* feat: ban urls not using https
* feat: add exception for dev env
* feat: block fetching of insecure URLs
* feat: add exception for dev env
* feat: block notifications from using insecure URL
* fix: bug where submission was possible regardless of error
* feat: add exception for dev env
* fix: missing constructor param
* feat(two-factor-api-service) [PM-26465]: Add TwoFactorApiServiceAbstraction.
* feat(two-factor-api-service) [PM-26465]: Add TwoFactorApiService implementation.
* feat(two-factor-api-service) [PM-26465]: Add test suite for TwoFactorApiService.
* feat(two-factor-api-service) [PM-26465]: Replace ApiService dependencies with TwoFactorApiService for all refactored methods.
* feat(two-factor-api-service) [PM-26465]: Finish removal of Two-Factor API methods from ApiService.
* fix(two-factor-api-service) [PM-26465]: Correct endpoint spelling.
* feat(two-factor-api-service) [PM-26465]: Update dependency support for CLI.
* fix(two-factor-api-service) [PM-26465]: Update tests/deps for corrected spelling.
* feat(two-factor-api-service) [PM-26465]: Add TwoFactorApiService to Browser services module.
* fix(two-factor-api-service) [PM-26465]: Re-spell dependencies to take *Abstraction throughout, move to JslibServices module for cleaner importing across clients.
* feat(two-factor-api-service) [PM-26465]: Move new services to a feature area, rename abstract and concrete/default.
* feat(two-factor-api-service) [PM-26465]: Move the feature area to common/auth, not auth/common.
* feat(two-factor-api-service) [PM-26465]: Remove now-unneeded include from auth/tsconfig.
* Adding enums for additional event logs for secrets
* updating messages
* Updating messages to be consistent for logs
* Displaying project logs, and fixing search query param searching in projects list, having deleted log for secrets and projects not show as a link
* Viewing secret and project event logs in event modal, adding to the context menu for secrets and projects the ability to view the logs if user has permission. Restricting logs to SM projs and Secs if the logged in user has event log access but not SM access.
* lint
* Lint Fixes
* fix to messages file
* fixing lint
* Adding machine account event logs
* lint fix
* Update event.service.ts
* removing duplicate function issue from merge
* Update service-accounts-list.component.ts
* fixing message
* Fixes to QA bugs
* lint fix
* linter for messages is annoying
* lint
* Use payment domain
* Fixing lint and test issue
* Fix organization plans tax issue
* PM-26297: Use existing billing address for tax calculation if it exists
* PM-26344: Check existing payment method on submit
* encode username for uri and add spec
* verify response from getHibpBreach method
* test/validate for BreachAccountResponse type and length instead of mock response
* - extract dirt api method out of global api service
- create new directory structure
- change imports accordingly
- extract breach account response
- put extracted code into new dirt dir
* codeowners and dep injection for new hibp service
* Introduce a new vault-export-api.service to replace the existing getOrganizationExport method in apiService
* Use new vault-export-api.service instead of the ApiService to retrieve organizational export data
* Remove unused method from apiService
* Register VaultExportApiService on browser
* Fxi linting issue by executing `npm run prettier`
* Rename abstraction and implementation of VaultExportApiService
* Use undefined instead of null
* Rename file of default impl of vault-export-api-service
* Fix test broken with 1bcdd80eea
* Define type for exportPromises
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* encode username for uri and add spec
* verify response from getHibpBreach method
* test/validate for BreachAccountResponse type and length instead of mock response
* enforce restrictions based on collection type, set default collection type
* fix ts strict errors
* fix default collection enforcement in vault header
* enforce default collection restrictions in vault collection row
* enforce default collection restrictions in AC vault header
* enforce default collection restriction for select all
* fix ts strict error
* switch to signal, fix feature flag
* fix story
* clean up
* remove feature flag, move check for defaultCollecion to CollecitonView
* fix test
* remove unused configService
* fix test: coerce null to undefined for collection Id
* clean up leaky abstraction for default collection
* fix ts-strict error
* fix parens
* add new property to models, update logic, refactor for ts-strict
* fix type
* rename defaultCollection getter
* clean up
* clean up
* clean up, add comment, fix submit
* add comment
* add feature flag
* check model for name
* cleanup readonly logic, remove featureflag logic
* wip
* refactor CollectionRequest into Create and Update models
* fix readonly logic
* cleanup
* set defaultUserCollectionEmail in decryption from Collection
* split save into update/create methods
* fix readonly logic
* fix collections post and put requests
* add defaultUserCollection email to model when submitting collection dialog
* Adding enums for additional event logs for secrets
* updating messages
* Updating messages to be consistent for logs
* Displaying project logs, and fixing search query param searching in projects list, having deleted log for secrets and projects not show as a link
* Viewing secret and project event logs in event modal, adding to the context menu for secrets and projects the ability to view the logs if user has permission. Restricting logs to SM projs and Secs if the logged in user has event log access but not SM access.
* lint
* Lint Fixes
* fix to messages file
* fixing lint
* Bug fix, make sure event logs related to service accounts are still links that take you to the object
* removing unused import
* Add new device type for DuckDuckGo browser
* Added feature support property for sync domains
* Added new features
* Added isDuckDuckGo() to CLI
* Addressed PR feedback.
* Renamed new property
* Fixed rename that missed CLI.
* first draft at an idea dependency graph
* ignore existing errors
* remove conflicting rule regarding internal platform logic in libs
* review: allow components to import from platform
* move vault timeout and vault timeout settings to km
* move browser vault timeout service to km
* fix cli import
* fix imports
* fix some relative imports
* use relative imports within common
* fix imports
* fix new imports
* Fix new imports
* fix spec imports
* update extension refresh form when an attachment is added or removed
- This is needed because the revision date was updated on the server and the locally stored cipher needs to match.
* receive updated cipher from delete attachment endpoint
- deleting an attachment will now alter the revision timestamp on a cipher.
* patch the cipher when an attachment is added or deleted
* migrate vault component to use the `cipherViews$` observable
* reference `cipherViews$` on desktop for vault-items
- This avoid race conditions where ciphers are cleared out in the background. `cipherViews` should always emit the latest views
* return CipherData from cipher service so that consumers have the updated cipher right away
* use the updated cipher from attachment endpoints to refresh the details within the add/edit components on desktop
Add device verification flow that requires users to enter an OTP when logging in from an unrecognized device. This includes:
- New device verification route and guard
- Email OTP verification component
- Authentication timeout handling
PM-8221
* Use typescript-strict-plugin to iteratively turn on strict
* Add strict testing to pipeline
Can be executed locally through either `npm run test:types` for full type checking including spec files, or `npx tsc-strict` for only tsconfig.json included files.
* turn on strict for scripts directory
* Use plugin for all tsconfigs in monorepo
vscode is capable of executing tsc with plugins, but uses the most relevant tsconfig to do so. If the plugin is not a part of that config, it is skipped and developers get no feedback of strict compile time issues. These updates remedy that at the cost of slightly more complex removal of the plugin when the time comes.
* remove plugin from configs that extend one that already has it
* Update workspace settings to honor strict plugin
* Apply strict-plugin to native message test runner
* Update vscode workspace to use root tsc version
* `./node_modules/.bin/update-strict-comments` 🤖
This is a one-time operation. All future files should adhere to strict type checking.
* Add fixme to `ts-strict-ignore` comments
* `update-strict-comments` 🤖
repeated for new merge files
Creates a refreshed and consolidated LoginViaAuthRequestComponent for use on all visual clients, which will be used when the UnauthenticatedExtensionUIRefresh feature flag is on.
* Add the new policy
* Add the free family policy behind flag
* Patch build process
* Revert "Patch build process"
This reverts commit 4024e974b1.
* [PM-13346] Email notification impacts (#11967)
* Changes error notification for disabled offer
* Add the feature to the change
* Add the missing dot
* Remove the authenicated endpoint
* Add the changes for error toast
* Resolve the lint issue
* rename file a correctly
* Remove the floating promise comments
* Delete unwanted comments
---------
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
* allow admin console to see all collections when viewing a cipher
- When "manage all" option is selected all collections should be editable
* update cipher form service to use admin endpoints
* when saving a cipher, choose to move to collections first before saving any other edits
- This handles the case where a cipher is moving from unassigned to assigned and needs to have a collection to save any other edits
* set admin flag when the original cipher has zero collections
- handling the case where the user un-assigns themselves from a cipher
* add check for the users ability to edit items within the collection
* save cipher edit first to handle when the user unassigns themselves from the cipher
* update filter order of collections
* use cipher returned from the collections endpoint rather than re-fetching it
* fix unit tests by adding canEditItems
* re-enable collection control when orgId is present
* fetch the updated cipher from the respective service for editing a cipher
