* Migrate create and edit operations to use SDK for ciphers
* WIP: Adds admin call to edit ciphers with SDK
* Add client version to SDK intialization settings
* Remove console.log statements
* Adds originalCipherId and collectionIds to updateCipher
* Update tests for new cipehrService interfaces
* Rename SdkCipherOperations feature flag
* Add call to Admin edit SDK if flag is passed
* Add tests for SDK path
* Revert changes to .npmrc
* Remove outdated comments
* Fix feature flag name
* Fix UUID format in cipher.service.spec.ts
* Update calls to cipherService.updateWithServer and .createWithServer to new interface
* Update CLI and Desktop to use new cipherSErvice interfaces
* Fix tests for new cipherService interface change
* Bump sdk-internal and commercial-sdk-internal versions to 0.2.0-main.439
* Fix linting errors
* Fix typescript errors impacted by this chnage
* Fix caching issue on browser extension when using SDK cipher ops.
* Remove commented code
* Fix bug causing race condition due to not consuming / awaiting observable.
* Add missing 'await' to decrypt call
* Clean up unnecessary else statements and fix function naming
* Add comments for this.clearCache
* Add tests for SDK CipherView conversion functions
* Replace sdkservice with cipher-sdk.service
* Fix import issues in browser
* Fix import issues in cli
* Fix type issues
* Fix type issues
* Fix type issues
* Fix test that fails sporadically due to timing issue
* PM-13632: Enable sign in with passkeys in the browser extension
* Refactor component + Icon fix
This commit refactors the login-via-webauthn commit as per @JaredSnider-Bitwarden suggestions. It also fixes an existing issue where Icons are not displayed properly on the web vault.
Remove old one.
Rename the file
Working refactor
Removed the icon from the component
Fixed icons not showing. Changed layout to be 'embedded'
* Add tracking links
* Update app.module.ts
* Remove default Icons on load
* Remove login.module.ts
* Add env changer to the passkey component
* Remove leftover dependencies
* PRF Unlock
Cleanup and testes
* Workaround prf type missing
* Fix any type
* Undo accidental cleanup to keep PR focused
* Undo accidental cleanup to keep PR focused
* Cleaned up public interface
* Use UserId type
* Typed UserId and improved isPrfUnlockAvailable
* Rename key and use zero challenge array
* logservice
* Cleanup rpId handling
* Refactor to separate component + icon
* Moved the prf unlock service impl.
* Fix broken test
* fix tests
* Use isChromium
* Update services.module.ts
* missing , in locales
* Update desktop-lock-component.service.ts
* Fix more desktoptests
* Expect a single UnlockOption from IdTokenResponse, but multiple from sync
* Missing s
* remove catches
* Use new control flow in unlock-via-prf.component.ts
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* Changed throw behaviour of unlockVaultWithPrf
* remove timeout comment
* refactired webauthm-prf-unlock.service internally
* WebAuthnPrfUnlockServiceAbstraction -> WebAuthnPrfUnlockService
* Fixed any and bad import
* Fix errors after merge
* Added missing PinServiceAbstraction
* Fixed format
* Removed @Inject()
* Fix broken tests after Inject removal
* Return userkey instead of setting it
* Used input/output signals
* removed duplicate MessageSender registration
* nit: Made import relative
* Disable onPush requirement because it would need refactoring the component
* Added feature flag (#17494)
* Fixed ById from main
* Import feature flag from file
* Add missing test providers for MasterPasswordLockComponent
Add WebAuthnPrfUnlockService and DialogService mocks to fix test failures
caused by UnlockViaPrfComponent dependencies.
---------
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* Support v2 encryption for JIT Password signups
* TDE set master password split
* update sdk-internal dependency
* moved encryption v2 to InitializeJitPasswordUserService
* remove account cryptographic state legacy states from #18164
* legacy state comments
* sdk update
* unit test coverage
* consolidate do SetInitialPasswordService
* replace legacy master key with setLegacyMasterKeyFromUnlockData
* typo
* web and desktop overrides with unit tests
* early return
* compact validation
* simplify super prototype
* Fix master key not being set to state after kdf update
* Fix cli build
* Fix test error
* Fix hash purpose
* Add test for master key being set
* Fix incorrect variable name
* [PM-29138] fix defect with pricing service on self host
* use iscloud instead of manually checking region
* fixing strict compile issues
* spacing updates from design review
* final spacing edits
* pr feedback
* typechecking
* enforce session timeout policy
* better angular validation
* lint fix
* missing switch break
* fallback when timeout not supported with highest available timeout
* failing unit tests
* incorrect policy message
* vault timeout type adjustments
* fallback to "on browser refresh" for browser, when policy is set to "on system locked", but not available (Safari)
* docs, naming improvements
* fallback for current user session timeout to "on refresh", when policy is set to "on system locked", but not available.
* don't display policy message when the policy does not affect available timeout options
* 8 hours default when changing from non-numeric timeout to Custom.
* failing unit test
* missing locales, changing functions access to private, docs
* removal of redundant magic number
* missing await
* await once for available timeout options
* adjusted messaging
* unit test coverage
* vault timeout numeric module exports
* unit test coverage
* Implement automatic kdf upgrades
* Fix kdf config not being updated
* Update legacy kdf state on master password unlock sync
* Fix cli build
* Fix
* Deduplicate prompts
* Fix dismiss time
* Fix default kdf setting
* Fix build
* Undo changes
* Fix test
* Fix prettier
* Fix test
* Update libs/angular/src/key-management/encrypted-migration/encrypted-migrations-scheduler.service.ts
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Update libs/common/src/key-management/master-password/abstractions/master-password.service.abstraction.ts
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Update libs/angular/src/key-management/encrypted-migration/encrypted-migrations-scheduler.service.ts
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Only sync when there is at least one migration
* Relative imports
* Add tech debt comment
* Resolve inconsistent prefix
* Clean up
* Update docs
* Use default PBKDF2 iteratinos instead of custom threshold
* Undo type check
* Fix build
* Add comment
* Cleanup
* Cleanup
* Address component feedback
* Use isnullorwhitespace
* Fix tests
* Allow migration only on vault
* Fix tests
* Run prettier
* Fix tests
* Prevent await race condition
* Fix min and default values in kdf migration
* Run sync only when a migration was run
* Update libs/common/src/key-management/encrypted-migrator/default-encrypted-migrator.ts
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Fix link not being blue
* Fix later button on browser
---------
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* add handler for new policy sync push notification
* fix story book build failure
* move logic into policy service, fix tests
* add account service
* add missing service to clie
* feat(user-decryption-options) [PM-26413]: Update UserDecryptionOptionsService and tests to use UserId-only APIs.
* feat(user-decryption-options) [PM-26413]: Update InternalUserDecryptionOptionsService call sites to use UserId-only API.
* feat(user-decryption-options) [PM-26413] Update userDecryptionOptions$ call sites to use the UserId-only API.
* feat(user-decryption-options) [PM-26413]: Update additional call sites.
* feat(user-decryption-options) [PM-26413]: Update dependencies and an additional call site.
* feat(user-verification-service) [PM-26413]: Replace where allowed by unrestricted imports invocation of UserVerificationService.hasMasterPassword (deprecated) with UserDecryptionOptions.hasMasterPasswordById$. Additional work to complete as tech debt tracked in PM-27009.
* feat(user-decryption-options) [PM-26413]: Update for non-null strict adherence.
* feat(user-decryption-options) [PM-26413]: Update type safety and defensive returns.
* chore(user-decryption-options) [PM-26413]: Comment cleanup.
* feat(user-decryption-options) [PM-26413]: Update tests.
* feat(user-decryption-options) [PM-26413]: Standardize null-checking on active account id for new API consumption.
* feat(vault-timeout-settings-service) [PM-26413]: Add test cases to illustrate null active account from AccountService.
* fix(fido2-user-verification-service-spec) [PM-26413]: Update test harness to use FakeAccountService.
* fix(downstream-components) [PM-26413]: Prefer use of the getUserId operator in all authenticated contexts for user id provided to UserDecryptionOptionsService.
---------
Co-authored-by: bnagawiecki <107435978+bnagawiecki@users.noreply.github.com>
* feat: add support for IPC client managed session storage
* feat: update SDK
* fix: using undecorated service in jslib module directly
* feat: add test case for web
* chore: document why we use any type
* fix: `ipc` too short
* typo: omg
* Revert "typo: omg"
This reverts commit 559b05eb5a.
* Revert "fix: `ipc` too short"
This reverts commit 35fc99e10b.
* fix: use camelCase
* Remove internal use of getUserKey in the key service
* Move ownership of RotateableKeySet and remove usage of getUserKey
* Add input validation to createKeySet
* [PM-24469] Refactor CipherViewComponent to use Angular signals and computed properties for improved reactivity
* [PM-24469] Refactor CipherViewComponent to utilize Angular signals for organization data retrieval
* [PM-24469] Refactor CipherViewComponent to utilize Angular signals for folder data retrieval
* [PM-24469] Cleanup organization signal
* [PM-24469] Refactor CipherViewComponent to replace signal for card expiration with computed property
* [PM-24469] Improve collections loading in CipherViewComponent
* [PM-24469] Remove redundant loadCipherData method
* [PM-24469] Refactor CipherViewComponent to replace signal with computed property for pending change password tasks
* [PM-24469] Refactor LoginCredentialsViewComponent to rename hadPendingChangePasswordTask to showChangePasswordLink for clarity
* [PM-24469] Introduce showChangePasswordLink computed property for improved readability
* [PM-24469] Initial RI for premium logic
* [PM-24469] Refactor checkPassword risk checking logic
* [PM-24469] Cleanup premium check
* [PM-24469] Cleanup UI visuals
* [PM-24469] Fix missing typography import
* [PM-24469] Cleanup docs
* [PM-24469] Add feature flag
* [PM-24469] Ensure password risk check is only performed when the feature is enabled, and the cipher is editable by the user, and it has a password
* [PM-24469] Refactor password risk evaluation logic and add unit tests for risk assessment
* [PM-24469] Fix mismatched CipherId type
* [PM-24469] Fix test dependencies
* [PM-24469] Fix config service mock in emergency view dialog spec
* [PM-24469] Wait for decrypted vault before calculating cipher risk
* [PM-24469] startWith(false) for passwordIsAtRisk signal to avoid showing stale values when cipher changes
* [PM-24469] Exclude organization owned ciphers from JIT risk analysis
* [PM-24469] Add initial cipher-view component test boilerplate
* [PM-24469] Add passwordIsAtRisk signal tests
* [PM-24469] Ignore soft deleted items for RI for premium feature
* [PM-24469] Fix tests
Creates a `PremiumInterestStateService` that manages state which conveys whether or not a user intends to setup a premium subscription. Implemented in Web only. No-op for other clients.
This will apply for users who began the registration process on https://bitwarden.com/go/start-premium/, which is a marketing page designed to streamline users who intend to setup a premium subscription after registration.
* feature flag
* new upgrade dialog component and moved pricing service into libs
first draft
* moved pricing service to libs/common
removed toast service from the pricing service and implemented error handling in calling components
# Conflicts:
# apps/web/src/app/billing/individual/upgrade/upgrade-payment/upgrade-payment.component.ts
* moved new premium upgrade dialog component to libs/angular
* badge opens new dialog in browser extension
* adds new dialog to desktop and fixes tests
* updates send dropdown to use premium prompt service
* styling and copy updates
* implement in web and desktop
* unit tests
* converting premium reports to use premium badge, and some cleanup
* fixes issue after merge
* linter errors
* pr feedback
* handle async promise correctly
* full sync after the premium upgrade is complete
* fixing test
* add padding to bottom of card in new dialog
* add support for self hosting
* fixing tests
* fix test
* Update has-premium.guard.ts
* pr feedback
* fix build and pr feedback
* fix build
* prettier
* fixing stories and making badge line height consistent
* pr feedback
* updated upgrade dialog to no longer use pricing card
* fixing incorrect markup and removing unused bits
* formatting
* pr feedback
removing unused message keys and adding back in code that was erroneously removed
* change detection
* close dialog when error
* claude pr feedback
* feat: ban urls not using https
* feat: add exception for dev env
* feat: block fetching of insecure URLs
* feat: add exception for dev env
* feat: block notifications from using insecure URL
* fix: bug where submission was possible regardless of error
* feat: add exception for dev env
* fix: missing constructor param
* use PureCrypto in master password service decryptUserKeyWithMasterKey
* test for legacy AES256-CBC
* update SDK version to include the `PureCrypto.decrypt_user_key_with_master_key`
* change from integration to unit tests, use fake state provider
* feat(policies): Add URI Match Default Policy enum
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* feat(policies): Add logic to read and set the default from policy data
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* In settings, set default, disable select and display hint
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Move applyUriMatchPolicy to writeValue function
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Remove code to disable individual options because we're disabling the entire select
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* WiP move resolved defaultUriMatch to Domain Settings Service
* Merge branch 'main' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'main' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'main' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'main' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'main' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'main' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Address local test failures related to null observables
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* add missing services
* Fix test to use new resolvedDefaultUriMatchStrategy$
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Move definition of defaultMatchDetection$ out of constructor
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Update cipher form story to use resolvedDefaultUriMatchStrategy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'pm-19310-uri-match-policy' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Fix incomplete storybook mock in cipher form stories
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Add I18n key description
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Add comment regarding potential memory leak in domain settings service
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Add explicit check for null policy data
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Add explicit check for undefined policy data
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'pm-19310-uri-match-policy' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Add shareReplay to address potential memory leak
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'pm-19310-uri-match-policy' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'main' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Remove outdated comment
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Improve type safety/validation and null checks in DefaultDomainSettingsService
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
---------
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
Co-authored-by: Jonathan Prusik <jprusik@classynemesis.com>
* fix(auth-tech-debt): [PM-24103] Remove Get User Key to UserKey$ - Fixed and updated tests.
* fix(auth-tech-debt): [PM-24103] Remove Get User Key to UserKey$ - Fixed test variable being made more vague.
• prefer undefined over null
• obtain required UserId once per method, before branching
• guards moved to beginning of methods
* lift UserId retrieval to occur once during import
* remove redundant userId retrieval
* feat(two-factor-api-service) [PM-26465]: Add TwoFactorApiServiceAbstraction.
* feat(two-factor-api-service) [PM-26465]: Add TwoFactorApiService implementation.
* feat(two-factor-api-service) [PM-26465]: Add test suite for TwoFactorApiService.
* feat(two-factor-api-service) [PM-26465]: Replace ApiService dependencies with TwoFactorApiService for all refactored methods.
* feat(two-factor-api-service) [PM-26465]: Finish removal of Two-Factor API methods from ApiService.
* fix(two-factor-api-service) [PM-26465]: Correct endpoint spelling.
* feat(two-factor-api-service) [PM-26465]: Update dependency support for CLI.
* fix(two-factor-api-service) [PM-26465]: Update tests/deps for corrected spelling.
* feat(two-factor-api-service) [PM-26465]: Add TwoFactorApiService to Browser services module.
* fix(two-factor-api-service) [PM-26465]: Re-spell dependencies to take *Abstraction throughout, move to JslibServices module for cleaner importing across clients.
* feat(two-factor-api-service) [PM-26465]: Move new services to a feature area, rename abstract and concrete/default.
* feat(two-factor-api-service) [PM-26465]: Move the feature area to common/auth, not auth/common.
* feat(two-factor-api-service) [PM-26465]: Remove now-unneeded include from auth/tsconfig.
* removing unused properties from org metadata
* removing further properties from the response and replacing them with data already available
* [PM-25379] new org metadata service for new endpoint
* don't need strict ignore
* forgot unit tests
* added cache busting to metadata service
not used yet - waiting for a decision on moving a portion of this to AC
* PM-22661 - Start bringing in code from original PR
* PM-22661 - SendTokenService - implement and test hash send password
* PM-22661 - Starting to pull in SDK state to SendTokenService
* PM-22661 - WIP on default send token service
* PM-22661 - Build out TS helpers for TryGetSendAccessTokenError
* PM-22661 - WIP
* PM-22661 - Decent progress on getting _tryGetSendAccessToken wired up
* PM-22661 - Finish service implementation (TODO: test)
* PM-22661 - DefaultSendTokenService - clear expired tokens
* PM-22661 - SendTokenService - tests for tryGetSendAccessToken$
* PM-22661 - DefaultSendTokenService - more tests.
* PM-22661 - Refactor to create domain facing type for send access creds so we can internally map to SDK models instead of exposing them.
* PM-22661 - DefaultSendTokenService tests - finish testing error scenarios
* PM-22661 - SendAccessToken - add threshold to expired check to prevent tokens from expiring in flight
* PM-22661 - clean up docs and add invalidateSendAccessToken
* PM-22661 - Add SendAccessToken tests
* PM-22661 - Build out barrel files and provide send token service in jslib-services.
* PM-22661 - Improve credential validation and test the scenarios
* PM-22661 - Add handling for otp_generation_failed
* PM-22661 - npm i sdk version 0.2.0-main.298 which has send access client stuff
* PM-22661 - Bump to latest sdk changes for send access for testing.
* PM-22661 - fix comment to be accurate
* PM-22661 - DefaultSendTokenService - hashSendPassword - to fix compile time error with passing a Uint8Array to Utils.fromBufferToB64, add new overloads to Utils.fromBufferToB64 to handle ArrayBuffer and ArrayBufferView (to allow for Uint8Arrays). Then, test new scenarios to ensure feature parity with old fromBufferToB64 method.
* PM-22661 - Utils.fromBufferToB64 - remove overloads so ordering doesn't break test spies.
* PM-22661 - utils.fromBufferToB64 - re-add overloads to see effects on tests
* PM-22661 - revert utils changes as they will be done in a separate PR.
* PM-22661 - SendTokenService tests - test invalidateSendAccessToken
* PM-22661 - DefaultSendTokenService - add some storage layer tests
* PM-22661 - Per PR feedback fix comment
* PM-22661 - Per PR feedback, optimize writes to state for send access tokens with shouldUpdate.
* PM-22661 - Per PR feedback, update clear to be immutable vs delete (mutation) based.
* PM-22661 - Per PR feedback, re-add should update for clear method.
* PM-22661 - Update libs/common/src/auth/send-access/services/default-send-token.service.ts
Co-authored-by: rr-bw <102181210+rr-bw@users.noreply.github.com>
* PM-22661 - Update libs/common/src/auth/send-access/services/default-send-token.service.ts
Co-authored-by: rr-bw <102181210+rr-bw@users.noreply.github.com>
* PM-22661 - Update libs/common/src/auth/send-access/services/default-send-token.service.ts
Co-authored-by: rr-bw <102181210+rr-bw@users.noreply.github.com>
---------
Co-authored-by: rr-bw <102181210+rr-bw@users.noreply.github.com>
On Web and Desktop, show back button on `NewDeviceVerificationComponent` (route `/device-verification`). Do not show it on Extension, because Extension already has a back button in the header.
* Use payment domain
* Fixing lint and test issue
* Fix organization plans tax issue
* PM-26297: Use existing billing address for tax calculation if it exists
* PM-26344: Check existing payment method on submit
* refactor `canInteract` into a component level usage.
- The default service is going to be used in the CLI which won't make use of the UI-related aspects
* all nested entities to be imported from the vault
* initial add of archive command to the cli
* add archive to oss serve
* check for deleted cipher when attempting to archive
* add searchability/list functionality for archived ciphers
* restore an archived cipher
* unarchive a cipher when a user is editing it and has lost their premium status
* add missing feature flags
* re-export only needed services from the vault
* add needed await
* add prompt when applicable for editing an archived cipher
* move cipher archive service into `common/vault`
* fix testing code
If a user is part of an org that has the `RequireSso` policy, when that user successfully logs in we add their email to a local `ssoRequiredCache` on their device. The next time this user goes to the `/login` screen on this device, we will use that cache to determine that for this email we should only show the "Use single sign-on" button and disable the alternate login buttons.
These changes are behind the flag: `PM22110_DisableAlternateLoginMethods`
* [PM-19237] Add Archive Filter Type (#13852)
* Browser can archive and unarchive items
* Create Archive Cipher Service
* Add flag and premium permissions to Archive
---------
Co-authored-by: SmithThe4th <gsmith@bitwarden.com>
Co-authored-by: Shane <smelton@bitwarden.com>
Co-authored-by: Patrick Pimentel <ppimentel@bitwarden.com>
* encode username for uri and add spec
* verify response from getHibpBreach method
* test/validate for BreachAccountResponse type and length instead of mock response
* - extract dirt api method out of global api service
- create new directory structure
- change imports accordingly
- extract breach account response
- put extracted code into new dirt dir
* codeowners and dep injection for new hibp service
* Require userId for KdfConfigService
* cleanup KdfConfigService unit tests
* Move required userId for export request up to component/command level
* Fix service creation/dependency injection
* Revert changes to kdf-config.service.spec cause by a bad rebase
* Fix linting issue
* Fix tests caused by bad rebase
* Validate provided userId to equal the current active user
* Create tests for vault-export.service
Deleted old tests which since have been replaced with individual-vault-export.service.spec.ts
---------
Co-authored-by: Thomas Avery <tavery@bitwarden.com>
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
