* PM-3287 - Remove resetMasterPassword from authResult and identityTokenResponse and replace with userDecryptionOptions where relevant
* PM-3287 - (1) Move SSO code to SSO section (2) Update error scenario conditional + log user out upon error.
* PM-3287 - Fix comment per PR feedback
* PM-3287 - CLI Login with SSO - move MP validation logic back to original location to avoid putting it before 2FA rejection handling.
* PM-3287 - Update returns
* Add creationDate of account to AccountInfo
* Added initialization of creationDate.
* Removed extra changes.
* Fixed tests to initialize creation date
* Added helper method to abstract account initialization in tests.
* More test updates.
* Linting
* Additional test fixes.
* Fixed spec reference
* Fixed imports
* Linting.
* Fixed browser test.
* Modified tsconfig to reference spec file.
* Fixed import.
* Removed dependency on os. This is necessary so that the @bitwarden/common/spec lib package can be referenced in tests without node.
* Revert "Removed dependency on os. This is necessary so that the @bitwarden/common/spec lib package can be referenced in tests without node."
This reverts commit 669f6557b6.
* Updated stories to hard-code new field.
* Removed changes to tsconfig
* Revert "Removed changes to tsconfig"
This reverts commit b7d916e8dc.
* feat(token-service) [PM-15333]: Update Portable secure storage resolution to use disk.
* feat(token-service) [PM-15333]: Move isWindowsPortable evaluation to preload with other platform evaluations.
* feat: add Identity Sso Required Response type as possible response from token endpoint.
* feat: consume sso organization identifier to redirect user
* feat: add get requiresSso to AuthResult for more ergonomic code.
* feat: sso-redirect on sso-required for CLI and Desktop
* chore: fixing type errors
* test: fix and add tests for new sso method
* docs: fix misspelling
* fix: get email from AuthResult instead of the FormGroup
* fix:claude: when email is not available for SSO login show error toast.
* fix:claude: add null safety check
* Turn on passkeys and dev mode
* PM-19138: Add try-catch to desktop-autofill (#13964)
* PM-19424: React to IPC disconnect (#14123)
* React to IPC disconnects
* Minor cleanup
* Update apps/desktop/package.json
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
* Relaxed ordering
---------
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
* Autofill/pm 9034 implement passkey for unlocked accounts (#13826)
* Passkey stuff
Co-authored-by: Anders Åberg <github@andersaberg.com>
* Ugly hacks
* Work On Modal State Management
* Applying modalStyles
* modal
* Improved hide/show
* fixed promise
* File name
* fix prettier
* Protecting against null API's and undefined data
* Only show fake popup to devs
* cleanup mock code
* rename minmimal-app to modal-app
* Added comment
* Added comment
* removed old comment
* Avoided changing minimum size
* Add small comment
* Rename component
* adress feedback
* Fixed uppercase file
* Fixed build
* Added codeowners
* added void
* commentary
* feat: reset setting on app start
* Moved reset to be in main / process launch
* Add comment to create window
* Added a little bit of styling
* Use Messaging service to loadUrl
* Enable passkeysautofill
* Add logging
* halfbaked
* Integration working
* And now it works without extra delay
* Clean up
* add note about messaging
* lb
* removed console.logs
* Cleanup and adress review feedback
* This hides the swift UI
* add modal components
* update modal with correct ciphers and functionality
* add create screen
* pick credential, draft
* Remove logger
* a whole lot of wiring
* not working
* Improved wiring
* Cancel after 90s
* Introduced observable
* update cipher handling
* update to use matchesUri
* Launching bitwarden if its not running
* Passing position from native to electron
* Rename inModalMode to modalMode
* remove tap
* revert spaces
* added back isDev
* cleaned up a bit
* Cleanup swift file
* tweaked logging
* clean up
* Update apps/desktop/macos/autofill-extension/CredentialProviderViewController.swift
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Update apps/desktop/src/platform/main/autofill/native-autofill.main.ts
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Update apps/desktop/src/platform/services/desktop-settings.service.ts
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* adress position feedback
* Update apps/desktop/macos/autofill-extension/CredentialProviderViewController.swift
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Removed extra logging
* Adjusted error logging
* Use .error to log errors
* remove dead code
* Update desktop-autofill.service.ts
* use parseCredentialId instead of guidToRawFormat
* Update apps/desktop/src/autofill/services/desktop-autofill.service.ts
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Change windowXy to a Record instead of [number,number]
* Update apps/desktop/src/autofill/services/desktop-fido2-user-interface.service.ts
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Remove unsued dep and comment
* changed timeout to be spec recommended maxium, 10 minutes, for now.
* Correctly assume UP
* Removed extra cancelRequest in deinint
* Add timeout and UV to confirmChoseCipher
UV is performed by UI, not the service
* Improved docs regarding undefined cipherId
* cleanup: UP is no longer undefined
* Run completeError if ipc messages conversion failed
* don't throw, instead return undefined
* Disabled passkey provider
* Throw error if no activeUserId was found
* removed comment
* Fixed lint
* removed unsued service
* reset entitlement formatting
* Update entitlements.mas.plist
* Fix build issues
* Fix import issues
* Update route names to use `fido2`
* Fix being unable to select a passkey
* Fix linting issues
* Followup to fix merge issues and other comments
* Update `userHandle` value
* Add error handling for missing session or other errors
* Remove unused route
* Fix linting issues
* Simplify updateCredential method
* Followup to remove comments and timeouts and handle errors
* Address lint issue by using `takeUntilDestroyed`
* PR Followup for typescript and vault concerns
* Add try block for cipher creation
* Make userId manditory for cipher service
---------
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by: Anders Åberg <github@andersaberg.com>
Co-authored-by: Anders Åberg <anders@andersaberg.com>
Co-authored-by: Colton Hurst <colton@coltonhurst.com>
Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>
Co-authored-by: Evan Bassler <evanbassler@Mac.attlocal.net>
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* PM-11455: Trigger sync when user enables OS setting (#14127)
* Implemented a SendNativeStatus command
This allows reporting status or asking the electron app to do something.
* fmt
* Update apps/desktop/src/autofill/services/desktop-autofill.service.ts
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
* clean up
* Don't add empty callbacks
* Removed comment
---------
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
* Added support for handling a locked vault
Handle unlocktimeout
* PM-19511: Add support for ExcludedCredentials (#14128)
* works
* Add mapping
* remove the build script
* cleanup
* simplify updatedCipher (#14179)
* Fix base64url decode on MacOS passkeys (#14227)
* Add support for padding in base64url decode
* whitespace
* whitespace
* Autofill/pm 17444 use reprompt (#14004)
* Passkey stuff
Co-authored-by: Anders Åberg <github@andersaberg.com>
* Ugly hacks
* Work On Modal State Management
* Applying modalStyles
* modal
* Improved hide/show
* fixed promise
* File name
* fix prettier
* Protecting against null API's and undefined data
* Only show fake popup to devs
* cleanup mock code
* rename minmimal-app to modal-app
* Added comment
* Added comment
* removed old comment
* Avoided changing minimum size
* Add small comment
* Rename component
* adress feedback
* Fixed uppercase file
* Fixed build
* Added codeowners
* added void
* commentary
* feat: reset setting on app start
* Moved reset to be in main / process launch
* Add comment to create window
* Added a little bit of styling
* Use Messaging service to loadUrl
* Enable passkeysautofill
* Add logging
* halfbaked
* Integration working
* And now it works without extra delay
* Clean up
* add note about messaging
* lb
* removed console.logs
* Cleanup and adress review feedback
* This hides the swift UI
* add modal components
* update modal with correct ciphers and functionality
* add create screen
* pick credential, draft
* Remove logger
* a whole lot of wiring
* not working
* Improved wiring
* Cancel after 90s
* Introduced observable
* update cipher handling
* update to use matchesUri
* Launching bitwarden if its not running
* Passing position from native to electron
* Rename inModalMode to modalMode
* remove tap
* revert spaces
* added back isDev
* cleaned up a bit
* Cleanup swift file
* tweaked logging
* clean up
* Update apps/desktop/macos/autofill-extension/CredentialProviderViewController.swift
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Update apps/desktop/src/platform/main/autofill/native-autofill.main.ts
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Update apps/desktop/src/platform/services/desktop-settings.service.ts
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* adress position feedback
* Update apps/desktop/macos/autofill-extension/CredentialProviderViewController.swift
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Removed extra logging
* Adjusted error logging
* Use .error to log errors
* remove dead code
* Update desktop-autofill.service.ts
* use parseCredentialId instead of guidToRawFormat
* Update apps/desktop/src/autofill/services/desktop-autofill.service.ts
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Change windowXy to a Record instead of [number,number]
* Update apps/desktop/src/autofill/services/desktop-fido2-user-interface.service.ts
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Remove unsued dep and comment
* changed timeout to be spec recommended maxium, 10 minutes, for now.
* Correctly assume UP
* Removed extra cancelRequest in deinint
* Add timeout and UV to confirmChoseCipher
UV is performed by UI, not the service
* Improved docs regarding undefined cipherId
* cleanup: UP is no longer undefined
* Run completeError if ipc messages conversion failed
* don't throw, instead return undefined
* Disabled passkey provider
* Throw error if no activeUserId was found
* removed comment
* Fixed lint
* removed unsued service
* reset entitlement formatting
* Update entitlements.mas.plist
* Fix build issues
* Fix import issues
* Update route names to use `fido2`
* Fix being unable to select a passkey
* Fix linting issues
* Added support for handling a locked vault
* Followup to fix merge issues and other comments
* Update `userHandle` value
* Add error handling for missing session or other errors
* Remove unused route
* Fix linting issues
* Simplify updateCredential method
* Add master password reprompt on passkey create
* Followup to remove comments and timeouts and handle errors
* Address lint issue by using `takeUntilDestroyed`
* Add MP prompt to cipher selection
* Change how timeout is handled
* Include `of` from rxjs
* Hide blue header for passkey popouts (#14095)
* Hide blue header for passkey popouts
* Fix issue with test
* Fix ngOnDestroy complaint
* Import OnDestroy correctly
* Only require master password if item requires it
---------
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by: Anders Åberg <github@andersaberg.com>
Co-authored-by: Anders Åberg <anders@andersaberg.com>
Co-authored-by: Colton Hurst <colton@coltonhurst.com>
Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>
Co-authored-by: Evan Bassler <evanbassler@Mac.attlocal.net>
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Change modal size to 600x600
* Improve MacOS Syncing
This changes the behaviour to react to logoff, but not to account locks. It also adds better error handling on the native side.
* Improved modalPosition by allowing multiple calls to applyModalStyles
* moved imports to please lint
* Make passkey header stick for select and create (#14357)
* Added local build command
* Exclude credentials using kvc to avoid comilation error in cicd (#14568)
* Fix syntax error
* Don't use kvc
* Enables the autofill extension in mac and mas builds (#14373)
* Enables autofill extension building
* Try use macos-14
* add --break-system-packages for macos14
* revert using build-native
* try add rustup target add x86_64-apple-darwin
* add more rustup target add x86_64-apple-darwin
* try to force sdk version
* Show SDK versions
* USE KVC for excludedCredentials
* added xcodebuild deugging
* Revert "try to force sdk version"
This reverts commit d94f2550ad.
* Use macos-15
* undo merge
* remove macos-15 from cli
* remove macos-15 from browser
---------
Co-authored-by: Anders Åberg <anders@andersaberg.com>
* Improve Autofill IPC reliability (#14358)
* Delay IPC server start
* Better ipc handling
* Rename ready() to listenerReady()
---------
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
* feat: add test and check for too long buffers (#14775)
* Autofill/PM-19511: Overwrite and reprompt (#14288)
* Show items for url that don't have passkey
* Show existing login items in the UI
* Filter available cipher results (#14399)
* Filter available cipher results
* Fix linting issues
* Update logic for eligible ciphers
* Remove unused method to check matching username
* PM-20608 update styling for excludedCredentials (#14444)
* PM-20608 update styling for excludedCredentials
* Have flow correctly move to creation for excluded cipher
* Remove duplicate confirmNeCredential call
* Revert fido2-authenticator changes and move the excluded check
* Create a separate component for excluded cipher view
* Display traffic light MacOS buttons when the vault is locked (#14673)
* Remove unneccessary filter for excludedCiphers
* Remove dead code from the excluded ciphers work
* Remove excludedCipher checks from fido2 create and vault
* Remove excludedCipher remnants from vault and simplify create cipher logic
* Move cipherHasNoOtherPasskeys to shared fido2-utils
* Remove all containsExcludedCipher references
* Use `bufferToString` to convert `userHandle`
---------
Co-authored-by: Jeffrey Holland <jholland@livefront.com>
Co-authored-by: Jeffrey Holland <124393578+jholland-livefront@users.noreply.github.com>
* Move modal files to `autofill` and rename dir to `credentials` (#14757)
* Show existing login items in the UI
* Filter available cipher results (#14399)
* Filter available cipher results
* Fix linting issues
* Update logic for eligible ciphers
* Remove unused method to check matching username
* PM-20608 update styling for excludedCredentials (#14444)
* PM-20608 update styling for excludedCredentials
* Have flow correctly move to creation for excluded cipher
* Remove duplicate confirmNeCredential call
* Revert fido2-authenticator changes and move the excluded check
* Create a separate component for excluded cipher view
* Display traffic light MacOS buttons when the vault is locked (#14673)
* Remove unneccessary filter for excludedCiphers
* Remove dead code from the excluded ciphers work
* Remove excludedCipher checks from fido2 create and vault
* Move modal files to `autofill` and rename dir to `credentials`
* Update merge issues
* Add tests for `cipherHasNoOtherPasskeys` (#14829)
* Adjust spacing to place new login button below other items (#14877)
* Adjust spacing to place new login button below other items
* Add correct design when no credentials available (#14879)
* Autofill/pm 21903 use translations everywhere for passkeys (#14908)
* Adjust spacing to place new login button below other items
* Add correct design when no credentials available
* Add correct design when no credentials available (#14879)
* Remove hardcoded strings and use translations in passkey flow
* Remove duplicate `select` translation
* Autofill/pm 21864 center unlock vault modal (#14867)
* Center the Locked Vault modal when using passkeys
* Revert swift changes and handle offscreen modals
* Remove comments
* Add rustup for cicd to work (#15055)
* Hide credentials that are in the bin (#15034)
* Add tests for passkey components (#15185)
* Add tests for passkey components
* Reuse cipher in chooseCipher tests and simplify mock creation
* Autofill/pm 22821 center vault modal (#15243)
* Center the vault modal for passkeys
* Add comments and fix electron-builder.json
* Set values to Int32 in the ternaries
* Refactor Fido2 Components (#15105)
* Refactor Fido2 Components
* Address error message and missing session
* Address remaining missing session
* Reset modals so subsequent creates work (#15145)
* Fix broken test
* Rename relevantCiphers to displayedCiphers
* Clean up heading settings, errors, and other concerns
* Address missing comments and throw error in try block
* fix type issue for SimpleDialogType
* fix type issue for SimpleDialogType
* Revert new type
* try using as null to satisfy type issue
* Remove use of firstValueFrom in create component
* PM-22476: Show config UI while enabling Bitwarden (#15149)
* Show config ui while enabling Bitwarden
* locals
* Added Localizable strings
* Changed the linebreakmode
* Removed swedish locals
* Add provisioning profile values to electron build (#15412)
* Address BitwardenShield icon issue
* Fix fido2-vault component
* Display the vault modal when selecting Bitwarden... (#15257)
* Passkeys filtering breaks on SSH keys (#15448)
* Display the blue header on the locked vault passkey flow (#15655)
* PM-23848: Use the MacOS UI-friendly API instead (#15650)
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Fix action text and close vault modal (#15634)
* Fix action text and close vault modal
* Fix broken tests
* Update SVG to support dark mode (#15805)
* When a locked vault is unlocked displays correctly (#15612)
* When a locked vault is unlocked displays correctly
* Keep old behavior while checking for recently unlocked vault
* Revert the electron-builder
* Simplify by using a simple redirect when vault unlocked
* Remove single use of `userSelectedCipher`
* Add a guard clause to unlock
* Revert to original spacing
* Add reactive guard to unlock vault
* Fix for passkey picker closing prematurely
* Remove unneeded root navigation in ensureUnlockedVault
* Fix vault not unlocking
* Update broken tests for lock component
* Add missing brace to preload.ts
* Run lint
* Added explainer
* Moved the explainer
* Tidying up readme
* Add feature flag to short-circuit the passkey provider (#16003)
* Add feature flag to short-circuit the passkey provider
* Check FF in renderer instead
* Lint fixes
* PM-22175: Improve launch of app + window positioning (#15658)
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Implement prepareInterfaceToProvideCredential
* Fix launch of app + window pos
* Wait for animation to complete and use proper position
* Wait for animation to complete and use proper position
* Added commentary
* Remove console.log
* Remove call to removed function
---------
Co-authored-by: Jeffrey Holland <jholland@livefront.com>
Co-authored-by: Jeffrey Holland <124393578+jholland-livefront@users.noreply.github.com>
* Update fido2-vault and fido2-service implementations
* Use tailwind-alike classes for new styles
* Add label to biticons in passkey modals
* Fix broken vault test
* Revert to original `isDev` function
* Add comment to lock component describing `disable-redirect` param
* Use tailwind classes instead of custom sticky header class
* Use standard `tw-z-10` for z-index
* Change log service levels
* Mock svg icons for CI
* Add back provisioning profiles
* Remove `--break-system-packages` and simplify commands
* Revert `cipherId` param for `confirmNewCredential`
* Remove placeholder UI
* Small improvements to the readme
* Remove optional userId and deprecated method
* Autofill should own the macos_provider (#16271)
* Autofill should own the macos_provider
* Autofill should own the macos_provider
* Remove unnecessary logs, no magic numbers, revert `cipherId?`
* Fixes for broken build
* Update test issues
* [BEEEP] Use tracing in macOS provider
* Update comments and add null check for ciphers
* Update status comments and readme
* Remove electron modal mode link
* Clarify modal mode use
* Add comment about usernames
* Add comment that we don't support extensions yet
* Added comment about base64 format
* Use NO_CALLBACK_INDICATOR
* cb -> callback
* Update apps/desktop/desktop_native/napi/src/lib.rs
Co-authored-by: neuronull <9162534+neuronull@users.noreply.github.com>
* Clean up Fido2Create subscriptions and update comments
* added comment to clarify silent exception
* Add comments
* clean up unwrap()
* set log level filter to INFO
* Address modal popup issue
* plutil on Info.plist
* Adhere to style guides
* Fix broken lock ui component tests
* Fix broken lock ui component tests
* Added codeowners entry
* logservice.warning -> debug
* Uint8Array -> ArrayBuffer
* Remove autofill entitlement
* Fix linting issues
* Fix arm build issue
* Adjust build command
* Add missing entitlement
* revert missing entitlement change
* Add proper autofill entitlements
* Remove autofill extension from mas builds
* Run rust formatter
---------
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
Co-authored-by: Jeffrey Holland <124393578+jholland-livefront@users.noreply.github.com>
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by: Colton Hurst <colton@coltonhurst.com>
Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>
Co-authored-by: Evan Bassler <evanbassler@Mac.attlocal.net>
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
Co-authored-by: Nathan Ansel <nathan@livefront.com>
Co-authored-by: Jeffrey Holland <jholland@livefront.com>
Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
Co-authored-by: neuronull <9162534+neuronull@users.noreply.github.com>
* Implement automatic kdf upgrades
* Fix kdf config not being updated
* Update legacy kdf state on master password unlock sync
* Fix cli build
* Fix
* Deduplicate prompts
* Fix dismiss time
* Fix default kdf setting
* Fix build
* Undo changes
* Fix test
* Fix prettier
* Fix test
* Update libs/angular/src/key-management/encrypted-migration/encrypted-migrations-scheduler.service.ts
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Update libs/common/src/key-management/master-password/abstractions/master-password.service.abstraction.ts
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Update libs/angular/src/key-management/encrypted-migration/encrypted-migrations-scheduler.service.ts
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Only sync when there is at least one migration
* Relative imports
* Add tech debt comment
* Resolve inconsistent prefix
* Clean up
* Update docs
* Use default PBKDF2 iteratinos instead of custom threshold
* Undo type check
* Fix build
* Add comment
* Cleanup
* Cleanup
* Address component feedback
* Use isnullorwhitespace
* Fix tests
* Allow migration only on vault
* Fix tests
* Run prettier
* Fix tests
* Prevent await race condition
* Fix min and default values in kdf migration
* Run sync only when a migration was run
* Update libs/common/src/key-management/encrypted-migrator/default-encrypted-migrator.ts
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Fix link not being blue
* Fix later button on browser
---------
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* feat(user-decryption-options) [PM-26413]: Update UserDecryptionOptionsService and tests to use UserId-only APIs.
* feat(user-decryption-options) [PM-26413]: Update InternalUserDecryptionOptionsService call sites to use UserId-only API.
* feat(user-decryption-options) [PM-26413] Update userDecryptionOptions$ call sites to use the UserId-only API.
* feat(user-decryption-options) [PM-26413]: Update additional call sites.
* feat(user-decryption-options) [PM-26413]: Update dependencies and an additional call site.
* feat(user-verification-service) [PM-26413]: Replace where allowed by unrestricted imports invocation of UserVerificationService.hasMasterPassword (deprecated) with UserDecryptionOptions.hasMasterPasswordById$. Additional work to complete as tech debt tracked in PM-27009.
* feat(user-decryption-options) [PM-26413]: Update for non-null strict adherence.
* feat(user-decryption-options) [PM-26413]: Update type safety and defensive returns.
* chore(user-decryption-options) [PM-26413]: Comment cleanup.
* feat(user-decryption-options) [PM-26413]: Update tests.
* feat(user-decryption-options) [PM-26413]: Standardize null-checking on active account id for new API consumption.
* feat(vault-timeout-settings-service) [PM-26413]: Add test cases to illustrate null active account from AccountService.
* fix(fido2-user-verification-service-spec) [PM-26413]: Update test harness to use FakeAccountService.
* fix(downstream-components) [PM-26413]: Prefer use of the getUserId operator in all authenticated contexts for user id provided to UserDecryptionOptionsService.
---------
Co-authored-by: bnagawiecki <107435978+bnagawiecki@users.noreply.github.com>
* Remove internal use of getUserKey in the key service
* Move ownership of RotateableKeySet and remove usage of getUserKey
* Add input validation to createKeySet
* feat: ban urls not using https
* feat: add exception for dev env
* feat: block fetching of insecure URLs
* feat: add exception for dev env
* feat: block notifications from using insecure URL
* fix: bug where submission was possible regardless of error
* feat: add exception for dev env
* fix: missing constructor param
* fix(auth-tech-debt): [PM-24103] Remove Get User Key to UserKey$ - Fixed and updated tests.
* fix(auth-tech-debt): [PM-24103] Remove Get User Key to UserKey$ - Fixed test variable being made more vague.
* feat(two-factor-api-service) [PM-26465]: Add TwoFactorApiServiceAbstraction.
* feat(two-factor-api-service) [PM-26465]: Add TwoFactorApiService implementation.
* feat(two-factor-api-service) [PM-26465]: Add test suite for TwoFactorApiService.
* feat(two-factor-api-service) [PM-26465]: Replace ApiService dependencies with TwoFactorApiService for all refactored methods.
* feat(two-factor-api-service) [PM-26465]: Finish removal of Two-Factor API methods from ApiService.
* fix(two-factor-api-service) [PM-26465]: Correct endpoint spelling.
* feat(two-factor-api-service) [PM-26465]: Update dependency support for CLI.
* fix(two-factor-api-service) [PM-26465]: Update tests/deps for corrected spelling.
* feat(two-factor-api-service) [PM-26465]: Add TwoFactorApiService to Browser services module.
* fix(two-factor-api-service) [PM-26465]: Re-spell dependencies to take *Abstraction throughout, move to JslibServices module for cleaner importing across clients.
* feat(two-factor-api-service) [PM-26465]: Move new services to a feature area, rename abstract and concrete/default.
* feat(two-factor-api-service) [PM-26465]: Move the feature area to common/auth, not auth/common.
* feat(two-factor-api-service) [PM-26465]: Remove now-unneeded include from auth/tsconfig.
Upgrade to the latest supported typescript version in Angular.
Resolved TS errors by:
- adding `: any` which is what the compiler previously implied and now warns about.
- adding `toJSON` to satisfy requirement.
* PM-22661 - Start bringing in code from original PR
* PM-22661 - SendTokenService - implement and test hash send password
* PM-22661 - Starting to pull in SDK state to SendTokenService
* PM-22661 - WIP on default send token service
* PM-22661 - Build out TS helpers for TryGetSendAccessTokenError
* PM-22661 - WIP
* PM-22661 - Decent progress on getting _tryGetSendAccessToken wired up
* PM-22661 - Finish service implementation (TODO: test)
* PM-22661 - DefaultSendTokenService - clear expired tokens
* PM-22661 - SendTokenService - tests for tryGetSendAccessToken$
* PM-22661 - DefaultSendTokenService - more tests.
* PM-22661 - Refactor to create domain facing type for send access creds so we can internally map to SDK models instead of exposing them.
* PM-22661 - DefaultSendTokenService tests - finish testing error scenarios
* PM-22661 - SendAccessToken - add threshold to expired check to prevent tokens from expiring in flight
* PM-22661 - clean up docs and add invalidateSendAccessToken
* PM-22661 - Add SendAccessToken tests
* PM-22661 - Build out barrel files and provide send token service in jslib-services.
* PM-22661 - Improve credential validation and test the scenarios
* PM-22661 - Add handling for otp_generation_failed
* PM-22661 - npm i sdk version 0.2.0-main.298 which has send access client stuff
* PM-22661 - Bump to latest sdk changes for send access for testing.
* PM-22661 - fix comment to be accurate
* PM-22661 - DefaultSendTokenService - hashSendPassword - to fix compile time error with passing a Uint8Array to Utils.fromBufferToB64, add new overloads to Utils.fromBufferToB64 to handle ArrayBuffer and ArrayBufferView (to allow for Uint8Arrays). Then, test new scenarios to ensure feature parity with old fromBufferToB64 method.
* PM-22661 - Utils.fromBufferToB64 - remove overloads so ordering doesn't break test spies.
* PM-22661 - utils.fromBufferToB64 - re-add overloads to see effects on tests
* PM-22661 - revert utils changes as they will be done in a separate PR.
* PM-22661 - SendTokenService tests - test invalidateSendAccessToken
* PM-22661 - DefaultSendTokenService - add some storage layer tests
* PM-22661 - Per PR feedback fix comment
* PM-22661 - Per PR feedback, optimize writes to state for send access tokens with shouldUpdate.
* PM-22661 - Per PR feedback, update clear to be immutable vs delete (mutation) based.
* PM-22661 - Per PR feedback, re-add should update for clear method.
* PM-22661 - Update libs/common/src/auth/send-access/services/default-send-token.service.ts
Co-authored-by: rr-bw <102181210+rr-bw@users.noreply.github.com>
* PM-22661 - Update libs/common/src/auth/send-access/services/default-send-token.service.ts
Co-authored-by: rr-bw <102181210+rr-bw@users.noreply.github.com>
* PM-22661 - Update libs/common/src/auth/send-access/services/default-send-token.service.ts
Co-authored-by: rr-bw <102181210+rr-bw@users.noreply.github.com>
---------
Co-authored-by: rr-bw <102181210+rr-bw@users.noreply.github.com>
If a user is part of an org that has the `RequireSso` policy, when that user successfully logs in we add their email to a local `ssoRequiredCache` on their device. The next time this user goes to the `/login` screen on this device, we will use that cache to determine that for this email we should only show the "Use single sign-on" button and disable the alternate login buttons.
These changes are behind the flag: `PM22110_DisableAlternateLoginMethods`
* feat(notification-processing): [PM-19877] System Notification Implementation - Implemented the full feature set for device approval from extension.
* test(notification-processing): [PM-19877] System Notification Implementation - Updated tests.
---------
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* added master password unlock and decryption option fields into identity token connect response
* incorrect master password unlock response parsing
* use sdk
* use sdk
* better type checking on response parsing
* not using sdk
* revert of bad merge conflicts
* revert of bad merge conflicts
* master password unlock setter in state
* unit test coverage for responses processing
* master password unlock in identity user decryption options
* unit test coverage
* unit test coverage
* unit test coverage
* unit test coverage
* lint error
* set master password unlock data in state on identity response and sync response
* revert change in auth's user decryption options
* remove unnecessary cast
* better docs
* change to relative imports
* MasterPasswordUnlockData serialization issue
* explicit undefined type for `syncUserDecryption`
* incorrect identity token response tests
* Passed in userId on RemovePasswordComponent.
* Added userId on other references to KeyConnectorService methods
* remove password component refactor, test coverage, enabled strict
* explicit user id provided to key connector service
* redirect to / instead when user not logged in or not managing organization
* key connector service explicit user id
* key connector service no longer requires account service
* key connector service missing null type
* cli convert to key connector unit tests
* remove unnecessary SyncService
* error toast not showing on ErrorResponse
* bad import due to merge conflict
* bad import due to merge conflict
* missing loading in remove password component for browser extension
* error handling in remove password component
* organization observable race condition in key-connector
* usesKeyConnector always returns boolean
* unit test coverage
* key connector reactive
* reactive key connector service
* introducing convertAccountRequired$
* cli build fix
* moving message sending side effect to sync
* key connector service unit tests
* fix unit tests
* move key connector components to KM team ownership
* new unit tests in wrong place
* key connector domain shown in remove password component
* type safety improvements
* convert to key connector command localization
* key connector domain in convert to key connector command
* convert to key connector command unit tests with prompt assert
* organization name placement change in the remove password component
* unit test update
* show key connector domain for new sso users
* confirm key connector domain page does not require auth guard
* confirm key connector domain page showing correctly
* key connector url required to be provided when migrating user
* missing locales
* desktop styling
* have to sync and navigate to vault after key connector keys exchange
* logging verbosity
* splitting the web client
* splitting the browser client
* cleanup
* splitting the desktop client
* cleanup
* cleanup
* not necessary if condition
* key connector domain tests fix for sso componrnt and login strategy
* confirm key connector domain base component unit tests coverage
* confirm key connector domain command for cli
* confirm key connector domain command for cli unit tests
* design adjustments
removed repeated text, vertical buttons on desktop, wrong paddings on browser extension
* key connector service unit test coverage
* new linting rules fixes
* accept invitation to organization called twice results in error.
Web vault remembers it's original route destination, which we do not want in case of accepting invitation and Key Connector, since provisioning new user through SSO and Key Connector, the user is already accepted.
* moved required key connector domain confirmation into state
* revert redirect from auth guard
* cleanup
* sso-login.strategy unit test failing
* two-factor-auth.component unit test failing
* two-factor-auth.component unit test coverage
* cli unit test failing
* removal of redundant logs
* removal of un-necessary new lines
* consolidated component
* consolidated component css cleanup
* use KdfConfig type
* consolidate KDF into KdfConfig type in identity token response
* moving KC requiresDomainConfirmation lower in order, after successful auth
* simplification of trySetUserKeyWithMasterKey
* redirect to confirm key connector route when locked but can't unlock yet
---------
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
Adds `shouldUpdate()` checks to frequently updated disk state in the Auth domain, specifically:
- `account_verifyNewDeviceLogin`
- `token_accessToken`
- `token_refreshToken`
- `masterPassword_masterKeyHash`
This ensures that the state only updates if the new value is different from the previous value, thus avoiding unnecessary updates.
* Move pin service to km ownership
* Run format
* Eslint
* Fix tsconfig
* Fix imports and test
* Clean up imports
* Remove unused dependency on PinService
* Fix comments
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* Introduce ActiveUserAccessor
* Use ActiveUserAccessor over AccountService
* Updates tests and testing utils to support ActiveUserAccessor
* Update all injection points
* Fix types test
* Use ternary instead
Migrates the abstract classes in libs/common to be strict ts compatible. Primarily by adding abstract to every field and converting it to a function syntax instead of lambda.
Creates a new `DeviceManagementComponent` that fetches devices and formats them before handing them off to a view component for display.
View components:
- `DeviceManagementTableComponent` - displays on medium to large screens
- `DeviceManagementItemGroupComponent` - displays on small screens
Feature flag: `PM14938_BrowserExtensionLoginApproval`
* feat(change-password-component): Change Password Update [18720] - Very close to complete.
* fix(policy-enforcement): [PM-21085] Fix Bug with Policy Enforcement - Removed temp code to force the state I need to verify correctness.
* fix(policy-enforcement): [PM-21085] Fix Bug with Policy Enforcement - Recover account working with change password component.
* fix(policy-enforcement): [PM-21085] Fix Bug with Policy Enforcement - Made code more dry.
* fix(change-password-component): Change Password Update [18720] - Updates to routing and the extension. Extension is still a wip.
* fix(change-password-component): Change Password Update [18720] - Extension routing changes.
* feat(change-password-component): Change Password Update [18720] - More extension work
* feat(change-password-component): Change Password Update [18720] - Pausing work for now while we wait for product to hear back.
* feat(change-password-component): Change Password Update [18720] - Removed duplicated anon layouts.
* feat(change-password-component): Change Password Update [18720] - Tidied up code.
* feat(change-password-component): Change Password Update [18720] - Small fixes to the styling
* feat(change-password-component): Change Password Update [18720] - Adding more content for the routing.
* feat(change-password-component): Change Password Update [18720] - Removed circular loop for now.
* feat(change-password-component): Change Password Update [18720] - Made comments regarding the change password routing complexities with change-password and auth guard.
* feat(change-password-component): Change Password Update [18720] - Undid some changes because they will be conflicts later on.
* feat(change-password-component): Change Password Update [18720] - Small directive change.
* feat(change-password-component): Change Password Update [18720] - Small changes and added some clarification on where I'm blocked
* feat(change-password-component): Change Password Update [18720] - Org invite is seemingly working, found one bug to iron out.
* refactor(change-password-component): Change Password Update [18720] - Fixed up policy service to be made more clear.
* docs(change-password-component): Change Password Update [18720] - Updated documentation.
* refactor(change-password-component): Change Password Update [18720] - Routing changes and policy service changes.
* fix(change-password-component): Change Password Update [18720] - Wrapping up changes.
* feat(change-password-component): Change Password Update [18720] - Should be working fully
* feat(change-password-component): Change Password Update [18720] - Found a bug, working on password policy being present on login.
* feat(change-password-component): Change Password Update [18720] - Turned on auth guard on other clients for change-password route.
* feat(change-password-component): Change Password Update [18720] - Committing intermediate changes.
* feat(change-password-component): Change Password Update [18720] - The master password policy endpoint has been added! Should be working. Testing now.
* feat(change-password-component): Change Password Update [18720] - Minor fixes.
* feat(change-password-component): Change Password Update [18720] - Undid naming change.
* feat(change-password-component): Change Password Update [18720] - Removed comment.
* feat(change-password-component): Change Password Update [18720] - Removed unneeded code.
* fix(change-password-component): Change Password Update [18720] - Took org invite state out of service and made it accessible.
* fix(change-password-component): Change Password Update [18720] - Small changes.
* fix(change-password-component): Change Password Update [18720] - Split up org invite service into client specific implementations and have them injected into clients properly
* feat(change-password-component): Change Password Update [18720] - Stopping work and going to switch to a new branch to pare down some of the solutions that were made to get this over the finish line
* feat(change-password-component): Change Password Update [18720] - Started to remove functionality in the login.component and the password login strategy.
* feat(change-password-component): Change Password Update [18720] - Removed more unneded changes.
* feat(change-password-component): Change Password Update [18720] - Change password clearing state working properly.
* fix(change-password-component): Change Password Update [18720] - Added docs and moved web implementation.
* comments(change-password-component): Change Password Update [18720] - Added more notes.
* test(change-password-component): Change Password Update [18720] - Added in tests for policy service.
* comment(change-password-component): Change Password Update [18720] - Updated doc with correct ticket number.
* comment(change-password-component): Change Password Update [18720] - Fixed doc.
* test(change-password-component): Change Password Update [18720] - Fixed tests.
* test(change-password-component): Change Password Update [18720] - Fixed linting errors. Have more tests to fix.
* test(change-password-component): Change Password Update [18720] - Added back in ignore for typesafety.
* fix(change-password-component): Change Password Update [18720] - Fixed other type issues.
* test(change-password-component): Change Password Update [18720] - Fixed tests.
* test(change-password-component): Change Password Update [18720] - Fixed more tests.
* test(change-password-component): Change Password Update [18720] - Fixed tiny duplicate code.
* fix(change-password-component): Change Password Update [18720] - Fixed desktop component.
* fix(change-password-component): Change Password Update [18720] - Removed unused code
* fix(change-password-component): Change Password Update [18720] - Fixed locales.
* fix(change-password-component): Change Password Update [18720] - Removed tracing.
* fix(change-password-component): Change Password Update [18720] - Removed duplicative services module entry.
* fix(change-password-component): Change Password Update [18720] - Added comment.
* fix(change-password-component): Change Password Update [18720] - Fixed unneeded call in two factor to get user id.
* fix(change-password-component): Change Password Update [18720] - Fixed a couple of tiny things.
* fix(change-password-component): Change Password Update [18720] - Added comment for later fix.
* fix(change-password-component): Change Password Update [18720] - Fixed linting error.
* PM-18720 - AuthGuard - move call to get isChangePasswordFlagOn down after other conditions for efficiency.
* PM-18720 - PasswordLoginStrategy tests - test new feature flagged combine org invite policies logic for weak password evaluation.
* PM-18720 - CLI - fix dep issue
* PM-18720 - ChangePasswordComp - extract change password warning up out of input password component
* PM-18720 - InputPassword - remove unused dependency.
* PM-18720 - ChangePasswordComp - add callout dep
* PM-18720 - Revert all anon-layout changes
* PM-18720 - Anon Layout - finish reverting changes.
* PM-18720 - WIP move of change password out of libs/auth
* PM-18720 - Clean up remaining imports from moving change password out of libs/auth
* PM-18720 - Add change-password barrel file for better import grouping
* PM-18720 - Change Password comp - restore maxWidth
* PM-18720 - After merge, fix errors
* PM-18720 - Desktop - fix api service import
* PM-18720 - NDV - fix routing.
* PM-18720 - Change Password Comp - add logout service todo
* PM-18720 - PasswordSettings - per feedback, component is already feature flagged behind PM16117_ChangeExistingPasswordRefactor so we can just delete the replaced callout (new text is in change-password comp)
* PM-18720 - Routing Modules - properly flag new component behind feature flag.
* PM-18720 - SSO Login Strategy - fix config service import since it is now in shared deps from main merge.
* PM-18720 - Fix SSO login strategy tests
* PM-18720 - Default Policy Service - address AC PR feedback
---------
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
When a user logs in via SSO after their org has offboarded from TDE, we now show them a helpful error message stating that they must either login on a Trusted device, or ask their admin to assign them a password.
Feature flag: `PM16117_SetInitialPasswordRefactor`
This PR makes it so that `SetInitialPasswordComponent` handles the TDE offboarding flow where an org user now needs to set an initial master password.
Feature flag: `PM16117_SetInitialPasswordRefactor`
* feat: Create methods for calling GET auth-request/pending endpoint.
* feat: update banner service on web, and desktop vault
* test: updated banner test to use auth request services
* fix: DI fixes
* feat: add RequestDeviceId to AuthRequestResponse
* fix: add Browser Approvals feature flags to desktop vault and web vault banner service
* test: fix tests for feature flag
* first draft at an idea dependency graph
* ignore existing errors
* remove conflicting rule regarding internal platform logic in libs
* review: allow components to import from platform
* fix(enums-eslint): Enum Rule for ESLint - Added enums in the warnings for eslint.
* fix(enums-eslint): Enum Rule for ESLint - Updated to error in both places for enums.
* fix(enums-eslint): Enum Rule for ESLint - Added new eslint plugin for warning on enums.
* fix(enums-eslint): Enum Rule for ESLint - Changed based on suggestion.
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* refactor(browser-platform-utils): Remove Deprecation and Fix Code - Changed usages of firefox to private and moved the usages to the preferred public method and removed the deprecations.
* fix(enums-eslint): Enum Rule for ESLint - Updated to error and added disable rules for all other places.
* fix(enums-eslint): Enum Rule for ESLint - Undid other changes by accident
