bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2026-02-26 09:33:22 +00:00
Code Issues Releases Wiki Activity

Merge branch 'main' into feature/PM-27792-scaffold-layout-desktop-migration

Browse Source
This commit is contained in:
Isaac Ivins
2025-11-26 09:22:54 -05:00
committed by GitHub
parent c2b6b7d505 560d3d0747
commit cc0ef19a36
132 changed files with 1988 additions and 1188 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
libs/angular/src/auth/password-management/set-initial-password/default-set-initial-password.service.implementation.ts
View File

@@ -198,10 +198,13 @@ export class DefaultSetInitialPasswordService implements SetInitialPasswordServi
userId: UserId,
) {
const userDecryptionOpts = await firstValueFrom(
this.userDecryptionOptionsService.userDecryptionOptions$,
this.userDecryptionOptionsService.userDecryptionOptionsById$(userId),
);
userDecryptionOpts.hasMasterPassword = true;
await this.userDecryptionOptionsService.setUserDecryptionOptions(userDecryptionOpts);
await this.userDecryptionOptionsService.setUserDecryptionOptionsById(
userId,
userDecryptionOpts,
);
await this.kdfConfigService.setKdfConfig(userId, kdfConfig);
await this.masterPasswordService.setMasterKey(masterKey, userId);
await this.keyService.setUserKey(masterKeyEncryptedUserKey[0], userId);

10
libs/angular/src/auth/password-management/set-initial-password/default-set-initial-password.service.spec.ts
View File

@@ -149,7 +149,9 @@ describe("DefaultSetInitialPasswordService", () => {
userDecryptionOptions = new UserDecryptionOptions({ hasMasterPassword: true });
userDecryptionOptionsSubject = new BehaviorSubject(userDecryptionOptions);
userDecryptionOptionsService.userDecryptionOptions$ = userDecryptionOptionsSubject;
userDecryptionOptionsService.userDecryptionOptionsById$.mockReturnValue(
userDecryptionOptionsSubject,
);
setPasswordRequest = new SetPasswordRequest(
credentials.newServerMasterKeyHash,
@@ -362,7 +364,8 @@ describe("DefaultSetInitialPasswordService", () => {
// Assert
expect(masterPasswordApiService.setPassword).toHaveBeenCalledWith(setPasswordRequest);
expect(userDecryptionOptionsService.setUserDecryptionOptions).toHaveBeenCalledWith(
expect(userDecryptionOptionsService.setUserDecryptionOptionsById).toHaveBeenCalledWith(
userId,
userDecryptionOptions,
);
expect(kdfConfigService.setKdfConfig).toHaveBeenCalledWith(userId, credentials.kdfConfig);
@@ -560,7 +563,8 @@ describe("DefaultSetInitialPasswordService", () => {
// Assert
expect(masterPasswordApiService.setPassword).toHaveBeenCalledWith(setPasswordRequest);
expect(userDecryptionOptionsService.setUserDecryptionOptions).toHaveBeenCalledWith(
expect(userDecryptionOptionsService.setUserDecryptionOptionsById).toHaveBeenCalledWith(
userId,
userDecryptionOptions,
);
expect(kdfConfigService.setKdfConfig).toHaveBeenCalledWith(userId, credentials.kdfConfig);

3
libs/angular/src/services/jslib-services.module.ts
View File

@@ -684,7 +684,7 @@ const safeProviders: SafeProvider[] = [
safeProvider({
provide: InternalUserDecryptionOptionsServiceAbstraction,
useClass: UserDecryptionOptionsService,
deps: [StateProvider],
deps: [SingleUserStateProvider],
}),
safeProvider({
provide: UserDecryptionOptionsServiceAbstraction,
@@ -1292,6 +1292,7 @@ const safeProviders: SafeProvider[] = [
UserDecryptionOptionsServiceAbstraction,
LogService,
ConfigService,
AccountServiceAbstraction,
],
}),
safeProvider({

8
libs/angular/src/vault/vault-filter/components/vault-filter.component.ts
View File

@@ -88,14 +88,10 @@ export class VaultFilterComponent implements OnInit {
this.folders$ = await this.vaultFilterService.buildNestedFolders();
this.collections = await this.initCollections();
const userCanArchive = await firstValueFrom(
this.cipherArchiveService.userCanArchive$(this.activeUserId),
);
const showArchiveVault = await firstValueFrom(
this.cipherArchiveService.showArchiveVault$(this.activeUserId),
this.showArchiveVaultFilter = await firstValueFrom(
this.cipherArchiveService.hasArchiveFlagEnabled$(),
);
this.showArchiveVaultFilter = userCanArchive || showArchiveVault;
this.isLoaded = true;
}

2
libs/auth/src/angular/login-decryption-options/login-decryption-options.component.ts
View File

@@ -135,7 +135,7 @@ export class LoginDecryptionOptionsComponent implements OnInit {
try {
const userDecryptionOptions = await firstValueFrom(
this.userDecryptionOptionsService.userDecryptionOptions$,
this.userDecryptionOptionsService.userDecryptionOptionsById$(this.activeAccountId),
);
if (

2
libs/auth/src/angular/sso/sso.component.ts
View File

@@ -460,7 +460,7 @@ export class SsoComponent implements OnInit {
// must come after 2fa check since user decryption options aren't available if 2fa is required
const userDecryptionOpts = await firstValueFrom(
this.userDecryptionOptionsService.userDecryptionOptions$,
this.userDecryptionOptionsService.userDecryptionOptionsById$(authResult.userId),
);
const tdeEnabled = userDecryptionOpts.trustedDeviceOption

4
libs/auth/src/angular/two-factor-auth/two-factor-auth.component.spec.ts
View File

@@ -176,7 +176,9 @@ describe("TwoFactorAuthComponent", () => {
selectedUserDecryptionOptions = new BehaviorSubject<UserDecryptionOptions>(
mockUserDecryptionOpts.withMasterPassword,
);
mockUserDecryptionOptionsService.userDecryptionOptions$ = selectedUserDecryptionOptions;
mockUserDecryptionOptionsService.userDecryptionOptionsById$.mockReturnValue(
selectedUserDecryptionOptions,
);
TestBed.configureTestingModule({
declarations: [TestTwoFactorComponent],

2
libs/auth/src/angular/two-factor-auth/two-factor-auth.component.ts
View File

@@ -473,7 +473,7 @@ export class TwoFactorAuthComponent implements OnInit, OnDestroy {
}
const userDecryptionOpts = await firstValueFrom(
this.userDecryptionOptionsService.userDecryptionOptions$,
this.userDecryptionOptionsService.userDecryptionOptionsById$(authResult.userId),
);
const tdeEnabled = await this.isTrustedDeviceEncEnabled(userDecryptionOpts.trustedDeviceOption);

35
libs/auth/src/common/abstractions/user-decryption-options.service.abstraction.ts
View File

@@ -1,34 +1,45 @@
import { Observable } from "rxjs";
import { UserId } from "@bitwarden/common/types/guid";
import { UserDecryptionOptions } from "../models";
/**
* Public service for reading user decryption options.
* For use in components and services that need to evaluate user decryption settings.
*/
export abstract class UserDecryptionOptionsServiceAbstraction {
/**
* Returns what decryption options are available for the current user.
* @remark This is sent from the server on authentication.
* Returns the user decryption options for the given user id.
* Will only emit when options are set (does not emit null/undefined
* for an unpopulated state), and should not be called in an unauthenticated context.
* @param userId The user id to check.
*/
abstract userDecryptionOptions$: Observable<UserDecryptionOptions>;
abstract userDecryptionOptionsById$(userId: UserId): Observable<UserDecryptionOptions>;
/**
* Uses user decryption options to determine if current user has a master password.
* @remark This is sent from the server, and does not indicate if the master password
* was used to login and/or if a master key is saved locally.
*/
abstract hasMasterPassword$: Observable<boolean>;
/**
* Returns the user decryption options for the given user id.
* @param userId The user id to check.
*/
abstract userDecryptionOptionsById$(userId: string): Observable<UserDecryptionOptions>;
abstract hasMasterPasswordById$(userId: UserId): Observable<boolean>;
}
/**
* Internal service for managing user decryption options.
* For use only in authentication flows that need to update decryption options
* (e.g., login strategies). Extends consumer methods from {@link UserDecryptionOptionsServiceAbstraction}.
* @remarks Most consumers should use UserDecryptionOptionsServiceAbstraction instead.
*/
export abstract class InternalUserDecryptionOptionsServiceAbstraction extends UserDecryptionOptionsServiceAbstraction {
/**
* Sets the current decryption options for the user, contains the current configuration
* Sets the current decryption options for the user. Contains the current configuration
* of the users account related to how they can decrypt their vault.
* @remark Intended to be used when user decryption options are received from server, does
* not update the server. Consider syncing instead of updating locally.
* @param userDecryptionOptions Current user decryption options received from server.
*/
abstract setUserDecryptionOptions(userDecryptionOptions: UserDecryptionOptions): Promise<void>;
abstract setUserDecryptionOptionsById(
userId: UserId,
userDecryptionOptions: UserDecryptionOptions,
): Promise<void>;
}

3
libs/auth/src/common/login-strategies/login.strategy.spec.ts
View File

@@ -257,7 +257,8 @@ describe("LoginStrategy", () => {
expect(environmentService.seedUserEnvironment).toHaveBeenCalled();
expect(userDecryptionOptionsService.setUserDecryptionOptions).toHaveBeenCalledWith(
expect(userDecryptionOptionsService.setUserDecryptionOptionsById).toHaveBeenCalledWith(
userId,
UserDecryptionOptions.fromResponse(idTokenResponse),
);
expect(masterPasswordService.mock.setMasterPasswordUnlockData).toHaveBeenCalledWith(

3
libs/auth/src/common/login-strategies/login.strategy.ts
View File

@@ -195,7 +195,8 @@ export abstract class LoginStrategy {
// We must set user decryption options before retrieving vault timeout settings
// as the user decryption options help determine the available timeout actions.
await this.userDecryptionOptionsService.setUserDecryptionOptions(
await this.userDecryptionOptionsService.setUserDecryptionOptionsById(
userId,
UserDecryptionOptions.fromResponse(tokenResponse),
);

4
libs/auth/src/common/login-strategies/sso-login.strategy.spec.ts
View File

@@ -134,7 +134,9 @@ describe("SsoLoginStrategy", () => {
);
const userDecryptionOptions = new UserDecryptionOptions();
userDecryptionOptionsService.userDecryptionOptions$ = of(userDecryptionOptions);
userDecryptionOptionsService.userDecryptionOptionsById$.mockReturnValue(
of(userDecryptionOptions),
);
ssoLoginStrategy = new SsoLoginStrategy(
{} as SsoLoginStrategyData,

2
libs/auth/src/common/login-strategies/sso-login.strategy.ts
View File

@@ -393,7 +393,7 @@ export class SsoLoginStrategy extends LoginStrategy {
// Check for TDE-related conditions
const userDecryptionOptions = await firstValueFrom(
this.userDecryptionOptionsService.userDecryptionOptions$,
this.userDecryptionOptionsService.userDecryptionOptionsById$(userId),
);
if (!userDecryptionOptions) {

93
libs/auth/src/common/services/user-decryption-options/user-decryption-options.service.spec.ts
View File

@@ -1,12 +1,8 @@
import { firstValueFrom } from "rxjs";
import { Utils } from "@bitwarden/common/platform/misc/utils";
import {
FakeAccountService,
FakeStateProvider,
mockAccountServiceWith,
} from "@bitwarden/common/spec";
import { FakeSingleUserStateProvider } from "@bitwarden/common/spec";
import { UserId } from "@bitwarden/common/types/guid";
import { newGuid } from "@bitwarden/guid";
import { UserDecryptionOptions } from "../../models/domain/user-decryption-options";
@@ -17,15 +13,10 @@ import {
describe("UserDecryptionOptionsService", () => {
let sut: UserDecryptionOptionsService;
const fakeUserId = Utils.newGuid() as UserId;
let fakeAccountService: FakeAccountService;
let fakeStateProvider: FakeStateProvider;
let fakeStateProvider: FakeSingleUserStateProvider;
beforeEach(() => {
fakeAccountService = mockAccountServiceWith(fakeUserId);
fakeStateProvider = new FakeStateProvider(fakeAccountService);
fakeStateProvider = new FakeSingleUserStateProvider();
sut = new UserDecryptionOptionsService(fakeStateProvider);
});
@@ -42,55 +33,71 @@ describe("UserDecryptionOptionsService", () => {
},
};
describe("userDecryptionOptions$", () => {
it("should return the active user's decryption options", async () => {
await fakeStateProvider.setUserState(USER_DECRYPTION_OPTIONS, userDecryptionOptions);
describe("userDecryptionOptionsById$", () => {
it("should return user decryption options for a specific user", async () => {
const userId = newGuid() as UserId;
const result = await firstValueFrom(sut.userDecryptionOptions$);
fakeStateProvider.getFake(userId, USER_DECRYPTION_OPTIONS).nextState(userDecryptionOptions);
const result = await firstValueFrom(sut.userDecryptionOptionsById$(userId));
expect(result).toEqual(userDecryptionOptions);
});
});
describe("hasMasterPassword$", () => {
it("should return the hasMasterPassword property of the active user's decryption options", async () => {
await fakeStateProvider.setUserState(USER_DECRYPTION_OPTIONS, userDecryptionOptions);
describe("hasMasterPasswordById$", () => {
it("should return true when user has a master password", async () => {
const userId = newGuid() as UserId;
const result = await firstValueFrom(sut.hasMasterPassword$);
fakeStateProvider.getFake(userId, USER_DECRYPTION_OPTIONS).nextState(userDecryptionOptions);
const result = await firstValueFrom(sut.hasMasterPasswordById$(userId));
expect(result).toBe(true);
});
});
describe("userDecryptionOptionsById$", () => {
it("should return the user decryption options for the given user", async () => {
const givenUser = Utils.newGuid() as UserId;
await fakeAccountService.addAccount(givenUser, {
name: "Test User 1",
email: "test1@email.com",
emailVerified: false,
});
await fakeStateProvider.setUserState(
USER_DECRYPTION_OPTIONS,
userDecryptionOptions,
givenUser,
);
it("should return false when user does not have a master password", async () => {
const userId = newGuid() as UserId;
const optionsWithoutMasterPassword = {
...userDecryptionOptions,
hasMasterPassword: false,
};
const result = await firstValueFrom(sut.userDecryptionOptionsById$(givenUser));
fakeStateProvider
.getFake(userId, USER_DECRYPTION_OPTIONS)
.nextState(optionsWithoutMasterPassword);
expect(result).toEqual(userDecryptionOptions);
const result = await firstValueFrom(sut.hasMasterPasswordById$(userId));
expect(result).toBe(false);
});
});
describe("setUserDecryptionOptions", () => {
it("should set the active user's decryption options", async () => {
await sut.setUserDecryptionOptions(userDecryptionOptions);
describe("setUserDecryptionOptionsById", () => {
it("should set user decryption options for a specific user", async () => {
const userId = newGuid() as UserId;
const result = await firstValueFrom(
fakeStateProvider.getActive(USER_DECRYPTION_OPTIONS).state$,
);
await sut.setUserDecryptionOptionsById(userId, userDecryptionOptions);
const fakeState = fakeStateProvider.getFake(userId, USER_DECRYPTION_OPTIONS);
const result = await firstValueFrom(fakeState.state$);
expect(result).toEqual(userDecryptionOptions);
});
it("should overwrite existing user decryption options", async () => {
const userId = newGuid() as UserId;
const initialOptions = { ...userDecryptionOptions, hasMasterPassword: false };
const updatedOptions = { ...userDecryptionOptions, hasMasterPassword: true };
const fakeState = fakeStateProvider.getFake(userId, USER_DECRYPTION_OPTIONS);
fakeState.nextState(initialOptions);
await sut.setUserDecryptionOptionsById(userId, updatedOptions);
const result = await firstValueFrom(fakeState.state$);
expect(result).toEqual(updatedOptions);
});
});
});

42
libs/auth/src/common/services/user-decryption-options/user-decryption-options.service.ts
View File

@@ -1,16 +1,11 @@
// FIXME: Update this file to be type safe and remove this and next line
// @ts-strict-ignore
import { Observable, map } from "rxjs";
import { Observable, filter, map } from "rxjs";
import {
ActiveUserState,
StateProvider,
SingleUserStateProvider,
USER_DECRYPTION_OPTIONS_DISK,
UserKeyDefinition,
} from "@bitwarden/common/platform/state";
// FIXME: remove `src` and fix import
// eslint-disable-next-line no-restricted-imports
import { UserId } from "@bitwarden/common/src/types/guid";
import { UserId } from "@bitwarden/common/types/guid";
import { InternalUserDecryptionOptionsServiceAbstraction } from "../../abstractions/user-decryption-options.service.abstraction";
import { UserDecryptionOptions } from "../../models";
@@ -27,25 +22,26 @@ export const USER_DECRYPTION_OPTIONS = new UserKeyDefinition<UserDecryptionOptio
export class UserDecryptionOptionsService
implements InternalUserDecryptionOptionsServiceAbstraction
{
private userDecryptionOptionsState: ActiveUserState<UserDecryptionOptions>;
constructor(private singleUserStateProvider: SingleUserStateProvider) {}
userDecryptionOptions$: Observable<UserDecryptionOptions>;
hasMasterPassword$: Observable<boolean>;
userDecryptionOptionsById$(userId: UserId): Observable<UserDecryptionOptions> {
return this.singleUserStateProvider
.get(userId, USER_DECRYPTION_OPTIONS)
.state$.pipe(filter((options): options is UserDecryptionOptions => options != null));
}
constructor(private stateProvider: StateProvider) {
this.userDecryptionOptionsState = this.stateProvider.getActive(USER_DECRYPTION_OPTIONS);
this.userDecryptionOptions$ = this.userDecryptionOptionsState.state$;
this.hasMasterPassword$ = this.userDecryptionOptions$.pipe(
map((options) => options?.hasMasterPassword ?? false),
hasMasterPasswordById$(userId: UserId): Observable<boolean> {
return this.userDecryptionOptionsById$(userId).pipe(
map((options) => options.hasMasterPassword ?? false),
);
}
userDecryptionOptionsById$(userId: UserId): Observable<UserDecryptionOptions> {
return this.stateProvider.getUser(userId, USER_DECRYPTION_OPTIONS).state$;
}
async setUserDecryptionOptions(userDecryptionOptions: UserDecryptionOptions): Promise<void> {
await this.userDecryptionOptionsState.update((_) => userDecryptionOptions);
async setUserDecryptionOptionsById(
userId: UserId,
userDecryptionOptions: UserDecryptionOptions,
): Promise<void> {
await this.singleUserStateProvider
.get(userId, USER_DECRYPTION_OPTIONS)
.update((_) => userDecryptionOptions);
}
}

11
libs/common/src/admin-console/models/request/organization-update.request.ts
View File

@@ -1,10 +1,7 @@
// FIXME: Update this file to be type safe and remove this and next line
// @ts-strict-ignore
import { OrganizationKeysRequest } from "./organization-keys.request";
export class OrganizationUpdateRequest {
name: string;
businessName: string;
billingEmail: string;
keys: OrganizationKeysRequest;
export interface OrganizationUpdateRequest {
name?: string;
billingEmail?: string;
keys?: OrganizationKeysRequest;
}

3
libs/common/src/auth/abstractions/user-verification/user-verification.service.abstraction.ts
View File

@@ -48,6 +48,9 @@ export abstract class UserVerificationService {
* @param userId The user id to check. If not provided, the current user is used
* @returns True if the user has a master password
* @deprecated Use UserDecryptionOptionsService.hasMasterPassword$ instead
* @remark To facilitate deprecation, many call sites were removed as part of PM-26413.
* Those remaining are blocked by currently-disallowed imports of auth/common.
* PM-27009 has been filed to track completion of this deprecation.
*/
abstract hasMasterPassword(userId?: string): Promise<boolean>;
/**

23
libs/common/src/auth/services/user-verification/user-verification.service.spec.ts
View File

@@ -3,10 +3,7 @@ import { of } from "rxjs";
// This import has been flagged as unallowed for this class. It may be involved in a circular dependency loop.
// eslint-disable-next-line no-restricted-imports
import {
UserDecryptionOptions,
UserDecryptionOptionsServiceAbstraction,
} from "@bitwarden/auth/common";
import { UserDecryptionOptionsServiceAbstraction } from "@bitwarden/auth/common";
// This import has been flagged as unallowed for this class. It may be involved in a circular dependency loop.
// eslint-disable-next-line no-restricted-imports
import {
@@ -146,11 +143,7 @@ describe("UserVerificationService", () => {
describe("server verification type", () => {
it("correctly returns master password availability", async () => {
userDecryptionOptionsService.userDecryptionOptionsById$.mockReturnValue(
of({
hasMasterPassword: true,
} as UserDecryptionOptions),
);
userDecryptionOptionsService.hasMasterPasswordById$.mockReturnValue(of(true));
const result = await sut.getAvailableVerificationOptions("server");
@@ -168,11 +161,7 @@ describe("UserVerificationService", () => {
});
it("correctly returns OTP availability", async () => {
userDecryptionOptionsService.userDecryptionOptionsById$.mockReturnValue(
of({
hasMasterPassword: false,
} as UserDecryptionOptions),
);
userDecryptionOptionsService.hasMasterPasswordById$.mockReturnValue(of(false));
const result = await sut.getAvailableVerificationOptions("server");
@@ -526,11 +515,7 @@ describe("UserVerificationService", () => {
// Helpers
function setMasterPasswordAvailability(hasMasterPassword: boolean) {
userDecryptionOptionsService.userDecryptionOptionsById$.mockReturnValue(
of({
hasMasterPassword: hasMasterPassword,
} as UserDecryptionOptions),
);
userDecryptionOptionsService.hasMasterPasswordById$.mockReturnValue(of(hasMasterPassword));
masterPasswordService.masterKeyHash$.mockReturnValue(
of(hasMasterPassword ? "masterKeyHash" : null),
);

19
libs/common/src/auth/services/user-verification/user-verification.service.ts
View File

@@ -258,16 +258,19 @@ export class UserVerificationService implements UserVerificationServiceAbstracti
}
async hasMasterPassword(userId?: string): Promise<boolean> {
if (userId) {
const decryptionOptions = await firstValueFrom(
this.userDecryptionOptionsService.userDecryptionOptionsById$(userId),
);
const resolvedUserId = userId ?? (await firstValueFrom(this.accountService.activeAccount$))?.id;
if (decryptionOptions?.hasMasterPassword != undefined) {
return decryptionOptions.hasMasterPassword;
}
if (!resolvedUserId) {
return false;
}
return await firstValueFrom(this.userDecryptionOptionsService.hasMasterPassword$);
// Ideally, this method would accept a UserId over string. To avoid scope creep in PM-26413, we are
// doing the cast here. Future work should be done to make this type-safe, and should be considered
// as part of PM-27009.
return await firstValueFrom(
this.userDecryptionOptionsService.hasMasterPasswordById$(resolvedUserId as UserId),
);
}
async hasMasterPasswordAndMasterKeyHash(userId?: string): Promise<boolean> {

2
libs/common/src/enums/feature-flag.enum.ts
View File

@@ -13,7 +13,7 @@ export enum FeatureFlag {
/* Admin Console Team */
CreateDefaultLocation = "pm-19467-create-default-location",
AutoConfirm = "pm-19934-auto-confirm-organization-users",
BlockClaimedDomainAccountCreation = "block-claimed-domain-account-creation",
BlockClaimedDomainAccountCreation = "pm-28297-block-uninvited-claimed-domain-registration",
/* Auth */
PM23801_PrefetchPasswordPrelogin = "pm-23801-prefetch-password-prelogin",

17
libs/common/src/key-management/device-trust/services/device-trust.service.implementation.ts
View File

@@ -1,6 +1,6 @@
// FIXME: Update this file to be type safe and remove this and next line
// @ts-strict-ignore
import { firstValueFrom, map, Observable, Subject } from "rxjs";
import { firstValueFrom, map, Observable, Subject, switchMap } from "rxjs";
// This import has been flagged as unallowed for this class. It may be involved in a circular dependency loop.
// eslint-disable-next-line no-restricted-imports
@@ -9,6 +9,7 @@ import { UserDecryptionOptionsServiceAbstraction } from "@bitwarden/auth/common"
// eslint-disable-next-line no-restricted-imports
import { KeyService } from "@bitwarden/key-management";
import { AccountService } from "../../../auth/abstractions/account.service";
import { DeviceResponse } from "../../../auth/abstractions/devices/responses/device.response";
import { DevicesApiServiceAbstraction } from "../../../auth/abstractions/devices-api.service.abstraction";
import { SecretVerificationRequest } from "../../../auth/models/request/secret-verification.request";
@@ -87,10 +88,18 @@ export class DeviceTrustService implements DeviceTrustServiceAbstraction {
private userDecryptionOptionsService: UserDecryptionOptionsServiceAbstraction,
private logService: LogService,
private configService: ConfigService,
private accountService: AccountService,
) {
this.supportsDeviceTrust$ = this.userDecryptionOptionsService.userDecryptionOptions$.pipe(
map((options) => {
return options?.trustedDeviceOption != null;
this.supportsDeviceTrust$ = this.accountService.activeAccount$.pipe(
switchMap((account) => {
if (account == null) {
return [false];
}
return this.userDecryptionOptionsService.userDecryptionOptionsById$(account.id).pipe(
map((options) => {
return options?.trustedDeviceOption != null;
}),
);
}),
);
}

3
libs/common/src/key-management/device-trust/services/device-trust.service.spec.ts
View File

@@ -914,7 +914,7 @@ describe("deviceTrustService", () => {
platformUtilsService.supportsSecureStorage.mockReturnValue(supportsSecureStorage);
decryptionOptions.next({} as any);
userDecryptionOptionsService.userDecryptionOptions$ = decryptionOptions;
userDecryptionOptionsService.userDecryptionOptionsById$.mockReturnValue(decryptionOptions);
return new DeviceTrustService(
keyGenerationService,
@@ -930,6 +930,7 @@ describe("deviceTrustService", () => {
userDecryptionOptionsService,
logService,
configService,
accountService,
);
}
});

9
libs/common/src/key-management/master-password/types/master-password.types.ts
View File

@@ -25,7 +25,10 @@ export type MasterPasswordSalt = Opaque<string, "MasterPasswordSalt">;
export type MasterKeyWrappedUserKey = Opaque<EncString, "MasterKeyWrappedUserKey">;
/**
* The data required to unlock with the master password.
* Encapsulates the data needed to unlock a vault using a master password.
* It contains the masterKeyWrappedUserKey along with the KDF settings and salt used to derive the master key.
* It is currently backwards compatible to master-key based unlock, but this will not be the case in the future.
* Features relating to master-password-based unlock should use this abstraction.
*/
export class MasterPasswordUnlockData {
constructor(
@@ -66,7 +69,9 @@ export class MasterPasswordUnlockData {
}
/**
* The data required to authenticate with the master password.
* Encapsulates the data required to authenticate using a master password.
* It contains the masterPasswordAuthenticationHash, along with the KDF settings and salt used to derive it.
* The encapsulated abstraction prevents authentication issues resulting from unsynchronized state.
*/
export type MasterPasswordAuthenticationData = {
salt: MasterPasswordSalt;

25
libs/common/src/key-management/vault-timeout/services/vault-timeout-settings.service.spec.ts
View File

@@ -53,9 +53,11 @@ describe("VaultTimeoutSettingsService", () => {
policyService = mock<PolicyService>();
userDecryptionOptionsSubject = new BehaviorSubject(null);
userDecryptionOptionsService.userDecryptionOptions$ = userDecryptionOptionsSubject;
userDecryptionOptionsService.hasMasterPassword$ = userDecryptionOptionsSubject.pipe(
map((options) => options?.hasMasterPassword ?? false),
userDecryptionOptionsService.userDecryptionOptionsById$.mockReturnValue(
userDecryptionOptionsSubject,
);
userDecryptionOptionsService.hasMasterPasswordById$.mockReturnValue(
userDecryptionOptionsSubject.pipe(map((options) => options?.hasMasterPassword ?? false)),
);
userDecryptionOptionsService.userDecryptionOptionsById$.mockReturnValue(
userDecryptionOptionsSubject,
@@ -127,6 +129,23 @@ describe("VaultTimeoutSettingsService", () => {
expect(result).not.toContain(VaultTimeoutAction.Lock);
});
it("should return only LogOut when userId is not provided and there is no active account", async () => {
// Set up accountService to return null for activeAccount
accountService.activeAccount$ = of(null);
pinStateService.isPinSet.mockResolvedValue(false);
biometricStateService.biometricUnlockEnabled$ = of(false);
// Call availableVaultTimeoutActions$ which internally calls userHasMasterPassword without a userId
const result = await firstValueFrom(
vaultTimeoutSettingsService.availableVaultTimeoutActions$(),
);
// Since there's no active account, userHasMasterPassword returns false,
// meaning no master password is available, so Lock should not be available
expect(result).toEqual([VaultTimeoutAction.LogOut]);
expect(result).not.toContain(VaultTimeoutAction.Lock);
});
});
describe("canLock", () => {

17
libs/common/src/key-management/vault-timeout/services/vault-timeout-settings.service.ts
View File

@@ -290,14 +290,19 @@ export class VaultTimeoutSettingsService implements VaultTimeoutSettingsServiceA
}
private async userHasMasterPassword(userId: string): Promise<boolean> {
let resolvedUserId: UserId;
if (userId) {
const decryptionOptions = await firstValueFrom(
this.userDecryptionOptionsService.userDecryptionOptionsById$(userId),
);
return !!decryptionOptions?.hasMasterPassword;
resolvedUserId = userId as UserId;
} else {
return await firstValueFrom(this.userDecryptionOptionsService.hasMasterPassword$);
const activeAccount = await firstValueFrom(this.accountService.activeAccount$);
if (!activeAccount) {
return false; // No account, can't have master password
}
resolvedUserId = activeAccount.id;
}
return await firstValueFrom(
this.userDecryptionOptionsService.hasMasterPasswordById$(resolvedUserId),
);
}
}

5
libs/common/src/vault/models/domain/cipher.ts
View File

@@ -414,7 +414,10 @@ export class Cipher extends Domain implements Decryptable<CipherView> {
creationDate: this.creationDate.toISOString(),
deletedDate: this.deletedDate?.toISOString(),
archivedDate: this.archivedDate?.toISOString(),
reprompt: this.reprompt,
reprompt:
this.reprompt === CipherRepromptType.Password
? CipherRepromptType.Password
: CipherRepromptType.None,
// Initialize all cipher-type-specific properties as undefined
login: undefined,
identity: undefined,

6
libs/components/src/banner/banner.component.html
View File

@@ -1,11 +1,11 @@
<div
class="tw-flex tw-items-center tw-gap-4 tw-p-2 tw-ps-4 tw-text-main tw-border-transparent tw-bg-clip-padding tw-border-solid tw-border-b tw-border-0"
[ngClass]="bannerClass"
[class]="bannerClass()"
[attr.role]="useAlertRole() ? 'status' : null"
[attr.aria-live]="useAlertRole() ? 'polite' : null"
>
@if (icon(); as icon) {
<i class="bwi tw-align-middle tw-text-base" [ngClass]="icon" aria-hidden="true"></i>
@if (displayIcon(); as icon) {
<i class="bwi tw-align-middle tw-text-base" [class]="icon" aria-hidden="true"></i>
}
<!-- Overriding focus-visible color for link buttons for a11y against colored background -->
<span class="tw-grow tw-text-base [&>button[bitlink]:focus-visible:before]:!tw-ring-text-main">

71
libs/components/src/banner/banner.component.ts
View File

@@ -1,5 +1,4 @@
import { CommonModule } from "@angular/common";
import { Component, OnInit, Output, EventEmitter, input, model } from "@angular/core";
import { ChangeDetectionStrategy, Component, computed, input, output } from "@angular/core";
import { I18nPipe } from "@bitwarden/ui-common";
@@ -13,47 +12,69 @@ const defaultIcon: Record<BannerType, string> = {
warning: "bwi-exclamation-triangle",
danger: "bwi-error",
};
/**
* Banners are used for important communication with the user that needs to be seen right away, but has
* little effect on the experience. Banners appear at the top of the user's screen on page load and
* persist across all pages a user navigates to.
* - They should always be dismissible and never use a timeout. If a user dismisses a banner, it should not reappear during that same active session.
* - Use banners sparingly, as they can feel intrusive to the user if they appear unexpectedly. Their effectiveness may decrease if too many are used.
* - Avoid stacking multiple banners.
* - Banners can contain a button or anchor that uses the `bitLink` directive with `linkType="secondary"`.
/**
* Banners are used for important communication with the user that needs to be seen right away, but has
* little effect on the experience. Banners appear at the top of the user's screen on page load and
* persist across all pages a user navigates to.
*
* - They should always be dismissible and never use a timeout. If a user dismisses a banner, it should not reappear during that same active session.
* - Use banners sparingly, as they can feel intrusive to the user if they appear unexpectedly. Their effectiveness may decrease if too many are used.
* - Avoid stacking multiple banners.
* - Banners can contain a button or anchor that uses the `bitLink` directive with `linkType="secondary"`.
*/
// FIXME(https://bitwarden.atlassian.net/browse/CL-764): Migrate to OnPush
// eslint-disable-next-line @angular-eslint/prefer-on-push-component-change-detection
@Component({
selector: "bit-banner",
templateUrl: "./banner.component.html",
imports: [CommonModule, IconButtonModule, I18nPipe],
imports: [IconButtonModule, I18nPipe],
host: {
// Account for bit-layout's padding
class:
"tw-flex tw-flex-col [bit-layout_&]:-tw-mx-8 [bit-layout_&]:-tw-my-6 [bit-layout_&]:tw-pb-6",
},
changeDetection: ChangeDetectionStrategy.OnPush,
})
export class BannerComponent implements OnInit {
export class BannerComponent {
/**
* The type of banner, which determines its color scheme.
*/
readonly bannerType = input<BannerType>("info");
// passing `null` will remove the icon from element from the banner
readonly icon = model<string | null>();
/**
* The icon to display. If not provided, a default icon based on bannerType will be used. Explicitly passing null will remove the icon.
*/
readonly icon = input<string | null>();
/**
* Whether to use ARIA alert role for screen readers.
*/
readonly useAlertRole = input(true);
/**
* Whether to show the close button.
*/
readonly showClose = input(true);
// FIXME(https://bitwarden.atlassian.net/browse/CL-903): Migrate to Signals
// eslint-disable-next-line @angular-eslint/prefer-output-emitter-ref
@Output() onClose = new EventEmitter<void>();
/**
* Emitted when the banner is closed via the close button.
*/
readonly onClose = output();
ngOnInit(): void {
if (!this.icon() && this.icon() !== null) {
this.icon.set(defaultIcon[this.bannerType()]);
/**
* The computed icon to display, falling back to the default icon for the banner type.
* Returns null if icon is explicitly set to null (to hide the icon).
*/
protected readonly displayIcon = computed(() => {
// If icon is explicitly null, don't show any icon
if (this.icon() === null) {
return null;
}
}
get bannerClass() {
// If icon is undefined, fall back to default icon
return this.icon() ?? defaultIcon[this.bannerType()];
});
protected readonly bannerClass = computed(() => {
switch (this.bannerType()) {
case "danger":
return "tw-bg-danger-100 tw-border-b-danger-700";
@@ -64,5 +85,5 @@ export class BannerComponent implements OnInit {
case "warning":
return "tw-bg-warning-100 tw-border-b-warning-700";
}
}
});
}

3
libs/components/src/checkbox/checkbox.component.ts
View File

@@ -22,6 +22,7 @@ export class CheckboxComponent implements BitFormControlAbstraction {
"tw-relative",
"tw-transition",
"tw-cursor-pointer",
"disabled:tw-cursor-default",
"tw-inline-block",
"tw-align-sub",
"tw-flex-none", // Flexbox fix for bit-form-control
@@ -62,7 +63,7 @@ export class CheckboxComponent implements BitFormControlAbstraction {
"[&:not(bit-form-control_*)]:focus-visible:before:tw-ring-offset-2",
"[&:not(bit-form-control_*)]:focus-visible:before:tw-ring-primary-600",
"disabled:before:tw-cursor-auto",
"disabled:before:tw-cursor-default",
"disabled:before:tw-border",
"disabled:before:hover:tw-border",
"disabled:before:tw-bg-secondary-100",

35
libs/components/src/header/header.component.html Normal file
View File

@@ -0,0 +1,35 @@
<header
class="-tw-mt-6 -tw-mx-8 tw-mb-3 tw-flex tw-flex-col tw-py-6 tw-px-8 has-[[data-tabs]:not(:empty)]:tw-border-0 has-[[data-tabs]:not(:empty)]:tw-border-b has-[[data-tabs]:not(:empty)]:tw-border-solid has-[[data-tabs]:not(:empty)]:tw-border-secondary-100 has-[[data-tabs]:not(:empty)]:tw-bg-background-alt has-[[data-tabs]:not(:empty)]:tw-pb-0"
>
<div class="tw-flex">
<div class="tw-flex tw-min-w-0 tw-flex-1 tw-flex-col tw-gap-2">
<ng-content select="[slot=breadcrumbs]"></ng-content>
<h1
bitTypography="h1"
noMargin
class="tw-m-0 tw-mr-2 tw-leading-10 tw-flex tw-gap-1"
[title]="title()"
>
<div class="tw-truncate">
@if (icon()) {
<i class="bwi {{ icon() }}" aria-hidden="true"></i>
}
{{ title() }}
</div>
<div><ng-content select="[slot=title-suffix]"></ng-content></div>
</h1>
</div>
<div class="tw-ml-auto tw-flex tw-flex-col tw-gap-4">
<div class="tw-flex tw-min-w-max tw-items-center tw-justify-end tw-gap-2">
<ng-content></ng-content>
</div>
<div class="tw-ml-auto empty:tw-hidden">
<ng-content select="[slot=secondary]"></ng-content>
</div>
</div>
</div>
<div data-tabs class="-tw-mx-4 -tw-mb-px empty:tw-hidden">
<ng-content select="[slot=tabs]"></ng-content>
</div>
</header>

19
libs/components/src/header/header.component.ts Normal file
View File

@@ -0,0 +1,19 @@
import { ChangeDetectionStrategy, Component, input } from "@angular/core";
@Component({
selector: "bit-header",
templateUrl: "./header.component.html",
changeDetection: ChangeDetectionStrategy.OnPush,
standalone: true,
})
export class HeaderComponent {
/**
* The title of the page
*/
readonly title = input.required<string>();
/**
* Icon to show before the title
*/
readonly icon = input<string>();
}

189
libs/components/src/header/header.stories.ts Normal file
View File

@@ -0,0 +1,189 @@
import { importProvidersFrom } from "@angular/core";
import { RouterModule } from "@angular/router";
import {
applicationConfig,
componentWrapperDecorator,
Meta,
moduleMetadata,
StoryObj,
} from "@storybook/angular";
import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
import {
AvatarModule,
BreadcrumbsModule,
ButtonModule,
IconButtonModule,
IconModule,
InputModule,
MenuModule,
NavigationModule,
TabsModule,
TypographyModule,
} from "@bitwarden/components";
import { I18nMockService } from "../utils";
import { HeaderComponent } from "./header.component";
export default {
title: "Component Library/Header",
component: HeaderComponent,
decorators: [
componentWrapperDecorator(
(story) => `<div class="tw-min-h-screen tw-flex-1 tw-p-6 tw-text-main">${story}</div>`,
),
moduleMetadata({
imports: [
HeaderComponent,
AvatarModule,
BreadcrumbsModule,
ButtonModule,
IconButtonModule,
IconModule,
InputModule,
MenuModule,
NavigationModule,
TabsModule,
TypographyModule,
],
}),
applicationConfig({
providers: [
{
provide: I18nService,
useFactory: () => {
return new I18nMockService({
moreBreadcrumbs: "More breadcrumbs",
loading: "Loading",
});
},
},
importProvidersFrom(
RouterModule.forRoot(
[
{ path: "", redirectTo: "foo", pathMatch: "full" },
{ path: "foo", component: HeaderComponent },
{ path: "bar", component: HeaderComponent },
],
{ useHash: true },
),
),
],
}),
],
} as Meta;
type Story = StoryObj<HeaderComponent>;
export const KitchenSink: Story = {
render: (args) => ({
props: args,
template: /*html*/ `
<bit-header title="LongTitleeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee" icon="bwi-bug">
<bit-breadcrumbs slot="breadcrumbs">
<bit-breadcrumb>Foo</bit-breadcrumb>
<bit-breadcrumb>Bar</bit-breadcrumb>
</bit-breadcrumbs>
<input
bitInput
placeholder="Ask Jeeves"
type="text"
/>
<button type="button" bitIconButton="bwi-filter" label="Switch products"></button>
<bit-avatar text="Will"></bit-avatar>
<button bitButton buttonType="primary">New</button>
<button bitButton slot="secondary">Click Me 🎉</button>
<bit-tab-nav-bar slot="tabs">
<bit-tab-link [route]="['foo']">Foo</bit-tab-link>
<bit-tab-link [route]="['bar']">Bar</bit-tab-link>
</bit-tab-nav-bar>
</bit-header>
`,
}),
};
export const Basic: Story = {
render: (args: any) => ({
props: args,
template: /*html*/ `
<bit-header title="Foobar" icon="bwi-bug" />
`,
}),
};
export const WithLongTitle: Story = {
render: (arg: any) => ({
props: arg,
template: /*html*/ `
<bit-header title="LongTitleeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee" icon="bwi-bug">
<ng-container slot="title-suffix"><i class="bwi bwi-key"></i></ng-container>
</bit-header>
`,
}),
};
export const WithBreadcrumbs: Story = {
render: (args: any) => ({
props: args,
template: /*html*/ `
<bit-header title="Foobar" icon="bwi-bug" class="tw-text-main">
<bit-breadcrumbs slot="breadcrumbs">
<bit-breadcrumb>Foo</bit-breadcrumb>
<bit-breadcrumb>Bar</bit-breadcrumb>
</bit-breadcrumbs>
</bit-header>
`,
}),
};
export const WithSearch: Story = {
render: (args: any) => ({
props: args,
template: /*html*/ `
<bit-header title="Foobar" icon="bwi-bug" class="tw-text-main">
<input
bitInput
placeholder="Ask Jeeves"
type="text"
/>
</bit-header>
`,
}),
};
export const WithSecondaryContent: Story = {
render: (args) => ({
props: args,
template: /*html*/ `
<bit-header title="Foobar" icon="bwi-bug" class="tw-text-main">
<button bitButton slot="secondary">Click Me 🎉</button>
</bit-header>
`,
}),
};
export const WithTabs: Story = {
render: (args) => ({
props: args,
template: /*html*/ `
<bit-header title="Foobar" icon="bwi-bug" class="tw-text-main">
<bit-tab-nav-bar slot="tabs">
<bit-tab-link [route]="['foo']">Foo</bit-tab-link>
<bit-tab-link [route]="['bar']">Bar</bit-tab-link>
</bit-tab-nav-bar>
</bit-header>
`,
}),
};
export const WithTitleSuffixComponent: Story = {
render: (args) => ({
props: args,
template: /*html*/ `
<bit-header title="Foobar" icon="bwi-bug" class="tw-text-main">
<ng-container slot="title-suffix"><i class="bwi bwi-spinner bwi-spin"></i></ng-container>
</bit-header>
`,
}),
};

1
libs/components/src/header/index.ts Normal file
View File

@@ -0,0 +1 @@
export * from "./header.component";

1
libs/components/src/index.ts
View File

@@ -19,6 +19,7 @@ export * from "./dialog";
export * from "./disclosure";
export * from "./drawer";
export * from "./form-field";
export * from "./header";
export * from "./icon-button";
export * from "./icon";
export * from "./icon-tile";

4
libs/vault/src/components/can-delete-cipher.directive.ts
View File

@@ -1,8 +1,8 @@
import { Directive, Input, OnDestroy, TemplateRef, ViewContainerRef } from "@angular/core";
import { Subject, takeUntil } from "rxjs";
import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
import { CipherAuthorizationService } from "@bitwarden/common/vault/services/cipher-authorization.service";
import { CipherViewLike } from "@bitwarden/common/vault/utils/cipher-view-like-utils";
/**
* Only shows the element if the user can delete the cipher.
@@ -15,7 +15,7 @@ export class CanDeleteCipherDirective implements OnDestroy {
// FIXME(https://bitwarden.atlassian.net/browse/CL-903): Migrate to Signals
// eslint-disable-next-line @angular-eslint/prefer-signals
@Input("appCanDeleteCipher") set cipher(cipher: CipherView) {
@Input("appCanDeleteCipher") set cipher(cipher: CipherViewLike) {
this.viewContainer.clear();
this.cipherAuthorizationService

2
libs/vault/src/components/copy-cipher-field.directive.ts
View File

@@ -36,7 +36,7 @@ export class CopyCipherFieldDirective implements OnChanges {
alias: "appCopyField",
required: true,
})
action!: Exclude<CopyAction, "hiddenField">;
action!: CopyAction;
// FIXME(https://bitwarden.atlassian.net/browse/CL-903): Migrate to Signals
// eslint-disable-next-line @angular-eslint/prefer-signals

6
libs/vault/src/index.ts
View File

@@ -3,7 +3,11 @@ export {
AtRiskPasswordCalloutData,
} from "./services/at-risk-password-callout.service";
export { PasswordRepromptService } from "./services/password-reprompt.service";
export { CopyCipherFieldService, CopyAction } from "./services/copy-cipher-field.service";
export {
CopyCipherFieldService,
CopyAction,
CopyFieldAction,
} from "./services/copy-cipher-field.service";
export { CopyCipherFieldDirective } from "./components/copy-cipher-field.directive";
export { OrgIconDirective } from "./components/org-icon.directive";
export { CanDeleteCipherDirective } from "./components/can-delete-cipher.directive";

6
libs/vault/src/services/copy-cipher-field.service.ts
View File

@@ -35,6 +35,12 @@ export type CopyAction =
| "publicKey"
| "keyFingerprint";
/**
* Copy actions that can be used with the appCopyField directive.
* Excludes "hiddenField" which requires special handling.
*/
export type CopyFieldAction = Exclude<CopyAction, "hiddenField">;
type CopyActionInfo = {
/**
* The i18n key for the type of field being copied. Will be used to display a toast message.