* refactor(billing): remove PM-26793 feature flag from subscription pricing service
* test(billing): update subscription pricing tests for PM-26793 feature flag removal
* chore: remove PM-26793 feature flag from keys
* add notification handler for auto confirm
* add missing state check
* fix test
* isolate angular specific code from shared lib code
* clean up
* use autoconfirm method
* add event logging for auto confirm
* update copy
Adds urlOriginsMatch to @bitwarden/platform, which compares two URLs by
scheme, host, and port. Uses `protocol + "//" + host` rather than
`URL.origin` because non-special schemes (e.g. chrome-extension://)
return the opaque string "null" from .origin, making equality comparison
unreliable. URLs without a host (file:, data:) are explicitly rejected
to prevent hostless schemes from comparing equal.
Refactors senderIsInternal to delegate to urlOriginsMatch and to derive
the extension URL via BrowserApi.getRuntimeURL("") rather than inline
chrome/browser API detection. Adds full test coverage for
senderIsInternal.
The previous string-based comparison used startsWith after stripping
trailing slashes, which was safe in senderIsInternal where inputs are
tightly constrained. As a general utility accepting arbitrary URLs,
startsWith can produce false positives (e.g. "https://example.com"
matching "https://example.com.evil.com"). Structural host comparison
is the correct contract for unrestricted input.
Remove the fully-enabled feature flag and simplify the billing metadata
API to always use the vNext endpoints. The legacy API path is removed
since the server will no longer serve it.
- Remove FeatureFlag.PM25379_UseNewOrganizationMetadataStructure enum and default
- Delete legacy getOrganizationBillingMetadata() API method (old /billing/metadata path)
- Rename vNext methods to remove VNext suffix
- Simplify OrganizationMetadataService to always use cached vNext path
- Remove ConfigService dependency from OrganizationMetadataService
- Update tests to remove feature flag branching
* feat(salt-for-user) [PM-31088]: Add feature flag for saltForUser.
* feat(salt-for-user) [PM-31088]: Flag saltForUser logic to return unlockdata.salt or emailToSalt.
* test(salt-for-user) [PM-31088]: Update tests to include coverage for new behavior.
Updates the SetInitialPasswordService TDE + Permission user flow to use the new KM data types:
- `MasterPasswordAuthenticationData`
- `MasterPasswordUnlockData`
This allows us to move away from the deprecated `makeMasterKey()` method (which takes email as salt) as we seek to eventually separate the email from the salt.
The new `setInitialPasswordTdeUserWithPermission()` method essentially takes the existing deprecated `setInitialPassword()` method and:
- Removes logic that is specific to a `JIT_PROVISIONED_MP_ORG_USER` case. This way the method only handles `TDE_ORG_USER_RESET_PASSWORD_PERMISSION_REQUIRES_MP` cases.
- Updates the logic to use `MasterPasswordAuthenticationData` and `MasterPasswordUnlockData`
Behind feature flag: `pm-27086-update-authentication-apis-for-input-password`
* PM-18607 reimplemented errorOnUnknownProperties
* claude review
* claude review
---------
Co-authored-by: John Harrington <84741727+harr1424@users.noreply.github.com>
* Refactored the search index to index with the cipherlistview
* Fixed comment
* clear encrypted cipher state to prevent stale emissions during sync
* skip decrypt call when cipher arry is emoty during sync
* add notification handler for auto confirm
* add missing state check
* fix test
* isolate angular specific code from shared lib code
* clean up
* use autoconfirm method
* fix test
* Implement the required changes
* Fix the family plan creation for expired sub
* Resolve the pr comments
* resolve the resubscribe issue
* Removed redirectOnCompletion: true from the resubscribe
* Display the Change payment method dialog on the subscription page
* adjust the page reload time
* revert payment method open in subscription page
* Enable cancel premium see the subscription page
* Revert the removal of hasPremiumPersonally
* remove extra space
* Add can view subscription
* Use the canViewSubscription
* Resolve the tab default to premium
* use the subscription Instead of hasPremium
* Revert the changes on user-subscription
* Use the flag to redirect to subscription page
* revert the canViewSubscription change
* resolve the route issue with premium
* Change the path to
* Revert the previous iteration changes
* Fix the build error
* [PM-31750] Refactor members routing and user confirmation logic
* Simplified user confirmation process by removing feature flag checks.
* Updated routing to directly use the new members component without feature flagging.
* Removed deprecated members component references from routing modules.
* Cleaned up feature flag enum by removing unused entries.
* trigger claude
* [PM-31750] Refactor members component and remove deprecated files
* Renamed vNextMembersComponent to MembersComponent for consistency.
* Removed deprecated_members.component.ts and associated HTML files.
* Updated routing and references to use the new MembersComponent.
* Cleaned up related tests to reflect the component name change.
* Refactor import statements in security-tasks.service.ts for improved readability
* Update apps/web/src/app/admin-console/organizations/manage/user-confirm.component.ts
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
* Remove BaseMembersComponent and related imports from the admin console, streamlining member management functionality.
* Remove unused ConfigService import from UserConfirmComponent to clean up code.
* Implement feature flag logic for user restoration in MemberDialogComponent, allowing conditional restoration based on DefaultUserCollectionRestore flag.
---------
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
* enforce strict types on folders
* fix folder api service
* fix tests
* fix test
* fix type issue
* fix test
* add extra checks for folders. add specs
* fix folder.id checks
* fix id logic
* remove unecessary check
* name name and id optional in folder model
* fix tests
* Update folder and folderview
* fix folder with id export
* fix tests
* fix tests
* more defensive typing
* fix tests
* no need to check for presence
* check for empty name in folder toDomain
* fixes to folder
* initialize id in folder constructor. fix failing tests
* remove optional param to folder constructor
* fix folder
* fix test
* remove remaining checks for null folder id
* fix logic
* pass null for empty folder ids
* make id more explicit
* fix failing test
* fix failing test
* fix "No Folder" filter
* created 'berry' component
* added 'bit-berry' to 'popup-tab-navigation'
* simplified - removed null checks
* changed 'effectiveSize' to 'computedSize'
* fixed 'accentPrimary' color
* updated to not render berry if 'count' is 0 or negative number
* simplified checking count undefined
* updated computed padding
* switched from `[ngClass]` to `[class]`
* updated 'popup-tab-navigation' berry to use 'danger' variant
* fixed berry positioning in popup-tab-navigation
* updated content logic
* cleanup unused 'ngClass'
* updated conditional rendering of berry
* updated story 'Usage'
* updates with adding berry 'type'
* added type "status" to popup-tab-navigation
* fixed type error
* updated 'Count Behavior' description
* display translated content for attachments that cannot be downloaded
* consume decryption failure from the sdk for attachments
* add decryption errors from sdk
* only show fix attachment issues for when key is null and it does not have a decryption failure
* separate decryption failure state in view
* Implement OnDestroy lifecycle hook in PoliciesComponent to close dialog on component destruction. Update dialog reference handling for improved resource management.
* Add documentation to dialogs.mdx so others can know how to prevent drawers staying open
* Fix for PR action test
* Update PoliciesComponent to use optional chaining for myDialogRef
* Webauthn: Support Related Origin Requests
* review changes
* PM-31279 Add feature flag to guard executing ROR checks
* Fix fido2-client.service tests
* Set ROR_MAX_LABELS to 5
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: Addison Beck <github@addisonbeck.com>
* Implement dynamic cipher creation permissions in vault header and new cipher menu components
* Enhance new cipher menu button behavior and accessibility. Implement dynamic button label based on creation permissions, allowing direct collection creation when applicable. Update button trigger logic to improve user experience.
* Update apps/web/src/app/vault/individual-vault/vault-header/vault-header.component.ts
Co-authored-by: SmithThe4th <gsmith@bitwarden.com>
* Add canCreateCipher getter for improved readability
---------
Co-authored-by: SmithThe4th <gsmith@bitwarden.com>
* [PM-31685] Removing email hashes
* [PM-31685] fixing tests, which are now passing
* [PM-31685] removing anon access emails field and reusing emails field
* [PM-31685] fixing missed tests
* [PM-31685] fixing missed tests
* [PM-31685] code review changes
* [PM-31685] do not encrypt emails by use of domain functionality
* [PM-31685] test fixes
* Remove inividual user key states and migrate to account cryptographic state
* Fix browser
* Fix tests
* Clean up migration
* Remove key-pair creation from login strategy
* Add clearing for the account cryptographic state
* Add migration
* Cleanup
* Fix linting
