wip

* [deps]: Update typescript to v5.9.3

* Updated return types.

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.claude/CLAUDE.md

@@ -0,0 +1,203 @@
+# Bitwarden Directory Connector
+
+## Project Overview
+
+Directory Connector is a TypeScript application that synchronizes users and groups from directory services to Bitwarden organizations. It provides both a desktop GUI (built with Angular and Electron) and a CLI tool (bwdc).
+
+**Supported Directory Services:**
+
+- LDAP (Lightweight Directory Access Protocol) - includes Active Directory and general LDAP servers
+- Microsoft Entra ID (formerly Azure Active Directory)
+- Google Workspace
+- Okta
+- OneLogin
+
+**Technologies:**
+
+- TypeScript
+- Angular (GUI)
+- Electron (Desktop wrapper)
+- Node
+- Jest for testing
+
+## Code Architecture & Structure
+
+### Directory Organization
+
+```
+src/
+├── abstractions/       # Interface definitions (e.g., IDirectoryService)
+├── services/          # Business logic implementations for directory services, sync, auth
+├── models/            # Data models (UserEntry, GroupEntry, etc.)
+├── commands/          # CLI command implementations
+├── app/               # Angular GUI components
+└── utils/             # Test utilities and fixtures
+
+src-cli/               # CLI-specific code (imports common code from src/)
+
+jslib/                 # Legacy folder structure (mix of deprecated/unused and current code - new code should not be added here)
+```
+
+### Key Architectural Patterns
+
+1. **Abstractions = Interfaces**: All interfaces are defined in `/abstractions`
+2. **Services = Business Logic**: Implementations live in `/services`
+3. **Directory Service Pattern**: Each directory provider implements `IDirectoryService` interface
+4. **Separation of Concerns**: GUI (Angular app) and CLI (commands) share the same service layer
+
+## Development Conventions
+
+### Code Organization
+
+**File Naming:**
+
+- kebab-case for files: `ldap-directory.service.ts`
+- Descriptive names that reflect purpose
+
+**Class/Function Naming:**
+
+- PascalCase for classes and interfaces
+- camelCase for functions and variables
+- Descriptive names that indicate purpose
+
+**File Structure:**
+
+- Keep files focused on single responsibility
+- Create new service files for distinct directory integrations
+- Separate models into individual files when complex
+
+### TypeScript Conventions
+
+**Import Patterns:**
+
+- Use path aliases (`@/`) for project imports
+  - `@/` - project root
+  - `@/jslib/` - jslib folder
+- ESLint enforces alphabetized import ordering with newlines between groups
+
+**Type Safety:**
+
+- Avoid `any` types - use proper typing or `unknown` with type guards
+- Prefer interfaces for contracts, types for unions/intersections
+- Use strict null checks - handle `null` and `undefined` explicitly
+- Leverage TypeScript's type inference where appropriate
+
+**Configuration:**
+
+- Use configuration files or environment variables
+- Never hardcode URLs or configuration values
+
+## Security Best Practices
+
+**Credential Handling:**
+
+- Never log directory service credentials, API keys, or tokens
+- Use secure storage mechanisms for sensitive data
+- Credentials should never be hardcoded
+- Store credentials encrypted, never in plain text
+
+**Sensitive Data:**
+
+- User and group data from directories should be handled securely
+- Avoid exposing sensitive information in error messages
+- Sanitize data before logging
+- Be cautious with data persistence
+
+**Input Validation:**
+
+- Validate and sanitize data from external directory services
+- Check for injection vulnerabilities (LDAP injection, etc.)
+- Validate configuration inputs from users
+
+**API Security:**
+
+- Ensure authentication flows are implemented correctly
+- Verify SSL/TLS is used for all external connections
+- Check for secure token storage and refresh mechanisms
+
+## Error Handling
+
+**Best Practices:**
+
+1. **Try-catch for async operations** - Always wrap external API calls
+2. **Meaningful error messages** - Provide context for debugging
+3. **Error propagation** - Don't swallow errors silently
+4. **User-facing errors** - Separate user messages from developer logs
+
+## Performance Best Practices
+
+**Large Dataset Handling:**
+
+- Use pagination for large user/group lists
+- Avoid loading entire datasets into memory at once
+- Consider streaming or batch processing for large operations
+
+**API Rate Limiting:**
+
+- Respect rate limits for Microsoft Graph API, Google Admin SDK, etc.
+- Consider batching large API calls where necessary
+
+**Memory Management:**
+
+- Close connections and clean up resources
+- Remove event listeners when components are destroyed
+- Be cautious with caching large datasets
+
+## Testing
+
+**Framework:**
+
+- Jest with jest-preset-angular
+- jest-mock-extended for type-safe mocks with `mock<Type>()`
+
+**Test Organization:**
+
+- Tests colocated with source files
+- `*.spec.ts` - Unit tests for individual components/services
+- `*.integration.spec.ts` - Integration tests against live directory services
+- Test helpers located in `utils/` directory
+
+**Test Naming:**
+
+- Descriptive, human-readable test names
+- Example: `'should return empty array when no users exist in directory'`
+
+**Test Coverage:**
+
+- New features must include tests
+- Bug fixes should include regression tests
+- Changes to core sync logic or directory specific logic require integration tests
+
+**Testing Approach:**
+
+- **Unit tests**: Mock external API calls using jest-mock-extended
+- **Integration tests**: Use live directory services (Docker containers or configured cloud services)
+- Focus on critical paths (authentication, sync, data transformation)
+- Test error scenarios and edge cases (empty results, malformed data, connection failures), not just happy paths
+
+## Directory Service Patterns
+
+### IDirectoryService Interface
+
+All directory services implement this core interface with methods:
+
+- `getUsers()` - Retrieve users from directory and transform them into standard objects
+- `getGroups()` - Retrieve groups from directory and transform them into standard objects
+- Connection and authentication handling
+
+### Service-Specific Implementations
+
+Each directory service has unique authentication and query patterns:
+
+- **LDAP**: Direct LDAP queries, bind authentication
+- **Microsoft Entra ID**: Microsoft Graph API, OAuth tokens
+- **Google Workspace**: Google Admin SDK, service account credentials
+- **Okta/OneLogin**: REST APIs with API tokens
+
+## References
+
+- [Architectural Decision Records (ADRs)](https://contributing.bitwarden.com/architecture/adr/)
+- [Contributing Guidelines](https://contributing.bitwarden.com/contributing/)
+- [Code Style](https://contributing.bitwarden.com/contributing/code-style/)
+- [Security Whitepaper](https://bitwarden.com/help/bitwarden-security-white-paper/)
+- [Security Definitions](https://contributing.bitwarden.com/architecture/security/definitions)

.depcheckrc

@@ -0,0 +1 @@
+ignores: ["*-loader", "webpack-cli", "@types/jest"]

.eslintignore

@@ -1,8 +0,0 @@
-dist
-build
-build-cli
-**/webpack**.config.js
-
-**/node_modules
-
-**/jest.config.js

.eslintrc.json

@@ -1,92 +0,0 @@
-{
-  "root": true,
-  "env": {
-    "browser": true,
-    "webextensions": true,
-    "node": true
-  },
-  "overrides": [
-    {
-      "files": ["*.ts", "*.js"],
-      "plugins": ["@typescript-eslint", "rxjs", "rxjs-angular", "import"],
-      "parser": "@typescript-eslint/parser",
-      "parserOptions": {
-        "project": ["./tsconfig.json"],
-        "sourceType": "module",
-        "ecmaVersion": 2020
-      },
-      "extends": [
-        "eslint:recommended",
-        "plugin:@typescript-eslint/recommended",
-        "plugin:import/recommended",
-        "plugin:import/typescript",
-        "prettier",
-        "plugin:rxjs/recommended"
-      ],
-      "settings": {
-        "import/parsers": {
-          "@typescript-eslint/parser": [".ts"]
-        },
-        "import/resolver": {
-          "typescript": {
-            "alwaysTryTypes": true
-          }
-        }
-      },
-      "rules": {
-        "@typescript-eslint/explicit-member-accessibility": [
-          "error",
-          { "accessibility": "no-public" }
-        ],
-        "@typescript-eslint/no-explicit-any": "off", // TODO: This should be re-enabled
-        "@typescript-eslint/no-misused-promises": ["error", { "checksVoidReturn": false }],
-        "@typescript-eslint/no-this-alias": ["error", { "allowedNames": ["self"] }],
-        "@typescript-eslint/no-unused-vars": ["error", { "args": "none" }],
-        "no-console": "error",
-        "import/no-unresolved": "off", // TODO: Look into turning off once each package is an actual package.
-        "import/order": [
-          "error",
-          {
-            "alphabetize": {
-              "order": "asc"
-            },
-            "newlines-between": "always",
-            "pathGroups": [
-              {
-                "pattern": "@bitwarden/**",
-                "group": "external",
-                "position": "after"
-              },
-              {
-                "pattern": "src/**/*",
-                "group": "parent",
-                "position": "before"
-              }
-            ],
-            "pathGroupsExcludedImportTypes": ["builtin"]
-          }
-        ],
-        "rxjs-angular/prefer-takeuntil": "error",
-        "rxjs/no-exposed-subjects": ["error", { "allowProtected": true }],
-        "no-restricted-syntax": [
-          "error",
-          {
-            "message": "Calling `svgIcon` directly is not allowed",
-            "selector": "CallExpression[callee.name='svgIcon']"
-          },
-          {
-            "message": "Accessing FormGroup using `get` is not allowed, use `.value` instead",
-            "selector": "ChainExpression[expression.object.callee.property.name='get'][expression.property.name='value']"
-          }
-        ],
-        "curly": ["error", "all"],
-        "import/namespace": ["off"], // This doesn't resolve namespace imports correctly, but TS will throw for this anyway
-        "no-restricted-imports": ["error", { "patterns": ["src/**/*"] }]
-      }
-    },
-    {
-      "files": ["*.html"],
-      "parser": "@angular-eslint/template-parser"
-    }
-  ]
-}

.github/CODEOWNERS

@@ -7,9 +7,13 @@
 # Default file owners.
 * @bitwarden/team-admin-console-dev
 
-# DevOps for Actions and other workflow changes.
-.github/workflows @bitwarden/dept-devops
-.github/secrets @bitwarden/dept-devops
+# Docker-related files
+**/Dockerfile @bitwarden/team-appsec @bitwarden/dept-bre
+**/*.dockerignore @bitwarden/team-appsec @bitwarden/dept-bre
+**/entrypoint.sh @bitwarden/team-appsec @bitwarden/dept-bre
+**/docker-compose.yml @bitwarden/team-appsec @bitwarden/dept-bre
 
-# Multiple Owners
-**/package.json
+# Claude related files
+.claude/ @bitwarden/team-ai-sme
+.github/workflows/respond.yml @bitwarden/team-ai-sme
+.github/workflows/review-code.yml @bitwarden/team-ai-sme

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,14 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Feature Requests
+    url: https://community.bitwarden.com/c/feature-requests/
+    about: Request new features using the Community Forums. Please search existing feature requests before making a new one.
+  - name: Bitwarden Community Forums
+    url: https://community.bitwarden.com
+    about: Please visit the community forums for general community discussion, support and the development roadmap.
+  - name: Customer Support
+    url: https://bitwarden.com/contact/
+    about: Please contact our customer support for account issues and general customer support.
+  - name: Security Issues
+    url: https://hackerone.com/bitwarden
+    about: We use HackerOne to manage security disclosures.

.github/ISSUE_TEMPLATE/issue.yml

@@ -0,0 +1,111 @@
+name: Directory Connector Bug Report
+description: File a bug report
+title: "[DC] "
+labels: ["bug"]
+type: bug
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this bug report!
+
+        Please do not submit feature requests. The [Community Forums](https://community.bitwarden.com) has a section for submitting, voting for, and discussing product feature requests.
+  - type: textarea
+    id: reproduce
+    attributes:
+      label: Steps To Reproduce
+      description: How can we reproduce the behavior.
+      value: |
+        1. Go to '...'
+        2. Click on '....'
+        3. Scroll down to '....'
+        4. Click on '...'
+    validations:
+      required: true
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected Result
+      description: A clear and concise description of what you expected to happen.
+    validations:
+      required: true
+  - type: textarea
+    id: actual
+    attributes:
+      label: Actual Result
+      description: A clear and concise description of what is happening.
+    validations:
+      required: true
+  - type: textarea
+    id: screenshots
+    attributes:
+      label: Screenshots or Videos
+      description: If applicable, add screenshots and/or a short video to help explain your problem.
+  - type: textarea
+    id: additional-context
+    attributes:
+      label: Additional Context
+      description: Add any other context about the problem here.
+  - type: dropdown
+    id: os
+    attributes:
+      label: Operating System
+      description: What operating system(s) are you seeing the problem on?
+      multiple: true
+      options:
+        - Windows
+        - macOS
+        - Linux
+        - Other operating system (please specify in "Additional Context" section)
+    validations:
+      required: true
+  - type: input
+    id: os-version
+    attributes:
+      label: Operating System Version
+      description: What version of the operating system(s) are you seeing the problem on?
+    validations:
+      required: true
+  - type: dropdown
+    id: directories
+    attributes:
+      label: Directory Service
+      description: What directory service(s) are you seeing the problem on?
+      multiple: true
+      options:
+        - LDAP - Active Directory
+        - Another LDAP implementation (please specify in "Additional Context" section)
+        - Microsoft Entra ID
+        - Google Workspace
+        - Okta Universal Directory
+        - OneLogin
+        - Other directory service (please specify in "Additional Context" section)
+    validations:
+      required: true
+  - type: dropdown
+    id: application-type
+    attributes:
+      label: Application Type
+      description: Which Directory Connector application(s) are you seeing the problem on?
+      multiple: true
+      options:
+        - GUI (the desktop application)
+        - CLI (the bwdc command line application)
+    validations:
+      required: true
+  - type: input
+    id: version
+    attributes:
+      label: Build Version
+      description: What version of our software are you running?
+    validations:
+      required: true
+  - type: checkboxes
+    id: issue-tracking-info
+    attributes:
+      label: Issue Tracking Info
+      description: |
+        Make sure to acknowledge the following before submitting your report!
+      options:
+        - label: I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
+          required: true

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,33 +1,34 @@
-## Type of change
+## 🎟️ Tracking
 
-- [ ] Bug fix
-- [ ] New feature development
-- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
-- [ ] Build/deploy pipeline (DevOps)
-- [ ] Other
+<!-- Paste the link to the Jira or GitHub issue or otherwise describe / point to where this change is coming from. -->
 
-## Objective
+## 📔 Objective
 
-<!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding-->
+<!-- Describe what the purpose of this PR is, for example what bug you're fixing or new feature you're adding. -->
 
-## Code changes
+## 📸 Screenshots
 
-<!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes-->
-<!--Also refer to any related changes or PRs in other repositories-->
+<!-- Required for any UI changes; delete if not applicable. Use fixed width images for better display. -->
 
-- **file.ext:** Description of what was changed and why
+## ⏰ Reminders before review
 
-## Screenshots
+- Contributor guidelines followed
+- All formatters and local linters executed and passed
+- Written new unit and / or integration tests where applicable
+- Used internationalization (i18n) for all UI strings
+- CI builds passed
+- Communicated to DevOps any deployment requirements
+- Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team
 
-<!--Required for any UI changes. Delete if not applicable-->
+## 🦮 Reviewer guidelines
 
-## Testing requirements
+<!-- Suggested interactions but feel free to use (or not) as you desire! -->
 
-<!--What functionality requires testing by QA? This includes testing new behavior and regression testing-->
-
-## Before you submit
-
-- [ ] I have checked for **linting** errors (`npm run lint`) (required)
-- [ ] I have added **unit tests** where it makes sense to do so (encouraged but not required)
-- [ ] This change requires a **documentation update** (notify the documentation team)
-- [ ] This change has particular **deployment requirements** (notify the DevOps team)
+- 👍 (`:+1:`) or similar for great changes
+- 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info
+- ❓ (`:question:`) for questions
+- 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
+- 🎨 (`:art:`) for suggestions / improvements
+- ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or concerns needing attention
+- 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or indications of technical debt
+- ⛏ (`:pick:`) for minor or nitpick changes

.github/renovate.json

@@ -1,41 +0,0 @@
-{
-  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": [
-    "config:base",
-    ":combinePatchMinorReleases",
-    ":dependencyDashboard",
-    ":maintainLockFilesWeekly",
-    ":pinAllExceptPeerDependencies",
-    ":prConcurrentLimit10",
-    ":rebaseStalePrs",
-    "schedule:weekends",
-    ":separateMajorReleases"
-  ],
-  "enabledManagers": ["github-actions", "npm"],
-  "packageRules": [
-    {
-      "groupName": "gh minor",
-      "matchManagers": ["github-actions"],
-      "matchUpdateTypes": ["minor", "patch"]
-    },
-    {
-      "groupName": "npm minor",
-      "matchManagers": ["npm"],
-      "matchUpdateTypes": ["minor", "patch"]
-    },
-    {
-      "packageNames": ["typescript"],
-      "matchUpdateTypes": ["major", "minor"],
-      "enabled": false
-    },
-    {
-      "packageNames": ["typescript"],
-      "matchUpdateTypes": "patch"
-    },
-    {
-      "groupName": "jest",
-      "packageNames": ["@types/jest", "jest", "ts-jest", "jest-preset-angular"],
-      "matchUpdateTypes": "major"
-    }
-  ]
-}

.github/renovate.json5

@@ -0,0 +1,24 @@
+{
+  $schema: "https://docs.renovatebot.com/renovate-schema.json",
+  extends: ["github>bitwarden/renovate-config"],
+  enabledManagers: ["github-actions", "npm"],
+  packageRules: [
+    {
+      groupName: "gh minor",
+      matchManagers: ["github-actions"],
+      matchUpdateTypes: ["minor", "patch"],
+    },
+  ],
+  ignoreDeps: [
+    // yao-pkg is used to create a single executable application bundle for the CLI.
+    // It is a third party build of node which carries a high supply chain risk.
+    // This must be manually vetted by our appsec team before upgrading.
+    // It is excluded from renovate to avoid accidentally upgrading to a non-vetted version.
+    "@yao-pkg/pkg",
+    // googleapis uses ESM after 149.0.0 so we are not upgrading it until we have ESM support.
+    // They release new versions every couple of weeks so ignoring it at the dependency dashboard
+    // level is not sufficient.
+    // FIXME: remove and upgrade when we have ESM support.
+    "googleapis",
+  ],
+}

.github/workflows/build.yml

@@ -1,79 +1,71 @@
----
 name: Build
 
 on:
+  pull_request: {}
   push:
-    branches-ignore:
-      - 'l10n_master'
-    paths-ignore:
-      - '.github/workflows/**'
+    branches:
+      - "main"
+      - "rc"
+      - "hotfix-rc"
   workflow_dispatch: {}
 
+permissions:
+  contents: read
 
 jobs:
-  cloc:
-    name: CLOC
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
-      - name: Set up CLOC
-        run: |
-          sudo apt update
-          sudo apt -y install cloc
-
-      - name: Print lines of code
-        run: cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git
-
-
   setup:
     name: Setup
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
     outputs:
       package_version: ${{ steps.retrieve-version.outputs.package_version }}
+      node_version: ${{ steps.retrieve-node-version.outputs.node_version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
 
       - name: Get Package Version
         id: retrieve-version
         run: |
           PKG_VERSION=$(jq -r .version package.json)
-          echo "package_version=$PKG_VERSION" >> $GITHUB_OUTPUT
+          echo "package_version=$PKG_VERSION" >> "$GITHUB_OUTPUT"
 
+      - name: Get Node Version
+        id: retrieve-node-version
+        run: |
+          NODE_NVMRC=$(cat .nvmrc)
+          NODE_VERSION=${NODE_NVMRC/v/''}
+          echo "node_version=$NODE_VERSION" >> "$GITHUB_OUTPUT"
 
   linux-cli:
     name: Build Linux CLI
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     needs: setup
     env:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
-      _PKG_FETCH_NODE_VERSION: 18.5.0
-      _PKG_FETCH_VERSION: 3.4
+      _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
+    permissions:
+      contents: read
     steps:
       - name: Checkout repo
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
 
       - name: Set up Node
-        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
-          node-version: '18'
+          node-version: ${{ env._NODE_VERSION }}
 
       - name: Update NPM
         run: |
           npm install -g node-gyp
-          node-gyp install $(node -v)
-
-      - name: Get pkg-fetch
-        run: |
-          cd $HOME
-          fetchedUrl="https://github.com/vercel/pkg-fetch/releases/download/v$_PKG_FETCH_VERSION/node-v$_PKG_FETCH_NODE_VERSION-linux-x64"
-
-          mkdir -p .pkg-cache/v$_PKG_FETCH_VERSION
-          wget $fetchedUrl -O "./.pkg-cache/v$_PKG_FETCH_VERSION/fetched-v$_PKG_FETCH_NODE_VERSION-linux-x64"
+          node-gyp install "$(node -v)"
 
       - name: Keytar
         run: |
@@ -84,8 +76,8 @@ jobs:
           keytarUrl="https://github.com/atom/node-keytar/releases/download/v$keytarVersion/$keytarTarGz"
 
           mkdir -p ./keytar/linux
-          wget $keytarUrl -O ./keytar/linux/$keytarTarGz
-          tar -xvf ./keytar/linux/$keytarTarGz -C ./keytar/linux
+          wget "$keytarUrl" -O "./keytar/linux/$keytarTarGz"
+          tar -xvf "./keytar/linux/$keytarTarGz" -C ./keytar/linux
 
       - name: Install
         run: npm install
@@ -94,24 +86,19 @@ jobs:
         run: npm run dist:cli:lin
 
       - name: Zip
-        run: zip -j dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip dist-cli/linux/bwdc keytar/linux/build/Release/keytar.node
-
-      - name: Create checksums
-        run: |
-          shasum -a 256 dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip | \
-            cut -d " " -f 1 > dist-cli/bwdc-linux-sha256-$_PACKAGE_VERSION.txt
+        run: zip -j "dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip" "dist-cli/linux/bwdc" "keytar/linux/build/Release/keytar.node"
 
       - name: Version Test
         run: |
           sudo apt-get update
           sudo apt install libsecret-1-0 dbus-x11 gnome-keyring
-          eval $(dbus-launch --sh-syntax)
+          eval "$(dbus-launch --sh-syntax)"
 
-          eval $(echo -n "" | /usr/bin/gnome-keyring-daemon --login)
-          eval $(/usr/bin/gnome-keyring-daemon --components=secrets --start)
+          eval "$(echo -n "" | /usr/bin/gnome-keyring-daemon --login)"
+          eval "$(/usr/bin/gnome-keyring-daemon --components=secrets --start)"
 
           mkdir -p test/linux
-          unzip ./dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip -d ./test/linux
+          unzip "./dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip" -d ./test/linux
 
           testVersion=$(./test/linux/bwdc -v)
 
@@ -124,51 +111,39 @@ jobs:
           fi
 
       - name: Upload Linux Zip to GitHub
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: bwdc-linux-${{ env._PACKAGE_VERSION }}.zip
           path: ./dist-cli/bwdc-linux-${{ env._PACKAGE_VERSION }}.zip
           if-no-files-found: error
 
-      - name: Upload Linux checksum to GitHub
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
-        with:
-          name: bwdc-linux-sha256-${{ env._PACKAGE_VERSION }}.txt
-          path: ./dist-cli/bwdc-linux-sha256-${{ env._PACKAGE_VERSION }}.txt
-          if-no-files-found: error
-
 
   macos-cli:
     name: Build Mac CLI
-    runs-on: macos-12
+    runs-on: macos-15-intel
     needs: setup
+    permissions:
+      contents: read
     env:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
-      _PKG_FETCH_NODE_VERSION: 18.5.0
-      _PKG_FETCH_VERSION: 3.4
+      _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
 
       - name: Set up Node
-        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
-          node-version: '18'
+          node-version: ${{ env._NODE_VERSION }}
 
       - name: Update NPM
         run: |
           npm install -g node-gyp
-          node-gyp install $(node -v)
-
-      - name: Get pkg-fetch
-        run: |
-          cd $HOME
-          fetchedUrl="https://github.com/vercel/pkg-fetch/releases/download/v$_PKG_FETCH_VERSION/node-v$_PKG_FETCH_NODE_VERSION-macos-x64"
-
-          mkdir -p .pkg-cache/v$_PKG_FETCH_VERSION
-          wget $fetchedUrl -O "./.pkg-cache/v$_PKG_FETCH_VERSION/fetched-v$_PKG_FETCH_NODE_VERSION-macos-x64"
+          node-gyp install "$(node -v)"
 
       - name: Keytar
         run: |
@@ -179,8 +154,8 @@ jobs:
           keytarUrl="https://github.com/atom/node-keytar/releases/download/v$keytarVersion/$keytarTarGz"
 
           mkdir -p ./keytar/macos
-          wget $keytarUrl -O ./keytar/macos/$keytarTarGz
-          tar -xvf ./keytar/macos/$keytarTarGz -C ./keytar/macos
+          wget "$keytarUrl" -O "./keytar/macos/$keytarTarGz"
+          tar -xvf "./keytar/macos/$keytarTarGz" -C ./keytar/macos
 
       - name: Install
         run: npm install
@@ -189,17 +164,12 @@ jobs:
         run: npm run dist:cli:mac
 
       - name: Zip
-        run: zip -j dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip dist-cli/macos/bwdc keytar/macos/build/Release/keytar.node
-
-      - name: Create checksums
-        run: |
-          shasum -a 256 dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip | \
-            cut -d " " -f 1 > dist-cli/bwdc-macos-sha256-$_PACKAGE_VERSION.txt
+        run: zip -j "dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip" "dist-cli/macos/bwdc" "keytar/macos/build/Release/keytar.node"
 
       - name: Version Test
         run: |
           mkdir -p test/macos
-          unzip ./dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip -d ./test/macos
+          unzip "./dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip" -d ./test/macos
 
           testVersion=$(./test/macos/bwdc -v)
 
@@ -212,59 +182,44 @@ jobs:
           fi
 
       - name: Upload Mac Zip to GitHub
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: bwdc-macos-${{ env._PACKAGE_VERSION }}.zip
           path: ./dist-cli/bwdc-macos-${{ env._PACKAGE_VERSION }}.zip
           if-no-files-found: error
 
-      - name: Upload Mac checksum to GitHub
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
-        with:
-          name: bwdc-macos-sha256-${{ env._PACKAGE_VERSION }}.txt
-          path: ./dist-cli/bwdc-macos-sha256-${{ env._PACKAGE_VERSION }}.txt
-          if-no-files-found: error
 
   windows-cli:
     name: Build Windows CLI
     runs-on: windows-2022
     needs: setup
+    permissions:
+      contents: read
     env:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
-      _WIN_PKG_FETCH_VERSION: 18.5.0
-      _WIN_PKG_VERSION: 3.4
+      _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
 
       - name: Setup Windows builder
         run: |
           choco install checksum --no-progress
-          choco install reshack --no-progress
 
       - name: Set up Node
-        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
-          node-version: '18'
+          node-version: ${{ env._NODE_VERSION }}
 
       - name: Update NPM
         run: |
           npm install -g node-gyp
           node-gyp install $(node -v)
 
-      - name: Get pkg-fetch
-        shell: pwsh
-        run: |
-          cd $HOME
-          $fetchedUrl = "https://github.com/vercel/pkg-fetch/releases/download/v$env:_WIN_PKG_VERSION/node-v$env:_WIN_PKG_FETCH_VERSION-win-x64"
-
-          New-Item -ItemType directory -Path ./.pkg-cache
-          New-Item -ItemType directory -Path ./.pkg-cache/v$env:_WIN_PKG_VERSION
-          Invoke-RestMethod -Uri $fetchedUrl `
-            -OutFile "./.pkg-cache/v$env:_WIN_PKG_VERSION/fetched-v$env:_WIN_PKG_FETCH_VERSION-win-x64"
-
       - name: Keytar
         shell: pwsh
         run: |
@@ -281,54 +236,6 @@ jobs:
 
           7z e "./keytar/windows/$($keytarTar -f "win32")" -o"./keytar/windows"
 
-      - name: Setup Version Info
-        shell: pwsh
-        run: |
-          $major, $minor, $patch = $env:_PACKAGE_VERSION.split('.')
-
-          $versionInfo = @"
-
-          1 VERSIONINFO
-          FILEVERSION $major,$minor,$patch,0
-          PRODUCTVERSION $major,$minor,$patch,0
-          FILEOS 0x40004
-          FILETYPE 0x1
-          {
-          BLOCK "StringFileInfo"
-          {
-            BLOCK "040904b0"
-            {
-              VALUE "CompanyName", "Bitwarden Inc."
-              VALUE "ProductName", "Bitwarden"
-              VALUE "FileDescription", "Bitwarden Directory Connector CLI"
-              VALUE "FileVersion", "$env:_PACKAGE_VERSION"
-              VALUE "ProductVersion", "$env:_PACKAGE_VERSION"
-              VALUE "OriginalFilename", "bwdc.exe"
-              VALUE "InternalName", "bwdc"
-              VALUE "LegalCopyright", "Copyright Bitwarden Inc."
-            }
-          }
-
-          BLOCK "VarFileInfo"
-          {
-            VALUE "Translation", 0x0409 0x04B0
-          }
-          }
-          "@
-
-          $versionInfo | Out-File ./version-info.rc
-
-      - name: Resource Hacker
-        shell: cmd
-        run: |
-          set PATH=%PATH%;C:\Program Files (x86)\Resource Hacker
-          set WIN_PKG=C:\Users\runneradmin\.pkg-cache\v%_WIN_PKG_VERSION%\fetched-v%_WIN_PKG_FETCH_VERSION%-win-x64
-          set WIN_PKG_BUILT=C:\Users\runneradmin\.pkg-cache\v%_WIN_PKG_VERSION%\built-v%_WIN_PKG_FETCH_VERSION%-win-x64
-
-          ResourceHacker -open %WIN_PKG% -save %WIN_PKG% -action delete -mask ICONGROUP,1,
-          ResourceHacker -open version-info.rc -save version-info.res -action compile
-          ResourceHacker -open %WIN_PKG% -save %WIN_PKG% -action addoverwrite -resource version-info.res
-
       - name: Install
         run: npm install
 
@@ -337,13 +244,12 @@ jobs:
 
       - name: Zip
         shell: cmd
-        run: |
-          7z a .\dist-cli\bwdc-windows-%_PACKAGE_VERSION%.zip .\dist-cli\windows\bwdc.exe .\keytar\windows\keytar.node
+        run: 7z a .\dist-cli\bwdc-windows-%_PACKAGE_VERSION%.zip .\dist-cli\windows\bwdc.exe .\keytar\windows\keytar.node
 
       - name: Version Test
         shell: pwsh
         run: |
-          Expand-Archive -Path "dist-cli\bwdc-windows-${{ env._PACKAGE_VERSION }}.zip" -DestinationPath "test\windows"
+          Expand-Archive -Path "dist-cli\bwdc-windows-$env:_PACKAGE_VERSION.zip" -DestinationPath "test\windows"
           $testVersion = Invoke-Expression '& .\test\windows\bwdc.exe -v'
           echo "version: ${env:_PACKAGE_VERSION}"
           echo "testVersion: $testVersion"
@@ -351,44 +257,38 @@ jobs:
             Throw "Version test failed."
           }
 
-      - name: Create checksums
-        run: |
-          checksum -f="./dist-cli/bwdc-windows-${env:_PACKAGE_VERSION}.zip" `
-            -t sha256 | Out-File ./dist-cli/bwdc-windows-sha256-${env:_PACKAGE_VERSION}.txt
-
       - name: Upload Windows Zip to GitHub
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: bwdc-windows-${{ env._PACKAGE_VERSION }}.zip
           path: ./dist-cli/bwdc-windows-${{ env._PACKAGE_VERSION }}.zip
           if-no-files-found: error
 
-      - name: Upload Windows checksum to GitHub
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
-        with:
-          name: bwdc-windows-sha256-${{ env._PACKAGE_VERSION }}.txt
-          path: ./dist-cli/bwdc-windows-sha256-${{ env._PACKAGE_VERSION }}.txt
-          if-no-files-found: error
-
 
   windows-gui:
     name: Build Windows GUI
     runs-on: windows-2022
     needs: setup
+    permissions:
+      contents: read
+      id-token: write
     env:
       NODE_OPTIONS: --max_old_space_size=4096
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
+      _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
       HUSKY: 0
     steps:
       - name: Checkout repo
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
 
       - name: Set up Node
-        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
-          node-version: '18'
+          node-version: ${{ env._NODE_VERSION }}
 
       - name: Update NPM
         run: |
@@ -406,39 +306,60 @@ jobs:
       - name: Install Node dependencies
         run: npm install
 
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: "bitwarden-ci"
+          secrets: "code-signing-vault-url,
+            code-signing-client-id,
+            code-signing-tenant-id,
+            code-signing-client-secret,
+            code-signing-cert-name"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Build & Sign
         run: npm run dist:win
         env:
           ELECTRON_BUILDER_SIGN: 1
-          SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }}
-          SIGNING_CLIENT_ID: ${{ secrets.SIGNING_CLIENT_ID }}
-          SIGNING_TENANT_ID: ${{ secrets.SIGNING_TENANT_ID }}
-          SIGNING_CLIENT_SECRET: ${{ secrets.SIGNING_CLIENT_SECRET }}
-          SIGNING_CERT_NAME: ${{ secrets.SIGNING_CERT_NAME }}
+          SIGNING_VAULT_URL: ${{ steps.retrieve-secrets.outputs.code-signing-vault-url }}
+          SIGNING_CLIENT_ID: ${{ steps.retrieve-secrets.outputs.code-signing-client-id }}
+          SIGNING_TENANT_ID: ${{ steps.retrieve-secrets.outputs.code-signing-tenant-id }}
+          SIGNING_CLIENT_SECRET: ${{ steps.retrieve-secrets.outputs.code-signing-client-secret }}
+          SIGNING_CERT_NAME: ${{ steps.retrieve-secrets.outputs.code-signing-cert-name }}
 
       - name: Upload Portable Executable to GitHub
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: Bitwarden-Connector-Portable-${{ env._PACKAGE_VERSION }}.exe
           path: ./dist/Bitwarden-Connector-Portable-${{ env._PACKAGE_VERSION }}.exe
           if-no-files-found: error
 
       - name: Upload Installer Executable to GitHub
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe
           path: ./dist/Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe
           if-no-files-found: error
 
       - name: Upload Installer Executable Blockmap to GitHub
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe.blockmap
           path: ./dist/Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe.blockmap
           if-no-files-found: error
 
       - name: Upload latest auto-update artifact
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: latest.yml
           path: ./dist/latest.yml
@@ -447,27 +368,32 @@ jobs:
 
   linux-gui:
     name: Build Linux GUI
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     needs: setup
+    permissions:
+      contents: read
     env:
       NODE_OPTIONS: --max_old_space_size=4096
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
+      _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
       HUSKY: 0
     steps:
       - name: Checkout repo
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
 
       - name: Set up Node
-        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
-          node-version: '18'
+          node-version: ${{ env._NODE_VERSION }}
 
       - name: Update NPM
         run: |
           npm install -g node-gyp
-          node-gyp install $(node -v)
+          node-gyp install "$(node -v)"
 
       - name: Set up environment
         run: |
@@ -485,14 +411,14 @@ jobs:
         run: npm run dist:lin
 
       - name: Upload AppImage
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-x86_64.AppImage
           path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-x86_64.AppImage
           if-no-files-found: error
 
       - name: Upload latest auto-update artifact
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: latest-linux.yml
           path: ./dist/latest-linux.yml
@@ -501,27 +427,33 @@ jobs:
 
   macos-gui:
     name: Build MacOS GUI
-    runs-on: macos-12
+    runs-on: macos-15-intel
     needs: setup
+    permissions:
+      contents: read
+      id-token: write
     env:
       NODE_OPTIONS: --max_old_space_size=4096
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
+      _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
       HUSKY: 0
     steps:
       - name: Checkout repo
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
 
       - name: Set up Node
-        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
-          node-version: '18'
+          node-version: ${{ env._NODE_VERSION }}
 
       - name: Update NPM
         run: |
           npm install -g node-gyp
-          node-gyp install $(node -v)
+          node-gyp install "$(node -v)"
 
       - name: Print environment
         run: |
@@ -529,50 +461,61 @@ jobs:
           npm --version
           echo "GitHub ref: $GITHUB_REF"
           echo "GitHub event: $GITHUB_EVENT"
-        shell: bash
 
-      - name: Decrypt secrets
-        env:
-          DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
-        shell: bash
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-directory-connector
+          secrets: "KEYCHAIN-PASSWORD,APP-STORE-CONNECT-AUTH-KEY,APP-STORE-CONNECT-TEAM-ISSUER"
+
+      - name: Get certificates
         run: |
-          mkdir -p $HOME/secrets
+          mkdir -p "$HOME/certificates"
 
-          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
-            --output "$HOME/secrets/devid-app-cert.p12" \
-            "$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg"
+          az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert |
+            jq -r .value | base64 -d > "$HOME/certificates/devid-app-cert.p12"
 
-          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
-            --output "$HOME/secrets/devid-installer-cert.p12" \
-            "$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg"
+          az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert |
+            jq -r .value | base64 -d > "$HOME/certificates/devid-installer-cert.p12"
 
-          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
-            --output "$HOME/secrets/macdev-cert.p12" \
-            "$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg"
+          az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
+            jq -r .value | base64 -d > "$HOME/certificates/macdev-cert.p12"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
 
       - name: Set up keychain
         env:
-          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
-          DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }}
-          MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }}
-        shell: bash
+          KEYCHAIN_PASSWORD: ${{ steps.get-kv-secrets.outputs.KEYCHAIN-PASSWORD }}
         run: |
-          security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
+          security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
           security default-keychain -s build.keychain
-          security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
           security set-keychain-settings -lut 1200 build.keychain
-          security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
+
+          security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \
             -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
-          security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
+
+          security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \
             -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
-          security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \
+
+          security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \
             -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
-          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
+
+          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain
 
       - name: Load package version
         run: |
           $rootPath = $env:GITHUB_WORKSPACE;
-          $packageVersion = (Get-Content -Raw -Path $rootPath\package.json | ConvertFrom-Json).version;
+          $packageVersion = (Get-Content -Raw -Path "$rootPath\package.json" | ConvertFrom-Json).version;
 
           Write-Output "Setting package version to $packageVersion";
           Write-Output "PACKAGE_VERSION=$packageVersion" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append;
@@ -581,35 +524,46 @@ jobs:
       - name: Install Node dependencies
         run: npm install
 
+      - name: Set up private auth key
+        env:
+          _APP_STORE_CONNECT_AUTH_KEY: ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-AUTH-KEY }}
+        run: |
+          mkdir ~/private_keys
+          cat << EOF > ~/private_keys/AuthKey_UFD296548T.p8
+          ${_APP_STORE_CONNECT_AUTH_KEY}
+          EOF
+
       - name: Build application
         run: npm run dist:mac
         env:
-          APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
-          APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
+          APP_STORE_CONNECT_TEAM_ISSUER: ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-TEAM-ISSUER }}
+          APP_STORE_CONNECT_AUTH_KEY: UFD296548T
+          APP_STORE_CONNECT_AUTH_KEY_PATH: ~/private_keys/AuthKey_UFD296548T.p8
+          CSC_FOR_PULL_REQUEST: true
 
       - name: Upload .zip artifact
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-mac.zip
           path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-mac.zip
           if-no-files-found: error
 
       - name: Upload .dmg artifact
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg
           path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg
           if-no-files-found: error
 
       - name: Upload .dmg Blockmap artifact
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg.blockmap
           path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg.blockmap
           if-no-files-found: error
 
       - name: Upload latest auto-update artifact
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: latest-mac.yml
           path: ./dist/latest-mac.yml
@@ -618,9 +572,8 @@ jobs:
 
   check-failures:
     name: Check for failures
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     needs:
-      - cloc
       - setup
       - linux-cli
       - macos-cli
@@ -628,42 +581,24 @@ jobs:
       - windows-gui
       - linux-gui
       - macos-gui
+    permissions:
+      id-token: write
     steps:
       - name: Check if any job failed
-        if: ${{ (github.ref == 'refs/heads/master') || (github.ref == 'refs/heads/rc') }}
-        env:
-          CLOC_STATUS: ${{ needs.cloc.result }}
-          SETUP_STATUS: ${{ needs.setup.result }}
-          LINUX_CLI_STATUS: ${{ needs.linux-cli.result }}
-          MACOS_CLI_STATUS: ${{ needs.macos-cli.result }}
-          WINDOWS_CLI_STATUS: ${{ needs.windows-cli.result }}
-          WINDOWS_GUI_STATUS: ${{ needs.windows-gui.result }}
-          LINUX_GUI_STATUS: ${{ needs.linux-gui.result }}
-          MACOS_GUI_STATUS: ${{ needs.macos-gui.result }}
-        run: |
-          if [ "$CLOC_STATUS" = "failure" ]; then
-              exit 1
-          elif [ "$SETUP_STATUS" = "failure" ]; then
-              exit 1
-          elif [ "$LINUX_CLI_STATUS" = "failure" ]; then
-              exit 1
-          elif [ "$MACOS_CLI_STATUS" = "failure" ]; then
-              exit 1
-          elif [ "$WINDOWS_CLI_STATUS" = "failure" ]; then
-              exit 1
-          elif [ "$WINDOWS_GUI_STATUS" = "failure" ]; then
-              exit 1
-          elif [ "$LINUX_GUI_STATUS" = "failure" ]; then
-              exit 1
-          elif [ "$MACOS_GUI_STATUS" = "failure" ]; then
-              exit 1
-          fi
+        if: |
+          (github.ref == 'refs/heads/main'
+          || github.ref == 'refs/heads/rc'
+          || github.ref == 'refs/heads/hotfix-rc')
+          && contains(needs.*.result, 'failure')
+        run: exit 1
 
-      - name: Login to Azure - CI subscription
-        uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
+      - name: Log in to Azure
         if: failure()
+        uses: bitwarden/gh-actions/azure-login@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
@@ -673,8 +608,11 @@ jobs:
           keyvault: "bitwarden-ci"
           secrets: "devops-alerts-slack-webhook-url"
 
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
       - name: Notify Slack on failure
-        uses: act10ns/slack@ed1309ab9862e57e9e583e51c7889486b9a00b0f # v2.0.0
+        uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0
         if: failure()
         env:
           SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }}

.github/workflows/enforce-labels.yml

@@ -1,13 +1,15 @@
----
 name: Enforce PR labels
 
 on:
   pull_request:
     types: [labeled, unlabeled, opened, edited, synchronize]
+permissions:
+  contents: read
+  pull-requests: read
 jobs:
   enforce-label:
     name: EnforceLabel
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Enforce Label
         uses: yogevbd/enforce-label-action@a3c219da6b8fa73f6ba62b68ff09c469b3a1c024 # 2.2.2

.github/workflows/integration-test.yml

@@ -0,0 +1,146 @@
+name: Integration Testing
+
+on:
+  workflow_dispatch:
+  # Integration tests are slow, so only run them if relevant files have changed.
+  # This is done at the workflow level and at the job level.
+  # Make sure these triggers stay consistent with the 'changed-files' job.
+  push:
+    branches:
+      - 'main'
+      - 'rc'
+    paths:
+      - ".github/workflows/integration-test.yml" # this file
+      - "docker-compose.yml" # any change to Docker configuration
+      - "package.json" # dependencies
+      - "utils/**" # any change to test fixtures
+      - "src/services/sync.service.ts" # core sync service used by all directory services
+      - "src/services/directory-services/ldap-directory.service*" # LDAP directory service
+      - "src/services/directory-services/gsuite-directory.service*" # Google Workspace directory service
+      # Add directory services here as we add test coverage
+  pull_request:
+    paths:
+      - ".github/workflows/integration-test.yml" # this file
+      - "docker-compose.yml" # any change to Docker configuration
+      - "package.json" # dependencies
+      - "utils/**" # any change to test fixtures
+      - "src/services/sync.service.ts" # core sync service used by all directory services
+      - "src/services/directory-services/ldap-directory.service*" # LDAP directory service
+      - "src/services/directory-services/gsuite-directory.service*" # Google Workspace directory service
+      # Add directory services here as we add test coverage
+permissions:
+  contents: read
+  checks: write # required by dorny/test-reporter to upload its results
+  id-token: write # required to use OIDC to login to Azure Key Vault
+jobs:
+  testing:
+    name: Run tests
+    if: ${{ startsWith(github.head_ref, 'version_bump_') == false }}
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
+
+      - name: Get Node version
+        id: retrieve-node-version
+        run: |
+          NODE_NVMRC=$(cat .nvmrc)
+          NODE_VERSION=${NODE_NVMRC/v/''}
+          echo "node_version=$NODE_VERSION" >> "$GITHUB_OUTPUT"
+
+      - name: Set up Node
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        with:
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+          node-version: ${{ steps.retrieve-node-version.outputs.node_version }}
+
+      - name: Install Node dependencies
+        run: npm ci
+
+      # Get secrets from Azure Key Vault
+      - name: Azure Login
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get KV Secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-directory-connector
+          secrets: "GOOGLE-ADMIN-USER,GOOGLE-CLIENT-EMAIL,GOOGLE-DOMAIN,GOOGLE-PRIVATE-KEY"
+
+      - name: Azure Logout
+        uses: bitwarden/gh-actions/azure-logout@main
+
+      # Only run relevant tests depending on what files have changed.
+      # This should be kept consistent with the workflow level triggers.
+      # Note: docker-compose.yml is only used for ldap for now
+      - name: Get changed files
+        id: changed-files
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+        with:
+          list-files: shell
+          token: ${{ secrets.GITHUB_TOKEN }}
+          # Add directory services here as we add test coverage
+          filters: |
+            common:
+              - '.github/workflows/integration-test.yml'
+              - 'utils/**'
+              - 'package.json'
+              - 'src/services/sync.service.ts'
+            ldap:
+              - 'docker-compose.yml'
+              - 'src/services/directory-services/ldap-directory.service*'
+            google:
+              - 'src/services/directory-services/gsuite-directory.service*'
+
+      # LDAP
+      - name: Setup LDAP integration tests
+        if: steps.changed-files.outputs.common == 'true' || steps.changed-files.outputs.ldap == 'true'
+        run: |
+          sudo apt-get update
+          sudo apt-get -y install mkcert
+          npm run test:integration:setup
+
+      - name: Run LDAP integration tests
+        if: steps.changed-files.outputs.common == 'true' || steps.changed-files.outputs.ldap == 'true'
+        env:
+          JEST_JUNIT_UNIQUE_OUTPUT_NAME: "true" # avoids junit outputs from clashing
+        run: npx jest ldap-directory.service.integration.spec.ts --coverage --coverageDirectory=coverage-ldap
+
+      # Google Workspace
+      - name: Run Google Workspace integration tests
+        if: steps.changed-files.outputs.common == 'true' || steps.changed-files.outputs.google == 'true'
+        env:
+          GOOGLE_DOMAIN: ${{ steps.get-kv-secrets.outputs.GOOGLE-DOMAIN }}
+          GOOGLE_ADMIN_USER: ${{ steps.get-kv-secrets.outputs.GOOGLE-ADMIN-USER }}
+          GOOGLE_CLIENT_EMAIL: ${{ steps.get-kv-secrets.outputs.GOOGLE-CLIENT-EMAIL }}
+          GOOGLE_PRIVATE_KEY: ${{ steps.get-kv-secrets.outputs.GOOGLE-PRIVATE-KEY }}
+          JEST_JUNIT_UNIQUE_OUTPUT_NAME: "true" # avoids junit outputs from clashing
+        run: |
+          npx jest gsuite-directory.service.integration.spec.ts --coverage --coverageDirectory=coverage-google
+
+      - name: Report test results
+        id: report
+        uses: dorny/test-reporter@fe45e9537387dac839af0d33ba56eed8e24189e8 # v2.3.0
+        # This will skip the job if it's a pull request from a fork, because that won't have permission to upload test results.
+        # PRs from the repository and all other events are OK.
+        if: (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event.pull_request.head.repo.full_name == github.repository) && !cancelled()
+        with:
+          name: Test Results
+          path: "junit.xml*"
+          reporter: jest-junit
+          fail-on-error: true
+
+      - name: Upload coverage to codecov.io
+        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+
+      - name: Upload results to codecov.io
+        uses: codecov/test-results-action@0fa95f0e1eeaafde2c782583b36b28ad0d8c77d3 # v1.2.1

.github/workflows/release.yml

@@ -1,4 +1,3 @@
----
 name: Release
 
 on:
@@ -14,18 +13,25 @@ on:
           - Redeploy
           - Dry Run
 
+permissions:
+  contents: read
+
 jobs:
   setup:
     name: Setup
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
     outputs:
-      release-version: ${{ steps.version.outputs.version }}
+      release_version: ${{ steps.version.outputs.version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
 
       - name: Branch check
-        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        if: ${{ inputs.release_type != 'Dry Run' }}
         run: |
           if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then
             echo "==================================="
@@ -38,53 +44,44 @@ jobs:
         id: version
         uses: bitwarden/gh-actions/release-version-check@main
         with:
-          release-type: ${{ github.event.inputs.release_type }}
+          release-type: ${{ inputs.release_type }}
           project-type: ts
           file: package.json
 
   release:
     name: Release
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     needs: setup
+    permissions:
+      actions: read
+      packages: read
+      contents: write
     steps:
-      - name: Create GitHub deployment
-        uses: chrnorm/deployment-action@d42cde7132fcec920de534fffc3be83794335c00 # v2.0.5
-        id: deployment
-        with:
-          token: '${{ secrets.GITHUB_TOKEN }}'
-          initial-status: 'in_progress'
-          environment: 'production'
-          description: 'Deployment ${{ needs.setup.outputs.release-version }} from branch ${{ github.ref_name }}'
-          task: release
-
       - name: Download all artifacts
-        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        if: ${{ inputs.release_type != 'Dry Run' }}
         uses: bitwarden/gh-actions/download-artifacts@main
         with:
           workflow: build.yml
           workflow_conclusion: success
           branch: ${{ github.ref_name }}
 
-      - name: Download all artifacts
-        if: ${{ github.event.inputs.release_type == 'Dry Run' }}
+      - name: Dry Run - Download all artifacts
+        if: ${{ inputs.release_type == 'Dry Run' }}
         uses: bitwarden/gh-actions/download-artifacts@main
         with:
           workflow: build.yml
           workflow_conclusion: success
-          branch: master
+          branch: main
 
       - name: Create release
-        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
-        uses: ncipollo/release-action@6c75be85e571768fa31b40abf38de58ba0397db5 # v1.13.0
+        if: ${{ inputs.release_type != 'Dry Run' }}
+        uses: ncipollo/release-action@b7eabc95ff50cbeeedec83973935c8f306dfcd0b # v1.20.0
         env:
-          PKG_VERSION: ${{ needs.setup.outputs.release-version }}
+          PKG_VERSION: ${{ needs.setup.outputs.release_version }}
         with:
           artifacts: "./bwdc-windows-${{ env.PKG_VERSION }}.zip,
                       ./bwdc-macos-${{ env.PKG_VERSION }}.zip,
                       ./bwdc-linux-${{ env.PKG_VERSION }}.zip,
-                      ./bwdc-windows-sha256-${{ env.PKG_VERSION }}.txt,
-                      ./bwdc-macos-sha256-${{ env.PKG_VERSION }}.txt,
-                      ./bwdc-linux-sha256-${{ env.PKG_VERSION }}.txt,
                       ./Bitwarden-Connector-Portable-${{ env.PKG_VERSION }}.exe,
                       ./Bitwarden-Connector-Installer-${{ env.PKG_VERSION }}.exe,
                       ./Bitwarden-Connector-Installer-${{ env.PKG_VERSION }}.exe.blockmap,
@@ -101,19 +98,3 @@ jobs:
           body: "<insert release notes here>"
           token: ${{ secrets.GITHUB_TOKEN }}
           draft: true
-
-      - name: Update deployment status to Success
-        if: ${{ success() }}
-        uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1
-        with:
-          token: '${{ secrets.GITHUB_TOKEN }}'
-          state: 'success'
-          deployment-id: ${{ steps.deployment.outputs.deployment_id }}
-
-      - name: Update deployment status to Failure
-        if: ${{ failure() }}
-        uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1
-        with:
-          token: '${{ secrets.GITHUB_TOKEN }}'
-          state: 'failure'
-          deployment-id: ${{ steps.deployment.outputs.deployment_id }}

.github/workflows/respond.yml

@@ -0,0 +1,28 @@
+name: Respond
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  issues:
+    types: [opened, assigned]
+  pull_request_review:
+    types: [submitted]
+
+permissions: {}
+
+jobs:
+  respond:
+    name: Respond
+    uses: bitwarden/gh-actions/.github/workflows/_respond.yml@main
+    secrets:
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+    permissions:
+      actions: read
+      contents: write
+      id-token: write
+      issues: write
+      pull-requests: write

.github/workflows/review-code.yml

@@ -0,0 +1,21 @@
+name: Code Review
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+permissions: {}
+
+jobs:
+  review:
+    name: Review
+    uses: bitwarden/gh-actions/.github/workflows/_review-code.yml@main
+    secrets:
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+    permissions:
+      actions: read
+      contents: read
+      id-token: write
+      pull-requests: write

.github/workflows/scan.yml

@@ -0,0 +1,52 @@
+name: Scan
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - "main"
+  pull_request:
+    types: [opened, synchronize, reopened]
+    branches-ignore:
+      - "main"
+  pull_request_target:
+    types: [opened, synchronize, reopened]
+    branches:
+      - "main"
+
+permissions: {}
+
+jobs:
+  check-run:
+    name: Check PR run
+    uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
+    permissions:
+      contents: read
+
+  sast:
+    name: Checkmarx
+    uses: bitwarden/gh-actions/.github/workflows/_checkmarx.yml@main
+    needs: check-run
+    secrets:
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+    permissions:
+      contents: read
+      pull-requests: write
+      security-events: write
+      id-token: write
+
+  quality:
+    name: Sonar
+    uses: bitwarden/gh-actions/.github/workflows/_sonar.yml@main
+    needs: check-run
+    secrets:
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+    permissions:
+      contents: read
+      pull-requests: write
+      id-token: write
+      

.github/workflows/test.yml

@@ -0,0 +1,70 @@
+name: Testing
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - "main"
+      - "rc"
+      - "hotfix-rc"
+  pull_request:
+
+permissions:
+  contents: read
+  checks: write # required by dorny/test-reporter to upload its results
+
+jobs:
+
+  testing:
+    name: Run tests
+    if: ${{ startsWith(github.head_ref, 'version_bump_') == false }}
+    runs-on: ubuntu-24.04
+
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
+
+      - name: Get Node version
+        id: retrieve-node-version
+        run: |
+          NODE_NVMRC=$(cat .nvmrc)
+          NODE_VERSION=${NODE_NVMRC/v/''}
+          echo "node_version=$NODE_VERSION" >> "$GITHUB_OUTPUT"
+
+      - name: Set up Node
+        uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
+        with:
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+          node-version: ${{ steps.retrieve-node-version.outputs.node_version }}
+
+      - name: Install Node dependencies
+        run: npm ci
+
+      # We use isolatedModules: true which disables typechecking in tests
+      # Tests in apps/ are typechecked when their app is built, so we just do it here for libs/
+      # See https://bitwarden.atlassian.net/browse/EC-497
+      - name: Run typechecking
+        run: npm run test:types --coverage
+
+      - name: Run tests
+        run: npm run test --coverage
+
+      - name: Report test results
+        uses: dorny/test-reporter@fe45e9537387dac839af0d33ba56eed8e24189e8 # v2.3.0
+        # This will skip the job if it's a pull request from a fork, because that won't have permission to upload test results.
+        # PRs from the repository and all other events are OK.
+        if: (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event.pull_request.head.repo.full_name == github.repository) && !cancelled()
+        with:
+          name: Test Results
+          path: "junit.xml"
+          reporter: jest-junit
+          fail-on-error: true
+
+      - name: Upload coverage to codecov.io
+        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+
+      - name: Upload results to codecov.io
+        uses: codecov/test-results-action@0fa95f0e1eeaafde2c782583b36b28ad0d8c77d3 # v1.2.1

.github/workflows/version-bump.yml

@@ -1,85 +1,145 @@
----
 name: Version Bump
 
 on:
   workflow_dispatch:
     inputs:
-      version_number:
-        description: "New Version"
-        required: true
+      version_number_override:
+        description: "New version override (leave blank for automatic calculation, example: '2024.1.0')"
+        required: false
+        type: string
+
+permissions: {}
 
 jobs:
   bump_version:
-    name: "Create version_bump_${{ github.event.inputs.version_number }} branch"
-    runs-on: ubuntu-22.04
+    name: Bump Version
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: write
+      id-token: write
     steps:
-      - name: Checkout Branch
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
-      - name: Login to Azure - Prod Subscription
-        uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
+      - name: Validate version input
+        if: ${{ inputs.version_number_override != '' }}
+        uses: bitwarden/gh-actions/version-check@main
         with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+          version: ${{ inputs.version_number_override }}
 
-      - name: Retrieve secrets
-        id: retrieve-secrets
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
         uses: bitwarden/gh-actions/get-keyvault-secrets@main
         with:
-          keyvault: "bitwarden-ci"
-          secrets: "github-gpg-private-key, github-gpg-private-key-passphrase"
+          keyvault: gh-org-bitwarden
+          secrets: "BW-GHAPP-ID,BW-GHAPP-KEY"
 
-      - name: Import GPG key
-        uses: crazy-max/ghaction-import-gpg@82a020f1f7f605c65dd2449b392a52c3fcfef7ef # v6.0.0
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
+      - name: Generate GH App token
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        id: app-token
         with:
-          gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
-          passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
-          git_user_signingkey: true
-          git_commit_gpgsign: true
+          app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
+          private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}
+          permission-contents: write
 
-      - name: Create Version Branch
+      - name: Checkout Branch
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+          persist-credentials: true
+
+      - name: Setup git
         run: |
-          git switch -c version_bump_${{ github.event.inputs.version_number }}
-          git push -u origin version_bump_${{ github.event.inputs.version_number }}
+          git config user.name github-actions
+          git config user.email github-actions@github.com
 
-      - name: Checkout Version Branch
-        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+      - name: Get current version
+        id: current-version
+        run: |
+          CURRENT_VERSION=$(cat package.json | jq -r '.version')
+          echo "version=$CURRENT_VERSION" >> "$GITHUB_OUTPUT"
+
+      - name: Verify input version
+        if: ${{ inputs.version_number_override != '' }}
+        env:
+          CURRENT_VERSION: ${{ steps.current-version.outputs.version }}
+          NEW_VERSION: ${{ inputs.version_number_override }}
+        run: |
+          # Error if version has not changed.
+          if [[ "$NEW_VERSION" == "$CURRENT_VERSION" ]]; then
+            echo "Version has not changed."
+            exit 1
+          fi
+
+          # Check if version is newer.
+          if printf '%s\n' "${CURRENT_VERSION}" "${NEW_VERSION}" | sort -C -V; then
+            echo "Version check successful."
+          else
+            echo "Version check failed."
+            exit 1
+          fi
+
+      - name: Calculate next release version
+        if: ${{ inputs.version_number_override == '' }}
+        id: calculate-next-version
+        uses: bitwarden/gh-actions/version-next@main
         with:
-          ref: version_bump_${{ github.event.inputs.version_number }}
+          version: ${{ steps.current-version.outputs.version }}
 
-      - name: Bump Version - Package
+      - name: Bump Version - Package - Version Override
+        if: ${{ inputs.version_number_override != '' }}
+        id: bump-version-override
         uses: bitwarden/gh-actions/version-bump@main
         with:
-          version: ${{ github.event.inputs.version_number }}
           file_path: "./package.json"
+          version: ${{ inputs.version_number_override }}
+
+      - name: Bump Version - Package - Automatic Calculation
+        if: ${{ inputs.version_number_override == '' }}
+        id: bump-version-automatic
+        uses: bitwarden/gh-actions/version-bump@main
+        with:
+          file_path: "./package.json"
+          version: ${{ steps.calculate-next-version.outputs.version }}
+
+      - name: Set final version output
+        id: set-final-version-output
+        env:
+          _BUMP_VERSION_OVERRIDE_OUTCOME: ${{ steps.bump-version-override.outcome }}
+          _INPUT_VERSION_NUMBER_OVERRIDE: ${{ inputs.version_number_override }}
+          _BUMP_VERSION_AUTOMATIC_OUTCOME: ${{ steps.bump-version-automatic.outcome }}
+          _CALCULATE_NEXT_VERSION: ${{ steps.calculate-next-version.outputs.version }}
+          
+        run: |
+          if [[ "$_BUMP_VERSION_OVERRIDE_OUTCOME" == "success" ]]; then
+            echo "version=$_INPUT_VERSION_NUMBER_OVERRIDE" >> "$GITHUB_OUTPUT"
+          elif [[ "$_BUMP_VERSION_AUTOMATIC_OUTCOME" == "success" ]]; then
+            echo "version=$_CALCULATE_NEXT_VERSION" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Check if version changed
+        id: version-changed
+        run: |
+          if [ -n "$(git status --porcelain)" ]; then
+            echo "changes_to_commit=TRUE" >> "$GITHUB_OUTPUT"
+          else
+            echo "changes_to_commit=FALSE" >> "$GITHUB_OUTPUT"
+            echo "No changes to commit!";
+          fi
 
       - name: Commit files
-        run: |
-          git config --local user.email "106330231+bitwarden-devops-bot@users.noreply.github.com"
-          git config --local user.name "bitwarden-devops-bot"
-          git commit -m "Bumped version to ${{ github.event.inputs.version_number }}" -a
+        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
+        env:
+          _VERSION: ${{ steps.set-final-version-output.outputs.version }}
+        run: git commit -m "Bumped version to $_VERSION" -a
 
       - name: Push changes
-        run: git push -u origin version_bump_${{ github.event.inputs.version_number }}
-
-      - name: Create Version PR
-        env:
-          PR_BRANCH: "version_bump_${{ github.event.inputs.version_number }}"
-          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-          BASE_BRANCH: master
-          TITLE: "Bump version to ${{ github.event.inputs.version_number }}"
-        run: |
-          gh pr create --title "$TITLE" \
-            --base "$BASE" \
-            --head "$PR_BRANCH" \
-            --label "version update" \
-            --label "automated pr" \
-            --body "
-              ## Type of change
-              - [ ] Bug fix
-              - [ ] New feature development
-              - [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
-              - [ ] Build/deploy pipeline (DevOps)
-              - [X] Other
-
-              ## Objective
-              Automated version bump to ${{ github.event.inputs.version_number }}"
+        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
+        run: git push

.github/workflows/workflow-linter.yml

@@ -1,11 +0,0 @@
----
-name: Workflow Linter
-
-on:
-  pull_request:
-    paths:
-      - .github/workflows/**
-
-jobs:
-  call-workflow:
-    uses: bitwarden/gh-actions/.github/workflows/workflow-linter.yml@c970b0fb89bd966749280e832928db62040812bf

.gitignore

@@ -2,6 +2,9 @@
 .DS_Store
 Thumbs.db
 
+# Environment variables used for tests
+.env
+
 # IDEs and editors
 .idea/
 .project
@@ -26,11 +29,12 @@ npm-debug.log
 # Build directories
 dist
 build
+build-cli
 .angular/cache
 
 # Testing
-coverage
-junit.xml
+coverage*
+junit.xml*
 
 # Misc
 *.crx

.nvmrc

@@ -1 +1 @@
-v18
+v20

README.md

@@ -3,13 +3,13 @@
 
 # Bitwarden Directory Connector
 
-The Bitwarden Directory Connector is a a desktop application used to sync your Bitwarden enterprise organization to an existing directory of users and groups.
+The Bitwarden Directory Connector is a desktop application used to sync your Bitwarden enterprise organization to an existing directory of users and groups.
 
 Supported directories:
 
 - Active Directory
 - Any other LDAP-based directory
-- Azure Active Directory
+- Microsoft Entra ID
 - G Suite (Google)
 - Okta
 

docker-compose.yml

@@ -0,0 +1,18 @@
+services:
+  open-ldap:
+    image: bitnamilegacy/openldap:latest
+    hostname: openldap
+    environment:
+      - LDAP_ADMIN_USERNAME=admin
+      - LDAP_ADMIN_PASSWORD=admin
+      - LDAP_ROOT=dc=bitwarden,dc=com
+      - LDAP_ENABLE_TLS=yes
+      - LDAP_TLS_CERT_FILE=/certs/openldap.pem
+      - LDAP_TLS_KEY_FILE=/certs/openldap-key.pem
+      - LDAP_TLS_CA_FILE=/certs/rootCA.pem
+    volumes:
+      - "./utils/openldap/ldifs:/ldifs"
+      - "./utils/openldap/certs:/certs"
+    ports:
+      - "1389:1389"
+      - "1636:1636"

docs/google-workspace.md

@@ -0,0 +1,300 @@
+# Google Workspace Directory Integration
+
+This document provides technical documentation for the Google Workspace (formerly G Suite) directory integration in Bitwarden Directory Connector.
+
+## Overview
+
+The Google Workspace integration synchronizes users and groups from Google Workspace to Bitwarden organizations using the Google Admin SDK Directory API. The service uses a service account with domain-wide delegation to authenticate and access directory data.
+
+## Architecture
+
+### Service Location
+
+- **Implementation**: `src/services/directory-services/gsuite-directory.service.ts`
+- **Configuration Model**: `src/models/gsuiteConfiguration.ts`
+- **Integration Tests**: `src/services/directory-services/gsuite-directory.service.integration.spec.ts`
+
+### Authentication Flow
+
+The Google Workspace integration uses **OAuth 2.0 with Service Accounts** and domain-wide delegation:
+
+1. A service account is created in Google Cloud Console
+2. The service account is granted domain-wide delegation authority
+3. The service account is authorized for specific OAuth scopes in Google Workspace Admin Console
+4. The Directory Connector uses the service account's private key to generate JWT tokens
+5. JWT tokens are exchanged for access tokens to call the Admin SDK APIs
+
+### Required OAuth Scopes
+
+The service account must be granted the following OAuth 2.0 scopes:
+
+```
+https://www.googleapis.com/auth/admin.directory.user.readonly
+https://www.googleapis.com/auth/admin.directory.group.readonly
+https://www.googleapis.com/auth/admin.directory.group.member.readonly
+```
+
+## Configuration
+
+### Required Fields
+
+| Field         | Description                                                                             |
+| ------------- | --------------------------------------------------------------------------------------- |
+| `clientEmail` | Service account email address (e.g., `service-account@project.iam.gserviceaccount.com`) |
+| `privateKey`  | Service account private key in PEM format                                               |
+| `adminUser`   | Admin user email to impersonate for domain-wide delegation                              |
+| `domain`      | Primary domain of the Google Workspace organization                                     |
+
+### Optional Fields
+
+| Field      | Description                                                |
+| ---------- | ---------------------------------------------------------- |
+| `customer` | Customer ID for multi-domain organizations (rarely needed) |
+
+### Example Configuration
+
+```typescript
+{
+  clientEmail: "directory-connector@my-project.iam.gserviceaccount.com",
+  privateKey: "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n",
+  adminUser: "admin@example.com",
+  domain: "example.com",
+  customer: "" // Usually not required
+}
+```
+
+## Setup Instructions
+
+### 1. Create a Service Account
+
+1. Go to [Google Cloud Console](https://console.cloud.google.com)
+2. Create or select a project
+3. Navigate to **IAM & Admin** > **Service Accounts**
+4. Click **Create Service Account**
+5. Enter a name and description
+6. Click **Create and Continue**
+7. Skip granting roles (not needed for this use case)
+8. Click **Done**
+
+### 2. Generate Service Account Key
+
+1. Click on the newly created service account
+2. Navigate to the **Keys** tab
+3. Click **Add Key** > **Create new key**
+4. Select **JSON** format
+5. Click **Create** and download the key file
+6. Extract `client_email` and `private_key` from the JSON file
+
+### 3. Enable Domain-Wide Delegation
+
+1. In the service account details, click **Show Advanced Settings**
+2. Under **Domain-wide delegation**, click **Enable Google Workspace Domain-wide Delegation**
+3. Note the **Client ID** (numeric ID)
+
+### 4. Authorize the Service Account in Google Workspace
+
+1. Go to [Google Workspace Admin Console](https://admin.google.com)
+2. Navigate to **Security** > **API Controls** > **Domain-wide Delegation**
+3. Click **Add new**
+4. Enter the **Client ID** from step 3
+5. Enter the following OAuth scopes (comma-separated):
+   ```
+   https://www.googleapis.com/auth/admin.directory.user.readonly,
+   https://www.googleapis.com/auth/admin.directory.group.readonly,
+   https://www.googleapis.com/auth/admin.directory.group.member.readonly
+   ```
+6. Click **Authorize**
+
+### 5. Configure Directory Connector
+
+Use the extracted values to configure the Directory Connector:
+
+- **Client Email**: From `client_email` in the JSON key file
+- **Private Key**: From `private_key` in the JSON key file (keep the `\n` line breaks)
+- **Admin User**: Email of a super admin user in your Google Workspace domain
+- **Domain**: Your primary Google Workspace domain
+
+## Sync Behavior
+
+### User Synchronization
+
+The service synchronizes the following user attributes:
+
+| Google Workspace Field    | Bitwarden Field             | Notes                                     |
+| ------------------------- | --------------------------- | ----------------------------------------- |
+| `id`                      | `referenceId`, `externalId` | User's unique Google ID                   |
+| `primaryEmail`            | `email`                     | Normalized to lowercase                   |
+| `suspended` OR `archived` | `disabled`                  | User is disabled if suspended or archived |
+| Deleted status            | `deleted`                   | Set to true for deleted users             |
+
+**Special Behavior:**
+
+- The service queries both **active users** and **deleted users** separately
+- Suspended and archived users are included but marked as disabled
+- Deleted users are included with the `deleted` flag set to true
+
+### Group Synchronization
+
+The service synchronizes the following group attributes:
+
+| Google Workspace Field  | Bitwarden Field             | Notes                    |
+| ----------------------- | --------------------------- | ------------------------ |
+| `id`                    | `referenceId`, `externalId` | Group's unique Google ID |
+| `name`                  | `name`                      | Group display name       |
+| Members (type=USER)     | `userMemberExternalIds`     | Individual user members  |
+| Members (type=GROUP)    | `groupMemberReferenceIds`   | Nested group members     |
+| Members (type=CUSTOMER) | `userMemberExternalIds`     | All domain users         |
+
+**Member Types:**
+
+- **USER**: Individual user accounts (only ACTIVE status users are synced)
+- **GROUP**: Nested groups (allows group hierarchy)
+- **CUSTOMER**: Special member type that includes all users in the domain
+
+### Filtering
+
+#### User Filter Examples
+
+```
+exclude:testuser1@bwrox.dev | testuser1@bwrox.dev                   # Exclude multiple users
+|orgUnitPath='/Integration testing'                                 # Users in Integration testing Organizational unit (OU)
+exclude:testuser1@bwrox.dev | orgUnitPath='/Integration testing'    # Combined filter: get users in OU excluding provided user
+|email:testuser*                                                    # Users with email starting with "testuser"
+```
+
+#### Group Filter Examples
+
+An important note for group filters is that it implicitly only syncs users that are in groups. For example, in the case of
+the integration test data, `admin@bwrox.dev` is not a member of any group. Therefore, the first example filter below will
+also implicitly exclude `admin@bwrox.dev`, who is not in any group. This is important because when it is paired with an
+empty user filter, this query may semantically be understood as "sync everyone not in Integration Test Group A," while in
+practice it means "Only sync members of groups not in integration Test Groups A."
+
+```
+exclude:Integration Test Group A                                    # Get all users in groups excluding the provided group.
+```
+
+### User AND Group Filter Examples
+
+```
+
+```
+
+**Filter Syntax:**
+
+- Prefix with `|` for custom filters
+- Use `:` for pattern matching (supports `*` wildcard)
+- Combine multiple conditions with spaces (AND logic)
+
+### Pagination
+
+The service automatically handles pagination for all API calls:
+
+- Users API (active and deleted)
+- Groups API
+- Group Members API
+
+Each API call processes all pages using the `nextPageToken` mechanism until no more results are available.
+
+## Error Handling
+
+### Common Errors
+
+| Error                  | Cause                                 | Resolution                                                 |
+| ---------------------- | ------------------------------------- | ---------------------------------------------------------- |
+| "dirConfigIncomplete"  | Missing required configuration fields | Verify all required fields are provided                    |
+| "authenticationFailed" | Invalid credentials or unauthorized   | Check service account key and domain-wide delegation setup |
+| API returns 401/403    | Missing OAuth scopes                  | Verify scopes are authorized in Admin Console              |
+| API returns 404        | Invalid domain or customer ID         | Check domain configuration                                 |
+
+### Security Considerations
+
+The service implements the following security measures:
+
+1. **Credential sanitization**: Error messages do not expose private keys or sensitive credentials
+2. **Secure authentication**: Uses OAuth 2.0 with JWT tokens, not API keys
+3. **Read-only access**: Only requires read-only scopes for directory data
+4. **No credential logging**: Service account credentials are not logged
+
+## Testing
+
+### Integration Tests
+
+Integration tests are located in `src/services/directory-services/gsuite-directory.service.integration.spec.ts`.
+
+**Test Coverage:**
+
+- Basic sync (users and groups)
+- Sync with filters
+- Users-only sync
+- Groups-only sync
+- User filtering scenarios
+- Group filtering scenarios
+- Disabled users handling
+- Group membership scenarios
+- Error handling
+
+**Running Integration Tests:**
+
+Integration tests require live Google Workspace credentials:
+
+1. Create a `.env` file in the `utils/` folder with:
+   ```
+   GOOGLE_ADMIN_USER=admin@example.com
+   GOOGLE_CLIENT_EMAIL=service-account@project.iam.gserviceaccount.com
+   GOOGLE_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n"
+   GOOGLE_DOMAIN=example.com
+   ```
+2. Run tests:
+
+   ```bash
+   # Run all integration tests (includes LDAP, Google Workspace, etc.)
+   npm run test:integration
+
+   # Run only Google Workspace integration tests
+   npx jest gsuite-directory.service.integration.spec.ts
+   ```
+
+**Test Data:**
+
+The integration tests expect specific test data in Google Workspace:
+
+- **Users**: 5 test users in organizational unit `/Integration testing`
+  - testuser1@bwrox.dev (in Group A)
+  - testuser2@bwrox.dev (in Groups A & B)
+  - testuser3@bwrox.dev (in Group B)
+  - testuser4@bwrox.dev (no groups)
+  - testuser5@bwrox.dev (disabled)
+
+- **Groups**: 2 test groups with name pattern `Integration*`
+  - Integration Test Group A
+  - Integration Test Group B
+
+## API Reference
+
+### Google Admin SDK APIs Used
+
+- **Users API**: `admin.users.list()`
+  - [Documentation](https://developers.google.com/admin-sdk/directory/reference/rest/v1/users/list)
+
+- **Groups API**: `admin.groups.list()`
+  - [Documentation](https://developers.google.com/admin-sdk/directory/reference/rest/v1/groups/list)
+
+- **Members API**: `admin.members.list()`
+  - [Documentation](https://developers.google.com/admin-sdk/directory/reference/rest/v1/members/list)
+
+### Rate Limits
+
+Google Workspace Directory API rate limits:
+
+- Default: 2,400 queries per minute per user, per Google Cloud Project
+
+The service does not implement rate limiting logic; it relies on API error responses.
+
+## Resources
+
+- [Google Admin SDK Directory API Guide](https://developers.google.com/admin-sdk/directory/v1/guides)
+- [Service Account Authentication](https://developers.google.com/identity/protocols/oauth2/service-account)
+- [Domain-wide Delegation](https://support.google.com/a/answer/162106)
+- [Google Workspace Admin Console](https://admin.google.com)
+- [Bitwarden Directory Connector Documentation](https://bitwarden.com/help/directory-sync/)

electron-builder.json

@@ -4,7 +4,7 @@
   },
   "productName": "Bitwarden Directory Connector",
   "appId": "com.bitwarden.directory-connector",
-  "copyright": "Copyright © 2015-2022 Bitwarden Inc.",
+  "copyright": "Copyright © 2015-2026 Bitwarden Inc.",
   "directories": {
     "buildResources": "resources",
     "output": "dist",

eslint.config.mjs

@@ -0,0 +1,149 @@
+// @ts-check
+import eslint from "@eslint/js";
+import tsParser from "@typescript-eslint/parser";
+import tsPlugin from "@typescript-eslint/eslint-plugin";
+import prettierConfig from "eslint-config-prettier";
+import importPlugin from "eslint-plugin-import";
+import rxjsX from "eslint-plugin-rxjs-x";
+import rxjsAngularX from "eslint-plugin-rxjs-angular-x";
+import angularEslint from "@angular-eslint/eslint-plugin-template";
+import angularParser from "@angular-eslint/template-parser";
+import globals from "globals";
+
+export default [
+  // Global ignores (replaces .eslintignore)
+  {
+    ignores: [
+      "dist/**",
+      "dist-cli/**",
+      "build/**",
+      "build-cli/**",
+      "coverage/**",
+      "**/*.cjs",
+      "eslint.config.mjs",
+      "scripts/**/*.js",
+      "**/node_modules/**",
+    ],
+  },
+
+  // Base config for all JavaScript/TypeScript files
+  {
+    files: ["**/*.ts", "**/*.js"],
+    languageOptions: {
+      ecmaVersion: 2020,
+      sourceType: "module",
+      parser: tsParser,
+      parserOptions: {
+        project: ["./tsconfig.eslint.json"],
+      },
+      globals: {
+        ...globals.browser,
+        ...globals.node,
+      },
+    },
+    plugins: {
+      "@typescript-eslint": tsPlugin,
+      import: importPlugin,
+      "rxjs-x": rxjsX,
+      "rxjs-angular-x": rxjsAngularX,
+    },
+    settings: {
+      "import/parsers": {
+        "@typescript-eslint/parser": [".ts"],
+      },
+      "import/resolver": {
+        typescript: {
+          alwaysTryTypes: true,
+        },
+      },
+    },
+    rules: {
+      // ESLint recommended rules
+      ...eslint.configs.recommended.rules,
+
+      // TypeScript ESLint recommended rules
+      ...tsPlugin.configs.recommended.rules,
+
+      // Import plugin recommended rules
+      ...importPlugin.flatConfigs.recommended.rules,
+
+      // RxJS recommended rules
+      ...rxjsX.configs.recommended.rules,
+
+      // Custom project rules
+      "@typescript-eslint/explicit-member-accessibility": ["error", { accessibility: "no-public" }],
+      "@typescript-eslint/no-explicit-any": "off", // TODO: This should be re-enabled
+      "@typescript-eslint/no-misused-promises": ["error", { checksVoidReturn: false }],
+      "@typescript-eslint/no-this-alias": ["error", { allowedNames: ["self"] }],
+      "@typescript-eslint/no-unused-vars": ["error", { args: "none" }],
+      "no-console": "error",
+      "import/no-unresolved": "off", // TODO: Look into turning on once each package is an actual package.
+      "import/order": [
+        "error",
+        {
+          alphabetize: {
+            order: "asc",
+          },
+          "newlines-between": "always",
+          pathGroups: [
+            {
+              pattern: "@/jslib/**/*",
+              group: "external",
+              position: "after",
+            },
+            {
+              pattern: "@/src/**/*",
+              group: "parent",
+              position: "before",
+            },
+          ],
+          pathGroupsExcludedImportTypes: ["builtin"],
+        },
+      ],
+      "rxjs-angular-x/prefer-takeuntil": "error",
+      "rxjs-x/no-exposed-subjects": ["error", { allowProtected: true }],
+      "no-restricted-syntax": [
+        "error",
+        {
+          message: "Calling `svgIcon` directly is not allowed",
+          selector: "CallExpression[callee.name='svgIcon']",
+        },
+        {
+          message: "Accessing FormGroup using `get` is not allowed, use `.value` instead",
+          selector:
+            "ChainExpression[expression.object.callee.property.name='get'][expression.property.name='value']",
+        },
+      ],
+      curly: ["error", "all"],
+      "import/namespace": ["off"], // This doesn't resolve namespace imports correctly, but TS will throw for this anyway
+      "no-restricted-imports": ["error", { patterns: ["src/**/*"] }],
+    },
+  },
+
+  // Jest test files (includes any test-related files)
+  {
+    files: ["**/*.spec.ts", "**/test.setup.ts", "**/spec/**/*.ts", "**/utils/**/*fixtures*.ts"],
+    languageOptions: {
+      globals: {
+        ...globals.jest,
+      },
+    },
+  },
+
+  // Angular HTML templates
+  {
+    files: ["**/*.html"],
+    languageOptions: {
+      parser: angularParser,
+    },
+    plugins: {
+      "@angular-eslint/template": angularEslint,
+    },
+    rules: {
+      "@angular-eslint/template/button-has-type": "error",
+    },
+  },
+
+  // Prettier config (must be last to override other configs)
+  prettierConfig,
+];

jest.config.cjs

@@ -0,0 +1,49 @@
+const { pathsToModuleNameMapper } = require("ts-jest");
+const { compilerOptions } = require("./tsconfig");
+
+const tsPreset = require("ts-jest/jest-preset");
+const angularPreset = require("jest-preset-angular/jest-preset");
+const { defaultTransformerOptions } = require("jest-preset-angular/presets");
+
+/** @type {import('ts-jest').JestConfigWithTsJest} */
+module.exports = {
+  // ...tsPreset,
+  // ...angularPreset,
+  preset: "jest-preset-angular",
+
+  reporters: ["default", "jest-junit"],
+
+  collectCoverage: true,
+  // Ensure we collect coverage from files without tests
+  collectCoverageFrom: ["src/**/*.ts"],
+  coverageReporters: ["html", "lcov"],
+  coverageDirectory: "coverage",
+
+  testEnvironment: "jsdom",
+  testMatch: ["**/+(*.)+(spec).+(ts)"],
+
+  roots: ["<rootDir>"],
+  modulePaths: [compilerOptions.baseUrl],
+  moduleNameMapper: pathsToModuleNameMapper(compilerOptions.paths, { prefix: "<rootDir>/" }),
+  setupFilesAfterEnv: ["<rootDir>/test.setup.ts"],
+  // Workaround for a memory leak that crashes tests in CI:
+  // https://github.com/facebook/jest/issues/9430#issuecomment-1149882002
+  // Also anecdotally improves performance when run locally
+  maxWorkers: 3,
+
+  transform: {
+    "^.+\\.tsx?$": [
+      "jest-preset-angular",
+      // 'ts-jest',
+      {
+        ...defaultTransformerOptions,
+        tsconfig: "./tsconfig.json",
+        // Further workaround for memory leak, recommended here:
+        // https://github.com/kulshekhar/ts-jest/issues/1967#issuecomment-697494014
+        // Makes tests run faster and reduces size/rate of leak, but loses typechecking on test code
+        // See https://bitwarden.atlassian.net/browse/EC-497 for more info
+        isolatedModules: true,
+      },
+    ],
+  },
+};

jslib/angular/spec/test.ts

@@ -0,0 +1,28 @@
+import { webcrypto } from "crypto";
+import "jest-preset-angular/setup-jest";
+
+Object.defineProperty(window, "CSS", { value: null });
+Object.defineProperty(window, "getComputedStyle", {
+  value: () => {
+    return {
+      display: "none",
+      appearance: ["-webkit-appearance"],
+    };
+  },
+});
+
+Object.defineProperty(document, "doctype", {
+  value: "<!DOCTYPE html>",
+});
+Object.defineProperty(document.body.style, "transform", {
+  value: () => {
+    return {
+      enumerable: true,
+      configurable: true,
+    };
+  },
+});
+
+Object.defineProperty(window, "crypto", {
+  value: webcrypto,
+});

jslib/angular/src/components/callout.component.html

@@ -1,35 +0,0 @@
-<div
-  #callout
-  class="callout callout-{{ calloutStyle }}"
-  [ngClass]="{ clickable: clickable }"
-  [attr.role]="useAlertRole ? 'alert' : null"
->
-  <h3 class="callout-heading" *ngIf="title">
-    <i class="bwi {{ icon }}" *ngIf="icon" aria-hidden="true"></i>
-    {{ title }}
-  </h3>
-  <div class="enforced-policy-options" *ngIf="enforcedPolicyOptions">
-    {{ enforcedPolicyMessage }}
-    <ul>
-      <li *ngIf="enforcedPolicyOptions?.minComplexity > 0">
-        {{ "policyInEffectMinComplexity" | i18n : getPasswordScoreAlertDisplay() }}
-      </li>
-      <li *ngIf="enforcedPolicyOptions?.minLength > 0">
-        {{ "policyInEffectMinLength" | i18n : enforcedPolicyOptions?.minLength.toString() }}
-      </li>
-      <li *ngIf="enforcedPolicyOptions?.requireUpper">
-        {{ "policyInEffectUppercase" | i18n }}
-      </li>
-      <li *ngIf="enforcedPolicyOptions?.requireLower">
-        {{ "policyInEffectLowercase" | i18n }}
-      </li>
-      <li *ngIf="enforcedPolicyOptions?.requireNumbers">
-        {{ "policyInEffectNumbers" | i18n }}
-      </li>
-      <li *ngIf="enforcedPolicyOptions?.requireSpecial">
-        {{ "policyInEffectSpecial" | i18n : "!@#$%^&*" }}
-      </li>
-    </ul>
-  </div>
-  <ng-content></ng-content>
-</div>

jslib/angular/src/components/callout.component.ts

@@ -1,78 +0,0 @@
-import { Component, Input, OnInit } from "@angular/core";
-
-import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
-import { MasterPasswordPolicyOptions } from "@/jslib/common/src/models/domain/masterPasswordPolicyOptions";
-
-@Component({
-  selector: "app-callout",
-  templateUrl: "callout.component.html",
-})
-export class CalloutComponent implements OnInit {
-  @Input() type = "info";
-  @Input() icon: string;
-  @Input() title: string;
-  @Input() clickable: boolean;
-  @Input() enforcedPolicyOptions: MasterPasswordPolicyOptions;
-  @Input() enforcedPolicyMessage: string;
-  @Input() useAlertRole = false;
-
-  calloutStyle: string;
-
-  constructor(private i18nService: I18nService) {}
-
-  ngOnInit() {
-    this.calloutStyle = this.type;
-
-    if (this.enforcedPolicyMessage === undefined) {
-      this.enforcedPolicyMessage = this.i18nService.t("masterPasswordPolicyInEffect");
-    }
-
-    if (this.type === "warning" || this.type === "danger") {
-      if (this.type === "danger") {
-        this.calloutStyle = "danger";
-      }
-      if (this.title === undefined) {
-        this.title = this.i18nService.t("warning");
-      }
-      if (this.icon === undefined) {
-        this.icon = "bwi-exclamation-triangle";
-      }
-    } else if (this.type === "error") {
-      this.calloutStyle = "danger";
-      if (this.title === undefined) {
-        this.title = this.i18nService.t("error");
-      }
-      if (this.icon === undefined) {
-        this.icon = "bwi-error";
-      }
-    } else if (this.type === "tip") {
-      this.calloutStyle = "success";
-      if (this.title === undefined) {
-        this.title = this.i18nService.t("tip");
-      }
-      if (this.icon === undefined) {
-        this.icon = "bwi-lightbulb";
-      }
-    }
-  }
-
-  getPasswordScoreAlertDisplay() {
-    if (this.enforcedPolicyOptions == null) {
-      return "";
-    }
-
-    let str: string;
-    switch (this.enforcedPolicyOptions.minComplexity) {
-      case 4:
-        str = this.i18nService.t("strong");
-        break;
-      case 3:
-        str = this.i18nService.t("good");
-        break;
-      default:
-        str = this.i18nService.t("weak");
-        break;
-    }
-    return str + " (" + this.enforcedPolicyOptions.minComplexity + ")";
-  }
-}

jslib/angular/src/components/environment.component.ts

@@ -19,7 +19,7 @@ export class EnvironmentComponent {
   constructor(
     protected platformUtilsService: PlatformUtilsService,
     protected environmentService: EnvironmentService,
-    protected i18nService: I18nService
+    protected i18nService: I18nService,
   ) {
     const urls = this.environmentService.getUrls();
 

jslib/angular/src/components/icon.component.html

@@ -1,11 +0,0 @@
-<div class="icon" aria-hidden="true">
-  <img
-    [src]="image"
-    appFallbackSrc="{{ fallbackImage }}"
-    *ngIf="imageEnabled && image"
-    alt=""
-    decoding="async"
-    loading="lazy"
-  />
-  <i class="bwi bwi-fw bwi-lg {{ icon }}" *ngIf="!imageEnabled || !image"></i>
-</div>

jslib/angular/src/components/icon.component.ts

@@ -1,112 +0,0 @@
-import { Component, Input, OnChanges } from "@angular/core";
-
-import { EnvironmentService } from "@/jslib/common/src/abstractions/environment.service";
-import { StateService } from "@/jslib/common/src/abstractions/state.service";
-import { CipherType } from "@/jslib/common/src/enums/cipherType";
-import { Utils } from "@/jslib/common/src/misc/utils";
-import { CipherView } from "@/jslib/common/src/models/view/cipherView";
-
-/**
- * Provides a mapping from supported card brands to
- * the filenames of icon that should be present in images/cards folder of clients.
- */
-const cardIcons: Record<string, string> = {
-  Visa: "card-visa",
-  Mastercard: "card-mastercard",
-  Amex: "card-amex",
-  Discover: "card-discover",
-  "Diners Club": "card-diners-club",
-  JCB: "card-jcb",
-  Maestro: "card-maestro",
-  UnionPay: "card-union-pay",
-};
-
-@Component({
-  selector: "app-vault-icon",
-  templateUrl: "icon.component.html",
-})
-export class IconComponent implements OnChanges {
-  @Input() cipher: CipherView;
-  icon: string;
-  image: string;
-  fallbackImage: string;
-  imageEnabled: boolean;
-
-  private iconsUrl: string;
-
-  constructor(environmentService: EnvironmentService, private stateService: StateService) {
-    this.iconsUrl = environmentService.getIconsUrl();
-  }
-
-  async ngOnChanges() {
-    // Components may be re-used when using cdk-virtual-scroll. Which puts the component in a weird state,
-    // to avoid this we reset all state variables.
-    this.image = null;
-    this.fallbackImage = null;
-    this.imageEnabled = !(await this.stateService.getDisableFavicon());
-    this.load();
-  }
-
-  protected load() {
-    switch (this.cipher.type) {
-      case CipherType.Login:
-        this.icon = "bwi-globe";
-        this.setLoginIcon();
-        break;
-      case CipherType.SecureNote:
-        this.icon = "bwi-sticky-note";
-        break;
-      case CipherType.Card:
-        this.icon = "bwi-credit-card";
-        this.setCardIcon();
-        break;
-      case CipherType.Identity:
-        this.icon = "bwi-id-card";
-        break;
-      default:
-        break;
-    }
-  }
-
-  private setLoginIcon() {
-    if (this.cipher.login.uri) {
-      let hostnameUri = this.cipher.login.uri;
-      let isWebsite = false;
-
-      if (hostnameUri.indexOf("androidapp://") === 0) {
-        this.icon = "bwi-android";
-        this.image = null;
-      } else if (hostnameUri.indexOf("iosapp://") === 0) {
-        this.icon = "bwi-apple";
-        this.image = null;
-      } else if (
-        this.imageEnabled &&
-        hostnameUri.indexOf("://") === -1 &&
-        hostnameUri.indexOf(".") > -1
-      ) {
-        hostnameUri = "http://" + hostnameUri;
-        isWebsite = true;
-      } else if (this.imageEnabled) {
-        isWebsite = hostnameUri.indexOf("http") === 0 && hostnameUri.indexOf(".") > -1;
-      }
-
-      if (this.imageEnabled && isWebsite) {
-        try {
-          this.image = this.iconsUrl + "/" + Utils.getHostname(hostnameUri) + "/icon.png";
-          this.fallbackImage = "images/bwi-globe.png";
-        } catch (e) {
-          // Ignore error since the fallback icon will be shown if image is null.
-        }
-      }
-    } else {
-      this.image = null;
-    }
-  }
-
-  private setCardIcon() {
-    const brand = this.cipher.card.brand;
-    if (this.imageEnabled && brand in cardIcons) {
-      this.icon = "credit-card-icon " + cardIcons[brand];
-    }
-  }
-}

jslib/angular/src/components/modal/dynamic-modal.component.ts

@@ -35,7 +35,7 @@ export class DynamicModalComponent implements AfterViewInit, OnDestroy {
     private cd: ChangeDetectorRef,
     private el: ElementRef<HTMLElement>,
     private focusTrapFactory: ConfigurableFocusTrapFactory,
-    public modalRef: ModalRef
+    public modalRef: ModalRef,
   ) {}
 
   ngAfterViewInit() {
@@ -47,7 +47,7 @@ export class DynamicModalComponent implements AfterViewInit, OnDestroy {
 
     this.modalRef.created(this.el.nativeElement);
     this.focusTrap = this.focusTrapFactory.create(
-      this.el.nativeElement.querySelector(".modal-dialog")
+      this.el.nativeElement.querySelector(".modal-dialog"),
     );
     if (this.el.nativeElement.querySelector("[appAutoFocus]") == null) {
       this.focusTrap.focusFirstTabbableElementWhenReady();

jslib/angular/src/components/modal/modal-injector.ts

@@ -1,16 +1,18 @@
-import { InjectFlags, InjectOptions, Injector, ProviderToken } from "@angular/core";
+import { InjectOptions, Injector, ProviderToken } from "@angular/core";
 
 export class ModalInjector implements Injector {
-  constructor(private _parentInjector: Injector, private _additionalTokens: WeakMap<any, any>) {}
+  constructor(
+    private _parentInjector: Injector,
+    private _additionalTokens: WeakMap<any, any>,
+  ) {}
 
   get<T>(
     token: ProviderToken<T>,
     notFoundValue: undefined,
-    options: InjectOptions & { optional?: false }
+    options: InjectOptions & { optional?: false },
   ): T;
   get<T>(token: ProviderToken<T>, notFoundValue: null, options: InjectOptions): T;
-  get<T>(token: ProviderToken<T>, notFoundValue?: T, options?: InjectOptions | InjectFlags): T;
-  get<T>(token: ProviderToken<T>, notFoundValue?: T, flags?: InjectFlags): T;
+  get<T>(token: ProviderToken<T>, notFoundValue?: T, options?: InjectOptions): T;
   get(token: any, notFoundValue?: any): any;
   get(token: any, notFoundValue?: any, flags?: any): any {
     return this._additionalTokens.get(token) ?? this._parentInjector.get<any>(token, notFoundValue);

jslib/angular/src/components/modal/modal.ref.ts

@@ -1,5 +1,4 @@
-import { Observable, Subject } from "rxjs";
-import { first } from "rxjs/operators";
+import { lastValueFrom, Observable, Subject } from "rxjs";
 
 export class ModalRef {
   onCreated: Observable<HTMLElement>; // Modal added to the DOM.
@@ -45,6 +44,6 @@ export class ModalRef {
   }
 
   onClosedPromise(): Promise<any> {
-    return this.onClosed.pipe(first()).toPromise();
+    return lastValueFrom(this.onClosed);
   }
 }

jslib/angular/src/components/password-reprompt.component.ts

@@ -1,42 +0,0 @@
-import { Directive } from "@angular/core";
-
-import { ModalRef } from "./modal/modal.ref";
-
-import { CryptoService } from "@/jslib/common/src/abstractions/crypto.service";
-import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
-import { PlatformUtilsService } from "@/jslib/common/src/abstractions/platformUtils.service";
-
-
-/**
- * Used to verify the user's Master Password for the "Master Password Re-prompt" feature only.
- * See UserVerificationComponent for any other situation where you need to verify the user's identity.
- */
-@Directive()
-export class PasswordRepromptComponent {
-  showPassword = false;
-  masterPassword = "";
-
-  constructor(
-    private modalRef: ModalRef,
-    private cryptoService: CryptoService,
-    private platformUtilsService: PlatformUtilsService,
-    private i18nService: I18nService
-  ) {}
-
-  togglePassword() {
-    this.showPassword = !this.showPassword;
-  }
-
-  async submit() {
-    if (!(await this.cryptoService.compareAndUpdateKeyHash(this.masterPassword, null))) {
-      this.platformUtilsService.showToast(
-        "error",
-        this.i18nService.t("errorOccurred"),
-        this.i18nService.t("invalidMasterPassword")
-      );
-      return;
-    }
-
-    this.modalRef.close(true);
-  }
-}

jslib/angular/src/components/toastr.component.ts

@@ -60,9 +60,13 @@ import {
     ]),
   ],
   preserveWhitespaces: false,
+  standalone: false,
 })
 export class BitwardenToast extends BaseToast {
-  constructor(protected toastrService: ToastrService, public toastPackage: ToastPackage) {
+  constructor(
+    protected toastrService: ToastrService,
+    public toastPackage: ToastPackage,
+  ) {
     super(toastrService, toastPackage);
   }
 }

jslib/angular/src/directives/a11y-title.directive.ts

@@ -2,6 +2,7 @@ import { Directive, ElementRef, Input, Renderer2 } from "@angular/core";
 
 @Directive({
   selector: "[appA11yTitle]",
+  standalone: false,
 })
 export class A11yTitleDirective {
   @Input() set appA11yTitle(title: string) {
@@ -10,7 +11,10 @@ export class A11yTitleDirective {
 
   private title: string;
 
-  constructor(private el: ElementRef, private renderer: Renderer2) {}
+  constructor(
+    private el: ElementRef,
+    private renderer: Renderer2,
+  ) {}
 
   ngOnInit() {
     if (!this.el.nativeElement.hasAttribute("title")) {

jslib/angular/src/directives/api-action.directive.ts

@@ -1,10 +1,9 @@
 import { Directive, ElementRef, Input, OnChanges } from "@angular/core";
 
-import { ValidationService } from "../services/validation.service";
-
 import { LogService } from "@/jslib/common/src/abstractions/log.service";
 import { ErrorResponse } from "@/jslib/common/src/models/response/errorResponse";
 
+import { ValidationService } from "../services/validation.service";
 
 /**
  * Provides error handling, in particular for any error returned by the server in an api call.
@@ -14,6 +13,7 @@ import { ErrorResponse } from "@/jslib/common/src/models/response/errorResponse"
  */
 @Directive({
   selector: "[appApiAction]",
+  standalone: false,
 })
 export class ApiActionDirective implements OnChanges {
   @Input() appApiAction: Promise<any>;
@@ -21,7 +21,7 @@ export class ApiActionDirective implements OnChanges {
   constructor(
     private el: ElementRef,
     private validationService: ValidationService,
-    private logService: LogService
+    private logService: LogService,
   ) {}
 
   ngOnChanges(changes: any) {
@@ -44,7 +44,7 @@ export class ApiActionDirective implements OnChanges {
         }
         this.logService?.error(`Received API exception: ${e}`);
         this.validationService.showError(e);
-      }
+      },
     );
   }
 }

jslib/angular/src/directives/autofocus.directive.ts

@@ -1,10 +1,11 @@
 import { Directive, ElementRef, Input, NgZone } from "@angular/core";
-import { take } from "rxjs/operators";
+import { take } from "rxjs";
 
 import { Utils } from "@/jslib/common/src/misc/utils";
 
 @Directive({
   selector: "[appAutofocus]",
+  standalone: false,
 })
 export class AutofocusDirective {
   @Input() set appAutofocus(condition: boolean | string) {
@@ -13,7 +14,10 @@ export class AutofocusDirective {
 
   private autofocus: boolean;
 
-  constructor(private el: ElementRef, private ngZone: NgZone) {}
+  constructor(
+    private el: ElementRef,
+    private ngZone: NgZone,
+  ) {}
 
   ngOnInit() {
     if (!Utils.isMobileBrowser && this.autofocus) {

jslib/angular/src/directives/blur-click.directive.ts

@@ -2,6 +2,7 @@ import { Directive, ElementRef, HostListener } from "@angular/core";
 
 @Directive({
   selector: "[appBlurClick]",
+  standalone: false,
 })
 export class BlurClickDirective {
   constructor(private el: ElementRef) {}

jslib/angular/src/directives/box-row.directive.ts

@@ -2,6 +2,7 @@ import { Directive, ElementRef, HostListener, OnInit } from "@angular/core";
 
 @Directive({
   selector: "[appBoxRow]",
+  standalone: false,
 })
 export class BoxRowDirective implements OnInit {
   el: HTMLElement = null;
@@ -13,7 +14,7 @@ export class BoxRowDirective implements OnInit {
 
   ngOnInit(): void {
     this.formEls = Array.from(
-      this.el.querySelectorAll('input:not([type="hidden"]), select, textarea')
+      this.el.querySelectorAll('input:not([type="hidden"]), select, textarea'),
     );
     this.formEls.forEach((formEl) => {
       formEl.addEventListener(
@@ -21,7 +22,7 @@ export class BoxRowDirective implements OnInit {
         () => {
           this.el.classList.add("active");
         },
-        false
+        false,
       );
 
       formEl.addEventListener(
@@ -29,7 +30,7 @@ export class BoxRowDirective implements OnInit {
         () => {
           this.el.classList.remove("active");
         },
-        false
+        false,
       );
     });
   }

jslib/angular/src/directives/fallback-src.directive.ts

@@ -2,6 +2,7 @@ import { Directive, ElementRef, HostListener, Input } from "@angular/core";
 
 @Directive({
   selector: "[appFallbackSrc]",
+  standalone: false,
 })
 export class FallbackSrcDirective {
   @Input("appFallbackSrc") appFallbackSrc: string;

jslib/angular/src/directives/stop-click.directive.ts

@@ -2,6 +2,7 @@ import { Directive, HostListener } from "@angular/core";
 
 @Directive({
   selector: "[appStopClick]",
+  standalone: false,
 })
 export class StopClickDirective {
   @HostListener("click", ["$event"]) onClick($event: MouseEvent) {

jslib/angular/src/directives/stop-prop.directive.ts

@@ -2,6 +2,7 @@ import { Directive, HostListener } from "@angular/core";
 
 @Directive({
   selector: "[appStopProp]",
+  standalone: false,
 })
 export class StopPropDirective {
   @HostListener("click", ["$event"]) onClick($event: MouseEvent) {

jslib/angular/src/pipes/i18n.pipe.ts

@@ -4,6 +4,7 @@ import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
 
 @Pipe({
   name: "i18n",
+  standalone: false,
 })
 export class I18nPipe implements PipeTransform {
   constructor(private i18nService: I18nService) {}

jslib/angular/src/pipes/search-ciphers.pipe.ts

@@ -1,41 +0,0 @@
-import { Pipe, PipeTransform } from "@angular/core";
-
-import { CipherView } from "@/jslib/common/src/models/view/cipherView";
-
-@Pipe({
-  name: "searchCiphers",
-})
-export class SearchCiphersPipe implements PipeTransform {
-  transform(ciphers: CipherView[], searchText: string, deleted = false): CipherView[] {
-    if (ciphers == null || ciphers.length === 0) {
-      return [];
-    }
-
-    if (searchText == null || searchText.length < 2) {
-      return ciphers.filter((c) => {
-        return deleted !== c.isDeleted;
-      });
-    }
-
-    searchText = searchText.trim().toLowerCase();
-    return ciphers.filter((c) => {
-      if (deleted !== c.isDeleted) {
-        return false;
-      }
-      if (c.name != null && c.name.toLowerCase().indexOf(searchText) > -1) {
-        return true;
-      }
-      if (searchText.length >= 8 && c.id.startsWith(searchText)) {
-        return true;
-      }
-      if (c.subTitle != null && c.subTitle.toLowerCase().indexOf(searchText) > -1) {
-        return true;
-      }
-      if (c.login && c.login.uri != null && c.login.uri.toLowerCase().indexOf(searchText) > -1) {
-        return true;
-      }
-
-      return false;
-    });
-  }
-}

jslib/angular/src/scss/bwicons/styles/style.scss

@@ -4,7 +4,8 @@ $icomoon-font-path: "/jslib/angular/src/scss/bwicons/fonts/" !default;
 // New font sheet? Update the font-face information below
 @font-face {
   font-family: "#{$icomoon-font-family}";
-  src: url($icomoon-font-path + "bwi-font.svg") format("svg"),
+  src:
+    url($icomoon-font-path + "bwi-font.svg") format("svg"),
     url($icomoon-font-path + "bwi-font.ttf") format("truetype"),
     url($icomoon-font-path + "bwi-font.woff") format("woff"),
     url($icomoon-font-path + "bwi-font.woff2") format("woff2");

jslib/angular/src/services/auth-guard.service.ts

@@ -1,45 +0,0 @@
-import { Injectable } from "@angular/core";
-import { ActivatedRouteSnapshot, Router, RouterStateSnapshot } from "@angular/router";
-
-import { KeyConnectorService } from "@/jslib/common/src/abstractions/keyConnector.service";
-import { MessagingService } from "@/jslib/common/src/abstractions/messaging.service";
-import { StateService } from "@/jslib/common/src/abstractions/state.service";
-import { VaultTimeoutService } from "@/jslib/common/src/abstractions/vaultTimeout.service";
-
-@Injectable()
-export class AuthGuardService  {
-  constructor(
-    private vaultTimeoutService: VaultTimeoutService,
-    private router: Router,
-    private messagingService: MessagingService,
-    private keyConnectorService: KeyConnectorService,
-    private stateService: StateService
-  ) {}
-
-  async canActivate(route: ActivatedRouteSnapshot, routerState: RouterStateSnapshot) {
-    const isAuthed = await this.stateService.getIsAuthenticated();
-    if (!isAuthed) {
-      this.messagingService.send("authBlocked");
-      return false;
-    }
-
-    const locked = await this.vaultTimeoutService.isLocked();
-    if (locked) {
-      if (routerState != null) {
-        this.messagingService.send("lockedUrl", { url: routerState.url });
-      }
-      this.router.navigate(["lock"], { queryParams: { promptBiometric: true } });
-      return false;
-    }
-
-    if (
-      !routerState.url.includes("remove-password") &&
-      (await this.keyConnectorService.getConvertAccountRequired())
-    ) {
-      this.router.navigate(["/remove-password"]);
-      return false;
-    }
-
-    return true;
-  }
-}

jslib/angular/src/services/jslib-services.module.ts

@@ -1,192 +1,70 @@
-import { Injector, LOCALE_ID, NgModule } from "@angular/core";
-
-import { AuthGuardService } from "./auth-guard.service";
-import { BroadcasterService } from "./broadcaster.service";
-import { LockGuardService } from "./lock-guard.service";
-import { ModalService } from "./modal.service";
-import { PasswordRepromptService } from "./passwordReprompt.service";
-import { UnauthGuardService } from "./unauth-guard.service";
-import { ValidationService } from "./validation.service";
+import { LOCALE_ID, NgModule } from "@angular/core";
 
 import { ApiService as ApiServiceAbstraction } from "@/jslib/common/src/abstractions/api.service";
 import { AppIdService as AppIdServiceAbstraction } from "@/jslib/common/src/abstractions/appId.service";
-import { AuditService as AuditServiceAbstraction } from "@/jslib/common/src/abstractions/audit.service";
-import { AuthService as AuthServiceAbstraction } from "@/jslib/common/src/abstractions/auth.service";
 import { BroadcasterService as BroadcasterServiceAbstraction } from "@/jslib/common/src/abstractions/broadcaster.service";
-import { CipherService as CipherServiceAbstraction } from "@/jslib/common/src/abstractions/cipher.service";
-import { CollectionService as CollectionServiceAbstraction } from "@/jslib/common/src/abstractions/collection.service";
 import { CryptoService as CryptoServiceAbstraction } from "@/jslib/common/src/abstractions/crypto.service";
 import { CryptoFunctionService as CryptoFunctionServiceAbstraction } from "@/jslib/common/src/abstractions/cryptoFunction.service";
 import { EnvironmentService as EnvironmentServiceAbstraction } from "@/jslib/common/src/abstractions/environment.service";
-import { EventService as EventServiceAbstraction } from "@/jslib/common/src/abstractions/event.service";
-import { ExportService as ExportServiceAbstraction } from "@/jslib/common/src/abstractions/export.service";
-import { FileUploadService as FileUploadServiceAbstraction } from "@/jslib/common/src/abstractions/fileUpload.service";
-import { FolderService as FolderServiceAbstraction } from "@/jslib/common/src/abstractions/folder.service";
 import { I18nService as I18nServiceAbstraction } from "@/jslib/common/src/abstractions/i18n.service";
-import { KeyConnectorService as KeyConnectorServiceAbstraction } from "@/jslib/common/src/abstractions/keyConnector.service";
 import { LogService } from "@/jslib/common/src/abstractions/log.service";
 import { MessagingService as MessagingServiceAbstraction } from "@/jslib/common/src/abstractions/messaging.service";
-import { NotificationsService as NotificationsServiceAbstraction } from "@/jslib/common/src/abstractions/notifications.service";
-import { OrganizationService as OrganizationServiceAbstraction } from "@/jslib/common/src/abstractions/organization.service";
-import { PasswordGenerationService as PasswordGenerationServiceAbstraction } from "@/jslib/common/src/abstractions/passwordGeneration.service";
-import { PasswordRepromptService as PasswordRepromptServiceAbstraction } from "@/jslib/common/src/abstractions/passwordReprompt.service";
 import { PlatformUtilsService as PlatformUtilsServiceAbstraction } from "@/jslib/common/src/abstractions/platformUtils.service";
-import { PolicyService as PolicyServiceAbstraction } from "@/jslib/common/src/abstractions/policy.service";
-import { ProviderService as ProviderServiceAbstraction } from "@/jslib/common/src/abstractions/provider.service";
-import { SearchService as SearchServiceAbstraction } from "@/jslib/common/src/abstractions/search.service";
-import { SendService as SendServiceAbstraction } from "@/jslib/common/src/abstractions/send.service";
-import { SettingsService as SettingsServiceAbstraction } from "@/jslib/common/src/abstractions/settings.service";
 import { StateService as StateServiceAbstraction } from "@/jslib/common/src/abstractions/state.service";
 import { StateMigrationService as StateMigrationServiceAbstraction } from "@/jslib/common/src/abstractions/stateMigration.service";
 import { StorageService as StorageServiceAbstraction } from "@/jslib/common/src/abstractions/storage.service";
-import { SyncService as SyncServiceAbstraction } from "@/jslib/common/src/abstractions/sync.service";
 import { TokenService as TokenServiceAbstraction } from "@/jslib/common/src/abstractions/token.service";
-import { TotpService as TotpServiceAbstraction } from "@/jslib/common/src/abstractions/totp.service";
-import { TwoFactorService as TwoFactorServiceAbstraction } from "@/jslib/common/src/abstractions/twoFactor.service";
-import { UserVerificationService as UserVerificationServiceAbstraction } from "@/jslib/common/src/abstractions/userVerification.service";
-import { UsernameGenerationService as UsernameGenerationServiceAbstraction } from "@/jslib/common/src/abstractions/usernameGeneration.service";
-import { VaultTimeoutService as VaultTimeoutServiceAbstraction } from "@/jslib/common/src/abstractions/vaultTimeout.service";
 import { StateFactory } from "@/jslib/common/src/factories/stateFactory";
 import { Account } from "@/jslib/common/src/models/domain/account";
 import { GlobalState } from "@/jslib/common/src/models/domain/globalState";
 import { ApiService } from "@/jslib/common/src/services/api.service";
 import { AppIdService } from "@/jslib/common/src/services/appId.service";
-import { AuditService } from "@/jslib/common/src/services/audit.service";
-import { AuthService } from "@/jslib/common/src/services/auth.service";
-import { CipherService } from "@/jslib/common/src/services/cipher.service";
-import { CollectionService } from "@/jslib/common/src/services/collection.service";
 import { ConsoleLogService } from "@/jslib/common/src/services/consoleLog.service";
 import { CryptoService } from "@/jslib/common/src/services/crypto.service";
 import { EnvironmentService } from "@/jslib/common/src/services/environment.service";
-import { EventService } from "@/jslib/common/src/services/event.service";
-import { ExportService } from "@/jslib/common/src/services/export.service";
-import { FileUploadService } from "@/jslib/common/src/services/fileUpload.service";
-import { FolderService } from "@/jslib/common/src/services/folder.service";
-import { KeyConnectorService } from "@/jslib/common/src/services/keyConnector.service";
-import { NotificationsService } from "@/jslib/common/src/services/notifications.service";
-import { OrganizationService } from "@/jslib/common/src/services/organization.service";
-import { PasswordGenerationService } from "@/jslib/common/src/services/passwordGeneration.service";
-import { PolicyService } from "@/jslib/common/src/services/policy.service";
-import { ProviderService } from "@/jslib/common/src/services/provider.service";
-import { SearchService } from "@/jslib/common/src/services/search.service";
-import { SendService } from "@/jslib/common/src/services/send.service";
-import { SettingsService } from "@/jslib/common/src/services/settings.service";
 import { StateService } from "@/jslib/common/src/services/state.service";
 import { StateMigrationService } from "@/jslib/common/src/services/stateMigration.service";
-import { SyncService } from "@/jslib/common/src/services/sync.service";
 import { TokenService } from "@/jslib/common/src/services/token.service";
-import { TotpService } from "@/jslib/common/src/services/totp.service";
-import { TwoFactorService } from "@/jslib/common/src/services/twoFactor.service";
-import { UserVerificationService } from "@/jslib/common/src/services/userVerification.service";
-import { UsernameGenerationService } from "@/jslib/common/src/services/usernameGeneration.service";
-import { VaultTimeoutService } from "@/jslib/common/src/services/vaultTimeout.service";
-import { WebCryptoFunctionService } from "@/jslib/common/src/services/webCryptoFunction.service";
 
+import {
+  SafeInjectionToken,
+  SECURE_STORAGE,
+  WINDOW,
+} from "../../../../src/app/services/injection-tokens";
+import { SafeProvider, safeProvider } from "../../../../src/app/services/safe-provider";
+
+import { BroadcasterService } from "./broadcaster.service";
+import { ModalService } from "./modal.service";
+import { ValidationService } from "./validation.service";
 
 @NgModule({
   declarations: [],
   providers: [
-    { provide: "WINDOW", useValue: window },
-    {
-      provide: LOCALE_ID,
+    safeProvider({ provide: WINDOW, useValue: window }),
+    safeProvider({
+      provide: LOCALE_ID as SafeInjectionToken<string>,
       useFactory: (i18nService: I18nServiceAbstraction) => i18nService.translationLocale,
       deps: [I18nServiceAbstraction],
-    },
-    ValidationService,
-    AuthGuardService,
-    UnauthGuardService,
-    LockGuardService,
-    ModalService,
-    {
+    }),
+    safeProvider(ValidationService),
+    safeProvider(ModalService),
+    safeProvider({
       provide: AppIdServiceAbstraction,
       useClass: AppIdService,
       deps: [StorageServiceAbstraction],
-    },
-    {
-      provide: AuditServiceAbstraction,
-      useClass: AuditService,
-      deps: [CryptoFunctionServiceAbstraction, ApiServiceAbstraction],
-    },
-    {
-      provide: AuthServiceAbstraction,
-      useClass: AuthService,
-      deps: [
-        CryptoServiceAbstraction,
-        ApiServiceAbstraction,
-        TokenServiceAbstraction,
-        AppIdServiceAbstraction,
-        PlatformUtilsServiceAbstraction,
-        MessagingServiceAbstraction,
-        LogService,
-        KeyConnectorServiceAbstraction,
-        EnvironmentServiceAbstraction,
-        StateServiceAbstraction,
-        TwoFactorServiceAbstraction,
-        I18nServiceAbstraction,
-      ],
-    },
-    {
-      provide: CipherServiceAbstraction,
-      useFactory: (
-        cryptoService: CryptoServiceAbstraction,
-        settingsService: SettingsServiceAbstraction,
-        apiService: ApiServiceAbstraction,
-        fileUploadService: FileUploadServiceAbstraction,
-        i18nService: I18nServiceAbstraction,
-        injector: Injector,
-        logService: LogService,
-        stateService: StateServiceAbstraction
-      ) =>
-        new CipherService(
-          cryptoService,
-          settingsService,
-          apiService,
-          fileUploadService,
-          i18nService,
-          () => injector.get(SearchServiceAbstraction),
-          logService,
-          stateService
-        ),
-      deps: [
-        CryptoServiceAbstraction,
-        SettingsServiceAbstraction,
-        ApiServiceAbstraction,
-        FileUploadServiceAbstraction,
-        I18nServiceAbstraction,
-        Injector, // TODO: Get rid of this circular dependency!
-        LogService,
-        StateServiceAbstraction,
-      ],
-    },
-    {
-      provide: FolderServiceAbstraction,
-      useClass: FolderService,
-      deps: [
-        CryptoServiceAbstraction,
-        ApiServiceAbstraction,
-        I18nServiceAbstraction,
-        CipherServiceAbstraction,
-        StateServiceAbstraction,
-      ],
-    },
-    { provide: LogService, useFactory: () => new ConsoleLogService(false) },
-    {
-      provide: CollectionServiceAbstraction,
-      useClass: CollectionService,
-      deps: [CryptoServiceAbstraction, I18nServiceAbstraction, StateServiceAbstraction],
-    },
-    {
+    }),
+    safeProvider({ provide: LogService, useFactory: () => new ConsoleLogService(false), deps: [] }),
+    safeProvider({
       provide: EnvironmentServiceAbstraction,
       useClass: EnvironmentService,
       deps: [StateServiceAbstraction],
-    },
-    {
-      provide: TotpServiceAbstraction,
-      useClass: TotpService,
-      deps: [CryptoFunctionServiceAbstraction, LogService, StateServiceAbstraction],
-    },
-    { provide: TokenServiceAbstraction, useClass: TokenService, deps: [StateServiceAbstraction] },
-    {
+    }),
+    safeProvider({
+      provide: TokenServiceAbstraction,
+      useClass: TokenService,
+      deps: [StateServiceAbstraction],
+    }),
+    safeProvider({
       provide: CryptoServiceAbstraction,
       useClass: CryptoService,
       deps: [
@@ -195,32 +73,22 @@ import { WebCryptoFunctionService } from "@/jslib/common/src/services/webCryptoF
         LogService,
         StateServiceAbstraction,
       ],
-    },
-    {
-      provide: PasswordGenerationServiceAbstraction,
-      useClass: PasswordGenerationService,
-      deps: [CryptoServiceAbstraction, PolicyServiceAbstraction, StateServiceAbstraction],
-    },
-    {
-      provide: UsernameGenerationServiceAbstraction,
-      useClass: UsernameGenerationService,
-      deps: [CryptoServiceAbstraction, StateServiceAbstraction],
-    },
-    {
+    }),
+    safeProvider({
       provide: ApiServiceAbstraction,
       useFactory: (
         tokenService: TokenServiceAbstraction,
         platformUtilsService: PlatformUtilsServiceAbstraction,
         environmentService: EnvironmentServiceAbstraction,
         messagingService: MessagingServiceAbstraction,
-        appIdService: AppIdServiceAbstraction
+        appIdService: AppIdServiceAbstraction,
       ) =>
         new ApiService(
           tokenService,
           platformUtilsService,
           environmentService,
           appIdService,
-          async (expired: boolean) => messagingService.send("logout", { expired: expired })
+          async (expired: boolean) => messagingService.send("logout", { expired: expired }),
         ),
       deps: [
         TokenServiceAbstraction,
@@ -229,265 +97,47 @@ import { WebCryptoFunctionService } from "@/jslib/common/src/services/webCryptoF
         MessagingServiceAbstraction,
         AppIdServiceAbstraction,
       ],
-    },
-    {
-      provide: FileUploadServiceAbstraction,
-      useClass: FileUploadService,
-      deps: [LogService, ApiServiceAbstraction],
-    },
-    {
-      provide: SyncServiceAbstraction,
-      useFactory: (
-        apiService: ApiServiceAbstraction,
-        settingsService: SettingsServiceAbstraction,
-        folderService: FolderServiceAbstraction,
-        cipherService: CipherServiceAbstraction,
-        cryptoService: CryptoServiceAbstraction,
-        collectionService: CollectionServiceAbstraction,
-        messagingService: MessagingServiceAbstraction,
-        policyService: PolicyServiceAbstraction,
-        sendService: SendServiceAbstraction,
-        logService: LogService,
-        keyConnectorService: KeyConnectorServiceAbstraction,
-        stateService: StateServiceAbstraction,
-        organizationService: OrganizationServiceAbstraction,
-        providerService: ProviderServiceAbstraction
-      ) =>
-        new SyncService(
-          apiService,
-          settingsService,
-          folderService,
-          cipherService,
-          cryptoService,
-          collectionService,
-          messagingService,
-          policyService,
-          sendService,
-          logService,
-          keyConnectorService,
-          stateService,
-          organizationService,
-          providerService,
-          async (expired: boolean) => messagingService.send("logout", { expired: expired })
-        ),
-      deps: [
-        ApiServiceAbstraction,
-        SettingsServiceAbstraction,
-        FolderServiceAbstraction,
-        CipherServiceAbstraction,
-        CryptoServiceAbstraction,
-        CollectionServiceAbstraction,
-        MessagingServiceAbstraction,
-        PolicyServiceAbstraction,
-        SendServiceAbstraction,
-        LogService,
-        KeyConnectorServiceAbstraction,
-        StateServiceAbstraction,
-        OrganizationServiceAbstraction,
-        ProviderServiceAbstraction,
-      ],
-    },
-    { provide: BroadcasterServiceAbstraction, useClass: BroadcasterService },
-    {
-      provide: SettingsServiceAbstraction,
-      useClass: SettingsService,
-      deps: [StateServiceAbstraction],
-    },
-    {
-      provide: VaultTimeoutServiceAbstraction,
-      useFactory: (
-        cipherService: CipherServiceAbstraction,
-        folderService: FolderServiceAbstraction,
-        collectionService: CollectionServiceAbstraction,
-        cryptoService: CryptoServiceAbstraction,
-        platformUtilsService: PlatformUtilsServiceAbstraction,
-        messagingService: MessagingServiceAbstraction,
-        searchService: SearchServiceAbstraction,
-        tokenService: TokenServiceAbstraction,
-        policyService: PolicyServiceAbstraction,
-        keyConnectorService: KeyConnectorServiceAbstraction,
-        stateService: StateServiceAbstraction
-      ) =>
-        new VaultTimeoutService(
-          cipherService,
-          folderService,
-          collectionService,
-          cryptoService,
-          platformUtilsService,
-          messagingService,
-          searchService,
-          tokenService,
-          policyService,
-          keyConnectorService,
-          stateService,
-          null,
-          async (userId?: string) =>
-            messagingService.send("logout", { expired: false, userId: userId })
-        ),
-      deps: [
-        CipherServiceAbstraction,
-        FolderServiceAbstraction,
-        CollectionServiceAbstraction,
-        CryptoServiceAbstraction,
-        PlatformUtilsServiceAbstraction,
-        MessagingServiceAbstraction,
-        SearchServiceAbstraction,
-        TokenServiceAbstraction,
-        PolicyServiceAbstraction,
-        KeyConnectorServiceAbstraction,
-        StateServiceAbstraction,
-      ],
-    },
-    {
+    }),
+    safeProvider({
+      provide: BroadcasterServiceAbstraction,
+      useClass: BroadcasterService,
+      useAngularDecorators: true,
+    }),
+    safeProvider({
       provide: StateServiceAbstraction,
       useFactory: (
         storageService: StorageServiceAbstraction,
         secureStorageService: StorageServiceAbstraction,
         logService: LogService,
-        stateMigrationService: StateMigrationServiceAbstraction
+        stateMigrationService: StateMigrationServiceAbstraction,
       ) =>
         new StateService(
           storageService,
           secureStorageService,
           logService,
           stateMigrationService,
-          new StateFactory(GlobalState, Account)
+          new StateFactory(GlobalState, Account),
         ),
       deps: [
         StorageServiceAbstraction,
-        "SECURE_STORAGE",
+        SECURE_STORAGE,
         LogService,
         StateMigrationServiceAbstraction,
       ],
-    },
-    {
+    }),
+    safeProvider({
       provide: StateMigrationServiceAbstraction,
       useFactory: (
         storageService: StorageServiceAbstraction,
-        secureStorageService: StorageServiceAbstraction
+        secureStorageService: StorageServiceAbstraction,
       ) =>
         new StateMigrationService(
           storageService,
           secureStorageService,
-          new StateFactory(GlobalState, Account)
+          new StateFactory(GlobalState, Account),
         ),
-      deps: [StorageServiceAbstraction, "SECURE_STORAGE"],
-    },
-    {
-      provide: ExportServiceAbstraction,
-      useClass: ExportService,
-      deps: [
-        FolderServiceAbstraction,
-        CipherServiceAbstraction,
-        ApiServiceAbstraction,
-        CryptoServiceAbstraction,
-      ],
-    },
-    {
-      provide: SearchServiceAbstraction,
-      useClass: SearchService,
-      deps: [CipherServiceAbstraction, LogService, I18nServiceAbstraction],
-    },
-    {
-      provide: NotificationsServiceAbstraction,
-      useFactory: (
-        syncService: SyncServiceAbstraction,
-        appIdService: AppIdServiceAbstraction,
-        apiService: ApiServiceAbstraction,
-        vaultTimeoutService: VaultTimeoutServiceAbstraction,
-        environmentService: EnvironmentServiceAbstraction,
-        messagingService: MessagingServiceAbstraction,
-        logService: LogService,
-        stateService: StateServiceAbstraction
-      ) =>
-        new NotificationsService(
-          syncService,
-          appIdService,
-          apiService,
-          vaultTimeoutService,
-          environmentService,
-          async () => messagingService.send("logout", { expired: true }),
-          logService,
-          stateService
-        ),
-      deps: [
-        SyncServiceAbstraction,
-        AppIdServiceAbstraction,
-        ApiServiceAbstraction,
-        VaultTimeoutServiceAbstraction,
-        EnvironmentServiceAbstraction,
-        MessagingServiceAbstraction,
-        LogService,
-        StateServiceAbstraction,
-      ],
-    },
-    {
-      provide: CryptoFunctionServiceAbstraction,
-      useClass: WebCryptoFunctionService,
-      deps: ["WINDOW"],
-    },
-    {
-      provide: EventServiceAbstraction,
-      useClass: EventService,
-      deps: [
-        ApiServiceAbstraction,
-        CipherServiceAbstraction,
-        StateServiceAbstraction,
-        LogService,
-        OrganizationServiceAbstraction,
-      ],
-    },
-    {
-      provide: PolicyServiceAbstraction,
-      useClass: PolicyService,
-      deps: [StateServiceAbstraction, OrganizationServiceAbstraction, ApiServiceAbstraction],
-    },
-    {
-      provide: SendServiceAbstraction,
-      useClass: SendService,
-      deps: [
-        CryptoServiceAbstraction,
-        ApiServiceAbstraction,
-        FileUploadServiceAbstraction,
-        I18nServiceAbstraction,
-        CryptoFunctionServiceAbstraction,
-        StateServiceAbstraction,
-      ],
-    },
-    {
-      provide: KeyConnectorServiceAbstraction,
-      useClass: KeyConnectorService,
-      deps: [
-        StateServiceAbstraction,
-        CryptoServiceAbstraction,
-        ApiServiceAbstraction,
-        TokenServiceAbstraction,
-        LogService,
-        OrganizationServiceAbstraction,
-        CryptoFunctionServiceAbstraction,
-      ],
-    },
-    {
-      provide: UserVerificationServiceAbstraction,
-      useClass: UserVerificationService,
-      deps: [CryptoServiceAbstraction, I18nServiceAbstraction, ApiServiceAbstraction],
-    },
-    { provide: PasswordRepromptServiceAbstraction, useClass: PasswordRepromptService },
-    {
-      provide: OrganizationServiceAbstraction,
-      useClass: OrganizationService,
-      deps: [StateServiceAbstraction],
-    },
-    {
-      provide: ProviderServiceAbstraction,
-      useClass: ProviderService,
-      deps: [StateServiceAbstraction],
-    },
-    {
-      provide: TwoFactorServiceAbstraction,
-      useClass: TwoFactorService,
-      deps: [I18nServiceAbstraction, PlatformUtilsServiceAbstraction],
-    },
-  ],
+      deps: [StorageServiceAbstraction, SECURE_STORAGE],
+    }),
+  ] satisfies SafeProvider[],
 })
 export class JslibServicesModule {}

jslib/angular/src/services/lock-guard.service.ts

@@ -1,29 +0,0 @@
-import { Injectable } from "@angular/core";
-import { Router } from "@angular/router";
-
-import { StateService } from "@/jslib/common/src/abstractions/state.service";
-import { VaultTimeoutService } from "@/jslib/common/src/abstractions/vaultTimeout.service";
-
-@Injectable()
-export class LockGuardService  {
-  protected homepage = "vault";
-  protected loginpage = "login";
-  constructor(
-    private vaultTimeoutService: VaultTimeoutService,
-    private router: Router,
-    private stateService: StateService
-  ) {}
-
-  async canActivate() {
-    if (await this.vaultTimeoutService.isLocked()) {
-      return true;
-    }
-
-    const redirectUrl = (await this.stateService.getIsAuthenticated())
-      ? [this.homepage]
-      : [this.loginpage];
-
-    this.router.navigate(redirectUrl);
-    return false;
-  }
-}

jslib/angular/src/services/modal.service.ts

@@ -9,7 +9,7 @@ import {
   Type,
   ViewContainerRef,
 } from "@angular/core";
-import { first } from "rxjs/operators";
+import { first, firstValueFrom } from "rxjs";
 
 import { DynamicModalComponent } from "../components/modal/dynamic-modal.component";
 import { ModalInjector } from "../components/modal/modal-injector";
@@ -31,7 +31,7 @@ export class ModalService {
   constructor(
     private componentFactoryResolver: ComponentFactoryResolver,
     private applicationRef: ApplicationRef,
-    private injector: Injector
+    private injector: Injector,
   ) {
     document.addEventListener("keyup", (event) => {
       if (event.key === "Escape" && this.modalCount > 0) {
@@ -51,14 +51,14 @@ export class ModalService {
   async openViewRef<T>(
     componentType: Type<T>,
     viewContainerRef: ViewContainerRef,
-    setComponentParameters: (component: T) => void = null
+    setComponentParameters: (component: T) => void = null,
   ): Promise<[ModalRef, T]> {
     const [modalRef, modalComponentRef] = this.openInternal(componentType, null, false);
     modalComponentRef.instance.setComponentParameters = setComponentParameters;
 
     viewContainerRef.insert(modalComponentRef.hostView);
 
-    await modalRef.onCreated.pipe(first()).toPromise();
+    await firstValueFrom(modalRef.onCreated);
 
     return [modalRef, modalComponentRef.instance.componentRef.instance];
   }
@@ -76,7 +76,7 @@ export class ModalService {
 
   registerComponentFactoryResolver<T>(
     componentType: Type<T>,
-    componentFactoryResolver: ComponentFactoryResolver
+    componentFactoryResolver: ComponentFactoryResolver,
   ): void {
     this.factoryResolvers.set(componentType, componentFactoryResolver);
   }
@@ -92,7 +92,7 @@ export class ModalService {
   protected openInternal(
     componentType: Type<any>,
     config?: ModalConfig,
-    attachToDom?: boolean
+    attachToDom?: boolean,
   ): [ModalRef, ComponentRef<DynamicModalComponent>] {
     const [modalRef, componentRef] = this.createModalComponent(config);
     componentRef.instance.childComponentType = componentType;
@@ -143,7 +143,7 @@ export class ModalService {
       dialogEl.style.zIndex = `${this.modalCount}050`;
 
       const modals = Array.from(
-        el.querySelectorAll('.modal-backdrop, .modal *[data-dismiss="modal"]')
+        el.querySelectorAll('.modal-backdrop, .modal *[data-bs-dismiss="modal"]'),
       );
       for (const closeElement of modals) {
         closeElement.addEventListener("click", () => {
@@ -163,7 +163,7 @@ export class ModalService {
   }
 
   protected createModalComponent(
-    config: ModalConfig
+    config: ModalConfig,
   ): [ModalRef, ComponentRef<DynamicModalComponent>] {
     const modalRef = new ModalRef();
 

jslib/angular/src/services/passwordReprompt.service.ts

@@ -1,47 +0,0 @@
-import { Injectable } from "@angular/core";
-
-import { PasswordRepromptComponent } from "../components/password-reprompt.component";
-
-import { ModalService } from "./modal.service";
-
-import { KeyConnectorService } from "@/jslib/common/src/abstractions/keyConnector.service";
-import { PasswordRepromptService as PasswordRepromptServiceAbstraction } from "@/jslib/common/src/abstractions/passwordReprompt.service";
-
-
-
-/**
- * Used to verify the user's Master Password for the "Master Password Re-prompt" feature only.
- * See UserVerificationService for any other situation where you need to verify the user's identity.
- */
-@Injectable()
-export class PasswordRepromptService implements PasswordRepromptServiceAbstraction {
-  protected component = PasswordRepromptComponent;
-
-  constructor(
-    private modalService: ModalService,
-    private keyConnectorService: KeyConnectorService
-  ) {}
-
-  protectedFields() {
-    return ["TOTP", "Password", "H_Field", "Card Number", "Security Code"];
-  }
-
-  async showPasswordPrompt() {
-    if (!(await this.enabled())) {
-      return true;
-    }
-
-    const ref = this.modalService.open(this.component, { allowMultipleModals: true });
-
-    if (ref == null) {
-      return false;
-    }
-
-    const result = await ref.onClosedPromise();
-    return result === true;
-  }
-
-  async enabled() {
-    return !(await this.keyConnectorService.getUsesKeyConnector());
-  }
-}

jslib/angular/src/services/unauth-guard.service.ts

@@ -1,29 +0,0 @@
-import { Injectable } from "@angular/core";
-import { Router } from "@angular/router";
-
-import { StateService } from "@/jslib/common/src/abstractions/state.service";
-import { VaultTimeoutService } from "@/jslib/common/src/abstractions/vaultTimeout.service";
-
-@Injectable()
-export class UnauthGuardService  {
-  protected homepage = "vault";
-  constructor(
-    private vaultTimeoutService: VaultTimeoutService,
-    private router: Router,
-    private stateService: StateService
-  ) {}
-
-  async canActivate() {
-    const isAuthed = await this.stateService.getIsAuthenticated();
-    if (isAuthed) {
-      const locked = await this.vaultTimeoutService.isLocked();
-      if (locked) {
-        this.router.navigate(["lock"]);
-      } else {
-        this.router.navigate([this.homepage]);
-      }
-      return false;
-    }
-    return true;
-  }
-}

jslib/angular/src/services/validation.service.ts

@@ -8,7 +8,7 @@ import { ErrorResponse } from "@/jslib/common/src/models/response/errorResponse"
 export class ValidationService {
   constructor(
     private i18nService: I18nService,
-    private platformUtilsService: PlatformUtilsService
+    private platformUtilsService: PlatformUtilsService,
   ) {}
 
   showError(data: any): string[] {

jslib/common/spec/domain/encString.spec.ts

@@ -0,0 +1,195 @@
+import { Substitute, Arg } from "@fluffy-spoon/substitute";
+
+import { CryptoService } from "@/jslib/common/src/abstractions/crypto.service";
+import { EncryptionType } from "@/jslib/common/src/enums/encryptionType";
+import { EncString } from "@/jslib/common/src/models/domain/encString";
+import { SymmetricCryptoKey } from "@/jslib/common/src/models/domain/symmetricCryptoKey";
+import { ContainerService } from "@/jslib/common/src/services/container.service";
+
+describe("EncString", () => {
+  afterEach(() => {
+    (window as any).bitwardenContainerService = undefined;
+  });
+
+  describe("Rsa2048_OaepSha256_B64", () => {
+    it("constructor", () => {
+      const encString = new EncString(EncryptionType.Rsa2048_OaepSha256_B64, "data");
+
+      expect(encString).toEqual({
+        data: "data",
+        encryptedString: "3.data",
+        encryptionType: 3,
+      });
+    });
+
+    describe("parse existing", () => {
+      it("valid", () => {
+        const encString = new EncString("3.data");
+
+        expect(encString).toEqual({
+          data: "data",
+          encryptedString: "3.data",
+          encryptionType: 3,
+        });
+      });
+
+      it("invalid", () => {
+        const encString = new EncString("3.data|test");
+
+        expect(encString).toEqual({
+          encryptedString: "3.data|test",
+          encryptionType: 3,
+        });
+      });
+    });
+
+    describe("decrypt", () => {
+      const encString = new EncString(EncryptionType.Rsa2048_OaepSha256_B64, "data");
+
+      const cryptoService = Substitute.for<CryptoService>();
+      cryptoService.getOrgKey(null).resolves(null);
+      cryptoService.decryptToUtf8(encString, Arg.any()).resolves("decrypted");
+
+      beforeEach(() => {
+        (window as any).bitwardenContainerService = new ContainerService(cryptoService);
+      });
+
+      it("decrypts correctly", async () => {
+        const decrypted = await encString.decrypt(null);
+
+        expect(decrypted).toBe("decrypted");
+      });
+
+      it("result should be cached", async () => {
+        const decrypted = await encString.decrypt(null);
+        cryptoService.received(1).decryptToUtf8(Arg.any(), Arg.any());
+
+        expect(decrypted).toBe("decrypted");
+      });
+    });
+  });
+
+  describe("AesCbc256_B64", () => {
+    it("constructor", () => {
+      const encString = new EncString(EncryptionType.AesCbc256_B64, "data", "iv");
+
+      expect(encString).toEqual({
+        data: "data",
+        encryptedString: "0.iv|data",
+        encryptionType: 0,
+        iv: "iv",
+      });
+    });
+
+    describe("parse existing", () => {
+      it("valid", () => {
+        const encString = new EncString("0.iv|data");
+
+        expect(encString).toEqual({
+          data: "data",
+          encryptedString: "0.iv|data",
+          encryptionType: 0,
+          iv: "iv",
+        });
+      });
+
+      it("invalid", () => {
+        const encString = new EncString("0.iv|data|mac");
+
+        expect(encString).toEqual({
+          encryptedString: "0.iv|data|mac",
+          encryptionType: 0,
+        });
+      });
+    });
+  });
+
+  describe("AesCbc256_HmacSha256_B64", () => {
+    it("constructor", () => {
+      const encString = new EncString(EncryptionType.AesCbc256_HmacSha256_B64, "data", "iv", "mac");
+
+      expect(encString).toEqual({
+        data: "data",
+        encryptedString: "2.iv|data|mac",
+        encryptionType: 2,
+        iv: "iv",
+        mac: "mac",
+      });
+    });
+
+    it("valid", () => {
+      const encString = new EncString("2.iv|data|mac");
+
+      expect(encString).toEqual({
+        data: "data",
+        encryptedString: "2.iv|data|mac",
+        encryptionType: 2,
+        iv: "iv",
+        mac: "mac",
+      });
+    });
+
+    it("invalid", () => {
+      const encString = new EncString("2.iv|data");
+
+      expect(encString).toEqual({
+        encryptedString: "2.iv|data",
+        encryptionType: 2,
+      });
+    });
+  });
+
+  it("Exit early if null", () => {
+    const encString = new EncString(null);
+
+    expect(encString).toEqual({
+      encryptedString: null,
+    });
+  });
+
+  describe("decrypt", () => {
+    it("throws exception when bitwarden container not initialized", async () => {
+      const encString = new EncString(null);
+
+      expect.assertions(1);
+      try {
+        await encString.decrypt(null);
+      } catch (e) {
+        expect(e.message).toEqual("global bitwardenContainerService not initialized.");
+      }
+    });
+
+    it("handles value it can't decrypt", async () => {
+      const encString = new EncString(null);
+
+      const cryptoService = Substitute.for<CryptoService>();
+      cryptoService.getOrgKey(null).resolves(null);
+      cryptoService.decryptToUtf8(encString, Arg.any()).throws("error");
+
+      (window as any).bitwardenContainerService = new ContainerService(cryptoService);
+
+      const decrypted = await encString.decrypt(null);
+
+      expect(decrypted).toBe("[error: cannot decrypt]");
+
+      expect(encString).toEqual({
+        decryptedValue: "[error: cannot decrypt]",
+        encryptedString: null,
+      });
+    });
+
+    it("passes along key", async () => {
+      const encString = new EncString(null);
+      const key = Substitute.for<SymmetricCryptoKey>();
+
+      const cryptoService = Substitute.for<CryptoService>();
+      cryptoService.getOrgKey(null).resolves(null);
+
+      (window as any).bitwardenContainerService = new ContainerService(cryptoService);
+
+      await encString.decrypt(null, key);
+
+      cryptoService.received().decryptToUtf8(encString, key);
+    });
+  });
+});

jslib/common/spec/domain/symmetricCryptoKey.spec.ts

@@ -0,0 +1,69 @@
+import { EncryptionType } from "@/jslib/common/src/enums/encryptionType";
+import { SymmetricCryptoKey } from "@/jslib/common/src/models/domain/symmetricCryptoKey";
+
+import { makeStaticByteArray } from "../utils";
+
+describe("SymmetricCryptoKey", () => {
+  it("errors if no key", () => {
+    const t = () => {
+      new SymmetricCryptoKey(null);
+    };
+
+    expect(t).toThrowError("Must provide key");
+  });
+
+  describe("guesses encKey from key length", () => {
+    it("AesCbc256_B64", () => {
+      const key = makeStaticByteArray(32);
+      const cryptoKey = new SymmetricCryptoKey(key);
+
+      expect(cryptoKey).toEqual({
+        encKey: key,
+        encKeyB64: "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=",
+        encType: 0,
+        key: key,
+        keyB64: "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=",
+        macKey: null,
+      });
+    });
+
+    it("AesCbc128_HmacSha256_B64", () => {
+      const key = makeStaticByteArray(32);
+      const cryptoKey = new SymmetricCryptoKey(key, EncryptionType.AesCbc128_HmacSha256_B64);
+
+      expect(cryptoKey).toEqual({
+        encKey: key.slice(0, 16),
+        encKeyB64: "AAECAwQFBgcICQoLDA0ODw==",
+        encType: 1,
+        key: key,
+        keyB64: "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=",
+        macKey: key.slice(16, 32),
+        macKeyB64: "EBESExQVFhcYGRobHB0eHw==",
+      });
+    });
+
+    it("AesCbc256_HmacSha256_B64", () => {
+      const key = makeStaticByteArray(64);
+      const cryptoKey = new SymmetricCryptoKey(key);
+
+      expect(cryptoKey).toEqual({
+        encKey: key.slice(0, 32),
+        encKeyB64: "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=",
+        encType: 2,
+        key: key,
+        keyB64:
+          "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+Pw==",
+        macKey: key.slice(32, 64),
+        macKeyB64: "ICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj8=",
+      });
+    });
+
+    it("unknown length", () => {
+      const t = () => {
+        new SymmetricCryptoKey(makeStaticByteArray(30));
+      };
+
+      expect(t).toThrowError("Unable to determine encType.");
+    });
+  });
+});

jslib/common/spec/misc/sequentialize.spec.ts

@@ -0,0 +1,127 @@
+import { sequentialize } from "@/jslib/common/src/misc/sequentialize";
+
+describe("sequentialize decorator", () => {
+  it("should call the function once", async () => {
+    const foo = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.bar(1));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(1);
+  });
+
+  it("should call the function once for each instance of the object", async () => {
+    const foo = new Foo();
+    const foo2 = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.bar(1));
+      promises.push(foo2.bar(1));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(1);
+    expect(foo2.calls).toBe(1);
+  });
+
+  it("should call the function once with key function", async () => {
+    const foo = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.baz(1));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(1);
+  });
+
+  it("should call the function again when already resolved", async () => {
+    const foo = new Foo();
+    await foo.bar(1);
+    expect(foo.calls).toBe(1);
+    await foo.bar(1);
+    expect(foo.calls).toBe(2);
+  });
+
+  it("should call the function again when already resolved with a key function", async () => {
+    const foo = new Foo();
+    await foo.baz(1);
+    expect(foo.calls).toBe(1);
+    await foo.baz(1);
+    expect(foo.calls).toBe(2);
+  });
+
+  it("should call the function for each argument", async () => {
+    const foo = new Foo();
+    await Promise.all([foo.bar(1), foo.bar(1), foo.bar(2), foo.bar(2), foo.bar(3), foo.bar(3)]);
+    expect(foo.calls).toBe(3);
+  });
+
+  it("should call the function for each argument with key function", async () => {
+    const foo = new Foo();
+    await Promise.all([foo.baz(1), foo.baz(1), foo.baz(2), foo.baz(2), foo.baz(3), foo.baz(3)]);
+    expect(foo.calls).toBe(3);
+  });
+
+  it("should return correct result for each call", async () => {
+    const foo = new Foo();
+    const allRes: number[] = [];
+
+    await Promise.all([
+      foo.bar(1).then((res) => allRes.push(res)),
+      foo.bar(1).then((res) => allRes.push(res)),
+      foo.bar(2).then((res) => allRes.push(res)),
+      foo.bar(2).then((res) => allRes.push(res)),
+      foo.bar(3).then((res) => allRes.push(res)),
+      foo.bar(3).then((res) => allRes.push(res)),
+    ]);
+    expect(foo.calls).toBe(3);
+    expect(allRes.length).toBe(6);
+    allRes.sort();
+    expect(allRes).toEqual([2, 2, 4, 4, 6, 6]);
+  });
+
+  it("should return correct result for each call with key function", async () => {
+    const foo = new Foo();
+    const allRes: number[] = [];
+
+    await Promise.all([
+      foo.baz(1).then((res) => allRes.push(res)),
+      foo.baz(1).then((res) => allRes.push(res)),
+      foo.baz(2).then((res) => allRes.push(res)),
+      foo.baz(2).then((res) => allRes.push(res)),
+      foo.baz(3).then((res) => allRes.push(res)),
+      foo.baz(3).then((res) => allRes.push(res)),
+    ]);
+    expect(foo.calls).toBe(3);
+    expect(allRes.length).toBe(6);
+    allRes.sort();
+    expect(allRes).toEqual([3, 3, 6, 6, 9, 9]);
+  });
+});
+
+class Foo {
+  calls = 0;
+
+  @sequentialize((args) => "bar" + args[0])
+  bar(a: number): Promise<number> {
+    this.calls++;
+    return new Promise((res) => {
+      setTimeout(() => {
+        res(a * 2);
+      }, Math.random() * 100);
+    });
+  }
+
+  @sequentialize((args) => "baz" + args[0])
+  baz(a: number): Promise<number> {
+    this.calls++;
+    return new Promise((res) => {
+      setTimeout(() => {
+        res(a * 3);
+      }, Math.random() * 100);
+    });
+  }
+}

jslib/common/spec/misc/throttle.spec.ts

@@ -0,0 +1,110 @@
+import { sequentialize } from "@/jslib/common/src/misc/sequentialize";
+import { throttle } from "@/jslib/common/src/misc/throttle";
+
+describe("throttle decorator", () => {
+  it("should call the function once at a time", async () => {
+    const foo = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.bar(1));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(10);
+  });
+
+  it("should call the function once at a time for each object", async () => {
+    const foo = new Foo();
+    const foo2 = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.bar(1));
+      promises.push(foo2.bar(1));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(10);
+    expect(foo2.calls).toBe(10);
+  });
+
+  it("should call the function limit at a time", async () => {
+    const foo = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.baz(1));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(10);
+  });
+
+  it("should call the function limit at a time for each object", async () => {
+    const foo = new Foo();
+    const foo2 = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.baz(1));
+      promises.push(foo2.baz(1));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(10);
+    expect(foo2.calls).toBe(10);
+  });
+
+  it("should work together with sequentialize", async () => {
+    const foo = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.qux(Math.floor(i / 2) * 2));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(5);
+  });
+});
+
+class Foo {
+  calls = 0;
+  inflight = 0;
+
+  @throttle(1, () => "bar")
+  bar(a: number) {
+    this.calls++;
+    this.inflight++;
+    return new Promise((res) => {
+      setTimeout(() => {
+        expect(this.inflight).toBe(1);
+        this.inflight--;
+        res(a * 2);
+      }, Math.random() * 10);
+    });
+  }
+
+  @throttle(5, () => "baz")
+  baz(a: number) {
+    this.calls++;
+    this.inflight++;
+    return new Promise((res) => {
+      setTimeout(() => {
+        expect(this.inflight).toBeLessThanOrEqual(5);
+        this.inflight--;
+        res(a * 3);
+      }, Math.random() * 10);
+    });
+  }
+
+  @sequentialize((args) => "qux" + args[0])
+  @throttle(1, () => "qux")
+  qux(a: number) {
+    this.calls++;
+    this.inflight++;
+    return new Promise((res) => {
+      setTimeout(() => {
+        expect(this.inflight).toBe(1);
+        this.inflight--;
+        res(a * 3);
+      }, Math.random() * 10);
+    });
+  }
+}

jslib/common/spec/services/consoleLog.service.spec.ts

@@ -0,0 +1,99 @@
+import { ConsoleLogService } from "@/jslib/common/src/services/consoleLog.service";
+
+const originalConsole = console;
+let caughtMessage: any;
+
+declare let console: any;
+
+export function interceptConsole(interceptions: any): object {
+  console = {
+    log: function () {
+      interceptions.log = arguments;
+    },
+    warn: function () {
+      interceptions.warn = arguments;
+    },
+    error: function () {
+      interceptions.error = arguments;
+    },
+  };
+  return interceptions;
+}
+
+export function restoreConsole() {
+  console = originalConsole;
+}
+
+describe("ConsoleLogService", () => {
+  let logService: ConsoleLogService;
+  beforeEach(() => {
+    caughtMessage = {};
+    interceptConsole(caughtMessage);
+    logService = new ConsoleLogService(true);
+  });
+
+  afterAll(() => {
+    restoreConsole();
+  });
+
+  it("filters messages below the set threshold", () => {
+    logService = new ConsoleLogService(true, () => true);
+    logService.debug("debug");
+    logService.info("info");
+    logService.warning("warning");
+    logService.error("error");
+
+    expect(caughtMessage).toEqual({});
+  });
+  it("only writes debug messages in dev mode", () => {
+    logService = new ConsoleLogService(false);
+
+    logService.debug("debug message");
+    expect(caughtMessage.log).toBeUndefined();
+  });
+
+  it("writes debug/info messages to console.log", () => {
+    logService.debug("this is a debug message");
+    expect(caughtMessage).toMatchObject({
+      log: { "0": "this is a debug message" },
+    });
+
+    logService.info("this is an info message");
+    expect(caughtMessage).toMatchObject({
+      log: { "0": "this is an info message" },
+    });
+  });
+  it("writes warning messages to console.warn", () => {
+    logService.warning("this is a warning message");
+    expect(caughtMessage).toMatchObject({
+      warn: { 0: "this is a warning message" },
+    });
+  });
+  it("writes error messages to console.error", () => {
+    logService.error("this is an error message");
+    expect(caughtMessage).toMatchObject({
+      error: { 0: "this is an error message" },
+    });
+  });
+
+  it("times with output to info", async () => {
+    logService.time();
+    await new Promise((r) => setTimeout(r, 250));
+    const duration = logService.timeEnd();
+    expect(duration[0]).toBe(0);
+    expect(duration[1]).toBeGreaterThan(0);
+    expect(duration[1]).toBeLessThan(500 * 10e6);
+
+    expect(caughtMessage).toEqual(expect.arrayContaining([]));
+    expect(caughtMessage.log.length).toBe(1);
+    expect(caughtMessage.log[0]).toEqual(expect.stringMatching(/^default: \d+\.?\d*ms$/));
+  });
+
+  it("filters time output", async () => {
+    logService = new ConsoleLogService(true, () => true);
+    logService.time();
+    logService.timeEnd();
+
+    expect(caughtMessage).toEqual({});
+  });
+});

jslib/common/spec/services/stateMigration.service.ts

@@ -0,0 +1,84 @@
+import { Arg, Substitute, SubstituteOf } from "@fluffy-spoon/substitute";
+
+import { StorageService } from "@/jslib/common/src/abstractions/storage.service";
+import { StateVersion } from "@/jslib/common/src/enums/stateVersion";
+import { StateFactory } from "@/jslib/common/src/factories/stateFactory";
+import { Account } from "@/jslib/common/src/models/domain/account";
+import { GlobalState } from "@/jslib/common/src/models/domain/globalState";
+import { StateMigrationService } from "@/jslib/common/src/services/stateMigration.service";
+
+const userId = "USER_ID";
+
+describe("State Migration Service", () => {
+  let storageService: SubstituteOf<StorageService>;
+  let secureStorageService: SubstituteOf<StorageService>;
+  let stateFactory: SubstituteOf<StateFactory>;
+
+  let stateMigrationService: StateMigrationService;
+
+  beforeEach(() => {
+    storageService = Substitute.for<StorageService>();
+    secureStorageService = Substitute.for<StorageService>();
+    stateFactory = Substitute.for<StateFactory>();
+
+    stateMigrationService = new StateMigrationService(
+      storageService,
+      secureStorageService,
+      stateFactory,
+    );
+  });
+
+  describe("StateVersion 3 to 4 migration", async () => {
+    beforeEach(() => {
+      const globalVersion3: Partial<GlobalState> = {
+        stateVersion: StateVersion.Three,
+      };
+
+      storageService.get("global", Arg.any()).resolves(globalVersion3);
+      storageService.get("authenticatedAccounts", Arg.any()).resolves([userId]);
+    });
+
+    it("clears everBeenUnlocked", async () => {
+      const accountVersion3: Account = {
+        profile: {
+          apiKeyClientId: null,
+          convertAccountToKeyConnector: null,
+          email: "EMAIL",
+          emailVerified: true,
+          everBeenUnlocked: true,
+          hasPremiumPersonally: false,
+          kdfIterations: 100000,
+          kdfType: 0,
+          keyHash: "KEY_HASH",
+          lastSync: "LAST_SYNC",
+          userId: userId,
+          usesKeyConnector: false,
+          forcePasswordReset: false,
+        },
+      };
+
+      const expectedAccountVersion4: Account = {
+        profile: {
+          ...accountVersion3.profile,
+        },
+      };
+      delete expectedAccountVersion4.profile.everBeenUnlocked;
+
+      storageService.get(userId, Arg.any()).resolves(accountVersion3);
+
+      await stateMigrationService.migrate();
+
+      storageService.received(1).save(userId, expectedAccountVersion4, Arg.any());
+    });
+
+    it("updates StateVersion number", async () => {
+      await stateMigrationService.migrate();
+
+      storageService.received(1).save(
+        "global",
+        Arg.is((globals: GlobalState) => globals.stateVersion === StateVersion.Four),
+        Arg.any(),
+      );
+    });
+  });
+});

jslib/common/spec/test.ts

@@ -0,0 +1,5 @@
+import { webcrypto } from "crypto";
+
+Object.defineProperty(window, "crypto", {
+  value: webcrypto,
+});

jslib/common/spec/utils.ts

@@ -0,0 +1,37 @@
+import { Substitute, Arg } from "@fluffy-spoon/substitute";
+
+import { EncString } from "@/jslib/common/src/models/domain/encString";
+
+function newGuid() {
+  return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, (c) => {
+    const r = (Math.random() * 16) | 0;
+    const v = c === "x" ? r : (r & 0x3) | 0x8;
+    return v.toString(16);
+  });
+}
+
+export function GetUniqueString(prefix = "") {
+  return prefix + "_" + newGuid();
+}
+
+export function BuildTestObject<T, K extends keyof T = keyof T>(
+  def: Partial<Pick<T, K>> | T,
+  constructor?: new () => T,
+): T {
+  return Object.assign(constructor === null ? {} : new constructor(), def) as T;
+}
+
+export function mockEnc(s: string): EncString {
+  const mock = Substitute.for<EncString>();
+  mock.decrypt(Arg.any(), Arg.any()).resolves(s);
+
+  return mock;
+}
+
+export function makeStaticByteArray(length: number, start = 0) {
+  const arr = new Uint8Array(length);
+  for (let i = 0; i < length; i++) {
+    arr[i] = start + i;
+  }
+  return arr.buffer;
+}

jslib/common/src/abstractions/api.service.ts

@@ -1,679 +1,14 @@
-import { PolicyType } from "../enums/policyType";
-import { SetKeyConnectorKeyRequest } from "../models/request/account/setKeyConnectorKeyRequest";
-import { VerifyOTPRequest } from "../models/request/account/verifyOTPRequest";
-import { AttachmentRequest } from "../models/request/attachmentRequest";
-import { BitPayInvoiceRequest } from "../models/request/bitPayInvoiceRequest";
-import { CipherBulkDeleteRequest } from "../models/request/cipherBulkDeleteRequest";
-import { CipherBulkMoveRequest } from "../models/request/cipherBulkMoveRequest";
-import { CipherBulkRestoreRequest } from "../models/request/cipherBulkRestoreRequest";
-import { CipherBulkShareRequest } from "../models/request/cipherBulkShareRequest";
-import { CipherCollectionsRequest } from "../models/request/cipherCollectionsRequest";
-import { CipherCreateRequest } from "../models/request/cipherCreateRequest";
-import { CipherRequest } from "../models/request/cipherRequest";
-import { CipherShareRequest } from "../models/request/cipherShareRequest";
-import { CollectionRequest } from "../models/request/collectionRequest";
-import { DeleteRecoverRequest } from "../models/request/deleteRecoverRequest";
-import { EmailRequest } from "../models/request/emailRequest";
-import { EmailTokenRequest } from "../models/request/emailTokenRequest";
-import { EmergencyAccessAcceptRequest } from "../models/request/emergencyAccessAcceptRequest";
-import { EmergencyAccessConfirmRequest } from "../models/request/emergencyAccessConfirmRequest";
-import { EmergencyAccessInviteRequest } from "../models/request/emergencyAccessInviteRequest";
-import { EmergencyAccessPasswordRequest } from "../models/request/emergencyAccessPasswordRequest";
-import { EmergencyAccessUpdateRequest } from "../models/request/emergencyAccessUpdateRequest";
-import { EventRequest } from "../models/request/eventRequest";
-import { FolderRequest } from "../models/request/folderRequest";
-import { GroupRequest } from "../models/request/groupRequest";
-import { IapCheckRequest } from "../models/request/iapCheckRequest";
 import { ApiTokenRequest } from "../models/request/identityToken/apiTokenRequest";
 import { PasswordTokenRequest } from "../models/request/identityToken/passwordTokenRequest";
 import { SsoTokenRequest } from "../models/request/identityToken/ssoTokenRequest";
-import { ImportCiphersRequest } from "../models/request/importCiphersRequest";
-import { ImportDirectoryRequest } from "../models/request/importDirectoryRequest";
-import { ImportOrganizationCiphersRequest } from "../models/request/importOrganizationCiphersRequest";
-import { KdfRequest } from "../models/request/kdfRequest";
-import { KeyConnectorUserKeyRequest } from "../models/request/keyConnectorUserKeyRequest";
-import { KeysRequest } from "../models/request/keysRequest";
-import { OrganizationSponsorshipCreateRequest } from "../models/request/organization/organizationSponsorshipCreateRequest";
-import { OrganizationSponsorshipRedeemRequest } from "../models/request/organization/organizationSponsorshipRedeemRequest";
-import { OrganizationSsoRequest } from "../models/request/organization/organizationSsoRequest";
-import { OrganizationCreateRequest } from "../models/request/organizationCreateRequest";
 import { OrganizationImportRequest } from "../models/request/organizationImportRequest";
-import { OrganizationKeysRequest } from "../models/request/organizationKeysRequest";
-import { OrganizationSubscriptionUpdateRequest } from "../models/request/organizationSubscriptionUpdateRequest";
-import { OrganizationTaxInfoUpdateRequest } from "../models/request/organizationTaxInfoUpdateRequest";
-import { OrganizationUpdateRequest } from "../models/request/organizationUpdateRequest";
-import { OrganizationUpgradeRequest } from "../models/request/organizationUpgradeRequest";
-import { OrganizationUserAcceptRequest } from "../models/request/organizationUserAcceptRequest";
-import { OrganizationUserBulkConfirmRequest } from "../models/request/organizationUserBulkConfirmRequest";
-import { OrganizationUserBulkRequest } from "../models/request/organizationUserBulkRequest";
-import { OrganizationUserConfirmRequest } from "../models/request/organizationUserConfirmRequest";
-import { OrganizationUserInviteRequest } from "../models/request/organizationUserInviteRequest";
-import { OrganizationUserResetPasswordEnrollmentRequest } from "../models/request/organizationUserResetPasswordEnrollmentRequest";
-import { OrganizationUserResetPasswordRequest } from "../models/request/organizationUserResetPasswordRequest";
-import { OrganizationUserUpdateGroupsRequest } from "../models/request/organizationUserUpdateGroupsRequest";
-import { OrganizationUserUpdateRequest } from "../models/request/organizationUserUpdateRequest";
-import { PasswordHintRequest } from "../models/request/passwordHintRequest";
-import { PasswordRequest } from "../models/request/passwordRequest";
-import { PaymentRequest } from "../models/request/paymentRequest";
-import { PolicyRequest } from "../models/request/policyRequest";
-import { PreloginRequest } from "../models/request/preloginRequest";
-import { ProviderAddOrganizationRequest } from "../models/request/provider/providerAddOrganizationRequest";
-import { ProviderOrganizationCreateRequest } from "../models/request/provider/providerOrganizationCreateRequest";
-import { ProviderSetupRequest } from "../models/request/provider/providerSetupRequest";
-import { ProviderUpdateRequest } from "../models/request/provider/providerUpdateRequest";
-import { ProviderUserAcceptRequest } from "../models/request/provider/providerUserAcceptRequest";
-import { ProviderUserBulkConfirmRequest } from "../models/request/provider/providerUserBulkConfirmRequest";
-import { ProviderUserBulkRequest } from "../models/request/provider/providerUserBulkRequest";
-import { ProviderUserConfirmRequest } from "../models/request/provider/providerUserConfirmRequest";
-import { ProviderUserInviteRequest } from "../models/request/provider/providerUserInviteRequest";
-import { ProviderUserUpdateRequest } from "../models/request/provider/providerUserUpdateRequest";
-import { RegisterRequest } from "../models/request/registerRequest";
-import { SeatRequest } from "../models/request/seatRequest";
-import { SecretVerificationRequest } from "../models/request/secretVerificationRequest";
-import { SelectionReadOnlyRequest } from "../models/request/selectionReadOnlyRequest";
-import { SendAccessRequest } from "../models/request/sendAccessRequest";
-import { SendRequest } from "../models/request/sendRequest";
-import { SetPasswordRequest } from "../models/request/setPasswordRequest";
-import { StorageRequest } from "../models/request/storageRequest";
-import { TaxInfoUpdateRequest } from "../models/request/taxInfoUpdateRequest";
-import { TwoFactorEmailRequest } from "../models/request/twoFactorEmailRequest";
-import { TwoFactorProviderRequest } from "../models/request/twoFactorProviderRequest";
-import { TwoFactorRecoveryRequest } from "../models/request/twoFactorRecoveryRequest";
-import { UpdateDomainsRequest } from "../models/request/updateDomainsRequest";
-import { UpdateKeyRequest } from "../models/request/updateKeyRequest";
-import { UpdateProfileRequest } from "../models/request/updateProfileRequest";
-import { UpdateTempPasswordRequest } from "../models/request/updateTempPasswordRequest";
-import { UpdateTwoFactorAuthenticatorRequest } from "../models/request/updateTwoFactorAuthenticatorRequest";
-import { UpdateTwoFactorDuoRequest } from "../models/request/updateTwoFactorDuoRequest";
-import { UpdateTwoFactorEmailRequest } from "../models/request/updateTwoFactorEmailRequest";
-import { UpdateTwoFactorWebAuthnDeleteRequest } from "../models/request/updateTwoFactorWebAuthnDeleteRequest";
-import { UpdateTwoFactorWebAuthnRequest } from "../models/request/updateTwoFactorWebAuthnRequest";
-import { UpdateTwoFactorYubioOtpRequest } from "../models/request/updateTwoFactorYubioOtpRequest";
-import { VerifyBankRequest } from "../models/request/verifyBankRequest";
-import { VerifyDeleteRecoverRequest } from "../models/request/verifyDeleteRecoverRequest";
-import { VerifyEmailRequest } from "../models/request/verifyEmailRequest";
-import { ApiKeyResponse } from "../models/response/apiKeyResponse";
-import { AttachmentResponse } from "../models/response/attachmentResponse";
-import { AttachmentUploadDataResponse } from "../models/response/attachmentUploadDataResponse";
-import { BillingResponse } from "../models/response/billingResponse";
-import { BreachAccountResponse } from "../models/response/breachAccountResponse";
-import { CipherResponse } from "../models/response/cipherResponse";
-import {
-  CollectionGroupDetailsResponse,
-  CollectionResponse,
-} from "../models/response/collectionResponse";
-import { DomainsResponse } from "../models/response/domainsResponse";
-import {
-  EmergencyAccessGranteeDetailsResponse,
-  EmergencyAccessGrantorDetailsResponse,
-  EmergencyAccessTakeoverResponse,
-  EmergencyAccessViewResponse,
-} from "../models/response/emergencyAccessResponse";
-import { EventResponse } from "../models/response/eventResponse";
-import { FolderResponse } from "../models/response/folderResponse";
-import { GroupDetailsResponse, GroupResponse } from "../models/response/groupResponse";
 import { IdentityCaptchaResponse } from "../models/response/identityCaptchaResponse";
 import { IdentityTokenResponse } from "../models/response/identityTokenResponse";
 import { IdentityTwoFactorResponse } from "../models/response/identityTwoFactorResponse";
-import { KeyConnectorUserKeyResponse } from "../models/response/keyConnectorUserKeyResponse";
-import { ListResponse } from "../models/response/listResponse";
-import { OrganizationSsoResponse } from "../models/response/organization/organizationSsoResponse";
-import { OrganizationAutoEnrollStatusResponse } from "../models/response/organizationAutoEnrollStatusResponse";
-import { OrganizationKeysResponse } from "../models/response/organizationKeysResponse";
-import { OrganizationResponse } from "../models/response/organizationResponse";
-import { OrganizationSubscriptionResponse } from "../models/response/organizationSubscriptionResponse";
-import { OrganizationUserBulkPublicKeyResponse } from "../models/response/organizationUserBulkPublicKeyResponse";
-import { OrganizationUserBulkResponse } from "../models/response/organizationUserBulkResponse";
-import {
-  OrganizationUserDetailsResponse,
-  OrganizationUserResetPasswordDetailsReponse,
-  OrganizationUserUserDetailsResponse,
-} from "../models/response/organizationUserResponse";
-import { PaymentResponse } from "../models/response/paymentResponse";
-import { PlanResponse } from "../models/response/planResponse";
-import { PolicyResponse } from "../models/response/policyResponse";
-import { PreloginResponse } from "../models/response/preloginResponse";
-import { ProfileResponse } from "../models/response/profileResponse";
-import {
-  ProviderOrganizationOrganizationDetailsResponse,
-  ProviderOrganizationResponse,
-} from "../models/response/provider/providerOrganizationResponse";
-import { ProviderResponse } from "../models/response/provider/providerResponse";
-import { ProviderUserBulkPublicKeyResponse } from "../models/response/provider/providerUserBulkPublicKeyResponse";
-import { ProviderUserBulkResponse } from "../models/response/provider/providerUserBulkResponse";
-import {
-  ProviderUserResponse,
-  ProviderUserUserDetailsResponse,
-} from "../models/response/provider/providerUserResponse";
-import { SelectionReadOnlyResponse } from "../models/response/selectionReadOnlyResponse";
-import { SendAccessResponse } from "../models/response/sendAccessResponse";
-import { SendFileDownloadDataResponse } from "../models/response/sendFileDownloadDataResponse";
-import { SendFileUploadDataResponse } from "../models/response/sendFileUploadDataResponse";
-import { SendResponse } from "../models/response/sendResponse";
-import { SubscriptionResponse } from "../models/response/subscriptionResponse";
-import { SyncResponse } from "../models/response/syncResponse";
-import { TaxInfoResponse } from "../models/response/taxInfoResponse";
-import { TaxRateResponse } from "../models/response/taxRateResponse";
-import { TwoFactorAuthenticatorResponse } from "../models/response/twoFactorAuthenticatorResponse";
-import { TwoFactorDuoResponse } from "../models/response/twoFactorDuoResponse";
-import { TwoFactorEmailResponse } from "../models/response/twoFactorEmailResponse";
-import { TwoFactorProviderResponse } from "../models/response/twoFactorProviderResponse";
-import { TwoFactorRecoverResponse } from "../models/response/twoFactorRescoverResponse";
-import {
-  ChallengeResponse,
-  TwoFactorWebAuthnResponse,
-} from "../models/response/twoFactorWebAuthnResponse";
-import { TwoFactorYubiKeyResponse } from "../models/response/twoFactorYubiKeyResponse";
-import { UserKeyResponse } from "../models/response/userKeyResponse";
-import { SendAccessView } from "../models/view/sendAccessView";
 
 export abstract class ApiService {
   postIdentityToken: (
-    request: PasswordTokenRequest | SsoTokenRequest | ApiTokenRequest
+    request: PasswordTokenRequest | SsoTokenRequest | ApiTokenRequest,
   ) => Promise<IdentityTokenResponse | IdentityTwoFactorResponse | IdentityCaptchaResponse>;
-  refreshIdentityToken: () => Promise<any>;
-
-  getProfile: () => Promise<ProfileResponse>;
-  getUserBilling: () => Promise<BillingResponse>;
-  getUserSubscription: () => Promise<SubscriptionResponse>;
-  getTaxInfo: () => Promise<TaxInfoResponse>;
-  putProfile: (request: UpdateProfileRequest) => Promise<ProfileResponse>;
-  putTaxInfo: (request: TaxInfoUpdateRequest) => Promise<any>;
-  postPrelogin: (request: PreloginRequest) => Promise<PreloginResponse>;
-  postEmailToken: (request: EmailTokenRequest) => Promise<any>;
-  postEmail: (request: EmailRequest) => Promise<any>;
-  postPassword: (request: PasswordRequest) => Promise<any>;
-  setPassword: (request: SetPasswordRequest) => Promise<any>;
-  postSetKeyConnectorKey: (request: SetKeyConnectorKeyRequest) => Promise<any>;
-  postSecurityStamp: (request: SecretVerificationRequest) => Promise<any>;
-  deleteAccount: (request: SecretVerificationRequest) => Promise<any>;
-  getAccountRevisionDate: () => Promise<number>;
-  postPasswordHint: (request: PasswordHintRequest) => Promise<any>;
-  postRegister: (request: RegisterRequest) => Promise<any>;
-  postPremium: (data: FormData) => Promise<PaymentResponse>;
-  postIapCheck: (request: IapCheckRequest) => Promise<any>;
-  postReinstatePremium: () => Promise<any>;
-  postCancelPremium: () => Promise<any>;
-  postAccountStorage: (request: StorageRequest) => Promise<PaymentResponse>;
-  postAccountPayment: (request: PaymentRequest) => Promise<any>;
-  postAccountLicense: (data: FormData) => Promise<any>;
-  postAccountKey: (request: UpdateKeyRequest) => Promise<any>;
-  postAccountKeys: (request: KeysRequest) => Promise<any>;
-  postAccountVerifyEmail: () => Promise<any>;
-  postAccountVerifyEmailToken: (request: VerifyEmailRequest) => Promise<any>;
-  postAccountVerifyPassword: (request: SecretVerificationRequest) => Promise<any>;
-  postAccountRecoverDelete: (request: DeleteRecoverRequest) => Promise<any>;
-  postAccountRecoverDeleteToken: (request: VerifyDeleteRecoverRequest) => Promise<any>;
-  postAccountKdf: (request: KdfRequest) => Promise<any>;
-  postUserApiKey: (id: string, request: SecretVerificationRequest) => Promise<ApiKeyResponse>;
-  postUserRotateApiKey: (id: string, request: SecretVerificationRequest) => Promise<ApiKeyResponse>;
-  putUpdateTempPassword: (request: UpdateTempPasswordRequest) => Promise<any>;
-  postAccountRequestOTP: () => Promise<void>;
-  postAccountVerifyOTP: (request: VerifyOTPRequest) => Promise<void>;
-  postConvertToKeyConnector: () => Promise<void>;
-
-  getFolder: (id: string) => Promise<FolderResponse>;
-  postFolder: (request: FolderRequest) => Promise<FolderResponse>;
-  putFolder: (id: string, request: FolderRequest) => Promise<FolderResponse>;
-  deleteFolder: (id: string) => Promise<any>;
-
-  getSend: (id: string) => Promise<SendResponse>;
-  postSendAccess: (
-    id: string,
-    request: SendAccessRequest,
-    apiUrl?: string
-  ) => Promise<SendAccessResponse>;
-  getSends: () => Promise<ListResponse<SendResponse>>;
-  postSend: (request: SendRequest) => Promise<SendResponse>;
-  postFileTypeSend: (request: SendRequest) => Promise<SendFileUploadDataResponse>;
-  postSendFile: (sendId: string, fileId: string, data: FormData) => Promise<any>;
-  /**
-   * @deprecated Mar 25 2021: This method has been deprecated in favor of direct uploads.
-   * This method still exists for backward compatibility with old server versions.
-   */
-  postSendFileLegacy: (data: FormData) => Promise<SendResponse>;
-  putSend: (id: string, request: SendRequest) => Promise<SendResponse>;
-  putSendRemovePassword: (id: string) => Promise<SendResponse>;
-  deleteSend: (id: string) => Promise<any>;
-  getSendFileDownloadData: (
-    send: SendAccessView,
-    request: SendAccessRequest,
-    apiUrl?: string
-  ) => Promise<SendFileDownloadDataResponse>;
-  renewSendFileUploadUrl: (sendId: string, fileId: string) => Promise<SendFileUploadDataResponse>;
-
-  getCipher: (id: string) => Promise<CipherResponse>;
-  getCipherAdmin: (id: string) => Promise<CipherResponse>;
-  getAttachmentData: (
-    cipherId: string,
-    attachmentId: string,
-    emergencyAccessId?: string
-  ) => Promise<AttachmentResponse>;
-  getCiphersOrganization: (organizationId: string) => Promise<ListResponse<CipherResponse>>;
-  postCipher: (request: CipherRequest) => Promise<CipherResponse>;
-  postCipherCreate: (request: CipherCreateRequest) => Promise<CipherResponse>;
-  postCipherAdmin: (request: CipherCreateRequest) => Promise<CipherResponse>;
-  putCipher: (id: string, request: CipherRequest) => Promise<CipherResponse>;
-  putCipherAdmin: (id: string, request: CipherRequest) => Promise<CipherResponse>;
-  deleteCipher: (id: string) => Promise<any>;
-  deleteCipherAdmin: (id: string) => Promise<any>;
-  deleteManyCiphers: (request: CipherBulkDeleteRequest) => Promise<any>;
-  deleteManyCiphersAdmin: (request: CipherBulkDeleteRequest) => Promise<any>;
-  putMoveCiphers: (request: CipherBulkMoveRequest) => Promise<any>;
-  putShareCipher: (id: string, request: CipherShareRequest) => Promise<CipherResponse>;
-  putShareCiphers: (request: CipherBulkShareRequest) => Promise<any>;
-  putCipherCollections: (id: string, request: CipherCollectionsRequest) => Promise<any>;
-  putCipherCollectionsAdmin: (id: string, request: CipherCollectionsRequest) => Promise<any>;
-  postPurgeCiphers: (request: SecretVerificationRequest, organizationId?: string) => Promise<any>;
-  postImportCiphers: (request: ImportCiphersRequest) => Promise<any>;
-  postImportOrganizationCiphers: (
-    organizationId: string,
-    request: ImportOrganizationCiphersRequest
-  ) => Promise<any>;
-  putDeleteCipher: (id: string) => Promise<any>;
-  putDeleteCipherAdmin: (id: string) => Promise<any>;
-  putDeleteManyCiphers: (request: CipherBulkDeleteRequest) => Promise<any>;
-  putDeleteManyCiphersAdmin: (request: CipherBulkDeleteRequest) => Promise<any>;
-  putRestoreCipher: (id: string) => Promise<CipherResponse>;
-  putRestoreCipherAdmin: (id: string) => Promise<CipherResponse>;
-  putRestoreManyCiphers: (
-    request: CipherBulkRestoreRequest
-  ) => Promise<ListResponse<CipherResponse>>;
-
-  /**
-   * @deprecated Mar 25 2021: This method has been deprecated in favor of direct uploads.
-   * This method still exists for backward compatibility with old server versions.
-   */
-  postCipherAttachmentLegacy: (id: string, data: FormData) => Promise<CipherResponse>;
-  /**
-   * @deprecated Mar 25 2021: This method has been deprecated in favor of direct uploads.
-   * This method still exists for backward compatibility with old server versions.
-   */
-  postCipherAttachmentAdminLegacy: (id: string, data: FormData) => Promise<CipherResponse>;
-  postCipherAttachment: (
-    id: string,
-    request: AttachmentRequest
-  ) => Promise<AttachmentUploadDataResponse>;
-  deleteCipherAttachment: (id: string, attachmentId: string) => Promise<any>;
-  deleteCipherAttachmentAdmin: (id: string, attachmentId: string) => Promise<any>;
-  postShareCipherAttachment: (
-    id: string,
-    attachmentId: string,
-    data: FormData,
-    organizationId: string
-  ) => Promise<any>;
-  renewAttachmentUploadUrl: (
-    id: string,
-    attachmentId: string
-  ) => Promise<AttachmentUploadDataResponse>;
-  postAttachmentFile: (id: string, attachmentId: string, data: FormData) => Promise<any>;
-
-  getCollectionDetails: (
-    organizationId: string,
-    id: string
-  ) => Promise<CollectionGroupDetailsResponse>;
-  getUserCollections: () => Promise<ListResponse<CollectionResponse>>;
-  getCollections: (organizationId: string) => Promise<ListResponse<CollectionResponse>>;
-  getCollectionUsers: (organizationId: string, id: string) => Promise<SelectionReadOnlyResponse[]>;
-  postCollection: (
-    organizationId: string,
-    request: CollectionRequest
-  ) => Promise<CollectionResponse>;
-  putCollectionUsers: (
-    organizationId: string,
-    id: string,
-    request: SelectionReadOnlyRequest[]
-  ) => Promise<any>;
-  putCollection: (
-    organizationId: string,
-    id: string,
-    request: CollectionRequest
-  ) => Promise<CollectionResponse>;
-  deleteCollection: (organizationId: string, id: string) => Promise<any>;
-  deleteCollectionUser: (
-    organizationId: string,
-    id: string,
-    organizationUserId: string
-  ) => Promise<any>;
-
-  getGroupDetails: (organizationId: string, id: string) => Promise<GroupDetailsResponse>;
-  getGroups: (organizationId: string) => Promise<ListResponse<GroupResponse>>;
-  getGroupUsers: (organizationId: string, id: string) => Promise<string[]>;
-  postGroup: (organizationId: string, request: GroupRequest) => Promise<GroupResponse>;
-  putGroup: (organizationId: string, id: string, request: GroupRequest) => Promise<GroupResponse>;
-  putGroupUsers: (organizationId: string, id: string, request: string[]) => Promise<any>;
-  deleteGroup: (organizationId: string, id: string) => Promise<any>;
-  deleteGroupUser: (organizationId: string, id: string, organizationUserId: string) => Promise<any>;
-
-  getPolicy: (organizationId: string, type: PolicyType) => Promise<PolicyResponse>;
-  getPolicies: (organizationId: string) => Promise<ListResponse<PolicyResponse>>;
-  getPoliciesByToken: (
-    organizationId: string,
-    token: string,
-    email: string,
-    organizationUserId: string
-  ) => Promise<ListResponse<PolicyResponse>>;
-  getPoliciesByInvitedUser: (
-    organizationId: string,
-    userId: string
-  ) => Promise<ListResponse<PolicyResponse>>;
-  putPolicy: (
-    organizationId: string,
-    type: PolicyType,
-    request: PolicyRequest
-  ) => Promise<PolicyResponse>;
-
-  getOrganizationUser: (
-    organizationId: string,
-    id: string
-  ) => Promise<OrganizationUserDetailsResponse>;
-  getOrganizationUserGroups: (organizationId: string, id: string) => Promise<string[]>;
-  getOrganizationUsers: (
-    organizationId: string
-  ) => Promise<ListResponse<OrganizationUserUserDetailsResponse>>;
-  getOrganizationUserResetPasswordDetails: (
-    organizationId: string,
-    id: string
-  ) => Promise<OrganizationUserResetPasswordDetailsReponse>;
-  postOrganizationUserInvite: (
-    organizationId: string,
-    request: OrganizationUserInviteRequest
-  ) => Promise<any>;
-  postOrganizationUserReinvite: (organizationId: string, id: string) => Promise<any>;
-  postManyOrganizationUserReinvite: (
-    organizationId: string,
-    request: OrganizationUserBulkRequest
-  ) => Promise<ListResponse<OrganizationUserBulkResponse>>;
-  postOrganizationUserAccept: (
-    organizationId: string,
-    id: string,
-    request: OrganizationUserAcceptRequest
-  ) => Promise<any>;
-  postOrganizationUserConfirm: (
-    organizationId: string,
-    id: string,
-    request: OrganizationUserConfirmRequest
-  ) => Promise<any>;
-  postOrganizationUsersPublicKey: (
-    organizationId: string,
-    request: OrganizationUserBulkRequest
-  ) => Promise<ListResponse<OrganizationUserBulkPublicKeyResponse>>;
-  postOrganizationUserBulkConfirm: (
-    organizationId: string,
-    request: OrganizationUserBulkConfirmRequest
-  ) => Promise<ListResponse<OrganizationUserBulkResponse>>;
-
-  putOrganizationUser: (
-    organizationId: string,
-    id: string,
-    request: OrganizationUserUpdateRequest
-  ) => Promise<any>;
-  putOrganizationUserGroups: (
-    organizationId: string,
-    id: string,
-    request: OrganizationUserUpdateGroupsRequest
-  ) => Promise<any>;
-  putOrganizationUserResetPasswordEnrollment: (
-    organizationId: string,
-    userId: string,
-    request: OrganizationUserResetPasswordEnrollmentRequest
-  ) => Promise<any>;
-  putOrganizationUserResetPassword: (
-    organizationId: string,
-    id: string,
-    request: OrganizationUserResetPasswordRequest
-  ) => Promise<any>;
-  deleteOrganizationUser: (organizationId: string, id: string) => Promise<any>;
-  deleteManyOrganizationUsers: (
-    organizationId: string,
-    request: OrganizationUserBulkRequest
-  ) => Promise<ListResponse<OrganizationUserBulkResponse>>;
-
-  getSync: () => Promise<SyncResponse>;
-  postImportDirectory: (organizationId: string, request: ImportDirectoryRequest) => Promise<any>;
   postPublicImportDirectory: (request: OrganizationImportRequest) => Promise<any>;
-
-  getSettingsDomains: () => Promise<DomainsResponse>;
-  putSettingsDomains: (request: UpdateDomainsRequest) => Promise<DomainsResponse>;
-
-  getTwoFactorProviders: () => Promise<ListResponse<TwoFactorProviderResponse>>;
-  getTwoFactorOrganizationProviders: (
-    organizationId: string
-  ) => Promise<ListResponse<TwoFactorProviderResponse>>;
-  getTwoFactorAuthenticator: (
-    request: SecretVerificationRequest
-  ) => Promise<TwoFactorAuthenticatorResponse>;
-  getTwoFactorEmail: (request: SecretVerificationRequest) => Promise<TwoFactorEmailResponse>;
-  getTwoFactorDuo: (request: SecretVerificationRequest) => Promise<TwoFactorDuoResponse>;
-  getTwoFactorOrganizationDuo: (
-    organizationId: string,
-    request: SecretVerificationRequest
-  ) => Promise<TwoFactorDuoResponse>;
-  getTwoFactorYubiKey: (request: SecretVerificationRequest) => Promise<TwoFactorYubiKeyResponse>;
-  getTwoFactorWebAuthn: (request: SecretVerificationRequest) => Promise<TwoFactorWebAuthnResponse>;
-  getTwoFactorWebAuthnChallenge: (request: SecretVerificationRequest) => Promise<ChallengeResponse>;
-  getTwoFactorRecover: (request: SecretVerificationRequest) => Promise<TwoFactorRecoverResponse>;
-  putTwoFactorAuthenticator: (
-    request: UpdateTwoFactorAuthenticatorRequest
-  ) => Promise<TwoFactorAuthenticatorResponse>;
-  putTwoFactorEmail: (request: UpdateTwoFactorEmailRequest) => Promise<TwoFactorEmailResponse>;
-  putTwoFactorDuo: (request: UpdateTwoFactorDuoRequest) => Promise<TwoFactorDuoResponse>;
-  putTwoFactorOrganizationDuo: (
-    organizationId: string,
-    request: UpdateTwoFactorDuoRequest
-  ) => Promise<TwoFactorDuoResponse>;
-  putTwoFactorYubiKey: (
-    request: UpdateTwoFactorYubioOtpRequest
-  ) => Promise<TwoFactorYubiKeyResponse>;
-  putTwoFactorWebAuthn: (
-    request: UpdateTwoFactorWebAuthnRequest
-  ) => Promise<TwoFactorWebAuthnResponse>;
-  deleteTwoFactorWebAuthn: (
-    request: UpdateTwoFactorWebAuthnDeleteRequest
-  ) => Promise<TwoFactorWebAuthnResponse>;
-  putTwoFactorDisable: (request: TwoFactorProviderRequest) => Promise<TwoFactorProviderResponse>;
-  putTwoFactorOrganizationDisable: (
-    organizationId: string,
-    request: TwoFactorProviderRequest
-  ) => Promise<TwoFactorProviderResponse>;
-  postTwoFactorRecover: (request: TwoFactorRecoveryRequest) => Promise<any>;
-  postTwoFactorEmailSetup: (request: TwoFactorEmailRequest) => Promise<any>;
-  postTwoFactorEmail: (request: TwoFactorEmailRequest) => Promise<any>;
-
-  getEmergencyAccessTrusted: () => Promise<ListResponse<EmergencyAccessGranteeDetailsResponse>>;
-  getEmergencyAccessGranted: () => Promise<ListResponse<EmergencyAccessGrantorDetailsResponse>>;
-  getEmergencyAccess: (id: string) => Promise<EmergencyAccessGranteeDetailsResponse>;
-  getEmergencyGrantorPolicies: (id: string) => Promise<ListResponse<PolicyResponse>>;
-  putEmergencyAccess: (id: string, request: EmergencyAccessUpdateRequest) => Promise<any>;
-  deleteEmergencyAccess: (id: string) => Promise<any>;
-  postEmergencyAccessInvite: (request: EmergencyAccessInviteRequest) => Promise<any>;
-  postEmergencyAccessReinvite: (id: string) => Promise<any>;
-  postEmergencyAccessAccept: (id: string, request: EmergencyAccessAcceptRequest) => Promise<any>;
-  postEmergencyAccessConfirm: (id: string, request: EmergencyAccessConfirmRequest) => Promise<any>;
-  postEmergencyAccessInitiate: (id: string) => Promise<any>;
-  postEmergencyAccessApprove: (id: string) => Promise<any>;
-  postEmergencyAccessReject: (id: string) => Promise<any>;
-  postEmergencyAccessTakeover: (id: string) => Promise<EmergencyAccessTakeoverResponse>;
-  postEmergencyAccessPassword: (
-    id: string,
-    request: EmergencyAccessPasswordRequest
-  ) => Promise<any>;
-  postEmergencyAccessView: (id: string) => Promise<EmergencyAccessViewResponse>;
-
-  getOrganization: (id: string) => Promise<OrganizationResponse>;
-  getOrganizationBilling: (id: string) => Promise<BillingResponse>;
-  getOrganizationSubscription: (id: string) => Promise<OrganizationSubscriptionResponse>;
-  getOrganizationLicense: (id: string, installationId: string) => Promise<any>;
-  getOrganizationTaxInfo: (id: string) => Promise<TaxInfoResponse>;
-  getOrganizationAutoEnrollStatus: (
-    identifier: string
-  ) => Promise<OrganizationAutoEnrollStatusResponse>;
-  getOrganizationSso: (id: string) => Promise<OrganizationSsoResponse>;
-  postOrganization: (request: OrganizationCreateRequest) => Promise<OrganizationResponse>;
-  putOrganization: (
-    id: string,
-    request: OrganizationUpdateRequest
-  ) => Promise<OrganizationResponse>;
-  putOrganizationTaxInfo: (id: string, request: OrganizationTaxInfoUpdateRequest) => Promise<any>;
-  postLeaveOrganization: (id: string) => Promise<any>;
-  postOrganizationLicense: (data: FormData) => Promise<OrganizationResponse>;
-  postOrganizationLicenseUpdate: (id: string, data: FormData) => Promise<any>;
-  postOrganizationApiKey: (
-    id: string,
-    request: SecretVerificationRequest
-  ) => Promise<ApiKeyResponse>;
-  postOrganizationRotateApiKey: (
-    id: string,
-    request: SecretVerificationRequest
-  ) => Promise<ApiKeyResponse>;
-  postOrganizationSso: (
-    id: string,
-    request: OrganizationSsoRequest
-  ) => Promise<OrganizationSsoResponse>;
-  postOrganizationUpgrade: (
-    id: string,
-    request: OrganizationUpgradeRequest
-  ) => Promise<PaymentResponse>;
-  postOrganizationUpdateSubscription: (
-    id: string,
-    request: OrganizationSubscriptionUpdateRequest
-  ) => Promise<void>;
-  postOrganizationSeat: (id: string, request: SeatRequest) => Promise<PaymentResponse>;
-  postOrganizationStorage: (id: string, request: StorageRequest) => Promise<any>;
-  postOrganizationPayment: (id: string, request: PaymentRequest) => Promise<any>;
-  postOrganizationVerifyBank: (id: string, request: VerifyBankRequest) => Promise<any>;
-  postOrganizationCancel: (id: string) => Promise<any>;
-  postOrganizationReinstate: (id: string) => Promise<any>;
-  deleteOrganization: (id: string, request: SecretVerificationRequest) => Promise<any>;
-  getPlans: () => Promise<ListResponse<PlanResponse>>;
-  getTaxRates: () => Promise<ListResponse<TaxRateResponse>>;
-  getOrganizationKeys: (id: string) => Promise<OrganizationKeysResponse>;
-  postOrganizationKeys: (
-    id: string,
-    request: OrganizationKeysRequest
-  ) => Promise<OrganizationKeysResponse>;
-
-  postProviderSetup: (id: string, request: ProviderSetupRequest) => Promise<ProviderResponse>;
-  getProvider: (id: string) => Promise<ProviderResponse>;
-  putProvider: (id: string, request: ProviderUpdateRequest) => Promise<ProviderResponse>;
-
-  getProviderUsers: (providerId: string) => Promise<ListResponse<ProviderUserUserDetailsResponse>>;
-  getProviderUser: (providerId: string, id: string) => Promise<ProviderUserResponse>;
-  postProviderUserInvite: (providerId: string, request: ProviderUserInviteRequest) => Promise<any>;
-  postProviderUserReinvite: (providerId: string, id: string) => Promise<any>;
-  postManyProviderUserReinvite: (
-    providerId: string,
-    request: ProviderUserBulkRequest
-  ) => Promise<ListResponse<ProviderUserBulkResponse>>;
-  postProviderUserAccept: (
-    providerId: string,
-    id: string,
-    request: ProviderUserAcceptRequest
-  ) => Promise<any>;
-  postProviderUserConfirm: (
-    providerId: string,
-    id: string,
-    request: ProviderUserConfirmRequest
-  ) => Promise<any>;
-  postProviderUsersPublicKey: (
-    providerId: string,
-    request: ProviderUserBulkRequest
-  ) => Promise<ListResponse<ProviderUserBulkPublicKeyResponse>>;
-  postProviderUserBulkConfirm: (
-    providerId: string,
-    request: ProviderUserBulkConfirmRequest
-  ) => Promise<ListResponse<ProviderUserBulkResponse>>;
-  putProviderUser: (
-    providerId: string,
-    id: string,
-    request: ProviderUserUpdateRequest
-  ) => Promise<any>;
-  deleteProviderUser: (organizationId: string, id: string) => Promise<any>;
-  deleteManyProviderUsers: (
-    providerId: string,
-    request: ProviderUserBulkRequest
-  ) => Promise<ListResponse<ProviderUserBulkResponse>>;
-  getProviderClients: (
-    providerId: string
-  ) => Promise<ListResponse<ProviderOrganizationOrganizationDetailsResponse>>;
-  postProviderAddOrganization: (
-    providerId: string,
-    request: ProviderAddOrganizationRequest
-  ) => Promise<any>;
-  postProviderCreateOrganization: (
-    providerId: string,
-    request: ProviderOrganizationCreateRequest
-  ) => Promise<ProviderOrganizationResponse>;
-  deleteProviderOrganization: (providerId: string, organizationId: string) => Promise<any>;
-
-  getEvents: (start: string, end: string, token: string) => Promise<ListResponse<EventResponse>>;
-  getEventsCipher: (
-    id: string,
-    start: string,
-    end: string,
-    token: string
-  ) => Promise<ListResponse<EventResponse>>;
-  getEventsOrganization: (
-    id: string,
-    start: string,
-    end: string,
-    token: string
-  ) => Promise<ListResponse<EventResponse>>;
-  getEventsOrganizationUser: (
-    organizationId: string,
-    id: string,
-    start: string,
-    end: string,
-    token: string
-  ) => Promise<ListResponse<EventResponse>>;
-  getEventsProvider: (
-    id: string,
-    start: string,
-    end: string,
-    token: string
-  ) => Promise<ListResponse<EventResponse>>;
-  getEventsProviderUser: (
-    providerId: string,
-    id: string,
-    start: string,
-    end: string,
-    token: string
-  ) => Promise<ListResponse<EventResponse>>;
-  postEventsCollect: (request: EventRequest[]) => Promise<any>;
-
-  deleteSsoUser: (organizationId: string) => Promise<any>;
-  getSsoUserIdentifier: () => Promise<string>;
-
-  getUserPublicKey: (id: string) => Promise<UserKeyResponse>;
-
-  getHibpBreach: (username: string) => Promise<BreachAccountResponse[]>;
-
-  postBitPayInvoice: (request: BitPayInvoiceRequest) => Promise<string>;
-  postSetupPayment: () => Promise<string>;
-
-  getActiveBearerToken: () => Promise<string>;
-  fetch: (request: Request) => Promise<Response>;
-  nativeFetch: (request: Request) => Promise<Response>;
-
-  preValidateSso: (identifier: string) => Promise<boolean>;
-
-  postCreateSponsorship: (
-    sponsorshipOrgId: string,
-    request: OrganizationSponsorshipCreateRequest
-  ) => Promise<void>;
-  deleteRevokeSponsorship: (sponsoringOrganizationId: string) => Promise<void>;
-  deleteRemoveSponsorship: (sponsoringOrgId: string) => Promise<void>;
-  postPreValidateSponsorshipToken: (sponsorshipToken: string) => Promise<boolean>;
-  postRedeemSponsorship: (
-    sponsorshipToken: string,
-    request: OrganizationSponsorshipRedeemRequest
-  ) => Promise<void>;
-  postResendSponsorshipOffer: (sponsoringOrgId: string) => Promise<void>;
-
-  getUserKeyFromKeyConnector: (keyConnectorUrl: string) => Promise<KeyConnectorUserKeyResponse>;
-  postUserKeyToKeyConnector: (
-    keyConnectorUrl: string,
-    request: KeyConnectorUserKeyRequest
-  ) => Promise<void>;
-  getKeyConnectorAlive: (keyConnectorUrl: string) => Promise<void>;
 }

jslib/common/src/abstractions/audit.service.ts

@@ -1,6 +0,0 @@
-import { BreachAccountResponse } from "../models/response/breachAccountResponse";
-
-export abstract class AuditService {
-  passwordLeaked: (password: string) => Promise<number>;
-  breachedAccounts: (username: string) => Promise<BreachAccountResponse[]>;
-}

jslib/common/src/abstractions/auth.service.ts

@@ -1,25 +0,0 @@
-import { AuthResult } from "../models/domain/authResult";
-import {
-  ApiLogInCredentials,
-  PasswordLogInCredentials,
-  SsoLogInCredentials,
-} from "../models/domain/logInCredentials";
-import { SymmetricCryptoKey } from "../models/domain/symmetricCryptoKey";
-import { TokenRequestTwoFactor } from "../models/request/identityToken/tokenRequestTwoFactor";
-
-export abstract class AuthService {
-  masterPasswordHash: string;
-  email: string;
-  logIn: (
-    credentials: ApiLogInCredentials | PasswordLogInCredentials | SsoLogInCredentials
-  ) => Promise<AuthResult>;
-  logInTwoFactor: (
-    twoFactor: TokenRequestTwoFactor,
-    captchaResponse: string
-  ) => Promise<AuthResult>;
-  logOut: (callback: () => void) => void;
-  makePreloginKey: (masterPassword: string, email: string) => Promise<SymmetricCryptoKey>;
-  authingWithApiKey: () => boolean;
-  authingWithSso: () => boolean;
-  authingWithPassword: () => boolean;
-}

jslib/common/src/abstractions/cipher.service.ts

@@ -1,79 +0,0 @@
-import { CipherType } from "../enums/cipherType";
-import { UriMatchType } from "../enums/uriMatchType";
-import { CipherData } from "../models/data/cipherData";
-import { Cipher } from "../models/domain/cipher";
-import { Field } from "../models/domain/field";
-import { SymmetricCryptoKey } from "../models/domain/symmetricCryptoKey";
-import { CipherView } from "../models/view/cipherView";
-import { FieldView } from "../models/view/fieldView";
-
-export abstract class CipherService {
-  clearCache: (userId?: string) => Promise<void>;
-  encrypt: (
-    model: CipherView,
-    key?: SymmetricCryptoKey,
-    originalCipher?: Cipher
-  ) => Promise<Cipher>;
-  encryptFields: (fieldsModel: FieldView[], key: SymmetricCryptoKey) => Promise<Field[]>;
-  encryptField: (fieldModel: FieldView, key: SymmetricCryptoKey) => Promise<Field>;
-  get: (id: string) => Promise<Cipher>;
-  getAll: () => Promise<Cipher[]>;
-  getAllDecrypted: () => Promise<CipherView[]>;
-  getAllDecryptedForGrouping: (groupingId: string, folder?: boolean) => Promise<CipherView[]>;
-  getAllDecryptedForUrl: (
-    url: string,
-    includeOtherTypes?: CipherType[],
-    defaultMatch?: UriMatchType
-  ) => Promise<CipherView[]>;
-  getAllFromApiForOrganization: (organizationId: string) => Promise<CipherView[]>;
-  getLastUsedForUrl: (url: string, autofillOnPageLoad: boolean) => Promise<CipherView>;
-  getLastLaunchedForUrl: (url: string, autofillOnPageLoad: boolean) => Promise<CipherView>;
-  getNextCipherForUrl: (url: string) => Promise<CipherView>;
-  updateLastUsedIndexForUrl: (url: string) => void;
-  updateLastUsedDate: (id: string) => Promise<void>;
-  updateLastLaunchedDate: (id: string) => Promise<void>;
-  saveNeverDomain: (domain: string) => Promise<void>;
-  saveWithServer: (cipher: Cipher) => Promise<any>;
-  shareWithServer: (
-    cipher: CipherView,
-    organizationId: string,
-    collectionIds: string[]
-  ) => Promise<any>;
-  shareManyWithServer: (
-    ciphers: CipherView[],
-    organizationId: string,
-    collectionIds: string[]
-  ) => Promise<any>;
-  saveAttachmentWithServer: (
-    cipher: Cipher,
-    unencryptedFile: any,
-    admin?: boolean
-  ) => Promise<Cipher>;
-  saveAttachmentRawWithServer: (
-    cipher: Cipher,
-    filename: string,
-    data: ArrayBuffer,
-    admin?: boolean
-  ) => Promise<Cipher>;
-  saveCollectionsWithServer: (cipher: Cipher) => Promise<any>;
-  upsert: (cipher: CipherData | CipherData[]) => Promise<any>;
-  replace: (ciphers: { [id: string]: CipherData }) => Promise<any>;
-  clear: (userId: string) => Promise<any>;
-  moveManyWithServer: (ids: string[], folderId: string) => Promise<any>;
-  delete: (id: string | string[]) => Promise<any>;
-  deleteWithServer: (id: string) => Promise<any>;
-  deleteManyWithServer: (ids: string[]) => Promise<any>;
-  deleteAttachment: (id: string, attachmentId: string) => Promise<void>;
-  deleteAttachmentWithServer: (id: string, attachmentId: string) => Promise<void>;
-  sortCiphersByLastUsed: (a: any, b: any) => number;
-  sortCiphersByLastUsedThenName: (a: any, b: any) => number;
-  getLocaleSortingFunction: () => (a: CipherView, b: CipherView) => number;
-  softDelete: (id: string | string[]) => Promise<any>;
-  softDeleteWithServer: (id: string) => Promise<any>;
-  softDeleteManyWithServer: (ids: string[]) => Promise<any>;
-  restore: (
-    cipher: { id: string; revisionDate: string } | { id: string; revisionDate: string }[]
-  ) => Promise<any>;
-  restoreWithServer: (id: string) => Promise<any>;
-  restoreManyWithServer: (ids: string[]) => Promise<any>;
-}

jslib/common/src/abstractions/collection.service.ts

@@ -1,19 +0,0 @@
-import { CollectionData } from "../models/data/collectionData";
-import { Collection } from "../models/domain/collection";
-import { TreeNode } from "../models/domain/treeNode";
-import { CollectionView } from "../models/view/collectionView";
-
-export abstract class CollectionService {
-  clearCache: (userId?: string) => Promise<void>;
-  encrypt: (model: CollectionView) => Promise<Collection>;
-  decryptMany: (collections: Collection[]) => Promise<CollectionView[]>;
-  get: (id: string) => Promise<Collection>;
-  getAll: () => Promise<Collection[]>;
-  getAllDecrypted: () => Promise<CollectionView[]>;
-  getAllNested: (collections?: CollectionView[]) => Promise<TreeNode<CollectionView>[]>;
-  getNested: (id: string) => Promise<TreeNode<CollectionView>>;
-  upsert: (collection: CollectionData | CollectionData[]) => Promise<any>;
-  replace: (collections: { [id: string]: CollectionData }) => Promise<any>;
-  clear: (userId: string) => Promise<any>;
-  delete: (id: string | string[]) => Promise<any>;
-}

jslib/common/src/abstractions/crypto.service.ts

@@ -15,7 +15,7 @@ export abstract class CryptoService {
   setEncPrivateKey: (encPrivateKey: string) => Promise<void>;
   setOrgKeys: (
     orgs: ProfileOrganizationResponse[],
-    providerOrgs: ProfileProviderOrganizationResponse[]
+    providerOrgs: ProfileProviderOrganizationResponse[],
   ) => Promise<void>;
   setProviderKeys: (orgs: ProfileProviderResponse[]) => Promise<void>;
   getKey: (keySuffix?: KeySuffixOptions, userId?: string) => Promise<SymmetricCryptoKey>;
@@ -46,14 +46,14 @@ export abstract class CryptoService {
     password: string,
     salt: string,
     kdf: KdfType,
-    kdfIterations: number
+    kdfIterations: number,
   ) => Promise<SymmetricCryptoKey>;
   makeKeyFromPin: (
     pin: string,
     salt: string,
     kdf: KdfType,
     kdfIterations: number,
-    protectedKeyCs?: EncString
+    protectedKeyCs?: EncString,
   ) => Promise<SymmetricCryptoKey>;
   makeShareKey: () => Promise<[EncString, SymmetricCryptoKey]>;
   makeKeyPair: (key?: SymmetricCryptoKey) => Promise<[string, EncString]>;
@@ -61,18 +61,18 @@ export abstract class CryptoService {
     pin: string,
     salt: string,
     kdf: KdfType,
-    kdfIterations: number
+    kdfIterations: number,
   ) => Promise<SymmetricCryptoKey>;
   makeSendKey: (keyMaterial: ArrayBuffer) => Promise<SymmetricCryptoKey>;
   hashPassword: (
     password: string,
     key: SymmetricCryptoKey,
-    hashPurpose?: HashPurpose
+    hashPurpose?: HashPurpose,
   ) => Promise<string>;
   makeEncKey: (key: SymmetricCryptoKey) => Promise<[SymmetricCryptoKey, EncString]>;
   remakeEncKey: (
     key: SymmetricCryptoKey,
-    encKey?: SymmetricCryptoKey
+    encKey?: SymmetricCryptoKey,
   ) => Promise<[SymmetricCryptoKey, EncString]>;
   encrypt: (plainValue: string | ArrayBuffer, key?: SymmetricCryptoKey) => Promise<EncString>;
   encryptToBytes: (plainValue: ArrayBuffer, key?: SymmetricCryptoKey) => Promise<EncArrayBuffer>;

jslib/common/src/abstractions/cryptoFunction.service.ts

@@ -6,35 +6,35 @@ export abstract class CryptoFunctionService {
     password: string | ArrayBuffer,
     salt: string | ArrayBuffer,
     algorithm: "sha256" | "sha512",
-    iterations: number
+    iterations: number,
   ) => Promise<ArrayBuffer>;
   hkdf: (
     ikm: ArrayBuffer,
     salt: string | ArrayBuffer,
     info: string | ArrayBuffer,
     outputByteSize: number,
-    algorithm: "sha256" | "sha512"
+    algorithm: "sha256" | "sha512",
   ) => Promise<ArrayBuffer>;
   hkdfExpand: (
     prk: ArrayBuffer,
     info: string | ArrayBuffer,
     outputByteSize: number,
-    algorithm: "sha256" | "sha512"
+    algorithm: "sha256" | "sha512",
   ) => Promise<ArrayBuffer>;
   hash: (
     value: string | ArrayBuffer,
-    algorithm: "sha1" | "sha256" | "sha512" | "md5"
+    algorithm: "sha1" | "sha256" | "sha512" | "md5",
   ) => Promise<ArrayBuffer>;
   hmac: (
     value: ArrayBuffer,
     key: ArrayBuffer,
-    algorithm: "sha1" | "sha256" | "sha512"
+    algorithm: "sha1" | "sha256" | "sha512",
   ) => Promise<ArrayBuffer>;
   compare: (a: ArrayBuffer, b: ArrayBuffer) => Promise<boolean>;
   hmacFast: (
     value: ArrayBuffer | string,
     key: ArrayBuffer | string,
-    algorithm: "sha1" | "sha256" | "sha512"
+    algorithm: "sha1" | "sha256" | "sha512",
   ) => Promise<ArrayBuffer | string>;
   compareFast: (a: ArrayBuffer | string, b: ArrayBuffer | string) => Promise<boolean>;
   aesEncrypt: (data: ArrayBuffer, iv: ArrayBuffer, key: ArrayBuffer) => Promise<ArrayBuffer>;
@@ -42,19 +42,19 @@ export abstract class CryptoFunctionService {
     data: string,
     iv: string,
     mac: string,
-    key: SymmetricCryptoKey
+    key: SymmetricCryptoKey,
   ) => DecryptParameters<ArrayBuffer | string>;
   aesDecryptFast: (parameters: DecryptParameters<ArrayBuffer | string>) => Promise<string>;
   aesDecrypt: (data: ArrayBuffer, iv: ArrayBuffer, key: ArrayBuffer) => Promise<ArrayBuffer>;
   rsaEncrypt: (
     data: ArrayBuffer,
     publicKey: ArrayBuffer,
-    algorithm: "sha1" | "sha256"
+    algorithm: "sha1" | "sha256",
   ) => Promise<ArrayBuffer>;
   rsaDecrypt: (
     data: ArrayBuffer,
     privateKey: ArrayBuffer,
-    algorithm: "sha1" | "sha256"
+    algorithm: "sha1" | "sha256",
   ) => Promise<ArrayBuffer>;
   rsaExtractPublicKey: (privateKey: ArrayBuffer) => Promise<ArrayBuffer>;
   rsaGenerateKeyPair: (length: 1024 | 2048 | 4096) => Promise<[ArrayBuffer, ArrayBuffer]>;

jslib/common/src/abstractions/event.service.ts

@@ -1,7 +0,0 @@
-import { EventType } from "../enums/eventType";
-
-export abstract class EventService {
-  collect: (eventType: EventType, cipherId?: string, uploadImmediately?: boolean) => Promise<any>;
-  uploadEvents: (userId?: string) => Promise<any>;
-  clearEvents: (userId?: string) => Promise<any>;
-}

jslib/common/src/abstractions/export.service.ts

@@ -1,11 +0,0 @@
-import { EventView } from "../models/view/eventView";
-
-export type ExportFormat = "csv" | "json" | "encrypted_json";
-
-export abstract class ExportService {
-  getExport: (format?: ExportFormat, organizationId?: string) => Promise<string>;
-  getPasswordProtectedExport: (password: string, organizationId?: string) => Promise<string>;
-  getOrganizationExport: (organizationId: string, format?: ExportFormat) => Promise<string>;
-  getEventExport: (events: EventView[]) => Promise<string>;
-  getFileName: (prefix?: string, extension?: string) => string;
-}

jslib/common/src/abstractions/fileUpload.service.ts

@@ -1,18 +0,0 @@
-import { EncArrayBuffer } from "../models/domain/encArrayBuffer";
-import { EncString } from "../models/domain/encString";
-import { AttachmentUploadDataResponse } from "../models/response/attachmentUploadDataResponse";
-import { SendFileUploadDataResponse } from "../models/response/sendFileUploadDataResponse";
-
-export abstract class FileUploadService {
-  uploadSendFile: (
-    uploadData: SendFileUploadDataResponse,
-    fileName: EncString,
-    encryptedFileData: EncArrayBuffer
-  ) => Promise<any>;
-  uploadCipherAttachment: (
-    admin: boolean,
-    uploadData: AttachmentUploadDataResponse,
-    fileName: EncString,
-    encryptedFileData: EncArrayBuffer
-  ) => Promise<any>;
-}

jslib/common/src/abstractions/folder.service.ts

@@ -1,21 +0,0 @@
-import { FolderData } from "../models/data/folderData";
-import { Folder } from "../models/domain/folder";
-import { SymmetricCryptoKey } from "../models/domain/symmetricCryptoKey";
-import { TreeNode } from "../models/domain/treeNode";
-import { FolderView } from "../models/view/folderView";
-
-export abstract class FolderService {
-  clearCache: (userId?: string) => Promise<void>;
-  encrypt: (model: FolderView, key?: SymmetricCryptoKey) => Promise<Folder>;
-  get: (id: string) => Promise<Folder>;
-  getAll: () => Promise<Folder[]>;
-  getAllDecrypted: () => Promise<FolderView[]>;
-  getAllNested: () => Promise<TreeNode<FolderView>[]>;
-  getNested: (id: string) => Promise<TreeNode<FolderView>>;
-  saveWithServer: (folder: Folder) => Promise<any>;
-  upsert: (folder: FolderData | FolderData[]) => Promise<any>;
-  replace: (folders: { [id: string]: FolderData }) => Promise<any>;
-  clear: (userId: string) => Promise<any>;
-  delete: (id: string | string[]) => Promise<any>;
-  deleteWithServer: (id: string) => Promise<any>;
-}

jslib/common/src/abstractions/import.service.ts

@@ -1,19 +0,0 @@
-import { ImportOption, ImportType } from "../enums/importOptions";
-import { ImportError } from "../importers/importError";
-import { Importer } from "../importers/importer";
-
-export abstract class ImportService {
-  featuredImportOptions: readonly ImportOption[];
-  regularImportOptions: readonly ImportOption[];
-  getImportOptions: () => ImportOption[];
-  import: (
-    importer: Importer,
-    fileContents: string,
-    organizationId?: string
-  ) => Promise<ImportError>;
-  getImporter: (
-    format: ImportType | "bitwardenpasswordprotected",
-    organizationId: string,
-    password?: string
-  ) => Importer;
-}

jslib/common/src/abstractions/keyConnector.service.ts

@@ -1,19 +0,0 @@
-import { Organization } from "../models/domain/organization";
-import { IdentityTokenResponse } from "../models/response/identityTokenResponse";
-
-export abstract class KeyConnectorService {
-  getAndSetKey: (url?: string) => Promise<void>;
-  getManagingOrganization: () => Promise<Organization>;
-  getUsesKeyConnector: () => Promise<boolean>;
-  migrateUser: () => Promise<void>;
-  userNeedsMigration: () => Promise<boolean>;
-  convertNewSsoUserToKeyConnector: (
-    tokenResponse: IdentityTokenResponse,
-    orgId: string
-  ) => Promise<void>;
-  setUsesKeyConnector: (enabled: boolean) => Promise<void>;
-  setConvertAccountRequired: (status: boolean) => Promise<void>;
-  getConvertAccountRequired: () => Promise<boolean>;
-  removeConvertAccountRequired: () => Promise<void>;
-  clear: () => Promise<void>;
-}

jslib/common/src/abstractions/notifications.service.ts

@@ -1,6 +0,0 @@
-export abstract class NotificationsService {
-  init: () => Promise<void>;
-  updateConnection: (sync?: boolean) => Promise<void>;
-  reconnectFromActivity: () => Promise<void>;
-  disconnectFromInactivity: () => Promise<void>;
-}

jslib/common/src/abstractions/organization.service.ts

@@ -1,11 +0,0 @@
-import { OrganizationData } from "../models/data/organizationData";
-import { Organization } from "../models/domain/organization";
-
-export abstract class OrganizationService {
-  get: (id: string) => Promise<Organization>;
-  getByIdentifier: (identifier: string) => Promise<Organization>;
-  getAll: (userId?: string) => Promise<Organization[]>;
-  save: (orgs: { [id: string]: OrganizationData }) => Promise<any>;
-  canManageSponsorships: () => Promise<boolean>;
-  hasOrganizations: (userId?: string) => Promise<boolean>;
-}

jslib/common/src/abstractions/passwordGeneration.service.ts

@@ -1,20 +0,0 @@
-import * as zxcvbn from "zxcvbn";
-
-import { GeneratedPasswordHistory } from "../models/domain/generatedPasswordHistory";
-import { PasswordGeneratorPolicyOptions } from "../models/domain/passwordGeneratorPolicyOptions";
-
-export abstract class PasswordGenerationService {
-  generatePassword: (options: any) => Promise<string>;
-  generatePassphrase: (options: any) => Promise<string>;
-  getOptions: () => Promise<[any, PasswordGeneratorPolicyOptions]>;
-  enforcePasswordGeneratorPoliciesOnOptions: (
-    options: any
-  ) => Promise<[any, PasswordGeneratorPolicyOptions]>;
-  getPasswordGeneratorPolicyOptions: () => Promise<PasswordGeneratorPolicyOptions>;
-  saveOptions: (options: any) => Promise<any>;
-  getHistory: () => Promise<GeneratedPasswordHistory[]>;
-  addHistory: (password: string) => Promise<any>;
-  clear: (userId?: string) => Promise<any>;
-  passwordStrength: (password: string, userInputs?: string[]) => zxcvbn.ZXCVBNResult;
-  normalizeOptions: (options: any, enforcedPolicyOptions: PasswordGeneratorPolicyOptions) => void;
-}

jslib/common/src/abstractions/passwordReprompt.service.ts

@@ -1,5 +0,0 @@
-export abstract class PasswordRepromptService {
-  protectedFields: () => string[];
-  showPasswordPrompt: () => Promise<boolean>;
-  enabled: () => Promise<boolean>;
-}

jslib/common/src/abstractions/platformUtils.service.ts

@@ -27,7 +27,7 @@ export abstract class PlatformUtilsService {
     type: "error" | "success" | "warning" | "info",
     title: string,
     text: string | string[],
-    options?: ToastOptions
+    options?: ToastOptions,
   ) => void;
   showDialog: (
     body: string,
@@ -35,7 +35,7 @@ export abstract class PlatformUtilsService {
     confirmText?: string,
     cancelText?: string,
     type?: string,
-    bodyIsHtml?: boolean
+    bodyIsHtml?: boolean,
   ) => Promise<boolean>;
   isDev: () => boolean;
   isSelfHost: () => boolean;
@@ -45,7 +45,7 @@ export abstract class PlatformUtilsService {
   authenticateBiometric: () => Promise<boolean>;
   getDefaultSystemTheme: () => Promise<ThemeType.Light | ThemeType.Dark>;
   onDefaultSystemThemeChange: (
-    callback: (theme: ThemeType.Light | ThemeType.Dark) => unknown
+    callback: (theme: ThemeType.Light | ThemeType.Dark) => unknown,
   ) => unknown;
   getEffectiveTheme: () => Promise<ThemeType>;
   supportsSecureStorage: () => boolean;

jslib/common/src/abstractions/policy.service.ts

@@ -1,32 +0,0 @@
-import { PolicyType } from "../enums/policyType";
-import { PolicyData } from "../models/data/policyData";
-import { MasterPasswordPolicyOptions } from "../models/domain/masterPasswordPolicyOptions";
-import { Policy } from "../models/domain/policy";
-import { ResetPasswordPolicyOptions } from "../models/domain/resetPasswordPolicyOptions";
-import { ListResponse } from "../models/response/listResponse";
-import { PolicyResponse } from "../models/response/policyResponse";
-
-export abstract class PolicyService {
-  clearCache: () => void;
-  getAll: (type?: PolicyType, userId?: string) => Promise<Policy[]>;
-  getPolicyForOrganization: (policyType: PolicyType, organizationId: string) => Promise<Policy>;
-  replace: (policies: { [id: string]: PolicyData }) => Promise<any>;
-  clear: (userId?: string) => Promise<any>;
-  getMasterPasswordPoliciesForInvitedUsers: (orgId: string) => Promise<MasterPasswordPolicyOptions>;
-  getMasterPasswordPolicyOptions: (policies?: Policy[]) => Promise<MasterPasswordPolicyOptions>;
-  evaluateMasterPassword: (
-    passwordStrength: number,
-    newPassword: string,
-    enforcedPolicyOptions?: MasterPasswordPolicyOptions
-  ) => boolean;
-  getResetPasswordPolicyOptions: (
-    policies: Policy[],
-    orgId: string
-  ) => [ResetPasswordPolicyOptions, boolean];
-  mapPoliciesFromToken: (policiesResponse: ListResponse<PolicyResponse>) => Policy[];
-  policyAppliesToUser: (
-    policyType: PolicyType,
-    policyFilter?: (policy: Policy) => boolean,
-    userId?: string
-  ) => Promise<boolean>;
-}

jslib/common/src/abstractions/provider.service.ts

@@ -1,8 +0,0 @@
-import { ProviderData } from "../models/data/providerData";
-import { Provider } from "../models/domain/provider";
-
-export abstract class ProviderService {
-  get: (id: string) => Promise<Provider>;
-  getAll: () => Promise<Provider[]>;
-  save: (providers: { [id: string]: ProviderData }) => Promise<any>;
-}

jslib/common/src/abstractions/search.service.ts

@@ -1,16 +0,0 @@
-import { CipherView } from "../models/view/cipherView";
-import { SendView } from "../models/view/sendView";
-
-export abstract class SearchService {
-  indexedEntityId?: string = null;
-  clearIndex: () => void;
-  isSearchable: (query: string) => boolean;
-  indexCiphers: (indexedEntityGuid?: string, ciphersToIndex?: CipherView[]) => Promise<void>;
-  searchCiphers: (
-    query: string,
-    filter?: ((cipher: CipherView) => boolean) | ((cipher: CipherView) => boolean)[],
-    ciphers?: CipherView[]
-  ) => Promise<CipherView[]>;
-  searchCiphersBasic: (ciphers: CipherView[], query: string, deleted?: boolean) => CipherView[];
-  searchSends: (sends: SendView[], query: string) => SendView[];
-}

jslib/common/src/abstractions/send.service.ts

@@ -1,25 +0,0 @@
-import { SendData } from "../models/data/sendData";
-import { EncArrayBuffer } from "../models/domain/encArrayBuffer";
-import { Send } from "../models/domain/send";
-import { SymmetricCryptoKey } from "../models/domain/symmetricCryptoKey";
-import { SendView } from "../models/view/sendView";
-
-export abstract class SendService {
-  clearCache: () => Promise<void>;
-  encrypt: (
-    model: SendView,
-    file: File | ArrayBuffer,
-    password: string,
-    key?: SymmetricCryptoKey
-  ) => Promise<[Send, EncArrayBuffer]>;
-  get: (id: string) => Promise<Send>;
-  getAll: () => Promise<Send[]>;
-  getAllDecrypted: () => Promise<SendView[]>;
-  saveWithServer: (sendData: [Send, EncArrayBuffer]) => Promise<any>;
-  upsert: (send: SendData | SendData[]) => Promise<any>;
-  replace: (sends: { [id: string]: SendData }) => Promise<any>;
-  clear: (userId: string) => Promise<any>;
-  delete: (id: string | string[]) => Promise<any>;
-  deleteWithServer: (id: string) => Promise<any>;
-  removePasswordWithServer: (id: string) => Promise<any>;
-}

jslib/common/src/abstractions/settings.service.ts

@@ -1,6 +0,0 @@
-export abstract class SettingsService {
-  clearCache: () => Promise<void>;
-  getEquivalentDomains: () => Promise<any>;
-  setEquivalentDomains: (equivalentDomains: string[][]) => Promise<any>;
-  clear: (userId?: string) => Promise<void>;
-}

jslib/common/src/abstractions/state.service.ts

@@ -3,26 +3,14 @@ import { Observable } from "rxjs";
 import { KdfType } from "../enums/kdfType";
 import { ThemeType } from "../enums/themeType";
 import { UriMatchType } from "../enums/uriMatchType";
-import { CipherData } from "../models/data/cipherData";
-import { CollectionData } from "../models/data/collectionData";
-import { EventData } from "../models/data/eventData";
-import { FolderData } from "../models/data/folderData";
 import { OrganizationData } from "../models/data/organizationData";
-import { PolicyData } from "../models/data/policyData";
 import { ProviderData } from "../models/data/providerData";
-import { SendData } from "../models/data/sendData";
 import { Account } from "../models/domain/account";
 import { EncString } from "../models/domain/encString";
 import { EnvironmentUrls } from "../models/domain/environmentUrls";
-import { GeneratedPasswordHistory } from "../models/domain/generatedPasswordHistory";
-import { Policy } from "../models/domain/policy";
 import { StorageOptions } from "../models/domain/storageOptions";
 import { SymmetricCryptoKey } from "../models/domain/symmetricCryptoKey";
 import { WindowState } from "../models/domain/windowState";
-import { CipherView } from "../models/view/cipherView";
-import { CollectionView } from "../models/view/collectionView";
-import { FolderView } from "../models/view/folderView";
-import { SendView } from "../models/view/sendView";
 
 export abstract class StateService<T extends Account = Account> {
   accounts$: Observable<{ [userId: string]: T }>;
@@ -45,8 +33,6 @@ export abstract class StateService<T extends Account = Account> {
   setApiKeyClientSecret: (value: string, options?: StorageOptions) => Promise<void>;
   getAutoConfirmFingerPrints: (options?: StorageOptions) => Promise<boolean>;
   setAutoConfirmFingerprints: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getAutoFillOnPageLoadDefault: (options?: StorageOptions) => Promise<boolean>;
-  setAutoFillOnPageLoadDefault: (value: boolean, options?: StorageOptions) => Promise<void>;
   getBiometricAwaitingAcceptance: (options?: StorageOptions) => Promise<boolean>;
   setBiometricAwaitingAcceptance: (value: boolean, options?: StorageOptions) => Promise<void>;
   getBiometricFingerprintValidated: (options?: StorageOptions) => Promise<boolean>;
@@ -75,150 +61,75 @@ export abstract class StateService<T extends Account = Account> {
   setCryptoMasterKeyBiometric: (value: string, options?: StorageOptions) => Promise<void>;
   getDecodedToken: (options?: StorageOptions) => Promise<any>;
   setDecodedToken: (value: any, options?: StorageOptions) => Promise<void>;
-  getDecryptedCiphers: (options?: StorageOptions) => Promise<CipherView[]>;
-  setDecryptedCiphers: (value: CipherView[], options?: StorageOptions) => Promise<void>;
-  getDecryptedCollections: (options?: StorageOptions) => Promise<CollectionView[]>;
-  setDecryptedCollections: (value: CollectionView[], options?: StorageOptions) => Promise<void>;
   getDecryptedCryptoSymmetricKey: (options?: StorageOptions) => Promise<SymmetricCryptoKey>;
   setDecryptedCryptoSymmetricKey: (
     value: SymmetricCryptoKey,
-    options?: StorageOptions
+    options?: StorageOptions,
   ) => Promise<void>;
-  getDecryptedFolders: (options?: StorageOptions) => Promise<FolderView[]>;
-  setDecryptedFolders: (value: FolderView[], options?: StorageOptions) => Promise<void>;
   getDecryptedOrganizationKeys: (
-    options?: StorageOptions
+    options?: StorageOptions,
   ) => Promise<Map<string, SymmetricCryptoKey>>;
   setDecryptedOrganizationKeys: (
     value: Map<string, SymmetricCryptoKey>,
-    options?: StorageOptions
-  ) => Promise<void>;
-  getDecryptedPasswordGenerationHistory: (
-    options?: StorageOptions
-  ) => Promise<GeneratedPasswordHistory[]>;
-  setDecryptedPasswordGenerationHistory: (
-    value: GeneratedPasswordHistory[],
-    options?: StorageOptions
+    options?: StorageOptions,
   ) => Promise<void>;
   getDecryptedPinProtected: (options?: StorageOptions) => Promise<EncString>;
   setDecryptedPinProtected: (value: EncString, options?: StorageOptions) => Promise<void>;
-  getDecryptedPolicies: (options?: StorageOptions) => Promise<Policy[]>;
-  setDecryptedPolicies: (value: Policy[], options?: StorageOptions) => Promise<void>;
   getDecryptedPrivateKey: (options?: StorageOptions) => Promise<ArrayBuffer>;
   setDecryptedPrivateKey: (value: ArrayBuffer, options?: StorageOptions) => Promise<void>;
   getDecryptedProviderKeys: (options?: StorageOptions) => Promise<Map<string, SymmetricCryptoKey>>;
   setDecryptedProviderKeys: (
     value: Map<string, SymmetricCryptoKey>,
-    options?: StorageOptions
+    options?: StorageOptions,
   ) => Promise<void>;
-  getDecryptedSends: (options?: StorageOptions) => Promise<SendView[]>;
-  setDecryptedSends: (value: SendView[], options?: StorageOptions) => Promise<void>;
   getDefaultUriMatch: (options?: StorageOptions) => Promise<UriMatchType>;
   setDefaultUriMatch: (value: UriMatchType, options?: StorageOptions) => Promise<void>;
-  getDisableAddLoginNotification: (options?: StorageOptions) => Promise<boolean>;
-  setDisableAddLoginNotification: (value: boolean, options?: StorageOptions) => Promise<void>;
   getDisableAutoBiometricsPrompt: (options?: StorageOptions) => Promise<boolean>;
   setDisableAutoBiometricsPrompt: (value: boolean, options?: StorageOptions) => Promise<void>;
   getDisableAutoTotpCopy: (options?: StorageOptions) => Promise<boolean>;
   setDisableAutoTotpCopy: (value: boolean, options?: StorageOptions) => Promise<void>;
   getDisableBadgeCounter: (options?: StorageOptions) => Promise<boolean>;
   setDisableBadgeCounter: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getDisableChangedPasswordNotification: (options?: StorageOptions) => Promise<boolean>;
-  setDisableChangedPasswordNotification: (
-    value: boolean,
-    options?: StorageOptions
-  ) => Promise<void>;
   getDisableContextMenuItem: (options?: StorageOptions) => Promise<boolean>;
   setDisableContextMenuItem: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getDisableFavicon: (options?: StorageOptions) => Promise<boolean>;
-  setDisableFavicon: (value: boolean, options?: StorageOptions) => Promise<void>;
   getDisableGa: (options?: StorageOptions) => Promise<boolean>;
   setDisableGa: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getDontShowCardsCurrentTab: (options?: StorageOptions) => Promise<boolean>;
-  setDontShowCardsCurrentTab: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getDontShowIdentitiesCurrentTab: (options?: StorageOptions) => Promise<boolean>;
-  setDontShowIdentitiesCurrentTab: (value: boolean, options?: StorageOptions) => Promise<void>;
   getEmail: (options?: StorageOptions) => Promise<string>;
   setEmail: (value: string, options?: StorageOptions) => Promise<void>;
   getEmailVerified: (options?: StorageOptions) => Promise<boolean>;
   setEmailVerified: (value: boolean, options?: StorageOptions) => Promise<void>;
   getEnableAlwaysOnTop: (options?: StorageOptions) => Promise<boolean>;
   setEnableAlwaysOnTop: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getEnableAutoFillOnPageLoad: (options?: StorageOptions) => Promise<boolean>;
-  setEnableAutoFillOnPageLoad: (value: boolean, options?: StorageOptions) => Promise<void>;
   getEnableBiometric: (options?: StorageOptions) => Promise<boolean>;
   setEnableBiometric: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getEnableBrowserIntegration: (options?: StorageOptions) => Promise<boolean>;
-  setEnableBrowserIntegration: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getEnableBrowserIntegrationFingerprint: (options?: StorageOptions) => Promise<boolean>;
-  setEnableBrowserIntegrationFingerprint: (
-    value: boolean,
-    options?: StorageOptions
-  ) => Promise<void>;
   getEnableCloseToTray: (options?: StorageOptions) => Promise<boolean>;
   setEnableCloseToTray: (value: boolean, options?: StorageOptions) => Promise<void>;
   getEnableFullWidth: (options?: StorageOptions) => Promise<boolean>;
   setEnableFullWidth: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getEnableGravitars: (options?: StorageOptions) => Promise<boolean>;
-  setEnableGravitars: (value: boolean, options?: StorageOptions) => Promise<void>;
   getEnableMinimizeToTray: (options?: StorageOptions) => Promise<boolean>;
   setEnableMinimizeToTray: (value: boolean, options?: StorageOptions) => Promise<void>;
   getEnableStartToTray: (options?: StorageOptions) => Promise<boolean>;
   setEnableStartToTray: (value: boolean, options?: StorageOptions) => Promise<void>;
   getEnableTray: (options?: StorageOptions) => Promise<boolean>;
   setEnableTray: (value: boolean, options?: StorageOptions) => Promise<void>;
-  getEncryptedCiphers: (options?: StorageOptions) => Promise<{ [id: string]: CipherData }>;
-  setEncryptedCiphers: (
-    value: { [id: string]: CipherData },
-    options?: StorageOptions
-  ) => Promise<void>;
-  getEncryptedCollections: (options?: StorageOptions) => Promise<{ [id: string]: CollectionData }>;
-  setEncryptedCollections: (
-    value: { [id: string]: CollectionData },
-    options?: StorageOptions
-  ) => Promise<void>;
   getEncryptedCryptoSymmetricKey: (options?: StorageOptions) => Promise<string>;
   setEncryptedCryptoSymmetricKey: (value: string, options?: StorageOptions) => Promise<void>;
-  getEncryptedFolders: (options?: StorageOptions) => Promise<{ [id: string]: FolderData }>;
-  setEncryptedFolders: (
-    value: { [id: string]: FolderData },
-    options?: StorageOptions
-  ) => Promise<void>;
   getEncryptedOrganizationKeys: (options?: StorageOptions) => Promise<any>;
   setEncryptedOrganizationKeys: (
     value: Map<string, SymmetricCryptoKey>,
-    options?: StorageOptions
-  ) => Promise<void>;
-  getEncryptedPasswordGenerationHistory: (
-    options?: StorageOptions
-  ) => Promise<GeneratedPasswordHistory[]>;
-  setEncryptedPasswordGenerationHistory: (
-    value: GeneratedPasswordHistory[],
-    options?: StorageOptions
+    options?: StorageOptions,
   ) => Promise<void>;
   getEncryptedPinProtected: (options?: StorageOptions) => Promise<string>;
   setEncryptedPinProtected: (value: string, options?: StorageOptions) => Promise<void>;
-  getEncryptedPolicies: (options?: StorageOptions) => Promise<{ [id: string]: PolicyData }>;
-  setEncryptedPolicies: (
-    value: { [id: string]: PolicyData },
-    options?: StorageOptions
-  ) => Promise<void>;
   getEncryptedPrivateKey: (options?: StorageOptions) => Promise<string>;
   setEncryptedPrivateKey: (value: string, options?: StorageOptions) => Promise<void>;
   getEncryptedProviderKeys: (options?: StorageOptions) => Promise<any>;
   setEncryptedProviderKeys: (value: any, options?: StorageOptions) => Promise<void>;
-  getEncryptedSends: (options?: StorageOptions) => Promise<{ [id: string]: SendData }>;
-  setEncryptedSends: (value: { [id: string]: SendData }, options?: StorageOptions) => Promise<void>;
   getEntityId: (options?: StorageOptions) => Promise<string>;
-  setEntityId: (value: string, options?: StorageOptions) => Promise<void>;
-  getEntityType: (options?: StorageOptions) => Promise<any>;
-  setEntityType: (value: string, options?: StorageOptions) => Promise<void>;
   getEnvironmentUrls: (options?: StorageOptions) => Promise<EnvironmentUrls>;
   setEnvironmentUrls: (value: EnvironmentUrls, options?: StorageOptions) => Promise<void>;
   getEquivalentDomains: (options?: StorageOptions) => Promise<any>;
   setEquivalentDomains: (value: string, options?: StorageOptions) => Promise<void>;
-  getEventCollection: (options?: StorageOptions) => Promise<EventData[]>;
-  setEventCollection: (value: EventData[], options?: StorageOptions) => Promise<void>;
   getEverBeenUnlocked: (options?: StorageOptions) => Promise<boolean>;
   setEverBeenUnlocked: (value: boolean, options?: StorageOptions) => Promise<void>;
   getForcePasswordReset: (options?: StorageOptions) => Promise<boolean>;
@@ -261,7 +172,7 @@ export abstract class StateService<T extends Account = Account> {
   getOrganizations: (options?: StorageOptions) => Promise<{ [id: string]: OrganizationData }>;
   setOrganizations: (
     value: { [id: string]: OrganizationData },
-    options?: StorageOptions
+    options?: StorageOptions,
   ) => Promise<void>;
   getPasswordGenerationOptions: (options?: StorageOptions) => Promise<any>;
   setPasswordGenerationOptions: (value: any, options?: StorageOptions) => Promise<void>;

jslib/common/src/abstractions/sync.service.ts

@@ -1,19 +0,0 @@
-import {
-  SyncCipherNotification,
-  SyncFolderNotification,
-  SyncSendNotification,
-} from "../models/response/notificationResponse";
-
-export abstract class SyncService {
-  syncInProgress: boolean;
-
-  getLastSync: () => Promise<Date>;
-  setLastSync: (date: Date, userId?: string) => Promise<any>;
-  fullSync: (forceSync: boolean, allowThrowOnError?: boolean) => Promise<boolean>;
-  syncUpsertFolder: (notification: SyncFolderNotification, isEdit: boolean) => Promise<boolean>;
-  syncDeleteFolder: (notification: SyncFolderNotification) => Promise<boolean>;
-  syncUpsertCipher: (notification: SyncCipherNotification, isEdit: boolean) => Promise<boolean>;
-  syncDeleteCipher: (notification: SyncFolderNotification) => Promise<boolean>;
-  syncUpsertSend: (notification: SyncSendNotification, isEdit: boolean) => Promise<boolean>;
-  syncDeleteSend: (notification: SyncSendNotification) => Promise<boolean>;
-}

jslib/common/src/abstractions/system.service.ts

@@ -1,6 +0,0 @@
-export abstract class SystemService {
-  startProcessReload: () => Promise<void>;
-  cancelProcessReload: () => void;
-  clearClipboard: (clipboardValue: string, timeoutMs?: number) => Promise<void>;
-  clearPendingClipboard: () => Promise<any>;
-}

jslib/common/src/abstractions/token.service.ts

@@ -4,7 +4,7 @@ export abstract class TokenService {
   setTokens: (
     accessToken: string,
     refreshToken: string,
-    clientIdClientSecret: [string, string]
+    clientIdClientSecret: [string, string],
   ) => Promise<any>;
   setToken: (token: string) => Promise<any>;
   getToken: () => Promise<string>;

jslib/common/src/abstractions/totp.service.ts

@@ -1,5 +0,0 @@
-export abstract class TotpService {
-  getCode: (key: string) => Promise<string>;
-  getTimeInterval: (key: string) => number;
-  isAutoCopyEnabled: () => Promise<boolean>;
-}

jslib/common/src/abstractions/twoFactor.service.ts

@@ -1,23 +0,0 @@
-import { TwoFactorProviderType } from "../enums/twoFactorProviderType";
-import { IdentityTwoFactorResponse } from "../models/response/identityTwoFactorResponse";
-
-export interface TwoFactorProviderDetails {
-  type: TwoFactorProviderType;
-  name: string;
-  description: string;
-  priority: number;
-  sort: number;
-  premium: boolean;
-}
-
-export abstract class TwoFactorService {
-  init: () => void;
-  getSupportedProviders: (win: Window) => TwoFactorProviderDetails[];
-  getDefaultProvider: (webAuthnSupported: boolean) => TwoFactorProviderType;
-  setSelectedProvider: (type: TwoFactorProviderType) => void;
-  clearSelectedProvider: () => void;
-
-  setProviders: (response: IdentityTwoFactorResponse) => void;
-  clearProviders: () => void;
-  getProviders: () => Map<TwoFactorProviderType, { [key: string]: string }>;
-}

jslib/common/src/abstractions/userVerification.service.ts

@@ -1,12 +0,0 @@
-import { SecretVerificationRequest } from "../models/request/secretVerificationRequest";
-import { Verification } from "../types/verification";
-
-export abstract class UserVerificationService {
-  buildRequest: <T extends SecretVerificationRequest>(
-    verification: Verification,
-    requestClass?: new () => T,
-    alreadyHashed?: boolean
-  ) => Promise<T>;
-  verifyUser: (verification: Verification) => Promise<boolean>;
-  requestOTP: () => Promise<void>;
-}

jslib/common/src/abstractions/usernameGeneration.service.ts

@@ -1,8 +0,0 @@
-export abstract class UsernameGenerationService {
-  generateUsername: (options: any) => Promise<string>;
-  generateWord: (options: any) => Promise<string>;
-  generateSubaddress: (options: any) => Promise<string>;
-  generateCatchall: (options: any) => Promise<string>;
-  getOptions: () => Promise<any>;
-  saveOptions: (options: any) => Promise<void>;
-}

jslib/common/src/abstractions/vaultTimeout.service.ts

@@ -1,11 +0,0 @@
-export abstract class VaultTimeoutService {
-  isLocked: (userId?: string) => Promise<boolean>;
-  checkVaultTimeout: () => Promise<void>;
-  lock: (allowSoftLock?: boolean, userId?: string) => Promise<void>;
-  logOut: (userId?: string) => Promise<void>;
-  setVaultTimeoutOptions: (vaultTimeout: number, vaultTimeoutAction: string) => Promise<void>;
-  getVaultTimeout: () => Promise<number>;
-  isPinLockSet: () => Promise<[boolean, boolean]>;
-  isBiometricLockSet: () => Promise<boolean>;
-  clear: (userId?: string) => Promise<any>;
-}