When a user logs in via SSO after their org has offboarded from TDE, we now show them a helpful error message stating that they must either login on a Trusted device, or ask their admin to assign them a password.
Feature flag: `PM16117_SetInitialPasswordRefactor`
Creates a `SetInitialPasswordComponent` to be used in scenarios where an existing and authed user must set an initial password.
Feature Flag: `PM16117_SetInitialPasswordRefactor`
* feat: Create methods for calling GET auth-request/pending endpoint.
* feat: update banner service on web, and desktop vault
* test: updated banner test to use auth request services
* fix: DI fixes
* feat: add RequestDeviceId to AuthRequestResponse
* fix: add Browser Approvals feature flags to desktop vault and web vault banner service
* test: fix tests for feature flag
* Created new service to get restricted types for the CLI
* Created service for cli to get restricted types
* Utilized restriction service in commands
* Renamed function
* Refactored service and made it simpler to check when a cipher type is restricted or not
* Moved service to common so it can be utilized on the cli
* Refactored service to use restricted type service
* Removed userId passing from commands
* Exclude restrict types from export
* Added missing dependency
* Added missing dependency
* Added missing dependency
* Added service utils commit from desktop PR
* refactored to use reusable function
* updated reference
* updated reference
* Fixed merge conflicts
* Refactired services to use isCipherRestricted
* Refactored restricted item types service
* Updated services to use the reafctored item types service
* add restricted item types to legacy vault components
* filter out restricted item types from new menu item in desktop
* use CIPHER_MENU_ITEMS
* use CIPHER_MENU_ITEMS. move restricted cipher service to common
* use move restricted item types service to libs. re-use cipher menu items
* add shareReplay. change variable name
* move restricted filter to search service. remove unecessary import
* add reusable service method
* clean up spec
* add optional chain
* remove duplicate import
* move isCipherViewRestricted to service module
* fix logic
* fix logic
* remove extra space
---------
Co-authored-by: SmithThe4th <gsmith@bitwarden.com>
* PM-19555 - LogoutService - build abstraction, default, and extension service and register with service modules
* PM-19555 - Lock Comp - use logoutService
* PM-19555 - LoginDecryptionOptions - Use logout service which removed need for extension-login-decryption-options.service
* PM-19555 - AccountSwitcher logic update - (1) Use logout service + redirect guard routing (2) Remove logout method from account switcher service (3) use new NewActiveUser type
* PM-19555 - Extension - Acct Switcher comp - clean up TODOs
* PM-19555 - Add TODOs for remaining tech debt
* PM-19555 - Add tests for new logout services.
* PM-19555 - Extension - LoginInitiated - show acct switcher b/c user is AuthN
* PM-19555 - Add TODO to replace LogoutCallback with LogoutService
* PM-19555 WIP
* PM-19555 - Extension App Comp - account switching to account in TDE locked state works now.
* PM-19555 - Extension App Comp - add docs
* PM-19555 - Extension App Comp - add early return
* PM-19555 - Desktop App Comp - add handling for TDE lock case to switch account logic.
* PM-19555 - Extension - Account Component - if account unlocked go to vault
* PM-19555 - Per PR feedback, clean up unnecessary nullish coalescing operator.
* PM-19555 - Extension - AppComponent - fix everHadUserKey merge issue
* PM-19555 - PR feedback - refactor switchAccount and locked message handling on browser & desktop to require user id. I audited all callsites for both to ensure this *shouldn't* error.
* Refactor components to remove limitItemDeletion feature flag usage
This commit simplifies the logic in various components by removing the limitItemDeletion feature flag. The conditions for displaying restore and delete actions are now based solely on the cipher's permissions, enhancing code clarity and maintainability.
* Refactor cipher deletion logic to remove the feature flag and collection ID dependency
This commit updates the cipher deletion logic across multiple components and services by removing the unnecessary dependency on collection IDs. The `canDeleteCipher$` method now solely relies on the cipher's permissions, simplifying the code and improving maintainability.
* Remove LimitItemDeletion feature flag from feature-flag enum and default values
* Remove configService from ServiceContainer and MainBackground constructor parameters
* Remove configService from RestoreCommand instantiation in OssServeConfigurator and VaultProgram classes
* first draft at an idea dependency graph
* ignore existing errors
* remove conflicting rule regarding internal platform logic in libs
* review: allow components to import from platform
This PR creates a new ChangePasswordComponent. The first use-case of the ChangePasswordComponent is to place it inside a new PasswordSettingsComponent, which is accessed by going to Account Settings > Security.
The ChangePasswordComponent will be updated in future PRs to handle more change password scenarios.
Feature Flags: PM16117_ChangeExistingPasswordRefactor
* Created mappings for client domain object to SDK
* Add abstract decrypt observable
* Added todo for future consideration
* Added implementation to cipher service
* Added adapter and unit tests
* Created cipher encryption abstraction and service
* Register cipher encryption service
* Added tests for the cipher encryption service
* changed signature
* Updated feature flag name
* added new function to be used for decrypting ciphers
* Added new encryptedKey field
* added new function to be used for decrypting ciphers
* Manually set fields
* Added encrypted key in attachment view
* Fixed test
* Updated references to use decrypt with feature flag
* Added dependency
* updated package.json
* lint fix
* fixed tests
* Fixed small mapping issues
* Fixed test
* Added function to decrypt fido2 key value
* Added function to decrypt fido2 key value and updated test
* updated to use sdk function without prociding the key
* updated localdata sdk type change
* decrypt attachment content using sdk
* Fixed dependency issues
* updated package.json
* Refactored service to handle getting decrypted buffer using the legacy and sdk implementations
* updated services and component to use refactored version
* Updated decryptCiphersWithSdk to use decryptManyLegacy for batch decryption, ensuring the SDK is only called once per batch
* Fixed merge conflicts
* Fixed merge conflicts
* Fixed merge conflicts
* Fixed lint issues
* Moved getDecryptedAttachmentBuffer to cipher service
* Moved getDecryptedAttachmentBuffer to cipher service
* ensure CipherView properties are null instead of undefined
* Fixed test
* ensure AttachmentView properties are null instead of undefined
* Linked ticket in comment
* removed unused orgKey
* remove NewDeviceVerificationGuard and all associated entities. New Device verification feature has rolled out in production, this guard is no longer needed.
* remove unused properties from the vault profile service
* Improve dev logging
* Define decrypt with sdk flag
* Use SDK's pure crypto functions for decryption
feature flagged by `use-sdk-for-decryption`
* Avoid pushing decryption requests to web workers for SDK
web workers are able to use the SDK, but they require the SDK module to be initialized. If this is eventually seen as desired, we'll need client-specific worker scripts.
* Apply suggestions from code review
Co-authored-by: Bernd Schoolmann <mail@quexten.com>
* fixup! Apply suggestions from code review
* fixup: Update feature flag state in config callbacks
* Apply suggestions from code review
Co-authored-by: Bernd Schoolmann <mail@quexten.com>
---------
Co-authored-by: Bernd Schoolmann <mail@quexten.com>
* Added nav item for f4e in org admin console
* shotgun surgery for adding "useAdminSponsoredFamilies" feature from the org table
* Resolved issue with members nav item also being selected when f4e is selected
* Separated out billing's logic from the org layout component
* Removed unused observable
* Moved logic to existing f4e policy service and added unit tests
* Resolved script typescript error
* Resolved goofy switchMap
* Add changes for the issue orgs
* Added changes for the dialog
* Rename the files properly
* Remove the commented code
* Change the implement to align with design
* Add todo comments
* Remove the comment todo
* Fix the uni test error
* Resolve the unit test
* Resolve the unit test issue
* Resolve the pr comments on any and route
* remove the any
* remove the generic validator
* Resolve the unit test
* add validations for email
* Add changes for the autoscale
* Changes to allow admin to send F4E sponsorship
* Fix the lint errors
* Resolve the lint errors
* Fix the revokeAccount message
* Fix the lint runtime error
* Resolve the lint issues
* Remove unused components
* Changes to add isadminInitiated
* remove the FIXME comment
* Resolve the failing test
* Fix the pr comments
* Resolve the orgkey and other comments
* Resolve the lint error
* Resolve the lint error
* resolve the spelling error
* refactor the getStatus method
* Remove the deprecated method
* Resolve the unusual type casting
* revert the change
---------
Co-authored-by: Conner Turnbull <cturnbull@bitwarden.com>
Co-authored-by: Conner Turnbull <133619638+cturnbull-bitwarden@users.noreply.github.com>
* [PM-10611] Remove Angular dependencies from Notifications module
* [PM-10611] Move end user notification service to /libs/common/vault/notifications
* [PM-10611] Implement listenForEndUserNotifications() for EndUserNotificationService
* [PM-10611] Add missing taskId to notification models
* [PM-10611] Add switch cases for end user notification payloads
* [PM-10611] Mark task related notifications as read when visiting the at-risk password page
* [PM-10611] Revert change to default-notifications service
* [PM-10611] Fix test
* [PM-10611] Fix tests and log warning in case more notifications than the default page size are available
* [PM-10611] Use separate feature flag for end user notifications
* [PM-10611] Fix test
* [PM-13128] Enable Breadcrumb Policies
* [PM-13128] Enable Breadcrumb Policies
* [PM-13128] wip
* [PM-13128] wip
* [PM-13128] wip
* [PM-13128] wip
* remove dead code
* wip
* wip
* wip
* refactor
* Fix for providers
* revert to functional auth guard
* change prerequisite to info variant
* address comment
* r
* r
* r
* tests
* r
* r
* fix tests
* feedback
* fix tests
* fix tests
* Rename upselling to breadcrumbing
* Address feedback
* Fix build & tests
* Make the guard callback use Observable instead of a promise
* Pm 13128 suggestions (#14041)
* Rename new enum value
* Show the upgrade button when breadcrumbing is enabled
* Show mouse pointer when cursor is hovered above badge
* Do not make the dialogs overlap
* Align badge middle
* Gap
* Badge should be a `button` instead of `span`
* missing button@type
---------
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Alex Morask <amorask@bitwarden.com>
* Moved saving of SSO email outside of browser/desktop code
* Clarified comments.
* Tests
* Refactored login component services to manage state
* Fixed input on login component
* Fixed tests
* Linting
* Moved web setting in state into web override
* updated tests
* Fixed typing.
* Fixed type safety issues.
* Added comments and renamed for clarity.
* Removed method parameters that weren't used
* Added clarifying comments
* Added more comments.
* Removed test that is not necessary on base
* Test cleanup
* More comments.
* Linting
* Fixed test.
* Fixed base URL
* Fixed typechecking.
* Type checking
* Moved setting of email state to default service
* Added comments.
* Consolidated SSO URL formatting
* Updated comment
* Fixed reference.
* Fixed missing parameter.
* Initialized service.
* Added comments
* Added initialization of new service
* Made email optional due to CLI.
* Fixed comment on handleSsoClick.
* Added SSO email persistence to v1 component.
* Updated login email service.
* Updated setting of remember me
* Removed unnecessary input checking and rearranged functions
* Fixed name
* Added handling of Remember Email to old component for passkey click
* Updated v1 component to persist the email on Continue click
* Fix merge conflicts.
* Merge conflicts in login component.
* Persisted login email on v1 browser component.
* Merge conflicts
* fix(snap) [PM-17464][PM-17463][PM-15587] Allow Snap to use custom callback protocol
* Removed Snap from custom protocol workaround
* Fixed tests.
* Updated case numbers on test
* Resolved PR feedback.
* PM-11502 - LoginEmailSvcAbstraction - mark methods as abstract to satisfy strict ts.
* Removed test
* Changed to persist on leaving fields instead of button click.
* Fixed type checking.
---------
Co-authored-by: Bernd Schoolmann <mail@quexten.com>
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
* [PM-17563] Implement listenForTaskNotifications in default-task.service.ts
* [PM-17563] Update syncService to include userId in syncCompleted message payload
* [PM-17563] Update default-task.service to react to both pending task notifications and completed syncs
* [PM-17563] Add unit tests around task notification listening
* [PM-17563] Only check for at risk password tasks if tasks are enabled
* [PM-17563] Make userId required even if undefined
* [PM-17563] Use abstract TaskService instead of default implementation in MainBackground
* [PM-17563] Cleanup userId filtering
* [PM-17563] Remove references to Angular from TaskService
* [PM-17563] Move Task module to libs/common/vault to avoid Angular dependency
* [PM-17563] Fix bad imports
* [PM-17563] Fix a few more missed imports
* Add new export format: zip
* Restrict zip export to just individual vaults
* Add tests
* Remove unused import
* Fix build error
* Fix tests
* Fix test
* Fix retrieval of ciphers by passing in activeUserId
* Guard feature behind `export-attachments`-feature-flag
* Extend cipher filter to also filter out any ciphers that are assigned to an organization
* Added apiService to retrieve AttachmentData (metaData) and then download the attachment
- Added ApiService as a depdency within DI for VaultExportService/IndividualVaultExportService
- Added unit tests for filtering ciphers
- Added unit test for downloading attachment metadata and attachments
* Moved attachment decryption into a separate method and added unit tests
* Added null check for creating the base attachment folder
* Move format check for zip within Org export into an early return/throw
* Add feature flag guard on the CLI
* Extend ExportScopeCallout to display an individual export will contain attachment when zip-format is selected
* Fix adding/removing the zip-export option based on selected vault and state of `export-attachments` feature-flag
* Separate AAA visually using whitespace within tests
* Remove unused error var
* Write test that verifies different http request failures when retrieving attachment data
* Remove uneeded ignore lint rule
* Rewrite test to actually check that ciphers assigned to an org are filtered out
* Introduce ExportedVault return type (#13842)
* Define ExportedVault type unioned by 2 new types that describe a plain-text export vs a blob-based zip-export
* Extend static getFileName to handle formats and add unit-tests
* Introduce new export return type throughout the vault export module
- Update abstractions
- Update return types within implementations
- Update callers/consumers to handle the new return value
- Fix all unit tests
* Add support for new export return type and fix download of blobs via CLI
* Add documentation to public methods
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
---------
Co-authored-by: Daniel James Smith <2670567+djsmith85@users.noreply.github.com>
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Refactor toast calls out of auth services. Toasts are now triggered by an observable emission that gets picked up by an observable pipeline in a new `DeviceTrustToastService` (libs/angular). That observable pipeline is then subscribed by by consuming the `AppComponent` for each client.
* Refactored totp service to use sdk
Fixed strict typescript issues
* Fixed dependency issues
* Returned object that contains code and period, removed get interval function
* removed dependencies
* Updated to use refactored totp service
* removed sdk service undefined check
* removed undefined as an input from the getCode function
* Made getcode$ an observable
* refactored to use getcodee$
* Filter out emmissions
* updated sdk version
* Fixed readability nit
* log error on overlay if totp response does not return a code
* fix(totpGeneration): [PM-11941] Totp countdown not working on clients
* Used optional chaining if totpresponse returns null or undefined
* PM-18654 - State Service & Login Strategy Refactor - move env seeding into login strategy so that new accounts always load w/ the correct environment
* PM-18654 - SSO Comp - just use user id from auth result
* PM-18654 - Config Service - (1) don't allow cascading calls to the renewConfig by using a private promise (2) Replace shareReplay with share configured with manual timer
* PM-18654 - LoginComponents - detail issue and possible fix
* PM-18654 - DesktopLoginV1Comp - use correct destroy hook
* PM-18654 - LoginComp - clean up no longer correct comment
* PM-18654 - New Device Verification Component - Remove unused PasswordLoginStrategy dependency
* PM-18654 - Browser Home Component - fix qParam logic
* PM-18654 - DefaultConfigService - revert changes as they aren't necessary to fix the bug.
* PM-18654 - DefaultConfigService - remove commented code
* PM-18654 - LoginStrategy - add comment
* PM-18654 - Fix login strat tests
* move vault timeout and vault timeout settings to km
* move browser vault timeout service to km
* fix cli import
* fix imports
* fix some relative imports
* use relative imports within common
* fix imports
* fix new imports
* Fix new imports
* fix spec imports
* Move encrypt service to km ownership
* Update imports for encrypt service abstraction and move bulk encrypt service abstraction
* Fix imports
* Fix further imports
* Fix imports
* Fix worker import
* refactor(active-user-state-refactor): [PM-12040] Remove ActiveUserState from SSO Service - First pass of work to update the state. In the middle of testing.
* fix(active-user-state-refactor): [PM-12040] Remove ActiveUserState from SSO Service - Fix for jslib-services.module.ts
* fix(active-user-state-refactor): [PM-12040] Remove ActiveUserState from SSO Service - Fix main.background.ts
* test(active-user-state-refactor): [PM-12040] Remove ActiveUserState from SSO Service - Added simple tests
* fix(active-user-state-refactor): [PM-12040] Remove ActiveUserState from SSO Service - Tiny touchups.
* fix(active-user-state-refactor): [PM-12040] Remove ActiveUserState from SSO Service - Few fixes to resolve comments.
* fix(active-user-state-refactor): [PM-12040] Remove ActiveUserState from SSO Service - Changed place where userId is loaded.
* test(active-user-state-refactor): [PM-12040] Remove ActiveUserState from SSO Service - Fixed test.
