* add feature flag
* temp
* add ping animation with filled info icon
* add ping animation to stop after 4 goes around
* add local state for autofill-icon
* add logic to avoid new accounts
* fix closing of popover
* fix strict typings
* remove `creationDate` logic from being considered for autofill notification
* remove "now," from the autofill description
* remove height and width in the svg
* Move clearCache calls before SDK calls, to prevent race conditions from firing.
* Swap calls to clearCache and restoreWithServer/restoreManyWithServer to fix race condition
* update responsive behavior of three panel layout; give sidenav extra top padding on electron; add stories that show mix of drawer and sidenav states
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* PM-31804 - WIP
* PM-31804 - Profile Component - fix missing translation
* PM-31804 - Web - Emergency Access Takeover Dialog Comp - remove screen reader only span as arialabel on spinner should be sufficient
* PM-31804 - Web - EmergencyAccessViewComp - remove redundant span as aria label handles accessibility.
* PM-31804 - Web - EmergencyAccessViewComp - Remove redundant sr only span - replaced w/ aria label
* PM-31804 - Web - EmergencyAccessViewComp - Remove redundant sr only span - replaced w/ aria label
* PM-31804 - EmergencyAccessComp - Replace redundant sr only span with aria label
* PM-31804 - two-factor-setup.component.html - Replace redundant sr only spans with aria labels
* PM-31804 - WebauthnLoginSettingsModule - remove unnecessary IconModule - it's imported via SharedModule
* PM-31804 - web - emergency-access.component.html - Replace redundant sr only span with aria label
* PM-31804 - LoginDecryptionOptionsComponent - Replace redundant sr only span with aria label
* PM-31804 - ChangePasswordComp - Replace redundant sr only span with aria label
* PM-31804 - AccountComponent - add BitwardenIcon type to satisfy template type requirements for name property.
* PM-31804 - Browser Account Security Component - replace nonexistent chevron icon with existing angle right icon.
* PM-31804 - Fix A11y issues with missing aria labels
* PM-31804 - Remove remaining redundant sr only spans since we now have aria labels
* adds autofill button for cipher view
* adds tests
* changes autofill function for non login types
* adds top margin to autofill button
* adds more top margin to autofill button
* only shows autofill button when autofill is allowed (not in a popout)
* add button type
* updates _domainMatched to take a tab param, updates how the component is passed through to slot
* fixes tests from rename
* adds comment about autofill tab checking behavior
* removes diff markers
* add welcome prompt when extension is not installed
* add feature flag
* move prompt logic to internal service and add day prompt
* rename dialog component
* remove feature flag hardcode and add documentation
* use i18n for image alt
* move state into service
* be more explicit when the account or creation date is not available
* remove spaces
* fix types caused by introducing a numeric feature flag type
* add `typeof` for feature flag typing
* refactor(billing): remove PM-26793 feature flag from subscription pricing service
* test(billing): update subscription pricing tests for PM-26793 feature flag removal
* chore: remove PM-26793 feature flag from keys
* add notification handler for auto confirm
* add missing state check
* fix test
* isolate angular specific code from shared lib code
* clean up
* use autoconfirm method
* add event logging for auto confirm
* update copy
Adds urlOriginsMatch to @bitwarden/platform, which compares two URLs by
scheme, host, and port. Uses `protocol + "//" + host` rather than
`URL.origin` because non-special schemes (e.g. chrome-extension://)
return the opaque string "null" from .origin, making equality comparison
unreliable. URLs without a host (file:, data:) are explicitly rejected
to prevent hostless schemes from comparing equal.
Refactors senderIsInternal to delegate to urlOriginsMatch and to derive
the extension URL via BrowserApi.getRuntimeURL("") rather than inline
chrome/browser API detection. Adds full test coverage for
senderIsInternal.
The previous string-based comparison used startsWith after stripping
trailing slashes, which was safe in senderIsInternal where inputs are
tightly constrained. As a general utility accepting arbitrary URLs,
startsWith can produce false positives (e.g. "https://example.com"
matching "https://example.com.evil.com"). Structural host comparison
is the correct contract for unrestricted input.
Remove the fully-enabled feature flag and simplify the billing metadata
API to always use the vNext endpoints. The legacy API path is removed
since the server will no longer serve it.
- Remove FeatureFlag.PM25379_UseNewOrganizationMetadataStructure enum and default
- Delete legacy getOrganizationBillingMetadata() API method (old /billing/metadata path)
- Rename vNext methods to remove VNext suffix
- Simplify OrganizationMetadataService to always use cached vNext path
- Remove ConfigService dependency from OrganizationMetadataService
- Update tests to remove feature flag branching
* feat(salt-for-user) [PM-31088]: Add feature flag for saltForUser.
* feat(salt-for-user) [PM-31088]: Flag saltForUser logic to return unlockdata.salt or emailToSalt.
* test(salt-for-user) [PM-31088]: Update tests to include coverage for new behavior.
Updates the SetInitialPasswordService TDE + Permission user flow to use the new KM data types:
- `MasterPasswordAuthenticationData`
- `MasterPasswordUnlockData`
This allows us to move away from the deprecated `makeMasterKey()` method (which takes email as salt) as we seek to eventually separate the email from the salt.
The new `setInitialPasswordTdeUserWithPermission()` method essentially takes the existing deprecated `setInitialPassword()` method and:
- Removes logic that is specific to a `JIT_PROVISIONED_MP_ORG_USER` case. This way the method only handles `TDE_ORG_USER_RESET_PASSWORD_PERMISSION_REQUIRES_MP` cases.
- Updates the logic to use `MasterPasswordAuthenticationData` and `MasterPasswordUnlockData`
Behind feature flag: `pm-27086-update-authentication-apis-for-input-password`
* PM-18607 reimplemented errorOnUnknownProperties
* claude review
* claude review
---------
Co-authored-by: John Harrington <84741727+harr1424@users.noreply.github.com>
