undo

merge main
[PM-24898] Upgrade Yao
2025-12-05 23:53:21 +00:00 · 2025-09-18 17:02:44 -04:00 · 2025-09-18 16:59:59 -04:00 · 2025-09-11 15:25:16 -04:00
47 changed files with 5790 additions and 5581 deletions
--- a/.claude/CLAUDE.md
+++ b/.claude/CLAUDE.md
@@ -1,203 +0,0 @@
-# Bitwarden Directory Connector
-
-## Project Overview
-
-Directory Connector is a TypeScript application that synchronizes users and groups from directory services to Bitwarden organizations. It provides both a desktop GUI (built with Angular and Electron) and a CLI tool (bwdc).
-
-**Supported Directory Services:**
-
- LDAP (Lightweight Directory Access Protocol) - includes Active Directory and general LDAP servers
- Microsoft Entra ID (formerly Azure Active Directory)
- Google Workspace
- Okta
- OneLogin
-
-**Technologies:**
-
- TypeScript
- Angular (GUI)
- Electron (Desktop wrapper)
- Node
- Jest for testing
-
-## Code Architecture & Structure
-
-### Directory Organization
-
-```
-src/
-├── abstractions/       # Interface definitions (e.g., IDirectoryService)
-├── services/          # Business logic implementations for directory services, sync, auth
-├── models/            # Data models (UserEntry, GroupEntry, etc.)
-├── commands/          # CLI command implementations
-├── app/               # Angular GUI components
-└── utils/             # Test utilities and fixtures
-
-src-cli/               # CLI-specific code (imports common code from src/)
-
-jslib/                 # Legacy folder structure (mix of deprecated/unused and current code - new code should not be added here)
-```
-
-### Key Architectural Patterns
-
-1. **Abstractions = Interfaces**: All interfaces are defined in `/abstractions`
-2. **Services = Business Logic**: Implementations live in `/services`
-3. **Directory Service Pattern**: Each directory provider implements `IDirectoryService` interface
-4. **Separation of Concerns**: GUI (Angular app) and CLI (commands) share the same service layer
-
-## Development Conventions
-
-### Code Organization
-
-**File Naming:**
-
- kebab-case for files: `ldap-directory.service.ts`
- Descriptive names that reflect purpose
-
-**Class/Function Naming:**
-
- PascalCase for classes and interfaces
- camelCase for functions and variables
- Descriptive names that indicate purpose
-
-**File Structure:**
-
- Keep files focused on single responsibility
- Create new service files for distinct directory integrations
- Separate models into individual files when complex
-
-### TypeScript Conventions
-
-**Import Patterns:**
-
- Use path aliases (`@/`) for project imports
-  - `@/` - project root
-  - `@/jslib/` - jslib folder
- ESLint enforces alphabetized import ordering with newlines between groups
-
-**Type Safety:**
-
- Avoid `any` types - use proper typing or `unknown` with type guards
- Prefer interfaces for contracts, types for unions/intersections
- Use strict null checks - handle `null` and `undefined` explicitly
- Leverage TypeScript's type inference where appropriate
-
-**Configuration:**
-
- Use configuration files or environment variables
- Never hardcode URLs or configuration values
-
-## Security Best Practices
-
-**Credential Handling:**
-
- Never log directory service credentials, API keys, or tokens
- Use secure storage mechanisms for sensitive data
- Credentials should never be hardcoded
- Store credentials encrypted, never in plain text
-
-**Sensitive Data:**
-
- User and group data from directories should be handled securely
- Avoid exposing sensitive information in error messages
- Sanitize data before logging
- Be cautious with data persistence
-
-**Input Validation:**
-
- Validate and sanitize data from external directory services
- Check for injection vulnerabilities (LDAP injection, etc.)
- Validate configuration inputs from users
-
-**API Security:**
-
- Ensure authentication flows are implemented correctly
- Verify SSL/TLS is used for all external connections
- Check for secure token storage and refresh mechanisms
-
-## Error Handling
-
-**Best Practices:**
-
-1. **Try-catch for async operations** - Always wrap external API calls
-2. **Meaningful error messages** - Provide context for debugging
-3. **Error propagation** - Don't swallow errors silently
-4. **User-facing errors** - Separate user messages from developer logs
-
-## Performance Best Practices
-
-**Large Dataset Handling:**
-
- Use pagination for large user/group lists
- Avoid loading entire datasets into memory at once
- Consider streaming or batch processing for large operations
-
-**API Rate Limiting:**
-
- Respect rate limits for Microsoft Graph API, Google Admin SDK, etc.
- Consider batching large API calls where necessary
-
-**Memory Management:**
-
- Close connections and clean up resources
- Remove event listeners when components are destroyed
- Be cautious with caching large datasets
-
-## Testing
-
-**Framework:**
-
- Jest with jest-preset-angular
- jest-mock-extended for type-safe mocks with `mock<Type>()`
-
-**Test Organization:**
-
- Tests colocated with source files
- `*.spec.ts` - Unit tests for individual components/services
- `*.integration.spec.ts` - Integration tests against live directory services
- Test helpers located in `utils/` directory
-
-**Test Naming:**
-
- Descriptive, human-readable test names
- Example: `'should return empty array when no users exist in directory'`
-
-**Test Coverage:**
-
- New features must include tests
- Bug fixes should include regression tests
- Changes to core sync logic or directory specific logic require integration tests
-
-**Testing Approach:**
-
- **Unit tests**: Mock external API calls using jest-mock-extended
- **Integration tests**: Use live directory services (Docker containers or configured cloud services)
- Focus on critical paths (authentication, sync, data transformation)
- Test error scenarios and edge cases (empty results, malformed data, connection failures), not just happy paths
-
-## Directory Service Patterns
-
-### IDirectoryService Interface
-
-All directory services implement this core interface with methods:
-
- `getUsers()` - Retrieve users from directory and transform them into standard objects
- `getGroups()` - Retrieve groups from directory and transform them into standard objects
- Connection and authentication handling
-
-### Service-Specific Implementations
-
-Each directory service has unique authentication and query patterns:
-
- **LDAP**: Direct LDAP queries, bind authentication
- **Microsoft Entra ID**: Microsoft Graph API, OAuth tokens
- **Google Workspace**: Google Admin SDK, service account credentials
- **Okta/OneLogin**: REST APIs with API tokens
-
-## References
-
- [Architectural Decision Records (ADRs)](https://contributing.bitwarden.com/architecture/adr/)
- [Contributing Guidelines](https://contributing.bitwarden.com/contributing/)
- [Code Style](https://contributing.bitwarden.com/contributing/code-style/)
- [Security Whitepaper](https://bitwarden.com/help/bitwarden-security-white-paper/)
- [Security Definitions](https://contributing.bitwarden.com/architecture/security/definitions)
--- a/.claude/prompts/review-code.md
+++ b/.claude/prompts/review-code.md
@@ -1,27 +0,0 @@
-Please review this pull request with a focus on:
-
- Code quality and best practices
- Potential bugs or issues
- Security implications
- Performance considerations
-
-Note: The PR branch is already checked out in the current working directory.
-
-Provide a comprehensive review including:
-
- Summary of changes since last review
- Critical issues found (be thorough)
- Suggested improvements (be thorough)
- Good practices observed (be concise - list only the most notable items without elaboration)
- Action items for the author
- Leverage collapsible <details> sections where appropriate for lengthy explanations or code
-  snippets to enhance human readability
-
-When reviewing subsequent commits:
-
- Track status of previously identified issues (fixed/unfixed/reopened)
- Identify NEW problems introduced since last review
- Note if fixes introduced new issues
-
-IMPORTANT: Be comprehensive about issues and improvements. For good practices, be brief - just note
-what was done well without explaining why or praising excessively.
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -6,14 +6,3 @@

 # Default file owners.
 * @bitwarden/team-admin-console-dev
-
-# Docker-related files
-**/Dockerfile @bitwarden/team-appsec @bitwarden/dept-bre
-**/*.dockerignore @bitwarden/team-appsec @bitwarden/dept-bre
-**/entrypoint.sh @bitwarden/team-appsec @bitwarden/dept-bre
-**/docker-compose.yml @bitwarden/team-appsec @bitwarden/dept-bre
-
-# Claude related files
-.claude/ @bitwarden/team-ai-sme
-.github/workflows/respond.yml @bitwarden/team-ai-sme
-.github/workflows/review-code.yml @bitwarden/team-ai-sme
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@@ -8,6 +8,12 @@
      matchManagers: ["github-actions"],
      matchUpdateTypes: ["minor", "patch"],
    },
+    {
+      groupName: "Google Libraries",
+      matchPackagePatterns: ["google-auth-library", "googleapis"],
+      matchManagers: ["npm"],
+      groupSlug: "google-libraries",
+    },
  ],
  ignoreDeps: [
    // yao-pkg is used to create a single executable application bundle for the CLI.
@@ -15,10 +21,5 @@
    // This must be manually vetted by our appsec team before upgrading.
    // It is excluded from renovate to avoid accidentally upgrading to a non-vetted version.
    "@yao-pkg/pkg",
-    // googleapis uses ESM after 149.0.0 so we are not upgrading it until we have ESM support.
-    // They release new versions every couple of weeks so ignoring it at the dependency dashboard
-    // level is not sufficient.
-    // FIXME: remove and upgrade when we have ESM support.
-    "googleapis",
  ],
 }
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -23,22 +23,20 @@ jobs:
      node_version: ${{ steps.retrieve-node-version.outputs.node_version }}
    steps:
      - name: Checkout repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Get Package Version
        id: retrieve-version
        run: |
          PKG_VERSION=$(jq -r .version package.json)
-          echo "package_version=$PKG_VERSION" >> "$GITHUB_OUTPUT"
+          echo "package_version=$PKG_VERSION" >> $GITHUB_OUTPUT

      - name: Get Node Version
        id: retrieve-node-version
        run: |
          NODE_NVMRC=$(cat .nvmrc)
          NODE_VERSION=${NODE_NVMRC/v/''}
-          echo "node_version=$NODE_VERSION" >> "$GITHUB_OUTPUT"
+          echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT

  linux-cli:
    name: Build Linux CLI
@@ -51,9 +49,7 @@ jobs:
      contents: read
    steps:
      - name: Checkout repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Set up Node
        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
@@ -65,7 +61,7 @@ jobs:
      - name: Update NPM
        run: |
          npm install -g node-gyp
-          node-gyp install "$(node -v)"
+          node-gyp install $(node -v)

      - name: Keytar
        run: |
@@ -76,8 +72,8 @@ jobs:
          keytarUrl="https://github.com/atom/node-keytar/releases/download/v$keytarVersion/$keytarTarGz"

          mkdir -p ./keytar/linux
-          wget "$keytarUrl" -O "./keytar/linux/$keytarTarGz"
-          tar -xvf "./keytar/linux/$keytarTarGz" -C ./keytar/linux
+          wget $keytarUrl -O ./keytar/linux/$keytarTarGz
+          tar -xvf ./keytar/linux/$keytarTarGz -C ./keytar/linux

      - name: Install
        run: npm install
@@ -86,19 +82,19 @@ jobs:
        run: npm run dist:cli:lin

      - name: Zip
-        run: zip -j "dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip" "dist-cli/linux/bwdc" "keytar/linux/build/Release/keytar.node"
+        run: zip -j dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip dist-cli/linux/bwdc keytar/linux/build/Release/keytar.node

      - name: Version Test
        run: |
          sudo apt-get update
          sudo apt install libsecret-1-0 dbus-x11 gnome-keyring
-          eval "$(dbus-launch --sh-syntax)"
+          eval $(dbus-launch --sh-syntax)

-          eval "$(echo -n "" | /usr/bin/gnome-keyring-daemon --login)"
-          eval "$(/usr/bin/gnome-keyring-daemon --components=secrets --start)"
+          eval $(echo -n "" | /usr/bin/gnome-keyring-daemon --login)
+          eval $(/usr/bin/gnome-keyring-daemon --components=secrets --start)

          mkdir -p test/linux
-          unzip "./dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip" -d ./test/linux
+          unzip ./dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip -d ./test/linux

          testVersion=$(./test/linux/bwdc -v)

@@ -129,9 +125,7 @@ jobs:
      _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
    steps:
      - name: Checkout repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Set up Node
        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
@@ -143,7 +137,7 @@ jobs:
      - name: Update NPM
        run: |
          npm install -g node-gyp
-          node-gyp install "$(node -v)"
+          node-gyp install $(node -v)

      - name: Keytar
        run: |
@@ -154,8 +148,8 @@ jobs:
          keytarUrl="https://github.com/atom/node-keytar/releases/download/v$keytarVersion/$keytarTarGz"

          mkdir -p ./keytar/macos
-          wget "$keytarUrl" -O "./keytar/macos/$keytarTarGz"
-          tar -xvf "./keytar/macos/$keytarTarGz" -C ./keytar/macos
+          wget $keytarUrl -O ./keytar/macos/$keytarTarGz
+          tar -xvf ./keytar/macos/$keytarTarGz -C ./keytar/macos

      - name: Install
        run: npm install
@@ -164,12 +158,12 @@ jobs:
        run: npm run dist:cli:mac

      - name: Zip
-        run: zip -j "dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip" "dist-cli/macos/bwdc" "keytar/macos/build/Release/keytar.node"
+        run: zip -j dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip dist-cli/macos/bwdc keytar/macos/build/Release/keytar.node

      - name: Version Test
        run: |
          mkdir -p test/macos
-          unzip "./dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip" -d ./test/macos
+          unzip ./dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip -d ./test/macos

          testVersion=$(./test/macos/bwdc -v)

@@ -200,9 +194,7 @@ jobs:
      _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
    steps:
      - name: Checkout repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Setup Windows builder
        run: |
@@ -249,7 +241,7 @@ jobs:
      - name: Version Test
        shell: pwsh
        run: |
-          Expand-Archive -Path "dist-cli\bwdc-windows-$env:_PACKAGE_VERSION.zip" -DestinationPath "test\windows"
+          Expand-Archive -Path "dist-cli\bwdc-windows-${{ env._PACKAGE_VERSION }}.zip" -DestinationPath "test\windows"
          $testVersion = Invoke-Expression '& .\test\windows\bwdc.exe -v'
          echo "version: ${env:_PACKAGE_VERSION}"
          echo "testVersion: $testVersion"
@@ -279,9 +271,7 @@ jobs:
      HUSKY: 0
    steps:
      - name: Checkout repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Set up Node
        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
@@ -379,9 +369,7 @@ jobs:
      HUSKY: 0
    steps:
      - name: Checkout repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Set up Node
        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
@@ -393,7 +381,7 @@ jobs:
      - name: Update NPM
        run: |
          npm install -g node-gyp
-          node-gyp install "$(node -v)"
+          node-gyp install $(node -v)

      - name: Set up environment
        run: |
@@ -439,9 +427,7 @@ jobs:
      HUSKY: 0
    steps:
      - name: Checkout repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Set up Node
        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
@@ -453,7 +439,7 @@ jobs:
      - name: Update NPM
        run: |
          npm install -g node-gyp
-          node-gyp install "$(node -v)"
+          node-gyp install $(node -v)

      - name: Print environment
        run: |
@@ -478,16 +464,16 @@ jobs:

      - name: Get certificates
        run: |
-          mkdir -p "$HOME/certificates"
+          mkdir -p $HOME/certificates

          az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert |
-            jq -r .value | base64 -d > "$HOME/certificates/devid-app-cert.p12"
+            jq -r .value | base64 -d > $HOME/certificates/devid-app-cert.p12

          az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert |
-            jq -r .value | base64 -d > "$HOME/certificates/devid-installer-cert.p12"
+            jq -r .value | base64 -d > $HOME/certificates/devid-installer-cert.p12

          az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
-            jq -r .value | base64 -d > "$HOME/certificates/macdev-cert.p12"
+            jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12

      - name: Log out from Azure
        uses: bitwarden/gh-actions/azure-logout@main
@@ -496,9 +482,9 @@ jobs:
        env:
          KEYCHAIN_PASSWORD: ${{ steps.get-kv-secrets.outputs.KEYCHAIN-PASSWORD }}
        run: |
-          security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
+          security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
          security default-keychain -s build.keychain
-          security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
+          security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
          security set-keychain-settings -lut 1200 build.keychain

          security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \
@@ -510,12 +496,12 @@ jobs:
          security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \
            -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild

-          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain
+          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain

      - name: Load package version
        run: |
          $rootPath = $env:GITHUB_WORKSPACE;
-          $packageVersion = (Get-Content -Raw -Path "$rootPath\package.json" | ConvertFrom-Json).version;
+          $packageVersion = (Get-Content -Raw -Path $rootPath\package.json | ConvertFrom-Json).version;

          Write-Output "Setting package version to $packageVersion";
          Write-Output "PACKAGE_VERSION=$packageVersion" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append;
@@ -525,12 +511,10 @@ jobs:
        run: npm install

      - name: Set up private auth key
-        env:
-          _APP_STORE_CONNECT_AUTH_KEY: ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-AUTH-KEY }}
        run: |
          mkdir ~/private_keys
          cat << EOF > ~/private_keys/AuthKey_UFD296548T.p8
-          ${_APP_STORE_CONNECT_AUTH_KEY}
+          ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-AUTH-KEY }}
          EOF

      - name: Build application
--- a/.github/workflows/integration-test.yml
+++ b/.github/workflows/integration-test.yml
@@ -2,36 +2,25 @@ name: Integration Testing

 on:
  workflow_dispatch:
-  # Integration tests are slow, so only run them if relevant files have changed.
-  # This is done at the workflow level and at the job level.
-  # Make sure these triggers stay consistent with the 'changed-files' job.
  push:
    branches:
-      - 'main'
-      - 'rc'
+      - "main"
    paths:
      - ".github/workflows/integration-test.yml" # this file
-      - "docker-compose.yml" # any change to Docker configuration
-      - "package.json" # dependencies
-      - "utils/**" # any change to test fixtures
-      - "src/services/sync.service.ts" # core sync service used by all directory services
-      - "src/services/directory-services/ldap-directory.service*" # LDAP directory service
-      - "src/services/directory-services/gsuite-directory.service*" # Google Workspace directory service
-      # Add directory services here as we add test coverage
+      - "src/services/ldap-directory.service*" # we only have integration for LDAP testing at the moment
+      - "./openldap/**/*" # any change to test fixtures
+      - "./docker-compose.yml" # any change to Docker configuration
+      - "./package.json" # dependencies
  pull_request:
    paths:
      - ".github/workflows/integration-test.yml" # this file
-      - "docker-compose.yml" # any change to Docker configuration
-      - "package.json" # dependencies
-      - "utils/**" # any change to test fixtures
-      - "src/services/sync.service.ts" # core sync service used by all directory services
-      - "src/services/directory-services/ldap-directory.service*" # LDAP directory service
-      - "src/services/directory-services/gsuite-directory.service*" # Google Workspace directory service
-      # Add directory services here as we add test coverage
+      - "src/services/ldap-directory.service*" # we only have integration for LDAP testing at the moment
+      - "./openldap/**/*" # any change to test fixtures
+      - "./docker-compose.yml" # any change to Docker configuration
+      - "./package.json" # dependencies
 permissions:
  contents: read
  checks: write # required by dorny/test-reporter to upload its results
-  id-token: write # required to use OIDC to login to Azure Key Vault
 jobs:
  testing:
    name: Run tests
@@ -40,16 +29,14 @@ jobs:

    steps:
      - name: Check out repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Get Node version
        id: retrieve-node-version
        run: |
          NODE_NVMRC=$(cat .nvmrc)
          NODE_VERSION=${NODE_NVMRC/v/''}
-          echo "node_version=$NODE_VERSION" >> "$GITHUB_OUTPUT"
+          echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT

      - name: Set up Node
        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
@@ -61,79 +48,23 @@ jobs:
      - name: Install Node dependencies
        run: npm ci

-      # Get secrets from Azure Key Vault
-      - name: Azure Login
-        uses: bitwarden/gh-actions/azure-login@main
-        with:
-          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
-          client_id: ${{ secrets.AZURE_CLIENT_ID }}
-
-      - name: Get KV Secrets
-        id: get-kv-secrets
-        uses: bitwarden/gh-actions/get-keyvault-secrets@main
-        with:
-          keyvault: gh-directory-connector
-          secrets: "GOOGLE-ADMIN-USER,GOOGLE-CLIENT-EMAIL,GOOGLE-DOMAIN,GOOGLE-PRIVATE-KEY"
-
-      - name: Azure Logout
-        uses: bitwarden/gh-actions/azure-logout@main
-
-      # Only run relevant tests depending on what files have changed.
-      # This should be kept consistent with the workflow level triggers.
-      # Note: docker-compose.yml is only used for ldap for now
-      - name: Get changed files
-        id: changed-files
-        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
-        with:
-          list-files: shell
-          token: ${{ secrets.GITHUB_TOKEN }}
-          # Add directory services here as we add test coverage
-          filters: |
-            common:
-              - '.github/workflows/integration-test.yml'
-              - 'utils/**'
-              - 'package.json'
-              - 'src/services/sync.service.ts'
-            ldap:
-              - 'docker-compose.yml'
-              - 'src/services/directory-services/ldap-directory.service*'
-            google:
-              - 'src/services/directory-services/gsuite-directory.service*'
-
-      # LDAP
-      - name: Setup LDAP integration tests
-        if: steps.changed-files.outputs.common == 'true' || steps.changed-files.outputs.ldap == 'true'
+      - name: Install mkcert
        run: |
          sudo apt-get update
          sudo apt-get -y install mkcert
-          npm run test:integration:setup

-      - name: Run LDAP integration tests
-        if: steps.changed-files.outputs.common == 'true' || steps.changed-files.outputs.ldap == 'true'
-        env:
-          JEST_JUNIT_UNIQUE_OUTPUT_NAME: "true" # avoids junit outputs from clashing
-        run: npx jest ldap-directory.service.integration.spec.ts --coverage --coverageDirectory=coverage-ldap
+      - name: Setup integration tests
+        run: npm run test:integration:setup

-      # Google Workspace
-      - name: Run Google Workspace integration tests
-        if: steps.changed-files.outputs.common == 'true' || steps.changed-files.outputs.google == 'true'
-        env:
-          GOOGLE_DOMAIN: ${{ steps.get-kv-secrets.outputs.GOOGLE-DOMAIN }}
-          GOOGLE_ADMIN_USER: ${{ steps.get-kv-secrets.outputs.GOOGLE-ADMIN-USER }}
-          GOOGLE_CLIENT_EMAIL: ${{ steps.get-kv-secrets.outputs.GOOGLE-CLIENT-EMAIL }}
-          GOOGLE_PRIVATE_KEY: ${{ steps.get-kv-secrets.outputs.GOOGLE-PRIVATE-KEY }}
-          JEST_JUNIT_UNIQUE_OUTPUT_NAME: "true" # avoids junit outputs from clashing
-        run: |
-          npx jest gsuite-directory.service.integration.spec.ts --coverage --coverageDirectory=coverage-google
+      - name: Run integration tests
+        run: npm run test:integration --coverage

      - name: Report test results
-        id: report
        uses: dorny/test-reporter@dc3a92680fcc15842eef52e8c4606ea7ce6bd3f3 # v2.1.1
-        if: github.event.pull_request.head.repo.full_name == github.repository && !cancelled()
+        if: ${{ github.event.pull_request.head.repo.full_name == github.repository && !cancelled() }}
        with:
          name: Test Results
-          path: "junit.xml*"
+          path: "junit.xml"
          reporter: jest-junit
          fail-on-error: true

--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -26,9 +26,7 @@ jobs:
      release_version: ${{ steps.version.outputs.version }}
    steps:
      - name: Checkout repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Branch check
        if: ${{ inputs.release_type != 'Dry Run' }}
--- a/.github/workflows/respond.yml
+++ b/.github/workflows/respond.yml
@@ -1,28 +0,0 @@
-name: Respond
-
-on:
-  issue_comment:
-    types: [created]
-  pull_request_review_comment:
-    types: [created]
-  issues:
-    types: [opened, assigned]
-  pull_request_review:
-    types: [submitted]
-
-permissions: {}
-
-jobs:
-  respond:
-    name: Respond
-    uses: bitwarden/gh-actions/.github/workflows/_respond.yml@main
-    secrets:
-      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
-      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
-    permissions:
-      actions: read
-      contents: write
-      id-token: write
-      issues: write
-      pull-requests: write
--- a/.github/workflows/review-code.yml
+++ b/.github/workflows/review-code.yml
@@ -1,21 +0,0 @@
-name: Code Review
-
-on:
-  pull_request:
-    types: [opened, synchronize, reopened, ready_for_review]
-
-permissions: {}
-
-jobs:
-  review:
-    name: Review
-    uses: bitwarden/gh-actions/.github/workflows/_review-code.yml@main
-    secrets:
-      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
-      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
-    permissions:
-      actions: read
-      contents: read
-      id-token: write
-      pull-requests: write
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -22,16 +22,14 @@ jobs:

    steps:
      - name: Check out repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Get Node version
        id: retrieve-node-version
        run: |
          NODE_NVMRC=$(cat .nvmrc)
          NODE_VERSION=${NODE_NVMRC/v/''}
-          echo "node_version=$NODE_VERSION" >> "$GITHUB_OUTPUT"
+          echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT

      - name: Set up Node
        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
--- a/.github/workflows/version-bump.yml
+++ b/.github/workflows/version-bump.yml
@@ -49,10 +49,9 @@ jobs:
          private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}

      - name: Checkout Branch
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          token: ${{ steps.app-token.outputs.token }}
-          persist-credentials: true

      - name: Setup git
        run: |
@@ -63,7 +62,7 @@ jobs:
        id: current-version
        run: |
          CURRENT_VERSION=$(cat package.json | jq -r '.version')
-          echo "version=$CURRENT_VERSION" >> "$GITHUB_OUTPUT"
+          echo "version=$CURRENT_VERSION" >> $GITHUB_OUTPUT

      - name: Verify input version
        if: ${{ inputs.version_number_override != '' }}
@@ -78,7 +77,8 @@ jobs:
          fi

          # Check if version is newer.
-          if printf '%s\n' "${CURRENT_VERSION}" "${NEW_VERSION}" | sort -C -V; then
+          printf '%s\n' "${CURRENT_VERSION}" "${NEW_VERSION}" | sort -C -V
+          if [ $? -eq 0 ]; then
            echo "Version check successful."
          else
            echo "Version check failed."
@@ -110,34 +110,26 @@ jobs:

      - name: Set final version output
        id: set-final-version-output
-        env:
-          _BUMP_VERSION_OVERRIDE_OUTCOME: ${{ steps.bump-version-override.outcome }}
-          _INPUT_VERSION_NUMBER_OVERRIDE: ${{ inputs.version_number_override }}
-          _BUMP_VERSION_AUTOMATIC_OUTCOME: ${{ steps.bump-version-automatic.outcome }}
-          _CALCULATE_NEXT_VERSION: ${{ steps.calculate-next-version.outputs.version }}
-          
        run: |
-          if [[ "$_BUMP_VERSION_OVERRIDE_OUTCOME" == "success" ]]; then
-            echo "version=$_INPUT_VERSION_NUMBER_OVERRIDE" >> "$GITHUB_OUTPUT"
-          elif [[ "$_BUMP_VERSION_AUTOMATIC_OUTCOME" == "success" ]]; then
-            echo "version=$_CALCULATE_NEXT_VERSION" >> "$GITHUB_OUTPUT"
+          if [[ "${{ steps.bump-version-override.outcome }}" == "success" ]]; then
+            echo "version=${{ inputs.version_number_override }}" >> $GITHUB_OUTPUT
+          elif [[ "${{ steps.bump-version-automatic.outcome }}" == "success" ]]; then
+            echo "version=${{ steps.calculate-next-version.outputs.version }}" >> $GITHUB_OUTPUT
          fi

      - name: Check if version changed
        id: version-changed
        run: |
          if [ -n "$(git status --porcelain)" ]; then
-            echo "changes_to_commit=TRUE" >> "$GITHUB_OUTPUT"
+            echo "changes_to_commit=TRUE" >> $GITHUB_OUTPUT
          else
-            echo "changes_to_commit=FALSE" >> "$GITHUB_OUTPUT"
+            echo "changes_to_commit=FALSE" >> $GITHUB_OUTPUT
            echo "No changes to commit!";
          fi

      - name: Commit files
        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
-        env:
-          _VERSION: ${{ steps.set-final-version-output.outputs.version }}
-        run: git commit -m "Bumped version to $_VERSION" -a
+        run: git commit -m "Bumped version to ${{ steps.set-final-version-output.outputs.version }}" -a

      - name: Push changes
        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
--- a/.gitignore
+++ b/.gitignore
@@ -2,9 +2,6 @@
 .DS_Store
 Thumbs.db

-# Environment variables used for tests
-.env
-
 # IDEs and editors
 .idea/
 .project
@@ -33,8 +30,8 @@ build-cli
 .angular/cache

 # Testing
-coverage*
-junit.xml*
+coverage
+junit.xml

 # Misc
 *.crx
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
  open-ldap:
-    image: bitnamilegacy/openldap:latest
+    image: bitnami/openldap:latest
    hostname: openldap
    environment:
      - LDAP_ADMIN_USERNAME=admin
@@ -11,8 +11,8 @@ services:
      - LDAP_TLS_KEY_FILE=/certs/openldap-key.pem
      - LDAP_TLS_CA_FILE=/certs/rootCA.pem
    volumes:
-      - "./utils/openldap/ldifs:/ldifs"
-      - "./utils/openldap/certs:/certs"
+      - "./openldap/ldifs:/ldifs"
+      - "./openldap/certs:/certs"
    ports:
      - "1389:1389"
      - "1636:1636"
--- a/jslib/angular/src/components/modal/modal-injector.ts
+++ b/jslib/angular/src/components/modal/modal-injector.ts
@@ -1,4 +1,4 @@
-import { InjectOptions, Injector, ProviderToken } from "@angular/core";
+import { InjectFlags, InjectOptions, Injector, ProviderToken } from "@angular/core";

 export class ModalInjector implements Injector {
  constructor(
@@ -12,7 +12,8 @@ export class ModalInjector implements Injector {
    options: InjectOptions & { optional?: false },
  ): T;
  get<T>(token: ProviderToken<T>, notFoundValue: null, options: InjectOptions): T;
-  get<T>(token: ProviderToken<T>, notFoundValue?: T, options?: InjectOptions): T;
+  get<T>(token: ProviderToken<T>, notFoundValue?: T, options?: InjectOptions | InjectFlags): T;
+  get<T>(token: ProviderToken<T>, notFoundValue?: T, flags?: InjectFlags): T;
  get(token: any, notFoundValue?: any): any;
  get(token: any, notFoundValue?: any, flags?: any): any {
    return this._additionalTokens.get(token) ?? this._parentInjector.get<any>(token, notFoundValue);
--- a/utils/openldap/example-ldifs/directory-100.ldif
+++ b/utils/openldap/example-ldifs/directory-100.ldif
--- a/utils/openldap/example-ldifs/directory-11000.ldif
+++ b/utils/openldap/example-ldifs/directory-11000.ldif
--- a/utils/openldap/example-ldifs/directory-250.ldif
+++ b/utils/openldap/example-ldifs/directory-250.ldif
--- a/utils/openldap/example-ldifs/directory-50.ldif
+++ b/utils/openldap/example-ldifs/directory-50.ldif
--- a/utils/openldap/example-ldifs/directory-500.ldif
+++ b/utils/openldap/example-ldifs/directory-500.ldif
--- a/utils/openldap/group-fixtures.ts
+++ b/utils/openldap/group-fixtures.ts
@@ -1,6 +1,6 @@
 import { Jsonify } from "type-fest";

-import { GroupEntry } from "@/src/models/groupEntry";
+import { GroupEntry } from "../src/models/groupEntry";

 // These must match the ldap server seed data in directory.ldif
 const data: Jsonify<GroupEntry>[] = [
@@ -35,29 +35,6 @@ const data: Jsonify<GroupEntry>[] = [
    externalId: "cn=Cleaners,ou=Janitorial,dc=bitwarden,dc=com",
    name: "Cleaners",
  },
-  {
-    userMemberExternalIds: [
-      "cn=Painterson Miki,ou=Product Development,dc=bitwarden,dc=com",
-      "cn=Virgina Pichocki,ou=Product Development,dc=bitwarden,dc=com",
-      "cn=Steffen Carsten,ou=Product Development,dc=bitwarden,dc=com",
-    ],
-    groupMemberReferenceIds: [],
-    users: [],
-    referenceId: "cn=DevOps Team,dc=bitwarden,dc=com",
-    externalId: "cn=DevOps Team,dc=bitwarden,dc=com",
-    name: "DevOps Team",
-  },
-  {
-    userMemberExternalIds: [
-      "cn=Angus Merizzi,ou=Management,dc=bitwarden,dc=com",
-      "cn=Grissel Currer,ou=Management,dc=bitwarden,dc=com",
-    ],
-    groupMemberReferenceIds: [],
-    users: [],
-    referenceId: "cn=Security Team,dc=bitwarden,dc=com",
-    externalId: "cn=Security Team,dc=bitwarden,dc=com",
-    name: "Security Team",
-  },
 ];

 export const groupFixtures = data.map((g) => GroupEntry.fromJSON(g));
--- a/utils/openldap/ldifs/directory-20.ldif
+++ b/utils/openldap/ldifs/directory-20.ldif
@@ -688,27 +688,4 @@ mobile: +1 804 319-5569
 pager: +1 804 815-3661
 roomNumber: 9273
 manager: cn=Inga Schnirer,ou=Product Testing,dc=bitwarden, dc=com
-secretary: cn=Keven Gilleland,ou=Administrative,dc=bitwarden, dc=com
-
-# DevOps Team and Security Team identify their members by the member uid attribute,
-# instead of the member Dn attribute.
-# These test that group membership by uid works correctly.
-
-dn: cn=DevOps Team,dc=bitwarden,dc=com
-changetype: add
-cn: DevOps Team
-gidnumber: 800
-memberuid: mikip
-memberuid: pichockv
-memberuid: carstens
-objectclass: posixGroup
-objectclass: top
-
-dn: cn=Security Team,dc=bitwarden,dc=com
-changetype: add
-cn: Security Team
-gidnumber: 900
-memberuid: merizzia
-memberuid: currerg
-objectclass: posixGroup
-objectclass: top
+secretary: cn=Keven Gilleland,ou=Administrative,dc=bitwarden, dc=com 
--- a/openldap/mkcert.sh
+++ b/openldap/mkcert.sh
@@ -0,0 +1,10 @@
+if ! [ -x "$(command -v mkcert)" ]; then
+  echo 'Error: mkcert is not installed. Install mkcert first and then re-run this script.'
+  echo 'e.g. brew install mkcert'
+  exit 1
+fi
+
+mkcert -install
+mkdir -p ./openldap/certs
+cp "$(mkcert -CAROOT)/rootCA.pem" ./openldap/certs/rootCA.pem
+mkcert -key-file ./openldap/certs/openldap-key.pem -cert-file ./openldap/certs/openldap.pem localhost openldap
--- a/utils/openldap/user-fixtures.ts
+++ b/utils/openldap/user-fixtures.ts
@@ -1,6 +1,6 @@
 import { Jsonify } from "type-fest";

-import { UserEntry } from "@/src/models/userEntry";
+import { UserEntry } from "../src/models/userEntry";

 // These must match the ldap server seed data in directory.ldif
 const data: Jsonify<UserEntry>[] = [
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
  "name": "@bitwarden/directory-connector",
  "productName": "Bitwarden Directory Connector",
  "description": "Sync your user directory to your Bitwarden organization.",
-  "version": "2025.11.0",
+  "version": "2025.8.0",
  "keywords": [
    "bitwarden",
    "password",
@@ -69,19 +69,19 @@
    "test:watch:all": "jest --watchAll --testPathIgnorePatterns=.integration.spec.ts",
    "test:integration": "jest .integration.spec.ts",
    "test:integration:watch": "jest .integration.spec.ts --watch",
-    "test:integration:setup": "sh ./utils/openldap/mkcert.sh && docker compose up -d",
+    "test:integration:setup": "sh ./openldap/mkcert.sh && docker compose up -d",
    "test:types": "npx tsc --noEmit"
  },
  "devDependencies": {
-    "@angular-devkit/build-angular": "20.3.3",
-    "@angular-eslint/eslint-plugin-template": "20.4.0",
-    "@angular-eslint/template-parser": "20.4.0",
-    "@angular/compiler-cli": "20.3.3",
+    "@angular-devkit/build-angular": "19.2.15",
+    "@angular-eslint/eslint-plugin-template": "19.8.0",
+    "@angular-eslint/template-parser": "19.8.0",
+    "@angular/compiler-cli": "19.2.14",
    "@electron/notarize": "2.5.0",
    "@electron/rebuild": "4.0.1",
    "@fluffy-spoon/substitute": "1.208.0",
-    "@microsoft/microsoft-graph-types": "2.43.1",
-    "@ngtools/webpack": "20.3.3",
+    "@microsoft/microsoft-graph-types": "2.40.0",
+    "@ngtools/webpack": "19.2.14",
    "@types/inquirer": "8.2.10",
    "@types/jest": "29.5.14",
    "@types/lowdb": "1.0.15",
@@ -90,16 +90,16 @@
    "@types/node-forge": "1.3.11",
    "@types/proper-lockfile": "4.1.4",
    "@types/tldjs": "2.3.4",
-    "@typescript-eslint/eslint-plugin": "8.46.0",
-    "@typescript-eslint/parser": "8.46.0",
-    "@yao-pkg/pkg": "5.16.1",
+    "@typescript-eslint/eslint-plugin": "8.43.0",
+    "@typescript-eslint/parser": "8.43.0",
+    "@yao-pkg/pkg": "6.5.1",
    "clean-webpack-plugin": "4.0.0",
    "concurrently": "9.2.0",
    "copy-webpack-plugin": "13.0.0",
    "cross-env": "7.0.3",
    "css-loader": "7.1.2",
    "dotenv": "17.2.0",
-    "electron": "39.1.0",
+    "electron": "37.4.0",
    "electron-builder": "24.13.3",
    "electron-log": "5.4.1",
    "electron-reload": "2.0.0-alpha.1",
@@ -112,7 +112,6 @@
    "eslint-plugin-rxjs": "5.0.3",
    "eslint-plugin-rxjs-angular": "2.0.1",
    "form-data": "4.0.4",
-    "glob": "11.1.0",
    "html-loader": "5.1.0",
    "html-webpack-plugin": "5.6.3",
    "husky": "9.1.7",
@@ -120,38 +119,38 @@
    "jest-junit": "16.0.0",
    "jest-mock-extended": "3.0.7",
    "jest-preset-angular": "14.6.0",
-    "lint-staged": "16.2.6",
+    "lint-staged": "16.1.2",
    "mini-css-extract-plugin": "2.9.2",
-    "minimatch": "5.1.2",
+    "node-abi": "3.75.0",
    "node-forge": "1.3.1",
    "node-loader": "2.1.0",
    "prettier": "3.6.2",
    "rimraf": "6.0.1",
    "rxjs": "7.8.2",
-    "sass": "1.93.2",
+    "sass": "1.92.1",
    "sass-loader": "16.0.5",
    "ts-jest": "29.4.1",
    "ts-loader": "9.5.2",
    "tsconfig-paths-webpack-plugin": "4.2.0",
-    "type-fest": "5.0.1",
+    "type-fest": "4.41.0",
    "typescript": "5.8.3",
-    "webpack": "5.102.1",
+    "webpack": "5.101.0",
    "webpack-cli": "6.0.1",
    "webpack-merge": "6.0.1",
    "webpack-node-externals": "3.0.0",
    "zone.js": "0.15.1"
  },
  "dependencies": {
-    "@angular/animations": "20.3.3",
-    "@angular/cdk": "20.2.7",
-    "@angular/cli": "20.3.3",
-    "@angular/common": "20.3.3",
-    "@angular/compiler": "20.3.3",
-    "@angular/core": "20.3.3",
-    "@angular/forms": "20.3.3",
-    "@angular/platform-browser": "20.3.3",
-    "@angular/platform-browser-dynamic": "20.3.3",
-    "@angular/router": "20.3.3",
+    "@angular/animations": "19.2.14",
+    "@angular/cdk": "19.2.14",
+    "@angular/cli": "19.2.14",
+    "@angular/common": "19.2.14",
+    "@angular/compiler": "19.2.14",
+    "@angular/core": "19.2.14",
+    "@angular/forms": "19.2.14",
+    "@angular/platform-browser": "19.2.14",
+    "@angular/platform-browser-dynamic": "19.2.14",
+    "@angular/router": "19.2.14",
    "@microsoft/microsoft-graph-client": "3.0.7",
    "big-integer": "1.6.52",
    "bootstrap": "5.3.7",
@@ -159,13 +158,15 @@
    "chalk": "4.1.2",
    "commander": "14.0.0",
    "form-data": "4.0.4",
-    "googleapis": "149.0.0",
+    "google-auth-library": "10.3.0",
+    "googleapis": "153.0.0",
+    "googleapis-common": "8.0.0",
    "https-proxy-agent": "7.0.6",
    "inquirer": "8.2.6",
    "keytar": "7.9.0",
    "ldapts": "8.0.1",
    "lowdb": "1.0.0",
-    "ngx-toastr": "19.1.0",
+    "ngx-toastr": "19.0.0",
    "node-fetch": "2.7.0",
    "parse5": "8.0.0",
    "proper-lockfile": "4.1.2",
--- a/src/abstractions/directory-factory.service.ts
+++ b/src/abstractions/directory-factory.service.ts
@@ -1,5 +1,5 @@
 import { DirectoryType } from "@/src/enums/directoryType";
-import { IDirectoryService } from "@/src/services/directory-services/directory.service";
+import { IDirectoryService } from "@/src/services/directory.service";

 export abstract class DirectoryFactoryService {
  abstract createService(type: DirectoryType): IDirectoryService;
--- a/src/locales/en/messages.json
+++ b/src/locales/en/messages.json
@@ -768,8 +768,5 @@
    },
    "launchWebVault": {
        "message": "Launch Web Vault"
-    },
-    "authenticationFailed": {
-        "message": "Authentication failed"
    }
 }
--- a/src/services/batch-requests-builder.spec.ts
+++ b/src/services/batch-requests-builder.spec.ts
@@ -2,8 +2,8 @@ import { GetUniqueString } from "@/jslib/common/spec/utils";

 import { UserEntry } from "@/src/models/userEntry";

-import { groupSimulator, userSimulator } from "../../utils/request-builder-helper";
 import { RequestBuilderOptions } from "../abstractions/request-builder.service";
+import { groupSimulator, userSimulator } from "../utils/request-builder-helper";

 import { BatchRequestBuilder } from "./batch-request-builder";

--- a/src/services/directory-factory.service.ts
+++ b/src/services/directory-factory.service.ts
@@ -5,11 +5,11 @@ import { DirectoryFactoryService } from "../abstractions/directory-factory.servi
 import { StateService } from "../abstractions/state.service";
 import { DirectoryType } from "../enums/directoryType";

-import { EntraIdDirectoryService } from "./directory-services/entra-id-directory.service";
-import { GSuiteDirectoryService } from "./directory-services/gsuite-directory.service";
-import { LdapDirectoryService } from "./directory-services/ldap-directory.service";
-import { OktaDirectoryService } from "./directory-services/okta-directory.service";
-import { OneLoginDirectoryService } from "./directory-services/onelogin-directory.service";
+import { EntraIdDirectoryService } from "./entra-id-directory.service";
+import { GSuiteDirectoryService } from "./gsuite-directory.service";
+import { LdapDirectoryService } from "./ldap-directory.service";
+import { OktaDirectoryService } from "./okta-directory.service";
+import { OneLoginDirectoryService } from "./onelogin-directory.service";

 export class DefaultDirectoryFactoryService implements DirectoryFactoryService {
  constructor(
--- a/src/services/directory-services/gsuite-directory.service.integration.spec.ts
+++ b/src/services/directory-services/gsuite-directory.service.integration.spec.ts
@@ -1,85 +0,0 @@
-import { config as dotenvConfig } from "dotenv";
-import { mock, MockProxy } from "jest-mock-extended";
-
-import { I18nService } from "../../../jslib/common/src/abstractions/i18n.service";
-import { LogService } from "../../../jslib/common/src/abstractions/log.service";
-import {
-  getGSuiteConfiguration,
-  getSyncConfiguration,
-} from "../../../utils/google-workspace/config-fixtures";
-import { groupFixtures } from "../../../utils/google-workspace/group-fixtures";
-import { userFixtures } from "../../../utils/google-workspace/user-fixtures";
-import { DirectoryType } from "../../enums/directoryType";
-import { StateService } from "../state.service";
-
-import { GSuiteDirectoryService } from "./gsuite-directory.service";
-
-// These tests integrate with a test Google Workspace instance.
-// Credentials are located in the shared Bitwarden collection for Directory Connector testing.
-// Place the .env file attachment in the utils folder.
-
-// Load .env variables
-dotenvConfig({ path: "utils/.env" });
-
-// These filters target integration test data.
-// These should return data that matches the user and group fixtures exactly.
-// There may be additional data present if not used.
-const INTEGRATION_USER_FILTER = "|orgUnitPath='/Integration testing'";
-const INTEGRATION_GROUP_FILTER = "|name:Integration*";
-
-// These tests are slow!
-// Increase the default timeout from 5s to 15s
-jest.setTimeout(15000);
-
-describe("gsuiteDirectoryService", () => {
-  let logService: MockProxy<LogService>;
-  let i18nService: MockProxy<I18nService>;
-  let stateService: MockProxy<StateService>;
-
-  let directoryService: GSuiteDirectoryService;
-
-  beforeEach(() => {
-    logService = mock();
-    i18nService = mock();
-    stateService = mock();
-
-    stateService.getDirectoryType.mockResolvedValue(DirectoryType.GSuite);
-    stateService.getLastUserSync.mockResolvedValue(null); // do not filter results by last modified date
-    i18nService.t.mockImplementation((id) => id); // passthrough implementation for any error  messages
-
-    directoryService = new GSuiteDirectoryService(logService, i18nService, stateService);
-  });
-
-  it("syncs without using filters (includes test data)", async () => {
-    const directoryConfig = getGSuiteConfiguration();
-    stateService.getDirectory.calledWith(DirectoryType.GSuite).mockResolvedValue(directoryConfig);
-
-    const syncConfig = getSyncConfiguration({
-      groups: true,
-      users: true,
-    });
-    stateService.getSync.mockResolvedValue(syncConfig);
-
-    const result = await directoryService.getEntries(true, true);
-
-    expect(result[0]).toEqual(expect.arrayContaining(groupFixtures));
-    expect(result[1]).toEqual(expect.arrayContaining(userFixtures));
-  });
-
-  it("syncs using user and group filters (exact match for test data)", async () => {
-    const directoryConfig = getGSuiteConfiguration();
-    stateService.getDirectory.calledWith(DirectoryType.GSuite).mockResolvedValue(directoryConfig);
-
-    const syncConfig = getSyncConfiguration({
-      groups: true,
-      users: true,
-      userFilter: INTEGRATION_USER_FILTER,
-      groupFilter: INTEGRATION_GROUP_FILTER,
-    });
-    stateService.getSync.mockResolvedValue(syncConfig);
-
-    const result = await directoryService.getEntries(true, true);
-
-    expect(result).toEqual([groupFixtures, userFixtures]);
-  });
-});
--- a/src/services/directory-services/directory.service.ts
+++ b/src/services/directory-services/directory.service.ts
@@ -1,5 +1,5 @@
-import { GroupEntry } from "../../models/groupEntry";
-import { UserEntry } from "../../models/userEntry";
+import { GroupEntry } from "../models/groupEntry";
+import { UserEntry } from "../models/userEntry";

 export interface IDirectoryService {
  getEntries(force: boolean, test: boolean): Promise<[GroupEntry[], UserEntry[]]>;
--- a/src/services/directory-services/entra-id-directory.service.ts
+++ b/src/services/directory-services/entra-id-directory.service.ts
@@ -7,14 +7,14 @@ import * as graphType from "@microsoft/microsoft-graph-types";
 import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
 import { LogService } from "@/jslib/common/src/abstractions/log.service";

-import { StateService } from "../../abstractions/state.service";
-import { DirectoryType } from "../../enums/directoryType";
-import { EntraIdConfiguration } from "../../models/entraIdConfiguration";
-import { GroupEntry } from "../../models/groupEntry";
-import { SyncConfiguration } from "../../models/syncConfiguration";
-import { UserEntry } from "../../models/userEntry";
-import { BaseDirectoryService } from "../baseDirectory.service";
+import { StateService } from "../abstractions/state.service";
+import { DirectoryType } from "../enums/directoryType";
+import { EntraIdConfiguration } from "../models/entraIdConfiguration";
+import { GroupEntry } from "../models/groupEntry";
+import { SyncConfiguration } from "../models/syncConfiguration";
+import { UserEntry } from "../models/userEntry";

+import { BaseDirectoryService } from "./baseDirectory.service";
 import { IDirectoryService } from "./directory.service";

 const EntraIdPublicIdentityAuthority = "login.microsoftonline.com";
--- a/src/services/directory-services/gsuite-directory.service.ts
+++ b/src/services/directory-services/gsuite-directory.service.ts
@@ -4,14 +4,14 @@ import { admin_directory_v1, google } from "googleapis";
 import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
 import { LogService } from "@/jslib/common/src/abstractions/log.service";

-import { StateService } from "../../abstractions/state.service";
-import { DirectoryType } from "../../enums/directoryType";
-import { GroupEntry } from "../../models/groupEntry";
-import { GSuiteConfiguration } from "../../models/gsuiteConfiguration";
-import { SyncConfiguration } from "../../models/syncConfiguration";
-import { UserEntry } from "../../models/userEntry";
-import { BaseDirectoryService } from "../baseDirectory.service";
+import { StateService } from "../abstractions/state.service";
+import { DirectoryType } from "../enums/directoryType";
+import { GroupEntry } from "../models/groupEntry";
+import { GSuiteConfiguration } from "../models/gsuiteConfiguration";
+import { SyncConfiguration } from "../models/syncConfiguration";
+import { UserEntry } from "../models/userEntry";

+import { BaseDirectoryService } from "./baseDirectory.service";
 import { IDirectoryService } from "./directory.service";

 export class GSuiteDirectoryService extends BaseDirectoryService implements IDirectoryService {
@@ -253,15 +253,7 @@ export class GSuiteDirectoryService extends BaseDirectoryService implements IDir
      ],
    });

-    try {
-      await this.client.authorize();
-    } catch (error) {
-      // Catch and rethrow this to sanitize any sensitive info (e.g. private key) in the error message
-      this.logService.error(
-        `Google Workspace authentication failed: ${error?.name || "Unknown error"}`,
-      );
-      throw new Error(this.i18nService.t("authenticationFailed"));
-    }
+    await this.client.authorize();

    this.authParams = {
      auth: this.client,
--- a/src/services/directory-services/ldap-directory.service.integration.spec.ts
+++ b/src/services/directory-services/ldap-directory.service.integration.spec.ts
@@ -1,17 +1,14 @@
 import { mock, MockProxy } from "jest-mock-extended";

-import { I18nService } from "../../../jslib/common/src/abstractions/i18n.service";
-import { LogService } from "../../../jslib/common/src/abstractions/log.service";
-import {
-  getLdapConfiguration,
-  getSyncConfiguration,
-} from "../../../utils/openldap/config-fixtures";
-import { groupFixtures } from "../../../utils/openldap/group-fixtures";
-import { userFixtures } from "../../../utils/openldap/user-fixtures";
-import { DirectoryType } from "../../enums/directoryType";
-import { StateService } from "../state.service";
+import { I18nService } from "../../jslib/common/src/abstractions/i18n.service";
+import { LogService } from "../../jslib/common/src/abstractions/log.service";
+import { groupFixtures } from "../../openldap/group-fixtures";
+import { userFixtures } from "../../openldap/user-fixtures";
+import { DirectoryType } from "../enums/directoryType";
+import { getLdapConfiguration, getSyncConfiguration } from "../utils/test-fixtures";

 import { LdapDirectoryService } from "./ldap-directory.service";
+import { StateService } from "./state.service";

 // These tests integrate with the OpenLDAP docker image and seed data located in the openldap folder.
 // To run theses tests:
@@ -55,7 +52,7 @@ describe("ldapDirectoryService", () => {
        getLdapConfiguration({
          ssl: true,
          startTls: true,
-          tlsCaPath: "./utils/openldap/certs/rootCA.pem",
+          tlsCaPath: "./openldap/certs/rootCA.pem",
        }),
      );
      stateService.getSync.mockResolvedValue(getSyncConfiguration({ groups: true, users: true }));
@@ -70,7 +67,7 @@ describe("ldapDirectoryService", () => {
        getLdapConfiguration({
          port: 1636,
          ssl: true,
-          sslCaPath: "./utils/openldap/certs/rootCA.pem",
+          sslCaPath: "./openldap/certs/rootCA.pem",
        }),
      );
      stateService.getSync.mockResolvedValue(getSyncConfiguration({ groups: true, users: true }));
--- a/src/services/directory-services/ldap-directory.service.ts
+++ b/src/services/directory-services/ldap-directory.service.ts
@@ -7,12 +7,12 @@ import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
 import { LogService } from "@/jslib/common/src/abstractions/log.service";
 import { Utils } from "@/jslib/common/src/misc/utils";

-import { StateService } from "../../abstractions/state.service";
-import { DirectoryType } from "../../enums/directoryType";
-import { GroupEntry } from "../../models/groupEntry";
-import { LdapConfiguration } from "../../models/ldapConfiguration";
-import { SyncConfiguration } from "../../models/syncConfiguration";
-import { UserEntry } from "../../models/userEntry";
+import { StateService } from "../abstractions/state.service";
+import { DirectoryType } from "../enums/directoryType";
+import { GroupEntry } from "../models/groupEntry";
+import { LdapConfiguration } from "../models/ldapConfiguration";
+import { SyncConfiguration } from "../models/syncConfiguration";
+import { UserEntry } from "../models/userEntry";

 import { IDirectoryService } from "./directory.service";

@@ -118,7 +118,7 @@ export class LdapDirectoryService implements IDirectoryService {
        [delControl],
      );
      return regularUsers.concat(deletedUsers);
-    } catch {
+    } catch (e) {
      this.logService.warning("Cannot query deleted users.");
      return regularUsers;
    }
@@ -192,21 +192,14 @@ export class LdapDirectoryService implements IDirectoryService {
      this.syncConfig.userFilter,
    );
    const userPath = this.makeSearchPath(this.syncConfig.userPath);
-    const userDnMap = new Map<string, string>();
-    const userUidMap = new Map<string, string>();
+    const userIdMap = new Map<string, string>();
    await this.search<string>(userPath, userFilter, (se: any) => {
-      const dn = this.getReferenceId(se);
-      const uid = this.getAttr<string>(se, "uid");
-      const externalId = this.getExternalId(se, dn);
-      userDnMap.set(dn, externalId);
-      if (uid != null) {
-        userUidMap.set(uid.toLowerCase(), externalId);
-      }
+      userIdMap.set(this.getReferenceId(se), this.getExternalId(se, this.getReferenceId(se)));
      return se;
    });

    for (const se of groupSearchEntries) {
-      const group = this.buildGroup(se, userDnMap, userUidMap);
+      const group = this.buildGroup(se, userIdMap);
      if (group != null) {
        entries.push(group);
      }
@@ -215,20 +208,7 @@ export class LdapDirectoryService implements IDirectoryService {
    return entries;
  }

-  /**
-   * Builds a GroupEntry from LDAP search results, including membership.
-   * Supports user membership by DN or UID and nested group membership by DN.
-   *
-   * @param searchEntry - The LDAP search entry containing group data
-   * @param userDnMap - Map of user DNs to their external IDs
-   * @param userUidMap - Map of user UIDs to their external IDs
-   * @returns A populated GroupEntry object, or null if the group lacks required properties
-   */
-  private buildGroup(
-    searchEntry: any,
-    userDnMap: Map<string, string>,
-    userUidMap: Map<string, string>,
-  ) {
+  private buildGroup(searchEntry: any, userMap: Map<string, string>) {
    const group = new GroupEntry();
    group.referenceId = this.getReferenceId(searchEntry);
    if (group.referenceId == null) {
@@ -248,34 +228,11 @@ export class LdapDirectoryService implements IDirectoryService {

    const members = this.getAttrVals<string>(searchEntry, this.syncConfig.memberAttribute);
    if (members != null) {
-      // Parses a group member attribute and identifies it as a member DN, member Uid, or a group Dn
-      const getMemberAttributeType = (member: string): "memberDn" | "memberUid" | "groupDn" => {
-        const isDnLike = member.includes("=") && member.includes(",");
-        if (isDnLike) {
-          return userDnMap.has(member) ? "memberDn" : "groupDn";
-        }
-        return "memberUid";
-      };
-
-      for (const member of members) {
-        switch (getMemberAttributeType(member)) {
-          case "memberDn": {
-            const externalId = userDnMap.get(member);
-            if (externalId != null) {
-              group.userMemberExternalIds.add(externalId);
-            }
-            break;
-          }
-          case "memberUid": {
-            const externalId = userUidMap.get(member.toLowerCase());
-            if (externalId != null) {
-              group.userMemberExternalIds.add(externalId);
-            }
-            break;
-          }
-          case "groupDn":
-            group.groupMemberReferenceIds.add(member);
-            break;
+      for (const memDn of members) {
+        if (userMap.has(memDn) && !group.userMemberExternalIds.has(userMap.get(memDn))) {
+          group.userMemberExternalIds.add(userMap.get(memDn));
+        } else if (!group.groupMemberReferenceIds.has(memDn)) {
+          group.groupMemberReferenceIds.add(memDn);
        }
      }
    }
--- a/src/services/directory-services/okta-directory.service.ts
+++ b/src/services/directory-services/okta-directory.service.ts
@@ -3,14 +3,14 @@ import * as https from "https";
 import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
 import { LogService } from "@/jslib/common/src/abstractions/log.service";

-import { StateService } from "../../abstractions/state.service";
-import { DirectoryType } from "../../enums/directoryType";
-import { GroupEntry } from "../../models/groupEntry";
-import { OktaConfiguration } from "../../models/oktaConfiguration";
-import { SyncConfiguration } from "../../models/syncConfiguration";
-import { UserEntry } from "../../models/userEntry";
-import { BaseDirectoryService } from "../baseDirectory.service";
+import { StateService } from "../abstractions/state.service";
+import { DirectoryType } from "../enums/directoryType";
+import { GroupEntry } from "../models/groupEntry";
+import { OktaConfiguration } from "../models/oktaConfiguration";
+import { SyncConfiguration } from "../models/syncConfiguration";
+import { UserEntry } from "../models/userEntry";

+import { BaseDirectoryService } from "./baseDirectory.service";
 import { IDirectoryService } from "./directory.service";

 const DelayBetweenBuildGroupCallsInMilliseconds = 500;
--- a/src/services/directory-services/onelogin-directory.service.ts
+++ b/src/services/directory-services/onelogin-directory.service.ts
@@ -1,14 +1,14 @@
 import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
 import { LogService } from "@/jslib/common/src/abstractions/log.service";

-import { StateService } from "../../abstractions/state.service";
-import { DirectoryType } from "../../enums/directoryType";
-import { GroupEntry } from "../../models/groupEntry";
-import { OneLoginConfiguration } from "../../models/oneLoginConfiguration";
-import { SyncConfiguration } from "../../models/syncConfiguration";
-import { UserEntry } from "../../models/userEntry";
-import { BaseDirectoryService } from "../baseDirectory.service";
+import { StateService } from "../abstractions/state.service";
+import { DirectoryType } from "../enums/directoryType";
+import { GroupEntry } from "../models/groupEntry";
+import { OneLoginConfiguration } from "../models/oneLoginConfiguration";
+import { SyncConfiguration } from "../models/syncConfiguration";
+import { UserEntry } from "../models/userEntry";

+import { BaseDirectoryService } from "./baseDirectory.service";
 import { IDirectoryService } from "./directory.service";

 // Basic email validation: something@something.something
--- a/src/services/single-request-builder.spec.ts
+++ b/src/services/single-request-builder.spec.ts
@@ -2,8 +2,8 @@ import { GetUniqueString } from "@/jslib/common/spec/utils";

 import { UserEntry } from "@/src/models/userEntry";

-import { groupSimulator, userSimulator } from "../../utils/request-builder-helper";
 import { RequestBuilderOptions } from "../abstractions/request-builder.service";
+import { groupSimulator, userSimulator } from "../utils/request-builder-helper";

 import { SingleRequestBuilder } from "./single-request-builder";

--- a/src/services/sync.service.integration.spec.ts
+++ b/src/services/sync.service.integration.spec.ts
@@ -7,20 +7,19 @@ import { EnvironmentService } from "@/jslib/common/src/services/environment.serv

 import { I18nService } from "../../jslib/common/src/abstractions/i18n.service";
 import { LogService } from "../../jslib/common/src/abstractions/log.service";
-import { getLdapConfiguration, getSyncConfiguration } from "../../utils/openldap/config-fixtures";
+import { groupFixtures } from "../../openldap/group-fixtures";
+import { userFixtures } from "../../openldap/user-fixtures";
 import { DirectoryFactoryService } from "../abstractions/directory-factory.service";
 import { DirectoryType } from "../enums/directoryType";
+import { getLdapConfiguration, getSyncConfiguration } from "../utils/test-fixtures";

 import { BatchRequestBuilder } from "./batch-request-builder";
-import { LdapDirectoryService } from "./directory-services/ldap-directory.service";
+import { LdapDirectoryService } from "./ldap-directory.service";
 import { SingleRequestBuilder } from "./single-request-builder";
 import { StateService } from "./state.service";
 import { SyncService } from "./sync.service";
 import * as constants from "./sync.service";

-import { groupFixtures } from "@/utils/openldap/group-fixtures";
-import { userFixtures } from "@/utils/openldap/user-fixtures";
-
 describe("SyncService", () => {
  let logService: MockProxy<LogService>;
  let i18nService: MockProxy<I18nService>;
@@ -124,10 +123,7 @@ describe("SyncService", () => {
      expect(apiService.postPublicImportDirectory).toHaveBeenCalledWith(
        expect.objectContaining({ overwriteExisting: false }),
      );
-
-      // The expected number of calls may change if more data is added to the ldif
-      // Make sure it equals (number of users / 4) + (number of groups / 4)
-      expect(apiService.postPublicImportDirectory).toHaveBeenCalledTimes(7);
+      expect(apiService.postPublicImportDirectory).toHaveBeenCalledTimes(6);

      // @ts-expect-error Reset batch size to original state.
      constants.batchSize = originalBatchSize;
--- a/src/services/sync.service.spec.ts
+++ b/src/services/sync.service.spec.ts
@@ -6,20 +6,20 @@ import { MessagingService } from "@/jslib/common/src/abstractions/messaging.serv
 import { OrganizationImportRequest } from "@/jslib/common/src/models/request/organizationImportRequest";
 import { ApiService } from "@/jslib/common/src/services/api.service";

-import { getSyncConfiguration } from "../../utils/openldap/config-fixtures";
 import { DirectoryFactoryService } from "../abstractions/directory-factory.service";
 import { DirectoryType } from "../enums/directoryType";
+import { getSyncConfiguration } from "../utils/test-fixtures";

 import { BatchRequestBuilder } from "./batch-request-builder";
-import { LdapDirectoryService } from "./directory-services/ldap-directory.service";
 import { I18nService } from "./i18n.service";
+import { LdapDirectoryService } from "./ldap-directory.service";
 import { SingleRequestBuilder } from "./single-request-builder";
 import { StateService } from "./state.service";
 import { SyncService } from "./sync.service";
 import * as constants from "./sync.service";

-import { groupFixtures } from "@/utils/openldap/group-fixtures";
-import { userFixtures } from "@/utils/openldap/user-fixtures";
+import { groupFixtures } from "@/openldap/group-fixtures";
+import { userFixtures } from "@/openldap/user-fixtures";

 describe("SyncService", () => {
  let cryptoFunctionService: MockProxy<CryptoFunctionService>;
--- a/src/utils/request-builder-helper.ts
+++ b/src/utils/request-builder-helper.ts
@@ -1,7 +1,7 @@
 import { GetUniqueString } from "@/jslib/common/spec/utils";

-import { GroupEntry } from "../src/models/groupEntry";
-import { UserEntry } from "../src/models/userEntry";
+import { GroupEntry } from "../models/groupEntry";
+import { UserEntry } from "../models/userEntry";

 export function userSimulator(userCount: number): UserEntry[] {
  const users: UserEntry[] = [];
--- a/utils/openldap/config-fixtures.ts
+++ b/utils/openldap/config-fixtures.ts
@@ -1,5 +1,5 @@
-import { LdapConfiguration } from "../../src/models/ldapConfiguration";
-import { SyncConfiguration } from "../../src/models/syncConfiguration";
+import { LdapConfiguration } from "../models/ldapConfiguration";
+import { SyncConfiguration } from "../models/syncConfiguration";

 /**
 * @returns a basic ldap configuration without TLS/SSL enabled. Can be overridden by passing in a partial configuration.
--- a/utils/.env.example
+++ b/utils/.env.example
@@ -1,4 +0,0 @@
-GOOGLE_DOMAIN=
-GOOGLE_ADMIN_USER=
-GOOGLE_CLIENT_EMAIL=
-GOOGLE_PRIVATE_KEY=
--- a/utils/google-workspace/config-fixtures.ts
+++ b/utils/google-workspace/config-fixtures.ts
@@ -1,56 +0,0 @@
-import { GSuiteConfiguration } from "../../src/models/gsuiteConfiguration";
-import { SyncConfiguration } from "../../src/models/syncConfiguration";
-
-/**
- * @returns a basic GSuite configuration. Can be overridden by passing in a partial configuration.
- */
-export const getGSuiteConfiguration = (
-  config?: Partial<GSuiteConfiguration>,
-): GSuiteConfiguration => {
-  const adminUser = process.env.GOOGLE_ADMIN_USER;
-  const clientEmail = process.env.GOOGLE_CLIENT_EMAIL;
-  const privateKey = process.env.GOOGLE_PRIVATE_KEY;
-  const domain = process.env.GOOGLE_DOMAIN;
-
-  if (!adminUser || !clientEmail || !privateKey || !domain) {
-    throw new Error("Google Workspace integration test credentials not configured.");
-  }
-
-  return {
-    // TODO
-    adminUser,
-    clientEmail,
-    privateKey,
-    domain: domain,
-    customer: "",
-    ...(config ?? {}),
-  };
-};
-
-/**
- * @returns a basic Google Workspace sync configuration. Can be overridden by passing in a partial configuration.
- */
-export const getSyncConfiguration = (config?: Partial<SyncConfiguration>): SyncConfiguration => ({
-  users: false,
-  groups: false,
-  interval: 5,
-  userFilter: "",
-  groupFilter: "",
-  removeDisabled: false,
-  overwriteExisting: false,
-  largeImport: false,
-  // Ldap properties - not optional for some reason
-  groupObjectClass: "",
-  userObjectClass: "",
-  groupPath: null,
-  userPath: null,
-  groupNameAttribute: "",
-  userEmailAttribute: "",
-  memberAttribute: "",
-  useEmailPrefixSuffix: false,
-  emailPrefixAttribute: "",
-  emailSuffix: null,
-  creationDateAttribute: "",
-  revisionDateAttribute: "",
-  ...(config ?? {}),
-});
--- a/utils/google-workspace/group-fixtures.ts
+++ b/utils/google-workspace/group-fixtures.ts
@@ -1,26 +0,0 @@
-import { Jsonify } from "type-fest";
-
-import { GroupEntry } from "../../src/models/groupEntry";
-
-// These must match the Google Workspace seed data
-
-const data: Jsonify<GroupEntry>[] = [
-  {
-    externalId: "0319y80a3anpxhj",
-    groupMemberReferenceIds: [],
-    name: "Integration Test Group A",
-    referenceId: "0319y80a3anpxhj",
-    userMemberExternalIds: ["111605910541641314041", "111147009830456099026"],
-    users: [],
-  },
-  {
-    externalId: "02afmg28317uyub",
-    groupMemberReferenceIds: [],
-    name: "Integration Test Group B",
-    referenceId: "02afmg28317uyub",
-    userMemberExternalIds: ["111147009830456099026", "100150970267699397306"],
-    users: [],
-  },
-];
-
-export const groupFixtures = data.map((g) => GroupEntry.fromJSON(g));
--- a/utils/google-workspace/user-fixtures.ts
+++ b/utils/google-workspace/user-fixtures.ts
@@ -1,50 +0,0 @@
-import { Jsonify } from "type-fest";
-
-import { UserEntry } from "../../src/models/userEntry";
-
-// These must match the Google Workspace seed data
-
-const data: Jsonify<UserEntry>[] = [
-  // In Group A
-  {
-    deleted: false,
-    disabled: false,
-    email: "testuser1@bwrox.dev",
-    externalId: "111605910541641314041",
-    referenceId: "111605910541641314041",
-  },
-  // In Groups A + B
-  {
-    deleted: false,
-    disabled: false,
-    email: "testuser2@bwrox.dev",
-    externalId: "111147009830456099026",
-    referenceId: "111147009830456099026",
-  },
-  // In Group B
-  {
-    deleted: false,
-    disabled: false,
-    email: "testuser3@bwrox.dev",
-    externalId: "100150970267699397306",
-    referenceId: "100150970267699397306",
-  },
-  // Not in a group
-  {
-    deleted: false,
-    disabled: false,
-    email: "testuser4@bwrox.dev",
-    externalId: "113764752650306721470",
-    referenceId: "113764752650306721470",
-  },
-  // Disabled user
-  {
-    deleted: false,
-    disabled: true,
-    email: "testuser5@bwrox.dev",
-    externalId: "110381976819725658200",
-    referenceId: "110381976819725658200",
-  },
-];
-
-export const userFixtures = data.map((g) => UserEntry.fromJSON(g));
--- a/utils/openldap/mkcert.sh
+++ b/utils/openldap/mkcert.sh
@@ -1,10 +0,0 @@
-if ! [ -x "$(command -v mkcert)" ]; then
-  echo 'Error: mkcert is not installed. Install mkcert first and then re-run this script.'
-  echo 'e.g. brew install mkcert'
-  exit 1
-fi
-
-mkcert -install
-mkdir -p ./utils/openldap/certs
-cp "$(mkcert -CAROOT)/rootCA.pem" ./utils/openldap/certs/rootCA.pem
-mkcert -key-file ./utils/openldap/certs/openldap-key.pem -cert-file ./utils/openldap/certs/openldap.pem localhost openldap
Author	SHA1	Message	Date
Jimmy Vo	70039fea03	undo	2025-09-18 17:02:44 -04:00
Jimmy Vo	f0d5bfe495	merge main	2025-09-18 16:59:59 -04:00
Jimmy Vo	ff3f4faa8f	[PM-24898] Upgrade Yao	2025-09-11 15:25:16 -04:00