Merge branch 'main' into km/beeep/fido2-rust-v2

2026-02-20 19:34:03 +00:00 · 2024-12-12 02:54:30 -08:00
parent 7c6a1f7fb8 f8c33ea04b
commit 23a0739b18
38 changed files with 1147 additions and 114 deletions
--- a/apps/desktop/electron-builder.json
+++ b/apps/desktop/electron-builder.json
@@ -20,7 +20,7 @@
    "**/node_modules/@bitwarden/desktop-napi/index.js",
    "**/node_modules/@bitwarden/desktop-napi/desktop_napi.${platform}-${arch}*.node"
  ],
-  "electronVersion": "32.1.1",
+  "electronVersion": "33.2.1",
  "generateUpdatesFilesForAllChannels": true,
  "publish": {
    "provider": "generic",
@@ -241,7 +241,17 @@
    "autoStart": true,
    "base": "core22",
    "confinement": "strict",
-    "plugs": ["default", "network-bind", "password-manager-service", "u2f-devices"],
+    "plugs": [
+      "default",
+      "network-bind",
+      "u2f-devices",
+      "password-manager-service",
+      {
+        "polkit": {
+          "action-prefix": "com.bitwarden.Bitwarden"
+        }
+      }
+    ],
    "stagePackages": ["default"]
  },
  "protocols": [
--- a/apps/desktop/package.json
+++ b/apps/desktop/package.json
@@ -35,7 +35,7 @@
    "clean:dist": "rimraf ./dist",
    "pack:dir": "npm run clean:dist && electron-builder --dir -p never",
    "pack:lin:flatpak": "npm run clean:dist && electron-builder --dir -p never && flatpak-builder  --repo=build/.repo build/.flatpak  ./resources/com.bitwarden.desktop.devel.yaml --install-deps-from=flathub --force-clean &&  flatpak build-bundle ./build/.repo/ ./dist/com.bitwarden.desktop.flatpak com.bitwarden.desktop",
-    "pack:lin": "npm run clean:dist && electron-builder --linux --x64 -p never",
+    "pack:lin": "npm run clean:dist && electron-builder --linux --x64 -p never && export SNAP_FILE=$(realpath ./dist/bitwarden_*.snap) && unsquashfs -d ./dist/tmp-snap/ $SNAP_FILE && mkdir -p ./dist/tmp-snap/meta/polkit/ && cp ./resources/com.bitwarden.desktop.policy  ./dist/tmp-snap/meta/polkit/polkit.com.bitwarden.desktop.policy && rm $SNAP_FILE && mksquashfs ./dist/tmp-snap/ $SNAP_FILE -noappend -comp lzo -no-fragments && rm -rf ./dist/tmp-snap/",
    "pack:mac": "npm run clean:dist && electron-builder --mac --universal -p never",
    "pack:mac:arm64": "npm run clean:dist && electron-builder --mac --arm64 -p never",
    "pack:mac:mas": "npm run clean:dist && electron-builder --mac mas --universal -p never",
--- a/apps/desktop/resources/com.bitwarden.desktop.policy
+++ b/apps/desktop/resources/com.bitwarden.desktop.policy
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+
+<policyconfig>
+    <action id="com.bitwarden.Bitwarden.unlock">
+      <description>Unlock Bitwarden</description>
+      <message>Authenticate to unlock Bitwarden</message>
+      <defaults>
+        <allow_any>no</allow_any>
+        <allow_inactive>no</allow_inactive>
+        <allow_active>auth_self</allow_active>
+      </defaults>
+    </action>
+</policyconfig>
--- a/apps/desktop/src/key-management/biometrics/biometric.unix.main.ts
+++ b/apps/desktop/src/key-management/biometrics/biometric.unix.main.ts
@@ -87,8 +87,8 @@ export default class BiometricUnixMain implements OsBiometricService {
  }

  async authenticateBiometric(): Promise<boolean> {
-    const hwnd = this.windowMain.win.getNativeWindowHandle();
-    return await biometrics.prompt(hwnd, this.i18nservice.t("polkitConsentMessage"));
+    const hwnd = Buffer.from("");
+    return await biometrics.prompt(hwnd, "");
  }

  async osSupportsBiometric(): Promise<boolean> {
@@ -98,10 +98,14 @@ export default class BiometricUnixMain implements OsBiometricService {
    // This could be dynamically detected on dbus in the future.
    // We should check if a libsecret implementation is available on the system
    // because otherwise we cannot offlod the protected userkey to secure storage.
-    return (await passwords.isAvailable()) && !isSnapStore();
+    return await passwords.isAvailable();
  }

  async osBiometricsNeedsSetup(): Promise<boolean> {
+    if (isSnapStore()) {
+      return false;
+    }
+
    // check whether the polkit policy is loaded via dbus call to polkit
    return !(await biometrics.available());
  }
--- a/apps/desktop/src/locales/en/messages.json
+++ b/apps/desktop/src/locales/en/messages.json
@@ -1734,9 +1734,6 @@
  "windowsHelloConsentMessage": {
    "message": "Verify for Bitwarden."
  },
-  "polkitConsentMessage": {
-    "message": "Authenticate to unlock Bitwarden."
-  },
  "unlockWithTouchId": {
    "message": "Unlock with Touch ID"
  },
--- a/apps/desktop/src/main/tray.main.ts
+++ b/apps/desktop/src/main/tray.main.ts
@@ -64,9 +64,8 @@ export class TrayMain {
  }

  setupWindowListeners(win: BrowserWindow) {
-    win.on("minimize", async (e: Event) => {
+    win.on("minimize", async () => {
      if (await firstValueFrom(this.desktopSettingsService.minimizeToTray$)) {
-        e.preventDefault();
        // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
        // eslint-disable-next-line @typescript-eslint/no-floating-promises
        this.hideToTray();
--- a/apps/web/src/app/admin-console/organizations/layouts/organization-layout.component.html
+++ b/apps/web/src/app/admin-console/organizations/layouts/organization-layout.component.html
@@ -98,7 +98,7 @@
        *ngIf="canAccessExport$ | async"
      ></bit-nav-item>
      <bit-nav-item
-        [text]="'domainVerification' | i18n"
+        [text]="domainVerificationNavigationTextKey | i18n"
        route="settings/domain-verification"
        *ngIf="organization?.canManageDomainVerification"
      ></bit-nav-item>
--- a/apps/web/src/app/admin-console/organizations/layouts/organization-layout.component.ts
+++ b/apps/web/src/app/admin-console/organizations/layouts/organization-layout.component.ts
@@ -23,6 +23,7 @@ import { Organization } from "@bitwarden/common/admin-console/models/domain/orga
 import { ProductTierType } from "@bitwarden/common/billing/enums";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
+import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { getById } from "@bitwarden/common/platform/misc";
 import { BannerModule, IconModule } from "@bitwarden/components";
@@ -49,6 +50,7 @@ export class OrganizationLayoutComponent implements OnInit {
  protected readonly logo = AdminConsoleLogo;

  protected orgFilter = (org: Organization) => canAccessOrgAdmin(org);
+  protected domainVerificationNavigationTextKey: string;

  protected integrationPageEnabled$: Observable<boolean>;

@@ -67,6 +69,7 @@ export class OrganizationLayoutComponent implements OnInit {
    private configService: ConfigService,
    private policyService: PolicyService,
    private providerService: ProviderService,
+    private i18nService: I18nService,
  ) {}

  async ngOnInit() {
@@ -116,6 +119,12 @@ export class OrganizationLayoutComponent implements OnInit {
          org.productTierType === ProductTierType.Enterprise && featureFlagEnabled,
      ),
    );
+
+    this.domainVerificationNavigationTextKey = (await this.configService.getFeatureFlag(
+      FeatureFlag.AccountDeprovisioning,
+    ))
+      ? "claimedDomains"
+      : "domainVerification";
  }

  canShowVaultTab(organization: Organization): boolean {
--- a/apps/web/src/app/core/event.service.ts
+++ b/apps/web/src/app/core/event.service.ts
@@ -6,7 +6,9 @@ import { PolicyService } from "@bitwarden/common/admin-console/abstractions/poli
 import { PolicyType } from "@bitwarden/common/admin-console/enums";
 import { Policy } from "@bitwarden/common/admin-console/models/domain/policy";
 import { DeviceType, EventType } from "@bitwarden/common/enums";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { EventResponse } from "@bitwarden/common/models/response/event.response";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";

@Injectable()
@@ -16,6 +18,7 @@ export class EventService {
  constructor(
    private i18nService: I18nService,
    policyService: PolicyService,
+    private configService: ConfigService,
  ) {
    policyService.policies$.subscribe((policies) => {
      this.policies = policies;
@@ -451,10 +454,20 @@ export class EventService {
        msg = humanReadableMsg = this.i18nService.t("removedDomain", ev.domainName);
        break;
      case EventType.OrganizationDomain_Verified:
-        msg = humanReadableMsg = this.i18nService.t("domainVerifiedEvent", ev.domainName);
+        msg = humanReadableMsg = this.i18nService.t(
+          (await this.configService.getFeatureFlag(FeatureFlag.AccountDeprovisioning))
+            ? "domainClaimedEvent"
+            : "domainVerifiedEvent",
+          ev.domainName,
+        );
        break;
      case EventType.OrganizationDomain_NotVerified:
-        msg = humanReadableMsg = this.i18nService.t("domainNotVerifiedEvent", ev.domainName);
+        msg = humanReadableMsg = this.i18nService.t(
+          (await this.configService.getFeatureFlag(FeatureFlag.AccountDeprovisioning))
+            ? "domainNotClaimedEvent"
+            : "domainNotVerifiedEvent",
+          ev.domainName,
+        );
        break;
      // Secrets Manager
      case EventType.Secret_Retrieved:
--- a/apps/web/src/locales/en/messages.json
+++ b/apps/web/src/locales/en/messages.json
@@ -9801,8 +9801,8 @@
  "selfHostingTitleProper": {
    "message": "Self-Hosting"
  },
-  "verified-domain-single-org-warning" : {
-    "message": "Verifying a domain will turn on the single organization policy."
+  "claim-domain-single-org-warning" : {
+    "message": "Claiming a domain will turn on the single organization policy."
  },
  "single-org-revoked-user-warning": {
    "message": "Non-compliant members will be revoked. Administrators can restore members once they leave all other organizations."
@@ -9902,5 +9902,62 @@
  },
  "removeMembers": {
    "message": "Remove members"
+  },
+  "claimedDomains": {
+    "message": "Claimed domains"
+  },
+  "claimDomain": {
+    "message": "Claim domain"
+  },
+  "reclaimDomain": {
+    "message": "Reclaim domain"
+  },
+  "claimDomainNameInputHint": {
+    "message": "Example: mydomain.com. Subdomains require separate entries to be claimed."
+  },
+  "automaticClaimedDomains": {
+    "message": "Automatic Claimed Domains"
+  },
+  "automaticDomainClaimProcess": {
+    "message": "Bitwarden will attempt to claim the domain 3 times during the first 72 hours. If the domain can’t be claimed, check the DNS record in your host and manually claim. The domain will be removed from your organization in 7 days if it is not claimed."
+  },
+  "domainNotClaimed": {
+    "message": "$DOMAIN$ not claimed. Check your DNS records.",
+    "placeholders": {
+      "DOMAIN": {
+        "content": "$1",
+        "example": "bitwarden.com"
+      }
+    }
+  },
+  "domainStatusClaimed": {
+    "message": "Claimed"
+  },
+  "domainStatusUnderVerification": {
+    "message": "Under verification"
+  },
+  "claimedDomainsDesc": {
+    "message": "Claim a domain to own all member accounts whose email address matches the domain. Members will be able to skip the SSO identifier when logging in. Administrators will also be able to delete member accounts."
+  },
+  "invalidDomainNameClaimMessage": {
+    "message": "Input is not a valid format. Format: mydomain.com. Subdomains require separate entries to be claimed."
+  },
+  "domainClaimedEvent": {
+    "message": "$DOMAIN$ claimed",
+    "placeholders": {
+      "DOMAIN": {
+        "content": "$1",
+        "example": "bitwarden.com"
+      }
+    }
+  },
+  "domainNotClaimedEvent": {
+    "message": "$DOMAIN$ not claimed",
+    "placeholders": {
+      "DOMAIN": {
+        "content": "$1",
+        "example": "bitwarden.com"
+      }
+    }
  }
 }