* [EC-1070] Introduce flag for enforcing master password policy on login
* [EC-1070] Update master password policy form
Add the ability to toggle enforceOnLogin flag in web
* [EC-1070] Add API method to retrieve all policies for the current user
* [EC-1070] Refactor forcePasswordReset in state service to support more options
- Use an options class to provide a reason and optional organization id
- Use the OnDiskMemory storage location so the option persists between the same auth session
* [AC-1070] Retrieve single master password policy from identity token response
Additionally, store the policy in the login strategy for future use
* [EC-1070] Introduce master password evaluation in the password login strategy
- If a master password policy is returned from the identity result, evaluate the password.
- If the password does not meet the requirements, save the forcePasswordReset options
- Add support for 2FA by storing the results of the password evaluation on the login strategy instance
- Add unit tests to password login strategy
* [AC-1070] Modify admin password reset component to support update master password on login
- Modify the warning message to depend on the reason
- Use the forcePasswordResetOptions in the update temp password component
* [EC-1070] Require current master password when updating weak mp on login
- Inject user verification service to verify the user
- Conditionally show the current master password field only when updating a weak mp. Admin reset does not require the current master password.
* [EC-1070] Implement password policy check during vault unlock
Checking the master password during unlock is the only applicable place to enforce the master password policy check for SSO users.
* [EC-1070] CLI - Add ability to load MP policies on login
Inject policyApi and organization services into the login command
* [EC-1070] CLI - Refactor update temp password logic to support updating weak passwords
- Introduce new shared method for collecting a valid and confirmed master password from the CLI and generating a new encryption key
- Add separate methods for updating temp passwords and weak passwords.
- Utilize those methods during login flow if not using an API key
* [EC-1070] Add route guard to force password reset when required
* [AC-1070] Use master password policy from verify password response in lock component
* [EC-1070] Update labels in update password component
* [AC-1070] Fix policy service tests
* [AC-1070] CLI - Force sync before any password reset flow
Move up the call to sync the vault before attempting to collect a new master password. Ensures the master password policies are available.
* [AC-1070] Remove unused getAllPolicies method from policy api service
* [AC-1070] Fix missing enforceOnLogin copy in policy service
* [AC-1070] Include current master password on desktop/browser update password page templates
* [AC-1070] Check for forced password reset on account switch in Desktop
* [AC-1070] Rename WeakMasterPasswordOnLogin to WeakMasterPassword
* [AC-1070] Update AuthServiceInitOptions
* [AC-1070] Add None force reset password reason
* [AC-1070] Remove redundant ForcePasswordResetOptions class and replace with ForcePasswordResetReason enum
* [AC-1070] Rename ForceResetPasswordReason file
* [AC-1070] Simplify conditional
* [AC-1070] Refactor logic that saves password reset flag
* [AC-1070] Remove redundant constructors
* [AC-1070] Remove unnecessary state service call
* [AC-1070] Update master password policy component
- Use typed reactive form
- Use CL form components
- Remove bootstrap
- Update error component to support min/max
- Use Utils.minimumPasswordLength value for min value form validation
* [AC-1070] Cleanup leftover html comment
* [AC-1070] Remove overridden default values from MasterPasswordPolicyResponse
* [AC-1070] Hide current master password input in browser for admin password reset
* [AC-1070] Remove clientside user verification
* [AC-1070] Update temp password web component to use CL
- Use CL for form inputs in the Web component template
- Remove most of the bootstrap classes in the Web component template
- Use userVerificationService to build the password request
- Remove redundant current master password null check
* [AC-1070] Replace repeated user inputs email parsing helpers
- Update passwordStrength() method to accept an optional email argument that will be parsed into separate user inputs for use with zxcvbn
- Remove all other repeated getUserInput helper methods that parsed user emails and use the new passwordStrength signature
* [AC-1070] Fix broken login command after forcePasswordReset enum refactor
* [AC-1070] Reduce side effects in base login strategy
- Remove masterPasswordPolicy property from base login.strategy.ts
- Include an IdentityResponse in base startLogin() in addition to AuthResult
- Use the new IdentityResponse to parse the master password policy info only in the PasswordLoginStrategy
* [AC-1070] Cleanup password login strategy tests
* [AC-1070] Remove unused field
* [AC-1070] Strongly type postAccountVerifyPassword API service method
- Remove redundant verify master password response
- Use MasterPasswordPolicyResponse instead
* [AC-1070] Use ForceResetPassword.None during account switch check
* [AC-1070] Fix check for forcePasswordReset reason after addition of None
* [AC-1070] Redirect a user home if on the update temp password page without a reason
* [AC-1070] Use bit-select and bit-option
* [AC-1070] Reduce explicit form control definitions for readability
* [AC-1070] Import SelectModule in Shared web module
* [AC-1070] Add check for missing 'at' symbol
* [AC-1070] Remove redundant unpacking and null coalescing
* [AC-1070] Update passwordStrength signature and add jsdocs
* [AC-1070] Remove variable abbreviation
* [AC-1070] Restore Id attributes on form inputs
* [AC-1070] Clarify input value min/max error messages
* [AC-1070] Add input min/max value example to storybook
* [AC-1070] Add missing spinner to update temp password form
* [AC-1070] Add missing ids to form elements
* [AC-1070] Remove duplicate force sync and update comment
* [AC-1070] Switch backticks to quotation marks
---------
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* Split out api methods into sendApiService
* Move SendService and abstraction
* Libs updates
* Web updates
* CLI updates
* Desktop updates
* libs send service fixes
* browser factory additions
* Browser updates
* Fix service injection for CLI SendReceiveCommand
* Deprecate directly calling send state service methods
* SendService observables updates
* Update components to use new observables
* Modify CLI to use state service instead of observables
* Remove unnecessary await on get()
* Move delete() to InternalSendService
* SendService unit tests
* Split fileUploadService by send and cipher
* send and cipher service factory updates
* Add file upload methods to get around circular dependency issues
* Move api methods from sendService to sendApiService
* Update cipherService to use fileApi methods
* libs service injection and component changes
* browser service injection and component changes
* Desktop component changes
* Web component changes
* cipher service test fix
* Fix file capitalization
* CLI service import and command updates
* Remove extra abstract fileUploadService
* WIP: Condense callbacks for file upload
Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
* Send callbacks for file upload
* Fix circular service dependencies
* Fix response return on upload
* Fix function definitions
* Service injection fixes and bug fixes
* Fix folder casing
* Service injection cleanup
* Remove deleted file from capital letters whitelist
* Create new SendApiService for popup
* Move cipherFileUploadService to vault
* Move SendFileUploadService methods into SendApiService
* Rename methods to remove 'WithServer'
* Properly subscribe to sendViews
* Fix Send serialization
* Implement fromJSON on sendFile and sendText
* [PM-1347] Fix send key serialization (#4989)
* Properly serialize key on send fromJSON
* Remove call that nulled out decrypted sends
* Fix null checks in fromJSON methods for models
* lint fixes
---------
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
* add settingsService.getEquivalentDomains
* check that an iframe URL matches cipher.login.uris before autofilling
* disable autofill on page load if it doesn't match
* show a warning to the user on regular autofill if it doesn't match
---------
Co-authored-by: Todd Martin <106564991+trmartin4@users.noreply.github.com>
Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
* [EC-1046] add activate autofill policy to web
* [EC-1046] add local setting if policy needs to be set
* [AC-1046] activate autofill on page load if flag exists
* [AC-1046] move activation to current tab page
* [AC-1046] add warning to autofill policy
* [AC-1046] add useActivateAutofillPolicy to organization reponse
* [AC-1046] autofill to auto-fill
* Move auth service factories to Auth team
* Move authentication componenets to Auth team
* Move auth guard services to Auth team
* Move Duo content script to Auth team
* Move auth CLI commands to Auth team
* Move Desktop Account components to Auth Team
* Move Desktop guards to Auth team
* Move two-factor provider images to Auth team
* Move web Accounts components to Auth Team
* Move web settings components to Auth Team
* Move web two factor images to Auth Team
* Fix missed import changes for Auth Team
* Fix Linting errors
* Fix missed CLI imports
* Fix missed Desktop imports
* Revert images move
* Fix missed imports in Web
* Move angular lib components to Auth Team
* Move angular auth guards to Auth team
* Move strategy specs to Auth team
* Update .eslintignore for new paths
* Move lib common abstractions to Auth team
* Move services to Auth team
* Move common lib enums to Auth team
* Move webauthn iframe to Auth team
* Move lib common domain models to Auth team
* Move common lib requests to Auth team
* Move response models to Auth team
* Clean up whitelist
* Move bit web components to Auth team
* Move SSO and SCIM files to Auth team
* Revert move SCIM to Auth team
SCIM belongs to Admin Console team
* Move captcha to Auth team
* Move key connector to Auth team
* Move emergency access to auth team
* Delete extra file
* linter fixes
* Move kdf config to auth team
* Fix whitelist
* Fix duo autoformat
* Complete two factor provider request move
* Fix whitelist names
* Fix login capitalization
* Revert hint dependency reordering
* Revert hint dependency reordering
* Revert hint component
This components is being picked up as a move between clients
* Move web hint component to Auth team
* Move new files to auth team
* Fix desktop build
* Fix browser build
* Added abstractions for PolicyApiService and PolicyService
* Added implementations for PolicyApiService and PolicyService
* Updated all references to new PolicyApiService and PolicyService
* Deleted old PolicyService abstraction and implementation
* Fixed CLI import path for policy.service
* Fixed main.background.ts policyApiService dependency for policyService
* Ran prettier
* Updated policy-api.service with the correct imports
* [EC-377] Removed methods from StateService that read policies
* [EC-377] Updated policy service getAll method to use observable collection
* [EC-377] Added first unit tests for policy service
* [EC-377] Added more unit tests for Policy Service
* [EC-376] Sorted methods order in PolicyApiService
* [EC-376] Removed unused clearCache method from PolicyService
* [EC-376] Added upsert method to PolicyService
* [EC-376] PolicyApiService putPolicy method now upserts data to PolicyService
* [EC-377] Removed tests for deleted clearCache method
* [EC-377] Added unit test for PolicyService.upsert
* [EC-377] Updated references to state service observables
* [EC-377] Removed getAll method from PolicyService and refactored components to use observable collection
* [EC-377] Updated components to use concatMap instead of async subscribe
* [EC-377] Removed getPolicyForOrganization from policyApiService
* [EC-377] Updated policyAppliesToUser to return observable collection
* [EC-377] Changed policyService.policyAppliesToUser to return observable
* [EC-377] Fixed browser settings.component.ts getting vault timeout
* Updated people.component.ts to get ResetPassword policy through a subscription
* [EC-377] Changed passwordGenerationService.getOptions to return observable
* [EC-377] Fixed CLI generate.command.ts getting enforcePasswordGeneratorPoliciesOnOptions
* [EC-377] Fixed eslint errors on rxjs
* [EC-377] Reverted changes on passwordGeneration.service and vaultTimeout.service
* [EC-377] Removed eslint disable on web/vault/add-edit-component
* [EC-377] Changed AccountData.policies to TemporaryDataEncryption
* [EC-377] Updated import.component to be reactive to policyAppliesToUser$
* [EC-377] Updated importBlockedByPolicy$
* [EC-377] Fixed missing rename
* [EC-377] Updated policyService.masterPasswordPolicyOptions to return observable
* [EC-377] Fixed vaultTimeout imports from merge
* [EC-377] Reverted call to passwordGenerationService.getOptions
* [EC-377] Reverted call to enforcePasswordGeneratorPoliciesOnOptions
* [EC-377] Removed unneeded ngOnDestroy
* Apply suggestions from code review
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* [EC-377] Fixed login.component.ts and register.component.ts
* [EC-377] Updated PolicyService to update vaultTimeout
* [EC-377] Updated PolicyService dependencies
* [EC-377] Renamed policyAppliesToUser to policyAppliesToActiveUser
* [EC-377] VaultTimeoutSettings service now gets the vault timeout directly instead of using observables
* [EC-377] Fixed unit tests by removing unneeded vaultTimeoutSettingsService
* [EC-377] Set getDecryptedPolicies and setDecryptedPolicies as deprecated
* [EC-377] Set PolicyService.getAll as deprecated and updated to use prototype.hasOwnProperty
* [EC-565] Reverted unintended change to vaultTimeoutSettings that was causing a bug to not display the correct vault timeout
* [EC-377] Removed unneeded destroy$ from preferences.component.ts
* [EC-377] Fixed policy.service.ts import of OrganizationService
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
Co-authored-by: mimartin12 <77340197+mimartin12@users.noreply.github.com>
* Update imports
* Implement observables in a few places
* Add tests
* Get all clients working
* Use _destroy
* Address PR feedback
* Address PR feedback
* Address feedback
* [SG-523] Base test runner app for native messages (#3269)
* Base test runner app for native messages
* Remove default test script
* Add case for canceled status
* Modify to allow usage of libs crypto services and functions
* Small adjustments
* Handshake request (#3277)
* Handshake request
* Fix capitalization
* Update info text
* lock node-ipc to 9.2.1
* [SG-569] Native Messaging settings bug (#3285)
* Fix bug where updating setting wasn't starting the native messaging listener
* Update test runner error message
* [SG-532] Implement Status command in Native Messaging Service (#3310)
* Status command start
* Refactor ipc test service and add status command
* fixed linter errors
* Move types into a model file
* Cleanup and comments
* Fix auth status condition
* Remove .vscode settings file. Fix this in a separate work item
* Add active field to status response
* Extract native messaging types into their own files
* Remove experimental decorators
* Turn off no console lint rule for the test runner
* Casing fix
* Models import casing fixes
* Remove in progress file (merge error)
* Move models to their own folder and add index.ts
* Remove file that got un-deleted
* Remove file that will be added in separate command
* Fix imports that got borked
* [SG-533] Implement bw-credential-retrieval (#3334)
* Status command start
* Refactor ipc test service and add status command
* fixed linter errors
* Move types into a model file
* Cleanup and comments
* Fix auth status condition
* Remove .vscode settings file. Fix this in a separate work item
* Implement bw-credential-retrieval
* Add active field to status response
* Extract native messaging types into their own files
* Remove experimental decorators
* Turn off no console lint rule for the test runner
* Casing fix
* Models import casing fixes
* Add error handling for passing a bad public key to handshake
* [SG-534] and [SG-535] Implement Credential Create and Update commands (#3342)
* Status command start
* Refactor ipc test service and add status command
* fixed linter errors
* Move types into a model file
* Cleanup and comments
* Fix auth status condition
* Remove .vscode settings file. Fix this in a separate work item
* Implement bw-credential-retrieval
* Add active field to status response
* Add bw-credential-create
* Better response handling in test runner
* Extract native messaging types into their own files
* Remove experimental decorators
* Turn off no console lint rule for the test runner
* Casing fix
* Models import casing fixes
* bw-cipher-create move type into its own file
* Use LogUtils for all logging
* Implement bw-credential-update
* Give naming conventions for types
* Rename file correctly
* Update handleEncyptedMessage with EncString changes
* [SG-626] Fix Desktop app not showing updated credentials from native messages (#3380)
* Add MessagingService to send messages on login create and update
* Add `not-active-user` error to create and update and other refactors
* [SG-536] Implement bw-generate-password (#3370)
* implement bw-generate-password
* Fix merge conflict resolution errors
* Update apps/desktop/native-messaging-test-runner/src/bw-generate-password.ts
Co-authored-by: Addison Beck <addisonbeck1@gmail.com>
* Logging improvements
* Add NativeMessagingVersion enum
* Add version check in NativeMessagingHandler
Co-authored-by: Addison Beck <addisonbeck1@gmail.com>
* Refactor account status checks and check for locked state in generate command (#3461)
* Add feawture flag to show/hide ddg setting (#3506)
* [SG-649] Add confirmation dialog and tweak shared key retrieval (#3451)
* Add confirmation dialog when completing handshake
* Copy updates for dialog
* HandshakeResponse type fixes
* Add longer timeout for handshake command
* [SG-663] RefactorNativeMessagingHandlerService and strengthen typing (#3551)
* NativeMessageHandlerService refactor and additional types
* Return empty array if no uri to retrieve command
* Move commands from test runner into a separate folder
* Fix bug where confirmation dialog messes with styling
* Enable DDG feature
* Fix generated password not saving to history
* Take credentialId as parameter to update
* Add applicationName to handshake payload
* Add warning text to confirmation modal
Co-authored-by: Addison Beck <addisonbeck1@gmail.com>
* Clean up dangling behaviorSubject
* Handle null in utils
* fix null check
* Await promises, even in async functions
* Add to/fromJSON methods to State and Accounts
This is needed since all storage in manifest v3 is key-value-pair-based
and session storage of most data is actually serialized into an
encrypted string.
* Simplify AccountKeys json parsing
* Fix account key (de)serialization
* Remove unused DecodedToken state
* Correct filename typo
* Simplify keys `toJSON` tests
* Explain AccountKeys `toJSON` return type
* Remove unnecessary `any`s
* Remove unique ArrayBuffer serialization
* Initialize items in MemoryStorageService
* Revert "Fix account key (de)serialization"
This reverts commit b1dffb5c2c, which was breaking serializations
* Move fromJSON to owning object
* Add DeepJsonify type
* Use Records for storage
* Add new Account Settings to serialized data
* Fix failing serialization tests
* Extract complex type conversion to helper methods
* Remove unnecessary decorator
* Return null from json deserializers
* Remove unnecessary decorators
* Remove obsolete test
* Use type-fest `Jsonify` formatting rules for external library
* Update jsonify comment
Co-authored-by: @eliykat
* Remove erroneous comment
* Fix unintended deep-jsonify changes
* Fix prettierignore
* Fix formatting of deep-jsonify.ts
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* Add structure to display server version on browser
* Add getConfig to State Service interface
* Clean up settings component code
* Switch to ServerConfig, use Observables in the ConfigService, and more
* Fix runtime error
* Sm 90 addison (#3275)
* Use await instead of then
* Rename stateServerConfig -> storedServerConfig
* Move config validation logic to the model
* Use implied check for undefined
* Rename getStateServicerServerConfig -> buildServerConfig
* Rename getApiServiceServerConfig -> pollServerConfig
* Build server config in async
* small fixes and add last seen text
* Move config server to /config folder
* Update with concatMap and other changes
* Config project updates
* Rename fileds to convention and remove unneeded migration
* Update libs/common/src/services/state.service.ts
Update based on Oscar's recommendation
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* Update options for Oscar's rec
* Rename abstractions to abstracitons
* Fix null issues and add options
* Combine classes into one file, per Oscar's rec
* Add null checking
* Fix dependency issue
* Add null checks, await, and fix date issue
* Remove unneeded null check
* In progress commit, unsuitable for for more than dev env, just backing up changes made with Oscar
* Fix temp code to force last seen state
* Add localization and escapes in the browser about section
* Call complete on destroy subject rather than unsubscribe
* use mediumDate and formatDate for the last seen date messaging
* Add ThirdPartyServerName in example
* Add deprecated note per Oscar's comment
* [SM-90] Change to using a modal for browser about (#3417)
* Fix inconsistent constructor null checking
* ServerConfig can be null, fixes this
* Switch to call super first, as required
* remove unneeded null checks
* Remove null checks from server-config.data.ts class
* Update via PR comments and add back needed null check in server conf obj
* Remove type annotation from serverConfig$
* Update self-hosted to be <small> per design decision
* Re-fetch config every hour
* Make third party server version <small> and change wording per Oscar's PR comment
* Add expiresSoon function and re-fetch if the serverConfig will expire soon (older than 18 hours)
* Fix misaligned small third party server message text
Co-authored-by: Addison Beck <addisonbeck1@gmail.com>
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* [EC-381] Deleted unused method clearCache from Settings Service
* [EC-381] Marked settings methods as obsolete on State service
* [EC-381] Using observables on settings service
* [EC-381] Added unit tests for Settings service
* [EC-381] Checking userId on clear
* [EC-381] Updated references to StateService activeAccountUnlocked$
* [EC-381] Updated getEquivalentDomains to return observable
* [EC-381] Updated settings service to user concatMap on activeAccountUnlocked$
* [EC-381] Renamed getEquivalentDomains to equivalentDomains
* [EC-381] Completing Behaviors on settings.service tests
* [EC-381] Removed unused settingsPrefix from settings service
* [EC-381] Removed equivalentDomains from settings service and added type AccountSettingsSettings
* [EC-381] Updated settings service settings$ to not be nullable
* [EC-381] Settings default to {}
* Change subscription to rely on observables and not on BehaviourSubject
* Ensure OnDestroy is added to AppComponent
* Fix check for no active accounts to redirect to the login page instead of lock
* Change subscription handling on SearchBarService
* Fix naming convention: Observables should have a $ suffix
* Remove obsolete linter hint
* Fix activeAccountUnlocked getting exposed as Observable but is instantiated as BehaviourSubject
* Removed check for getBiometricLocked
It always returned false even when no biometrics were used.
* Remove the other check for getBiometricsLocked
* Ensure that biometricFingerprintValidation is reset, when biometrics are disabled
* Removed getBiometricsLocked and setBiometricsLocked
With nothing in the codebase reading the state of getBiometricsLocked, I've removed all places where it was set or saved.
* Refactor execution of reload into a separate method
* Conditonally pass the window object to `BrowserApi.reloadExtension`
* Clarify in comment, that the PIN has to be set with ask for Master Password on restart
* Ensure the process reload is executed on logout
* Use accounts instead of lastActive == null to determine a reload on logout
* Moved identical logic from desktop and browser into system.service
* Simplified check for refresh to handle no accounts found, logout, lock with lastActive longer than 5 seconds
* Move resolveLegacyKey to encryptService for utf8 decryption
* Deprecate account.keys.legacyEtmKey
Includes migration to tidy up leftover data
* Use new IEncrypted interface
