If a user is part of an org that has the `RequireSso` policy, when that user successfully logs in we add their email to a local `ssoRequiredCache` on their device. The next time this user goes to the `/login` screen on this device, we will use that cache to determine that for this email we should only show the "Use single sign-on" button and disable the alternate login buttons.
These changes are behind the flag: `PM22110_DisableAlternateLoginMethods`
* added master password unlock and decryption option fields into identity token connect response
* incorrect master password unlock response parsing
* use sdk
* use sdk
* better type checking on response parsing
* not using sdk
* revert of bad merge conflicts
* revert of bad merge conflicts
* master password unlock setter in state
* unit test coverage for responses processing
* master password unlock in identity user decryption options
* unit test coverage
* unit test coverage
* unit test coverage
* unit test coverage
* lint error
* set master password unlock data in state on identity response and sync response
* revert change in auth's user decryption options
* remove unnecessary cast
* better docs
* change to relative imports
* MasterPasswordUnlockData serialization issue
* explicit undefined type for `syncUserDecryption`
* incorrect identity token response tests
* Passed in userId on RemovePasswordComponent.
* Added userId on other references to KeyConnectorService methods
* remove password component refactor, test coverage, enabled strict
* explicit user id provided to key connector service
* redirect to / instead when user not logged in or not managing organization
* key connector service explicit user id
* key connector service no longer requires account service
* key connector service missing null type
* cli convert to key connector unit tests
* remove unnecessary SyncService
* error toast not showing on ErrorResponse
* bad import due to merge conflict
* bad import due to merge conflict
* missing loading in remove password component for browser extension
* error handling in remove password component
* organization observable race condition in key-connector
* usesKeyConnector always returns boolean
* unit test coverage
* key connector reactive
* reactive key connector service
* introducing convertAccountRequired$
* cli build fix
* moving message sending side effect to sync
* key connector service unit tests
* fix unit tests
* move key connector components to KM team ownership
* new unit tests in wrong place
* key connector domain shown in remove password component
* type safety improvements
* convert to key connector command localization
* key connector domain in convert to key connector command
* convert to key connector command unit tests with prompt assert
* organization name placement change in the remove password component
* unit test update
* show key connector domain for new sso users
* confirm key connector domain page does not require auth guard
* confirm key connector domain page showing correctly
* key connector url required to be provided when migrating user
* missing locales
* desktop styling
* have to sync and navigate to vault after key connector keys exchange
* logging verbosity
* splitting the web client
* splitting the browser client
* cleanup
* splitting the desktop client
* cleanup
* cleanup
* not necessary if condition
* key connector domain tests fix for sso componrnt and login strategy
* confirm key connector domain base component unit tests coverage
* confirm key connector domain command for cli
* confirm key connector domain command for cli unit tests
* design adjustments
removed repeated text, vertical buttons on desktop, wrong paddings on browser extension
* key connector service unit test coverage
* new linting rules fixes
* accept invitation to organization called twice results in error.
Web vault remembers it's original route destination, which we do not want in case of accepting invitation and Key Connector, since provisioning new user through SSO and Key Connector, the user is already accepted.
* moved required key connector domain confirmation into state
* revert redirect from auth guard
* cleanup
* sso-login.strategy unit test failing
* two-factor-auth.component unit test failing
* two-factor-auth.component unit test coverage
* cli unit test failing
* removal of redundant logs
* removal of un-necessary new lines
* consolidated component
* consolidated component css cleanup
* use KdfConfig type
* consolidate KDF into KdfConfig type in identity token response
* moving KC requiresDomainConfirmation lower in order, after successful auth
* simplification of trySetUserKeyWithMasterKey
* redirect to confirm key connector route when locked but can't unlock yet
---------
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
* feat(notification-processing): [PM-19877] System Notification Implementation - Minor changes to popup logic and removed content in login component.
* docs(notification-processing): [PM-19877] System Notification Implementation - Added more docs.
* docs(notification-processing): [PM-19877] System Notification Implementation - Added markdown document.
* fix(notification-processing): [PM-19877] System Notification Implementation - Updated condition for if notification is supported.
* fix(notification-processing): [PM-19877] System Notification Implementation - Updated services module with correct platform utils service.
- Renames the `LoginApprovalComponent` to `LoginApprovalDialogComponent`
- Renames the property `notificationId` to `authRequestId` for clarity
- Updates text content on the component
* Move pin service to km ownership
* Run format
* Eslint
* Fix tsconfig
* Fix imports and test
* Clean up imports
* Remove unused dependency on PinService
* Fix comments
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* fix:
- add auth request api call to desktop component v2
- move logic to auth request service
* test: added tests for new auth request service method
* feat(change-password-component): Change Password Update [18720] - Very close to complete.
* fix(policy-enforcement): [PM-21085] Fix Bug with Policy Enforcement - Removed temp code to force the state I need to verify correctness.
* fix(policy-enforcement): [PM-21085] Fix Bug with Policy Enforcement - Recover account working with change password component.
* fix(policy-enforcement): [PM-21085] Fix Bug with Policy Enforcement - Made code more dry.
* fix(change-password-component): Change Password Update [18720] - Updates to routing and the extension. Extension is still a wip.
* fix(change-password-component): Change Password Update [18720] - Extension routing changes.
* feat(change-password-component): Change Password Update [18720] - More extension work
* feat(change-password-component): Change Password Update [18720] - Pausing work for now while we wait for product to hear back.
* feat(change-password-component): Change Password Update [18720] - Removed duplicated anon layouts.
* feat(change-password-component): Change Password Update [18720] - Tidied up code.
* feat(change-password-component): Change Password Update [18720] - Small fixes to the styling
* feat(change-password-component): Change Password Update [18720] - Adding more content for the routing.
* feat(change-password-component): Change Password Update [18720] - Removed circular loop for now.
* feat(change-password-component): Change Password Update [18720] - Made comments regarding the change password routing complexities with change-password and auth guard.
* feat(change-password-component): Change Password Update [18720] - Undid some changes because they will be conflicts later on.
* feat(change-password-component): Change Password Update [18720] - Small directive change.
* feat(change-password-component): Change Password Update [18720] - Small changes and added some clarification on where I'm blocked
* feat(change-password-component): Change Password Update [18720] - Org invite is seemingly working, found one bug to iron out.
* refactor(change-password-component): Change Password Update [18720] - Fixed up policy service to be made more clear.
* docs(change-password-component): Change Password Update [18720] - Updated documentation.
* refactor(change-password-component): Change Password Update [18720] - Routing changes and policy service changes.
* fix(change-password-component): Change Password Update [18720] - Wrapping up changes.
* feat(change-password-component): Change Password Update [18720] - Should be working fully
* feat(change-password-component): Change Password Update [18720] - Found a bug, working on password policy being present on login.
* feat(change-password-component): Change Password Update [18720] - Turned on auth guard on other clients for change-password route.
* feat(change-password-component): Change Password Update [18720] - Committing intermediate changes.
* feat(change-password-component): Change Password Update [18720] - The master password policy endpoint has been added! Should be working. Testing now.
* feat(change-password-component): Change Password Update [18720] - Minor fixes.
* feat(change-password-component): Change Password Update [18720] - Undid naming change.
* feat(change-password-component): Change Password Update [18720] - Removed comment.
* feat(change-password-component): Change Password Update [18720] - Removed unneeded code.
* fix(change-password-component): Change Password Update [18720] - Took org invite state out of service and made it accessible.
* fix(change-password-component): Change Password Update [18720] - Small changes.
* fix(change-password-component): Change Password Update [18720] - Split up org invite service into client specific implementations and have them injected into clients properly
* feat(change-password-component): Change Password Update [18720] - Stopping work and going to switch to a new branch to pare down some of the solutions that were made to get this over the finish line
* feat(change-password-component): Change Password Update [18720] - Started to remove functionality in the login.component and the password login strategy.
* feat(change-password-component): Change Password Update [18720] - Removed more unneded changes.
* feat(change-password-component): Change Password Update [18720] - Change password clearing state working properly.
* fix(change-password-component): Change Password Update [18720] - Added docs and moved web implementation.
* comments(change-password-component): Change Password Update [18720] - Added more notes.
* test(change-password-component): Change Password Update [18720] - Added in tests for policy service.
* comment(change-password-component): Change Password Update [18720] - Updated doc with correct ticket number.
* comment(change-password-component): Change Password Update [18720] - Fixed doc.
* test(change-password-component): Change Password Update [18720] - Fixed tests.
* test(change-password-component): Change Password Update [18720] - Fixed linting errors. Have more tests to fix.
* test(change-password-component): Change Password Update [18720] - Added back in ignore for typesafety.
* fix(change-password-component): Change Password Update [18720] - Fixed other type issues.
* test(change-password-component): Change Password Update [18720] - Fixed tests.
* test(change-password-component): Change Password Update [18720] - Fixed more tests.
* test(change-password-component): Change Password Update [18720] - Fixed tiny duplicate code.
* fix(change-password-component): Change Password Update [18720] - Fixed desktop component.
* fix(change-password-component): Change Password Update [18720] - Removed unused code
* fix(change-password-component): Change Password Update [18720] - Fixed locales.
* fix(change-password-component): Change Password Update [18720] - Removed tracing.
* fix(change-password-component): Change Password Update [18720] - Removed duplicative services module entry.
* fix(change-password-component): Change Password Update [18720] - Added comment.
* fix(change-password-component): Change Password Update [18720] - Fixed unneeded call in two factor to get user id.
* fix(change-password-component): Change Password Update [18720] - Fixed a couple of tiny things.
* fix(change-password-component): Change Password Update [18720] - Added comment for later fix.
* fix(change-password-component): Change Password Update [18720] - Fixed linting error.
* PM-18720 - AuthGuard - move call to get isChangePasswordFlagOn down after other conditions for efficiency.
* PM-18720 - PasswordLoginStrategy tests - test new feature flagged combine org invite policies logic for weak password evaluation.
* PM-18720 - CLI - fix dep issue
* PM-18720 - ChangePasswordComp - extract change password warning up out of input password component
* PM-18720 - InputPassword - remove unused dependency.
* PM-18720 - ChangePasswordComp - add callout dep
* PM-18720 - Revert all anon-layout changes
* PM-18720 - Anon Layout - finish reverting changes.
* PM-18720 - WIP move of change password out of libs/auth
* PM-18720 - Clean up remaining imports from moving change password out of libs/auth
* PM-18720 - Add change-password barrel file for better import grouping
* PM-18720 - Change Password comp - restore maxWidth
* PM-18720 - After merge, fix errors
* PM-18720 - Desktop - fix api service import
* PM-18720 - NDV - fix routing.
* PM-18720 - Change Password Comp - add logout service todo
* PM-18720 - PasswordSettings - per feedback, component is already feature flagged behind PM16117_ChangeExistingPasswordRefactor so we can just delete the replaced callout (new text is in change-password comp)
* PM-18720 - Routing Modules - properly flag new component behind feature flag.
* PM-18720 - SSO Login Strategy - fix config service import since it is now in shared deps from main merge.
* PM-18720 - Fix SSO login strategy tests
* PM-18720 - Default Policy Service - address AC PR feedback
---------
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
When a user logs in via SSO after their org has offboarded from TDE, we now show them a helpful error message stating that they must either login on a Trusted device, or ask their admin to assign them a password.
Feature flag: `PM16117_SetInitialPasswordRefactor`
* feat: Create methods for calling GET auth-request/pending endpoint.
* feat: update banner service on web, and desktop vault
* test: updated banner test to use auth request services
* fix: DI fixes
* feat: add RequestDeviceId to AuthRequestResponse
* fix: add Browser Approvals feature flags to desktop vault and web vault banner service
* test: fix tests for feature flag
* PM-19555 - LogoutService - build abstraction, default, and extension service and register with service modules
* PM-19555 - Lock Comp - use logoutService
* PM-19555 - LoginDecryptionOptions - Use logout service which removed need for extension-login-decryption-options.service
* PM-19555 - AccountSwitcher logic update - (1) Use logout service + redirect guard routing (2) Remove logout method from account switcher service (3) use new NewActiveUser type
* PM-19555 - Extension - Acct Switcher comp - clean up TODOs
* PM-19555 - Add TODOs for remaining tech debt
* PM-19555 - Add tests for new logout services.
* PM-19555 - Extension - LoginInitiated - show acct switcher b/c user is AuthN
* PM-19555 - Add TODO to replace LogoutCallback with LogoutService
* PM-19555 WIP
* PM-19555 - Extension App Comp - account switching to account in TDE locked state works now.
* PM-19555 - Extension App Comp - add docs
* PM-19555 - Extension App Comp - add early return
* PM-19555 - Desktop App Comp - add handling for TDE lock case to switch account logic.
* PM-19555 - Extension - Account Component - if account unlocked go to vault
* PM-19555 - Per PR feedback, clean up unnecessary nullish coalescing operator.
* PM-19555 - Extension - AppComponent - fix everHadUserKey merge issue
* PM-19555 - PR feedback - refactor switchAccount and locked message handling on browser & desktop to require user id. I audited all callsites for both to ensure this *shouldn't* error.
* Add --identifier option for SSO on CLI
* Add option for identifier
* Moved auto-submit after the setting of client arguments
* Adjusted comment
* Changed to pass in as SSO option
* Renamed to orgSsoIdentifier for clarity
* Added more changes to orgSsoIdentifier.
* Consolidates component routing, removing routing to update-temp-password from components. All routing to update-temp-password should happen in the AuthGuard now.
---------
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
* Moved saving of SSO email outside of browser/desktop code
* Clarified comments.
* Tests
* Refactored login component services to manage state
* Fixed input on login component
* Fixed tests
* Linting
* Moved web setting in state into web override
* updated tests
* Fixed typing.
* Fixed type safety issues.
* Added comments and renamed for clarity.
* Removed method parameters that weren't used
* Added clarifying comments
* Added more comments.
* Removed test that is not necessary on base
* Test cleanup
* More comments.
* Linting
* Fixed test.
* Fixed base URL
* Fixed typechecking.
* Type checking
* Moved setting of email state to default service
* Added comments.
* Consolidated SSO URL formatting
* Updated comment
* Fixed reference.
* Fixed missing parameter.
* Initialized service.
* Added comments
* Added initialization of new service
* Made email optional due to CLI.
* Fixed comment on handleSsoClick.
* Added SSO email persistence to v1 component.
* Updated login email service.
* Updated setting of remember me
* Removed unnecessary input checking and rearranged functions
* Fixed name
* Added handling of Remember Email to old component for passkey click
* Updated v1 component to persist the email on Continue click
* Fix merge conflicts.
* Merge conflicts in login component.
* Persisted login email on v1 browser component.
* Merge conflicts
* fix(snap) [PM-17464][PM-17463][PM-15587] Allow Snap to use custom callback protocol
* Removed Snap from custom protocol workaround
* Fixed tests.
* Updated case numbers on test
* Resolved PR feedback.
* PM-11502 - LoginEmailSvcAbstraction - mark methods as abstract to satisfy strict ts.
* Removed test
* Changed to persist on leaving fields instead of button click.
* Fixed type checking.
---------
Co-authored-by: Bernd Schoolmann <mail@quexten.com>
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
* feat(device-approval-persistence): [PM-19380] Device Approval Persistence - Added lookup on standard auth requests.
* fix(device-approval-persistence): [PM-19380] Device Approval Persistence - Fixed issue with null value trying to be parsed from the fromJSON function.
---------
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
* feat(device-approval-persistence): [PM-9112] Device Approval Persistence - Added in view cache data needed to persist the approval process. Clears after 2 minutes.
Refactor toast calls out of auth services. Toasts are now triggered by an observable emission that gets picked up by an observable pipeline in a new `DeviceTrustToastService` (libs/angular). That observable pipeline is then subscribed by by consuming the `AppComponent` for each client.
* PM-18654 - State Service & Login Strategy Refactor - move env seeding into login strategy so that new accounts always load w/ the correct environment
* PM-18654 - SSO Comp - just use user id from auth result
* PM-18654 - Config Service - (1) don't allow cascading calls to the renewConfig by using a private promise (2) Replace shareReplay with share configured with manual timer
* PM-18654 - LoginComponents - detail issue and possible fix
* PM-18654 - DesktopLoginV1Comp - use correct destroy hook
* PM-18654 - LoginComp - clean up no longer correct comment
* PM-18654 - New Device Verification Component - Remove unused PasswordLoginStrategy dependency
* PM-18654 - Browser Home Component - fix qParam logic
* PM-18654 - DefaultConfigService - revert changes as they aren't necessary to fix the bug.
* PM-18654 - DefaultConfigService - remove commented code
* PM-18654 - LoginStrategy - add comment
* PM-18654 - Fix login strat tests
* move vault timeout and vault timeout settings to km
* move browser vault timeout service to km
* fix cli import
* fix imports
* fix some relative imports
* use relative imports within common
* fix imports
* fix new imports
* Fix new imports
* fix spec imports
