* Remove `ts-strict-ignore` from fido2 page
* Update typing issue
* Fix AssertCredentialResult type issue
* Remove non null assertions and add type guard
* Addresses topWindow non null assertion
* remove redundant check and remove ts strict from messenger
---------
Co-authored-by: Jonathan Prusik <jprusik@users.noreply.github.com>
Co-authored-by: Daniel Riera <driera@livefront.com>
* [PM-28079] Add attributes to filter for the mutationObserver
* Update attributes based on Claude suggestions
* Updated remaining attributes
* Adjust placeholder check in `updateAutofillFieldElementData`
* Update ordering of constants and add comment
* Remove `tagName` and `value` from mutation logic
* Add new autocomplete and aria attributes to `updateActions`
* Fix autocomplete handlers
* Fix broken test for `updateAttributes`
* Order attributes for readability in `updateActions`
* Fix tests
---------
Co-authored-by: Jonathan Prusik <jprusik@users.noreply.github.com>
* Initial changes to look at phishing indexeddb service and removal of obsolete compression code
* Convert background update to rxjs format and trigger via subject. Update test cases
* Added addUrls function to use instead of saveUrls so appending daily does not clear all urls
* Added debug logs to phishing-indexeddb service
* Added a fallback url when downloading phishing url list
* Remove obsolete comments
* Fix testUrl default, false scenario and test cases
* Add default return on isPhishingWebAddress
* Added log statement
* Change hostname to href in hasUrl check
* Save fallback response
* Fix matching subpaths in links. Update test cases
* Fix meta data updates storing last checked instead of last updated
* Update QA phishing url to be normalized
* Filter web addresses
* Return previous meta to keep subscription alive
* Change indexeddb lookup from loading all to cursor search
* fix(phishing): improve performance and fix URL matching in phishing detection
Problem:
The cursor-based search takes ~25 seconds to scan the entire phishing database.
For non-phishing URLs (99% of cases), this full scan runs to completion every time.
Before these fixes, opening a new tab triggered this sequence:
1. chrome://newtab/ fires a phishing check
2. Sequential concatMap blocks while cursor scans all 500k+ URLs (~25 sec)
3. User pastes actual URL and hits enter
4. That URL's check waits in queue behind the chrome:// check
5. Total delay: ~50+ seconds for a simple "open tab, paste link" workflow
Even for legitimate phishing checks, the cursor search could take up to 25 seconds
per URL when the fast hasUrl lookup misses due to trailing slash mismatches.
Changes:
phishing-data.service.ts:
- Add protocol filter to early-return for non-http(s) URLs, avoiding
expensive IndexedDB operations for chrome://, about:, file:// URLs
- Add trailing slash normalization for hasUrl lookup - browsers add
trailing slashes but DB entries may not have them, causing O(1) lookups
to miss and fall back to O(n) cursor search unnecessarily
- Add debug logging for hasUrl checks and timing metrics for cursor-based
search to aid performance debugging
phishing-detection.service.ts:
- Replace concatMap with mergeMap for parallel tab processing - each tab
check now runs independently instead of sequentially
- Add concurrency limit of 5 to prevent overwhelming IndexedDB while still
allowing parallel execution
Result:
- New tabs are instant (no IndexedDB calls for non-web URLs)
- One slow phishing check doesn't block other tabs
- Common URL patterns hit the fast O(1) path instead of O(n) cursor scan
* performance debug logs
* disable custom match because too slow
* spec fix
---------
Co-authored-by: Alex <adewitt@bitwarden.com>
* don't use filename for download attachment label
* fix scroll position in browser vault
* Revert "fix scroll position in browser vault"
This reverts commit 8e415f2c89.
* fix test
* Migrate create and edit operations to use SDK for ciphers
* WIP: Adds admin call to edit ciphers with SDK
* Add client version to SDK intialization settings
* Remove console.log statements
* Adds originalCipherId and collectionIds to updateCipher
* Update tests for new cipehrService interfaces
* Rename SdkCipherOperations feature flag
* Add call to Admin edit SDK if flag is passed
* Add tests for SDK path
* Revert changes to .npmrc
* Remove outdated comments
* Fix feature flag name
* Fix UUID format in cipher.service.spec.ts
* Update calls to cipherService.updateWithServer and .createWithServer to new interface
* Update CLI and Desktop to use new cipherSErvice interfaces
* Fix tests for new cipherService interface change
* Bump sdk-internal and commercial-sdk-internal versions to 0.2.0-main.439
* Fix linting errors
* Fix typescript errors impacted by this chnage
* Fix caching issue on browser extension when using SDK cipher ops.
* Remove commented code
* Fix bug causing race condition due to not consuming / awaiting observable.
* Add missing 'await' to decrypt call
* Clean up unnecessary else statements and fix function naming
* Add comments for this.clearCache
* Add tests for SDK CipherView conversion functions
* Replace sdkservice with cipher-sdk.service
* Fix import issues in browser
* Fix import issues in cli
* Fix type issues
* Fix type issues
* Fix type issues
* Fix test that fails sporadically due to timing issue
* Initial changes to look at phishing indexeddb service and removal of obsolete compression code
* Convert background update to rxjs format and trigger via subject. Update test cases
* Added addUrls function to use instead of saveUrls so appending daily does not clear all urls
* Added debug logs to phishing-indexeddb service
* Added a fallback url when downloading phishing url list
* Remove obsolete comments
* Fix testUrl default, false scenario and test cases
* Add default return on isPhishingWebAddress
* Added log statement
* Change hostname to href in hasUrl check
* Save fallback response
* Fix matching subpaths in links. Update test cases
* Fix meta data updates storing last checked instead of last updated
* Update QA phishing url to be normalized
* Filter web addresses
* Return previous meta to keep subscription alive
* PM-13632: Enable sign in with passkeys in the browser extension
* Refactor component + Icon fix
This commit refactors the login-via-webauthn commit as per @JaredSnider-Bitwarden suggestions. It also fixes an existing issue where Icons are not displayed properly on the web vault.
Remove old one.
Rename the file
Working refactor
Removed the icon from the component
Fixed icons not showing. Changed layout to be 'embedded'
* Add tracking links
* Update app.module.ts
* Remove default Icons on load
* Remove login.module.ts
* Add env changer to the passkey component
* Remove leftover dependencies
* PRF Unlock
Cleanup and testes
* Workaround prf type missing
* Fix any type
* Undo accidental cleanup to keep PR focused
* Undo accidental cleanup to keep PR focused
* Cleaned up public interface
* Use UserId type
* Typed UserId and improved isPrfUnlockAvailable
* Rename key and use zero challenge array
* logservice
* Cleanup rpId handling
* Refactor to separate component + icon
* Moved the prf unlock service impl.
* Fix broken test
* fix tests
* Use isChromium
* Update services.module.ts
* missing , in locales
* Update desktop-lock-component.service.ts
* Fix more desktoptests
* Expect a single UnlockOption from IdTokenResponse, but multiple from sync
* Missing s
* remove catches
* Use new control flow in unlock-via-prf.component.ts
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* Changed throw behaviour of unlockVaultWithPrf
* remove timeout comment
* refactired webauthm-prf-unlock.service internally
* WebAuthnPrfUnlockServiceAbstraction -> WebAuthnPrfUnlockService
* Fixed any and bad import
* Fix errors after merge
* Added missing PinServiceAbstraction
* Fixed format
* Removed @Inject()
* Fix broken tests after Inject removal
* Return userkey instead of setting it
* Used input/output signals
* removed duplicate MessageSender registration
* nit: Made import relative
* Disable onPush requirement because it would need refactoring the component
* Added feature flag (#17494)
* Fixed ById from main
* Import feature flag from file
* Add missing test providers for MasterPasswordLockComponent
Add WebAuthnPrfUnlockService and DialogService mocks to fix test failures
caused by UnlockViaPrfComponent dependencies.
---------
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* [PM-30906] Refactor AutoConfirmNudgeService to be Browser specific and add additional documentation detailing when this is necessary
* [PM-30906] Add README.md for custom nudge services
* add PhishingIndexedDbService for IndexedDB storage
Add a dedicated IndexedDB storage service for phishing detection data.
This service provides save, load, and clear operations using IndexedDB
instead of chrome.storage.local to avoid broadcast overhead, size
limitations, and JSON serialization cost for large datasets.
* add unit tests for PhishingIndexedDbService
Add comprehensive tests for save, load, and clear operations with
mocked IndexedDB. Tests cover success cases, error handling, and
database initialization with object store creation.
* add PhishingIndexedDbService core structure
- Add IndexedDB service with per-operation database opening
- Define PhishingUrlRecord type for row storage
- Include clearStore helper for atomic data replacement
- Service worker safe: no cached connections
* add saveUrls with chunked writes
- Add PhishingUrlRecord type for row storage
- Store each URL as individual row
- Chunk writes at 50K per transaction for responsiveness
- Atomic replacement: clear then save
* add hasUrl for lookups
- Direct IndexedDB index lookup via keyPath
- Returns boolean, handles errors gracefully
* add loadAllUrls with cursor iteration
- Cursor-based bulk load for fallback scenarios
- Memory-efficient: no intermediate array duplication
- Returns empty array on error
* add saveUrlsFromStream for memory efficiency
- Stream directly from fetch response body
- Parse newline-delimited URLs incrementally
- Reuse chunked save infrastructure
* update PhishingIndexedDbService tests
- Replace blob-based tests with row-per-URL API tests
- Test saveUrls, hasUrl, loadAllUrls, saveUrlsFromStream
- Verify chunked writes and cursor iteration
- Use stream/web ReadableStream with type cast for Node.js compatibility
* use proper URL syntax and cleanup global state
Update test data to use proper URL syntax with https:// prefix to match
real phishing.database format. Add cleanup of global.indexedDB in
afterEach to prevent test pollution.
* improve stream processing correctness and efficiency
- Move decoder.decode() before done check with { stream: !done } to flush properly
- Use array reassignment instead of splice() for O(1) chunk clearing
- Use single trim via local variable to avoid double-trim
- Centralize URL cleaning in saveChunked(), simplify saveChunk()
- Use explicit urls.length > 0 comparison
* duplicate urls test
* split final buffer by newlines
* WIP
* add new link styles
* update link stories
* skip default screenshot as variations are covered in other stories
* updated docs and story background
* make default the default linkType value
* remove references to primary link type in CL
* use better bg colors in stories
* remove duplicate linkType
* update aria-disabled text to use new palette
* add back primary link type to story
* fix capitolization
* add backticks to variant names in docs
* remove important from link styles
* fix generic selector to find correct button
* fix capitolization
* mark variants as deprecated in docs
* fix link hover text colors
* add `routeAfterDeletion` for edit screen to redirect the user to the correct location after deleting an archived cipher
* use `historyGo` to preserve the back invocations
* fix duplicate import
* Add logs for debugging in phishing-detection-settings.service
* Update phishing data service to separate web addresses from meta data for performant writes. Store compressed string instead of array
* Cleanup
* Updated test cases
* Cleanup comments
* Fix fallback encoding/decoding mismatch
* Fix type checking
* initialize timer to null
* default undefined length to 0 using nullish operator
* optional chaining and explicit null check on tab presence
* add optional chainning where relevant for sender tab id
* explicit null checks and data guards set for sender and modifyLoginData
* address feedback and make explicit undefined checks to avoid possible valid tabid rejection
* explicit tab check on setupNotificationInitTrigger
* early return if no cipher before switch case
* explicit null checks within switch cases for early returns
* lower cipher check and add to explicit checks
* add test cases for null values
* format spec file
Migrated vault filters to new v3 vault's navigation
* Decoupled existing vault filtering from vault component by using routed params with routed-vault-filter-bridge
* Converted vault filters to standalone components
* Removed extending filter Base Components from deprecated /libs/angular library and handled logic directly
* Moved shared 'models' and 'services' directories from web-vault into /libs/vault
* last is dead code, remove completely
* pass required true so that angular enforces at runtime and run apply a definitive assignment assertion since angulars input binding is running before use
* finalize new UI elements for archive/unarchive
* add tests
* add missing service
* add tests
* updates to edit and view pages
* use structureClone
* fix lint
* fix typo
* clean up return types
* fixes to archive UI
* fix tests
* use @if and userId$
