[BRE-831] migrate secrets AKV (#796 )

[PM-32177] - Fixing Backward Compatibility with Azure AD (#813 )
* Updating the fetching of the config and key to check entra and check azure afterwards. * Making this camelCase to match other values. (cherry picked from commit 284206b735)
2025-12-05 23:53:21 +00:00 · 2025-07-10 12:05:51 -05:00 · 2025-07-02 09:36:03 -05:00 · 2025-06-30 14:08:03 -05:00 · 2025-06-27 08:28:04 -05:00 · 2025-06-26 14:49:56 +01:00
487 changed files with 424613 additions and 26450 deletions
--- a/.depcheckrc
+++ b/.depcheckrc
@@ -0,0 +1 @@
+ignores: ["*-loader", "webpack-cli", "@types/jest"]
--- a/.editorconfig
+++ b/.editorconfig
@@ -7,10 +7,9 @@ root = true
 [*]
 end_of_line = lf
 insert_final_newline = true
-quote_type = single

 # Set default charset
 [*.{js,ts,scss,html}]
 charset = utf-8
 indent_style = space
-indent_size = 4
+indent_size = 2
--- a/.eslintignore
+++ b/.eslintignore
@@ -0,0 +1,10 @@
+dist
+build
+build-cli
+webpack.cli.js
+webpack.main.js
+webpack.renderer.js
+
+**/node_modules
+
+**/jest.config.js
--- a/.eslintrc.json
+++ b/.eslintrc.json
@@ -0,0 +1,95 @@
+{
+  "root": true,
+  "env": {
+    "browser": true,
+    "node": true
+  },
+  "overrides": [
+    {
+      "files": ["*.ts", "*.js"],
+      "plugins": ["@typescript-eslint", "rxjs", "rxjs-angular", "import"],
+      "parser": "@typescript-eslint/parser",
+      "parserOptions": {
+        "project": ["./tsconfig.eslint.json"],
+        "sourceType": "module",
+        "ecmaVersion": 2020
+      },
+      "extends": [
+        "eslint:recommended",
+        "plugin:@typescript-eslint/recommended",
+        "plugin:import/recommended",
+        "plugin:import/typescript",
+        "prettier",
+        "plugin:rxjs/recommended"
+      ],
+      "settings": {
+        "import/parsers": {
+          "@typescript-eslint/parser": [".ts"]
+        },
+        "import/resolver": {
+          "typescript": {
+            "alwaysTryTypes": true
+          }
+        }
+      },
+      "rules": {
+        "@typescript-eslint/explicit-member-accessibility": [
+          "error",
+          { "accessibility": "no-public" }
+        ],
+        "@typescript-eslint/no-explicit-any": "off", // TODO: This should be re-enabled
+        "@typescript-eslint/no-misused-promises": ["error", { "checksVoidReturn": false }],
+        "@typescript-eslint/no-this-alias": ["error", { "allowedNames": ["self"] }],
+        "@typescript-eslint/no-unused-vars": ["error", { "args": "none" }],
+        "no-console": "error",
+        "import/no-unresolved": "off", // TODO: Look into turning off once each package is an actual package.
+        "import/order": [
+          "error",
+          {
+            "alphabetize": {
+              "order": "asc"
+            },
+            "newlines-between": "always",
+            "pathGroups": [
+              {
+                "pattern": "@/jslib/**/*",
+                "group": "external",
+                "position": "after"
+              },
+              {
+                "pattern": "@/src/**/*",
+                "group": "parent",
+                "position": "before"
+              }
+            ],
+            "pathGroupsExcludedImportTypes": ["builtin"]
+          }
+        ],
+        "rxjs-angular/prefer-takeuntil": "error",
+        "rxjs/no-exposed-subjects": ["error", { "allowProtected": true }],
+        "no-restricted-syntax": [
+          "error",
+          {
+            "message": "Calling `svgIcon` directly is not allowed",
+            "selector": "CallExpression[callee.name='svgIcon']"
+          },
+          {
+            "message": "Accessing FormGroup using `get` is not allowed, use `.value` instead",
+            "selector": "ChainExpression[expression.object.callee.property.name='get'][expression.property.name='value']"
+          }
+        ],
+        "curly": ["error", "all"],
+        "import/namespace": ["off"], // This doesn't resolve namespace imports correctly, but TS will throw for this anyway
+        "no-restricted-imports": ["error", { "patterns": ["src/**/*"] }]
+      }
+    },
+    {
+      "files": ["*.html"],
+      "parser": "@angular-eslint/template-parser",
+      "plugins": ["@angular-eslint/template"],
+      "rules": {
+        "@angular-eslint/template/button-has-type": "error"
+      }
+    }
+  ]
+}
--- a/.git-blame-ignore-revs
+++ b/.git-blame-ignore-revs
@@ -0,0 +1,2 @@
+# Apply Prettier https://github.com/bitwarden/directory-connector/pull/194
+096196fcd512944d1c3d9c007647a1319b032639
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -0,0 +1,8 @@
+# Please sort into logical groups with comment headers. Sort groups in order of specificity.
+# For example, default owners should always be the first group.
+# Sort lines alphabetically within these groups to avoid accidentally adding duplicates.
+#
+# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
+
+# Default file owners.
+* @bitwarden/team-admin-console-dev
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,34 @@
+## 🎟️ Tracking
+
+<!-- Paste the link to the Jira or GitHub issue or otherwise describe / point to where this change is coming from. -->
+
+## 📔 Objective
+
+<!-- Describe what the purpose of this PR is, for example what bug you're fixing or new feature you're adding. -->
+
+## 📸 Screenshots
+
+<!-- Required for any UI changes; delete if not applicable. Use fixed width images for better display. -->
+
+## ⏰ Reminders before review
+
+- Contributor guidelines followed
+- All formatters and local linters executed and passed
+- Written new unit and / or integration tests where applicable
+- Used internationalization (i18n) for all UI strings
+- CI builds passed
+- Communicated to DevOps any deployment requirements
+- Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team
+
+## 🦮 Reviewer guidelines
+
+<!-- Suggested interactions but feel free to use (or not) as you desire! -->
+
+- 👍 (`:+1:`) or similar for great changes
+- 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info
+- ❓ (`:question:`) for questions
+- 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
+- 🎨 (`:art:`) for suggestions / improvements
+- ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or concerns needing attention
+- 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or indications of technical debt
+- ⛏ (`:pick:`) for minor or nitpick changes
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -0,0 +1,18 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": ["github>bitwarden/renovate-config"],
+  "enabledManagers": ["github-actions", "npm"],
+  "packageRules": [
+    {
+      "groupName": "gh minor",
+      "matchManagers": ["github-actions"],
+      "matchUpdateTypes": ["minor", "patch"]
+    },
+    {
+      "groupName": "Google Libraries",
+      "matchPackagePatterns": ["google-auth-library", "googleapis"],
+      "matchManagers": ["npm"],
+      "groupSlug": "google-libraries"
+    }
+  ]
+}
--- a/.github/secrets/devid-app-cert.p12.gpg
+++ b/.github/secrets/devid-app-cert.p12.gpg
--- a/.github/secrets/devid-installer-cert.p12.gpg
+++ b/.github/secrets/devid-installer-cert.p12.gpg
--- a/.github/secrets/macdev-cert.p12.gpg
+++ b/.github/secrets/macdev-cert.p12.gpg
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,19 +1,26 @@
---
 name: Build

 on:
+  pull_request: {}
  push:
-    branches-ignore:
-      - 'l10n_master'
+    branches:
+      - "main"
+      - "rc"
+      - "hotfix-rc"
+  workflow_dispatch: {}

+permissions:
+  contents: read

 jobs:
  cloc:
    name: CLOC
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
    steps:
      - name: Checkout repo
-        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f  # v2.3.4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Set up CLOC
        run: |
@@ -26,31 +33,198 @@ jobs:

  setup:
    name: Setup
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
    outputs:
      package_version: ${{ steps.retrieve-version.outputs.package_version }}
    steps:
      - name: Checkout repo
-        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f  # v2.3.4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Get Package Version
        id: retrieve-version
        run: |
-          PKG_VERSION=$(jq -r .version src/package.json)
-          echo "::set-output name=package_version::$PKG_VERSION"
+          PKG_VERSION=$(jq -r .version package.json)
+          echo "package_version=$PKG_VERSION" >> $GITHUB_OUTPUT


-  cli:
-    name: CLI
-    runs-on: windows-2019
+  linux-cli:
+    name: Build Linux CLI
+    runs-on: ubuntu-24.04
    needs: setup
    env:
      _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
-      _WIN_PKG_FETCH_VERSION: 14.17.6
-      _WIN_PKG_VERSION: 3.2
+      _PKG_FETCH_NODE_VERSION: 18.5.0
+      _PKG_FETCH_VERSION: 3.4
+    permissions:
+      contents: read
    steps:
      - name: Checkout repo
-        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f  # v2.3.4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Set up Node
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+          node-version: '18'
+
+      - name: Update NPM
+        run: |
+          npm install -g node-gyp
+          node-gyp install $(node -v)
+
+      - name: Get pkg-fetch
+        run: |
+          cd $HOME
+          fetchedUrl="https://github.com/vercel/pkg-fetch/releases/download/v$_PKG_FETCH_VERSION/node-v$_PKG_FETCH_NODE_VERSION-linux-x64"
+
+          mkdir -p .pkg-cache/v$_PKG_FETCH_VERSION
+          wget $fetchedUrl -O "./.pkg-cache/v$_PKG_FETCH_VERSION/fetched-v$_PKG_FETCH_NODE_VERSION-linux-x64"
+
+      - name: Keytar
+        run: |
+          keytarVersion=$(cat package.json | jq -r '.dependencies.keytar')
+          keytarTar="keytar-v$keytarVersion-napi-v3-linux-x64.tar"
+
+          keytarTarGz="$keytarTar.gz"
+          keytarUrl="https://github.com/atom/node-keytar/releases/download/v$keytarVersion/$keytarTarGz"
+
+          mkdir -p ./keytar/linux
+          wget $keytarUrl -O ./keytar/linux/$keytarTarGz
+          tar -xvf ./keytar/linux/$keytarTarGz -C ./keytar/linux
+
+      - name: Install
+        run: npm install
+
+      - name: Package CLI
+        run: npm run dist:cli:lin
+
+      - name: Zip
+        run: zip -j dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip dist-cli/linux/bwdc keytar/linux/build/Release/keytar.node
+
+      - name: Version Test
+        run: |
+          sudo apt-get update
+          sudo apt install libsecret-1-0 dbus-x11 gnome-keyring
+          eval $(dbus-launch --sh-syntax)
+
+          eval $(echo -n "" | /usr/bin/gnome-keyring-daemon --login)
+          eval $(/usr/bin/gnome-keyring-daemon --components=secrets --start)
+
+          mkdir -p test/linux
+          unzip ./dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip -d ./test/linux
+
+          testVersion=$(./test/linux/bwdc -v)
+
+          echo "version: $_PACKAGE_VERSION"
+          echo "testVersion: $testVersion"
+
+          if [ "$testVersion" != "$_PACKAGE_VERSION" ]; then
+            echo "Version test failed."
+            exit 1
+          fi
+
+      - name: Upload Linux Zip to GitHub
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        with:
+          name: bwdc-linux-${{ env._PACKAGE_VERSION }}.zip
+          path: ./dist-cli/bwdc-linux-${{ env._PACKAGE_VERSION }}.zip
+          if-no-files-found: error
+
+
+  macos-cli:
+    name: Build Mac CLI
+    runs-on: macos-13
+    needs: setup
+    permissions:
+      contents: read
+    env:
+      _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
+      _PKG_FETCH_NODE_VERSION: 18.5.0
+      _PKG_FETCH_VERSION: 3.4
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Set up Node
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+          node-version: '18'
+
+      - name: Update NPM
+        run: |
+          npm install -g node-gyp
+          node-gyp install $(node -v)
+
+      - name: Get pkg-fetch
+        run: |
+          cd $HOME
+          fetchedUrl="https://github.com/vercel/pkg-fetch/releases/download/v$_PKG_FETCH_VERSION/node-v$_PKG_FETCH_NODE_VERSION-macos-x64"
+
+          mkdir -p .pkg-cache/v$_PKG_FETCH_VERSION
+          wget $fetchedUrl -O "./.pkg-cache/v$_PKG_FETCH_VERSION/fetched-v$_PKG_FETCH_NODE_VERSION-macos-x64"
+
+      - name: Keytar
+        run: |
+          keytarVersion=$(cat package.json | jq -r '.dependencies.keytar')
+          keytarTar="keytar-v$keytarVersion-napi-v3-darwin-x64.tar"
+
+          keytarTarGz="$keytarTar.gz"
+          keytarUrl="https://github.com/atom/node-keytar/releases/download/v$keytarVersion/$keytarTarGz"
+
+          mkdir -p ./keytar/macos
+          wget $keytarUrl -O ./keytar/macos/$keytarTarGz
+          tar -xvf ./keytar/macos/$keytarTarGz -C ./keytar/macos
+
+      - name: Install
+        run: npm install
+
+      - name: Package CLI
+        run: npm run dist:cli:mac
+
+      - name: Zip
+        run: zip -j dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip dist-cli/macos/bwdc keytar/macos/build/Release/keytar.node
+
+      - name: Version Test
+        run: |
+          mkdir -p test/macos
+          unzip ./dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip -d ./test/macos
+
+          testVersion=$(./test/macos/bwdc -v)
+
+          echo "version: $_PACKAGE_VERSION"
+          echo "testVersion: $testVersion"
+
+          if [ "$testVersion" != "$_PACKAGE_VERSION" ]; then
+            echo "Version test failed."
+            exit 1
+          fi
+
+      - name: Upload Mac Zip to GitHub
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        with:
+          name: bwdc-macos-${{ env._PACKAGE_VERSION }}.zip
+          path: ./dist-cli/bwdc-macos-${{ env._PACKAGE_VERSION }}.zip
+          if-no-files-found: error
+
+
+  windows-cli:
+    name: Build Windows CLI
+    runs-on: windows-2022
+    needs: setup
+    permissions:
+      contents: read
+    env:
+      _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
+      _WIN_PKG_FETCH_VERSION: 18.5.0
+      _WIN_PKG_VERSION: 3.4
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Setup Windows builder
        run: |
@@ -58,23 +232,17 @@ jobs:
          choco install reshack --no-progress

      - name: Set up Node
-        uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
        with:
-          node-version: '14'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+          node-version: '18'

      - name: Update NPM
        run: |
-          npm install -g npm@7
          npm install -g node-gyp
          node-gyp install $(node -v)

-      - name: Setting WIN_PKG
-        run: |
-          echo "WIN_PKG=$env:WIN_PKG" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
-          echo "version: $env:pkgVersion"
-        env:
-          WIN_PKG: C:\Users\runneradmin\.pkg-cache\v3.0\fetched-v14.16.1-win-x64
-
      - name: Get pkg-fetch
        shell: pwsh
        run: |
@@ -89,26 +257,17 @@ jobs:
      - name: Keytar
        shell: pwsh
        run: |
-          $keytarVersion = (Get-Content -Raw -Path ./src/package.json | ConvertFrom-Json).dependencies.keytar
-          $nodeModVersion = node -e "console.log(process.config.variables.node_module_version)"
-          $keytarTar = "keytar-v${keytarVersion}-node-v${nodeModVersion}-{0}-x64.tar"
+          $keytarVersion = (Get-Content -Raw -Path ./package.json | ConvertFrom-Json).dependencies.keytar
+          $keytarTar = "keytar-v${keytarVersion}-napi-v3-{0}-x64.tar"
          $keytarTarGz = "${keytarTar}.gz"
          $keytarUrl = "https://github.com/atom/node-keytar/releases/download/v${keytarVersion}/${keytarTarGz}"

-          New-Item -ItemType directory -Path ./keytar/macos | Out-Null
-          New-Item -ItemType directory -Path ./keytar/linux | Out-Null
          New-Item -ItemType directory -Path ./keytar/windows | Out-Null

-          Invoke-RestMethod -Uri $($keytarUrl -f "darwin") -OutFile "./keytar/macos/$($keytarTarGz -f "darwin")"
-          Invoke-RestMethod -Uri $($keytarUrl -f "linux") -OutFile "./keytar/linux/$($keytarTarGz -f "linux")"
          Invoke-RestMethod -Uri $($keytarUrl -f "win32") -OutFile "./keytar/windows/$($keytarTarGz -f "win32")"

-          7z e "./keytar/macos/$($keytarTarGz -f "darwin")" -o"./keytar/macos"
-          7z e "./keytar/linux/$($keytarTarGz -f "linux")" -o"./keytar/linux"
          7z e "./keytar/windows/$($keytarTarGz -f "win32")" -o"./keytar/windows"

-          7z e "./keytar/macos/$($keytarTar -f "darwin")" -o"./keytar/macos"
-          7z e "./keytar/linux/$($keytarTar -f "linux")" -o"./keytar/linux"
          7z e "./keytar/windows/$($keytarTar -f "win32")" -o"./keytar/windows"

      - name: Setup Version Info
@@ -163,180 +322,161 @@ jobs:
        run: npm install

      - name: Package CLI
-        run: npm run dist:cli
+        run: npm run dist:cli:win

      - name: Zip
        shell: cmd
-        run: |
-          7z a ./dist-cli/bwdc-windows-%_PACKAGE_VERSION%.zip ./dist-cli/windows/bwdc.exe ./keytar/windows/keytar.node
-          7z a ./dist-cli/bwdc-macos-%_PACKAGE_VERSION%.zip ./dist-cli/macos/bwdc ./keytar/macos/keytar.node
-          7z a ./dist-cli/bwdc-linux-%_PACKAGE_VERSION%.zip ./dist-cli/linux/bwdc ./keytar/linux/keytar.node
+        run: 7z a .\dist-cli\bwdc-windows-%_PACKAGE_VERSION%.zip .\dist-cli\windows\bwdc.exe .\keytar\windows\keytar.node

      - name: Version Test
+        shell: pwsh
        run: |
-          Expand-Archive -Path "./dist-cli/bwdc-windows-${env:_PACKAGE_VERSION}.zip" -DestinationPath "./test/windows"
-          $testVersion = Invoke-Expression '& ./test/windows/bwdc.exe -v'
-          echo "version: $env:_PACKAGE_VERSION"
+          Expand-Archive -Path "dist-cli\bwdc-windows-${{ env._PACKAGE_VERSION }}.zip" -DestinationPath "test\windows"
+          $testVersion = Invoke-Expression '& .\test\windows\bwdc.exe -v'
+          echo "version: ${env:_PACKAGE_VERSION}"
          echo "testVersion: $testVersion"
-          if($testVersion -ne $env:_PACKAGE_VERSION) {
+          if ($testVersion -ne ${env:_PACKAGE_VERSION}) {
            Throw "Version test failed."
          }

-      - name: Create checksums
-        run: |
-          checksum -f="./dist-cli/bwdc-windows-${env:_PACKAGE_VERSION}.zip" `
-            -t sha256 | Out-File ./dist-cli/bwdc-windows-sha256-${env:_PACKAGE_VERSION}.txt
-          checksum -f="./dist-cli/bwdc-macos-${env:_PACKAGE_VERSION}.zip" `
-            -t sha256 | Out-File ./dist-cli/bwdc-macos-sha256-${env:_PACKAGE_VERSION}.txt
-          checksum -f="./dist-cli/bwdc-linux-${env:_PACKAGE_VERSION}.zip" `
-            -t sha256 | Out-File ./dist-cli/bwdc-linux-sha256-${env:_PACKAGE_VERSION}.txt
-
      - name: Upload Windows Zip to GitHub
-        uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700  # v2.2.4
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
        with:
          name: bwdc-windows-${{ env._PACKAGE_VERSION }}.zip
          path: ./dist-cli/bwdc-windows-${{ env._PACKAGE_VERSION }}.zip
          if-no-files-found: error

-      - name: Upload Mac Zip to GitHub
-        uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700  # v2.2.4
-        with:
-          name: bwdc-macos-${{ env._PACKAGE_VERSION }}.zip
-          path: ./dist-cli/bwdc-macos-${{ env._PACKAGE_VERSION }}.zip
-          if-no-files-found: error
-
-      - name: Upload Linux Zip to GitHub
-        uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700  # v2.2.4
-        with:
-          name: bwdc-linux-${{ env._PACKAGE_VERSION }}.zip
-          path: ./dist-cli/bwdc-linux-${{ env._PACKAGE_VERSION }}.zip
-          if-no-files-found: error
-
-      - name: Upload Windows checksum to GitHub
-        uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700  # v2.2.4
-        with:
-          name: bwdc-windows-sha256-${{ env._PACKAGE_VERSION }}.txt
-          path: ./dist-cli/bwdc-windows-sha256-${{ env._PACKAGE_VERSION }}.txt
-          if-no-files-found: error
-
-      - name: Upload Mac checksum to GitHub
-        uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700  # v2.2.4
-        with:
-          name: bwdc-macos-sha256-${{ env._PACKAGE_VERSION }}.txt
-          path: ./dist-cli/bwdc-macos-sha256-${{ env._PACKAGE_VERSION }}.txt
-          if-no-files-found: error
-
-      - name: Upload Linux checksum to GitHub
-        uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700  # v2.2.4
-        with:
-          name: bwdc-linux-sha256-${{ env._PACKAGE_VERSION }}.txt
-          path: ./dist-cli/bwdc-linux-sha256-${{ env._PACKAGE_VERSION }}.txt
-          if-no-files-found: error
-

  windows-gui:
-    name: Windows GUI
-    runs-on: windows-2019
+    name: Build Windows GUI
+    runs-on: windows-2022
    needs: setup
+    permissions:
+      contents: read
+      id-token: write
    env:
+      NODE_OPTIONS: --max_old_space_size=4096
      _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
+      HUSKY: 0
    steps:
-      - name: Set up .NET
-        uses: actions/setup-dotnet@a71d1eb2c86af85faa8c772c03fb365e377e45ea
-        with:
-          dotnet-version: "3.1.x"
+      - name: Checkout repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Set up Node
-        uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
        with:
-          node-version: '14'
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+          node-version: '18'

      - name: Update NPM
        run: |
-          npm install -g npm@7
          npm install -g node-gyp
          node-gyp install $(node -v)

-      - name: Set Node options
-        run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
-        shell: pwsh
-
      - name: Print environment
        run: |
          node --version
          npm --version
-          dotnet --version

      - name: Install AST
-        uses: bitwarden/gh-actions/install-ast@f135c42c8596cb535c5bcb7523c0b2eef89709ac
-
-      - name: Checkout repo
-        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f  # v2.3.4
+        run: dotnet tool install --global AzureSignTool --version 4.0.1

      - name: Install Node dependencies
        run: npm install

-      - name: Run linter
-        run: npm run lint
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: "bitwarden-ci"
+          secrets: "code-signing-vault-url,
+            code-signing-client-id,
+            code-signing-tenant-id,
+            code-signing-client-secret,
+            code-signing-cert-name"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main

      - name: Build & Sign
        run: npm run dist:win
        env:
          ELECTRON_BUILDER_SIGN: 1
-          SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }}
-          SIGNING_CLIENT_ID: ${{ secrets.SIGNING_CLIENT_ID }}
-          SIGNING_TENANT_ID: ${{ secrets.SIGNING_TENANT_ID }}
-          SIGNING_CLIENT_SECRET: ${{ secrets.SIGNING_CLIENT_SECRET }}
-          SIGNING_CERT_NAME: ${{ secrets.SIGNING_CERT_NAME }}
-
-      - name: List Dist
-        run: dir ./dist
+          SIGNING_VAULT_URL: ${{ steps.retrieve-secrets.outputs.code-signing-vault-url }}
+          SIGNING_CLIENT_ID: ${{ steps.retrieve-secrets.outputs.code-signing-client-id }}
+          SIGNING_TENANT_ID: ${{ steps.retrieve-secrets.outputs.code-signing-tenant-id }}
+          SIGNING_CLIENT_SECRET: ${{ steps.retrieve-secrets.outputs.code-signing-client-secret }}
+          SIGNING_CERT_NAME: ${{ steps.retrieve-secrets.outputs.code-signing-cert-name }}

      - name: Upload Portable Executable to GitHub
-        uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700  # v2.2.4
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
        with:
          name: Bitwarden-Connector-Portable-${{ env._PACKAGE_VERSION }}.exe
          path: ./dist/Bitwarden-Connector-Portable-${{ env._PACKAGE_VERSION }}.exe
          if-no-files-found: error

      - name: Upload Installer Executable to GitHub
-        uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700  # v2.2.4
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
        with:
          name: Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe
          path: ./dist/Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe
          if-no-files-found: error

-
-  linux:
-    name: Linux
-    runs-on: ubuntu-20.04
-    needs: setup
-    env:
-      _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
-    steps:
-      - name: Set up Node
-        uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
+      - name: Upload Installer Executable Blockmap to GitHub
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
        with:
-          node-version: '14'
+          name: Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe.blockmap
+          path: ./dist/Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe.blockmap
+          if-no-files-found: error
+
+      - name: Upload latest auto-update artifact
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        with:
+          name: latest.yml
+          path: ./dist/latest.yml
+          if-no-files-found: error
+
+
+  linux-gui:
+    name: Build Linux GUI
+    runs-on: ubuntu-24.04
+    needs: setup
+    permissions:
+      contents: read
+    env:
+      NODE_OPTIONS: --max_old_space_size=4096
+      _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
+      HUSKY: 0
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Set up Node
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+          node-version: '18'

      - name: Update NPM
        run: |
-          npm install -g npm@7
          npm install -g node-gyp
          node-gyp install $(node -v)

-      - name: Set Node options
-        run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV
-
      - name: Set up environment
        run: |
          sudo apt-get update
          sudo apt-get -y install pkg-config libxss-dev libsecret-1-dev
          sudo apt-get -y install rpm

-      - name: Checkout repo
-        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f  # v2.3.4
-
      - name: NPM Install
        run: npm install

@@ -347,87 +487,108 @@ jobs:
        run: npm run dist:lin

      - name: Upload AppImage
-        uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700  # v2.2.4
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
        with:
          name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-x86_64.AppImage
          path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-x86_64.AppImage
          if-no-files-found: error

-
-  macos:
-    name: MacOS
-    runs-on: macos-11
-    needs: setup
-    env:
-      _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
-    steps:
-      - name: Set up Node
-        uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
+      - name: Upload latest auto-update artifact
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
        with:
-          node-version: '14'
+          name: latest-linux.yml
+          path: ./dist/latest-linux.yml
+          if-no-files-found: error
+
+
+  macos-gui:
+    name: Build MacOS GUI
+    runs-on: macos-13
+    needs: setup
+    permissions:
+      contents: read
+      id-token: write
+    env:
+      NODE_OPTIONS: --max_old_space_size=4096
+      _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
+      HUSKY: 0
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Set up Node
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+          node-version: '18'

      - name: Update NPM
        run: |
-          npm install -g npm@7
          npm install -g node-gyp
          node-gyp install $(node -v)

-      - name: Set Node options
-        run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV
-
      - name: Print environment
        run: |
          node --version
          npm --version
          echo "GitHub ref: $GITHUB_REF"
          echo "GitHub event: $GITHUB_EVENT"
-        shell: bash

-      - name: Checkout repo
-        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f  # v2.3.4
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}

-      - name: Decrypt secrets
-        env:
-          DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
-        shell: bash
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-directory-connector
+          secrets: "KEYCHAIN-PASSWORD,APP-STORE-CONNECT-AUTH-KEY,APP-STORE-CONNECT-TEAM-ISSUER"
+
+      - name: Get certificates
        run: |
-          mkdir -p $HOME/secrets
+          mkdir -p $HOME/certificates

-          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
-            --output "$HOME/secrets/devid-app-cert.p12" \
-            "$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg"
+          az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert |
+            jq -r .value | base64 -d > $HOME/certificates/devid-app-cert.p12

-          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
-            --output "$HOME/secrets/devid-installer-cert.p12" \
-            "$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg"
+          az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert |
+            jq -r .value | base64 -d > $HOME/certificates/devid-installer-cert.p12

-          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
-            --output "$HOME/secrets/macdev-cert.p12" \
-            "$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg"
+          az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
+            jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main

      - name: Set up keychain
        env:
-          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
-          DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }}
-          MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }}
-        shell: bash
+          KEYCHAIN_PASSWORD: ${{ steps.get-kv-secrets.outputs.KEYCHAIN-PASSWORD }}
        run: |
          security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
          security default-keychain -s build.keychain
          security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
          security set-keychain-settings -lut 1200 build.keychain
-          security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
+
+          security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \
            -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
-          security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
+
+          security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \
            -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
-          security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \
+
+          security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \
            -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
+
          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain

      - name: Load package version
        run: |
          $rootPath = $env:GITHUB_WORKSPACE;
-          $packageVersion = (Get-Content -Raw -Path $rootPath\src\package.json | ConvertFrom-Json).version;
+          $packageVersion = (Get-Content -Raw -Path $rootPath\package.json | ConvertFrom-Json).version;

          Write-Output "Setting package version to $packageVersion";
          Write-Output "PACKAGE_VERSION=$packageVersion" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append;
@@ -436,25 +597,96 @@ jobs:
      - name: Install Node dependencies
        run: npm install

-      - name: Run linter
-        run: npm run lint
+      - name: Set up private auth key
+        run: |
+          mkdir ~/private_keys
+          cat << EOF > ~/private_keys/AuthKey_UFD296548T.p8
+          ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-AUTH-KEY }}
+          EOF

      - name: Build application
        run: npm run dist:mac
        env:
-          APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
-          APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
+          APP_STORE_CONNECT_TEAM_ISSUER: ${{ steps.get-kv-secrets.outputs.APP-STORE-CONNECT-TEAM-ISSUER }}
+          APP_STORE_CONNECT_AUTH_KEY: UFD296548T
+          APP_STORE_CONNECT_AUTH_KEY_PATH: ~/private_keys/AuthKey_UFD296548T.p8
+          CSC_FOR_PULL_REQUEST: true

      - name: Upload .zip artifact
-        uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700  # v2.2.4
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
        with:
          name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-mac.zip
-          path: ./dist/Bitwarden Directory Connector-${{ env._PACKAGE_VERSION }}-mac.zip
+          path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-mac.zip
          if-no-files-found: error

      - name: Upload .dmg artifact
-        uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700  # v2.2.4
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
        with:
          name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg
          path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg
          if-no-files-found: error
+
+      - name: Upload .dmg Blockmap artifact
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        with:
+          name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg.blockmap
+          path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg.blockmap
+          if-no-files-found: error
+
+      - name: Upload latest auto-update artifact
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        with:
+          name: latest-mac.yml
+          path: ./dist/latest-mac.yml
+          if-no-files-found: error
+
+
+  check-failures:
+    name: Check for failures
+    runs-on: ubuntu-24.04
+    needs:
+      - cloc
+      - setup
+      - linux-cli
+      - macos-cli
+      - windows-cli
+      - windows-gui
+      - linux-gui
+      - macos-gui
+    permissions:
+      id-token: write
+    steps:
+      - name: Check if any job failed
+        if: |
+          (github.ref == 'refs/heads/main'
+          || github.ref == 'refs/heads/rc'
+          || github.ref == 'refs/heads/hotfix-rc')
+          && contains(needs.*.result, 'failure')
+        run: exit 1
+
+      - name: Log in to Azure
+        if: failure()
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        if: failure()
+        with:
+          keyvault: "bitwarden-ci"
+          secrets: "devops-alerts-slack-webhook-url"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
+      - name: Notify Slack on failure
+        uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0
+        if: failure()
+        env:
+          SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }}
+        with:
+          status: ${{ job.status }}
--- a/.github/workflows/enforce-labels.yml
+++ b/.github/workflows/enforce-labels.yml
@@ -0,0 +1,18 @@
+name: Enforce PR labels
+
+on:
+  pull_request:
+    types: [labeled, unlabeled, opened, edited, synchronize]
+permissions:
+  contents: read
+  pull-requests: read
+jobs:
+  enforce-label:
+    name: EnforceLabel
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Enforce Label
+        uses: yogevbd/enforce-label-action@a3c219da6b8fa73f6ba62b68ff09c469b3a1c024 # 2.2.2
+        with:
+          BANNED_LABELS: "hold"
+          BANNED_LABELS_DESCRIPTION: "PRs on hold cannot be merged"
--- a/.github/workflows/integration-test.yml
+++ b/.github/workflows/integration-test.yml
@@ -0,0 +1,76 @@
+name: Integration Testing
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - "main"
+    paths:
+      - ".github/workflows/integration-test.yml" # this file
+      - "src/services/ldap-directory.service*" # we only have integration for LDAP testing at the moment
+      - "./openldap/**/*" # any change to test fixtures
+      - "./docker-compose.yml" # any change to Docker configuration
+  pull_request:
+    paths:
+      - ".github/workflows/integration-test.yml" # this file
+      - "src/services/ldap-directory.service*" # we only have integration for LDAP testing at the moment
+      - "./openldap/**/*" # any change to test fixtures
+      - "./docker-compose.yml" # any change to Docker configuration
+
+jobs:
+
+  testing:
+    name: Run tests
+    if: ${{ startsWith(github.head_ref, 'version_bump_') == false }}
+    runs-on: ubuntu-22.04
+    permissions:
+      checks: write
+      contents: read
+      pull-requests: write
+
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Get Node version
+        id: retrieve-node-version
+        run: |
+          NODE_NVMRC=$(cat .nvmrc)
+          NODE_VERSION=${NODE_NVMRC/v/''}
+          echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT
+
+      - name: Set up Node
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+          node-version: ${{ steps.retrieve-node-version.outputs.node_version }}
+
+      - name: Install Node dependencies
+        run: npm ci
+
+      - name: Install mkcert
+        run: |
+          sudo apt-get update
+          sudo apt-get -y install mkcert
+
+      - name: Setup integration tests
+        run: npm run test:integration:setup
+
+      - name: Run integration tests
+        run: npm run test:integration --coverage
+
+      - name: Report test results
+        uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1
+        if: ${{ github.event.pull_request.head.repo.full_name == github.repository && !cancelled() }}
+        with:
+          name: Test Results
+          path: "junit.xml"
+          reporter: jest-junit
+          fail-on-error: true
+
+      - name: Upload coverage to codecov.io
+        uses: codecov/codecov-action@5a605bd92782ce0810fa3b8acc235c921b497052 # v5.2.0
+
+      - name: Upload results to codecov.io
+        uses: codecov/test-results-action@4e79e65778be1cecd5df25e14af1eafb6df80ea9 # v1.0.2
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,72 +1,95 @@
---
 name: Release

 on:
  workflow_dispatch:
+    inputs:
+      release_type:
+        description: 'Release Options'
+        required: true
+        default: 'Initial Release'
+        type: choice
+        options:
+          - Initial Release
+          - Redeploy
+          - Dry Run
+
+permissions:
+  contents: read

 jobs:
  setup:
    name: Setup
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+    outputs:
+      release_version: ${{ steps.version.outputs.version }}
    steps:
-      - name: Branch check
-        run: |
-          if [[ "$GITHUB_REF" != "refs/heads/rc" ]]; then
-            echo "==================================="
-            echo "[!] Can only release from rc branch"
-            echo "==================================="
-            exit 1
-          fi
-
      - name: Checkout repo
-        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-        with:
-          ref: rc
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

-      - name: Retrieve Directory Connector release version
-        id: retrieve-version
+      - name: Branch check
+        if: ${{ inputs.release_type != 'Dry Run' }}
        run: |
-          PKG_VERSION=$(jq -r .version src/package.json)
-          echo "::set-output name=package_version::$PKG_VERSION"
-
-      - name: Check to make sure Mobile release version has been bumped
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          latest_ver=$(hub release -L 1 -f '%T')
-          latest_ver=${latest_ver:1}
-          echo "Latest version: $latest_ver"
-          ver=${{ steps.retrieve-version.outputs.package_version }}
-          echo "Version: $ver"
-          if [ "$latest_ver" = "$ver" ]; then
-            echo "Version has not been bumped!"
+          if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then
+            echo "==================================="
+            echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches"
+            echo "==================================="
            exit 1
          fi
-        shell: bash

+      - name: Check Release Version
+        id: version
+        uses: bitwarden/gh-actions/release-version-check@main
+        with:
+          release-type: ${{ inputs.release_type }}
+          project-type: ts
+          file: package.json
+
+  release:
+    name: Release
+    runs-on: ubuntu-24.04
+    needs: setup
+    permissions:
+      actions: read
+      packages: read
+      contents: write
+    steps:
      - name: Download all artifacts
-        uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
+        if: ${{ inputs.release_type != 'Dry Run' }}
+        uses: bitwarden/gh-actions/download-artifacts@main
        with:
          workflow: build.yml
          workflow_conclusion: success
-          branch: rc
+          branch: ${{ github.ref_name }}
+
+      - name: Dry Run - Download all artifacts
+        if: ${{ inputs.release_type == 'Dry Run' }}
+        uses: bitwarden/gh-actions/download-artifacts@main
+        with:
+          workflow: build.yml
+          workflow_conclusion: success
+          branch: main

      - name: Create release
-        uses: ncipollo/release-action@95215a3cb6e6a1908b3c44e00b4fdb15548b1e09  # v2.8.5
+        if: ${{ inputs.release_type != 'Dry Run' }}
+        uses: ncipollo/release-action@cdcc88a9acf3ca41c16c37bb7d21b9ad48560d87 # v1.15.0
        env:
-          PKG_VERSION: ${{ steps.retrieve-version.outputs.package_version }}
+          PKG_VERSION: ${{ needs.setup.outputs.release_version }}
        with:
          artifacts: "./bwdc-windows-${{ env.PKG_VERSION }}.zip,
                      ./bwdc-macos-${{ env.PKG_VERSION }}.zip,
                      ./bwdc-linux-${{ env.PKG_VERSION }}.zip,
-                      ./bwdc-windows-sha256-${{ env.PKG_VERSION }}.txt,
-                      ./bwdc-macos-sha256-${{ env.PKG_VERSION }}.txt,
-                      ./bwdc-linux-sha256-${{ env.PKG_VERSION }}.txt,
                      ./Bitwarden-Connector-Portable-${{ env.PKG_VERSION }}.exe,
                      ./Bitwarden-Connector-Installer-${{ env.PKG_VERSION }}.exe,
+                      ./Bitwarden-Connector-Installer-${{ env.PKG_VERSION }}.exe.blockmap,
                      ./Bitwarden-Connector-${{ env.PKG_VERSION }}-x86_64.AppImage,
                      ./Bitwarden-Connector-${{ env.PKG_VERSION }}-mac.zip,
-                      ./Bitwarden-Connector-${{ env.PKG_VERSION }}.dmg"
+                      ./Bitwarden-Connector-${{ env.PKG_VERSION }}.dmg,
+                      ./Bitwarden-Connector-${{ env.PKG_VERSION }}.dmg.blockmap,
+                      ./latest-linux.yml,
+                      ./latest-mac.yml,
+                      ./latest.yml"
          commit: ${{ github.sha }}
          tag: v${{ env.PKG_VERSION }}
          name: Version ${{ env.PKG_VERSION }}
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@@ -0,0 +1,126 @@
+name: Scan
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - "main"
+  pull_request:
+    types: [opened, synchronize, reopened]
+    branches-ignore:
+      - main
+  pull_request_target:
+    types: [opened, synchronize, reopened]
+    branches:
+      - main
+
+permissions: {}
+
+jobs:
+  check-run:
+    name: Check PR run
+    uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
+    permissions:
+      contents: read
+
+  sast:
+    name: SAST scan
+    runs-on: ubuntu-24.04
+    needs: check-run
+    permissions:
+      contents: read
+      pull-requests: write
+      security-events: write
+      id-token: write
+
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-org-bitwarden
+          secrets: "CHECKMARX-TENANT,CHECKMARX-CLIENT-ID,CHECKMARX-SECRET"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
+      - name: Scan with Checkmarx
+        uses: checkmarx/ast-github-action@184bf2f64f55d1c93fd6636d539edf274703e434 # 2.0.41
+        env:
+          INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}"
+        with:
+          project_name: ${{ github.repository }}
+          cx_tenant: ${{ steps.get-kv-secrets.outputs.CHECKMARX-TENANT }}
+          base_uri: https://ast.checkmarx.net/
+          cx_client_id: ${{ steps.get-kv-secrets.outputs.CHECKMARX-CLIENT-ID }}
+          cx_client_secret: ${{ steps.get-kv-secrets.outputs.CHECKMARX-SECRET }}
+          additional_params: |
+            --report-format sarif \
+            --filter "state=TO_VERIFY;PROPOSED_NOT_EXPLOITABLE;CONFIRMED;URGENT" \
+            --output-path . ${{ env.INCREMENTAL }}
+
+      - name: Upload Checkmarx results to GitHub
+        uses: github/codeql-action/upload-sarif@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3
+        with:
+          sarif_file: cx_result.sarif
+          sha: ${{ contains(github.event_name, 'pull_request') && github.event.pull_request.head.sha || github.sha }}
+          ref: ${{ contains(github.event_name, 'pull_request') && format('refs/pull/{0}/head', github.event.pull_request.number) || github.ref }}
+
+  quality:
+    name: Quality scan
+    runs-on: ubuntu-24.04
+    needs: check-run
+    permissions:
+      contents: read
+      pull-requests: write
+      id-token: write
+
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-org-bitwarden
+          secrets: "SONAR-TOKEN"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
+      - name: Scan with SonarCloud
+        uses: sonarsource/sonarqube-scan-action@2500896589ef8f7247069a56136f8dc177c27ccf # v5.2.0
+        env:
+          SONAR_TOKEN: ${{ steps.get-kv-secrets.outputs.SONAR-TOKEN }}
+        with:
+          args: >
+            -Dsonar.organization=${{ github.repository_owner }}
+            -Dsonar.projectKey=${{ github.repository_owner }}_${{ github.event.repository.name }}
+            -Dsonar.tests=.
+            -Dsonar.sources=.
+            -Dsonar.test.inclusions=**/*.spec.ts
+            -Dsonar.exclusions=**/*.spec.ts
+            -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -0,0 +1,66 @@
+name: Testing
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - "main"
+      - "rc"
+      - "hotfix-rc"
+  pull_request:
+
+jobs:
+
+  testing:
+    name: Run tests
+    if: ${{ startsWith(github.head_ref, 'version_bump_') == false }}
+    runs-on: ubuntu-24.04
+    permissions:
+      checks: write
+      contents: read
+      pull-requests: write
+
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Get Node version
+        id: retrieve-node-version
+        run: |
+          NODE_NVMRC=$(cat .nvmrc)
+          NODE_VERSION=${NODE_NVMRC/v/''}
+          echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT
+
+      - name: Set up Node
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+          node-version: ${{ steps.retrieve-node-version.outputs.node_version }}
+
+      - name: Install Node dependencies
+        run: npm ci
+
+      # We use isolatedModules: true which disables typechecking in tests
+      # Tests in apps/ are typechecked when their app is built, so we just do it here for libs/
+      # See https://bitwarden.atlassian.net/browse/EC-497
+      - name: Run typechecking
+        run: npm run test:types --coverage
+
+      - name: Run tests
+        run: npm run test --coverage
+
+      - name: Report test results
+        uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1
+        if: ${{ github.event.pull_request.head.repo.full_name == github.repository && !cancelled() }}
+        with:
+          name: Test Results
+          path: "junit.xml"
+          reporter: jest-junit
+          fail-on-error: true
+
+      - name: Upload coverage to codecov.io
+        uses: codecov/codecov-action@5a605bd92782ce0810fa3b8acc235c921b497052 # v5.2.0
+
+      - name: Upload results to codecov.io
+        uses: codecov/test-results-action@4e79e65778be1cecd5df25e14af1eafb6df80ea9 # v1.0.2
--- a/.github/workflows/version-bump.yml
+++ b/.github/workflows/version-bump.yml
@@ -0,0 +1,134 @@
+name: Version Bump
+
+on:
+  workflow_dispatch:
+    inputs:
+      version_number_override:
+        description: "New version override (leave blank for automatic calculation, example: '2024.1.0')"
+        required: false
+        type: string
+
+jobs:
+  bump_version:
+    name: Bump Version
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: write
+      id-token: write
+    steps:
+      - name: Validate version input
+        if: ${{ inputs.version_number_override != '' }}
+        uses: bitwarden/gh-actions/version-check@main
+        with:
+          version: ${{ inputs.version_number_override }}
+
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-org-bitwarden
+          secrets: "BW-GHAPP-ID,BW-GHAPP-KEY"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
+      - name: Generate GH App token
+        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
+        id: app-token
+        with:
+          app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
+          private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}
+
+      - name: Checkout Branch
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          token: ${{ steps.app-token.outputs.token }}
+
+      - name: Setup git
+        run: |
+          git config user.name github-actions
+          git config user.email github-actions@github.com
+
+      - name: Get current version
+        id: current-version
+        run: |
+          CURRENT_VERSION=$(cat package.json | jq -r '.version')
+          echo "version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
+
+      - name: Verify input version
+        if: ${{ inputs.version_number_override != '' }}
+        env:
+          CURRENT_VERSION: ${{ steps.current-version.outputs.version }}
+          NEW_VERSION: ${{ inputs.version_number_override }}
+        run: |
+          # Error if version has not changed.
+          if [[ "$NEW_VERSION" == "$CURRENT_VERSION" ]]; then
+            echo "Version has not changed."
+            exit 1
+          fi
+
+          # Check if version is newer.
+          printf '%s\n' "${CURRENT_VERSION}" "${NEW_VERSION}" | sort -C -V
+          if [ $? -eq 0 ]; then
+            echo "Version check successful."
+          else
+            echo "Version check failed."
+            exit 1
+          fi
+
+      - name: Calculate next release version
+        if: ${{ inputs.version_number_override == '' }}
+        id: calculate-next-version
+        uses: bitwarden/gh-actions/version-next@main
+        with:
+          version: ${{ steps.current-version.outputs.version }}
+
+      - name: Bump Version - Package - Version Override
+        if: ${{ inputs.version_number_override != '' }}
+        id: bump-version-override
+        uses: bitwarden/gh-actions/version-bump@main
+        with:
+          file_path: "./package.json"
+          version: ${{ inputs.version_number_override }}
+
+      - name: Bump Version - Package - Automatic Calculation
+        if: ${{ inputs.version_number_override == '' }}
+        id: bump-version-automatic
+        uses: bitwarden/gh-actions/version-bump@main
+        with:
+          file_path: "./package.json"
+          version: ${{ steps.calculate-next-version.outputs.version }}
+
+      - name: Set final version output
+        id: set-final-version-output
+        run: |
+          if [[ "${{ steps.bump-version-override.outcome }}" == "success" ]]; then
+            echo "version=${{ inputs.version_number_override }}" >> $GITHUB_OUTPUT
+          elif [[ "${{ steps.bump-version-automatic.outcome }}" == "success" ]]; then
+            echo "version=${{ steps.calculate-next-version.outputs.version }}" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Check if version changed
+        id: version-changed
+        run: |
+          if [ -n "$(git status --porcelain)" ]; then
+            echo "changes_to_commit=TRUE" >> $GITHUB_OUTPUT
+          else
+            echo "changes_to_commit=FALSE" >> $GITHUB_OUTPUT
+            echo "No changes to commit!";
+          fi
+
+      - name: Commit files
+        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
+        run: git commit -m "Bumped version to ${{ steps.set-final-version-output.outputs.version }}" -a
+
+      - name: Push changes
+        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
+        run: git push
--- a/.gitignore
+++ b/.gitignore
@@ -1,17 +1,41 @@
-.vs
-.idea
+# General
+.DS_Store
+Thumbs.db
+
+# IDEs and editors
+.idea/
+.project
+.classpath
+.c9/
+*.launch
+.settings/
+*.sublime-workspace
+
+# Visual Studio Code
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+.history/*
+
+# Node
 node_modules
 npm-debug.log
-vwd.webinfo
-dist/
-dist-cli/
-css/
+
+# Build directories
+dist
+build
+build-cli
+.angular/cache
+
+# Testing
+coverage
+junit.xml
+
+# Misc
 *.crx
 *.pem
-build-cli/
-build/
-yarn-error.log
-.DS_Store
-*.nupkg
+*.zip
 *.provisionprofile
-*.env
+.swp
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,4 +0,0 @@
-[submodule "jslib"]
-	path = jslib
-	url = https://github.com/bitwarden/jslib.git
-	branch = master
--- a/.husky/.gitignore
+++ b/.husky/.gitignore
@@ -0,0 +1 @@
+_
--- a/.husky/pre-commit
+++ b/.husky/pre-commit
@@ -0,0 +1,4 @@
+#!/bin/sh
+. "$(dirname "$0")/_/husky.sh"
+
+npx lint-staged
--- a/.nvmrc
+++ b/.nvmrc
@@ -0,0 +1 @@
+v18
--- a/.prettierignore
+++ b/.prettierignore
@@ -0,0 +1,10 @@
+# Build directories
+build
+build-cli
+dist
+
+# External libraries / auto synced locales
+src/locales
+
+# Github Workflows
+.github/workflows 
--- a/.prettierrc.json
+++ b/.prettierrc.json
@@ -0,0 +1,3 @@
+{
+  "printWidth": 100
+}
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -1,48 +1,40 @@
 {
  "version": "0.2.0",
  "configurations": [
-      {
-          "type": "node",
-          "request": "launch",
-          "name": "Electron: Main",
-          "protocol": "inspector",
-          "cwd": "${workspaceRoot}/build",
-          "runtimeArgs": [
-              "--remote-debugging-port=9223",
-              "."
-          ],
-          "windows": {
-              "runtimeExecutable": "${workspaceFolder}/node_modules/.bin/electron.cmd"
-          },
-          "sourceMaps": true
+    {
+      "type": "node",
+      "request": "launch",
+      "name": "Electron: Main",
+      "protocol": "inspector",
+      "cwd": "${workspaceRoot}/build",
+      "runtimeArgs": ["--remote-debugging-port=9223", "."],
+      "windows": {
+        "runtimeExecutable": "${workspaceFolder}/node_modules/.bin/electron.cmd"
      },
-      {
-          "name": "Electron: Renderer",
-          "type": "chrome",
-          "request": "attach",
-          "port": 9223,
-          "webRoot": "${workspaceFolder}/build",
-          "sourceMaps": true
+      "sourceMaps": true
    },
    {
-        "type": "node",
-        "request": "launch",
-        "name": "Debug CLI",
-        "protocol": "inspector",
-        "cwd": "${workspaceFolder}",
-        "program": "${workspaceFolder}/build-cli/bwdc.js",
-        "args": [
-            "sync"
-        ]
+      "name": "Electron: Renderer",
+      "type": "chrome",
+      "request": "attach",
+      "port": 9223,
+      "webRoot": "${workspaceFolder}/build",
+      "sourceMaps": true
+    },
+    {
+      "type": "node",
+      "request": "launch",
+      "name": "Debug CLI",
+      "protocol": "inspector",
+      "cwd": "${workspaceFolder}",
+      "program": "${workspaceFolder}/build-cli/bwdc.js",
+      "args": ["sync"]
    }
  ],
  "compounds": [
-      {
-          "name": "Electron: All",
-          "configurations": [
-              "Electron: Main",
-              "Electron: Renderer"
-          ]
-      }
+    {
+      "name": "Electron: All",
+      "configurations": ["Electron: Main", "Electron: Renderer"]
+    }
  ]
 }
--- a/README.md
+++ b/README.md
@@ -3,18 +3,19 @@

 # Bitwarden Directory Connector

-The Bitwarden Directory Connector is a a desktop application used to sync your Bitwarden enterprise organization to an existing directory of users and groups.
+The Bitwarden Directory Connector is a desktop application used to sync your Bitwarden enterprise organization to an existing directory of users and groups.

 Supported directories:
+
 - Active Directory
 - Any other LDAP-based directory
- Azure Active Directory
+- Microsoft Entra ID
 - G Suite (Google)
 - Okta

 The application is written using Electron with Angular and installs on Windows, macOS, and Linux distributions.

-[![Platforms](https://imgur.com/SLv9paA.png "Windows, macOS, and Linux")](https://help.bitwarden.com/article/directory-sync/#download-and-install)
+[![Platforms](https://imgur.com/SLv9paA.png "Windows, macOS, and Linux")](https://bitwarden.com/help/directory-sync/#download-and-install)

 ![Directory Connector](https://raw.githubusercontent.com/bitwarden/brand/master/screenshots/directory-connector-macos.png "Dashboard")

@@ -41,13 +42,13 @@ bwdc config --help

 **Detailed Documentation**

-We provide detailed documentation and examples for using the Directory Connector CLI in our help center at https://help.bitwarden.com/article/directory-sync/#command-line-interface.
+We provide detailed documentation and examples for using the Directory Connector CLI in our help center at https://bitwarden.com/help/directory-sync-cli/.

 ## Build/Run

 **Requirements**

- [Node.js](https://nodejs.org) v14
+- [Node.js](https://nodejs.org) v18 (LTS)
 - Windows users: To compile the native node modules used in the app you will need the Visual C++ toolset, available through the standard Visual Studio installer (recommended) or by installing [`windows-build-tools`](https://github.com/felixrieseberg/windows-build-tools) through `npm`. See more at [Compiling native Addon modules](https://github.com/Microsoft/nodejs-guidelines/blob/master/windows-environment.md#compiling-native-addon-modules).

 **Run the app**
@@ -73,8 +74,32 @@ You can then run commands from the `./build-cli` folder:
 node ./build-cli/bwdc.js --help
 ```

+## We're Hiring!
+
+Interested in contributing in a big way? Consider joining our team! We're hiring for many positions. Please take a look at our [Careers page](https://bitwarden.com/careers/) to see what opportunities are currently open as well as what it's like to work at Bitwarden.
+
 ## Contribute

 Code contributions are welcome! Please commit any pull requests against the `master` branch. Learn more about how to contribute by reading the [`CONTRIBUTING.md`](CONTRIBUTING.md) file.

 Security audits and feedback are welcome. Please open an issue or email us privately if the report is sensitive in nature. You can read our security policy in the [`SECURITY.md`](SECURITY.md) file.
+
+### Prettier
+
+We recently migrated to using Prettier as code formatter. All previous branches will need to updated to avoid large merge conflicts using the following steps:
+
+1. Check out your local Branch
+2. Run `git merge 225073aa335d33ad905877b68336a9288e89ea10`
+3. Resolve any merge conflicts, commit.
+4. Run `npm run prettier`
+5. Commit
+6. Run `git merge -Xours 096196fcd512944d1c3d9c007647a1319b032639`
+7. Push
+
+#### Git blame
+
+We also recommend that you configure git to ignore the prettier revision using:
+
+```bash
+git config blame.ignoreRevsFile .git-blame-ignore-revs
+```
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,39 +1,11 @@
-Bitwarden believes that working with security researchers across the globe is crucial to keeping our
-users safe. If you believe you've found a security issue in our product or service, we encourage you to
-notify us. We welcome working with you to resolve the issue promptly. Thanks in advance!
+Bitwarden believes that working with security researchers across the globe is crucial to keeping our users safe. If you believe you've found a security issue in our product or service, we encourage you to please submit a report through our [HackerOne Program](https://hackerone.com/bitwarden/). We welcome working with you to resolve the issue promptly. Thanks in advance!

 # Disclosure Policy

- Let us know as soon as possible upon discovery of a potential security issue, and we'll make every
-  effort to quickly resolve the issue.
- Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a
-  third-party. We may publicly disclose the issue before resolving it, if appropriate. 
- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or
-  degradation of our service. Only interact with accounts you own or with explicit permission of the
-  account holder.
- If you would like to encrypt your report, please use the PGP key with long ID
-  `0xDE6887086F892325FEC04CC0D847525B6931381F` (available in the public keyserver pool).
-
-# In-scope
-
- Security issues in any current release of Bitwarden. This includes the web vault, browser extension,
-  and mobile apps (iOS and Android). Product downloads are available at https://bitwarden.com. Source
-  code is available at https://github.com/bitwarden.
-
-# Exclusions
-
-The following bug classes are out-of scope:
-
- Bugs that are already reported on any of Bitwarden's issue trackers (https://github.com/bitwarden),
-  or that we already know of. Note that some of our issue tracking is private.
- Issues in an upstream software dependency (ex: Xamarin, ASP.NET) which are already reported to the
-  upstream maintainer.
- Attacks requiring physical access to a user's device.
- Self-XSS
- Issues related to software or protocols not under Bitwarden's control
- Vulnerabilities in outdated versions of Bitwarden
- Missing security best practices that do not directly lead to a vulnerability
- Issues that do not have any impact on the general public
+- Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
+- Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party. We may publicly disclose the issue before resolving it, if appropriate.
+- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.
+- If you would like to encrypt your report, please use the PGP key with long ID `0xDE6887086F892325FEC04CC0D847525B6931381F` (available in the public keyserver pool).

 While researching, we'd like to ask you to refrain from:

@@ -42,4 +14,8 @@ While researching, we'd like to ask you to refrain from:
 - Social engineering (including phishing) of Bitwarden staff or contractors
 - Any physical attempts against Bitwarden property or data centers

+# We want to help you!
+
+If you have something that you feel is close to exploitation, or if you'd like some information regarding the internal API, or generally have any questions regarding the app that would help in your efforts, please email us at https://bitwarden.com/contact and ask for that information. As stated above, Bitwarden wants to help you find issues, and is more than willing to help.
+
 Thank you for helping keep Bitwarden and our users safe!
--- a/angular.json
+++ b/angular.json
@@ -0,0 +1,35 @@
+{
+  "$schema": "./node_modules/@angular/cli/lib/config/schema.json",
+  "version": 1,
+  "newProjectRoot": "apps",
+  "cli": {
+    "analytics": false
+  },
+  "projects": {
+    "app": {
+      "projectType": "application",
+      "schematics": {
+        "@schematics/angular:application": {
+          "strict": true
+        }
+      },
+      "root": ".",
+      "sourceRoot": "src",
+      "prefix": "app",
+      "architect": {
+        "build": {
+          "builder": "@angular-devkit/build-angular:browser",
+          "options": {
+            "outputPath": "dist",
+            "index": "src/index.html",
+            "main": "src/main.ts",
+            "tsConfig": "tsconfig.json",
+            "assets": [],
+            "styles": [],
+            "scripts": []
+          }
+        }
+      }
+    }
+  }
+}
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -0,0 +1,18 @@
+services:
+  open-ldap:
+    image: bitnami/openldap:latest
+    hostname: openldap
+    environment:
+      - LDAP_ADMIN_USERNAME=admin
+      - LDAP_ADMIN_PASSWORD=admin
+      - LDAP_ROOT=dc=bitwarden,dc=com
+      - LDAP_ENABLE_TLS=yes
+      - LDAP_TLS_CERT_FILE=/certs/openldap.pem
+      - LDAP_TLS_KEY_FILE=/certs/openldap-key.pem
+      - LDAP_TLS_CA_FILE=/certs/rootCA.pem
+    volumes:
+      - "./openldap/ldifs:/ldifs"
+      - "./openldap/certs:/certs"
+    ports:
+      - "1389:1389"
+      - "1636:1636"
--- a/electron-builder.json
+++ b/electron-builder.json
@@ -0,0 +1,67 @@
+{
+  "extraMetadata": {
+    "name": "bitwarden-directory-connector"
+  },
+  "productName": "Bitwarden Directory Connector",
+  "appId": "com.bitwarden.directory-connector",
+  "copyright": "Copyright © 2015-2022 Bitwarden Inc.",
+  "directories": {
+    "buildResources": "resources",
+    "output": "dist",
+    "app": "build"
+  },
+  "afterSign": "scripts/notarize.js",
+  "mac": {
+    "artifactName": "Bitwarden-Connector-${version}-mac.${ext}",
+    "category": "public.app-category.productivity",
+    "gatekeeperAssess": false,
+    "hardenedRuntime": true,
+    "entitlements": "resources/entitlements.mac.plist",
+    "entitlementsInherit": "resources/entitlements.mac.plist",
+    "target": ["dmg", "zip"]
+  },
+  "win": {
+    "target": ["portable", "nsis"],
+    "sign": "scripts/sign.js"
+  },
+  "linux": {
+    "category": "Utility",
+    "synopsis": "Sync your user directory to your Bitwarden organization.",
+    "target": ["AppImage"]
+  },
+  "dmg": {
+    "artifactName": "Bitwarden-Connector-${version}.${ext}",
+    "icon": "dmg.icns",
+    "contents": [
+      {
+        "x": 150,
+        "y": 185,
+        "type": "file"
+      },
+      {
+        "x": 390,
+        "y": 180,
+        "type": "link",
+        "path": "/Applications"
+      }
+    ],
+    "window": {
+      "width": 540,
+      "height": 380
+    }
+  },
+  "nsis": {
+    "oneClick": false,
+    "perMachine": true,
+    "allowToChangeInstallationDirectory": true,
+    "artifactName": "Bitwarden-Connector-Installer-${version}.${ext}",
+    "uninstallDisplayName": "${productName}",
+    "deleteAppDataOnUninstall": true
+  },
+  "portable": {
+    "artifactName": "Bitwarden-Connector-Portable-${version}.${ext}"
+  },
+  "appImage": {
+    "artifactName": "Bitwarden-Connector-${version}-${arch}.${ext}"
+  }
+}
--- a/jest.config.js
+++ b/jest.config.js
@@ -0,0 +1,50 @@
+const { pathsToModuleNameMapper } = require("ts-jest");
+const { compilerOptions } = require("./tsconfig");
+
+const tsPreset = require("ts-jest/jest-preset");
+const angularPreset = require("jest-preset-angular/jest-preset");
+const { defaultTransformerOptions } = require("jest-preset-angular/presets");
+
+/** @type {import('ts-jest').JestConfigWithTsJest} */
+module.exports = {
+  // ...tsPreset,
+  // ...angularPreset,
+  preset: "jest-preset-angular",
+
+  reporters: ["default", "jest-junit"],
+
+  collectCoverage: true,
+  // Ensure we collect coverage from files without tests
+  collectCoverageFrom: ["src/**/*.ts"],
+  coverageReporters: ["html", "lcov"],
+  coverageDirectory: "coverage",
+
+  testEnvironment: "jsdom",
+  testMatch: ["**/+(*.)+(spec).+(ts)"],
+
+  roots: ["<rootDir>"],
+  modulePaths: [compilerOptions.baseUrl],
+  moduleNameMapper: pathsToModuleNameMapper(compilerOptions.paths, { prefix: "<rootDir>/" }),
+  setupFilesAfterEnv: ["<rootDir>/test.setup.ts"],
+
+  // Workaround for a memory leak that crashes tests in CI:
+  // https://github.com/facebook/jest/issues/9430#issuecomment-1149882002
+  // Also anecdotally improves performance when run locally
+  maxWorkers: 3,
+
+  transform: {
+    "^.+\\.tsx?$": [
+      "jest-preset-angular",
+      // 'ts-jest',
+      {
+        ...defaultTransformerOptions,
+        tsconfig: "./tsconfig.json",
+        // Further workaround for memory leak, recommended here:
+        // https://github.com/kulshekhar/ts-jest/issues/1967#issuecomment-697494014
+        // Makes tests run faster and reduces size/rate of leak, but loses typechecking on test code
+        // See https://bitwarden.atlassian.net/browse/EC-497 for more info
+        isolatedModules: true,
+      },
+    ],
+  },
+};
--- a/1
+++ b/1
--- a/jslib/.gitignore
+++ b/jslib/.gitignore
@@ -0,0 +1,9 @@
+.vs
+.idea
+node_modules
+npm-debug.log
+vwd.webinfo
+*.crx
+*.pem
+dist
+coverage
--- a/jslib/angular/spec/test.ts
+++ b/jslib/angular/spec/test.ts
@@ -0,0 +1,28 @@
+import { webcrypto } from "crypto";
+import "jest-preset-angular/setup-jest";
+
+Object.defineProperty(window, "CSS", { value: null });
+Object.defineProperty(window, "getComputedStyle", {
+  value: () => {
+    return {
+      display: "none",
+      appearance: ["-webkit-appearance"],
+    };
+  },
+});
+
+Object.defineProperty(document, "doctype", {
+  value: "<!DOCTYPE html>",
+});
+Object.defineProperty(document.body.style, "transform", {
+  value: () => {
+    return {
+      enumerable: true,
+      configurable: true,
+    };
+  },
+});
+
+Object.defineProperty(window, "crypto", {
+  value: webcrypto,
+});
--- a/jslib/angular/src/components/callout.component.html
+++ b/jslib/angular/src/components/callout.component.html
@@ -0,0 +1,35 @@
+<div
+  #callout
+  class="callout callout-{{ calloutStyle }}"
+  [ngClass]="{ clickable: clickable }"
+  [attr.role]="useAlertRole ? 'alert' : null"
+>
+  <h3 class="callout-heading" *ngIf="title">
+    <i class="bwi {{ icon }}" *ngIf="icon" aria-hidden="true"></i>
+    {{ title }}
+  </h3>
+  <div class="enforced-policy-options" *ngIf="enforcedPolicyOptions">
+    {{ enforcedPolicyMessage }}
+    <ul>
+      <li *ngIf="enforcedPolicyOptions?.minComplexity > 0">
+        {{ "policyInEffectMinComplexity" | i18n: getPasswordScoreAlertDisplay() }}
+      </li>
+      <li *ngIf="enforcedPolicyOptions?.minLength > 0">
+        {{ "policyInEffectMinLength" | i18n: enforcedPolicyOptions?.minLength.toString() }}
+      </li>
+      <li *ngIf="enforcedPolicyOptions?.requireUpper">
+        {{ "policyInEffectUppercase" | i18n }}
+      </li>
+      <li *ngIf="enforcedPolicyOptions?.requireLower">
+        {{ "policyInEffectLowercase" | i18n }}
+      </li>
+      <li *ngIf="enforcedPolicyOptions?.requireNumbers">
+        {{ "policyInEffectNumbers" | i18n }}
+      </li>
+      <li *ngIf="enforcedPolicyOptions?.requireSpecial">
+        {{ "policyInEffectSpecial" | i18n: "!@#$%^&*" }}
+      </li>
+    </ul>
+  </div>
+  <ng-content></ng-content>
+</div>
--- a/jslib/angular/src/components/callout.component.ts
+++ b/jslib/angular/src/components/callout.component.ts
@@ -0,0 +1,78 @@
+import { Component, Input, OnInit } from "@angular/core";
+
+import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
+import { MasterPasswordPolicyOptions } from "@/jslib/common/src/models/domain/masterPasswordPolicyOptions";
+
+@Component({
+  selector: "app-callout",
+  templateUrl: "callout.component.html",
+})
+export class CalloutComponent implements OnInit {
+  @Input() type = "info";
+  @Input() icon: string;
+  @Input() title: string;
+  @Input() clickable: boolean;
+  @Input() enforcedPolicyOptions: MasterPasswordPolicyOptions;
+  @Input() enforcedPolicyMessage: string;
+  @Input() useAlertRole = false;
+
+  calloutStyle: string;
+
+  constructor(private i18nService: I18nService) {}
+
+  ngOnInit() {
+    this.calloutStyle = this.type;
+
+    if (this.enforcedPolicyMessage === undefined) {
+      this.enforcedPolicyMessage = this.i18nService.t("masterPasswordPolicyInEffect");
+    }
+
+    if (this.type === "warning" || this.type === "danger") {
+      if (this.type === "danger") {
+        this.calloutStyle = "danger";
+      }
+      if (this.title === undefined) {
+        this.title = this.i18nService.t("warning");
+      }
+      if (this.icon === undefined) {
+        this.icon = "bwi-exclamation-triangle";
+      }
+    } else if (this.type === "error") {
+      this.calloutStyle = "danger";
+      if (this.title === undefined) {
+        this.title = this.i18nService.t("error");
+      }
+      if (this.icon === undefined) {
+        this.icon = "bwi-error";
+      }
+    } else if (this.type === "tip") {
+      this.calloutStyle = "success";
+      if (this.title === undefined) {
+        this.title = this.i18nService.t("tip");
+      }
+      if (this.icon === undefined) {
+        this.icon = "bwi-lightbulb";
+      }
+    }
+  }
+
+  getPasswordScoreAlertDisplay() {
+    if (this.enforcedPolicyOptions == null) {
+      return "";
+    }
+
+    let str: string;
+    switch (this.enforcedPolicyOptions.minComplexity) {
+      case 4:
+        str = this.i18nService.t("strong");
+        break;
+      case 3:
+        str = this.i18nService.t("good");
+        break;
+      default:
+        str = this.i18nService.t("weak");
+        break;
+    }
+    return str + " (" + this.enforcedPolicyOptions.minComplexity + ")";
+  }
+}
--- a/jslib/angular/src/components/environment.component.ts
+++ b/jslib/angular/src/components/environment.component.ts
@@ -0,0 +1,63 @@
+import { Directive, EventEmitter, Output } from "@angular/core";
+
+import { EnvironmentService } from "@/jslib/common/src/abstractions/environment.service";
+import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
+import { PlatformUtilsService } from "@/jslib/common/src/abstractions/platformUtils.service";
+
+@Directive()
+export class EnvironmentComponent {
+  @Output() onSaved = new EventEmitter();
+
+  iconsUrl: string;
+  identityUrl: string;
+  apiUrl: string;
+  webVaultUrl: string;
+  notificationsUrl: string;
+  baseUrl: string;
+  showCustom = false;
+
+  constructor(
+    protected platformUtilsService: PlatformUtilsService,
+    protected environmentService: EnvironmentService,
+    protected i18nService: I18nService,
+  ) {
+    const urls = this.environmentService.getUrls();
+
+    this.baseUrl = urls.base || "";
+    this.webVaultUrl = urls.webVault || "";
+    this.apiUrl = urls.api || "";
+    this.identityUrl = urls.identity || "";
+    this.iconsUrl = urls.icons || "";
+    this.notificationsUrl = urls.notifications || "";
+  }
+
+  async submit() {
+    const resUrls = await this.environmentService.setUrls({
+      base: this.baseUrl,
+      api: this.apiUrl,
+      identity: this.identityUrl,
+      webVault: this.webVaultUrl,
+      icons: this.iconsUrl,
+      notifications: this.notificationsUrl,
+    });
+
+    // re-set urls since service can change them, ex: prefixing https://
+    this.baseUrl = resUrls.base;
+    this.apiUrl = resUrls.api;
+    this.identityUrl = resUrls.identity;
+    this.webVaultUrl = resUrls.webVault;
+    this.iconsUrl = resUrls.icons;
+    this.notificationsUrl = resUrls.notifications;
+
+    this.platformUtilsService.showToast("success", null, this.i18nService.t("environmentSaved"));
+    this.saved();
+  }
+
+  toggleCustom() {
+    this.showCustom = !this.showCustom;
+  }
+
+  protected saved() {
+    this.onSaved.emit();
+  }
+}
--- a/jslib/angular/src/components/icon.component.html
+++ b/jslib/angular/src/components/icon.component.html
@@ -0,0 +1,11 @@
+<div class="icon" aria-hidden="true">
+  <img
+    [src]="image"
+    appFallbackSrc="{{ fallbackImage }}"
+    *ngIf="imageEnabled && image"
+    alt=""
+    decoding="async"
+    loading="lazy"
+  />
+  <i class="bwi bwi-fw bwi-lg {{ icon }}" *ngIf="!imageEnabled || !image"></i>
+</div>
--- a/jslib/angular/src/components/icon.component.ts
+++ b/jslib/angular/src/components/icon.component.ts
@@ -0,0 +1,115 @@
+import { Component, Input, OnChanges } from "@angular/core";
+
+import { EnvironmentService } from "@/jslib/common/src/abstractions/environment.service";
+import { StateService } from "@/jslib/common/src/abstractions/state.service";
+import { CipherType } from "@/jslib/common/src/enums/cipherType";
+import { Utils } from "@/jslib/common/src/misc/utils";
+import { CipherView } from "@/jslib/common/src/models/view/cipherView";
+
+/**
+ * Provides a mapping from supported card brands to
+ * the filenames of icon that should be present in images/cards folder of clients.
+ */
+const cardIcons: Record<string, string> = {
+  Visa: "card-visa",
+  Mastercard: "card-mastercard",
+  Amex: "card-amex",
+  Discover: "card-discover",
+  "Diners Club": "card-diners-club",
+  JCB: "card-jcb",
+  Maestro: "card-maestro",
+  UnionPay: "card-union-pay",
+};
+
+@Component({
+  selector: "app-vault-icon",
+  templateUrl: "icon.component.html",
+})
+export class IconComponent implements OnChanges {
+  @Input() cipher: CipherView;
+  icon: string;
+  image: string;
+  fallbackImage: string;
+  imageEnabled: boolean;
+
+  private iconsUrl: string;
+
+  constructor(
+    environmentService: EnvironmentService,
+    private stateService: StateService,
+  ) {
+    this.iconsUrl = environmentService.getIconsUrl();
+  }
+
+  async ngOnChanges() {
+    // Components may be re-used when using cdk-virtual-scroll. Which puts the component in a weird state,
+    // to avoid this we reset all state variables.
+    this.image = null;
+    this.fallbackImage = null;
+    this.imageEnabled = !(await this.stateService.getDisableFavicon());
+    this.load();
+  }
+
+  protected load() {
+    switch (this.cipher.type) {
+      case CipherType.Login:
+        this.icon = "bwi-globe";
+        this.setLoginIcon();
+        break;
+      case CipherType.SecureNote:
+        this.icon = "bwi-sticky-note";
+        break;
+      case CipherType.Card:
+        this.icon = "bwi-credit-card";
+        this.setCardIcon();
+        break;
+      case CipherType.Identity:
+        this.icon = "bwi-id-card";
+        break;
+      default:
+        break;
+    }
+  }
+
+  private setLoginIcon() {
+    if (this.cipher.login.uri) {
+      let hostnameUri = this.cipher.login.uri;
+      let isWebsite = false;
+
+      if (hostnameUri.indexOf("androidapp://") === 0) {
+        this.icon = "bwi-android";
+        this.image = null;
+      } else if (hostnameUri.indexOf("iosapp://") === 0) {
+        this.icon = "bwi-apple";
+        this.image = null;
+      } else if (
+        this.imageEnabled &&
+        hostnameUri.indexOf("://") === -1 &&
+        hostnameUri.indexOf(".") > -1
+      ) {
+        hostnameUri = "http://" + hostnameUri;
+        isWebsite = true;
+      } else if (this.imageEnabled) {
+        isWebsite = hostnameUri.indexOf("http") === 0 && hostnameUri.indexOf(".") > -1;
+      }
+
+      if (this.imageEnabled && isWebsite) {
+        try {
+          this.image = this.iconsUrl + "/" + Utils.getHostname(hostnameUri) + "/icon.png";
+          this.fallbackImage = "images/bwi-globe.png";
+        } catch (e) {
+          // Ignore error since the fallback icon will be shown if image is null.
+        }
+      }
+    } else {
+      this.image = null;
+    }
+  }
+
+  private setCardIcon() {
+    const brand = this.cipher.card.brand;
+    if (this.imageEnabled && brand in cardIcons) {
+      this.icon = "credit-card-icon " + cardIcons[brand];
+    }
+  }
+}
--- a/jslib/angular/src/components/modal/dynamic-modal.component.ts
+++ b/jslib/angular/src/components/modal/dynamic-modal.component.ts
@@ -0,0 +1,79 @@
+import { ConfigurableFocusTrap, ConfigurableFocusTrapFactory } from "@angular/cdk/a11y";
+import {
+  AfterViewInit,
+  ChangeDetectorRef,
+  Component,
+  ComponentRef,
+  ElementRef,
+  OnDestroy,
+  Type,
+  ViewChild,
+  ViewContainerRef,
+} from "@angular/core";
+
+import { ModalService } from "../../services/modal.service";
+
+import { ModalRef } from "./modal.ref";
+
+@Component({
+  selector: "app-modal",
+  template: "<ng-template #modalContent></ng-template>",
+})
+export class DynamicModalComponent implements AfterViewInit, OnDestroy {
+  componentRef: ComponentRef<any>;
+
+  @ViewChild("modalContent", { read: ViewContainerRef, static: true })
+  modalContentRef: ViewContainerRef;
+
+  childComponentType: Type<any>;
+  setComponentParameters: (component: any) => void;
+
+  private focusTrap: ConfigurableFocusTrap;
+
+  constructor(
+    private modalService: ModalService,
+    private cd: ChangeDetectorRef,
+    private el: ElementRef<HTMLElement>,
+    private focusTrapFactory: ConfigurableFocusTrapFactory,
+    public modalRef: ModalRef,
+  ) {}
+
+  ngAfterViewInit() {
+    this.loadChildComponent(this.childComponentType);
+    if (this.setComponentParameters != null) {
+      this.setComponentParameters(this.componentRef.instance);
+    }
+    this.cd.detectChanges();
+
+    this.modalRef.created(this.el.nativeElement);
+    this.focusTrap = this.focusTrapFactory.create(
+      this.el.nativeElement.querySelector(".modal-dialog"),
+    );
+    if (this.el.nativeElement.querySelector("[appAutoFocus]") == null) {
+      this.focusTrap.focusFirstTabbableElementWhenReady();
+    }
+  }
+
+  loadChildComponent(componentType: Type<any>) {
+    const componentFactory = this.modalService.resolveComponentFactory(componentType);
+
+    this.modalContentRef.clear();
+    this.componentRef = this.modalContentRef.createComponent(componentFactory);
+  }
+
+  ngOnDestroy() {
+    if (this.componentRef) {
+      this.componentRef.destroy();
+    }
+    this.focusTrap.destroy();
+  }
+
+  close() {
+    this.modalRef.close();
+  }
+
+  getFocus() {
+    const autoFocusEl = this.el.nativeElement.querySelector("[appAutoFocus]") as HTMLElement;
+    autoFocusEl?.focus();
+  }
+}
--- a/jslib/angular/src/components/modal/modal-injector.ts
+++ b/jslib/angular/src/components/modal/modal-injector.ts
@@ -0,0 +1,21 @@
+import { InjectFlags, InjectOptions, Injector, ProviderToken } from "@angular/core";
+
+export class ModalInjector implements Injector {
+  constructor(
+    private _parentInjector: Injector,
+    private _additionalTokens: WeakMap<any, any>,
+  ) {}
+
+  get<T>(
+    token: ProviderToken<T>,
+    notFoundValue: undefined,
+    options: InjectOptions & { optional?: false },
+  ): T;
+  get<T>(token: ProviderToken<T>, notFoundValue: null, options: InjectOptions): T;
+  get<T>(token: ProviderToken<T>, notFoundValue?: T, options?: InjectOptions | InjectFlags): T;
+  get<T>(token: ProviderToken<T>, notFoundValue?: T, flags?: InjectFlags): T;
+  get(token: any, notFoundValue?: any): any;
+  get(token: any, notFoundValue?: any, flags?: any): any {
+    return this._additionalTokens.get(token) ?? this._parentInjector.get<any>(token, notFoundValue);
+  }
+}
--- a/jslib/angular/src/components/modal/modal.ref.ts
+++ b/jslib/angular/src/components/modal/modal.ref.ts
@@ -0,0 +1,50 @@
+import { Observable, Subject } from "rxjs";
+import { first } from "rxjs/operators";
+
+export class ModalRef {
+  onCreated: Observable<HTMLElement>; // Modal added to the DOM.
+  onClose: Observable<any>; // Initiated close.
+  onClosed: Observable<any>; // Modal was closed (Remove element from DOM)
+  onShow: Observable<void>; // Start showing modal
+  onShown: Observable<void>; // Modal is fully visible
+
+  private readonly _onCreated = new Subject<HTMLElement>();
+  private readonly _onClose = new Subject<any>();
+  private readonly _onClosed = new Subject<any>();
+  private readonly _onShow = new Subject<void>();
+  private readonly _onShown = new Subject<void>();
+  private lastResult: any;
+
+  constructor() {
+    this.onCreated = this._onCreated.asObservable();
+    this.onClose = this._onClose.asObservable();
+    this.onClosed = this._onClosed.asObservable();
+    this.onShow = this._onShow.asObservable();
+    this.onShown = this._onShow.asObservable();
+  }
+
+  show() {
+    this._onShow.next();
+  }
+
+  shown() {
+    this._onShown.next();
+  }
+
+  close(result?: any) {
+    this.lastResult = result;
+    this._onClose.next(result);
+  }
+
+  closed() {
+    this._onClosed.next(this.lastResult);
+  }
+
+  created(el: HTMLElement) {
+    this._onCreated.next(el);
+  }
+
+  onClosedPromise(): Promise<any> {
+    return this.onClosed.pipe(first()).toPromise();
+  }
+}
--- a/jslib/angular/src/components/password-reprompt.component.ts
+++ b/jslib/angular/src/components/password-reprompt.component.ts
@@ -0,0 +1,41 @@
+import { Directive } from "@angular/core";
+
+import { CryptoService } from "@/jslib/common/src/abstractions/crypto.service";
+import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
+import { PlatformUtilsService } from "@/jslib/common/src/abstractions/platformUtils.service";
+
+import { ModalRef } from "./modal/modal.ref";
+
+/**
+ * Used to verify the user's Master Password for the "Master Password Re-prompt" feature only.
+ * See UserVerificationComponent for any other situation where you need to verify the user's identity.
+ */
+@Directive()
+export class PasswordRepromptComponent {
+  showPassword = false;
+  masterPassword = "";
+
+  constructor(
+    private modalRef: ModalRef,
+    private cryptoService: CryptoService,
+    private platformUtilsService: PlatformUtilsService,
+    private i18nService: I18nService,
+  ) {}
+
+  togglePassword() {
+    this.showPassword = !this.showPassword;
+  }
+
+  async submit() {
+    if (!(await this.cryptoService.compareAndUpdateKeyHash(this.masterPassword, null))) {
+      this.platformUtilsService.showToast(
+        "error",
+        this.i18nService.t("errorOccurred"),
+        this.i18nService.t("invalidMasterPassword"),
+      );
+      return;
+    }
+
+    this.modalRef.close(true);
+  }
+}
--- a/jslib/angular/src/components/toastr.component.ts
+++ b/jslib/angular/src/components/toastr.component.ts
@@ -0,0 +1,98 @@
+import { animate, state, style, transition, trigger } from "@angular/animations";
+import { CommonModule } from "@angular/common";
+import { Component, ModuleWithProviders, NgModule } from "@angular/core";
+import {
+  DefaultNoComponentGlobalConfig,
+  GlobalConfig,
+  Toast as BaseToast,
+  ToastPackage,
+  ToastrService,
+  TOAST_CONFIG,
+} from "ngx-toastr";
+
+@Component({
+  selector: "[toast-component2]",
+  template: `
+    <button
+      *ngIf="options.closeButton"
+      (click)="remove()"
+      type="button"
+      class="toast-close-button"
+      aria-label="Close"
+    >
+      <span aria-hidden="true">&times;</span>
+    </button>
+    <div class="icon">
+      <i></i>
+    </div>
+    <div>
+      <div *ngIf="title" [class]="options.titleClass" [attr.aria-label]="title">
+        {{ title }} <ng-container *ngIf="duplicatesCount">[{{ duplicatesCount + 1 }}]</ng-container>
+      </div>
+      <div
+        *ngIf="message && options.enableHtml"
+        role="alertdialog"
+        aria-live="polite"
+        [class]="options.messageClass"
+        [innerHTML]="message"
+      ></div>
+      <div
+        *ngIf="message && !options.enableHtml"
+        role="alertdialog"
+        aria-live="polite"
+        [class]="options.messageClass"
+        [attr.aria-label]="message"
+      >
+        {{ message }}
+      </div>
+    </div>
+    <div *ngIf="options.progressBar">
+      <div class="toast-progress" [style.width]="width + '%'"></div>
+    </div>
+  `,
+  animations: [
+    trigger("flyInOut", [
+      state("inactive", style({ opacity: 0 })),
+      state("active", style({ opacity: 1 })),
+      state("removed", style({ opacity: 0 })),
+      transition("inactive => active", animate("{{ easeTime }}ms {{ easing }}")),
+      transition("active => removed", animate("{{ easeTime }}ms {{ easing }}")),
+    ]),
+  ],
+  preserveWhitespaces: false,
+})
+export class BitwardenToast extends BaseToast {
+  constructor(
+    protected toastrService: ToastrService,
+    public toastPackage: ToastPackage,
+  ) {
+    super(toastrService, toastPackage);
+  }
+}
+
+export const BitwardenToastGlobalConfig: GlobalConfig = {
+  ...DefaultNoComponentGlobalConfig,
+  toastComponent: BitwardenToast,
+};
+
+@NgModule({
+  imports: [CommonModule],
+  declarations: [BitwardenToast],
+  exports: [BitwardenToast],
+})
+export class BitwardenToastModule {
+  static forRoot(config: Partial<GlobalConfig> = {}): ModuleWithProviders<BitwardenToastModule> {
+    return {
+      ngModule: BitwardenToastModule,
+      providers: [
+        {
+          provide: TOAST_CONFIG,
+          useValue: {
+            default: BitwardenToastGlobalConfig,
+            config: config,
+          },
+        },
+      ],
+    };
+  }
+}
--- a/jslib/angular/src/directives/a11y-title.directive.ts
+++ b/jslib/angular/src/directives/a11y-title.directive.ts
@@ -0,0 +1,26 @@
+import { Directive, ElementRef, Input, Renderer2 } from "@angular/core";
+
+@Directive({
+  selector: "[appA11yTitle]",
+})
+export class A11yTitleDirective {
+  @Input() set appA11yTitle(title: string) {
+    this.title = title;
+  }
+
+  private title: string;
+
+  constructor(
+    private el: ElementRef,
+    private renderer: Renderer2,
+  ) {}
+
+  ngOnInit() {
+    if (!this.el.nativeElement.hasAttribute("title")) {
+      this.renderer.setAttribute(this.el.nativeElement, "title", this.title);
+    }
+    if (!this.el.nativeElement.hasAttribute("aria-label")) {
+      this.renderer.setAttribute(this.el.nativeElement, "aria-label", this.title);
+    }
+  }
+}
--- a/jslib/angular/src/directives/api-action.directive.ts
+++ b/jslib/angular/src/directives/api-action.directive.ts
@@ -0,0 +1,49 @@
+import { Directive, ElementRef, Input, OnChanges } from "@angular/core";
+
+import { LogService } from "@/jslib/common/src/abstractions/log.service";
+import { ErrorResponse } from "@/jslib/common/src/models/response/errorResponse";
+
+import { ValidationService } from "../services/validation.service";
+
+/**
+ * Provides error handling, in particular for any error returned by the server in an api call.
+ * Attach it to a <form> element and provide the name of the class property that will hold the api call promise.
+ * e.g. <form [appApiAction]="this.formPromise">
+ * Any errors/rejections that occur will be intercepted and displayed as error toasts.
+ */
+@Directive({
+  selector: "[appApiAction]",
+})
+export class ApiActionDirective implements OnChanges {
+  @Input() appApiAction: Promise<any>;
+
+  constructor(
+    private el: ElementRef,
+    private validationService: ValidationService,
+    private logService: LogService,
+  ) {}
+
+  ngOnChanges(changes: any) {
+    if (this.appApiAction == null || this.appApiAction.then == null) {
+      return;
+    }
+
+    this.el.nativeElement.loading = true;
+
+    this.appApiAction.then(
+      (response: any) => {
+        this.el.nativeElement.loading = false;
+      },
+      (e: any) => {
+        this.el.nativeElement.loading = false;
+
+        if ((e as ErrorResponse).captchaRequired) {
+          this.logService.error("Captcha required error response: " + e.getSingleMessage());
+          return;
+        }
+        this.logService?.error(`Received API exception: ${e}`);
+        this.validationService.showError(e);
+      },
+    );
+  }
+}
--- a/jslib/angular/src/directives/autofocus.directive.ts
+++ b/jslib/angular/src/directives/autofocus.directive.ts
@@ -0,0 +1,30 @@
+import { Directive, ElementRef, Input, NgZone } from "@angular/core";
+import { take } from "rxjs/operators";
+
+import { Utils } from "@/jslib/common/src/misc/utils";
+
+@Directive({
+  selector: "[appAutofocus]",
+})
+export class AutofocusDirective {
+  @Input() set appAutofocus(condition: boolean | string) {
+    this.autofocus = condition === "" || condition === true;
+  }
+
+  private autofocus: boolean;
+
+  constructor(
+    private el: ElementRef,
+    private ngZone: NgZone,
+  ) {}
+
+  ngOnInit() {
+    if (!Utils.isMobileBrowser && this.autofocus) {
+      if (this.ngZone.isStable) {
+        this.el.nativeElement.focus();
+      } else {
+        this.ngZone.onStable.pipe(take(1)).subscribe(() => this.el.nativeElement.focus());
+      }
+    }
+  }
+}
--- a/jslib/angular/src/directives/blur-click.directive.ts
+++ b/jslib/angular/src/directives/blur-click.directive.ts
@@ -0,0 +1,12 @@
+import { Directive, ElementRef, HostListener } from "@angular/core";
+
+@Directive({
+  selector: "[appBlurClick]",
+})
+export class BlurClickDirective {
+  constructor(private el: ElementRef) {}
+
+  @HostListener("click") onClick() {
+    this.el.nativeElement.blur();
+  }
+}
--- a/jslib/angular/src/directives/box-row.directive.ts
+++ b/jslib/angular/src/directives/box-row.directive.ts
@@ -0,0 +1,59 @@
+import { Directive, ElementRef, HostListener, OnInit } from "@angular/core";
+
+@Directive({
+  selector: "[appBoxRow]",
+})
+export class BoxRowDirective implements OnInit {
+  el: HTMLElement = null;
+  formEls: Element[];
+
+  constructor(elRef: ElementRef) {
+    this.el = elRef.nativeElement;
+  }
+
+  ngOnInit(): void {
+    this.formEls = Array.from(
+      this.el.querySelectorAll('input:not([type="hidden"]), select, textarea'),
+    );
+    this.formEls.forEach((formEl) => {
+      formEl.addEventListener(
+        "focus",
+        () => {
+          this.el.classList.add("active");
+        },
+        false,
+      );
+
+      formEl.addEventListener(
+        "blur",
+        () => {
+          this.el.classList.remove("active");
+        },
+        false,
+      );
+    });
+  }
+
+  @HostListener("click", ["$event"]) onClick(event: Event) {
+    const target = event.target as HTMLElement;
+    if (
+      target !== this.el &&
+      !target.classList.contains("progress") &&
+      !target.classList.contains("progress-bar")
+    ) {
+      return;
+    }
+
+    if (this.formEls.length > 0) {
+      const formEl = this.formEls[0] as HTMLElement;
+      if (formEl.tagName.toLowerCase() === "input") {
+        const inputEl = formEl as HTMLInputElement;
+        if (inputEl.type != null && inputEl.type.toLowerCase() === "checkbox") {
+          inputEl.click();
+          return;
+        }
+      }
+      formEl.focus();
+    }
+  }
+}
--- a/jslib/angular/src/directives/fallback-src.directive.ts
+++ b/jslib/angular/src/directives/fallback-src.directive.ts
@@ -0,0 +1,14 @@
+import { Directive, ElementRef, HostListener, Input } from "@angular/core";
+
+@Directive({
+  selector: "[appFallbackSrc]",
+})
+export class FallbackSrcDirective {
+  @Input("appFallbackSrc") appFallbackSrc: string;
+
+  constructor(private el: ElementRef) {}
+
+  @HostListener("error") onError() {
+    this.el.nativeElement.src = this.appFallbackSrc;
+  }
+}
--- a/jslib/angular/src/directives/stop-click.directive.ts
+++ b/jslib/angular/src/directives/stop-click.directive.ts
@@ -0,0 +1,10 @@
+import { Directive, HostListener } from "@angular/core";
+
+@Directive({
+  selector: "[appStopClick]",
+})
+export class StopClickDirective {
+  @HostListener("click", ["$event"]) onClick($event: MouseEvent) {
+    $event.preventDefault();
+  }
+}
--- a/jslib/angular/src/directives/stop-prop.directive.ts
+++ b/jslib/angular/src/directives/stop-prop.directive.ts
@@ -0,0 +1,10 @@
+import { Directive, HostListener } from "@angular/core";
+
+@Directive({
+  selector: "[appStopProp]",
+})
+export class StopPropDirective {
+  @HostListener("click", ["$event"]) onClick($event: MouseEvent) {
+    $event.stopPropagation();
+  }
+}
--- a/jslib/angular/src/pipes/i18n.pipe.ts
+++ b/jslib/angular/src/pipes/i18n.pipe.ts
@@ -0,0 +1,14 @@
+import { Pipe, PipeTransform } from "@angular/core";
+
+import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
+
+@Pipe({
+  name: "i18n",
+})
+export class I18nPipe implements PipeTransform {
+  constructor(private i18nService: I18nService) {}
+
+  transform(id: string, p1?: string, p2?: string, p3?: string): string {
+    return this.i18nService.t(id, p1, p2, p3);
+  }
+}
--- a/jslib/angular/src/pipes/search-ciphers.pipe.ts
+++ b/jslib/angular/src/pipes/search-ciphers.pipe.ts
@@ -0,0 +1,41 @@
+import { Pipe, PipeTransform } from "@angular/core";
+
+import { CipherView } from "@/jslib/common/src/models/view/cipherView";
+
+@Pipe({
+  name: "searchCiphers",
+})
+export class SearchCiphersPipe implements PipeTransform {
+  transform(ciphers: CipherView[], searchText: string, deleted = false): CipherView[] {
+    if (ciphers == null || ciphers.length === 0) {
+      return [];
+    }
+
+    if (searchText == null || searchText.length < 2) {
+      return ciphers.filter((c) => {
+        return deleted !== c.isDeleted;
+      });
+    }
+
+    searchText = searchText.trim().toLowerCase();
+    return ciphers.filter((c) => {
+      if (deleted !== c.isDeleted) {
+        return false;
+      }
+      if (c.name != null && c.name.toLowerCase().indexOf(searchText) > -1) {
+        return true;
+      }
+      if (searchText.length >= 8 && c.id.startsWith(searchText)) {
+        return true;
+      }
+      if (c.subTitle != null && c.subTitle.toLowerCase().indexOf(searchText) > -1) {
+        return true;
+      }
+      if (c.login && c.login.uri != null && c.login.uri.toLowerCase().indexOf(searchText) > -1) {
+        return true;
+      }
+
+      return false;
+    });
+  }
+}
--- a/jslib/angular/src/scss/bwicons/fonts/bwi-font.svg
+++ b/jslib/angular/src/scss/bwicons/fonts/bwi-font.svg
--- a/jslib/angular/src/scss/bwicons/fonts/bwi-font.ttf
+++ b/jslib/angular/src/scss/bwicons/fonts/bwi-font.ttf
--- a/jslib/angular/src/scss/bwicons/fonts/bwi-font.woff
+++ b/jslib/angular/src/scss/bwicons/fonts/bwi-font.woff
--- a/jslib/angular/src/scss/bwicons/fonts/bwi-font.woff2
+++ b/jslib/angular/src/scss/bwicons/fonts/bwi-font.woff2
--- a/jslib/angular/src/scss/bwicons/styles/style.scss
+++ b/jslib/angular/src/scss/bwicons/styles/style.scss
@@ -0,0 +1,251 @@
+$icomoon-font-family: "bwi-font" !default;
+$icomoon-font-path: "/jslib/angular/src/scss/bwicons/fonts/" !default;
+
+// New font sheet? Update the font-face information below
+@font-face {
+  font-family: "#{$icomoon-font-family}";
+  src:
+    url($icomoon-font-path + "bwi-font.svg") format("svg"),
+    url($icomoon-font-path + "bwi-font.ttf") format("truetype"),
+    url($icomoon-font-path + "bwi-font.woff") format("woff"),
+    url($icomoon-font-path + "bwi-font.woff2") format("woff2");
+  font-weight: normal;
+  font-style: normal;
+  font-display: block;
+}
+
+// Base Class
+.bwi {
+  /* use !important to prevent issues with browser extensions that change fonts */
+  font-family: "#{$icomoon-font-family}" !important;
+  speak: never;
+  font-style: normal;
+  font-weight: normal;
+  font-variant: normal;
+  text-transform: none;
+  line-height: 1;
+  display: inline-block;
+  /* Better Font Rendering */
+  -webkit-font-smoothing: antialiased;
+  -moz-osx-font-smoothing: grayscale;
+}
+
+// Fixed Width Icons
+.bwi-fw {
+  width: calc(18em / 14);
+  text-align: center;
+}
+
+// Sizing Changes
+.bwi-sm {
+  font-size: 0.875em;
+}
+
+.bwi-lg {
+  font-size: calc(4em / 3);
+  line-height: calc(3em / 4);
+  vertical-align: -15%;
+}
+
+.bwi-2x {
+  font-size: 2em;
+}
+
+.bwi-3x {
+  font-size: 3em;
+}
+
+.bwi-4x {
+  font-size: 4em;
+}
+
+// Spin Animations
+.bwi-spin {
+  animation: bwi-spin 2s infinite linear;
+}
+
+@keyframes bwi-spin {
+  0% {
+    transform: rotate(0deg);
+  }
+  100% {
+    transform: rotate(359deg);
+  }
+}
+
+// List Icons
+.bwi-ul {
+  padding-left: 0;
+  margin-left: calc(30em / 14);
+  list-style-type: none;
+  > li {
+    position: relative;
+  }
+}
+
+.bwi-li {
+  position: absolute;
+  left: calc(-30em / 14);
+  width: calc(30em / 14);
+  top: calc(2em / 14);
+  text-align: center;
+  &.bwi-lg {
+    left: calc(-30em / 14) + calc(4em / 14);
+  }
+}
+
+// Rotation
+.bwi-rotate-270 {
+  transform: rotate(270deg);
+}
+
+// For new icons - add their glyph name and value to the map below
+$icons: (
+  "save-changes": "\e988",
+  "browser": "\e985",
+  "mobile": "\e986",
+  "cli": "\e987",
+  "providers": "\e983",
+  "vault": "\e984",
+  "folder-closed-f": "\e982",
+  "rocket": "\e9ee",
+  "ellipsis-h": "\e9ef",
+  "ellipsis-v": "\e9f0",
+  "safari": "\e974",
+  "opera": "\e975",
+  "firefox": "\e976",
+  "edge": "\e977",
+  "chrome": "\e978",
+  "star-f": "\e979",
+  "arrow-circle-up": "\e97a",
+  "arrow-circle-right": "\e97b",
+  "arrow-circle-left": "\e97c",
+  "arrow-circle-down": "\e97d",
+  "undo": "\e97e",
+  "bolt": "\e97f",
+  "puzzle": "\e980",
+  "rss": "\e973",
+  "dbl-angle-left": "\e970",
+  "dbl-angle-right": "\e971",
+  "hamburger": "\e972",
+  "bw-folder-open-f": "\e93e",
+  "desktop": "\e96a",
+  "angle-left": "\e96b",
+  "user": "\e900",
+  "user-f": "\e901",
+  "key": "\e902",
+  "share-square": "\e903",
+  "hashtag": "\e904",
+  "clone": "\e905",
+  "list-alt": "\e906",
+  "id-card": "\e907",
+  "credit-card": "\e908",
+  "globe": "\e909",
+  "sticky-note": "\e90a",
+  "folder": "\e90b",
+  "lock": "\e90c",
+  "lock-f": "\e90d",
+  "generate": "\e90e",
+  "generate-f": "\e90f",
+  "cog": "\e910",
+  "cog-f": "\e911",
+  "check-circle": "\e912",
+  "eye": "\e913",
+  "pencil-square": "\e914",
+  "bookmark": "\e915",
+  "files": "\e916",
+  "trash": "\e917",
+  "plus": "\e918",
+  "star": "\e919",
+  "list": "\e91a",
+  "angle-right": "\e91b",
+  "external-link": "\e91c",
+  "refresh": "\e91d",
+  "search": "\e91f",
+  "filter": "\e920",
+  "plus-circle": "\e921",
+  "user-circle": "\e922",
+  "question-circle": "\e923",
+  "cogs": "\e924",
+  "minus-circle": "\e925",
+  "send": "\e926",
+  "send-f": "\e927",
+  "download": "\e928",
+  "pencil": "\e929",
+  "sign-out": "\e92a",
+  "share": "\e92b",
+  "clock": "\e92c",
+  "angle-down": "\e92d",
+  "caret-down": "\e92e",
+  "square": "\e92f",
+  "collection": "\e930",
+  "bank": "\e931",
+  "shield": "\e932",
+  "stop": "\e933",
+  "plus-square": "\e934",
+  "save": "\e935",
+  "sign-in": "\e936",
+  "spinner": "\e937",
+  "dollar": "\e939",
+  "check": "\e93a",
+  "check-square": "\e93b",
+  "minus-square": "\e93c",
+  "close": "\e93d",
+  "share-arrow": "\e96c",
+  "paperclip": "\e93f",
+  "bitcoin": "\e940",
+  "cut": "\e941",
+  "frown": "\e942",
+  "folder-open": "\e943",
+  "bug": "\e946",
+  "chain-broken": "\e947",
+  "dashboard": "\e948",
+  "envelope": "\e949",
+  "exclamation-circle": "\e94a",
+  "exclamation-triangle": "\e94b",
+  "caret-right": "\e94c",
+  "file-pdf": "\e94e",
+  "file-text": "\e94f",
+  "info-circle": "\e952",
+  "lightbulb": "\e953",
+  "link": "\e954",
+  "linux": "\e956",
+  "long-arrow-right": "\e957",
+  "money": "\e958",
+  "play": "\e959",
+  "reddit": "\e95a",
+  "refresh-tab": "\e95b",
+  "sitemap": "\e95c",
+  "sliders": "\e95d",
+  "tag": "\e95e",
+  "thumb-tack": "\e95f",
+  "thumbs-up": "\e960",
+  "unlock": "\e962",
+  "users": "\e963",
+  "wrench": "\e965",
+  "ban": "\e967",
+  "camera": "\e968",
+  "chevron-up": "\e969",
+  "eye-slash": "\e96d",
+  "file": "\e96e",
+  "paste": "\e96f",
+  "github": "\e950",
+  "facebook": "\e94d",
+  "paypal": "\e938",
+  "google": "\e951",
+  "linkedin": "\e955",
+  "discourse": "\e91e",
+  "twitter": "\e961",
+  "youtube": "\e966",
+  "windows": "\e964",
+  "apple": "\e945",
+  "android": "\e944",
+  "error": "\e981",
+  "numbered-list": "\e989",
+);
+
+@each $name, $glyph in $icons {
+  .bwi-#{$name}:before {
+    content: $glyph;
+  }
+}
--- a/jslib/angular/src/scss/icons.scss
+++ b/jslib/angular/src/scss/icons.scss
@@ -0,0 +1,44 @@
+$card-icons-base: "~@bitwarden/jslib-angular/src/images/cards/";
+$card-icons: (
+  "visa": $card-icons-base + "visa-light.png",
+  "amex": $card-icons-base + "amex-light.png",
+  "diners-club": $card-icons-base + "diners_club-light.png",
+  "discover": $card-icons-base + "discover-light.png",
+  "jcb": $card-icons-base + "jcb-light.png",
+  "maestro": $card-icons-base + "maestro-light.png",
+  "mastercard": $card-icons-base + "mastercard-light.png",
+  "union-pay": $card-icons-base + "union_pay-light.png",
+);
+
+$card-icons-dark: (
+  "visa": $card-icons-base + "visa-dark.png",
+  "amex": $card-icons-base + "amex-dark.png",
+  "diners-club": $card-icons-base + "diners_club-dark.png",
+  "discover": $card-icons-base + "discover-dark.png",
+  "jcb": $card-icons-base + "jcb-dark.png",
+  "maestro": $card-icons-base + "maestro-dark.png",
+  "mastercard": $card-icons-base + "mastercard-dark.png",
+  "union-pay": $card-icons-base + "union_pay-dark.png",
+);
+
+.credit-card-icon {
+  display: block; // Resolves the parent container being slighly to big
+  height: 19px;
+  width: 24px;
+  background-size: contain;
+  background-repeat: no-repeat;
+}
+
+@each $name, $url in $card-icons {
+  .card-#{$name} {
+    background-image: url("#{$url}");
+  }
+}
+
+@each $theme in $dark-icon-themes {
+  @each $name, $url in $card-icons-dark {
+    .#{$theme} .card-#{$name} {
+      background-image: url("#{$url}");
+    }
+  }
+}
--- a/jslib/angular/src/scss/webfonts.css
+++ b/jslib/angular/src/scss/webfonts.css
@@ -0,0 +1,89 @@
+@font-face {
+  font-family: "Open Sans";
+  font-style: italic;
+  font-weight: 300;
+  font-display: auto;
+  src: url(webfonts/Open_Sans-italic-300.woff) format("woff");
+  unicode-range: U+0-10FFFF;
+}
+
+@font-face {
+  font-family: "Open Sans";
+  font-style: italic;
+  font-weight: 400;
+  font-display: auto;
+  src: url(webfonts/Open_Sans-italic-400.woff) format("woff");
+  unicode-range: U+0-10FFFF;
+}
+
+@font-face {
+  font-family: "Open Sans";
+  font-style: italic;
+  font-weight: 600;
+  font-display: auto;
+  src: url(webfonts/Open_Sans-italic-600.woff) format("woff");
+  unicode-range: U+0-10FFFF;
+}
+
+@font-face {
+  font-family: "Open Sans";
+  font-style: italic;
+  font-weight: 700;
+  font-display: auto;
+  src: url(webfonts/Open_Sans-italic-700.woff) format("woff");
+  unicode-range: U+0-10FFFF;
+}
+
+@font-face {
+  font-family: "Open Sans";
+  font-style: italic;
+  font-weight: 800;
+  font-display: auto;
+  src: url(webfonts/Open_Sans-italic-800.woff) format("woff");
+  unicode-range: U+0-10FFFF;
+}
+
+@font-face {
+  font-family: "Open Sans";
+  font-style: normal;
+  font-weight: 300;
+  font-display: auto;
+  src: url(webfonts/Open_Sans-normal-300.woff) format("woff");
+  unicode-range: U+0-10FFFF;
+}
+
+@font-face {
+  font-family: "Open Sans";
+  font-style: normal;
+  font-weight: 400;
+  font-display: auto;
+  src: url(webfonts/Open_Sans-normal-400.woff) format("woff");
+  unicode-range: U+0-10FFFF;
+}
+
+@font-face {
+  font-family: "Open Sans";
+  font-style: normal;
+  font-weight: 600;
+  font-display: auto;
+  src: url(webfonts/Open_Sans-normal-600.woff) format("woff");
+  unicode-range: U+0-10FFFF;
+}
+
+@font-face {
+  font-family: "Open Sans";
+  font-style: normal;
+  font-weight: 700;
+  font-display: auto;
+  src: url(webfonts/Open_Sans-normal-700.woff) format("woff");
+  unicode-range: U+0-10FFFF;
+}
+
+@font-face {
+  font-family: "Open Sans";
+  font-style: normal;
+  font-weight: 800;
+  font-display: auto;
+  src: url(webfonts/Open_Sans-normal-800.woff) format("woff");
+  unicode-range: U+0-10FFFF;
+}
--- a/jslib/angular/src/scss/webfonts/Open_Sans-italic-300.woff
+++ b/jslib/angular/src/scss/webfonts/Open_Sans-italic-300.woff
--- a/jslib/angular/src/scss/webfonts/Open_Sans-italic-400.woff
+++ b/jslib/angular/src/scss/webfonts/Open_Sans-italic-400.woff
--- a/jslib/angular/src/scss/webfonts/Open_Sans-italic-600.woff
+++ b/jslib/angular/src/scss/webfonts/Open_Sans-italic-600.woff
--- a/jslib/angular/src/scss/webfonts/Open_Sans-italic-700.woff
+++ b/jslib/angular/src/scss/webfonts/Open_Sans-italic-700.woff
--- a/jslib/angular/src/scss/webfonts/Open_Sans-italic-800.woff
+++ b/jslib/angular/src/scss/webfonts/Open_Sans-italic-800.woff
--- a/jslib/angular/src/scss/webfonts/Open_Sans-normal-300.woff
+++ b/jslib/angular/src/scss/webfonts/Open_Sans-normal-300.woff
--- a/jslib/angular/src/scss/webfonts/Open_Sans-normal-400.woff
+++ b/jslib/angular/src/scss/webfonts/Open_Sans-normal-400.woff
--- a/jslib/angular/src/scss/webfonts/Open_Sans-normal-600.woff
+++ b/jslib/angular/src/scss/webfonts/Open_Sans-normal-600.woff
--- a/jslib/angular/src/scss/webfonts/Open_Sans-normal-700.woff
+++ b/jslib/angular/src/scss/webfonts/Open_Sans-normal-700.woff
--- a/jslib/angular/src/scss/webfonts/Open_Sans-normal-800.woff
+++ b/jslib/angular/src/scss/webfonts/Open_Sans-normal-800.woff
--- a/jslib/angular/src/services/broadcaster.service.ts
+++ b/jslib/angular/src/services/broadcaster.service.ts
@@ -0,0 +1,6 @@
+import { Injectable } from "@angular/core";
+
+import { BroadcasterService as BaseBroadcasterService } from "@/jslib/common/src/services/broadcaster.service";
+
+@Injectable()
+export class BroadcasterService extends BaseBroadcasterService {}
--- a/jslib/angular/src/services/jslib-services.module.ts
+++ b/jslib/angular/src/services/jslib-services.module.ts
@@ -0,0 +1,143 @@
+import { LOCALE_ID, NgModule } from "@angular/core";
+
+import { ApiService as ApiServiceAbstraction } from "@/jslib/common/src/abstractions/api.service";
+import { AppIdService as AppIdServiceAbstraction } from "@/jslib/common/src/abstractions/appId.service";
+import { BroadcasterService as BroadcasterServiceAbstraction } from "@/jslib/common/src/abstractions/broadcaster.service";
+import { CryptoService as CryptoServiceAbstraction } from "@/jslib/common/src/abstractions/crypto.service";
+import { CryptoFunctionService as CryptoFunctionServiceAbstraction } from "@/jslib/common/src/abstractions/cryptoFunction.service";
+import { EnvironmentService as EnvironmentServiceAbstraction } from "@/jslib/common/src/abstractions/environment.service";
+import { I18nService as I18nServiceAbstraction } from "@/jslib/common/src/abstractions/i18n.service";
+import { LogService } from "@/jslib/common/src/abstractions/log.service";
+import { MessagingService as MessagingServiceAbstraction } from "@/jslib/common/src/abstractions/messaging.service";
+import { PlatformUtilsService as PlatformUtilsServiceAbstraction } from "@/jslib/common/src/abstractions/platformUtils.service";
+import { StateService as StateServiceAbstraction } from "@/jslib/common/src/abstractions/state.service";
+import { StateMigrationService as StateMigrationServiceAbstraction } from "@/jslib/common/src/abstractions/stateMigration.service";
+import { StorageService as StorageServiceAbstraction } from "@/jslib/common/src/abstractions/storage.service";
+import { TokenService as TokenServiceAbstraction } from "@/jslib/common/src/abstractions/token.service";
+import { StateFactory } from "@/jslib/common/src/factories/stateFactory";
+import { Account } from "@/jslib/common/src/models/domain/account";
+import { GlobalState } from "@/jslib/common/src/models/domain/globalState";
+import { ApiService } from "@/jslib/common/src/services/api.service";
+import { AppIdService } from "@/jslib/common/src/services/appId.service";
+import { ConsoleLogService } from "@/jslib/common/src/services/consoleLog.service";
+import { CryptoService } from "@/jslib/common/src/services/crypto.service";
+import { EnvironmentService } from "@/jslib/common/src/services/environment.service";
+import { StateService } from "@/jslib/common/src/services/state.service";
+import { StateMigrationService } from "@/jslib/common/src/services/stateMigration.service";
+import { TokenService } from "@/jslib/common/src/services/token.service";
+
+import {
+  SafeInjectionToken,
+  SECURE_STORAGE,
+  WINDOW,
+} from "../../../../src/app/services/injection-tokens";
+import { SafeProvider, safeProvider } from "../../../../src/app/services/safe-provider";
+
+import { BroadcasterService } from "./broadcaster.service";
+import { ModalService } from "./modal.service";
+import { ValidationService } from "./validation.service";
+
+@NgModule({
+  declarations: [],
+  providers: [
+    safeProvider({ provide: WINDOW, useValue: window }),
+    safeProvider({
+      provide: LOCALE_ID as SafeInjectionToken<string>,
+      useFactory: (i18nService: I18nServiceAbstraction) => i18nService.translationLocale,
+      deps: [I18nServiceAbstraction],
+    }),
+    safeProvider(ValidationService),
+    safeProvider(ModalService),
+    safeProvider({
+      provide: AppIdServiceAbstraction,
+      useClass: AppIdService,
+      deps: [StorageServiceAbstraction],
+    }),
+    safeProvider({ provide: LogService, useFactory: () => new ConsoleLogService(false), deps: [] }),
+    safeProvider({
+      provide: EnvironmentServiceAbstraction,
+      useClass: EnvironmentService,
+      deps: [StateServiceAbstraction],
+    }),
+    safeProvider({
+      provide: TokenServiceAbstraction,
+      useClass: TokenService,
+      deps: [StateServiceAbstraction],
+    }),
+    safeProvider({
+      provide: CryptoServiceAbstraction,
+      useClass: CryptoService,
+      deps: [
+        CryptoFunctionServiceAbstraction,
+        PlatformUtilsServiceAbstraction,
+        LogService,
+        StateServiceAbstraction,
+      ],
+    }),
+    safeProvider({
+      provide: ApiServiceAbstraction,
+      useFactory: (
+        tokenService: TokenServiceAbstraction,
+        platformUtilsService: PlatformUtilsServiceAbstraction,
+        environmentService: EnvironmentServiceAbstraction,
+        messagingService: MessagingServiceAbstraction,
+        appIdService: AppIdServiceAbstraction,
+      ) =>
+        new ApiService(
+          tokenService,
+          platformUtilsService,
+          environmentService,
+          appIdService,
+          async (expired: boolean) => messagingService.send("logout", { expired: expired }),
+        ),
+      deps: [
+        TokenServiceAbstraction,
+        PlatformUtilsServiceAbstraction,
+        EnvironmentServiceAbstraction,
+        MessagingServiceAbstraction,
+        AppIdServiceAbstraction,
+      ],
+    }),
+    safeProvider({
+      provide: BroadcasterServiceAbstraction,
+      useClass: BroadcasterService,
+      useAngularDecorators: true,
+    }),
+    safeProvider({
+      provide: StateServiceAbstraction,
+      useFactory: (
+        storageService: StorageServiceAbstraction,
+        secureStorageService: StorageServiceAbstraction,
+        logService: LogService,
+        stateMigrationService: StateMigrationServiceAbstraction,
+      ) =>
+        new StateService(
+          storageService,
+          secureStorageService,
+          logService,
+          stateMigrationService,
+          new StateFactory(GlobalState, Account),
+        ),
+      deps: [
+        StorageServiceAbstraction,
+        SECURE_STORAGE,
+        LogService,
+        StateMigrationServiceAbstraction,
+      ],
+    }),
+    safeProvider({
+      provide: StateMigrationServiceAbstraction,
+      useFactory: (
+        storageService: StorageServiceAbstraction,
+        secureStorageService: StorageServiceAbstraction,
+      ) =>
+        new StateMigrationService(
+          storageService,
+          secureStorageService,
+          new StateFactory(GlobalState, Account),
+        ),
+      deps: [StorageServiceAbstraction, SECURE_STORAGE],
+    }),
+  ] satisfies SafeProvider[],
+})
+export class JslibServicesModule {}
--- a/jslib/angular/src/services/modal.service.ts
+++ b/jslib/angular/src/services/modal.service.ts
@@ -0,0 +1,180 @@
+import {
+  ApplicationRef,
+  ComponentFactory,
+  ComponentFactoryResolver,
+  ComponentRef,
+  EmbeddedViewRef,
+  Injectable,
+  Injector,
+  Type,
+  ViewContainerRef,
+} from "@angular/core";
+import { first } from "rxjs/operators";
+
+import { DynamicModalComponent } from "../components/modal/dynamic-modal.component";
+import { ModalInjector } from "../components/modal/modal-injector";
+import { ModalRef } from "../components/modal/modal.ref";
+
+export class ModalConfig<D = any> {
+  data?: D;
+  allowMultipleModals = false;
+}
+
+@Injectable()
+export class ModalService {
+  protected modalList: ComponentRef<DynamicModalComponent>[] = [];
+
+  // Lazy loaded modules are not available in componentFactoryResolver,
+  // therefore modules needs to manually initialize their resolvers.
+  private factoryResolvers: Map<Type<any>, ComponentFactoryResolver> = new Map();
+
+  constructor(
+    private componentFactoryResolver: ComponentFactoryResolver,
+    private applicationRef: ApplicationRef,
+    private injector: Injector,
+  ) {
+    document.addEventListener("keyup", (event) => {
+      if (event.key === "Escape" && this.modalCount > 0) {
+        this.topModal.instance.close();
+      }
+    });
+  }
+
+  get modalCount() {
+    return this.modalList.length;
+  }
+
+  private get topModal() {
+    return this.modalList[this.modalCount - 1];
+  }
+
+  async openViewRef<T>(
+    componentType: Type<T>,
+    viewContainerRef: ViewContainerRef,
+    setComponentParameters: (component: T) => void = null,
+  ): Promise<[ModalRef, T]> {
+    const [modalRef, modalComponentRef] = this.openInternal(componentType, null, false);
+    modalComponentRef.instance.setComponentParameters = setComponentParameters;
+
+    viewContainerRef.insert(modalComponentRef.hostView);
+
+    await modalRef.onCreated.pipe(first()).toPromise();
+
+    return [modalRef, modalComponentRef.instance.componentRef.instance];
+  }
+
+  open(componentType: Type<any>, config?: ModalConfig) {
+    if (!(config?.allowMultipleModals ?? false) && this.modalCount > 0) {
+      return;
+    }
+
+    // eslint-disable-next-line
+    const [modalRef, _] = this.openInternal(componentType, config, true);
+
+    return modalRef;
+  }
+
+  registerComponentFactoryResolver<T>(
+    componentType: Type<T>,
+    componentFactoryResolver: ComponentFactoryResolver,
+  ): void {
+    this.factoryResolvers.set(componentType, componentFactoryResolver);
+  }
+
+  resolveComponentFactory<T>(componentType: Type<T>): ComponentFactory<T> {
+    if (this.factoryResolvers.has(componentType)) {
+      return this.factoryResolvers.get(componentType).resolveComponentFactory(componentType);
+    }
+
+    return this.componentFactoryResolver.resolveComponentFactory(componentType);
+  }
+
+  protected openInternal(
+    componentType: Type<any>,
+    config?: ModalConfig,
+    attachToDom?: boolean,
+  ): [ModalRef, ComponentRef<DynamicModalComponent>] {
+    const [modalRef, componentRef] = this.createModalComponent(config);
+    componentRef.instance.childComponentType = componentType;
+
+    if (attachToDom) {
+      this.applicationRef.attachView(componentRef.hostView);
+      const domElem = (componentRef.hostView as EmbeddedViewRef<any>).rootNodes[0] as HTMLElement;
+      document.body.appendChild(domElem);
+    }
+
+    modalRef.onClosed.pipe(first()).subscribe(() => {
+      if (attachToDom) {
+        this.applicationRef.detachView(componentRef.hostView);
+      }
+      componentRef.destroy();
+
+      this.modalList.pop();
+      if (this.modalCount > 0) {
+        this.topModal.instance.getFocus();
+      }
+    });
+
+    this.setupHandlers(modalRef);
+
+    this.modalList.push(componentRef);
+
+    return [modalRef, componentRef];
+  }
+
+  protected setupHandlers(modalRef: ModalRef) {
+    let backdrop: HTMLElement = null;
+
+    // Add backdrop, setup [data-dismiss] handler.
+    modalRef.onCreated.pipe(first()).subscribe((el) => {
+      document.body.classList.add("modal-open");
+
+      const modalEl: HTMLElement = el.querySelector(".modal");
+      const dialogEl = modalEl.querySelector(".modal-dialog") as HTMLElement;
+
+      backdrop = document.createElement("div");
+      backdrop.className = "modal-backdrop fade";
+      backdrop.style.zIndex = `${this.modalCount}040`;
+      modalEl.prepend(backdrop);
+
+      dialogEl.addEventListener("click", (e: Event) => {
+        e.stopPropagation();
+      });
+      dialogEl.style.zIndex = `${this.modalCount}050`;
+
+      const modals = Array.from(
+        el.querySelectorAll('.modal-backdrop, .modal *[data-bs-dismiss="modal"]'),
+      );
+      for (const closeElement of modals) {
+        closeElement.addEventListener("click", () => {
+          modalRef.close();
+        });
+      }
+    });
+
+    // onClose is used in Web to hook into bootstrap. On other projects we pipe it directly to closed.
+    modalRef.onClose.pipe(first()).subscribe(() => {
+      modalRef.closed();
+
+      if (this.modalCount === 0) {
+        document.body.classList.remove("modal-open");
+      }
+    });
+  }
+
+  protected createModalComponent(
+    config: ModalConfig,
+  ): [ModalRef, ComponentRef<DynamicModalComponent>] {
+    const modalRef = new ModalRef();
+
+    const map = new WeakMap();
+    map.set(ModalConfig, config);
+    map.set(ModalRef, modalRef);
+
+    const componentFactory =
+      this.componentFactoryResolver.resolveComponentFactory(DynamicModalComponent);
+    const componentRef = componentFactory.create(new ModalInjector(this.injector, map));
+
+    return [modalRef, componentRef];
+  }
+}
--- a/jslib/angular/src/services/validation.service.ts
+++ b/jslib/angular/src/services/validation.service.ts
@@ -0,0 +1,38 @@
+import { Injectable } from "@angular/core";
+
+import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
+import { PlatformUtilsService } from "@/jslib/common/src/abstractions/platformUtils.service";
+import { ErrorResponse } from "@/jslib/common/src/models/response/errorResponse";
+
+@Injectable()
+export class ValidationService {
+  constructor(
+    private i18nService: I18nService,
+    private platformUtilsService: PlatformUtilsService,
+  ) {}
+
+  showError(data: any): string[] {
+    const defaultErrorMessage = this.i18nService.t("unexpectedError");
+    let errors: string[] = [];
+
+    if (data != null && typeof data === "string") {
+      errors.push(data);
+    } else if (data == null || typeof data !== "object") {
+      errors.push(defaultErrorMessage);
+    } else if (data.validationErrors != null) {
+      errors = errors.concat((data as ErrorResponse).getAllMessages());
+    } else {
+      errors.push(data.message ? data.message : defaultErrorMessage);
+    }
+
+    if (errors.length === 1) {
+      this.platformUtilsService.showToast("error", this.i18nService.t("errorOccurred"), errors[0]);
+    } else if (errors.length > 1) {
+      this.platformUtilsService.showToast("error", this.i18nService.t("errorOccurred"), errors, {
+        timeout: 5000 * errors.length,
+      });
+    }
+
+    return errors;
+  }
+}
--- a/jslib/common/spec/domain/attachment.spec.ts
+++ b/jslib/common/spec/domain/attachment.spec.ts
@@ -0,0 +1,83 @@
+import { Substitute, Arg } from "@fluffy-spoon/substitute";
+
+import { CryptoService } from "@/jslib/common/src/abstractions/crypto.service";
+import { AttachmentData } from "@/jslib/common/src/models/data/attachmentData";
+import { Attachment } from "@/jslib/common/src/models/domain/attachment";
+import { SymmetricCryptoKey } from "@/jslib/common/src/models/domain/symmetricCryptoKey";
+import { ContainerService } from "@/jslib/common/src/services/container.service";
+
+import { makeStaticByteArray, mockEnc } from "../utils";
+
+describe("Attachment", () => {
+  let data: AttachmentData;
+
+  beforeEach(() => {
+    data = {
+      id: "id",
+      url: "url",
+      fileName: "fileName",
+      key: "key",
+      size: "1100",
+      sizeName: "1.1 KB",
+    };
+  });
+
+  it("Convert from empty", () => {
+    const data = new AttachmentData();
+    const attachment = new Attachment(data);
+
+    expect(attachment).toEqual({
+      id: null,
+      url: null,
+      size: undefined,
+      sizeName: null,
+      key: null,
+      fileName: null,
+    });
+  });
+
+  it("Convert", () => {
+    const attachment = new Attachment(data);
+
+    expect(attachment).toEqual({
+      size: "1100",
+      id: "id",
+      url: "url",
+      sizeName: "1.1 KB",
+      fileName: { encryptedString: "fileName", encryptionType: 0 },
+      key: { encryptedString: "key", encryptionType: 0 },
+    });
+  });
+
+  it("toAttachmentData", () => {
+    const attachment = new Attachment(data);
+    expect(attachment.toAttachmentData()).toEqual(data);
+  });
+
+  it("Decrypt", async () => {
+    const attachment = new Attachment();
+    attachment.id = "id";
+    attachment.url = "url";
+    attachment.size = "1100";
+    attachment.sizeName = "1.1 KB";
+    attachment.key = mockEnc("key");
+    attachment.fileName = mockEnc("fileName");
+
+    const cryptoService = Substitute.for<CryptoService>();
+    cryptoService.getOrgKey(null).resolves(null);
+    cryptoService.decryptToBytes(Arg.any(), Arg.any()).resolves(makeStaticByteArray(32));
+
+    (window as any).bitwardenContainerService = new ContainerService(cryptoService);
+
+    const view = await attachment.decrypt(null);
+
+    expect(view).toEqual({
+      id: "id",
+      url: "url",
+      size: "1100",
+      sizeName: "1.1 KB",
+      fileName: "fileName",
+      key: expect.any(SymmetricCryptoKey),
+    });
+  });
+});
--- a/jslib/common/spec/domain/card.spec.ts
+++ b/jslib/common/spec/domain/card.spec.ts
@@ -0,0 +1,73 @@
+import { CardData } from "@/jslib/common/src/models/data/cardData";
+import { Card } from "@/jslib/common/src/models/domain/card";
+
+import { mockEnc } from "../utils";
+
+describe("Card", () => {
+  let data: CardData;
+
+  beforeEach(() => {
+    data = {
+      cardholderName: "encHolder",
+      brand: "encBrand",
+      number: "encNumber",
+      expMonth: "encMonth",
+      expYear: "encYear",
+      code: "encCode",
+    };
+  });
+
+  it("Convert from empty", () => {
+    const data = new CardData();
+    const card = new Card(data);
+
+    expect(card).toEqual({
+      cardholderName: null,
+      brand: null,
+      number: null,
+      expMonth: null,
+      expYear: null,
+      code: null,
+    });
+  });
+
+  it("Convert", () => {
+    const card = new Card(data);
+
+    expect(card).toEqual({
+      cardholderName: { encryptedString: "encHolder", encryptionType: 0 },
+      brand: { encryptedString: "encBrand", encryptionType: 0 },
+      number: { encryptedString: "encNumber", encryptionType: 0 },
+      expMonth: { encryptedString: "encMonth", encryptionType: 0 },
+      expYear: { encryptedString: "encYear", encryptionType: 0 },
+      code: { encryptedString: "encCode", encryptionType: 0 },
+    });
+  });
+
+  it("toCardData", () => {
+    const card = new Card(data);
+    expect(card.toCardData()).toEqual(data);
+  });
+
+  it("Decrypt", async () => {
+    const card = new Card();
+    card.cardholderName = mockEnc("cardHolder");
+    card.brand = mockEnc("brand");
+    card.number = mockEnc("number");
+    card.expMonth = mockEnc("expMonth");
+    card.expYear = mockEnc("expYear");
+    card.code = mockEnc("code");
+
+    const view = await card.decrypt(null);
+
+    expect(view).toEqual({
+      _brand: "brand",
+      _number: "number",
+      _subTitle: null,
+      cardholderName: "cardHolder",
+      code: "code",
+      expMonth: "expMonth",
+      expYear: "expYear",
+    });
+  });
+});
--- a/jslib/common/spec/domain/cipher.spec.ts
+++ b/jslib/common/spec/domain/cipher.spec.ts
@@ -0,0 +1,599 @@
+import { Substitute, Arg } from "@fluffy-spoon/substitute";
+
+import { CipherRepromptType } from "@/jslib/common/src/enums/cipherRepromptType";
+import { CipherType } from "@/jslib/common/src/enums/cipherType";
+import { FieldType } from "@/jslib/common/src/enums/fieldType";
+import { SecureNoteType } from "@/jslib/common/src/enums/secureNoteType";
+import { UriMatchType } from "@/jslib/common/src/enums/uriMatchType";
+import { CipherData } from "@/jslib/common/src/models/data/cipherData";
+import { Card } from "@/jslib/common/src/models/domain/card";
+import { Cipher } from "@/jslib/common/src/models/domain/cipher";
+import { Identity } from "@/jslib/common/src/models/domain/identity";
+import { Login } from "@/jslib/common/src/models/domain/login";
+import { SecureNote } from "@/jslib/common/src/models/domain/secureNote";
+import { CardView } from "@/jslib/common/src/models/view/cardView";
+import { IdentityView } from "@/jslib/common/src/models/view/identityView";
+import { LoginView } from "@/jslib/common/src/models/view/loginView";
+
+import { mockEnc } from "../utils";
+
+describe("Cipher DTO", () => {
+  it("Convert from empty CipherData", () => {
+    const data = new CipherData();
+    const cipher = new Cipher(data);
+
+    expect(cipher).toEqual({
+      id: null,
+      userId: null,
+      organizationId: null,
+      folderId: null,
+      name: null,
+      notes: null,
+      type: undefined,
+      favorite: undefined,
+      organizationUseTotp: undefined,
+      edit: undefined,
+      viewPassword: true,
+      revisionDate: null,
+      collectionIds: undefined,
+      localData: null,
+      deletedDate: null,
+      reprompt: undefined,
+      attachments: null,
+      fields: null,
+      passwordHistory: null,
+    });
+  });
+
+  describe("LoginCipher", () => {
+    let cipherData: CipherData;
+
+    beforeEach(() => {
+      cipherData = {
+        id: "id",
+        organizationId: "orgId",
+        folderId: "folderId",
+        userId: "userId",
+        edit: true,
+        viewPassword: true,
+        organizationUseTotp: true,
+        favorite: false,
+        revisionDate: "2022-01-31T12:00:00.000Z",
+        type: CipherType.Login,
+        name: "EncryptedString",
+        notes: "EncryptedString",
+        deletedDate: null,
+        reprompt: CipherRepromptType.None,
+        login: {
+          uris: [{ uri: "EncryptedString", match: UriMatchType.Domain }],
+          username: "EncryptedString",
+          password: "EncryptedString",
+          passwordRevisionDate: "2022-01-31T12:00:00.000Z",
+          totp: "EncryptedString",
+          autofillOnPageLoad: false,
+        },
+        passwordHistory: [
+          { password: "EncryptedString", lastUsedDate: "2022-01-31T12:00:00.000Z" },
+        ],
+        attachments: [
+          {
+            id: "a1",
+            url: "url",
+            size: "1100",
+            sizeName: "1.1 KB",
+            fileName: "file",
+            key: "EncKey",
+          },
+          {
+            id: "a2",
+            url: "url",
+            size: "1100",
+            sizeName: "1.1 KB",
+            fileName: "file",
+            key: "EncKey",
+          },
+        ],
+        fields: [
+          {
+            name: "EncryptedString",
+            value: "EncryptedString",
+            type: FieldType.Text,
+            linkedId: null,
+          },
+          {
+            name: "EncryptedString",
+            value: "EncryptedString",
+            type: FieldType.Hidden,
+            linkedId: null,
+          },
+        ],
+      };
+    });
+
+    it("Convert", () => {
+      const cipher = new Cipher(cipherData);
+
+      expect(cipher).toEqual({
+        id: "id",
+        userId: "userId",
+        organizationId: "orgId",
+        folderId: "folderId",
+        name: { encryptedString: "EncryptedString", encryptionType: 0 },
+        notes: { encryptedString: "EncryptedString", encryptionType: 0 },
+        type: 1,
+        favorite: false,
+        organizationUseTotp: true,
+        edit: true,
+        viewPassword: true,
+        revisionDate: new Date("2022-01-31T12:00:00.000Z"),
+        collectionIds: undefined,
+        localData: null,
+        deletedDate: null,
+        reprompt: 0,
+        login: {
+          passwordRevisionDate: new Date("2022-01-31T12:00:00.000Z"),
+          autofillOnPageLoad: false,
+          username: { encryptedString: "EncryptedString", encryptionType: 0 },
+          password: { encryptedString: "EncryptedString", encryptionType: 0 },
+          totp: { encryptedString: "EncryptedString", encryptionType: 0 },
+          uris: [{ match: 0, uri: { encryptedString: "EncryptedString", encryptionType: 0 } }],
+        },
+        attachments: [
+          {
+            fileName: { encryptedString: "file", encryptionType: 0 },
+            id: "a1",
+            key: { encryptedString: "EncKey", encryptionType: 0 },
+            size: "1100",
+            sizeName: "1.1 KB",
+            url: "url",
+          },
+          {
+            fileName: { encryptedString: "file", encryptionType: 0 },
+            id: "a2",
+            key: { encryptedString: "EncKey", encryptionType: 0 },
+            size: "1100",
+            sizeName: "1.1 KB",
+            url: "url",
+          },
+        ],
+        fields: [
+          {
+            linkedId: null,
+            name: { encryptedString: "EncryptedString", encryptionType: 0 },
+            type: 0,
+            value: { encryptedString: "EncryptedString", encryptionType: 0 },
+          },
+          {
+            linkedId: null,
+            name: { encryptedString: "EncryptedString", encryptionType: 0 },
+            type: 1,
+            value: { encryptedString: "EncryptedString", encryptionType: 0 },
+          },
+        ],
+        passwordHistory: [
+          {
+            lastUsedDate: new Date("2022-01-31T12:00:00.000Z"),
+            password: { encryptedString: "EncryptedString", encryptionType: 0 },
+          },
+        ],
+      });
+    });
+
+    it("toCipherData", () => {
+      const cipher = new Cipher(cipherData);
+      expect(cipher.toCipherData("userId")).toEqual(cipherData);
+    });
+
+    it("Decrypt", async () => {
+      const cipher = new Cipher();
+      cipher.id = "id";
+      cipher.organizationId = "orgId";
+      cipher.folderId = "folderId";
+      cipher.edit = true;
+      cipher.viewPassword = true;
+      cipher.organizationUseTotp = true;
+      cipher.favorite = false;
+      cipher.revisionDate = new Date("2022-01-31T12:00:00.000Z");
+      cipher.type = CipherType.Login;
+      cipher.name = mockEnc("EncryptedString");
+      cipher.notes = mockEnc("EncryptedString");
+      cipher.deletedDate = null;
+      cipher.reprompt = CipherRepromptType.None;
+
+      const loginView = new LoginView();
+      loginView.username = "username";
+      loginView.password = "password";
+
+      const login = Substitute.for<Login>();
+      login.decrypt(Arg.any(), Arg.any()).resolves(loginView);
+      cipher.login = login;
+
+      const cipherView = await cipher.decrypt();
+
+      expect(cipherView).toMatchObject({
+        id: "id",
+        organizationId: "orgId",
+        folderId: "folderId",
+        name: "EncryptedString",
+        notes: "EncryptedString",
+        type: 1,
+        favorite: false,
+        organizationUseTotp: true,
+        edit: true,
+        viewPassword: true,
+        login: loginView,
+        attachments: null,
+        fields: null,
+        passwordHistory: null,
+        collectionIds: undefined,
+        revisionDate: new Date("2022-01-31T12:00:00.000Z"),
+        deletedDate: null,
+        reprompt: 0,
+        localData: undefined,
+      });
+    });
+  });
+
+  describe("SecureNoteCipher", () => {
+    let cipherData: CipherData;
+
+    beforeEach(() => {
+      cipherData = {
+        id: "id",
+        organizationId: "orgId",
+        folderId: "folderId",
+        userId: "userId",
+        edit: true,
+        viewPassword: true,
+        organizationUseTotp: true,
+        favorite: false,
+        revisionDate: "2022-01-31T12:00:00.000Z",
+        type: CipherType.SecureNote,
+        name: "EncryptedString",
+        notes: "EncryptedString",
+        deletedDate: null,
+        reprompt: CipherRepromptType.None,
+        secureNote: {
+          type: SecureNoteType.Generic,
+        },
+      };
+    });
+
+    it("Convert", () => {
+      const cipher = new Cipher(cipherData);
+
+      expect(cipher).toEqual({
+        id: "id",
+        userId: "userId",
+        organizationId: "orgId",
+        folderId: "folderId",
+        name: { encryptedString: "EncryptedString", encryptionType: 0 },
+        notes: { encryptedString: "EncryptedString", encryptionType: 0 },
+        type: 2,
+        favorite: false,
+        organizationUseTotp: true,
+        edit: true,
+        viewPassword: true,
+        revisionDate: new Date("2022-01-31T12:00:00.000Z"),
+        collectionIds: undefined,
+        localData: null,
+        deletedDate: null,
+        reprompt: 0,
+        secureNote: { type: SecureNoteType.Generic },
+        attachments: null,
+        fields: null,
+        passwordHistory: null,
+      });
+    });
+
+    it("toCipherData", () => {
+      const cipher = new Cipher(cipherData);
+      expect(cipher.toCipherData("userId")).toEqual(cipherData);
+    });
+
+    it("Decrypt", async () => {
+      const cipher = new Cipher();
+      cipher.id = "id";
+      cipher.organizationId = "orgId";
+      cipher.folderId = "folderId";
+      cipher.edit = true;
+      cipher.viewPassword = true;
+      cipher.organizationUseTotp = true;
+      cipher.favorite = false;
+      cipher.revisionDate = new Date("2022-01-31T12:00:00.000Z");
+      cipher.type = CipherType.SecureNote;
+      cipher.name = mockEnc("EncryptedString");
+      cipher.notes = mockEnc("EncryptedString");
+      cipher.deletedDate = null;
+      cipher.reprompt = CipherRepromptType.None;
+      cipher.secureNote = new SecureNote();
+      cipher.secureNote.type = SecureNoteType.Generic;
+
+      const cipherView = await cipher.decrypt();
+
+      expect(cipherView).toMatchObject({
+        id: "id",
+        organizationId: "orgId",
+        folderId: "folderId",
+        name: "EncryptedString",
+        notes: "EncryptedString",
+        type: 2,
+        favorite: false,
+        organizationUseTotp: true,
+        edit: true,
+        viewPassword: true,
+        secureNote: { type: 0 },
+        attachments: null,
+        fields: null,
+        passwordHistory: null,
+        collectionIds: undefined,
+        revisionDate: new Date("2022-01-31T12:00:00.000Z"),
+        deletedDate: null,
+        reprompt: 0,
+        localData: undefined,
+      });
+    });
+  });
+
+  describe("CardCipher", () => {
+    let cipherData: CipherData;
+
+    beforeEach(() => {
+      cipherData = {
+        id: "id",
+        organizationId: "orgId",
+        folderId: "folderId",
+        userId: "userId",
+        edit: true,
+        viewPassword: true,
+        organizationUseTotp: true,
+        favorite: false,
+        revisionDate: "2022-01-31T12:00:00.000Z",
+        type: CipherType.Card,
+        name: "EncryptedString",
+        notes: "EncryptedString",
+        deletedDate: null,
+        reprompt: CipherRepromptType.None,
+        card: {
+          cardholderName: "EncryptedString",
+          brand: "EncryptedString",
+          number: "EncryptedString",
+          expMonth: "EncryptedString",
+          expYear: "EncryptedString",
+          code: "EncryptedString",
+        },
+      };
+    });
+
+    it("Convert", () => {
+      const cipher = new Cipher(cipherData);
+
+      expect(cipher).toEqual({
+        id: "id",
+        userId: "userId",
+        organizationId: "orgId",
+        folderId: "folderId",
+        name: { encryptedString: "EncryptedString", encryptionType: 0 },
+        notes: { encryptedString: "EncryptedString", encryptionType: 0 },
+        type: 3,
+        favorite: false,
+        organizationUseTotp: true,
+        edit: true,
+        viewPassword: true,
+        revisionDate: new Date("2022-01-31T12:00:00.000Z"),
+        collectionIds: undefined,
+        localData: null,
+        deletedDate: null,
+        reprompt: 0,
+        card: {
+          cardholderName: { encryptedString: "EncryptedString", encryptionType: 0 },
+          brand: { encryptedString: "EncryptedString", encryptionType: 0 },
+          number: { encryptedString: "EncryptedString", encryptionType: 0 },
+          expMonth: { encryptedString: "EncryptedString", encryptionType: 0 },
+          expYear: { encryptedString: "EncryptedString", encryptionType: 0 },
+          code: { encryptedString: "EncryptedString", encryptionType: 0 },
+        },
+        attachments: null,
+        fields: null,
+        passwordHistory: null,
+      });
+    });
+
+    it("toCipherData", () => {
+      const cipher = new Cipher(cipherData);
+      expect(cipher.toCipherData("userId")).toEqual(cipherData);
+    });
+
+    it("Decrypt", async () => {
+      const cipher = new Cipher();
+      cipher.id = "id";
+      cipher.organizationId = "orgId";
+      cipher.folderId = "folderId";
+      cipher.edit = true;
+      cipher.viewPassword = true;
+      cipher.organizationUseTotp = true;
+      cipher.favorite = false;
+      cipher.revisionDate = new Date("2022-01-31T12:00:00.000Z");
+      cipher.type = CipherType.Card;
+      cipher.name = mockEnc("EncryptedString");
+      cipher.notes = mockEnc("EncryptedString");
+      cipher.deletedDate = null;
+      cipher.reprompt = CipherRepromptType.None;
+
+      const cardView = new CardView();
+      cardView.cardholderName = "cardholderName";
+      cardView.number = "4111111111111111";
+
+      const card = Substitute.for<Card>();
+      card.decrypt(Arg.any(), Arg.any()).resolves(cardView);
+      cipher.card = card;
+
+      const cipherView = await cipher.decrypt();
+
+      expect(cipherView).toMatchObject({
+        id: "id",
+        organizationId: "orgId",
+        folderId: "folderId",
+        name: "EncryptedString",
+        notes: "EncryptedString",
+        type: 3,
+        favorite: false,
+        organizationUseTotp: true,
+        edit: true,
+        viewPassword: true,
+        card: cardView,
+        attachments: null,
+        fields: null,
+        passwordHistory: null,
+        collectionIds: undefined,
+        revisionDate: new Date("2022-01-31T12:00:00.000Z"),
+        deletedDate: null,
+        reprompt: 0,
+        localData: undefined,
+      });
+    });
+  });
+
+  describe("IdentityCipher", () => {
+    let cipherData: CipherData;
+
+    beforeEach(() => {
+      cipherData = {
+        id: "id",
+        organizationId: "orgId",
+        folderId: "folderId",
+        userId: "userId",
+        edit: true,
+        viewPassword: true,
+        organizationUseTotp: true,
+        favorite: false,
+        revisionDate: "2022-01-31T12:00:00.000Z",
+        type: CipherType.Identity,
+        name: "EncryptedString",
+        notes: "EncryptedString",
+        deletedDate: null,
+        reprompt: CipherRepromptType.None,
+        identity: {
+          title: "EncryptedString",
+          firstName: "EncryptedString",
+          middleName: "EncryptedString",
+          lastName: "EncryptedString",
+          address1: "EncryptedString",
+          address2: "EncryptedString",
+          address3: "EncryptedString",
+          city: "EncryptedString",
+          state: "EncryptedString",
+          postalCode: "EncryptedString",
+          country: "EncryptedString",
+          company: "EncryptedString",
+          email: "EncryptedString",
+          phone: "EncryptedString",
+          ssn: "EncryptedString",
+          username: "EncryptedString",
+          passportNumber: "EncryptedString",
+          licenseNumber: "EncryptedString",
+        },
+      };
+    });
+
+    it("Convert", () => {
+      const cipher = new Cipher(cipherData);
+
+      expect(cipher).toEqual({
+        id: "id",
+        userId: "userId",
+        organizationId: "orgId",
+        folderId: "folderId",
+        name: { encryptedString: "EncryptedString", encryptionType: 0 },
+        notes: { encryptedString: "EncryptedString", encryptionType: 0 },
+        type: 4,
+        favorite: false,
+        organizationUseTotp: true,
+        edit: true,
+        viewPassword: true,
+        revisionDate: new Date("2022-01-31T12:00:00.000Z"),
+        collectionIds: undefined,
+        localData: null,
+        deletedDate: null,
+        reprompt: 0,
+        identity: {
+          title: { encryptedString: "EncryptedString", encryptionType: 0 },
+          firstName: { encryptedString: "EncryptedString", encryptionType: 0 },
+          middleName: { encryptedString: "EncryptedString", encryptionType: 0 },
+          lastName: { encryptedString: "EncryptedString", encryptionType: 0 },
+          address1: { encryptedString: "EncryptedString", encryptionType: 0 },
+          address2: { encryptedString: "EncryptedString", encryptionType: 0 },
+          address3: { encryptedString: "EncryptedString", encryptionType: 0 },
+          city: { encryptedString: "EncryptedString", encryptionType: 0 },
+          state: { encryptedString: "EncryptedString", encryptionType: 0 },
+          postalCode: { encryptedString: "EncryptedString", encryptionType: 0 },
+          country: { encryptedString: "EncryptedString", encryptionType: 0 },
+          company: { encryptedString: "EncryptedString", encryptionType: 0 },
+          email: { encryptedString: "EncryptedString", encryptionType: 0 },
+          phone: { encryptedString: "EncryptedString", encryptionType: 0 },
+          ssn: { encryptedString: "EncryptedString", encryptionType: 0 },
+          username: { encryptedString: "EncryptedString", encryptionType: 0 },
+          passportNumber: { encryptedString: "EncryptedString", encryptionType: 0 },
+          licenseNumber: { encryptedString: "EncryptedString", encryptionType: 0 },
+        },
+        attachments: null,
+        fields: null,
+        passwordHistory: null,
+      });
+    });
+
+    it("toCipherData", () => {
+      const cipher = new Cipher(cipherData);
+      expect(cipher.toCipherData("userId")).toEqual(cipherData);
+    });
+
+    it("Decrypt", async () => {
+      const cipher = new Cipher();
+      cipher.id = "id";
+      cipher.organizationId = "orgId";
+      cipher.folderId = "folderId";
+      cipher.edit = true;
+      cipher.viewPassword = true;
+      cipher.organizationUseTotp = true;
+      cipher.favorite = false;
+      cipher.revisionDate = new Date("2022-01-31T12:00:00.000Z");
+      cipher.type = CipherType.Identity;
+      cipher.name = mockEnc("EncryptedString");
+      cipher.notes = mockEnc("EncryptedString");
+      cipher.deletedDate = null;
+      cipher.reprompt = CipherRepromptType.None;
+
+      const identityView = new IdentityView();
+      identityView.firstName = "firstName";
+      identityView.lastName = "lastName";
+
+      const identity = Substitute.for<Identity>();
+      identity.decrypt(Arg.any(), Arg.any()).resolves(identityView);
+      cipher.identity = identity;
+
+      const cipherView = await cipher.decrypt();
+
+      expect(cipherView).toMatchObject({
+        id: "id",
+        organizationId: "orgId",
+        folderId: "folderId",
+        name: "EncryptedString",
+        notes: "EncryptedString",
+        type: 4,
+        favorite: false,
+        organizationUseTotp: true,
+        edit: true,
+        viewPassword: true,
+        identity: identityView,
+        attachments: null,
+        fields: null,
+        passwordHistory: null,
+        collectionIds: undefined,
+        revisionDate: new Date("2022-01-31T12:00:00.000Z"),
+        deletedDate: null,
+        reprompt: 0,
+        localData: undefined,
+      });
+    });
+  });
+});
--- a/jslib/common/spec/domain/collection.spec.ts
+++ b/jslib/common/spec/domain/collection.spec.ts
@@ -0,0 +1,66 @@
+import { CollectionData } from "@/jslib/common/src/models/data/collectionData";
+import { Collection } from "@/jslib/common/src/models/domain/collection";
+
+import { mockEnc } from "../utils";
+
+describe("Collection", () => {
+  let data: CollectionData;
+
+  beforeEach(() => {
+    data = {
+      id: "id",
+      organizationId: "orgId",
+      name: "encName",
+      externalId: "extId",
+      readOnly: true,
+    };
+  });
+
+  it("Convert from empty", () => {
+    const data = new CollectionData({} as any);
+    const card = new Collection(data);
+
+    expect(card).toEqual({
+      externalId: null,
+      hidePasswords: null,
+      id: null,
+      name: null,
+      organizationId: null,
+      readOnly: null,
+    });
+  });
+
+  it("Convert", () => {
+    const collection = new Collection(data);
+
+    expect(collection).toEqual({
+      id: "id",
+      organizationId: "orgId",
+      name: { encryptedString: "encName", encryptionType: 0 },
+      externalId: "extId",
+      readOnly: true,
+      hidePasswords: null,
+    });
+  });
+
+  it("Decrypt", async () => {
+    const collection = new Collection();
+    collection.id = "id";
+    collection.organizationId = "orgId";
+    collection.name = mockEnc("encName");
+    collection.externalId = "extId";
+    collection.readOnly = false;
+    collection.hidePasswords = false;
+
+    const view = await collection.decrypt();
+
+    expect(view).toEqual({
+      externalId: "extId",
+      hidePasswords: false,
+      id: "id",
+      name: "encName",
+      organizationId: "orgId",
+      readOnly: false,
+    });
+  });
+});
--- a/jslib/common/spec/domain/encString.spec.ts
+++ b/jslib/common/spec/domain/encString.spec.ts
@@ -0,0 +1,195 @@
+import { Substitute, Arg } from "@fluffy-spoon/substitute";
+
+import { CryptoService } from "@/jslib/common/src/abstractions/crypto.service";
+import { EncryptionType } from "@/jslib/common/src/enums/encryptionType";
+import { EncString } from "@/jslib/common/src/models/domain/encString";
+import { SymmetricCryptoKey } from "@/jslib/common/src/models/domain/symmetricCryptoKey";
+import { ContainerService } from "@/jslib/common/src/services/container.service";
+
+describe("EncString", () => {
+  afterEach(() => {
+    (window as any).bitwardenContainerService = undefined;
+  });
+
+  describe("Rsa2048_OaepSha256_B64", () => {
+    it("constructor", () => {
+      const encString = new EncString(EncryptionType.Rsa2048_OaepSha256_B64, "data");
+
+      expect(encString).toEqual({
+        data: "data",
+        encryptedString: "3.data",
+        encryptionType: 3,
+      });
+    });
+
+    describe("parse existing", () => {
+      it("valid", () => {
+        const encString = new EncString("3.data");
+
+        expect(encString).toEqual({
+          data: "data",
+          encryptedString: "3.data",
+          encryptionType: 3,
+        });
+      });
+
+      it("invalid", () => {
+        const encString = new EncString("3.data|test");
+
+        expect(encString).toEqual({
+          encryptedString: "3.data|test",
+          encryptionType: 3,
+        });
+      });
+    });
+
+    describe("decrypt", () => {
+      const encString = new EncString(EncryptionType.Rsa2048_OaepSha256_B64, "data");
+
+      const cryptoService = Substitute.for<CryptoService>();
+      cryptoService.getOrgKey(null).resolves(null);
+      cryptoService.decryptToUtf8(encString, Arg.any()).resolves("decrypted");
+
+      beforeEach(() => {
+        (window as any).bitwardenContainerService = new ContainerService(cryptoService);
+      });
+
+      it("decrypts correctly", async () => {
+        const decrypted = await encString.decrypt(null);
+
+        expect(decrypted).toBe("decrypted");
+      });
+
+      it("result should be cached", async () => {
+        const decrypted = await encString.decrypt(null);
+        cryptoService.received(1).decryptToUtf8(Arg.any(), Arg.any());
+
+        expect(decrypted).toBe("decrypted");
+      });
+    });
+  });
+
+  describe("AesCbc256_B64", () => {
+    it("constructor", () => {
+      const encString = new EncString(EncryptionType.AesCbc256_B64, "data", "iv");
+
+      expect(encString).toEqual({
+        data: "data",
+        encryptedString: "0.iv|data",
+        encryptionType: 0,
+        iv: "iv",
+      });
+    });
+
+    describe("parse existing", () => {
+      it("valid", () => {
+        const encString = new EncString("0.iv|data");
+
+        expect(encString).toEqual({
+          data: "data",
+          encryptedString: "0.iv|data",
+          encryptionType: 0,
+          iv: "iv",
+        });
+      });
+
+      it("invalid", () => {
+        const encString = new EncString("0.iv|data|mac");
+
+        expect(encString).toEqual({
+          encryptedString: "0.iv|data|mac",
+          encryptionType: 0,
+        });
+      });
+    });
+  });
+
+  describe("AesCbc256_HmacSha256_B64", () => {
+    it("constructor", () => {
+      const encString = new EncString(EncryptionType.AesCbc256_HmacSha256_B64, "data", "iv", "mac");
+
+      expect(encString).toEqual({
+        data: "data",
+        encryptedString: "2.iv|data|mac",
+        encryptionType: 2,
+        iv: "iv",
+        mac: "mac",
+      });
+    });
+
+    it("valid", () => {
+      const encString = new EncString("2.iv|data|mac");
+
+      expect(encString).toEqual({
+        data: "data",
+        encryptedString: "2.iv|data|mac",
+        encryptionType: 2,
+        iv: "iv",
+        mac: "mac",
+      });
+    });
+
+    it("invalid", () => {
+      const encString = new EncString("2.iv|data");
+
+      expect(encString).toEqual({
+        encryptedString: "2.iv|data",
+        encryptionType: 2,
+      });
+    });
+  });
+
+  it("Exit early if null", () => {
+    const encString = new EncString(null);
+
+    expect(encString).toEqual({
+      encryptedString: null,
+    });
+  });
+
+  describe("decrypt", () => {
+    it("throws exception when bitwarden container not initialized", async () => {
+      const encString = new EncString(null);
+
+      expect.assertions(1);
+      try {
+        await encString.decrypt(null);
+      } catch (e) {
+        expect(e.message).toEqual("global bitwardenContainerService not initialized.");
+      }
+    });
+
+    it("handles value it can't decrypt", async () => {
+      const encString = new EncString(null);
+
+      const cryptoService = Substitute.for<CryptoService>();
+      cryptoService.getOrgKey(null).resolves(null);
+      cryptoService.decryptToUtf8(encString, Arg.any()).throws("error");
+
+      (window as any).bitwardenContainerService = new ContainerService(cryptoService);
+
+      const decrypted = await encString.decrypt(null);
+
+      expect(decrypted).toBe("[error: cannot decrypt]");
+
+      expect(encString).toEqual({
+        decryptedValue: "[error: cannot decrypt]",
+        encryptedString: null,
+      });
+    });
+
+    it("passes along key", async () => {
+      const encString = new EncString(null);
+      const key = Substitute.for<SymmetricCryptoKey>();
+
+      const cryptoService = Substitute.for<CryptoService>();
+      cryptoService.getOrgKey(null).resolves(null);
+
+      (window as any).bitwardenContainerService = new ContainerService(cryptoService);
+
+      await encString.decrypt(null, key);
+
+      cryptoService.received().decryptToUtf8(encString, key);
+    });
+  });
+});
--- a/jslib/common/spec/domain/field.spec.ts
+++ b/jslib/common/spec/domain/field.spec.ts
@@ -0,0 +1,64 @@
+import { FieldType } from "@/jslib/common/src/enums/fieldType";
+import { FieldData } from "@/jslib/common/src/models/data/fieldData";
+import { Field } from "@/jslib/common/src/models/domain/field";
+
+import { mockEnc } from "../utils";
+
+describe("Field", () => {
+  let data: FieldData;
+
+  beforeEach(() => {
+    data = {
+      type: FieldType.Text,
+      name: "encName",
+      value: "encValue",
+      linkedId: null,
+    };
+  });
+
+  it("Convert from empty", () => {
+    const data = new FieldData();
+    const field = new Field(data);
+
+    expect(field).toEqual({
+      type: undefined,
+      name: null,
+      value: null,
+      linkedId: undefined,
+    });
+  });
+
+  it("Convert", () => {
+    const field = new Field(data);
+
+    expect(field).toEqual({
+      type: FieldType.Text,
+      name: { encryptedString: "encName", encryptionType: 0 },
+      value: { encryptedString: "encValue", encryptionType: 0 },
+      linkedId: null,
+    });
+  });
+
+  it("toFieldData", () => {
+    const field = new Field(data);
+    expect(field.toFieldData()).toEqual(data);
+  });
+
+  it("Decrypt", async () => {
+    const field = new Field();
+    field.type = FieldType.Text;
+    field.name = mockEnc("encName");
+    field.value = mockEnc("encValue");
+
+    const view = await field.decrypt(null);
+
+    expect(view).toEqual({
+      type: 0,
+      name: "encName",
+      value: "encValue",
+      newField: false,
+      showCount: false,
+      showValue: false,
+    });
+  });
+});
--- a/jslib/common/spec/domain/folder.spec.ts
+++ b/jslib/common/spec/domain/folder.spec.ts
@@ -0,0 +1,42 @@
+import { FolderData } from "@/jslib/common/src/models/data/folderData";
+import { Folder } from "@/jslib/common/src/models/domain/folder";
+
+import { mockEnc } from "../utils";
+
+describe("Folder", () => {
+  let data: FolderData;
+
+  beforeEach(() => {
+    data = {
+      id: "id",
+      userId: "userId",
+      name: "encName",
+      revisionDate: "2022-01-31T12:00:00.000Z",
+    };
+  });
+
+  it("Convert", () => {
+    const field = new Folder(data);
+
+    expect(field).toEqual({
+      id: "id",
+      name: { encryptedString: "encName", encryptionType: 0 },
+      revisionDate: new Date("2022-01-31T12:00:00.000Z"),
+    });
+  });
+
+  it("Decrypt", async () => {
+    const folder = new Folder();
+    folder.id = "id";
+    folder.name = mockEnc("encName");
+    folder.revisionDate = new Date("2022-01-31T12:00:00.000Z");
+
+    const view = await folder.decrypt();
+
+    expect(view).toEqual({
+      id: "id",
+      name: "encName",
+      revisionDate: new Date("2022-01-31T12:00:00.000Z"),
+    });
+  });
+});
--- a/jslib/common/spec/domain/identity.spec.ts
+++ b/jslib/common/spec/domain/identity.spec.ts
@@ -0,0 +1,134 @@
+import { IdentityData } from "@/jslib/common/src/models/data/identityData";
+import { Identity } from "@/jslib/common/src/models/domain/identity";
+
+import { mockEnc } from "../utils";
+
+describe("Identity", () => {
+  let data: IdentityData;
+
+  beforeEach(() => {
+    data = {
+      title: "enctitle",
+      firstName: "encfirstName",
+      middleName: "encmiddleName",
+      lastName: "enclastName",
+      address1: "encaddress1",
+      address2: "encaddress2",
+      address3: "encaddress3",
+      city: "enccity",
+      state: "encstate",
+      postalCode: "encpostalCode",
+      country: "enccountry",
+      company: "enccompany",
+      email: "encemail",
+      phone: "encphone",
+      ssn: "encssn",
+      username: "encusername",
+      passportNumber: "encpassportNumber",
+      licenseNumber: "enclicenseNumber",
+    };
+  });
+
+  it("Convert from empty", () => {
+    const data = new IdentityData();
+    const identity = new Identity(data);
+
+    expect(identity).toEqual({
+      address1: null,
+      address2: null,
+      address3: null,
+      city: null,
+      company: null,
+      country: null,
+      email: null,
+      firstName: null,
+      lastName: null,
+      licenseNumber: null,
+      middleName: null,
+      passportNumber: null,
+      phone: null,
+      postalCode: null,
+      ssn: null,
+      state: null,
+      title: null,
+      username: null,
+    });
+  });
+
+  it("Convert", () => {
+    const identity = new Identity(data);
+
+    expect(identity).toEqual({
+      title: { encryptedString: "enctitle", encryptionType: 0 },
+      firstName: { encryptedString: "encfirstName", encryptionType: 0 },
+      middleName: { encryptedString: "encmiddleName", encryptionType: 0 },
+      lastName: { encryptedString: "enclastName", encryptionType: 0 },
+      address1: { encryptedString: "encaddress1", encryptionType: 0 },
+      address2: { encryptedString: "encaddress2", encryptionType: 0 },
+      address3: { encryptedString: "encaddress3", encryptionType: 0 },
+      city: { encryptedString: "enccity", encryptionType: 0 },
+      state: { encryptedString: "encstate", encryptionType: 0 },
+      postalCode: { encryptedString: "encpostalCode", encryptionType: 0 },
+      country: { encryptedString: "enccountry", encryptionType: 0 },
+      company: { encryptedString: "enccompany", encryptionType: 0 },
+      email: { encryptedString: "encemail", encryptionType: 0 },
+      phone: { encryptedString: "encphone", encryptionType: 0 },
+      ssn: { encryptedString: "encssn", encryptionType: 0 },
+      username: { encryptedString: "encusername", encryptionType: 0 },
+      passportNumber: { encryptedString: "encpassportNumber", encryptionType: 0 },
+      licenseNumber: { encryptedString: "enclicenseNumber", encryptionType: 0 },
+    });
+  });
+
+  it("toIdentityData", () => {
+    const identity = new Identity(data);
+    expect(identity.toIdentityData()).toEqual(data);
+  });
+
+  it("Decrypt", async () => {
+    const identity = new Identity();
+
+    identity.title = mockEnc("mockTitle");
+    identity.firstName = mockEnc("mockFirstName");
+    identity.middleName = mockEnc("mockMiddleName");
+    identity.lastName = mockEnc("mockLastName");
+    identity.address1 = mockEnc("mockAddress1");
+    identity.address2 = mockEnc("mockAddress2");
+    identity.address3 = mockEnc("mockAddress3");
+    identity.city = mockEnc("mockCity");
+    identity.state = mockEnc("mockState");
+    identity.postalCode = mockEnc("mockPostalCode");
+    identity.country = mockEnc("mockCountry");
+    identity.company = mockEnc("mockCompany");
+    identity.email = mockEnc("mockEmail");
+    identity.phone = mockEnc("mockPhone");
+    identity.ssn = mockEnc("mockSsn");
+    identity.username = mockEnc("mockUsername");
+    identity.passportNumber = mockEnc("mockPassportNumber");
+    identity.licenseNumber = mockEnc("mockLicenseNumber");
+
+    const view = await identity.decrypt(null);
+
+    expect(view).toEqual({
+      _firstName: "mockFirstName",
+      _lastName: "mockLastName",
+      _subTitle: null,
+      address1: "mockAddress1",
+      address2: "mockAddress2",
+      address3: "mockAddress3",
+      city: "mockCity",
+      company: "mockCompany",
+      country: "mockCountry",
+      email: "mockEmail",
+      licenseNumber: "mockLicenseNumber",
+      middleName: "mockMiddleName",
+      passportNumber: "mockPassportNumber",
+      phone: "mockPhone",
+      postalCode: "mockPostalCode",
+      ssn: "mockSsn",
+      state: "mockState",
+      title: "mockTitle",
+      username: "mockUsername",
+    });
+  });
+});
--- a/jslib/common/spec/domain/login.spec.ts
+++ b/jslib/common/spec/domain/login.spec.ts
@@ -0,0 +1,101 @@
+import { Substitute, Arg } from "@fluffy-spoon/substitute";
+
+import { UriMatchType } from "@/jslib/common/src/enums/uriMatchType";
+import { LoginData } from "@/jslib/common/src/models/data/loginData";
+import { Login } from "@/jslib/common/src/models/domain/login";
+import { LoginUri } from "@/jslib/common/src/models/domain/loginUri";
+import { LoginUriView } from "@/jslib/common/src/models/view/loginUriView";
+
+import { mockEnc } from "../utils";
+
+describe("Login DTO", () => {
+  it("Convert from empty LoginData", () => {
+    const data = new LoginData();
+    const login = new Login(data);
+
+    expect(login).toEqual({
+      passwordRevisionDate: null,
+      autofillOnPageLoad: undefined,
+      username: null,
+      password: null,
+      totp: null,
+    });
+  });
+
+  it("Convert from full LoginData", () => {
+    const data: LoginData = {
+      uris: [{ uri: "uri", match: UriMatchType.Domain }],
+      username: "username",
+      password: "password",
+      passwordRevisionDate: "2022-01-31T12:00:00.000Z",
+      totp: "123",
+      autofillOnPageLoad: false,
+    };
+    const login = new Login(data);
+
+    expect(login).toEqual({
+      passwordRevisionDate: new Date("2022-01-31T12:00:00.000Z"),
+      autofillOnPageLoad: false,
+      username: { encryptedString: "username", encryptionType: 0 },
+      password: { encryptedString: "password", encryptionType: 0 },
+      totp: { encryptedString: "123", encryptionType: 0 },
+      uris: [{ match: 0, uri: { encryptedString: "uri", encryptionType: 0 } }],
+    });
+  });
+
+  it("Initialize without LoginData", () => {
+    const login = new Login();
+
+    expect(login).toEqual({});
+  });
+
+  it("Decrypts correctly", async () => {
+    const loginUri = Substitute.for<LoginUri>();
+    const loginUriView = new LoginUriView();
+    loginUriView.uri = "decrypted uri";
+    loginUri.decrypt(Arg.any()).resolves(loginUriView);
+
+    const login = new Login();
+    login.uris = [loginUri];
+    login.username = mockEnc("encrypted username");
+    login.password = mockEnc("encrypted password");
+    login.passwordRevisionDate = new Date("2022-01-31T12:00:00.000Z");
+    login.totp = mockEnc("encrypted totp");
+    login.autofillOnPageLoad = true;
+
+    const loginView = await login.decrypt(null);
+    expect(loginView).toEqual({
+      username: "encrypted username",
+      password: "encrypted password",
+      passwordRevisionDate: new Date("2022-01-31T12:00:00.000Z"),
+      totp: "encrypted totp",
+      uris: [
+        {
+          match: null,
+          _uri: "decrypted uri",
+          _domain: null,
+          _hostname: null,
+          _host: null,
+          _canLaunch: null,
+        },
+      ],
+      autofillOnPageLoad: true,
+    });
+  });
+
+  it("Converts from LoginData and back", () => {
+    const data: LoginData = {
+      uris: [{ uri: "uri", match: UriMatchType.Domain }],
+      username: "username",
+      password: "password",
+      passwordRevisionDate: "2022-01-31T12:00:00.000Z",
+      totp: "123",
+      autofillOnPageLoad: false,
+    };
+    const login = new Login(data);
+
+    const loginData = login.toLoginData();
+
+    expect(loginData).toEqual(data);
+  });
+});
--- a/jslib/common/spec/domain/loginUri.spec.ts
+++ b/jslib/common/spec/domain/loginUri.spec.ts
@@ -0,0 +1,57 @@
+import { UriMatchType } from "@/jslib/common/src/enums/uriMatchType";
+import { LoginUriData } from "@/jslib/common/src/models/data/loginUriData";
+import { LoginUri } from "@/jslib/common/src/models/domain/loginUri";
+
+import { mockEnc } from "../utils";
+
+describe("LoginUri", () => {
+  let data: LoginUriData;
+
+  beforeEach(() => {
+    data = {
+      uri: "encUri",
+      match: UriMatchType.Domain,
+    };
+  });
+
+  it("Convert from empty", () => {
+    const data = new LoginUriData();
+    const loginUri = new LoginUri(data);
+
+    expect(loginUri).toEqual({
+      match: null,
+      uri: null,
+    });
+  });
+
+  it("Convert", () => {
+    const loginUri = new LoginUri(data);
+
+    expect(loginUri).toEqual({
+      match: 0,
+      uri: { encryptedString: "encUri", encryptionType: 0 },
+    });
+  });
+
+  it("toLoginUriData", () => {
+    const loginUri = new LoginUri(data);
+    expect(loginUri.toLoginUriData()).toEqual(data);
+  });
+
+  it("Decrypt", async () => {
+    const loginUri = new LoginUri();
+    loginUri.match = UriMatchType.Exact;
+    loginUri.uri = mockEnc("uri");
+
+    const view = await loginUri.decrypt(null);
+
+    expect(view).toEqual({
+      _canLaunch: null,
+      _domain: null,
+      _host: null,
+      _hostname: null,
+      _uri: "uri",
+      match: 3,
+    });
+  });
+});
--- a/jslib/common/spec/domain/password.spec.ts
+++ b/jslib/common/spec/domain/password.spec.ts
@@ -0,0 +1,51 @@
+import { PasswordHistoryData } from "@/jslib/common/src/models/data/passwordHistoryData";
+import { Password } from "@/jslib/common/src/models/domain/password";
+
+import { mockEnc } from "../utils";
+
+describe("Password", () => {
+  let data: PasswordHistoryData;
+
+  beforeEach(() => {
+    data = {
+      password: "encPassword",
+      lastUsedDate: "2022-01-31T12:00:00.000Z",
+    };
+  });
+
+  it("Convert from empty", () => {
+    const data = new PasswordHistoryData();
+    const password = new Password(data);
+
+    expect(password).toMatchObject({
+      password: null,
+    });
+  });
+
+  it("Convert", () => {
+    const password = new Password(data);
+
+    expect(password).toEqual({
+      password: { encryptedString: "encPassword", encryptionType: 0 },
+      lastUsedDate: new Date("2022-01-31T12:00:00.000Z"),
+    });
+  });
+
+  it("toPasswordHistoryData", () => {
+    const password = new Password(data);
+    expect(password.toPasswordHistoryData()).toEqual(data);
+  });
+
+  it("Decrypt", async () => {
+    const password = new Password();
+    password.password = mockEnc("password");
+    password.lastUsedDate = new Date("2022-01-31T12:00:00.000Z");
+
+    const view = await password.decrypt(null);
+
+    expect(view).toEqual({
+      password: "password",
+      lastUsedDate: new Date("2022-01-31T12:00:00.000Z"),
+    });
+  });
+});
--- a/jslib/common/spec/domain/secureNote.spec.ts
+++ b/jslib/common/spec/domain/secureNote.spec.ts
@@ -0,0 +1,46 @@
+import { SecureNoteType } from "@/jslib/common/src/enums/secureNoteType";
+import { SecureNoteData } from "@/jslib/common/src/models/data/secureNoteData";
+import { SecureNote } from "@/jslib/common/src/models/domain/secureNote";
+
+describe("SecureNote", () => {
+  let data: SecureNoteData;
+
+  beforeEach(() => {
+    data = {
+      type: SecureNoteType.Generic,
+    };
+  });
+
+  it("Convert from empty", () => {
+    const data = new SecureNoteData();
+    const secureNote = new SecureNote(data);
+
+    expect(secureNote).toEqual({
+      type: undefined,
+    });
+  });
+
+  it("Convert", () => {
+    const secureNote = new SecureNote(data);
+
+    expect(secureNote).toEqual({
+      type: 0,
+    });
+  });
+
+  it("toSecureNoteData", () => {
+    const secureNote = new SecureNote(data);
+    expect(secureNote.toSecureNoteData()).toEqual(data);
+  });
+
+  it("Decrypt", async () => {
+    const secureNote = new SecureNote();
+    secureNote.type = SecureNoteType.Generic;
+
+    const view = await secureNote.decrypt(null);
+
+    expect(view).toEqual({
+      type: 0,
+    });
+  });
+});
--- a/jslib/common/spec/domain/send.spec.ts
+++ b/jslib/common/spec/domain/send.spec.ts
@@ -0,0 +1,144 @@
+import { Substitute, Arg, SubstituteOf } from "@fluffy-spoon/substitute";
+
+import { CryptoService } from "@/jslib/common/src/abstractions/crypto.service";
+import { SendType } from "@/jslib/common/src/enums/sendType";
+import { SendData } from "@/jslib/common/src/models/data/sendData";
+import { EncString } from "@/jslib/common/src/models/domain/encString";
+import { Send } from "@/jslib/common/src/models/domain/send";
+import { SendText } from "@/jslib/common/src/models/domain/sendText";
+import { ContainerService } from "@/jslib/common/src/services/container.service";
+
+import { makeStaticByteArray, mockEnc } from "../utils";
+
+describe("Send", () => {
+  let data: SendData;
+
+  beforeEach(() => {
+    data = {
+      id: "id",
+      accessId: "accessId",
+      userId: "userId",
+      type: SendType.Text,
+      name: "encName",
+      notes: "encNotes",
+      text: {
+        text: "encText",
+        hidden: true,
+      },
+      file: null,
+      key: "encKey",
+      maxAccessCount: null,
+      accessCount: 10,
+      revisionDate: "2022-01-31T12:00:00.000Z",
+      expirationDate: "2022-01-31T12:00:00.000Z",
+      deletionDate: "2022-01-31T12:00:00.000Z",
+      password: "password",
+      disabled: false,
+      hideEmail: true,
+    };
+  });
+
+  it("Convert from empty", () => {
+    const data = new SendData();
+    const send = new Send(data);
+
+    expect(send).toEqual({
+      id: null,
+      accessId: null,
+      userId: null,
+      type: undefined,
+      name: null,
+      notes: null,
+      text: undefined,
+      file: undefined,
+      key: null,
+      maxAccessCount: undefined,
+      accessCount: undefined,
+      revisionDate: null,
+      expirationDate: null,
+      deletionDate: null,
+      password: undefined,
+      disabled: undefined,
+      hideEmail: undefined,
+    });
+  });
+
+  it("Convert", () => {
+    const send = new Send(data);
+
+    expect(send).toEqual({
+      id: "id",
+      accessId: "accessId",
+      userId: "userId",
+      type: SendType.Text,
+      name: { encryptedString: "encName", encryptionType: 0 },
+      notes: { encryptedString: "encNotes", encryptionType: 0 },
+      text: {
+        text: { encryptedString: "encText", encryptionType: 0 },
+        hidden: true,
+      },
+      key: { encryptedString: "encKey", encryptionType: 0 },
+      maxAccessCount: null,
+      accessCount: 10,
+      revisionDate: new Date("2022-01-31T12:00:00.000Z"),
+      expirationDate: new Date("2022-01-31T12:00:00.000Z"),
+      deletionDate: new Date("2022-01-31T12:00:00.000Z"),
+      password: "password",
+      disabled: false,
+      hideEmail: true,
+    });
+  });
+
+  it("Decrypt", async () => {
+    const text = Substitute.for<SendText>();
+    text.decrypt(Arg.any()).resolves("textView" as any);
+
+    const send = new Send();
+    send.id = "id";
+    send.accessId = "accessId";
+    send.userId = "userId";
+    send.type = SendType.Text;
+    send.name = mockEnc("name");
+    send.notes = mockEnc("notes");
+    send.text = text;
+    send.key = mockEnc("key");
+    send.accessCount = 10;
+    send.revisionDate = new Date("2022-01-31T12:00:00.000Z");
+    send.expirationDate = new Date("2022-01-31T12:00:00.000Z");
+    send.deletionDate = new Date("2022-01-31T12:00:00.000Z");
+    send.password = "password";
+    send.disabled = false;
+    send.hideEmail = true;
+
+    const cryptoService = Substitute.for<CryptoService>();
+    cryptoService.decryptToBytes(send.key, null).resolves(makeStaticByteArray(32));
+    cryptoService.makeSendKey(Arg.any()).resolves("cryptoKey" as any);
+
+    (window as any).bitwardenContainerService = new ContainerService(cryptoService);
+
+    const view = await send.decrypt();
+
+    text.received(1).decrypt("cryptoKey" as any);
+    (send.name as SubstituteOf<EncString>).received(1).decrypt(null, "cryptoKey" as any);
+
+    expect(view).toMatchObject({
+      id: "id",
+      accessId: "accessId",
+      name: "name",
+      notes: "notes",
+      type: 0,
+      key: expect.anything(),
+      cryptoKey: "cryptoKey",
+      file: expect.anything(),
+      text: "textView",
+      maxAccessCount: undefined,
+      accessCount: 10,
+      revisionDate: new Date("2022-01-31T12:00:00.000Z"),
+      expirationDate: new Date("2022-01-31T12:00:00.000Z"),
+      deletionDate: new Date("2022-01-31T12:00:00.000Z"),
+      password: "password",
+      disabled: false,
+      hideEmail: true,
+    });
+  });
+});
--- a/jslib/common/spec/domain/sendAccess.spec.ts
+++ b/jslib/common/spec/domain/sendAccess.spec.ts
@@ -0,0 +1,84 @@
+import { Substitute, Arg } from "@fluffy-spoon/substitute";
+
+import { SendType } from "@/jslib/common/src/enums/sendType";
+import { SendAccess } from "@/jslib/common/src/models/domain/sendAccess";
+import { SendText } from "@/jslib/common/src/models/domain/sendText";
+import { SendAccessResponse } from "@/jslib/common/src/models/response/sendAccessResponse";
+
+import { mockEnc } from "../utils";
+
+describe("SendAccess", () => {
+  let request: SendAccessResponse;
+
+  beforeEach(() => {
+    request = {
+      id: "id",
+      type: SendType.Text,
+      name: "encName",
+      file: null,
+      text: {
+        text: "encText",
+        hidden: true,
+      },
+      expirationDate: new Date("2022-01-31T12:00:00.000Z"),
+      creatorIdentifier: "creatorIdentifier",
+    } as SendAccessResponse;
+  });
+
+  it("Convert from empty", () => {
+    const request = new SendAccessResponse({});
+    const sendAccess = new SendAccess(request);
+
+    expect(sendAccess).toEqual({
+      id: null,
+      type: undefined,
+      name: null,
+      creatorIdentifier: null,
+      expirationDate: null,
+    });
+  });
+
+  it("Convert", () => {
+    const sendAccess = new SendAccess(request);
+
+    expect(sendAccess).toEqual({
+      id: "id",
+      type: 0,
+      name: { encryptedString: "encName", encryptionType: 0 },
+      text: {
+        hidden: true,
+        text: { encryptedString: "encText", encryptionType: 0 },
+      },
+      expirationDate: new Date("2022-01-31T12:00:00.000Z"),
+      creatorIdentifier: "creatorIdentifier",
+    });
+  });
+
+  it("Decrypt", async () => {
+    const sendAccess = new SendAccess();
+    sendAccess.id = "id";
+    sendAccess.type = SendType.Text;
+    sendAccess.name = mockEnc("name");
+
+    const text = Substitute.for<SendText>();
+    text.decrypt(Arg.any()).resolves({} as any);
+    sendAccess.text = text;
+
+    sendAccess.expirationDate = new Date("2022-01-31T12:00:00.000Z");
+    sendAccess.creatorIdentifier = "creatorIdentifier";
+
+    const view = await sendAccess.decrypt(null);
+
+    text.received(1).decrypt(Arg.any());
+
+    expect(view).toEqual({
+      id: "id",
+      type: 0,
+      name: "name",
+      text: {},
+      file: expect.anything(),
+      expirationDate: new Date("2022-01-31T12:00:00.000Z"),
+      creatorIdentifier: "creatorIdentifier",
+    });
+  });
+});
--- a/jslib/common/spec/domain/sendFile.spec.ts
+++ b/jslib/common/spec/domain/sendFile.spec.ts
@@ -0,0 +1,57 @@
+import { SendFileData } from "@/jslib/common/src/models/data/sendFileData";
+import { SendFile } from "@/jslib/common/src/models/domain/sendFile";
+
+import { mockEnc } from "../utils";
+
+describe("SendFile", () => {
+  let data: SendFileData;
+
+  beforeEach(() => {
+    data = {
+      id: "id",
+      size: "1100",
+      sizeName: "1.1 KB",
+      fileName: "encFileName",
+    };
+  });
+
+  it("Convert from empty", () => {
+    const data = new SendFileData();
+    const sendFile = new SendFile(data);
+
+    expect(sendFile).toEqual({
+      fileName: null,
+      id: null,
+      size: undefined,
+      sizeName: null,
+    });
+  });
+
+  it("Convert", () => {
+    const sendFile = new SendFile(data);
+
+    expect(sendFile).toEqual({
+      id: "id",
+      size: "1100",
+      sizeName: "1.1 KB",
+      fileName: { encryptedString: "encFileName", encryptionType: 0 },
+    });
+  });
+
+  it("Decrypt", async () => {
+    const sendFile = new SendFile();
+    sendFile.id = "id";
+    sendFile.size = "1100";
+    sendFile.sizeName = "1.1 KB";
+    sendFile.fileName = mockEnc("fileName");
+
+    const view = await sendFile.decrypt(null);
+
+    expect(view).toEqual({
+      fileName: "fileName",
+      id: "id",
+      size: "1100",
+      sizeName: "1.1 KB",
+    });
+  });
+});
--- a/jslib/common/spec/domain/sendText.spec.ts
+++ b/jslib/common/spec/domain/sendText.spec.ts
@@ -0,0 +1,47 @@
+import { SendTextData } from "@/jslib/common/src/models/data/sendTextData";
+import { SendText } from "@/jslib/common/src/models/domain/sendText";
+
+import { mockEnc } from "../utils";
+
+describe("SendText", () => {
+  let data: SendTextData;
+
+  beforeEach(() => {
+    data = {
+      text: "encText",
+      hidden: false,
+    };
+  });
+
+  it("Convert from empty", () => {
+    const data = new SendTextData();
+    const secureNote = new SendText(data);
+
+    expect(secureNote).toEqual({
+      hidden: undefined,
+      text: null,
+    });
+  });
+
+  it("Convert", () => {
+    const secureNote = new SendText(data);
+
+    expect(secureNote).toEqual({
+      hidden: false,
+      text: { encryptedString: "encText", encryptionType: 0 },
+    });
+  });
+
+  it("Decrypt", async () => {
+    const secureNote = new SendText();
+    secureNote.text = mockEnc("text");
+    secureNote.hidden = true;
+
+    const view = await secureNote.decrypt(null);
+
+    expect(view).toEqual({
+      text: "text",
+      hidden: true,
+    });
+  });
+});
--- a/jslib/common/spec/domain/symmetricCryptoKey.spec.ts
+++ b/jslib/common/spec/domain/symmetricCryptoKey.spec.ts
@@ -0,0 +1,69 @@
+import { EncryptionType } from "@/jslib/common/src/enums/encryptionType";
+import { SymmetricCryptoKey } from "@/jslib/common/src/models/domain/symmetricCryptoKey";
+
+import { makeStaticByteArray } from "../utils";
+
+describe("SymmetricCryptoKey", () => {
+  it("errors if no key", () => {
+    const t = () => {
+      new SymmetricCryptoKey(null);
+    };
+
+    expect(t).toThrowError("Must provide key");
+  });
+
+  describe("guesses encKey from key length", () => {
+    it("AesCbc256_B64", () => {
+      const key = makeStaticByteArray(32);
+      const cryptoKey = new SymmetricCryptoKey(key);
+
+      expect(cryptoKey).toEqual({
+        encKey: key,
+        encKeyB64: "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=",
+        encType: 0,
+        key: key,
+        keyB64: "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=",
+        macKey: null,
+      });
+    });
+
+    it("AesCbc128_HmacSha256_B64", () => {
+      const key = makeStaticByteArray(32);
+      const cryptoKey = new SymmetricCryptoKey(key, EncryptionType.AesCbc128_HmacSha256_B64);
+
+      expect(cryptoKey).toEqual({
+        encKey: key.slice(0, 16),
+        encKeyB64: "AAECAwQFBgcICQoLDA0ODw==",
+        encType: 1,
+        key: key,
+        keyB64: "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=",
+        macKey: key.slice(16, 32),
+        macKeyB64: "EBESExQVFhcYGRobHB0eHw==",
+      });
+    });
+
+    it("AesCbc256_HmacSha256_B64", () => {
+      const key = makeStaticByteArray(64);
+      const cryptoKey = new SymmetricCryptoKey(key);
+
+      expect(cryptoKey).toEqual({
+        encKey: key.slice(0, 32),
+        encKeyB64: "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=",
+        encType: 2,
+        key: key,
+        keyB64:
+          "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+Pw==",
+        macKey: key.slice(32, 64),
+        macKeyB64: "ICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj8=",
+      });
+    });
+
+    it("unknown length", () => {
+      const t = () => {
+        new SymmetricCryptoKey(makeStaticByteArray(30));
+      };
+
+      expect(t).toThrowError("Unable to determine encType.");
+    });
+  });
+});
--- a/jslib/common/spec/misc/sequentialize.spec.ts
+++ b/jslib/common/spec/misc/sequentialize.spec.ts
@@ -0,0 +1,127 @@
+import { sequentialize } from "@/jslib/common/src/misc/sequentialize";
+
+describe("sequentialize decorator", () => {
+  it("should call the function once", async () => {
+    const foo = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.bar(1));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(1);
+  });
+
+  it("should call the function once for each instance of the object", async () => {
+    const foo = new Foo();
+    const foo2 = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.bar(1));
+      promises.push(foo2.bar(1));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(1);
+    expect(foo2.calls).toBe(1);
+  });
+
+  it("should call the function once with key function", async () => {
+    const foo = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.baz(1));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(1);
+  });
+
+  it("should call the function again when already resolved", async () => {
+    const foo = new Foo();
+    await foo.bar(1);
+    expect(foo.calls).toBe(1);
+    await foo.bar(1);
+    expect(foo.calls).toBe(2);
+  });
+
+  it("should call the function again when already resolved with a key function", async () => {
+    const foo = new Foo();
+    await foo.baz(1);
+    expect(foo.calls).toBe(1);
+    await foo.baz(1);
+    expect(foo.calls).toBe(2);
+  });
+
+  it("should call the function for each argument", async () => {
+    const foo = new Foo();
+    await Promise.all([foo.bar(1), foo.bar(1), foo.bar(2), foo.bar(2), foo.bar(3), foo.bar(3)]);
+    expect(foo.calls).toBe(3);
+  });
+
+  it("should call the function for each argument with key function", async () => {
+    const foo = new Foo();
+    await Promise.all([foo.baz(1), foo.baz(1), foo.baz(2), foo.baz(2), foo.baz(3), foo.baz(3)]);
+    expect(foo.calls).toBe(3);
+  });
+
+  it("should return correct result for each call", async () => {
+    const foo = new Foo();
+    const allRes: number[] = [];
+
+    await Promise.all([
+      foo.bar(1).then((res) => allRes.push(res)),
+      foo.bar(1).then((res) => allRes.push(res)),
+      foo.bar(2).then((res) => allRes.push(res)),
+      foo.bar(2).then((res) => allRes.push(res)),
+      foo.bar(3).then((res) => allRes.push(res)),
+      foo.bar(3).then((res) => allRes.push(res)),
+    ]);
+    expect(foo.calls).toBe(3);
+    expect(allRes.length).toBe(6);
+    allRes.sort();
+    expect(allRes).toEqual([2, 2, 4, 4, 6, 6]);
+  });
+
+  it("should return correct result for each call with key function", async () => {
+    const foo = new Foo();
+    const allRes: number[] = [];
+
+    await Promise.all([
+      foo.baz(1).then((res) => allRes.push(res)),
+      foo.baz(1).then((res) => allRes.push(res)),
+      foo.baz(2).then((res) => allRes.push(res)),
+      foo.baz(2).then((res) => allRes.push(res)),
+      foo.baz(3).then((res) => allRes.push(res)),
+      foo.baz(3).then((res) => allRes.push(res)),
+    ]);
+    expect(foo.calls).toBe(3);
+    expect(allRes.length).toBe(6);
+    allRes.sort();
+    expect(allRes).toEqual([3, 3, 6, 6, 9, 9]);
+  });
+});
+
+class Foo {
+  calls = 0;
+
+  @sequentialize((args) => "bar" + args[0])
+  bar(a: number): Promise<number> {
+    this.calls++;
+    return new Promise((res) => {
+      setTimeout(() => {
+        res(a * 2);
+      }, Math.random() * 100);
+    });
+  }
+
+  @sequentialize((args) => "baz" + args[0])
+  baz(a: number): Promise<number> {
+    this.calls++;
+    return new Promise((res) => {
+      setTimeout(() => {
+        res(a * 3);
+      }, Math.random() * 100);
+    });
+  }
+}
--- a/jslib/common/spec/misc/throttle.spec.ts
+++ b/jslib/common/spec/misc/throttle.spec.ts
@@ -0,0 +1,110 @@
+import { sequentialize } from "@/jslib/common/src/misc/sequentialize";
+import { throttle } from "@/jslib/common/src/misc/throttle";
+
+describe("throttle decorator", () => {
+  it("should call the function once at a time", async () => {
+    const foo = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.bar(1));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(10);
+  });
+
+  it("should call the function once at a time for each object", async () => {
+    const foo = new Foo();
+    const foo2 = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.bar(1));
+      promises.push(foo2.bar(1));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(10);
+    expect(foo2.calls).toBe(10);
+  });
+
+  it("should call the function limit at a time", async () => {
+    const foo = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.baz(1));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(10);
+  });
+
+  it("should call the function limit at a time for each object", async () => {
+    const foo = new Foo();
+    const foo2 = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.baz(1));
+      promises.push(foo2.baz(1));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(10);
+    expect(foo2.calls).toBe(10);
+  });
+
+  it("should work together with sequentialize", async () => {
+    const foo = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.qux(Math.floor(i / 2) * 2));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(5);
+  });
+});
+
+class Foo {
+  calls = 0;
+  inflight = 0;
+
+  @throttle(1, () => "bar")
+  bar(a: number) {
+    this.calls++;
+    this.inflight++;
+    return new Promise((res) => {
+      setTimeout(() => {
+        expect(this.inflight).toBe(1);
+        this.inflight--;
+        res(a * 2);
+      }, Math.random() * 10);
+    });
+  }
+
+  @throttle(5, () => "baz")
+  baz(a: number) {
+    this.calls++;
+    this.inflight++;
+    return new Promise((res) => {
+      setTimeout(() => {
+        expect(this.inflight).toBeLessThanOrEqual(5);
+        this.inflight--;
+        res(a * 3);
+      }, Math.random() * 10);
+    });
+  }
+
+  @sequentialize((args) => "qux" + args[0])
+  @throttle(1, () => "qux")
+  qux(a: number) {
+    this.calls++;
+    this.inflight++;
+    return new Promise((res) => {
+      setTimeout(() => {
+        expect(this.inflight).toBe(1);
+        this.inflight--;
+        res(a * 3);
+      }, Math.random() * 10);
+    });
+  }
+}
--- a/jslib/common/spec/services/consoleLog.service.spec.ts
+++ b/jslib/common/spec/services/consoleLog.service.spec.ts
@@ -0,0 +1,102 @@
+import { ConsoleLogService } from "@/jslib/common/src/services/consoleLog.service";
+
+const originalConsole = console;
+let caughtMessage: any;
+
+declare let console: any;
+
+export function interceptConsole(interceptions: any): object {
+  console = {
+    log: function () {
+      // eslint-disable-next-line
+      interceptions.log = arguments;
+    },
+    warn: function () {
+      // eslint-disable-next-line
+      interceptions.warn = arguments;
+    },
+    error: function () {
+      // eslint-disable-next-line
+      interceptions.error = arguments;
+    },
+  };
+  return interceptions;
+}
+
+export function restoreConsole() {
+  console = originalConsole;
+}
+
+describe("ConsoleLogService", () => {
+  let logService: ConsoleLogService;
+  beforeEach(() => {
+    caughtMessage = {};
+    interceptConsole(caughtMessage);
+    logService = new ConsoleLogService(true);
+  });
+
+  afterAll(() => {
+    restoreConsole();
+  });
+
+  it("filters messages below the set threshold", () => {
+    logService = new ConsoleLogService(true, () => true);
+    logService.debug("debug");
+    logService.info("info");
+    logService.warning("warning");
+    logService.error("error");
+
+    expect(caughtMessage).toEqual({});
+  });
+  it("only writes debug messages in dev mode", () => {
+    logService = new ConsoleLogService(false);
+
+    logService.debug("debug message");
+    expect(caughtMessage.log).toBeUndefined();
+  });
+
+  it("writes debug/info messages to console.log", () => {
+    logService.debug("this is a debug message");
+    expect(caughtMessage).toMatchObject({
+      log: { "0": "this is a debug message" },
+    });
+
+    logService.info("this is an info message");
+    expect(caughtMessage).toMatchObject({
+      log: { "0": "this is an info message" },
+    });
+  });
+  it("writes warning messages to console.warn", () => {
+    logService.warning("this is a warning message");
+    expect(caughtMessage).toMatchObject({
+      warn: { 0: "this is a warning message" },
+    });
+  });
+  it("writes error messages to console.error", () => {
+    logService.error("this is an error message");
+    expect(caughtMessage).toMatchObject({
+      error: { 0: "this is an error message" },
+    });
+  });
+
+  it("times with output to info", async () => {
+    logService.time();
+    await new Promise((r) => setTimeout(r, 250));
+    const duration = logService.timeEnd();
+    expect(duration[0]).toBe(0);
+    expect(duration[1]).toBeGreaterThan(0);
+    expect(duration[1]).toBeLessThan(500 * 10e6);
+
+    expect(caughtMessage).toEqual(expect.arrayContaining([]));
+    expect(caughtMessage.log.length).toBe(1);
+    expect(caughtMessage.log[0]).toEqual(expect.stringMatching(/^default: \d+\.?\d*ms$/));
+  });
+
+  it("filters time output", async () => {
+    logService = new ConsoleLogService(true, () => true);
+    logService.time();
+    logService.timeEnd();
+
+    expect(caughtMessage).toEqual({});
+  });
+});
--- a/jslib/common/spec/services/stateMigration.service.ts
+++ b/jslib/common/spec/services/stateMigration.service.ts
@@ -0,0 +1,84 @@
+import { Arg, Substitute, SubstituteOf } from "@fluffy-spoon/substitute";
+
+import { StorageService } from "@/jslib/common/src/abstractions/storage.service";
+import { StateVersion } from "@/jslib/common/src/enums/stateVersion";
+import { StateFactory } from "@/jslib/common/src/factories/stateFactory";
+import { Account } from "@/jslib/common/src/models/domain/account";
+import { GlobalState } from "@/jslib/common/src/models/domain/globalState";
+import { StateMigrationService } from "@/jslib/common/src/services/stateMigration.service";
+
+const userId = "USER_ID";
+
+describe("State Migration Service", () => {
+  let storageService: SubstituteOf<StorageService>;
+  let secureStorageService: SubstituteOf<StorageService>;
+  let stateFactory: SubstituteOf<StateFactory>;
+
+  let stateMigrationService: StateMigrationService;
+
+  beforeEach(() => {
+    storageService = Substitute.for<StorageService>();
+    secureStorageService = Substitute.for<StorageService>();
+    stateFactory = Substitute.for<StateFactory>();
+
+    stateMigrationService = new StateMigrationService(
+      storageService,
+      secureStorageService,
+      stateFactory,
+    );
+  });
+
+  describe("StateVersion 3 to 4 migration", async () => {
+    beforeEach(() => {
+      const globalVersion3: Partial<GlobalState> = {
+        stateVersion: StateVersion.Three,
+      };
+
+      storageService.get("global", Arg.any()).resolves(globalVersion3);
+      storageService.get("authenticatedAccounts", Arg.any()).resolves([userId]);
+    });
+
+    it("clears everBeenUnlocked", async () => {
+      const accountVersion3: Account = {
+        profile: {
+          apiKeyClientId: null,
+          convertAccountToKeyConnector: null,
+          email: "EMAIL",
+          emailVerified: true,
+          everBeenUnlocked: true,
+          hasPremiumPersonally: false,
+          kdfIterations: 100000,
+          kdfType: 0,
+          keyHash: "KEY_HASH",
+          lastSync: "LAST_SYNC",
+          userId: userId,
+          usesKeyConnector: false,
+          forcePasswordReset: false,
+        },
+      };
+
+      const expectedAccountVersion4: Account = {
+        profile: {
+          ...accountVersion3.profile,
+        },
+      };
+      delete expectedAccountVersion4.profile.everBeenUnlocked;
+
+      storageService.get(userId, Arg.any()).resolves(accountVersion3);
+
+      await stateMigrationService.migrate();
+
+      storageService.received(1).save(userId, expectedAccountVersion4, Arg.any());
+    });
+
+    it("updates StateVersion number", async () => {
+      await stateMigrationService.migrate();
+
+      storageService.received(1).save(
+        "global",
+        Arg.is((globals: GlobalState) => globals.stateVersion === StateVersion.Four),
+        Arg.any(),
+      );
+    });
+  });
+});
--- a/jslib/common/spec/test.ts
+++ b/jslib/common/spec/test.ts
@@ -0,0 +1,5 @@
+import { webcrypto } from "crypto";
+
+Object.defineProperty(window, "crypto", {
+  value: webcrypto,
+});
--- a/jslib/common/spec/utils.ts
+++ b/jslib/common/spec/utils.ts
@@ -0,0 +1,37 @@
+import { Substitute, Arg } from "@fluffy-spoon/substitute";
+
+import { EncString } from "@/jslib/common/src/models/domain/encString";
+
+function newGuid() {
+  return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, (c) => {
+    const r = (Math.random() * 16) | 0;
+    const v = c === "x" ? r : (r & 0x3) | 0x8;
+    return v.toString(16);
+  });
+}
+
+export function GetUniqueString(prefix = "") {
+  return prefix + "_" + newGuid();
+}
+
+export function BuildTestObject<T, K extends keyof T = keyof T>(
+  def: Partial<Pick<T, K>> | T,
+  constructor?: new () => T,
+): T {
+  return Object.assign(constructor === null ? {} : new constructor(), def) as T;
+}
+
+export function mockEnc(s: string): EncString {
+  const mock = Substitute.for<EncString>();
+  mock.decrypt(Arg.any(), Arg.any()).resolves(s);
+
+  return mock;
+}
+
+export function makeStaticByteArray(length: number, start = 0) {
+  const arr = new Uint8Array(length);
+  for (let i = 0; i < length; i++) {
+    arr[i] = start + i;
+  }
+  return arr;
+}
--- a/jslib/common/src/abstractions/api.service.ts
+++ b/jslib/common/src/abstractions/api.service.ts
@@ -0,0 +1,14 @@
+import { ApiTokenRequest } from "../models/request/identityToken/apiTokenRequest";
+import { PasswordTokenRequest } from "../models/request/identityToken/passwordTokenRequest";
+import { SsoTokenRequest } from "../models/request/identityToken/ssoTokenRequest";
+import { OrganizationImportRequest } from "../models/request/organizationImportRequest";
+import { IdentityCaptchaResponse } from "../models/response/identityCaptchaResponse";
+import { IdentityTokenResponse } from "../models/response/identityTokenResponse";
+import { IdentityTwoFactorResponse } from "../models/response/identityTwoFactorResponse";
+
+export abstract class ApiService {
+  postIdentityToken: (
+    request: PasswordTokenRequest | SsoTokenRequest | ApiTokenRequest,
+  ) => Promise<IdentityTokenResponse | IdentityTwoFactorResponse | IdentityCaptchaResponse>;
+  postPublicImportDirectory: (request: OrganizationImportRequest) => Promise<any>;
+}
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				`ignores: ["*-loader", "webpack-cli", "@types/jest"]`