update package-lock.json

testing for Ac
2025-12-15 07:43:27 +00:00 · 2025-07-22 14:10:49 -05:00 · 2025-07-22 11:44:01 -05:00
68 changed files with 5232 additions and 9233 deletions
--- a/.claude/CLAUDE.md
+++ b/.claude/CLAUDE.md
@@ -1,203 +0,0 @@
 # Bitwarden Directory Connector
 ## Project Overview
 Directory Connector is a TypeScript application that synchronizes users and groups from directory services to Bitwarden organizations. It provides both a desktop GUI (built with Angular and Electron) and a CLI tool (bwdc).
 **Supported Directory Services:**
 - LDAP (Lightweight Directory Access Protocol) - includes Active Directory and general LDAP servers
 - Microsoft Entra ID (formerly Azure Active Directory)
 - Google Workspace
 - Okta
 - OneLogin
 **Technologies:**
 - TypeScript
 - Angular (GUI)
 - Electron (Desktop wrapper)
 - Node
 - Jest for testing
 ## Code Architecture & Structure
 ### Directory Organization
 ```
 src/
 ├── abstractions/       # Interface definitions (e.g., IDirectoryService)
 ├── services/          # Business logic implementations for directory services, sync, auth
 ├── models/            # Data models (UserEntry, GroupEntry, etc.)
 ├── commands/          # CLI command implementations
 ├── app/               # Angular GUI components
 └── utils/             # Test utilities and fixtures
 src-cli/               # CLI-specific code (imports common code from src/)
 jslib/                 # Legacy folder structure (mix of deprecated/unused and current code - new code should not be added here)
 ```
 ### Key Architectural Patterns
 1. **Abstractions = Interfaces**: All interfaces are defined in `/abstractions`
 2. **Services = Business Logic**: Implementations live in `/services`
 3. **Directory Service Pattern**: Each directory provider implements `IDirectoryService` interface
 4. **Separation of Concerns**: GUI (Angular app) and CLI (commands) share the same service layer
 ## Development Conventions
 ### Code Organization
 **File Naming:**
 - kebab-case for files: `ldap-directory.service.ts`
 - Descriptive names that reflect purpose
 **Class/Function Naming:**
 - PascalCase for classes and interfaces
 - camelCase for functions and variables
 - Descriptive names that indicate purpose
 **File Structure:**
 - Keep files focused on single responsibility
 - Create new service files for distinct directory integrations
 - Separate models into individual files when complex
 ### TypeScript Conventions
 **Import Patterns:**
 - Use path aliases (`@/`) for project imports
  - `@/` - project root
  - `@/jslib/` - jslib folder
 - ESLint enforces alphabetized import ordering with newlines between groups
 **Type Safety:**
 - Avoid `any` types - use proper typing or `unknown` with type guards
 - Prefer interfaces for contracts, types for unions/intersections
 - Use strict null checks - handle `null` and `undefined` explicitly
 - Leverage TypeScript's type inference where appropriate
 **Configuration:**
 - Use configuration files or environment variables
 - Never hardcode URLs or configuration values
 ## Security Best Practices
 **Credential Handling:**
 - Never log directory service credentials, API keys, or tokens
 - Use secure storage mechanisms for sensitive data
 - Credentials should never be hardcoded
 - Store credentials encrypted, never in plain text
 **Sensitive Data:**
 - User and group data from directories should be handled securely
 - Avoid exposing sensitive information in error messages
 - Sanitize data before logging
 - Be cautious with data persistence
 **Input Validation:**
 - Validate and sanitize data from external directory services
 - Check for injection vulnerabilities (LDAP injection, etc.)
 - Validate configuration inputs from users
 **API Security:**
 - Ensure authentication flows are implemented correctly
 - Verify SSL/TLS is used for all external connections
 - Check for secure token storage and refresh mechanisms
 ## Error Handling
 **Best Practices:**
 1. **Try-catch for async operations** - Always wrap external API calls
 2. **Meaningful error messages** - Provide context for debugging
 3. **Error propagation** - Don't swallow errors silently
 4. **User-facing errors** - Separate user messages from developer logs
 ## Performance Best Practices
 **Large Dataset Handling:**
 - Use pagination for large user/group lists
 - Avoid loading entire datasets into memory at once
 - Consider streaming or batch processing for large operations
 **API Rate Limiting:**
 - Respect rate limits for Microsoft Graph API, Google Admin SDK, etc.
 - Consider batching large API calls where necessary
 **Memory Management:**
 - Close connections and clean up resources
 - Remove event listeners when components are destroyed
 - Be cautious with caching large datasets
 ## Testing
 **Framework:**
 - Jest with jest-preset-angular
 - jest-mock-extended for type-safe mocks with `mock<Type>()`
 **Test Organization:**
 - Tests colocated with source files
 - `*.spec.ts` - Unit tests for individual components/services
 - `*.integration.spec.ts` - Integration tests against live directory services
 - Test helpers located in `utils/` directory
 **Test Naming:**
 - Descriptive, human-readable test names
 - Example: `'should return empty array when no users exist in directory'`
 **Test Coverage:**
 - New features must include tests
 - Bug fixes should include regression tests
 - Changes to core sync logic or directory specific logic require integration tests
 **Testing Approach:**
 - **Unit tests**: Mock external API calls using jest-mock-extended
 - **Integration tests**: Use live directory services (Docker containers or configured cloud services)
 - Focus on critical paths (authentication, sync, data transformation)
 - Test error scenarios and edge cases (empty results, malformed data, connection failures), not just happy paths
 ## Directory Service Patterns
 ### IDirectoryService Interface
 All directory services implement this core interface with methods:
 - `getUsers()` - Retrieve users from directory and transform them into standard objects
 - `getGroups()` - Retrieve groups from directory and transform them into standard objects
 - Connection and authentication handling
 ### Service-Specific Implementations
 Each directory service has unique authentication and query patterns:
 - **LDAP**: Direct LDAP queries, bind authentication
 - **Microsoft Entra ID**: Microsoft Graph API, OAuth tokens
 - **Google Workspace**: Google Admin SDK, service account credentials
 - **Okta/OneLogin**: REST APIs with API tokens
 ## References
 - [Architectural Decision Records (ADRs)](https://contributing.bitwarden.com/architecture/adr/)
 - [Contributing Guidelines](https://contributing.bitwarden.com/contributing/)
 - [Code Style](https://contributing.bitwarden.com/contributing/code-style/)
 - [Security Whitepaper](https://bitwarden.com/help/bitwarden-security-white-paper/)
 - [Security Definitions](https://contributing.bitwarden.com/architecture/security/definitions)
--- a/.claude/prompts/review-code.md
+++ b/.claude/prompts/review-code.md
@@ -1,27 +0,0 @@
 Please review this pull request with a focus on:
 - Code quality and best practices
 - Potential bugs or issues
 - Security implications
 - Performance considerations
 Note: The PR branch is already checked out in the current working directory.
 Provide a comprehensive review including:
 - Summary of changes since last review
 - Critical issues found (be thorough)
 - Suggested improvements (be thorough)
 - Good practices observed (be concise - list only the most notable items without elaboration)
 - Action items for the author
 - Leverage collapsible <details> sections where appropriate for lengthy explanations or code
  snippets to enhance human readability
 When reviewing subsequent commits:
 - Track status of previously identified issues (fixed/unfixed/reopened)
 - Identify NEW problems introduced since last review
 - Note if fixes introduced new issues
 IMPORTANT: Be comprehensive about issues and improvements. For good practices, be brief - just note
 what was done well without explaining why or praising excessively.
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -6,14 +6,3 @@
 # Default file owners.
 * @bitwarden/team-admin-console-dev
 # Docker-related files
 **/Dockerfile @bitwarden/team-appsec @bitwarden/dept-bre
 **/*.dockerignore @bitwarden/team-appsec @bitwarden/dept-bre
 **/entrypoint.sh @bitwarden/team-appsec @bitwarden/dept-bre
 **/docker-compose.yml @bitwarden/team-appsec @bitwarden/dept-bre
 # Claude related files
 .claude/ @bitwarden/team-ai-sme
 .github/workflows/respond.yml @bitwarden/team-ai-sme
 .github/workflows/review-code.yml @bitwarden/team-ai-sme
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -0,0 +1,18 @@
 {
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": ["github>bitwarden/renovate-config"],
  "enabledManagers": ["github-actions", "npm"],
  "packageRules": [
    {
      "groupName": "gh minor",
      "matchManagers": ["github-actions"],
      "matchUpdateTypes": ["minor", "patch"]
    },
    {
      "groupName": "Google Libraries",
      "matchPackagePatterns": ["google-auth-library", "googleapis"],
      "matchManagers": ["npm"],
      "groupSlug": "google-libraries"
    }
  ]
 }
--- a/.github/renovate.json5
+++ b/.github/renovate.json5
@@ -1,24 +0,0 @@
 {
  $schema: "https://docs.renovatebot.com/renovate-schema.json",
  extends: ["github>bitwarden/renovate-config"],
  enabledManagers: ["github-actions", "npm"],
  packageRules: [
    {
      groupName: "gh minor",
      matchManagers: ["github-actions"],
      matchUpdateTypes: ["minor", "patch"],
    },
  ],
  ignoreDeps: [
    // yao-pkg is used to create a single executable application bundle for the CLI.
    // It is a third party build of node which carries a high supply chain risk.
    // This must be manually vetted by our appsec team before upgrading.
    // It is excluded from renovate to avoid accidentally upgrading to a non-vetted version.
    "@yao-pkg/pkg",
    // googleapis uses ESM after 149.0.0 so we are not upgrading it until we have ESM support.
    // They release new versions every couple of weeks so ignoring it at the dependency dashboard
    // level is not sufficient.
    // FIXME: remove and upgrade when we have ESM support.
    "googleapis",
  ],
 }
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -23,22 +23,20 @@ jobs:
      node_version: ${{ steps.retrieve-node-version.outputs.node_version }}
    steps:
      - name: Checkout repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Get Package Version
        id: retrieve-version
        run: |
          PKG_VERSION=$(jq -r .version package.json)
-          echo "package_version=$PKG_VERSION" >> "$GITHUB_OUTPUT"
+          echo "package_version=$PKG_VERSION" >> $GITHUB_OUTPUT
      - name: Get Node Version
        id: retrieve-node-version
        run: |
          NODE_NVMRC=$(cat .nvmrc)
          NODE_VERSION=${NODE_NVMRC/v/''}
-          echo "node_version=$NODE_VERSION" >> "$GITHUB_OUTPUT"
+          echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT
  linux-cli:
    name: Build Linux CLI
@@ -51,12 +49,10 @@ jobs:
      contents: read
    steps:
      - name: Checkout repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Set up Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
        with:
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
@@ -65,7 +61,7 @@ jobs:
      - name: Update NPM
        run: |
          npm install -g node-gyp
-          node-gyp install "$(node -v)"
+          node-gyp install $(node -v)
      - name: Keytar
        run: |
@@ -76,8 +72,8 @@ jobs:
          keytarUrl="https://github.com/atom/node-keytar/releases/download/v$keytarVersion/$keytarTarGz"
          mkdir -p ./keytar/linux
-          wget "$keytarUrl" -O "./keytar/linux/$keytarTarGz"
+          wget $keytarUrl -O ./keytar/linux/$keytarTarGz
-          tar -xvf "./keytar/linux/$keytarTarGz" -C ./keytar/linux
+          tar -xvf ./keytar/linux/$keytarTarGz -C ./keytar/linux
      - name: Install
        run: npm install
@@ -86,19 +82,19 @@ jobs:
        run: npm run dist:cli:lin
      - name: Zip
-        run: zip -j "dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip" "dist-cli/linux/bwdc" "keytar/linux/build/Release/keytar.node"
+        run: zip -j dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip dist-cli/linux/bwdc keytar/linux/build/Release/keytar.node
      - name: Version Test
        run: |
          sudo apt-get update
          sudo apt install libsecret-1-0 dbus-x11 gnome-keyring
-          eval "$(dbus-launch --sh-syntax)"
+          eval $(dbus-launch --sh-syntax)
-          eval "$(echo -n "" | /usr/bin/gnome-keyring-daemon --login)"
+          eval $(echo -n "" | /usr/bin/gnome-keyring-daemon --login)
-          eval "$(/usr/bin/gnome-keyring-daemon --components=secrets --start)"
+          eval $(/usr/bin/gnome-keyring-daemon --components=secrets --start)
          mkdir -p test/linux
-          unzip "./dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip" -d ./test/linux
+          unzip ./dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip -d ./test/linux
          testVersion=$(./test/linux/bwdc -v)
@@ -129,12 +125,10 @@ jobs:
      _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
    steps:
      - name: Checkout repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Set up Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
        with:
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
@@ -143,7 +137,7 @@ jobs:
      - name: Update NPM
        run: |
          npm install -g node-gyp
-          node-gyp install "$(node -v)"
+          node-gyp install $(node -v)
      - name: Keytar
        run: |
@@ -154,8 +148,8 @@ jobs:
          keytarUrl="https://github.com/atom/node-keytar/releases/download/v$keytarVersion/$keytarTarGz"
          mkdir -p ./keytar/macos
-          wget "$keytarUrl" -O "./keytar/macos/$keytarTarGz"
+          wget $keytarUrl -O ./keytar/macos/$keytarTarGz
-          tar -xvf "./keytar/macos/$keytarTarGz" -C ./keytar/macos
+          tar -xvf ./keytar/macos/$keytarTarGz -C ./keytar/macos
      - name: Install
        run: npm install
@@ -164,12 +158,12 @@ jobs:
        run: npm run dist:cli:mac
      - name: Zip
-        run: zip -j "dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip" "dist-cli/macos/bwdc" "keytar/macos/build/Release/keytar.node"
+        run: zip -j dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip dist-cli/macos/bwdc keytar/macos/build/Release/keytar.node
      - name: Version Test
        run: |
          mkdir -p test/macos
-          unzip "./dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip" -d ./test/macos
+          unzip ./dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip -d ./test/macos
          testVersion=$(./test/macos/bwdc -v)
@@ -200,16 +194,14 @@ jobs:
      _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
    steps:
      - name: Checkout repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Setup Windows builder
        run: |
          choco install checksum --no-progress
      - name: Set up Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
        with:
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
@@ -249,7 +241,7 @@ jobs:
      - name: Version Test
        shell: pwsh
        run: |
-          Expand-Archive -Path "dist-cli\bwdc-windows-$env:_PACKAGE_VERSION.zip" -DestinationPath "test\windows"
+          Expand-Archive -Path "dist-cli\bwdc-windows-${{ env._PACKAGE_VERSION }}.zip" -DestinationPath "test\windows"
          $testVersion = Invoke-Expression '& .\test\windows\bwdc.exe -v'
          echo "version: ${env:_PACKAGE_VERSION}"
          echo "testVersion: $testVersion"
@@ -275,20 +267,17 @@ jobs:
    env:
      NODE_OPTIONS: --max_old_space_size=4096
      _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
      _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
      HUSKY: 0
    steps:
      - name: Checkout repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Set up Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
        with:
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
-          node-version: ${{ env._NODE_VERSION }}
+          node-version: '18'
      - name: Update NPM
        run: |
@@ -375,25 +364,22 @@ jobs:
    env:
      NODE_OPTIONS: --max_old_space_size=4096
      _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
      _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
      HUSKY: 0
    steps:
      - name: Checkout repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Set up Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
        with:
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
-          node-version: ${{ env._NODE_VERSION }}
+          node-version: '18'
      - name: Update NPM
        run: |
          npm install -g node-gyp
-          node-gyp install "$(node -v)"
+          node-gyp install $(node -v)
      - name: Set up environment
        run: |
@@ -435,25 +421,22 @@ jobs:
    env:
      NODE_OPTIONS: --max_old_space_size=4096
      _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
      _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
      HUSKY: 0
    steps:
      - name: Checkout repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Set up Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
        with:
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
-          node-version: ${{ env._NODE_VERSION }}
+          node-version: '18'
      - name: Update NPM
        run: |
          npm install -g node-gyp
-          node-gyp install "$(node -v)"
+          node-gyp install $(node -v)
      - name: Print environment
        run: |
@@ -478,16 +461,16 @@ jobs:
      - name: Get certificates
        run: |
-          mkdir -p "$HOME/certificates"
+          mkdir -p $HOME/certificates
          az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert |
-            jq -r .value | base64 -d > "$HOME/certificates/devid-app-cert.p12"
+            jq -r .value | base64 -d > $HOME/certificates/devid-app-cert.p12
          az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert |
-            jq -r .value | base64 -d > "$HOME/certificates/devid-installer-cert.p12"
+            jq -r .value | base64 -d > $HOME/certificates/devid-installer-cert.p12
          az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
-            jq -r .value | base64 -d > "$HOME/certificates/macdev-cert.p12"
+            jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12
      - name: Log out from Azure
        uses: bitwarden/gh-actions/azure-logout@main
@@ -496,9 +479,9 @@ jobs:
        env:
          KEYCHAIN_PASSWORD: ${{ steps.get-kv-secrets.outputs.KEYCHAIN-PASSWORD }}
        run: |
-          security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
+          security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
          security default-keychain -s build.keychain
-          security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
+          security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
          security set-keychain-settings -lut 1200 build.keychain
          security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \
@@ -510,12 +493,12 @@ jobs:
          security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \
            -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
-          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain
+          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
      - name: Load package version
        run: |
          $rootPath = $env:GITHUB_WORKSPACE;
-          $packageVersion = (Get-Content -Raw -Path "$rootPath\package.json" | ConvertFrom-Json).version;
+          $packageVersion = (Get-Content -Raw -Path $rootPath\package.json | ConvertFrom-Json).version;
          Write-Output "Setting package version to $packageVersion";
          Write-Output "PACKAGE_VERSION=$packageVersion" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append;
@@ -525,12 +508,10 @@ jobs:
        run: npm install
      - name: Set up private auth key
        env:
          _APP_STORE_CONNECT_AUTH_KEY: ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-AUTH-KEY }}
        run: |
          mkdir ~/private_keys
          cat << EOF > ~/private_keys/AuthKey_UFD296548T.p8
-          ${_APP_STORE_CONNECT_AUTH_KEY}
+          ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-AUTH-KEY }}
          EOF
      - name: Build application
--- a/.github/workflows/integration-test.yml
+++ b/.github/workflows/integration-test.yml
@@ -2,36 +2,23 @@ name: Integration Testing
 on:
  workflow_dispatch:
  # Integration tests are slow, so only run them if relevant files have changed.
  # This is done at the workflow level and at the job level.
  # Make sure these triggers stay consistent with the 'changed-files' job.
  push:
    branches:
-      - 'main'
+      - "main"
      - 'rc'
    paths:
      - ".github/workflows/integration-test.yml" # this file
-      - "docker-compose.yml" # any change to Docker configuration
+      - "src/services/ldap-directory.service*" # we only have integration for LDAP testing at the moment
-      - "package.json" # dependencies
+      - "./openldap/**/*" # any change to test fixtures
-      - "utils/**" # any change to test fixtures
+      - "./docker-compose.yml" # any change to Docker configuration
      - "src/services/sync.service.ts" # core sync service used by all directory services
      - "src/services/directory-services/ldap-directory.service*" # LDAP directory service
      - "src/services/directory-services/gsuite-directory.service*" # Google Workspace directory service
      # Add directory services here as we add test coverage
  pull_request:
    paths:
      - ".github/workflows/integration-test.yml" # this file
-      - "docker-compose.yml" # any change to Docker configuration
+      - "src/services/ldap-directory.service*" # we only have integration for LDAP testing at the moment
-      - "package.json" # dependencies
+      - "./openldap/**/*" # any change to test fixtures
-      - "utils/**" # any change to test fixtures
+      - "./docker-compose.yml" # any change to Docker configuration
      - "src/services/sync.service.ts" # core sync service used by all directory services
      - "src/services/directory-services/ldap-directory.service*" # LDAP directory service
      - "src/services/directory-services/gsuite-directory.service*" # Google Workspace directory service
      # Add directory services here as we add test coverage
 permissions:
  contents: read
  checks: write # required by dorny/test-reporter to upload its results
  id-token: write # required to use OIDC to login to Azure Key Vault
 jobs:
  testing:
    name: Run tests
@@ -40,19 +27,17 @@ jobs:
    steps:
      - name: Check out repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Get Node version
        id: retrieve-node-version
        run: |
          NODE_NVMRC=$(cat .nvmrc)
          NODE_VERSION=${NODE_NVMRC/v/''}
-          echo "node_version=$NODE_VERSION" >> "$GITHUB_OUTPUT"
+          echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT
      - name: Set up Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
        with:
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
@@ -61,79 +46,23 @@ jobs:
      - name: Install Node dependencies
        run: npm ci
-      # Get secrets from Azure Key Vault
+      - name: Install mkcert
      - name: Azure Login
        uses: bitwarden/gh-actions/azure-login@main
        with:
          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
          client_id: ${{ secrets.AZURE_CLIENT_ID }}
      - name: Get KV Secrets
        id: get-kv-secrets
        uses: bitwarden/gh-actions/get-keyvault-secrets@main
        with:
          keyvault: gh-directory-connector
          secrets: "GOOGLE-ADMIN-USER,GOOGLE-CLIENT-EMAIL,GOOGLE-DOMAIN,GOOGLE-PRIVATE-KEY"
      - name: Azure Logout
        uses: bitwarden/gh-actions/azure-logout@main
      # Only run relevant tests depending on what files have changed.
      # This should be kept consistent with the workflow level triggers.
      # Note: docker-compose.yml is only used for ldap for now
      - name: Get changed files
        id: changed-files
        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        with:
          list-files: shell
          token: ${{ secrets.GITHUB_TOKEN }}
          # Add directory services here as we add test coverage
          filters: |
            common:
              - '.github/workflows/integration-test.yml'
              - 'utils/**'
              - 'package.json'
              - 'src/services/sync.service.ts'
            ldap:
              - 'docker-compose.yml'
              - 'src/services/directory-services/ldap-directory.service*'
            google:
              - 'src/services/directory-services/gsuite-directory.service*'
      # LDAP
      - name: Setup LDAP integration tests
        if: steps.changed-files.outputs.common == 'true' || steps.changed-files.outputs.ldap == 'true'
        run: |
          sudo apt-get update
          sudo apt-get -y install mkcert
          npm run test:integration:setup
-      - name: Run LDAP integration tests
+      - name: Setup integration tests
-        if: steps.changed-files.outputs.common == 'true' || steps.changed-files.outputs.ldap == 'true'
+        run: npm run test:integration:setup
        env:
          JEST_JUNIT_UNIQUE_OUTPUT_NAME: "true" # avoids junit outputs from clashing
        run: npx jest ldap-directory.service.integration.spec.ts --coverage --coverageDirectory=coverage-ldap
-      # Google Workspace
+      - name: Run integration tests
-      - name: Run Google Workspace integration tests
+        run: npm run test:integration --coverage
        if: steps.changed-files.outputs.common == 'true' || steps.changed-files.outputs.google == 'true'
        env:
          GOOGLE_DOMAIN: ${{ steps.get-kv-secrets.outputs.GOOGLE-DOMAIN }}
          GOOGLE_ADMIN_USER: ${{ steps.get-kv-secrets.outputs.GOOGLE-ADMIN-USER }}
          GOOGLE_CLIENT_EMAIL: ${{ steps.get-kv-secrets.outputs.GOOGLE-CLIENT-EMAIL }}
          GOOGLE_PRIVATE_KEY: ${{ steps.get-kv-secrets.outputs.GOOGLE-PRIVATE-KEY }}
          JEST_JUNIT_UNIQUE_OUTPUT_NAME: "true" # avoids junit outputs from clashing
        run: |
          npx jest gsuite-directory.service.integration.spec.ts --coverage --coverageDirectory=coverage-google
      - name: Report test results
-        id: report
+        uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1
-        uses: dorny/test-reporter@dc3a92680fcc15842eef52e8c4606ea7ce6bd3f3 # v2.1.1
+        if: ${{ github.event.pull_request.head.repo.full_name == github.repository && !cancelled() }}
        if: github.event.pull_request.head.repo.full_name == github.repository && !cancelled()
        with:
          name: Test Results
-          path: "junit.xml*"
+          path: "junit.xml"
          reporter: jest-junit
          fail-on-error: true
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -26,9 +26,7 @@ jobs:
      release_version: ${{ steps.version.outputs.version }}
    steps:
      - name: Checkout repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Branch check
        if: ${{ inputs.release_type != 'Dry Run' }}
--- a/.github/workflows/respond.yml
+++ b/.github/workflows/respond.yml
@@ -1,28 +0,0 @@
 name: Respond
 on:
  issue_comment:
    types: [created]
  pull_request_review_comment:
    types: [created]
  issues:
    types: [opened, assigned]
  pull_request_review:
    types: [submitted]
 permissions: {}
 jobs:
  respond:
    name: Respond
    uses: bitwarden/gh-actions/.github/workflows/_respond.yml@main
    secrets:
      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
    permissions:
      actions: read
      contents: write
      id-token: write
      issues: write
      pull-requests: write
--- a/.github/workflows/review-code.yml
+++ b/.github/workflows/review-code.yml
@@ -1,21 +0,0 @@
 name: Code Review
 on:
  pull_request:
    types: [opened, synchronize, reopened, ready_for_review]
 permissions: {}
 jobs:
  review:
    name: Review
    uses: bitwarden/gh-actions/.github/workflows/_review-code.yml@main
    secrets:
      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
    permissions:
      actions: read
      contents: read
      id-token: write
      pull-requests: write
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -22,19 +22,17 @@ jobs:
    steps:
      - name: Check out repo
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          persist-credentials: false
      - name: Get Node version
        id: retrieve-node-version
        run: |
          NODE_NVMRC=$(cat .nvmrc)
          NODE_VERSION=${NODE_NVMRC/v/''}
-          echo "node_version=$NODE_VERSION" >> "$GITHUB_OUTPUT"
+          echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT
      - name: Set up Node
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
        with:
          cache: 'npm'
          cache-dependency-path: '**/package-lock.json'
@@ -53,7 +51,7 @@ jobs:
        run: npm run test --coverage
      - name: Report test results
-        uses: dorny/test-reporter@dc3a92680fcc15842eef52e8c4606ea7ce6bd3f3 # v2.1.1
+        uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1
        if: ${{ github.event.pull_request.head.repo.full_name == github.repository && !cancelled() }}
        with:
          name: Test Results
--- a/.github/workflows/version-bump.yml
+++ b/.github/workflows/version-bump.yml
@@ -42,17 +42,16 @@ jobs:
        uses: bitwarden/gh-actions/azure-logout@main
      - name: Generate GH App token
-        uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
+        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
        id: app-token
        with:
          app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
          private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}
      - name: Checkout Branch
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          token: ${{ steps.app-token.outputs.token }}
          persist-credentials: true
      - name: Setup git
        run: |
@@ -63,7 +62,7 @@ jobs:
        id: current-version
        run: |
          CURRENT_VERSION=$(cat package.json | jq -r '.version')
-          echo "version=$CURRENT_VERSION" >> "$GITHUB_OUTPUT"
+          echo "version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
      - name: Verify input version
        if: ${{ inputs.version_number_override != '' }}
@@ -78,7 +77,8 @@ jobs:
          fi
          # Check if version is newer.
-          if printf '%s\n' "${CURRENT_VERSION}" "${NEW_VERSION}" | sort -C -V; then
+          printf '%s\n' "${CURRENT_VERSION}" "${NEW_VERSION}" | sort -C -V
          if [ $? -eq 0 ]; then
            echo "Version check successful."
          else
            echo "Version check failed."
@@ -110,34 +110,26 @@ jobs:
      - name: Set final version output
        id: set-final-version-output
        env:
          _BUMP_VERSION_OVERRIDE_OUTCOME: ${{ steps.bump-version-override.outcome }}
          _INPUT_VERSION_NUMBER_OVERRIDE: ${{ inputs.version_number_override }}
          _BUMP_VERSION_AUTOMATIC_OUTCOME: ${{ steps.bump-version-automatic.outcome }}
          _CALCULATE_NEXT_VERSION: ${{ steps.calculate-next-version.outputs.version }}
        run: |
-          if [[ "$_BUMP_VERSION_OVERRIDE_OUTCOME" == "success" ]]; then
+          if [[ "${{ steps.bump-version-override.outcome }}" == "success" ]]; then
-            echo "version=$_INPUT_VERSION_NUMBER_OVERRIDE" >> "$GITHUB_OUTPUT"
+            echo "version=${{ inputs.version_number_override }}" >> $GITHUB_OUTPUT
-          elif [[ "$_BUMP_VERSION_AUTOMATIC_OUTCOME" == "success" ]]; then
+          elif [[ "${{ steps.bump-version-automatic.outcome }}" == "success" ]]; then
-            echo "version=$_CALCULATE_NEXT_VERSION" >> "$GITHUB_OUTPUT"
+            echo "version=${{ steps.calculate-next-version.outputs.version }}" >> $GITHUB_OUTPUT
          fi
      - name: Check if version changed
        id: version-changed
        run: |
          if [ -n "$(git status --porcelain)" ]; then
-            echo "changes_to_commit=TRUE" >> "$GITHUB_OUTPUT"
+            echo "changes_to_commit=TRUE" >> $GITHUB_OUTPUT
          else
-            echo "changes_to_commit=FALSE" >> "$GITHUB_OUTPUT"
+            echo "changes_to_commit=FALSE" >> $GITHUB_OUTPUT
            echo "No changes to commit!";
          fi
      - name: Commit files
        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
-        env:
+        run: git commit -m "Bumped version to ${{ steps.set-final-version-output.outputs.version }}" -a
          _VERSION: ${{ steps.set-final-version-output.outputs.version }}
        run: git commit -m "Bumped version to $_VERSION" -a
      - name: Push changes
        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
--- a/.gitignore
+++ b/.gitignore
@@ -2,9 +2,6 @@
 .DS_Store
 Thumbs.db
 # Environment variables used for tests
 .env
 # IDEs and editors
 .idea/
 .project
@@ -33,8 +30,8 @@ build-cli
 .angular/cache
 # Testing
-coverage*
+coverage
-junit.xml*
+junit.xml
 # Misc
 *.crx
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
  open-ldap:
-    image: bitnamilegacy/openldap:latest
+    image: bitnami/openldap:latest
    hostname: openldap
    environment:
      - LDAP_ADMIN_USERNAME=admin
@@ -11,8 +11,8 @@ services:
      - LDAP_TLS_KEY_FILE=/certs/openldap-key.pem
      - LDAP_TLS_CA_FILE=/certs/rootCA.pem
    volumes:
-      - "./utils/openldap/ldifs:/ldifs"
+      - "./openldap/ldifs:/ldifs"
-      - "./utils/openldap/certs:/certs"
+      - "./openldap/certs:/certs"
    ports:
      - "1389:1389"
      - "1636:1636"
--- a/jslib/angular/src/components/modal/modal-injector.ts
+++ b/jslib/angular/src/components/modal/modal-injector.ts
@@ -1,4 +1,4 @@
-import { InjectOptions, Injector, ProviderToken } from "@angular/core";
+import { InjectFlags, InjectOptions, Injector, ProviderToken } from "@angular/core";
 export class ModalInjector implements Injector {
  constructor(
@@ -12,7 +12,8 @@ export class ModalInjector implements Injector {
    options: InjectOptions & { optional?: false },
  ): T;
  get<T>(token: ProviderToken<T>, notFoundValue: null, options: InjectOptions): T;
-  get<T>(token: ProviderToken<T>, notFoundValue?: T, options?: InjectOptions): T;
+  get<T>(token: ProviderToken<T>, notFoundValue?: T, options?: InjectOptions | InjectFlags): T;
  get<T>(token: ProviderToken<T>, notFoundValue?: T, flags?: InjectFlags): T;
  get(token: any, notFoundValue?: any): any;
  get(token: any, notFoundValue?: any, flags?: any): any {
    return this._additionalTokens.get(token) ?? this._parentInjector.get<any>(token, notFoundValue);
--- a/jslib/angular/src/components/toastr.component.ts
+++ b/jslib/angular/src/components/toastr.component.ts
@@ -60,7 +60,6 @@ import {
    ]),
  ],
  preserveWhitespaces: false,
  standalone: false,
 })
 export class BitwardenToast extends BaseToast {
  constructor(
--- a/jslib/angular/src/directives/a11y-title.directive.ts
+++ b/jslib/angular/src/directives/a11y-title.directive.ts
@@ -2,7 +2,6 @@ import { Directive, ElementRef, Input, Renderer2 } from "@angular/core";
@Directive({
  selector: "[appA11yTitle]",
  standalone: false,
 })
 export class A11yTitleDirective {
  @Input() set appA11yTitle(title: string) {
--- a/jslib/angular/src/directives/api-action.directive.ts
+++ b/jslib/angular/src/directives/api-action.directive.ts
@@ -13,7 +13,6 @@ import { ValidationService } from "../services/validation.service";
 */
@Directive({
  selector: "[appApiAction]",
  standalone: false,
 })
 export class ApiActionDirective implements OnChanges {
  @Input() appApiAction: Promise<any>;
--- a/jslib/angular/src/directives/autofocus.directive.ts
+++ b/jslib/angular/src/directives/autofocus.directive.ts
@@ -5,7 +5,6 @@ import { Utils } from "@/jslib/common/src/misc/utils";
@Directive({
  selector: "[appAutofocus]",
  standalone: false,
 })
 export class AutofocusDirective {
  @Input() set appAutofocus(condition: boolean | string) {
--- a/jslib/angular/src/directives/blur-click.directive.ts
+++ b/jslib/angular/src/directives/blur-click.directive.ts
@@ -2,7 +2,6 @@ import { Directive, ElementRef, HostListener } from "@angular/core";
@Directive({
  selector: "[appBlurClick]",
  standalone: false,
 })
 export class BlurClickDirective {
  constructor(private el: ElementRef) {}
--- a/jslib/angular/src/directives/box-row.directive.ts
+++ b/jslib/angular/src/directives/box-row.directive.ts
@@ -2,7 +2,6 @@ import { Directive, ElementRef, HostListener, OnInit } from "@angular/core";
@Directive({
  selector: "[appBoxRow]",
  standalone: false,
 })
 export class BoxRowDirective implements OnInit {
  el: HTMLElement = null;
--- a/jslib/angular/src/directives/fallback-src.directive.ts
+++ b/jslib/angular/src/directives/fallback-src.directive.ts
@@ -2,7 +2,6 @@ import { Directive, ElementRef, HostListener, Input } from "@angular/core";
@Directive({
  selector: "[appFallbackSrc]",
  standalone: false,
 })
 export class FallbackSrcDirective {
  @Input("appFallbackSrc") appFallbackSrc: string;
--- a/jslib/angular/src/directives/stop-click.directive.ts
+++ b/jslib/angular/src/directives/stop-click.directive.ts
@@ -2,7 +2,6 @@ import { Directive, HostListener } from "@angular/core";
@Directive({
  selector: "[appStopClick]",
  standalone: false,
 })
 export class StopClickDirective {
  @HostListener("click", ["$event"]) onClick($event: MouseEvent) {
--- a/jslib/angular/src/directives/stop-prop.directive.ts
+++ b/jslib/angular/src/directives/stop-prop.directive.ts
@@ -2,7 +2,6 @@ import { Directive, HostListener } from "@angular/core";
@Directive({
  selector: "[appStopProp]",
  standalone: false,
 })
 export class StopPropDirective {
  @HostListener("click", ["$event"]) onClick($event: MouseEvent) {
--- a/jslib/angular/src/pipes/i18n.pipe.ts
+++ b/jslib/angular/src/pipes/i18n.pipe.ts
@@ -4,7 +4,6 @@ import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
@Pipe({
  name: "i18n",
  standalone: false,
 })
 export class I18nPipe implements PipeTransform {
  constructor(private i18nService: I18nService) {}
--- a/jslib/common/src/models/request/identityToken/passwordTokenRequest.ts
+++ b/jslib/common/src/models/request/identityToken/passwordTokenRequest.ts
@@ -31,4 +31,7 @@ export class PasswordTokenRequest extends TokenRequest implements CaptchaProtect
    return obj;
  }
  alterIdentityTokenHeaders(headers: Headers) {
    headers.set("Auth-Email", Utils.fromUtf8ToUrlB64(this.email));
  }
 }
--- a/utils/openldap/example-ldifs/directory-100.ldif
+++ b/utils/openldap/example-ldifs/directory-100.ldif
--- a/utils/openldap/example-ldifs/directory-11000.ldif
+++ b/utils/openldap/example-ldifs/directory-11000.ldif
--- a/utils/openldap/example-ldifs/directory-250.ldif
+++ b/utils/openldap/example-ldifs/directory-250.ldif
--- a/utils/openldap/example-ldifs/directory-50.ldif
+++ b/utils/openldap/example-ldifs/directory-50.ldif
--- a/utils/openldap/example-ldifs/directory-500.ldif
+++ b/utils/openldap/example-ldifs/directory-500.ldif
--- a/utils/openldap/group-fixtures.ts
+++ b/utils/openldap/group-fixtures.ts
@@ -1,6 +1,6 @@
 import { Jsonify } from "type-fest";
-import { GroupEntry } from "@/src/models/groupEntry";
+import { GroupEntry } from "../src/models/groupEntry";
 // These must match the ldap server seed data in directory.ldif
 const data: Jsonify<GroupEntry>[] = [
@@ -35,29 +35,6 @@ const data: Jsonify<GroupEntry>[] = [
    externalId: "cn=Cleaners,ou=Janitorial,dc=bitwarden,dc=com",
    name: "Cleaners",
  },
  {
    userMemberExternalIds: [
      "cn=Painterson Miki,ou=Product Development,dc=bitwarden,dc=com",
      "cn=Virgina Pichocki,ou=Product Development,dc=bitwarden,dc=com",
      "cn=Steffen Carsten,ou=Product Development,dc=bitwarden,dc=com",
    ],
    groupMemberReferenceIds: [],
    users: [],
    referenceId: "cn=DevOps Team,dc=bitwarden,dc=com",
    externalId: "cn=DevOps Team,dc=bitwarden,dc=com",
    name: "DevOps Team",
  },
  {
    userMemberExternalIds: [
      "cn=Angus Merizzi,ou=Management,dc=bitwarden,dc=com",
      "cn=Grissel Currer,ou=Management,dc=bitwarden,dc=com",
    ],
    groupMemberReferenceIds: [],
    users: [],
    referenceId: "cn=Security Team,dc=bitwarden,dc=com",
    externalId: "cn=Security Team,dc=bitwarden,dc=com",
    name: "Security Team",
  },
 ];
 export const groupFixtures = data.map((g) => GroupEntry.fromJSON(g));
--- a/utils/openldap/ldifs/directory-20.ldif
+++ b/utils/openldap/ldifs/directory-20.ldif
@@ -689,26 +689,3 @@ pager: +1 804 815-3661
 roomNumber: 9273
 manager: cn=Inga Schnirer,ou=Product Testing,dc=bitwarden, dc=com
 secretary: cn=Keven Gilleland,ou=Administrative,dc=bitwarden, dc=com 
 # DevOps Team and Security Team identify their members by the member uid attribute,
 # instead of the member Dn attribute.
 # These test that group membership by uid works correctly.
 dn: cn=DevOps Team,dc=bitwarden,dc=com
 changetype: add
 cn: DevOps Team
 gidnumber: 800
 memberuid: mikip
 memberuid: pichockv
 memberuid: carstens
 objectclass: posixGroup
 objectclass: top
 dn: cn=Security Team,dc=bitwarden,dc=com
 changetype: add
 cn: Security Team
 gidnumber: 900
 memberuid: merizzia
 memberuid: currerg
 objectclass: posixGroup
 objectclass: top
--- a/openldap/mkcert.sh
+++ b/openldap/mkcert.sh
@@ -0,0 +1,10 @@
 if ! [ -x "$(command -v mkcert)" ]; then
  echo 'Error: mkcert is not installed. Install mkcert first and then re-run this script.'
  echo 'e.g. brew install mkcert'
  exit 1
 fi
 mkcert -install
 mkdir -p ./openldap/certs
 cp "$(mkcert -CAROOT)/rootCA.pem" ./openldap/certs/rootCA.pem
 mkcert -key-file ./openldap/certs/openldap-key.pem -cert-file ./openldap/certs/openldap.pem localhost openldap
--- a/utils/openldap/user-fixtures.ts
+++ b/utils/openldap/user-fixtures.ts
@@ -1,6 +1,6 @@
 import { Jsonify } from "type-fest";
-import { UserEntry } from "@/src/models/userEntry";
+import { UserEntry } from "../src/models/userEntry";
 // These must match the ldap server seed data in directory.ldif
 const data: Jsonify<UserEntry>[] = [
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
  "name": "@bitwarden/directory-connector",
  "productName": "Bitwarden Directory Connector",
  "description": "Sync your user directory to your Bitwarden organization.",
-  "version": "2025.11.0",
+  "version": "2025.6.1",
  "keywords": [
    "bitwarden",
    "password",
@@ -69,37 +69,37 @@
    "test:watch:all": "jest --watchAll --testPathIgnorePatterns=.integration.spec.ts",
    "test:integration": "jest .integration.spec.ts",
    "test:integration:watch": "jest .integration.spec.ts --watch",
-    "test:integration:setup": "sh ./utils/openldap/mkcert.sh && docker compose up -d",
+    "test:integration:setup": "sh ./openldap/mkcert.sh && docker compose up -d",
    "test:types": "npx tsc --noEmit"
  },
  "devDependencies": {
-    "@angular-devkit/build-angular": "20.3.3",
+    "@angular-devkit/build-angular": "17.3.17",
-    "@angular-eslint/eslint-plugin-template": "20.4.0",
+    "@angular-eslint/eslint-plugin-template": "17.5.3",
-    "@angular-eslint/template-parser": "20.4.0",
+    "@angular-eslint/template-parser": "17.5.3",
-    "@angular/compiler-cli": "20.3.3",
+    "@angular/compiler-cli": "17.3.12",
    "@electron/notarize": "2.5.0",
-    "@electron/rebuild": "4.0.1",
+    "@electron/rebuild": "3.7.2",
    "@fluffy-spoon/substitute": "1.208.0",
-    "@microsoft/microsoft-graph-types": "2.43.1",
+    "@microsoft/microsoft-graph-types": "2.40.0",
-    "@ngtools/webpack": "20.3.3",
+    "@ngtools/webpack": "17.3.17",
    "@types/inquirer": "8.2.10",
    "@types/jest": "29.5.14",
    "@types/lowdb": "1.0.15",
-    "@types/node": "22.18.1",
+    "@types/node": "20.14.8",
    "@types/node-fetch": "2.6.12",
    "@types/node-forge": "1.3.11",
    "@types/proper-lockfile": "4.1.4",
    "@types/tldjs": "2.3.4",
-    "@typescript-eslint/eslint-plugin": "8.46.0",
+    "@typescript-eslint/eslint-plugin": "8.35.0",
-    "@typescript-eslint/parser": "8.46.0",
+    "@typescript-eslint/parser": "8.35.0",
    "@yao-pkg/pkg": "5.16.1",
    "clean-webpack-plugin": "4.0.0",
-    "concurrently": "9.2.0",
+    "concurrently": "9.1.2",
    "copy-webpack-plugin": "13.0.0",
    "cross-env": "7.0.3",
    "css-loader": "7.1.2",
-    "dotenv": "17.2.0",
+    "dotenv": "16.5.0",
-    "electron": "39.1.0",
+    "electron": "34.5.8",
    "electron-builder": "24.13.3",
    "electron-log": "5.4.1",
    "electron-reload": "2.0.0-alpha.1",
@@ -107,72 +107,73 @@
    "electron-updater": "6.6.2",
    "eslint": "8.57.1",
    "eslint-config-prettier": "10.1.5",
-    "eslint-import-resolver-typescript": "4.4.4",
+    "eslint-import-resolver-typescript": "3.7.0",
-    "eslint-plugin-import": "2.32.0",
+    "eslint-plugin-import": "2.31.0",
    "eslint-plugin-rxjs": "5.0.3",
    "eslint-plugin-rxjs-angular": "2.0.1",
-    "form-data": "4.0.4",
+    "form-data": "4.0.3",
    "glob": "11.1.0",
    "html-loader": "5.1.0",
    "html-webpack-plugin": "5.6.3",
    "husky": "9.1.7",
    "jest": "29.7.0",
    "jest-junit": "16.0.0",
-    "jest-mock-extended": "3.0.7",
+    "jest-mock-extended": "4.0.0",
    "jest-preset-angular": "14.6.0",
-    "lint-staged": "16.2.6",
+    "lint-staged": "16.1.2",
    "mini-css-extract-plugin": "2.9.2",
-    "minimatch": "5.1.2",
+    "node-abi": "3.75.0",
    "node-forge": "1.3.1",
    "node-loader": "2.1.0",
-    "prettier": "3.6.2",
+    "prettier": "3.5.3",
    "rimraf": "6.0.1",
    "rxjs": "7.8.2",
-    "sass": "1.93.2",
+    "sass": "1.89.2",
    "sass-loader": "16.0.5",
-    "ts-jest": "29.4.1",
+    "ts-jest": "29.4.0",
    "ts-loader": "9.5.2",
    "tsconfig-paths-webpack-plugin": "4.2.0",
-    "type-fest": "5.0.1",
+    "type-fest": "4.41.0",
-    "typescript": "5.8.3",
+    "typescript": "5.4.5",
-    "webpack": "5.102.1",
+    "webpack": "5.99.9",
    "webpack-cli": "6.0.1",
    "webpack-merge": "6.0.1",
    "webpack-node-externals": "3.0.0",
-    "zone.js": "0.15.1"
+    "zone.js": "0.14.10"
  },
  "dependencies": {
-    "@angular/animations": "20.3.3",
+    "@angular/animations": "17.3.12",
-    "@angular/cdk": "20.2.7",
+    "@angular/cdk": "17.3.10",
-    "@angular/cli": "20.3.3",
+    "@angular/common": "17.3.12",
-    "@angular/common": "20.3.3",
+    "@angular/compiler": "17.3.12",
-    "@angular/compiler": "20.3.3",
+    "@angular/core": "17.3.12",
-    "@angular/core": "20.3.3",
+    "@angular/forms": "17.3.12",
-    "@angular/forms": "20.3.3",
+    "@angular/platform-browser": "17.3.12",
-    "@angular/platform-browser": "20.3.3",
+    "@angular/platform-browser-dynamic": "17.3.12",
-    "@angular/platform-browser-dynamic": "20.3.3",
+    "@angular/router": "17.3.12",
    "@angular/router": "20.3.3",
    "@microsoft/microsoft-graph-client": "3.0.7",
    "big-integer": "1.6.52",
    "bootstrap": "5.3.7",
    "browser-hrtime": "1.1.8",
    "chalk": "4.1.2",
    "commander": "14.0.0",
-    "form-data": "4.0.4",
+    "core-js": "3.44.0",
-    "googleapis": "149.0.0",
+    "form-data": "4.0.3",
    "google-auth-library": "10.1.0",
    "googleapis": "152.0.0",
    "googleapis-common": "8.0.0",
    "https-proxy-agent": "7.0.6",
    "inquirer": "8.2.6",
    "keytar": "7.9.0",
    "ldapts": "8.0.1",
    "lowdb": "1.0.0",
-    "ngx-toastr": "19.1.0",
+    "ngx-toastr": "19.0.0",
    "node-fetch": "2.7.0",
-    "parse5": "8.0.0",
+    "parse5": "7.3.0",
    "proper-lockfile": "4.1.2",
    "rxjs": "7.8.2",
    "tldjs": "2.3.1",
    "uuid": "11.1.0",
-    "zone.js": "0.15.1"
+    "zone.js": "0.14.10"
  },
  "engines": {
    "node": "~20",
--- a/src/abstractions/directory-factory.service.ts
+++ b/src/abstractions/directory-factory.service.ts
@@ -1,5 +1,5 @@
 import { DirectoryType } from "@/src/enums/directoryType";
-import { IDirectoryService } from "@/src/services/directory-services/directory.service";
+import { IDirectoryService } from "@/src/services/directory.service";
 export abstract class DirectoryFactoryService {
  abstract createService(type: DirectoryType): IDirectoryService;
--- a/src/app/accounts/apiKey.component.ts
+++ b/src/app/accounts/apiKey.component.ts
@@ -16,7 +16,6 @@ import { EnvironmentComponent } from "./environment.component";
@Component({
  selector: "app-apiKey",
  templateUrl: "apiKey.component.html",
  standalone: false,
 })
 // There is an eslint exception made here due to semantics.
 // The eslint rule expects a typical takeUntil() pattern involving component destruction.
--- a/src/app/accounts/environment.component.ts
+++ b/src/app/accounts/environment.component.ts
@@ -8,7 +8,6 @@ import { PlatformUtilsService } from "@/jslib/common/src/abstractions/platformUt
@Component({
  selector: "app-environment",
  templateUrl: "environment.component.html",
  standalone: false,
 })
 export class EnvironmentComponent extends BaseEnvironmentComponent {
  constructor(
--- a/src/app/app.component.ts
+++ b/src/app/app.component.ts
@@ -28,7 +28,6 @@ const BroadcasterSubscriptionId = "AppComponent";
  styles: [],
  template: ` <ng-template #settings></ng-template>
    <router-outlet></router-outlet>`,
  standalone: false,
 })
 export class AppComponent implements OnInit {
  @ViewChild("settings", { read: ViewContainerRef, static: true }) settingsRef: ViewContainerRef;
--- a/src/app/app.module.ts
+++ b/src/app/app.module.ts
@@ -1,3 +1,4 @@
 import "core-js/stable";
 import "zone.js";
 import { NgModule } from "@angular/core";
--- a/src/app/tabs/dashboard.component.ts
+++ b/src/app/tabs/dashboard.component.ts
@@ -17,7 +17,6 @@ const BroadcasterSubscriptionId = "DashboardComponent";
@Component({
  selector: "app-dashboard",
  templateUrl: "dashboard.component.html",
  standalone: false,
 })
 export class DashboardComponent implements OnInit, OnDestroy {
  simGroups: GroupEntry[];
@@ -112,7 +111,7 @@ export class DashboardComponent implements OnInit, OnDestroy {
      this.simEnabledUsers = result.enabledUsers;
      this.simDisabledUsers = result.disabledUsers;
      this.simDeletedUsers = result.deletedUsers;
-    } catch {
+    } catch (e) {
      this.simGroups = null;
      this.simUsers = null;
    }
--- a/src/app/tabs/more.component.ts
+++ b/src/app/tabs/more.component.ts
@@ -12,7 +12,6 @@ const BroadcasterSubscriptionId = "MoreComponent";
@Component({
  selector: "app-more",
  templateUrl: "more.component.html",
  standalone: false,
 })
 export class MoreComponent implements OnInit {
  version: string;
--- a/src/app/tabs/settings.component.ts
+++ b/src/app/tabs/settings.component.ts
@@ -1,5 +1,4 @@
 import { ChangeDetectorRef, Component, NgZone, OnDestroy, OnInit } from "@angular/core";
 import { webUtils } from "electron";
 import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
 import { LogService } from "@/jslib/common/src/abstractions/log.service";
@@ -17,7 +16,6 @@ import { ConnectorUtils } from "../../utils";
@Component({
  selector: "app-settings",
  templateUrl: "settings.component.html",
  standalone: false,
 })
 export class SettingsComponent implements OnInit, OnDestroy {
  directory: DirectoryType;
@@ -123,7 +121,7 @@ export class SettingsComponent implements OnInit, OnDestroy {
      return;
    }
-    (this.ldap as any)[id] = webUtils.getPathForFile(filePicker.files[0]);
+    (this.ldap as any)[id] = filePicker.files[0].path;
    // reset file input
    // ref: https://stackoverflow.com/a/20552042
    filePicker.type = "";
--- a/src/app/tabs/tabs.component.ts
+++ b/src/app/tabs/tabs.component.ts
@@ -3,6 +3,5 @@ import { Component } from "@angular/core";
@Component({
  selector: "app-tabs",
  templateUrl: "tabs.component.html",
  standalone: false,
 })
 export class TabsComponent {}
--- a/src/locales/en/messages.json
+++ b/src/locales/en/messages.json
@@ -768,8 +768,5 @@
    },
    "launchWebVault": {
        "message": "Launch Web Vault"
    },
    "authenticationFailed": {
        "message": "Authentication failed"
    }
 }
--- a/src/scss/bootstrap.scss
+++ b/src/scss/bootstrap.scss
@@ -8,9 +8,8 @@ $theme-colors: (
  "secondary": #ced4da,
  "secondary-alt": #1a3b66,
 );
-$font-family-sans-serif:
+$font-family-sans-serif: "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif,
-  "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif, "Apple Color Emoji",
+  "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol";
  "Segoe UI Emoji", "Segoe UI Symbol";
 $h1-font-size: 2rem;
 $h2-font-size: 1.3rem;
--- a/src/services/batch-requests-builder.spec.ts
+++ b/src/services/batch-requests-builder.spec.ts
@@ -2,8 +2,8 @@ import { GetUniqueString } from "@/jslib/common/spec/utils";
 import { UserEntry } from "@/src/models/userEntry";
 import { groupSimulator, userSimulator } from "../../utils/request-builder-helper";
 import { RequestBuilderOptions } from "../abstractions/request-builder.service";
 import { groupSimulator, userSimulator } from "../utils/request-builder-helper";
 import { BatchRequestBuilder } from "./batch-request-builder";
--- a/src/services/directory-factory.service.ts
+++ b/src/services/directory-factory.service.ts
@@ -5,11 +5,11 @@ import { DirectoryFactoryService } from "../abstractions/directory-factory.servi
 import { StateService } from "../abstractions/state.service";
 import { DirectoryType } from "../enums/directoryType";
-import { EntraIdDirectoryService } from "./directory-services/entra-id-directory.service";
+import { EntraIdDirectoryService } from "./entra-id-directory.service";
-import { GSuiteDirectoryService } from "./directory-services/gsuite-directory.service";
+import { GSuiteDirectoryService } from "./gsuite-directory.service";
-import { LdapDirectoryService } from "./directory-services/ldap-directory.service";
+import { LdapDirectoryService } from "./ldap-directory.service";
-import { OktaDirectoryService } from "./directory-services/okta-directory.service";
+import { OktaDirectoryService } from "./okta-directory.service";
-import { OneLoginDirectoryService } from "./directory-services/onelogin-directory.service";
+import { OneLoginDirectoryService } from "./onelogin-directory.service";
 export class DefaultDirectoryFactoryService implements DirectoryFactoryService {
  constructor(
--- a/src/services/directory-services/gsuite-directory.service.integration.spec.ts
+++ b/src/services/directory-services/gsuite-directory.service.integration.spec.ts
@@ -1,85 +0,0 @@
 import { config as dotenvConfig } from "dotenv";
 import { mock, MockProxy } from "jest-mock-extended";
 import { I18nService } from "../../../jslib/common/src/abstractions/i18n.service";
 import { LogService } from "../../../jslib/common/src/abstractions/log.service";
 import {
  getGSuiteConfiguration,
  getSyncConfiguration,
 } from "../../../utils/google-workspace/config-fixtures";
 import { groupFixtures } from "../../../utils/google-workspace/group-fixtures";
 import { userFixtures } from "../../../utils/google-workspace/user-fixtures";
 import { DirectoryType } from "../../enums/directoryType";
 import { StateService } from "../state.service";
 import { GSuiteDirectoryService } from "./gsuite-directory.service";
 // These tests integrate with a test Google Workspace instance.
 // Credentials are located in the shared Bitwarden collection for Directory Connector testing.
 // Place the .env file attachment in the utils folder.
 // Load .env variables
 dotenvConfig({ path: "utils/.env" });
 // These filters target integration test data.
 // These should return data that matches the user and group fixtures exactly.
 // There may be additional data present if not used.
 const INTEGRATION_USER_FILTER = "|orgUnitPath='/Integration testing'";
 const INTEGRATION_GROUP_FILTER = "|name:Integration*";
 // These tests are slow!
 // Increase the default timeout from 5s to 15s
 jest.setTimeout(15000);
 describe("gsuiteDirectoryService", () => {
  let logService: MockProxy<LogService>;
  let i18nService: MockProxy<I18nService>;
  let stateService: MockProxy<StateService>;
  let directoryService: GSuiteDirectoryService;
  beforeEach(() => {
    logService = mock();
    i18nService = mock();
    stateService = mock();
    stateService.getDirectoryType.mockResolvedValue(DirectoryType.GSuite);
    stateService.getLastUserSync.mockResolvedValue(null); // do not filter results by last modified date
    i18nService.t.mockImplementation((id) => id); // passthrough implementation for any error  messages
    directoryService = new GSuiteDirectoryService(logService, i18nService, stateService);
  });
  it("syncs without using filters (includes test data)", async () => {
    const directoryConfig = getGSuiteConfiguration();
    stateService.getDirectory.calledWith(DirectoryType.GSuite).mockResolvedValue(directoryConfig);
    const syncConfig = getSyncConfiguration({
      groups: true,
      users: true,
    });
    stateService.getSync.mockResolvedValue(syncConfig);
    const result = await directoryService.getEntries(true, true);
    expect(result[0]).toEqual(expect.arrayContaining(groupFixtures));
    expect(result[1]).toEqual(expect.arrayContaining(userFixtures));
  });
  it("syncs using user and group filters (exact match for test data)", async () => {
    const directoryConfig = getGSuiteConfiguration();
    stateService.getDirectory.calledWith(DirectoryType.GSuite).mockResolvedValue(directoryConfig);
    const syncConfig = getSyncConfiguration({
      groups: true,
      users: true,
      userFilter: INTEGRATION_USER_FILTER,
      groupFilter: INTEGRATION_GROUP_FILTER,
    });
    stateService.getSync.mockResolvedValue(syncConfig);
    const result = await directoryService.getEntries(true, true);
    expect(result).toEqual([groupFixtures, userFixtures]);
  });
 });
--- a/src/services/directory-services/directory.service.ts
+++ b/src/services/directory-services/directory.service.ts
@@ -1,5 +1,5 @@
-import { GroupEntry } from "../../models/groupEntry";
+import { GroupEntry } from "../models/groupEntry";
-import { UserEntry } from "../../models/userEntry";
+import { UserEntry } from "../models/userEntry";
 export interface IDirectoryService {
  getEntries(force: boolean, test: boolean): Promise<[GroupEntry[], UserEntry[]]>;
--- a/src/services/directory-services/entra-id-directory.service.ts
+++ b/src/services/directory-services/entra-id-directory.service.ts
@@ -7,14 +7,14 @@ import * as graphType from "@microsoft/microsoft-graph-types";
 import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
 import { LogService } from "@/jslib/common/src/abstractions/log.service";
-import { StateService } from "../../abstractions/state.service";
+import { StateService } from "../abstractions/state.service";
-import { DirectoryType } from "../../enums/directoryType";
+import { DirectoryType } from "../enums/directoryType";
-import { EntraIdConfiguration } from "../../models/entraIdConfiguration";
+import { EntraIdConfiguration } from "../models/entraIdConfiguration";
-import { GroupEntry } from "../../models/groupEntry";
+import { GroupEntry } from "../models/groupEntry";
-import { SyncConfiguration } from "../../models/syncConfiguration";
+import { SyncConfiguration } from "../models/syncConfiguration";
-import { UserEntry } from "../../models/userEntry";
+import { UserEntry } from "../models/userEntry";
 import { BaseDirectoryService } from "../baseDirectory.service";
 import { BaseDirectoryService } from "./baseDirectory.service";
 import { IDirectoryService } from "./directory.service";
 const EntraIdPublicIdentityAuthority = "login.microsoftonline.com";
--- a/src/services/directory-services/gsuite-directory.service.ts
+++ b/src/services/directory-services/gsuite-directory.service.ts
@@ -4,14 +4,14 @@ import { admin_directory_v1, google } from "googleapis";
 import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
 import { LogService } from "@/jslib/common/src/abstractions/log.service";
-import { StateService } from "../../abstractions/state.service";
+import { StateService } from "../abstractions/state.service";
-import { DirectoryType } from "../../enums/directoryType";
+import { DirectoryType } from "../enums/directoryType";
-import { GroupEntry } from "../../models/groupEntry";
+import { GroupEntry } from "../models/groupEntry";
-import { GSuiteConfiguration } from "../../models/gsuiteConfiguration";
+import { GSuiteConfiguration } from "../models/gsuiteConfiguration";
-import { SyncConfiguration } from "../../models/syncConfiguration";
+import { SyncConfiguration } from "../models/syncConfiguration";
-import { UserEntry } from "../../models/userEntry";
+import { UserEntry } from "../models/userEntry";
 import { BaseDirectoryService } from "../baseDirectory.service";
 import { BaseDirectoryService } from "./baseDirectory.service";
 import { IDirectoryService } from "./directory.service";
 export class GSuiteDirectoryService extends BaseDirectoryService implements IDirectoryService {
@@ -253,15 +253,7 @@ export class GSuiteDirectoryService extends BaseDirectoryService implements IDir
      ],
    });
-    try {
+    await this.client.authorize();
      await this.client.authorize();
    } catch (error) {
      // Catch and rethrow this to sanitize any sensitive info (e.g. private key) in the error message
      this.logService.error(
        `Google Workspace authentication failed: ${error?.name || "Unknown error"}`,
      );
      throw new Error(this.i18nService.t("authenticationFailed"));
    }
    this.authParams = {
      auth: this.client,
--- a/src/services/directory-services/ldap-directory.service.integration.spec.ts
+++ b/src/services/directory-services/ldap-directory.service.integration.spec.ts
@@ -1,17 +1,14 @@
 import { mock, MockProxy } from "jest-mock-extended";
-import { I18nService } from "../../../jslib/common/src/abstractions/i18n.service";
+import { I18nService } from "../../jslib/common/src/abstractions/i18n.service";
-import { LogService } from "../../../jslib/common/src/abstractions/log.service";
+import { LogService } from "../../jslib/common/src/abstractions/log.service";
-import {
+import { groupFixtures } from "../../openldap/group-fixtures";
-  getLdapConfiguration,
+import { userFixtures } from "../../openldap/user-fixtures";
-  getSyncConfiguration,
+import { DirectoryType } from "../enums/directoryType";
-} from "../../../utils/openldap/config-fixtures";
+import { getLdapConfiguration, getSyncConfiguration } from "../utils/test-fixtures";
 import { groupFixtures } from "../../../utils/openldap/group-fixtures";
 import { userFixtures } from "../../../utils/openldap/user-fixtures";
 import { DirectoryType } from "../../enums/directoryType";
 import { StateService } from "../state.service";
 import { LdapDirectoryService } from "./ldap-directory.service";
 import { StateService } from "./state.service";
 // These tests integrate with the OpenLDAP docker image and seed data located in the openldap folder.
 // To run theses tests:
@@ -55,7 +52,7 @@ describe("ldapDirectoryService", () => {
        getLdapConfiguration({
          ssl: true,
          startTls: true,
-          tlsCaPath: "./utils/openldap/certs/rootCA.pem",
+          tlsCaPath: "./openldap/certs/rootCA.pem",
        }),
      );
      stateService.getSync.mockResolvedValue(getSyncConfiguration({ groups: true, users: true }));
@@ -70,7 +67,7 @@ describe("ldapDirectoryService", () => {
        getLdapConfiguration({
          port: 1636,
          ssl: true,
-          sslCaPath: "./utils/openldap/certs/rootCA.pem",
+          sslCaPath: "./openldap/certs/rootCA.pem",
        }),
      );
      stateService.getSync.mockResolvedValue(getSyncConfiguration({ groups: true, users: true }));
--- a/src/services/directory-services/ldap-directory.service.ts
+++ b/src/services/directory-services/ldap-directory.service.ts
@@ -7,12 +7,12 @@ import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
 import { LogService } from "@/jslib/common/src/abstractions/log.service";
 import { Utils } from "@/jslib/common/src/misc/utils";
-import { StateService } from "../../abstractions/state.service";
+import { StateService } from "../abstractions/state.service";
-import { DirectoryType } from "../../enums/directoryType";
+import { DirectoryType } from "../enums/directoryType";
-import { GroupEntry } from "../../models/groupEntry";
+import { GroupEntry } from "../models/groupEntry";
-import { LdapConfiguration } from "../../models/ldapConfiguration";
+import { LdapConfiguration } from "../models/ldapConfiguration";
-import { SyncConfiguration } from "../../models/syncConfiguration";
+import { SyncConfiguration } from "../models/syncConfiguration";
-import { UserEntry } from "../../models/userEntry";
+import { UserEntry } from "../models/userEntry";
 import { IDirectoryService } from "./directory.service";
@@ -118,7 +118,7 @@ export class LdapDirectoryService implements IDirectoryService {
        [delControl],
      );
      return regularUsers.concat(deletedUsers);
-    } catch {
+    } catch (e) {
      this.logService.warning("Cannot query deleted users.");
      return regularUsers;
    }
@@ -192,21 +192,14 @@ export class LdapDirectoryService implements IDirectoryService {
      this.syncConfig.userFilter,
    );
    const userPath = this.makeSearchPath(this.syncConfig.userPath);
-    const userDnMap = new Map<string, string>();
+    const userIdMap = new Map<string, string>();
    const userUidMap = new Map<string, string>();
    await this.search<string>(userPath, userFilter, (se: any) => {
-      const dn = this.getReferenceId(se);
+      userIdMap.set(this.getReferenceId(se), this.getExternalId(se, this.getReferenceId(se)));
      const uid = this.getAttr<string>(se, "uid");
      const externalId = this.getExternalId(se, dn);
      userDnMap.set(dn, externalId);
      if (uid != null) {
        userUidMap.set(uid.toLowerCase(), externalId);
      }
      return se;
    });
    for (const se of groupSearchEntries) {
-      const group = this.buildGroup(se, userDnMap, userUidMap);
+      const group = this.buildGroup(se, userIdMap);
      if (group != null) {
        entries.push(group);
      }
@@ -215,20 +208,7 @@ export class LdapDirectoryService implements IDirectoryService {
    return entries;
  }
-  /**
+  private buildGroup(searchEntry: any, userMap: Map<string, string>) {
   * Builds a GroupEntry from LDAP search results, including membership.
   * Supports user membership by DN or UID and nested group membership by DN.
   *
   * @param searchEntry - The LDAP search entry containing group data
   * @param userDnMap - Map of user DNs to their external IDs
   * @param userUidMap - Map of user UIDs to their external IDs
   * @returns A populated GroupEntry object, or null if the group lacks required properties
   */
  private buildGroup(
    searchEntry: any,
    userDnMap: Map<string, string>,
    userUidMap: Map<string, string>,
  ) {
    const group = new GroupEntry();
    group.referenceId = this.getReferenceId(searchEntry);
    if (group.referenceId == null) {
@@ -248,34 +228,11 @@ export class LdapDirectoryService implements IDirectoryService {
    const members = this.getAttrVals<string>(searchEntry, this.syncConfig.memberAttribute);
    if (members != null) {
-      // Parses a group member attribute and identifies it as a member DN, member Uid, or a group Dn
+      for (const memDn of members) {
-      const getMemberAttributeType = (member: string): "memberDn" | "memberUid" | "groupDn" => {
+        if (userMap.has(memDn) && !group.userMemberExternalIds.has(userMap.get(memDn))) {
-        const isDnLike = member.includes("=") && member.includes(",");
+          group.userMemberExternalIds.add(userMap.get(memDn));
-        if (isDnLike) {
+        } else if (!group.groupMemberReferenceIds.has(memDn)) {
-          return userDnMap.has(member) ? "memberDn" : "groupDn";
+          group.groupMemberReferenceIds.add(memDn);
        }
        return "memberUid";
      };
      for (const member of members) {
        switch (getMemberAttributeType(member)) {
          case "memberDn": {
            const externalId = userDnMap.get(member);
            if (externalId != null) {
              group.userMemberExternalIds.add(externalId);
            }
            break;
          }
          case "memberUid": {
            const externalId = userUidMap.get(member.toLowerCase());
            if (externalId != null) {
              group.userMemberExternalIds.add(externalId);
            }
            break;
          }
          case "groupDn":
            group.groupMemberReferenceIds.add(member);
            break;
        }
      }
    }
--- a/src/services/directory-services/okta-directory.service.ts
+++ b/src/services/directory-services/okta-directory.service.ts
@@ -3,14 +3,14 @@ import * as https from "https";
 import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
 import { LogService } from "@/jslib/common/src/abstractions/log.service";
-import { StateService } from "../../abstractions/state.service";
+import { StateService } from "../abstractions/state.service";
-import { DirectoryType } from "../../enums/directoryType";
+import { DirectoryType } from "../enums/directoryType";
-import { GroupEntry } from "../../models/groupEntry";
+import { GroupEntry } from "../models/groupEntry";
-import { OktaConfiguration } from "../../models/oktaConfiguration";
+import { OktaConfiguration } from "../models/oktaConfiguration";
-import { SyncConfiguration } from "../../models/syncConfiguration";
+import { SyncConfiguration } from "../models/syncConfiguration";
-import { UserEntry } from "../../models/userEntry";
+import { UserEntry } from "../models/userEntry";
 import { BaseDirectoryService } from "../baseDirectory.service";
 import { BaseDirectoryService } from "./baseDirectory.service";
 import { IDirectoryService } from "./directory.service";
 const DelayBetweenBuildGroupCallsInMilliseconds = 500;
--- a/src/services/directory-services/onelogin-directory.service.ts
+++ b/src/services/directory-services/onelogin-directory.service.ts
@@ -1,14 +1,14 @@
 import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
 import { LogService } from "@/jslib/common/src/abstractions/log.service";
-import { StateService } from "../../abstractions/state.service";
+import { StateService } from "../abstractions/state.service";
-import { DirectoryType } from "../../enums/directoryType";
+import { DirectoryType } from "../enums/directoryType";
-import { GroupEntry } from "../../models/groupEntry";
+import { GroupEntry } from "../models/groupEntry";
-import { OneLoginConfiguration } from "../../models/oneLoginConfiguration";
+import { OneLoginConfiguration } from "../models/oneLoginConfiguration";
-import { SyncConfiguration } from "../../models/syncConfiguration";
+import { SyncConfiguration } from "../models/syncConfiguration";
-import { UserEntry } from "../../models/userEntry";
+import { UserEntry } from "../models/userEntry";
 import { BaseDirectoryService } from "../baseDirectory.service";
 import { BaseDirectoryService } from "./baseDirectory.service";
 import { IDirectoryService } from "./directory.service";
 // Basic email validation: something@something.something
--- a/src/services/single-request-builder.spec.ts
+++ b/src/services/single-request-builder.spec.ts
@@ -2,8 +2,8 @@ import { GetUniqueString } from "@/jslib/common/spec/utils";
 import { UserEntry } from "@/src/models/userEntry";
 import { groupSimulator, userSimulator } from "../../utils/request-builder-helper";
 import { RequestBuilderOptions } from "../abstractions/request-builder.service";
 import { groupSimulator, userSimulator } from "../utils/request-builder-helper";
 import { SingleRequestBuilder } from "./single-request-builder";
--- a/src/services/sync.service.integration.spec.ts
+++ b/src/services/sync.service.integration.spec.ts
@@ -7,20 +7,19 @@ import { EnvironmentService } from "@/jslib/common/src/services/environment.serv
 import { I18nService } from "../../jslib/common/src/abstractions/i18n.service";
 import { LogService } from "../../jslib/common/src/abstractions/log.service";
-import { getLdapConfiguration, getSyncConfiguration } from "../../utils/openldap/config-fixtures";
+import { groupFixtures } from "../../openldap/group-fixtures";
 import { userFixtures } from "../../openldap/user-fixtures";
 import { DirectoryFactoryService } from "../abstractions/directory-factory.service";
 import { DirectoryType } from "../enums/directoryType";
 import { getLdapConfiguration, getSyncConfiguration } from "../utils/test-fixtures";
 import { BatchRequestBuilder } from "./batch-request-builder";
-import { LdapDirectoryService } from "./directory-services/ldap-directory.service";
+import { LdapDirectoryService } from "./ldap-directory.service";
 import { SingleRequestBuilder } from "./single-request-builder";
 import { StateService } from "./state.service";
 import { SyncService } from "./sync.service";
 import * as constants from "./sync.service";
 import { groupFixtures } from "@/utils/openldap/group-fixtures";
 import { userFixtures } from "@/utils/openldap/user-fixtures";
 describe("SyncService", () => {
  let logService: MockProxy<LogService>;
  let i18nService: MockProxy<I18nService>;
@@ -124,10 +123,7 @@ describe("SyncService", () => {
      expect(apiService.postPublicImportDirectory).toHaveBeenCalledWith(
        expect.objectContaining({ overwriteExisting: false }),
      );
-
+      expect(apiService.postPublicImportDirectory).toHaveBeenCalledTimes(6);
      // The expected number of calls may change if more data is added to the ldif
      // Make sure it equals (number of users / 4) + (number of groups / 4)
      expect(apiService.postPublicImportDirectory).toHaveBeenCalledTimes(7);
      // @ts-expect-error Reset batch size to original state.
      constants.batchSize = originalBatchSize;
--- a/src/services/sync.service.spec.ts
+++ b/src/services/sync.service.spec.ts
@@ -6,20 +6,20 @@ import { MessagingService } from "@/jslib/common/src/abstractions/messaging.serv
 import { OrganizationImportRequest } from "@/jslib/common/src/models/request/organizationImportRequest";
 import { ApiService } from "@/jslib/common/src/services/api.service";
 import { getSyncConfiguration } from "../../utils/openldap/config-fixtures";
 import { DirectoryFactoryService } from "../abstractions/directory-factory.service";
 import { DirectoryType } from "../enums/directoryType";
 import { getSyncConfiguration } from "../utils/test-fixtures";
 import { BatchRequestBuilder } from "./batch-request-builder";
 import { LdapDirectoryService } from "./directory-services/ldap-directory.service";
 import { I18nService } from "./i18n.service";
 import { LdapDirectoryService } from "./ldap-directory.service";
 import { SingleRequestBuilder } from "./single-request-builder";
 import { StateService } from "./state.service";
 import { SyncService } from "./sync.service";
 import * as constants from "./sync.service";
-import { groupFixtures } from "@/utils/openldap/group-fixtures";
+import { groupFixtures } from "@/openldap/group-fixtures";
-import { userFixtures } from "@/utils/openldap/user-fixtures";
+import { userFixtures } from "@/openldap/user-fixtures";
 describe("SyncService", () => {
  let cryptoFunctionService: MockProxy<CryptoFunctionService>;
--- a/src/utils/request-builder-helper.ts
+++ b/src/utils/request-builder-helper.ts
@@ -1,7 +1,7 @@
 import { GetUniqueString } from "@/jslib/common/spec/utils";
-import { GroupEntry } from "../src/models/groupEntry";
+import { GroupEntry } from "../models/groupEntry";
-import { UserEntry } from "../src/models/userEntry";
+import { UserEntry } from "../models/userEntry";
 export function userSimulator(userCount: number): UserEntry[] {
  const users: UserEntry[] = [];
--- a/utils/openldap/config-fixtures.ts
+++ b/utils/openldap/config-fixtures.ts
@@ -1,5 +1,5 @@
-import { LdapConfiguration } from "../../src/models/ldapConfiguration";
+import { LdapConfiguration } from "../models/ldapConfiguration";
-import { SyncConfiguration } from "../../src/models/syncConfiguration";
+import { SyncConfiguration } from "../models/syncConfiguration";
 /**
 * @returns a basic ldap configuration without TLS/SSL enabled. Can be overridden by passing in a partial configuration.
--- a/utils/.env.example
+++ b/utils/.env.example
@@ -1,4 +0,0 @@
 GOOGLE_DOMAIN=
 GOOGLE_ADMIN_USER=
 GOOGLE_CLIENT_EMAIL=
 GOOGLE_PRIVATE_KEY=
--- a/utils/google-workspace/config-fixtures.ts
+++ b/utils/google-workspace/config-fixtures.ts
@@ -1,56 +0,0 @@
 import { GSuiteConfiguration } from "../../src/models/gsuiteConfiguration";
 import { SyncConfiguration } from "../../src/models/syncConfiguration";
 /**
 * @returns a basic GSuite configuration. Can be overridden by passing in a partial configuration.
 */
 export const getGSuiteConfiguration = (
  config?: Partial<GSuiteConfiguration>,
 ): GSuiteConfiguration => {
  const adminUser = process.env.GOOGLE_ADMIN_USER;
  const clientEmail = process.env.GOOGLE_CLIENT_EMAIL;
  const privateKey = process.env.GOOGLE_PRIVATE_KEY;
  const domain = process.env.GOOGLE_DOMAIN;
  if (!adminUser || !clientEmail || !privateKey || !domain) {
    throw new Error("Google Workspace integration test credentials not configured.");
  }
  return {
    // TODO
    adminUser,
    clientEmail,
    privateKey,
    domain: domain,
    customer: "",
    ...(config ?? {}),
  };
 };
 /**
 * @returns a basic Google Workspace sync configuration. Can be overridden by passing in a partial configuration.
 */
 export const getSyncConfiguration = (config?: Partial<SyncConfiguration>): SyncConfiguration => ({
  users: false,
  groups: false,
  interval: 5,
  userFilter: "",
  groupFilter: "",
  removeDisabled: false,
  overwriteExisting: false,
  largeImport: false,
  // Ldap properties - not optional for some reason
  groupObjectClass: "",
  userObjectClass: "",
  groupPath: null,
  userPath: null,
  groupNameAttribute: "",
  userEmailAttribute: "",
  memberAttribute: "",
  useEmailPrefixSuffix: false,
  emailPrefixAttribute: "",
  emailSuffix: null,
  creationDateAttribute: "",
  revisionDateAttribute: "",
  ...(config ?? {}),
 });
--- a/utils/google-workspace/group-fixtures.ts
+++ b/utils/google-workspace/group-fixtures.ts
@@ -1,26 +0,0 @@
 import { Jsonify } from "type-fest";
 import { GroupEntry } from "../../src/models/groupEntry";
 // These must match the Google Workspace seed data
 const data: Jsonify<GroupEntry>[] = [
  {
    externalId: "0319y80a3anpxhj",
    groupMemberReferenceIds: [],
    name: "Integration Test Group A",
    referenceId: "0319y80a3anpxhj",
    userMemberExternalIds: ["111605910541641314041", "111147009830456099026"],
    users: [],
  },
  {
    externalId: "02afmg28317uyub",
    groupMemberReferenceIds: [],
    name: "Integration Test Group B",
    referenceId: "02afmg28317uyub",
    userMemberExternalIds: ["111147009830456099026", "100150970267699397306"],
    users: [],
  },
 ];
 export const groupFixtures = data.map((g) => GroupEntry.fromJSON(g));
--- a/utils/google-workspace/user-fixtures.ts
+++ b/utils/google-workspace/user-fixtures.ts
@@ -1,50 +0,0 @@
 import { Jsonify } from "type-fest";
 import { UserEntry } from "../../src/models/userEntry";
 // These must match the Google Workspace seed data
 const data: Jsonify<UserEntry>[] = [
  // In Group A
  {
    deleted: false,
    disabled: false,
    email: "testuser1@bwrox.dev",
    externalId: "111605910541641314041",
    referenceId: "111605910541641314041",
  },
  // In Groups A + B
  {
    deleted: false,
    disabled: false,
    email: "testuser2@bwrox.dev",
    externalId: "111147009830456099026",
    referenceId: "111147009830456099026",
  },
  // In Group B
  {
    deleted: false,
    disabled: false,
    email: "testuser3@bwrox.dev",
    externalId: "100150970267699397306",
    referenceId: "100150970267699397306",
  },
  // Not in a group
  {
    deleted: false,
    disabled: false,
    email: "testuser4@bwrox.dev",
    externalId: "113764752650306721470",
    referenceId: "113764752650306721470",
  },
  // Disabled user
  {
    deleted: false,
    disabled: true,
    email: "testuser5@bwrox.dev",
    externalId: "110381976819725658200",
    referenceId: "110381976819725658200",
  },
 ];
 export const userFixtures = data.map((g) => UserEntry.fromJSON(g));
--- a/utils/openldap/mkcert.sh
+++ b/utils/openldap/mkcert.sh
@@ -1,10 +0,0 @@
 if ! [ -x "$(command -v mkcert)" ]; then
  echo 'Error: mkcert is not installed. Install mkcert first and then re-run this script.'
  echo 'e.g. brew install mkcert'
  exit 1
 fi
 mkcert -install
 mkdir -p ./utils/openldap/certs
 cp "$(mkcert -CAROOT)/rootCA.pem" ./utils/openldap/certs/rootCA.pem
 mkcert -key-file ./utils/openldap/certs/openldap-key.pem -cert-file ./utils/openldap/certs/openldap.pem localhost openldap
Author	SHA1	Message	Date
jrmccannon	79696a4889	update package-lock.json	2025-07-22 14:10:49 -05:00
jrmccannon	e1ba811306	testing for Ac	2025-07-22 11:44:01 -05:00