If a user is part of an org that has the `RequireSso` policy, when that user successfully logs in we add their email to a local `ssoRequiredCache` on their device. The next time this user goes to the `/login` screen on this device, we will use that cache to determine that for this email we should only show the "Use single sign-on" button and disable the alternate login buttons.
These changes are behind the flag: `PM22110_DisableAlternateLoginMethods`
* [PM-19237] Add Archive Filter Type (#13852)
* Browser can archive and unarchive items
* Create Archive Cipher Service
* Add flag and premium permissions to Archive
---------
Co-authored-by: SmithThe4th <gsmith@bitwarden.com>
Co-authored-by: Shane <smelton@bitwarden.com>
Co-authored-by: Patrick Pimentel <ppimentel@bitwarden.com>
* encode username for uri and add spec
* verify response from getHibpBreach method
* test/validate for BreachAccountResponse type and length instead of mock response
* - extract dirt api method out of global api service
- create new directory structure
- change imports accordingly
- extract breach account response
- put extracted code into new dirt dir
* codeowners and dep injection for new hibp service
* Add PhishingDetectionService
* Add a tab listener.
* Get the known phishing domain from the server
* Get the known phishing domain from the server
* Add phishing detection content script.
* Revert "Add phishing detection content script."
This reverts commit ce64d3435a.
* Fix conflicts
* Add build configs.
* Decouple the phishing detection content script logic from the rest of the app.
* move the call to background
* Add communication between the content script and background service.
* Update code to use Log service.
* Resolve conflict
* Add changes for phishing domain report
* Fix initializer order issue.
* Fix domain error.
* Account for no responses.
* Add exit functionality for onclick.
* Wrapped phishing detection feature behind feature flag (#13915)
* push changes for alert
* Removed browser logic for checking feature flag
* move the alert as dialog
* Add functionality to navigate back in history.
* [PM-19814] Add redirect to warning page when a phishing domain is detected.
* [PM-19814] Add the phishing warning page to the Angular popup.
* [PM-19814] Add functionality to display phishing host.
* [PM-19814] Add exit button and learn more link.
* [PM-19814] Add phishing detection feature flag.
* [PM-19814] Move phishing service to phishing directory
* [PM-19814] Add UI to display phishing URL.
* [PM-19814] Disable the URL input and populate it with the phishing URL.
* [PM-19814] Add phishing icon
* [PM-19814] Temporarily remove phishing reporting feature. It can be released separately in another ticket.
* [PM-19814] Clean up
* [PM-19814] Add types to the handlers.
* [PM-19814] Remove logic for handling authentication since the endpoint will be unauthenticated.
* [PM-19814] Fixed as many type issues as possible; added @ts-strict-ignore to the remaining ones.
* [PM-19814] Fix race condition in feature flag check.
* [PM-19814] Update wording for the marketing request.
* [PM-19814] Move phishing detection check from content script to webRequest.onCompleted listener.
* [PM-19814] Use webNavigation.onCompleted for redirect to ensure that the redirect only happens when they land on the page.
* [PM-19814] Remove unused code.
* [PM-19814] Fix merge conflict and update text based on product owner’s request
* [PM-19814] Fix merge conflict
* [PM-19814] Update text
* Resolve the message catalog entries
* Update file for consistent import and exports
* Update imports
* Update another import for BrowserPopupUtils
* Update the rest of the imports for BrowserPopupUtils
* Updates messages
* Rename files
* Current phishing block changes
* Use globalthis for chrome
* Add types file
* Update browser api to include tab navigation and close tab functions
* Update phishing detection to track multiple tabs and not trust info from content script
* Change chrome to browser.
* Fixed phishing detection checking previous url instead of current on navigation. Updated def flag for testing urls.
* Move phishing icon
* Fix chrome specific issues. Add comments to where BrowserApi should be used
* Fix command errors. Typecheck messages. Added guard for phishing detection messages
* Use concat map instead of merge map
* Unformat webfonts.scss file
* Fix lint and import errors
* Move phishing blocker files to dirt folder
* Rename background folder to services
* Add code ownership for phishing blocker
* Update text to use locales on phishing blocker learn more page
* Change navigation from using webapi to browser on updated event for safari support
* Update icon usage
* Fix type issues and add test file
* Fix linting error in test
---------
Co-authored-by: Jimmy Vo <huynhmaivo82@gmail.com>
Co-authored-by: Cy Okeke <cokeke@bitwarden.com>
Co-authored-by: Conner Turnbull <133619638+cturnbull-bitwarden@users.noreply.github.com>
Co-authored-by: Conner Turnbull <cturnbull@bitwarden.com>
Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
Co-authored-by: Tom <144813356+ttalty@users.noreply.github.com>
* Require userId for KdfConfigService
* cleanup KdfConfigService unit tests
* Move required userId for export request up to component/command level
* Fix service creation/dependency injection
* Revert changes to kdf-config.service.spec cause by a bad rebase
* Fix linting issue
* Fix tests caused by bad rebase
* Validate provided userId to equal the current active user
* Create tests for vault-export.service
Deleted old tests which since have been replaced with individual-vault-export.service.spec.ts
---------
Co-authored-by: Thomas Avery <tavery@bitwarden.com>
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
On the Browser Extension, Toast notifications were appearing behind open Dialog components, making the toast unreadable to users. This PR removes `position: absolute;` and `z-index: 980;` from the Extension's `app-root`. This makes Toasts part of the same stacking context as Dialogs, and thus allows Toasts to always appear above Dialogs.
* Introduce a new vault-export-api.service to replace the existing getOrganizationExport method in apiService
* Use new vault-export-api.service instead of the ApiService to retrieve organizational export data
* Remove unused method from apiService
* Register VaultExportApiService on browser
* Fxi linting issue by executing `npm run prettier`
* Rename abstraction and implementation of VaultExportApiService
* Use undefined instead of null
* Rename file of default impl of vault-export-api-service
* Fix test broken with 1bcdd80eea
* Define type for exportPromises
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* PM-25075 wip parking work
* remove flag from enums and add fade out
* fix tests
* remove flags from enum file after merge conflict re introduced
* remove dead code paths
* change naming back to bgUnlockPopoutOpened
* PM-25471 WIP removed onlyVisible logic in order to always default to visible fields only and not fill hidden fields
* collect page details on autofill for inline menu
This change eliminates the circular dependency between messaging and messaging-internal libraries by merging them into a single messaging library.
Previously, messaging-internal imported from @bitwarden/messaging while messaging tried to import from @bitwarden/messaging-internal, creating an unresolvable circular dependency. This also violated Nx best practices by using cross-library file includes in tsconfig.lib.json.
Changes made:
- Moved all messaging-internal code (SubjectMessageSender, helpers, tests) into libs/messaging/src/
- Updated all imports to use relative paths instead of @bitwarden/messaging imports
- Removed the entire messaging-internal library and its configuration files
- Updated external references in apps/browser to import from @bitwarden/messaging
- Fixed libs/messaging/tsconfig.lib.json to use standard src/**/*.ts pattern
- Updated libs/common internal.ts to re-export from messaging instead of messaging-internal
The messaging library now exports both public APIs and internal implementations, which is a cleaner architecture than maintaining two separate libraries with circular dependencies.
Fixes rootDir configuration issues identified in the Nx library systematic fix project.
* PM-24657 - exclude backup fields from totp qualifiers and autofill
* add tests for htmlID and htmlName for backup code exclusion
* add comments to justify tel addition
* Update apps/browser/src/autofill/services/autofill.service.ts
Co-authored-by: Jonathan Prusik <jprusik@users.noreply.github.com>
* update constant name to match recovery codes
---------
Co-authored-by: Jonathan Prusik <jprusik@users.noreply.github.com>
* Removes overprotective check, signal fn intent, ensure proper scope of callback.
* Lets shadow DOM check be called dyanmically; triggers page detail update.
* Restores behavior of using static value to reduce calls to shadow query.
* Restores check page contains shadow DOM on init.
* feat(notification-processing): [PM-19877] System Notification Implementation - Implemented the full feature set for device approval from extension.
* test(notification-processing): [PM-19877] System Notification Implementation - Updated tests.
---------
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* wip
* feat: refactor how we react to tab changes
* feat: always begin me emitting all active tabs
* feat: only calculate autofill for active tabs
* fix: bug not properly listening to reloads
* wip
* fix: clean up
* fix: clean up
