* feat(notification-processing): [PM-19877] System Notification Implementation - Minor changes to popup logic and removed content in login component.
* docs(notification-processing): [PM-19877] System Notification Implementation - Added more docs.
* docs(notification-processing): [PM-19877] System Notification Implementation - Added markdown document.
* fix(notification-processing): [PM-19877] System Notification Implementation - Updated condition for if notification is supported.
* fix(notification-processing): [PM-19877] System Notification Implementation - Updated services module with correct platform utils service.
* WIP
* switch to signal
* fix ts strict errors
* clean up
* refactor policy list service
* implement vnext component
* refactor to include feature flag check in display()
* CR feedback
* refactor submit to cancel before request is built
* clean up
* Fix typo
---------
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Now that the last usages of ModalService is removed from the web portions we can finally remove jQuery and Popper.js. This PR also removes bootstrap js imports since it would drag in jQuery as a peer dependency.
Note: Both dependencies still exists in the lockfile as they are peer dependencies of boostrap.
Refactor toast calls out of auth services. Toasts are now triggered by an observable emission that gets picked up by an observable pipeline in a new `DeviceTrustToastService` (libs/angular). That observable pipeline is then subscribed by by consuming the `AppComponent` for each client.
* move vault timeout and vault timeout settings to km
* move browser vault timeout service to km
* fix cli import
* fix imports
* fix some relative imports
* use relative imports within common
* fix imports
* fix new imports
* Fix new imports
* fix spec imports
* Remove policy with PIN in Web Vault
* Remove policy with PIN in Browser Extension
* Remove policy with PIN in Desktop
* Remove policy with PIN in Desktop
* unit tests coverage
* unit tests coverage
* unit tests coverage
* private access method error
* private access method error
* private access method error
* PM-18498: Unlock Options Padding Off When PIN Is Removed
* PM-18498: Unlock Options Padding Off When PIN Is Removed
* WIP: PoC with lots of terrible code with web push
* fix service worker building
* Work on WebPush Tailored to Browser
* Clean Up Web And MV2
* Fix Merge Conflicts
* Prettier
* Use Unsupported for MV2
* Add Doc Comments
* Remove Permission Button
* Fix Type Test
* Write Time In More Readable Format
* Add SignalR Logger
* `sheduleReconnect` -> `scheduleReconnect`
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
* Capture Support Context In Connector
* Remove Unneeded CSP Change
* Fix Build
* Simplify `getOrCreateSubscription`
* Add More Docs to Matrix
* Update libs/common/src/platform/notifications/internal/worker-webpush-connection.service.ts
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
* Move API Service Into Notifications Folder
* Allow Connection When Account Is Locked
* Add Comments to NotificationsService
* Only Change Support Status If Public Key Changes
* Move Service Choice Out To Method
* Use Named Constant For Disabled Notification Url
* Add Test & Cleanup
* Flatten
* Move Tests into `beforeEach` & `afterEach`
* Add Tests
* Test `distinctUntilChanged`'s Operators More
* Make Helper And Cleanup Chain
* Add Back Cast
* Add extra safety to incoming config check
* Put data through response object
* Apply TS Strict Rules
* Finish PushTechnology comment
* Use `instanceof` check
* Do Safer Worker Based Registration for MV3
* Remove TODO
* Switch to SignalR on any WebPush Error
* Fix Manifest Permissions
* Add Back `webNavigation`
* Sorry, Remove `webNavigation`
* Fixed merge conflicts.
---------
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
Co-authored-by: Todd Martin <106564991+trmartin4@users.noreply.github.com>
* [PM-15506] Wire up vNextOrganizationService for libs/common and libs/angular (#12683)
* Wire up vNextOrganizationService in PolicyService
* Wire vNextOrganizationService in SyncService
* wire vNextOrganizationService for EventCollectionService
* wire vNextOrganizationService for KeyConnectorService
* wire up vNextOrganizationService for CipherAuthorizationService
* Wire up vNextOrganizationService in PolicyService
* Wire vNextOrganizationService in SyncService
* wire vNextOrganizationService for EventCollectionService
* wire vNextOrganizationService for KeyConnectorService
* wire up vNextOrganizationService for CipherAuthorizationService
* wire vNextOrganizationService for share.component
* wire vNextOrganizationService for collections.component
* wire vNextOrganizationServcie for add-account-credit-dialog
* wire vNextOrganizationService for vault-filter.service
* fix browser errors for vNextOrganizationService implementation in libs
* fix desktop errors for vNextOrganizationService implementation for libs
* fix linter errors
* fix CLI errors on vNextOrganizationServcie implementations for libs
* [PM-15506] Wire up vNextOrganizationService for web client (#12810)
PR to a feature branch, no need to review until this goes to main.
* implement vNextOrganization service for browser client (#12844)
PR to feature branch, no need for review yet.
* wire vNextOrganizationService for licence and some web router guards
* wire vNextOrganizationService in tests
* remove vNext notation for OrganizationService and related
* Merge branch 'main' into ac/pm-15506-vNextOrganizationService
* fix tsstrict error
* fix test, fix ts strict error
* Use typescript-strict-plugin to iteratively turn on strict
* Add strict testing to pipeline
Can be executed locally through either `npm run test:types` for full type checking including spec files, or `npx tsc-strict` for only tsconfig.json included files.
* turn on strict for scripts directory
* Use plugin for all tsconfigs in monorepo
vscode is capable of executing tsc with plugins, but uses the most relevant tsconfig to do so. If the plugin is not a part of that config, it is skipped and developers get no feedback of strict compile time issues. These updates remedy that at the cost of slightly more complex removal of the plugin when the time comes.
* remove plugin from configs that extend one that already has it
* Update workspace settings to honor strict plugin
* Apply strict-plugin to native message test runner
* Update vscode workspace to use root tsc version
* `./node_modules/.bin/update-strict-comments` 🤖
This is a one-time operation. All future files should adhere to strict type checking.
* Add fixme to `ts-strict-ignore` comments
* `update-strict-comments` 🤖
repeated for new merge files
* PM-12077 - Initial work on web process reload - more testing required.
* PM-12077 - Clarify comment
* PM-12077 - Improving UX of logout with process reload.
* PM-12077 - Final tweaks for process reload
* PM-12077 - Remove no longer accurate comment.
* PM-12077 - Per PR feedback, clean up logout reason
---------
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
Follow up PR to #10974, flips the compile time flags to enabled and includes some debug logic to detect if users encounter issues with the WASM bundle in preparation for active consumption of the SDK.
* Move ownership of biometrics to key-management
* Move biometrics ipc ownership to km
* Move further files to km; split off preload / ipc to km
* Fix linting
* Fix linting
* Fix tests
* Fix tests
* Update .github/CODEOWNERS
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Update .github/CODEOWNERS
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Change ownership of native messaging to key-management
* Move biometrics to libs/key-management
* Add README to capital whitelist
* Update package-lock.json
* Move km to key-management
* Move km to key-management
* Fix build for cli
* Import fixes
* Apply prettier fix
* Fix test
* Import fixes
* Import fixes
* Update libs/key-management/README.md
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Update libs/key-management/package.json
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Update lock file
* Change imports to top level km package
---------
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Add MessagingService to LoginCredentialView component.
* Add comments.
* Add WIP PremiumUpgradeService
* Simplify web PremiumUpgradeServices into one service.
* Relocate service files.
* Add browser version of PremiumUpgradePromptService.
* Cleanup debug comments.
* Run prettier.
* rework promptForPremium to take organization id and add test.
* Add test for browser
* Rework imports to fix linter errors.
* Add Shane's reworked WebVaultPremiumUpgradePromptService.
* Send loggedOut/locked events on logout/lock event
* Revert "Send loggedOut/locked events on logout/lock event"
This reverts commit 293f2d6131.
* Ensure loggedOut is sent for non-active user logouts too
* Make loggedOut accept userIds
* Add userBeingLoggedOut in desktop app component
* Await updateconnection calls
* PM-7392 - EncryptSvc - add new method for detecting if a simple string is an enc string.
* PM-7392 - TokenSvc - add checks when setting and retrieving the access token to improve handling around the access token encryption.
* PM-7392 - (1) Clean up token svc (2) export access token key type for use in tests.
* PM-7392 - Get token svc tests passing; WIP more tests to come for new scenarios.
* PM-7392 - Access token secure storage to disk fallback WIP but mostly functional besides weird logout behavior.
* PM-7392 - Clean up unnecessary comment
* PM-7392 - TokenSvc - refresh token disk storage fallback
* PM-7392 - Fix token service tests in prep for adding tests for new scenarios.
* PM-7392 - TokenSvc tests - Test new setRefreshToken scenarios
* PM-7392 - TokenSvc - getRefreshToken should return null or a value - not undefined.
* PM-7392 - Fix test name.
* PM-7392 - TokenSvc tests - clean up test names that reference removed refresh token migrated flag.
* PM-7392 - getRefreshToken tests done.
* PM-7392 - Fix error quote
* PM-7392 - TokenSvc tests - setAccessToken new scenarios tested.
* PM-7392 - TokenSvc - getAccessToken - if secure storage errors add error to log.
* PM-7392 - TokenSvc tests - getAccessToken - all new scenarios tested
* PM-7392 - EncryptSvc - test new stringIsEncString method
* PM-7392 - Main.ts - fix circ dep issue.
* PM-7392 - Main.ts - remove comment.
* PM-7392 - Don't re-invent the wheel and simply use existing isSerializedEncString static method.
* PM-7392 - Enc String - (1) Add handling for Nan in parseEncryptedString (2) Added null handling to isSerializedEncString. (3) Plan to remove encrypt service implementation
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* PM-7392 - Remove encrypt service method
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* PM-7392 - Actually fix circ dep issues with Justin. Ty!
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* PM-7392 - TokenSvc - update to use EncString instead of EncryptSvc + fix tests.
* PM-7392 - TokenSvc - (1) Remove test code (2) Refactor decryptAccessToken method to accept access token key and error on failure to pass required decryption key to method.
* PM-7392 - Per PR feedback and discussion, do not log the user out if hte refresh token cannot be found. This will allow users to continue to use the app until their access token expires and we will error on trying to refresh it. The app will then still work on a fresh login for 55 min.
* PM-7392 - API service - update doAuthRefresh error to clarify which token cannot be refreshed.
* PM-7392 - Fix SetRefreshToken case where a null input would incorrectly trigger a fallback to disk.
* PM-7392 - If the access token cannot be refreshed due to a missing refresh token or API keys, then surface an error to the user and log it so it isn't a silent failure + we get a log.
* PM-7392 - Fix CLI build errors
* PM-7392 - Per PR feedback, add missing tests (thank you Jake for writing these!)
Co-authored-by: Jake Fink <jfink@bitwarden.com>
* PM-7392 - Per PR feedback, update incorrect comment from 3 releases to 3 months.
* PM-7392 - Per PR feedback, remove links.
* PM-7392 - Per PR feedback, move tests to existing describe.
* PM-7392 - Per PR feedback, adjust all test names to match naming convention.
* PM-7392 - ApiService - refreshIdentityToken - log error before swallowing it so we have a record of it.
* PM-7392 - Fix copy for errorRefreshingAccessToken
* PM-7392 - Per PR feedback, move error handling toast responsibility to client specific app component logic reached via messaging.
* PM-7392 - Swap logout reason from enum to type.
* PM-7392 - ApiService - Stop using messaging to trigger toast to let user know about refresh access token errors; replace with client specific callback logic.
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
* PM-7392 - Per PR feedback, adjust enc string changes and tests.
* PM-7392 - Rename file to be type from enum
* PM-7392 - ToastService - we need to await the activeToast.onHidden observable so return the activeToast from the showToast.
* PM-7392 - Desktop AppComp - cleanup messaging
* PM-7392 - Move Logout reason custom type to auth/common
* PM-7392 - WIP - Enhancing logout callback to consider the logout reason + move show toast logic into logout callback
* PM-7392 - Logout callback should simply pass along the LogoutReason instead of handling it - let each client's message listener handle it.
* PM-7392 - More replacements of expired with logoutReason
* PM-7392 - More expired to logoutReason replacements
* PM-7392 - Build new handlers for displaying the logout reason for desktop & web.
* PM-7392 - Revert ToastService changes
* PM-7392 - TokenSvc - Replace messageSender with logout callback per PR feedback.
* PM-7392 - Desktop App comp - replace toast usage with simple dialog to guarantee users will see the reason for them being logged out.
* PM-7392 - Web app comp - fix issue
* PM-7392 - Desktop App comp - don't show cancel btn on simple dialogs.
* PM-7392 - Desktop App comp - Don't open n simple dialogs.
* PM-7392 - Fix browser build
* PM-7392 - Remove logout reason from CLI as each logout call handles messaging on its own.
* PM-7392 - Previously, if a security stamp was invalid, the session was marked as expired. Restore that functionality.
* PM-7392 - Update sync service logoutCallback to include optional user id.
* PM-7392 - Clean up web app comp
* PM-7392 - Web - app comp - only handle actually possible web logout scenarios.
* PM-7392 - Browser Popup app comp - restore done logging out message functionality + add new default logout message
* PM-7392 - Add optional user id to logout callbacks.
* PM-7392 - Main.background.ts - add clarifying comment.
* PM-7392 - Per feedback, use danger simple dialog type for error.
* PM-7392 - Browser Popup - add comment clarifying expectation of seeing toasts.
* PM-7392 - Consolidate invalidSecurityStamp error handling
* PM-7392 - Per PR feedback, REFRESH_ACCESS_TOKEN_ERROR_CALLBACK can be completely sync. + Refactor to method in main.background.
* PM-7392 - Per PR feedback, use a named callback for refreshAccessTokenErrorCallback in CLI
* PM-7392 - Add TODO
* PM-7392 - Re-apply bw.ts changes to new service-container.
* PM-7392 - TokenSvc - tweak error message.
* PM-7392 - Fix test
* PM-7392 - Clean up merge conflict where I duplicated dependencies.
* PM-7392 - Per discussion with product, change default logout toast to be info
* PM-7392 - After merge, add new logout reason to sync service.
* PM-7392 - Remove default logout message per discussion with product since it isn't really visible on desktop or browser.
* PM-7392 - address PR feedback.
---------
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by: Jake Fink <jfink@bitwarden.com>
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
* Ensure AuthStatus Changes Before Exiting
* Do Not Display Account Without Name Or Email
* Fix Environment Selectors
* Add AccountService.clean to Web
* Use account service to track accounts and active account
* Remove state service active account Observables.
* Add email verified to account service
* Do not store account info on logged out accounts
* Add account activity tracking to account service
* Use last account activity from account service
* migrate or replicate account service data
* Add `AccountActivityService` that handles storing account last active data
* Move active and next active user to account service
* Remove authenticated accounts from state object
* Fold account activity into account service
* Fix builds
* Fix desktop app switch
* Fix logging out non active user
* Expand helper to handle new authenticated accounts location
* Prefer view observable to tons of async pipes
* Fix `npm run test:types`
* Correct user activity sorting test
* Be more precise about log out messaging
* Fix dev compare errors
All stored values are serializable, the next step wasn't necessary and was erroring on some types that lack `toString`.
* If the account in unlocked on load of lock component, navigate away from lock screen
* Handle no users case for auth service statuses
* Specify account to switch to
* Filter active account out of inactive accounts
* Prefer constructor init
* Improve comparator
* Use helper methods internally
* Fixup component tests
* Clarify name
* Ensure accounts object has only valid userIds
* Capitalize const values
* Prefer descriptive, single-responsibility guards
* Update libs/common/src/state-migrations/migrate.ts
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* Fix merge
* Add user Id validation
activity for undefined was being set, which was resulting in requests for the auth status of `"undefined"` (string) userId, due to key enumeration. These changes stop that at both locations, as well as account add for good measure.
---------
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* refactored injector of services on the browser service module
* refactored the search and popup serach service to use state provider
* renamed back to default
* removed token service that was readded during merge conflict
* Updated search service construction on the cli
* updated to use user key definition
* Reafctored all components that refernce issearchable
* removed commented variable
* added uncommited code to remove dependencies not needed anymore
* added uncommited code to remove dependencies not needed anymore
* Create tracker that can await until expected observables are received.
* Test dates are almost equal
* Remove unused class method
* Allow for updating active account in accout service fake
* Correct observable tracker behavior
Clarify documentation
* Transition config service to state provider
Updates the config fetching behavior to be lazy and ensure that any emitted value has been updated if older than a configurable value (statically compiled).
If desired, config fetching can be ensured fresh through an async.
* Update calls to config service in DI and bootstrapping
* Migrate account server configs
* Fix global config fetching
* Test migration rollback
* Adhere to implementation naming convention
* Adhere to abstract class naming convention
* Complete config abstraction rename
* Remove unnecessary cli config service
* Fix builds
* Validate observable does not complete
* Use token service to determine authed or unauthed config pull
* Remove superfluous factory config
* Name describe blocks after the thing they test
* Remove implementation documentation
Unfortunately the experience when linking to external documentation is quite poor. Instead of following the link and retrieving docs, you get a link that can be clicked to take you out of context to the docs. No link _does_ retrieve docs, but lacks indication in the implementation that documentation exists at all.
On the balance, removing the link is the better experience.
* Fix storybook
* add showFavicons to domain settings
* replace usages of disableFavicon with showFavicons via the domain settings service and remove/replace settings service
* create migration for disableFavicon
* cleanup
