* prevent redundant cache updates on account switch
Remove automatic cache update triggering that caused UI freezes when
switching to accounts with phishing detection access.
Root cause: The update$ observable used startWith(undefined) which
triggered an immediate cache refresh whenever a new subscription was
created. On account switch, phishingDetectionSettingsService.on$ emits
true, creating a new subscription and triggering a full ~800K entry
fetch that blocks the UI thread.
Fix:
- Remove startWith(undefined) to prevent auto-triggering on subscription
- Add MIN_UPDATE_INTERVAL (5 min) constant for cache freshness checks
- Add _updateInProgress flag to prevent concurrent updates
- Add filter() to skip updates when one is already in progress
- Add cache freshness check (skip if updated within 5 minutes)
- Add finalize() to reliably reset _updateInProgress flag (per ADR)
- Replace share() with shareReplay() to prevent duplicate work
- Add triggerUpdateIfNeeded() public method for explicit update requests
The scheduled 24-hour update interval is unaffected - it still calls
_triggerUpdate$.next() via the task scheduler.
* trigger cache updates asynchronously on account switch
Update PhishingDetectionService to explicitly trigger cache updates
when phishing detection becomes active for an account, using a
non-blocking pattern.
Changes:
- Add call to phishingDataService.triggerUpdateIfNeeded() when on$ emits true
- Use of(null).pipe(delay(0)) to defer update to next event loop tick
- This prevents the update from blocking the account switch UI flow
The delay(0) pattern is preferred over setTimeout per codebase conventions
(RxJS over native JS). The subscription auto-completes since of() emits
once and completes, so no manual cleanup is needed.
Combined with the previous commit's safeguards (cache freshness check,
concurrent update prevention), this ensures:
1. Account switch completes immediately (non-blocking trigger)
2. Cache updates only run when actually needed (< 5 min freshness)
3. Concurrent updates are prevented (_updateInProgress flag)
Fixes: PM-30319
* decouple cache update subscription from UI event merge
Move phishingDataService.update$ to a separate subscription outside the
merge() stream to prevent blocking the service worker during critical
initialization and account switch flows.
Background:
The service worker is single-threaded. When the phishing cache update
runs, it downloads a 25MB file and parses 800K entries using .split(),
which is CPU-intensive synchronous work. During this parsing, the
service worker cannot respond to popup requests, causing the extension
UI to appear frozen when the user clicks the extension icon.
Previously, update$ was included in the merge() alongside UI event
handlers (onTabUpdated$, onContinueCommand$, onCancelCommand$). When
on$ emitted true (user has phishing access), the merge subscription
was created as part of the same synchronous flow, coupling the heavy
cache work with the UI event setup.
Changes:
- Create separate updateSub subscription at initialization
- Remove update$ from merge() - now only contains UI event streams
- Keep delay(0) trigger for triggerUpdateIfNeeded()
How delay(0) works:
JavaScript's event loop must complete all synchronous code before
processing async callbacks. delay(0) schedules the trigger for the
next event loop tick, meaning:
1. initialize() completes and returns
2. Service worker is 'free' to handle other tasks
3. Next tick: triggerUpdateIfNeeded() fires
4. Cache update runs in background
The cache parsing will still block the thread when it eventually runs,
but this is now decoupled from the critical initialization path. The
window where blocking can affect user interaction is minimized.
PM-30319
* comment
* account for new changes in spec file
* prevent UI blocking during cache updates
Problem:
- Switching accounts caused 5+ second UI freeze
- Even when data unchanged, 789K entries were rewritten to IndexedDB
- Set was rebuilt from 789K entries on every state emission
Solution:
- Skip state update when checksum matches (return null instead of full data)
- Cache Set in memory, only rebuild when checksum changes
- Track last check time in memory instead of state
- Use streaming fetch to prevent Firefox memory explosion
- Add comprehensive logging for debugging
Performance improvement:
- Checksum match: ~5 seconds → ~10ms (no blocking)
- Full update: Still required when data changes, but with streaming
* pre-populate cache on install/update and optimize Set building
Problem:
Premium users experienced a 5+ second UI freeze on first login after
install because the phishing list (~63MB, 789K entries) was downloaded
synchronously when phishing detection was enabled.
Solution:
1. Pre-populate cache on extension install/update
- Added triggerPhishingCacheUpdate() to MainBackground
- RuntimeBackground calls this on "install" and "update" events
- Cache is ready before user logs in, eliminating first-login lag
2. Chunked Set building for UI responsiveness
- Build Set in 50K-entry chunks with event loop yields
- Changed from synchronous map() to async switchMap() + buildSetInChunks()
- Prevents UI blocking when Set is rebuilt from cached data
3. Streaming with yields
- Added yield after each network chunk during streaming fetch
- Keeps service worker responsive to popup messages during download
4. Log cleanup for production
- Converted verbose debugging logs from info → debug level
- Kept important operational events (daily/full updates) at info
- Removed timing logs and progress banners
- Fixed comment accuracy: 100MB → 63MB uncompressed
Performance impact:
- First login after install: 5+ seconds → near-instant (cache pre-populated)
- Set rebuild: non-blocking via chunked processing
- Subsequent updates: already optimized via checksum matching
* spec
* add allowlist for bare amazon.com domain
Problem:
The upstream Phishing.Database contains a false positive entry
`https://www.Amazon.com` (line 666495), causing the real Amazon
website to be incorrectly blocked.
Solution:
Add BARE_DOMAIN_ALLOWLIST that skips blocking for exact hostname
matches (amazon.com, www.amazon.com) when the URL has no path,
query, or hash. This protects users from false positives while
still detecting phishing URLs that use Amazon in paths or
subdomain tricks.
Allowed:
- https://amazon.com
- https://www.amazon.com
Still blocked:
- https://amazon.com/phishing/path
- https://amazon.com-malicious.xyz
- https://fake.com/amazon.com/steal
* logging
* update our links source url
* Fix Chrome memory leak in phishing detection service
* reduce memory leaks
* optimize phishing detection performance and fix memory leaks
This commit addresses critical performance issues and memory leaks in the
phishing detection feature, particularly for non-premium users and during
extension reloads.
Storage Isolation:
- Created BrowserIndexedDbStorageService for large data storage
- Separated PHISHING_DATA_DISK (60MB+ phishing URLs) from PHISHING_DETECTION_DISK
- Prevents popup from loading large dataset when accessing small settings
- Fixed UI freeze when navigating to Settings -> Account security -> back arrow
Lazy Loading Optimizations:
- Converted _cachedState, _webAddresses$, and update$ to lazy getters
- Only accesses IndexedDB when phishing detection is actually used
- Prevents blocking service worker initialization on extension reload
- Added guard in triggerUpdateIfNeeded() to skip if no observers
Performance Improvements:
- Modified buildEnabledPipeline$() to check available$ first
- Uses startWith(true) to emit immediately, preventing on$ from blocking
- Skips IndexedDB reads for non-premium users during unlock/account switch
- Prevents 3+ second UI freezes for non-premium users
Memory Leak Fixes:
- Added static interval cleanup to prevent accumulation on service recreation
- Fixed tab listener cleanup by storing bound handler reference
- Fixed triggerUpdateSub subscription cleanup on account switches
- Prevents exponential memory growth from undestroyed subscriptions
Test Fixes:
- Updated tests to set up available$ prerequisites before testing enabled$
- Fixed tests to wait for actual state values after startWith(true) emission
- Uses filter() to wait for expected state values in async tests
Files Changed:
- apps/browser/src/platform/services/browser-indexed-db-storage.service.ts (new)
- apps/browser/src/platform/storage/browser-storage-service.provider.ts
- apps/browser/src/dirt/phishing-detection/services/phishing-data.service.ts
- apps/browser/src/dirt/phishing-detection/services/phishing-detection.service.ts
- apps/browser/src/background/runtime.background.ts
- libs/common/src/dirt/services/phishing-detection/phishing-detection-settings.service.ts
- libs/common/src/dirt/services/phishing-detection/phishing-detection-settings.service.spec.ts
- libs/state/src/core/state-definitions.ts
- libs/storage-core/src/client-locations.ts
* fix test type errors
* remove allowlist
* storage isolation revert
The initial implementation of storage isolation was used to fix a specific navigation scenario that lead to freezing of the ui ("Settings → Account Security" and clicking the back button)
Why disk-large instead of memory-large-object:
- **Problem**: Users experienced infinite loading (2+ minute freezes) when navigating to "Settings → Account Security" and clicking the back button. The Popup would freeze because `chrome.storage.local` broadcasts 60MB writes to all contexts, causing the Popup to deserialize data it never requested.
- **Fix**: Created `disk-large` storage location using native IndexedDB, which persists data (unlike `memory-large-object`) and doesn't broadcast events (unlike `chrome.storage.local`), isolating large datasets from the Popup context.
**Key Difference:**
- `memory-large-object`: **Non-persistent** in-memory storage. Data is lost when the service worker restarts or the extension reloads.
- `disk-large`: **Persistent** storage using native IndexedDB. Data survives service worker restarts and extension reloads.
**Why We Need Persistence:**
The phishing dataset (~60MB, 780K entries) must persist across:
- Service worker restarts (Chrome terminates service workers after inactivity)
- Extension reloads/updates
- Browser restarts
If we used `memory-large-object`, the extension would need to re-download the entire 60MB dataset every time the service worker restarts, which happens frequently in Chrome. This would:
1. Waste bandwidth (60MB downloads on every restart)
2. Cause UI freezes on every restart (same problem we're trying to fix)
3. Fail offline scenarios
**Why Not Use Existing `disk` Location:**
The existing `"disk"` location uses `chrome.storage.local`, which has a critical flaw for large datasets:
- **Event Broadcasting**: Any write to `chrome.storage.local` triggers `onChanged` events broadcast to **all** extension contexts (Background, Popup, Sidebar)
- **The UI/UX Problem**:
- Users experienced **infinite loading** or **2+ minute freezes** when navigating to "Settings → Account Security" and clicking the back button
- When Background writes 60MB, Chrome serializes and IPCs it to Popup, causing Popup's main thread to freeze while deserializing this massive object, even if Popup never requested the data
- The Popup would become completely unresponsive, showing a spinning cursor or blank screen
- **The Fix**: Native IndexedDB doesn't broadcast events across processes, isolating the storage so Background can write 60MB without disturbing the Popup
* remove implementation comments from jsdoc
* renaming
* new domains source
* remove unnecessary complexity from buildEnabledPipeline and remove all IndexedDB references
* fix pre-population on install/update
* handle null webAddresses
---------
Co-authored-by: maxkpower <mpower@bitwarden.com>
* Front end changes to disable SM ads for users
* fixing failing tests
* Update libs/common/src/admin-console/models/response/organization.response.ts
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
* fixing merge conflicts
* claude suggestion
* adding feature flag for disable sm ads on clients
* fixing tests
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
* add callout to vault-items for non premium users, add upgrade premium flow
* add archive badge to item details only for desktop
* update desktop edit item save for unarchive
* updated success toast for edited archive item non premium
* Add creationDate of account to AccountInfo
* Added initialization of creationDate.
* Removed extra changes.
* Fixed tests to initialize creation date
* Added helper method to abstract account initialization in tests.
* More test updates.
* Linting
* Additional test fixes.
* Fixed spec reference
* Fixed imports
* Linting.
* Fixed browser test.
* Modified tsconfig to reference spec file.
* Fixed import.
* Removed dependency on os. This is necessary so that the @bitwarden/common/spec lib package can be referenced in tests without node.
* Revert "Removed dependency on os. This is necessary so that the @bitwarden/common/spec lib package can be referenced in tests without node."
This reverts commit 669f6557b6.
* Updated stories to hard-code new field.
* Removed changes to tsconfig
* Revert "Removed changes to tsconfig"
This reverts commit b7d916e8dc.
* Updated to use Date
* Updated to use Date on sync.
* Changes to tests that can't use mock function
* Prettier updates
* Update equality to handle Date type.
* Change to type comparison.
* Simplified equality comparison to just use properties.
* Added comment.
* Updated comment to reference Date.
* Added back in internal method tests.
* PM-3287 - Remove resetMasterPassword from authResult and identityTokenResponse and replace with userDecryptionOptions where relevant
* PM-3287 - (1) Move SSO code to SSO section (2) Update error scenario conditional + log user out upon error.
* PM-3287 - Fix comment per PR feedback
* PM-3287 - CLI Login with SSO - move MP validation logic back to original location to avoid putting it before 2FA rejection handling.
* PM-3287 - Update returns
* Fix master key not being set to state after kdf update
* Fix cli build
* Fix test error
* Fix hash purpose
* Add test for master key being set
* Fix incorrect variable name
* [PM-28181] Open send dialog in drawer instead of popup in refreshed UI
* Fix types
* [PM-28181] Use drawer to edit sends with refreshed UI
* [PM-28181] Address bug where multiple Sends could not be navigated between
* added phishing blocker toggle
* design improvements
* Fix TypeScript strict mode errors in PhishingDetectionSettingsServiceAbstraction
* Camel case messages
* Update PhishingDetectionService.initialize parameter ordering
* Add comments to PhishingDetectionSettingsServiceAbstraction
* Change state from global to user settings
* Remove clear on logout phishing-detection-settings
* PM-28536 making a change from getActive to getUser because of method being deprecated
* Moved phishing detection services to own file
* Added new phishing detection availability service to expose complex enable logic
* Add test cases for PhishingDetectionAvailabilityService
* Remove phishing detection availability in favor of one settings service
* Extract phishing detection settings service abstraction to own file
* Update phishing detection-settings service to include availability logic. Updated dependencies
* Add test cases for phishing detection element. Added missing dependencies in testbed setup
* Update services in extension
* Switch checkbox to bit-switch component
* Remove comment
* Remove comment
* Fix prettier vs lint spacing
* Replace deprecated active user state. Updated test cases
* Fix account-security test failing
* Update comments
* Renamed variable
* Removed obsolete message
* Remove unused variable
* Removed unused import
---------
Co-authored-by: Leslie Tilton <23057410+Banrion@users.noreply.github.com>
Co-authored-by: Graham Walker <gwalker@bitwarden.com>
Co-authored-by: Tom <144813356+ttalty@users.noreply.github.com>
* auto key not stored due to vault timeout race condition being null for cli
* fix unit test default state
* neglected electron key service test cleanup
* bad merge - fix formatting
* Add creationDate of account to AccountInfo
* Added initialization of creationDate.
* Removed extra changes.
* Fixed tests to initialize creation date
* Added helper method to abstract account initialization in tests.
* More test updates.
* Linting
* Additional test fixes.
* Fixed spec reference
* Fixed imports
* Linting.
* Fixed browser test.
* Modified tsconfig to reference spec file.
* Fixed import.
* Removed dependency on os. This is necessary so that the @bitwarden/common/spec lib package can be referenced in tests without node.
* Revert "Removed dependency on os. This is necessary so that the @bitwarden/common/spec lib package can be referenced in tests without node."
This reverts commit 669f6557b6.
* Updated stories to hard-code new field.
* Removed changes to tsconfig
* Revert "Removed changes to tsconfig"
This reverts commit b7d916e8dc.
* feat(token-service) [PM-15333]: Update Portable secure storage resolution to use disk.
* feat(token-service) [PM-15333]: Move isWindowsPortable evaluation to preload with other platform evaluations.
* feat: add Identity Sso Required Response type as possible response from token endpoint.
* feat: consume sso organization identifier to redirect user
* feat: add get requiresSso to AuthResult for more ergonomic code.
* feat: sso-redirect on sso-required for CLI and Desktop
* chore: fixing type errors
* test: fix and add tests for new sso method
* docs: fix misspelling
* fix: get email from AuthResult instead of the FormGroup
* fix:claude: when email is not available for SSO login show error toast.
* fix:claude: add null safety check
* [PM-29138] fix defect with pricing service on self host
* use iscloud instead of manually checking region
* fixing strict compile issues
* spacing updates from design review
* final spacing edits
* pr feedback
* typechecking
* [PM-22750] Add upgradeOldCipherAttachment method to CipherService
* [PM-22750] Refactor download attachment component to use signals
* [PM-22750] Better download url handling
* [PM-22750] Cleanup upgradeOldCipherAttachments method
* [PM-22750] Refactor cipher-attachments.component to use Signals and OnPush
* [PM-22750] Use the correct legacy decryption key for attachments without their own content encryption key
* [PM-22750] Add fix attachment button back to attachments component
* [PM-22750] Fix newly added output signals
* [PM-22750] Fix failing test due to signal refactor
* [PM-22750] Update copy
* Add IncreaseBulkReinviteLimitForCloud feature flag
* Enhance PeopleTableDataSource with bulk operation limits and feature flag integration
- Introduced a new feature flag to increase the bulk reinvite limit for cloud environments.
- Added an observable to determine if the increased limit is enabled based on the feature flag and environment.
- Updated the logic for enforcing checked user limits in bulk operations, allowing for a maximum of 4000 users when the feature flag is active.
- Refactored the constructor to initialize the new observable and manage the maximum allowed checked count dynamically.
* Add unit tests for PeopleTableDataSource to validate user limit enforcement and status counts
* Refactor MembersComponent to integrate increased bulk limit feature
- Added support for conditional user limit enforcement in bulk operations based on a feature flag.
- Introduced new dependencies for ConfigService and EnvironmentService to manage configuration settings.
- Updated methods to utilize the new getCheckedUsers function, which enforces limits when the feature is enabled.
- Refactored data source initialization to accommodate the new logic for handling checked users.
* Refactor enforceCheckedUserLimit method in PeopleTableDataSource to use filtered data for user limit enforcement and to keep checked the top rows.
Removed unnecessary comments and improved readability.
* Add bulk reinvite success messages to localization files
This update introduces new localization keys for bulk reinvite success notifications, including a general success message and a limited success message that provides details on the number of users re-invited and those excluded due to limits. This enhances user feedback during bulk operations.
* Enhance bulk reinvite functionality with toast notifications
This update modifies the MembersComponent to display success messages via toast notifications when the feature flag for increased bulk limits is enabled. If the limit is exceeded, a detailed message is shown, otherwise a general success message is displayed. The legacy dialog is retained for cases when the feature flag is disabled, ensuring consistent user feedback during bulk reinvite operations.
* Rename MaxBulkReinviteCount to CloudBulkReinviteLimit
* Refactor user retrieval logic in MembersComponent to conditionally enforce bulk limits
This update modifies the MembersComponent in both the admin console and provider management sections to replace the direct calls to getCheckedUsers() with a conditional check for increased bulk limit feature. If enabled, it enforces user limits; otherwise, it retrieves all checked users. The deprecated getCheckedUsers method has been removed to streamline the code.
* Add constructor to MembersTableDataSource for improved dependency injection
This update introduces a constructor to the MembersTableDataSource class in both the admin console and provider management sections, allowing for better dependency injection of ConfigService, EnvironmentService, and DestroyRef. This change enhances the overall structure and maintainability of the code.
* Refactor PeopleTableDataSource and MembersComponent to implement new bulk limit logic
This update modifies the PeopleTableDataSource to introduce a new property for managing increased bulk limits and refactors the MembersComponent to utilize this logic. The enforcement of user limits during bulk operations is now conditional based on the feature flag, allowing for a more flexible handling of user selections. Additionally, the method for limiting and unchecking excess users has been updated for clarity and efficiency.
* Refactor PeopleTableDataSource tests to update limit enforcement logic
This update modifies the test cases for the PeopleTableDataSource to reflect the new method for limiting and unchecking excess users. The method name has been changed from `enforceCheckedUserLimit` to `limitAndUncheckExcess`, and the tests have been adjusted accordingly to ensure they accurately validate the new functionality. Additionally, unnecessary tests have been removed to streamline the test suite.
* Change CloudBulkReinviteLimit back to 4000
* Refactor MembersComponent to utilize new getCheckedUsersInVisibleOrder method
This update modifies the MembersComponent to conditionally retrieve checked users based on the increased bulk limit feature. If enabled, it uses the new getCheckedUsersInVisibleOrder method to maintain visual consistency in the filtered/sorted table view. This change enhances the handling of user selections during bulk operations.
* Refactor PeopleTableDataSource to use Signals for increased bulk limit feature and update related tests. Removed unused imports and dependencies on DestroyRef in MembersTableDataSource components.
* Refactor MembersComponent to remove unused Signal for increased bulk limit and directly utilize dataSource method for feature flag checks.
* Implement getCheckedUsersWithLimit method to streamline user retrieval based on feature flag; update MembersComponent to utilize this new method for bulk actions.
