* PM-3287 - Remove resetMasterPassword from authResult and identityTokenResponse and replace with userDecryptionOptions where relevant
* PM-3287 - (1) Move SSO code to SSO section (2) Update error scenario conditional + log user out upon error.
* PM-3287 - Fix comment per PR feedback
* PM-3287 - CLI Login with SSO - move MP validation logic back to original location to avoid putting it before 2FA rejection handling.
* PM-3287 - Update returns
* feat: add Identity Sso Required Response type as possible response from token endpoint.
* feat: consume sso organization identifier to redirect user
* feat: add get requiresSso to AuthResult for more ergonomic code.
* feat: sso-redirect on sso-required for CLI and Desktop
* chore: fixing type errors
* test: fix and add tests for new sso method
* docs: fix misspelling
* fix: get email from AuthResult instead of the FormGroup
* fix:claude: when email is not available for SSO login show error toast.
* fix:claude: add null safety check
* Implement automatic kdf upgrades
* Fix kdf config not being updated
* Update legacy kdf state on master password unlock sync
* Fix cli build
* Fix
* Deduplicate prompts
* Fix dismiss time
* Fix default kdf setting
* Fix build
* Undo changes
* Fix test
* Fix prettier
* Fix test
* Update libs/angular/src/key-management/encrypted-migration/encrypted-migrations-scheduler.service.ts
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Update libs/common/src/key-management/master-password/abstractions/master-password.service.abstraction.ts
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Update libs/angular/src/key-management/encrypted-migration/encrypted-migrations-scheduler.service.ts
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Only sync when there is at least one migration
* Relative imports
* Add tech debt comment
* Resolve inconsistent prefix
* Clean up
* Update docs
* Use default PBKDF2 iteratinos instead of custom threshold
* Undo type check
* Fix build
* Add comment
* Cleanup
* Cleanup
* Address component feedback
* Use isnullorwhitespace
* Fix tests
* Allow migration only on vault
* Fix tests
* Run prettier
* Fix tests
* Prevent await race condition
* Fix min and default values in kdf migration
* Run sync only when a migration was run
* Update libs/common/src/key-management/encrypted-migrator/default-encrypted-migrator.ts
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* Fix link not being blue
* Fix later button on browser
---------
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
* fix(auth-tech-debt): [PM-24103] Remove Get User Key to UserKey$ - Fixed and updated tests.
* fix(auth-tech-debt): [PM-24103] Remove Get User Key to UserKey$ - Fixed test variable being made more vague.
* feat(two-factor-api-service) [PM-26465]: Add TwoFactorApiServiceAbstraction.
* feat(two-factor-api-service) [PM-26465]: Add TwoFactorApiService implementation.
* feat(two-factor-api-service) [PM-26465]: Add test suite for TwoFactorApiService.
* feat(two-factor-api-service) [PM-26465]: Replace ApiService dependencies with TwoFactorApiService for all refactored methods.
* feat(two-factor-api-service) [PM-26465]: Finish removal of Two-Factor API methods from ApiService.
* fix(two-factor-api-service) [PM-26465]: Correct endpoint spelling.
* feat(two-factor-api-service) [PM-26465]: Update dependency support for CLI.
* fix(two-factor-api-service) [PM-26465]: Update tests/deps for corrected spelling.
* feat(two-factor-api-service) [PM-26465]: Add TwoFactorApiService to Browser services module.
* fix(two-factor-api-service) [PM-26465]: Re-spell dependencies to take *Abstraction throughout, move to JslibServices module for cleaner importing across clients.
* feat(two-factor-api-service) [PM-26465]: Move new services to a feature area, rename abstract and concrete/default.
* feat(two-factor-api-service) [PM-26465]: Move the feature area to common/auth, not auth/common.
* feat(two-factor-api-service) [PM-26465]: Remove now-unneeded include from auth/tsconfig.
* Passed in userId on RemovePasswordComponent.
* Added userId on other references to KeyConnectorService methods
* remove password component refactor, test coverage, enabled strict
* explicit user id provided to key connector service
* redirect to / instead when user not logged in or not managing organization
* key connector service explicit user id
* key connector service no longer requires account service
* key connector service missing null type
* cli convert to key connector unit tests
* remove unnecessary SyncService
* error toast not showing on ErrorResponse
* bad import due to merge conflict
* bad import due to merge conflict
* missing loading in remove password component for browser extension
* error handling in remove password component
* organization observable race condition in key-connector
* usesKeyConnector always returns boolean
* unit test coverage
* key connector reactive
* reactive key connector service
* introducing convertAccountRequired$
* cli build fix
* moving message sending side effect to sync
* key connector service unit tests
* fix unit tests
* move key connector components to KM team ownership
* new unit tests in wrong place
* key connector domain shown in remove password component
* type safety improvements
* convert to key connector command localization
* key connector domain in convert to key connector command
* convert to key connector command unit tests with prompt assert
* organization name placement change in the remove password component
* unit test update
* show key connector domain for new sso users
* confirm key connector domain page does not require auth guard
* confirm key connector domain page showing correctly
* key connector url required to be provided when migrating user
* missing locales
* desktop styling
* have to sync and navigate to vault after key connector keys exchange
* logging verbosity
* splitting the web client
* splitting the browser client
* cleanup
* splitting the desktop client
* cleanup
* cleanup
* not necessary if condition
* key connector domain tests fix for sso componrnt and login strategy
* confirm key connector domain base component unit tests coverage
* confirm key connector domain command for cli
* confirm key connector domain command for cli unit tests
* design adjustments
removed repeated text, vertical buttons on desktop, wrong paddings on browser extension
* key connector service unit test coverage
* new linting rules fixes
* accept invitation to organization called twice results in error.
Web vault remembers it's original route destination, which we do not want in case of accepting invitation and Key Connector, since provisioning new user through SSO and Key Connector, the user is already accepted.
* moved required key connector domain confirmation into state
* revert redirect from auth guard
* cleanup
* sso-login.strategy unit test failing
* two-factor-auth.component unit test failing
* two-factor-auth.component unit test coverage
* cli unit test failing
* removal of redundant logs
* removal of un-necessary new lines
* consolidated component
* consolidated component css cleanup
* use KdfConfig type
* consolidate KDF into KdfConfig type in identity token response
* moving KC requiresDomainConfirmation lower in order, after successful auth
* simplification of trySetUserKeyWithMasterKey
* redirect to confirm key connector route when locked but can't unlock yet
---------
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
fix: fetching a refresh token on a full sync during api key login on cli caused rate limit issues. we no longer fetch a refresh token on login since we shouldn't need it.
* Passed in userId on RemovePasswordComponent.
* Added userId on other references to KeyConnectorService methods
* remove password component refactor, test coverage, enabled strict
* explicit user id provided to key connector service
* redirect to / instead when user not logged in or not managing organization
* key connector service explicit user id
* key connector service no longer requires account service
* key connector service missing null type
* cli convert to key connector unit tests
* remove unnecessary SyncService
* error toast not showing on ErrorResponse
* bad import due to merge conflict
* bad import due to merge conflict
* missing loading in remove password component for browser extension
* error handling in remove password component
* organization observable race condition in key-connector
* usesKeyConnector always returns boolean
* unit test coverage
* key connector reactive
* reactive key connector service
* introducing convertAccountRequired$
* cli build fix
* moving message sending side effect to sync
* key connector service unit tests
* fix unit tests
* move key connector components to KM team ownership
* new unit tests in wrong place
* key connector domain shown in remove password component
* type safety improvements
* convert to key connector command localization
* key connector domain in convert to key connector command
* convert to key connector command unit tests with prompt assert
* organization name placement change in the remove password component
* unit test update
* key connector url required to be provided when migrating user
* unit tests in wrong place after KM code ownership move
* infinite page reload
* failing unit tests
* failing unit tests
---------
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
* Passed in userId on RemovePasswordComponent.
* Added userId on other references to KeyConnectorService methods
* remove password component refactor, test coverage, enabled strict
* explicit user id provided to key connector service
* redirect to / instead when user not logged in or not managing organization
* key connector service explicit user id
* key connector service no longer requires account service
* key connector service missing null type
* cli convert to key connector unit tests
* remove unnecessary SyncService
* error toast not showing on ErrorResponse
* bad import due to merge conflict
* bad import due to merge conflict
* missing loading in remove password component for browser extension
* error handling in remove password component
* organization observable race condition in key-connector
* usesKeyConnector always returns boolean
* unit test coverage
* key connector reactive
* reactive key connector service
* introducing convertAccountRequired$
* cli build fix
* moving message sending side effect to sync
* key connector service unit tests
* fix unit tests
* unit tests in wrong place after KM code ownership move
* infinite page reload
* failing unit tests
* failing unit tests
---------
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
* Add --identifier option for SSO on CLI
* Add option for identifier
* Moved auto-submit after the setting of client arguments
* Adjusted comment
* Changed to pass in as SSO option
* Renamed to orgSsoIdentifier for clarity
* Added more changes to orgSsoIdentifier.
* Consolidates component routing, removing routing to update-temp-password from components. All routing to update-temp-password should happen in the AuthGuard now.
---------
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
* move vault timeout and vault timeout settings to km
* move browser vault timeout service to km
* fix cli import
* fix imports
* fix some relative imports
* use relative imports within common
* fix imports
* fix new imports
* Fix new imports
* fix spec imports
* Moved saving of SSO email outside of browser/desktop code
* Clarified comments.
* Tests
* Refactored login component services to manage state
* Fixed input on login component
* Fixed tests
* Linting
* Moved web setting in state into web override
* updated tests
* Fixed typing.
* Fixed type safety issues.
* Added comments and renamed for clarity.
* Removed method parameters that weren't used
* Added clarifying comments
* Added more comments.
* Removed test that is not necessary on base
* Test cleanup
* More comments.
* Linting
* Fixed test.
* Fixed base URL
* Fixed typechecking.
* Type checking
* Moved setting of email state to default service
* Added comments.
* Consolidated SSO URL formatting
* Updated comment
* Fixed reference.
* Fixed missing parameter.
* Initialized service.
* Added comments
* Added initialization of new service
* Made email optional due to CLI.
* Fixed comment on handleSsoClick.
* Added SSO email persistence to v1 component.
---------
Co-authored-by: Bernd Schoolmann <mail@quexten.com>
* [deps] SM: Update typescript-eslint monorepo to v8
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Hinton <hinton@users.noreply.github.com>
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* Use typescript-strict-plugin to iteratively turn on strict
* Add strict testing to pipeline
Can be executed locally through either `npm run test:types` for full type checking including spec files, or `npx tsc-strict` for only tsconfig.json included files.
* turn on strict for scripts directory
* Use plugin for all tsconfigs in monorepo
vscode is capable of executing tsc with plugins, but uses the most relevant tsconfig to do so. If the plugin is not a part of that config, it is skipped and developers get no feedback of strict compile time issues. These updates remedy that at the cost of slightly more complex removal of the plugin when the time comes.
* remove plugin from configs that extend one that already has it
* Update workspace settings to honor strict plugin
* Apply strict-plugin to native message test runner
* Update vscode workspace to use root tsc version
* `./node_modules/.bin/update-strict-comments` 🤖
This is a one-time operation. All future files should adhere to strict type checking.
* Add fixme to `ts-strict-ignore` comments
* `update-strict-comments` 🤖
repeated for new merge files
* Require userId for setting masterKeyEncryptedUserKey
* Replace folders for specified user
* Require userId for collection replace
* Cipher Replace requires userId
* Require UserId to update equivalent domains
* Require userId for policy replace
* sync state updates between fake state for better testing
* Revert to public observable tests
Since they now sync, we can test single-user updates impacting active user observables
* Do not init fake states through sync
Do not sync initial null values, that might wipe out already existing data.
* Require userId for Send replace
* Include userId for organization replace
* Require userId for billing sync data
* Require user Id for key connector sync data
* Allow decode of token by userId
* Require userId for synced key connector updates
* Add userId to policy setting during organization invite accept
* Fix cli
* Handle null userId
---------
Co-authored-by: bnagawiecki <107435978+bnagawiecki@users.noreply.github.com>
* Updated all sets of user key to pass in userId
* Added userId on auth request login.
* Fixed tests.
* Fixed tests to pass in UserId
* Added parameter to tests.
* Addressed PR feedback.
* Merged main
* move pinKeyEncryptedUserKey
* move pinKeyEncryptedUserKeyEphemeral
* remove comments, move docs
* cleanup
* use UserKeyDefinition
* refactor methods
* add migration
* fix browser dependency
* add tests for migration
* rename to pinService
* move state to PinService
* add PinService dep to CryptoService
* move protectedPin to state provider
* update service deps
* renaming
* move decryptUserKeyWithPin to pinService
* update service injection
* move more methods our of crypto service
* remove CryptoService dep from PinService and update service injection
* remove cryptoService reference
* add method to FakeMasterPasswordService
* fix circular dependency
* fix desktop service injection
* update browser dependencies
* add protectedPin to migrations
* move storePinKey to pinService
* update and clarify documentation
* more jsdoc updates
* update import paths
* refactor isPinLockSet method
* update state definitions
* initialize service before injecting into other services
* initialize service before injecting into other services (bw.ts)
* update clearOn and do additional cleanup
* clarify docs and naming
* assign abstract & private methods, add clarity to decryptAndMigrateOldPinKeyEncryptedMasterKey() method
* derived state (attempt)
* fix typos
* use accountService to get active user email
* use constant userId
* add derived state
* add get and clear for oldPinKeyEncryptedMasterKey
* require userId
* move pinProtected
* add clear methods
* remove pinProtected from account.ts and replace methods
* add methods to create and store pinKeyEncryptedUserKey
* add pinProtected/oldPinKeyEncrypterMasterKey to migration
* update migration tests
* update migration rollback tests
* update to systemService and decryptAndMigrate... method
* remove old test
* increase length of state definition name to meet test requirements
* rename 'TRANSIENT' to 'EPHEMERAL' for consistency
* fix tests for login strategies, vault-export, and fake MP service
* more updates to login-strategy tests
* write new tests for core pinKeyEncrypterUserKey methods and isPinSet
* write new tests for pinProtected and oldPinKeyEncryptedMasterKey methods
* minor test reformatting
* update test for decryptUserKeyWithPin()
* fix bug with oldPinKeyEncryptedMasterKey
* fix tests for vault-timeout-settings.service
* fix bitwarden-password-protected-importer test
* fix login strategy tests and auth-request.service test
* update pinService tests
* fix crypto service tests
* add jsdoc
* fix test file import
* update jsdocs for decryptAndMigrateOldPinKeyEncryptedMasterKey()
* update error messages and jsdocs
* add null checks, move userId retrievals
* update migration tests
* update stateService calls to require userId
* update test for decryptUserKeyWithPin()
* update oldPinKeyEncryptedMasterKey migration tests
* more test updates
* fix factory import
* update tests for isPinSet() and createProtectedPin()
* add test for makePinKey()
* add test for createPinKeyEncryptedUserKey()
* add tests for getPinLockType()
* consolidate userId verification tests
* add tests for storePinKeyEncryptedUserKey()
* fix service dep
* get email based on userId
* use MasterPasswordService instead of internal
* rename protectedPin to userKeyEncryptedPin
* rename to pinKeyEncryptedUserKeyPersistent
* update method params
* fix CryptoService tests
* jsdoc update
* use EncString for userKeyEncryptedPin
* remove comment
* use cryptoFunctionService.compareFast()
* update tests
* cleanup, remove comments
* resolve merge conflict
* fix DI of MasterPasswordService
* more DI fixes
* remove 2fa from main.background
* remove login strategy service from main.background
* move 2fa and login strategy service to popup, init in browser
* add state providers to 2fa service
- add deserializer helpers
* use key definitions for global state
* fix calls to 2fa service
* remove extra await
* add delay to wait for active account emission in popup
* add and fix tests
* fix cli
* really fix cli
* remove timeout and wait for active account
* verify expected user is active account
* fix tests
* address feedback
* create mp and kdf service
* update mp service interface to not rely on active user
* rename observable methods
* update crypto service with new MP service
* add master password service to login strategies
- make fake service for easier testing
- fix crypto service tests
* update auth service and finish strategies
* auth request refactors
* more service refactors and constructor updates
* setMasterKey refactors
* remove master key methods from crypto service
* remove master key and hash from state service
* missed fixes
* create migrations and fix references
* fix master key imports
* default force set password reason to none
* add password reset reason observable factory to service
* remove kdf changes and migrate only disk data
* update migration number
* fix sync service deps
* use disk for force set password state
* fix desktop migration
* fix sso test
* fix tests
* fix more tests
* fix even more tests
* fix even more tests
* fix cli
* remove kdf service abstraction
* add missing deps for browser
* fix merge conflicts
* clear reset password reason on lock or logout
* fix tests
* fix other tests
* add jsdocs to abstraction
* use state provider in crypto service
* inverse master password service factory
* add clearOn to master password service
* add parameter validation to master password service
* add component level userId
* add missed userId
* migrate key hash
* fix login strategy service
* delete crypto master key from account
* migrate master key encrypted user key
* rename key hash to master key hash
* use mp service for getMasterKeyEncryptedUserKey
* fix tests
* fix user key decryption logic
* add clear methods to mp service
* fix circular dep and encryption issue
* fix test
* remove extra account service call
* use EncString in state provider
* fix tests
* return to using encrypted string for serialization
* create mp and kdf service
* update mp service interface to not rely on active user
* rename observable methods
* update crypto service with new MP service
* add master password service to login strategies
- make fake service for easier testing
- fix crypto service tests
* update auth service and finish strategies
* auth request refactors
* more service refactors and constructor updates
* setMasterKey refactors
* remove master key methods from crypto service
* remove master key and hash from state service
* missed fixes
* create migrations and fix references
* fix master key imports
* default force set password reason to none
* add password reset reason observable factory to service
* remove kdf changes and migrate only disk data
* update migration number
* fix sync service deps
* use disk for force set password state
* fix desktop migration
* fix sso test
* fix tests
* fix more tests
* fix even more tests
* fix even more tests
* fix cli
* remove kdf service abstraction
* add missing deps for browser
* fix merge conflicts
* clear reset password reason on lock or logout
* fix tests
* fix other tests
* add jsdocs to abstraction
* use state provider in crypto service
* inverse master password service factory
* add clearOn to master password service
* add parameter validation to master password service
* add component level userId
* add missed userId
* migrate key hash
* fix login strategy service
* delete crypto master key from account
* migrate master key encrypted user key
* rename key hash to master key hash
* use mp service for getMasterKeyEncryptedUserKey
* fix tests
Refactor environment service to emit a single observable. This required significant changes to how the environment service behaves and tackles much of the tech debt planned for it.
