* Session timeout policy
* default "custom" is 8 hours, validation fixes
* ownership update
* default max allowed timeout is not selected
* adjusting defaults, fixing backwards compatibility, skip type confirmation dialog when switching between the never and on system lock
* unit test coverage
* wording update, custom hours, minutes jumping on errors
* wording update
* wrong session timeout action dropdown label
* show dialog as valid when opened first time, use @for loop, use controls instead of get
* dialog static opener
* easier to understand type value listener
* unit tests
* explicit maximum allowed timeout required error
* eslint revert
* Extract windows biometrics v2 changes
Co-authored-by: Bernd Schoolmann <mail@quexten.com>
* Address some code review feedback
* cargo fmt
* rely on zeroizing allocator
* Handle TDE edge cases
* Update windows default
* Make windows rust code async and fix restoring focus freezes
* fix formatting
* cleanup native logging
* Add unit test coverage
* Add missing logic to edge case for PIN disable.
* Address code review feedback
* fix test
* code review changes
* fix clippy warning
* Swap to unimplemented on each method
* Implement encrypted memory store
* Make dpapi secure key container pub(super)
* Add comments on sync and send
* Clean up comments
* Clean up
* Fix build
* Add logging and update codeowners
* Run cargo fmt
* Clean up doc
* fix unit tests
* Update apps/desktop/desktop_native/core/src/secure_memory/secure_key/mod.rs
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* Handle tampering with re-key and log
* Add docs
* Fix windows build
* Prevent rust flycheck log from being commited to git
* Undo feature flag change
* Add env var override and docs
* Add deps to km owership
---------
Co-authored-by: Thomas Avery <tavery@bitwarden.com>
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
* encode username for uri and add spec
* verify response from getHibpBreach method
* test/validate for BreachAccountResponse type and length instead of mock response
* - extract dirt api method out of global api service
- create new directory structure
- change imports accordingly
- extract breach account response
- put extracted code into new dirt dir
* codeowners and dep injection for new hibp service
* Add PhishingDetectionService
* Add a tab listener.
* Get the known phishing domain from the server
* Get the known phishing domain from the server
* Add phishing detection content script.
* Revert "Add phishing detection content script."
This reverts commit ce64d3435a.
* Fix conflicts
* Add build configs.
* Decouple the phishing detection content script logic from the rest of the app.
* move the call to background
* Add communication between the content script and background service.
* Update code to use Log service.
* Resolve conflict
* Add changes for phishing domain report
* Fix initializer order issue.
* Fix domain error.
* Account for no responses.
* Add exit functionality for onclick.
* Wrapped phishing detection feature behind feature flag (#13915)
* push changes for alert
* Removed browser logic for checking feature flag
* move the alert as dialog
* Add functionality to navigate back in history.
* [PM-19814] Add redirect to warning page when a phishing domain is detected.
* [PM-19814] Add the phishing warning page to the Angular popup.
* [PM-19814] Add functionality to display phishing host.
* [PM-19814] Add exit button and learn more link.
* [PM-19814] Add phishing detection feature flag.
* [PM-19814] Move phishing service to phishing directory
* [PM-19814] Add UI to display phishing URL.
* [PM-19814] Disable the URL input and populate it with the phishing URL.
* [PM-19814] Add phishing icon
* [PM-19814] Temporarily remove phishing reporting feature. It can be released separately in another ticket.
* [PM-19814] Clean up
* [PM-19814] Add types to the handlers.
* [PM-19814] Remove logic for handling authentication since the endpoint will be unauthenticated.
* [PM-19814] Fixed as many type issues as possible; added @ts-strict-ignore to the remaining ones.
* [PM-19814] Fix race condition in feature flag check.
* [PM-19814] Update wording for the marketing request.
* [PM-19814] Move phishing detection check from content script to webRequest.onCompleted listener.
* [PM-19814] Use webNavigation.onCompleted for redirect to ensure that the redirect only happens when they land on the page.
* [PM-19814] Remove unused code.
* [PM-19814] Fix merge conflict and update text based on product owner’s request
* [PM-19814] Fix merge conflict
* [PM-19814] Update text
* Resolve the message catalog entries
* Update file for consistent import and exports
* Update imports
* Update another import for BrowserPopupUtils
* Update the rest of the imports for BrowserPopupUtils
* Updates messages
* Rename files
* Current phishing block changes
* Use globalthis for chrome
* Add types file
* Update browser api to include tab navigation and close tab functions
* Update phishing detection to track multiple tabs and not trust info from content script
* Change chrome to browser.
* Fixed phishing detection checking previous url instead of current on navigation. Updated def flag for testing urls.
* Move phishing icon
* Fix chrome specific issues. Add comments to where BrowserApi should be used
* Fix command errors. Typecheck messages. Added guard for phishing detection messages
* Use concat map instead of merge map
* Unformat webfonts.scss file
* Fix lint and import errors
* Move phishing blocker files to dirt folder
* Rename background folder to services
* Add code ownership for phishing blocker
* Update text to use locales on phishing blocker learn more page
* Change navigation from using webapi to browser on updated event for safari support
* Update icon usage
* Fix type issues and add test file
* Fix linting error in test
---------
Co-authored-by: Jimmy Vo <huynhmaivo82@gmail.com>
Co-authored-by: Cy Okeke <cokeke@bitwarden.com>
Co-authored-by: Conner Turnbull <133619638+cturnbull-bitwarden@users.noreply.github.com>
Co-authored-by: Conner Turnbull <cturnbull@bitwarden.com>
Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
Co-authored-by: Tom <144813356+ttalty@users.noreply.github.com>
This change eliminates the circular dependency between messaging and messaging-internal libraries by merging them into a single messaging library.
Previously, messaging-internal imported from @bitwarden/messaging while messaging tried to import from @bitwarden/messaging-internal, creating an unresolvable circular dependency. This also violated Nx best practices by using cross-library file includes in tsconfig.lib.json.
Changes made:
- Moved all messaging-internal code (SubjectMessageSender, helpers, tests) into libs/messaging/src/
- Updated all imports to use relative paths instead of @bitwarden/messaging imports
- Removed the entire messaging-internal library and its configuration files
- Updated external references in apps/browser to import from @bitwarden/messaging
- Fixed libs/messaging/tsconfig.lib.json to use standard src/**/*.ts pattern
- Updated libs/common internal.ts to re-export from messaging instead of messaging-internal
The messaging library now exports both public APIs and internal implementations, which is a cleaner architecture than maintaining two separate libraries with circular dependencies.
Fixes rootDir configuration issues identified in the Nx library systematic fix project.
* create the pricing library
* Create pricing-card.component
* Refactor the code
* feat: Add pricing card component library
* Fix the test failing error
* Address billing pr comments
* feat: Add Storybook documentation and stories for pricing-card component
* Fix some ui feedback
* Changes from the display and sizes
* feat(billing): refactor pricing card with flexible title slots and active badge
* Enhance pricing card with flexible design and button icons
* refactor: organize pricing card files into dedicated folder
* Complete pricing card enhancements with Chromatic feedback fixes
* refactor base on pr coments
* Fix the button alignment
* Update all the card to have the same height
* Fix the slot issue on the title
* Fix the Lint format issue
* Add the header in the stories book
* Add importer dummy lib, add cargo deps for win/mac
* Add Chromium importer source from bitwarden/password-access
* Mod crypto is no more
* Expose some Chromium importer functions via NAPI, replace home with home_dir crate
* Add Chromium importer to the main <-> renderer IPC, export all functions from Rust
* Add password and notes fields to the imported logins
* Fix windows to use homedir instead of home
* Return success/failure results
* Import from account logins and join
* Linux v10 support
* Use mod util on Windows
* Use mod util on macOS
* Refactor to move shared code into chromium.rs
* Fix windows
* Fix Linux as well
* Linux v11 support for Chrome/Gnome, everything is async now
* Support multiple browsers on Linux v11
* Move oo7 to Linux
* Fix Windows
* Fix macOS
* Add support for Brave browser in Linux configuration
* Add support for Opera browser in Linux configuration
* Fix Edge and add Arc on macOS
* Add Opera on macOS
* Add support for Vivaldi browser in macOS configuration
* Add support for Chromium browser in macOS configuration
* Fix Edge on Windows
* Add Opera on Windows
* Add Vivaldi on windows
* Add Chromium to supported browsers on Windows
* stub out UI options for chromium direct import
* call IPC funcs from import-desktop
* add notes to chrome csv importer
* remove (csv) from import tool names and format item names as hostnames
* Add ABE/v20 encryption support
* ABE/v20 architecture description
* Add a build step to produce admin.exe and service.exe
* Add Windows v20/ABE configuration functionality to specify the full path to the admin.exe and service.exe. Use ipc.platform.chromiumImporter.configureWindowsCryptoService to configure the Chromium importer on Windows.
* rename ARCHITECTURE.md to README.md
* aligns with guidance from architecture re: in-repository documentation.
* also fixes a failing lint.
* cargo fmt
* cargo clippy fix
* Declare feature flag for using chromium importer
* Linter fix after executing npm run prettier
* Use feature flag to guard the use of the chromium importer
* Added temporary logging to further debug, why the Angular change detection isn't working as expected
* introduce importer metadata; host metadata from service; includes tests
* fix cli build
* Register autotype module in lib.rs
introduce by a bad merge
* Fix web build
* Fix issue with loaders being undefined and the feature flag turned off
* Add missing Chromium support when selecting chromecsv
* debugging
* remove chromium support from chromecsv metadata
* fix default loader selection
* [PM-24753] cargo lib file (#16090)
* Add new modules
* Fix chromium importer
* Fix compile bugs for toolchain
* remove importer folder
* remove IPC code
* undo setting change
* clippy fixes
* cargo fmt
* clippy fixes
* clippy fixes
* clippy fixes
* clippy fixes
* lint fix
* fix release build
* Add files in CODEOWNERS
* Create tools owned preload.ts
* Move chromium-importer.service under tools-ownership
* Fix typeError
When accessing the Chromium direct import options the file button is hidden, so trying to access it's values will fail
* Fix tools owned preload
* Remove dead code and redundant truncation
* Remove configureWindowsCryptoService function/methods
* Clean up cargo files
* Fix unused async
* Update apps/desktop/desktop_native/bitwarden_chromium_importer/Cargo.toml
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* Fix napi deps
* fix lints
* format
* fix linux lint
* fix windows lints
* format
* fix missing `?`
* fix a different missing `?`
---------
Co-authored-by: Dmitry Yakimenko <detunized@gmail.com>
Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com>
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: ✨ Audrey ✨ <ajensen@bitwarden.com>
Co-authored-by: ✨ Audrey ✨ <audrey@audreyality.com>
Co-authored-by: adudek-bw <adudek@bitwarden.com>
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* create libs/assets
* treeshake lib and filter out non-icons from icon story
* update docs
* fix icon colors in browser and desktop
* better name for vault icon
* move illustrations
* Throw error if appA11yTitle is null in icon button
* Add required label input
* Fix icon button errors in CL components and storeis
* fix popover aria-label errors
* remove commented code
* add labels to icon buttons in browser
* add labels to icon buttons in web
* add labels to icon buttons in license
* add labels to icon buttons in send
* add labels to icon buttons in angular
* fix missing pipe error
* fix sso icon button missed in error
* update labels in vault
* add section expand button label
* Adding labels to icon buttons
* Add lint rule to not allow icon buttons without label input
* rename util file
* trigger updates on title change
* update eslint rule name and folder
* add edit collection label to vault headers
* fix web header story label
* add show/hide summary labels
* update summary message
* fix breadcrumbs label message
* fix JSDoc to use correct input
* remove commented code
* use label as aria-label always. Remove init function
* add moreBreadcrumbs translation message to other apps
* add @bitwarden/team-ui-foundation as code owner for component eslint rules
* switch title to const variable
* add jsdoc comment on what the label input is used for
* [PM-22415] Tax ID notifications for Organizations and Providers (#15996)
* [NO LOGIC] Rename BillableEntity to BitwardenSubscriber
This helps us maintain paraody with server where we call this choice type ISubscriber. I chose BitwardenSubscriber to avoid overlap with RxJS
* [NO LOGIC] Move subscriber-billing.client to clients folder
* [NO LOGIC] Move organization warnings under organization folder
* Move getWarnings from OrganizationBillingApiService to new OrganizationBillingClient
I'd like us to move away from stashing so much in libs and utilizing the JsLibServicesModule when it's not necessary to do so. These are invocations used exclusively by the Web Vault and, until that changes, they should be treated as such
* Refactor OrganizationWarningsService
There was a case added to the Inactive Subscription warning for a free trial, but free trials do not represent inactive subscriptions so this was semantically incorrect. This creates another method that pulls the free trial warning and shows a dialog asking the user to subscribe if they're on one.
* Implement Tax ID Warnings throughout Admin Console and Provider Portal
* Fix linting error
* Jimmy's feedback
* remove duplicate messages keys
* revert changes to popover stories
* add back dupe myItems key for now as it was already here
* fix directive type errors
* remove variable left in error from merge conflict
* revert unintentional change to reports layout
* add back reports change
---------
Co-authored-by: Alex Morask <144709477+amorask-bitwarden@users.noreply.github.com>
* trigger Autofill BIT checks on browser build workflow completion and autofill-affecting file changes
* further adjustments
* hardcode bitwarden owner
* remove unneeded origin_repo data in dispatch payload
* add ownership for workflow
* use actions/create-github-app-token
* update CODEOWNERS line with suggestion
* [PM-22783] Add initial feature flag and settings toggle for autotype MVP
* [PM-22783] Undo Cargo.lock changes
* [PM-22783] Disable console.log block
* [PM-22783] Lint fix
* [PM-22783] Small updates
* [PM-22783] Build fix
* [PM-22783] Use combineLatest in updating the desktop autotype service
* [PM-22783] Check if the user is on Windows
* [PM-22783] Undo access selector html change, linting keeps removing this
* [PM-22783] Fix failing test
* [PM-22788] Add initial desktop native autotype crate based on spike ticket investigation
* [PM-22788] cargo fmt
* [PM-22783] Update autotypeEnabled to be stored in service
* [PM-22783] Add todo comments
* [PM-22783] Add SlimConfigService and MainDesktopAutotypeService
* [PM-22783] Small fixes
* [PM-22788] Add get_foreground_window_title() and cleanup
* [PM-22788] Add comment
* [PM-22788] Lint and cross platform build fixes
* [PM-22788] Update windows.rs in autotype_internal
* [PM-22788] Update windows.rs and dummy.rs in autotype_internal
* [PM-22788] cargo fmt
* [PM-22788] Edit napi result types
* [PM-22788] Edit napi result types again
* [PM-22788] Add autofill as a codeowner of the desktop_native/autotype directory
* [PM-22788] Refactor autotype code
* [PM-22788] Move autotype dependency out of windows only due to abstraction change
* [PM-22788] Fix lint errors
* [PM-22788] Updates based on PR comments
* [PM-22788] cargo fmt
* feat(nx): add basic-lib generator for streamlined library creation
This adds a new nx-plugin library with a generator for creating "common" type
Bitwarden libs. It is set up to accept a lib name, description, team, and
directory. It then
- Creates a folder in the directory (default to libs)
- Sets up complete library scaffolding:
- README with team ownership
- Build, lint and test task configuration
- Test infrastructure
- Configures TypeScript path mapping
- Updates CODEOWNERS with team ownership
- Runs npm i
This will make library creation more consistent and reduce manual boilerplate setup.
The plugin design itself was generated by `npx nx g plugin`. This means we
used a plugin to generate a plugin that exports generators. To create our
generator generator, we first needed a generator.
* fix(dirt/card): correct tsconfig path in jest configuration
Fix the relative path to tsconfig.base in the dirt/card library's Jest config.
The path was incorrectly using four parent directory traversals (../../../../)
when only three (../../../) were needed to reach the project root.
* chore(codeowners): clarify some nx ownership stuff
* Add sdk-internal to ignored deps
* Grouped GH Action Minor
* Additional groupings added
* Added bitwarden-external back.
* Updated to include patch for linting.
* Removed comments on CODEOWNERS since we no longer group by file
* Tried to standardize group names
* Consolidated handling of TS and zone.js
* Move access-intelligence and reports files from tools to dirt folder for new ownership. Update imports for these files
* Move bit-common/src/reports/risk-insights > dirt
* Update codeowners file for dirt team ownership
* Addressed linting issues by executing `npm run prettier`
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* PM-9126: Initial scaffolding for com object registration
* PM-9126: Clean Up PACOMObject trait and impl
* PM-9126: Add unsafe tests
* PM-9126: Clean up registration PR with a working CoRegisterClassObject call
* PM-9126: Add AddAuthenticator fn call
* PM-9126: Load AddAuthenticator fn call dynamically
* PM-9126: Add AddAuthenticator experiments
* PR-9126: add brackets around guids
* PM-9126: clean up part 1
* PM-9126: Cleanup changes
* Only call the register function if on Windows
* PM-9126: Block two generated types that create issues for the i686-pc-windows-msvc target
* PM-9126: Refine bindings file
* PM-9126: Address PR comments part 1
* PM-9126: Address PR comments part 2
* PM-9126: Return result in napi layer
* PM-9126: Propogate error from add authenticator call
* PM-9126: Change for version update
* Moved all desktop native dependencies to workspace
* Excluded workspace Cargo.toml from code ownership
* Added all Cargo dependencies to Renovate config
* Fixed from test warnings.
* Updates to lockfile
* Renamed to JSON5
* Renovate config to group actions by team.
* Corresponding CODEOWNERS changes.
* Updated linting script to use new file name.
* Added note to check CODEOWNERS before changing.
* Added json5 dependency.
* Updated comments for package grouping.
* A few comment adjustments.
* Removed minor-only grouping and Platform cargo prefix.
* Added comments.
* Added back new line to remove extra change in PR.
* Removed package rule for patch to move to base config.
* feat: create copy of desktop build for PR target
* chore: add temporary file to trigger ci
* fix: remove check-run from regular desktop build
* feat: change browser build to not use pr target
* fix: skip build-safari if secret is not available
* feat: skip safari build if secrets are not available
* feat: let windows desktop build without secrets
* fix: has_secrets not being output correctly
* feat: let macos desktop build without secrets
* feat: don't build browser as part of desktop
* feat: change CLI to pull_request
* feat: let web build without secrets
* feat: tweak lint to run on PR and not just push
* feat: add PR target workflows
* fix: remove wip files
* fix: lint on hotfix-rc branches
* feat: add new workflows to CODEOWNERS
* fix: remove workflow_dispatch
pull_request_target are only intended to be used with contributor PRs and we cannot dispatch builds for these branches so there was no point having that option.
