* add explicit checks and change remove listener to any in order to match add listener and chrome api
* address feedback
* when requestInitiator is falsy but active auto submit exists, cleanup should still occur
* add documentation to remove listener
* update message from vault handling to check against accounts or message sender
* update valid vault referrer logic to check all configured environments
* session key retrieval redesign for the local backed session storage
* typo
* incorrect substring
* get cache edge cases incorrectly handling to null values after removal
* test coverage
* internal `SessionKeyResolveService`
* dirt: migrate apps/web components to new control flow
* dirt: update control flow bitwarden licensed code
* consolidate @if statements, use @else where appropriate
* more cleanup
* consolidate conditionals
* remove unnecessary conditional
* Remove `ts-strict-ignore` from fido2 page
* Update typing issue
* Fix AssertCredentialResult type issue
* Remove non null assertions and add type guard
* Addresses topWindow non null assertion
* remove redundant check and remove ts strict from messenger
---------
Co-authored-by: Jonathan Prusik <jprusik@users.noreply.github.com>
Co-authored-by: Daniel Riera <driera@livefront.com>
- Renamed `activateAutofill` to `activateAutofillPolicy` in the policy order map and component.
- Updated corresponding translation keys in `messages.json` for consistency.
- Adjusted warning message in the `activate-autofill.component.html` to reflect the new naming convention.
* Refactor policy edit registration to centralize ownership and improve organization. Reordered policies for clarity and added new policies for enhanced functionality.
* Add PolicyOrderPipe for sorting policies and update policies component to utilize it
* Add organizationDataOwnership to POLICY_ORDER_MAP for policy sorting
* Fix PR comments
* Update domain status message from "Under verification" to "Pending" in localization and adjust corresponding template reference
* Update domain status message from "Under verification" to "Pending" in the admin console template
* Add domain verification instructions to the admin console dialog
Enhanced the domain add/edit dialog by including detailed instructions for the automatic domain claim process when the domain is not verified. Removed the previous callout component for a more streamlined user experience.
* Add new localization messages for automatic domain claim process
Included detailed instructions for the automatic domain claim process, covering the steps for claiming a domain, account ownership change, and consequences of unclaimed domains. This enhances user guidance during domain management.
* Refactor automatic domain claim process localization messages
Updated localization keys for the automatic domain claim process to improve clarity and consistency. Removed redundant messages and streamlined the instructions displayed in the admin console dialog for better user experience.
* Fixes typo in messages.json from auto-fill to autofill to match company preference
* Strings have to be immutable as learned from Brandon. Trying to delete old key-value pair to see if that's possible
* Fix my typo
* [PM-28079] Add attributes to filter for the mutationObserver
* Update attributes based on Claude suggestions
* Updated remaining attributes
* Adjust placeholder check in `updateAutofillFieldElementData`
* Update ordering of constants and add comment
* Remove `tagName` and `value` from mutation logic
* Add new autocomplete and aria attributes to `updateActions`
* Fix autocomplete handlers
* Fix broken test for `updateAttributes`
* Order attributes for readability in `updateActions`
* Fix tests
---------
Co-authored-by: Jonathan Prusik <jprusik@users.noreply.github.com>
* Initial changes to look at phishing indexeddb service and removal of obsolete compression code
* Convert background update to rxjs format and trigger via subject. Update test cases
* Added addUrls function to use instead of saveUrls so appending daily does not clear all urls
* Added debug logs to phishing-indexeddb service
* Added a fallback url when downloading phishing url list
* Remove obsolete comments
* Fix testUrl default, false scenario and test cases
* Add default return on isPhishingWebAddress
* Added log statement
* Change hostname to href in hasUrl check
* Save fallback response
* Fix matching subpaths in links. Update test cases
* Fix meta data updates storing last checked instead of last updated
* Update QA phishing url to be normalized
* Filter web addresses
* Return previous meta to keep subscription alive
* Change indexeddb lookup from loading all to cursor search
* fix(phishing): improve performance and fix URL matching in phishing detection
Problem:
The cursor-based search takes ~25 seconds to scan the entire phishing database.
For non-phishing URLs (99% of cases), this full scan runs to completion every time.
Before these fixes, opening a new tab triggered this sequence:
1. chrome://newtab/ fires a phishing check
2. Sequential concatMap blocks while cursor scans all 500k+ URLs (~25 sec)
3. User pastes actual URL and hits enter
4. That URL's check waits in queue behind the chrome:// check
5. Total delay: ~50+ seconds for a simple "open tab, paste link" workflow
Even for legitimate phishing checks, the cursor search could take up to 25 seconds
per URL when the fast hasUrl lookup misses due to trailing slash mismatches.
Changes:
phishing-data.service.ts:
- Add protocol filter to early-return for non-http(s) URLs, avoiding
expensive IndexedDB operations for chrome://, about:, file:// URLs
- Add trailing slash normalization for hasUrl lookup - browsers add
trailing slashes but DB entries may not have them, causing O(1) lookups
to miss and fall back to O(n) cursor search unnecessarily
- Add debug logging for hasUrl checks and timing metrics for cursor-based
search to aid performance debugging
phishing-detection.service.ts:
- Replace concatMap with mergeMap for parallel tab processing - each tab
check now runs independently instead of sequentially
- Add concurrency limit of 5 to prevent overwhelming IndexedDB while still
allowing parallel execution
Result:
- New tabs are instant (no IndexedDB calls for non-web URLs)
- One slow phishing check doesn't block other tabs
- Common URL patterns hit the fast O(1) path instead of O(n) cursor scan
* performance debug logs
* disable custom match because too slow
* spec fix
---------
Co-authored-by: Alex <adewitt@bitwarden.com>
* don't use filename for download attachment label
* fix scroll position in browser vault
* Revert "fix scroll position in browser vault"
This reverts commit 8e415f2c89.
* fix test
* Migrate create and edit operations to use SDK for ciphers
* WIP: Adds admin call to edit ciphers with SDK
* Add client version to SDK intialization settings
* Remove console.log statements
* Adds originalCipherId and collectionIds to updateCipher
* Update tests for new cipehrService interfaces
* Rename SdkCipherOperations feature flag
* Add call to Admin edit SDK if flag is passed
* Add tests for SDK path
* Revert changes to .npmrc
* Remove outdated comments
* Fix feature flag name
* Fix UUID format in cipher.service.spec.ts
* Update calls to cipherService.updateWithServer and .createWithServer to new interface
* Update CLI and Desktop to use new cipherSErvice interfaces
* Fix tests for new cipherService interface change
* Bump sdk-internal and commercial-sdk-internal versions to 0.2.0-main.439
* Fix linting errors
* Fix typescript errors impacted by this chnage
* Fix caching issue on browser extension when using SDK cipher ops.
* Remove commented code
* Fix bug causing race condition due to not consuming / awaiting observable.
* Add missing 'await' to decrypt call
* Clean up unnecessary else statements and fix function naming
* Add comments for this.clearCache
* Add tests for SDK CipherView conversion functions
* Replace sdkservice with cipher-sdk.service
* Fix import issues in browser
* Fix import issues in cli
* Fix type issues
* Fix type issues
* Fix type issues
* Fix test that fails sporadically due to timing issue
* Initial changes to look at phishing indexeddb service and removal of obsolete compression code
* Convert background update to rxjs format and trigger via subject. Update test cases
* Added addUrls function to use instead of saveUrls so appending daily does not clear all urls
* Added debug logs to phishing-indexeddb service
* Added a fallback url when downloading phishing url list
* Remove obsolete comments
* Fix testUrl default, false scenario and test cases
* Add default return on isPhishingWebAddress
* Added log statement
* Change hostname to href in hasUrl check
* Save fallback response
* Fix matching subpaths in links. Update test cases
* Fix meta data updates storing last checked instead of last updated
* Update QA phishing url to be normalized
* Filter web addresses
* Return previous meta to keep subscription alive
