* Dont check biometrics status when nativeMessaging permission isn't granted
* Increase polling interval and add unit tests
(cherry picked from commit 966f9a0c52)
* Change domain terminology to web addresses
* Added phishing resource file
* Finish renaming and adding runtime configuration for domains vs links setting
* Update reference
* Add matching functions per resource
* correct URL matching logic for links-based detection
Problem:
The phishing link matcher was failing to detect known phishing URLs due to
two issues:
1. Protocol mismatch: Entries in the phishing list use `http://` but users
typically visit `https://` versions. The matcher was comparing full URLs
including protocol, causing legitimate matches to fail.
- List entry: `http://smartdapptradxx.pages.dev`
- User visits: `https://smartdapptradxx.pages.dev/`
- Result: No match (incorrect)
2. Hostname-only matching would have caused false positives: An earlier
attempt to fix#1 included hostname-only comparison, which defeats the
purpose of links-based detection. The goal of PM-28548 is precise URL
matching to avoid blocking entire domains (like pages.dev, github.io)
when only specific paths are malicious.
Solution:
- Always strip protocol (http:// or https://) from both entry and URL
before comparison, treating them as equivalent
- Remove hostname-only matching to maintain precision
- Keep prefix matching for subpaths, query strings, and fragments
---------
Co-authored-by: Alex <adewitt@bitwarden.com>
(cherry picked from commit 800a21d8a3)
The Exposed Passwords and Weak Passwords reports were using an incorrect
rowSize value (53px instead of 75px) for their virtual scroll tables.
This caused the \"Back to reports\" button to collide with table entries.
The issue was cumulative - more items meant more visible collision. This
fix aligns both reports with the Reused Passwords report which correctly
uses 75px for identical row structures.
* Add creationDate of account to AccountInfo
* Added initialization of creationDate.
* Removed extra changes.
* Fixed tests to initialize creation date
* Added helper method to abstract account initialization in tests.
* More test updates.
* Linting
* Additional test fixes.
* Fixed spec reference
* Fixed imports
* Linting.
* Fixed browser test.
* Modified tsconfig to reference spec file.
* Fixed import.
* Removed dependency on os. This is necessary so that the @bitwarden/common/spec lib package can be referenced in tests without node.
* Revert "Removed dependency on os. This is necessary so that the @bitwarden/common/spec lib package can be referenced in tests without node."
This reverts commit 669f6557b6.
* Updated stories to hard-code new field.
* Removed changes to tsconfig
* Revert "Removed changes to tsconfig"
This reverts commit b7d916e8dc.
* Updated to use Date
* Updated to use Date on sync.
* Changes to tests that can't use mock function
* Prettier updates
* Update equality to handle Date type.
* Change to type comparison.
* Simplified equality comparison to just use properties.
* Added comment.
* Updated comment to reference Date.
* Added back in internal method tests.
* [deps] Platform: Update electron to v39
* Update and change builder
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
* follow existing popout guard pattern to force popout on firefox when filepicker is exposed
* move firefox guard to tools ownership & revert changes to auth owned file
* removed redundant test case
* implement the self-host subscription changes
* Correct few ui changes
* Update to h1
* PR review changes
* Changes for the async cancel
* Resolve the two bug issues
* implement the review comments
* Resolve the Active issue
* Fix the space issues
* Remove the tabs for billing and payment
* revert the self-host changes
* Fix the subtitle issue
* PM-3287 - Remove resetMasterPassword from authResult and identityTokenResponse and replace with userDecryptionOptions where relevant
* PM-3287 - (1) Move SSO code to SSO section (2) Update error scenario conditional + log user out upon error.
* PM-3287 - Fix comment per PR feedback
* PM-3287 - CLI Login with SSO - move MP validation logic back to original location to avoid putting it before 2FA rejection handling.
* PM-3287 - Update returns
Added tw-ml-1 class to shared (bwi-collection-shared) and attachment
(bwi-paperclip) icons in report tables to add spacing between the
item name and icons.
Affected reports:
- Weak passwords
- Exposed passwords
- Reused passwords
- Unsecured websites
- Inactive two-factor
- Emergency access view
(PM-29488)
* Disable phishing detection if safari is detected
* Apply suggestion from @claude[bot]
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
* Move order of safari vs account checks
---------
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
