[PM-30563] Improve Send Access enumeration protection (#18620)

* feat: sync changes with SDK and server

* Update libs/common/src/auth/send-access/types/invalid-request-errors.type.ts

Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>

* feat: sync changes with SDK and Server projects
sync: sdk version

* chore: update sdk

* chore: update sdk

* chore: prettier

---------

Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>

apps/web/src/app/tools/send/send-access/send-auth.component.ts

@@ -3,8 +3,7 @@ import { FormBuilder } from "@angular/forms";
 import { firstValueFrom } from "rxjs";
 
 import {
-  emailAndOtpRequiredEmailSent,
-  emailInvalid,
+  emailAndOtpRequired,
   emailRequired,
   otpInvalid,
   passwordHashB64Invalid,
@@ -161,7 +160,7 @@ export class SendAuthComponent implements OnInit {
       this.expiredAuthAttempts = 0;
       if (emailRequired(response.error)) {
         this.sendAuthType.set(AuthType.Email);
-      } else if (emailAndOtpRequiredEmailSent(response.error) || emailInvalid(response.error)) {
+      } else if (emailAndOtpRequired(response.error)) {
         this.enterOtp.set(true);
       } else if (otpInvalid(response.error)) {
         this.toastService.showToast({

libs/common/src/auth/send-access/services/default-send-token.service.spec.ts

@@ -64,14 +64,13 @@ describe("SendTokenService", () => {
       "send_id_required",
       "password_hash_b64_required",
       "email_required",
-      "email_and_otp_required_otp_sent",
+      "email_and_otp_required",
       "unknown",
     ];
 
     const INVALID_GRANT_CODES: SendAccessTokenInvalidGrantError[] = [
       "send_id_invalid",
       "password_hash_b64_invalid",
-      "email_invalid",
       "otp_invalid",
       "otp_generation_failed",
       "unknown",

libs/common/src/auth/send-access/types/invalid-grant-errors.type.ts

@@ -31,13 +31,6 @@ export function passwordHashB64Invalid(
   return e.error === "invalid_grant" && e.send_access_error_type === "password_hash_b64_invalid";
 }
 
-export type EmailInvalid = InvalidGrant & {
-  send_access_error_type: "email_invalid";
-};
-export function emailInvalid(e: SendAccessTokenApiErrorResponse): e is EmailInvalid {
-  return e.error === "invalid_grant" && e.send_access_error_type === "email_invalid";
-}
-
 export type OtpInvalid = InvalidGrant & {
   send_access_error_type: "otp_invalid";
 };

libs/common/src/auth/send-access/types/invalid-request-errors.type.ts

@@ -39,16 +39,12 @@ export function emailRequired(e: SendAccessTokenApiErrorResponse): e is EmailReq
   return e.error === "invalid_request" && e.send_access_error_type === "email_required";
 }
 
-export type EmailAndOtpRequiredEmailSent = InvalidRequest & {
-  send_access_error_type: "email_and_otp_required_otp_sent";
+export type EmailAndOtpRequired = InvalidRequest & {
+  send_access_error_type: "email_and_otp_required";
 };
 
-export function emailAndOtpRequiredEmailSent(
-  e: SendAccessTokenApiErrorResponse,
-): e is EmailAndOtpRequiredEmailSent {
-  return (
-    e.error === "invalid_request" && e.send_access_error_type === "email_and_otp_required_otp_sent"
-  );
+export function emailAndOtpRequired(e: SendAccessTokenApiErrorResponse): e is EmailAndOtpRequired {
+  return e.error === "invalid_request" && e.send_access_error_type === "email_and_otp_required";
 }
 
 export type UnknownInvalidRequest = InvalidRequest & {

package-lock.json

@@ -23,8 +23,8 @@
         "@angular/platform-browser": "20.3.16",
         "@angular/platform-browser-dynamic": "20.3.16",
         "@angular/router": "20.3.16",
-        "@bitwarden/commercial-sdk-internal": "0.2.0-main.470",
-        "@bitwarden/sdk-internal": "0.2.0-main.470",
+        "@bitwarden/commercial-sdk-internal": "0.2.0-main.506",
+        "@bitwarden/sdk-internal": "0.2.0-main.506",
         "@electron/fuses": "1.8.0",
         "@emotion/css": "11.13.5",
         "@koa/multer": "4.0.0",
@@ -4982,10 +4982,9 @@
       "link": true
     },
     "node_modules/@bitwarden/commercial-sdk-internal": {
-      "version": "0.2.0-main.470",
-      "resolved": "https://registry.npmjs.org/@bitwarden/commercial-sdk-internal/-/commercial-sdk-internal-0.2.0-main.470.tgz",
-      "integrity": "sha512-QYhxv5eX6ouFJv94gMtBW7MjuK6t2KAN9FLz+/w1wnq8dScnA9Iky25phNPw+iHMgWwhq/dzZq45asKUFF//oA==",
-      "license": "BITWARDEN SOFTWARE DEVELOPMENT KIT LICENSE AGREEMENT",
+      "version": "0.2.0-main.506",
+      "resolved": "https://registry.npmjs.org/@bitwarden/commercial-sdk-internal/-/commercial-sdk-internal-0.2.0-main.506.tgz",
+      "integrity": "sha512-aRzcxOcj8vXxz0jN3q2xxj26zxBfjg3oRm5QXbWE7zXJ2PGrgxTaePca9pQYYpwgr7iufYMnZcq5dH+qttNEmA==",
       "dependencies": {
         "type-fest": "^4.41.0"
       }
@@ -5087,10 +5086,9 @@
       "link": true
     },
     "node_modules/@bitwarden/sdk-internal": {
-      "version": "0.2.0-main.470",
-      "resolved": "https://registry.npmjs.org/@bitwarden/sdk-internal/-/sdk-internal-0.2.0-main.470.tgz",
-      "integrity": "sha512-XKvcUtoU6NnxeEzl3WK7bATiCh2RNxRmuX6JYNgcQHUtHUH+x3ckToR6II1qM3nha0VH0u1ijy3+07UdNQM+JQ==",
-      "license": "GPL-3.0",
+      "version": "0.2.0-main.506",
+      "resolved": "https://registry.npmjs.org/@bitwarden/sdk-internal/-/sdk-internal-0.2.0-main.506.tgz",
+      "integrity": "sha512-BbTSU5Acx74Hr32zDj2kV8sbdclyvdIti5t6kXnCvJmA5dZbu+5j5Xw1luS9mGL9Vfi4w3OjVug/TiSxyhwLzQ==",
       "dependencies": {
         "type-fest": "^4.41.0"
       }

package.json

@@ -162,8 +162,8 @@
     "@angular/platform-browser": "20.3.16",
     "@angular/platform-browser-dynamic": "20.3.16",
     "@angular/router": "20.3.16",
-    "@bitwarden/sdk-internal": "0.2.0-main.470",
-    "@bitwarden/commercial-sdk-internal": "0.2.0-main.470",
+    "@bitwarden/commercial-sdk-internal": "0.2.0-main.506",
+    "@bitwarden/sdk-internal": "0.2.0-main.506",
     "@electron/fuses": "1.8.0",
     "@emotion/css": "11.13.5",
     "@koa/multer": "4.0.0",