* Send current Org user Id on collection creation through CLI
* Run npm prettier
* Add organization services to CreateCommand creation on ServeCommand
* Refactor organization data models to include organizationUserId property
* Refactor create command to utilize the OrganizationUserId on the Organization object
* Add users to collection request in edit command
* fix: organization.data test update to correct deserialization, refs AC-2286
---------
Co-authored-by: Vincent Salucci <vincesalucci21@gmail.com>
* use deep linked url for org invite instead of separate state
* remove organization invite state & fix tests
* clear login redirect for SSO JIT users since they are accepted when setting MP
* create accept org invite service and consolidate components in module
* finish switch to accept org invite service
* move logic to accept org service
* the rest of the owl
* clear org invite along with deep linked route
* pr feedback
* fix test and add error to catch null invite
* pr feedback
* clear stored invite if it doesn't match provided one
* [AC-2603] Add unmanaged property to CollectionAdminView and response models
* [AC-2603] Cleanup CollectionViews
- Remove getters that have been replaced with Unmanaged property
- Remove AddAccess that is also being replaced
- Add canEditUnmanagedCollections() helper to organization
* [AC-2603] Replace old AddAccess logic with Unmanaged flag
* [AC-2603] Fix failing test
* [AC-2603] Ensure Add Access badge/toggle only shows when V1 flag is enabled
* [AC-2603] Undo change to canEditUserAccess and canEditGroupAccess
Custom users should not get access to an unmanaged collection with only Manage Groups and Manage User permissions. That is still reserved for admin/owners and EditAnyCollection custom users.
* add verify org delete page
* PR feedback from thomas
* use abstraction
* Apply suggestions from code review
Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>
* delete org copy
* Move verify-recover-delete-org component to admin-console/organizations/manage folder and update routing
* [PM-7004] Add async/await to ngOnInit in verify-recover-delete-org.component.ts
* [PM-7004] Update deleteRecoverOrgConfirmDesc message in messages.json
* [PM-7004] Add warning message for deleting organization's active user accounts
* [PM-7004] Update to standalone component
* [PM-7004] Update delete organization warning message
* [PM-7004] Refactor delete organization form
* [PM-7004] Delete unused selector in verify-recover-delete-org.component.ts
* [PM-7004] Rename recoverDeleteToken method in verify-recover-delete-org.component.ts to deleteUsingToken
* [PM-7004] Update formGroup initialization in verify-recover-delete-org.component.ts
* [PM-7004] Delete formGroup initialization in verify-recover-delete-org.component.ts
* [PM-7004] Remove try/catch from submit method in verify-recover-delete-org.component.ts
* [PM-7004] Update submit button type in verify-recover-delete-org.component.html
* [PM-7004] Remove manual loading state in verify-recover-delete-org.component
* [PM-7004] Remove unnecessary span in verify-recover-delete-org.component.html
* [PM-7004] Update button styles in verify-recover-delete-org.component.html
* [PM-7004] Add back in the manual loading state in verify-recover-delete-org.component
* [PM-7004] Update button type and class in verify-recover-delete-org.component.html
* [PM-7004] Replace bootstrap classes with equivalent tailwind classes
* [PM-7004] Replace bootstrap classes with Tailwind in verify-recover-delete-org.component.html
---------
Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>
Co-authored-by: Rui Tome <rtome@bitwarden.com>
* replace `PasswordGeneratorService` with `legacyPasswordGenerationServiceFactory`
* replace `UsernameGeneratorService` with `legacyUsernameGenerationServiceFactory`
* migrate generator options and history
* apply policy immediately once available
* suppress duplicate policy emissions
* run password generation response code in `ngZone`
* Keep derive dependencies in lockstep
This reduces emissions in general due to updates of multiple inputs and removes decryption errors due to partially updated dependencies
* Fix provider encrypted org keys
* Fix provider state test types
* Type fixes
* [AC-1707] Add feature flag
* [AC-1707] Prevent loading ciphers for provider users in the org vault when the feature flag is enabled
* [AC-1707] Ensure new canEditAllCiphers logic only applies to organizations that have FC enabled
* [AC-1707] Update editAllCiphers helper to check for restrictProviderAccess feature flag
* [AC-1707] Remove un-used vaultFilterComponent reference
* [AC-1707] Hide vault filter for providers
* [AC-1707] Add search to vault header for provider users
* [AC-1707] Hide New Item button for Providers when restrict provider access feature flag is enabled
* [AC-1707] Remove leftover debug statement
* [AC-1707] Update canEditAllCiphers references to consider the restrictProviderAccessFlag
* [AC-1707] Fix collections component changes from main
* [AC-1707] Fix some feature flag issues from merge with main
* [AC-1707] Avoid 'readonly' collection dialog for providers
* [AC-1707] Fix broken Browser component
* [AC-1707] Fix broken Desktop component
* [AC-1707] Add restrict provider flag to add access badge logic
* Update Emergency Access To Get Their Own Key
* Migrate Organization Keys To Get Their Own Key
* Remove Optional Parameters
* Update Abstraction Parameter Name to Match Implementation
* Add @throws Doc
* initial commit
* add changes from running prettier
* resolve the linx issue
* resolve the lint issue
* resolving lint error
* correct the redirect issue
* resolve pr commit
* Add a feature flag
* move the new component to adminconsole
* resolve some pr comments
* move the endpoint from ApiService to providerApiService
* move provider endpoints to the provider-api class
* change the header
* resolve some pr comments
* Sent initiation path for organization and user signups
* Rename organizationQueryParameter > organizationTypeQueryParameter
* Jared's feedback
* Split PM & SM initiation path
* [AC-2195] Update canEditAnyCipher permission to make an exception for Custom users with editAnyCollection permission
* [AC-2195] Update V1 FC flag check to include check for an organization's FC status
* [AC-2195] Remove redundant collection management setting check that was hiding the restricted access message for custom users with deleteAnyCollection
* [AC-2195] Ensure users with canEditAnyCollections can edit all collections
* [AC-1124] Add getManyFromApiForOrganization to cipher.service.ts
* [AC-1124] Use getManyFromApiForOrganization when a user does not have access to all ciphers
* [AC-1124] Vault changes
- Show new collection access restricted view
- Include unassigned ciphers for restricted admins
- Restrict collections when creating/cloning/editing ciphers
* [AC-1124] Update edit cipher on page navigation to check if user can access the cipher
* [AC-1124] Hide ciphers from restricted collections
* [AC-1124] Ensure providers are not shown collection access restricted view
* [AC-1124] Modify add-edit component to call the correct endpoint when a restricted admin attempts to add-edit a cipher
* [AC-1124] Fix bug after merge with main
* [AC-1124] Use private this._organization
* [AC-1124] Fix broken builds
* Wire up key definitions for OrganizationService
[`AC-2009`: Transition OrganizationService to use StateProvider](
https://bitwarden.atlassian.net/browse/AC-2009)
In order to support the new `StateProvider` APIs for managing
application state this commit modifies `OrganizationService` in the following
ways:
1. Adding a `KeyDefinition` object to `OrganizationService` to store the
`organization` record in `StateProvider`.
1. Injecting `StateProvider` and wiring up `OrganizationService` to read
from the `organizations` key definition for the active user account.
1. Expanding the capabilities of `OrganizationData` to be able to read
itself from a JSON string. Previously this was handled directly by
`StateService`.
1. Updating tests to include requirements for testing against
`StateProvider`.
1. Marking the existing `StateService`-backed `organizations`
`Observable` and `BehaviorSubject` as deprecated.
This is largely unimplemented code with no intended visible effects to
the system. Implementing getting & updating the `organizations` value
from `StateProvider` will the next step in this work.
* Rework null check on OrganizationData
* Remove deprecation signals for the time being
* Move key definition inline with its service
* Create date objects when deserialzing json from state
* Got trial page working without the form set up
* Set up the form to create SM subscription
* Add free SM trial page and sign up
* Conner's changes
* fixed imports
* Set isFromSecretsManagerTrial
* Fixed OrgKey location
* Add isFromSecretsManager prop to free org create
* Add LTO callout
* Switch LTO to background box
* Defect: AC-2081
* Fixed typo "Secrets Manger" to "Secrets Manager"
* Removed discount price logic for storage and secrets manager prices since they don't apply
---------
Co-authored-by: Conner Turnbull <133619638+cturnbull-bitwarden@users.noreply.github.com>
Co-authored-by: Conner Turnbull <cturnbull@bitwarden.com>
* Move org keys to state providers
* Create state for org keys and derive decrypted for use
* Make state readonly
* Remove org keys from state service
* Migrate user keys state
* Review feedback
* Correct test name
* Refix key types
* `npm run prettier` 🤖
* Remove unused feature flag
* Replace feature flag ref with org flag
* Remove deprecated feature flag to discourage use
* Add check to org.canCreateNewCollections
* Adjust init logic of components to avoid race conditions
* Make canCreateNewCollections logic more explicit
* Resolve merge conflicts with vault changes
* Update comments
* Remove uses of old feature flag
* Remove last of old feature flag
* Clean up feature flag
* Fix linting
* Fix linting
* decompose password generator policy enforcement
* integrate new logic with UI
* improve UX of minimum password length
* improve password generator policy options documentation
* initialize min length to default minimum length boundary
* reset form value on input to prevent UI desync from model
---------
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* [AC-1139] Add new layout for MemberDialogComponent when FC feature flag is enabled
* [AC-1139] Deprecated Organization canEditAssignedCollections, canDeleteAssignedCollections, canViewAssignedCollections
* [AC-1139] Checking if FC feature flag is enabled when using canDeleteAssignedCollections or canViewAssignedCollections
* [AC-1139] Added missing parameter to customRedirect
* [AC-1139] Fixed canEdit permission
* [AC-1139] Fixed CanDelete logic
* [AC-1139] Changed canAccessVaultTab function to receive configService
* Override deprecated values on sync
* [AC-1139] Reverted change that introduced ConfigService as a parameter to canAccessVaultTab
* [AC-1139] Fixed circular dependency
* [AC-1139] Moved overriding of deprecated values to syncService
* Revert "[AC-1139] Fixed circular dependency"
This reverts commit 6484420976.
* Revert "Override deprecated values on sync"
This reverts commit f0c25a6996.
* [AC-1139] Added back the deprecation of methods canEditAssignedCollections, canDeleteAssignedCollections, canViewAssignedCollections
* [AC-1139] Reverted change on syncService
* [AC-1139] Override deprecated values on sync
* [AC-1139] Fix canDelete logic in
collection-dialog.component.ts and
bulk-delete-dialog.component.ts
* [AC-1139] Moved override logic from syncService to organizationService
* [AC-1139] Add ability to have titlecase titles on nested-checkbox.component checkboxes; use on member-dialog.component
* Revert "[AC-1139] Add ability to have titlecase titles on nested-checkbox.component checkboxes; use on member-dialog.component"
This reverts commit 9ede0fc5ac.
* [AC-1139] Fix bulk delete functionality
* [AC-1139] Refactor canEdit and canDelete to use ternary operator
* [AC-1139] Fix canDelete condition in VaultComponent
---------
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Assign ownership to many of the remaining libs/common files.
Criteria for ownership:
* Files used by a single team, is now owned by that team.
* Files related to a domain owned by a team is now owned by that team.
* Where ownership is unclear the "lowest level" service takes ownership.
* [AC-1612] Disabled access to the Organization Vault tab if the user only has access to assigned collections
* [AC-1612] Fixed issue that prevented Manager users to access the Organizations tab
* Rename service-factory folder
* Move cryptographic service factories
* Move crypto models
* Move crypto services
* Move domain base class
* Platform code owners
* Move desktop log services
* Move log files
* Establish component library ownership
* Move background listeners
* Move background background
* Move localization to Platform
* Move browser alarms to Platform
* Move browser state to Platform
* Move CLI state to Platform
* Move Desktop native concerns to Platform
* Move flag and misc to Platform
* Lint fixes
* Move electron state to platform
* Move web state to Platform
* Move lib state to Platform
* Fix broken tests
* Rename interface to idiomatic TS
* `npm run prettier` 🤖
* Resolve review feedback
* Set platform as owners of web core and shared
* Expand moved services
* Fix test types
---------
Co-authored-by: Hinton <hinton@users.noreply.github.com>
* [EC-1070] Introduce flag for enforcing master password policy on login
* [EC-1070] Update master password policy form
Add the ability to toggle enforceOnLogin flag in web
* [EC-1070] Add API method to retrieve all policies for the current user
* [EC-1070] Refactor forcePasswordReset in state service to support more options
- Use an options class to provide a reason and optional organization id
- Use the OnDiskMemory storage location so the option persists between the same auth session
* [AC-1070] Retrieve single master password policy from identity token response
Additionally, store the policy in the login strategy for future use
* [EC-1070] Introduce master password evaluation in the password login strategy
- If a master password policy is returned from the identity result, evaluate the password.
- If the password does not meet the requirements, save the forcePasswordReset options
- Add support for 2FA by storing the results of the password evaluation on the login strategy instance
- Add unit tests to password login strategy
* [AC-1070] Modify admin password reset component to support update master password on login
- Modify the warning message to depend on the reason
- Use the forcePasswordResetOptions in the update temp password component
* [EC-1070] Require current master password when updating weak mp on login
- Inject user verification service to verify the user
- Conditionally show the current master password field only when updating a weak mp. Admin reset does not require the current master password.
* [EC-1070] Implement password policy check during vault unlock
Checking the master password during unlock is the only applicable place to enforce the master password policy check for SSO users.
* [EC-1070] CLI - Add ability to load MP policies on login
Inject policyApi and organization services into the login command
* [EC-1070] CLI - Refactor update temp password logic to support updating weak passwords
- Introduce new shared method for collecting a valid and confirmed master password from the CLI and generating a new encryption key
- Add separate methods for updating temp passwords and weak passwords.
- Utilize those methods during login flow if not using an API key
* [EC-1070] Add route guard to force password reset when required
* [AC-1070] Use master password policy from verify password response in lock component
* [EC-1070] Update labels in update password component
* [AC-1070] Fix policy service tests
* [AC-1070] CLI - Force sync before any password reset flow
Move up the call to sync the vault before attempting to collect a new master password. Ensures the master password policies are available.
* [AC-1070] Remove unused getAllPolicies method from policy api service
* [AC-1070] Fix missing enforceOnLogin copy in policy service
* [AC-1070] Include current master password on desktop/browser update password page templates
* [AC-1070] Check for forced password reset on account switch in Desktop
* [AC-1070] Rename WeakMasterPasswordOnLogin to WeakMasterPassword
* [AC-1070] Update AuthServiceInitOptions
* [AC-1070] Add None force reset password reason
* [AC-1070] Remove redundant ForcePasswordResetOptions class and replace with ForcePasswordResetReason enum
* [AC-1070] Rename ForceResetPasswordReason file
* [AC-1070] Simplify conditional
* [AC-1070] Refactor logic that saves password reset flag
* [AC-1070] Remove redundant constructors
* [AC-1070] Remove unnecessary state service call
* [AC-1070] Update master password policy component
- Use typed reactive form
- Use CL form components
- Remove bootstrap
- Update error component to support min/max
- Use Utils.minimumPasswordLength value for min value form validation
* [AC-1070] Cleanup leftover html comment
* [AC-1070] Remove overridden default values from MasterPasswordPolicyResponse
* [AC-1070] Hide current master password input in browser for admin password reset
* [AC-1070] Remove clientside user verification
* [AC-1070] Update temp password web component to use CL
- Use CL for form inputs in the Web component template
- Remove most of the bootstrap classes in the Web component template
- Use userVerificationService to build the password request
- Remove redundant current master password null check
* [AC-1070] Replace repeated user inputs email parsing helpers
- Update passwordStrength() method to accept an optional email argument that will be parsed into separate user inputs for use with zxcvbn
- Remove all other repeated getUserInput helper methods that parsed user emails and use the new passwordStrength signature
* [AC-1070] Fix broken login command after forcePasswordReset enum refactor
* [AC-1070] Reduce side effects in base login strategy
- Remove masterPasswordPolicy property from base login.strategy.ts
- Include an IdentityResponse in base startLogin() in addition to AuthResult
- Use the new IdentityResponse to parse the master password policy info only in the PasswordLoginStrategy
* [AC-1070] Cleanup password login strategy tests
* [AC-1070] Remove unused field
* [AC-1070] Strongly type postAccountVerifyPassword API service method
- Remove redundant verify master password response
- Use MasterPasswordPolicyResponse instead
* [AC-1070] Use ForceResetPassword.None during account switch check
* [AC-1070] Fix check for forcePasswordReset reason after addition of None
* [AC-1070] Redirect a user home if on the update temp password page without a reason
* [AC-1070] Use bit-select and bit-option
* [AC-1070] Reduce explicit form control definitions for readability
* [AC-1070] Import SelectModule in Shared web module
* [AC-1070] Add check for missing 'at' symbol
* [AC-1070] Remove redundant unpacking and null coalescing
* [AC-1070] Update passwordStrength signature and add jsdocs
* [AC-1070] Remove variable abbreviation
* [AC-1070] Restore Id attributes on form inputs
* [AC-1070] Clarify input value min/max error messages
* [AC-1070] Add input min/max value example to storybook
* [AC-1070] Add missing spinner to update temp password form
* [AC-1070] Add missing ids to form elements
* [AC-1070] Remove duplicate force sync and update comment
* [AC-1070] Switch backticks to quotation marks
---------
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* [AC-431] Add new organization invite process (#4841)
* [AC-431] Added properties 'key' and 'keys' to OrganizationUserAcceptRequest
* [AC-431] On organization accept added check for 'initOrganization' flag and send encrypt keys if true
* [AC-431] Reverted changes on AcceptOrganizationComponent and OrganizationUserAcceptRequest
* [AC-431] Created OrganizationUserAcceptInitRequest
* [AC-431] Added method postOrganizationUserAcceptInit to OrganizationUserService
* [AC-431] Created AcceptInitOrganizationComponent and added routing config. Added 'inviteInitAcceptedDesc' to messages
* [AC-431] Remove blank line
* [AC-431] Remove requirement for logging in again
* [AC-431] Removed accept-init-organization.component.html
* Update libs/common/src/abstractions/organization-user/organization-user.service.ts
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* [AC-431] Sending collection name when initializing an org
* [AC-431] Deleted component accept-init-organization and incorporated logic into accept-organization
* Update libs/common/src/abstractions/organization-user/organization-user.service.ts
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* [AC-431] Returning promise chains
* [AC-431] Moved ReAuth check to org accept only
* [AC-431] Fixed import issues
---------
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* [AC-434] Hide billing screen for reseller clients (#4955)
* [AC-434] Retrieving ProviderType for each Org
* [AC-434] Hide subscription details if user cannot manage billing
* [AC-434] Renamed providerType to provider-type
* [AC-434] Reverted change that showed Billing History and Payment Methods tabs
* [AC-434] Hiding Secrets Manager enroll
* [AC-434] Renamed Billing access variables to be more readable
* Apply suggestions from code review
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* [AC-434] Reduce duplication in permission code
* [AC-434] npm prettier
* [AC-434] Changed selfhost subscription permission
* [AC-434] Added canEditSubscription check for change plan buttons
* [AC-434] Removed message displaying provider name in subscription
* [AC-434] canEditSubscription logic depends on canViewSubscription
* [AC-434] Hiding next charge value for users without billing edit permission
* [AC-434] Changed canViewSubscription and canEditSubscription to be clearer
* [AC-434] Altered BillingSubscriptionItemResponse.amount and BillingSubscriptionUpcomingInvoiceResponse.amount to nullable
* [AC-434] Reverted change on BillingSubscriptionItemResponse.amount
---------
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* Updated IsPaidOrgGuard reference from org.CanManageBilling to canEditSubscription
---------
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
