Merge branch 'main' into feature/passkey-provider

libs/common/src/auth/models/request/identity-token/password-token.request.ts

@@ -1,5 +1,4 @@
 import { ClientType } from "../../../../enums";
-import { Utils } from "../../../../platform/misc/utils";
 
 import { DeviceRequest } from "./device.request";
 import { TokenTwoFactorRequest } from "./token-two-factor.request";
@@ -30,10 +29,6 @@ export class PasswordTokenRequest extends TokenRequest {
     return obj;
   }
 
-  alterIdentityTokenHeaders(headers: Headers) {
-    headers.set("Auth-Email", Utils.fromUtf8ToUrlB64(this.email));
-  }
-
   static fromJSON(json: any) {
     return Object.assign(Object.create(PasswordTokenRequest.prototype), json, {
       device: json.device ? DeviceRequest.fromJSON(json.device) : undefined,

libs/common/src/auth/models/request/identity-token/token.request.ts

@@ -14,10 +14,6 @@ export abstract class TokenRequest {
     this.device = device != null ? device : null;
   }
 
-  alterIdentityTokenHeaders(headers: Headers) {
-    // Implemented in subclass if required
-  }
-
   setTwoFactor(twoFactor: TokenTwoFactorRequest | undefined) {
     this.twoFactor = twoFactor;
   }

libs/common/src/enums/feature-flag.enum.ts

@@ -47,13 +47,10 @@ export enum FeatureFlag {
   EventBasedOrganizationIntegrations = "event-based-organization-integrations",
 
   /* Vault */
-  PM8851_BrowserOnboardingNudge = "pm-8851-browser-onboarding-nudge",
-  PM9111ExtensionPersistAddEditForm = "pm-9111-extension-persist-add-edit-form",
   PM19941MigrateCipherDomainToSdk = "pm-19941-migrate-cipher-domain-to-sdk",
   PM22134SdkCipherListView = "pm-22134-sdk-cipher-list-view",
   PM22136_SdkCipherEncryption = "pm-22136-sdk-cipher-encryption",
   CipherKeyEncryption = "cipher-key-encryption",
-  EndUserNotifications = "pm-10609-end-user-notifications",
   RemoveCardItemTypePolicy = "pm-16442-remove-card-item-type-policy",
   PM19315EndUserActivationMvp = "pm-19315-end-user-activation-mvp",
 
@@ -94,10 +91,7 @@ export const DefaultFeatureFlagValue = {
   [FeatureFlag.EventBasedOrganizationIntegrations]: FALSE,
 
   /* Vault */
-  [FeatureFlag.PM8851_BrowserOnboardingNudge]: FALSE,
-  [FeatureFlag.PM9111ExtensionPersistAddEditForm]: FALSE,
   [FeatureFlag.CipherKeyEncryption]: FALSE,
-  [FeatureFlag.EndUserNotifications]: FALSE,
   [FeatureFlag.PM19941MigrateCipherDomainToSdk]: FALSE,
   [FeatureFlag.RemoveCardItemTypePolicy]: FALSE,
   [FeatureFlag.PM22134SdkCipherListView]: FALSE,

libs/common/src/key-management/crypto/models/enc-string.ts

@@ -5,13 +5,12 @@ import { Jsonify } from "type-fest";
 import { EncString as SdkEncString } from "@bitwarden/sdk-internal";
 
 import { EncryptionType, EXPECTED_NUM_PARTS_BY_ENCRYPTION_TYPE } from "../../../platform/enums";
-import { Encrypted } from "../../../platform/interfaces/encrypted";
 import { Utils } from "../../../platform/misc/utils";
 import { SymmetricCryptoKey } from "../../../platform/models/domain/symmetric-crypto-key";
 
 export const DECRYPT_ERROR = "[error: cannot decrypt]";
 
-export class EncString implements Encrypted {
+export class EncString {
   encryptedString?: SdkEncString;
   encryptionType?: EncryptionType;
   decryptedValue?: string;

libs/common/src/models/export/collection-with-id.export.ts

@@ -3,20 +3,18 @@
 // This import has been flagged as unallowed for this class. It may be involved in a circular dependency loop.
 // eslint-disable-next-line no-restricted-imports
 import { Collection as CollectionDomain, CollectionView } from "@bitwarden/admin-console/common";
-
-import { CollectionId } from "../../types/guid";
+import { CollectionId } from "@bitwarden/common/types/guid";
 
 import { CollectionExport } from "./collection.export";
 
 export class CollectionWithIdExport extends CollectionExport {
   id: CollectionId;
 
-  static toView(req: CollectionWithIdExport, view = new CollectionView()) {
-    view.id = req.id;
-    return super.toView(req, view);
+  static toView(req: CollectionWithIdExport) {
+    return super.toView(req, req.id);
   }
 
-  static toDomain(req: CollectionWithIdExport, domain = new CollectionDomain()) {
+  static toDomain(req: CollectionWithIdExport, domain: CollectionDomain) {
     domain.id = req.id;
     return super.toDomain(req, domain);
   }

libs/common/src/models/export/collection.export.ts

@@ -5,7 +5,7 @@
 import { Collection as CollectionDomain, CollectionView } from "@bitwarden/admin-console/common";
 
 import { EncString } from "../../key-management/crypto/models/enc-string";
-import { emptyGuid, OrganizationId } from "../../types/guid";
+import { CollectionId, emptyGuid, OrganizationId } from "../../types/guid";
 
 import { safeGetString } from "./utils";
 
@@ -18,16 +18,17 @@ export class CollectionExport {
     return req;
   }
 
-  static toView(req: CollectionExport, view = new CollectionView()) {
-    view.name = req.name;
+  static toView(req: CollectionExport, id: CollectionId) {
+    const view = new CollectionView({
+      name: req.name,
+      organizationId: req.organizationId,
+      id,
+    });
     view.externalId = req.externalId;
-    if (view.organizationId == null) {
-      view.organizationId = req.organizationId;
-    }
     return view;
   }
 
-  static toDomain(req: CollectionExport, domain = new CollectionDomain()) {
+  static toDomain(req: CollectionExport, domain: CollectionDomain) {
     domain.name = req.name != null ? new EncString(req.name) : null;
     domain.externalId = req.externalId;
     if (domain.organizationId == null) {

libs/common/src/platform/interfaces/encrypted.ts

@@ -1,8 +0,0 @@
-import { EncryptionType } from "../enums";
-
-export interface Encrypted {
-  encryptionType?: EncryptionType;
-  dataBytes: Uint8Array;
-  macBytes: Uint8Array;
-  ivBytes: Uint8Array;
-}

libs/common/src/platform/misc/rxjs-operators.ts

@@ -13,8 +13,8 @@ export const getById = <TId, T extends { id: TId }>(id: TId) =>
  * @param id The IDs of the objects to return.
  * @returns An array containing objects with matching IDs, or an empty array if there are no matching objects.
  */
-export const getByIds = <TId, T extends { id: TId | undefined }>(ids: TId[]) => {
-  const idSet = new Set(ids.filter((id) => id != null));
+export const getByIds = <TId, T extends { id: TId }>(ids: TId[]) => {
+  const idSet = new Set(ids);
   return map<T[], T[]>((objects) => {
     return objects.filter((o) => o.id && idSet.has(o.id));
   });

libs/common/src/platform/models/domain/domain-base.ts

@@ -13,7 +13,7 @@ export type DecryptedObject<
 > = Record<TDecryptedKeys, string> & Omit<TEncryptedObject, TDecryptedKeys>;
 
 // extracts shared keys from the domain and view types
-export type EncryptableKeys<D extends Domain, V extends View> = (keyof D &
+type EncryptableKeys<D extends Domain, V extends View> = (keyof D &
   ConditionalKeys<D, EncString | null>) &
   (keyof V & ConditionalKeys<V, string | null>);
 

libs/common/src/platform/models/domain/enc-array-buffer.ts

@@ -2,14 +2,13 @@
 // @ts-strict-ignore
 import { Utils } from "../../../platform/misc/utils";
 import { EncryptionType } from "../../enums";
-import { Encrypted } from "../../interfaces/encrypted";
 
 const ENC_TYPE_LENGTH = 1;
 const IV_LENGTH = 16;
 const MAC_LENGTH = 32;
 const MIN_DATA_LENGTH = 1;
 
-export class EncArrayBuffer implements Encrypted {
+export class EncArrayBuffer {
   readonly encryptionType: EncryptionType = null;
   readonly dataBytes: Uint8Array = null;
   readonly ivBytes: Uint8Array = null;

libs/common/src/platform/models/domain/encrypted-object.ts

@@ -1,8 +0,0 @@
-// FIXME: Update this file to be type safe and remove this and next line
-// @ts-strict-ignore
-
-export class EncryptedObject {
-  iv: Uint8Array;
-  data: Uint8Array;
-  mac: Uint8Array;
-}

libs/common/src/services/api.service.ts

@@ -197,7 +197,6 @@ export class ApiService implements ApiServiceAbstraction {
     if (this.customUserAgent != null) {
       headers.set("User-Agent", this.customUserAgent);
     }
-    request.alterIdentityTokenHeaders(headers);
 
     const identityToken =
       request instanceof UserApiTokenRequest

libs/common/src/vault/services/cipher.service.ts

@@ -679,13 +679,14 @@ export class CipherService implements CipherServiceAbstraction {
   }
 
   async getManyFromApiForOrganization(organizationId: string): Promise<CipherView[]> {
-    const response = await this.apiService.send(
+    const r = await this.apiService.send(
       "GET",
       "/ciphers/organization-details/assigned?organizationId=" + organizationId,
       null,
       true,
       true,
     );
+    const response = new ListResponse(r, CipherResponse);
     return this.decryptOrganizationCiphersResponse(response, organizationId);
   }
 

libs/common/src/vault/services/restricted-item-types.service.spec.ts

@@ -67,6 +67,13 @@ describe("RestrictedItemTypesService", () => {
     expect(result).toEqual([]);
   });
 
+  it("emits empty array if no account is active", async () => {
+    accountService.activeAccount$ = of(null);
+
+    const result = await firstValueFrom(service.restricted$);
+    expect(result).toEqual([]);
+  });
+
   it("emits empty array if no organizations exist", async () => {
     organizationService.organizations$.mockReturnValue(of([]));
     policyService.policiesByType$.mockReturnValue(of([]));

libs/common/src/vault/services/restricted-item-types.service.ts

@@ -5,7 +5,7 @@ import { OrganizationService } from "@bitwarden/common/admin-console/abstraction
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { PolicyType } from "@bitwarden/common/admin-console/enums";
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
-import { getUserId } from "@bitwarden/common/auth/services/account.service";
+import { getOptionalUserId } from "@bitwarden/common/auth/services/account.service";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { CipherType } from "@bitwarden/common/vault/enums";
@@ -32,39 +32,43 @@ export class RestrictedItemTypesService {
           return of([]);
         }
         return this.accountService.activeAccount$.pipe(
-          getUserId,
-          switchMap((userId) =>
-            combineLatest([
+          getOptionalUserId,
+          switchMap((userId) => {
+            if (userId == null) {
+              return of([]); // No user logged in, no restrictions
+            }
+            return combineLatest([
               this.organizationService.organizations$(userId),
               this.policyService.policiesByType$(PolicyType.RestrictedItemTypes, userId),
-            ]),
-          ),
-          map(([orgs, enabledPolicies]) => {
-            // Helper to extract restricted types, defaulting to [Card]
-            const restrictedTypes = (p: (typeof enabledPolicies)[number]) =>
-              (p.data as CipherType[]) ?? [CipherType.Card];
+            ]).pipe(
+              map(([orgs, enabledPolicies]) => {
+                // Helper to extract restricted types, defaulting to [Card]
+                const restrictedTypes = (p: (typeof enabledPolicies)[number]) =>
+                  (p.data as CipherType[]) ?? [CipherType.Card];
 
-            // Union across all enabled policies
-            const allRestrictedTypes = Array.from(
-              new Set(enabledPolicies.flatMap(restrictedTypes)),
+                // Union across all enabled policies
+                const allRestrictedTypes = Array.from(
+                  new Set(enabledPolicies.flatMap(restrictedTypes)),
+                );
+
+                return allRestrictedTypes.map((cipherType) => {
+                  // Determine which orgs allow viewing this type
+                  const allowViewOrgIds = orgs
+                    .filter((org) => {
+                      const orgPolicy = enabledPolicies.find((p) => p.organizationId === org.id);
+                      // no policy for this org => allows everything
+                      if (!orgPolicy) {
+                        return true;
+                      }
+                      // if this type not in their restricted list => they allow it
+                      return !restrictedTypes(orgPolicy).includes(cipherType);
+                    })
+                    .map((org) => org.id);
+
+                  return { cipherType, allowViewOrgIds };
+                });
+              }),
             );
-
-            return allRestrictedTypes.map((cipherType) => {
-              // Determine which orgs allow viewing this type
-              const allowViewOrgIds = orgs
-                .filter((org) => {
-                  const orgPolicy = enabledPolicies.find((p) => p.organizationId === org.id);
-                  // no policy for this org => allows everything
-                  if (!orgPolicy) {
-                    return true;
-                  }
-                  // if this type not in their restricted list => they allow it
-                  return !restrictedTypes(orgPolicy).includes(cipherType);
-                })
-                .map((org) => org.id);
-
-              return { cipherType, allowViewOrgIds };
-            });
           }),
         );
       }),