* implement the self-host subscription changes
* Correct few ui changes
* Update to h1
* PR review changes
* Changes for the async cancel
* Resolve the two bug issues
* implement the review comments
* Resolve the Active issue
* Fix the space issues
* Remove the tabs for billing and payment
* revert the self-host changes
* Fix the subtitle issue
* [PM-23258] changing verbiage from import data to import items
* [PM-23258] Removing vault and data from import and export titles, navs, and buttons
* [PM-23258] more verbiage changes
* [PM-23258] reverting unnecessary change
* [PM-23258] removing unused text from messages json files
* [PM-23258] small text changes from design
* [PM-23258] including secrets manager changes
* feat: add Identity Sso Required Response type as possible response from token endpoint.
* feat: consume sso organization identifier to redirect user
* feat: add get requiresSso to AuthResult for more ergonomic code.
* feat: sso-redirect on sso-required for CLI and Desktop
* chore: fixing type errors
* test: fix and add tests for new sso method
* docs: fix misspelling
* fix: get email from AuthResult instead of the FormGroup
* fix:claude: when email is not available for SSO login show error toast.
* fix:claude: add null safety check
* PM-27628 conditions for send and export links in left navbar
* PM-27628 resolved claude comment for pr
* PM-27628 resolved claude comment for pr
* PM-27628 reverted earlier display conditionals and changed label
* PM-27628 changed out keys as well
* PM-27628 revert description key change
* [PM-22750] Add upgradeOldCipherAttachment method to CipherService
* [PM-22750] Refactor download attachment component to use signals
* [PM-22750] Better download url handling
* [PM-22750] Cleanup upgradeOldCipherAttachments method
* [PM-22750] Refactor cipher-attachments.component to use Signals and OnPush
* [PM-22750] Use the correct legacy decryption key for attachments without their own content encryption key
* [PM-22750] Add fix attachment button back to attachments component
* [PM-22750] Fix newly added output signals
* [PM-22750] Fix failing test due to signal refactor
* [PM-22750] Update copy
* Add IncreaseBulkReinviteLimitForCloud feature flag
* Enhance PeopleTableDataSource with bulk operation limits and feature flag integration
- Introduced a new feature flag to increase the bulk reinvite limit for cloud environments.
- Added an observable to determine if the increased limit is enabled based on the feature flag and environment.
- Updated the logic for enforcing checked user limits in bulk operations, allowing for a maximum of 4000 users when the feature flag is active.
- Refactored the constructor to initialize the new observable and manage the maximum allowed checked count dynamically.
* Add unit tests for PeopleTableDataSource to validate user limit enforcement and status counts
* Refactor MembersComponent to integrate increased bulk limit feature
- Added support for conditional user limit enforcement in bulk operations based on a feature flag.
- Introduced new dependencies for ConfigService and EnvironmentService to manage configuration settings.
- Updated methods to utilize the new getCheckedUsers function, which enforces limits when the feature is enabled.
- Refactored data source initialization to accommodate the new logic for handling checked users.
* Refactor enforceCheckedUserLimit method in PeopleTableDataSource to use filtered data for user limit enforcement and to keep checked the top rows.
Removed unnecessary comments and improved readability.
* Add bulk reinvite success messages to localization files
This update introduces new localization keys for bulk reinvite success notifications, including a general success message and a limited success message that provides details on the number of users re-invited and those excluded due to limits. This enhances user feedback during bulk operations.
* Enhance bulk reinvite functionality with toast notifications
This update modifies the MembersComponent to display success messages via toast notifications when the feature flag for increased bulk limits is enabled. If the limit is exceeded, a detailed message is shown, otherwise a general success message is displayed. The legacy dialog is retained for cases when the feature flag is disabled, ensuring consistent user feedback during bulk reinvite operations.
* Rename MaxBulkReinviteCount to CloudBulkReinviteLimit
* Refactor user retrieval logic in MembersComponent to conditionally enforce bulk limits
This update modifies the MembersComponent in both the admin console and provider management sections to replace the direct calls to getCheckedUsers() with a conditional check for increased bulk limit feature. If enabled, it enforces user limits; otherwise, it retrieves all checked users. The deprecated getCheckedUsers method has been removed to streamline the code.
* Add constructor to MembersTableDataSource for improved dependency injection
This update introduces a constructor to the MembersTableDataSource class in both the admin console and provider management sections, allowing for better dependency injection of ConfigService, EnvironmentService, and DestroyRef. This change enhances the overall structure and maintainability of the code.
* Refactor PeopleTableDataSource and MembersComponent to implement new bulk limit logic
This update modifies the PeopleTableDataSource to introduce a new property for managing increased bulk limits and refactors the MembersComponent to utilize this logic. The enforcement of user limits during bulk operations is now conditional based on the feature flag, allowing for a more flexible handling of user selections. Additionally, the method for limiting and unchecking excess users has been updated for clarity and efficiency.
* Refactor PeopleTableDataSource tests to update limit enforcement logic
This update modifies the test cases for the PeopleTableDataSource to reflect the new method for limiting and unchecking excess users. The method name has been changed from `enforceCheckedUserLimit` to `limitAndUncheckExcess`, and the tests have been adjusted accordingly to ensure they accurately validate the new functionality. Additionally, unnecessary tests have been removed to streamline the test suite.
* Change CloudBulkReinviteLimit back to 4000
* Refactor MembersComponent to utilize new getCheckedUsersInVisibleOrder method
This update modifies the MembersComponent to conditionally retrieve checked users based on the increased bulk limit feature. If enabled, it uses the new getCheckedUsersInVisibleOrder method to maintain visual consistency in the filtered/sorted table view. This change enhances the handling of user selections during bulk operations.
* Refactor PeopleTableDataSource to use Signals for increased bulk limit feature and update related tests. Removed unused imports and dependencies on DestroyRef in MembersTableDataSource components.
* Refactor MembersComponent to remove unused Signal for increased bulk limit and directly utilize dataSource method for feature flag checks.
* Implement getCheckedUsersWithLimit method to streamline user retrieval based on feature flag; update MembersComponent to utilize this new method for bulk actions.
* enforce session timeout policy
* better angular validation
* lint fix
* missing switch break
* fallback when timeout not supported with highest available timeout
* failing unit tests
* incorrect policy message
* vault timeout type adjustments
* fallback to "on browser refresh" for browser, when policy is set to "on system locked", but not available (Safari)
* docs, naming improvements
* fallback for current user session timeout to "on refresh", when policy is set to "on system locked", but not available.
* don't display policy message when the policy does not affect available timeout options
* 8 hours default when changing from non-numeric timeout to Custom.
* failing unit test
* missing locales, changing functions access to private, docs
* removal of redundant magic number
* missing await
* await once for available timeout options
* adjusted messaging
* unit test coverage
* vault timeout numeric module exports
* unit test coverage
* add premium badge to web filter when the user does not have access to premium
* remove feature flag pass through in favor of showing/hiding archive vault observable
* refactor archive observable to be more generic
* add archive premium badge for the web
* show premium badge inline for archive filter
* show premium subscription ended message when user has archived ciphers
* fix missing refactor
* remove unneeded can archive check
* reference observable directly
* reduce the number of firstValueFroms by combining observables into a single stream
* fix failing tests
* add import to storybook
* update variable naming for premium filters
* pass event to `promptForPremium`
* remove check for organization
* fix footer variable reference
* refactor back to `hasArchiveFlagEnabled$` - more straight forward to the underlying logic
* update archive service test with new feature flag format
* Implement automatic kdf upgrades
* Fix kdf config not being updated
* Update legacy kdf state on master password unlock sync
* Fix cli build
* Fix
* Deduplicate prompts
* Fix dismiss time
* Fix default kdf setting
* Fix build
* Undo changes
* Fix test
* Fix prettier
* Fix test
* Update libs/angular/src/key-management/encrypted-migration/encrypted-migrations-scheduler.service.ts
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Update libs/common/src/key-management/master-password/abstractions/master-password.service.abstraction.ts
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Update libs/angular/src/key-management/encrypted-migration/encrypted-migrations-scheduler.service.ts
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Only sync when there is at least one migration
* Relative imports
* Add tech debt comment
* Resolve inconsistent prefix
* Clean up
* Update docs
* Use default PBKDF2 iteratinos instead of custom threshold
* Undo type check
* Fix build
* Add comment
* Cleanup
* Cleanup
* Address component feedback
* Use isnullorwhitespace
* Fix tests
* Allow migration only on vault
* Fix tests
* Run prettier
* Fix tests
* Prevent await race condition
* Fix min and default values in kdf migration
* Run sync only when a migration was run
* Update libs/common/src/key-management/encrypted-migrator/default-encrypted-migrator.ts
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Fix link not being blue
* Fix later button on browser
---------
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* feat(billing): update messages to add reasons
* feat(billing): update survey with switching reason based on param
* fix(billing): revert value of switching reasons
* fix(billing): revert removal of tooExpensive message
* fix(billing): Add plan type to params and update switching logic
* fix(billing): update to include logic
* fix(billing): PR feedback
* Fix reviews not saving in new applications review. Skip assign page if no at risk passwords are to be assigned. Fix bug in password change widget
* Claude comment improvements
* The discount badge implementation
* Use existing flag
* Added the top spaces as requested
* refactor: move discount-badge to pricing library and consolidate discount classes
* fix: add CommonModule import to discount-badge component and simplify discounted amount calculation
- Add CommonModule import to discount-badge component for *ngIf directive
- Simplify discountedSubscriptionAmount to use upcomingInvoice.amount from server instead of manual calculation
* Fix the lint errors
* Story update
---------
Co-authored-by: Alex Morask <amorask@bitwarden.com>
* feat(dirt): add "needs review" state for applications needing initial review
- Add showNeedsReviewState to display warning when all apps lack review dates
- Track noAppsHaveReviewDate flag to identify unreviewed applications
- Add i18n strings for organization items count and review prompt
- Update activity card to show 3 states: all caught up, needs review, new apps
- Apply tw-col-span-2 to needs review card for better visibility
* refactor: split activity card states into separate @if blocks for readability
* fix: set hasLoadedApplicationData when summary data arrives
Previously, hasLoadedApplicationData was only set in the enrichedReportData$
subscription, which fired after reportSummary$ and newApplications$. This
caused a timing issue where showNeedsReviewState would remain false even when
newApplicationsCount === totalApplicationCount because the flag wasn't set yet.
Now we set hasLoadedApplicationData=true as soon as reportSummary$ arrives
with totalApplicationCount > 0, ensuring proper synchronization.
---------
Co-authored-by: Tom <ttalty@bitwarden.com>
* consolidated session timeout settings component
* rename preferences to appearance
* race condition bug on computed signal
* outdated header for browser
* unnecessary padding
* remove required on action, fix build
* rename localization key
* missing user id
* required
* cleanup task
* eslint fix signals rollback
* takeUntilDestroyed, null checks
* move browser specific logic outside shared component
* explicit input type
* input name
* takeUntilDestroyed, no toast
* unit tests
* cleanup
* cleanup, correct link to deprecation jira
* tech debt todo with jira
* missing web localization key when policy is on
* relative import
* extracting timeout options to component service
* duplicate localization key
* fix failing test
* subsequent timeout action selecting opening without dialog on first dialog cancellation
* default locale can be null
* unit tests failing
* rename, simplifications
* one if else feature flag
* timeout input component rendering before async pipe completion
* add one time setup dialog for auto confirm
* add one time setup dialog for auto confirm
* fix copy, padding, cleanup observable logic
* cleanup
* cleanup
* refactor
* clean up
* more cleanup
* Fix deleted files
This reverts commit 7c18a5e512.
* [PM-24469] Refactor CipherViewComponent to use Angular signals and computed properties for improved reactivity
* [PM-24469] Refactor CipherViewComponent to utilize Angular signals for organization data retrieval
* [PM-24469] Refactor CipherViewComponent to utilize Angular signals for folder data retrieval
* [PM-24469] Cleanup organization signal
* [PM-24469] Refactor CipherViewComponent to replace signal for card expiration with computed property
* [PM-24469] Improve collections loading in CipherViewComponent
* [PM-24469] Remove redundant loadCipherData method
* [PM-24469] Refactor CipherViewComponent to replace signal with computed property for pending change password tasks
* [PM-24469] Refactor LoginCredentialsViewComponent to rename hadPendingChangePasswordTask to showChangePasswordLink for clarity
* [PM-24469] Introduce showChangePasswordLink computed property for improved readability
* [PM-24469] Initial RI for premium logic
* [PM-24469] Refactor checkPassword risk checking logic
* [PM-24469] Cleanup premium check
* [PM-24469] Cleanup UI visuals
* [PM-24469] Fix missing typography import
* [PM-24469] Cleanup docs
* [PM-24469] Add feature flag
* [PM-24469] Ensure password risk check is only performed when the feature is enabled, and the cipher is editable by the user, and it has a password
* [PM-24469] Refactor password risk evaluation logic and add unit tests for risk assessment
* [PM-24469] Fix mismatched CipherId type
* [PM-24469] Fix test dependencies
* [PM-24469] Fix config service mock in emergency view dialog spec
* [PM-24469] Wait for decrypted vault before calculating cipher risk
* [PM-24469] startWith(false) for passwordIsAtRisk signal to avoid showing stale values when cipher changes
* [PM-24469] Exclude organization owned ciphers from JIT risk analysis
* [PM-24469] Add initial cipher-view component test boilerplate
* [PM-24469] Add passwordIsAtRisk signal tests
* [PM-24469] Ignore soft deleted items for RI for premium feature
* [PM-24469] Fix tests
* feat(dirt): add newApplications$ observable to orchestrator
Add reactive observable that filters applicationData for unreviewed apps
(reviewedDate === null). Observable automatically updates when report
state changes through the pipeline.
- Add newApplications$ observable with distinctUntilChanged
- Filters rawReportData$.data.applicationData
- Uses shareReplay for multi-subscriber efficiency
Related to PM-27284
* feat(dirt): add saveApplicationReviewStatus$ to orchestrator
Implement method to save application review status and critical flags.
Updates all applications where reviewedDate === null to set current date,
and marks selected applications as critical.
- Add saveApplicationReviewStatus$() method
- Add _updateReviewStatusAndCriticalFlags() helper
- Uses existing encryption and API update patterns
- Single API call for both review status and critical flags
- Follows same pattern as saveCriticalApplications$()
Related to PM-27284
* feat(dirt): expose newApplications$ in data service
Expose orchestrator's newApplications$ observable and save method
through RiskInsightsDataService facade. Maintains clean separation
between orchestrator (business logic) and components (UI).
- Expose newApplications$ observable
- Expose saveApplicationReviewStatus() delegation method
- Maintains facade pattern consistency
Related to PM-27284
* feat(dirt): make AllActivitiesService reactive to new applications
Update AllActivitiesService to subscribe to orchestrator's newApplications$
observable instead of receiving data through summary updates.
- Subscribe to dataService.newApplications$ in constructor
- Add setNewApplications() helper method
- Remove newApplications update from setAllAppsReportSummary()
- New applications now update reactively when review status changes
Related to PM-27284
* feat(dirt): connect dialog to review status save method
Update NewApplicationsDialogComponent to call the data service's
saveApplicationReviewStatus method when marking applications as critical.
- Inject RiskInsightsDataService
- Replace placeholder onMarkAsCritical() with real implementation
- Handle success/error cases with appropriate toast notifications
- Close dialog on successful save
- Show different messages based on whether apps were marked critical
Related to PM-27284
* feat(dirt): add i18n strings for application review
Add internationalization strings for the new applications review dialog
success and error messages.
- applicationReviewSaved: Success toast title
- applicationsMarkedAsCritical: Success message when apps marked critical
- newApplicationsReviewed: Success message when apps reviewed only
- errorSavingReviewStatus: Error toast title
- pleaseTryAgain: Error toast message
Related to PM-27284
* fix(dirt): add subscription cleanup to AllActivitiesService
Critical fix for production code quality and memory leak prevention.
Adds takeUntil pattern to all subscriptions to comply with ADR-0003
(Observable Data Services) requirements.
**Subscription Cleanup (ADR-0003 Compliance):**
- Add takeUntil pattern to AllActivitiesService subscriptions
- Add _destroy$ Subject and destroy() method
- Prevents memory leaks by properly unsubscribing from observables
- Follows Observable Data Services ADR requirements
Changes:
- Import Subject and takeUntil from rxjs
- Add private _destroy$ Subject for cleanup coordination
- Apply takeUntil(this._destroy$) to all 3 subscriptions:
- enrichedReportData$ subscription
- criticalReportResults$ subscription
- newApplications$ subscription
- Add destroy() method for proper resource cleanup
This ensures proper resource cleanup and follows Bitwarden's
architectural decision records for observable management.
Related to PM-27284
* fix(dirt): replace manual takeUntil with takeUntilDestroyed in AllActivitiesService
Fixes critical memory leak by replacing manual subscription cleanup
with Angular's automatic DestroyRef-based cleanup pattern.
**Changes:**
- Replace `takeUntil(this._destroy$)` with `takeUntilDestroyed()` for all 3 subscriptions
- Remove unused `_destroy$` Subject and manual `destroy()` method
- Update imports to use `@angular/core/rxjs-interop`
**Why:**
- Manual `destroy()` method was never called anywhere in codebase
- Subscriptions accumulated without cleanup, causing memory leaks
- `takeUntilDestroyed()` uses Angular's DestroyRef for automatic cleanup
- Aligns with ADR-0003 and .claude/CLAUDE.md requirements
**Impact:**
- Automatic subscription cleanup when service context is destroyed
- Prevents memory leaks during hot module reloads and route changes
- Reduces code complexity (no manual lifecycle management needed)
Related to PM-27284
* refactor(dirt): remove newApplications from OrganizationReportSummary
Removes redundant newApplications field from summary type and uses
derived newApplications$ observable from orchestrator instead.
**Changes:**
- Remove newApplications from OrganizationReportSummary type definition
- Remove dummy data array from RiskInsightsReportService.getApplicationsSummary()
- Remove newApplications subscription from AllActivitiesService
- Update AllActivityComponent to subscribe directly to dataService.newApplications$
**Why:**
- Eliminates data redundancy (stored vs derived)
- newApplications$ already computes from applicationData.reviewedDate === null
- Single source of truth: applicationData is the source
- Simplifies encrypted payload (less data in summary)
- Better separation: stored data (counts) vs computed data (lists)
**Impact:**
- No functional changes - UI continues to display new applications correctly
- Cleaner architecture with computed observable pattern
* cleanup
* fix(dirt): improve dialog type safety and error logging
Addresses critical PR review issues in NewApplicationsDialogComponent:
**Type Safety:**
- Replace unsafe type casting `(this as any).dialogRef` with proper DialogRef injection
- Inject DialogRef<boolean | undefined> using Angular's inject() function
- Ensures type safety and prevents runtime errors from missing dialogRef
**Error Handling:**
- Add LogService to dialog component
- Log errors with "[NewApplicationsDialog]" for debugging
- Maintain user-facing error toast while adding server-side logging
**Impact:**
- Eliminates TypeScript safety bypasses
- Improves production debugging capabilities
- Follows Angular dependency injection best practices
* fixing mock data and test cases for new apps
* feat(dirt): create assign tasks view component
Create standalone view component for task assignment UI that can be
embedded within dialogs or other containers.
- Add AssignTasksViewComponent with signal-based inputs/outputs
- Use input.required<number>() for selectedApplicationsCount
- Use output<void>() for tasksAssigned and back events
- Implement task calculation using SecurityTasksApiService
- Add onAssignTasks() method with loading state and error handling
- Include task summary card UI matching password-change-metric style
- Add proper subscription cleanup with takeUntilDestroyed (ADR-0003)
- Buttons included in component template (not dialog footer)
- Component retrieves organizationId from route params
Related to PM-27619
* refactor(dirt): add multi-view state management to new applications dialog
Add view state const object and properties to support toggling between
application selection and embedded assign tasks component.
- Add DialogView const object with SelectApplications and AssignTasks states (ADR-0025)
- Add DialogView type for type safety
- Add currentView property to track active view
- Import AssignTasksViewComponent for embedded use
- Add isCalculatingTasks loading state
- Inject AllActivitiesService and SecurityTasksApiService for task checking
- Implement OnInit with organizationId retrieval from route params
- Add proper subscription cleanup with takeUntilDestroyed (ADR-0003)
- Expose DialogView constants to template
Related to PM-27619
* feat(dirt): integrate assign tasks view into dialog
Implement logic to embed AssignTasksViewComponent within dialog and
handle communication via event bindings.
- Update onMarkAsCritical to check for tasks before closing dialog
- Add checkForTasksToAssign() method using SecurityTasksApiService
- Conditionally transition to AssignTasks view when tasks are available
- Add onTasksAssigned() handler to close dialog after successful assignment
- Add onBack() handler to navigate back to SelectApplications view
- Add loading state guard to prevent double-click on Mark as Critical button
- Only show success toast and close dialog if no tasks to assign
Related to PM-27619
* feat(dirt): add embedded assign tasks view to dialog template
Update dialog template to conditionally render embedded
AssignTasksViewComponent using @if directive.
- Add conditional rendering for SelectApplications and AssignTasks views
- Update dialog title dynamically based on currentView
- Embed dirt-assign-tasks-view component in AssignTasks view
- Pass selectedApplicationsCount via input binding
- Listen to tasksAssigned and back output events
- Show footer buttons only for SelectApplications view
- Add loading and disabled states to Mark as Critical button
- Change Cancel button to not auto-close (user must navigate)
Related to PM-27619
* feat(dirt): add i18n keys for assign tasks view
Add localized strings for embedded assign tasks view component.
* resolve organizationId and DI issues in assign tasks flow
- Pass organizationId via dialog data to prevent async race conditions
- Pass organizationId as input to AssignTasksViewComponent (embedded components can't access route params)
- Add DefaultAdminTaskService to component providers to fix NullInjectorError
- Remove unnecessary route subscription from embedded component
- Follow password-change-metric.component.ts pattern for consistency
- Add detailed comments explaining architectural decisions and bug fixes
* cleanup styling
* refactor(dirt): remove newApplications validation from OrganizationReportSummary type guard
Removes redundant newApplications field validation from the
OrganizationReportSummary type guard and related test cases.
**Changes:**
- Remove "newApplications" from allowed keys in isOrganizationReportSummary()
- Remove newApplications array validation logic
- Remove newApplications validation from validateOrganizationReportSummary()
- Remove 2 test cases for newApplications validation
- Remove newApplications field from 8 test data objects
**Rationale:**
The newApplications field was removed from OrganizationReportSummary type
definition because it's derived data that can be calculated from
applicationData (filtering where reviewedDate === null). The data is now
accessed via the reactive newApplications$ observable instead of being
stored redundantly in the summary object.
**Impact:**
- No functional changes - UI continues to display new applications via observable
- Type guard now correctly validates the actual OrganizationReportSummary structure
- Eliminates data redundancy and maintains single source of truth
- All 43 tests passing
* improve assign tasks view display
- Remove illustration/preview section (mailbox icon and prompt text)
- Show unique member count instead of calculated task count
- Use reportSummary.totalCriticalAtRiskMemberCount from AllActivitiesService
- Remove unused SecurityTasksApiService dependency
- Follow same pattern as all-activity.component.ts for consistency
* logic to fetch totals and new styling
* Fix review applications review view and assign view flow
* Fix null type checks
* refactor assign tasks dialog: use callout component, add video, fix OnPush, improve error handling
* Add columns, description, search, and bulk select to new applications dialog
* Add count placeholder for critical applications marked message
* Address claude comments
---------
Co-authored-by: Tom <ttalty@bitwarden.com>
Co-authored-by: Leslie Tilton <23057410+Banrion@users.noreply.github.com>
Co-authored-by: maxkpower <mpower@bitwarden.com>
