* migrated vault cipher list
* added back `rounded` prop to `bit-layout`
* moved account switcher to right corner
* moved username below cipher item name
* fixed spacing to align with send pages
* removed commented out
* fixed options buttons overflowing if has launch
* fixed "options" label disappearing when width is insufficient
* reverted search component, added search directly to vault-list
* placed new vault cipher list work behind 'desktop-ui-migration-milestone-3' feature flag
* reverted scss changes
* added back search bar when FF not enabled
* fixed owner column responsiveness (set to table width instead of screen)
* fixed 'owner' column responsiveness
* hide 'owner' column at 'md' breakpoint
* Remove duplicate badge component and org name pipe
* Convert to standalone
* Added back translations
* used correct 'tw' variants for 'px'
* extended existing `item-footer` component
* removed unused `showGroups()` from `vault-cipher-row`
* removed 'addAccess' from `vault-list.component`
* removed more unused, separated 'cipher collections' from 'filter collections'
* converted `vault-wrapper` to use signal
* updated original 'vault.component' to reflect main
* fixed `templateUrl`, merge fix
* changed to `getFeatureFlag$`
* fixes for `item-footer` and `vault-collection-row`
* fixed lint error
* - replaced using global css with tailwind
- added functionality and ui for empty states
- moved search and vault header from 'vault-list' to 'vault component'
* fixed accessing `this.userCanArchive$`
* converted more to tailwind in vault component
* removed unused 'selection' from `vault-list`
* Fix flashing vault list
* Move app-header title to routing module
* Remove broken half-migrated new form
* removed unnecessary `this.organizations$` block
* removed `firstSetup$`, cleaned up unused, separated 'delete' and 'restore' handling for footer and cipher menu
* used desktop 'launch' functionality
* moved 'bit-no-items' into `vault-list`
* removed unused locales
* aligned `handleDelete` and `handleRestore` with original desktop functionality
* Fix linting and tests
* Move no-items out of table similar to send.
* Re-add newline end of messges.json
* Remove events
* Hide copy buttons if there is nothing to copy. Simplify
* fix
* Get rid of unused copyField
* Use dropdown button in vault list instead
* Fix linting
* removed unused imports
* updated `vault-orig` to current in main
* fixed `vault-orig` templateUrl
* fixed import order, removed unused `combineLatest` block
* fixed `onVaultItemsEvent` "delete"
* removed duplicate rendering of logo
* preserve cipher view after 'cancel'
* filter from `allCiphers`
* moved `enforceOrganizationDataOwnership` call inside "syncCompleted" block
* converted `showAddCipherBtn` to observable
* removed unused
* added `submitButtonText` to `app-vault-item-footer`
* removed filtering restricted item types
* fixed `cancelCipher` pass in and set `cipherId`
* updated `submitButtonText`
* updated `vault-orig` to current `vault` in main
---------
Co-authored-by: Hinton <hinton@users.noreply.github.com>
Updates the `setInitialPasswordTdeOffboarding` path to use new KM data types:
- `MasterPasswordAuthenticationData`
- `MasterPasswordUnlockData`
This allows us to move away from the deprecated `makeMasterKey()` method (which takes email as salt) as we seek to eventually separate the email from the salt.
Behind feature flag: `pm-27086-update-authentication-apis-for-input-password`
Exposes closeOnNavigation from cdk config and implements a drawer close solution on navigation. More complex scenarios may still require custom handling.
DialogService is referenced in imported components in some tests meaning we need to use overrideProvider rather than providers.
Follow up to #19104 and #18584 to add eslint suggestions that can be applied in editors to speed up resolving the lints.
Also adds a fixedWidth input to bit-icon since having fixed width icons is fairly common and I would prefer that we don't keep bwi-fw
* bypass cipher edit permissions for individual vault
* replace bypassCipherEditPermission with form configuration mode
* allow partial edit to view cipher form
* remove old comment
* add feature flag
* temp
* add ping animation with filled info icon
* add ping animation to stop after 4 goes around
* add local state for autofill-icon
* add logic to avoid new accounts
* fix closing of popover
* fix strict typings
* remove `creationDate` logic from being considered for autofill notification
* remove "now," from the autofill description
* remove height and width in the svg
* Move clearCache calls before SDK calls, to prevent race conditions from firing.
* Swap calls to clearCache and restoreWithServer/restoreManyWithServer to fix race condition
* update responsive behavior of three panel layout; give sidenav extra top padding on electron; add stories that show mix of drawer and sidenav states
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* PM-31804 - WIP
* PM-31804 - Profile Component - fix missing translation
* PM-31804 - Web - Emergency Access Takeover Dialog Comp - remove screen reader only span as arialabel on spinner should be sufficient
* PM-31804 - Web - EmergencyAccessViewComp - remove redundant span as aria label handles accessibility.
* PM-31804 - Web - EmergencyAccessViewComp - Remove redundant sr only span - replaced w/ aria label
* PM-31804 - Web - EmergencyAccessViewComp - Remove redundant sr only span - replaced w/ aria label
* PM-31804 - EmergencyAccessComp - Replace redundant sr only span with aria label
* PM-31804 - two-factor-setup.component.html - Replace redundant sr only spans with aria labels
* PM-31804 - WebauthnLoginSettingsModule - remove unnecessary IconModule - it's imported via SharedModule
* PM-31804 - web - emergency-access.component.html - Replace redundant sr only span with aria label
* PM-31804 - LoginDecryptionOptionsComponent - Replace redundant sr only span with aria label
* PM-31804 - ChangePasswordComp - Replace redundant sr only span with aria label
* PM-31804 - AccountComponent - add BitwardenIcon type to satisfy template type requirements for name property.
* PM-31804 - Browser Account Security Component - replace nonexistent chevron icon with existing angle right icon.
* PM-31804 - Fix A11y issues with missing aria labels
* PM-31804 - Remove remaining redundant sr only spans since we now have aria labels
* adds autofill button for cipher view
* adds tests
* changes autofill function for non login types
* adds top margin to autofill button
* adds more top margin to autofill button
* only shows autofill button when autofill is allowed (not in a popout)
* add button type
* updates _domainMatched to take a tab param, updates how the component is passed through to slot
* fixes tests from rename
* adds comment about autofill tab checking behavior
* removes diff markers
* add welcome prompt when extension is not installed
* add feature flag
* move prompt logic to internal service and add day prompt
* rename dialog component
* remove feature flag hardcode and add documentation
* use i18n for image alt
* move state into service
* be more explicit when the account or creation date is not available
* remove spaces
* fix types caused by introducing a numeric feature flag type
* add `typeof` for feature flag typing
* refactor(billing): remove PM-26793 feature flag from subscription pricing service
* test(billing): update subscription pricing tests for PM-26793 feature flag removal
* chore: remove PM-26793 feature flag from keys
* add notification handler for auto confirm
* add missing state check
* fix test
* isolate angular specific code from shared lib code
* clean up
* use autoconfirm method
* add event logging for auto confirm
* update copy
Adds urlOriginsMatch to @bitwarden/platform, which compares two URLs by
scheme, host, and port. Uses `protocol + "//" + host` rather than
`URL.origin` because non-special schemes (e.g. chrome-extension://)
return the opaque string "null" from .origin, making equality comparison
unreliable. URLs without a host (file:, data:) are explicitly rejected
to prevent hostless schemes from comparing equal.
Refactors senderIsInternal to delegate to urlOriginsMatch and to derive
the extension URL via BrowserApi.getRuntimeURL("") rather than inline
chrome/browser API detection. Adds full test coverage for
senderIsInternal.
The previous string-based comparison used startsWith after stripping
trailing slashes, which was safe in senderIsInternal where inputs are
tightly constrained. As a general utility accepting arbitrary URLs,
startsWith can produce false positives (e.g. "https://example.com"
matching "https://example.com.evil.com"). Structural host comparison
is the correct contract for unrestricted input.
Remove the fully-enabled feature flag and simplify the billing metadata
API to always use the vNext endpoints. The legacy API path is removed
since the server will no longer serve it.
- Remove FeatureFlag.PM25379_UseNewOrganizationMetadataStructure enum and default
- Delete legacy getOrganizationBillingMetadata() API method (old /billing/metadata path)
- Rename vNext methods to remove VNext suffix
- Simplify OrganizationMetadataService to always use cached vNext path
- Remove ConfigService dependency from OrganizationMetadataService
- Update tests to remove feature flag branching
