* fix(PM-18888) : Create more strict checking of redirectURL to protect against open redirect attacks using regex.
* fix : modify comments and check for embedded credentials.
* feat : add testability to duo-redirect connector
* fix : fixing strict typing; Removed styling from duo-redirect.ts which allows us to test without adding additional files and configurations for jest.
* fix : remove duo-redirect.scss
Replace the FallbackRequestedError rejection pattern with direct
AbortController.abort() calls when destroying the Messenger. This
eliminates misleading console errors and ensures correct cancellation
behavior.
The FallbackRequestedError is intended specifically for user-requested
WebAuthn fallbacks, not general message cleanup operations.
Fixes GitHub issue #12663
* Moved saving of SSO email outside of browser/desktop code
* Clarified comments.
* Tests
* Refactored login component services to manage state
* Fixed input on login component
* Fixed tests
* Linting
* Moved web setting in state into web override
* updated tests
* Fixed typing.
* Fixed type safety issues.
* Added comments and renamed for clarity.
* Removed method parameters that weren't used
* Added clarifying comments
* Added more comments.
* Removed test that is not necessary on base
* Test cleanup
* More comments.
* Linting
* Fixed test.
* Fixed base URL
* Fixed typechecking.
* Type checking
* Moved setting of email state to default service
* Added comments.
* Consolidated SSO URL formatting
* Updated comment
* Fixed reference.
* Fixed missing parameter.
* Initialized service.
* Added comments
* Added initialization of new service
* Made email optional due to CLI.
* Fixed comment on handleSsoClick.
* Added SSO email persistence to v1 component.
* Updated login email service.
* Updated setting of remember me
* Removed unnecessary input checking and rearranged functions
* Fixed name
* Added handling of Remember Email to old component for passkey click
* Updated v1 component to persist the email on Continue click
* Fix merge conflicts.
* Merge conflicts in login component.
* Persisted login email on v1 browser component.
* Merge conflicts
* fix(snap) [PM-17464][PM-17463][PM-15587] Allow Snap to use custom callback protocol
* Removed Snap from custom protocol workaround
* Fixed tests.
* Updated case numbers on test
* Resolved PR feedback.
* PM-11502 - LoginEmailSvcAbstraction - mark methods as abstract to satisfy strict ts.
* Removed test
* Changed to persist on leaving fields instead of button click.
* Fixed type checking.
---------
Co-authored-by: Bernd Schoolmann <mail@quexten.com>
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
- Remove Bootstrap styles from two-factor-setup component and replace with Tailwind equivalents
- Convert two factor components to standalone components to move away from LooseComponents
- Replace ul/li list with bit-item-group and bit-item components
- Integrate with the bit design system
---------
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
* Add setupBusinessUnit to OrganizationBillingApiService
* Add setup-business-unit.component
* Updated designs and cleanup work
* Update existing logos for Provider Portal and Admin Console
* Fix broken test
* PM-17187 Autofill new card information in the popout
* Add new identity autofill to browser extension
* Add ability to save values from autoselect fields
* Add ssoExternalId to OrganizationUserAdminView and OrganizationUserDetailsResponse
- Updated OrganizationUserAdminView to include ssoExternalId property.
- Enhanced OrganizationUserDetailsResponse constructor to initialize ssoExternalId from response data.
* Add SSO External ID copy to messages.json
* Implement SSO External ID field in member dialog
- Added a new input field for ssoExternalId in the member dialog component.
- Introduced visibility logic for both externalId and ssoExternalId based on feature flags.
- Updated form control initialization to include ssoExternalId.
This PR
- Moves the `compareInputs` validator to `libs/auth` (with some minor updates to the validator)
- Adds unit tests for `compareInputs`
- Removes the deprecated input validators from `InputsFieldMatch` along with the `inputs-field-match.validator.ts` file
* feat: add foreground ipc service
* refactor: create abstract ipc service in libs
* wip: remove IPC service complexity
The code was making some wrong assumptions about how IPC is going to work. I'm removing everything and starting the content-script instead
* feat: working message sending from page to background
* refactor: move into common
* feat: somewhat complete web <-> browser link
* wip: ping command from web
* fix: import path
* fix: wip urls
* wip: add console log
* feat: successfull message sending (not receiving)
* feat: implement IPC using new refactored framework
* wip: add some console logs
* wip: almost working ping/pong
* feat: working ping/pong
* chore: clean-up ping/pong and some console logs
* chore: remove unused file
* fix: override lint rule
* chore: remove unused ping message
* feat: add tests for message queue
* fix: adapt to name changes and modifications to SDK branch
* fix: missing import
* fix: remove content script from manifest
The feature is not ready for prodution code yet. We will add dynamic injection with feature-flag support in a follow-up PR
* fix: remove fileless lp
* fix: make same changes to manifest v2
* fix: initialization functions
Add missing error handling, wait for the SDK to load and properly depend on the log service
* feat: use named id field
* chore: update sdk version to include IPC changes
* fix: remove messages$ buffer
* fix: forgot to commit package-lock
* feat: add additional destination check
* feat: only import type in ipc-message
* fix: typing issues
* feat: check message origin
* Remove AES128CBC-HMAC encryption
* Increase test coverage
* Refactor symmetric keys and increase test coverage
* Re-add type 0 encryption
* Fix ts strict warning
* Re-add support for encrypt hmac-less aes
* Add comment about inner()
* Update comment
* Deduplicate encryption type check
* Undo test changes
* Lift out encryption type check to before splitting by encryption type
* Change null to undefined
* Fix test
- Move the `compareInputs` validator to `libs/auth`
- Add tests for the `compareInputs` validator
- Delete the deprecated `InputsFieldMatch` class (inputs-field-match.validator.ts)
Updates the InputPasswordComponent so that it can eventually be used in multiple set/change password scenarios.
Most importantly, this PR adds an InputPasswordFlow enum and @Input so that parent components can dictate which UI elements to show.
* Renamed groups and added consistent periods
* Fixed punctuation
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
---------
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
* set pin validation to min length of 4
* use reactive forms
* PM-8951 - SetPin - remove dialog close logic if pin is invalid so validation errors can be shown to the user.
---------
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
