* Implement automatic kdf upgrades
* Fix kdf config not being updated
* Update legacy kdf state on master password unlock sync
* Fix cli build
* Fix
* Deduplicate prompts
* Fix dismiss time
* Fix default kdf setting
* Fix build
* Undo changes
* Fix test
* Fix prettier
* Fix test
* Update libs/angular/src/key-management/encrypted-migration/encrypted-migrations-scheduler.service.ts
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Update libs/common/src/key-management/master-password/abstractions/master-password.service.abstraction.ts
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Update libs/angular/src/key-management/encrypted-migration/encrypted-migrations-scheduler.service.ts
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Only sync when there is at least one migration
* Relative imports
* Add tech debt comment
* Resolve inconsistent prefix
* Clean up
* Update docs
* Use default PBKDF2 iteratinos instead of custom threshold
* Undo type check
* Fix build
* Add comment
* Cleanup
* Cleanup
* Address component feedback
* Use isnullorwhitespace
* Fix tests
* Allow migration only on vault
* Fix tests
* Run prettier
* Fix tests
* Prevent await race condition
* Fix min and default values in kdf migration
* Run sync only when a migration was run
* Update libs/common/src/key-management/encrypted-migrator/default-encrypted-migrator.ts
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Fix link not being blue
* Fix later button on browser
---------
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* feat(user-decryption-options) [PM-26413]: Update UserDecryptionOptionsService and tests to use UserId-only APIs.
* feat(user-decryption-options) [PM-26413]: Update InternalUserDecryptionOptionsService call sites to use UserId-only API.
* feat(user-decryption-options) [PM-26413] Update userDecryptionOptions$ call sites to use the UserId-only API.
* feat(user-decryption-options) [PM-26413]: Update additional call sites.
* feat(user-decryption-options) [PM-26413]: Update dependencies and an additional call site.
* feat(user-verification-service) [PM-26413]: Replace where allowed by unrestricted imports invocation of UserVerificationService.hasMasterPassword (deprecated) with UserDecryptionOptions.hasMasterPasswordById$. Additional work to complete as tech debt tracked in PM-27009.
* feat(user-decryption-options) [PM-26413]: Update for non-null strict adherence.
* feat(user-decryption-options) [PM-26413]: Update type safety and defensive returns.
* chore(user-decryption-options) [PM-26413]: Comment cleanup.
* feat(user-decryption-options) [PM-26413]: Update tests.
* feat(user-decryption-options) [PM-26413]: Standardize null-checking on active account id for new API consumption.
* feat(vault-timeout-settings-service) [PM-26413]: Add test cases to illustrate null active account from AccountService.
* fix(fido2-user-verification-service-spec) [PM-26413]: Update test harness to use FakeAccountService.
* fix(downstream-components) [PM-26413]: Prefer use of the getUserId operator in all authenticated contexts for user id provided to UserDecryptionOptionsService.
---------
Co-authored-by: bnagawiecki <107435978+bnagawiecki@users.noreply.github.com>
* fix(auth-tech-debt): [PM-24103] Remove Get User Key to UserKey$ - Fixed and updated tests.
* fix(auth-tech-debt): [PM-24103] Remove Get User Key to UserKey$ - Fixed test variable being made more vague.
If a user is part of an org that has the `RequireSso` policy, when that user successfully logs in we add their email to a local `ssoRequiredCache` on their device. The next time this user goes to the `/login` screen on this device, we will use that cache to determine that for this email we should only show the "Use single sign-on" button and disable the alternate login buttons.
These changes are behind the flag: `PM22110_DisableAlternateLoginMethods`
* feat(notification-processing): [PM-19877] System Notification Implementation - Minor changes to popup logic and removed content in login component.
* docs(notification-processing): [PM-19877] System Notification Implementation - Added more docs.
* docs(notification-processing): [PM-19877] System Notification Implementation - Added markdown document.
* fix(notification-processing): [PM-19877] System Notification Implementation - Updated condition for if notification is supported.
* fix(notification-processing): [PM-19877] System Notification Implementation - Updated services module with correct platform utils service.
* Move pin service to km ownership
* Run format
* Eslint
* Fix tsconfig
* Fix imports and test
* Clean up imports
* Remove unused dependency on PinService
* Fix comments
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* fix:
- add auth request api call to desktop component v2
- move logic to auth request service
* test: added tests for new auth request service method
* feat(change-password-component): Change Password Update [18720] - Very close to complete.
* fix(policy-enforcement): [PM-21085] Fix Bug with Policy Enforcement - Removed temp code to force the state I need to verify correctness.
* fix(policy-enforcement): [PM-21085] Fix Bug with Policy Enforcement - Recover account working with change password component.
* fix(policy-enforcement): [PM-21085] Fix Bug with Policy Enforcement - Made code more dry.
* fix(change-password-component): Change Password Update [18720] - Updates to routing and the extension. Extension is still a wip.
* fix(change-password-component): Change Password Update [18720] - Extension routing changes.
* feat(change-password-component): Change Password Update [18720] - More extension work
* feat(change-password-component): Change Password Update [18720] - Pausing work for now while we wait for product to hear back.
* feat(change-password-component): Change Password Update [18720] - Removed duplicated anon layouts.
* feat(change-password-component): Change Password Update [18720] - Tidied up code.
* feat(change-password-component): Change Password Update [18720] - Small fixes to the styling
* feat(change-password-component): Change Password Update [18720] - Adding more content for the routing.
* feat(change-password-component): Change Password Update [18720] - Removed circular loop for now.
* feat(change-password-component): Change Password Update [18720] - Made comments regarding the change password routing complexities with change-password and auth guard.
* feat(change-password-component): Change Password Update [18720] - Undid some changes because they will be conflicts later on.
* feat(change-password-component): Change Password Update [18720] - Small directive change.
* feat(change-password-component): Change Password Update [18720] - Small changes and added some clarification on where I'm blocked
* feat(change-password-component): Change Password Update [18720] - Org invite is seemingly working, found one bug to iron out.
* refactor(change-password-component): Change Password Update [18720] - Fixed up policy service to be made more clear.
* docs(change-password-component): Change Password Update [18720] - Updated documentation.
* refactor(change-password-component): Change Password Update [18720] - Routing changes and policy service changes.
* fix(change-password-component): Change Password Update [18720] - Wrapping up changes.
* feat(change-password-component): Change Password Update [18720] - Should be working fully
* feat(change-password-component): Change Password Update [18720] - Found a bug, working on password policy being present on login.
* feat(change-password-component): Change Password Update [18720] - Turned on auth guard on other clients for change-password route.
* feat(change-password-component): Change Password Update [18720] - Committing intermediate changes.
* feat(change-password-component): Change Password Update [18720] - The master password policy endpoint has been added! Should be working. Testing now.
* feat(change-password-component): Change Password Update [18720] - Minor fixes.
* feat(change-password-component): Change Password Update [18720] - Undid naming change.
* feat(change-password-component): Change Password Update [18720] - Removed comment.
* feat(change-password-component): Change Password Update [18720] - Removed unneeded code.
* fix(change-password-component): Change Password Update [18720] - Took org invite state out of service and made it accessible.
* fix(change-password-component): Change Password Update [18720] - Small changes.
* fix(change-password-component): Change Password Update [18720] - Split up org invite service into client specific implementations and have them injected into clients properly
* feat(change-password-component): Change Password Update [18720] - Stopping work and going to switch to a new branch to pare down some of the solutions that were made to get this over the finish line
* feat(change-password-component): Change Password Update [18720] - Started to remove functionality in the login.component and the password login strategy.
* feat(change-password-component): Change Password Update [18720] - Removed more unneded changes.
* feat(change-password-component): Change Password Update [18720] - Change password clearing state working properly.
* fix(change-password-component): Change Password Update [18720] - Added docs and moved web implementation.
* comments(change-password-component): Change Password Update [18720] - Added more notes.
* test(change-password-component): Change Password Update [18720] - Added in tests for policy service.
* comment(change-password-component): Change Password Update [18720] - Updated doc with correct ticket number.
* comment(change-password-component): Change Password Update [18720] - Fixed doc.
* test(change-password-component): Change Password Update [18720] - Fixed tests.
* test(change-password-component): Change Password Update [18720] - Fixed linting errors. Have more tests to fix.
* test(change-password-component): Change Password Update [18720] - Added back in ignore for typesafety.
* fix(change-password-component): Change Password Update [18720] - Fixed other type issues.
* test(change-password-component): Change Password Update [18720] - Fixed tests.
* test(change-password-component): Change Password Update [18720] - Fixed more tests.
* test(change-password-component): Change Password Update [18720] - Fixed tiny duplicate code.
* fix(change-password-component): Change Password Update [18720] - Fixed desktop component.
* fix(change-password-component): Change Password Update [18720] - Removed unused code
* fix(change-password-component): Change Password Update [18720] - Fixed locales.
* fix(change-password-component): Change Password Update [18720] - Removed tracing.
* fix(change-password-component): Change Password Update [18720] - Removed duplicative services module entry.
* fix(change-password-component): Change Password Update [18720] - Added comment.
* fix(change-password-component): Change Password Update [18720] - Fixed unneeded call in two factor to get user id.
* fix(change-password-component): Change Password Update [18720] - Fixed a couple of tiny things.
* fix(change-password-component): Change Password Update [18720] - Added comment for later fix.
* fix(change-password-component): Change Password Update [18720] - Fixed linting error.
* PM-18720 - AuthGuard - move call to get isChangePasswordFlagOn down after other conditions for efficiency.
* PM-18720 - PasswordLoginStrategy tests - test new feature flagged combine org invite policies logic for weak password evaluation.
* PM-18720 - CLI - fix dep issue
* PM-18720 - ChangePasswordComp - extract change password warning up out of input password component
* PM-18720 - InputPassword - remove unused dependency.
* PM-18720 - ChangePasswordComp - add callout dep
* PM-18720 - Revert all anon-layout changes
* PM-18720 - Anon Layout - finish reverting changes.
* PM-18720 - WIP move of change password out of libs/auth
* PM-18720 - Clean up remaining imports from moving change password out of libs/auth
* PM-18720 - Add change-password barrel file for better import grouping
* PM-18720 - Change Password comp - restore maxWidth
* PM-18720 - After merge, fix errors
* PM-18720 - Desktop - fix api service import
* PM-18720 - NDV - fix routing.
* PM-18720 - Change Password Comp - add logout service todo
* PM-18720 - PasswordSettings - per feedback, component is already feature flagged behind PM16117_ChangeExistingPasswordRefactor so we can just delete the replaced callout (new text is in change-password comp)
* PM-18720 - Routing Modules - properly flag new component behind feature flag.
* PM-18720 - SSO Login Strategy - fix config service import since it is now in shared deps from main merge.
* PM-18720 - Fix SSO login strategy tests
* PM-18720 - Default Policy Service - address AC PR feedback
---------
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
When a user logs in via SSO after their org has offboarded from TDE, we now show them a helpful error message stating that they must either login on a Trusted device, or ask their admin to assign them a password.
Feature flag: `PM16117_SetInitialPasswordRefactor`
* feat: Create methods for calling GET auth-request/pending endpoint.
* feat: update banner service on web, and desktop vault
* test: updated banner test to use auth request services
* fix: DI fixes
* feat: add RequestDeviceId to AuthRequestResponse
* fix: add Browser Approvals feature flags to desktop vault and web vault banner service
* test: fix tests for feature flag
* PM-19555 - LogoutService - build abstraction, default, and extension service and register with service modules
* PM-19555 - Lock Comp - use logoutService
* PM-19555 - LoginDecryptionOptions - Use logout service which removed need for extension-login-decryption-options.service
* PM-19555 - AccountSwitcher logic update - (1) Use logout service + redirect guard routing (2) Remove logout method from account switcher service (3) use new NewActiveUser type
* PM-19555 - Extension - Acct Switcher comp - clean up TODOs
* PM-19555 - Add TODOs for remaining tech debt
* PM-19555 - Add tests for new logout services.
* PM-19555 - Extension - LoginInitiated - show acct switcher b/c user is AuthN
* PM-19555 - Add TODO to replace LogoutCallback with LogoutService
* PM-19555 WIP
* PM-19555 - Extension App Comp - account switching to account in TDE locked state works now.
* PM-19555 - Extension App Comp - add docs
* PM-19555 - Extension App Comp - add early return
* PM-19555 - Desktop App Comp - add handling for TDE lock case to switch account logic.
* PM-19555 - Extension - Account Component - if account unlocked go to vault
* PM-19555 - Per PR feedback, clean up unnecessary nullish coalescing operator.
* PM-19555 - Extension - AppComponent - fix everHadUserKey merge issue
* PM-19555 - PR feedback - refactor switchAccount and locked message handling on browser & desktop to require user id. I audited all callsites for both to ensure this *shouldn't* error.
* Add --identifier option for SSO on CLI
* Add option for identifier
* Moved auto-submit after the setting of client arguments
* Adjusted comment
* Changed to pass in as SSO option
* Renamed to orgSsoIdentifier for clarity
* Added more changes to orgSsoIdentifier.
* Moved saving of SSO email outside of browser/desktop code
* Clarified comments.
* Tests
* Refactored login component services to manage state
* Fixed input on login component
* Fixed tests
* Linting
* Moved web setting in state into web override
* updated tests
* Fixed typing.
* Fixed type safety issues.
* Added comments and renamed for clarity.
* Removed method parameters that weren't used
* Added clarifying comments
* Added more comments.
* Removed test that is not necessary on base
* Test cleanup
* More comments.
* Linting
* Fixed test.
* Fixed base URL
* Fixed typechecking.
* Type checking
* Moved setting of email state to default service
* Added comments.
* Consolidated SSO URL formatting
* Updated comment
* Fixed reference.
* Fixed missing parameter.
* Initialized service.
* Added comments
* Added initialization of new service
* Made email optional due to CLI.
* Fixed comment on handleSsoClick.
* Added SSO email persistence to v1 component.
* Updated login email service.
* Updated setting of remember me
* Removed unnecessary input checking and rearranged functions
* Fixed name
* Added handling of Remember Email to old component for passkey click
* Updated v1 component to persist the email on Continue click
* Fix merge conflicts.
* Merge conflicts in login component.
* Persisted login email on v1 browser component.
* Merge conflicts
* fix(snap) [PM-17464][PM-17463][PM-15587] Allow Snap to use custom callback protocol
* Removed Snap from custom protocol workaround
* Fixed tests.
* Updated case numbers on test
* Resolved PR feedback.
* PM-11502 - LoginEmailSvcAbstraction - mark methods as abstract to satisfy strict ts.
* Removed test
* Changed to persist on leaving fields instead of button click.
* Fixed type checking.
---------
Co-authored-by: Bernd Schoolmann <mail@quexten.com>
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
* feat(device-approval-persistence): [PM-19380] Device Approval Persistence - Added lookup on standard auth requests.
* fix(device-approval-persistence): [PM-19380] Device Approval Persistence - Fixed issue with null value trying to be parsed from the fromJSON function.
---------
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
* feat(device-approval-persistence): [PM-9112] Device Approval Persistence - Added in view cache data needed to persist the approval process. Clears after 2 minutes.
Refactor toast calls out of auth services. Toasts are now triggered by an observable emission that gets picked up by an observable pipeline in a new `DeviceTrustToastService` (libs/angular). That observable pipeline is then subscribed by by consuming the `AppComponent` for each client.
* PM-18654 - State Service & Login Strategy Refactor - move env seeding into login strategy so that new accounts always load w/ the correct environment
* PM-18654 - SSO Comp - just use user id from auth result
* PM-18654 - Config Service - (1) don't allow cascading calls to the renewConfig by using a private promise (2) Replace shareReplay with share configured with manual timer
* PM-18654 - LoginComponents - detail issue and possible fix
* PM-18654 - DesktopLoginV1Comp - use correct destroy hook
* PM-18654 - LoginComp - clean up no longer correct comment
* PM-18654 - New Device Verification Component - Remove unused PasswordLoginStrategy dependency
* PM-18654 - Browser Home Component - fix qParam logic
* PM-18654 - DefaultConfigService - revert changes as they aren't necessary to fix the bug.
* PM-18654 - DefaultConfigService - remove commented code
* PM-18654 - LoginStrategy - add comment
* PM-18654 - Fix login strat tests
* move vault timeout and vault timeout settings to km
* move browser vault timeout service to km
* fix cli import
* fix imports
* fix some relative imports
* use relative imports within common
* fix imports
* fix new imports
* Fix new imports
* fix spec imports
* Moved saving of SSO email outside of browser/desktop code
* Clarified comments.
* Tests
* Refactored login component services to manage state
* Fixed input on login component
* Fixed tests
* Linting
* Moved web setting in state into web override
* updated tests
* Fixed typing.
* Fixed type safety issues.
* Added comments and renamed for clarity.
* Removed method parameters that weren't used
* Added clarifying comments
* Added more comments.
* Removed test that is not necessary on base
* Test cleanup
* More comments.
* Linting
* Fixed test.
* Fixed base URL
* Fixed typechecking.
* Type checking
* Moved setting of email state to default service
* Added comments.
* Consolidated SSO URL formatting
* Updated comment
* Fixed reference.
* Fixed missing parameter.
* Initialized service.
* Added comments
* Added initialization of new service
* Made email optional due to CLI.
* Fixed comment on handleSsoClick.
* Added SSO email persistence to v1 component.
---------
Co-authored-by: Bernd Schoolmann <mail@quexten.com>
* PM-14445: TS strict for Key Management Biometrics
* formatting
* callbacks not null expectations
* state nullability expectations updates
* unit tests fix
* secure channel naming, explicit null check on messageId
* KM-14445: TS strict for Key Management, Keys and Lock component
* conflicts resolution, new strict check failures
* null simplifications
* migrate legacy encryption when no active user throw error instead of hiding it
* throw instead of return
* Move encrypt service to km ownership
* Update imports for encrypt service abstraction and move bulk encrypt service abstraction
* Fix imports
* Fix further imports
* Fix imports
* Fix worker import
Add device verification flow that requires users to enter an OTP when logging in from an unrecognized device. This includes:
- New device verification route and guard
- Email OTP verification component
- Authentication timeout handling
PM-8221
