* feat(two-factor-api-service) [PM-26465]: Add TwoFactorApiServiceAbstraction.
* feat(two-factor-api-service) [PM-26465]: Add TwoFactorApiService implementation.
* feat(two-factor-api-service) [PM-26465]: Add test suite for TwoFactorApiService.
* feat(two-factor-api-service) [PM-26465]: Replace ApiService dependencies with TwoFactorApiService for all refactored methods.
* feat(two-factor-api-service) [PM-26465]: Finish removal of Two-Factor API methods from ApiService.
* fix(two-factor-api-service) [PM-26465]: Correct endpoint spelling.
* feat(two-factor-api-service) [PM-26465]: Update dependency support for CLI.
* fix(two-factor-api-service) [PM-26465]: Update tests/deps for corrected spelling.
* feat(two-factor-api-service) [PM-26465]: Add TwoFactorApiService to Browser services module.
* fix(two-factor-api-service) [PM-26465]: Re-spell dependencies to take *Abstraction throughout, move to JslibServices module for cleaner importing across clients.
* feat(two-factor-api-service) [PM-26465]: Move new services to a feature area, rename abstract and concrete/default.
* feat(two-factor-api-service) [PM-26465]: Move the feature area to common/auth, not auth/common.
* feat(two-factor-api-service) [PM-26465]: Remove now-unneeded include from auth/tsconfig.
* Adding enums for additional event logs for secrets
* updating messages
* Updating messages to be consistent for logs
* Displaying project logs, and fixing search query param searching in projects list, having deleted log for secrets and projects not show as a link
* Viewing secret and project event logs in event modal, adding to the context menu for secrets and projects the ability to view the logs if user has permission. Restricting logs to SM projs and Secs if the logged in user has event log access but not SM access.
* lint
* Lint Fixes
* fix to messages file
* fixing lint
* Adding machine account event logs
* lint fix
* Update event.service.ts
* removing duplicate function issue from merge
* Update service-accounts-list.component.ts
* fixing message
* Fixes to QA bugs
* lint fix
* linter for messages is annoying
* lint
* Use payment domain
* Fixing lint and test issue
* Fix organization plans tax issue
* PM-26297: Use existing billing address for tax calculation if it exists
* PM-26344: Check existing payment method on submit
* encode username for uri and add spec
* verify response from getHibpBreach method
* test/validate for BreachAccountResponse type and length instead of mock response
* - extract dirt api method out of global api service
- create new directory structure
- change imports accordingly
- extract breach account response
- put extracted code into new dirt dir
* codeowners and dep injection for new hibp service
* Introduce a new vault-export-api.service to replace the existing getOrganizationExport method in apiService
* Use new vault-export-api.service instead of the ApiService to retrieve organizational export data
* Remove unused method from apiService
* Register VaultExportApiService on browser
* Fxi linting issue by executing `npm run prettier`
* Rename abstraction and implementation of VaultExportApiService
* Use undefined instead of null
* Rename file of default impl of vault-export-api-service
* Fix test broken with 1bcdd80eea
* Define type for exportPromises
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* enforce restrictions based on collection type, set default collection type
* fix ts strict errors
* fix default collection enforcement in vault header
* enforce default collection restrictions in vault collection row
* enforce default collection restrictions in AC vault header
* enforce default collection restriction for select all
* fix ts strict error
* switch to signal, fix feature flag
* fix story
* clean up
* remove feature flag, move check for defaultCollecion to CollecitonView
* fix test
* remove unused configService
* fix test: coerce null to undefined for collection Id
* clean up leaky abstraction for default collection
* fix ts-strict error
* fix parens
* add new property to models, update logic, refactor for ts-strict
* fix type
* rename defaultCollection getter
* clean up
* clean up
* clean up, add comment, fix submit
* add comment
* add feature flag
* check model for name
* cleanup readonly logic, remove featureflag logic
* wip
* refactor CollectionRequest into Create and Update models
* fix readonly logic
* cleanup
* set defaultUserCollectionEmail in decryption from Collection
* split save into update/create methods
* fix readonly logic
* fix collections post and put requests
* add defaultUserCollection email to model when submitting collection dialog
* Adding enums for additional event logs for secrets
* updating messages
* Updating messages to be consistent for logs
* Displaying project logs, and fixing search query param searching in projects list, having deleted log for secrets and projects not show as a link
* Viewing secret and project event logs in event modal, adding to the context menu for secrets and projects the ability to view the logs if user has permission. Restricting logs to SM projs and Secs if the logged in user has event log access but not SM access.
* lint
* Lint Fixes
* fix to messages file
* fixing lint
* Bug fix, make sure event logs related to service accounts are still links that take you to the object
* removing unused import
Migrates the abstract classes in libs/common to be strict ts compatible. Primarily by adding abstract to every field and converting it to a function syntax instead of lambda.
* first draft at an idea dependency graph
* ignore existing errors
* remove conflicting rule regarding internal platform logic in libs
* review: allow components to import from platform
Add device verification flow that requires users to enter an OTP when logging in from an unrecognized device. This includes:
- New device verification route and guard
- Email OTP verification component
- Authentication timeout handling
PM-8221
* Use typescript-strict-plugin to iteratively turn on strict
* Add strict testing to pipeline
Can be executed locally through either `npm run test:types` for full type checking including spec files, or `npx tsc-strict` for only tsconfig.json included files.
* turn on strict for scripts directory
* Use plugin for all tsconfigs in monorepo
vscode is capable of executing tsc with plugins, but uses the most relevant tsconfig to do so. If the plugin is not a part of that config, it is skipped and developers get no feedback of strict compile time issues. These updates remedy that at the cost of slightly more complex removal of the plugin when the time comes.
* remove plugin from configs that extend one that already has it
* Update workspace settings to honor strict plugin
* Apply strict-plugin to native message test runner
* Update vscode workspace to use root tsc version
* `./node_modules/.bin/update-strict-comments` 🤖
This is a one-time operation. All future files should adhere to strict type checking.
* Add fixme to `ts-strict-ignore` comments
* `update-strict-comments` 🤖
repeated for new merge files
Creates a refreshed and consolidated LoginViaAuthRequestComponent for use on all visual clients, which will be used when the UnauthenticatedExtensionUIRefresh feature flag is on.
* Add the new policy
* Add the free family policy behind flag
* Patch build process
* Revert "Patch build process"
This reverts commit 4024e974b1.
* [PM-13346] Email notification impacts (#11967)
* Changes error notification for disabled offer
* Add the feature to the change
* Add the missing dot
* Remove the authenicated endpoint
* Add the changes for error toast
* Resolve the lint issue
* rename file a correctly
* Remove the floating promise comments
* Delete unwanted comments
---------
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
* PM-2060 Update Two Factor Yubikey Dialog
* PM-2060 Removed old code
* PM-2060 Added event emitter to capture enabled status
* PM-2060 Addressed review comments
* PM-2060 Change in html file for existing key options
* PM-2060 Addressed the latest comments
* PM-2060 Updated remove method as per comments
* PM-2060 Added throw error to enable and disbale in base component
* tailwind updates to yubikey two factor settings
* fixing imports
* remove disable dialog when keys are null to use the error toast
* PM-2060 Addressed the review comments and fixed conflicts
* Removed super.enable removed extra emitter from component class.
* fixing adding multiple keys in one session of a dialog.
* removed thrown error
---------
Co-authored-by: Ike Kottlowski <ikottlowski@bitwarden.com>
Co-authored-by: Ike <137194738+ike-kottlowski@users.noreply.github.com>
* initial commit
* add changes from running prettier
* resolve the linx issue
* resolve the lint issue
* resolving lint error
* correct the redirect issue
* resolve pr commit
* Add a feature flag
* move the new component to adminconsole
* resolve some pr comments
* move the endpoint from ApiService to providerApiService
* move provider endpoints to the provider-api class
* change the header
* resolve some pr comments
* Boostrap basic banner, show for all admins
* Remove UI banner, fix method calls
* Invert showBanner -> hideBanner
* Add api call
* Minor tweaks and wording
* Change to active user state
* Add tests
* Fix mixed up names
* Simplify logic
* Add feature flag
* Do not clear on logout
* Update apps/web/src/locales/en/messages.json
---------
Co-authored-by: Addison Beck <github@addisonbeck.com>
## Type of change
<!-- (mark with an `X`) -->
```
- [ ] Bug fix
- [ ] New feature development
- [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other
```
## Objective
<!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding-->
Final Client changes for Key Rotation Improvements.
- Introduces a new `KeyRotationService` that is responsible for owning rotation process.
- Moves `Send` re-encryption to the `SendService` (`KeyRotationService` shouldn't have knowledge about how domains are encrypted).
- Moves `EmergencyAccess` re-encryption to the `EmergencyAccessService`.
- Renames `AccountRecoveryService` to `OrganizationUserResetPasswordService` after feedback from Admin Console
## Code changes
<!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes-->
<!--Also refer to any related changes or PRs in other repositories-->
Auth
- **emergency-access-update.request.ts:** New request model for domain updates that includes Id
- **emergency-access.service.ts:** Moved `EmergencyAccess` re-encryption to the `EmergencyAccessService`. Add deprecated method for legacy key rotations if feature flag is off
- **key-rotation.service/api/spec/module:** New key rotation service for owning the rotation process. Added api service, module, and spec file.
- **update-key.request.ts:** Moved to Auth ownership. Also added new properties for including other domains.
- **migrate-legacy-encryption.component.ts:** Use new key rotation service instead of old component specific service. Delete old service.
- **change-password.component.ts:** Use new key rotation service.
- **settings.module.ts:** Import key rotation module.
Admin Console
- **organization-user-reset-password.service.ts/spec:** Responsible for re-encryption of reset password keys during key rotation. Added tests.
- **organization-user-reset-password-enrollment.request.ts:** New request model for key rotations
- **reset-password.component.ts:** Update `AccountRecoveryService` to `OrganizationUserResetPasswordService`
- **enroll-master-password-reset.component.ts:** Update `AccountRecoveryService` to `OrganizationUserResetPasswordService`
Tools
- **send.service/spec.ts:** Responsible only for re-encryption of sends during key rotation. Added tests.
Other
- **api.service.ts:** Move `postAccountKey` to `KeyRotationApiService`
- **feature-flag.enum.ts:** add new feature flag
## Screenshots
<!--Required for any UI changes. Delete if not applicable-->
## Before you submit
- Please add **unit tests** where it makes sense to do so (encouraged but not required)
- If this change requires a **documentation update** - notify the documentation team
- If this change has particular **deployment requirements** - notify the DevOps team
- Ensure that all UI additions follow [WCAG AA requirements](https://contributing.bitwarden.com/contributing/accessibility/)
* PM-2041 - (1) Bring over WebauthnApiService + required models from existing #5493 PR (2) Per discussion with Andreas, remove unnecessary methods from WebauthnApiService
* PM-2041 - Rename responses folder to response to match rest of codebase
* PM-2041 - Recreate BaseLoginViaWebAuthnComponent and then web implementation of it.
* PM-2041 - Web routing module - add LoginViaWebAuthnComponent and associated route "login-with-passkey"
* PM-2041 - InjectionTokens - add new navigator credentials injection token which provides the CredentialsContainer interface of the Credential Management API and exposes methods to request credentials and notify the user agent when events such as successful sign in or sign out happen
* PM-2041 - Rename WebauthnApiService & abstraction to WebAuthnLoginApiService
* PM-2041 - Rename WebauthnLoginApiService to WebAuthnAdminApiService
* PM-2041 - Bring over first draft of webauthn-login.service + abstraction; register on jslib-services.module.
* PM-2041 - Bring over web & base login component changes to add login with passkey button if feature flag enabled.
* PM-2041 - WebAuthnAdminApi - update list of TODOs based on conversation with Andreas
* PM-2041 - Login.module - cleanup todo after conversation w/ Andreas
* PM-2041 - Move utils out of web and into common auth/utils and renamed to webauthn-utils
* PM-2041 - Update userDecryptionOptions to support new webauthn prf decryption option
* PM-2041 - (1) Recreate webauthn-login service with updated logic (2) Move files from webauthn to webauthn-login (3) Recreate webauthn-login.strategy with updated logic
* PM-2041 - Remove completed TODO
* PM-2041 - Fix login-via-webauthn component imports + fix name (missing n)
* PM-2041 - Missed this change when renaming LoginViaWebAuthComponent to LoginViaWebAuthnComponent
* PM-2041 - Add WebAuthnLoginApiService to jslib-services.module
* PM-2041 - Remove unused param from WebAuthnLoginApiServiceAbstraction as we aren't supporting non-discoverable passkeys for MVP
* PM-2041 - WebAuthnLoginApiService - remove email and target correct endpoint for getCredentialAssertionOptions(...) call
* PM-2041 - WebAuthnLoginStrategy - (1) Remove unused dep (2) Add safeguard checks to setUserKey(...) logic similar to SSO login strategy
* PM-2041 - BaseLoginViaWebAuthnComponent - Rewrite authenticate logic to use new methods on webAuthnLoginService
* PM-2041 - UserDecryptionOptionsResponse - update naming of webAuthn options object to match server response
* PM-2041 - WebAuthnLoginAssertionResponseRequest - (1) clean up TODO (2) Fix response property name to match server
* PM-2041 - WebAuthnTokenRequest - must stringify device response b/c sending as form data
* PM-2041 - AuthService - Add WebAuthnLoginCredentials and WebAuthnLoginStrategy support to auth service
* PM-2041 - WIP tests for WebAuthnLoginService
* PM-2041 - UserDecryptionOptions - Rename WebAuthnPrfOptions to singular WebAuthnPrfOption to match server
* PM-2041 - Add TODO in login comp
* PM-2041 - (1) Update WebAuthnLoginService.assertCredential(...) to add a check to ensure we cannot leak PRF credentials to the BW server by mistake (2) Add credential to view names for clarity (3) Add JS doc style comments to WebAuthnLoginServiceAbstraction
* PM-2041 - Login.component.html - (1) Center passkey login button (2) Use correct user passkey icon
* PM-2041 - Utils + tests - (1) Add new hexStringToArrayBuffer(...) method (2) Add tests for existing fromBufferToHex(...) (3) Add tests for new hexStringToArrayBuffer(...) method
* PM-2041 - Fix broken import
* PM-2041 - WebAuthnLoginResponseRequest - Adjust warning to be correct
* PM-2041 - Webauthn-utils - createSymmetricKeyFromPrf(...) - add return type
* PM-2041 - WebAuthnLoginService spec file - good progress on figuring out how to test passkey assertion process. Tests are passing, but need to add more setup logic around the MockAuthenticatorAssertionResponse in order to be able to confirm the output is correct.
* PM-2041 - Utils + Utils Spec file changes - (1) Add new fromB64ToArrayBuffer(...) method (2) Add tests for existing fromBufferToB64(...) (3) Add tests for new fromB64ToArrayBuffer(...) method (4) Add round trip conversion tests in both directions
* PM-2041 - Utils.spec - update round trip conversion tests between hex string and array buffer.
* PM-2041 - WebAuthnLoginService.spec - assertCredential(...) happy path test passing
* PM-2041 - WebAuthnLoginAssertionResponseRequest - Add interface
* PM-2041 - WebAuthnLoginAssertionResponseRequest data should be UrlB64 strings per discussion w/ Andreas
* PM-2041 - WebAuthnLoginService Spec file - Per feedback, reverse approaches to generating test data (go from array buffer to b64 strings vs the reverse) to avoid using math.random which can introduce test inconsistency
* PM-2041 - Finish testing assertCredential(...)
* PM-2041 - WebAuthnLoginService tests completed - tested logIn method
* PM-2041 - Login html - add "or" between standard email login and passkey login
* PM-2041 - WebAuthnLoginStrategy test start
* PM-2041 - After rebase - BaseLoginViaWebAuthnComponent - Must rename ForceResetPasswordReason to ForceSetPasswordReason + refactor post login routing logic to match other auth owned flows.
* PM-2401 - Desktop - login comp - fix desktop build
* PM-2041 - Browser - login comp - fix build issue
* PM-2401 - WIP on webauthn-login.strategy testing
* PM-2401 - Finish testing webauthn login strategy
* PM-2041 - WebAuthnAdminApiService renamed to WebAuthnLoginAdminApiService
* PM-2041 - Remove unnecessary comment
* PM-2041 - Per PR feedback, remove noMargin and just add mb-3
* PM-2041 - Per PR feedback, remove unused 2FA and remember email logic (2FA isn't supported right now and we aren't using non-discoverable credentials so we aren't using a user entered email)
* PM-2401 - BaseLoginViaWebAuthnComponent - improve error handling to allow users to retry w/ another passkey
* PM-2401 - Per PR feedback, provide translated message to cover all invalid passkey scenarios.
* PM-2401 - WebAuthnLoginService - per PR feedback, remove unnecessary from
* PM-2041 - WebAuthnLoginCredentialAssertionView - per PR feedback, use actual key type
* PM-2401 - Per PR feedback, remove WebAuthnLoginStrategy constructor as it is identical to its super class constructor
* PM-2041 - WebAuthnLoginService tests - use first value from to improve tests
* PM-2401 - Fix WebAuthnLoginService build issue after changing SymmetricCryptoKey to PrfKey
* PM-2041 - WebAuthnLoginServiceAbstraction remove incorrect undefined from getCredentialAssertionOptions() abstraction
* PM-2041 - Refacor WebAuthn login service tests based on PR feedback
* PM-2041 - Per PR feedback, remove NAVIGATOR_CREDENTIALS injection token and just use WINDOW directly for WebAuthnLoginService
* PM-2041 - WebAuthnLoginServiceAbstraction - per PR feedback, improve assertCredential jsdocs with return info
* PM-2041 - Per PR feedback, update WebAuthnLoginStrategy logInTwoFactor(...) to return an exception if attempted to be called.
* PM-2041 - WebAuthnLoginResponseRequest - per PR feedback, replace fromBufferToB64(...) with fromBufferToUrlB64(...)
* PM-2041 - AssertionOptionsResponse - use doc comment per PR feedback
* PM-2041 - Per PR feedback, adjust location of helpers and mocks in WebAuthnLoginStrategy test file
* PM-2041 - Adjust WebAuthnLoginService tests to take the WebAuthnLoginResponseRequest change to use fromBufferToUrlB64(...) into account to get tests to pass again
* PM-2041 - WebAuthnLoginStrategy - adjust test name to match convention per PR feedback
* PM-2041 - More test tweaks - (1) Rename method (2) Support strict
* PM-2041 - Per PR feedback, AssertionOptionsResponse constructor should null check allowCredentials b/c it is optional
* PM-2041 - Per PR Feedback, remove duplicated fromB64ToArrayBuffer(...) from utils and update tests.
* PM-2041 - Per PR feedback, rename WebAuthnTokenRequest to WebAuthnLoginTokenRequest
* PM-2041 - Per discussion with product and Andreas, add 2FA transition handling just in case we add server support in the future.
* feat: stretch PRF key (#6927)
* feat: stretch PRF key
includes necessary utils -> service refactors
* feat: add tests
* [PM-2041] feat: assertion-options `POST` -> `GET`
* [PM-2041] chore: remove unused properties
* [PM-2041] fix: set private key
* [PM-2041] feat: remove all 2FA related fields
* [PM-2041] chore: clean up 2FA comments
* [PM-2041] chore: document `webauthn-login-prf-crypto.service.abstraction.ts`
* [PM-2041] chore: document webauthn login services
---------
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>
