bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2026-02-24 16:43:27 +00:00
Code Issues Releases Wiki Activity

Merge branch 'main' into auth/pm-26209/bugfix-desktop-error-on-auth-request-approval

Browse Source
This commit is contained in:
rr-bw
2025-10-29 14:08:38 -07:00
parent 7ba4672aa0 9fca0b0138
commit 90be4737fd
157 changed files with 2948 additions and 729 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libs/common/src/enums/feature-flag.enum.ts
View File

@@ -23,7 +23,6 @@ export enum FeatureFlag {
/* Billing */
TrialPaymentOptional = "PM-8163-trial-payment",
PM17772_AdminInitiatedSponsorships = "pm-17772-admin-initiated-sponsorships",
PM21821_ProviderPortalTakeover = "pm-21821-provider-portal-takeover",
PM22415_TaxIDWarnings = "pm-22415-tax-id-warnings",
PM24032_NewNavigationPremiumUpgradeButton = "pm-24032-new-navigation-premium-upgrade-button",
@@ -56,6 +55,7 @@ export enum FeatureFlag {
PM22134SdkCipherListView = "pm-22134-sdk-cipher-list-view",
PM22136_SdkCipherEncryption = "pm-22136-sdk-cipher-encryption",
CipherKeyEncryption = "cipher-key-encryption",
AutofillConfirmation = "pm-25083-autofill-confirm-from-search",
/* Platform */
IpcChannelFramework = "ipc-channel-framework",
@@ -103,13 +103,13 @@ export const DefaultFeatureFlagValue = {
[FeatureFlag.PM19941MigrateCipherDomainToSdk]: FALSE,
[FeatureFlag.PM22134SdkCipherListView]: FALSE,
[FeatureFlag.PM22136_SdkCipherEncryption]: FALSE,
[FeatureFlag.AutofillConfirmation]: FALSE,
/* Auth */
[FeatureFlag.PM22110_DisableAlternateLoginMethods]: FALSE,
/* Billing */
[FeatureFlag.TrialPaymentOptional]: FALSE,
[FeatureFlag.PM17772_AdminInitiatedSponsorships]: FALSE,
[FeatureFlag.PM21821_ProviderPortalTakeover]: FALSE,
[FeatureFlag.PM22415_TaxIDWarnings]: FALSE,
[FeatureFlag.PM24032_NewNavigationPremiumUpgradeButton]: FALSE,

168
libs/common/src/vault/services/restricted-item-types.service.spec.ts
View File

@@ -12,6 +12,8 @@ import { Utils } from "@bitwarden/common/platform/misc/utils";
import { UserId } from "@bitwarden/common/types/guid";
import { CipherType } from "@bitwarden/common/vault/enums";
import { CipherLike } from "../types/cipher-like";
import { RestrictedItemTypesService, RestrictedCipherType } from "./restricted-item-types.service";
describe("RestrictedItemTypesService", () => {
@@ -130,4 +132,170 @@ describe("RestrictedItemTypesService", () => {
{ cipherType: CipherType.Identity, allowViewOrgIds: ["org1"] },
]);
});
describe("isCipherRestricted", () => {
it("returns false when cipher type is not in restricted types", () => {
const cipher: CipherLike = {
type: CipherType.Login,
organizationId: "Pete the Cat",
} as CipherLike;
const restrictedTypes: RestrictedCipherType[] = [
{ cipherType: CipherType.Card, allowViewOrgIds: [] },
];
const result = service.isCipherRestricted(cipher, restrictedTypes);
expect(result).toBe(false);
});
it("returns false when restricted types array is empty", () => {
const cipher: CipherLike = { type: CipherType.Card, organizationId: "org1" } as CipherLike;
const restrictedTypes: RestrictedCipherType[] = [];
const result = service.isCipherRestricted(cipher, restrictedTypes);
expect(result).toBe(false);
});
it("returns false when cipher type does not match any restricted types", () => {
const cipher: CipherLike = {
type: CipherType.SecureNote,
organizationId: "org1",
} as CipherLike;
const restrictedTypes: RestrictedCipherType[] = [
{ cipherType: CipherType.Card, allowViewOrgIds: [] },
{ cipherType: CipherType.Login, allowViewOrgIds: [] },
{ cipherType: CipherType.Identity, allowViewOrgIds: [] },
];
const result = service.isCipherRestricted(cipher, restrictedTypes);
expect(result).toBe(false);
});
it("returns true for personal cipher when type is restricted", () => {
const cipher: CipherLike = { type: CipherType.Card, organizationId: null } as CipherLike;
const restrictedTypes: RestrictedCipherType[] = [
{ cipherType: CipherType.Card, allowViewOrgIds: ["org1"] },
];
const result = service.isCipherRestricted(cipher, restrictedTypes);
expect(result).toBe(true);
});
it("returns true for personal cipher with undefined organizationId when type is restricted", () => {
const cipher: CipherLike = {
type: CipherType.Login,
organizationId: undefined,
} as CipherLike;
const restrictedTypes: RestrictedCipherType[] = [
{ cipherType: CipherType.Login, allowViewOrgIds: ["org1", "org2"] },
];
const result = service.isCipherRestricted(cipher, restrictedTypes);
expect(result).toBe(true);
});
it("returns true for personal cipher regardless of allowViewOrgIds content", () => {
const cipher: CipherLike = { type: CipherType.Identity, organizationId: null } as CipherLike;
const restrictedTypes: RestrictedCipherType[] = [
{ cipherType: CipherType.Identity, allowViewOrgIds: [] },
];
const result = service.isCipherRestricted(cipher, restrictedTypes);
expect(result).toBe(true);
});
it("returns false when organization is in allowViewOrgIds", () => {
const cipher: CipherLike = { type: CipherType.Card, organizationId: "org1" } as CipherLike;
const restrictedTypes: RestrictedCipherType[] = [
{ cipherType: CipherType.Card, allowViewOrgIds: ["org1"] },
];
const result = service.isCipherRestricted(cipher, restrictedTypes);
expect(result).toBe(false);
});
it("returns false when organization is among multiple allowViewOrgIds", () => {
const cipher: CipherLike = { type: CipherType.Login, organizationId: "org2" } as CipherLike;
const restrictedTypes: RestrictedCipherType[] = [
{ cipherType: CipherType.Login, allowViewOrgIds: ["org1", "org2", "org3"] },
];
const result = service.isCipherRestricted(cipher, restrictedTypes);
expect(result).toBe(false);
});
it("returns false when type is restricted globally but cipher org allows it", () => {
const cipher: CipherLike = { type: CipherType.Card, organizationId: "org2" } as CipherLike;
const restrictedTypes: RestrictedCipherType[] = [
{ cipherType: CipherType.Card, allowViewOrgIds: ["org2"] },
];
const result = service.isCipherRestricted(cipher, restrictedTypes);
expect(result).toBe(false);
});
it("returns true when organization is not in allowViewOrgIds", () => {
const cipher: CipherLike = { type: CipherType.Card, organizationId: "org3" } as CipherLike;
const restrictedTypes: RestrictedCipherType[] = [
{ cipherType: CipherType.Card, allowViewOrgIds: ["org1", "org2"] },
];
const result = service.isCipherRestricted(cipher, restrictedTypes);
expect(result).toBe(true);
});
it("returns true when allowViewOrgIds is empty for org cipher", () => {
const cipher: CipherLike = { type: CipherType.Login, organizationId: "org1" } as CipherLike;
const restrictedTypes: RestrictedCipherType[] = [
{ cipherType: CipherType.Login, allowViewOrgIds: [] },
];
const result = service.isCipherRestricted(cipher, restrictedTypes);
expect(result).toBe(true);
});
it("returns true when cipher org differs from all allowViewOrgIds", () => {
const cipher: CipherLike = {
type: CipherType.Identity,
organizationId: "org5",
} as CipherLike;
const restrictedTypes: RestrictedCipherType[] = [
{ cipherType: CipherType.Identity, allowViewOrgIds: ["org1", "org2", "org3", "org4"] },
];
const result = service.isCipherRestricted(cipher, restrictedTypes);
expect(result).toBe(true);
});
});
describe("isCipherRestricted$", () => {
it("returns true when cipher is restricted by policy", async () => {
policyService.policiesByType$.mockReturnValue(of([policyOrg1]));
const cipher: CipherLike = { type: CipherType.Card, organizationId: null } as CipherLike;
const result = await firstValueFrom(service.isCipherRestricted$(cipher));
expect(result).toBe(true);
});
it("returns false when cipher is not restricted", async () => {
policyService.policiesByType$.mockReturnValue(of([policyOrg1]));
const cipher: CipherLike = { type: CipherType.Login, organizationId: "org2" } as CipherLike;
const result = await firstValueFrom(service.isCipherRestricted$(cipher));
expect(result).toBe(false);
});
});
});