* feat(user-decryption-options) [PM-26413]: Update UserDecryptionOptionsService and tests to use UserId-only APIs.
* feat(user-decryption-options) [PM-26413]: Update InternalUserDecryptionOptionsService call sites to use UserId-only API.
* feat(user-decryption-options) [PM-26413] Update userDecryptionOptions$ call sites to use the UserId-only API.
* feat(user-decryption-options) [PM-26413]: Update additional call sites.
* feat(user-decryption-options) [PM-26413]: Update dependencies and an additional call site.
* feat(user-verification-service) [PM-26413]: Replace where allowed by unrestricted imports invocation of UserVerificationService.hasMasterPassword (deprecated) with UserDecryptionOptions.hasMasterPasswordById$. Additional work to complete as tech debt tracked in PM-27009.
* feat(user-decryption-options) [PM-26413]: Update for non-null strict adherence.
* feat(user-decryption-options) [PM-26413]: Update type safety and defensive returns.
* chore(user-decryption-options) [PM-26413]: Comment cleanup.
* feat(user-decryption-options) [PM-26413]: Update tests.
* feat(user-decryption-options) [PM-26413]: Standardize null-checking on active account id for new API consumption.
* feat(vault-timeout-settings-service) [PM-26413]: Add test cases to illustrate null active account from AccountService.
* fix(fido2-user-verification-service-spec) [PM-26413]: Update test harness to use FakeAccountService.
* fix(downstream-components) [PM-26413]: Prefer use of the getUserId operator in all authenticated contexts for user id provided to UserDecryptionOptionsService.
---------
Co-authored-by: bnagawiecki <107435978+bnagawiecki@users.noreply.github.com>
* Remove internal use of getUserKey in the key service
* Move ownership of RotateableKeySet and remove usage of getUserKey
* Add input validation to createKeySet
If user's email is NOT in the ssoRequiredCache, pressing "enter" takes them to the MP login screen. If the user's email is in the ssoRequiredCache, pressing "enter" starts the SSO login process.
Feature Flags enabled: pm-22110-disable-alternate-login-methods
* feat: ban urls not using https
* feat: add exception for dev env
* feat: block fetching of insecure URLs
* feat: add exception for dev env
* feat: block notifications from using insecure URL
* fix: bug where submission was possible regardless of error
* feat: add exception for dev env
* fix: missing constructor param
When SSO is required:
- Make the SSO button primary
- Add a tooltip to the disabled buttons
When SSO is not required:
- SSO button remains secondary
- No tooltip on the buttons
Feature Flags enabled: pm-22110-disable-alternate-login-methods
* fix(auth-tech-debt): [PM-24103] Remove Get User Key to UserKey$ - Fixed and updated tests.
* fix(auth-tech-debt): [PM-24103] Remove Get User Key to UserKey$ - Fixed test variable being made more vague.
* feat(two-factor-api-service) [PM-26465]: Add TwoFactorApiServiceAbstraction.
* feat(two-factor-api-service) [PM-26465]: Add TwoFactorApiService implementation.
* feat(two-factor-api-service) [PM-26465]: Add test suite for TwoFactorApiService.
* feat(two-factor-api-service) [PM-26465]: Replace ApiService dependencies with TwoFactorApiService for all refactored methods.
* feat(two-factor-api-service) [PM-26465]: Finish removal of Two-Factor API methods from ApiService.
* fix(two-factor-api-service) [PM-26465]: Correct endpoint spelling.
* feat(two-factor-api-service) [PM-26465]: Update dependency support for CLI.
* fix(two-factor-api-service) [PM-26465]: Update tests/deps for corrected spelling.
* feat(two-factor-api-service) [PM-26465]: Add TwoFactorApiService to Browser services module.
* fix(two-factor-api-service) [PM-26465]: Re-spell dependencies to take *Abstraction throughout, move to JslibServices module for cleaner importing across clients.
* feat(two-factor-api-service) [PM-26465]: Move new services to a feature area, rename abstract and concrete/default.
* feat(two-factor-api-service) [PM-26465]: Move the feature area to common/auth, not auth/common.
* feat(two-factor-api-service) [PM-26465]: Remove now-unneeded include from auth/tsconfig.
Upgrade to the latest supported typescript version in Angular.
Resolved TS errors by:
- adding `: any` which is what the compiler previously implied and now warns about.
- adding `toJSON` to satisfy requirement.
On Web and Desktop, show back button on `NewDeviceVerificationComponent` (route `/device-verification`). Do not show it on Extension, because Extension already has a back button in the header.
If a user is part of an org that has the `RequireSso` policy, when that user successfully logs in we add their email to a local `ssoRequiredCache` on their device. The next time this user goes to the `/login` screen on this device, we will use that cache to determine that for this email we should only show the "Use single sign-on" button and disable the alternate login buttons.
These changes are behind the flag: `PM22110_DisableAlternateLoginMethods`
* feat(notification-processing): [PM-19877] System Notification Implementation - Implemented the full feature set for device approval from extension.
* test(notification-processing): [PM-19877] System Notification Implementation - Updated tests.
---------
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* added master password unlock and decryption option fields into identity token connect response
* incorrect master password unlock response parsing
* use sdk
* use sdk
* better type checking on response parsing
* not using sdk
* revert of bad merge conflicts
* revert of bad merge conflicts
* master password unlock setter in state
* unit test coverage for responses processing
* master password unlock in identity user decryption options
* unit test coverage
* unit test coverage
* unit test coverage
* unit test coverage
* lint error
* set master password unlock data in state on identity response and sync response
* revert change in auth's user decryption options
* remove unnecessary cast
* better docs
* change to relative imports
* MasterPasswordUnlockData serialization issue
* explicit undefined type for `syncUserDecryption`
* incorrect identity token response tests
Updates the copy on flows where the user is setting an initial password. Instead of saying "New master password" and "Confirm new master password", it should say "Master password" and "Confirm master password" for these flows.
* Passed in userId on RemovePasswordComponent.
* Added userId on other references to KeyConnectorService methods
* remove password component refactor, test coverage, enabled strict
* explicit user id provided to key connector service
* redirect to / instead when user not logged in or not managing organization
* key connector service explicit user id
* key connector service no longer requires account service
* key connector service missing null type
* cli convert to key connector unit tests
* remove unnecessary SyncService
* error toast not showing on ErrorResponse
* bad import due to merge conflict
* bad import due to merge conflict
* missing loading in remove password component for browser extension
* error handling in remove password component
* organization observable race condition in key-connector
* usesKeyConnector always returns boolean
* unit test coverage
* key connector reactive
* reactive key connector service
* introducing convertAccountRequired$
* cli build fix
* moving message sending side effect to sync
* key connector service unit tests
* fix unit tests
* move key connector components to KM team ownership
* new unit tests in wrong place
* key connector domain shown in remove password component
* type safety improvements
* convert to key connector command localization
* key connector domain in convert to key connector command
* convert to key connector command unit tests with prompt assert
* organization name placement change in the remove password component
* unit test update
* show key connector domain for new sso users
* confirm key connector domain page does not require auth guard
* confirm key connector domain page showing correctly
* key connector url required to be provided when migrating user
* missing locales
* desktop styling
* have to sync and navigate to vault after key connector keys exchange
* logging verbosity
* splitting the web client
* splitting the browser client
* cleanup
* splitting the desktop client
* cleanup
* cleanup
* not necessary if condition
* key connector domain tests fix for sso componrnt and login strategy
* confirm key connector domain base component unit tests coverage
* confirm key connector domain command for cli
* confirm key connector domain command for cli unit tests
* design adjustments
removed repeated text, vertical buttons on desktop, wrong paddings on browser extension
* key connector service unit test coverage
* new linting rules fixes
* accept invitation to organization called twice results in error.
Web vault remembers it's original route destination, which we do not want in case of accepting invitation and Key Connector, since provisioning new user through SSO and Key Connector, the user is already accepted.
* moved required key connector domain confirmation into state
* revert redirect from auth guard
* cleanup
* sso-login.strategy unit test failing
* two-factor-auth.component unit test failing
* two-factor-auth.component unit test coverage
* cli unit test failing
* removal of redundant logs
* removal of un-necessary new lines
* consolidated component
* consolidated component css cleanup
* use KdfConfig type
* consolidate KDF into KdfConfig type in identity token response
* moving KC requiresDomainConfirmation lower in order, after successful auth
* simplification of trySetUserKeyWithMasterKey
* redirect to confirm key connector route when locked but can't unlock yet
---------
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
* create libs/assets
* treeshake lib and filter out non-icons from icon story
* update docs
* fix icon colors in browser and desktop
* better name for vault icon
* move illustrations
* feat(notification-processing): [PM-19877] System Notification Implementation - Minor changes to popup logic and removed content in login component.
* docs(notification-processing): [PM-19877] System Notification Implementation - Added more docs.
* docs(notification-processing): [PM-19877] System Notification Implementation - Added markdown document.
* fix(notification-processing): [PM-19877] System Notification Implementation - Updated condition for if notification is supported.
* fix(notification-processing): [PM-19877] System Notification Implementation - Updated services module with correct platform utils service.
* Throw error if appA11yTitle is null in icon button
* Add required label input
* Fix icon button errors in CL components and storeis
* fix popover aria-label errors
* remove commented code
* add labels to icon buttons in browser
* add labels to icon buttons in web
* add labels to icon buttons in license
* add labels to icon buttons in send
* add labels to icon buttons in angular
* fix missing pipe error
* fix sso icon button missed in error
* update labels in vault
* add section expand button label
* Adding labels to icon buttons
* Add lint rule to not allow icon buttons without label input
* rename util file
* trigger updates on title change
* update eslint rule name and folder
* add edit collection label to vault headers
* fix web header story label
* add show/hide summary labels
* update summary message
* fix breadcrumbs label message
* fix JSDoc to use correct input
* remove commented code
* use label as aria-label always. Remove init function
* add moreBreadcrumbs translation message to other apps
* add @bitwarden/team-ui-foundation as code owner for component eslint rules
* switch title to const variable
* add jsdoc comment on what the label input is used for
* [PM-22415] Tax ID notifications for Organizations and Providers (#15996)
* [NO LOGIC] Rename BillableEntity to BitwardenSubscriber
This helps us maintain paraody with server where we call this choice type ISubscriber. I chose BitwardenSubscriber to avoid overlap with RxJS
* [NO LOGIC] Move subscriber-billing.client to clients folder
* [NO LOGIC] Move organization warnings under organization folder
* Move getWarnings from OrganizationBillingApiService to new OrganizationBillingClient
I'd like us to move away from stashing so much in libs and utilizing the JsLibServicesModule when it's not necessary to do so. These are invocations used exclusively by the Web Vault and, until that changes, they should be treated as such
* Refactor OrganizationWarningsService
There was a case added to the Inactive Subscription warning for a free trial, but free trials do not represent inactive subscriptions so this was semantically incorrect. This creates another method that pulls the free trial warning and shows a dialog asking the user to subscribe if they're on one.
* Implement Tax ID Warnings throughout Admin Console and Provider Portal
* Fix linting error
* Jimmy's feedback
* remove duplicate messages keys
* revert changes to popover stories
* add back dupe myItems key for now as it was already here
* fix directive type errors
* remove variable left in error from merge conflict
* revert unintentional change to reports layout
* add back reports change
---------
Co-authored-by: Alex Morask <144709477+amorask-bitwarden@users.noreply.github.com>
Adds a check to make sure that the email on the Org Invite matches the email submitted in the form. If it matches, only then do we apply the org invite to get the MP policies. But if the emails do not match, it means the user attempting to login is no longer the user who originally clicked the emailed org invite link. Therefore, we clear the Org Invite + Deep Link and allow the user to login as normal.
- Renames the `LoginApprovalComponent` to `LoginApprovalDialogComponent`
- Renames the property `notificationId` to `authRequestId` for clarity
- Updates text content on the component
* Move pin service to km ownership
* Run format
* Eslint
* Fix tsconfig
* Fix imports and test
* Clean up imports
* Remove unused dependency on PinService
* Fix comments
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
