import { LogService } from "../../abstractions/log.service";
 import { StorageServiceProvider } from "../../services/storage-service.provider";
@@ -47,7 +47,7 @@ describe("DefaultActiveUserState", () => {
   const storageServiceProvider = mock<StorageServiceProvider>();
   const stateEventRegistrarService = mock<StateEventRegistrarService>();
   const logService = mock<LogService>();
-  let activeAccountSubject: BehaviorSubject<{ id: UserId } & AccountInfo>;
+  let activeAccountSubject: BehaviorSubject<Account | null>;
 
   let singleUserStateProvider: DefaultSingleUserStateProvider;
 
@@ -63,7 +63,7 @@ describe("DefaultActiveUserState", () => {
       logService,
     );
 
-    activeAccountSubject = new BehaviorSubject<{ id: UserId } & AccountInfo>(undefined);
+    activeAccountSubject = new BehaviorSubject<Account | null>(null);
 
     userState = new DefaultActiveUserState(
       testKeyDefinition,

From 5e157c5bcac637dfd3d4908acbef2615e19608bd Mon Sep 17 00:00:00 2001
From: Oscar Hinton <Hinton@users.noreply.github.com>
Date: Thu, 31 Oct 2024 10:07:55 +0100
Subject: [PATCH 39/39] [PM-14180] Provide more debugging details in wasm-debug
 (#11771)

Improve error logging to include some additional information about the error.
---
 .../browser/src/background/main.background.ts |  7 ++++--
 apps/browser/src/popup/app.component.ts       | 25 +++++++++++--------
 .../service-container/service-container.ts    |  2 +-
 apps/desktop/src/app/app.component.ts         |  2 +-
 apps/web/src/app/app.component.ts             |  2 +-
 .../platform/abstractions/sdk/sdk.service.ts  |  2 +-
 .../services/sdk/default-sdk.service.ts       | 19 +++++++++++---
 7 files changed, 38 insertions(+), 21 deletions(-)

diff --git a/apps/browser/src/background/main.background.ts b/apps/browser/src/background/main.background.ts
index 6e2421e499f..cfb44c6c36c 100644
--- a/apps/browser/src/background/main.background.ts
+++ b/apps/browser/src/background/main.background.ts
@@ -1347,14 +1347,17 @@ export default class MainBackground {
     if (flagEnabled("sdk")) {
       // Warn if the SDK for some reason can't be initialized
       let supported = false;
+      let error: Error;
       try {
         supported = await firstValueFrom(this.sdkService.supported$);
       } catch (e) {
-        // Do nothing.
+        error = e;
       }
 
       if (!supported) {
-        this.sdkService.failedToInitialize().catch((e) => this.logService.error(e));
+        this.sdkService
+          .failedToInitialize("background", error)
+          .catch((e) => this.logService.error(e));
       }
     }
 
diff --git a/apps/browser/src/popup/app.component.ts b/apps/browser/src/popup/app.component.ts
index 3c8752f3a76..f3693e4f8a1 100644
--- a/apps/browser/src/popup/app.component.ts
+++ b/apps/browser/src/popup/app.component.ts
@@ -1,7 +1,7 @@
 import { ChangeDetectorRef, Component, NgZone, OnDestroy, OnInit, inject } from "@angular/core";
 import { takeUntilDestroyed } from "@angular/core/rxjs-interop";
 import { NavigationEnd, Router, RouterOutlet } from "@angular/router";
-import { Subject, takeUntil, firstValueFrom, concatMap, filter, tap, catchError, of } from "rxjs";
+import { Subject, takeUntil, firstValueFrom, concatMap, filter, tap } from "rxjs";
 
 import { LogoutReason } from "@bitwarden/auth/common";
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
@@ -71,21 +71,24 @@ export class AppComponent implements OnInit, OnDestroy {
   ) {
     if (flagEnabled("sdk")) {
       // Warn if the SDK for some reason can't be initialized
-      this.sdkService.supported$
-        .pipe(
-          takeUntilDestroyed(),
-          catchError(() => {
-            return of(false);
-          }),
-        )
-        .subscribe((supported) => {
+      this.sdkService.supported$.pipe(takeUntilDestroyed()).subscribe({
+        next: (supported) => {
           if (!supported) {
             this.logService.debug("SDK is not supported");
-            this.sdkService.failedToInitialize().catch((e) => this.logService.error(e));
+            this.sdkService
+              .failedToInitialize("popup", undefined)
+              .catch((e) => this.logService.error(e));
           } else {
             this.logService.debug("SDK is supported");
           }
-        });
+        },
+        error: (e: unknown) => {
+          this.sdkService
+            .failedToInitialize("popup", e as Error)
+            .catch((e) => this.logService.error(e));
+          this.logService.error(e);
+        },
+      });
     }
   }
 
diff --git a/apps/cli/src/service-container/service-container.ts b/apps/cli/src/service-container/service-container.ts
index 3424e3fb28c..8d1ad6b2e77 100644
--- a/apps/cli/src/service-container/service-container.ts
+++ b/apps/cli/src/service-container/service-container.ts
@@ -872,7 +872,7 @@ export class ServiceContainer {
       }
 
       if (!supported) {
-        this.sdkService.failedToInitialize().catch((e) => this.logService.error(e));
+        this.sdkService.failedToInitialize("cli").catch((e) => this.logService.error(e));
       }
     }
   }
diff --git a/apps/desktop/src/app/app.component.ts b/apps/desktop/src/app/app.component.ts
index aba664e7a86..f1f5a15ac5a 100644
--- a/apps/desktop/src/app/app.component.ts
+++ b/apps/desktop/src/app/app.component.ts
@@ -180,7 +180,7 @@ export class AppComponent implements OnInit, OnDestroy {
         .subscribe((supported) => {
           if (!supported) {
             this.logService.debug("SDK is not supported");
-            this.sdkService.failedToInitialize().catch((e) => this.logService.error(e));
+            this.sdkService.failedToInitialize("desktop").catch((e) => this.logService.error(e));
           } else {
             this.logService.debug("SDK is supported");
           }
diff --git a/apps/web/src/app/app.component.ts b/apps/web/src/app/app.component.ts
index f1b079b81aa..704960c14c6 100644
--- a/apps/web/src/app/app.component.ts
+++ b/apps/web/src/app/app.component.ts
@@ -104,7 +104,7 @@ export class AppComponent implements OnDestroy, OnInit {
         .subscribe((supported) => {
           if (!supported) {
             this.logService.debug("SDK is not supported");
-            this.sdkService.failedToInitialize().catch((e) => this.logService.error(e));
+            this.sdkService.failedToInitialize("web").catch((e) => this.logService.error(e));
           } else {
             this.logService.debug("SDK is supported");
           }
diff --git a/libs/common/src/platform/abstractions/sdk/sdk.service.ts b/libs/common/src/platform/abstractions/sdk/sdk.service.ts
index 04be8a992d0..00c14bdfaca 100644
--- a/libs/common/src/platform/abstractions/sdk/sdk.service.ts
+++ b/libs/common/src/platform/abstractions/sdk/sdk.service.ts
@@ -29,5 +29,5 @@ export abstract class SdkService {
    */
   abstract userClient$(userId: UserId): Observable<BitwardenClient>;
 
-  abstract failedToInitialize(): Promise<void>;
+  abstract failedToInitialize(category: string, error?: Error): Promise<void>;
 }
diff --git a/libs/common/src/platform/services/sdk/default-sdk.service.ts b/libs/common/src/platform/services/sdk/default-sdk.service.ts
index a1617315448..b25ede006c5 100644
--- a/libs/common/src/platform/services/sdk/default-sdk.service.ts
+++ b/libs/common/src/platform/services/sdk/default-sdk.service.ts
@@ -130,7 +130,7 @@ export class DefaultSdkService implements SdkService {
     return client$;
   }
 
-  async failedToInitialize(): Promise<void> {
+  async failedToInitialize(category: string, error?: Error): Promise<void> {
     // Only log on cloud instances
     if (
       this.platformUtilsService.isDev() ||
@@ -139,9 +139,20 @@ export class DefaultSdkService implements SdkService {
       return;
     }
 
-    return this.apiService.send("POST", "/wasm-debug", null, false, false, null, (headers) => {
-      headers.append("SDK-Version", "1.0.0");
-    });
+    return this.apiService.send(
+      "POST",
+      "/wasm-debug",
+      {
+        category: category,
+        error: error?.message,
+      },
+      false,
+      false,
+      null,
+      (headers) => {
+        headers.append("SDK-Version", "1.0.0");
+      },
+    );
   }
 
   private async initializeClient(