Delete FileUploadService

.github/CODEOWNERS

@@ -6,3 +6,10 @@
 
 # Default file owners.
 * @bitwarden/team-admin-console-dev
+
+# DevOps for Actions and other workflow changes.
+.github/workflows @bitwarden/dept-devops
+.github/secrets @bitwarden/dept-devops
+
+# Multiple Owners
+**/package.json

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,34 +1,33 @@
-## 🎟️ Tracking
+## Type of change
 
-<!-- Paste the link to the Jira or GitHub issue or otherwise describe / point to where this change is coming from. -->
+- [ ] Bug fix
+- [ ] New feature development
+- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
+- [ ] Build/deploy pipeline (DevOps)
+- [ ] Other
 
-## 📔 Objective
+## Objective
 
-<!-- Describe what the purpose of this PR is, for example what bug you're fixing or new feature you're adding. -->
+<!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding-->
 
-## 📸 Screenshots
+## Code changes
 
-<!-- Required for any UI changes; delete if not applicable. Use fixed width images for better display. -->
+<!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes-->
+<!--Also refer to any related changes or PRs in other repositories-->
 
-## ⏰ Reminders before review
+- **file.ext:** Description of what was changed and why
 
-- Contributor guidelines followed
-- All formatters and local linters executed and passed
-- Written new unit and / or integration tests where applicable
-- Used internationalization (i18n) for all UI strings
-- CI builds passed
-- Communicated to DevOps any deployment requirements
-- Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team
+## Screenshots
 
-## 🦮 Reviewer guidelines
+<!--Required for any UI changes. Delete if not applicable-->
 
-<!-- Suggested interactions but feel free to use (or not) as you desire! -->
+## Testing requirements
 
-- 👍 (`:+1:`) or similar for great changes
-- 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info
-- ❓ (`:question:`) for questions
-- 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
-- 🎨 (`:art:`) for suggestions / improvements
-- ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or concerns needing attention
-- 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or indications of technical debt
-- ⛏ (`:pick:`) for minor or nitpick changes
+<!--What functionality requires testing by QA? This includes testing new behavior and regression testing-->
+
+## Before you submit
+
+- [ ] I have checked for **linting** errors (`npm run lint`) (required)
+- [ ] I have added **unit tests** where it makes sense to do so (encouraged but not required)
+- [ ] This change requires a **documentation update** (notify the documentation team)
+- [ ] This change has particular **deployment requirements** (notify the DevOps team)

.github/renovate.json

@@ -1,18 +1,31 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": ["github>bitwarden/renovate-config"],
+  "extends": [
+    "config:base",
+    "github>bitwarden/renovate-config:pin-actions",
+    ":combinePatchMinorReleases",
+    ":dependencyDashboard",
+    ":maintainLockFilesWeekly",
+    ":pinAllExceptPeerDependencies",
+    ":prConcurrentLimit10",
+    ":rebaseStalePrs",
+    ":separateMajorReleases",
+    "group:monorepos",
+    "schedule:weekends"
+  ],
   "enabledManagers": ["github-actions", "npm"],
+  "commitMessagePrefix": "[deps]:",
+  "commitMessageTopic": "{{depName}}",
   "packageRules": [
     {
-      "groupName": "gh minor",
-      "matchManagers": ["github-actions"],
+      "groupName": "npm minor",
+      "matchManagers": ["npm"],
       "matchUpdateTypes": ["minor", "patch"]
     },
     {
-      "groupName": "Google Libraries",
-      "matchPackagePatterns": ["google-auth-library", "googleapis"],
-      "matchManagers": ["npm"],
-      "groupSlug": "google-libraries"
+      "matchFileNames": ["package.json"],
+      "description": "Admin Console owns general dependencies",
+      "reviewers": ["team:team-admin-console-dev"]
     }
   ]
 }

.github/workflows/build.yml

@@ -1,3 +1,4 @@
+---
 name: Build
 
 on:
@@ -12,10 +13,10 @@ on:
 jobs:
   cloc:
     name: CLOC
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Set up CLOC
         run: |
@@ -28,12 +29,12 @@ jobs:
 
   setup:
     name: Setup
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
     outputs:
       package_version: ${{ steps.retrieve-version.outputs.package_version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Get Package Version
         id: retrieve-version
@@ -44,22 +45,22 @@ jobs:
 
   linux-cli:
     name: Build Linux CLI
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
     needs: setup
     env:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
-      _PKG_FETCH_NODE_VERSION: 22.13.1
-      _PKG_FETCH_VERSION: 3.5
+      _PKG_FETCH_NODE_VERSION: 18.5.0
+      _PKG_FETCH_VERSION: 3.4
     steps:
       - name: Checkout repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Set up Node
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
-          node-version: '22'
+          node-version: '18'
 
       - name: Update NPM
         run: |
@@ -123,14 +124,14 @@ jobs:
           fi
 
       - name: Upload Linux Zip to GitHub
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: bwdc-linux-${{ env._PACKAGE_VERSION }}.zip
           path: ./dist-cli/bwdc-linux-${{ env._PACKAGE_VERSION }}.zip
           if-no-files-found: error
 
       - name: Upload Linux checksum to GitHub
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: bwdc-linux-sha256-${{ env._PACKAGE_VERSION }}.txt
           path: ./dist-cli/bwdc-linux-sha256-${{ env._PACKAGE_VERSION }}.txt
@@ -143,18 +144,18 @@ jobs:
     needs: setup
     env:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
-      _PKG_FETCH_NODE_VERSION: 22.13.1
-      _PKG_FETCH_VERSION: 3.5
+      _PKG_FETCH_NODE_VERSION: 18.5.0
+      _PKG_FETCH_VERSION: 3.4
     steps:
       - name: Checkout repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Set up Node
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
-          node-version: '22'
+          node-version: '18'
 
       - name: Update NPM
         run: |
@@ -211,14 +212,14 @@ jobs:
           fi
 
       - name: Upload Mac Zip to GitHub
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: bwdc-macos-${{ env._PACKAGE_VERSION }}.zip
           path: ./dist-cli/bwdc-macos-${{ env._PACKAGE_VERSION }}.zip
           if-no-files-found: error
 
       - name: Upload Mac checksum to GitHub
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: bwdc-macos-sha256-${{ env._PACKAGE_VERSION }}.txt
           path: ./dist-cli/bwdc-macos-sha256-${{ env._PACKAGE_VERSION }}.txt
@@ -230,11 +231,11 @@ jobs:
     needs: setup
     env:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
-      _WIN_PKG_FETCH_VERSION: 22.13.1
-      _WIN_PKG_VERSION: 3.5
+      _WIN_PKG_FETCH_VERSION: 18.5.0
+      _WIN_PKG_VERSION: 3.4
     steps:
       - name: Checkout repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Setup Windows builder
         run: |
@@ -242,11 +243,11 @@ jobs:
           choco install reshack --no-progress
 
       - name: Set up Node
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
-          node-version: '22'
+          node-version: '18'
 
       - name: Update NPM
         run: |
@@ -355,14 +356,14 @@ jobs:
             -t sha256 | Out-File ./dist-cli/bwdc-windows-sha256-${env:_PACKAGE_VERSION}.txt
 
       - name: Upload Windows Zip to GitHub
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: bwdc-windows-${{ env._PACKAGE_VERSION }}.zip
           path: ./dist-cli/bwdc-windows-${{ env._PACKAGE_VERSION }}.zip
           if-no-files-found: error
 
       - name: Upload Windows checksum to GitHub
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: bwdc-windows-sha256-${{ env._PACKAGE_VERSION }}.txt
           path: ./dist-cli/bwdc-windows-sha256-${{ env._PACKAGE_VERSION }}.txt
@@ -379,14 +380,14 @@ jobs:
       HUSKY: 0
     steps:
       - name: Checkout repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Set up Node
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
-          node-version: '22'
+          node-version: '18'
 
       - name: Update NPM
         run: |
@@ -404,55 +405,39 @@ jobs:
       - name: Install Node dependencies
         run: npm install
 
-      - name: Login to Azure
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
-        with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
-
-      - name: Retrieve secrets
-        id: retrieve-secrets
-        uses: bitwarden/gh-actions/get-keyvault-secrets@main
-        with:
-          keyvault: "bitwarden-ci"
-          secrets: "code-signing-vault-url,
-            code-signing-client-id,
-            code-signing-tenant-id,
-            code-signing-client-secret,
-            code-signing-cert-name"
-
       - name: Build & Sign
         run: npm run dist:win
         env:
           ELECTRON_BUILDER_SIGN: 1
-          SIGNING_VAULT_URL: ${{ steps.retrieve-secrets.outputs.code-signing-vault-url }}
-          SIGNING_CLIENT_ID: ${{ steps.retrieve-secrets.outputs.code-signing-client-id }}
-          SIGNING_TENANT_ID: ${{ steps.retrieve-secrets.outputs.code-signing-tenant-id }}
-          SIGNING_CLIENT_SECRET: ${{ steps.retrieve-secrets.outputs.code-signing-client-secret }}
-          SIGNING_CERT_NAME: ${{ steps.retrieve-secrets.outputs.code-signing-cert-name }}
+          SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }}
+          SIGNING_CLIENT_ID: ${{ secrets.SIGNING_CLIENT_ID }}
+          SIGNING_TENANT_ID: ${{ secrets.SIGNING_TENANT_ID }}
+          SIGNING_CLIENT_SECRET: ${{ secrets.SIGNING_CLIENT_SECRET }}
+          SIGNING_CERT_NAME: ${{ secrets.SIGNING_CERT_NAME }}
 
       - name: Upload Portable Executable to GitHub
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: Bitwarden-Connector-Portable-${{ env._PACKAGE_VERSION }}.exe
           path: ./dist/Bitwarden-Connector-Portable-${{ env._PACKAGE_VERSION }}.exe
           if-no-files-found: error
 
       - name: Upload Installer Executable to GitHub
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe
           path: ./dist/Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe
           if-no-files-found: error
 
       - name: Upload Installer Executable Blockmap to GitHub
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe.blockmap
           path: ./dist/Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe.blockmap
           if-no-files-found: error
 
       - name: Upload latest auto-update artifact
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: latest.yml
           path: ./dist/latest.yml
@@ -461,7 +446,7 @@ jobs:
 
   linux-gui:
     name: Build Linux GUI
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
     needs: setup
     env:
       NODE_OPTIONS: --max_old_space_size=4096
@@ -469,14 +454,14 @@ jobs:
       HUSKY: 0
     steps:
       - name: Checkout repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Set up Node
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
-          node-version: '22'
+          node-version: '18'
 
       - name: Update NPM
         run: |
@@ -499,14 +484,14 @@ jobs:
         run: npm run dist:lin
 
       - name: Upload AppImage
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-x86_64.AppImage
           path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-x86_64.AppImage
           if-no-files-found: error
 
       - name: Upload latest auto-update artifact
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: latest-linux.yml
           path: ./dist/latest-linux.yml
@@ -523,14 +508,14 @@ jobs:
       HUSKY: 0
     steps:
       - name: Checkout repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Set up Node
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
-          node-version: '22'
+          node-version: '18'
 
       - name: Update NPM
         run: |
@@ -594,44 +579,36 @@ jobs:
       - name: Install Node dependencies
         run: npm install
 
-      - name: Set up private auth key
-        run: |
-          mkdir ~/private_keys
-          cat << EOF > ~/private_keys/AuthKey_UFD296548T.p8
-          ${{ secrets.APP_STORE_CONNECT_AUTH_KEY }}
-          EOF
-
       - name: Build application
         run: npm run dist:mac
         env:
-          APP_STORE_CONNECT_TEAM_ISSUER: ${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }}
-          APP_STORE_CONNECT_AUTH_KEY: UFD296548T
-          APP_STORE_CONNECT_AUTH_KEY_PATH: ~/private_keys/AuthKey_UFD296548T.p8
+          APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
+          APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
           CSC_FOR_PULL_REQUEST: true
 
       - name: Upload .zip artifact
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-mac.zip
           path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-mac.zip
           if-no-files-found: error
 
       - name: Upload .dmg artifact
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg
           path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg
           if-no-files-found: error
 
       - name: Upload .dmg Blockmap artifact
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg.blockmap
           path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg.blockmap
           if-no-files-found: error
 
       - name: Upload latest auto-update artifact
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: latest-mac.yml
           path: ./dist/latest-mac.yml
@@ -640,7 +617,7 @@ jobs:
 
   check-failures:
     name: Check for failures
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
     needs:
       - cloc
       - setup
@@ -652,11 +629,7 @@ jobs:
       - macos-gui
     steps:
       - name: Check if any job failed
-        if: |
-          (github.ref == 'refs/heads/main'
-          || github.ref == 'refs/heads/rc'
-          || github.ref == 'refs/heads/hotfix-rc')
-          && contains(needs.*.result, 'failure')
+        if: (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/rc') && contains(needs.*.result, 'failure')
         run: exit 1
 
       - name: Login to Azure - CI subscription

.github/workflows/cleanup-rc-branch.yml

@@ -0,0 +1,53 @@
+---
+name: Cleanup RC Branch
+
+on:
+  push:
+    tags:
+      - v**
+
+jobs:
+  delete-rc:
+    name: Delete RC Branch
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Login to Azure - CI Subscription
+        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        with:
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+
+      - name: Retrieve bot secrets
+        id: retrieve-bot-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: bitwarden-ci
+          secrets: "github-pat-bitwarden-devops-bot-repo-scope"
+
+      - name: Checkout main
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          ref: main
+          token: ${{ steps.retrieve-bot-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
+
+      - name: Check if a RC branch exists
+        id: branch-check
+        run: |
+          hotfix_rc_branch_check=$(git ls-remote --heads origin hotfix-rc | wc -l)
+          rc_branch_check=$(git ls-remote --heads origin rc | wc -l)
+
+          if [[ "${hotfix_rc_branch_check}" -gt 0 ]]; then
+            echo "hotfix-rc branch exists." | tee -a $GITHUB_STEP_SUMMARY
+            echo "name=hotfix-rc" >> $GITHUB_OUTPUT
+          elif [[ "${rc_branch_check}" -gt 0 ]]; then
+            echo "rc branch exists." | tee -a $GITHUB_STEP_SUMMARY
+            echo "name=rc" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Delete RC branch
+        env:
+          BRANCH_NAME: ${{ steps.branch-check.outputs.name }}
+        run: |
+          if ! [[ -z "$BRANCH_NAME" ]]; then
+            git push --quiet origin --delete $BRANCH_NAME
+            echo "Deleted $BRANCH_NAME branch." | tee -a $GITHUB_STEP_SUMMARY
+          fi

.github/workflows/enforce-labels.yml

@@ -1,3 +1,4 @@
+---
 name: Enforce PR labels
 
 on:
@@ -6,7 +7,7 @@ on:
 jobs:
   enforce-label:
     name: EnforceLabel
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
     steps:
       - name: Enforce Label
         uses: yogevbd/enforce-label-action@a3c219da6b8fa73f6ba62b68ff09c469b3a1c024 # 2.2.2

.github/workflows/integration-test.yml

@@ -1,76 +0,0 @@
-name: Integration Testing
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - "main"
-    paths:
-      - ".github/workflows/integration-test.yml" # this file
-      - "src/services/ldap-directory.service*" # we only have integration for LDAP testing at the moment
-      - "./openldap/**/*" # any change to test fixtures
-      - "./docker-compose.yml" # any change to Docker configuration
-  pull_request:
-    paths:
-      - ".github/workflows/integration-test.yml" # this file
-      - "src/services/ldap-directory.service*" # we only have integration for LDAP testing at the moment
-      - "./openldap/**/*" # any change to test fixtures
-      - "./docker-compose.yml" # any change to Docker configuration
-
-jobs:
-
-  testing:
-    name: Run tests
-    if: ${{ startsWith(github.head_ref, 'version_bump_') == false }}
-    runs-on: ubuntu-22.04
-    permissions:
-      checks: write
-      contents: read
-      pull-requests: write
-
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Get Node version
-        id: retrieve-node-version
-        run: |
-          NODE_NVMRC=$(cat .nvmrc)
-          NODE_VERSION=${NODE_NVMRC/v/''}
-          echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT
-
-      - name: Set up Node
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
-        with:
-          cache: 'npm'
-          cache-dependency-path: '**/package-lock.json'
-          node-version: ${{ steps.retrieve-node-version.outputs.node_version }}
-
-      - name: Install Node dependencies
-        run: npm ci
-
-      - name: Install mkcert
-        run: |
-          sudo apt-get update
-          sudo apt-get -y install mkcert
-
-      - name: Setup integration tests
-        run: npm run test:integration:setup
-
-      - name: Run integration tests
-        run: npm run test:integration --coverage
-
-      - name: Report test results
-        uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1
-        if: ${{ github.event.pull_request.head.repo.full_name == github.repository && !cancelled() }}
-        with:
-          name: Test Results
-          path: "junit.xml"
-          reporter: jest-junit
-          fail-on-error: true
-
-      - name: Upload coverage to codecov.io
-        uses: codecov/codecov-action@5a605bd92782ce0810fa3b8acc235c921b497052 # v5.2.0
-
-      - name: Upload results to codecov.io
-        uses: codecov/test-results-action@4e79e65778be1cecd5df25e14af1eafb6df80ea9 # v1.0.2

.github/workflows/release.yml

@@ -1,3 +1,4 @@
+---
 name: Release
 
 on:
@@ -16,15 +17,15 @@ on:
 jobs:
   setup:
     name: Setup
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
     outputs:
-      release_version: ${{ steps.version.outputs.version }}
+      release-version: ${{ steps.version.outputs.version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Branch check
-        if: ${{ inputs.release_type != 'Dry Run' }}
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
         run: |
           if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then
             echo "==================================="
@@ -37,25 +38,35 @@ jobs:
         id: version
         uses: bitwarden/gh-actions/release-version-check@main
         with:
-          release-type: ${{ inputs.release_type }}
+          release-type: ${{ github.event.inputs.release_type }}
           project-type: ts
           file: package.json
 
   release:
     name: Release
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
     needs: setup
     steps:
+      - name: Create GitHub deployment
+        uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7
+        id: deployment
+        with:
+          token: '${{ secrets.GITHUB_TOKEN }}'
+          initial-status: 'in_progress'
+          environment: 'production'
+          description: 'Deployment ${{ needs.setup.outputs.release-version }} from branch ${{ github.ref_name }}'
+          task: release
+
       - name: Download all artifacts
-        if: ${{ inputs.release_type != 'Dry Run' }}
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
         uses: bitwarden/gh-actions/download-artifacts@main
         with:
           workflow: build.yml
           workflow_conclusion: success
           branch: ${{ github.ref_name }}
 
-      - name: Dry Run - Download all artifacts
-        if: ${{ inputs.release_type == 'Dry Run' }}
+      - name: Download all artifacts
+        if: ${{ github.event.inputs.release_type == 'Dry Run' }}
         uses: bitwarden/gh-actions/download-artifacts@main
         with:
           workflow: build.yml
@@ -63,10 +74,10 @@ jobs:
           branch: main
 
       - name: Create release
-        if: ${{ inputs.release_type != 'Dry Run' }}
-        uses: ncipollo/release-action@cdcc88a9acf3ca41c16c37bb7d21b9ad48560d87 # v1.15.0
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
         env:
-          PKG_VERSION: ${{ needs.setup.outputs.release_version }}
+          PKG_VERSION: ${{ needs.setup.outputs.release-version }}
         with:
           artifacts: "./bwdc-windows-${{ env.PKG_VERSION }}.zip,
                       ./bwdc-macos-${{ env.PKG_VERSION }}.zip,
@@ -90,3 +101,19 @@ jobs:
           body: "<insert release notes here>"
           token: ${{ secrets.GITHUB_TOKEN }}
           draft: true
+
+      - name: Update deployment status to Success
+        if: ${{ success() }}
+        uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
+        with:
+          token: '${{ secrets.GITHUB_TOKEN }}'
+          state: 'success'
+          deployment-id: ${{ steps.deployment.outputs.deployment_id }}
+
+      - name: Update deployment status to Failure
+        if: ${{ failure() }}
+        uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
+        with:
+          token: '${{ secrets.GITHUB_TOKEN }}'
+          state: 'failure'
+          deployment-id: ${{ steps.deployment.outputs.deployment_id }}

.github/workflows/scan.yml

@@ -1,80 +0,0 @@
-name: Scan
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - "main"
-  pull_request_target:
-    types: [opened, synchronize]
-
-jobs:
-  check-run:
-    name: Check PR run
-    uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
-
-  sast:
-    name: SAST scan
-    runs-on: ubuntu-24.04
-    needs: check-run
-    permissions:
-      contents: read
-      pull-requests: write
-      security-events: write
-
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-
-      - name: Scan with Checkmarx
-        uses: checkmarx/ast-github-action@184bf2f64f55d1c93fd6636d539edf274703e434 # 2.0.41
-        env:
-          INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}"
-        with:
-          project_name: ${{ github.repository }}
-          cx_tenant: ${{ secrets.CHECKMARX_TENANT }}
-          base_uri: https://ast.checkmarx.net/
-          cx_client_id: ${{ secrets.CHECKMARX_CLIENT_ID }}
-          cx_client_secret: ${{ secrets.CHECKMARX_SECRET }}
-          additional_params: |
-            --report-format sarif \
-            --filter "state=TO_VERIFY;PROPOSED_NOT_EXPLOITABLE;CONFIRMED;URGENT" \
-            --output-path . ${{ env.INCREMENTAL }}
-
-      - name: Upload Checkmarx results to GitHub
-        uses: github/codeql-action/upload-sarif@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3
-        with:
-          sarif_file: cx_result.sarif
-          sha: ${{ contains(github.event_name, 'pull_request') && github.event.pull_request.head.sha || github.sha }}
-          ref: ${{ contains(github.event_name, 'pull_request') && format('refs/pull/{0}/head', github.event.pull_request.number) || github.ref }}
-
-  quality:
-    name: Quality scan
-    runs-on: ubuntu-24.04
-    needs: check-run
-    permissions:
-      contents: read
-      pull-requests: write
-
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          fetch-depth: 0
-          ref: ${{ github.event.pull_request.head.sha }}
-
-      - name: Scan with SonarCloud
-        uses: sonarsource/sonarqube-scan-action@bfd4e558cda28cda6b5defafb9232d191be8c203 # v4.2.1
-        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        with:
-          args: >
-            -Dsonar.organization=${{ github.repository_owner }}
-            -Dsonar.projectKey=${{ github.repository_owner }}_${{ github.event.repository.name }}
-            -Dsonar.tests=.
-            -Dsonar.sources=.
-            -Dsonar.test.inclusions=**/*.spec.ts
-            -Dsonar.exclusions=**/*.spec.ts
-            -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}

.github/workflows/test.yml

@@ -1,4 +1,5 @@
-name: Testing
+---
+name: Run tests
 
 on:
   workflow_dispatch:
@@ -6,25 +7,22 @@ on:
     branches:
       - "main"
       - "rc"
-      - "hotfix-rc"
-  pull_request:
+      - "hotfix-rc-*"
+  pull_request: {}
+
+defaults:
+  run:
+    shell: bash
 
 jobs:
-
-  testing:
+  test:
     name: Run tests
-    if: ${{ startsWith(github.head_ref, 'version_bump_') == false }}
-    runs-on: ubuntu-24.04
-    permissions:
-      checks: write
-      contents: read
-      pull-requests: write
-
+    runs-on: ubuntu-22.04
     steps:
-      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Checkout repo
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
-      - name: Get Node version
+      - name: Get Node Version
         id: retrieve-node-version
         run: |
           NODE_NVMRC=$(cat .nvmrc)
@@ -32,12 +30,17 @@ jobs:
           echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT
 
       - name: Set up Node
-        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
           node-version: ${{ steps.retrieve-node-version.outputs.node_version }}
 
+      - name: Print environment
+        run: |
+          node --version
+          npm --version
+
       - name: Install Node dependencies
         run: npm ci
 
@@ -48,19 +51,4 @@ jobs:
         run: npm run test:types --coverage
 
       - name: Run tests
-        run: npm run test --coverage
-
-      - name: Report test results
-        uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1
-        if: ${{ github.event.pull_request.head.repo.full_name == github.repository && !cancelled() }}
-        with:
-          name: Test Results
-          path: "junit.xml"
-          reporter: jest-junit
-          fail-on-error: true
-
-      - name: Upload coverage to codecov.io
-        uses: codecov/codecov-action@5a605bd92782ce0810fa3b8acc235c921b497052 # v5.2.0
-
-      - name: Upload results to codecov.io
-        uses: codecov/test-results-action@4e79e65778be1cecd5df25e14af1eafb6df80ea9 # v1.0.2
+        run: npm run test

.github/workflows/version-bump.yml

@@ -1,3 +1,4 @@
+---
 name: Version Bump
 
 on:
@@ -7,11 +8,21 @@ on:
         description: "New version override (leave blank for automatic calculation, example: '2024.1.0')"
         required: false
         type: string
+      cut_rc_branch:
+        description: "Cut RC branch?"
+        default: true
+        type: boolean
+      enable_slack_notification:
+        description: "Enable Slack notifications for upcoming release?"
+        default: false
+        type: boolean
 
 jobs:
   bump_version:
     name: Bump Version
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-22.04
+    outputs:
+      version: ${{ steps.set-final-version-output.outputs.version }}
     steps:
       - name: Validate version input
         if: ${{ inputs.version_number_override != '' }}
@@ -19,22 +30,62 @@ jobs:
         with:
           version: ${{ inputs.version_number_override }}
 
-      - name: Generate GH App token
-        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
-        id: app-token
-        with:
-          app-id: ${{ secrets.BW_GHAPP_ID }}
-          private-key: ${{ secrets.BW_GHAPP_KEY }}
+      - name: Slack Notification Check
+        run: |
+          if [[ "${{ inputs.enable_slack_notification }}" == true ]]; then
+            echo "Slack notifications enabled."
+          else
+            echo "Slack notifications disabled."
+          fi
 
       - name: Checkout Branch
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
-          token: ${{ steps.app-token.outputs.token }}
+          ref: main
+
+      - name: Check if RC branch exists
+        if: ${{ inputs.cut_rc_branch == true }}
+        run: |
+          remote_rc_branch_check=$(git ls-remote --heads origin rc | wc -l)
+          if [[ "${remote_rc_branch_check}" -gt 0 ]]; then
+            echo "Remote RC branch exists."
+            echo "Please delete current RC branch before running again."
+            exit 1
+          fi
+
+      - name: Login to Azure - CI Subscription
+        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        with:
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: "bitwarden-ci"
+          secrets: "github-gpg-private-key,
+            github-gpg-private-key-passphrase,
+            github-pat-bitwarden-devops-bot-repo-scope"
+
+      - name: Import GPG key
+        uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
+        with:
+          gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
+          passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}
+          git_user_signingkey: true
+          git_commit_gpgsign: true
 
       - name: Setup git
         run: |
-          git config user.name github-actions
-          git config user.email github-actions@github.com
+          git config --local user.email "106330231+bitwarden-devops-bot@users.noreply.github.com"
+          git config --local user.name "bitwarden-devops-bot"
+
+      - name: Create Version Branch
+        id: create-branch
+        run: |
+          NAME=version_bump_${{ github.ref_name }}_$(date +"%Y-%m-%d")
+          git switch -c $NAME
+          echo "name=$NAME" >> $GITHUB_OUTPUT
 
       - name: Get current version
         id: current-version
@@ -111,4 +162,84 @@ jobs:
 
       - name: Push changes
         if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
-        run: git push
+        env:
+          PR_BRANCH: ${{ steps.create-branch.outputs.name }}
+        run: git push -u origin $PR_BRANCH
+
+      - name: Create Version PR
+        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
+        id: create-pr
+        env:
+          GH_TOKEN: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
+          PR_BRANCH: ${{ steps.create-branch.outputs.name }}
+          TITLE: "Bump version to ${{ steps.set-final-version-output.outputs.version }}"
+        run: |
+          PR_URL=$(gh pr create --title "$TITLE" \
+            --base "main" \
+            --head "$PR_BRANCH" \
+            --label "version update" \
+            --label "automated pr" \
+            --body "
+              ## Type of change
+              - [ ] Bug fix
+              - [ ] New feature development
+              - [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
+              - [ ] Build/deploy pipeline (DevOps)
+              - [X] Other
+
+              ## Objective
+              Automated version bump to ${{ steps.set-final-version-output.outputs.version }}")
+          echo "pr_number=${PR_URL##*/}" >> $GITHUB_OUTPUT
+
+      - name: Approve PR
+        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_NUMBER: ${{ steps.create-pr.outputs.pr_number }}
+        run: gh pr review $PR_NUMBER --approve
+
+      - name: Merge PR
+        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
+        env:
+          GH_TOKEN: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
+          PR_NUMBER: ${{ steps.create-pr.outputs.pr_number }}
+        run: gh pr merge $PR_NUMBER --squash --auto --delete-branch
+
+      - name: Report upcoming release version to Slack
+        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' && inputs.enable_slack_notification == true }}
+        uses: bitwarden/gh-actions/report-upcoming-release-version@main
+        with:
+          version: ${{ steps.set-final-version-output.outputs.version }}
+          project: ${{ github.repository }}
+          AZURE_KV_CI_SERVICE_PRINCIPAL: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+
+  cut_rc:
+    name: Cut RC branch
+    if: ${{ inputs.cut_rc_branch == true }}
+    needs: bump_version
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout Branch
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          ref: main
+
+      - name: Verify version has been updated
+        env:
+          NEW_VERSION: ${{ needs.bump_version.outputs.version }}
+        run: |
+          # Wait for version to change.
+          while : ; do
+            echo "Waiting for version to be updated..."
+            git pull --force
+            CURRENT_VERSION=$(cat package.json | jq -r '.version')
+
+            # If the versions don't match we continue the loop, otherwise we break out of the loop.
+            [[ "$NEW_VERSION" != "$CURRENT_VERSION" ]] || break
+            sleep 10
+          done
+
+      - name: Cut RC branch
+        run: |
+          git switch --quiet --create rc
+          git push --quiet --set-upstream origin rc

.gitignore

@@ -26,7 +26,6 @@ npm-debug.log
 # Build directories
 dist
 build
-build-cli
 .angular/cache
 
 # Testing

README.md

@@ -3,7 +3,7 @@
 
 # Bitwarden Directory Connector
 
-The Bitwarden Directory Connector is a desktop application used to sync your Bitwarden enterprise organization to an existing directory of users and groups.
+The Bitwarden Directory Connector is a a desktop application used to sync your Bitwarden enterprise organization to an existing directory of users and groups.
 
 Supported directories:
 

docker-compose.yml

@@ -1,18 +0,0 @@
-services:
-  open-ldap:
-    image: bitnami/openldap:latest
-    hostname: openldap
-    environment:
-      - LDAP_ADMIN_USERNAME=admin
-      - LDAP_ADMIN_PASSWORD=admin
-      - LDAP_ROOT=dc=bitwarden,dc=com
-      - LDAP_ENABLE_TLS=yes
-      - LDAP_TLS_CERT_FILE=/certs/openldap.pem
-      - LDAP_TLS_KEY_FILE=/certs/openldap-key.pem
-      - LDAP_TLS_CA_FILE=/certs/rootCA.pem
-    volumes:
-      - "./openldap/ldifs:/ldifs"
-      - "./openldap/certs:/certs"
-    ports:
-      - "1389:1389"
-      - "1636:1636"

jest.config.js

@@ -11,14 +11,6 @@ module.exports = {
   // ...angularPreset,
   preset: "jest-preset-angular",
 
-  reporters: ["default", "jest-junit"],
-
-  collectCoverage: true,
-  // Ensure we collect coverage from files without tests
-  collectCoverageFrom: ["src/**/*.ts"],
-  coverageReporters: ["html", "lcov"],
-  coverageDirectory: "coverage",
-
   testEnvironment: "jsdom",
   testMatch: ["**/+(*.)+(spec).+(ts)"],
 

jslib/angular/src/services/auth-guard.service.ts

@@ -0,0 +1,34 @@
+import { Injectable } from "@angular/core";
+import { ActivatedRouteSnapshot, Router, RouterStateSnapshot } from "@angular/router";
+
+import { KeyConnectorService } from "@/jslib/common/src/abstractions/keyConnector.service";
+import { MessagingService } from "@/jslib/common/src/abstractions/messaging.service";
+import { StateService } from "@/jslib/common/src/abstractions/state.service";
+
+@Injectable()
+export class AuthGuardService  {
+  constructor(
+    private router: Router,
+    private messagingService: MessagingService,
+    private keyConnectorService: KeyConnectorService,
+    private stateService: StateService,
+  ) {}
+
+  async canActivate(route: ActivatedRouteSnapshot, routerState: RouterStateSnapshot) {
+    const isAuthed = await this.stateService.getIsAuthenticated();
+    if (!isAuthed) {
+      this.messagingService.send("authBlocked");
+      return false;
+    }
+
+    if (
+      !routerState.url.includes("remove-password") &&
+      (await this.keyConnectorService.getConvertAccountRequired())
+    ) {
+      this.router.navigate(["/remove-password"]);
+      return false;
+    }
+
+    return true;
+  }
+}

jslib/angular/src/services/jslib-services.module.ts

@@ -2,69 +2,106 @@ import { LOCALE_ID, NgModule } from "@angular/core";
 
 import { ApiService as ApiServiceAbstraction } from "@/jslib/common/src/abstractions/api.service";
 import { AppIdService as AppIdServiceAbstraction } from "@/jslib/common/src/abstractions/appId.service";
+import { AuthService as AuthServiceAbstraction } from "@/jslib/common/src/abstractions/auth.service";
 import { BroadcasterService as BroadcasterServiceAbstraction } from "@/jslib/common/src/abstractions/broadcaster.service";
 import { CryptoService as CryptoServiceAbstraction } from "@/jslib/common/src/abstractions/crypto.service";
 import { CryptoFunctionService as CryptoFunctionServiceAbstraction } from "@/jslib/common/src/abstractions/cryptoFunction.service";
 import { EnvironmentService as EnvironmentServiceAbstraction } from "@/jslib/common/src/abstractions/environment.service";
+import { EventService as EventServiceAbstraction } from "@/jslib/common/src/abstractions/event.service";
 import { I18nService as I18nServiceAbstraction } from "@/jslib/common/src/abstractions/i18n.service";
+import { KeyConnectorService as KeyConnectorServiceAbstraction } from "@/jslib/common/src/abstractions/keyConnector.service";
 import { LogService } from "@/jslib/common/src/abstractions/log.service";
 import { MessagingService as MessagingServiceAbstraction } from "@/jslib/common/src/abstractions/messaging.service";
+import { NotificationsService as NotificationsServiceAbstraction } from "@/jslib/common/src/abstractions/notifications.service";
+import { OrganizationService as OrganizationServiceAbstraction } from "@/jslib/common/src/abstractions/organization.service";
+import { PasswordGenerationService as PasswordGenerationServiceAbstraction } from "@/jslib/common/src/abstractions/passwordGeneration.service";
+import { PasswordRepromptService as PasswordRepromptServiceAbstraction } from "@/jslib/common/src/abstractions/passwordReprompt.service";
 import { PlatformUtilsService as PlatformUtilsServiceAbstraction } from "@/jslib/common/src/abstractions/platformUtils.service";
+import { SearchService as SearchServiceAbstraction } from "@/jslib/common/src/abstractions/search.service";
+import { SettingsService as SettingsServiceAbstraction } from "@/jslib/common/src/abstractions/settings.service";
 import { StateService as StateServiceAbstraction } from "@/jslib/common/src/abstractions/state.service";
 import { StateMigrationService as StateMigrationServiceAbstraction } from "@/jslib/common/src/abstractions/stateMigration.service";
 import { StorageService as StorageServiceAbstraction } from "@/jslib/common/src/abstractions/storage.service";
+import { SyncService as SyncServiceAbstraction } from "@/jslib/common/src/abstractions/sync.service";
 import { TokenService as TokenServiceAbstraction } from "@/jslib/common/src/abstractions/token.service";
+import { TwoFactorService as TwoFactorServiceAbstraction } from "@/jslib/common/src/abstractions/twoFactor.service";
+import { UserVerificationService as UserVerificationServiceAbstraction } from "@/jslib/common/src/abstractions/userVerification.service";
 import { StateFactory } from "@/jslib/common/src/factories/stateFactory";
 import { Account } from "@/jslib/common/src/models/domain/account";
 import { GlobalState } from "@/jslib/common/src/models/domain/globalState";
 import { ApiService } from "@/jslib/common/src/services/api.service";
 import { AppIdService } from "@/jslib/common/src/services/appId.service";
+import { AuthService } from "@/jslib/common/src/services/auth.service";
 import { ConsoleLogService } from "@/jslib/common/src/services/consoleLog.service";
 import { CryptoService } from "@/jslib/common/src/services/crypto.service";
 import { EnvironmentService } from "@/jslib/common/src/services/environment.service";
+import { EventService } from "@/jslib/common/src/services/event.service";
+import { KeyConnectorService } from "@/jslib/common/src/services/keyConnector.service";
+import { NotificationsService } from "@/jslib/common/src/services/notifications.service";
+import { OrganizationService } from "@/jslib/common/src/services/organization.service";
+import { PasswordGenerationService } from "@/jslib/common/src/services/passwordGeneration.service";
+import { SearchService } from "@/jslib/common/src/services/search.service";
+import { SettingsService } from "@/jslib/common/src/services/settings.service";
 import { StateService } from "@/jslib/common/src/services/state.service";
 import { StateMigrationService } from "@/jslib/common/src/services/stateMigration.service";
+import { SyncService } from "@/jslib/common/src/services/sync.service";
 import { TokenService } from "@/jslib/common/src/services/token.service";
+import { TwoFactorService } from "@/jslib/common/src/services/twoFactor.service";
+import { UserVerificationService } from "@/jslib/common/src/services/userVerification.service";
 
-import {
-  SafeInjectionToken,
-  SECURE_STORAGE,
-  WINDOW,
-} from "../../../../src/app/services/injection-tokens";
-import { SafeProvider, safeProvider } from "../../../../src/app/services/safe-provider";
-
+import { AuthGuardService } from "./auth-guard.service";
 import { BroadcasterService } from "./broadcaster.service";
+import { LockGuardService } from "./lock-guard.service";
 import { ModalService } from "./modal.service";
+import { PasswordRepromptService } from "./passwordReprompt.service";
+import { UnauthGuardService } from "./unauth-guard.service";
 import { ValidationService } from "./validation.service";
 
 @NgModule({
   declarations: [],
   providers: [
-    safeProvider({ provide: WINDOW, useValue: window }),
-    safeProvider({
-      provide: LOCALE_ID as SafeInjectionToken<string>,
+    { provide: "WINDOW", useValue: window },
+    {
+      provide: LOCALE_ID,
       useFactory: (i18nService: I18nServiceAbstraction) => i18nService.translationLocale,
       deps: [I18nServiceAbstraction],
-    }),
-    safeProvider(ValidationService),
-    safeProvider(ModalService),
-    safeProvider({
+    },
+    ValidationService,
+    AuthGuardService,
+    UnauthGuardService,
+    LockGuardService,
+    ModalService,
+    {
       provide: AppIdServiceAbstraction,
       useClass: AppIdService,
       deps: [StorageServiceAbstraction],
-    }),
-    safeProvider({ provide: LogService, useFactory: () => new ConsoleLogService(false), deps: [] }),
-    safeProvider({
+    },
+    {
+      provide: AuthServiceAbstraction,
+      useClass: AuthService,
+      deps: [
+        CryptoServiceAbstraction,
+        ApiServiceAbstraction,
+        TokenServiceAbstraction,
+        AppIdServiceAbstraction,
+        PlatformUtilsServiceAbstraction,
+        MessagingServiceAbstraction,
+        LogService,
+        KeyConnectorServiceAbstraction,
+        EnvironmentServiceAbstraction,
+        StateServiceAbstraction,
+        TwoFactorServiceAbstraction,
+        I18nServiceAbstraction,
+      ],
+    },
+    { provide: LogService, useFactory: () => new ConsoleLogService(false) },
+    {
       provide: EnvironmentServiceAbstraction,
       useClass: EnvironmentService,
       deps: [StateServiceAbstraction],
-    }),
-    safeProvider({
-      provide: TokenServiceAbstraction,
-      useClass: TokenService,
-      deps: [StateServiceAbstraction],
-    }),
-    safeProvider({
+    },
+    { provide: TokenServiceAbstraction, useClass: TokenService, deps: [StateServiceAbstraction] },
+    {
       provide: CryptoServiceAbstraction,
       useClass: CryptoService,
       deps: [
@@ -73,8 +110,13 @@ import { ValidationService } from "./validation.service";
         LogService,
         StateServiceAbstraction,
       ],
-    }),
-    safeProvider({
+    },
+    {
+      provide: PasswordGenerationServiceAbstraction,
+      useClass: PasswordGenerationService,
+      deps: [CryptoServiceAbstraction, StateServiceAbstraction],
+    },
+    {
       provide: ApiServiceAbstraction,
       useFactory: (
         tokenService: TokenServiceAbstraction,
@@ -97,13 +139,48 @@ import { ValidationService } from "./validation.service";
         MessagingServiceAbstraction,
         AppIdServiceAbstraction,
       ],
-    }),
-    safeProvider({
-      provide: BroadcasterServiceAbstraction,
-      useClass: BroadcasterService,
-      useAngularDecorators: true,
-    }),
-    safeProvider({
+    },
+    {
+      provide: SyncServiceAbstraction,
+      useFactory: (
+        apiService: ApiServiceAbstraction,
+        settingsService: SettingsServiceAbstraction,
+        cryptoService: CryptoServiceAbstraction,
+        messagingService: MessagingServiceAbstraction,
+        logService: LogService,
+        keyConnectorService: KeyConnectorServiceAbstraction,
+        stateService: StateServiceAbstraction,
+        organizationService: OrganizationServiceAbstraction,
+      ) =>
+        new SyncService(
+          apiService,
+          settingsService,
+          cryptoService,
+          messagingService,
+          logService,
+          keyConnectorService,
+          stateService,
+          organizationService,
+          async (expired: boolean) => messagingService.send("logout", { expired: expired }),
+        ),
+      deps: [
+        ApiServiceAbstraction,
+        SettingsServiceAbstraction,
+        CryptoServiceAbstraction,
+        MessagingServiceAbstraction,
+        LogService,
+        KeyConnectorServiceAbstraction,
+        StateServiceAbstraction,
+        OrganizationServiceAbstraction,
+      ],
+    },
+    { provide: BroadcasterServiceAbstraction, useClass: BroadcasterService },
+    {
+      provide: SettingsServiceAbstraction,
+      useClass: SettingsService,
+      deps: [StateServiceAbstraction],
+    },
+    {
       provide: StateServiceAbstraction,
       useFactory: (
         storageService: StorageServiceAbstraction,
@@ -120,12 +197,12 @@ import { ValidationService } from "./validation.service";
         ),
       deps: [
         StorageServiceAbstraction,
-        SECURE_STORAGE,
+        "SECURE_STORAGE",
         LogService,
         StateMigrationServiceAbstraction,
       ],
-    }),
-    safeProvider({
+    },
+    {
       provide: StateMigrationServiceAbstraction,
       useFactory: (
         storageService: StorageServiceAbstraction,
@@ -136,8 +213,82 @@ import { ValidationService } from "./validation.service";
           secureStorageService,
           new StateFactory(GlobalState, Account),
         ),
-      deps: [StorageServiceAbstraction, SECURE_STORAGE],
-    }),
-  ] satisfies SafeProvider[],
+      deps: [StorageServiceAbstraction, "SECURE_STORAGE"],
+    },
+    {
+      provide: SearchServiceAbstraction,
+      useClass: SearchService,
+      deps: [LogService, I18nServiceAbstraction],
+    },
+    {
+      provide: NotificationsServiceAbstraction,
+      useFactory: (
+        syncService: SyncServiceAbstraction,
+        appIdService: AppIdServiceAbstraction,
+        apiService: ApiServiceAbstraction,
+        environmentService: EnvironmentServiceAbstraction,
+        messagingService: MessagingServiceAbstraction,
+        logService: LogService,
+        stateService: StateServiceAbstraction,
+      ) =>
+        new NotificationsService(
+          syncService,
+          appIdService,
+          apiService,
+          environmentService,
+          async () => messagingService.send("logout", { expired: true }),
+          logService,
+          stateService,
+        ),
+      deps: [
+        SyncServiceAbstraction,
+        AppIdServiceAbstraction,
+        ApiServiceAbstraction,
+        EnvironmentServiceAbstraction,
+        MessagingServiceAbstraction,
+        LogService,
+        StateServiceAbstraction,
+      ],
+    },
+    {
+      provide: EventServiceAbstraction,
+      useClass: EventService,
+      deps: [
+        ApiServiceAbstraction,
+        StateServiceAbstraction,
+        LogService,
+        OrganizationServiceAbstraction,
+      ],
+    },
+    {
+      provide: KeyConnectorServiceAbstraction,
+      useClass: KeyConnectorService,
+      deps: [
+        StateServiceAbstraction,
+        CryptoServiceAbstraction,
+        ApiServiceAbstraction,
+        TokenServiceAbstraction,
+        LogService,
+        OrganizationServiceAbstraction,
+        CryptoFunctionServiceAbstraction,
+      ],
+    },
+    {
+      provide: UserVerificationServiceAbstraction,
+      useClass: UserVerificationService,
+      deps: [CryptoServiceAbstraction, I18nServiceAbstraction, ApiServiceAbstraction],
+    },
+    { provide: PasswordRepromptServiceAbstraction, useClass: PasswordRepromptService },
+    {
+      provide: OrganizationServiceAbstraction,
+      useClass: OrganizationService,
+      deps: [StateServiceAbstraction],
+    },
+    {
+      provide: TwoFactorServiceAbstraction,
+      useClass: TwoFactorService,
+      deps: [I18nServiceAbstraction, PlatformUtilsServiceAbstraction],
+    },
+  ],
 })
 export class JslibServicesModule {}

jslib/angular/src/services/lock-guard.service.ts

@@ -0,0 +1,23 @@
+import { Injectable } from "@angular/core";
+import { Router } from "@angular/router";
+
+import { StateService } from "@/jslib/common/src/abstractions/state.service";
+
+@Injectable()
+export class LockGuardService  {
+  protected homepage = "vault";
+  protected loginpage = "login";
+  constructor(
+    private router: Router,
+    private stateService: StateService,
+  ) {}
+
+  async canActivate() {
+    const redirectUrl = (await this.stateService.getIsAuthenticated())
+      ? [this.homepage]
+      : [this.loginpage];
+
+    this.router.navigate(redirectUrl);
+    return false;
+  }
+}

jslib/angular/src/services/modal.service.ts

@@ -143,7 +143,7 @@ export class ModalService {
       dialogEl.style.zIndex = `${this.modalCount}050`;
 
       const modals = Array.from(
-        el.querySelectorAll('.modal-backdrop, .modal *[data-bs-dismiss="modal"]'),
+        el.querySelectorAll('.modal-backdrop, .modal *[data-dismiss="modal"]'),
       );
       for (const closeElement of modals) {
         closeElement.addEventListener("click", () => {

jslib/angular/src/services/passwordReprompt.service.ts

@@ -0,0 +1,45 @@
+import { Injectable } from "@angular/core";
+
+import { KeyConnectorService } from "@/jslib/common/src/abstractions/keyConnector.service";
+import { PasswordRepromptService as PasswordRepromptServiceAbstraction } from "@/jslib/common/src/abstractions/passwordReprompt.service";
+
+import { PasswordRepromptComponent } from "../components/password-reprompt.component";
+
+import { ModalService } from "./modal.service";
+
+/**
+ * Used to verify the user's Master Password for the "Master Password Re-prompt" feature only.
+ * See UserVerificationService for any other situation where you need to verify the user's identity.
+ */
+@Injectable()
+export class PasswordRepromptService implements PasswordRepromptServiceAbstraction {
+  protected component = PasswordRepromptComponent;
+
+  constructor(
+    private modalService: ModalService,
+    private keyConnectorService: KeyConnectorService,
+  ) {}
+
+  protectedFields() {
+    return ["TOTP", "Password", "H_Field", "Card Number", "Security Code"];
+  }
+
+  async showPasswordPrompt() {
+    if (!(await this.enabled())) {
+      return true;
+    }
+
+    const ref = this.modalService.open(this.component, { allowMultipleModals: true });
+
+    if (ref == null) {
+      return false;
+    }
+
+    const result = await ref.onClosedPromise();
+    return result === true;
+  }
+
+  async enabled() {
+    return !(await this.keyConnectorService.getUsesKeyConnector());
+  }
+}

jslib/angular/src/services/unauth-guard.service.ts

@@ -0,0 +1,22 @@
+import { Injectable } from "@angular/core";
+import { Router } from "@angular/router";
+
+import { StateService } from "@/jslib/common/src/abstractions/state.service";
+
+@Injectable()
+export class UnauthGuardService  {
+  protected homepage = "vault";
+  constructor(
+    private router: Router,
+    private stateService: StateService,
+  ) {}
+
+  async canActivate() {
+    const isAuthed = await this.stateService.getIsAuthenticated();
+    if (isAuthed) {
+      this.router.navigate([this.homepage]);
+      return false;
+    }
+    return true;
+  }
+}

jslib/common/spec/misc/logInStrategies/apiLogIn.strategy.spec.ts

@@ -0,0 +1,114 @@
+import { Arg, Substitute, SubstituteOf } from "@fluffy-spoon/substitute";
+
+import { ApiService } from "@/jslib/common/src/abstractions/api.service";
+import { AppIdService } from "@/jslib/common/src/abstractions/appId.service";
+import { CryptoService } from "@/jslib/common/src/abstractions/crypto.service";
+import { EnvironmentService } from "@/jslib/common/src/abstractions/environment.service";
+import { KeyConnectorService } from "@/jslib/common/src/abstractions/keyConnector.service";
+import { LogService } from "@/jslib/common/src/abstractions/log.service";
+import { MessagingService } from "@/jslib/common/src/abstractions/messaging.service";
+import { PlatformUtilsService } from "@/jslib/common/src/abstractions/platformUtils.service";
+import { StateService } from "@/jslib/common/src/abstractions/state.service";
+import { TokenService } from "@/jslib/common/src/abstractions/token.service";
+import { TwoFactorService } from "@/jslib/common/src/abstractions/twoFactor.service";
+import { ApiLogInStrategy } from "@/jslib/common/src/misc/logInStrategies/apiLogin.strategy";
+import { Utils } from "@/jslib/common/src/misc/utils";
+import { ApiLogInCredentials } from "@/jslib/common/src/models/domain/logInCredentials";
+
+import { identityTokenResponseFactory } from "./logIn.strategy.spec";
+
+describe("ApiLogInStrategy", () => {
+  let cryptoService: SubstituteOf<CryptoService>;
+  let apiService: SubstituteOf<ApiService>;
+  let tokenService: SubstituteOf<TokenService>;
+  let appIdService: SubstituteOf<AppIdService>;
+  let platformUtilsService: SubstituteOf<PlatformUtilsService>;
+  let messagingService: SubstituteOf<MessagingService>;
+  let logService: SubstituteOf<LogService>;
+  let environmentService: SubstituteOf<EnvironmentService>;
+  let keyConnectorService: SubstituteOf<KeyConnectorService>;
+  let stateService: SubstituteOf<StateService>;
+  let twoFactorService: SubstituteOf<TwoFactorService>;
+
+  let apiLogInStrategy: ApiLogInStrategy;
+  let credentials: ApiLogInCredentials;
+
+  const deviceId = Utils.newGuid();
+  const keyConnectorUrl = "KEY_CONNECTOR_URL";
+  const apiClientId = "API_CLIENT_ID";
+  const apiClientSecret = "API_CLIENT_SECRET";
+
+  beforeEach(async () => {
+    cryptoService = Substitute.for<CryptoService>();
+    apiService = Substitute.for<ApiService>();
+    tokenService = Substitute.for<TokenService>();
+    appIdService = Substitute.for<AppIdService>();
+    platformUtilsService = Substitute.for<PlatformUtilsService>();
+    messagingService = Substitute.for<MessagingService>();
+    logService = Substitute.for<LogService>();
+    environmentService = Substitute.for<EnvironmentService>();
+    stateService = Substitute.for<StateService>();
+    keyConnectorService = Substitute.for<KeyConnectorService>();
+    twoFactorService = Substitute.for<TwoFactorService>();
+
+    appIdService.getAppId().resolves(deviceId);
+    tokenService.getTwoFactorToken().resolves(null);
+
+    apiLogInStrategy = new ApiLogInStrategy(
+      cryptoService,
+      apiService,
+      tokenService,
+      appIdService,
+      platformUtilsService,
+      messagingService,
+      logService,
+      stateService,
+      twoFactorService,
+      environmentService,
+      keyConnectorService,
+    );
+
+    credentials = new ApiLogInCredentials(apiClientId, apiClientSecret);
+  });
+
+  it("sends api key credentials to the server", async () => {
+    apiService.postIdentityToken(Arg.any()).resolves(identityTokenResponseFactory());
+    await apiLogInStrategy.logIn(credentials);
+
+    apiService.received(1).postIdentityToken(
+      Arg.is((actual) => {
+        const apiTokenRequest = actual as any;
+        return (
+          apiTokenRequest.clientId === apiClientId &&
+          apiTokenRequest.clientSecret === apiClientSecret &&
+          apiTokenRequest.device.identifier === deviceId &&
+          apiTokenRequest.twoFactor.provider == null &&
+          apiTokenRequest.twoFactor.token == null &&
+          apiTokenRequest.captchaResponse == null
+        );
+      }),
+    );
+  });
+
+  it("sets the local environment after a successful login", async () => {
+    apiService.postIdentityToken(Arg.any()).resolves(identityTokenResponseFactory());
+
+    await apiLogInStrategy.logIn(credentials);
+
+    stateService.received(1).setApiKeyClientId(apiClientId);
+    stateService.received(1).setApiKeyClientSecret(apiClientSecret);
+    stateService.received(1).addAccount(Arg.any());
+  });
+
+  it("gets and sets the Key Connector key from environmentUrl", async () => {
+    const tokenResponse = identityTokenResponseFactory();
+    tokenResponse.apiUseKeyConnector = true;
+
+    apiService.postIdentityToken(Arg.any()).resolves(tokenResponse);
+    environmentService.getKeyConnectorUrl().returns(keyConnectorUrl);
+
+    await apiLogInStrategy.logIn(credentials);
+
+    keyConnectorService.received(1).getAndSetKey(keyConnectorUrl);
+  });
+});

jslib/common/spec/misc/logInStrategies/logIn.strategy.spec.ts

@@ -0,0 +1,288 @@
+import { Arg, Substitute, SubstituteOf } from "@fluffy-spoon/substitute";
+
+import { ApiService } from "@/jslib/common/src/abstractions/api.service";
+import { AppIdService } from "@/jslib/common/src/abstractions/appId.service";
+import { AuthService } from "@/jslib/common/src/abstractions/auth.service";
+import { CryptoService } from "@/jslib/common/src/abstractions/crypto.service";
+import { LogService } from "@/jslib/common/src/abstractions/log.service";
+import { MessagingService } from "@/jslib/common/src/abstractions/messaging.service";
+import { PlatformUtilsService } from "@/jslib/common/src/abstractions/platformUtils.service";
+import { StateService } from "@/jslib/common/src/abstractions/state.service";
+import { TokenService } from "@/jslib/common/src/abstractions/token.service";
+import { TwoFactorService } from "@/jslib/common/src/abstractions/twoFactor.service";
+import { TwoFactorProviderType } from "@/jslib/common/src/enums/twoFactorProviderType";
+import { PasswordLogInStrategy } from "@/jslib/common/src/misc/logInStrategies/passwordLogin.strategy";
+import { Utils } from "@/jslib/common/src/misc/utils";
+import { Account, AccountProfile, AccountTokens } from "@/jslib/common/src/models/domain/account";
+import { AuthResult } from "@/jslib/common/src/models/domain/authResult";
+import { EncString } from "@/jslib/common/src/models/domain/encString";
+import { PasswordLogInCredentials } from "@/jslib/common/src/models/domain/logInCredentials";
+import { PasswordTokenRequest } from "@/jslib/common/src/models/request/identityToken/passwordTokenRequest";
+import { TokenRequestTwoFactor } from "@/jslib/common/src/models/request/identityToken/tokenRequestTwoFactor";
+import { IdentityCaptchaResponse } from "@/jslib/common/src/models/response/identityCaptchaResponse";
+import { IdentityTokenResponse } from "@/jslib/common/src/models/response/identityTokenResponse";
+import { IdentityTwoFactorResponse } from "@/jslib/common/src/models/response/identityTwoFactorResponse";
+
+const email = "hello@world.com";
+const masterPassword = "password";
+
+const deviceId = Utils.newGuid();
+const accessToken = "ACCESS_TOKEN";
+const refreshToken = "REFRESH_TOKEN";
+const encKey = "ENC_KEY";
+const privateKey = "PRIVATE_KEY";
+const captchaSiteKey = "CAPTCHA_SITE_KEY";
+const kdf = 0;
+const kdfIterations = 10000;
+const userId = Utils.newGuid();
+const masterPasswordHash = "MASTER_PASSWORD_HASH";
+
+const decodedToken = {
+  sub: userId,
+  email: email,
+  premium: false,
+};
+
+const twoFactorProviderType = TwoFactorProviderType.Authenticator;
+const twoFactorToken = "TWO_FACTOR_TOKEN";
+const twoFactorRemember = true;
+
+export function identityTokenResponseFactory() {
+  return new IdentityTokenResponse({
+    ForcePasswordReset: false,
+    Kdf: kdf,
+    KdfIterations: kdfIterations,
+    Key: encKey,
+    PrivateKey: privateKey,
+    ResetMasterPassword: false,
+    access_token: accessToken,
+    expires_in: 3600,
+    refresh_token: refreshToken,
+    scope: "api offline_access",
+    token_type: "Bearer",
+  });
+}
+
+describe("LogInStrategy", () => {
+  let cryptoService: SubstituteOf<CryptoService>;
+  let apiService: SubstituteOf<ApiService>;
+  let tokenService: SubstituteOf<TokenService>;
+  let appIdService: SubstituteOf<AppIdService>;
+  let platformUtilsService: SubstituteOf<PlatformUtilsService>;
+  let messagingService: SubstituteOf<MessagingService>;
+  let logService: SubstituteOf<LogService>;
+  let stateService: SubstituteOf<StateService>;
+  let twoFactorService: SubstituteOf<TwoFactorService>;
+  let authService: SubstituteOf<AuthService>;
+
+  let passwordLogInStrategy: PasswordLogInStrategy;
+  let credentials: PasswordLogInCredentials;
+
+  beforeEach(async () => {
+    cryptoService = Substitute.for<CryptoService>();
+    apiService = Substitute.for<ApiService>();
+    tokenService = Substitute.for<TokenService>();
+    appIdService = Substitute.for<AppIdService>();
+    platformUtilsService = Substitute.for<PlatformUtilsService>();
+    messagingService = Substitute.for<MessagingService>();
+    logService = Substitute.for<LogService>();
+    stateService = Substitute.for<StateService>();
+    twoFactorService = Substitute.for<TwoFactorService>();
+    authService = Substitute.for<AuthService>();
+
+    appIdService.getAppId().resolves(deviceId);
+
+    // The base class is abstract so we test it via PasswordLogInStrategy
+    passwordLogInStrategy = new PasswordLogInStrategy(
+      cryptoService,
+      apiService,
+      tokenService,
+      appIdService,
+      platformUtilsService,
+      messagingService,
+      logService,
+      stateService,
+      twoFactorService,
+      authService,
+    );
+    credentials = new PasswordLogInCredentials(email, masterPassword);
+  });
+
+  describe("base class", () => {
+    it("sets the local environment after a successful login", async () => {
+      apiService.postIdentityToken(Arg.any()).resolves(identityTokenResponseFactory());
+      tokenService.decodeToken(accessToken).resolves(decodedToken);
+
+      await passwordLogInStrategy.logIn(credentials);
+
+      stateService.received(1).addAccount(
+        new Account({
+          profile: {
+            ...new AccountProfile(),
+            ...{
+              userId: userId,
+              email: email,
+              hasPremiumPersonally: false,
+              kdfIterations: kdfIterations,
+              kdfType: kdf,
+            },
+          },
+          tokens: {
+            ...new AccountTokens(),
+            ...{
+              accessToken: accessToken,
+              refreshToken: refreshToken,
+            },
+          },
+        }),
+      );
+      cryptoService.received(1).setEncKey(encKey);
+      cryptoService.received(1).setEncPrivateKey(privateKey);
+
+      stateService.received(1).setBiometricLocked(false);
+      messagingService.received(1).send("loggedIn");
+    });
+
+    it("builds AuthResult", async () => {
+      const tokenResponse = identityTokenResponseFactory();
+      tokenResponse.forcePasswordReset = true;
+      tokenResponse.resetMasterPassword = true;
+
+      apiService.postIdentityToken(Arg.any()).resolves(tokenResponse);
+
+      const result = await passwordLogInStrategy.logIn(credentials);
+
+      const expected = new AuthResult();
+      expected.forcePasswordReset = true;
+      expected.resetMasterPassword = true;
+      expected.twoFactorProviders = null;
+      expected.captchaSiteKey = "";
+      expect(result).toEqual(expected);
+    });
+
+    it("rejects login if CAPTCHA is required", async () => {
+      // Sample CAPTCHA response
+      const tokenResponse = new IdentityCaptchaResponse({
+        error: "invalid_grant",
+        error_description: "Captcha required.",
+        HCaptcha_SiteKey: captchaSiteKey,
+      });
+
+      apiService.postIdentityToken(Arg.any()).resolves(tokenResponse);
+
+      const result = await passwordLogInStrategy.logIn(credentials);
+
+      stateService.didNotReceive().addAccount(Arg.any());
+      messagingService.didNotReceive().send(Arg.any());
+
+      const expected = new AuthResult();
+      expected.captchaSiteKey = captchaSiteKey;
+      expect(result).toEqual(expected);
+    });
+
+    it("makes a new public and private key for an old account", async () => {
+      const tokenResponse = identityTokenResponseFactory();
+      tokenResponse.privateKey = null;
+      cryptoService.makeKeyPair(Arg.any()).resolves(["PUBLIC_KEY", new EncString("PRIVATE_KEY")]);
+
+      apiService.postIdentityToken(Arg.any()).resolves(tokenResponse);
+
+      await passwordLogInStrategy.logIn(credentials);
+
+      apiService.received(1).postAccountKeys(Arg.any());
+    });
+  });
+
+  describe("Two-factor authentication", () => {
+    it("rejects login if 2FA is required", async () => {
+      // Sample response where TOTP 2FA required
+      const tokenResponse = new IdentityTwoFactorResponse({
+        TwoFactorProviders: ["0"],
+        TwoFactorProviders2: { 0: null },
+        error: "invalid_grant",
+        error_description: "Two factor required.",
+      });
+
+      apiService.postIdentityToken(Arg.any()).resolves(tokenResponse);
+
+      const result = await passwordLogInStrategy.logIn(credentials);
+
+      stateService.didNotReceive().addAccount(Arg.any());
+      messagingService.didNotReceive().send(Arg.any());
+
+      const expected = new AuthResult();
+      expected.twoFactorProviders = new Map<TwoFactorProviderType, { [key: string]: string }>();
+      expected.twoFactorProviders.set(0, null);
+      expect(result).toEqual(expected);
+    });
+
+    it("sends stored 2FA token to server", async () => {
+      tokenService.getTwoFactorToken().resolves(twoFactorToken);
+      apiService.postIdentityToken(Arg.any()).resolves(identityTokenResponseFactory());
+
+      await passwordLogInStrategy.logIn(credentials);
+
+      apiService.received(1).postIdentityToken(
+        Arg.is((actual) => {
+          const passwordTokenRequest = actual as any;
+          return (
+            passwordTokenRequest.twoFactor.provider === TwoFactorProviderType.Remember &&
+            passwordTokenRequest.twoFactor.token === twoFactorToken &&
+            passwordTokenRequest.twoFactor.remember === false
+          );
+        }),
+      );
+    });
+
+    it("sends 2FA token provided by user to server (single step)", async () => {
+      // This occurs if the user enters the 2FA code as an argument in the CLI
+      apiService.postIdentityToken(Arg.any()).resolves(identityTokenResponseFactory());
+      credentials.twoFactor = new TokenRequestTwoFactor(
+        twoFactorProviderType,
+        twoFactorToken,
+        twoFactorRemember,
+      );
+
+      await passwordLogInStrategy.logIn(credentials);
+
+      apiService.received(1).postIdentityToken(
+        Arg.is((actual) => {
+          const passwordTokenRequest = actual as any;
+          return (
+            passwordTokenRequest.twoFactor.provider === twoFactorProviderType &&
+            passwordTokenRequest.twoFactor.token === twoFactorToken &&
+            passwordTokenRequest.twoFactor.remember === twoFactorRemember
+          );
+        }),
+      );
+    });
+
+    it("sends 2FA token provided by user to server (two-step)", async () => {
+      // Simulate a partially completed login
+      passwordLogInStrategy.tokenRequest = new PasswordTokenRequest(
+        email,
+        masterPasswordHash,
+        null,
+        null,
+      );
+
+      apiService.postIdentityToken(Arg.any()).resolves(identityTokenResponseFactory());
+
+      await passwordLogInStrategy.logInTwoFactor(
+        new TokenRequestTwoFactor(twoFactorProviderType, twoFactorToken, twoFactorRemember),
+        null,
+      );
+
+      apiService.received(1).postIdentityToken(
+        Arg.is((actual) => {
+          const passwordTokenRequest = actual as any;
+          return (
+            passwordTokenRequest.twoFactor.provider === twoFactorProviderType &&
+            passwordTokenRequest.twoFactor.token === twoFactorToken &&
+            passwordTokenRequest.twoFactor.remember === twoFactorRemember
+          );
+        }),
+      );
+    });
+  });
+});

jslib/common/spec/misc/logInStrategies/passwordLogIn.strategy.spec.ts

@@ -0,0 +1,110 @@
+import { Arg, Substitute, SubstituteOf } from "@fluffy-spoon/substitute";
+
+import { ApiService } from "@/jslib/common/src/abstractions/api.service";
+import { AppIdService } from "@/jslib/common/src/abstractions/appId.service";
+import { AuthService } from "@/jslib/common/src/abstractions/auth.service";
+import { CryptoService } from "@/jslib/common/src/abstractions/crypto.service";
+import { LogService } from "@/jslib/common/src/abstractions/log.service";
+import { MessagingService } from "@/jslib/common/src/abstractions/messaging.service";
+import { PlatformUtilsService } from "@/jslib/common/src/abstractions/platformUtils.service";
+import { StateService } from "@/jslib/common/src/abstractions/state.service";
+import { TokenService } from "@/jslib/common/src/abstractions/token.service";
+import { TwoFactorService } from "@/jslib/common/src/abstractions/twoFactor.service";
+import { HashPurpose } from "@/jslib/common/src/enums/hashPurpose";
+import { PasswordLogInStrategy } from "@/jslib/common/src/misc/logInStrategies/passwordLogin.strategy";
+import { Utils } from "@/jslib/common/src/misc/utils";
+import { PasswordLogInCredentials } from "@/jslib/common/src/models/domain/logInCredentials";
+import { SymmetricCryptoKey } from "@/jslib/common/src/models/domain/symmetricCryptoKey";
+
+import { identityTokenResponseFactory } from "./logIn.strategy.spec";
+
+const email = "hello@world.com";
+const masterPassword = "password";
+const hashedPassword = "HASHED_PASSWORD";
+const localHashedPassword = "LOCAL_HASHED_PASSWORD";
+const preloginKey = new SymmetricCryptoKey(
+  Utils.fromB64ToArray(
+    "N2KWjlLpfi5uHjv+YcfUKIpZ1l+W+6HRensmIqD+BFYBf6N/dvFpJfWwYnVBdgFCK2tJTAIMLhqzIQQEUmGFgg==",
+  ),
+);
+const deviceId = Utils.newGuid();
+
+describe("PasswordLogInStrategy", () => {
+  let cryptoService: SubstituteOf<CryptoService>;
+  let apiService: SubstituteOf<ApiService>;
+  let tokenService: SubstituteOf<TokenService>;
+  let appIdService: SubstituteOf<AppIdService>;
+  let platformUtilsService: SubstituteOf<PlatformUtilsService>;
+  let messagingService: SubstituteOf<MessagingService>;
+  let logService: SubstituteOf<LogService>;
+  let stateService: SubstituteOf<StateService>;
+  let twoFactorService: SubstituteOf<TwoFactorService>;
+  let authService: SubstituteOf<AuthService>;
+
+  let passwordLogInStrategy: PasswordLogInStrategy;
+  let credentials: PasswordLogInCredentials;
+
+  beforeEach(async () => {
+    cryptoService = Substitute.for<CryptoService>();
+    apiService = Substitute.for<ApiService>();
+    tokenService = Substitute.for<TokenService>();
+    appIdService = Substitute.for<AppIdService>();
+    platformUtilsService = Substitute.for<PlatformUtilsService>();
+    messagingService = Substitute.for<MessagingService>();
+    logService = Substitute.for<LogService>();
+    stateService = Substitute.for<StateService>();
+    twoFactorService = Substitute.for<TwoFactorService>();
+    authService = Substitute.for<AuthService>();
+
+    appIdService.getAppId().resolves(deviceId);
+    tokenService.getTwoFactorToken().resolves(null);
+
+    authService.makePreloginKey(Arg.any(), Arg.any()).resolves(preloginKey);
+
+    cryptoService.hashPassword(masterPassword, Arg.any()).resolves(hashedPassword);
+    cryptoService
+      .hashPassword(masterPassword, Arg.any(), HashPurpose.LocalAuthorization)
+      .resolves(localHashedPassword);
+
+    passwordLogInStrategy = new PasswordLogInStrategy(
+      cryptoService,
+      apiService,
+      tokenService,
+      appIdService,
+      platformUtilsService,
+      messagingService,
+      logService,
+      stateService,
+      twoFactorService,
+      authService,
+    );
+    credentials = new PasswordLogInCredentials(email, masterPassword);
+
+    apiService.postIdentityToken(Arg.any()).resolves(identityTokenResponseFactory());
+  });
+
+  it("sends master password credentials to the server", async () => {
+    await passwordLogInStrategy.logIn(credentials);
+
+    apiService.received(1).postIdentityToken(
+      Arg.is((actual) => {
+        const passwordTokenRequest = actual as any; // Need to access private fields
+        return (
+          passwordTokenRequest.email === email &&
+          passwordTokenRequest.masterPasswordHash === hashedPassword &&
+          passwordTokenRequest.device.identifier === deviceId &&
+          passwordTokenRequest.twoFactor.provider == null &&
+          passwordTokenRequest.twoFactor.token == null &&
+          passwordTokenRequest.captchaResponse == null
+        );
+      }),
+    );
+  });
+
+  it("sets the local environment after a successful login", async () => {
+    await passwordLogInStrategy.logIn(credentials);
+
+    cryptoService.received(1).setKey(preloginKey);
+    cryptoService.received(1).setKeyHash(localHashedPassword);
+  });
+});

jslib/common/spec/misc/logInStrategies/ssoLogIn.strategy.spec.ts

@@ -0,0 +1,127 @@
+import { Arg, Substitute, SubstituteOf } from "@fluffy-spoon/substitute";
+
+import { ApiService } from "@/jslib/common/src/abstractions/api.service";
+import { AppIdService } from "@/jslib/common/src/abstractions/appId.service";
+import { CryptoService } from "@/jslib/common/src/abstractions/crypto.service";
+import { KeyConnectorService } from "@/jslib/common/src/abstractions/keyConnector.service";
+import { LogService } from "@/jslib/common/src/abstractions/log.service";
+import { MessagingService } from "@/jslib/common/src/abstractions/messaging.service";
+import { PlatformUtilsService } from "@/jslib/common/src/abstractions/platformUtils.service";
+import { StateService } from "@/jslib/common/src/abstractions/state.service";
+import { TokenService } from "@/jslib/common/src/abstractions/token.service";
+import { TwoFactorService } from "@/jslib/common/src/abstractions/twoFactor.service";
+import { SsoLogInStrategy } from "@/jslib/common/src/misc/logInStrategies/ssoLogin.strategy";
+import { Utils } from "@/jslib/common/src/misc/utils";
+import { SsoLogInCredentials } from "@/jslib/common/src/models/domain/logInCredentials";
+
+import { identityTokenResponseFactory } from "./logIn.strategy.spec";
+
+describe("SsoLogInStrategy", () => {
+  let cryptoService: SubstituteOf<CryptoService>;
+  let apiService: SubstituteOf<ApiService>;
+  let tokenService: SubstituteOf<TokenService>;
+  let appIdService: SubstituteOf<AppIdService>;
+  let platformUtilsService: SubstituteOf<PlatformUtilsService>;
+  let messagingService: SubstituteOf<MessagingService>;
+  let logService: SubstituteOf<LogService>;
+  let keyConnectorService: SubstituteOf<KeyConnectorService>;
+  let stateService: SubstituteOf<StateService>;
+  let twoFactorService: SubstituteOf<TwoFactorService>;
+
+  let ssoLogInStrategy: SsoLogInStrategy;
+  let credentials: SsoLogInCredentials;
+
+  const deviceId = Utils.newGuid();
+  const encKey = "ENC_KEY";
+  const privateKey = "PRIVATE_KEY";
+  const keyConnectorUrl = "KEY_CONNECTOR_URL";
+
+  const ssoCode = "SSO_CODE";
+  const ssoCodeVerifier = "SSO_CODE_VERIFIER";
+  const ssoRedirectUrl = "SSO_REDIRECT_URL";
+  const ssoOrgId = "SSO_ORG_ID";
+
+  beforeEach(async () => {
+    cryptoService = Substitute.for<CryptoService>();
+    apiService = Substitute.for<ApiService>();
+    tokenService = Substitute.for<TokenService>();
+    appIdService = Substitute.for<AppIdService>();
+    platformUtilsService = Substitute.for<PlatformUtilsService>();
+    messagingService = Substitute.for<MessagingService>();
+    logService = Substitute.for<LogService>();
+    stateService = Substitute.for<StateService>();
+    keyConnectorService = Substitute.for<KeyConnectorService>();
+    twoFactorService = Substitute.for<TwoFactorService>();
+
+    tokenService.getTwoFactorToken().resolves(null);
+    appIdService.getAppId().resolves(deviceId);
+
+    ssoLogInStrategy = new SsoLogInStrategy(
+      cryptoService,
+      apiService,
+      tokenService,
+      appIdService,
+      platformUtilsService,
+      messagingService,
+      logService,
+      stateService,
+      twoFactorService,
+      keyConnectorService,
+    );
+    credentials = new SsoLogInCredentials(ssoCode, ssoCodeVerifier, ssoRedirectUrl, ssoOrgId);
+  });
+
+  it("sends SSO information to server", async () => {
+    apiService.postIdentityToken(Arg.any()).resolves(identityTokenResponseFactory());
+
+    await ssoLogInStrategy.logIn(credentials);
+
+    apiService.received(1).postIdentityToken(
+      Arg.is((actual) => {
+        const ssoTokenRequest = actual as any;
+        return (
+          ssoTokenRequest.code === ssoCode &&
+          ssoTokenRequest.codeVerifier === ssoCodeVerifier &&
+          ssoTokenRequest.redirectUri === ssoRedirectUrl &&
+          ssoTokenRequest.device.identifier === deviceId &&
+          ssoTokenRequest.twoFactor.provider == null &&
+          ssoTokenRequest.twoFactor.token == null
+        );
+      }),
+    );
+  });
+
+  it("does not set keys for new SSO user flow", async () => {
+    const tokenResponse = identityTokenResponseFactory();
+    tokenResponse.key = null;
+    apiService.postIdentityToken(Arg.any()).resolves(tokenResponse);
+
+    await ssoLogInStrategy.logIn(credentials);
+
+    cryptoService.didNotReceive().setEncPrivateKey(privateKey);
+    cryptoService.didNotReceive().setEncKey(encKey);
+  });
+
+  it("gets and sets KeyConnector key for enrolled user", async () => {
+    const tokenResponse = identityTokenResponseFactory();
+    tokenResponse.keyConnectorUrl = keyConnectorUrl;
+
+    apiService.postIdentityToken(Arg.any()).resolves(tokenResponse);
+
+    await ssoLogInStrategy.logIn(credentials);
+
+    keyConnectorService.received(1).getAndSetKey(keyConnectorUrl);
+  });
+
+  it("converts new SSO user to Key Connector on first login", async () => {
+    const tokenResponse = identityTokenResponseFactory();
+    tokenResponse.keyConnectorUrl = keyConnectorUrl;
+    tokenResponse.key = null;
+
+    apiService.postIdentityToken(Arg.any()).resolves(tokenResponse);
+
+    await ssoLogInStrategy.logIn(credentials);
+
+    keyConnectorService.received(1).convertNewSsoUserToKeyConnector(tokenResponse, ssoOrgId);
+  });
+});

jslib/common/src/abstractions/api.service.ts

@@ -1,14 +1,679 @@
+import { PolicyType } from "../enums/policyType";
+import { SetKeyConnectorKeyRequest } from "../models/request/account/setKeyConnectorKeyRequest";
+import { VerifyOTPRequest } from "../models/request/account/verifyOTPRequest";
+import { AttachmentRequest } from "../models/request/attachmentRequest";
+import { BitPayInvoiceRequest } from "../models/request/bitPayInvoiceRequest";
+import { CipherBulkDeleteRequest } from "../models/request/cipherBulkDeleteRequest";
+import { CipherBulkMoveRequest } from "../models/request/cipherBulkMoveRequest";
+import { CipherBulkRestoreRequest } from "../models/request/cipherBulkRestoreRequest";
+import { CipherBulkShareRequest } from "../models/request/cipherBulkShareRequest";
+import { CipherCollectionsRequest } from "../models/request/cipherCollectionsRequest";
+import { CipherCreateRequest } from "../models/request/cipherCreateRequest";
+import { CipherRequest } from "../models/request/cipherRequest";
+import { CipherShareRequest } from "../models/request/cipherShareRequest";
+import { CollectionRequest } from "../models/request/collectionRequest";
+import { DeleteRecoverRequest } from "../models/request/deleteRecoverRequest";
+import { EmailRequest } from "../models/request/emailRequest";
+import { EmailTokenRequest } from "../models/request/emailTokenRequest";
+import { EmergencyAccessAcceptRequest } from "../models/request/emergencyAccessAcceptRequest";
+import { EmergencyAccessConfirmRequest } from "../models/request/emergencyAccessConfirmRequest";
+import { EmergencyAccessInviteRequest } from "../models/request/emergencyAccessInviteRequest";
+import { EmergencyAccessPasswordRequest } from "../models/request/emergencyAccessPasswordRequest";
+import { EmergencyAccessUpdateRequest } from "../models/request/emergencyAccessUpdateRequest";
+import { EventRequest } from "../models/request/eventRequest";
+import { FolderRequest } from "../models/request/folderRequest";
+import { GroupRequest } from "../models/request/groupRequest";
+import { IapCheckRequest } from "../models/request/iapCheckRequest";
 import { ApiTokenRequest } from "../models/request/identityToken/apiTokenRequest";
 import { PasswordTokenRequest } from "../models/request/identityToken/passwordTokenRequest";
 import { SsoTokenRequest } from "../models/request/identityToken/ssoTokenRequest";
+import { ImportCiphersRequest } from "../models/request/importCiphersRequest";
+import { ImportDirectoryRequest } from "../models/request/importDirectoryRequest";
+import { ImportOrganizationCiphersRequest } from "../models/request/importOrganizationCiphersRequest";
+import { KdfRequest } from "../models/request/kdfRequest";
+import { KeyConnectorUserKeyRequest } from "../models/request/keyConnectorUserKeyRequest";
+import { KeysRequest } from "../models/request/keysRequest";
+import { OrganizationSponsorshipCreateRequest } from "../models/request/organization/organizationSponsorshipCreateRequest";
+import { OrganizationSponsorshipRedeemRequest } from "../models/request/organization/organizationSponsorshipRedeemRequest";
+import { OrganizationSsoRequest } from "../models/request/organization/organizationSsoRequest";
+import { OrganizationCreateRequest } from "../models/request/organizationCreateRequest";
 import { OrganizationImportRequest } from "../models/request/organizationImportRequest";
+import { OrganizationKeysRequest } from "../models/request/organizationKeysRequest";
+import { OrganizationSubscriptionUpdateRequest } from "../models/request/organizationSubscriptionUpdateRequest";
+import { OrganizationTaxInfoUpdateRequest } from "../models/request/organizationTaxInfoUpdateRequest";
+import { OrganizationUpdateRequest } from "../models/request/organizationUpdateRequest";
+import { OrganizationUpgradeRequest } from "../models/request/organizationUpgradeRequest";
+import { OrganizationUserAcceptRequest } from "../models/request/organizationUserAcceptRequest";
+import { OrganizationUserBulkConfirmRequest } from "../models/request/organizationUserBulkConfirmRequest";
+import { OrganizationUserBulkRequest } from "../models/request/organizationUserBulkRequest";
+import { OrganizationUserConfirmRequest } from "../models/request/organizationUserConfirmRequest";
+import { OrganizationUserInviteRequest } from "../models/request/organizationUserInviteRequest";
+import { OrganizationUserResetPasswordEnrollmentRequest } from "../models/request/organizationUserResetPasswordEnrollmentRequest";
+import { OrganizationUserResetPasswordRequest } from "../models/request/organizationUserResetPasswordRequest";
+import { OrganizationUserUpdateGroupsRequest } from "../models/request/organizationUserUpdateGroupsRequest";
+import { OrganizationUserUpdateRequest } from "../models/request/organizationUserUpdateRequest";
+import { PasswordHintRequest } from "../models/request/passwordHintRequest";
+import { PasswordRequest } from "../models/request/passwordRequest";
+import { PaymentRequest } from "../models/request/paymentRequest";
+import { PolicyRequest } from "../models/request/policyRequest";
+import { PreloginRequest } from "../models/request/preloginRequest";
+import { ProviderAddOrganizationRequest } from "../models/request/provider/providerAddOrganizationRequest";
+import { ProviderOrganizationCreateRequest } from "../models/request/provider/providerOrganizationCreateRequest";
+import { ProviderSetupRequest } from "../models/request/provider/providerSetupRequest";
+import { ProviderUpdateRequest } from "../models/request/provider/providerUpdateRequest";
+import { ProviderUserAcceptRequest } from "../models/request/provider/providerUserAcceptRequest";
+import { ProviderUserBulkConfirmRequest } from "../models/request/provider/providerUserBulkConfirmRequest";
+import { ProviderUserBulkRequest } from "../models/request/provider/providerUserBulkRequest";
+import { ProviderUserConfirmRequest } from "../models/request/provider/providerUserConfirmRequest";
+import { ProviderUserInviteRequest } from "../models/request/provider/providerUserInviteRequest";
+import { ProviderUserUpdateRequest } from "../models/request/provider/providerUserUpdateRequest";
+import { RegisterRequest } from "../models/request/registerRequest";
+import { SeatRequest } from "../models/request/seatRequest";
+import { SecretVerificationRequest } from "../models/request/secretVerificationRequest";
+import { SelectionReadOnlyRequest } from "../models/request/selectionReadOnlyRequest";
+import { SendAccessRequest } from "../models/request/sendAccessRequest";
+import { SendRequest } from "../models/request/sendRequest";
+import { SetPasswordRequest } from "../models/request/setPasswordRequest";
+import { StorageRequest } from "../models/request/storageRequest";
+import { TaxInfoUpdateRequest } from "../models/request/taxInfoUpdateRequest";
+import { TwoFactorEmailRequest } from "../models/request/twoFactorEmailRequest";
+import { TwoFactorProviderRequest } from "../models/request/twoFactorProviderRequest";
+import { TwoFactorRecoveryRequest } from "../models/request/twoFactorRecoveryRequest";
+import { UpdateDomainsRequest } from "../models/request/updateDomainsRequest";
+import { UpdateKeyRequest } from "../models/request/updateKeyRequest";
+import { UpdateProfileRequest } from "../models/request/updateProfileRequest";
+import { UpdateTempPasswordRequest } from "../models/request/updateTempPasswordRequest";
+import { UpdateTwoFactorAuthenticatorRequest } from "../models/request/updateTwoFactorAuthenticatorRequest";
+import { UpdateTwoFactorDuoRequest } from "../models/request/updateTwoFactorDuoRequest";
+import { UpdateTwoFactorEmailRequest } from "../models/request/updateTwoFactorEmailRequest";
+import { UpdateTwoFactorWebAuthnDeleteRequest } from "../models/request/updateTwoFactorWebAuthnDeleteRequest";
+import { UpdateTwoFactorWebAuthnRequest } from "../models/request/updateTwoFactorWebAuthnRequest";
+import { UpdateTwoFactorYubioOtpRequest } from "../models/request/updateTwoFactorYubioOtpRequest";
+import { VerifyBankRequest } from "../models/request/verifyBankRequest";
+import { VerifyDeleteRecoverRequest } from "../models/request/verifyDeleteRecoverRequest";
+import { VerifyEmailRequest } from "../models/request/verifyEmailRequest";
+import { ApiKeyResponse } from "../models/response/apiKeyResponse";
+import { AttachmentResponse } from "../models/response/attachmentResponse";
+import { AttachmentUploadDataResponse } from "../models/response/attachmentUploadDataResponse";
+import { BillingResponse } from "../models/response/billingResponse";
+import { BreachAccountResponse } from "../models/response/breachAccountResponse";
+import { CipherResponse } from "../models/response/cipherResponse";
+import {
+  CollectionGroupDetailsResponse,
+  CollectionResponse,
+} from "../models/response/collectionResponse";
+import { DomainsResponse } from "../models/response/domainsResponse";
+import {
+  EmergencyAccessGranteeDetailsResponse,
+  EmergencyAccessGrantorDetailsResponse,
+  EmergencyAccessTakeoverResponse,
+  EmergencyAccessViewResponse,
+} from "../models/response/emergencyAccessResponse";
+import { EventResponse } from "../models/response/eventResponse";
+import { FolderResponse } from "../models/response/folderResponse";
+import { GroupDetailsResponse, GroupResponse } from "../models/response/groupResponse";
 import { IdentityCaptchaResponse } from "../models/response/identityCaptchaResponse";
 import { IdentityTokenResponse } from "../models/response/identityTokenResponse";
 import { IdentityTwoFactorResponse } from "../models/response/identityTwoFactorResponse";
+import { KeyConnectorUserKeyResponse } from "../models/response/keyConnectorUserKeyResponse";
+import { ListResponse } from "../models/response/listResponse";
+import { OrganizationSsoResponse } from "../models/response/organization/organizationSsoResponse";
+import { OrganizationAutoEnrollStatusResponse } from "../models/response/organizationAutoEnrollStatusResponse";
+import { OrganizationKeysResponse } from "../models/response/organizationKeysResponse";
+import { OrganizationResponse } from "../models/response/organizationResponse";
+import { OrganizationSubscriptionResponse } from "../models/response/organizationSubscriptionResponse";
+import { OrganizationUserBulkPublicKeyResponse } from "../models/response/organizationUserBulkPublicKeyResponse";
+import { OrganizationUserBulkResponse } from "../models/response/organizationUserBulkResponse";
+import {
+  OrganizationUserDetailsResponse,
+  OrganizationUserResetPasswordDetailsReponse,
+  OrganizationUserUserDetailsResponse,
+} from "../models/response/organizationUserResponse";
+import { PaymentResponse } from "../models/response/paymentResponse";
+import { PlanResponse } from "../models/response/planResponse";
+import { PolicyResponse } from "../models/response/policyResponse";
+import { PreloginResponse } from "../models/response/preloginResponse";
+import { ProfileResponse } from "../models/response/profileResponse";
+import {
+  ProviderOrganizationOrganizationDetailsResponse,
+  ProviderOrganizationResponse,
+} from "../models/response/provider/providerOrganizationResponse";
+import { ProviderResponse } from "../models/response/provider/providerResponse";
+import { ProviderUserBulkPublicKeyResponse } from "../models/response/provider/providerUserBulkPublicKeyResponse";
+import { ProviderUserBulkResponse } from "../models/response/provider/providerUserBulkResponse";
+import {
+  ProviderUserResponse,
+  ProviderUserUserDetailsResponse,
+} from "../models/response/provider/providerUserResponse";
+import { SelectionReadOnlyResponse } from "../models/response/selectionReadOnlyResponse";
+import { SendAccessResponse } from "../models/response/sendAccessResponse";
+import { SendFileDownloadDataResponse } from "../models/response/sendFileDownloadDataResponse";
+import { SendFileUploadDataResponse } from "../models/response/sendFileUploadDataResponse";
+import { SendResponse } from "../models/response/sendResponse";
+import { SubscriptionResponse } from "../models/response/subscriptionResponse";
+import { SyncResponse } from "../models/response/syncResponse";
+import { TaxInfoResponse } from "../models/response/taxInfoResponse";
+import { TaxRateResponse } from "../models/response/taxRateResponse";
+import { TwoFactorAuthenticatorResponse } from "../models/response/twoFactorAuthenticatorResponse";
+import { TwoFactorDuoResponse } from "../models/response/twoFactorDuoResponse";
+import { TwoFactorEmailResponse } from "../models/response/twoFactorEmailResponse";
+import { TwoFactorProviderResponse } from "../models/response/twoFactorProviderResponse";
+import { TwoFactorRecoverResponse } from "../models/response/twoFactorRescoverResponse";
+import {
+  ChallengeResponse,
+  TwoFactorWebAuthnResponse,
+} from "../models/response/twoFactorWebAuthnResponse";
+import { TwoFactorYubiKeyResponse } from "../models/response/twoFactorYubiKeyResponse";
+import { UserKeyResponse } from "../models/response/userKeyResponse";
+import { SendAccessView } from "../models/view/sendAccessView";
 
 export abstract class ApiService {
   postIdentityToken: (
     request: PasswordTokenRequest | SsoTokenRequest | ApiTokenRequest,
   ) => Promise<IdentityTokenResponse | IdentityTwoFactorResponse | IdentityCaptchaResponse>;
+  refreshIdentityToken: () => Promise<any>;
+
+  getProfile: () => Promise<ProfileResponse>;
+  getUserBilling: () => Promise<BillingResponse>;
+  getUserSubscription: () => Promise<SubscriptionResponse>;
+  getTaxInfo: () => Promise<TaxInfoResponse>;
+  putProfile: (request: UpdateProfileRequest) => Promise<ProfileResponse>;
+  putTaxInfo: (request: TaxInfoUpdateRequest) => Promise<any>;
+  postPrelogin: (request: PreloginRequest) => Promise<PreloginResponse>;
+  postEmailToken: (request: EmailTokenRequest) => Promise<any>;
+  postEmail: (request: EmailRequest) => Promise<any>;
+  postPassword: (request: PasswordRequest) => Promise<any>;
+  setPassword: (request: SetPasswordRequest) => Promise<any>;
+  postSetKeyConnectorKey: (request: SetKeyConnectorKeyRequest) => Promise<any>;
+  postSecurityStamp: (request: SecretVerificationRequest) => Promise<any>;
+  deleteAccount: (request: SecretVerificationRequest) => Promise<any>;
+  getAccountRevisionDate: () => Promise<number>;
+  postPasswordHint: (request: PasswordHintRequest) => Promise<any>;
+  postRegister: (request: RegisterRequest) => Promise<any>;
+  postPremium: (data: FormData) => Promise<PaymentResponse>;
+  postIapCheck: (request: IapCheckRequest) => Promise<any>;
+  postReinstatePremium: () => Promise<any>;
+  postCancelPremium: () => Promise<any>;
+  postAccountStorage: (request: StorageRequest) => Promise<PaymentResponse>;
+  postAccountPayment: (request: PaymentRequest) => Promise<any>;
+  postAccountLicense: (data: FormData) => Promise<any>;
+  postAccountKey: (request: UpdateKeyRequest) => Promise<any>;
+  postAccountKeys: (request: KeysRequest) => Promise<any>;
+  postAccountVerifyEmail: () => Promise<any>;
+  postAccountVerifyEmailToken: (request: VerifyEmailRequest) => Promise<any>;
+  postAccountVerifyPassword: (request: SecretVerificationRequest) => Promise<any>;
+  postAccountRecoverDelete: (request: DeleteRecoverRequest) => Promise<any>;
+  postAccountRecoverDeleteToken: (request: VerifyDeleteRecoverRequest) => Promise<any>;
+  postAccountKdf: (request: KdfRequest) => Promise<any>;
+  postUserApiKey: (id: string, request: SecretVerificationRequest) => Promise<ApiKeyResponse>;
+  postUserRotateApiKey: (id: string, request: SecretVerificationRequest) => Promise<ApiKeyResponse>;
+  putUpdateTempPassword: (request: UpdateTempPasswordRequest) => Promise<any>;
+  postAccountRequestOTP: () => Promise<void>;
+  postAccountVerifyOTP: (request: VerifyOTPRequest) => Promise<void>;
+  postConvertToKeyConnector: () => Promise<void>;
+
+  getFolder: (id: string) => Promise<FolderResponse>;
+  postFolder: (request: FolderRequest) => Promise<FolderResponse>;
+  putFolder: (id: string, request: FolderRequest) => Promise<FolderResponse>;
+  deleteFolder: (id: string) => Promise<any>;
+
+  getSend: (id: string) => Promise<SendResponse>;
+  postSendAccess: (
+    id: string,
+    request: SendAccessRequest,
+    apiUrl?: string,
+  ) => Promise<SendAccessResponse>;
+  getSends: () => Promise<ListResponse<SendResponse>>;
+  postSend: (request: SendRequest) => Promise<SendResponse>;
+  postFileTypeSend: (request: SendRequest) => Promise<SendFileUploadDataResponse>;
+  postSendFile: (sendId: string, fileId: string, data: FormData) => Promise<any>;
+  /**
+   * @deprecated Mar 25 2021: This method has been deprecated in favor of direct uploads.
+   * This method still exists for backward compatibility with old server versions.
+   */
+  postSendFileLegacy: (data: FormData) => Promise<SendResponse>;
+  putSend: (id: string, request: SendRequest) => Promise<SendResponse>;
+  putSendRemovePassword: (id: string) => Promise<SendResponse>;
+  deleteSend: (id: string) => Promise<any>;
+  getSendFileDownloadData: (
+    send: SendAccessView,
+    request: SendAccessRequest,
+    apiUrl?: string,
+  ) => Promise<SendFileDownloadDataResponse>;
+  renewSendFileUploadUrl: (sendId: string, fileId: string) => Promise<SendFileUploadDataResponse>;
+
+  getCipher: (id: string) => Promise<CipherResponse>;
+  getCipherAdmin: (id: string) => Promise<CipherResponse>;
+  getAttachmentData: (
+    cipherId: string,
+    attachmentId: string,
+    emergencyAccessId?: string,
+  ) => Promise<AttachmentResponse>;
+  getCiphersOrganization: (organizationId: string) => Promise<ListResponse<CipherResponse>>;
+  postCipher: (request: CipherRequest) => Promise<CipherResponse>;
+  postCipherCreate: (request: CipherCreateRequest) => Promise<CipherResponse>;
+  postCipherAdmin: (request: CipherCreateRequest) => Promise<CipherResponse>;
+  putCipher: (id: string, request: CipherRequest) => Promise<CipherResponse>;
+  putCipherAdmin: (id: string, request: CipherRequest) => Promise<CipherResponse>;
+  deleteCipher: (id: string) => Promise<any>;
+  deleteCipherAdmin: (id: string) => Promise<any>;
+  deleteManyCiphers: (request: CipherBulkDeleteRequest) => Promise<any>;
+  deleteManyCiphersAdmin: (request: CipherBulkDeleteRequest) => Promise<any>;
+  putMoveCiphers: (request: CipherBulkMoveRequest) => Promise<any>;
+  putShareCipher: (id: string, request: CipherShareRequest) => Promise<CipherResponse>;
+  putShareCiphers: (request: CipherBulkShareRequest) => Promise<any>;
+  putCipherCollections: (id: string, request: CipherCollectionsRequest) => Promise<any>;
+  putCipherCollectionsAdmin: (id: string, request: CipherCollectionsRequest) => Promise<any>;
+  postPurgeCiphers: (request: SecretVerificationRequest, organizationId?: string) => Promise<any>;
+  postImportCiphers: (request: ImportCiphersRequest) => Promise<any>;
+  postImportOrganizationCiphers: (
+    organizationId: string,
+    request: ImportOrganizationCiphersRequest,
+  ) => Promise<any>;
+  putDeleteCipher: (id: string) => Promise<any>;
+  putDeleteCipherAdmin: (id: string) => Promise<any>;
+  putDeleteManyCiphers: (request: CipherBulkDeleteRequest) => Promise<any>;
+  putDeleteManyCiphersAdmin: (request: CipherBulkDeleteRequest) => Promise<any>;
+  putRestoreCipher: (id: string) => Promise<CipherResponse>;
+  putRestoreCipherAdmin: (id: string) => Promise<CipherResponse>;
+  putRestoreManyCiphers: (
+    request: CipherBulkRestoreRequest,
+  ) => Promise<ListResponse<CipherResponse>>;
+
+  /**
+   * @deprecated Mar 25 2021: This method has been deprecated in favor of direct uploads.
+   * This method still exists for backward compatibility with old server versions.
+   */
+  postCipherAttachmentLegacy: (id: string, data: FormData) => Promise<CipherResponse>;
+  /**
+   * @deprecated Mar 25 2021: This method has been deprecated in favor of direct uploads.
+   * This method still exists for backward compatibility with old server versions.
+   */
+  postCipherAttachmentAdminLegacy: (id: string, data: FormData) => Promise<CipherResponse>;
+  postCipherAttachment: (
+    id: string,
+    request: AttachmentRequest,
+  ) => Promise<AttachmentUploadDataResponse>;
+  deleteCipherAttachment: (id: string, attachmentId: string) => Promise<any>;
+  deleteCipherAttachmentAdmin: (id: string, attachmentId: string) => Promise<any>;
+  postShareCipherAttachment: (
+    id: string,
+    attachmentId: string,
+    data: FormData,
+    organizationId: string,
+  ) => Promise<any>;
+  renewAttachmentUploadUrl: (
+    id: string,
+    attachmentId: string,
+  ) => Promise<AttachmentUploadDataResponse>;
+  postAttachmentFile: (id: string, attachmentId: string, data: FormData) => Promise<any>;
+
+  getCollectionDetails: (
+    organizationId: string,
+    id: string,
+  ) => Promise<CollectionGroupDetailsResponse>;
+  getUserCollections: () => Promise<ListResponse<CollectionResponse>>;
+  getCollections: (organizationId: string) => Promise<ListResponse<CollectionResponse>>;
+  getCollectionUsers: (organizationId: string, id: string) => Promise<SelectionReadOnlyResponse[]>;
+  postCollection: (
+    organizationId: string,
+    request: CollectionRequest,
+  ) => Promise<CollectionResponse>;
+  putCollectionUsers: (
+    organizationId: string,
+    id: string,
+    request: SelectionReadOnlyRequest[],
+  ) => Promise<any>;
+  putCollection: (
+    organizationId: string,
+    id: string,
+    request: CollectionRequest,
+  ) => Promise<CollectionResponse>;
+  deleteCollection: (organizationId: string, id: string) => Promise<any>;
+  deleteCollectionUser: (
+    organizationId: string,
+    id: string,
+    organizationUserId: string,
+  ) => Promise<any>;
+
+  getGroupDetails: (organizationId: string, id: string) => Promise<GroupDetailsResponse>;
+  getGroups: (organizationId: string) => Promise<ListResponse<GroupResponse>>;
+  getGroupUsers: (organizationId: string, id: string) => Promise<string[]>;
+  postGroup: (organizationId: string, request: GroupRequest) => Promise<GroupResponse>;
+  putGroup: (organizationId: string, id: string, request: GroupRequest) => Promise<GroupResponse>;
+  putGroupUsers: (organizationId: string, id: string, request: string[]) => Promise<any>;
+  deleteGroup: (organizationId: string, id: string) => Promise<any>;
+  deleteGroupUser: (organizationId: string, id: string, organizationUserId: string) => Promise<any>;
+
+  getPolicy: (organizationId: string, type: PolicyType) => Promise<PolicyResponse>;
+  getPolicies: (organizationId: string) => Promise<ListResponse<PolicyResponse>>;
+  getPoliciesByToken: (
+    organizationId: string,
+    token: string,
+    email: string,
+    organizationUserId: string,
+  ) => Promise<ListResponse<PolicyResponse>>;
+  getPoliciesByInvitedUser: (
+    organizationId: string,
+    userId: string,
+  ) => Promise<ListResponse<PolicyResponse>>;
+  putPolicy: (
+    organizationId: string,
+    type: PolicyType,
+    request: PolicyRequest,
+  ) => Promise<PolicyResponse>;
+
+  getOrganizationUser: (
+    organizationId: string,
+    id: string,
+  ) => Promise<OrganizationUserDetailsResponse>;
+  getOrganizationUserGroups: (organizationId: string, id: string) => Promise<string[]>;
+  getOrganizationUsers: (
+    organizationId: string,
+  ) => Promise<ListResponse<OrganizationUserUserDetailsResponse>>;
+  getOrganizationUserResetPasswordDetails: (
+    organizationId: string,
+    id: string,
+  ) => Promise<OrganizationUserResetPasswordDetailsReponse>;
+  postOrganizationUserInvite: (
+    organizationId: string,
+    request: OrganizationUserInviteRequest,
+  ) => Promise<any>;
+  postOrganizationUserReinvite: (organizationId: string, id: string) => Promise<any>;
+  postManyOrganizationUserReinvite: (
+    organizationId: string,
+    request: OrganizationUserBulkRequest,
+  ) => Promise<ListResponse<OrganizationUserBulkResponse>>;
+  postOrganizationUserAccept: (
+    organizationId: string,
+    id: string,
+    request: OrganizationUserAcceptRequest,
+  ) => Promise<any>;
+  postOrganizationUserConfirm: (
+    organizationId: string,
+    id: string,
+    request: OrganizationUserConfirmRequest,
+  ) => Promise<any>;
+  postOrganizationUsersPublicKey: (
+    organizationId: string,
+    request: OrganizationUserBulkRequest,
+  ) => Promise<ListResponse<OrganizationUserBulkPublicKeyResponse>>;
+  postOrganizationUserBulkConfirm: (
+    organizationId: string,
+    request: OrganizationUserBulkConfirmRequest,
+  ) => Promise<ListResponse<OrganizationUserBulkResponse>>;
+
+  putOrganizationUser: (
+    organizationId: string,
+    id: string,
+    request: OrganizationUserUpdateRequest,
+  ) => Promise<any>;
+  putOrganizationUserGroups: (
+    organizationId: string,
+    id: string,
+    request: OrganizationUserUpdateGroupsRequest,
+  ) => Promise<any>;
+  putOrganizationUserResetPasswordEnrollment: (
+    organizationId: string,
+    userId: string,
+    request: OrganizationUserResetPasswordEnrollmentRequest,
+  ) => Promise<any>;
+  putOrganizationUserResetPassword: (
+    organizationId: string,
+    id: string,
+    request: OrganizationUserResetPasswordRequest,
+  ) => Promise<any>;
+  deleteOrganizationUser: (organizationId: string, id: string) => Promise<any>;
+  deleteManyOrganizationUsers: (
+    organizationId: string,
+    request: OrganizationUserBulkRequest,
+  ) => Promise<ListResponse<OrganizationUserBulkResponse>>;
+
+  getSync: () => Promise<SyncResponse>;
+  postImportDirectory: (organizationId: string, request: ImportDirectoryRequest) => Promise<any>;
   postPublicImportDirectory: (request: OrganizationImportRequest) => Promise<any>;
+
+  getSettingsDomains: () => Promise<DomainsResponse>;
+  putSettingsDomains: (request: UpdateDomainsRequest) => Promise<DomainsResponse>;
+
+  getTwoFactorProviders: () => Promise<ListResponse<TwoFactorProviderResponse>>;
+  getTwoFactorOrganizationProviders: (
+    organizationId: string,
+  ) => Promise<ListResponse<TwoFactorProviderResponse>>;
+  getTwoFactorAuthenticator: (
+    request: SecretVerificationRequest,
+  ) => Promise<TwoFactorAuthenticatorResponse>;
+  getTwoFactorEmail: (request: SecretVerificationRequest) => Promise<TwoFactorEmailResponse>;
+  getTwoFactorDuo: (request: SecretVerificationRequest) => Promise<TwoFactorDuoResponse>;
+  getTwoFactorOrganizationDuo: (
+    organizationId: string,
+    request: SecretVerificationRequest,
+  ) => Promise<TwoFactorDuoResponse>;
+  getTwoFactorYubiKey: (request: SecretVerificationRequest) => Promise<TwoFactorYubiKeyResponse>;
+  getTwoFactorWebAuthn: (request: SecretVerificationRequest) => Promise<TwoFactorWebAuthnResponse>;
+  getTwoFactorWebAuthnChallenge: (request: SecretVerificationRequest) => Promise<ChallengeResponse>;
+  getTwoFactorRecover: (request: SecretVerificationRequest) => Promise<TwoFactorRecoverResponse>;
+  putTwoFactorAuthenticator: (
+    request: UpdateTwoFactorAuthenticatorRequest,
+  ) => Promise<TwoFactorAuthenticatorResponse>;
+  putTwoFactorEmail: (request: UpdateTwoFactorEmailRequest) => Promise<TwoFactorEmailResponse>;
+  putTwoFactorDuo: (request: UpdateTwoFactorDuoRequest) => Promise<TwoFactorDuoResponse>;
+  putTwoFactorOrganizationDuo: (
+    organizationId: string,
+    request: UpdateTwoFactorDuoRequest,
+  ) => Promise<TwoFactorDuoResponse>;
+  putTwoFactorYubiKey: (
+    request: UpdateTwoFactorYubioOtpRequest,
+  ) => Promise<TwoFactorYubiKeyResponse>;
+  putTwoFactorWebAuthn: (
+    request: UpdateTwoFactorWebAuthnRequest,
+  ) => Promise<TwoFactorWebAuthnResponse>;
+  deleteTwoFactorWebAuthn: (
+    request: UpdateTwoFactorWebAuthnDeleteRequest,
+  ) => Promise<TwoFactorWebAuthnResponse>;
+  putTwoFactorDisable: (request: TwoFactorProviderRequest) => Promise<TwoFactorProviderResponse>;
+  putTwoFactorOrganizationDisable: (
+    organizationId: string,
+    request: TwoFactorProviderRequest,
+  ) => Promise<TwoFactorProviderResponse>;
+  postTwoFactorRecover: (request: TwoFactorRecoveryRequest) => Promise<any>;
+  postTwoFactorEmailSetup: (request: TwoFactorEmailRequest) => Promise<any>;
+  postTwoFactorEmail: (request: TwoFactorEmailRequest) => Promise<any>;
+
+  getEmergencyAccessTrusted: () => Promise<ListResponse<EmergencyAccessGranteeDetailsResponse>>;
+  getEmergencyAccessGranted: () => Promise<ListResponse<EmergencyAccessGrantorDetailsResponse>>;
+  getEmergencyAccess: (id: string) => Promise<EmergencyAccessGranteeDetailsResponse>;
+  getEmergencyGrantorPolicies: (id: string) => Promise<ListResponse<PolicyResponse>>;
+  putEmergencyAccess: (id: string, request: EmergencyAccessUpdateRequest) => Promise<any>;
+  deleteEmergencyAccess: (id: string) => Promise<any>;
+  postEmergencyAccessInvite: (request: EmergencyAccessInviteRequest) => Promise<any>;
+  postEmergencyAccessReinvite: (id: string) => Promise<any>;
+  postEmergencyAccessAccept: (id: string, request: EmergencyAccessAcceptRequest) => Promise<any>;
+  postEmergencyAccessConfirm: (id: string, request: EmergencyAccessConfirmRequest) => Promise<any>;
+  postEmergencyAccessInitiate: (id: string) => Promise<any>;
+  postEmergencyAccessApprove: (id: string) => Promise<any>;
+  postEmergencyAccessReject: (id: string) => Promise<any>;
+  postEmergencyAccessTakeover: (id: string) => Promise<EmergencyAccessTakeoverResponse>;
+  postEmergencyAccessPassword: (
+    id: string,
+    request: EmergencyAccessPasswordRequest,
+  ) => Promise<any>;
+  postEmergencyAccessView: (id: string) => Promise<EmergencyAccessViewResponse>;
+
+  getOrganization: (id: string) => Promise<OrganizationResponse>;
+  getOrganizationBilling: (id: string) => Promise<BillingResponse>;
+  getOrganizationSubscription: (id: string) => Promise<OrganizationSubscriptionResponse>;
+  getOrganizationLicense: (id: string, installationId: string) => Promise<any>;
+  getOrganizationTaxInfo: (id: string) => Promise<TaxInfoResponse>;
+  getOrganizationAutoEnrollStatus: (
+    identifier: string,
+  ) => Promise<OrganizationAutoEnrollStatusResponse>;
+  getOrganizationSso: (id: string) => Promise<OrganizationSsoResponse>;
+  postOrganization: (request: OrganizationCreateRequest) => Promise<OrganizationResponse>;
+  putOrganization: (
+    id: string,
+    request: OrganizationUpdateRequest,
+  ) => Promise<OrganizationResponse>;
+  putOrganizationTaxInfo: (id: string, request: OrganizationTaxInfoUpdateRequest) => Promise<any>;
+  postLeaveOrganization: (id: string) => Promise<any>;
+  postOrganizationLicense: (data: FormData) => Promise<OrganizationResponse>;
+  postOrganizationLicenseUpdate: (id: string, data: FormData) => Promise<any>;
+  postOrganizationApiKey: (
+    id: string,
+    request: SecretVerificationRequest,
+  ) => Promise<ApiKeyResponse>;
+  postOrganizationRotateApiKey: (
+    id: string,
+    request: SecretVerificationRequest,
+  ) => Promise<ApiKeyResponse>;
+  postOrganizationSso: (
+    id: string,
+    request: OrganizationSsoRequest,
+  ) => Promise<OrganizationSsoResponse>;
+  postOrganizationUpgrade: (
+    id: string,
+    request: OrganizationUpgradeRequest,
+  ) => Promise<PaymentResponse>;
+  postOrganizationUpdateSubscription: (
+    id: string,
+    request: OrganizationSubscriptionUpdateRequest,
+  ) => Promise<void>;
+  postOrganizationSeat: (id: string, request: SeatRequest) => Promise<PaymentResponse>;
+  postOrganizationStorage: (id: string, request: StorageRequest) => Promise<any>;
+  postOrganizationPayment: (id: string, request: PaymentRequest) => Promise<any>;
+  postOrganizationVerifyBank: (id: string, request: VerifyBankRequest) => Promise<any>;
+  postOrganizationCancel: (id: string) => Promise<any>;
+  postOrganizationReinstate: (id: string) => Promise<any>;
+  deleteOrganization: (id: string, request: SecretVerificationRequest) => Promise<any>;
+  getPlans: () => Promise<ListResponse<PlanResponse>>;
+  getTaxRates: () => Promise<ListResponse<TaxRateResponse>>;
+  getOrganizationKeys: (id: string) => Promise<OrganizationKeysResponse>;
+  postOrganizationKeys: (
+    id: string,
+    request: OrganizationKeysRequest,
+  ) => Promise<OrganizationKeysResponse>;
+
+  postProviderSetup: (id: string, request: ProviderSetupRequest) => Promise<ProviderResponse>;
+  getProvider: (id: string) => Promise<ProviderResponse>;
+  putProvider: (id: string, request: ProviderUpdateRequest) => Promise<ProviderResponse>;
+
+  getProviderUsers: (providerId: string) => Promise<ListResponse<ProviderUserUserDetailsResponse>>;
+  getProviderUser: (providerId: string, id: string) => Promise<ProviderUserResponse>;
+  postProviderUserInvite: (providerId: string, request: ProviderUserInviteRequest) => Promise<any>;
+  postProviderUserReinvite: (providerId: string, id: string) => Promise<any>;
+  postManyProviderUserReinvite: (
+    providerId: string,
+    request: ProviderUserBulkRequest,
+  ) => Promise<ListResponse<ProviderUserBulkResponse>>;
+  postProviderUserAccept: (
+    providerId: string,
+    id: string,
+    request: ProviderUserAcceptRequest,
+  ) => Promise<any>;
+  postProviderUserConfirm: (
+    providerId: string,
+    id: string,
+    request: ProviderUserConfirmRequest,
+  ) => Promise<any>;
+  postProviderUsersPublicKey: (
+    providerId: string,
+    request: ProviderUserBulkRequest,
+  ) => Promise<ListResponse<ProviderUserBulkPublicKeyResponse>>;
+  postProviderUserBulkConfirm: (
+    providerId: string,
+    request: ProviderUserBulkConfirmRequest,
+  ) => Promise<ListResponse<ProviderUserBulkResponse>>;
+  putProviderUser: (
+    providerId: string,
+    id: string,
+    request: ProviderUserUpdateRequest,
+  ) => Promise<any>;
+  deleteProviderUser: (organizationId: string, id: string) => Promise<any>;
+  deleteManyProviderUsers: (
+    providerId: string,
+    request: ProviderUserBulkRequest,
+  ) => Promise<ListResponse<ProviderUserBulkResponse>>;
+  getProviderClients: (
+    providerId: string,
+  ) => Promise<ListResponse<ProviderOrganizationOrganizationDetailsResponse>>;
+  postProviderAddOrganization: (
+    providerId: string,
+    request: ProviderAddOrganizationRequest,
+  ) => Promise<any>;
+  postProviderCreateOrganization: (
+    providerId: string,
+    request: ProviderOrganizationCreateRequest,
+  ) => Promise<ProviderOrganizationResponse>;
+  deleteProviderOrganization: (providerId: string, organizationId: string) => Promise<any>;
+
+  getEvents: (start: string, end: string, token: string) => Promise<ListResponse<EventResponse>>;
+  getEventsCipher: (
+    id: string,
+    start: string,
+    end: string,
+    token: string,
+  ) => Promise<ListResponse<EventResponse>>;
+  getEventsOrganization: (
+    id: string,
+    start: string,
+    end: string,
+    token: string,
+  ) => Promise<ListResponse<EventResponse>>;
+  getEventsOrganizationUser: (
+    organizationId: string,
+    id: string,
+    start: string,
+    end: string,
+    token: string,
+  ) => Promise<ListResponse<EventResponse>>;
+  getEventsProvider: (
+    id: string,
+    start: string,
+    end: string,
+    token: string,
+  ) => Promise<ListResponse<EventResponse>>;
+  getEventsProviderUser: (
+    providerId: string,
+    id: string,
+    start: string,
+    end: string,
+    token: string,
+  ) => Promise<ListResponse<EventResponse>>;
+  postEventsCollect: (request: EventRequest[]) => Promise<any>;
+
+  deleteSsoUser: (organizationId: string) => Promise<any>;
+  getSsoUserIdentifier: () => Promise<string>;
+
+  getUserPublicKey: (id: string) => Promise<UserKeyResponse>;
+
+  getHibpBreach: (username: string) => Promise<BreachAccountResponse[]>;
+
+  postBitPayInvoice: (request: BitPayInvoiceRequest) => Promise<string>;
+  postSetupPayment: () => Promise<string>;
+
+  getActiveBearerToken: () => Promise<string>;
+  fetch: (request: Request) => Promise<Response>;
+  nativeFetch: (request: Request) => Promise<Response>;
+
+  preValidateSso: (identifier: string) => Promise<boolean>;
+
+  postCreateSponsorship: (
+    sponsorshipOrgId: string,
+    request: OrganizationSponsorshipCreateRequest,
+  ) => Promise<void>;
+  deleteRevokeSponsorship: (sponsoringOrganizationId: string) => Promise<void>;
+  deleteRemoveSponsorship: (sponsoringOrgId: string) => Promise<void>;
+  postPreValidateSponsorshipToken: (sponsorshipToken: string) => Promise<boolean>;
+  postRedeemSponsorship: (
+    sponsorshipToken: string,
+    request: OrganizationSponsorshipRedeemRequest,
+  ) => Promise<void>;
+  postResendSponsorshipOffer: (sponsoringOrgId: string) => Promise<void>;
+
+  getUserKeyFromKeyConnector: (keyConnectorUrl: string) => Promise<KeyConnectorUserKeyResponse>;
+  postUserKeyToKeyConnector: (
+    keyConnectorUrl: string,
+    request: KeyConnectorUserKeyRequest,
+  ) => Promise<void>;
+  getKeyConnectorAlive: (keyConnectorUrl: string) => Promise<void>;
 }

jslib/common/src/abstractions/auth.service.ts

@@ -0,0 +1,25 @@
+import { AuthResult } from "../models/domain/authResult";
+import {
+  ApiLogInCredentials,
+  PasswordLogInCredentials,
+  SsoLogInCredentials,
+} from "../models/domain/logInCredentials";
+import { SymmetricCryptoKey } from "../models/domain/symmetricCryptoKey";
+import { TokenRequestTwoFactor } from "../models/request/identityToken/tokenRequestTwoFactor";
+
+export abstract class AuthService {
+  masterPasswordHash: string;
+  email: string;
+  logIn: (
+    credentials: ApiLogInCredentials | PasswordLogInCredentials | SsoLogInCredentials,
+  ) => Promise<AuthResult>;
+  logInTwoFactor: (
+    twoFactor: TokenRequestTwoFactor,
+    captchaResponse: string,
+  ) => Promise<AuthResult>;
+  logOut: (callback: () => void) => void;
+  makePreloginKey: (masterPassword: string, email: string) => Promise<SymmetricCryptoKey>;
+  authingWithApiKey: () => boolean;
+  authingWithSso: () => boolean;
+  authingWithPassword: () => boolean;
+}

jslib/common/src/abstractions/event.service.ts

@@ -0,0 +1,7 @@
+import { EventType } from "../enums/eventType";
+
+export abstract class EventService {
+  collect: (eventType: EventType, cipherId?: string, uploadImmediately?: boolean) => Promise<any>;
+  uploadEvents: (userId?: string) => Promise<any>;
+  clearEvents: (userId?: string) => Promise<any>;
+}

jslib/common/src/abstractions/keyConnector.service.ts

@@ -0,0 +1,19 @@
+import { Organization } from "../models/domain/organization";
+import { IdentityTokenResponse } from "../models/response/identityTokenResponse";
+
+export abstract class KeyConnectorService {
+  getAndSetKey: (url?: string) => Promise<void>;
+  getManagingOrganization: () => Promise<Organization>;
+  getUsesKeyConnector: () => Promise<boolean>;
+  migrateUser: () => Promise<void>;
+  userNeedsMigration: () => Promise<boolean>;
+  convertNewSsoUserToKeyConnector: (
+    tokenResponse: IdentityTokenResponse,
+    orgId: string,
+  ) => Promise<void>;
+  setUsesKeyConnector: (enabled: boolean) => Promise<void>;
+  setConvertAccountRequired: (status: boolean) => Promise<void>;
+  getConvertAccountRequired: () => Promise<boolean>;
+  removeConvertAccountRequired: () => Promise<void>;
+  clear: () => Promise<void>;
+}

jslib/common/src/abstractions/notifications.service.ts

@@ -0,0 +1,6 @@
+export abstract class NotificationsService {
+  init: () => Promise<void>;
+  updateConnection: (sync?: boolean) => Promise<void>;
+  reconnectFromActivity: () => Promise<void>;
+  disconnectFromInactivity: () => Promise<void>;
+}

jslib/common/src/abstractions/organization.service.ts

@@ -0,0 +1,11 @@
+import { OrganizationData } from "../models/data/organizationData";
+import { Organization } from "../models/domain/organization";
+
+export abstract class OrganizationService {
+  get: (id: string) => Promise<Organization>;
+  getByIdentifier: (identifier: string) => Promise<Organization>;
+  getAll: (userId?: string) => Promise<Organization[]>;
+  save: (orgs: { [id: string]: OrganizationData }) => Promise<any>;
+  canManageSponsorships: () => Promise<boolean>;
+  hasOrganizations: (userId?: string) => Promise<boolean>;
+}

jslib/common/src/abstractions/passwordGeneration.service.ts

@@ -0,0 +1,19 @@
+import * as zxcvbn from "zxcvbn";
+
+import { GeneratedPasswordHistory } from "../models/domain/generatedPasswordHistory";
+import { PasswordGeneratorPolicyOptions } from "../models/domain/passwordGeneratorPolicyOptions";
+
+export abstract class PasswordGenerationService {
+  generatePassword: (options: any) => Promise<string>;
+  generatePassphrase: (options: any) => Promise<string>;
+  getOptions: () => Promise<[any, PasswordGeneratorPolicyOptions]>;
+  enforcePasswordGeneratorPoliciesOnOptions: (
+    options: any,
+  ) => Promise<[any, PasswordGeneratorPolicyOptions]>;
+  saveOptions: (options: any) => Promise<any>;
+  getHistory: () => Promise<GeneratedPasswordHistory[]>;
+  addHistory: (password: string) => Promise<any>;
+  clear: (userId?: string) => Promise<any>;
+  passwordStrength: (password: string, userInputs?: string[]) => zxcvbn.ZXCVBNResult;
+  normalizeOptions: (options: any, enforcedPolicyOptions: PasswordGeneratorPolicyOptions) => void;
+}

jslib/common/src/abstractions/passwordReprompt.service.ts

@@ -0,0 +1,5 @@
+export abstract class PasswordRepromptService {
+  protectedFields: () => string[];
+  showPasswordPrompt: () => Promise<boolean>;
+  enabled: () => Promise<boolean>;
+}

jslib/common/src/abstractions/search.service.ts

@@ -0,0 +1,16 @@
+import { CipherView } from "../models/view/cipherView";
+import { SendView } from "../models/view/sendView";
+
+export abstract class SearchService {
+  indexedEntityId?: string = null;
+  clearIndex: () => void;
+  isSearchable: (query: string) => boolean;
+  indexCiphers: (indexedEntityGuid?: string, ciphersToIndex?: CipherView[]) => Promise<void>;
+  searchCiphers: (
+    query: string,
+    filter?: ((cipher: CipherView) => boolean) | ((cipher: CipherView) => boolean)[],
+    ciphers?: CipherView[],
+  ) => Promise<CipherView[]>;
+  searchCiphersBasic: (ciphers: CipherView[], query: string, deleted?: boolean) => CipherView[];
+  searchSends: (sends: SendView[], query: string) => SendView[];
+}

jslib/common/src/abstractions/settings.service.ts

@@ -0,0 +1,6 @@
+export abstract class SettingsService {
+  clearCache: () => Promise<void>;
+  getEquivalentDomains: () => Promise<any>;
+  setEquivalentDomains: (equivalentDomains: string[][]) => Promise<any>;
+  clear: (userId?: string) => Promise<void>;
+}

jslib/common/src/abstractions/sync.service.ts

@@ -0,0 +1,10 @@
+import {
+} from "../models/response/notificationResponse";
+
+export abstract class SyncService {
+  syncInProgress: boolean;
+
+  getLastSync: () => Promise<Date>;
+  setLastSync: (date: Date, userId?: string) => Promise<any>;
+  fullSync: (forceSync: boolean, allowThrowOnError?: boolean) => Promise<boolean>;
+}

jslib/common/src/abstractions/system.service.ts

@@ -0,0 +1,6 @@
+export abstract class SystemService {
+  startProcessReload: () => Promise<void>;
+  cancelProcessReload: () => void;
+  clearClipboard: (clipboardValue: string, timeoutMs?: number) => Promise<void>;
+  clearPendingClipboard: () => Promise<any>;
+}

jslib/common/src/abstractions/twoFactor.service.ts

@@ -0,0 +1,23 @@
+import { TwoFactorProviderType } from "../enums/twoFactorProviderType";
+import { IdentityTwoFactorResponse } from "../models/response/identityTwoFactorResponse";
+
+export interface TwoFactorProviderDetails {
+  type: TwoFactorProviderType;
+  name: string;
+  description: string;
+  priority: number;
+  sort: number;
+  premium: boolean;
+}
+
+export abstract class TwoFactorService {
+  init: () => void;
+  getSupportedProviders: (win: Window) => TwoFactorProviderDetails[];
+  getDefaultProvider: (webAuthnSupported: boolean) => TwoFactorProviderType;
+  setSelectedProvider: (type: TwoFactorProviderType) => void;
+  clearSelectedProvider: () => void;
+
+  setProviders: (response: IdentityTwoFactorResponse) => void;
+  clearProviders: () => void;
+  getProviders: () => Map<TwoFactorProviderType, { [key: string]: string }>;
+}

jslib/common/src/abstractions/userVerification.service.ts

@@ -0,0 +1,12 @@
+import { SecretVerificationRequest } from "../models/request/secretVerificationRequest";
+import { Verification } from "../types/verification";
+
+export abstract class UserVerificationService {
+  buildRequest: <T extends SecretVerificationRequest>(
+    verification: Verification,
+    requestClass?: new () => T,
+    alreadyHashed?: boolean,
+  ) => Promise<T>;
+  verifyUser: (verification: Verification) => Promise<boolean>;
+  requestOTP: () => Promise<void>;
+}

jslib/common/src/enums/authenticationType.ts

@@ -0,0 +1,5 @@
+export enum AuthenticationType {
+  Password = 0,
+  Sso = 1,
+  Api = 2,
+}

jslib/common/src/misc/logInStrategies/apiLogin.strategy.ts

@@ -0,0 +1,70 @@
+import { ApiService } from "../../abstractions/api.service";
+import { AppIdService } from "../../abstractions/appId.service";
+import { CryptoService } from "../../abstractions/crypto.service";
+import { EnvironmentService } from "../../abstractions/environment.service";
+import { KeyConnectorService } from "../../abstractions/keyConnector.service";
+import { LogService } from "../../abstractions/log.service";
+import { MessagingService } from "../../abstractions/messaging.service";
+import { PlatformUtilsService } from "../../abstractions/platformUtils.service";
+import { StateService } from "../../abstractions/state.service";
+import { TokenService } from "../../abstractions/token.service";
+import { TwoFactorService } from "../../abstractions/twoFactor.service";
+import { ApiLogInCredentials } from "../../models/domain/logInCredentials";
+import { ApiTokenRequest } from "../../models/request/identityToken/apiTokenRequest";
+import { IdentityTokenResponse } from "../../models/response/identityTokenResponse";
+
+import { LogInStrategy } from "./logIn.strategy";
+
+export class ApiLogInStrategy extends LogInStrategy {
+  tokenRequest: ApiTokenRequest;
+
+  constructor(
+    cryptoService: CryptoService,
+    apiService: ApiService,
+    tokenService: TokenService,
+    appIdService: AppIdService,
+    platformUtilsService: PlatformUtilsService,
+    messagingService: MessagingService,
+    logService: LogService,
+    stateService: StateService,
+    twoFactorService: TwoFactorService,
+    private environmentService: EnvironmentService,
+    private keyConnectorService: KeyConnectorService,
+  ) {
+    super(
+      cryptoService,
+      apiService,
+      tokenService,
+      appIdService,
+      platformUtilsService,
+      messagingService,
+      logService,
+      stateService,
+      twoFactorService,
+    );
+  }
+
+  async onSuccessfulLogin(tokenResponse: IdentityTokenResponse) {
+    if (tokenResponse.apiUseKeyConnector) {
+      const keyConnectorUrl = this.environmentService.getKeyConnectorUrl();
+      await this.keyConnectorService.getAndSetKey(keyConnectorUrl);
+    }
+  }
+
+  async logIn(credentials: ApiLogInCredentials) {
+    this.tokenRequest = new ApiTokenRequest(
+      credentials.clientId,
+      credentials.clientSecret,
+      await this.buildTwoFactor(),
+      await this.buildDeviceRequest(),
+    );
+
+    return this.startLogIn();
+  }
+
+  protected async saveAccountInformation(tokenResponse: IdentityTokenResponse) {
+    await super.saveAccountInformation(tokenResponse);
+    await this.stateService.setApiKeyClientId(this.tokenRequest.clientId);
+    await this.stateService.setApiKeyClientSecret(this.tokenRequest.clientSecret);
+  }
+}

jslib/common/src/misc/logInStrategies/logIn.strategy.ts

@@ -0,0 +1,170 @@
+import { ApiService } from "../../abstractions/api.service";
+import { AppIdService } from "../../abstractions/appId.service";
+import { CryptoService } from "../../abstractions/crypto.service";
+import { LogService } from "../../abstractions/log.service";
+import { MessagingService } from "../../abstractions/messaging.service";
+import { PlatformUtilsService } from "../../abstractions/platformUtils.service";
+import { StateService } from "../../abstractions/state.service";
+import { TokenService } from "../../abstractions/token.service";
+import { TwoFactorService } from "../../abstractions/twoFactor.service";
+import { TwoFactorProviderType } from "../../enums/twoFactorProviderType";
+import { Account, AccountProfile, AccountTokens } from "../../models/domain/account";
+import { AuthResult } from "../../models/domain/authResult";
+import {
+  ApiLogInCredentials,
+  PasswordLogInCredentials,
+  SsoLogInCredentials,
+} from "../../models/domain/logInCredentials";
+import { DeviceRequest } from "../../models/request/deviceRequest";
+import { ApiTokenRequest } from "../../models/request/identityToken/apiTokenRequest";
+import { PasswordTokenRequest } from "../../models/request/identityToken/passwordTokenRequest";
+import { SsoTokenRequest } from "../../models/request/identityToken/ssoTokenRequest";
+import { TokenRequestTwoFactor } from "../../models/request/identityToken/tokenRequestTwoFactor";
+import { KeysRequest } from "../../models/request/keysRequest";
+import { IdentityCaptchaResponse } from "../../models/response/identityCaptchaResponse";
+import { IdentityTokenResponse } from "../../models/response/identityTokenResponse";
+import { IdentityTwoFactorResponse } from "../../models/response/identityTwoFactorResponse";
+
+export abstract class LogInStrategy {
+  protected abstract tokenRequest: ApiTokenRequest | PasswordTokenRequest | SsoTokenRequest;
+  protected captchaBypassToken: string = null;
+
+  constructor(
+    protected cryptoService: CryptoService,
+    protected apiService: ApiService,
+    protected tokenService: TokenService,
+    protected appIdService: AppIdService,
+    protected platformUtilsService: PlatformUtilsService,
+    protected messagingService: MessagingService,
+    protected logService: LogService,
+    protected stateService: StateService,
+    protected twoFactorService: TwoFactorService,
+  ) {}
+
+  abstract logIn(
+    credentials: ApiLogInCredentials | PasswordLogInCredentials | SsoLogInCredentials,
+  ): Promise<AuthResult>;
+
+  async logInTwoFactor(
+    twoFactor: TokenRequestTwoFactor,
+    captchaResponse: string = null,
+  ): Promise<AuthResult> {
+    this.tokenRequest.setTwoFactor(twoFactor);
+    return this.startLogIn();
+  }
+
+  protected async startLogIn(): Promise<AuthResult> {
+    this.twoFactorService.clearSelectedProvider();
+
+    const response = await this.apiService.postIdentityToken(this.tokenRequest);
+
+    if (response instanceof IdentityTwoFactorResponse) {
+      return this.processTwoFactorResponse(response);
+    } else if (response instanceof IdentityCaptchaResponse) {
+      return this.processCaptchaResponse(response);
+    } else if (response instanceof IdentityTokenResponse) {
+      return this.processTokenResponse(response);
+    }
+
+    throw new Error("Invalid response object.");
+  }
+
+  protected onSuccessfulLogin(response: IdentityTokenResponse): Promise<void> {
+    // Implemented in subclass if required
+    return null;
+  }
+
+  protected async buildDeviceRequest() {
+    const appId = await this.appIdService.getAppId();
+    return new DeviceRequest(appId, this.platformUtilsService);
+  }
+
+  protected async buildTwoFactor(userProvidedTwoFactor?: TokenRequestTwoFactor) {
+    if (userProvidedTwoFactor != null) {
+      return userProvidedTwoFactor;
+    }
+
+    const storedTwoFactorToken = await this.tokenService.getTwoFactorToken();
+    if (storedTwoFactorToken != null) {
+      return new TokenRequestTwoFactor(TwoFactorProviderType.Remember, storedTwoFactorToken, false);
+    }
+
+    return new TokenRequestTwoFactor();
+  }
+
+  protected async saveAccountInformation(tokenResponse: IdentityTokenResponse) {
+    const accountInformation = await this.tokenService.decodeToken(tokenResponse.accessToken);
+    await this.stateService.addAccount(
+      new Account({
+        profile: {
+          ...new AccountProfile(),
+          ...{
+            userId: accountInformation.sub,
+            email: accountInformation.email,
+            hasPremiumPersonally: accountInformation.premium,
+            kdfIterations: tokenResponse.kdfIterations,
+            kdfType: tokenResponse.kdf,
+          },
+        },
+        tokens: {
+          ...new AccountTokens(),
+          ...{
+            accessToken: tokenResponse.accessToken,
+            refreshToken: tokenResponse.refreshToken,
+          },
+        },
+      }),
+    );
+  }
+
+  protected async processTokenResponse(response: IdentityTokenResponse): Promise<AuthResult> {
+    const result = new AuthResult();
+    result.resetMasterPassword = response.resetMasterPassword;
+    result.forcePasswordReset = response.forcePasswordReset;
+
+    await this.saveAccountInformation(response);
+
+    if (response.twoFactorToken != null) {
+      await this.tokenService.setTwoFactorToken(response);
+    }
+
+    const newSsoUser = response.key == null;
+    if (!newSsoUser) {
+      await this.cryptoService.setEncKey(response.key);
+      await this.cryptoService.setEncPrivateKey(
+        response.privateKey ?? (await this.createKeyPairForOldAccount()),
+      );
+    }
+
+    await this.onSuccessfulLogin(response);
+
+    await this.stateService.setBiometricLocked(false);
+    this.messagingService.send("loggedIn");
+
+    return result;
+  }
+
+  private async processTwoFactorResponse(response: IdentityTwoFactorResponse): Promise<AuthResult> {
+    const result = new AuthResult();
+    result.twoFactorProviders = response.twoFactorProviders2;
+    this.twoFactorService.setProviders(response);
+    this.captchaBypassToken = response.captchaToken ?? null;
+    return result;
+  }
+
+  private async processCaptchaResponse(response: IdentityCaptchaResponse): Promise<AuthResult> {
+    const result = new AuthResult();
+    result.captchaSiteKey = response.siteKey;
+    return result;
+  }
+
+  private async createKeyPairForOldAccount() {
+    try {
+      const [publicKey, privateKey] = await this.cryptoService.makeKeyPair();
+      await this.apiService.postAccountKeys(new KeysRequest(publicKey, privateKey.encryptedString));
+      return privateKey.encryptedString;
+    } catch (e) {
+      this.logService.error(e);
+    }
+  }
+}

jslib/common/src/misc/logInStrategies/passwordLogin.strategy.ts

@@ -0,0 +1,95 @@
+import { ApiService } from "../../abstractions/api.service";
+import { AppIdService } from "../../abstractions/appId.service";
+import { AuthService } from "../../abstractions/auth.service";
+import { CryptoService } from "../../abstractions/crypto.service";
+import { LogService } from "../../abstractions/log.service";
+import { MessagingService } from "../../abstractions/messaging.service";
+import { PlatformUtilsService } from "../../abstractions/platformUtils.service";
+import { StateService } from "../../abstractions/state.service";
+import { TokenService } from "../../abstractions/token.service";
+import { TwoFactorService } from "../../abstractions/twoFactor.service";
+import { HashPurpose } from "../../enums/hashPurpose";
+import { AuthResult } from "../../models/domain/authResult";
+import { PasswordLogInCredentials } from "../../models/domain/logInCredentials";
+import { SymmetricCryptoKey } from "../../models/domain/symmetricCryptoKey";
+import { PasswordTokenRequest } from "../../models/request/identityToken/passwordTokenRequest";
+import { TokenRequestTwoFactor } from "../../models/request/identityToken/tokenRequestTwoFactor";
+
+import { LogInStrategy } from "./logIn.strategy";
+
+export class PasswordLogInStrategy extends LogInStrategy {
+  get email() {
+    return this.tokenRequest.email;
+  }
+
+  get masterPasswordHash() {
+    return this.tokenRequest.masterPasswordHash;
+  }
+
+  tokenRequest: PasswordTokenRequest;
+
+  private localHashedPassword: string;
+  private key: SymmetricCryptoKey;
+
+  constructor(
+    cryptoService: CryptoService,
+    apiService: ApiService,
+    tokenService: TokenService,
+    appIdService: AppIdService,
+    platformUtilsService: PlatformUtilsService,
+    messagingService: MessagingService,
+    logService: LogService,
+    stateService: StateService,
+    twoFactorService: TwoFactorService,
+    private authService: AuthService,
+  ) {
+    super(
+      cryptoService,
+      apiService,
+      tokenService,
+      appIdService,
+      platformUtilsService,
+      messagingService,
+      logService,
+      stateService,
+      twoFactorService,
+    );
+  }
+
+  async onSuccessfulLogin() {
+    await this.cryptoService.setKey(this.key);
+    await this.cryptoService.setKeyHash(this.localHashedPassword);
+  }
+
+  async logInTwoFactor(
+    twoFactor: TokenRequestTwoFactor,
+    captchaResponse: string,
+  ): Promise<AuthResult> {
+    this.tokenRequest.captchaResponse = captchaResponse ?? this.captchaBypassToken;
+    return super.logInTwoFactor(twoFactor);
+  }
+
+  async logIn(credentials: PasswordLogInCredentials) {
+    const { email, masterPassword, captchaToken, twoFactor } = credentials;
+
+    this.key = await this.authService.makePreloginKey(masterPassword, email);
+
+    // Hash the password early (before authentication) so we don't persist it in memory in plaintext
+    this.localHashedPassword = await this.cryptoService.hashPassword(
+      masterPassword,
+      this.key,
+      HashPurpose.LocalAuthorization,
+    );
+    const hashedPassword = await this.cryptoService.hashPassword(masterPassword, this.key);
+
+    this.tokenRequest = new PasswordTokenRequest(
+      email,
+      hashedPassword,
+      captchaToken,
+      await this.buildTwoFactor(twoFactor),
+      await this.buildDeviceRequest(),
+    );
+
+    return this.startLogIn();
+  }
+}

jslib/common/src/misc/logInStrategies/ssoLogin.strategy.ts

@@ -0,0 +1,70 @@
+import { ApiService } from "../../abstractions/api.service";
+import { AppIdService } from "../../abstractions/appId.service";
+import { CryptoService } from "../../abstractions/crypto.service";
+import { KeyConnectorService } from "../../abstractions/keyConnector.service";
+import { LogService } from "../../abstractions/log.service";
+import { MessagingService } from "../../abstractions/messaging.service";
+import { PlatformUtilsService } from "../../abstractions/platformUtils.service";
+import { StateService } from "../../abstractions/state.service";
+import { TokenService } from "../../abstractions/token.service";
+import { TwoFactorService } from "../../abstractions/twoFactor.service";
+import { SsoLogInCredentials } from "../../models/domain/logInCredentials";
+import { SsoTokenRequest } from "../../models/request/identityToken/ssoTokenRequest";
+import { IdentityTokenResponse } from "../../models/response/identityTokenResponse";
+
+import { LogInStrategy } from "./logIn.strategy";
+
+export class SsoLogInStrategy extends LogInStrategy {
+  tokenRequest: SsoTokenRequest;
+  orgId: string;
+
+  constructor(
+    cryptoService: CryptoService,
+    apiService: ApiService,
+    tokenService: TokenService,
+    appIdService: AppIdService,
+    platformUtilsService: PlatformUtilsService,
+    messagingService: MessagingService,
+    logService: LogService,
+    stateService: StateService,
+    twoFactorService: TwoFactorService,
+    private keyConnectorService: KeyConnectorService,
+  ) {
+    super(
+      cryptoService,
+      apiService,
+      tokenService,
+      appIdService,
+      platformUtilsService,
+      messagingService,
+      logService,
+      stateService,
+      twoFactorService,
+    );
+  }
+
+  async onSuccessfulLogin(tokenResponse: IdentityTokenResponse) {
+    const newSsoUser = tokenResponse.key == null;
+
+    if (tokenResponse.keyConnectorUrl != null) {
+      if (!newSsoUser) {
+        await this.keyConnectorService.getAndSetKey(tokenResponse.keyConnectorUrl);
+      } else {
+        await this.keyConnectorService.convertNewSsoUserToKeyConnector(tokenResponse, this.orgId);
+      }
+    }
+  }
+
+  async logIn(credentials: SsoLogInCredentials) {
+    this.orgId = credentials.orgId;
+    this.tokenRequest = new SsoTokenRequest(
+      credentials.code,
+      credentials.codeVerifier,
+      credentials.redirectUrl,
+      await this.buildTwoFactor(credentials.twoFactor),
+      await this.buildDeviceRequest(),
+    );
+
+    return this.startLogIn();
+  }
+}

jslib/common/src/misc/utils.ts

@@ -3,6 +3,7 @@ import { I18nService } from "../abstractions/i18n.service";
 
 import * as tldjs from "tldjs";
 
+
 const nodeURL = typeof window === "undefined" ? require("url") : null;
 
 export class Utils {

jslib/common/src/models/domain/authResult.ts

@@ -0,0 +1,17 @@
+import { TwoFactorProviderType } from "../../enums/twoFactorProviderType";
+import { Utils } from "../../misc/utils";
+
+export class AuthResult {
+  captchaSiteKey = "";
+  resetMasterPassword = false;
+  forcePasswordReset = false;
+  twoFactorProviders: Map<TwoFactorProviderType, { [key: string]: string }> = null;
+
+  get requiresCaptcha() {
+    return !Utils.isNullOrWhitespace(this.captchaSiteKey);
+  }
+
+  get requiresTwoFactor() {
+    return this.twoFactorProviders != null;
+  }
+}

jslib/common/src/models/domain/logInCredentials.ts

@@ -0,0 +1,34 @@
+import { AuthenticationType } from "../../enums/authenticationType";
+import { TokenRequestTwoFactor } from "../request/identityToken/tokenRequestTwoFactor";
+
+export class PasswordLogInCredentials {
+  readonly type = AuthenticationType.Password;
+
+  constructor(
+    public email: string,
+    public masterPassword: string,
+    public captchaToken?: string,
+    public twoFactor?: TokenRequestTwoFactor,
+  ) {}
+}
+
+export class SsoLogInCredentials {
+  readonly type = AuthenticationType.Sso;
+
+  constructor(
+    public code: string,
+    public codeVerifier: string,
+    public redirectUrl: string,
+    public orgId: string,
+    public twoFactor?: TokenRequestTwoFactor,
+  ) {}
+}
+
+export class ApiLogInCredentials {
+  readonly type = AuthenticationType.Api;
+
+  constructor(
+    public clientId: string,
+    public clientSecret: string,
+  ) {}
+}

jslib/common/src/models/request/account/setKeyConnectorKeyRequest.ts

@@ -0,0 +1,24 @@
+import { KdfType } from "../../../enums/kdfType";
+import { KeysRequest } from "../keysRequest";
+
+export class SetKeyConnectorKeyRequest {
+  key: string;
+  keys: KeysRequest;
+  kdf: KdfType;
+  kdfIterations: number;
+  orgIdentifier: string;
+
+  constructor(
+    key: string,
+    kdf: KdfType,
+    kdfIterations: number,
+    orgIdentifier: string,
+    keys: KeysRequest,
+  ) {
+    this.key = key;
+    this.kdf = kdf;
+    this.kdfIterations = kdfIterations;
+    this.orgIdentifier = orgIdentifier;
+    this.keys = keys;
+  }
+}

jslib/common/src/models/request/account/verifyOTPRequest.ts

@@ -0,0 +1,7 @@
+export class VerifyOTPRequest {
+  OTP: string;
+
+  constructor(OTP: string) {
+    this.OTP = OTP;
+  }
+}

jslib/common/src/models/request/attachmentRequest.ts

@@ -0,0 +1,6 @@
+export class AttachmentRequest {
+  fileName: string;
+  key: string;
+  fileSize: number;
+  adminRequest: boolean;
+}

jslib/common/src/models/request/bitPayInvoiceRequest.ts

@@ -0,0 +1,9 @@
+export class BitPayInvoiceRequest {
+  userId: string;
+  organizationId: string;
+  credit: boolean;
+  amount: number;
+  returnUrl: string;
+  name: string;
+  email: string;
+}

jslib/common/src/models/request/cipherBulkDeleteRequest.ts

@@ -0,0 +1,9 @@
+export class CipherBulkDeleteRequest {
+  ids: string[];
+  organizationId: string;
+
+  constructor(ids: string[], organizationId?: string) {
+    this.ids = ids == null ? [] : ids;
+    this.organizationId = organizationId;
+  }
+}

jslib/common/src/models/request/cipherBulkMoveRequest.ts

@@ -0,0 +1,9 @@
+export class CipherBulkMoveRequest {
+  ids: string[];
+  folderId: string;
+
+  constructor(ids: string[], folderId: string) {
+    this.ids = ids == null ? [] : ids;
+    this.folderId = folderId;
+  }
+}

jslib/common/src/models/request/cipherBulkRestoreRequest.ts

@@ -0,0 +1,7 @@
+export class CipherBulkRestoreRequest {
+  ids: string[];
+
+  constructor(ids: string[]) {
+    this.ids = ids == null ? [] : ids;
+  }
+}

jslib/common/src/models/request/cipherBulkShareRequest.ts

@@ -0,0 +1,18 @@
+import { Cipher } from "../domain/cipher";
+
+import { CipherWithIdRequest } from "./cipherWithIdRequest";
+
+export class CipherBulkShareRequest {
+  ciphers: CipherWithIdRequest[];
+  collectionIds: string[];
+
+  constructor(ciphers: Cipher[], collectionIds: string[]) {
+    if (ciphers != null) {
+      this.ciphers = [];
+      ciphers.forEach((c) => {
+        this.ciphers.push(new CipherWithIdRequest(c));
+      });
+    }
+    this.collectionIds = collectionIds;
+  }
+}

jslib/common/src/models/request/cipherCollectionsRequest.ts

@@ -0,0 +1,7 @@
+export class CipherCollectionsRequest {
+  collectionIds: string[];
+
+  constructor(collectionIds: string[]) {
+    this.collectionIds = collectionIds == null ? [] : collectionIds;
+  }
+}

jslib/common/src/models/request/cipherCreateRequest.ts

@@ -0,0 +1,13 @@
+import { Cipher } from "../domain/cipher";
+
+import { CipherRequest } from "./cipherRequest";
+
+export class CipherCreateRequest {
+  cipher: CipherRequest;
+  collectionIds: string[];
+
+  constructor(cipher: Cipher) {
+    this.cipher = new CipherRequest(cipher);
+    this.collectionIds = cipher.collectionIds;
+  }
+}

jslib/common/src/models/request/cipherRequest.ts

@@ -0,0 +1,164 @@
+import { CipherRepromptType } from "../../enums/cipherRepromptType";
+import { CipherType } from "../../enums/cipherType";
+import { CardApi } from "../api/cardApi";
+import { FieldApi } from "../api/fieldApi";
+import { IdentityApi } from "../api/identityApi";
+import { LoginApi } from "../api/loginApi";
+import { LoginUriApi } from "../api/loginUriApi";
+import { SecureNoteApi } from "../api/secureNoteApi";
+import { Cipher } from "../domain/cipher";
+
+import { AttachmentRequest } from "./attachmentRequest";
+import { PasswordHistoryRequest } from "./passwordHistoryRequest";
+
+export class CipherRequest {
+  type: CipherType;
+  folderId: string;
+  organizationId: string;
+  name: string;
+  notes: string;
+  favorite: boolean;
+  login: LoginApi;
+  secureNote: SecureNoteApi;
+  card: CardApi;
+  identity: IdentityApi;
+  fields: FieldApi[];
+  passwordHistory: PasswordHistoryRequest[];
+  // Deprecated, remove at some point and rename attachments2 to attachments
+  attachments: { [id: string]: string };
+  attachments2: { [id: string]: AttachmentRequest };
+  lastKnownRevisionDate: Date;
+  reprompt: CipherRepromptType;
+
+  constructor(cipher: Cipher) {
+    this.type = cipher.type;
+    this.folderId = cipher.folderId;
+    this.organizationId = cipher.organizationId;
+    this.name = cipher.name ? cipher.name.encryptedString : null;
+    this.notes = cipher.notes ? cipher.notes.encryptedString : null;
+    this.favorite = cipher.favorite;
+    this.lastKnownRevisionDate = cipher.revisionDate;
+    this.reprompt = cipher.reprompt;
+
+    switch (this.type) {
+      case CipherType.Login:
+        this.login = new LoginApi();
+        this.login.uris = null;
+        this.login.username = cipher.login.username ? cipher.login.username.encryptedString : null;
+        this.login.password = cipher.login.password ? cipher.login.password.encryptedString : null;
+        this.login.passwordRevisionDate =
+          cipher.login.passwordRevisionDate != null
+            ? cipher.login.passwordRevisionDate.toISOString()
+            : null;
+        this.login.totp = cipher.login.totp ? cipher.login.totp.encryptedString : null;
+        this.login.autofillOnPageLoad = cipher.login.autofillOnPageLoad;
+
+        if (cipher.login.uris != null) {
+          this.login.uris = cipher.login.uris.map((u) => {
+            const uri = new LoginUriApi();
+            uri.uri = u.uri != null ? u.uri.encryptedString : null;
+            uri.match = u.match != null ? u.match : null;
+            return uri;
+          });
+        }
+        break;
+      case CipherType.SecureNote:
+        this.secureNote = new SecureNoteApi();
+        this.secureNote.type = cipher.secureNote.type;
+        break;
+      case CipherType.Card:
+        this.card = new CardApi();
+        this.card.cardholderName =
+          cipher.card.cardholderName != null ? cipher.card.cardholderName.encryptedString : null;
+        this.card.brand = cipher.card.brand != null ? cipher.card.brand.encryptedString : null;
+        this.card.number = cipher.card.number != null ? cipher.card.number.encryptedString : null;
+        this.card.expMonth =
+          cipher.card.expMonth != null ? cipher.card.expMonth.encryptedString : null;
+        this.card.expYear =
+          cipher.card.expYear != null ? cipher.card.expYear.encryptedString : null;
+        this.card.code = cipher.card.code != null ? cipher.card.code.encryptedString : null;
+        break;
+      case CipherType.Identity:
+        this.identity = new IdentityApi();
+        this.identity.title =
+          cipher.identity.title != null ? cipher.identity.title.encryptedString : null;
+        this.identity.firstName =
+          cipher.identity.firstName != null ? cipher.identity.firstName.encryptedString : null;
+        this.identity.middleName =
+          cipher.identity.middleName != null ? cipher.identity.middleName.encryptedString : null;
+        this.identity.lastName =
+          cipher.identity.lastName != null ? cipher.identity.lastName.encryptedString : null;
+        this.identity.address1 =
+          cipher.identity.address1 != null ? cipher.identity.address1.encryptedString : null;
+        this.identity.address2 =
+          cipher.identity.address2 != null ? cipher.identity.address2.encryptedString : null;
+        this.identity.address3 =
+          cipher.identity.address3 != null ? cipher.identity.address3.encryptedString : null;
+        this.identity.city =
+          cipher.identity.city != null ? cipher.identity.city.encryptedString : null;
+        this.identity.state =
+          cipher.identity.state != null ? cipher.identity.state.encryptedString : null;
+        this.identity.postalCode =
+          cipher.identity.postalCode != null ? cipher.identity.postalCode.encryptedString : null;
+        this.identity.country =
+          cipher.identity.country != null ? cipher.identity.country.encryptedString : null;
+        this.identity.company =
+          cipher.identity.company != null ? cipher.identity.company.encryptedString : null;
+        this.identity.email =
+          cipher.identity.email != null ? cipher.identity.email.encryptedString : null;
+        this.identity.phone =
+          cipher.identity.phone != null ? cipher.identity.phone.encryptedString : null;
+        this.identity.ssn =
+          cipher.identity.ssn != null ? cipher.identity.ssn.encryptedString : null;
+        this.identity.username =
+          cipher.identity.username != null ? cipher.identity.username.encryptedString : null;
+        this.identity.passportNumber =
+          cipher.identity.passportNumber != null
+            ? cipher.identity.passportNumber.encryptedString
+            : null;
+        this.identity.licenseNumber =
+          cipher.identity.licenseNumber != null
+            ? cipher.identity.licenseNumber.encryptedString
+            : null;
+        break;
+      default:
+        break;
+    }
+
+    if (cipher.fields != null) {
+      this.fields = cipher.fields.map((f) => {
+        const field = new FieldApi();
+        field.type = f.type;
+        field.name = f.name ? f.name.encryptedString : null;
+        field.value = f.value ? f.value.encryptedString : null;
+        field.linkedId = f.linkedId;
+        return field;
+      });
+    }
+
+    if (cipher.passwordHistory != null) {
+      this.passwordHistory = [];
+      cipher.passwordHistory.forEach((ph) => {
+        this.passwordHistory.push({
+          lastUsedDate: ph.lastUsedDate,
+          password: ph.password ? ph.password.encryptedString : null,
+        });
+      });
+    }
+
+    if (cipher.attachments != null) {
+      this.attachments = {};
+      this.attachments2 = {};
+      cipher.attachments.forEach((attachment) => {
+        const fileName = attachment.fileName ? attachment.fileName.encryptedString : null;
+        this.attachments[attachment.id] = fileName;
+        const attachmentRequest = new AttachmentRequest();
+        attachmentRequest.fileName = fileName;
+        if (attachment.key != null) {
+          attachmentRequest.key = attachment.key.encryptedString;
+        }
+        this.attachments2[attachment.id] = attachmentRequest;
+      });
+    }
+  }
+}

jslib/common/src/models/request/cipherShareRequest.ts

@@ -0,0 +1,13 @@
+import { Cipher } from "../domain/cipher";
+
+import { CipherRequest } from "./cipherRequest";
+
+export class CipherShareRequest {
+  cipher: CipherRequest;
+  collectionIds: string[];
+
+  constructor(cipher: Cipher) {
+    this.cipher = new CipherRequest(cipher);
+    this.collectionIds = cipher.collectionIds;
+  }
+}

jslib/common/src/models/request/cipherWithIdRequest.ts

@@ -0,0 +1,12 @@
+import { Cipher } from "../domain/cipher";
+
+import { CipherRequest } from "./cipherRequest";
+
+export class CipherWithIdRequest extends CipherRequest {
+  id: string;
+
+  constructor(cipher: Cipher) {
+    super(cipher);
+    this.id = cipher.id;
+  }
+}

jslib/common/src/models/request/collectionRequest.ts

@@ -0,0 +1,17 @@
+import { Collection } from "../domain/collection";
+
+import { SelectionReadOnlyRequest } from "./selectionReadOnlyRequest";
+
+export class CollectionRequest {
+  name: string;
+  externalId: string;
+  groups: SelectionReadOnlyRequest[] = [];
+
+  constructor(collection?: Collection) {
+    if (collection == null) {
+      return;
+    }
+    this.name = collection.name ? collection.name.encryptedString : null;
+    this.externalId = collection.externalId;
+  }
+}

jslib/common/src/models/request/deleteRecoverRequest.ts

@@ -0,0 +1,3 @@
+export class DeleteRecoverRequest {
+  email: string;
+}

jslib/common/src/models/request/deviceTokenRequest.ts

@@ -0,0 +1,7 @@
+export class DeviceTokenRequest {
+  pushToken: string;
+
+  constructor() {
+    this.pushToken = null;
+  }
+}

jslib/common/src/models/request/emailRequest.ts

@@ -0,0 +1,7 @@
+import { EmailTokenRequest } from "./emailTokenRequest";
+
+export class EmailRequest extends EmailTokenRequest {
+  newMasterPasswordHash: string;
+  token: string;
+  key: string;
+}

jslib/common/src/models/request/emailTokenRequest.ts

@@ -0,0 +1,6 @@
+import { SecretVerificationRequest } from "./secretVerificationRequest";
+
+export class EmailTokenRequest extends SecretVerificationRequest {
+  newEmail: string;
+  masterPasswordHash: string;
+}

jslib/common/src/models/request/emergencyAccessAcceptRequest.ts

@@ -0,0 +1,3 @@
+export class EmergencyAccessAcceptRequest {
+  token: string;
+}

jslib/common/src/models/request/emergencyAccessConfirmRequest.ts

@@ -0,0 +1,3 @@
+export class EmergencyAccessConfirmRequest {
+  key: string;
+}

jslib/common/src/models/request/emergencyAccessInviteRequest.ts

@@ -0,0 +1,7 @@
+import { EmergencyAccessType } from "../../enums/emergencyAccessType";
+
+export class EmergencyAccessInviteRequest {
+  email: string;
+  type: EmergencyAccessType;
+  waitTimeDays: number;
+}

jslib/common/src/models/request/emergencyAccessPasswordRequest.ts

@@ -0,0 +1,4 @@
+export class EmergencyAccessPasswordRequest {
+  newMasterPasswordHash: string;
+  key: string;
+}

jslib/common/src/models/request/emergencyAccessUpdateRequest.ts

@@ -0,0 +1,7 @@
+import { EmergencyAccessType } from "../../enums/emergencyAccessType";
+
+export class EmergencyAccessUpdateRequest {
+  type: EmergencyAccessType;
+  waitTimeDays: number;
+  keyEncrypted?: string;
+}

jslib/common/src/models/request/eventRequest.ts

@@ -0,0 +1,7 @@
+import { EventType } from "../../enums/eventType";
+
+export class EventRequest {
+  type: EventType;
+  cipherId: string;
+  date: string;
+}

jslib/common/src/models/request/folderRequest.ts

@@ -0,0 +1,9 @@
+import { Folder } from "../domain/folder";
+
+export class FolderRequest {
+  name: string;
+
+  constructor(folder: Folder) {
+    this.name = folder.name ? folder.name.encryptedString : null;
+  }
+}

jslib/common/src/models/request/folderWithIdRequest.ts

@@ -0,0 +1,12 @@
+import { Folder } from "../domain/folder";
+
+import { FolderRequest } from "./folderRequest";
+
+export class FolderWithIdRequest extends FolderRequest {
+  id: string;
+
+  constructor(folder: Folder) {
+    super(folder);
+    this.id = folder.id;
+  }
+}

jslib/common/src/models/request/groupRequest.ts

@@ -0,0 +1,8 @@
+import { SelectionReadOnlyRequest } from "./selectionReadOnlyRequest";
+
+export class GroupRequest {
+  name: string;
+  accessAll: boolean;
+  externalId: string;
+  collections: SelectionReadOnlyRequest[] = [];
+}

jslib/common/src/models/request/iapCheckRequest.ts

@@ -0,0 +1,5 @@
+import { PaymentMethodType } from "../../enums/paymentMethodType";
+
+export class IapCheckRequest {
+  paymentMethodType: PaymentMethodType;
+}

jslib/common/src/models/request/importCiphersRequest.ts

@@ -0,0 +1,9 @@
+import { CipherRequest } from "./cipherRequest";
+import { FolderRequest } from "./folderRequest";
+import { KvpRequest } from "./kvpRequest";
+
+export class ImportCiphersRequest {
+  ciphers: CipherRequest[] = [];
+  folders: FolderRequest[] = [];
+  folderRelationships: KvpRequest<number, number>[] = [];
+}

jslib/common/src/models/request/importOrganizationCiphersRequest.ts

@@ -0,0 +1,9 @@
+import { CipherRequest } from "./cipherRequest";
+import { CollectionRequest } from "./collectionRequest";
+import { KvpRequest } from "./kvpRequest";
+
+export class ImportOrganizationCiphersRequest {
+  ciphers: CipherRequest[] = [];
+  collections: CollectionRequest[] = [];
+  collectionRelationships: KvpRequest<number, number>[] = [];
+}

jslib/common/src/models/request/kdfRequest.ts

@@ -0,0 +1,8 @@
+import { KdfType } from "../../enums/kdfType";
+
+import { PasswordRequest } from "./passwordRequest";
+
+export class KdfRequest extends PasswordRequest {
+  kdf: KdfType;
+  kdfIterations: number;
+}

jslib/common/src/models/request/keyConnectorUserKeyRequest.ts

@@ -0,0 +1,7 @@
+export class KeyConnectorUserKeyRequest {
+  key: string;
+
+  constructor(key: string) {
+    this.key = key;
+  }
+}

jslib/common/src/models/request/keysRequest.ts

@@ -0,0 +1,9 @@
+export class KeysRequest {
+  publicKey: string;
+  encryptedPrivateKey: string;
+
+  constructor(publicKey: string, encryptedPrivateKey: string) {
+    this.publicKey = publicKey;
+    this.encryptedPrivateKey = encryptedPrivateKey;
+  }
+}

jslib/common/src/models/request/kvpRequest.ts

@@ -0,0 +1,9 @@
+export class KvpRequest<TK, TV> {
+  key: TK;
+  value: TV;
+
+  constructor(key: TK, value: TV) {
+    this.key = key;
+    this.value = value;
+  }
+}

jslib/common/src/models/request/organization/organizationSponsorshipCreateRequest.ts

@@ -0,0 +1,7 @@
+import { PlanSponsorshipType } from "../../../enums/planSponsorshipType";
+
+export class OrganizationSponsorshipCreateRequest {
+  sponsoredEmail: string;
+  planSponsorshipType: PlanSponsorshipType;
+  friendlyName: string;
+}

jslib/common/src/models/request/organization/organizationSponsorshipRedeemRequest.ts

@@ -0,0 +1,6 @@
+import { PlanSponsorshipType } from "../../../enums/planSponsorshipType";
+
+export class OrganizationSponsorshipRedeemRequest {
+  planSponsorshipType: PlanSponsorshipType;
+  sponsoredOrganizationId: string;
+}

jslib/common/src/models/request/organization/organizationSsoRequest.ts

@@ -0,0 +1,6 @@
+import { SsoConfigApi } from "../../api/ssoConfigApi";
+
+export class OrganizationSsoRequest {
+  enabled = false;
+  data: SsoConfigApi;
+}

jslib/common/src/models/request/organizationCreateRequest.ts

@@ -0,0 +1,27 @@
+import { PaymentMethodType } from "../../enums/paymentMethodType";
+import { PlanType } from "../../enums/planType";
+
+import { OrganizationKeysRequest } from "./organizationKeysRequest";
+
+export class OrganizationCreateRequest {
+  name: string;
+  businessName: string;
+  billingEmail: string;
+  planType: PlanType;
+  key: string;
+  keys: OrganizationKeysRequest;
+  paymentMethodType: PaymentMethodType;
+  paymentToken: string;
+  additionalSeats: number;
+  maxAutoscaleSeats: number;
+  additionalStorageGb: number;
+  premiumAccessAddon: boolean;
+  collectionName: string;
+  taxIdNumber: string;
+  billingAddressLine1: string;
+  billingAddressLine2: string;
+  billingAddressCity: string;
+  billingAddressState: string;
+  billingAddressPostalCode: string;
+  billingAddressCountry: string;
+}

jslib/common/src/models/request/organizationImportRequest.ts

@@ -8,12 +8,16 @@ export class OrganizationImportRequest {
   overwriteExisting = false;
   largeImport = false;
 
-  constructor(model: {
-    groups: Required<OrganizationImportGroupRequest>[];
-    users: Required<OrganizationImportMemberRequest>[];
-    overwriteExisting: boolean;
-    largeImport: boolean;
-  }) {
+  constructor(
+    model:
+      | {
+          groups: Required<OrganizationImportGroupRequest>[];
+          users: Required<OrganizationImportMemberRequest>[];
+          overwriteExisting: boolean;
+          largeImport: boolean;
+        }
+      | ImportDirectoryRequest,
+  ) {
     if (model instanceof ImportDirectoryRequest) {
       this.groups = model.groups.map((g) => new OrganizationImportGroupRequest(g));
       this.members = model.users.map((u) => new OrganizationImportMemberRequest(u));

jslib/common/src/models/request/organizationKeysRequest.ts

@@ -0,0 +1,7 @@
+import { KeysRequest } from "./keysRequest";
+
+export class OrganizationKeysRequest extends KeysRequest {
+  constructor(publicKey: string, encryptedPrivateKey: string) {
+    super(publicKey, encryptedPrivateKey);
+  }
+}

jslib/common/src/models/request/organizationSubscriptionUpdateRequest.ts

@@ -0,0 +1,6 @@
+export class OrganizationSubscriptionUpdateRequest {
+  constructor(
+    public seatAdjustment: number,
+    public maxAutoscaleSeats?: number,
+  ) {}
+}

jslib/common/src/models/request/organizationTaxInfoUpdateRequest.ts

@@ -0,0 +1,9 @@
+import { TaxInfoUpdateRequest } from "./taxInfoUpdateRequest";
+
+export class OrganizationTaxInfoUpdateRequest extends TaxInfoUpdateRequest {
+  taxId: string;
+  line1: string;
+  line2: string;
+  city: string;
+  state: string;
+}

jslib/common/src/models/request/organizationUpdateRequest.ts

@@ -0,0 +1,9 @@
+import { OrganizationKeysRequest } from "./organizationKeysRequest";
+
+export class OrganizationUpdateRequest {
+  name: string;
+  identifier: string;
+  businessName: string;
+  billingEmail: string;
+  keys: OrganizationKeysRequest;
+}

jslib/common/src/models/request/organizationUpgradeRequest.ts

@@ -0,0 +1,14 @@
+import { PlanType } from "../../enums/planType";
+
+import { OrganizationKeysRequest } from "./organizationKeysRequest";
+
+export class OrganizationUpgradeRequest {
+  businessName: string;
+  planType: PlanType;
+  additionalSeats: number;
+  additionalStorageGb: number;
+  premiumAccessAddon: boolean;
+  billingAddressCountry: string;
+  billingAddressPostalCode: string;
+  keys: OrganizationKeysRequest;
+}

jslib/common/src/models/request/organizationUserAcceptRequest.ts

@@ -0,0 +1,3 @@
+export class OrganizationUserAcceptRequest {
+  token: string;
+}

jslib/common/src/models/request/organizationUserBulkConfirmRequest.ts

@@ -0,0 +1,12 @@
+type OrganizationUserBulkRequestEntry = {
+  id: string;
+  key: string;
+};
+
+export class OrganizationUserBulkConfirmRequest {
+  keys: OrganizationUserBulkRequestEntry[];
+
+  constructor(keys: OrganizationUserBulkRequestEntry[]) {
+    this.keys = keys;
+  }
+}

jslib/common/src/models/request/organizationUserBulkRequest.ts

@@ -0,0 +1,7 @@
+export class OrganizationUserBulkRequest {
+  ids: string[];
+
+  constructor(ids: string[]) {
+    this.ids = ids == null ? [] : ids;
+  }
+}

jslib/common/src/models/request/organizationUserConfirmRequest.ts

@@ -0,0 +1,3 @@
+export class OrganizationUserConfirmRequest {
+  key: string;
+}

jslib/common/src/models/request/organizationUserInviteRequest.ts

@@ -0,0 +1,12 @@
+import { OrganizationUserType } from "../../enums/organizationUserType";
+import { PermissionsApi } from "../api/permissionsApi";
+
+import { SelectionReadOnlyRequest } from "./selectionReadOnlyRequest";
+
+export class OrganizationUserInviteRequest {
+  emails: string[] = [];
+  type: OrganizationUserType;
+  accessAll: boolean;
+  collections: SelectionReadOnlyRequest[] = [];
+  permissions: PermissionsApi;
+}

jslib/common/src/models/request/organizationUserResetPasswordEnrollmentRequest.ts

@@ -0,0 +1,3 @@
+export class OrganizationUserResetPasswordEnrollmentRequest {
+  resetPasswordKey: string;
+}

jslib/common/src/models/request/organizationUserResetPasswordRequest.ts

@@ -0,0 +1,4 @@
+export class OrganizationUserResetPasswordRequest {
+  newMasterPasswordHash: string;
+  key: string;
+}

jslib/common/src/models/request/organizationUserUpdateGroupsRequest.ts

@@ -0,0 +1,3 @@
+export class OrganizationUserUpdateGroupsRequest {
+  groupIds: string[] = [];
+}

jslib/common/src/models/request/organizationUserUpdateRequest.ts

@@ -0,0 +1,11 @@
+import { OrganizationUserType } from "../../enums/organizationUserType";
+import { PermissionsApi } from "../api/permissionsApi";
+
+import { SelectionReadOnlyRequest } from "./selectionReadOnlyRequest";
+
+export class OrganizationUserUpdateRequest {
+  type: OrganizationUserType;
+  accessAll: boolean;
+  collections: SelectionReadOnlyRequest[] = [];
+  permissions: PermissionsApi;
+}