Merge branch 'main' into renovate/lock-file-maintenance

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.depcheckrc

@@ -0,0 +1 @@
+ignores: ["*-loader", "webpack-cli", "@types/jest"]

.eslintignore

@@ -1,9 +1,10 @@
 dist
 build
 build-cli
-jslib
 webpack.cli.js
 webpack.main.js
 webpack.renderer.js
 
 **/node_modules
+
+**/jest.config.js

.eslintrc.json

@@ -4,29 +4,92 @@
     "browser": true,
     "node": true
   },
-  "extends": ["./jslib/shared/eslintrc.json"],
-  "rules": {
-    "import/order": [
-      "error",
-      {
-        "alphabetize": {
-          "order": "asc"
+  "overrides": [
+    {
+      "files": ["*.ts", "*.js"],
+      "plugins": ["@typescript-eslint", "rxjs", "rxjs-angular", "import"],
+      "parser": "@typescript-eslint/parser",
+      "parserOptions": {
+        "project": ["./tsconfig.eslint.json"],
+        "sourceType": "module",
+        "ecmaVersion": 2020
+      },
+      "extends": [
+        "eslint:recommended",
+        "plugin:@typescript-eslint/recommended",
+        "plugin:import/recommended",
+        "plugin:import/typescript",
+        "prettier",
+        "plugin:rxjs/recommended"
+      ],
+      "settings": {
+        "import/parsers": {
+          "@typescript-eslint/parser": [".ts"]
         },
-        "newlines-between": "always",
-        "pathGroups": [
+        "import/resolver": {
+          "typescript": {
+            "alwaysTryTypes": true
+          }
+        }
+      },
+      "rules": {
+        "@typescript-eslint/explicit-member-accessibility": [
+          "error",
+          { "accessibility": "no-public" }
+        ],
+        "@typescript-eslint/no-explicit-any": "off", // TODO: This should be re-enabled
+        "@typescript-eslint/no-misused-promises": ["error", { "checksVoidReturn": false }],
+        "@typescript-eslint/no-this-alias": ["error", { "allowedNames": ["self"] }],
+        "@typescript-eslint/no-unused-vars": ["error", { "args": "none" }],
+        "no-console": "error",
+        "import/no-unresolved": "off", // TODO: Look into turning off once each package is an actual package.
+        "import/order": [
+          "error",
           {
-            "pattern": "jslib-*/**",
-            "group": "external",
-            "position": "after"
-          },
-          {
-            "pattern": "src/**/*",
-            "group": "parent",
-            "position": "before"
+            "alphabetize": {
+              "order": "asc"
+            },
+            "newlines-between": "always",
+            "pathGroups": [
+              {
+                "pattern": "@/jslib/**/*",
+                "group": "external",
+                "position": "after"
+              },
+              {
+                "pattern": "@/src/**/*",
+                "group": "parent",
+                "position": "before"
+              }
+            ],
+            "pathGroupsExcludedImportTypes": ["builtin"]
           }
         ],
-        "pathGroupsExcludedImportTypes": ["builtin"]
+        "rxjs-angular/prefer-takeuntil": "error",
+        "rxjs/no-exposed-subjects": ["error", { "allowProtected": true }],
+        "no-restricted-syntax": [
+          "error",
+          {
+            "message": "Calling `svgIcon` directly is not allowed",
+            "selector": "CallExpression[callee.name='svgIcon']"
+          },
+          {
+            "message": "Accessing FormGroup using `get` is not allowed, use `.value` instead",
+            "selector": "ChainExpression[expression.object.callee.property.name='get'][expression.property.name='value']"
+          }
+        ],
+        "curly": ["error", "all"],
+        "import/namespace": ["off"], // This doesn't resolve namespace imports correctly, but TS will throw for this anyway
+        "no-restricted-imports": ["error", { "patterns": ["src/**/*"] }]
       }
-    ]
-  }
+    },
+    {
+      "files": ["*.html"],
+      "parser": "@angular-eslint/template-parser",
+      "plugins": ["@angular-eslint/template"],
+      "rules": {
+        "@angular-eslint/template/button-has-type": "error"
+      }
+    }
+  ]
 }

.github/CODEOWNERS

@@ -0,0 +1,8 @@
+# Please sort into logical groups with comment headers. Sort groups in order of specificity.
+# For example, default owners should always be the first group.
+# Sort lines alphabetically within these groups to avoid accidentally adding duplicates.
+#
+# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
+
+# Default file owners.
+* @bitwarden/team-admin-console-dev

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,33 +1,34 @@
-## Type of change
+## 🎟️ Tracking
 
-- [ ] Bug fix
-- [ ] New feature development
-- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
-- [ ] Build/deploy pipeline (DevOps)
-- [ ] Other
+<!-- Paste the link to the Jira or GitHub issue or otherwise describe / point to where this change is coming from. -->
 
-## Objective
+## 📔 Objective
 
-<!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding-->
+<!-- Describe what the purpose of this PR is, for example what bug you're fixing or new feature you're adding. -->
 
-## Code changes
+## 📸 Screenshots
 
-<!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes-->
-<!--Also refer to any related changes or PRs in other repositories-->
+<!-- Required for any UI changes; delete if not applicable. Use fixed width images for better display. -->
 
-- **file.ext:** Description of what was changed and why
+## ⏰ Reminders before review
 
-## Screenshots
+- Contributor guidelines followed
+- All formatters and local linters executed and passed
+- Written new unit and / or integration tests where applicable
+- Used internationalization (i18n) for all UI strings
+- CI builds passed
+- Communicated to DevOps any deployment requirements
+- Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team
 
-<!--Required for any UI changes. Delete if not applicable-->
+## 🦮 Reviewer guidelines
 
-## Testing requirements
+<!-- Suggested interactions but feel free to use (or not) as you desire! -->
 
-<!--What functionality requires testing by QA? This includes testing new behavior and regression testing-->
-
-## Before you submit
-
-- [ ] I have checked for **linting** errors (`npm run lint`) (required)
-- [ ] I have added **unit tests** where it makes sense to do so (encouraged but not required)
-- [ ] This change requires a **documentation update** (notify the documentation team)
-- [ ] This change has particular **deployment requirements** (notify the DevOps team)
+- 👍 (`:+1:`) or similar for great changes
+- 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info
+- ❓ (`:question:`) for questions
+- 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
+- 🎨 (`:art:`) for suggestions / improvements
+- ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or concerns needing attention
+- 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or indications of technical debt
+- ⛏ (`:pick:`) for minor or nitpick changes

.github/renovate.json

@@ -0,0 +1,18 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": ["github>bitwarden/renovate-config"],
+  "enabledManagers": ["github-actions", "npm"],
+  "packageRules": [
+    {
+      "groupName": "gh minor",
+      "matchManagers": ["github-actions"],
+      "matchUpdateTypes": ["minor", "patch"]
+    },
+    {
+      "groupName": "Google Libraries",
+      "matchPackagePatterns": ["google-auth-library", "googleapis"],
+      "matchManagers": ["npm"],
+      "groupSlug": "google-libraries"
+    }
+  ]
+}

.github/workflows/build.yml

@@ -1,22 +1,24 @@
----
 name: Build
 
 on:
+  pull_request: {}
   push:
-    branches-ignore:
-      - 'l10n_master'
-    paths-ignore:
-      - '.github/workflows/**'
+    branches:
+      - "main"
+      - "rc"
+      - "hotfix-rc"
   workflow_dispatch: {}
 
+permissions:
+  contents: read
 
 jobs:
   cloc:
     name: CLOC
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout repo
-        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Set up CLOC
         run: |
@@ -29,38 +31,38 @@ jobs:
 
   setup:
     name: Setup
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     outputs:
       package_version: ${{ steps.retrieve-version.outputs.package_version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Get Package Version
         id: retrieve-version
         run: |
-          PKG_VERSION=$(jq -r .version src/package.json)
-          echo "::set-output name=package_version::$PKG_VERSION"
+          PKG_VERSION=$(jq -r .version package.json)
+          echo "package_version=$PKG_VERSION" >> $GITHUB_OUTPUT
 
 
   linux-cli:
     name: Build Linux CLI
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     needs: setup
     env:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
-      _PKG_FETCH_NODE_VERSION: 16.13.0
-      _PKG_FETCH_VERSION: 3.2
+      _PKG_FETCH_NODE_VERSION: 18.5.0
+      _PKG_FETCH_VERSION: 3.4
     steps:
       - name: Checkout repo
-        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Set up Node
-        uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a  # v3.0.0
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
-          node-version: '16'
+          node-version: '18'
 
       - name: Update NPM
         run: |
@@ -77,7 +79,7 @@ jobs:
 
       - name: Keytar
         run: |
-          keytarVersion=$(cat src/package.json | jq -r '.dependencies.keytar')
+          keytarVersion=$(cat package.json | jq -r '.dependencies.keytar')
           keytarTar="keytar-v$keytarVersion-napi-v3-linux-x64.tar"
 
           keytarTarGz="$keytarTar.gz"
@@ -94,13 +96,11 @@ jobs:
         run: npm run dist:cli:lin
 
       - name: Zip
-        run: zip -j ./dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip ./dist-cli/linux/bwdc ./keytar/linux/build/Release/keytar.node
-
-      - name: Create checksums
-        run: sha256sum ./dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip | cut -d " " -f 1 > ./dist-cli/bwdc-linux-sha256-$_PACKAGE_VERSION.txt
+        run: zip -j dist-cli/bwdc-linux-$_PACKAGE_VERSION.zip dist-cli/linux/bwdc keytar/linux/build/Release/keytar.node
 
       - name: Version Test
         run: |
+          sudo apt-get update
           sudo apt install libsecret-1-0 dbus-x11 gnome-keyring
           eval $(dbus-launch --sh-syntax)
 
@@ -121,38 +121,31 @@ jobs:
           fi
 
       - name: Upload Linux Zip to GitHub
-        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: bwdc-linux-${{ env._PACKAGE_VERSION }}.zip
           path: ./dist-cli/bwdc-linux-${{ env._PACKAGE_VERSION }}.zip
           if-no-files-found: error
 
-      - name: Upload Linux checksum to GitHub
-        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
-        with:
-          name: bwdc-linux-sha256-${{ env._PACKAGE_VERSION }}.txt
-          path: ./dist-cli/bwdc-linux-sha256-${{ env._PACKAGE_VERSION }}.txt
-          if-no-files-found: error
-
 
   macos-cli:
     name: Build Mac CLI
-    runs-on: macos-11
+    runs-on: macos-13
     needs: setup
     env:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
-      _PKG_FETCH_NODE_VERSION: 16.13.0
-      _PKG_FETCH_VERSION: 3.2
+      _PKG_FETCH_NODE_VERSION: 18.5.0
+      _PKG_FETCH_VERSION: 3.4
     steps:
       - name: Checkout repo
-        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Set up Node
-        uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a  # v3.0.0
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
-          node-version: '16'
+          node-version: '18'
 
       - name: Update NPM
         run: |
@@ -169,7 +162,7 @@ jobs:
 
       - name: Keytar
         run: |
-          keytarVersion=$(cat src/package.json | jq -r '.dependencies.keytar')
+          keytarVersion=$(cat package.json | jq -r '.dependencies.keytar')
           keytarTar="keytar-v$keytarVersion-napi-v3-darwin-x64.tar"
 
           keytarTarGz="$keytarTar.gz"
@@ -186,10 +179,7 @@ jobs:
         run: npm run dist:cli:mac
 
       - name: Zip
-        run: zip -j ./dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip ./dist-cli/macos/bwdc ./keytar/macos/build/Release/keytar.node
-
-      - name: Create checksums
-        run: sha256sum ./dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip | cut -d " " -f 1 > ./dist-cli/bwdc-macos-sha256-$_PACKAGE_VERSION.txt
+        run: zip -j dist-cli/bwdc-macos-$_PACKAGE_VERSION.zip dist-cli/macos/bwdc keytar/macos/build/Release/keytar.node
 
       - name: Version Test
         run: |
@@ -207,31 +197,24 @@ jobs:
           fi
 
       - name: Upload Mac Zip to GitHub
-        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: bwdc-macos-${{ env._PACKAGE_VERSION }}.zip
           path: ./dist-cli/bwdc-macos-${{ env._PACKAGE_VERSION }}.zip
           if-no-files-found: error
 
-      - name: Upload Mac checksum to GitHub
-        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
-        with:
-          name: bwdc-macos-sha256-${{ env._PACKAGE_VERSION }}.txt
-          path: ./dist-cli/bwdc-macos-sha256-${{ env._PACKAGE_VERSION }}.txt
-          if-no-files-found: error
-
 
   windows-cli:
     name: Build Windows CLI
-    runs-on: windows-2019
+    runs-on: windows-2022
     needs: setup
     env:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
-      _WIN_PKG_FETCH_VERSION: 16.13.0
-      _WIN_PKG_VERSION: 3.2
+      _WIN_PKG_FETCH_VERSION: 18.5.0
+      _WIN_PKG_VERSION: 3.4
     steps:
       - name: Checkout repo
-        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup Windows builder
         run: |
@@ -239,11 +222,11 @@ jobs:
           choco install reshack --no-progress
 
       - name: Set up Node
-        uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a  # v3.0.0
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
-          node-version: '16'
+          node-version: '18'
 
       - name: Update NPM
         run: |
@@ -264,7 +247,7 @@ jobs:
       - name: Keytar
         shell: pwsh
         run: |
-          $keytarVersion = (Get-Content -Raw -Path ./src/package.json | ConvertFrom-Json).dependencies.keytar
+          $keytarVersion = (Get-Content -Raw -Path ./package.json | ConvertFrom-Json).dependencies.keytar
           $keytarTar = "keytar-v${keytarVersion}-napi-v3-{0}-x64.tar"
           $keytarTarGz = "${keytarTar}.gz"
           $keytarUrl = "https://github.com/atom/node-keytar/releases/download/v${keytarVersion}/${keytarTarGz}"
@@ -333,117 +316,111 @@ jobs:
 
       - name: Zip
         shell: cmd
-        run: 7z a ./dist-cli/bwdc-windows-%_PACKAGE_VERSION%.zip ./dist-cli/windows/bwdc.exe ./keytar/windows/keytar.node
+        run: 7z a .\dist-cli\bwdc-windows-%_PACKAGE_VERSION%.zip .\dist-cli\windows\bwdc.exe .\keytar\windows\keytar.node
 
       - name: Version Test
+        shell: pwsh
         run: |
-          Expand-Archive -Path "./dist-cli/bwdc-windows-${env:_PACKAGE_VERSION}.zip" -DestinationPath "./test/windows"
-          $testVersion = Invoke-Expression '& ./test/windows/bwdc.exe -v'
-          echo "version: $env:_PACKAGE_VERSION"
+          Expand-Archive -Path "dist-cli\bwdc-windows-${{ env._PACKAGE_VERSION }}.zip" -DestinationPath "test\windows"
+          $testVersion = Invoke-Expression '& .\test\windows\bwdc.exe -v'
+          echo "version: ${env:_PACKAGE_VERSION}"
           echo "testVersion: $testVersion"
-          if($testVersion -ne $env:_PACKAGE_VERSION) {
+          if ($testVersion -ne ${env:_PACKAGE_VERSION}) {
             Throw "Version test failed."
           }
 
-      - name: Create checksums
-        run: |
-          checksum -f="./dist-cli/bwdc-windows-${env:_PACKAGE_VERSION}.zip" `
-            -t sha256 | Out-File ./dist-cli/bwdc-windows-sha256-${env:_PACKAGE_VERSION}.txt
-
       - name: Upload Windows Zip to GitHub
-        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: bwdc-windows-${{ env._PACKAGE_VERSION }}.zip
           path: ./dist-cli/bwdc-windows-${{ env._PACKAGE_VERSION }}.zip
           if-no-files-found: error
 
-      - name: Upload Windows checksum to GitHub
-        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
-        with:
-          name: bwdc-windows-sha256-${{ env._PACKAGE_VERSION }}.txt
-          path: ./dist-cli/bwdc-windows-sha256-${{ env._PACKAGE_VERSION }}.txt
-          if-no-files-found: error
-
 
   windows-gui:
     name: Build Windows GUI
-    runs-on: windows-2019
+    runs-on: windows-2022
     needs: setup
     env:
+      NODE_OPTIONS: --max_old_space_size=4096
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
+      HUSKY: 0
     steps:
       - name: Checkout repo
-        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
-
-      - name: Set up .NET
-        uses: actions/setup-dotnet@9211491ffb35dd6a6657ca4f45d43dfe6e97c829
-        with:
-          dotnet-version: "3.1.x"
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Set up Node
-        uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a  # v3.0.0
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
-          node-version: '16'
+          node-version: '18'
 
       - name: Update NPM
         run: |
           npm install -g node-gyp
           node-gyp install $(node -v)
 
-      - name: Set Node options
-        run: echo "NODE_OPTIONS=--max_old_space_size=4096" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
-        shell: pwsh
-
       - name: Print environment
         run: |
           node --version
           npm --version
-          dotnet --version
 
       - name: Install AST
-        uses: bitwarden/gh-actions/install-ast@f135c42c8596cb535c5bcb7523c0b2eef89709ac
+        run: dotnet tool install --global AzureSignTool --version 4.0.1
 
       - name: Install Node dependencies
         run: npm install
 
-      # - name: Run linter
-      #   run: npm run lint
+      - name: Login to Azure
+        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        with:
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: "bitwarden-ci"
+          secrets: "code-signing-vault-url,
+            code-signing-client-id,
+            code-signing-tenant-id,
+            code-signing-client-secret,
+            code-signing-cert-name"
 
       - name: Build & Sign
         run: npm run dist:win
         env:
           ELECTRON_BUILDER_SIGN: 1
-          SIGNING_VAULT_URL: ${{ secrets.SIGNING_VAULT_URL }}
-          SIGNING_CLIENT_ID: ${{ secrets.SIGNING_CLIENT_ID }}
-          SIGNING_TENANT_ID: ${{ secrets.SIGNING_TENANT_ID }}
-          SIGNING_CLIENT_SECRET: ${{ secrets.SIGNING_CLIENT_SECRET }}
-          SIGNING_CERT_NAME: ${{ secrets.SIGNING_CERT_NAME }}
+          SIGNING_VAULT_URL: ${{ steps.retrieve-secrets.outputs.code-signing-vault-url }}
+          SIGNING_CLIENT_ID: ${{ steps.retrieve-secrets.outputs.code-signing-client-id }}
+          SIGNING_TENANT_ID: ${{ steps.retrieve-secrets.outputs.code-signing-tenant-id }}
+          SIGNING_CLIENT_SECRET: ${{ steps.retrieve-secrets.outputs.code-signing-client-secret }}
+          SIGNING_CERT_NAME: ${{ steps.retrieve-secrets.outputs.code-signing-cert-name }}
 
       - name: Upload Portable Executable to GitHub
-        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: Bitwarden-Connector-Portable-${{ env._PACKAGE_VERSION }}.exe
           path: ./dist/Bitwarden-Connector-Portable-${{ env._PACKAGE_VERSION }}.exe
           if-no-files-found: error
 
       - name: Upload Installer Executable to GitHub
-        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe
           path: ./dist/Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe
           if-no-files-found: error
 
       - name: Upload Installer Executable Blockmap to GitHub
-        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe.blockmap
           path: ./dist/Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe.blockmap
           if-no-files-found: error
 
       - name: Upload latest auto-update artifact
-        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: latest.yml
           path: ./dist/latest.yml
@@ -452,29 +429,28 @@ jobs:
 
   linux-gui:
     name: Build Linux GUI
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     needs: setup
     env:
+      NODE_OPTIONS: --max_old_space_size=4096
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
+      HUSKY: 0
     steps:
       - name: Checkout repo
-        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Set up Node
-        uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a  # v3.0.0
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
-          node-version: '16'
+          node-version: '18'
 
       - name: Update NPM
         run: |
           npm install -g node-gyp
           node-gyp install $(node -v)
 
-      - name: Set Node options
-        run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV
-
       - name: Set up environment
         run: |
           sudo apt-get update
@@ -491,14 +467,14 @@ jobs:
         run: npm run dist:lin
 
       - name: Upload AppImage
-        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-x86_64.AppImage
           path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-x86_64.AppImage
           if-no-files-found: error
 
       - name: Upload latest auto-update artifact
-        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: latest-linux.yml
           path: ./dist/latest-linux.yml
@@ -507,79 +483,77 @@ jobs:
 
   macos-gui:
     name: Build MacOS GUI
-    runs-on: macos-11
+    runs-on: macos-13
     needs: setup
     env:
+      NODE_OPTIONS: --max_old_space_size=4096
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
+      HUSKY: 0
     steps:
       - name: Checkout repo
-        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Set up Node
-        uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a  # v3.0.0
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
         with:
           cache: 'npm'
           cache-dependency-path: '**/package-lock.json'
-          node-version: '16'
+          node-version: '18'
 
       - name: Update NPM
         run: |
           npm install -g node-gyp
           node-gyp install $(node -v)
 
-      - name: Set Node options
-        run: echo "NODE_OPTIONS=--max_old_space_size=4096" >> $GITHUB_ENV
-
       - name: Print environment
         run: |
           node --version
           npm --version
           echo "GitHub ref: $GITHUB_REF"
           echo "GitHub event: $GITHUB_EVENT"
-        shell: bash
 
-      - name: Decrypt secrets
-        env:
-          DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
-        shell: bash
+      - name: Login to Azure
+        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        with:
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+
+      - name: Get certificates
         run: |
-          mkdir -p $HOME/secrets
+          mkdir -p $HOME/certificates
 
-          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
-            --output "$HOME/secrets/devid-app-cert.p12" \
-            "$GITHUB_WORKSPACE/.github/secrets/devid-app-cert.p12.gpg"
+          az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-app-cert |
+            jq -r .value | base64 -d > $HOME/certificates/devid-app-cert.p12
 
-          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
-            --output "$HOME/secrets/devid-installer-cert.p12" \
-            "$GITHUB_WORKSPACE/.github/secrets/devid-installer-cert.p12.gpg"
+          az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/devid-installer-cert |
+            jq -r .value | base64 -d > $HOME/certificates/devid-installer-cert.p12
 
-          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
-            --output "$HOME/secrets/macdev-cert.p12" \
-            "$GITHUB_WORKSPACE/.github/secrets/macdev-cert.p12.gpg"
+          az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/macdev-cert |
+            jq -r .value | base64 -d > $HOME/certificates/macdev-cert.p12
 
       - name: Set up keychain
         env:
           KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
-          DEVID_CERT_PASSWORD: ${{ secrets.DEVID_CERT_PASSWORD }}
-          MACDEV_CERT_PASSWORD: ${{ secrets.MACDEV_CERT_PASSWORD }}
-        shell: bash
         run: |
           security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
           security default-keychain -s build.keychain
           security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
           security set-keychain-settings -lut 1200 build.keychain
-          security import "$HOME/secrets/devid-app-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
+
+          security import "$HOME/certificates/devid-app-cert.p12" -k build.keychain -P "" \
             -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
-          security import "$HOME/secrets/devid-installer-cert.p12" -k build.keychain -P $DEVID_CERT_PASSWORD \
+
+          security import "$HOME/certificates/devid-installer-cert.p12" -k build.keychain -P "" \
             -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
-          security import "$HOME/secrets/macdev-cert.p12" -k build.keychain -P $MACDEV_CERT_PASSWORD \
+
+          security import "$HOME/certificates/macdev-cert.p12" -k build.keychain -P "" \
             -T /usr/bin/codesign -T /usr/bin/security -T /usr/bin/productbuild
+
           security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
 
       - name: Load package version
         run: |
           $rootPath = $env:GITHUB_WORKSPACE;
-          $packageVersion = (Get-Content -Raw -Path $rootPath\src\package.json | ConvertFrom-Json).version;
+          $packageVersion = (Get-Content -Raw -Path $rootPath\package.json | ConvertFrom-Json).version;
 
           Write-Output "Setting package version to $packageVersion";
           Write-Output "PACKAGE_VERSION=$packageVersion" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append;
@@ -588,44 +562,44 @@ jobs:
       - name: Install Node dependencies
         run: npm install
 
-      # - name: Run linter
-      #   run: npm run lint
+      - name: Set up private auth key
+        run: |
+          mkdir ~/private_keys
+          cat << EOF > ~/private_keys/AuthKey_UFD296548T.p8
+          ${{ secrets.APP_STORE_CONNECT_AUTH_KEY }}
+          EOF
 
       - name: Build application
         run: npm run dist:mac
         env:
-          APPLE_ID_USERNAME: ${{ secrets.APPLE_ID_USERNAME }}
-          APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
-
-      - name: Rename Zip Artifact
-        run: |
-          cd dist
-          mv "Bitwarden Directory Connector-${{ env._PACKAGE_VERSION }}-mac.zip" \
-             "Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-mac.zip"
+          APP_STORE_CONNECT_TEAM_ISSUER: ${{ secrets.APP_STORE_CONNECT_TEAM_ISSUER }}
+          APP_STORE_CONNECT_AUTH_KEY: UFD296548T
+          APP_STORE_CONNECT_AUTH_KEY_PATH: ~/private_keys/AuthKey_UFD296548T.p8
+          CSC_FOR_PULL_REQUEST: true
 
       - name: Upload .zip artifact
-        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-mac.zip
           path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-mac.zip
           if-no-files-found: error
 
       - name: Upload .dmg artifact
-        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg
           path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg
           if-no-files-found: error
 
       - name: Upload .dmg Blockmap artifact
-        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg.blockmap
           path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg.blockmap
           if-no-files-found: error
 
       - name: Upload latest auto-update artifact
-        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: latest-mac.yml
           path: ./dist/latest-mac.yml
@@ -634,7 +608,7 @@ jobs:
 
   check-failures:
     name: Check for failures
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     needs:
       - cloc
       - setup
@@ -646,51 +620,29 @@ jobs:
       - macos-gui
     steps:
       - name: Check if any job failed
-        if: ${{ (github.ref == 'refs/heads/master') || (github.ref == 'refs/heads/rc') }}
-        env:
-          CLOC_STATUS: ${{ needs.cloc.result }}
-          SETUP_STATUS: ${{ needs.setup.result }}
-          LINUX_CLI_STATUS: ${{ needs.linux-cli.result }}
-          MACOS_CLI_STATUS: ${{ needs.macos-cli.result }}
-          WINDOWS_CLI_STATUS: ${{ needs.windows-cli.result }}
-          WINDOWS_GUI_STATUS: ${{ needs.windows-gui.result }}
-          LINUX_GUI_STATUS: ${{ needs.linux-gui.result }}
-          MACOS_GUI_STATUS: ${{ needs.macos-gui.result }}
-        run: |
-          if [ "$CLOC_STATUS" = "failure" ]; then
-              exit 1
-          elif [ "$SETUP_STATUS" = "failure" ]; then
-              exit 1
-          elif [ "$LINUX_CLI_STATUS" = "failure" ]; then
-              exit 1
-          elif [ "$MACOS_CLI_STATUS" = "failure" ]; then
-              exit 1
-          elif [ "$WINDOWS_CLI_STATUS" = "failure" ]; then
-              exit 1
-          elif [ "$WINDOWS_GUI_STATUS" = "failure" ]; then
-              exit 1
-          elif [ "$LINUX_GUI_STATUS" = "failure" ]; then
-              exit 1
-          elif [ "$MACOS_GUI_STATUS" = "failure" ]; then
-              exit 1
-          fi
+        if: |
+          (github.ref == 'refs/heads/main'
+          || github.ref == 'refs/heads/rc'
+          || github.ref == 'refs/heads/hotfix-rc')
+          && contains(needs.*.result, 'failure')
+        run: exit 1
 
-      - name: Login to Azure - Prod Subscription
-        uses: Azure/login@1f63701bf3e6892515f1b7ce2d2bf1708b46beaf
+      - name: Login to Azure - CI subscription
+        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
         if: failure()
         with:
-          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
       - name: Retrieve secrets
         id: retrieve-secrets
-        uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
         if: failure()
         with:
-          keyvault: "bitwarden-prod-kv"
+          keyvault: "bitwarden-ci"
           secrets: "devops-alerts-slack-webhook-url"
 
       - name: Notify Slack on failure
-        uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33
+        uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d # v2.1.0
         if: failure()
         env:
           SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }}

.github/workflows/enforce-labels.yml

@@ -1,16 +1,18 @@
----
 name: Enforce PR labels
 
 on:
   pull_request:
     types: [labeled, unlabeled, opened, edited, synchronize]
+permissions:
+  contents: read
+  pull-requests: read
 jobs:
   enforce-label:
     name: EnforceLabel
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Enforce Label
-        uses: yogevbd/enforce-label-action@8d1e1709b1011e6d90400a0e6cf7c0b77aa5efeb
+        uses: yogevbd/enforce-label-action@a3c219da6b8fa73f6ba62b68ff09c469b3a1c024 # 2.2.2
         with:
           BANNED_LABELS: "hold"
           BANNED_LABELS_DESCRIPTION: "PRs on hold cannot be merged"

.github/workflows/integration-test.yml

@@ -0,0 +1,76 @@
+name: Integration Testing
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - "main"
+    paths:
+      - ".github/workflows/integration-test.yml" # this file
+      - "src/services/ldap-directory.service*" # we only have integration for LDAP testing at the moment
+      - "./openldap/**/*" # any change to test fixtures
+      - "./docker-compose.yml" # any change to Docker configuration
+  pull_request:
+    paths:
+      - ".github/workflows/integration-test.yml" # this file
+      - "src/services/ldap-directory.service*" # we only have integration for LDAP testing at the moment
+      - "./openldap/**/*" # any change to test fixtures
+      - "./docker-compose.yml" # any change to Docker configuration
+
+jobs:
+
+  testing:
+    name: Run tests
+    if: ${{ startsWith(github.head_ref, 'version_bump_') == false }}
+    runs-on: ubuntu-22.04
+    permissions:
+      checks: write
+      contents: read
+      pull-requests: write
+
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Get Node version
+        id: retrieve-node-version
+        run: |
+          NODE_NVMRC=$(cat .nvmrc)
+          NODE_VERSION=${NODE_NVMRC/v/''}
+          echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT
+
+      - name: Set up Node
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+          node-version: ${{ steps.retrieve-node-version.outputs.node_version }}
+
+      - name: Install Node dependencies
+        run: npm ci
+
+      - name: Install mkcert
+        run: |
+          sudo apt-get update
+          sudo apt-get -y install mkcert
+
+      - name: Setup integration tests
+        run: npm run test:integration:setup
+
+      - name: Run integration tests
+        run: npm run test:integration --coverage
+
+      - name: Report test results
+        uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1
+        if: ${{ github.event.pull_request.head.repo.full_name == github.repository && !cancelled() }}
+        with:
+          name: Test Results
+          path: "junit.xml"
+          reporter: jest-junit
+          fail-on-error: true
+
+      - name: Upload coverage to codecov.io
+        uses: codecov/codecov-action@5a605bd92782ce0810fa3b8acc235c921b497052 # v5.2.0
+
+      - name: Upload results to codecov.io
+        uses: codecov/test-results-action@4e79e65778be1cecd5df25e14af1eafb6df80ea9 # v1.0.2

.github/workflows/release.yml

@@ -1,4 +1,3 @@
----
 name: Release
 
 on:
@@ -14,13 +13,21 @@ on:
           - Redeploy
           - Dry Run
 
+permissions:
+  contents: read
+
 jobs:
   setup:
     name: Setup
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
+    outputs:
+      release_version: ${{ steps.version.outputs.version }}
     steps:
+      - name: Checkout repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
       - name: Branch check
-        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        if: ${{ inputs.release_type != 'Dry Run' }}
         run: |
           if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then
             echo "==================================="
@@ -29,56 +36,44 @@ jobs:
             exit 1
           fi
 
-      - name: Checkout repo
-        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
-
-      - name: Retrieve Directory Connector release version
-        id: retrieve-version
-        run: |
-          PKG_VERSION=$(jq -r .version src/package.json)
-          echo "::set-output name=package_version::$PKG_VERSION"
-
-      - name: Check to make sure Mobile release version has been bumped
-        if: ${{ github.event.inputs.release_type == 'Initial Release' }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          latest_ver=$(hub release -L 1 -f '%T')
-          latest_ver=${latest_ver:1}
-          echo "Latest version: $latest_ver"
-          ver=${{ steps.retrieve-version.outputs.package_version }}
-          echo "Version: $ver"
-          if [ "$latest_ver" = "$ver" ]; then
-            echo "Version has not been bumped!"
-            exit 1
-          fi
-        shell: bash
-
-      - name: Get branch name
-        id: branch
-        run: |
-          BRANCH_NAME=$(basename ${{ github.ref }})
-          echo "::set-output name=branch-name::$BRANCH_NAME"
+      - name: Check Release Version
+        id: version
+        uses: bitwarden/gh-actions/release-version-check@main
+        with:
+          release-type: ${{ inputs.release_type }}
+          project-type: ts
+          file: package.json
 
+  release:
+    name: Release
+    runs-on: ubuntu-24.04
+    needs: setup
+    steps:
       - name: Download all artifacts
-        uses: bitwarden/gh-actions/download-artifacts@c1fa8e09871a860862d6bbe36184b06d2c7e35a8
+        if: ${{ inputs.release_type != 'Dry Run' }}
+        uses: bitwarden/gh-actions/download-artifacts@main
         with:
           workflow: build.yml
           workflow_conclusion: success
-          branch: ${{ steps.branch.outputs.branch-name }}
+          branch: ${{ github.ref_name }}
+
+      - name: Dry Run - Download all artifacts
+        if: ${{ inputs.release_type == 'Dry Run' }}
+        uses: bitwarden/gh-actions/download-artifacts@main
+        with:
+          workflow: build.yml
+          workflow_conclusion: success
+          branch: main
 
       - name: Create release
-        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
-        uses: ncipollo/release-action@40bb172bd05f266cf9ba4ff965cb61e9ee5f6d01  # v1.9.0
+        if: ${{ inputs.release_type != 'Dry Run' }}
+        uses: ncipollo/release-action@cdcc88a9acf3ca41c16c37bb7d21b9ad48560d87 # v1.15.0
         env:
-          PKG_VERSION: ${{ steps.retrieve-version.outputs.package_version }}
+          PKG_VERSION: ${{ needs.setup.outputs.release_version }}
         with:
           artifacts: "./bwdc-windows-${{ env.PKG_VERSION }}.zip,
                       ./bwdc-macos-${{ env.PKG_VERSION }}.zip,
                       ./bwdc-linux-${{ env.PKG_VERSION }}.zip,
-                      ./bwdc-windows-sha256-${{ env.PKG_VERSION }}.txt,
-                      ./bwdc-macos-sha256-${{ env.PKG_VERSION }}.txt,
-                      ./bwdc-linux-sha256-${{ env.PKG_VERSION }}.txt,
                       ./Bitwarden-Connector-Portable-${{ env.PKG_VERSION }}.exe,
                       ./Bitwarden-Connector-Installer-${{ env.PKG_VERSION }}.exe,
                       ./Bitwarden-Connector-Installer-${{ env.PKG_VERSION }}.exe.blockmap,

.github/workflows/scan.yml

@@ -0,0 +1,90 @@
+name: Scan
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - "main"
+  pull_request:
+    types: [opened, synchronize, reopened]
+    branches-ignore:
+      - main
+  pull_request_target:
+    types: [opened, synchronize, reopened]
+    branches:
+      - "main"
+
+permissions: {}
+
+jobs:
+  check-run:
+    name: Check PR run
+    uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
+    permissions:
+      contents: read
+
+  sast:
+    name: SAST scan
+    runs-on: ubuntu-24.04
+    needs: check-run
+    permissions:
+      contents: read
+      pull-requests: write
+      security-events: write
+
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Scan with Checkmarx
+        uses: checkmarx/ast-github-action@184bf2f64f55d1c93fd6636d539edf274703e434 # 2.0.41
+        env:
+          INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}"
+        with:
+          project_name: ${{ github.repository }}
+          cx_tenant: ${{ secrets.CHECKMARX_TENANT }}
+          base_uri: https://ast.checkmarx.net/
+          cx_client_id: ${{ secrets.CHECKMARX_CLIENT_ID }}
+          cx_client_secret: ${{ secrets.CHECKMARX_SECRET }}
+          additional_params: |
+            --report-format sarif \
+            --filter "state=TO_VERIFY;PROPOSED_NOT_EXPLOITABLE;CONFIRMED;URGENT" \
+            --output-path . ${{ env.INCREMENTAL }}
+
+      - name: Upload Checkmarx results to GitHub
+        uses: github/codeql-action/upload-sarif@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3
+        with:
+          sarif_file: cx_result.sarif
+          sha: ${{ contains(github.event_name, 'pull_request') && github.event.pull_request.head.sha || github.sha }}
+          ref: ${{ contains(github.event_name, 'pull_request') && format('refs/pull/{0}/head', github.event.pull_request.number) || github.ref }}
+
+  quality:
+    name: Quality scan
+    runs-on: ubuntu-24.04
+    needs: check-run
+    permissions:
+      contents: read
+      pull-requests: write
+
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Scan with SonarCloud
+        uses: sonarsource/sonarqube-scan-action@2500896589ef8f7247069a56136f8dc177c27ccf # v5.2.0
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        with:
+          args: >
+            -Dsonar.organization=${{ github.repository_owner }}
+            -Dsonar.projectKey=${{ github.repository_owner }}_${{ github.event.repository.name }}
+            -Dsonar.tests=.
+            -Dsonar.sources=.
+            -Dsonar.test.inclusions=**/*.spec.ts
+            -Dsonar.exclusions=**/*.spec.ts
+            -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}

.github/workflows/test.yml

@@ -0,0 +1,66 @@
+name: Testing
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - "main"
+      - "rc"
+      - "hotfix-rc"
+  pull_request:
+
+jobs:
+
+  testing:
+    name: Run tests
+    if: ${{ startsWith(github.head_ref, 'version_bump_') == false }}
+    runs-on: ubuntu-24.04
+    permissions:
+      checks: write
+      contents: read
+      pull-requests: write
+
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Get Node version
+        id: retrieve-node-version
+        run: |
+          NODE_NVMRC=$(cat .nvmrc)
+          NODE_VERSION=${NODE_NVMRC/v/''}
+          echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT
+
+      - name: Set up Node
+        uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
+        with:
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+          node-version: ${{ steps.retrieve-node-version.outputs.node_version }}
+
+      - name: Install Node dependencies
+        run: npm ci
+
+      # We use isolatedModules: true which disables typechecking in tests
+      # Tests in apps/ are typechecked when their app is built, so we just do it here for libs/
+      # See https://bitwarden.atlassian.net/browse/EC-497
+      - name: Run typechecking
+        run: npm run test:types --coverage
+
+      - name: Run tests
+        run: npm run test --coverage
+
+      - name: Report test results
+        uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1
+        if: ${{ github.event.pull_request.head.repo.full_name == github.repository && !cancelled() }}
+        with:
+          name: Test Results
+          path: "junit.xml"
+          reporter: jest-junit
+          fail-on-error: true
+
+      - name: Upload coverage to codecov.io
+        uses: codecov/codecov-action@5a605bd92782ce0810fa3b8acc235c921b497052 # v5.2.0
+
+      - name: Upload results to codecov.io
+        uses: codecov/test-results-action@4e79e65778be1cecd5df25e14af1eafb6df80ea9 # v1.0.2

.github/workflows/version-bump.yml

@@ -1,65 +1,114 @@
----
 name: Version Bump
 
 on:
   workflow_dispatch:
     inputs:
-      version_number:
-        description: "New Version"
-        required: true
+      version_number_override:
+        description: "New version override (leave blank for automatic calculation, example: '2024.1.0')"
+        required: false
+        type: string
 
 jobs:
   bump_version:
-    name: "Create version_bump_${{ github.event.inputs.version_number }} branch"
-    runs-on: ubuntu-20.04
+    name: Bump Version
+    runs-on: ubuntu-24.04
     steps:
+      - name: Validate version input
+        if: ${{ inputs.version_number_override != '' }}
+        uses: bitwarden/gh-actions/version-check@main
+        with:
+          version: ${{ inputs.version_number_override }}
+
+      - name: Generate GH App token
+        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
+        id: app-token
+        with:
+          app-id: ${{ secrets.BW_GHAPP_ID }}
+          private-key: ${{ secrets.BW_GHAPP_KEY }}
+
       - name: Checkout Branch
-        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          token: ${{ steps.app-token.outputs.token }}
 
-      - name: Create Version Branch
+      - name: Setup git
         run: |
-          git switch -c version_bump_${{ github.event.inputs.version_number }}
-          git push -u origin version_bump_${{ github.event.inputs.version_number }}
+          git config user.name github-actions
+          git config user.email github-actions@github.com
 
-      - name: Checkout Version Branch
-        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
-        with:
-          ref: version_bump_${{ github.event.inputs.version_number }}
+      - name: Get current version
+        id: current-version
+        run: |
+          CURRENT_VERSION=$(cat package.json | jq -r '.version')
+          echo "version=$CURRENT_VERSION" >> $GITHUB_OUTPUT
 
-      - name: Bump Version - Package
-        uses: bitwarden/gh-actions/version-bump@03ad9a873c39cdc95dd8d77dbbda67f84db43945
+      - name: Verify input version
+        if: ${{ inputs.version_number_override != '' }}
+        env:
+          CURRENT_VERSION: ${{ steps.current-version.outputs.version }}
+          NEW_VERSION: ${{ inputs.version_number_override }}
+        run: |
+          # Error if version has not changed.
+          if [[ "$NEW_VERSION" == "$CURRENT_VERSION" ]]; then
+            echo "Version has not changed."
+            exit 1
+          fi
+
+          # Check if version is newer.
+          printf '%s\n' "${CURRENT_VERSION}" "${NEW_VERSION}" | sort -C -V
+          if [ $? -eq 0 ]; then
+            echo "Version check successful."
+          else
+            echo "Version check failed."
+            exit 1
+          fi
+
+      - name: Calculate next release version
+        if: ${{ inputs.version_number_override == '' }}
+        id: calculate-next-version
+        uses: bitwarden/gh-actions/version-next@main
         with:
-          version: ${{ github.event.inputs.version_number }}
-          file_path: "./src/package.json"
+          version: ${{ steps.current-version.outputs.version }}
+
+      - name: Bump Version - Package - Version Override
+        if: ${{ inputs.version_number_override != '' }}
+        id: bump-version-override
+        uses: bitwarden/gh-actions/version-bump@main
+        with:
+          file_path: "./package.json"
+          version: ${{ inputs.version_number_override }}
+
+      - name: Bump Version - Package - Automatic Calculation
+        if: ${{ inputs.version_number_override == '' }}
+        id: bump-version-automatic
+        uses: bitwarden/gh-actions/version-bump@main
+        with:
+          file_path: "./package.json"
+          version: ${{ steps.calculate-next-version.outputs.version }}
+
+      - name: Set final version output
+        id: set-final-version-output
+        run: |
+          if [[ "${{ steps.bump-version-override.outcome }}" == "success" ]]; then
+            echo "version=${{ inputs.version_number_override }}" >> $GITHUB_OUTPUT
+          elif [[ "${{ steps.bump-version-automatic.outcome }}" == "success" ]]; then
+            echo "version=${{ steps.calculate-next-version.outputs.version }}" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Check if version changed
+        id: version-changed
+        run: |
+          if [ -n "$(git status --porcelain)" ]; then
+            echo "changes_to_commit=TRUE" >> $GITHUB_OUTPUT
+          else
+            echo "changes_to_commit=FALSE" >> $GITHUB_OUTPUT
+            echo "No changes to commit!";
+          fi
 
       - name: Commit files
-        run: |
-          git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
-          git config --local user.name "github-actions[bot]"
-          git commit -m "Bumped version to ${{ github.event.inputs.version_number }}" -a
+        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
+        run: git commit -m "Bumped version to ${{ steps.set-final-version-output.outputs.version }}" -a
 
       - name: Push changes
-        run: git push -u origin version_bump_${{ github.event.inputs.version_number }}
-
-      - name: Create Version PR
-        env:
-          PR_BRANCH: "version_bump_${{ github.event.inputs.version_number }}"
-          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
-          BASE_BRANCH: master
-          TITLE: "Bump version to ${{ github.event.inputs.version_number }}"
-        run: |
-          gh pr create --title "$TITLE" \
-            --base "$BASE" \
-            --head "$PR_BRANCH" \
-            --label "version update" \
-            --label "automated pr" \
-            --body "
-              ## Type of change
-              - [ ] Bug fix
-              - [ ] New feature development
-              - [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
-              - [ ] Build/deploy pipeline (DevOps)
-              - [X] Other
-              
-              ## Objective
-              Automated version bump to ${{ github.event.inputs.version_number }}"
+        if: ${{ steps.version-changed.outputs.changes_to_commit == 'TRUE' }}
+        run: git push

.github/workflows/workflow-linter.yml

@@ -1,11 +0,0 @@
----
-name: Workflow Linter
-
-on:
-  pull_request:
-    paths:
-      - .github/workflows/**
-
-jobs:
-  call-workflow:
-    uses: bitwarden/gh-actions/.github/workflows/workflow-linter.yml@master

.gitignore

@@ -1,17 +1,41 @@
-.vs
-.idea
+# General
+.DS_Store
+Thumbs.db
+
+# IDEs and editors
+.idea/
+.project
+.classpath
+.c9/
+*.launch
+.settings/
+*.sublime-workspace
+
+# Visual Studio Code
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+.history/*
+
+# Node
 node_modules
 npm-debug.log
-vwd.webinfo
-dist/
-dist-cli/
-css/
+
+# Build directories
+dist
+build
+build-cli
+.angular/cache
+
+# Testing
+coverage
+junit.xml
+
+# Misc
 *.crx
 *.pem
-build-cli/
-build/
-yarn-error.log
-.DS_Store
-*.nupkg
+*.zip
 *.provisionprofile
-*.env
+.swp

.gitmodules

@@ -1,4 +0,0 @@
-[submodule "jslib"]
-	path = jslib
-	url = https://github.com/bitwarden/jslib.git
-	branch = master

.nvmrc

@@ -0,0 +1 @@
+v18

.prettierignore

@@ -3,8 +3,6 @@ build
 build-cli
 dist
 
-jslib
-
 # External libraries / auto synced locales
 src/locales
 

README.md

@@ -3,7 +3,7 @@
 
 # Bitwarden Directory Connector
 
-The Bitwarden Directory Connector is a a desktop application used to sync your Bitwarden enterprise organization to an existing directory of users and groups.
+The Bitwarden Directory Connector is a desktop application used to sync your Bitwarden enterprise organization to an existing directory of users and groups.
 
 Supported directories:
 
@@ -48,7 +48,7 @@ We provide detailed documentation and examples for using the Directory Connector
 
 **Requirements**
 
-- [Node.js](https://nodejs.org) v16.13.1 (LTS)
+- [Node.js](https://nodejs.org) v18 (LTS)
 - Windows users: To compile the native node modules used in the app you will need the Visual C++ toolset, available through the standard Visual Studio installer (recommended) or by installing [`windows-build-tools`](https://github.com/felixrieseberg/windows-build-tools) through `npm`. See more at [Compiling native Addon modules](https://github.com/Microsoft/nodejs-guidelines/blob/master/windows-environment.md#compiling-native-addon-modules).
 
 **Run the app**

angular.json

@@ -0,0 +1,35 @@
+{
+  "$schema": "./node_modules/@angular/cli/lib/config/schema.json",
+  "version": 1,
+  "newProjectRoot": "apps",
+  "cli": {
+    "analytics": false
+  },
+  "projects": {
+    "app": {
+      "projectType": "application",
+      "schematics": {
+        "@schematics/angular:application": {
+          "strict": true
+        }
+      },
+      "root": ".",
+      "sourceRoot": "src",
+      "prefix": "app",
+      "architect": {
+        "build": {
+          "builder": "@angular-devkit/build-angular:browser",
+          "options": {
+            "outputPath": "dist",
+            "index": "src/index.html",
+            "main": "src/main.ts",
+            "tsConfig": "tsconfig.json",
+            "assets": [],
+            "styles": [],
+            "scripts": []
+          }
+        }
+      }
+    }
+  }
+}

docker-compose.yml

@@ -0,0 +1,18 @@
+services:
+  open-ldap:
+    image: bitnami/openldap:latest
+    hostname: openldap
+    environment:
+      - LDAP_ADMIN_USERNAME=admin
+      - LDAP_ADMIN_PASSWORD=admin
+      - LDAP_ROOT=dc=bitwarden,dc=com
+      - LDAP_ENABLE_TLS=yes
+      - LDAP_TLS_CERT_FILE=/certs/openldap.pem
+      - LDAP_TLS_KEY_FILE=/certs/openldap-key.pem
+      - LDAP_TLS_CA_FILE=/certs/rootCA.pem
+    volumes:
+      - "./openldap/ldifs:/ldifs"
+      - "./openldap/certs:/certs"
+    ports:
+      - "1389:1389"
+      - "1636:1636"

electron-builder.json

@@ -0,0 +1,67 @@
+{
+  "extraMetadata": {
+    "name": "bitwarden-directory-connector"
+  },
+  "productName": "Bitwarden Directory Connector",
+  "appId": "com.bitwarden.directory-connector",
+  "copyright": "Copyright © 2015-2022 Bitwarden Inc.",
+  "directories": {
+    "buildResources": "resources",
+    "output": "dist",
+    "app": "build"
+  },
+  "afterSign": "scripts/notarize.js",
+  "mac": {
+    "artifactName": "Bitwarden-Connector-${version}-mac.${ext}",
+    "category": "public.app-category.productivity",
+    "gatekeeperAssess": false,
+    "hardenedRuntime": true,
+    "entitlements": "resources/entitlements.mac.plist",
+    "entitlementsInherit": "resources/entitlements.mac.plist",
+    "target": ["dmg", "zip"]
+  },
+  "win": {
+    "target": ["portable", "nsis"],
+    "sign": "scripts/sign.js"
+  },
+  "linux": {
+    "category": "Utility",
+    "synopsis": "Sync your user directory to your Bitwarden organization.",
+    "target": ["AppImage"]
+  },
+  "dmg": {
+    "artifactName": "Bitwarden-Connector-${version}.${ext}",
+    "icon": "dmg.icns",
+    "contents": [
+      {
+        "x": 150,
+        "y": 185,
+        "type": "file"
+      },
+      {
+        "x": 390,
+        "y": 180,
+        "type": "link",
+        "path": "/Applications"
+      }
+    ],
+    "window": {
+      "width": 540,
+      "height": 380
+    }
+  },
+  "nsis": {
+    "oneClick": false,
+    "perMachine": true,
+    "allowToChangeInstallationDirectory": true,
+    "artifactName": "Bitwarden-Connector-Installer-${version}.${ext}",
+    "uninstallDisplayName": "${productName}",
+    "deleteAppDataOnUninstall": true
+  },
+  "portable": {
+    "artifactName": "Bitwarden-Connector-Portable-${version}.${ext}"
+  },
+  "appImage": {
+    "artifactName": "Bitwarden-Connector-${version}-${arch}.${ext}"
+  }
+}

jest.config.js

@@ -0,0 +1,50 @@
+const { pathsToModuleNameMapper } = require("ts-jest");
+const { compilerOptions } = require("./tsconfig");
+
+const tsPreset = require("ts-jest/jest-preset");
+const angularPreset = require("jest-preset-angular/jest-preset");
+const { defaultTransformerOptions } = require("jest-preset-angular/presets");
+
+/** @type {import('ts-jest').JestConfigWithTsJest} */
+module.exports = {
+  // ...tsPreset,
+  // ...angularPreset,
+  preset: "jest-preset-angular",
+
+  reporters: ["default", "jest-junit"],
+
+  collectCoverage: true,
+  // Ensure we collect coverage from files without tests
+  collectCoverageFrom: ["src/**/*.ts"],
+  coverageReporters: ["html", "lcov"],
+  coverageDirectory: "coverage",
+
+  testEnvironment: "jsdom",
+  testMatch: ["**/+(*.)+(spec).+(ts)"],
+
+  roots: ["<rootDir>"],
+  modulePaths: [compilerOptions.baseUrl],
+  moduleNameMapper: pathsToModuleNameMapper(compilerOptions.paths, { prefix: "<rootDir>/" }),
+  setupFilesAfterEnv: ["<rootDir>/test.setup.ts"],
+
+  // Workaround for a memory leak that crashes tests in CI:
+  // https://github.com/facebook/jest/issues/9430#issuecomment-1149882002
+  // Also anecdotally improves performance when run locally
+  maxWorkers: 3,
+
+  transform: {
+    "^.+\\.tsx?$": [
+      "jest-preset-angular",
+      // 'ts-jest',
+      {
+        ...defaultTransformerOptions,
+        tsconfig: "./tsconfig.json",
+        // Further workaround for memory leak, recommended here:
+        // https://github.com/kulshekhar/ts-jest/issues/1967#issuecomment-697494014
+        // Makes tests run faster and reduces size/rate of leak, but loses typechecking on test code
+        // See https://bitwarden.atlassian.net/browse/EC-497 for more info
+        isolatedModules: true,
+      },
+    ],
+  },
+};

jslib/.gitignore

@@ -0,0 +1,9 @@
+.vs
+.idea
+node_modules
+npm-debug.log
+vwd.webinfo
+*.crx
+*.pem
+dist
+coverage

jslib/angular/spec/test.ts

@@ -0,0 +1,28 @@
+import { webcrypto } from "crypto";
+import "jest-preset-angular/setup-jest";
+
+Object.defineProperty(window, "CSS", { value: null });
+Object.defineProperty(window, "getComputedStyle", {
+  value: () => {
+    return {
+      display: "none",
+      appearance: ["-webkit-appearance"],
+    };
+  },
+});
+
+Object.defineProperty(document, "doctype", {
+  value: "<!DOCTYPE html>",
+});
+Object.defineProperty(document.body.style, "transform", {
+  value: () => {
+    return {
+      enumerable: true,
+      configurable: true,
+    };
+  },
+});
+
+Object.defineProperty(window, "crypto", {
+  value: webcrypto,
+});

jslib/angular/src/components/callout.component.html

@@ -0,0 +1,35 @@
+<div
+  #callout
+  class="callout callout-{{ calloutStyle }}"
+  [ngClass]="{ clickable: clickable }"
+  [attr.role]="useAlertRole ? 'alert' : null"
+>
+  <h3 class="callout-heading" *ngIf="title">
+    <i class="bwi {{ icon }}" *ngIf="icon" aria-hidden="true"></i>
+    {{ title }}
+  </h3>
+  <div class="enforced-policy-options" *ngIf="enforcedPolicyOptions">
+    {{ enforcedPolicyMessage }}
+    <ul>
+      <li *ngIf="enforcedPolicyOptions?.minComplexity > 0">
+        {{ "policyInEffectMinComplexity" | i18n: getPasswordScoreAlertDisplay() }}
+      </li>
+      <li *ngIf="enforcedPolicyOptions?.minLength > 0">
+        {{ "policyInEffectMinLength" | i18n: enforcedPolicyOptions?.minLength.toString() }}
+      </li>
+      <li *ngIf="enforcedPolicyOptions?.requireUpper">
+        {{ "policyInEffectUppercase" | i18n }}
+      </li>
+      <li *ngIf="enforcedPolicyOptions?.requireLower">
+        {{ "policyInEffectLowercase" | i18n }}
+      </li>
+      <li *ngIf="enforcedPolicyOptions?.requireNumbers">
+        {{ "policyInEffectNumbers" | i18n }}
+      </li>
+      <li *ngIf="enforcedPolicyOptions?.requireSpecial">
+        {{ "policyInEffectSpecial" | i18n: "!@#$%^&*" }}
+      </li>
+    </ul>
+  </div>
+  <ng-content></ng-content>
+</div>

jslib/angular/src/components/callout.component.ts

@@ -0,0 +1,78 @@
+import { Component, Input, OnInit } from "@angular/core";
+
+import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
+import { MasterPasswordPolicyOptions } from "@/jslib/common/src/models/domain/masterPasswordPolicyOptions";
+
+@Component({
+  selector: "app-callout",
+  templateUrl: "callout.component.html",
+})
+export class CalloutComponent implements OnInit {
+  @Input() type = "info";
+  @Input() icon: string;
+  @Input() title: string;
+  @Input() clickable: boolean;
+  @Input() enforcedPolicyOptions: MasterPasswordPolicyOptions;
+  @Input() enforcedPolicyMessage: string;
+  @Input() useAlertRole = false;
+
+  calloutStyle: string;
+
+  constructor(private i18nService: I18nService) {}
+
+  ngOnInit() {
+    this.calloutStyle = this.type;
+
+    if (this.enforcedPolicyMessage === undefined) {
+      this.enforcedPolicyMessage = this.i18nService.t("masterPasswordPolicyInEffect");
+    }
+
+    if (this.type === "warning" || this.type === "danger") {
+      if (this.type === "danger") {
+        this.calloutStyle = "danger";
+      }
+      if (this.title === undefined) {
+        this.title = this.i18nService.t("warning");
+      }
+      if (this.icon === undefined) {
+        this.icon = "bwi-exclamation-triangle";
+      }
+    } else if (this.type === "error") {
+      this.calloutStyle = "danger";
+      if (this.title === undefined) {
+        this.title = this.i18nService.t("error");
+      }
+      if (this.icon === undefined) {
+        this.icon = "bwi-error";
+      }
+    } else if (this.type === "tip") {
+      this.calloutStyle = "success";
+      if (this.title === undefined) {
+        this.title = this.i18nService.t("tip");
+      }
+      if (this.icon === undefined) {
+        this.icon = "bwi-lightbulb";
+      }
+    }
+  }
+
+  getPasswordScoreAlertDisplay() {
+    if (this.enforcedPolicyOptions == null) {
+      return "";
+    }
+
+    let str: string;
+    switch (this.enforcedPolicyOptions.minComplexity) {
+      case 4:
+        str = this.i18nService.t("strong");
+        break;
+      case 3:
+        str = this.i18nService.t("good");
+        break;
+      default:
+        str = this.i18nService.t("weak");
+        break;
+    }
+    return str + " (" + this.enforcedPolicyOptions.minComplexity + ")";
+  }
+}

jslib/angular/src/components/environment.component.ts

@@ -0,0 +1,63 @@
+import { Directive, EventEmitter, Output } from "@angular/core";
+
+import { EnvironmentService } from "@/jslib/common/src/abstractions/environment.service";
+import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
+import { PlatformUtilsService } from "@/jslib/common/src/abstractions/platformUtils.service";
+
+@Directive()
+export class EnvironmentComponent {
+  @Output() onSaved = new EventEmitter();
+
+  iconsUrl: string;
+  identityUrl: string;
+  apiUrl: string;
+  webVaultUrl: string;
+  notificationsUrl: string;
+  baseUrl: string;
+  showCustom = false;
+
+  constructor(
+    protected platformUtilsService: PlatformUtilsService,
+    protected environmentService: EnvironmentService,
+    protected i18nService: I18nService,
+  ) {
+    const urls = this.environmentService.getUrls();
+
+    this.baseUrl = urls.base || "";
+    this.webVaultUrl = urls.webVault || "";
+    this.apiUrl = urls.api || "";
+    this.identityUrl = urls.identity || "";
+    this.iconsUrl = urls.icons || "";
+    this.notificationsUrl = urls.notifications || "";
+  }
+
+  async submit() {
+    const resUrls = await this.environmentService.setUrls({
+      base: this.baseUrl,
+      api: this.apiUrl,
+      identity: this.identityUrl,
+      webVault: this.webVaultUrl,
+      icons: this.iconsUrl,
+      notifications: this.notificationsUrl,
+    });
+
+    // re-set urls since service can change them, ex: prefixing https://
+    this.baseUrl = resUrls.base;
+    this.apiUrl = resUrls.api;
+    this.identityUrl = resUrls.identity;
+    this.webVaultUrl = resUrls.webVault;
+    this.iconsUrl = resUrls.icons;
+    this.notificationsUrl = resUrls.notifications;
+
+    this.platformUtilsService.showToast("success", null, this.i18nService.t("environmentSaved"));
+    this.saved();
+  }
+
+  toggleCustom() {
+    this.showCustom = !this.showCustom;
+  }
+
+  protected saved() {
+    this.onSaved.emit();
+  }
+}

jslib/angular/src/components/icon.component.html

@@ -0,0 +1,11 @@
+<div class="icon" aria-hidden="true">
+  <img
+    [src]="image"
+    appFallbackSrc="{{ fallbackImage }}"
+    *ngIf="imageEnabled && image"
+    alt=""
+    decoding="async"
+    loading="lazy"
+  />
+  <i class="bwi bwi-fw bwi-lg {{ icon }}" *ngIf="!imageEnabled || !image"></i>
+</div>

jslib/angular/src/components/icon.component.ts

@@ -0,0 +1,115 @@
+import { Component, Input, OnChanges } from "@angular/core";
+
+import { EnvironmentService } from "@/jslib/common/src/abstractions/environment.service";
+import { StateService } from "@/jslib/common/src/abstractions/state.service";
+import { CipherType } from "@/jslib/common/src/enums/cipherType";
+import { Utils } from "@/jslib/common/src/misc/utils";
+import { CipherView } from "@/jslib/common/src/models/view/cipherView";
+
+/**
+ * Provides a mapping from supported card brands to
+ * the filenames of icon that should be present in images/cards folder of clients.
+ */
+const cardIcons: Record<string, string> = {
+  Visa: "card-visa",
+  Mastercard: "card-mastercard",
+  Amex: "card-amex",
+  Discover: "card-discover",
+  "Diners Club": "card-diners-club",
+  JCB: "card-jcb",
+  Maestro: "card-maestro",
+  UnionPay: "card-union-pay",
+};
+
+@Component({
+  selector: "app-vault-icon",
+  templateUrl: "icon.component.html",
+})
+export class IconComponent implements OnChanges {
+  @Input() cipher: CipherView;
+  icon: string;
+  image: string;
+  fallbackImage: string;
+  imageEnabled: boolean;
+
+  private iconsUrl: string;
+
+  constructor(
+    environmentService: EnvironmentService,
+    private stateService: StateService,
+  ) {
+    this.iconsUrl = environmentService.getIconsUrl();
+  }
+
+  async ngOnChanges() {
+    // Components may be re-used when using cdk-virtual-scroll. Which puts the component in a weird state,
+    // to avoid this we reset all state variables.
+    this.image = null;
+    this.fallbackImage = null;
+    this.imageEnabled = !(await this.stateService.getDisableFavicon());
+    this.load();
+  }
+
+  protected load() {
+    switch (this.cipher.type) {
+      case CipherType.Login:
+        this.icon = "bwi-globe";
+        this.setLoginIcon();
+        break;
+      case CipherType.SecureNote:
+        this.icon = "bwi-sticky-note";
+        break;
+      case CipherType.Card:
+        this.icon = "bwi-credit-card";
+        this.setCardIcon();
+        break;
+      case CipherType.Identity:
+        this.icon = "bwi-id-card";
+        break;
+      default:
+        break;
+    }
+  }
+
+  private setLoginIcon() {
+    if (this.cipher.login.uri) {
+      let hostnameUri = this.cipher.login.uri;
+      let isWebsite = false;
+
+      if (hostnameUri.indexOf("androidapp://") === 0) {
+        this.icon = "bwi-android";
+        this.image = null;
+      } else if (hostnameUri.indexOf("iosapp://") === 0) {
+        this.icon = "bwi-apple";
+        this.image = null;
+      } else if (
+        this.imageEnabled &&
+        hostnameUri.indexOf("://") === -1 &&
+        hostnameUri.indexOf(".") > -1
+      ) {
+        hostnameUri = "http://" + hostnameUri;
+        isWebsite = true;
+      } else if (this.imageEnabled) {
+        isWebsite = hostnameUri.indexOf("http") === 0 && hostnameUri.indexOf(".") > -1;
+      }
+
+      if (this.imageEnabled && isWebsite) {
+        try {
+          this.image = this.iconsUrl + "/" + Utils.getHostname(hostnameUri) + "/icon.png";
+          this.fallbackImage = "images/bwi-globe.png";
+        } catch (e) {
+          // Ignore error since the fallback icon will be shown if image is null.
+        }
+      }
+    } else {
+      this.image = null;
+    }
+  }
+
+  private setCardIcon() {
+    const brand = this.cipher.card.brand;
+    if (this.imageEnabled && brand in cardIcons) {
+      this.icon = "credit-card-icon " + cardIcons[brand];
+    }
+  }
+}

jslib/angular/src/components/modal/dynamic-modal.component.ts

@@ -0,0 +1,79 @@
+import { ConfigurableFocusTrap, ConfigurableFocusTrapFactory } from "@angular/cdk/a11y";
+import {
+  AfterViewInit,
+  ChangeDetectorRef,
+  Component,
+  ComponentRef,
+  ElementRef,
+  OnDestroy,
+  Type,
+  ViewChild,
+  ViewContainerRef,
+} from "@angular/core";
+
+import { ModalService } from "../../services/modal.service";
+
+import { ModalRef } from "./modal.ref";
+
+@Component({
+  selector: "app-modal",
+  template: "<ng-template #modalContent></ng-template>",
+})
+export class DynamicModalComponent implements AfterViewInit, OnDestroy {
+  componentRef: ComponentRef<any>;
+
+  @ViewChild("modalContent", { read: ViewContainerRef, static: true })
+  modalContentRef: ViewContainerRef;
+
+  childComponentType: Type<any>;
+  setComponentParameters: (component: any) => void;
+
+  private focusTrap: ConfigurableFocusTrap;
+
+  constructor(
+    private modalService: ModalService,
+    private cd: ChangeDetectorRef,
+    private el: ElementRef<HTMLElement>,
+    private focusTrapFactory: ConfigurableFocusTrapFactory,
+    public modalRef: ModalRef,
+  ) {}
+
+  ngAfterViewInit() {
+    this.loadChildComponent(this.childComponentType);
+    if (this.setComponentParameters != null) {
+      this.setComponentParameters(this.componentRef.instance);
+    }
+    this.cd.detectChanges();
+
+    this.modalRef.created(this.el.nativeElement);
+    this.focusTrap = this.focusTrapFactory.create(
+      this.el.nativeElement.querySelector(".modal-dialog"),
+    );
+    if (this.el.nativeElement.querySelector("[appAutoFocus]") == null) {
+      this.focusTrap.focusFirstTabbableElementWhenReady();
+    }
+  }
+
+  loadChildComponent(componentType: Type<any>) {
+    const componentFactory = this.modalService.resolveComponentFactory(componentType);
+
+    this.modalContentRef.clear();
+    this.componentRef = this.modalContentRef.createComponent(componentFactory);
+  }
+
+  ngOnDestroy() {
+    if (this.componentRef) {
+      this.componentRef.destroy();
+    }
+    this.focusTrap.destroy();
+  }
+
+  close() {
+    this.modalRef.close();
+  }
+
+  getFocus() {
+    const autoFocusEl = this.el.nativeElement.querySelector("[appAutoFocus]") as HTMLElement;
+    autoFocusEl?.focus();
+  }
+}

jslib/angular/src/components/modal/modal-injector.ts

@@ -0,0 +1,21 @@
+import { InjectFlags, InjectOptions, Injector, ProviderToken } from "@angular/core";
+
+export class ModalInjector implements Injector {
+  constructor(
+    private _parentInjector: Injector,
+    private _additionalTokens: WeakMap<any, any>,
+  ) {}
+
+  get<T>(
+    token: ProviderToken<T>,
+    notFoundValue: undefined,
+    options: InjectOptions & { optional?: false },
+  ): T;
+  get<T>(token: ProviderToken<T>, notFoundValue: null, options: InjectOptions): T;
+  get<T>(token: ProviderToken<T>, notFoundValue?: T, options?: InjectOptions | InjectFlags): T;
+  get<T>(token: ProviderToken<T>, notFoundValue?: T, flags?: InjectFlags): T;
+  get(token: any, notFoundValue?: any): any;
+  get(token: any, notFoundValue?: any, flags?: any): any {
+    return this._additionalTokens.get(token) ?? this._parentInjector.get<any>(token, notFoundValue);
+  }
+}

jslib/angular/src/components/modal/modal.ref.ts

@@ -0,0 +1,50 @@
+import { Observable, Subject } from "rxjs";
+import { first } from "rxjs/operators";
+
+export class ModalRef {
+  onCreated: Observable<HTMLElement>; // Modal added to the DOM.
+  onClose: Observable<any>; // Initiated close.
+  onClosed: Observable<any>; // Modal was closed (Remove element from DOM)
+  onShow: Observable<void>; // Start showing modal
+  onShown: Observable<void>; // Modal is fully visible
+
+  private readonly _onCreated = new Subject<HTMLElement>();
+  private readonly _onClose = new Subject<any>();
+  private readonly _onClosed = new Subject<any>();
+  private readonly _onShow = new Subject<void>();
+  private readonly _onShown = new Subject<void>();
+  private lastResult: any;
+
+  constructor() {
+    this.onCreated = this._onCreated.asObservable();
+    this.onClose = this._onClose.asObservable();
+    this.onClosed = this._onClosed.asObservable();
+    this.onShow = this._onShow.asObservable();
+    this.onShown = this._onShow.asObservable();
+  }
+
+  show() {
+    this._onShow.next();
+  }
+
+  shown() {
+    this._onShown.next();
+  }
+
+  close(result?: any) {
+    this.lastResult = result;
+    this._onClose.next(result);
+  }
+
+  closed() {
+    this._onClosed.next(this.lastResult);
+  }
+
+  created(el: HTMLElement) {
+    this._onCreated.next(el);
+  }
+
+  onClosedPromise(): Promise<any> {
+    return this.onClosed.pipe(first()).toPromise();
+  }
+}

jslib/angular/src/components/password-reprompt.component.ts

@@ -0,0 +1,41 @@
+import { Directive } from "@angular/core";
+
+import { CryptoService } from "@/jslib/common/src/abstractions/crypto.service";
+import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
+import { PlatformUtilsService } from "@/jslib/common/src/abstractions/platformUtils.service";
+
+import { ModalRef } from "./modal/modal.ref";
+
+/**
+ * Used to verify the user's Master Password for the "Master Password Re-prompt" feature only.
+ * See UserVerificationComponent for any other situation where you need to verify the user's identity.
+ */
+@Directive()
+export class PasswordRepromptComponent {
+  showPassword = false;
+  masterPassword = "";
+
+  constructor(
+    private modalRef: ModalRef,
+    private cryptoService: CryptoService,
+    private platformUtilsService: PlatformUtilsService,
+    private i18nService: I18nService,
+  ) {}
+
+  togglePassword() {
+    this.showPassword = !this.showPassword;
+  }
+
+  async submit() {
+    if (!(await this.cryptoService.compareAndUpdateKeyHash(this.masterPassword, null))) {
+      this.platformUtilsService.showToast(
+        "error",
+        this.i18nService.t("errorOccurred"),
+        this.i18nService.t("invalidMasterPassword"),
+      );
+      return;
+    }
+
+    this.modalRef.close(true);
+  }
+}

jslib/angular/src/components/toastr.component.ts

@@ -0,0 +1,98 @@
+import { animate, state, style, transition, trigger } from "@angular/animations";
+import { CommonModule } from "@angular/common";
+import { Component, ModuleWithProviders, NgModule } from "@angular/core";
+import {
+  DefaultNoComponentGlobalConfig,
+  GlobalConfig,
+  Toast as BaseToast,
+  ToastPackage,
+  ToastrService,
+  TOAST_CONFIG,
+} from "ngx-toastr";
+
+@Component({
+  selector: "[toast-component2]",
+  template: `
+    <button
+      *ngIf="options.closeButton"
+      (click)="remove()"
+      type="button"
+      class="toast-close-button"
+      aria-label="Close"
+    >
+      <span aria-hidden="true">&times;</span>
+    </button>
+    <div class="icon">
+      <i></i>
+    </div>
+    <div>
+      <div *ngIf="title" [class]="options.titleClass" [attr.aria-label]="title">
+        {{ title }} <ng-container *ngIf="duplicatesCount">[{{ duplicatesCount + 1 }}]</ng-container>
+      </div>
+      <div
+        *ngIf="message && options.enableHtml"
+        role="alertdialog"
+        aria-live="polite"
+        [class]="options.messageClass"
+        [innerHTML]="message"
+      ></div>
+      <div
+        *ngIf="message && !options.enableHtml"
+        role="alertdialog"
+        aria-live="polite"
+        [class]="options.messageClass"
+        [attr.aria-label]="message"
+      >
+        {{ message }}
+      </div>
+    </div>
+    <div *ngIf="options.progressBar">
+      <div class="toast-progress" [style.width]="width + '%'"></div>
+    </div>
+  `,
+  animations: [
+    trigger("flyInOut", [
+      state("inactive", style({ opacity: 0 })),
+      state("active", style({ opacity: 1 })),
+      state("removed", style({ opacity: 0 })),
+      transition("inactive => active", animate("{{ easeTime }}ms {{ easing }}")),
+      transition("active => removed", animate("{{ easeTime }}ms {{ easing }}")),
+    ]),
+  ],
+  preserveWhitespaces: false,
+})
+export class BitwardenToast extends BaseToast {
+  constructor(
+    protected toastrService: ToastrService,
+    public toastPackage: ToastPackage,
+  ) {
+    super(toastrService, toastPackage);
+  }
+}
+
+export const BitwardenToastGlobalConfig: GlobalConfig = {
+  ...DefaultNoComponentGlobalConfig,
+  toastComponent: BitwardenToast,
+};
+
+@NgModule({
+  imports: [CommonModule],
+  declarations: [BitwardenToast],
+  exports: [BitwardenToast],
+})
+export class BitwardenToastModule {
+  static forRoot(config: Partial<GlobalConfig> = {}): ModuleWithProviders<BitwardenToastModule> {
+    return {
+      ngModule: BitwardenToastModule,
+      providers: [
+        {
+          provide: TOAST_CONFIG,
+          useValue: {
+            default: BitwardenToastGlobalConfig,
+            config: config,
+          },
+        },
+      ],
+    };
+  }
+}

jslib/angular/src/directives/a11y-title.directive.ts

@@ -0,0 +1,26 @@
+import { Directive, ElementRef, Input, Renderer2 } from "@angular/core";
+
+@Directive({
+  selector: "[appA11yTitle]",
+})
+export class A11yTitleDirective {
+  @Input() set appA11yTitle(title: string) {
+    this.title = title;
+  }
+
+  private title: string;
+
+  constructor(
+    private el: ElementRef,
+    private renderer: Renderer2,
+  ) {}
+
+  ngOnInit() {
+    if (!this.el.nativeElement.hasAttribute("title")) {
+      this.renderer.setAttribute(this.el.nativeElement, "title", this.title);
+    }
+    if (!this.el.nativeElement.hasAttribute("aria-label")) {
+      this.renderer.setAttribute(this.el.nativeElement, "aria-label", this.title);
+    }
+  }
+}

jslib/angular/src/directives/api-action.directive.ts

@@ -0,0 +1,49 @@
+import { Directive, ElementRef, Input, OnChanges } from "@angular/core";
+
+import { LogService } from "@/jslib/common/src/abstractions/log.service";
+import { ErrorResponse } from "@/jslib/common/src/models/response/errorResponse";
+
+import { ValidationService } from "../services/validation.service";
+
+/**
+ * Provides error handling, in particular for any error returned by the server in an api call.
+ * Attach it to a <form> element and provide the name of the class property that will hold the api call promise.
+ * e.g. <form [appApiAction]="this.formPromise">
+ * Any errors/rejections that occur will be intercepted and displayed as error toasts.
+ */
+@Directive({
+  selector: "[appApiAction]",
+})
+export class ApiActionDirective implements OnChanges {
+  @Input() appApiAction: Promise<any>;
+
+  constructor(
+    private el: ElementRef,
+    private validationService: ValidationService,
+    private logService: LogService,
+  ) {}
+
+  ngOnChanges(changes: any) {
+    if (this.appApiAction == null || this.appApiAction.then == null) {
+      return;
+    }
+
+    this.el.nativeElement.loading = true;
+
+    this.appApiAction.then(
+      (response: any) => {
+        this.el.nativeElement.loading = false;
+      },
+      (e: any) => {
+        this.el.nativeElement.loading = false;
+
+        if ((e as ErrorResponse).captchaRequired) {
+          this.logService.error("Captcha required error response: " + e.getSingleMessage());
+          return;
+        }
+        this.logService?.error(`Received API exception: ${e}`);
+        this.validationService.showError(e);
+      },
+    );
+  }
+}

jslib/angular/src/directives/autofocus.directive.ts

@@ -0,0 +1,30 @@
+import { Directive, ElementRef, Input, NgZone } from "@angular/core";
+import { take } from "rxjs/operators";
+
+import { Utils } from "@/jslib/common/src/misc/utils";
+
+@Directive({
+  selector: "[appAutofocus]",
+})
+export class AutofocusDirective {
+  @Input() set appAutofocus(condition: boolean | string) {
+    this.autofocus = condition === "" || condition === true;
+  }
+
+  private autofocus: boolean;
+
+  constructor(
+    private el: ElementRef,
+    private ngZone: NgZone,
+  ) {}
+
+  ngOnInit() {
+    if (!Utils.isMobileBrowser && this.autofocus) {
+      if (this.ngZone.isStable) {
+        this.el.nativeElement.focus();
+      } else {
+        this.ngZone.onStable.pipe(take(1)).subscribe(() => this.el.nativeElement.focus());
+      }
+    }
+  }
+}

jslib/angular/src/directives/blur-click.directive.ts

@@ -0,0 +1,12 @@
+import { Directive, ElementRef, HostListener } from "@angular/core";
+
+@Directive({
+  selector: "[appBlurClick]",
+})
+export class BlurClickDirective {
+  constructor(private el: ElementRef) {}
+
+  @HostListener("click") onClick() {
+    this.el.nativeElement.blur();
+  }
+}

jslib/angular/src/directives/box-row.directive.ts

@@ -0,0 +1,59 @@
+import { Directive, ElementRef, HostListener, OnInit } from "@angular/core";
+
+@Directive({
+  selector: "[appBoxRow]",
+})
+export class BoxRowDirective implements OnInit {
+  el: HTMLElement = null;
+  formEls: Element[];
+
+  constructor(elRef: ElementRef) {
+    this.el = elRef.nativeElement;
+  }
+
+  ngOnInit(): void {
+    this.formEls = Array.from(
+      this.el.querySelectorAll('input:not([type="hidden"]), select, textarea'),
+    );
+    this.formEls.forEach((formEl) => {
+      formEl.addEventListener(
+        "focus",
+        () => {
+          this.el.classList.add("active");
+        },
+        false,
+      );
+
+      formEl.addEventListener(
+        "blur",
+        () => {
+          this.el.classList.remove("active");
+        },
+        false,
+      );
+    });
+  }
+
+  @HostListener("click", ["$event"]) onClick(event: Event) {
+    const target = event.target as HTMLElement;
+    if (
+      target !== this.el &&
+      !target.classList.contains("progress") &&
+      !target.classList.contains("progress-bar")
+    ) {
+      return;
+    }
+
+    if (this.formEls.length > 0) {
+      const formEl = this.formEls[0] as HTMLElement;
+      if (formEl.tagName.toLowerCase() === "input") {
+        const inputEl = formEl as HTMLInputElement;
+        if (inputEl.type != null && inputEl.type.toLowerCase() === "checkbox") {
+          inputEl.click();
+          return;
+        }
+      }
+      formEl.focus();
+    }
+  }
+}

jslib/angular/src/directives/fallback-src.directive.ts

@@ -0,0 +1,14 @@
+import { Directive, ElementRef, HostListener, Input } from "@angular/core";
+
+@Directive({
+  selector: "[appFallbackSrc]",
+})
+export class FallbackSrcDirective {
+  @Input("appFallbackSrc") appFallbackSrc: string;
+
+  constructor(private el: ElementRef) {}
+
+  @HostListener("error") onError() {
+    this.el.nativeElement.src = this.appFallbackSrc;
+  }
+}

jslib/angular/src/directives/stop-click.directive.ts

@@ -0,0 +1,10 @@
+import { Directive, HostListener } from "@angular/core";
+
+@Directive({
+  selector: "[appStopClick]",
+})
+export class StopClickDirective {
+  @HostListener("click", ["$event"]) onClick($event: MouseEvent) {
+    $event.preventDefault();
+  }
+}

jslib/angular/src/directives/stop-prop.directive.ts

@@ -0,0 +1,10 @@
+import { Directive, HostListener } from "@angular/core";
+
+@Directive({
+  selector: "[appStopProp]",
+})
+export class StopPropDirective {
+  @HostListener("click", ["$event"]) onClick($event: MouseEvent) {
+    $event.stopPropagation();
+  }
+}

jslib/angular/src/pipes/i18n.pipe.ts

@@ -0,0 +1,14 @@
+import { Pipe, PipeTransform } from "@angular/core";
+
+import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
+
+@Pipe({
+  name: "i18n",
+})
+export class I18nPipe implements PipeTransform {
+  constructor(private i18nService: I18nService) {}
+
+  transform(id: string, p1?: string, p2?: string, p3?: string): string {
+    return this.i18nService.t(id, p1, p2, p3);
+  }
+}

jslib/angular/src/pipes/search-ciphers.pipe.ts

@@ -0,0 +1,41 @@
+import { Pipe, PipeTransform } from "@angular/core";
+
+import { CipherView } from "@/jslib/common/src/models/view/cipherView";
+
+@Pipe({
+  name: "searchCiphers",
+})
+export class SearchCiphersPipe implements PipeTransform {
+  transform(ciphers: CipherView[], searchText: string, deleted = false): CipherView[] {
+    if (ciphers == null || ciphers.length === 0) {
+      return [];
+    }
+
+    if (searchText == null || searchText.length < 2) {
+      return ciphers.filter((c) => {
+        return deleted !== c.isDeleted;
+      });
+    }
+
+    searchText = searchText.trim().toLowerCase();
+    return ciphers.filter((c) => {
+      if (deleted !== c.isDeleted) {
+        return false;
+      }
+      if (c.name != null && c.name.toLowerCase().indexOf(searchText) > -1) {
+        return true;
+      }
+      if (searchText.length >= 8 && c.id.startsWith(searchText)) {
+        return true;
+      }
+      if (c.subTitle != null && c.subTitle.toLowerCase().indexOf(searchText) > -1) {
+        return true;
+      }
+      if (c.login && c.login.uri != null && c.login.uri.toLowerCase().indexOf(searchText) > -1) {
+        return true;
+      }
+
+      return false;
+    });
+  }
+}

jslib/angular/src/scss/bwicons/styles/style.scss

@@ -0,0 +1,251 @@
+$icomoon-font-family: "bwi-font" !default;
+$icomoon-font-path: "/jslib/angular/src/scss/bwicons/fonts/" !default;
+
+// New font sheet? Update the font-face information below
+@font-face {
+  font-family: "#{$icomoon-font-family}";
+  src:
+    url($icomoon-font-path + "bwi-font.svg") format("svg"),
+    url($icomoon-font-path + "bwi-font.ttf") format("truetype"),
+    url($icomoon-font-path + "bwi-font.woff") format("woff"),
+    url($icomoon-font-path + "bwi-font.woff2") format("woff2");
+  font-weight: normal;
+  font-style: normal;
+  font-display: block;
+}
+
+// Base Class
+.bwi {
+  /* use !important to prevent issues with browser extensions that change fonts */
+  font-family: "#{$icomoon-font-family}" !important;
+  speak: never;
+  font-style: normal;
+  font-weight: normal;
+  font-variant: normal;
+  text-transform: none;
+  line-height: 1;
+  display: inline-block;
+  /* Better Font Rendering */
+  -webkit-font-smoothing: antialiased;
+  -moz-osx-font-smoothing: grayscale;
+}
+
+// Fixed Width Icons
+.bwi-fw {
+  width: calc(18em / 14);
+  text-align: center;
+}
+
+// Sizing Changes
+.bwi-sm {
+  font-size: 0.875em;
+}
+
+.bwi-lg {
+  font-size: calc(4em / 3);
+  line-height: calc(3em / 4);
+  vertical-align: -15%;
+}
+
+.bwi-2x {
+  font-size: 2em;
+}
+
+.bwi-3x {
+  font-size: 3em;
+}
+
+.bwi-4x {
+  font-size: 4em;
+}
+
+// Spin Animations
+.bwi-spin {
+  animation: bwi-spin 2s infinite linear;
+}
+
+@keyframes bwi-spin {
+  0% {
+    transform: rotate(0deg);
+  }
+  100% {
+    transform: rotate(359deg);
+  }
+}
+
+// List Icons
+.bwi-ul {
+  padding-left: 0;
+  margin-left: calc(30em / 14);
+  list-style-type: none;
+  > li {
+    position: relative;
+  }
+}
+
+.bwi-li {
+  position: absolute;
+  left: calc(-30em / 14);
+  width: calc(30em / 14);
+  top: calc(2em / 14);
+  text-align: center;
+  &.bwi-lg {
+    left: calc(-30em / 14) + calc(4em / 14);
+  }
+}
+
+// Rotation
+.bwi-rotate-270 {
+  transform: rotate(270deg);
+}
+
+// For new icons - add their glyph name and value to the map below
+$icons: (
+  "save-changes": "\e988",
+  "browser": "\e985",
+  "mobile": "\e986",
+  "cli": "\e987",
+  "providers": "\e983",
+  "vault": "\e984",
+  "folder-closed-f": "\e982",
+  "rocket": "\e9ee",
+  "ellipsis-h": "\e9ef",
+  "ellipsis-v": "\e9f0",
+  "safari": "\e974",
+  "opera": "\e975",
+  "firefox": "\e976",
+  "edge": "\e977",
+  "chrome": "\e978",
+  "star-f": "\e979",
+  "arrow-circle-up": "\e97a",
+  "arrow-circle-right": "\e97b",
+  "arrow-circle-left": "\e97c",
+  "arrow-circle-down": "\e97d",
+  "undo": "\e97e",
+  "bolt": "\e97f",
+  "puzzle": "\e980",
+  "rss": "\e973",
+  "dbl-angle-left": "\e970",
+  "dbl-angle-right": "\e971",
+  "hamburger": "\e972",
+  "bw-folder-open-f": "\e93e",
+  "desktop": "\e96a",
+  "angle-left": "\e96b",
+  "user": "\e900",
+  "user-f": "\e901",
+  "key": "\e902",
+  "share-square": "\e903",
+  "hashtag": "\e904",
+  "clone": "\e905",
+  "list-alt": "\e906",
+  "id-card": "\e907",
+  "credit-card": "\e908",
+  "globe": "\e909",
+  "sticky-note": "\e90a",
+  "folder": "\e90b",
+  "lock": "\e90c",
+  "lock-f": "\e90d",
+  "generate": "\e90e",
+  "generate-f": "\e90f",
+  "cog": "\e910",
+  "cog-f": "\e911",
+  "check-circle": "\e912",
+  "eye": "\e913",
+  "pencil-square": "\e914",
+  "bookmark": "\e915",
+  "files": "\e916",
+  "trash": "\e917",
+  "plus": "\e918",
+  "star": "\e919",
+  "list": "\e91a",
+  "angle-right": "\e91b",
+  "external-link": "\e91c",
+  "refresh": "\e91d",
+  "search": "\e91f",
+  "filter": "\e920",
+  "plus-circle": "\e921",
+  "user-circle": "\e922",
+  "question-circle": "\e923",
+  "cogs": "\e924",
+  "minus-circle": "\e925",
+  "send": "\e926",
+  "send-f": "\e927",
+  "download": "\e928",
+  "pencil": "\e929",
+  "sign-out": "\e92a",
+  "share": "\e92b",
+  "clock": "\e92c",
+  "angle-down": "\e92d",
+  "caret-down": "\e92e",
+  "square": "\e92f",
+  "collection": "\e930",
+  "bank": "\e931",
+  "shield": "\e932",
+  "stop": "\e933",
+  "plus-square": "\e934",
+  "save": "\e935",
+  "sign-in": "\e936",
+  "spinner": "\e937",
+  "dollar": "\e939",
+  "check": "\e93a",
+  "check-square": "\e93b",
+  "minus-square": "\e93c",
+  "close": "\e93d",
+  "share-arrow": "\e96c",
+  "paperclip": "\e93f",
+  "bitcoin": "\e940",
+  "cut": "\e941",
+  "frown": "\e942",
+  "folder-open": "\e943",
+  "bug": "\e946",
+  "chain-broken": "\e947",
+  "dashboard": "\e948",
+  "envelope": "\e949",
+  "exclamation-circle": "\e94a",
+  "exclamation-triangle": "\e94b",
+  "caret-right": "\e94c",
+  "file-pdf": "\e94e",
+  "file-text": "\e94f",
+  "info-circle": "\e952",
+  "lightbulb": "\e953",
+  "link": "\e954",
+  "linux": "\e956",
+  "long-arrow-right": "\e957",
+  "money": "\e958",
+  "play": "\e959",
+  "reddit": "\e95a",
+  "refresh-tab": "\e95b",
+  "sitemap": "\e95c",
+  "sliders": "\e95d",
+  "tag": "\e95e",
+  "thumb-tack": "\e95f",
+  "thumbs-up": "\e960",
+  "unlock": "\e962",
+  "users": "\e963",
+  "wrench": "\e965",
+  "ban": "\e967",
+  "camera": "\e968",
+  "chevron-up": "\e969",
+  "eye-slash": "\e96d",
+  "file": "\e96e",
+  "paste": "\e96f",
+  "github": "\e950",
+  "facebook": "\e94d",
+  "paypal": "\e938",
+  "google": "\e951",
+  "linkedin": "\e955",
+  "discourse": "\e91e",
+  "twitter": "\e961",
+  "youtube": "\e966",
+  "windows": "\e964",
+  "apple": "\e945",
+  "android": "\e944",
+  "error": "\e981",
+  "numbered-list": "\e989",
+);
+
+@each $name, $glyph in $icons {
+  .bwi-#{$name}:before {
+    content: $glyph;
+  }
+}

jslib/angular/src/scss/icons.scss

@@ -0,0 +1,44 @@
+$card-icons-base: "~@bitwarden/jslib-angular/src/images/cards/";
+$card-icons: (
+  "visa": $card-icons-base + "visa-light.png",
+  "amex": $card-icons-base + "amex-light.png",
+  "diners-club": $card-icons-base + "diners_club-light.png",
+  "discover": $card-icons-base + "discover-light.png",
+  "jcb": $card-icons-base + "jcb-light.png",
+  "maestro": $card-icons-base + "maestro-light.png",
+  "mastercard": $card-icons-base + "mastercard-light.png",
+  "union-pay": $card-icons-base + "union_pay-light.png",
+);
+
+$card-icons-dark: (
+  "visa": $card-icons-base + "visa-dark.png",
+  "amex": $card-icons-base + "amex-dark.png",
+  "diners-club": $card-icons-base + "diners_club-dark.png",
+  "discover": $card-icons-base + "discover-dark.png",
+  "jcb": $card-icons-base + "jcb-dark.png",
+  "maestro": $card-icons-base + "maestro-dark.png",
+  "mastercard": $card-icons-base + "mastercard-dark.png",
+  "union-pay": $card-icons-base + "union_pay-dark.png",
+);
+
+.credit-card-icon {
+  display: block; // Resolves the parent container being slighly to big
+  height: 19px;
+  width: 24px;
+  background-size: contain;
+  background-repeat: no-repeat;
+}
+
+@each $name, $url in $card-icons {
+  .card-#{$name} {
+    background-image: url("#{$url}");
+  }
+}
+
+@each $theme in $dark-icon-themes {
+  @each $name, $url in $card-icons-dark {
+    .#{$theme} .card-#{$name} {
+      background-image: url("#{$url}");
+    }
+  }
+}

jslib/angular/src/scss/webfonts.css

@@ -0,0 +1,89 @@
+@font-face {
+  font-family: "Open Sans";
+  font-style: italic;
+  font-weight: 300;
+  font-display: auto;
+  src: url(webfonts/Open_Sans-italic-300.woff) format("woff");
+  unicode-range: U+0-10FFFF;
+}
+
+@font-face {
+  font-family: "Open Sans";
+  font-style: italic;
+  font-weight: 400;
+  font-display: auto;
+  src: url(webfonts/Open_Sans-italic-400.woff) format("woff");
+  unicode-range: U+0-10FFFF;
+}
+
+@font-face {
+  font-family: "Open Sans";
+  font-style: italic;
+  font-weight: 600;
+  font-display: auto;
+  src: url(webfonts/Open_Sans-italic-600.woff) format("woff");
+  unicode-range: U+0-10FFFF;
+}
+
+@font-face {
+  font-family: "Open Sans";
+  font-style: italic;
+  font-weight: 700;
+  font-display: auto;
+  src: url(webfonts/Open_Sans-italic-700.woff) format("woff");
+  unicode-range: U+0-10FFFF;
+}
+
+@font-face {
+  font-family: "Open Sans";
+  font-style: italic;
+  font-weight: 800;
+  font-display: auto;
+  src: url(webfonts/Open_Sans-italic-800.woff) format("woff");
+  unicode-range: U+0-10FFFF;
+}
+
+@font-face {
+  font-family: "Open Sans";
+  font-style: normal;
+  font-weight: 300;
+  font-display: auto;
+  src: url(webfonts/Open_Sans-normal-300.woff) format("woff");
+  unicode-range: U+0-10FFFF;
+}
+
+@font-face {
+  font-family: "Open Sans";
+  font-style: normal;
+  font-weight: 400;
+  font-display: auto;
+  src: url(webfonts/Open_Sans-normal-400.woff) format("woff");
+  unicode-range: U+0-10FFFF;
+}
+
+@font-face {
+  font-family: "Open Sans";
+  font-style: normal;
+  font-weight: 600;
+  font-display: auto;
+  src: url(webfonts/Open_Sans-normal-600.woff) format("woff");
+  unicode-range: U+0-10FFFF;
+}
+
+@font-face {
+  font-family: "Open Sans";
+  font-style: normal;
+  font-weight: 700;
+  font-display: auto;
+  src: url(webfonts/Open_Sans-normal-700.woff) format("woff");
+  unicode-range: U+0-10FFFF;
+}
+
+@font-face {
+  font-family: "Open Sans";
+  font-style: normal;
+  font-weight: 800;
+  font-display: auto;
+  src: url(webfonts/Open_Sans-normal-800.woff) format("woff");
+  unicode-range: U+0-10FFFF;
+}

jslib/angular/src/services/broadcaster.service.ts

@@ -0,0 +1,6 @@
+import { Injectable } from "@angular/core";
+
+import { BroadcasterService as BaseBroadcasterService } from "@/jslib/common/src/services/broadcaster.service";
+
+@Injectable()
+export class BroadcasterService extends BaseBroadcasterService {}

jslib/angular/src/services/jslib-services.module.ts

@@ -0,0 +1,143 @@
+import { LOCALE_ID, NgModule } from "@angular/core";
+
+import { ApiService as ApiServiceAbstraction } from "@/jslib/common/src/abstractions/api.service";
+import { AppIdService as AppIdServiceAbstraction } from "@/jslib/common/src/abstractions/appId.service";
+import { BroadcasterService as BroadcasterServiceAbstraction } from "@/jslib/common/src/abstractions/broadcaster.service";
+import { CryptoService as CryptoServiceAbstraction } from "@/jslib/common/src/abstractions/crypto.service";
+import { CryptoFunctionService as CryptoFunctionServiceAbstraction } from "@/jslib/common/src/abstractions/cryptoFunction.service";
+import { EnvironmentService as EnvironmentServiceAbstraction } from "@/jslib/common/src/abstractions/environment.service";
+import { I18nService as I18nServiceAbstraction } from "@/jslib/common/src/abstractions/i18n.service";
+import { LogService } from "@/jslib/common/src/abstractions/log.service";
+import { MessagingService as MessagingServiceAbstraction } from "@/jslib/common/src/abstractions/messaging.service";
+import { PlatformUtilsService as PlatformUtilsServiceAbstraction } from "@/jslib/common/src/abstractions/platformUtils.service";
+import { StateService as StateServiceAbstraction } from "@/jslib/common/src/abstractions/state.service";
+import { StateMigrationService as StateMigrationServiceAbstraction } from "@/jslib/common/src/abstractions/stateMigration.service";
+import { StorageService as StorageServiceAbstraction } from "@/jslib/common/src/abstractions/storage.service";
+import { TokenService as TokenServiceAbstraction } from "@/jslib/common/src/abstractions/token.service";
+import { StateFactory } from "@/jslib/common/src/factories/stateFactory";
+import { Account } from "@/jslib/common/src/models/domain/account";
+import { GlobalState } from "@/jslib/common/src/models/domain/globalState";
+import { ApiService } from "@/jslib/common/src/services/api.service";
+import { AppIdService } from "@/jslib/common/src/services/appId.service";
+import { ConsoleLogService } from "@/jslib/common/src/services/consoleLog.service";
+import { CryptoService } from "@/jslib/common/src/services/crypto.service";
+import { EnvironmentService } from "@/jslib/common/src/services/environment.service";
+import { StateService } from "@/jslib/common/src/services/state.service";
+import { StateMigrationService } from "@/jslib/common/src/services/stateMigration.service";
+import { TokenService } from "@/jslib/common/src/services/token.service";
+
+import {
+  SafeInjectionToken,
+  SECURE_STORAGE,
+  WINDOW,
+} from "../../../../src/app/services/injection-tokens";
+import { SafeProvider, safeProvider } from "../../../../src/app/services/safe-provider";
+
+import { BroadcasterService } from "./broadcaster.service";
+import { ModalService } from "./modal.service";
+import { ValidationService } from "./validation.service";
+
+@NgModule({
+  declarations: [],
+  providers: [
+    safeProvider({ provide: WINDOW, useValue: window }),
+    safeProvider({
+      provide: LOCALE_ID as SafeInjectionToken<string>,
+      useFactory: (i18nService: I18nServiceAbstraction) => i18nService.translationLocale,
+      deps: [I18nServiceAbstraction],
+    }),
+    safeProvider(ValidationService),
+    safeProvider(ModalService),
+    safeProvider({
+      provide: AppIdServiceAbstraction,
+      useClass: AppIdService,
+      deps: [StorageServiceAbstraction],
+    }),
+    safeProvider({ provide: LogService, useFactory: () => new ConsoleLogService(false), deps: [] }),
+    safeProvider({
+      provide: EnvironmentServiceAbstraction,
+      useClass: EnvironmentService,
+      deps: [StateServiceAbstraction],
+    }),
+    safeProvider({
+      provide: TokenServiceAbstraction,
+      useClass: TokenService,
+      deps: [StateServiceAbstraction],
+    }),
+    safeProvider({
+      provide: CryptoServiceAbstraction,
+      useClass: CryptoService,
+      deps: [
+        CryptoFunctionServiceAbstraction,
+        PlatformUtilsServiceAbstraction,
+        LogService,
+        StateServiceAbstraction,
+      ],
+    }),
+    safeProvider({
+      provide: ApiServiceAbstraction,
+      useFactory: (
+        tokenService: TokenServiceAbstraction,
+        platformUtilsService: PlatformUtilsServiceAbstraction,
+        environmentService: EnvironmentServiceAbstraction,
+        messagingService: MessagingServiceAbstraction,
+        appIdService: AppIdServiceAbstraction,
+      ) =>
+        new ApiService(
+          tokenService,
+          platformUtilsService,
+          environmentService,
+          appIdService,
+          async (expired: boolean) => messagingService.send("logout", { expired: expired }),
+        ),
+      deps: [
+        TokenServiceAbstraction,
+        PlatformUtilsServiceAbstraction,
+        EnvironmentServiceAbstraction,
+        MessagingServiceAbstraction,
+        AppIdServiceAbstraction,
+      ],
+    }),
+    safeProvider({
+      provide: BroadcasterServiceAbstraction,
+      useClass: BroadcasterService,
+      useAngularDecorators: true,
+    }),
+    safeProvider({
+      provide: StateServiceAbstraction,
+      useFactory: (
+        storageService: StorageServiceAbstraction,
+        secureStorageService: StorageServiceAbstraction,
+        logService: LogService,
+        stateMigrationService: StateMigrationServiceAbstraction,
+      ) =>
+        new StateService(
+          storageService,
+          secureStorageService,
+          logService,
+          stateMigrationService,
+          new StateFactory(GlobalState, Account),
+        ),
+      deps: [
+        StorageServiceAbstraction,
+        SECURE_STORAGE,
+        LogService,
+        StateMigrationServiceAbstraction,
+      ],
+    }),
+    safeProvider({
+      provide: StateMigrationServiceAbstraction,
+      useFactory: (
+        storageService: StorageServiceAbstraction,
+        secureStorageService: StorageServiceAbstraction,
+      ) =>
+        new StateMigrationService(
+          storageService,
+          secureStorageService,
+          new StateFactory(GlobalState, Account),
+        ),
+      deps: [StorageServiceAbstraction, SECURE_STORAGE],
+    }),
+  ] satisfies SafeProvider[],
+})
+export class JslibServicesModule {}

jslib/angular/src/services/modal.service.ts

@@ -0,0 +1,180 @@
+import {
+  ApplicationRef,
+  ComponentFactory,
+  ComponentFactoryResolver,
+  ComponentRef,
+  EmbeddedViewRef,
+  Injectable,
+  Injector,
+  Type,
+  ViewContainerRef,
+} from "@angular/core";
+import { first } from "rxjs/operators";
+
+import { DynamicModalComponent } from "../components/modal/dynamic-modal.component";
+import { ModalInjector } from "../components/modal/modal-injector";
+import { ModalRef } from "../components/modal/modal.ref";
+
+export class ModalConfig<D = any> {
+  data?: D;
+  allowMultipleModals = false;
+}
+
+@Injectable()
+export class ModalService {
+  protected modalList: ComponentRef<DynamicModalComponent>[] = [];
+
+  // Lazy loaded modules are not available in componentFactoryResolver,
+  // therefore modules needs to manually initialize their resolvers.
+  private factoryResolvers: Map<Type<any>, ComponentFactoryResolver> = new Map();
+
+  constructor(
+    private componentFactoryResolver: ComponentFactoryResolver,
+    private applicationRef: ApplicationRef,
+    private injector: Injector,
+  ) {
+    document.addEventListener("keyup", (event) => {
+      if (event.key === "Escape" && this.modalCount > 0) {
+        this.topModal.instance.close();
+      }
+    });
+  }
+
+  get modalCount() {
+    return this.modalList.length;
+  }
+
+  private get topModal() {
+    return this.modalList[this.modalCount - 1];
+  }
+
+  async openViewRef<T>(
+    componentType: Type<T>,
+    viewContainerRef: ViewContainerRef,
+    setComponentParameters: (component: T) => void = null,
+  ): Promise<[ModalRef, T]> {
+    const [modalRef, modalComponentRef] = this.openInternal(componentType, null, false);
+    modalComponentRef.instance.setComponentParameters = setComponentParameters;
+
+    viewContainerRef.insert(modalComponentRef.hostView);
+
+    await modalRef.onCreated.pipe(first()).toPromise();
+
+    return [modalRef, modalComponentRef.instance.componentRef.instance];
+  }
+
+  open(componentType: Type<any>, config?: ModalConfig) {
+    if (!(config?.allowMultipleModals ?? false) && this.modalCount > 0) {
+      return;
+    }
+
+    // eslint-disable-next-line
+    const [modalRef, _] = this.openInternal(componentType, config, true);
+
+    return modalRef;
+  }
+
+  registerComponentFactoryResolver<T>(
+    componentType: Type<T>,
+    componentFactoryResolver: ComponentFactoryResolver,
+  ): void {
+    this.factoryResolvers.set(componentType, componentFactoryResolver);
+  }
+
+  resolveComponentFactory<T>(componentType: Type<T>): ComponentFactory<T> {
+    if (this.factoryResolvers.has(componentType)) {
+      return this.factoryResolvers.get(componentType).resolveComponentFactory(componentType);
+    }
+
+    return this.componentFactoryResolver.resolveComponentFactory(componentType);
+  }
+
+  protected openInternal(
+    componentType: Type<any>,
+    config?: ModalConfig,
+    attachToDom?: boolean,
+  ): [ModalRef, ComponentRef<DynamicModalComponent>] {
+    const [modalRef, componentRef] = this.createModalComponent(config);
+    componentRef.instance.childComponentType = componentType;
+
+    if (attachToDom) {
+      this.applicationRef.attachView(componentRef.hostView);
+      const domElem = (componentRef.hostView as EmbeddedViewRef<any>).rootNodes[0] as HTMLElement;
+      document.body.appendChild(domElem);
+    }
+
+    modalRef.onClosed.pipe(first()).subscribe(() => {
+      if (attachToDom) {
+        this.applicationRef.detachView(componentRef.hostView);
+      }
+      componentRef.destroy();
+
+      this.modalList.pop();
+      if (this.modalCount > 0) {
+        this.topModal.instance.getFocus();
+      }
+    });
+
+    this.setupHandlers(modalRef);
+
+    this.modalList.push(componentRef);
+
+    return [modalRef, componentRef];
+  }
+
+  protected setupHandlers(modalRef: ModalRef) {
+    let backdrop: HTMLElement = null;
+
+    // Add backdrop, setup [data-dismiss] handler.
+    modalRef.onCreated.pipe(first()).subscribe((el) => {
+      document.body.classList.add("modal-open");
+
+      const modalEl: HTMLElement = el.querySelector(".modal");
+      const dialogEl = modalEl.querySelector(".modal-dialog") as HTMLElement;
+
+      backdrop = document.createElement("div");
+      backdrop.className = "modal-backdrop fade";
+      backdrop.style.zIndex = `${this.modalCount}040`;
+      modalEl.prepend(backdrop);
+
+      dialogEl.addEventListener("click", (e: Event) => {
+        e.stopPropagation();
+      });
+      dialogEl.style.zIndex = `${this.modalCount}050`;
+
+      const modals = Array.from(
+        el.querySelectorAll('.modal-backdrop, .modal *[data-bs-dismiss="modal"]'),
+      );
+      for (const closeElement of modals) {
+        closeElement.addEventListener("click", () => {
+          modalRef.close();
+        });
+      }
+    });
+
+    // onClose is used in Web to hook into bootstrap. On other projects we pipe it directly to closed.
+    modalRef.onClose.pipe(first()).subscribe(() => {
+      modalRef.closed();
+
+      if (this.modalCount === 0) {
+        document.body.classList.remove("modal-open");
+      }
+    });
+  }
+
+  protected createModalComponent(
+    config: ModalConfig,
+  ): [ModalRef, ComponentRef<DynamicModalComponent>] {
+    const modalRef = new ModalRef();
+
+    const map = new WeakMap();
+    map.set(ModalConfig, config);
+    map.set(ModalRef, modalRef);
+
+    const componentFactory =
+      this.componentFactoryResolver.resolveComponentFactory(DynamicModalComponent);
+    const componentRef = componentFactory.create(new ModalInjector(this.injector, map));
+
+    return [modalRef, componentRef];
+  }
+}

jslib/angular/src/services/validation.service.ts

@@ -0,0 +1,38 @@
+import { Injectable } from "@angular/core";
+
+import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
+import { PlatformUtilsService } from "@/jslib/common/src/abstractions/platformUtils.service";
+import { ErrorResponse } from "@/jslib/common/src/models/response/errorResponse";
+
+@Injectable()
+export class ValidationService {
+  constructor(
+    private i18nService: I18nService,
+    private platformUtilsService: PlatformUtilsService,
+  ) {}
+
+  showError(data: any): string[] {
+    const defaultErrorMessage = this.i18nService.t("unexpectedError");
+    let errors: string[] = [];
+
+    if (data != null && typeof data === "string") {
+      errors.push(data);
+    } else if (data == null || typeof data !== "object") {
+      errors.push(defaultErrorMessage);
+    } else if (data.validationErrors != null) {
+      errors = errors.concat((data as ErrorResponse).getAllMessages());
+    } else {
+      errors.push(data.message ? data.message : defaultErrorMessage);
+    }
+
+    if (errors.length === 1) {
+      this.platformUtilsService.showToast("error", this.i18nService.t("errorOccurred"), errors[0]);
+    } else if (errors.length > 1) {
+      this.platformUtilsService.showToast("error", this.i18nService.t("errorOccurred"), errors, {
+        timeout: 5000 * errors.length,
+      });
+    }
+
+    return errors;
+  }
+}

jslib/common/spec/domain/attachment.spec.ts

@@ -0,0 +1,83 @@
+import { Substitute, Arg } from "@fluffy-spoon/substitute";
+
+import { CryptoService } from "@/jslib/common/src/abstractions/crypto.service";
+import { AttachmentData } from "@/jslib/common/src/models/data/attachmentData";
+import { Attachment } from "@/jslib/common/src/models/domain/attachment";
+import { SymmetricCryptoKey } from "@/jslib/common/src/models/domain/symmetricCryptoKey";
+import { ContainerService } from "@/jslib/common/src/services/container.service";
+
+import { makeStaticByteArray, mockEnc } from "../utils";
+
+describe("Attachment", () => {
+  let data: AttachmentData;
+
+  beforeEach(() => {
+    data = {
+      id: "id",
+      url: "url",
+      fileName: "fileName",
+      key: "key",
+      size: "1100",
+      sizeName: "1.1 KB",
+    };
+  });
+
+  it("Convert from empty", () => {
+    const data = new AttachmentData();
+    const attachment = new Attachment(data);
+
+    expect(attachment).toEqual({
+      id: null,
+      url: null,
+      size: undefined,
+      sizeName: null,
+      key: null,
+      fileName: null,
+    });
+  });
+
+  it("Convert", () => {
+    const attachment = new Attachment(data);
+
+    expect(attachment).toEqual({
+      size: "1100",
+      id: "id",
+      url: "url",
+      sizeName: "1.1 KB",
+      fileName: { encryptedString: "fileName", encryptionType: 0 },
+      key: { encryptedString: "key", encryptionType: 0 },
+    });
+  });
+
+  it("toAttachmentData", () => {
+    const attachment = new Attachment(data);
+    expect(attachment.toAttachmentData()).toEqual(data);
+  });
+
+  it("Decrypt", async () => {
+    const attachment = new Attachment();
+    attachment.id = "id";
+    attachment.url = "url";
+    attachment.size = "1100";
+    attachment.sizeName = "1.1 KB";
+    attachment.key = mockEnc("key");
+    attachment.fileName = mockEnc("fileName");
+
+    const cryptoService = Substitute.for<CryptoService>();
+    cryptoService.getOrgKey(null).resolves(null);
+    cryptoService.decryptToBytes(Arg.any(), Arg.any()).resolves(makeStaticByteArray(32));
+
+    (window as any).bitwardenContainerService = new ContainerService(cryptoService);
+
+    const view = await attachment.decrypt(null);
+
+    expect(view).toEqual({
+      id: "id",
+      url: "url",
+      size: "1100",
+      sizeName: "1.1 KB",
+      fileName: "fileName",
+      key: expect.any(SymmetricCryptoKey),
+    });
+  });
+});

jslib/common/spec/domain/card.spec.ts

@@ -0,0 +1,73 @@
+import { CardData } from "@/jslib/common/src/models/data/cardData";
+import { Card } from "@/jslib/common/src/models/domain/card";
+
+import { mockEnc } from "../utils";
+
+describe("Card", () => {
+  let data: CardData;
+
+  beforeEach(() => {
+    data = {
+      cardholderName: "encHolder",
+      brand: "encBrand",
+      number: "encNumber",
+      expMonth: "encMonth",
+      expYear: "encYear",
+      code: "encCode",
+    };
+  });
+
+  it("Convert from empty", () => {
+    const data = new CardData();
+    const card = new Card(data);
+
+    expect(card).toEqual({
+      cardholderName: null,
+      brand: null,
+      number: null,
+      expMonth: null,
+      expYear: null,
+      code: null,
+    });
+  });
+
+  it("Convert", () => {
+    const card = new Card(data);
+
+    expect(card).toEqual({
+      cardholderName: { encryptedString: "encHolder", encryptionType: 0 },
+      brand: { encryptedString: "encBrand", encryptionType: 0 },
+      number: { encryptedString: "encNumber", encryptionType: 0 },
+      expMonth: { encryptedString: "encMonth", encryptionType: 0 },
+      expYear: { encryptedString: "encYear", encryptionType: 0 },
+      code: { encryptedString: "encCode", encryptionType: 0 },
+    });
+  });
+
+  it("toCardData", () => {
+    const card = new Card(data);
+    expect(card.toCardData()).toEqual(data);
+  });
+
+  it("Decrypt", async () => {
+    const card = new Card();
+    card.cardholderName = mockEnc("cardHolder");
+    card.brand = mockEnc("brand");
+    card.number = mockEnc("number");
+    card.expMonth = mockEnc("expMonth");
+    card.expYear = mockEnc("expYear");
+    card.code = mockEnc("code");
+
+    const view = await card.decrypt(null);
+
+    expect(view).toEqual({
+      _brand: "brand",
+      _number: "number",
+      _subTitle: null,
+      cardholderName: "cardHolder",
+      code: "code",
+      expMonth: "expMonth",
+      expYear: "expYear",
+    });
+  });
+});

jslib/common/spec/domain/cipher.spec.ts

@@ -0,0 +1,599 @@
+import { Substitute, Arg } from "@fluffy-spoon/substitute";
+
+import { CipherRepromptType } from "@/jslib/common/src/enums/cipherRepromptType";
+import { CipherType } from "@/jslib/common/src/enums/cipherType";
+import { FieldType } from "@/jslib/common/src/enums/fieldType";
+import { SecureNoteType } from "@/jslib/common/src/enums/secureNoteType";
+import { UriMatchType } from "@/jslib/common/src/enums/uriMatchType";
+import { CipherData } from "@/jslib/common/src/models/data/cipherData";
+import { Card } from "@/jslib/common/src/models/domain/card";
+import { Cipher } from "@/jslib/common/src/models/domain/cipher";
+import { Identity } from "@/jslib/common/src/models/domain/identity";
+import { Login } from "@/jslib/common/src/models/domain/login";
+import { SecureNote } from "@/jslib/common/src/models/domain/secureNote";
+import { CardView } from "@/jslib/common/src/models/view/cardView";
+import { IdentityView } from "@/jslib/common/src/models/view/identityView";
+import { LoginView } from "@/jslib/common/src/models/view/loginView";
+
+import { mockEnc } from "../utils";
+
+describe("Cipher DTO", () => {
+  it("Convert from empty CipherData", () => {
+    const data = new CipherData();
+    const cipher = new Cipher(data);
+
+    expect(cipher).toEqual({
+      id: null,
+      userId: null,
+      organizationId: null,
+      folderId: null,
+      name: null,
+      notes: null,
+      type: undefined,
+      favorite: undefined,
+      organizationUseTotp: undefined,
+      edit: undefined,
+      viewPassword: true,
+      revisionDate: null,
+      collectionIds: undefined,
+      localData: null,
+      deletedDate: null,
+      reprompt: undefined,
+      attachments: null,
+      fields: null,
+      passwordHistory: null,
+    });
+  });
+
+  describe("LoginCipher", () => {
+    let cipherData: CipherData;
+
+    beforeEach(() => {
+      cipherData = {
+        id: "id",
+        organizationId: "orgId",
+        folderId: "folderId",
+        userId: "userId",
+        edit: true,
+        viewPassword: true,
+        organizationUseTotp: true,
+        favorite: false,
+        revisionDate: "2022-01-31T12:00:00.000Z",
+        type: CipherType.Login,
+        name: "EncryptedString",
+        notes: "EncryptedString",
+        deletedDate: null,
+        reprompt: CipherRepromptType.None,
+        login: {
+          uris: [{ uri: "EncryptedString", match: UriMatchType.Domain }],
+          username: "EncryptedString",
+          password: "EncryptedString",
+          passwordRevisionDate: "2022-01-31T12:00:00.000Z",
+          totp: "EncryptedString",
+          autofillOnPageLoad: false,
+        },
+        passwordHistory: [
+          { password: "EncryptedString", lastUsedDate: "2022-01-31T12:00:00.000Z" },
+        ],
+        attachments: [
+          {
+            id: "a1",
+            url: "url",
+            size: "1100",
+            sizeName: "1.1 KB",
+            fileName: "file",
+            key: "EncKey",
+          },
+          {
+            id: "a2",
+            url: "url",
+            size: "1100",
+            sizeName: "1.1 KB",
+            fileName: "file",
+            key: "EncKey",
+          },
+        ],
+        fields: [
+          {
+            name: "EncryptedString",
+            value: "EncryptedString",
+            type: FieldType.Text,
+            linkedId: null,
+          },
+          {
+            name: "EncryptedString",
+            value: "EncryptedString",
+            type: FieldType.Hidden,
+            linkedId: null,
+          },
+        ],
+      };
+    });
+
+    it("Convert", () => {
+      const cipher = new Cipher(cipherData);
+
+      expect(cipher).toEqual({
+        id: "id",
+        userId: "userId",
+        organizationId: "orgId",
+        folderId: "folderId",
+        name: { encryptedString: "EncryptedString", encryptionType: 0 },
+        notes: { encryptedString: "EncryptedString", encryptionType: 0 },
+        type: 1,
+        favorite: false,
+        organizationUseTotp: true,
+        edit: true,
+        viewPassword: true,
+        revisionDate: new Date("2022-01-31T12:00:00.000Z"),
+        collectionIds: undefined,
+        localData: null,
+        deletedDate: null,
+        reprompt: 0,
+        login: {
+          passwordRevisionDate: new Date("2022-01-31T12:00:00.000Z"),
+          autofillOnPageLoad: false,
+          username: { encryptedString: "EncryptedString", encryptionType: 0 },
+          password: { encryptedString: "EncryptedString", encryptionType: 0 },
+          totp: { encryptedString: "EncryptedString", encryptionType: 0 },
+          uris: [{ match: 0, uri: { encryptedString: "EncryptedString", encryptionType: 0 } }],
+        },
+        attachments: [
+          {
+            fileName: { encryptedString: "file", encryptionType: 0 },
+            id: "a1",
+            key: { encryptedString: "EncKey", encryptionType: 0 },
+            size: "1100",
+            sizeName: "1.1 KB",
+            url: "url",
+          },
+          {
+            fileName: { encryptedString: "file", encryptionType: 0 },
+            id: "a2",
+            key: { encryptedString: "EncKey", encryptionType: 0 },
+            size: "1100",
+            sizeName: "1.1 KB",
+            url: "url",
+          },
+        ],
+        fields: [
+          {
+            linkedId: null,
+            name: { encryptedString: "EncryptedString", encryptionType: 0 },
+            type: 0,
+            value: { encryptedString: "EncryptedString", encryptionType: 0 },
+          },
+          {
+            linkedId: null,
+            name: { encryptedString: "EncryptedString", encryptionType: 0 },
+            type: 1,
+            value: { encryptedString: "EncryptedString", encryptionType: 0 },
+          },
+        ],
+        passwordHistory: [
+          {
+            lastUsedDate: new Date("2022-01-31T12:00:00.000Z"),
+            password: { encryptedString: "EncryptedString", encryptionType: 0 },
+          },
+        ],
+      });
+    });
+
+    it("toCipherData", () => {
+      const cipher = new Cipher(cipherData);
+      expect(cipher.toCipherData("userId")).toEqual(cipherData);
+    });
+
+    it("Decrypt", async () => {
+      const cipher = new Cipher();
+      cipher.id = "id";
+      cipher.organizationId = "orgId";
+      cipher.folderId = "folderId";
+      cipher.edit = true;
+      cipher.viewPassword = true;
+      cipher.organizationUseTotp = true;
+      cipher.favorite = false;
+      cipher.revisionDate = new Date("2022-01-31T12:00:00.000Z");
+      cipher.type = CipherType.Login;
+      cipher.name = mockEnc("EncryptedString");
+      cipher.notes = mockEnc("EncryptedString");
+      cipher.deletedDate = null;
+      cipher.reprompt = CipherRepromptType.None;
+
+      const loginView = new LoginView();
+      loginView.username = "username";
+      loginView.password = "password";
+
+      const login = Substitute.for<Login>();
+      login.decrypt(Arg.any(), Arg.any()).resolves(loginView);
+      cipher.login = login;
+
+      const cipherView = await cipher.decrypt();
+
+      expect(cipherView).toMatchObject({
+        id: "id",
+        organizationId: "orgId",
+        folderId: "folderId",
+        name: "EncryptedString",
+        notes: "EncryptedString",
+        type: 1,
+        favorite: false,
+        organizationUseTotp: true,
+        edit: true,
+        viewPassword: true,
+        login: loginView,
+        attachments: null,
+        fields: null,
+        passwordHistory: null,
+        collectionIds: undefined,
+        revisionDate: new Date("2022-01-31T12:00:00.000Z"),
+        deletedDate: null,
+        reprompt: 0,
+        localData: undefined,
+      });
+    });
+  });
+
+  describe("SecureNoteCipher", () => {
+    let cipherData: CipherData;
+
+    beforeEach(() => {
+      cipherData = {
+        id: "id",
+        organizationId: "orgId",
+        folderId: "folderId",
+        userId: "userId",
+        edit: true,
+        viewPassword: true,
+        organizationUseTotp: true,
+        favorite: false,
+        revisionDate: "2022-01-31T12:00:00.000Z",
+        type: CipherType.SecureNote,
+        name: "EncryptedString",
+        notes: "EncryptedString",
+        deletedDate: null,
+        reprompt: CipherRepromptType.None,
+        secureNote: {
+          type: SecureNoteType.Generic,
+        },
+      };
+    });
+
+    it("Convert", () => {
+      const cipher = new Cipher(cipherData);
+
+      expect(cipher).toEqual({
+        id: "id",
+        userId: "userId",
+        organizationId: "orgId",
+        folderId: "folderId",
+        name: { encryptedString: "EncryptedString", encryptionType: 0 },
+        notes: { encryptedString: "EncryptedString", encryptionType: 0 },
+        type: 2,
+        favorite: false,
+        organizationUseTotp: true,
+        edit: true,
+        viewPassword: true,
+        revisionDate: new Date("2022-01-31T12:00:00.000Z"),
+        collectionIds: undefined,
+        localData: null,
+        deletedDate: null,
+        reprompt: 0,
+        secureNote: { type: SecureNoteType.Generic },
+        attachments: null,
+        fields: null,
+        passwordHistory: null,
+      });
+    });
+
+    it("toCipherData", () => {
+      const cipher = new Cipher(cipherData);
+      expect(cipher.toCipherData("userId")).toEqual(cipherData);
+    });
+
+    it("Decrypt", async () => {
+      const cipher = new Cipher();
+      cipher.id = "id";
+      cipher.organizationId = "orgId";
+      cipher.folderId = "folderId";
+      cipher.edit = true;
+      cipher.viewPassword = true;
+      cipher.organizationUseTotp = true;
+      cipher.favorite = false;
+      cipher.revisionDate = new Date("2022-01-31T12:00:00.000Z");
+      cipher.type = CipherType.SecureNote;
+      cipher.name = mockEnc("EncryptedString");
+      cipher.notes = mockEnc("EncryptedString");
+      cipher.deletedDate = null;
+      cipher.reprompt = CipherRepromptType.None;
+      cipher.secureNote = new SecureNote();
+      cipher.secureNote.type = SecureNoteType.Generic;
+
+      const cipherView = await cipher.decrypt();
+
+      expect(cipherView).toMatchObject({
+        id: "id",
+        organizationId: "orgId",
+        folderId: "folderId",
+        name: "EncryptedString",
+        notes: "EncryptedString",
+        type: 2,
+        favorite: false,
+        organizationUseTotp: true,
+        edit: true,
+        viewPassword: true,
+        secureNote: { type: 0 },
+        attachments: null,
+        fields: null,
+        passwordHistory: null,
+        collectionIds: undefined,
+        revisionDate: new Date("2022-01-31T12:00:00.000Z"),
+        deletedDate: null,
+        reprompt: 0,
+        localData: undefined,
+      });
+    });
+  });
+
+  describe("CardCipher", () => {
+    let cipherData: CipherData;
+
+    beforeEach(() => {
+      cipherData = {
+        id: "id",
+        organizationId: "orgId",
+        folderId: "folderId",
+        userId: "userId",
+        edit: true,
+        viewPassword: true,
+        organizationUseTotp: true,
+        favorite: false,
+        revisionDate: "2022-01-31T12:00:00.000Z",
+        type: CipherType.Card,
+        name: "EncryptedString",
+        notes: "EncryptedString",
+        deletedDate: null,
+        reprompt: CipherRepromptType.None,
+        card: {
+          cardholderName: "EncryptedString",
+          brand: "EncryptedString",
+          number: "EncryptedString",
+          expMonth: "EncryptedString",
+          expYear: "EncryptedString",
+          code: "EncryptedString",
+        },
+      };
+    });
+
+    it("Convert", () => {
+      const cipher = new Cipher(cipherData);
+
+      expect(cipher).toEqual({
+        id: "id",
+        userId: "userId",
+        organizationId: "orgId",
+        folderId: "folderId",
+        name: { encryptedString: "EncryptedString", encryptionType: 0 },
+        notes: { encryptedString: "EncryptedString", encryptionType: 0 },
+        type: 3,
+        favorite: false,
+        organizationUseTotp: true,
+        edit: true,
+        viewPassword: true,
+        revisionDate: new Date("2022-01-31T12:00:00.000Z"),
+        collectionIds: undefined,
+        localData: null,
+        deletedDate: null,
+        reprompt: 0,
+        card: {
+          cardholderName: { encryptedString: "EncryptedString", encryptionType: 0 },
+          brand: { encryptedString: "EncryptedString", encryptionType: 0 },
+          number: { encryptedString: "EncryptedString", encryptionType: 0 },
+          expMonth: { encryptedString: "EncryptedString", encryptionType: 0 },
+          expYear: { encryptedString: "EncryptedString", encryptionType: 0 },
+          code: { encryptedString: "EncryptedString", encryptionType: 0 },
+        },
+        attachments: null,
+        fields: null,
+        passwordHistory: null,
+      });
+    });
+
+    it("toCipherData", () => {
+      const cipher = new Cipher(cipherData);
+      expect(cipher.toCipherData("userId")).toEqual(cipherData);
+    });
+
+    it("Decrypt", async () => {
+      const cipher = new Cipher();
+      cipher.id = "id";
+      cipher.organizationId = "orgId";
+      cipher.folderId = "folderId";
+      cipher.edit = true;
+      cipher.viewPassword = true;
+      cipher.organizationUseTotp = true;
+      cipher.favorite = false;
+      cipher.revisionDate = new Date("2022-01-31T12:00:00.000Z");
+      cipher.type = CipherType.Card;
+      cipher.name = mockEnc("EncryptedString");
+      cipher.notes = mockEnc("EncryptedString");
+      cipher.deletedDate = null;
+      cipher.reprompt = CipherRepromptType.None;
+
+      const cardView = new CardView();
+      cardView.cardholderName = "cardholderName";
+      cardView.number = "4111111111111111";
+
+      const card = Substitute.for<Card>();
+      card.decrypt(Arg.any(), Arg.any()).resolves(cardView);
+      cipher.card = card;
+
+      const cipherView = await cipher.decrypt();
+
+      expect(cipherView).toMatchObject({
+        id: "id",
+        organizationId: "orgId",
+        folderId: "folderId",
+        name: "EncryptedString",
+        notes: "EncryptedString",
+        type: 3,
+        favorite: false,
+        organizationUseTotp: true,
+        edit: true,
+        viewPassword: true,
+        card: cardView,
+        attachments: null,
+        fields: null,
+        passwordHistory: null,
+        collectionIds: undefined,
+        revisionDate: new Date("2022-01-31T12:00:00.000Z"),
+        deletedDate: null,
+        reprompt: 0,
+        localData: undefined,
+      });
+    });
+  });
+
+  describe("IdentityCipher", () => {
+    let cipherData: CipherData;
+
+    beforeEach(() => {
+      cipherData = {
+        id: "id",
+        organizationId: "orgId",
+        folderId: "folderId",
+        userId: "userId",
+        edit: true,
+        viewPassword: true,
+        organizationUseTotp: true,
+        favorite: false,
+        revisionDate: "2022-01-31T12:00:00.000Z",
+        type: CipherType.Identity,
+        name: "EncryptedString",
+        notes: "EncryptedString",
+        deletedDate: null,
+        reprompt: CipherRepromptType.None,
+        identity: {
+          title: "EncryptedString",
+          firstName: "EncryptedString",
+          middleName: "EncryptedString",
+          lastName: "EncryptedString",
+          address1: "EncryptedString",
+          address2: "EncryptedString",
+          address3: "EncryptedString",
+          city: "EncryptedString",
+          state: "EncryptedString",
+          postalCode: "EncryptedString",
+          country: "EncryptedString",
+          company: "EncryptedString",
+          email: "EncryptedString",
+          phone: "EncryptedString",
+          ssn: "EncryptedString",
+          username: "EncryptedString",
+          passportNumber: "EncryptedString",
+          licenseNumber: "EncryptedString",
+        },
+      };
+    });
+
+    it("Convert", () => {
+      const cipher = new Cipher(cipherData);
+
+      expect(cipher).toEqual({
+        id: "id",
+        userId: "userId",
+        organizationId: "orgId",
+        folderId: "folderId",
+        name: { encryptedString: "EncryptedString", encryptionType: 0 },
+        notes: { encryptedString: "EncryptedString", encryptionType: 0 },
+        type: 4,
+        favorite: false,
+        organizationUseTotp: true,
+        edit: true,
+        viewPassword: true,
+        revisionDate: new Date("2022-01-31T12:00:00.000Z"),
+        collectionIds: undefined,
+        localData: null,
+        deletedDate: null,
+        reprompt: 0,
+        identity: {
+          title: { encryptedString: "EncryptedString", encryptionType: 0 },
+          firstName: { encryptedString: "EncryptedString", encryptionType: 0 },
+          middleName: { encryptedString: "EncryptedString", encryptionType: 0 },
+          lastName: { encryptedString: "EncryptedString", encryptionType: 0 },
+          address1: { encryptedString: "EncryptedString", encryptionType: 0 },
+          address2: { encryptedString: "EncryptedString", encryptionType: 0 },
+          address3: { encryptedString: "EncryptedString", encryptionType: 0 },
+          city: { encryptedString: "EncryptedString", encryptionType: 0 },
+          state: { encryptedString: "EncryptedString", encryptionType: 0 },
+          postalCode: { encryptedString: "EncryptedString", encryptionType: 0 },
+          country: { encryptedString: "EncryptedString", encryptionType: 0 },
+          company: { encryptedString: "EncryptedString", encryptionType: 0 },
+          email: { encryptedString: "EncryptedString", encryptionType: 0 },
+          phone: { encryptedString: "EncryptedString", encryptionType: 0 },
+          ssn: { encryptedString: "EncryptedString", encryptionType: 0 },
+          username: { encryptedString: "EncryptedString", encryptionType: 0 },
+          passportNumber: { encryptedString: "EncryptedString", encryptionType: 0 },
+          licenseNumber: { encryptedString: "EncryptedString", encryptionType: 0 },
+        },
+        attachments: null,
+        fields: null,
+        passwordHistory: null,
+      });
+    });
+
+    it("toCipherData", () => {
+      const cipher = new Cipher(cipherData);
+      expect(cipher.toCipherData("userId")).toEqual(cipherData);
+    });
+
+    it("Decrypt", async () => {
+      const cipher = new Cipher();
+      cipher.id = "id";
+      cipher.organizationId = "orgId";
+      cipher.folderId = "folderId";
+      cipher.edit = true;
+      cipher.viewPassword = true;
+      cipher.organizationUseTotp = true;
+      cipher.favorite = false;
+      cipher.revisionDate = new Date("2022-01-31T12:00:00.000Z");
+      cipher.type = CipherType.Identity;
+      cipher.name = mockEnc("EncryptedString");
+      cipher.notes = mockEnc("EncryptedString");
+      cipher.deletedDate = null;
+      cipher.reprompt = CipherRepromptType.None;
+
+      const identityView = new IdentityView();
+      identityView.firstName = "firstName";
+      identityView.lastName = "lastName";
+
+      const identity = Substitute.for<Identity>();
+      identity.decrypt(Arg.any(), Arg.any()).resolves(identityView);
+      cipher.identity = identity;
+
+      const cipherView = await cipher.decrypt();
+
+      expect(cipherView).toMatchObject({
+        id: "id",
+        organizationId: "orgId",
+        folderId: "folderId",
+        name: "EncryptedString",
+        notes: "EncryptedString",
+        type: 4,
+        favorite: false,
+        organizationUseTotp: true,
+        edit: true,
+        viewPassword: true,
+        identity: identityView,
+        attachments: null,
+        fields: null,
+        passwordHistory: null,
+        collectionIds: undefined,
+        revisionDate: new Date("2022-01-31T12:00:00.000Z"),
+        deletedDate: null,
+        reprompt: 0,
+        localData: undefined,
+      });
+    });
+  });
+});

jslib/common/spec/domain/collection.spec.ts

@@ -0,0 +1,66 @@
+import { CollectionData } from "@/jslib/common/src/models/data/collectionData";
+import { Collection } from "@/jslib/common/src/models/domain/collection";
+
+import { mockEnc } from "../utils";
+
+describe("Collection", () => {
+  let data: CollectionData;
+
+  beforeEach(() => {
+    data = {
+      id: "id",
+      organizationId: "orgId",
+      name: "encName",
+      externalId: "extId",
+      readOnly: true,
+    };
+  });
+
+  it("Convert from empty", () => {
+    const data = new CollectionData({} as any);
+    const card = new Collection(data);
+
+    expect(card).toEqual({
+      externalId: null,
+      hidePasswords: null,
+      id: null,
+      name: null,
+      organizationId: null,
+      readOnly: null,
+    });
+  });
+
+  it("Convert", () => {
+    const collection = new Collection(data);
+
+    expect(collection).toEqual({
+      id: "id",
+      organizationId: "orgId",
+      name: { encryptedString: "encName", encryptionType: 0 },
+      externalId: "extId",
+      readOnly: true,
+      hidePasswords: null,
+    });
+  });
+
+  it("Decrypt", async () => {
+    const collection = new Collection();
+    collection.id = "id";
+    collection.organizationId = "orgId";
+    collection.name = mockEnc("encName");
+    collection.externalId = "extId";
+    collection.readOnly = false;
+    collection.hidePasswords = false;
+
+    const view = await collection.decrypt();
+
+    expect(view).toEqual({
+      externalId: "extId",
+      hidePasswords: false,
+      id: "id",
+      name: "encName",
+      organizationId: "orgId",
+      readOnly: false,
+    });
+  });
+});

jslib/common/spec/domain/encString.spec.ts

@@ -0,0 +1,195 @@
+import { Substitute, Arg } from "@fluffy-spoon/substitute";
+
+import { CryptoService } from "@/jslib/common/src/abstractions/crypto.service";
+import { EncryptionType } from "@/jslib/common/src/enums/encryptionType";
+import { EncString } from "@/jslib/common/src/models/domain/encString";
+import { SymmetricCryptoKey } from "@/jslib/common/src/models/domain/symmetricCryptoKey";
+import { ContainerService } from "@/jslib/common/src/services/container.service";
+
+describe("EncString", () => {
+  afterEach(() => {
+    (window as any).bitwardenContainerService = undefined;
+  });
+
+  describe("Rsa2048_OaepSha256_B64", () => {
+    it("constructor", () => {
+      const encString = new EncString(EncryptionType.Rsa2048_OaepSha256_B64, "data");
+
+      expect(encString).toEqual({
+        data: "data",
+        encryptedString: "3.data",
+        encryptionType: 3,
+      });
+    });
+
+    describe("parse existing", () => {
+      it("valid", () => {
+        const encString = new EncString("3.data");
+
+        expect(encString).toEqual({
+          data: "data",
+          encryptedString: "3.data",
+          encryptionType: 3,
+        });
+      });
+
+      it("invalid", () => {
+        const encString = new EncString("3.data|test");
+
+        expect(encString).toEqual({
+          encryptedString: "3.data|test",
+          encryptionType: 3,
+        });
+      });
+    });
+
+    describe("decrypt", () => {
+      const encString = new EncString(EncryptionType.Rsa2048_OaepSha256_B64, "data");
+
+      const cryptoService = Substitute.for<CryptoService>();
+      cryptoService.getOrgKey(null).resolves(null);
+      cryptoService.decryptToUtf8(encString, Arg.any()).resolves("decrypted");
+
+      beforeEach(() => {
+        (window as any).bitwardenContainerService = new ContainerService(cryptoService);
+      });
+
+      it("decrypts correctly", async () => {
+        const decrypted = await encString.decrypt(null);
+
+        expect(decrypted).toBe("decrypted");
+      });
+
+      it("result should be cached", async () => {
+        const decrypted = await encString.decrypt(null);
+        cryptoService.received(1).decryptToUtf8(Arg.any(), Arg.any());
+
+        expect(decrypted).toBe("decrypted");
+      });
+    });
+  });
+
+  describe("AesCbc256_B64", () => {
+    it("constructor", () => {
+      const encString = new EncString(EncryptionType.AesCbc256_B64, "data", "iv");
+
+      expect(encString).toEqual({
+        data: "data",
+        encryptedString: "0.iv|data",
+        encryptionType: 0,
+        iv: "iv",
+      });
+    });
+
+    describe("parse existing", () => {
+      it("valid", () => {
+        const encString = new EncString("0.iv|data");
+
+        expect(encString).toEqual({
+          data: "data",
+          encryptedString: "0.iv|data",
+          encryptionType: 0,
+          iv: "iv",
+        });
+      });
+
+      it("invalid", () => {
+        const encString = new EncString("0.iv|data|mac");
+
+        expect(encString).toEqual({
+          encryptedString: "0.iv|data|mac",
+          encryptionType: 0,
+        });
+      });
+    });
+  });
+
+  describe("AesCbc256_HmacSha256_B64", () => {
+    it("constructor", () => {
+      const encString = new EncString(EncryptionType.AesCbc256_HmacSha256_B64, "data", "iv", "mac");
+
+      expect(encString).toEqual({
+        data: "data",
+        encryptedString: "2.iv|data|mac",
+        encryptionType: 2,
+        iv: "iv",
+        mac: "mac",
+      });
+    });
+
+    it("valid", () => {
+      const encString = new EncString("2.iv|data|mac");
+
+      expect(encString).toEqual({
+        data: "data",
+        encryptedString: "2.iv|data|mac",
+        encryptionType: 2,
+        iv: "iv",
+        mac: "mac",
+      });
+    });
+
+    it("invalid", () => {
+      const encString = new EncString("2.iv|data");
+
+      expect(encString).toEqual({
+        encryptedString: "2.iv|data",
+        encryptionType: 2,
+      });
+    });
+  });
+
+  it("Exit early if null", () => {
+    const encString = new EncString(null);
+
+    expect(encString).toEqual({
+      encryptedString: null,
+    });
+  });
+
+  describe("decrypt", () => {
+    it("throws exception when bitwarden container not initialized", async () => {
+      const encString = new EncString(null);
+
+      expect.assertions(1);
+      try {
+        await encString.decrypt(null);
+      } catch (e) {
+        expect(e.message).toEqual("global bitwardenContainerService not initialized.");
+      }
+    });
+
+    it("handles value it can't decrypt", async () => {
+      const encString = new EncString(null);
+
+      const cryptoService = Substitute.for<CryptoService>();
+      cryptoService.getOrgKey(null).resolves(null);
+      cryptoService.decryptToUtf8(encString, Arg.any()).throws("error");
+
+      (window as any).bitwardenContainerService = new ContainerService(cryptoService);
+
+      const decrypted = await encString.decrypt(null);
+
+      expect(decrypted).toBe("[error: cannot decrypt]");
+
+      expect(encString).toEqual({
+        decryptedValue: "[error: cannot decrypt]",
+        encryptedString: null,
+      });
+    });
+
+    it("passes along key", async () => {
+      const encString = new EncString(null);
+      const key = Substitute.for<SymmetricCryptoKey>();
+
+      const cryptoService = Substitute.for<CryptoService>();
+      cryptoService.getOrgKey(null).resolves(null);
+
+      (window as any).bitwardenContainerService = new ContainerService(cryptoService);
+
+      await encString.decrypt(null, key);
+
+      cryptoService.received().decryptToUtf8(encString, key);
+    });
+  });
+});

jslib/common/spec/domain/field.spec.ts

@@ -0,0 +1,64 @@
+import { FieldType } from "@/jslib/common/src/enums/fieldType";
+import { FieldData } from "@/jslib/common/src/models/data/fieldData";
+import { Field } from "@/jslib/common/src/models/domain/field";
+
+import { mockEnc } from "../utils";
+
+describe("Field", () => {
+  let data: FieldData;
+
+  beforeEach(() => {
+    data = {
+      type: FieldType.Text,
+      name: "encName",
+      value: "encValue",
+      linkedId: null,
+    };
+  });
+
+  it("Convert from empty", () => {
+    const data = new FieldData();
+    const field = new Field(data);
+
+    expect(field).toEqual({
+      type: undefined,
+      name: null,
+      value: null,
+      linkedId: undefined,
+    });
+  });
+
+  it("Convert", () => {
+    const field = new Field(data);
+
+    expect(field).toEqual({
+      type: FieldType.Text,
+      name: { encryptedString: "encName", encryptionType: 0 },
+      value: { encryptedString: "encValue", encryptionType: 0 },
+      linkedId: null,
+    });
+  });
+
+  it("toFieldData", () => {
+    const field = new Field(data);
+    expect(field.toFieldData()).toEqual(data);
+  });
+
+  it("Decrypt", async () => {
+    const field = new Field();
+    field.type = FieldType.Text;
+    field.name = mockEnc("encName");
+    field.value = mockEnc("encValue");
+
+    const view = await field.decrypt(null);
+
+    expect(view).toEqual({
+      type: 0,
+      name: "encName",
+      value: "encValue",
+      newField: false,
+      showCount: false,
+      showValue: false,
+    });
+  });
+});

jslib/common/spec/domain/folder.spec.ts

@@ -0,0 +1,42 @@
+import { FolderData } from "@/jslib/common/src/models/data/folderData";
+import { Folder } from "@/jslib/common/src/models/domain/folder";
+
+import { mockEnc } from "../utils";
+
+describe("Folder", () => {
+  let data: FolderData;
+
+  beforeEach(() => {
+    data = {
+      id: "id",
+      userId: "userId",
+      name: "encName",
+      revisionDate: "2022-01-31T12:00:00.000Z",
+    };
+  });
+
+  it("Convert", () => {
+    const field = new Folder(data);
+
+    expect(field).toEqual({
+      id: "id",
+      name: { encryptedString: "encName", encryptionType: 0 },
+      revisionDate: new Date("2022-01-31T12:00:00.000Z"),
+    });
+  });
+
+  it("Decrypt", async () => {
+    const folder = new Folder();
+    folder.id = "id";
+    folder.name = mockEnc("encName");
+    folder.revisionDate = new Date("2022-01-31T12:00:00.000Z");
+
+    const view = await folder.decrypt();
+
+    expect(view).toEqual({
+      id: "id",
+      name: "encName",
+      revisionDate: new Date("2022-01-31T12:00:00.000Z"),
+    });
+  });
+});

jslib/common/spec/domain/identity.spec.ts

@@ -0,0 +1,134 @@
+import { IdentityData } from "@/jslib/common/src/models/data/identityData";
+import { Identity } from "@/jslib/common/src/models/domain/identity";
+
+import { mockEnc } from "../utils";
+
+describe("Identity", () => {
+  let data: IdentityData;
+
+  beforeEach(() => {
+    data = {
+      title: "enctitle",
+      firstName: "encfirstName",
+      middleName: "encmiddleName",
+      lastName: "enclastName",
+      address1: "encaddress1",
+      address2: "encaddress2",
+      address3: "encaddress3",
+      city: "enccity",
+      state: "encstate",
+      postalCode: "encpostalCode",
+      country: "enccountry",
+      company: "enccompany",
+      email: "encemail",
+      phone: "encphone",
+      ssn: "encssn",
+      username: "encusername",
+      passportNumber: "encpassportNumber",
+      licenseNumber: "enclicenseNumber",
+    };
+  });
+
+  it("Convert from empty", () => {
+    const data = new IdentityData();
+    const identity = new Identity(data);
+
+    expect(identity).toEqual({
+      address1: null,
+      address2: null,
+      address3: null,
+      city: null,
+      company: null,
+      country: null,
+      email: null,
+      firstName: null,
+      lastName: null,
+      licenseNumber: null,
+      middleName: null,
+      passportNumber: null,
+      phone: null,
+      postalCode: null,
+      ssn: null,
+      state: null,
+      title: null,
+      username: null,
+    });
+  });
+
+  it("Convert", () => {
+    const identity = new Identity(data);
+
+    expect(identity).toEqual({
+      title: { encryptedString: "enctitle", encryptionType: 0 },
+      firstName: { encryptedString: "encfirstName", encryptionType: 0 },
+      middleName: { encryptedString: "encmiddleName", encryptionType: 0 },
+      lastName: { encryptedString: "enclastName", encryptionType: 0 },
+      address1: { encryptedString: "encaddress1", encryptionType: 0 },
+      address2: { encryptedString: "encaddress2", encryptionType: 0 },
+      address3: { encryptedString: "encaddress3", encryptionType: 0 },
+      city: { encryptedString: "enccity", encryptionType: 0 },
+      state: { encryptedString: "encstate", encryptionType: 0 },
+      postalCode: { encryptedString: "encpostalCode", encryptionType: 0 },
+      country: { encryptedString: "enccountry", encryptionType: 0 },
+      company: { encryptedString: "enccompany", encryptionType: 0 },
+      email: { encryptedString: "encemail", encryptionType: 0 },
+      phone: { encryptedString: "encphone", encryptionType: 0 },
+      ssn: { encryptedString: "encssn", encryptionType: 0 },
+      username: { encryptedString: "encusername", encryptionType: 0 },
+      passportNumber: { encryptedString: "encpassportNumber", encryptionType: 0 },
+      licenseNumber: { encryptedString: "enclicenseNumber", encryptionType: 0 },
+    });
+  });
+
+  it("toIdentityData", () => {
+    const identity = new Identity(data);
+    expect(identity.toIdentityData()).toEqual(data);
+  });
+
+  it("Decrypt", async () => {
+    const identity = new Identity();
+
+    identity.title = mockEnc("mockTitle");
+    identity.firstName = mockEnc("mockFirstName");
+    identity.middleName = mockEnc("mockMiddleName");
+    identity.lastName = mockEnc("mockLastName");
+    identity.address1 = mockEnc("mockAddress1");
+    identity.address2 = mockEnc("mockAddress2");
+    identity.address3 = mockEnc("mockAddress3");
+    identity.city = mockEnc("mockCity");
+    identity.state = mockEnc("mockState");
+    identity.postalCode = mockEnc("mockPostalCode");
+    identity.country = mockEnc("mockCountry");
+    identity.company = mockEnc("mockCompany");
+    identity.email = mockEnc("mockEmail");
+    identity.phone = mockEnc("mockPhone");
+    identity.ssn = mockEnc("mockSsn");
+    identity.username = mockEnc("mockUsername");
+    identity.passportNumber = mockEnc("mockPassportNumber");
+    identity.licenseNumber = mockEnc("mockLicenseNumber");
+
+    const view = await identity.decrypt(null);
+
+    expect(view).toEqual({
+      _firstName: "mockFirstName",
+      _lastName: "mockLastName",
+      _subTitle: null,
+      address1: "mockAddress1",
+      address2: "mockAddress2",
+      address3: "mockAddress3",
+      city: "mockCity",
+      company: "mockCompany",
+      country: "mockCountry",
+      email: "mockEmail",
+      licenseNumber: "mockLicenseNumber",
+      middleName: "mockMiddleName",
+      passportNumber: "mockPassportNumber",
+      phone: "mockPhone",
+      postalCode: "mockPostalCode",
+      ssn: "mockSsn",
+      state: "mockState",
+      title: "mockTitle",
+      username: "mockUsername",
+    });
+  });
+});

jslib/common/spec/domain/login.spec.ts

@@ -0,0 +1,101 @@
+import { Substitute, Arg } from "@fluffy-spoon/substitute";
+
+import { UriMatchType } from "@/jslib/common/src/enums/uriMatchType";
+import { LoginData } from "@/jslib/common/src/models/data/loginData";
+import { Login } from "@/jslib/common/src/models/domain/login";
+import { LoginUri } from "@/jslib/common/src/models/domain/loginUri";
+import { LoginUriView } from "@/jslib/common/src/models/view/loginUriView";
+
+import { mockEnc } from "../utils";
+
+describe("Login DTO", () => {
+  it("Convert from empty LoginData", () => {
+    const data = new LoginData();
+    const login = new Login(data);
+
+    expect(login).toEqual({
+      passwordRevisionDate: null,
+      autofillOnPageLoad: undefined,
+      username: null,
+      password: null,
+      totp: null,
+    });
+  });
+
+  it("Convert from full LoginData", () => {
+    const data: LoginData = {
+      uris: [{ uri: "uri", match: UriMatchType.Domain }],
+      username: "username",
+      password: "password",
+      passwordRevisionDate: "2022-01-31T12:00:00.000Z",
+      totp: "123",
+      autofillOnPageLoad: false,
+    };
+    const login = new Login(data);
+
+    expect(login).toEqual({
+      passwordRevisionDate: new Date("2022-01-31T12:00:00.000Z"),
+      autofillOnPageLoad: false,
+      username: { encryptedString: "username", encryptionType: 0 },
+      password: { encryptedString: "password", encryptionType: 0 },
+      totp: { encryptedString: "123", encryptionType: 0 },
+      uris: [{ match: 0, uri: { encryptedString: "uri", encryptionType: 0 } }],
+    });
+  });
+
+  it("Initialize without LoginData", () => {
+    const login = new Login();
+
+    expect(login).toEqual({});
+  });
+
+  it("Decrypts correctly", async () => {
+    const loginUri = Substitute.for<LoginUri>();
+    const loginUriView = new LoginUriView();
+    loginUriView.uri = "decrypted uri";
+    loginUri.decrypt(Arg.any()).resolves(loginUriView);
+
+    const login = new Login();
+    login.uris = [loginUri];
+    login.username = mockEnc("encrypted username");
+    login.password = mockEnc("encrypted password");
+    login.passwordRevisionDate = new Date("2022-01-31T12:00:00.000Z");
+    login.totp = mockEnc("encrypted totp");
+    login.autofillOnPageLoad = true;
+
+    const loginView = await login.decrypt(null);
+    expect(loginView).toEqual({
+      username: "encrypted username",
+      password: "encrypted password",
+      passwordRevisionDate: new Date("2022-01-31T12:00:00.000Z"),
+      totp: "encrypted totp",
+      uris: [
+        {
+          match: null,
+          _uri: "decrypted uri",
+          _domain: null,
+          _hostname: null,
+          _host: null,
+          _canLaunch: null,
+        },
+      ],
+      autofillOnPageLoad: true,
+    });
+  });
+
+  it("Converts from LoginData and back", () => {
+    const data: LoginData = {
+      uris: [{ uri: "uri", match: UriMatchType.Domain }],
+      username: "username",
+      password: "password",
+      passwordRevisionDate: "2022-01-31T12:00:00.000Z",
+      totp: "123",
+      autofillOnPageLoad: false,
+    };
+    const login = new Login(data);
+
+    const loginData = login.toLoginData();
+
+    expect(loginData).toEqual(data);
+  });
+});

jslib/common/spec/domain/loginUri.spec.ts

@@ -0,0 +1,57 @@
+import { UriMatchType } from "@/jslib/common/src/enums/uriMatchType";
+import { LoginUriData } from "@/jslib/common/src/models/data/loginUriData";
+import { LoginUri } from "@/jslib/common/src/models/domain/loginUri";
+
+import { mockEnc } from "../utils";
+
+describe("LoginUri", () => {
+  let data: LoginUriData;
+
+  beforeEach(() => {
+    data = {
+      uri: "encUri",
+      match: UriMatchType.Domain,
+    };
+  });
+
+  it("Convert from empty", () => {
+    const data = new LoginUriData();
+    const loginUri = new LoginUri(data);
+
+    expect(loginUri).toEqual({
+      match: null,
+      uri: null,
+    });
+  });
+
+  it("Convert", () => {
+    const loginUri = new LoginUri(data);
+
+    expect(loginUri).toEqual({
+      match: 0,
+      uri: { encryptedString: "encUri", encryptionType: 0 },
+    });
+  });
+
+  it("toLoginUriData", () => {
+    const loginUri = new LoginUri(data);
+    expect(loginUri.toLoginUriData()).toEqual(data);
+  });
+
+  it("Decrypt", async () => {
+    const loginUri = new LoginUri();
+    loginUri.match = UriMatchType.Exact;
+    loginUri.uri = mockEnc("uri");
+
+    const view = await loginUri.decrypt(null);
+
+    expect(view).toEqual({
+      _canLaunch: null,
+      _domain: null,
+      _host: null,
+      _hostname: null,
+      _uri: "uri",
+      match: 3,
+    });
+  });
+});

jslib/common/spec/domain/password.spec.ts

@@ -0,0 +1,51 @@
+import { PasswordHistoryData } from "@/jslib/common/src/models/data/passwordHistoryData";
+import { Password } from "@/jslib/common/src/models/domain/password";
+
+import { mockEnc } from "../utils";
+
+describe("Password", () => {
+  let data: PasswordHistoryData;
+
+  beforeEach(() => {
+    data = {
+      password: "encPassword",
+      lastUsedDate: "2022-01-31T12:00:00.000Z",
+    };
+  });
+
+  it("Convert from empty", () => {
+    const data = new PasswordHistoryData();
+    const password = new Password(data);
+
+    expect(password).toMatchObject({
+      password: null,
+    });
+  });
+
+  it("Convert", () => {
+    const password = new Password(data);
+
+    expect(password).toEqual({
+      password: { encryptedString: "encPassword", encryptionType: 0 },
+      lastUsedDate: new Date("2022-01-31T12:00:00.000Z"),
+    });
+  });
+
+  it("toPasswordHistoryData", () => {
+    const password = new Password(data);
+    expect(password.toPasswordHistoryData()).toEqual(data);
+  });
+
+  it("Decrypt", async () => {
+    const password = new Password();
+    password.password = mockEnc("password");
+    password.lastUsedDate = new Date("2022-01-31T12:00:00.000Z");
+
+    const view = await password.decrypt(null);
+
+    expect(view).toEqual({
+      password: "password",
+      lastUsedDate: new Date("2022-01-31T12:00:00.000Z"),
+    });
+  });
+});

jslib/common/spec/domain/secureNote.spec.ts

@@ -0,0 +1,46 @@
+import { SecureNoteType } from "@/jslib/common/src/enums/secureNoteType";
+import { SecureNoteData } from "@/jslib/common/src/models/data/secureNoteData";
+import { SecureNote } from "@/jslib/common/src/models/domain/secureNote";
+
+describe("SecureNote", () => {
+  let data: SecureNoteData;
+
+  beforeEach(() => {
+    data = {
+      type: SecureNoteType.Generic,
+    };
+  });
+
+  it("Convert from empty", () => {
+    const data = new SecureNoteData();
+    const secureNote = new SecureNote(data);
+
+    expect(secureNote).toEqual({
+      type: undefined,
+    });
+  });
+
+  it("Convert", () => {
+    const secureNote = new SecureNote(data);
+
+    expect(secureNote).toEqual({
+      type: 0,
+    });
+  });
+
+  it("toSecureNoteData", () => {
+    const secureNote = new SecureNote(data);
+    expect(secureNote.toSecureNoteData()).toEqual(data);
+  });
+
+  it("Decrypt", async () => {
+    const secureNote = new SecureNote();
+    secureNote.type = SecureNoteType.Generic;
+
+    const view = await secureNote.decrypt(null);
+
+    expect(view).toEqual({
+      type: 0,
+    });
+  });
+});

jslib/common/spec/domain/send.spec.ts

@@ -0,0 +1,144 @@
+import { Substitute, Arg, SubstituteOf } from "@fluffy-spoon/substitute";
+
+import { CryptoService } from "@/jslib/common/src/abstractions/crypto.service";
+import { SendType } from "@/jslib/common/src/enums/sendType";
+import { SendData } from "@/jslib/common/src/models/data/sendData";
+import { EncString } from "@/jslib/common/src/models/domain/encString";
+import { Send } from "@/jslib/common/src/models/domain/send";
+import { SendText } from "@/jslib/common/src/models/domain/sendText";
+import { ContainerService } from "@/jslib/common/src/services/container.service";
+
+import { makeStaticByteArray, mockEnc } from "../utils";
+
+describe("Send", () => {
+  let data: SendData;
+
+  beforeEach(() => {
+    data = {
+      id: "id",
+      accessId: "accessId",
+      userId: "userId",
+      type: SendType.Text,
+      name: "encName",
+      notes: "encNotes",
+      text: {
+        text: "encText",
+        hidden: true,
+      },
+      file: null,
+      key: "encKey",
+      maxAccessCount: null,
+      accessCount: 10,
+      revisionDate: "2022-01-31T12:00:00.000Z",
+      expirationDate: "2022-01-31T12:00:00.000Z",
+      deletionDate: "2022-01-31T12:00:00.000Z",
+      password: "password",
+      disabled: false,
+      hideEmail: true,
+    };
+  });
+
+  it("Convert from empty", () => {
+    const data = new SendData();
+    const send = new Send(data);
+
+    expect(send).toEqual({
+      id: null,
+      accessId: null,
+      userId: null,
+      type: undefined,
+      name: null,
+      notes: null,
+      text: undefined,
+      file: undefined,
+      key: null,
+      maxAccessCount: undefined,
+      accessCount: undefined,
+      revisionDate: null,
+      expirationDate: null,
+      deletionDate: null,
+      password: undefined,
+      disabled: undefined,
+      hideEmail: undefined,
+    });
+  });
+
+  it("Convert", () => {
+    const send = new Send(data);
+
+    expect(send).toEqual({
+      id: "id",
+      accessId: "accessId",
+      userId: "userId",
+      type: SendType.Text,
+      name: { encryptedString: "encName", encryptionType: 0 },
+      notes: { encryptedString: "encNotes", encryptionType: 0 },
+      text: {
+        text: { encryptedString: "encText", encryptionType: 0 },
+        hidden: true,
+      },
+      key: { encryptedString: "encKey", encryptionType: 0 },
+      maxAccessCount: null,
+      accessCount: 10,
+      revisionDate: new Date("2022-01-31T12:00:00.000Z"),
+      expirationDate: new Date("2022-01-31T12:00:00.000Z"),
+      deletionDate: new Date("2022-01-31T12:00:00.000Z"),
+      password: "password",
+      disabled: false,
+      hideEmail: true,
+    });
+  });
+
+  it("Decrypt", async () => {
+    const text = Substitute.for<SendText>();
+    text.decrypt(Arg.any()).resolves("textView" as any);
+
+    const send = new Send();
+    send.id = "id";
+    send.accessId = "accessId";
+    send.userId = "userId";
+    send.type = SendType.Text;
+    send.name = mockEnc("name");
+    send.notes = mockEnc("notes");
+    send.text = text;
+    send.key = mockEnc("key");
+    send.accessCount = 10;
+    send.revisionDate = new Date("2022-01-31T12:00:00.000Z");
+    send.expirationDate = new Date("2022-01-31T12:00:00.000Z");
+    send.deletionDate = new Date("2022-01-31T12:00:00.000Z");
+    send.password = "password";
+    send.disabled = false;
+    send.hideEmail = true;
+
+    const cryptoService = Substitute.for<CryptoService>();
+    cryptoService.decryptToBytes(send.key, null).resolves(makeStaticByteArray(32));
+    cryptoService.makeSendKey(Arg.any()).resolves("cryptoKey" as any);
+
+    (window as any).bitwardenContainerService = new ContainerService(cryptoService);
+
+    const view = await send.decrypt();
+
+    text.received(1).decrypt("cryptoKey" as any);
+    (send.name as SubstituteOf<EncString>).received(1).decrypt(null, "cryptoKey" as any);
+
+    expect(view).toMatchObject({
+      id: "id",
+      accessId: "accessId",
+      name: "name",
+      notes: "notes",
+      type: 0,
+      key: expect.anything(),
+      cryptoKey: "cryptoKey",
+      file: expect.anything(),
+      text: "textView",
+      maxAccessCount: undefined,
+      accessCount: 10,
+      revisionDate: new Date("2022-01-31T12:00:00.000Z"),
+      expirationDate: new Date("2022-01-31T12:00:00.000Z"),
+      deletionDate: new Date("2022-01-31T12:00:00.000Z"),
+      password: "password",
+      disabled: false,
+      hideEmail: true,
+    });
+  });
+});

jslib/common/spec/domain/sendAccess.spec.ts

@@ -0,0 +1,84 @@
+import { Substitute, Arg } from "@fluffy-spoon/substitute";
+
+import { SendType } from "@/jslib/common/src/enums/sendType";
+import { SendAccess } from "@/jslib/common/src/models/domain/sendAccess";
+import { SendText } from "@/jslib/common/src/models/domain/sendText";
+import { SendAccessResponse } from "@/jslib/common/src/models/response/sendAccessResponse";
+
+import { mockEnc } from "../utils";
+
+describe("SendAccess", () => {
+  let request: SendAccessResponse;
+
+  beforeEach(() => {
+    request = {
+      id: "id",
+      type: SendType.Text,
+      name: "encName",
+      file: null,
+      text: {
+        text: "encText",
+        hidden: true,
+      },
+      expirationDate: new Date("2022-01-31T12:00:00.000Z"),
+      creatorIdentifier: "creatorIdentifier",
+    } as SendAccessResponse;
+  });
+
+  it("Convert from empty", () => {
+    const request = new SendAccessResponse({});
+    const sendAccess = new SendAccess(request);
+
+    expect(sendAccess).toEqual({
+      id: null,
+      type: undefined,
+      name: null,
+      creatorIdentifier: null,
+      expirationDate: null,
+    });
+  });
+
+  it("Convert", () => {
+    const sendAccess = new SendAccess(request);
+
+    expect(sendAccess).toEqual({
+      id: "id",
+      type: 0,
+      name: { encryptedString: "encName", encryptionType: 0 },
+      text: {
+        hidden: true,
+        text: { encryptedString: "encText", encryptionType: 0 },
+      },
+      expirationDate: new Date("2022-01-31T12:00:00.000Z"),
+      creatorIdentifier: "creatorIdentifier",
+    });
+  });
+
+  it("Decrypt", async () => {
+    const sendAccess = new SendAccess();
+    sendAccess.id = "id";
+    sendAccess.type = SendType.Text;
+    sendAccess.name = mockEnc("name");
+
+    const text = Substitute.for<SendText>();
+    text.decrypt(Arg.any()).resolves({} as any);
+    sendAccess.text = text;
+
+    sendAccess.expirationDate = new Date("2022-01-31T12:00:00.000Z");
+    sendAccess.creatorIdentifier = "creatorIdentifier";
+
+    const view = await sendAccess.decrypt(null);
+
+    text.received(1).decrypt(Arg.any());
+
+    expect(view).toEqual({
+      id: "id",
+      type: 0,
+      name: "name",
+      text: {},
+      file: expect.anything(),
+      expirationDate: new Date("2022-01-31T12:00:00.000Z"),
+      creatorIdentifier: "creatorIdentifier",
+    });
+  });
+});

jslib/common/spec/domain/sendFile.spec.ts

@@ -0,0 +1,57 @@
+import { SendFileData } from "@/jslib/common/src/models/data/sendFileData";
+import { SendFile } from "@/jslib/common/src/models/domain/sendFile";
+
+import { mockEnc } from "../utils";
+
+describe("SendFile", () => {
+  let data: SendFileData;
+
+  beforeEach(() => {
+    data = {
+      id: "id",
+      size: "1100",
+      sizeName: "1.1 KB",
+      fileName: "encFileName",
+    };
+  });
+
+  it("Convert from empty", () => {
+    const data = new SendFileData();
+    const sendFile = new SendFile(data);
+
+    expect(sendFile).toEqual({
+      fileName: null,
+      id: null,
+      size: undefined,
+      sizeName: null,
+    });
+  });
+
+  it("Convert", () => {
+    const sendFile = new SendFile(data);
+
+    expect(sendFile).toEqual({
+      id: "id",
+      size: "1100",
+      sizeName: "1.1 KB",
+      fileName: { encryptedString: "encFileName", encryptionType: 0 },
+    });
+  });
+
+  it("Decrypt", async () => {
+    const sendFile = new SendFile();
+    sendFile.id = "id";
+    sendFile.size = "1100";
+    sendFile.sizeName = "1.1 KB";
+    sendFile.fileName = mockEnc("fileName");
+
+    const view = await sendFile.decrypt(null);
+
+    expect(view).toEqual({
+      fileName: "fileName",
+      id: "id",
+      size: "1100",
+      sizeName: "1.1 KB",
+    });
+  });
+});

jslib/common/spec/domain/sendText.spec.ts

@@ -0,0 +1,47 @@
+import { SendTextData } from "@/jslib/common/src/models/data/sendTextData";
+import { SendText } from "@/jslib/common/src/models/domain/sendText";
+
+import { mockEnc } from "../utils";
+
+describe("SendText", () => {
+  let data: SendTextData;
+
+  beforeEach(() => {
+    data = {
+      text: "encText",
+      hidden: false,
+    };
+  });
+
+  it("Convert from empty", () => {
+    const data = new SendTextData();
+    const secureNote = new SendText(data);
+
+    expect(secureNote).toEqual({
+      hidden: undefined,
+      text: null,
+    });
+  });
+
+  it("Convert", () => {
+    const secureNote = new SendText(data);
+
+    expect(secureNote).toEqual({
+      hidden: false,
+      text: { encryptedString: "encText", encryptionType: 0 },
+    });
+  });
+
+  it("Decrypt", async () => {
+    const secureNote = new SendText();
+    secureNote.text = mockEnc("text");
+    secureNote.hidden = true;
+
+    const view = await secureNote.decrypt(null);
+
+    expect(view).toEqual({
+      text: "text",
+      hidden: true,
+    });
+  });
+});

jslib/common/spec/domain/symmetricCryptoKey.spec.ts

@@ -0,0 +1,69 @@
+import { EncryptionType } from "@/jslib/common/src/enums/encryptionType";
+import { SymmetricCryptoKey } from "@/jslib/common/src/models/domain/symmetricCryptoKey";
+
+import { makeStaticByteArray } from "../utils";
+
+describe("SymmetricCryptoKey", () => {
+  it("errors if no key", () => {
+    const t = () => {
+      new SymmetricCryptoKey(null);
+    };
+
+    expect(t).toThrowError("Must provide key");
+  });
+
+  describe("guesses encKey from key length", () => {
+    it("AesCbc256_B64", () => {
+      const key = makeStaticByteArray(32);
+      const cryptoKey = new SymmetricCryptoKey(key);
+
+      expect(cryptoKey).toEqual({
+        encKey: key,
+        encKeyB64: "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=",
+        encType: 0,
+        key: key,
+        keyB64: "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=",
+        macKey: null,
+      });
+    });
+
+    it("AesCbc128_HmacSha256_B64", () => {
+      const key = makeStaticByteArray(32);
+      const cryptoKey = new SymmetricCryptoKey(key, EncryptionType.AesCbc128_HmacSha256_B64);
+
+      expect(cryptoKey).toEqual({
+        encKey: key.slice(0, 16),
+        encKeyB64: "AAECAwQFBgcICQoLDA0ODw==",
+        encType: 1,
+        key: key,
+        keyB64: "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=",
+        macKey: key.slice(16, 32),
+        macKeyB64: "EBESExQVFhcYGRobHB0eHw==",
+      });
+    });
+
+    it("AesCbc256_HmacSha256_B64", () => {
+      const key = makeStaticByteArray(64);
+      const cryptoKey = new SymmetricCryptoKey(key);
+
+      expect(cryptoKey).toEqual({
+        encKey: key.slice(0, 32),
+        encKeyB64: "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=",
+        encType: 2,
+        key: key,
+        keyB64:
+          "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+Pw==",
+        macKey: key.slice(32, 64),
+        macKeyB64: "ICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj8=",
+      });
+    });
+
+    it("unknown length", () => {
+      const t = () => {
+        new SymmetricCryptoKey(makeStaticByteArray(30));
+      };
+
+      expect(t).toThrowError("Unable to determine encType.");
+    });
+  });
+});

jslib/common/spec/misc/sequentialize.spec.ts

@@ -0,0 +1,127 @@
+import { sequentialize } from "@/jslib/common/src/misc/sequentialize";
+
+describe("sequentialize decorator", () => {
+  it("should call the function once", async () => {
+    const foo = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.bar(1));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(1);
+  });
+
+  it("should call the function once for each instance of the object", async () => {
+    const foo = new Foo();
+    const foo2 = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.bar(1));
+      promises.push(foo2.bar(1));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(1);
+    expect(foo2.calls).toBe(1);
+  });
+
+  it("should call the function once with key function", async () => {
+    const foo = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.baz(1));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(1);
+  });
+
+  it("should call the function again when already resolved", async () => {
+    const foo = new Foo();
+    await foo.bar(1);
+    expect(foo.calls).toBe(1);
+    await foo.bar(1);
+    expect(foo.calls).toBe(2);
+  });
+
+  it("should call the function again when already resolved with a key function", async () => {
+    const foo = new Foo();
+    await foo.baz(1);
+    expect(foo.calls).toBe(1);
+    await foo.baz(1);
+    expect(foo.calls).toBe(2);
+  });
+
+  it("should call the function for each argument", async () => {
+    const foo = new Foo();
+    await Promise.all([foo.bar(1), foo.bar(1), foo.bar(2), foo.bar(2), foo.bar(3), foo.bar(3)]);
+    expect(foo.calls).toBe(3);
+  });
+
+  it("should call the function for each argument with key function", async () => {
+    const foo = new Foo();
+    await Promise.all([foo.baz(1), foo.baz(1), foo.baz(2), foo.baz(2), foo.baz(3), foo.baz(3)]);
+    expect(foo.calls).toBe(3);
+  });
+
+  it("should return correct result for each call", async () => {
+    const foo = new Foo();
+    const allRes: number[] = [];
+
+    await Promise.all([
+      foo.bar(1).then((res) => allRes.push(res)),
+      foo.bar(1).then((res) => allRes.push(res)),
+      foo.bar(2).then((res) => allRes.push(res)),
+      foo.bar(2).then((res) => allRes.push(res)),
+      foo.bar(3).then((res) => allRes.push(res)),
+      foo.bar(3).then((res) => allRes.push(res)),
+    ]);
+    expect(foo.calls).toBe(3);
+    expect(allRes.length).toBe(6);
+    allRes.sort();
+    expect(allRes).toEqual([2, 2, 4, 4, 6, 6]);
+  });
+
+  it("should return correct result for each call with key function", async () => {
+    const foo = new Foo();
+    const allRes: number[] = [];
+
+    await Promise.all([
+      foo.baz(1).then((res) => allRes.push(res)),
+      foo.baz(1).then((res) => allRes.push(res)),
+      foo.baz(2).then((res) => allRes.push(res)),
+      foo.baz(2).then((res) => allRes.push(res)),
+      foo.baz(3).then((res) => allRes.push(res)),
+      foo.baz(3).then((res) => allRes.push(res)),
+    ]);
+    expect(foo.calls).toBe(3);
+    expect(allRes.length).toBe(6);
+    allRes.sort();
+    expect(allRes).toEqual([3, 3, 6, 6, 9, 9]);
+  });
+});
+
+class Foo {
+  calls = 0;
+
+  @sequentialize((args) => "bar" + args[0])
+  bar(a: number): Promise<number> {
+    this.calls++;
+    return new Promise((res) => {
+      setTimeout(() => {
+        res(a * 2);
+      }, Math.random() * 100);
+    });
+  }
+
+  @sequentialize((args) => "baz" + args[0])
+  baz(a: number): Promise<number> {
+    this.calls++;
+    return new Promise((res) => {
+      setTimeout(() => {
+        res(a * 3);
+      }, Math.random() * 100);
+    });
+  }
+}

jslib/common/spec/misc/throttle.spec.ts

@@ -0,0 +1,110 @@
+import { sequentialize } from "@/jslib/common/src/misc/sequentialize";
+import { throttle } from "@/jslib/common/src/misc/throttle";
+
+describe("throttle decorator", () => {
+  it("should call the function once at a time", async () => {
+    const foo = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.bar(1));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(10);
+  });
+
+  it("should call the function once at a time for each object", async () => {
+    const foo = new Foo();
+    const foo2 = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.bar(1));
+      promises.push(foo2.bar(1));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(10);
+    expect(foo2.calls).toBe(10);
+  });
+
+  it("should call the function limit at a time", async () => {
+    const foo = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.baz(1));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(10);
+  });
+
+  it("should call the function limit at a time for each object", async () => {
+    const foo = new Foo();
+    const foo2 = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.baz(1));
+      promises.push(foo2.baz(1));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(10);
+    expect(foo2.calls).toBe(10);
+  });
+
+  it("should work together with sequentialize", async () => {
+    const foo = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.qux(Math.floor(i / 2) * 2));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(5);
+  });
+});
+
+class Foo {
+  calls = 0;
+  inflight = 0;
+
+  @throttle(1, () => "bar")
+  bar(a: number) {
+    this.calls++;
+    this.inflight++;
+    return new Promise((res) => {
+      setTimeout(() => {
+        expect(this.inflight).toBe(1);
+        this.inflight--;
+        res(a * 2);
+      }, Math.random() * 10);
+    });
+  }
+
+  @throttle(5, () => "baz")
+  baz(a: number) {
+    this.calls++;
+    this.inflight++;
+    return new Promise((res) => {
+      setTimeout(() => {
+        expect(this.inflight).toBeLessThanOrEqual(5);
+        this.inflight--;
+        res(a * 3);
+      }, Math.random() * 10);
+    });
+  }
+
+  @sequentialize((args) => "qux" + args[0])
+  @throttle(1, () => "qux")
+  qux(a: number) {
+    this.calls++;
+    this.inflight++;
+    return new Promise((res) => {
+      setTimeout(() => {
+        expect(this.inflight).toBe(1);
+        this.inflight--;
+        res(a * 3);
+      }, Math.random() * 10);
+    });
+  }
+}

jslib/common/spec/services/consoleLog.service.spec.ts

@@ -0,0 +1,102 @@
+import { ConsoleLogService } from "@/jslib/common/src/services/consoleLog.service";
+
+const originalConsole = console;
+let caughtMessage: any;
+
+declare let console: any;
+
+export function interceptConsole(interceptions: any): object {
+  console = {
+    log: function () {
+      // eslint-disable-next-line
+      interceptions.log = arguments;
+    },
+    warn: function () {
+      // eslint-disable-next-line
+      interceptions.warn = arguments;
+    },
+    error: function () {
+      // eslint-disable-next-line
+      interceptions.error = arguments;
+    },
+  };
+  return interceptions;
+}
+
+export function restoreConsole() {
+  console = originalConsole;
+}
+
+describe("ConsoleLogService", () => {
+  let logService: ConsoleLogService;
+  beforeEach(() => {
+    caughtMessage = {};
+    interceptConsole(caughtMessage);
+    logService = new ConsoleLogService(true);
+  });
+
+  afterAll(() => {
+    restoreConsole();
+  });
+
+  it("filters messages below the set threshold", () => {
+    logService = new ConsoleLogService(true, () => true);
+    logService.debug("debug");
+    logService.info("info");
+    logService.warning("warning");
+    logService.error("error");
+
+    expect(caughtMessage).toEqual({});
+  });
+  it("only writes debug messages in dev mode", () => {
+    logService = new ConsoleLogService(false);
+
+    logService.debug("debug message");
+    expect(caughtMessage.log).toBeUndefined();
+  });
+
+  it("writes debug/info messages to console.log", () => {
+    logService.debug("this is a debug message");
+    expect(caughtMessage).toMatchObject({
+      log: { "0": "this is a debug message" },
+    });
+
+    logService.info("this is an info message");
+    expect(caughtMessage).toMatchObject({
+      log: { "0": "this is an info message" },
+    });
+  });
+  it("writes warning messages to console.warn", () => {
+    logService.warning("this is a warning message");
+    expect(caughtMessage).toMatchObject({
+      warn: { 0: "this is a warning message" },
+    });
+  });
+  it("writes error messages to console.error", () => {
+    logService.error("this is an error message");
+    expect(caughtMessage).toMatchObject({
+      error: { 0: "this is an error message" },
+    });
+  });
+
+  it("times with output to info", async () => {
+    logService.time();
+    await new Promise((r) => setTimeout(r, 250));
+    const duration = logService.timeEnd();
+    expect(duration[0]).toBe(0);
+    expect(duration[1]).toBeGreaterThan(0);
+    expect(duration[1]).toBeLessThan(500 * 10e6);
+
+    expect(caughtMessage).toEqual(expect.arrayContaining([]));
+    expect(caughtMessage.log.length).toBe(1);
+    expect(caughtMessage.log[0]).toEqual(expect.stringMatching(/^default: \d+\.?\d*ms$/));
+  });
+
+  it("filters time output", async () => {
+    logService = new ConsoleLogService(true, () => true);
+    logService.time();
+    logService.timeEnd();
+
+    expect(caughtMessage).toEqual({});
+  });
+});

jslib/common/spec/services/stateMigration.service.ts

@@ -0,0 +1,84 @@
+import { Arg, Substitute, SubstituteOf } from "@fluffy-spoon/substitute";
+
+import { StorageService } from "@/jslib/common/src/abstractions/storage.service";
+import { StateVersion } from "@/jslib/common/src/enums/stateVersion";
+import { StateFactory } from "@/jslib/common/src/factories/stateFactory";
+import { Account } from "@/jslib/common/src/models/domain/account";
+import { GlobalState } from "@/jslib/common/src/models/domain/globalState";
+import { StateMigrationService } from "@/jslib/common/src/services/stateMigration.service";
+
+const userId = "USER_ID";
+
+describe("State Migration Service", () => {
+  let storageService: SubstituteOf<StorageService>;
+  let secureStorageService: SubstituteOf<StorageService>;
+  let stateFactory: SubstituteOf<StateFactory>;
+
+  let stateMigrationService: StateMigrationService;
+
+  beforeEach(() => {
+    storageService = Substitute.for<StorageService>();
+    secureStorageService = Substitute.for<StorageService>();
+    stateFactory = Substitute.for<StateFactory>();
+
+    stateMigrationService = new StateMigrationService(
+      storageService,
+      secureStorageService,
+      stateFactory,
+    );
+  });
+
+  describe("StateVersion 3 to 4 migration", async () => {
+    beforeEach(() => {
+      const globalVersion3: Partial<GlobalState> = {
+        stateVersion: StateVersion.Three,
+      };
+
+      storageService.get("global", Arg.any()).resolves(globalVersion3);
+      storageService.get("authenticatedAccounts", Arg.any()).resolves([userId]);
+    });
+
+    it("clears everBeenUnlocked", async () => {
+      const accountVersion3: Account = {
+        profile: {
+          apiKeyClientId: null,
+          convertAccountToKeyConnector: null,
+          email: "EMAIL",
+          emailVerified: true,
+          everBeenUnlocked: true,
+          hasPremiumPersonally: false,
+          kdfIterations: 100000,
+          kdfType: 0,
+          keyHash: "KEY_HASH",
+          lastSync: "LAST_SYNC",
+          userId: userId,
+          usesKeyConnector: false,
+          forcePasswordReset: false,
+        },
+      };
+
+      const expectedAccountVersion4: Account = {
+        profile: {
+          ...accountVersion3.profile,
+        },
+      };
+      delete expectedAccountVersion4.profile.everBeenUnlocked;
+
+      storageService.get(userId, Arg.any()).resolves(accountVersion3);
+
+      await stateMigrationService.migrate();
+
+      storageService.received(1).save(userId, expectedAccountVersion4, Arg.any());
+    });
+
+    it("updates StateVersion number", async () => {
+      await stateMigrationService.migrate();
+
+      storageService.received(1).save(
+        "global",
+        Arg.is((globals: GlobalState) => globals.stateVersion === StateVersion.Four),
+        Arg.any(),
+      );
+    });
+  });
+});

jslib/common/spec/test.ts

@@ -0,0 +1,5 @@
+import { webcrypto } from "crypto";
+
+Object.defineProperty(window, "crypto", {
+  value: webcrypto,
+});

jslib/common/spec/utils.ts

@@ -0,0 +1,37 @@
+import { Substitute, Arg } from "@fluffy-spoon/substitute";
+
+import { EncString } from "@/jslib/common/src/models/domain/encString";
+
+function newGuid() {
+  return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, (c) => {
+    const r = (Math.random() * 16) | 0;
+    const v = c === "x" ? r : (r & 0x3) | 0x8;
+    return v.toString(16);
+  });
+}
+
+export function GetUniqueString(prefix = "") {
+  return prefix + "_" + newGuid();
+}
+
+export function BuildTestObject<T, K extends keyof T = keyof T>(
+  def: Partial<Pick<T, K>> | T,
+  constructor?: new () => T,
+): T {
+  return Object.assign(constructor === null ? {} : new constructor(), def) as T;
+}
+
+export function mockEnc(s: string): EncString {
+  const mock = Substitute.for<EncString>();
+  mock.decrypt(Arg.any(), Arg.any()).resolves(s);
+
+  return mock;
+}
+
+export function makeStaticByteArray(length: number, start = 0) {
+  const arr = new Uint8Array(length);
+  for (let i = 0; i < length; i++) {
+    arr[i] = start + i;
+  }
+  return arr;
+}

jslib/common/src/abstractions/api.service.ts

@@ -0,0 +1,14 @@
+import { ApiTokenRequest } from "../models/request/identityToken/apiTokenRequest";
+import { PasswordTokenRequest } from "../models/request/identityToken/passwordTokenRequest";
+import { SsoTokenRequest } from "../models/request/identityToken/ssoTokenRequest";
+import { OrganizationImportRequest } from "../models/request/organizationImportRequest";
+import { IdentityCaptchaResponse } from "../models/response/identityCaptchaResponse";
+import { IdentityTokenResponse } from "../models/response/identityTokenResponse";
+import { IdentityTwoFactorResponse } from "../models/response/identityTwoFactorResponse";
+
+export abstract class ApiService {
+  postIdentityToken: (
+    request: PasswordTokenRequest | SsoTokenRequest | ApiTokenRequest,
+  ) => Promise<IdentityTokenResponse | IdentityTwoFactorResponse | IdentityCaptchaResponse>;
+  postPublicImportDirectory: (request: OrganizationImportRequest) => Promise<any>;
+}

jslib/common/src/abstractions/appId.service.ts

@@ -0,0 +1,4 @@
+export abstract class AppIdService {
+  getAppId: () => Promise<string>;
+  getAnonymousAppId: () => Promise<string>;
+}

jslib/common/src/abstractions/broadcaster.service.ts

@@ -0,0 +1,5 @@
+export abstract class BroadcasterService {
+  send: (message: any, id?: string) => void;
+  subscribe: (id: string, messageCallback: (message: any) => any) => void;
+  unsubscribe: (id: string) => void;
+}

jslib/common/src/abstractions/crypto.service.ts

@@ -0,0 +1,86 @@
+import { HashPurpose } from "../enums/hashPurpose";
+import { KdfType } from "../enums/kdfType";
+import { KeySuffixOptions } from "../enums/keySuffixOptions";
+import { EncArrayBuffer } from "../models/domain/encArrayBuffer";
+import { EncString } from "../models/domain/encString";
+import { SymmetricCryptoKey } from "../models/domain/symmetricCryptoKey";
+import { ProfileOrganizationResponse } from "../models/response/profileOrganizationResponse";
+import { ProfileProviderOrganizationResponse } from "../models/response/profileProviderOrganizationResponse";
+import { ProfileProviderResponse } from "../models/response/profileProviderResponse";
+
+export abstract class CryptoService {
+  setKey: (key: SymmetricCryptoKey) => Promise<any>;
+  setKeyHash: (keyHash: string) => Promise<void>;
+  setEncKey: (encKey: string) => Promise<void>;
+  setEncPrivateKey: (encPrivateKey: string) => Promise<void>;
+  setOrgKeys: (
+    orgs: ProfileOrganizationResponse[],
+    providerOrgs: ProfileProviderOrganizationResponse[],
+  ) => Promise<void>;
+  setProviderKeys: (orgs: ProfileProviderResponse[]) => Promise<void>;
+  getKey: (keySuffix?: KeySuffixOptions, userId?: string) => Promise<SymmetricCryptoKey>;
+  getKeyFromStorage: (keySuffix: KeySuffixOptions, userId?: string) => Promise<SymmetricCryptoKey>;
+  getKeyHash: () => Promise<string>;
+  compareAndUpdateKeyHash: (masterPassword: string, key: SymmetricCryptoKey) => Promise<boolean>;
+  getEncKey: (key?: SymmetricCryptoKey) => Promise<SymmetricCryptoKey>;
+  getPublicKey: () => Promise<ArrayBuffer>;
+  getPrivateKey: () => Promise<ArrayBuffer>;
+  getFingerprint: (userId: string, publicKey?: ArrayBuffer) => Promise<string[]>;
+  getOrgKeys: () => Promise<Map<string, SymmetricCryptoKey>>;
+  getOrgKey: (orgId: string) => Promise<SymmetricCryptoKey>;
+  getProviderKey: (providerId: string) => Promise<SymmetricCryptoKey>;
+  hasKey: () => Promise<boolean>;
+  hasKeyInMemory: (userId?: string) => Promise<boolean>;
+  hasKeyStored: (keySuffix?: KeySuffixOptions, userId?: string) => Promise<boolean>;
+  hasEncKey: () => Promise<boolean>;
+  clearKey: (clearSecretStorage?: boolean, userId?: string) => Promise<any>;
+  clearKeyHash: () => Promise<any>;
+  clearEncKey: (memoryOnly?: boolean, userId?: string) => Promise<any>;
+  clearKeyPair: (memoryOnly?: boolean, userId?: string) => Promise<any>;
+  clearOrgKeys: (memoryOnly?: boolean, userId?: string) => Promise<any>;
+  clearProviderKeys: (memoryOnly?: boolean) => Promise<any>;
+  clearPinProtectedKey: () => Promise<any>;
+  clearKeys: (userId?: string) => Promise<any>;
+  toggleKey: () => Promise<any>;
+  makeKey: (
+    password: string,
+    salt: string,
+    kdf: KdfType,
+    kdfIterations: number,
+  ) => Promise<SymmetricCryptoKey>;
+  makeKeyFromPin: (
+    pin: string,
+    salt: string,
+    kdf: KdfType,
+    kdfIterations: number,
+    protectedKeyCs?: EncString,
+  ) => Promise<SymmetricCryptoKey>;
+  makeShareKey: () => Promise<[EncString, SymmetricCryptoKey]>;
+  makeKeyPair: (key?: SymmetricCryptoKey) => Promise<[string, EncString]>;
+  makePinKey: (
+    pin: string,
+    salt: string,
+    kdf: KdfType,
+    kdfIterations: number,
+  ) => Promise<SymmetricCryptoKey>;
+  makeSendKey: (keyMaterial: ArrayBuffer) => Promise<SymmetricCryptoKey>;
+  hashPassword: (
+    password: string,
+    key: SymmetricCryptoKey,
+    hashPurpose?: HashPurpose,
+  ) => Promise<string>;
+  makeEncKey: (key: SymmetricCryptoKey) => Promise<[SymmetricCryptoKey, EncString]>;
+  remakeEncKey: (
+    key: SymmetricCryptoKey,
+    encKey?: SymmetricCryptoKey,
+  ) => Promise<[SymmetricCryptoKey, EncString]>;
+  encrypt: (plainValue: string | ArrayBuffer, key?: SymmetricCryptoKey) => Promise<EncString>;
+  encryptToBytes: (plainValue: ArrayBuffer, key?: SymmetricCryptoKey) => Promise<EncArrayBuffer>;
+  rsaEncrypt: (data: ArrayBuffer, publicKey?: ArrayBuffer) => Promise<EncString>;
+  rsaDecrypt: (encValue: string, privateKeyValue?: ArrayBuffer) => Promise<ArrayBuffer>;
+  decryptToBytes: (encString: EncString, key?: SymmetricCryptoKey) => Promise<ArrayBuffer>;
+  decryptToUtf8: (encString: EncString, key?: SymmetricCryptoKey) => Promise<string>;
+  decryptFromBytes: (encBuf: ArrayBuffer, key: SymmetricCryptoKey) => Promise<ArrayBuffer>;
+  randomNumber: (min: number, max: number) => Promise<number>;
+  validateKey: (key: SymmetricCryptoKey) => Promise<boolean>;
+}

jslib/common/src/abstractions/cryptoFunction.service.ts

@@ -0,0 +1,62 @@
+import { DecryptParameters } from "../models/domain/decryptParameters";
+import { SymmetricCryptoKey } from "../models/domain/symmetricCryptoKey";
+
+export abstract class CryptoFunctionService {
+  pbkdf2: (
+    password: string | ArrayBuffer,
+    salt: string | ArrayBuffer,
+    algorithm: "sha256" | "sha512",
+    iterations: number,
+  ) => Promise<ArrayBuffer>;
+  hkdf: (
+    ikm: ArrayBuffer,
+    salt: string | ArrayBuffer,
+    info: string | ArrayBuffer,
+    outputByteSize: number,
+    algorithm: "sha256" | "sha512",
+  ) => Promise<ArrayBuffer>;
+  hkdfExpand: (
+    prk: ArrayBuffer,
+    info: string | ArrayBuffer,
+    outputByteSize: number,
+    algorithm: "sha256" | "sha512",
+  ) => Promise<ArrayBuffer>;
+  hash: (
+    value: string | ArrayBuffer,
+    algorithm: "sha1" | "sha256" | "sha512" | "md5",
+  ) => Promise<ArrayBuffer>;
+  hmac: (
+    value: ArrayBuffer,
+    key: ArrayBuffer,
+    algorithm: "sha1" | "sha256" | "sha512",
+  ) => Promise<ArrayBuffer>;
+  compare: (a: ArrayBuffer, b: ArrayBuffer) => Promise<boolean>;
+  hmacFast: (
+    value: ArrayBuffer | string,
+    key: ArrayBuffer | string,
+    algorithm: "sha1" | "sha256" | "sha512",
+  ) => Promise<ArrayBuffer | string>;
+  compareFast: (a: ArrayBuffer | string, b: ArrayBuffer | string) => Promise<boolean>;
+  aesEncrypt: (data: ArrayBuffer, iv: ArrayBuffer, key: ArrayBuffer) => Promise<ArrayBuffer>;
+  aesDecryptFastParameters: (
+    data: string,
+    iv: string,
+    mac: string,
+    key: SymmetricCryptoKey,
+  ) => DecryptParameters<ArrayBuffer | string>;
+  aesDecryptFast: (parameters: DecryptParameters<ArrayBuffer | string>) => Promise<string>;
+  aesDecrypt: (data: ArrayBuffer, iv: ArrayBuffer, key: ArrayBuffer) => Promise<ArrayBuffer>;
+  rsaEncrypt: (
+    data: ArrayBuffer,
+    publicKey: ArrayBuffer,
+    algorithm: "sha1" | "sha256",
+  ) => Promise<ArrayBuffer>;
+  rsaDecrypt: (
+    data: ArrayBuffer,
+    privateKey: ArrayBuffer,
+    algorithm: "sha1" | "sha256",
+  ) => Promise<ArrayBuffer>;
+  rsaExtractPublicKey: (privateKey: ArrayBuffer) => Promise<ArrayBuffer>;
+  rsaGenerateKeyPair: (length: 1024 | 2048 | 4096) => Promise<[ArrayBuffer, ArrayBuffer]>;
+  randomBytes: (length: number) => Promise<ArrayBuffer>;
+}

jslib/common/src/abstractions/environment.service.ts

@@ -0,0 +1,34 @@
+import { Observable } from "rxjs";
+
+export type Urls = {
+  base?: string;
+  webVault?: string;
+  api?: string;
+  identity?: string;
+  icons?: string;
+  notifications?: string;
+  events?: string;
+  keyConnector?: string;
+};
+
+export type PayPalConfig = {
+  businessId?: string;
+  buttonAction?: string;
+};
+
+export abstract class EnvironmentService {
+  urls: Observable<Urls>;
+
+  hasBaseUrl: () => boolean;
+  getNotificationsUrl: () => string;
+  getWebVaultUrl: () => string;
+  getSendUrl: () => string;
+  getIconsUrl: () => string;
+  getApiUrl: () => string;
+  getIdentityUrl: () => string;
+  getEventsUrl: () => string;
+  getKeyConnectorUrl: () => string;
+  setUrlsFromStorage: () => Promise<void>;
+  setUrls: (urls: Urls) => Promise<Urls>;
+  getUrls: () => Urls;
+}

jslib/common/src/abstractions/i18n.service.ts

@@ -0,0 +1,9 @@
+export abstract class I18nService {
+  locale: string;
+  supportedTranslationLocales: string[];
+  translationLocale: string;
+  collator: Intl.Collator;
+  localeNames: Map<string, string>;
+  t: (id: string, p1?: string, p2?: string, p3?: string) => string;
+  translate: (id: string, p1?: string, p2?: string, p3?: string) => string;
+}