Version check typo (#1717 )

* fixing dumb issue * Fixing another dumb mistake (cherry picked from commit ad0512e344)
Updating the path for the Release Version Check (#1716 )
2025-12-06 00:03:28 +00:00 · 2022-05-31 18:09:11 -07:00 · 2022-05-31 17:50:37 -07:00 · 2022-05-31 16:13:41 -07:00 · 2022-05-31 16:13:31 -07:00 · 2022-05-27 13:12:37 +10:00
431 changed files with 27827 additions and 12056 deletions
--- a/.eslintignore
+++ b/.eslintignore
@@ -0,0 +1,8 @@
+**/dist
+**/build
+jslib
+webpack.config.js
+scripts/optimize.js
+config.js
+
+**/node_modules
--- a/.eslintrc.json
+++ b/.eslintrc.json
@@ -0,0 +1,31 @@
+{
+  "root": true,
+  "env": {
+    "browser": true
+  },
+  "extends": ["./jslib/shared/eslintrc.json"],
+  "rules": {
+    "import/order": [
+      "error",
+      {
+        "alphabetize": {
+          "order": "asc"
+        },
+        "newlines-between": "always",
+        "pathGroups": [
+          {
+            "pattern": "jslib-*/**",
+            "group": "external",
+            "position": "after"
+          },
+          {
+            "pattern": "src/**/*",
+            "group": "parent",
+            "position": "before"
+          }
+        ],
+        "pathGroupsExcludedImportTypes": ["builtin"]
+      }
+    ]
+  }
+}
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -21,10 +21,6 @@

 <!--Required for any UI changes. Delete if not applicable-->

-## Testing requirements
-
-<!--What functionality requires testing by QA? This includes testing new behavior and regression testing-->
-
 ## Before you submit

 - [ ] I have checked for **linting** errors (`npm run lint`) (required)
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -11,6 +11,10 @@ on:
    branches-ignore:
      - "l10n_master"
      - "gh-pages"
+      - "deploy"
+    paths-ignore:
+      - '.github/workflows/**'
+

 jobs:
  cloc:
@@ -28,6 +32,28 @@ jobs:
      - name: Print lines of code
        run: cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git

+
+  lint:
+    name: Lint
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846
+
+      - name: Cache npm
+        id: npm-cache
+        uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353  # v2.1.6
+        with:
+          path: "~/.npm"
+          key: ${{ runner.os }}-npm-lint-${{ hashFiles('**/package-lock.json') }}
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run linter
+        run: npm run lint
+
+
  setup:
    name: Setup
    runs-on: ubuntu-20.04
@@ -41,24 +67,25 @@ jobs:
        id: version
        run: echo "::set-output name=value::${GITHUB_SHA:0:7}"

+
  build-oss-selfhost:
    name: Build OSS zip
    runs-on: ubuntu-20.04
-    needs: setup
+    needs:
+      - setup
+      - lint
    env:
      _VERSION: ${{ needs.setup.outputs.version }}
    steps:
-      - name: Set up Node
-        uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
-        with:
-          node-version: "16"
+      - name: Checkout repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f

-      - name: Cache npm
-        id: npm-cache
-        uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353  # v2.1.6
+      - name: Set up Node
+        uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a  # v3.0.0
        with:
-          path: "~/.npm"
-          key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+          node-version: "16"

      - name: Print environment
        run: |
@@ -70,9 +97,6 @@ jobs:
          echo "GitHub ref: $GITHUB_REF"
          echo "GitHub event: $GITHUB_EVENT"

-      - name: Checkout repo
-        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-
      - name: Install dependencies
        run: npm ci

@@ -88,24 +112,25 @@ jobs:
          path: ./web-${{ env._VERSION }}-selfhosted-open-source.zip
          if-no-files-found: error

+
  build-cloud:
    name: Build Cloud zip
    runs-on: ubuntu-20.04
-    needs: setup
+    needs:
+      - setup
+      - lint
    env:
      _VERSION: ${{ needs.setup.outputs.version }}
    steps:
-      - name: Set up Node
-        uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
-        with:
-          node-version: "16"
+      - name: Checkout repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f

-      - name: Cache npm
-        id: npm-cache
-        uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353  # v2.1.6
+      - name: Set up Node
+        uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a  # v3.0.0
        with:
-          path: "~/.npm"
-          key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+          node-version: "16"

      - name: Print environment
        run: |
@@ -117,9 +142,6 @@ jobs:
          echo "GitHub ref: $GITHUB_REF"
          echo "GitHub event: $GITHUB_EVENT"

-      - name: Checkout repo
-        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-
      - name: Install dependencies
        run: npm ci

@@ -135,24 +157,25 @@ jobs:
          path: ./web-${{ env._VERSION }}-cloud-COMMERCIAL.zip
          if-no-files-found: error

+
  build-commercial-selfhost:
    name: Build SelfHost Docker image
    runs-on: ubuntu-20.04
-    needs: setup
+    needs:
+      - setup
+      - lint
    env:
      _VERSION: ${{ needs.setup.outputs.version }}
    steps:
-      - name: Set up Node
-        uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
-        with:
-          node-version: "16"
+      - name: Checkout repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f

-      - name: Cache npm
-        id: npm-cache
-        uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353  # v2.1.6
+      - name: Set up Node
+        uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a  # v3.0.0
        with:
-          path: "~/.npm"
-          key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+          node-version: "16"

      - name: Print environment
        run: |
@@ -165,19 +188,13 @@ jobs:
          echo "GitHub event: $GITHUB_EVENT"

      - name: Setup DCT
-        if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix'
+        if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc'
        id: setup-dct
        uses: bitwarden/gh-actions/setup-docker-trust@a8c384a05a974c05c48374c818b004be221d43ff
        with:
          azure-creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
          azure-keyvault-name: "bitwarden-prod-kv"

-      - name: Checkout repo
-        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-
-      - name: Restore
-        run: dotnet tool restore
-
      - name: Install dependencies
        run: npm ci

@@ -212,11 +229,11 @@ jobs:
        run: docker tag bitwarden/web bitwarden/web:dev

      - name: Tag hotfix branch
-        if: github.ref == 'refs/heads/hotfix'
-        run: docker tag bitwarden/web bitwarden/web:hotfix
+        if: github.ref == 'refs/heads/hotfix-rc'
+        run: docker tag bitwarden/web bitwarden/web:hotfix-rc

      - name: List Docker images
-        if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix'
+        if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc'
        run: docker images

      - name: Push rc image
@@ -234,31 +251,58 @@ jobs:
          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}

      - name: Push hotfix image
-        if: github.ref == 'refs/heads/hotfix'
-        run: docker push bitwarden/web:hotfix
+        if: github.ref == 'refs/heads/hotfix-rc'
+        run: docker push bitwarden/web:hotfix-rc
        env:
          DOCKER_CONTENT_TRUST: 1
          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}

      - name: Log out of Docker
-        if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix'
+        if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc'
+        run: |
+          docker logout
+          echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV
+
+      - name: Login to Azure - QA Subscription
+        uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
+        with:
+          creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}
+
+      - name: Login to Azure ACR
+        run: az acr login -n bitwardenqa
+
+      - name: Tag and Push RC to Azure ACR QA registry
+        env:
+          REGISTRY: bitwardenqa.azurecr.io
+        run: |
+          IMAGE_TAG=$(echo "${GITHUB_REF:11}" | sed "s#/#-#g")  # slash safe branch name
+          if [[ "$IMAGE_TAG" == "master" ]]; then
+            IMAGE_TAG=dev
+          fi
+          docker tag bitwarden/web \
+            $REGISTRY/web-sh:$IMAGE_TAG
+          docker push $REGISTRY/web-sh:$IMAGE_TAG
+
+      - name: Log out of Docker
        run: docker logout

+
  build-qa:
    name: Build Docker images for QA environment
    runs-on: ubuntu-20.04
+    needs:
+      - setup
+      - lint
    steps:
-      - name: Set up Node
-        uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
-        with:
-          node-version: "16"
+      - name: Checkout repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f

-      - name: Cache npm
-        id: npm-cache
-        uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353  # v2.1.6
+      - name: Set up Node
+        uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a  # v3.0.0
        with:
-          path: "~/.npm"
-          key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
+          node-version: "16"

      - name: Print environment
        run: |
@@ -278,12 +322,6 @@ jobs:
      - name: Log into container registry
        run: az acr login -n bitwardenqa

-      - name: Checkout repo
-        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-
-      - name: Restore
-        run: dotnet tool restore
-
      - name: Install dependencies
        run: npm ci

@@ -339,35 +377,29 @@ jobs:
      - name: Log out of Docker
        run: docker logout

+
  windows:
    name: Test code on Windows
    runs-on: windows-2019
    steps:
+      - name: Checkout repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+
      - name: Set up NuGet
        uses: nuget/setup-nuget@04b0c2b8d1b97922f67eca497d7cf0bf17b8ffe1
        with:
          nuget-version: "latest"

-      - name: Set up MSBuild
-        uses: microsoft/setup-msbuild@c26a08ba26249b81327e26f6ef381897b6a8754d
-
-      - name: Cache npm
-        id: npm-cache
-        uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353  # v2.1.6
-        with:
-          path: "~/.npm"
-          key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
-
      - name: Set up Node
-        uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
+        uses: actions/setup-node@9ced9a43a244f3ac94f13bfd896db8c8f30da67a  # v3.0.0
        with:
+          cache: 'npm'
+          cache-dependency-path: '**/package-lock.json'
          node-version: "16"

      - name: Print environment
        run: |
          nuget help | grep Version
-          msbuild -version
-          dotnet --info
          node --version
          npm --version
          echo "GitHub ref: $GITHUB_REF"
@@ -376,18 +408,13 @@ jobs:
          GITHUB_REF: ${{ github.ref }}
          GITHUB_EVENT: ${{ github.event_name }}

-      - name: Checkout repo
-        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-
      - name: Install dependencies
        run: npm ci

-      - name: Run linter
-        run: npm run lint
-
      - name: NPM build
        run: npm run build:bit:cloud

+
  crowdin-push:
    name: Crowdin Push
    if: github.ref == 'refs/heads/master'
@@ -426,6 +453,7 @@ jobs:
          upload_sources: true
          upload_translations: false

+
  check-failures:
    name: Check for failures
    if: always()
@@ -433,6 +461,7 @@ jobs:
    needs:
      - cloc
      - setup
+      - lint
      - build-oss-selfhost
      - build-cloud
      - build-commercial-selfhost
@@ -444,6 +473,7 @@ jobs:
        if: ${{ (github.ref == 'refs/heads/master') || (github.ref == 'refs/heads/rc') }}
        env:
          CLOC_STATUS: ${{ needs.cloc.result }}
+          LINT_STATUS: ${{ needs.lint.result }}
          SETUP_STATUS: ${{ needs.setup.result }}
          BUILD_OSS_SELFHOST_STATUS: ${{ needs.build-oss-selfhost.result }}
          BUILD_CLOUD_STATUS: ${{ needs.build-cloud.result }}
@@ -454,6 +484,8 @@ jobs:
        run: |
          if [ "$CLOC_STATUS" = "failure" ]; then
              exit 1
+          elif [ "$LINT_STATUS" = "failure" ]; then
+              exit 1
          elif [ "$SETUP_STATUS" = "failure" ]; then
              exit 1
          elif [ "$BUILD_OSS_SELFHOST_STATUS" = "failure" ]; then
--- a/.github/workflows/enforce-labels.yml
+++ b/.github/workflows/enforce-labels.yml
@@ -0,0 +1,16 @@
+---
+name: Enforce PR labels
+
+on:
+  pull_request:
+    types: [labeled, unlabeled, opened, edited, synchronize]
+jobs:
+  enforce-label:
+    name: EnforceLabel
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Enforce Label
+        uses: yogevbd/enforce-label-action@8d1e1709b1011e6d90400a0e6cf7c0b77aa5efeb
+        with:
+          BANNED_LABELS: "hold"
+          BANNED_LABELS_DESCRIPTION: "PRs on hold cannot be merged"
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -12,58 +12,53 @@ on:
        options:
          - Initial Release
          - Redeploy
+          - Dry Run

 jobs:
  setup:
    name: Setup
    runs-on: ubuntu-20.04
    outputs:
-      release_version: ${{ steps.version.outputs.package }}
-      tag_version: ${{ steps.version.outputs.tag }}
-      branch-name: ${{ steps.branch.outputs.branch-name }}
+      release_version: ${{ steps.version.outputs.version }}
+      tag_version: ${{ steps.version.outputs.version }}
+      branch_name: ${{ steps.branch.outputs.branch_name }}
    steps:
      - name: Branch check
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
        run: |
-          if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix" ]]; then
+          if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then
            echo "==================================="
-            echo "[!] Can only release from the 'rc' or 'hotfix' branches"
+            echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches"
            echo "==================================="
            exit 1
          fi

      - name: Checkout repo
-        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f  # 2.3.4
+        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579  # 2.4.0

      - name: Check Release Version
        id: version
-        run: |
-          version=$( jq -r ".version" package.json)
-          previous_release_tag_version=$(
-            curl -sL https://api.github.com/repos/$GITHUB_REPOSITORY/releases/latest | jq -r ".tag_name"
-          )
-
-          if [ "v$version" == "$previous_release_tag_version" ] && \
-          [ "${{ github.event.inputs.release_type }}" == "Initial Release" ]; then
-            echo "[!] Already released v$version. Please bump version to continue"
-            exit 1
-          fi
-
-          echo "::set-output name=package::$version"
-          echo "::set-output name=tag::v$version"
+        uses: bitwarden/gh-actions/release-version-check@ea9fab01d76940267b4147cc1c4542431246b9f6
+        with:
+          release-type: ${{ github.event.inputs.release_type }}
+          project-type: ts
+          file: package.json

      - name: Get branch name
        id: branch
        run: |
          BRANCH_NAME=$(basename ${{ github.ref }})
-          echo "::set-output name=branch-name::$BRANCH_NAME"
+          echo "::set-output name=branch_name::$BRANCH_NAME"
+

  self-host:
    name: Release self-host docker
    runs-on: ubuntu-20.04
    needs: setup
    env:
-      _BRANCH_NAME: ${{ needs.setup.outputs.branch-name }}
+      _BRANCH_NAME: ${{ needs.setup.outputs.branch_name }}
      _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }}
+      _RELEASE_OPTION: ${{ github.event.inputs.release_type }}
    steps:
      - name: Print environment
        run: |
@@ -71,7 +66,12 @@ jobs:
          docker --version
          echo "GitHub ref: $GITHUB_REF"
          echo "GitHub event: $GITHUB_EVENT"
+          echo "Github Release Option: $_RELEASE_OPTION"

+      - name: Checkout repo
+        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579
+
+      ########## DockerHub ##########
      - name: Setup DCT
        id: setup-dct
        uses: bitwarden/gh-actions/setup-docker-trust@a8c384a05a974c05c48374c818b004be221d43ff
@@ -79,21 +79,25 @@ jobs:
          azure-creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
          azure-keyvault-name: "bitwarden-prod-kv"

-      - name: Checkout repo
-        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
-
      - name: Pull latest selfhost image
-        run: docker pull bitwarden/web:$_BRANCH_NAME
+        run: |
+          if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
+            docker pull bitwarden/web:latest
+          else
+            docker pull bitwarden/web:$_BRANCH_NAME
+          fi

      - name: Tag version and latest
        run: |
+          if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
+            docker tag bitwarden/web:latest bitwarden/web:dryrun
+          else
            docker tag bitwarden/web:$_BRANCH_NAME bitwarden/web:$_RELEASE_VERSION
            docker tag bitwarden/web:$_BRANCH_NAME bitwarden/web:latest
-
-      - name: List Docker images
-        run: docker images
+          fi

      - name: Push version and latest image
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
        env:
          DOCKER_CONTENT_TRUST: 1
          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
@@ -101,11 +105,51 @@ jobs:
          docker push bitwarden/web:$_RELEASE_VERSION
          docker push bitwarden/web:latest

+      - name: Log out of Docker and disable Docker Notary
+        run: |
+          docker logout
+          echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV
+
+      ########## ACR ##########
+      - name: Login to Azure - QA Subscription
+        uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
+        with:
+          creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}
+
+      - name: Login to Azure ACR
+        run: az acr login -n bitwardenqa
+
+      - name: Tag version and latest
+        env:
+          REGISTRY: bitwardenqa.azurecr.io
+        run: |
+          if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
+            docker tag bitwarden/web:latest $REGISTRY/web:dryrun
+          else
+            docker tag bitwarden/web:$_BRANCH_NAME $REGISTRY/web:$_RELEASE_VERSION
+            docker tag bitwarden/web:$_BRANCH_NAME $REGISTRY/web:latest
+
+            docker tag bitwarden/web:$_BRANCH_NAME $REGISTRY/web-sh:$_RELEASE_VERSION
+            docker tag bitwarden/web:$_BRANCH_NAME $REGISTRY/web-sh:latest
+          fi
+
+      - name: Push version and latest image
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        env:
+          REGISTRY: bitwardenqa.azurecr.io
+        run: |
+          docker push $REGISTRY/web:$_RELEASE_VERSION
+          docker push $REGISTRY/web:latest
+
+          docker push $REGISTRY/web-sh:$_RELEASE_VERSION
+          docker push $REGISTRY/web-sh:latest
+
      - name: Log out of Docker
        run: docker logout

+
  ghpages-deploy:
-    name: Deploy Web Vault
+    name: Deploy Web Vault to GitHub Pages
    runs-on: ubuntu-20.04
    needs:
      - setup
@@ -115,17 +159,17 @@ jobs:
      _TAG_VERSION: ${{ needs.setup.outputs.tag_version }}
    steps:
      - name: Checkout Repo
-        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f  # v2.3.4
+        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579  # v2.4.0
        with:
          ref: gh-pages

-      - name: Create deploy branch
+      - name: Create gh-pages-deploy branch
        run: |
-          git switch -c deploy-$_TAG_VERSION
-          git push -u origin deploy-$_TAG_VERSION
+          git switch -c gh-pages-deploy-$_TAG_VERSION
+          git push -u origin gh-pages-deploy-$_TAG_VERSION

      - name: Checkout Repo
-        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f  # v2.3.4
+        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579  # v2.4.0

      - name: Setup git config
        run: |
@@ -135,11 +179,11 @@ jobs:
          git config --global url."https://".insteadOf ssh://

      - name: Download latest cloud asset
-        uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
+        uses: bitwarden/gh-actions/download-artifacts@c1fa8e09871a860862d6bbe36184b06d2c7e35a8
        with:
          workflow: build.yml
          workflow_conclusion: success
-          branch: ${{ needs.setup.outputs.branch-name }}
+          branch: ${{ needs.setup.outputs.branch_name }}
          artifacts: web-*-cloud-COMMERCIAL.zip

      # This should result in a build directory in the current working directory
@@ -147,25 +191,92 @@ jobs:
        run: unzip web-*-cloud-COMMERCIAL.zip

      - name: Deploy GitHub Pages
-        uses: crazy-max/ghaction-github-pages@db4476a01402e1a7ce05f41832040eef16d14925  # v2.5.0
+        uses: crazy-max/ghaction-github-pages@a117e4aa1fb4854d021546d2abdfac95be568a3a  # v2.6.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
-          target_branch: deploy-${{ needs.setup.outputs.tag_version }}
+          target_branch: gh-pages-deploy-${{ needs.setup.outputs.tag_version }}
          build_dir: build
          keep_history: true
          commit_message: "Staging deploy ${{ needs.setup.outputs.release_version }}"
+          dry_run: ${{ github.event.inputs.release_type == 'Dry Run' }}

-      - name: Create Deploy PR
+      - name: Create GitHub Pages Deploy PR
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
        env:
-          PR_BRANCH: deploy-${{ env._TAG_VERSION }}
+          PR_BRANCH: gh-pages-deploy-${{ env._TAG_VERSION }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
-          gh pr create --title "Deploy $_RELEASE_VERSION" \
+          gh pr create --title "Deploy $_RELEASE_VERSION to GitHub Pages" \
            --body "Deploying $_RELEASE_VERSION" \
            --base gh-pages \
            --head "$PR_BRANCH"

+
+  cfpages-deploy:
+    name: Deploy Web Vault to CloudFlare Pages branch
+    runs-on: ubuntu-20.04
+    needs:
+      - setup
+      - self-host
+    env:
+      _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }}
+      _TAG_VERSION: ${{ needs.setup.outputs.tag_version }}
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579  # v2.4.0
+
+      - name: Download latest cloud asset
+        uses: bitwarden/gh-actions/download-artifacts@c1fa8e09871a860862d6bbe36184b06d2c7e35a8
+        with:
+          workflow: build.yml
+          workflow_conclusion: success
+          branch: ${{ needs.setup.outputs.branch_name }}
+          artifacts: web-*-cloud-COMMERCIAL.zip
+
+      # This should result in a build directory in the current working directory
+      - name: Unzip build asset
+        run: unzip web-*-cloud-COMMERCIAL.zip
+
+      - name: Checkout Repo
+        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579  # v2.4.0
+        with:
+          ref: deploy
+          path: deployment
+
+      - name: Setup git config
+        run: |
+          git config --global user.name = "GitHub Action Bot"
+          git config --global user.email = "<>"
+          git config --global url."https://github.com/".insteadOf ssh://git@github.com/
+          git config --global url."https://".insteadOf ssh://
+
+      - name: Deploy CloudFlare Pages
+        run: |
+          rm -rf ./*
+          cp -R ../build/* .
+        working-directory: deployment
+
+      - name: Create cf-pages-deploy branch
+        run: |
+          git switch -c cf-pages-deploy-$_TAG_VERSION
+          git add .
+          git commit -m "Staging deploy ${{ needs.setup.outputs.release_version }}"
+          git push -u origin cf-pages-deploy-$_TAG_VERSION
+        working-directory: deployment    
+
+      - name: Create CloudFlare Pages Deploy PR
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        env:
+          PR_BRANCH: cf-pages-deploy-${{ env._TAG_VERSION }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh pr create --title "Deploy $_RELEASE_VERSION to CloudFlare Pages" \
+            --body "Deploying $_RELEASE_VERSION" \
+            --base deploy \
+            --head "$PR_BRANCH"
+
+
  release:
    name: Create GitHub Release
    runs-on: ubuntu-20.04
@@ -173,13 +284,14 @@ jobs:
      - setup
      - self-host
      - ghpages-deploy
+      - cfpages-deploy
    steps:
      - name: Download latest build artifacts
        uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
        with:
          workflow: build.yml
          workflow_conclusion: success
-          branch: ${{ needs.setup.outputs.branch-name }}
+          branch: ${{ needs.setup.outputs.branch_name }}
          artifacts: "web-*-selfhosted-COMMERCIAL.zip,
            web-*-selfhosted-open-source.zip"

@@ -189,7 +301,8 @@ jobs:
          mv web-*-selfhosted-open-source.zip web-${{ needs.setup.outputs.release_version }}-selfhosted-open-source.zip

      - name: Create release
-        uses: ncipollo/release-action@95215a3cb6e6a1908b3c44e00b4fdb15548b1e09
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        uses: ncipollo/release-action@40bb172bd05f266cf9ba4ff965cb61e9ee5f6d01
        with:
          name: "Version ${{ needs.setup.outputs.release_version }}"
          commit: ${{ github.sha }}
@@ -199,3 +312,23 @@ jobs:
            web-${{ needs.setup.outputs.release_version }}-selfhosted-open-source.zip"
          token: ${{ secrets.GITHUB_TOKEN }}
          draft: true
+
+
+  dry-run:
+    name: Dry Run Cleanup
+    runs-on: ubuntu-20.04
+    if: ${{ github.event.inputs.release_type == 'Dry Run' }}
+    env:
+      _TAG_VERSION: ${{ needs.setup.outputs.tag_version }}
+    needs:
+      - setup
+      - release
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579  # 2.4.0
+
+      - name: Remove gh-pages-deploy branch
+        run: git push origin --delete gh-pages-deploy-$_TAG_VERSION
+
+      - name: Remove cf-pages-deploy branch
+        run: git push origin --delete cf-pages-deploy-$_TAG_VERSION
--- a/.github/workflows/workflow-linter.yml
+++ b/.github/workflows/workflow-linter.yml
@@ -0,0 +1,11 @@
+---
+name: Workflow Linter
+
+on:
+  pull_request:
+    paths:
+      - .github/workflows/**
+
+jobs:
+  call-workflow:
+    uses: bitwarden/gh-actions/.github/workflows/workflow-linter.yml@master
--- a/.husky/pre-commit
+++ b/.husky/pre-commit
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -10,7 +10,7 @@ Here is how you can get involved:
 - **Write code for a new feature:** Make a new post in the [Github Contributions category](https://community.bitwarden.com/c/github-contributions/) of the Community Forums. Include a description of your proposed contribution, screeshots, and links to any relevant feature requests. This helps get feedback from the community and Bitwarden team members before you start writing code
 - **Report a bug or submit a bugfix:** Use Github issues and pull requests
 - **Write documentation:** Submit a pull request to the [Bitwarden help repository](https://github.com/bitwarden/help)
- **Help other users:** Go to the [User-to-User Support category](https://community.bitwarden.com/c/support/) on the Community Forums
+- **Help other users:** Go to the [Ask the Bitwarden Community category](https://community.bitwarden.com/c/support/) on the Community Forums
 - **Translate:** See the localization (l10n) section below

 ## Contributor Agreement
@@ -31,6 +31,6 @@ We use a translation tool called [Crowdin](https://crowdin.com) to help manage o

 If you are interested in helping translate the Bitwarden web vault into another language (or make a translation correction), please register an account at Crowdin and join our project here: https://crowdin.com/project/bitwarden-web

-If the language that you are interested in translating is not already listed, create a new account on Crowdin, join the project, and contact the project owner (https://crowdin.com/profile/kspearrin).
+If the language that you are interested in translating is not already listed, create a new account on Crowdin, join the project, and contact the project owner (https://crowdin.com/profile/dwbit).

 You can read Crowdin's getting started guide for translators here: https://support.crowdin.com/crowdin-intro/
--- a/2
+++ b/2
@@ -1,4 +1,4 @@
-FROM bitwarden/server:dev
+FROM bitwarden/server

 LABEL com.bitwarden.product="bitwarden"

--- a/README.md
+++ b/README.md
@@ -1,3 +1,9 @@
+> **Repository Reorganization in Progress**
+>
+> We are currently migrating some projects over to a mono repository. For existing PR's we will be providing documentation on how to move/migrate them. To minimize the overhead we are actively reviewing open PRs. If possible please ensure any pending comments are resolved as soon as possible.
+>
+> New pull requests created during this transition period may not get addressed —if needed, please create a new PR after the reorganization is complete.
+
 <p align="center">
    <img src="https://raw.githubusercontent.com/bitwarden/brand/master/screenshots/web-vault-macbook.png" alt="" width="600" height="358" />
 </p>
@@ -61,6 +67,10 @@ You can also manually adjusting your API endpoint settings by adding `config/loc

 Where the `urls` object is defined by the [Urls type in jslib](https://github.com/bitwarden/jslib/blob/master/common/src/abstractions/environment.service.ts).

+## We're Hiring!
+
+Interested in contributing in a big way? Consider joining our team! We're hiring for many positions. Please take a look at our [Careers page](https://bitwarden.com/careers/) to see what opportunities are currently open as well as what it's like to work at Bitwarden.
+
 ## Contribute

 Code contributions are welcome! Please commit any pull requests against the `master` branch. Learn more about how to contribute by reading the [`CONTRIBUTING.md`](CONTRIBUTING.md) file.
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,39 +1,11 @@
-Bitwarden believes that working with security researchers across the globe is crucial to keeping our
-users safe. If you believe you've found a security issue in our product or service, we encourage you to
-notify us. We welcome working with you to resolve the issue promptly. Thanks in advance!
+Bitwarden believes that working with security researchers across the globe is crucial to keeping our users safe. If you believe you've found a security issue in our product or service, we encourage you to please submit a report through our [HackerOne Program](https://hackerone.com/bitwarden/). We welcome working with you to resolve the issue promptly. Thanks in advance!

 # Disclosure Policy

- Let us know as soon as possible upon discovery of a potential security issue, and we'll make every
-  effort to quickly resolve the issue.
- Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a
-  third-party. We may publicly disclose the issue before resolving it, if appropriate.
- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or
-  degradation of our service. Only interact with accounts you own or with explicit permission of the
-  account holder.
- If you would like to encrypt your report, please use the PGP key with long ID
-  `0xDE6887086F892325FEC04CC0D847525B6931381F` (available in the public keyserver pool).
-
-# In-scope
-
- Security issues in any current release of Bitwarden. This includes the web vault, browser extension,
-  and mobile apps (iOS and Android). Product downloads are available at https://bitwarden.com. Source
-  code is available at https://github.com/bitwarden.
-
-# Exclusions
-
-The following bug classes are out-of scope:
-
- Bugs that are already reported on any of Bitwarden's issue trackers (https://github.com/bitwarden),
-  or that we already know of. Note that some of our issue tracking is private.
- Issues in an upstream software dependency (ex: Xamarin, ASP.NET) which are already reported to the
-  upstream maintainer.
- Attacks requiring physical access to a user's device.
- Self-XSS
- Issues related to software or protocols not under Bitwarden's control
- Vulnerabilities in outdated versions of Bitwarden
- Missing security best practices that do not directly lead to a vulnerability
- Issues that do not have any impact on the general public
+- Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
+- Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party. We may publicly disclose the issue before resolving it, if appropriate.
+- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.
+- If you would like to encrypt your report, please use the PGP key with long ID `0xDE6887086F892325FEC04CC0D847525B6931381F` (available in the public keyserver pool).

 While researching, we'd like to ask you to refrain from:

@@ -42,4 +14,8 @@ While researching, we'd like to ask you to refrain from:
 - Social engineering (including phishing) of Bitwarden staff or contractors
 - Any physical attempts against Bitwarden property or data centers

+# We want to help you!
+
+If you have something that you feel is close to exploitation, or if you'd like some information regarding the internal API, or generally have any questions regarding the app that would help in your efforts, please email us at https://bitwarden.com/contact and ask for that information. As stated above, Bitwarden wants to help you find issues, and is more than willing to help.
+
 Thank you for helping keep Bitwarden and our users safe!
--- a/bitwarden_license/src/app/app.component.ts
+++ b/bitwarden_license/src/app/app.component.ts
@@ -1,6 +1,7 @@
 import { Component } from "@angular/core";

 import { AppComponent as BaseAppComponent } from "src/app/app.component";
+
 import { DisablePersonalVaultExportPolicy } from "./policies/disable-personal-vault-export.component";
 import { MaximumVaultTimeoutPolicy } from "./policies/maximum-vault-timeout.component";

--- a/bitwarden_license/src/app/app.module.ts
+++ b/bitwarden_license/src/app/app.module.ts
@@ -1,11 +1,17 @@
 import { DragDropModule } from "@angular/cdk/drag-drop";
+import { OverlayModule } from "@angular/cdk/overlay";
 import { NgModule } from "@angular/core";
 import { FormsModule, ReactiveFormsModule } from "@angular/forms";
 import { BrowserAnimationsModule } from "@angular/platform-browser/animations";
 import { RouterModule } from "@angular/router";
 import { InfiniteScrollModule } from "ngx-infinite-scroll";

-import { BitwardenToastModule } from "jslib-angular/components/toastr.component";
+import { JslibModule } from "jslib-angular/jslib.module";
+
+import { OssRoutingModule } from "src/app/oss-routing.module";
+import { OssModule } from "src/app/oss.module";
+import { ServicesModule } from "src/app/services/services.module";
+import { WildcardRoutingModule } from "src/app/wildcard-routing.module";

 import { AppRoutingModule } from "./app-routing.module";
 import { AppComponent } from "./app.component";
@@ -13,35 +19,27 @@ import { OrganizationsModule } from "./organizations/organizations.module";
 import { DisablePersonalVaultExportPolicyComponent } from "./policies/disable-personal-vault-export.component";
 import { MaximumVaultTimeoutPolicyComponent } from "./policies/maximum-vault-timeout.component";

-import { OssRoutingModule } from "src/app/oss-routing.module";
-import { OssModule } from "src/app/oss.module";
-import { ServicesModule } from "src/app/services/services.module";
-import { WildcardRoutingModule } from "src/app/wildcard-routing.module";
-
@NgModule({
  imports: [
+    OverlayModule,
    OssModule,
+    JslibModule,
    BrowserAnimationsModule,
    FormsModule,
    ReactiveFormsModule,
    ServicesModule,
-    BitwardenToastModule.forRoot({
-      maxOpened: 5,
-      autoDismiss: true,
-      closeButton: true,
-    }),
    InfiniteScrollModule,
    DragDropModule,
    AppRoutingModule,
    OssRoutingModule,
-    OrganizationsModule,
+    OrganizationsModule, // Must be after OssRoutingModule for competing routes to resolve properly
    RouterModule,
    WildcardRoutingModule, // Needs to be last to catch all non-existing routes
  ],
  declarations: [
    AppComponent,
-    MaximumVaultTimeoutPolicyComponent,
    DisablePersonalVaultExportPolicyComponent,
+    MaximumVaultTimeoutPolicyComponent,
  ],
  bootstrap: [AppComponent],
 })
--- a/bitwarden_license/src/app/main.ts
+++ b/bitwarden_license/src/app/main.ts
@@ -5,8 +5,8 @@ import "bootstrap";
 import "jquery";
 import "popper.js";

-// tslint:disable-next-line
 require("src/scss/styles.scss");
+require("src/scss/tailwind.css");

 import { AppModule } from "./app.module";

--- a/bitwarden_license/src/app/organizations/components/base-cva.component.ts
+++ b/bitwarden_license/src/app/organizations/components/base-cva.component.ts
@@ -0,0 +1,68 @@
+import { Directive, Input, OnInit, Self } from "@angular/core";
+import { ControlValueAccessor, FormControl, NgControl, Validators } from "@angular/forms";
+
+import { dirtyRequired } from "jslib-angular/validators/dirty.validator";
+
+/** For use in the SSO Config Form only - will be deprecated by the Component Library */
+@Directive()
+export abstract class BaseCvaComponent implements ControlValueAccessor, OnInit {
+  get describedById() {
+    return this.showDescribedBy ? this.controlId + "Desc" : null;
+  }
+
+  get showDescribedBy() {
+    return this.helperText != null || this.controlDir.control.hasError("required");
+  }
+
+  get isRequired() {
+    return (
+      this.controlDir.control.hasValidator(Validators.required) ||
+      this.controlDir.control.hasValidator(dirtyRequired)
+    );
+  }
+
+  @Input() label: string;
+  @Input() controlId: string;
+  @Input() helperText: string;
+
+  internalControl = new FormControl("");
+
+  protected onChange: any;
+  protected onTouched: any;
+
+  constructor(@Self() public controlDir: NgControl) {
+    this.controlDir.valueAccessor = this;
+  }
+
+  ngOnInit() {
+    this.internalControl.valueChanges.subscribe(this.onValueChangesInternal);
+  }
+
+  onBlurInternal() {
+    this.onTouched();
+  }
+
+  // CVA interfaces
+  writeValue(value: string) {
+    this.internalControl.setValue(value);
+  }
+
+  registerOnChange(fn: any) {
+    this.onChange = fn;
+  }
+
+  registerOnTouched(fn: any) {
+    this.onTouched = fn;
+  }
+
+  setDisabledState(isDisabled: boolean) {
+    if (isDisabled) {
+      this.internalControl.disable();
+    } else {
+      this.internalControl.enable();
+    }
+  }
+
+  protected onValueChangesInternal: any = (value: string) => this.onChange(value);
+  // End CVA interfaces
+}
--- a/bitwarden_license/src/app/organizations/components/input-checkbox.component.html
+++ b/bitwarden_license/src/app/organizations/components/input-checkbox.component.html
@@ -0,0 +1,16 @@
+<div class="form-group">
+  <div class="form-check">
+    <input
+      class="form-check-input"
+      type="checkbox"
+      [attr.id]="controlId"
+      [attr.aria-describedby]="describedById"
+      [formControl]="internalControl"
+      (blur)="onBlurInternal()"
+    />
+    <label class="form-check-label" [attr.for]="controlId">{{ label }}</label>
+  </div>
+  <small *ngIf="showDescribedBy" [attr.id]="describedById" class="form-text text-muted">{{
+    helperText
+  }}</small>
+</div>
--- a/bitwarden_license/src/app/organizations/components/input-checkbox.component.ts
+++ b/bitwarden_license/src/app/organizations/components/input-checkbox.component.ts
@@ -0,0 +1,10 @@
+import { Component } from "@angular/core";
+
+import { BaseCvaComponent } from "./base-cva.component";
+
+/** For use in the SSO Config Form only - will be deprecated by the Component Library */
+@Component({
+  selector: "app-input-checkbox",
+  templateUrl: "input-checkbox.component.html",
+})
+export class InputCheckboxComponent extends BaseCvaComponent {}
--- a/bitwarden_license/src/app/organizations/components/input-text-readonly.component.html
+++ b/bitwarden_license/src/app/organizations/components/input-text-readonly.component.html
@@ -0,0 +1,26 @@
+<div class="form-group">
+  <label>{{ label }}</label>
+  <div class="input-group">
+    <input class="form-control" readonly [value]="controlValue" />
+    <div class="input-group-append" *ngIf="showLaunch">
+      <button
+        type="button"
+        class="btn btn-outline-secondary"
+        appA11yTitle="{{ 'launch' | i18n }}"
+        (click)="launchUri(controlValue)"
+      >
+        <i class="bwi bwi-lg bwi-external-link" aria-hidden="true"></i>
+      </button>
+    </div>
+    <div class="input-group-append" *ngIf="showCopy">
+      <button
+        type="button"
+        class="btn btn-outline-secondary"
+        appA11yTitle="{{ 'copyValue' | i18n }}"
+        (click)="copy(controlValue)"
+      >
+        <i class="bwi bwi-lg bwi-clone" aria-hidden="true"></i>
+      </button>
+    </div>
+  </div>
+</div>
--- a/bitwarden_license/src/app/organizations/components/input-text-readonly.component.ts
+++ b/bitwarden_license/src/app/organizations/components/input-text-readonly.component.ts
@@ -0,0 +1,25 @@
+import { Component, Input } from "@angular/core";
+
+import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
+
+/** For use in the SSO Config Form only - will be deprecated by the Component Library */
+@Component({
+  selector: "app-input-text-readonly",
+  templateUrl: "input-text-readonly.component.html",
+})
+export class InputTextReadOnlyComponent {
+  @Input() controlValue: string;
+  @Input() label: string;
+  @Input() showCopy = true;
+  @Input() showLaunch = false;
+
+  constructor(private platformUtilsService: PlatformUtilsService) {}
+
+  copy(value: string) {
+    this.platformUtilsService.copyToClipboard(value);
+  }
+
+  launchUri(url: string) {
+    this.platformUtilsService.launchUri(url);
+  }
+}
--- a/bitwarden_license/src/app/organizations/components/input-text.component.html
+++ b/bitwarden_license/src/app/organizations/components/input-text.component.html
@@ -0,0 +1,33 @@
+<div class="form-group">
+  <label [attr.for]="controlId">
+    {{ label }}
+    <small *ngIf="isRequired" class="text-muted form-text d-inline"
+      >({{ "required" | i18n }})</small
+    >
+  </label>
+  <input
+    [formControl]="internalControl"
+    class="form-control"
+    [attr.id]="controlId"
+    [attr.aria-describedby]="describedById"
+    [attr.aria-invalid]="controlDir.control.invalid"
+    (blur)="onBlurInternal()"
+  />
+  <div *ngIf="showDescribedBy" [attr.id]="describedById">
+    <small
+      *ngIf="helperText != null && !controlDir.control.hasError(helperTextSameAsError)"
+      class="form-text text-muted"
+    >
+      {{ helperText }}
+    </small>
+    <small class="error-inline" *ngIf="controlDir.control.hasError('required')" role="alert">
+      <i class="bwi bwi-exclamation-circle" aria-hidden="true"></i>
+      <span class="sr-only">{{ "error" | i18n }}:</span>
+      {{
+        controlDir.control.hasError(helperTextSameAsError)
+          ? helperText
+          : ("fieldRequiredError" | i18n: label)
+      }}
+    </small>
+  </div>
+</div>
--- a/bitwarden_license/src/app/organizations/components/input-text.component.ts
+++ b/bitwarden_license/src/app/organizations/components/input-text.component.ts
@@ -0,0 +1,48 @@
+import { Component, Input, OnInit } from "@angular/core";
+
+import { BaseCvaComponent } from "./base-cva.component";
+
+/** For use in the SSO Config Form only - will be deprecated by the Component Library */
+@Component({
+  selector: "app-input-text[label][controlId]",
+  templateUrl: "input-text.component.html",
+})
+export class InputTextComponent extends BaseCvaComponent implements OnInit {
+  @Input() helperTextSameAsError: string;
+  @Input() requiredErrorMessage: string;
+  @Input() stripSpaces = false;
+
+  transformValue: (value: string) => string = null;
+
+  ngOnInit() {
+    super.ngOnInit();
+    if (this.stripSpaces) {
+      this.transformValue = this.doStripSpaces;
+    }
+  }
+
+  writeValue(value: string) {
+    this.internalControl.setValue(value == null ? "" : value);
+  }
+
+  protected onValueChangesInternal: any = (value: string) => {
+    let newValue = value;
+    if (this.transformValue != null) {
+      newValue = this.transformValue(value);
+      this.internalControl.setValue(newValue, { emitEvent: false });
+    }
+    this.onChange(newValue);
+  };
+
+  protected onValueChangeInternal(value: string) {
+    let newValue = value;
+    if (this.transformValue != null) {
+      newValue = this.transformValue(value);
+      this.internalControl.setValue(newValue, { emitEvent: false });
+    }
+  }
+
+  private doStripSpaces(value: string) {
+    return value.replace(/ /g, "");
+  }
+}
--- a/bitwarden_license/src/app/organizations/components/select.component.html
+++ b/bitwarden_license/src/app/organizations/components/select.component.html
@@ -0,0 +1,19 @@
+<div class="form-group">
+  <label [attr.for]="controlId">
+    {{ label }}
+    <small *ngIf="isRequired" class="text-muted form-text d-inline"
+      >({{ "required" | i18n }})</small
+    >
+  </label>
+  <select
+    class="form-control"
+    [attr.id]="controlId"
+    [attr.aria-invalid]="controlDir.control.invalid"
+    [formControl]="internalControl"
+    (blur)="onBlurInternal()"
+  >
+    <option *ngFor="let o of selectOptions" [ngValue]="o.value" disabled="{{ o.disabled }}">
+      {{ o.name }}
+    </option>
+  </select>
+</div>
--- a/bitwarden_license/src/app/organizations/components/select.component.ts
+++ b/bitwarden_license/src/app/organizations/components/select.component.ts
@@ -0,0 +1,14 @@
+import { Component, Input } from "@angular/core";
+
+import { SelectOptions } from "jslib-angular/interfaces/selectOptions";
+
+import { BaseCvaComponent } from "./base-cva.component";
+
+/** For use in the SSO Config Form only - will be deprecated by the Component Library */
+@Component({
+  selector: "app-select",
+  templateUrl: "select.component.html",
+})
+export class SelectComponent extends BaseCvaComponent {
+  @Input() selectOptions: SelectOptions[];
+}
--- a/bitwarden_license/src/app/organizations/manage/sso.component.html
+++ b/bitwarden_license/src/app/organizations/manage/sso.component.html
@@ -14,10 +14,9 @@
 <form
  #form
  (ngSubmit)="submit()"
-  [formGroup]="data"
+  [formGroup]="ssoConfigForm"
  [appApiAction]="formPromise"
  *ngIf="!loading"
-  ngNativeValidate
 >
  <p>
    {{ "ssoPolicyHelpStart" | i18n }}
@@ -27,19 +26,14 @@
    {{ "ssoPolicyHelpKeyConnector" | i18n }}
  </p>

-  <div class="form-group">
-    <div class="form-check">
-      <input
-        class="form-check-input"
-        type="checkbox"
-        id="enabled"
+  <!-- Root form -->
+  <ng-container>
+    <app-input-checkbox
+      controlId="enabled"
      [formControl]="enabled"
-        name="Enabled"
-      />
-      <label class="form-check-label" for="enabled">{{ "allowSso" | i18n }}</label>
-    </div>
-    <small class="form-text text-muted">{{ "allowSsoDesc" | i18n }}</small>
-  </div>
+      [label]="'allowSso' | i18n"
+      [helperText]="'allowSsoDesc' | i18n"
+    ></app-input-checkbox>

    <div class="form-group">
      <label>{{ "memberDecryptionOption" | i18n }}</label>
@@ -71,7 +65,7 @@
            target="_blank"
            rel="noopener"
            appA11yTitle="{{ 'learnMore' | i18n }}"
-          href="https://bitwarden.com/help/article/about-key-connector/"
+            href="https://bitwarden.com/help/about-key-connector/"
          >
            <i class="bwi bwi-question-circle" aria-hidden="true"></i>
          </a>
@@ -80,19 +74,26 @@
      </div>
    </div>

-  <ng-container *ngIf="data.value.keyConnectorEnabled">
+    <!-- Key Connector -->
+    <ng-container *ngIf="ssoConfigForm.get('keyConnectorEnabled').value">
      <app-callout type="warning" [useAlertRole]="true">
        {{ "keyConnectorWarning" | i18n }}
      </app-callout>

      <div class="form-group">
-      <label for="keyConnectorUrl">{{ "keyConnectorUrl" | i18n }}</label>
+        <label for="keyConnectorUrl">
+          {{ "keyConnectorUrl" | i18n }}
+          <small class="text-muted form-text d-inline">({{ "required" | i18n }})</small>
+        </label>
        <div class="input-group">
          <input
            class="form-control"
            formControlName="keyConnectorUrl"
            id="keyConnectorUrl"
-          required
+            aria-describedby="keyConnectorUrlDesc"
+            (change)="haveTestedKeyConnector = false"
+            appInputStripSpaces
+            appA11yInvalid
          />
          <div class="input-group-append">
            <button
@@ -113,375 +114,319 @@
            </button>
          </div>
        </div>
-      <ng-container *ngIf="keyConnectorUrl.pristine && !keyConnectorUrl.pending">
-        <div class="text-danger" *ngIf="keyConnectorUrl.hasError('invalidUrl')" role="alert">
+        <div *ngIf="haveTestedKeyConnector" id="keyConnectorUrlDesc" aria-live="polite">
+          <small
+            class="error-inline"
+            *ngIf="keyConnectorUrl.hasError('invalidUrl'); else keyConnectorSuccess"
+          >
            <i class="bwi bwi-exclamation-circle" aria-hidden="true"></i>
+            <span class="sr-only">{{ "error" | i18n }}:</span>
            {{ "keyConnectorTestFail" | i18n }}
-        </div>
-        <div class="text-success" *ngIf="!keyConnectorUrl.hasError('invalidUrl')" role="alert">
+          </small>
+          <ng-template #keyConnectorSuccess>
+            <small class="text-success">
              <i class="bwi bwi-check-circle" aria-hidden="true"></i>
              {{ "keyConnectorTestSuccess" | i18n }}
+            </small>
+          </ng-template>
        </div>
-      </ng-container>
      </div>
    </ng-container>

-  <div class="form-group">
-    <label for="type">{{ "type" | i18n }}</label>
-    <select class="form-control" id="type" formControlName="configType">
-      <option [ngValue]="0" disabled>{{ "selectType" | i18n }}</option>
-      <option [ngValue]="1">OpenID Connect</option>
-      <option [ngValue]="2">SAML 2.0</option>
-    </select>
-  </div>
+    <app-select
+      controlId="type"
+      [label]="'type' | i18n"
+      [selectOptions]="ssoTypeOptions"
+      formControlName="configType"
+    >
+    </app-select>
+  </ng-container>

  <!-- OIDC -->
-  <div *ngIf="data.value.configType == 1">
+  <div
+    *ngIf="ssoConfigForm.get('configType').value === ssoType.OpenIdConnect"
+    [formGroup]="openIdForm"
+  >
    <div class="config-section">
-      <h2>{{ "openIdConnectConfig" | i18n }}</h2>
-      <div class="form-group">
-        <label>{{ "callbackPath" | i18n }}</label>
-        <div class="input-group">
-          <input class="form-control" readonly [value]="callbackPath" />
-          <div class="input-group-append">
-            <button
-              type="button"
-              class="btn btn-outline-secondary"
-              appA11yTitle="{{ 'copyValue' | i18n }}"
-              (click)="copy(callbackPath)"
+      <h2 class="secondary-header">{{ "openIdConnectConfig" | i18n }}</h2>
+
+      <app-input-text-readonly
+        [label]="'callbackPath' | i18n"
+        [controlValue]="callbackPath"
+      ></app-input-text-readonly>
+
+      <app-input-text-readonly
+        [label]="'signedOutCallbackPath' | i18n"
+        [controlValue]="signedOutCallbackPath"
+      ></app-input-text-readonly>
+
+      <app-input-text
+        [label]="'authority' | i18n"
+        controlId="authority"
+        [stripSpaces]="true"
+        formControlName="authority"
+      ></app-input-text>
+
+      <app-input-text
+        [label]="'clientId' | i18n"
+        controlId="clientId"
+        [stripSpaces]="true"
+        formControlName="clientId"
+      ></app-input-text>
+
+      <app-input-text
+        [label]="'clientSecret' | i18n"
+        controlId="clientSecret"
+        [stripSpaces]="true"
+        formControlName="clientSecret"
+      ></app-input-text>
+
+      <app-input-text
+        [label]="'metadataAddress' | i18n"
+        controlId="metadataAddress"
+        [stripSpaces]="true"
+        [helperText]="'openIdAuthorityRequired' | i18n"
+        formControlName="metadataAddress"
+      ></app-input-text>
+
+      <app-select
+        controlId="redirectBehavior"
+        [label]="'oidcRedirectBehavior' | i18n"
+        [selectOptions]="connectRedirectOptions"
+        formControlName="redirectBehavior"
      >
-              <i class="bwi bwi-lg bwi-clone" aria-hidden="true"></i>
-            </button>
-          </div>
-        </div>
-      </div>
-      <div class="form-group">
-        <label>{{ "signedOutCallbackPath" | i18n }}</label>
-        <div class="input-group">
-          <input class="form-control" readonly [value]="signedOutCallbackPath" />
-          <div class="input-group-append">
-            <button
-              type="button"
-              class="btn btn-outline-secondary"
-              appA11yTitle="{{ 'copyValue' | i18n }}"
-              (click)="copy(signedOutCallbackPath)"
-            >
-              <i class="bwi bwi-lg bwi-clone" aria-hidden="true"></i>
-            </button>
-          </div>
-        </div>
-      </div>
-      <div class="form-group">
-        <label for="authority">{{ "authority" | i18n }}</label>
-        <input class="form-control" formControlName="authority" id="authority" />
-      </div>
-      <div class="form-group">
-        <label for="clientId">{{ "clientId" | i18n }}</label>
-        <input class="form-control" formControlName="clientId" id="clientId" />
-      </div>
-      <div class="form-group">
-        <label for="clientSecret">{{ "clientSecret" | i18n }}</label>
-        <input class="form-control" formControlName="clientSecret" id="clientSecret" />
-      </div>
-      <div class="form-group">
-        <label for="metadataAddress">{{ "metadataAddress" | i18n }}</label>
-        <input class="form-control" formControlName="metadataAddress" id="metadataAddress" />
-      </div>
-      <div class="form-group">
-        <label for="redirectBehavior">{{ "oidcRedirectBehavior" | i18n }}</label>
-        <select class="form-control" formControlName="redirectBehavior" id="redirectBehavior">
-          <option [ngValue]="0">Redirect GET</option>
-          <option [ngValue]="1">Form POST</option>
-        </select>
-      </div>
-      <div class="form-group">
-        <div class="form-check">
-          <input
-            class="form-check-input"
-            type="checkbox"
-            id="getClaimsFromUserInfoEndpoint"
+      </app-select>
+
+      <app-input-checkbox
+        controlId="getClaimsFromUserInfoEndpoint"
        formControlName="getClaimsFromUserInfoEndpoint"
-          />
-          <label class="form-check-label" for="getClaimsFromUserInfoEndpoint">
-            {{ "getClaimsFromUserInfoEndpoint" | i18n }}
-          </label>
+        [label]="'getClaimsFromUserInfoEndpoint' | i18n"
+      ></app-input-checkbox>
+
+      <!-- Optional customizations -->
+      <div
+        class="section-header d-flex flex-row align-items-center mt-3 mb-3"
+        (click)="toggleOpenIdCustomizations()"
+      >
+        <h3 class="mb-0 mr-2" id="customizations-header">
+          {{ "openIdOptionalCustomizations" | i18n }}
+        </h3>
+        <button
+          class="mb-1 btn btn-link"
+          type="button"
+          appStopClick
+          role="button"
+          aria-controls="customizations"
+          [attr.aria-expanded]="showOpenIdCustomizations"
+          aria-labelledby="customizations-header"
+        >
+          <i
+            class="bwi"
+            aria-hidden="true"
+            [ngClass]="{
+              'bwi-angle-down': !showOpenIdCustomizations,
+              'bwi-chevron-up': showOpenIdCustomizations
+            }"
+          ></i>
+        </button>
      </div>
-      </div>
-      <div class="form-group">
-        <label for="additionalScopes">{{ "additionalScopes" | i18n }}</label>
-        <input class="form-control" formControlName="additionalScopes" id="additionalScopes" />
-      </div>
-      <div class="form-group">
-        <label for="additionalUserIdClaimTypes">{{ "additionalUserIdClaimTypes" | i18n }}</label>
-        <input
-          class="form-control"
+      <div id="customizations" [hidden]="!showOpenIdCustomizations">
+        <app-input-text
+          [label]="'additionalScopes' | i18n"
+          controlId="additionalScopes"
+          [helperText]="'separateMultipleWithComma' | i18n"
+          formControlName="additionalScopes"
+        ></app-input-text>
+
+        <app-input-text
+          [label]="'additionalUserIdClaimTypes' | i18n"
+          controlId="additionalUserIdClaimTypes"
+          [helperText]="'separateMultipleWithComma' | i18n"
          formControlName="additionalUserIdClaimTypes"
-          id="additionalUserIdClaimTypes"
-        />
-      </div>
-      <div class="form-group">
-        <label for="additionalEmailClaimTypes">{{ "additionalEmailClaimTypes" | i18n }}</label>
-        <input
-          class="form-control"
+        ></app-input-text>
+
+        <app-input-text
+          [label]="'additionalEmailClaimTypes' | i18n"
+          controlId="additionalEmailClaimTypes"
+          [helperText]="'separateMultipleWithComma' | i18n"
          formControlName="additionalEmailClaimTypes"
-          id="additionalEmailClaimTypes"
-        />
-      </div>
-      <div class="form-group">
-        <label for="additionalNameClaimTypes">{{ "additionalNameClaimTypes" | i18n }}</label>
-        <input
-          class="form-control"
+        ></app-input-text>
+
+        <app-input-text
+          [label]="'additionalNameClaimTypes' | i18n"
+          controlId="additionalNameClaimTypes"
+          [helperText]="'separateMultipleWithComma' | i18n"
          formControlName="additionalNameClaimTypes"
-          id="additionalNameClaimTypes"
-        />
-      </div>
-      <div class="form-group">
-        <label for="acrValues">{{ "acrValues" | i18n }}</label>
-        <input class="form-control" formControlName="acrValues" id="acrValues" />
-      </div>
-      <div class="form-group">
-        <label for="expectedReturnAcrValue">{{ "expectedReturnAcrValue" | i18n }}</label>
-        <input
-          class="form-control"
+        ></app-input-text>
+
+        <app-input-text
+          [label]="'acrValues' | i18n"
+          controlId="acrValues"
+          helperText="acr_values"
+          formControlName="acrValues"
+        ></app-input-text>
+
+        <app-input-text
+          [label]="'expectedReturnAcrValue' | i18n"
+          controlId="expectedReturnAcrValue"
+          helperText="acr_validation"
          formControlName="expectedReturnAcrValue"
-          id="expectedReturnAcrValue"
-        />
+        ></app-input-text>
      </div>
    </div>
  </div>

-  <div *ngIf="data.value.configType == 2">
+  <!-- SAML2 SP -->
+  <div *ngIf="ssoConfigForm.get('configType').value === ssoType.Saml2" [formGroup]="samlForm">
    <!-- SAML2 SP -->
    <div class="config-section">
-      <h2>{{ "samlSpConfig" | i18n }}</h2>
-      <div class="form-group">
-        <label>{{ "spEntityId" | i18n }}</label>
-        <div class="input-group">
-          <input class="form-control" readonly [value]="spEntityId" />
-          <div class="input-group-append">
-            <button
-              type="button"
-              class="btn btn-outline-secondary"
-              appA11yTitle="{{ 'copyValue' | i18n }}"
-              (click)="copy(spEntityId)"
+      <h2 class="secondary-header">{{ "samlSpConfig" | i18n }}</h2>
+
+      <app-input-text-readonly
+        [label]="'spEntityId' | i18n"
+        [controlValue]="spEntityId"
+      ></app-input-text-readonly>
+
+      <app-input-text-readonly
+        [label]="'spMetadataUrl' | i18n"
+        [controlValue]="spMetadataUrl"
+        [showLaunch]="true"
+      ></app-input-text-readonly>
+
+      <app-input-text-readonly
+        [label]="'spAcsUrl' | i18n"
+        [controlValue]="spAcsUrl"
+      ></app-input-text-readonly>
+
+      <app-select
+        controlId="spNameIdFormat"
+        [label]="'spNameIdFormat' | i18n"
+        [selectOptions]="saml2NameIdFormatOptions"
+        formControlName="spNameIdFormat"
      >
-              <i class="bwi bwi-lg bwi-clone" aria-hidden="true"></i>
-            </button>
-          </div>
-        </div>
-      </div>
-      <div class="form-group">
-        <label>{{ "spMetadataUrl" | i18n }}</label>
-        <div class="input-group">
-          <input class="form-control" readonly [value]="spMetadataUrl" />
-          <div class="input-group-append">
-            <button
-              type="button"
-              class="btn btn-outline-secondary"
-              appA11yTitle="{{ 'launch' | i18n }}"
-              (click)="launchUri(spMetadataUrl)"
-            >
-              <i class="bwi bwi-lg bwi-external-link" aria-hidden="true"></i>
-            </button>
-            <button
-              type="button"
-              class="btn btn-outline-secondary"
-              appA11yTitle="{{ 'copyValue' | i18n }}"
-              (click)="copy(spMetadataUrl)"
-            >
-              <i class="bwi bwi-lg bwi-clone" aria-hidden="true"></i>
-            </button>
-          </div>
-        </div>
-      </div>
-      <div class="form-group">
-        <label>{{ "spAcsUrl" | i18n }}</label>
-        <div class="input-group">
-          <input class="form-control" readonly [value]="spAcsUrl" />
-          <div class="input-group-append">
-            <button
-              type="button"
-              class="btn btn-outline-secondary"
-              appA11yTitle="{{ 'copyValue' | i18n }}"
-              (click)="copy(spAcsUrl)"
-            >
-              <i class="bwi bwi-lg bwi-clone" aria-hidden="true"></i>
-            </button>
-          </div>
-        </div>
-      </div>
-      <div class="form-group">
-        <label for="spNameIdFormat">{{ "spNameIdFormat" | i18n }}</label>
-        <select class="form-control" formControlName="spNameIdFormat" id="spNameIdFormat">
-          <option value="0">Not Configured</option>
-          <option value="1">Unspecified</option>
-          <option value="2">Email Address</option>
-          <option value="3">X.509 Subject Name</option>
-          <option value="4">Windows Domain Qualified Name</option>
-          <option value="5">Kerberos Principal Name</option>
-          <option value="6">Entity Identifier</option>
-          <option value="7">Persistent</option>
-          <option value="8">Transient</option>
-        </select>
-      </div>
-      <div class="form-group">
-        <label for="spOutboundSigningAlgorithm">{{ "spOutboundSigningAlgorithm" | i18n }}</label>
-        <select
-          class="form-control"
+      </app-select>
+
+      <app-select
+        controlId="spOutboundSigningAlgorithm"
+        [label]="'spOutboundSigningAlgorithm' | i18n"
+        [selectOptions]="samlSigningAlgorithmOptions"
        formControlName="spOutboundSigningAlgorithm"
-          id="spOutboundSigningAlgorithm"
      >
-          <option *ngFor="let o of samlSigningAlgorithms" [ngValue]="o">{{ o }}</option>
-        </select>
-      </div>
-      <div class="form-group">
-        <label for="spSigningBehavior">{{ "spSigningBehavior" | i18n }}</label>
-        <select class="form-control" formControlName="spSigningBehavior" id="spSigningBehavior">
-          <option value="0">If IdP Wants Authn Requests Signed</option>
-          <option value="1">Always</option>
-          <option value="3">Never</option>
-        </select>
-      </div>
-      <div class="form-group">
-        <label for="spMinIncomingSigningAlgorithm">{{
-          "spMinIncomingSigningAlgorithm" | i18n
-        }}</label>
-        <select
-          class="form-control"
+      </app-select>
+
+      <app-select
+        controlId="spSigningBehavior"
+        [label]="'spSigningBehavior' | i18n"
+        [selectOptions]="saml2SigningBehaviourOptions"
+        formControlName="spSigningBehavior"
+      >
+      </app-select>
+
+      <app-select
+        controlId="spMinIncomingSigningAlgorithm"
+        [label]="'spMinIncomingSigningAlgorithm' | i18n"
+        [selectOptions]="samlSigningAlgorithmOptions"
        formControlName="spMinIncomingSigningAlgorithm"
-          id="spMinIncomingSigningAlgorithm"
      >
-          <option *ngFor="let o of samlSigningAlgorithms" [ngValue]="o">{{ o }}</option>
-        </select>
-      </div>
-      <div class="form-group">
-        <div class="form-check">
-          <input
-            class="form-check-input"
-            type="checkbox"
-            id="spWantAssertionsSigned"
+      </app-select>
+
+      <app-input-checkbox
+        controlId="spWantAssertionsSigned"
        formControlName="spWantAssertionsSigned"
-          />
-          <label class="form-check-label" for="spWantAssertionsSigned">
-            {{ "spWantAssertionsSigned" | i18n }}
-          </label>
-        </div>
-      </div>
-      <div class="form-group">
-        <div class="form-check">
-          <input
-            class="form-check-input"
-            type="checkbox"
-            id="spValidateCertificates"
+        [label]="'spWantAssertionsSigned' | i18n"
+      ></app-input-checkbox>
+
+      <app-input-checkbox
+        controlId="spValidateCertificates"
        formControlName="spValidateCertificates"
-          />
-          <label class="form-check-label" for="spValidateCertificates">
-            {{ "spValidateCertificates" | i18n }}
-          </label>
-        </div>
-      </div>
+        [label]="'spValidateCertificates' | i18n"
+      ></app-input-checkbox>
    </div>

    <!-- SAML2 IDP -->
    <div class="config-section">
-      <h2>{{ "samlIdpConfig" | i18n }}</h2>
+      <h2 class="secondary-header">{{ "samlIdpConfig" | i18n }}</h2>
+
+      <app-input-text
+        [label]="'idpEntityId' | i18n"
+        controlId="idpEntityId"
+        formControlName="idpEntityId"
+      ></app-input-text>
+
+      <app-select
+        controlId="idpBindingType"
+        [label]="'idpBindingType' | i18n"
+        [selectOptions]="saml2BindingTypeOptions"
+        formControlName="idpBindingType"
+      >
+      </app-select>
+
+      <app-input-text
+        [label]="'idpSingleSignOnServiceUrl' | i18n"
+        controlId="idpSingleSignOnServiceUrl"
+        [helperText]="'idpSingleSignOnServiceUrlRequired' | i18n"
+        [stripSpaces]="true"
+        formControlName="idpSingleSignOnServiceUrl"
+      ></app-input-text>
+
+      <app-input-text
+        [label]="'idpSingleLogoutServiceUrl' | i18n"
+        controlId="idpSingleLogoutServiceUrl"
+        [stripSpaces]="true"
+        formControlName="idpSingleLogoutServiceUrl"
+      ></app-input-text>

      <div class="form-group">
-        <label for="idpEntityId">{{ "idpEntityId" | i18n }}</label>
-        <input class="form-control" formControlName="idpEntityId" id="idpEntityId" />
-      </div>
-      <div class="form-group">
-        <label for="idpBindingType">{{ "idpBindingType" | i18n }}</label>
-        <select class="form-control" formControlName="idpBindingType" id="idpBindingType">
-          <option value="1">Redirect</option>
-          <option value="2">HTTP POST</option>
-          <option value="4">Artifact</option>
-        </select>
-      </div>
-      <div class="form-group">
-        <label for="idpSingleSignOnServiceUrl">{{ "idpSingleSignOnServiceUrl" | i18n }}</label>
-        <input
-          class="form-control"
-          formControlName="idpSingleSignOnServiceUrl"
-          id="idpSingleSignOnServiceUrl"
-        />
-      </div>
-      <div class="form-group">
-        <label for="idpSingleLogoutServiceUrl">{{ "idpSingleLogoutServiceUrl" | i18n }}</label>
-        <input
-          class="form-control"
-          formControlName="idpSingleLogoutServiceUrl"
-          id="idpSingleLogoutServiceUrl"
-        />
-      </div>
-      <div class="form-group">
-        <label for="idpArtifactResolutionServiceUrl">{{
-          "idpArtifactResolutionServiceUrl" | i18n
-        }}</label>
-        <input
-          class="form-control"
-          formControlName="idpArtifactResolutionServiceUrl"
-          id="idpArtifactResolutionServiceUrl"
-        />
-      </div>
-      <div class="form-group">
-        <label for="idpX509PublicCert">{{ "idpX509PublicCert" | i18n }}</label>
+        <label for="idpX509PublicCert">
+          {{ "idpX509PublicCert" | i18n }}
+          <small class="text-muted form-text d-inline">({{ "required" | i18n }})</small>
+        </label>
        <textarea
          formControlName="idpX509PublicCert"
          class="form-control form-control-sm text-monospace"
          rows="6"
          id="idpX509PublicCert"
+          appA11yInvalid
+          aria-describedby="idpX509PublicCertDesc"
        ></textarea>
-      </div>
-      <div class="form-group">
-        <label for="idpOutboundSigningAlgorithm">{{ "idpOutboundSigningAlgorithm" | i18n }}</label>
-        <select
-          class="form-control"
-          formControlName="idpOutboundSigningAlgorithm"
-          id="idpOutboundSigningAlgorithm"
+        <small
+          id="idpX509PublicCertDesc"
+          class="error-inline"
+          role="alert"
+          *ngIf="samlForm.get('idpX509PublicCert').hasError('required')"
        >
-          <option *ngFor="let o of samlSigningAlgorithms" [ngValue]="o">{{ o }}</option>
-        </select>
+          <i class="bwi bwi-exclamation-circle" aria-hidden="true"></i>
+          <span class="sr-only">{{ "error" | i18n }}:</span>
+          {{ "fieldRequiredError" | i18n: ("idpX509PublicCert" | i18n) }}
+        </small>
      </div>
-      <div class="form-group">
-        <div class="form-check">
-          <input
-            class="form-check-input"
-            type="checkbox"
-            id="idpAllowUnsolicitedAuthnResponse"
+
+      <app-select
+        controlId="idpOutboundSigningAlgorithm"
+        [label]="'idpOutboundSigningAlgorithm' | i18n"
+        [selectOptions]="samlSigningAlgorithmOptions"
+        formControlName="idpOutboundSigningAlgorithm"
+      >
+      </app-select>
+
+      <!--TODO: Uncomment once Unsolicited IdP Response is supported-->
+      <!-- <app-input-checkbox
+        controlId="idpAllowUnsolicitedAuthnResponse"
        formControlName="idpAllowUnsolicitedAuthnResponse"
-          />
-          <label class="form-check-label" for="idpAllowUnsolicitedAuthnResponse">
-            {{ "idpAllowUnsolicitedAuthnResponse" | i18n }}
-          </label>
-        </div>
-      </div>
-      <div class="form-group">
-        <div class="form-check">
-          <input
-            class="form-check-input"
-            type="checkbox"
-            id="idpDisableOutboundLogoutRequests"
-            formControlName="idpDisableOutboundLogoutRequests"
-          />
-          <label class="form-check-label" for="idpDisableOutboundLogoutRequests">
-            {{ "idpDisableOutboundLogoutRequests" | i18n }}
-          </label>
-        </div>
-      </div>
-      <div class="form-group">
-        <div class="form-check">
-          <input
-            class="form-check-input"
-            type="checkbox"
-            id="idpWantAuthnRequestsSigned"
+        [label]="'idpAllowUnsolicitedAuthnResponse' | i18n"
+      ></app-input-checkbox> -->
+
+      <app-input-checkbox
+        controlId="idpAllowOutboundLogoutRequests"
+        formControlName="idpAllowOutboundLogoutRequests"
+        [label]="'idpAllowOutboundLogoutRequests' | i18n"
+      ></app-input-checkbox>
+
+      <app-input-checkbox
+        controlId="idpWantAuthnRequestsSigned"
        formControlName="idpWantAuthnRequestsSigned"
-          />
-          <label class="form-check-label" for="idpWantAuthnRequestsSigned">
-            {{ "idpWantAuthnRequestsSigned" | i18n }}
-          </label>
-        </div>
-      </div>
+        [label]="'idpSignAuthenticationRequests' | i18n"
+      ></app-input-checkbox>
    </div>
  </div>

@@ -489,4 +434,15 @@
    <i class="bwi bwi-spinner bwi-spin" title="{{ 'loading' | i18n }}" aria-hidden="true"></i>
    <span>{{ "save" | i18n }}</span>
  </button>
+  <div
+    id="errorSummary"
+    class="error-summary text-danger"
+    *ngIf="this.getErrorCount(ssoConfigForm) as errorCount"
+  >
+    <i class="bwi bwi-exclamation-circle" aria-hidden="true"></i>
+    <span class="sr-only">{{ "error" | i18n }}:</span>
+    {{
+      (errorCount === 1 ? "formErrorSummarySingle" : "formErrorSummaryPlural") | i18n: errorCount
+    }}
+  </div>
 </form>
--- a/bitwarden_license/src/app/organizations/manage/sso.component.ts
+++ b/bitwarden_license/src/app/organizations/manage/sso.component.ts
@@ -1,29 +1,82 @@
 import { Component, OnInit } from "@angular/core";
-import { FormBuilder } from "@angular/forms";
+import { AbstractControl, FormBuilder, FormGroup } from "@angular/forms";
 import { ActivatedRoute } from "@angular/router";

+import { SelectOptions } from "jslib-angular/interfaces/selectOptions";
+import { dirtyRequired } from "jslib-angular/validators/dirty.validator";
 import { ApiService } from "jslib-common/abstractions/api.service";
 import { I18nService } from "jslib-common/abstractions/i18n.service";
 import { OrganizationService } from "jslib-common/abstractions/organization.service";
 import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
-
+import {
+  OpenIdConnectRedirectBehavior,
+  Saml2BindingType,
+  Saml2NameIdFormat,
+  Saml2SigningBehavior,
+  SsoType,
+} from "jslib-common/enums/ssoEnums";
+import { Utils } from "jslib-common/misc/utils";
+import { SsoConfigApi } from "jslib-common/models/api/ssoConfigApi";
 import { Organization } from "jslib-common/models/domain/organization";
-
 import { OrganizationSsoRequest } from "jslib-common/models/request/organization/organizationSsoRequest";
+import { OrganizationSsoResponse } from "jslib-common/models/response/organization/organizationSsoResponse";
+import { SsoConfigView } from "jslib-common/models/view/ssoConfigView";
+
+const defaultSigningAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";

@Component({
  selector: "app-org-manage-sso",
  templateUrl: "sso.component.html",
 })
 export class SsoComponent implements OnInit {
-  samlSigningAlgorithms = [
+  readonly ssoType = SsoType;
+
+  readonly ssoTypeOptions: SelectOptions[] = [
+    { name: this.i18nService.t("selectType"), value: SsoType.None, disabled: true },
+    { name: "OpenID Connect", value: SsoType.OpenIdConnect },
+    { name: "SAML 2.0", value: SsoType.Saml2 },
+  ];
+
+  readonly samlSigningAlgorithms = [
    "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
    "http://www.w3.org/2000/09/xmldsig#rsa-sha384",
    "http://www.w3.org/2000/09/xmldsig#rsa-sha512",
    "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
  ];

+  readonly saml2SigningBehaviourOptions: SelectOptions[] = [
+    {
+      name: "If IdP Wants Authn Requests Signed",
+      value: Saml2SigningBehavior.IfIdpWantAuthnRequestsSigned,
+    },
+    { name: "Always", value: Saml2SigningBehavior.Always },
+    { name: "Never", value: Saml2SigningBehavior.Never },
+  ];
+  readonly saml2BindingTypeOptions: SelectOptions[] = [
+    { name: "Redirect", value: Saml2BindingType.HttpRedirect },
+    { name: "HTTP POST", value: Saml2BindingType.HttpPost },
+  ];
+  readonly saml2NameIdFormatOptions: SelectOptions[] = [
+    { name: "Not Configured", value: Saml2NameIdFormat.NotConfigured },
+    { name: "Unspecified", value: Saml2NameIdFormat.Unspecified },
+    { name: "Email Address", value: Saml2NameIdFormat.EmailAddress },
+    { name: "X.509 Subject Name", value: Saml2NameIdFormat.X509SubjectName },
+    { name: "Windows Domain Qualified Name", value: Saml2NameIdFormat.WindowsDomainQualifiedName },
+    { name: "Kerberos Principal Name", value: Saml2NameIdFormat.KerberosPrincipalName },
+    { name: "Entity Identifier", value: Saml2NameIdFormat.EntityIdentifier },
+    { name: "Persistent", value: Saml2NameIdFormat.Persistent },
+    { name: "Transient", value: Saml2NameIdFormat.Transient },
+  ];
+
+  readonly connectRedirectOptions: SelectOptions[] = [
+    { name: "Redirect GET", value: OpenIdConnectRedirectBehavior.RedirectGet },
+    { name: "Form POST", value: OpenIdConnectRedirectBehavior.FormPost },
+  ];
+
+  showOpenIdCustomizations = false;
+
  loading = true;
+  haveTestedKeyConnector = false;
  organizationId: string;
  organization: Organization;
  formPromise: Promise<any>;
@@ -35,18 +88,14 @@ export class SsoComponent implements OnInit {
  spAcsUrl: string;

  enabled = this.formBuilder.control(false);
-  data = this.formBuilder.group({
-    configType: [],

-    keyConnectorEnabled: [],
-    keyConnectorUrl: [],
-
-    // OpenId
-    authority: [],
-    clientId: [],
-    clientSecret: [],
+  openIdForm = this.formBuilder.group(
+    {
+      authority: ["", dirtyRequired],
+      clientId: ["", dirtyRequired],
+      clientSecret: ["", dirtyRequired],
      metadataAddress: [],
-    redirectBehavior: [],
+      redirectBehavior: [OpenIdConnectRedirectBehavior.RedirectGet, dirtyRequired],
      getClaimsFromUserInfoEndpoint: [],
      additionalScopes: [],
      additionalUserIdClaimTypes: [],
@@ -54,25 +103,42 @@ export class SsoComponent implements OnInit {
      additionalNameClaimTypes: [],
      acrValues: [],
      expectedReturnAcrValue: [],
+    },
+    {
+      updateOn: "blur",
+    }
+  );

-    // SAML
-    spNameIdFormat: [],
-    spOutboundSigningAlgorithm: [],
-    spSigningBehavior: [],
-    spMinIncomingSigningAlgorithm: [],
+  samlForm = this.formBuilder.group(
+    {
+      spNameIdFormat: [Saml2NameIdFormat.NotConfigured],
+      spOutboundSigningAlgorithm: [defaultSigningAlgorithm],
+      spSigningBehavior: [Saml2SigningBehavior.IfIdpWantAuthnRequestsSigned],
+      spMinIncomingSigningAlgorithm: [defaultSigningAlgorithm],
      spWantAssertionsSigned: [],
      spValidateCertificates: [],

-    idpEntityId: [],
-    idpBindingType: [],
+      idpEntityId: ["", dirtyRequired],
+      idpBindingType: [Saml2BindingType.HttpRedirect],
      idpSingleSignOnServiceUrl: [],
      idpSingleLogoutServiceUrl: [],
-    idpArtifactResolutionServiceUrl: [],
-    idpX509PublicCert: [],
-    idpOutboundSigningAlgorithm: [],
+      idpX509PublicCert: ["", dirtyRequired],
+      idpOutboundSigningAlgorithm: [defaultSigningAlgorithm],
      idpAllowUnsolicitedAuthnResponse: [],
-    idpDisableOutboundLogoutRequests: [],
+      idpAllowOutboundLogoutRequests: [true],
      idpWantAuthnRequestsSigned: [],
+    },
+    {
+      updateOn: "blur",
+    }
+  );
+
+  ssoConfigForm = this.formBuilder.group({
+    configType: [SsoType.None],
+    keyConnectorEnabled: [false],
+    keyConnectorUrl: [""],
+    openId: this.openIdForm,
+    saml: this.samlForm,
  });

  constructor(
@@ -85,6 +151,25 @@ export class SsoComponent implements OnInit {
  ) {}

  async ngOnInit() {
+    this.ssoConfigForm.get("configType").valueChanges.subscribe((newType: SsoType) => {
+      if (newType === SsoType.OpenIdConnect) {
+        this.openIdForm.enable();
+        this.samlForm.disable();
+      } else if (newType === SsoType.Saml2) {
+        this.openIdForm.disable();
+        this.samlForm.enable();
+      } else {
+        this.openIdForm.disable();
+        this.samlForm.disable();
+      }
+    });
+
+    this.samlForm
+      .get("spSigningBehavior")
+      .valueChanges.subscribe(() =>
+        this.samlForm.get("idpX509PublicCert").updateValueAndValidity()
+      );
+
    this.route.parent.parent.params.subscribe(async (params) => {
      this.organizationId = params.organizationId;
      await this.load();
@@ -94,9 +179,7 @@ export class SsoComponent implements OnInit {
  async load() {
    this.organization = await this.organizationService.get(this.organizationId);
    const ssoSettings = await this.apiService.getOrganizationSso(this.organizationId);
-
-    this.data.patchValue(ssoSettings.data);
-    this.enabled.setValue(ssoSettings.enabled);
+    this.populateForm(ssoSettings);

    this.callbackPath = ssoSettings.urls.callbackPath;
    this.signedOutCallbackPath = ssoSettings.urls.signedOutCallbackPath;
@@ -104,28 +187,30 @@ export class SsoComponent implements OnInit {
    this.spMetadataUrl = ssoSettings.urls.spMetadataUrl;
    this.spAcsUrl = ssoSettings.urls.spAcsUrl;

-    this.keyConnectorUrl.markAsDirty();
-
    this.loading = false;
  }

-  copy(value: string) {
-    this.platformUtilsService.copyToClipboard(value);
-  }
-
-  launchUri(url: string) {
-    this.platformUtilsService.launchUri(url);
-  }
-
  async submit() {
-    this.formPromise = this.postData();
+    this.validateForm(this.ssoConfigForm);
+
+    if (this.ssoConfigForm.get("keyConnectorEnabled").value) {
+      await this.validateKeyConnectorUrl();
+    }
+
+    if (!this.ssoConfigForm.valid) {
+      this.readOutErrors();
+      return;
+    }
+
+    const request = new OrganizationSsoRequest();
+    request.enabled = this.enabled.value;
+    request.data = SsoConfigApi.fromView(this.ssoConfigForm.value as SsoConfigView);
+
+    this.formPromise = this.apiService.postOrganizationSso(this.organizationId, request);

    try {
      const response = await this.formPromise;
-
-      this.data.patchValue(response.data);
-      this.enabled.setValue(response.enabled);
-
+      this.populateForm(response);
      this.platformUtilsService.showToast("success", null, this.i18nService.t("ssoSettingsSaved"));
    } catch {
      // Logged by appApiAction, do nothing
@@ -134,24 +219,8 @@ export class SsoComponent implements OnInit {
    this.formPromise = null;
  }

-  async postData() {
-    if (this.data.get("keyConnectorEnabled").value) {
-      await this.validateKeyConnectorUrl();
-
-      if (this.keyConnectorUrl.hasError("invalidUrl")) {
-        throw new Error(this.i18nService.t("keyConnectorTestFail"));
-      }
-    }
-
-    const request = new OrganizationSsoRequest();
-    request.enabled = this.enabled.value;
-    request.data = this.data.value;
-
-    return this.apiService.postOrganizationSso(this.organizationId, request);
-  }
-
  async validateKeyConnectorUrl() {
-    if (this.keyConnectorUrl.pristine) {
+    if (this.haveTestedKeyConnector) {
      return;
    }

@@ -166,18 +235,84 @@ export class SsoComponent implements OnInit {
      });
    }

-    this.keyConnectorUrl.markAsPristine();
+    this.haveTestedKeyConnector = true;
+  }
+
+  toggleOpenIdCustomizations() {
+    this.showOpenIdCustomizations = !this.showOpenIdCustomizations;
+  }
+
+  getErrorCount(form: FormGroup): number {
+    return Object.values(form.controls).reduce((acc: number, control: AbstractControl) => {
+      if (control instanceof FormGroup) {
+        return acc + this.getErrorCount(control);
+      }
+
+      if (control.errors == null) {
+        return acc;
+      }
+      return acc + Object.keys(control.errors).length;
+    }, 0);
  }

  get enableTestKeyConnector() {
    return (
-      this.data.get("keyConnectorEnabled").value &&
-      this.keyConnectorUrl != null &&
-      this.keyConnectorUrl.value !== ""
+      this.ssoConfigForm.get("keyConnectorEnabled").value &&
+      !Utils.isNullOrWhitespace(this.keyConnectorUrl?.value)
    );
  }

  get keyConnectorUrl() {
-    return this.data.get("keyConnectorUrl");
+    return this.ssoConfigForm.get("keyConnectorUrl");
+  }
+
+  get samlSigningAlgorithmOptions(): SelectOptions[] {
+    return this.samlSigningAlgorithms.map((algorithm) => ({ name: algorithm, value: algorithm }));
+  }
+
+  private validateForm(form: FormGroup) {
+    Object.values(form.controls).forEach((control: AbstractControl) => {
+      if (control.disabled) {
+        return;
+      }
+
+      if (control instanceof FormGroup) {
+        this.validateForm(control);
+      } else {
+        control.markAsDirty();
+        control.markAsTouched();
+        control.updateValueAndValidity();
+      }
+    });
+  }
+
+  private populateForm(ssoSettings: OrganizationSsoResponse) {
+    this.enabled.setValue(ssoSettings.enabled);
+    if (ssoSettings.data != null) {
+      const ssoConfigView = new SsoConfigView(ssoSettings.data);
+      this.ssoConfigForm.patchValue(ssoConfigView);
+    }
+  }
+
+  private readOutErrors() {
+    const errorText = this.i18nService.t("error");
+    const errorCount = this.getErrorCount(this.ssoConfigForm);
+    const errorCountText = this.i18nService.t(
+      errorCount === 1 ? "formErrorSummarySingle" : "formErrorSummaryPlural",
+      errorCount.toString()
+    );
+
+    const div = document.createElement("div");
+    div.className = "sr-only";
+    div.id = "srErrorCount";
+    div.setAttribute("aria-live", "polite");
+    div.innerText = errorText + ": " + errorCountText;
+
+    const existing = document.getElementById("srErrorCount");
+    if (existing != null) {
+      existing.remove();
+    }
+
+    document.body.append(div);
  }
 }
--- a/bitwarden_license/src/app/organizations/organizations-routing.module.ts
+++ b/bitwarden_license/src/app/organizations/organizations-routing.module.ts
@@ -1,14 +1,13 @@
 import { NgModule } from "@angular/core";
 import { RouterModule, Routes } from "@angular/router";

-import { AuthGuardService } from "jslib-angular/services/auth-guard.service";
-
+import { AuthGuard } from "jslib-angular/guards/auth.guard";
 import { Permissions } from "jslib-common/enums/permissions";

-import { OrganizationLayoutComponent } from "src/app/layouts/organization-layout.component";
+import { PermissionsGuard } from "src/app/organizations/guards/permissions.guard";
+import { OrganizationLayoutComponent } from "src/app/organizations/layouts/organization-layout.component";
 import { ManageComponent } from "src/app/organizations/manage/manage.component";
-import { OrganizationGuardService } from "src/app/services/organization-guard.service";
-import { OrganizationTypeGuardService } from "src/app/services/organization-type-guard.service";
+import { NavigationPermissionsService } from "src/app/organizations/services/navigation-permissions.service";

 import { SsoComponent } from "./manage/sso.component";

@@ -16,25 +15,16 @@ const routes: Routes = [
  {
    path: "organizations/:organizationId",
    component: OrganizationLayoutComponent,
-    canActivate: [AuthGuardService, OrganizationGuardService],
+    canActivate: [AuthGuard, PermissionsGuard],
    children: [
      {
        path: "manage",
        component: ManageComponent,
-        canActivate: [OrganizationTypeGuardService],
+        canActivate: [PermissionsGuard],
        data: {
-          permissions: [
-            Permissions.CreateNewCollections,
-            Permissions.EditAnyCollection,
-            Permissions.DeleteAnyCollection,
-            Permissions.EditAssignedCollections,
-            Permissions.DeleteAssignedCollections,
-            Permissions.AccessEventLogs,
-            Permissions.ManageGroups,
-            Permissions.ManageUsers,
-            Permissions.ManagePolicies,
-            Permissions.ManageSso,
-          ],
+          permissions: NavigationPermissionsService.getPermissions("manage").concat(
+            Permissions.ManageSso
+          ),
        },
        children: [
          {
--- a/bitwarden_license/src/app/organizations/organizations.module.ts
+++ b/bitwarden_license/src/app/organizations/organizations.module.ts
@@ -2,13 +2,31 @@ import { CommonModule } from "@angular/common";
 import { NgModule } from "@angular/core";
 import { FormsModule, ReactiveFormsModule } from "@angular/forms";

-import { OssModule } from "src/app/oss.module";
+import { JslibModule } from "jslib-angular/jslib.module";

+import { InputCheckboxComponent } from "./components/input-checkbox.component";
+import { InputTextReadOnlyComponent } from "./components/input-text-readonly.component";
+import { InputTextComponent } from "./components/input-text.component";
+import { SelectComponent } from "./components/select.component";
 import { SsoComponent } from "./manage/sso.component";
 import { OrganizationsRoutingModule } from "./organizations-routing.module";

+// Form components are for use in the SSO Configuration Form only and should not be exported for use elsewhere.
+// They will be deprecated by the Component Library.
@NgModule({
-  imports: [CommonModule, FormsModule, ReactiveFormsModule, OssModule, OrganizationsRoutingModule],
-  declarations: [SsoComponent],
+  imports: [
+    CommonModule,
+    FormsModule,
+    ReactiveFormsModule,
+    JslibModule,
+    OrganizationsRoutingModule,
+  ],
+  declarations: [
+    InputCheckboxComponent,
+    InputTextComponent,
+    InputTextReadOnlyComponent,
+    SelectComponent,
+    SsoComponent,
+  ],
 })
 export class OrganizationsModule {}
--- a/bitwarden_license/src/app/policies/disable-personal-vault-export.component.ts
+++ b/bitwarden_license/src/app/policies/disable-personal-vault-export.component.ts
@@ -1,12 +1,7 @@
 import { Component } from "@angular/core";
-import { FormBuilder } from "@angular/forms";
-
-import { I18nService } from "jslib-common/abstractions/i18n.service";

 import { PolicyType } from "jslib-common/enums/policyType";

-import { PolicyRequest } from "jslib-common/models/request/policyRequest";
-
 import {
  BasePolicy,
  BasePolicyComponent,
--- a/bitwarden_license/src/app/policies/maximum-vault-timeout.component.ts
+++ b/bitwarden_license/src/app/policies/maximum-vault-timeout.component.ts
@@ -2,9 +2,7 @@ import { Component } from "@angular/core";
 import { FormBuilder } from "@angular/forms";

 import { I18nService } from "jslib-common/abstractions/i18n.service";
-
 import { PolicyType } from "jslib-common/enums/policyType";
-
 import { PolicyRequest } from "jslib-common/models/request/policyRequest";

 import {
--- a/bitwarden_license/src/app/providers/clients/add-organization.component.ts
+++ b/bitwarden_license/src/app/providers/clients/add-organization.component.ts
@@ -1,16 +1,14 @@
 import { Component, EventEmitter, Input, OnInit, Output } from "@angular/core";

+import { ValidationService } from "jslib-angular/services/validation.service";
 import { I18nService } from "jslib-common/abstractions/i18n.service";
 import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
 import { ProviderService } from "jslib-common/abstractions/provider.service";
-
-import { ValidationService } from "jslib-angular/services/validation.service";
-
-import { WebProviderService } from "../services/webProvider.service";
-
 import { Organization } from "jslib-common/models/domain/organization";
 import { Provider } from "jslib-common/models/domain/provider";

+import { WebProviderService } from "../services/webProvider.service";
+
@Component({
  selector: "provider-add-organization",
  templateUrl: "add-organization.component.html",
--- a/bitwarden_license/src/app/providers/clients/clients.component.ts
+++ b/bitwarden_license/src/app/providers/clients/clients.component.ts
@@ -1,8 +1,9 @@
 import { Component, OnInit, ViewChild, ViewContainerRef } from "@angular/core";
 import { ActivatedRoute } from "@angular/router";
-
 import { first } from "rxjs/operators";

+import { ModalService } from "jslib-angular/services/modal.service";
+import { ValidationService } from "jslib-angular/services/validation.service";
 import { ApiService } from "jslib-common/abstractions/api.service";
 import { I18nService } from "jslib-common/abstractions/i18n.service";
 import { LogService } from "jslib-common/abstractions/log.service";
@@ -10,13 +11,8 @@ import { OrganizationService } from "jslib-common/abstractions/organization.serv
 import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
 import { ProviderService } from "jslib-common/abstractions/provider.service";
 import { SearchService } from "jslib-common/abstractions/search.service";
-
-import { ModalService } from "jslib-angular/services/modal.service";
-import { ValidationService } from "jslib-angular/services/validation.service";
-
 import { PlanType } from "jslib-common/enums/planType";
 import { ProviderUserType } from "jslib-common/enums/providerUserType";
-
 import { Organization } from "jslib-common/models/domain/organization";
 import { ProviderOrganizationOrganizationDetailsResponse } from "jslib-common/models/response/provider/providerOrganizationResponse";

--- a/bitwarden_license/src/app/providers/services/provider-type-guard.service.ts
+++ b/bitwarden_license/src/app/providers/services/provider-type-guard.service.ts
@@ -2,11 +2,10 @@ import { Injectable } from "@angular/core";
 import { ActivatedRouteSnapshot, CanActivate, Router } from "@angular/router";

 import { ProviderService } from "jslib-common/abstractions/provider.service";
-
 import { Permissions } from "jslib-common/enums/permissions";

@Injectable()
-export class ProviderTypeGuardService implements CanActivate {
+export class PermissionsGuard implements CanActivate {
  constructor(private providerService: ProviderService, private router: Router) {}

  async canActivate(route: ActivatedRouteSnapshot) {
--- a/bitwarden_license/src/app/providers/services/provider-guard.service.ts
+++ b/bitwarden_license/src/app/providers/services/provider-guard.service.ts
@@ -6,7 +6,7 @@ import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.se
 import { ProviderService } from "jslib-common/abstractions/provider.service";

@Injectable()
-export class ProviderGuardService implements CanActivate {
+export class ProviderGuard implements CanActivate {
  constructor(
    private router: Router,
    private platformUtilsService: PlatformUtilsService,
--- a/bitwarden_license/src/app/providers/manage/accept-provider.component.html
+++ b/bitwarden_license/src/app/providers/manage/accept-provider.component.html
@@ -24,7 +24,11 @@
          <p>{{ "joinProviderDesc" | i18n }}</p>
          <hr />
          <div class="d-flex">
-            <a routerLink="/" [queryParams]="{ email: email }" class="btn btn-primary btn-block">
+            <a
+              routerLink="/login"
+              [queryParams]="{ email: email }"
+              class="btn btn-primary btn-block"
+            >
              {{ "logIn" | i18n }}
            </a>
            <a
--- a/bitwarden_license/src/app/providers/manage/accept-provider.component.ts
+++ b/bitwarden_license/src/app/providers/manage/accept-provider.component.ts
@@ -1,15 +1,14 @@
 import { Component } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";

-import { BaseAcceptComponent } from "src/app/common/base.accept.component";
-
 import { ApiService } from "jslib-common/abstractions/api.service";
-
 import { I18nService } from "jslib-common/abstractions/i18n.service";
 import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
 import { StateService } from "jslib-common/abstractions/state.service";
 import { ProviderUserAcceptRequest } from "jslib-common/models/request/provider/providerUserAcceptRequest";

+import { BaseAcceptComponent } from "src/app/common/base.accept.component";
+
@Component({
  selector: "app-accept-provider",
  templateUrl: "accept-provider.component.html",
--- a/bitwarden_license/src/app/providers/manage/bulk/bulk-confirm.component.ts
+++ b/bitwarden_license/src/app/providers/manage/bulk/bulk-confirm.component.ts
@@ -1,10 +1,9 @@
 import { Component, Input } from "@angular/core";

+import { ProviderUserStatusType } from "jslib-common/enums/providerUserStatusType";
 import { ProviderUserBulkConfirmRequest } from "jslib-common/models/request/provider/providerUserBulkConfirmRequest";
 import { ProviderUserBulkRequest } from "jslib-common/models/request/provider/providerUserBulkRequest";

-import { ProviderUserStatusType } from "jslib-common/enums/providerUserStatusType";
-
 import { BulkConfirmComponent as OrganizationBulkConfirmComponent } from "src/app/organizations/manage/bulk/bulk-confirm.component";
 import { BulkUserDetails } from "src/app/organizations/manage/bulk/bulk-status.component";

--- a/bitwarden_license/src/app/providers/manage/events.component.ts
+++ b/bitwarden_license/src/app/providers/manage/events.component.ts
@@ -1,27 +1,24 @@
 import { Component, OnInit } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";

+import { UserNamePipe } from "jslib-angular/pipes/user-name.pipe";
 import { ApiService } from "jslib-common/abstractions/api.service";
 import { ExportService } from "jslib-common/abstractions/export.service";
 import { I18nService } from "jslib-common/abstractions/i18n.service";
 import { LogService } from "jslib-common/abstractions/log.service";
 import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
 import { ProviderService } from "jslib-common/abstractions/provider.service";
-
-import { UserNamePipe } from "jslib-angular/pipes/user-name.pipe";
-
 import { EventResponse } from "jslib-common/models/response/eventResponse";

-import { EventService } from "src/app/services/event.service";
-
 import { BaseEventsComponent } from "src/app/common/base.events.component";
+import { EventService } from "src/app/services/event.service";

@Component({
  selector: "provider-events",
  templateUrl: "events.component.html",
 })
 export class EventsComponent extends BaseEventsComponent implements OnInit {
-  exportFileName: string = "provider-events";
+  exportFileName = "provider-events";
  providerId: string;

  private providerUsersUserIdMap = new Map<string, any>();
--- a/bitwarden_license/src/app/providers/manage/manage.component.ts
+++ b/bitwarden_license/src/app/providers/manage/manage.component.ts
@@ -2,7 +2,6 @@ import { Component, OnInit } from "@angular/core";
 import { ActivatedRoute } from "@angular/router";

 import { ProviderService } from "jslib-common/abstractions/provider.service";
-
 import { Provider } from "jslib-common/models/domain/provider";

@Component({
--- a/bitwarden_license/src/app/providers/manage/people.component.html
+++ b/bitwarden_license/src/app/providers/manage/people.component.html
@@ -214,7 +214,7 @@
                  {{ "eventLogs" | i18n }}
                </a>
                <a class="dropdown-item text-danger" href="#" appStopClick (click)="remove(u)">
-                  <i class="bwi bwi-fw bwi-remove" aria-hidden="true"></i>
+                  <i class="bwi bwi-fw bwi-close" aria-hidden="true"></i>
                  {{ "remove" | i18n }}
                </a>
              </div>
--- a/bitwarden_license/src/app/providers/manage/people.component.ts
+++ b/bitwarden_license/src/app/providers/manage/people.component.ts
@@ -1,8 +1,11 @@
 import { Component, OnInit, ViewChild, ViewContainerRef } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
-
 import { first } from "rxjs/operators";

+import { SearchPipe } from "jslib-angular/pipes/search.pipe";
+import { UserNamePipe } from "jslib-angular/pipes/user-name.pipe";
+import { ModalService } from "jslib-angular/services/modal.service";
+import { ValidationService } from "jslib-angular/services/validation.service";
 import { ApiService } from "jslib-common/abstractions/api.service";
 import { CryptoService } from "jslib-common/abstractions/crypto.service";
 import { I18nService } from "jslib-common/abstractions/i18n.service";
@@ -11,26 +14,18 @@ import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.se
 import { ProviderService } from "jslib-common/abstractions/provider.service";
 import { SearchService } from "jslib-common/abstractions/search.service";
 import { StateService } from "jslib-common/abstractions/state.service";
-
-import { ModalService } from "jslib-angular/services/modal.service";
-import { ValidationService } from "jslib-angular/services/validation.service";
-
 import { ProviderUserStatusType } from "jslib-common/enums/providerUserStatusType";
 import { ProviderUserType } from "jslib-common/enums/providerUserType";
-
-import { SearchPipe } from "jslib-angular/pipes/search.pipe";
-import { UserNamePipe } from "jslib-angular/pipes/user-name.pipe";
-
-import { ListResponse } from "jslib-common/models/response/listResponse";
-import { ProviderUserUserDetailsResponse } from "jslib-common/models/response/provider/providerUserResponse";
-
 import { ProviderUserBulkRequest } from "jslib-common/models/request/provider/providerUserBulkRequest";
 import { ProviderUserConfirmRequest } from "jslib-common/models/request/provider/providerUserConfirmRequest";
+import { ListResponse } from "jslib-common/models/response/listResponse";
 import { ProviderUserBulkResponse } from "jslib-common/models/response/provider/providerUserBulkResponse";
+import { ProviderUserUserDetailsResponse } from "jslib-common/models/response/provider/providerUserResponse";

 import { BasePeopleComponent } from "src/app/common/base.people.component";
 import { BulkStatusComponent } from "src/app/organizations/manage/bulk/bulk-status.component";
 import { EntityEventsComponent } from "src/app/organizations/manage/entity-events.component";
+
 import { BulkConfirmComponent } from "./bulk/bulk-confirm.component";
 import { BulkRemoveComponent } from "./bulk/bulk-remove.component";
 import { UserAddEditComponent } from "./user-add-edit.component";
@@ -158,17 +153,13 @@ export class PeopleComponent
  }

  async events(user: ProviderUserUserDetailsResponse) {
-    const [modal] = await this.modalService.openViewRef(
-      EntityEventsComponent,
-      this.eventsModalRef,
-      (comp) => {
+    await this.modalService.openViewRef(EntityEventsComponent, this.eventsModalRef, (comp) => {
      comp.name = this.userNamePipe.transform(user);
      comp.providerId = this.providerId;
      comp.entityId = user.id;
      comp.showUser = false;
      comp.entity = "user";
-      }
-    );
+    });
  }

  async bulkRemove() {
@@ -272,13 +263,14 @@ export class PeopleComponent

        childComponent.users = users.map((user) => {
          let message = keyedErrors[user.id] ?? successfullMessage;
+          // eslint-disable-next-line
          if (!keyedFilteredUsers.hasOwnProperty(user.id)) {
            message = this.i18nService.t("bulkFilteredMessage");
          }

          return {
            user: user,
-            error: keyedErrors.hasOwnProperty(user.id),
+            error: keyedErrors.hasOwnProperty(user.id), // eslint-disable-line
            message: message,
          };
        });
--- a/bitwarden_license/src/app/providers/manage/user-add-edit.component.html
+++ b/bitwarden_license/src/app/providers/manage/user-add-edit.component.html
@@ -52,7 +52,7 @@
            target="_blank"
            rel="noopener"
            appA11yTitle="{{ 'learnMore' | i18n }}"
-            href="https://bitwarden.com/help/article/user-types-access-control/#user-types"
+            href="https://bitwarden.com/help/provider-users/"
          >
            <i class="bwi bwi-question-circle" aria-hidden="true"></i>
          </a>
--- a/bitwarden_license/src/app/providers/manage/user-add-edit.component.ts
+++ b/bitwarden_license/src/app/providers/manage/user-add-edit.component.ts
@@ -4,12 +4,9 @@ import { ApiService } from "jslib-common/abstractions/api.service";
 import { I18nService } from "jslib-common/abstractions/i18n.service";
 import { LogService } from "jslib-common/abstractions/log.service";
 import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
-
-import { ProviderUserInviteRequest } from "jslib-common/models/request/provider/providerUserInviteRequest";
-
-import { PermissionsApi } from "jslib-common/models/api/permissionsApi";
-
 import { ProviderUserType } from "jslib-common/enums/providerUserType";
+import { PermissionsApi } from "jslib-common/models/api/permissionsApi";
+import { ProviderUserInviteRequest } from "jslib-common/models/request/provider/providerUserInviteRequest";
 import { ProviderUserUpdateRequest } from "jslib-common/models/request/provider/providerUserUpdateRequest";

@Component({
@@ -24,7 +21,7 @@ export class UserAddEditComponent implements OnInit {
  @Output() onDeletedUser = new EventEmitter();

  loading = true;
-  editMode: boolean = false;
+  editMode = false;
  title: string;
  emails: string;
  type: ProviderUserType = ProviderUserType.ServiceUser;
--- a/bitwarden_license/src/app/providers/providers-layout.component.ts
+++ b/bitwarden_license/src/app/providers/providers-layout.component.ts
@@ -2,7 +2,6 @@ import { Component } from "@angular/core";
 import { ActivatedRoute } from "@angular/router";

 import { ProviderService } from "jslib-common/abstractions/provider.service";
-
 import { Provider } from "jslib-common/models/domain/provider";

@Component({
--- a/bitwarden_license/src/app/providers/providers-routing.module.ts
+++ b/bitwarden_license/src/app/providers/providers-routing.module.ts
@@ -1,32 +1,30 @@
 import { NgModule } from "@angular/core";
 import { RouterModule, Routes } from "@angular/router";

-import { AuthGuardService } from "jslib-angular/services/auth-guard.service";
+import { AuthGuard } from "jslib-angular/guards/auth.guard";
 import { Permissions } from "jslib-common/enums/permissions";

-import { AddOrganizationComponent } from "./clients/add-organization.component";
+import { FrontendLayoutComponent } from "src/app/layouts/frontend-layout.component";
+import { ProvidersComponent } from "src/app/providers/providers.component";
+
 import { ClientsComponent } from "./clients/clients.component";
 import { CreateOrganizationComponent } from "./clients/create-organization.component";
+import { PermissionsGuard } from "./guards/provider-type.guard";
+import { ProviderGuard } from "./guards/provider.guard";
 import { AcceptProviderComponent } from "./manage/accept-provider.component";
 import { EventsComponent } from "./manage/events.component";
 import { ManageComponent } from "./manage/manage.component";
 import { PeopleComponent } from "./manage/people.component";
 import { ProvidersLayoutComponent } from "./providers-layout.component";
+import { AccountComponent } from "./settings/account.component";
 import { SettingsComponent } from "./settings/settings.component";
 import { SetupProviderComponent } from "./setup/setup-provider.component";
 import { SetupComponent } from "./setup/setup.component";

-import { FrontendLayoutComponent } from "src/app/layouts/frontend-layout.component";
-
-import { ProvidersComponent } from "src/app/providers/providers.component";
-import { ProviderGuardService } from "./services/provider-guard.service";
-import { ProviderTypeGuardService } from "./services/provider-type-guard.service";
-import { AccountComponent } from "./settings/account.component";
-
 const routes: Routes = [
  {
    path: "",
-    canActivate: [AuthGuardService],
+    canActivate: [AuthGuard],
    component: ProvidersComponent,
  },
  {
@@ -47,7 +45,7 @@ const routes: Routes = [
  },
  {
    path: "",
-    canActivate: [AuthGuardService],
+    canActivate: [AuthGuard],
    children: [
      {
        path: "setup",
@@ -56,7 +54,7 @@ const routes: Routes = [
      {
        path: ":providerId",
        component: ProvidersLayoutComponent,
-        canActivate: [ProviderGuardService],
+        canActivate: [ProviderGuard],
        children: [
          { path: "", pathMatch: "full", redirectTo: "clients" },
          { path: "clients/create", component: CreateOrganizationComponent },
@@ -73,7 +71,7 @@ const routes: Routes = [
              {
                path: "people",
                component: PeopleComponent,
-                canActivate: [ProviderTypeGuardService],
+                canActivate: [PermissionsGuard],
                data: {
                  titleId: "people",
                  permissions: [Permissions.ManageUsers],
@@ -82,7 +80,7 @@ const routes: Routes = [
              {
                path: "events",
                component: EventsComponent,
-                canActivate: [ProviderTypeGuardService],
+                canActivate: [PermissionsGuard],
                data: {
                  titleId: "eventLogs",
                  permissions: [Permissions.AccessEventLogs],
@@ -102,7 +100,7 @@ const routes: Routes = [
              {
                path: "account",
                component: AccountComponent,
-                canActivate: [ProviderTypeGuardService],
+                canActivate: [PermissionsGuard],
                data: {
                  titleId: "myProvider",
                  permissions: [Permissions.ManageProvider],
--- a/bitwarden_license/src/app/providers/providers.module.ts
+++ b/bitwarden_license/src/app/providers/providers.module.ts
@@ -1,21 +1,17 @@
 import { CommonModule } from "@angular/common";
-import { ComponentFactoryResolver } from "@angular/core";
-import { NgModule } from "@angular/core";
+import { ComponentFactoryResolver, NgModule } from "@angular/core";
 import { FormsModule } from "@angular/forms";

+import { JslibModule } from "jslib-angular/jslib.module";
 import { ModalService } from "jslib-angular/services/modal.service";

-import { ProviderGuardService } from "./services/provider-guard.service";
-import { ProviderTypeGuardService } from "./services/provider-type-guard.service";
-import { WebProviderService } from "./services/webProvider.service";
-
-import { ProvidersLayoutComponent } from "./providers-layout.component";
-import { ProvidersRoutingModule } from "./providers-routing.module";
+import { OssModule } from "src/app/oss.module";

 import { AddOrganizationComponent } from "./clients/add-organization.component";
 import { ClientsComponent } from "./clients/clients.component";
 import { CreateOrganizationComponent } from "./clients/create-organization.component";
-
+import { PermissionsGuard } from "./guards/provider-type.guard";
+import { ProviderGuard } from "./guards/provider.guard";
 import { AcceptProviderComponent } from "./manage/accept-provider.component";
 import { BulkConfirmComponent } from "./manage/bulk/bulk-confirm.component";
 import { BulkRemoveComponent } from "./manage/bulk/bulk-remove.component";
@@ -23,17 +19,16 @@ import { EventsComponent } from "./manage/events.component";
 import { ManageComponent } from "./manage/manage.component";
 import { PeopleComponent } from "./manage/people.component";
 import { UserAddEditComponent } from "./manage/user-add-edit.component";
-
+import { ProvidersLayoutComponent } from "./providers-layout.component";
+import { ProvidersRoutingModule } from "./providers-routing.module";
+import { WebProviderService } from "./services/webProvider.service";
 import { AccountComponent } from "./settings/account.component";
 import { SettingsComponent } from "./settings/settings.component";
-
 import { SetupProviderComponent } from "./setup/setup-provider.component";
 import { SetupComponent } from "./setup/setup.component";

-import { OssModule } from "src/app/oss.module";
-
@NgModule({
-  imports: [CommonModule, FormsModule, OssModule, ProvidersRoutingModule],
+  imports: [CommonModule, FormsModule, OssModule, JslibModule, ProvidersRoutingModule],
  declarations: [
    AcceptProviderComponent,
    AccountComponent,
@@ -51,7 +46,7 @@ import { OssModule } from "src/app/oss.module";
    SetupProviderComponent,
    UserAddEditComponent,
  ],
-  providers: [WebProviderService, ProviderGuardService, ProviderTypeGuardService],
+  providers: [WebProviderService, ProviderGuard, PermissionsGuard],
 })
 export class ProvidersModule {
  constructor(modalService: ModalService, componentFactoryResolver: ComponentFactoryResolver) {
--- a/bitwarden_license/src/app/providers/services/webProvider.service.ts
+++ b/bitwarden_license/src/app/providers/services/webProvider.service.ts
@@ -3,7 +3,6 @@ import { Injectable } from "@angular/core";
 import { ApiService } from "jslib-common/abstractions/api.service";
 import { CryptoService } from "jslib-common/abstractions/crypto.service";
 import { SyncService } from "jslib-common/abstractions/sync.service";
-
 import { ProviderAddOrganizationRequest } from "jslib-common/models/request/provider/providerAddOrganizationRequest";

@Injectable()
--- a/bitwarden_license/src/app/providers/settings/account.component.ts
+++ b/bitwarden_license/src/app/providers/settings/account.component.ts
@@ -6,9 +6,7 @@ import { I18nService } from "jslib-common/abstractions/i18n.service";
 import { LogService } from "jslib-common/abstractions/log.service";
 import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
 import { SyncService } from "jslib-common/abstractions/sync.service";
-
 import { ProviderUpdateRequest } from "jslib-common/models/request/provider/providerUpdateRequest";
-
 import { ProviderResponse } from "jslib-common/models/response/provider/providerResponse";

@Component({
--- a/bitwarden_license/src/app/providers/settings/settings.component.ts
+++ b/bitwarden_license/src/app/providers/settings/settings.component.ts
@@ -1,7 +1,6 @@
 import { Component } from "@angular/core";
 import { ActivatedRoute } from "@angular/router";

-import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
 import { ProviderService } from "jslib-common/abstractions/provider.service";

@Component({
@@ -9,15 +8,11 @@ import { ProviderService } from "jslib-common/abstractions/provider.service";
  templateUrl: "settings.component.html",
 })
 export class SettingsComponent {
-  constructor(
-    private route: ActivatedRoute,
-    private providerService: ProviderService,
-    private platformUtilsService: PlatformUtilsService
-  ) {}
+  constructor(private route: ActivatedRoute, private providerService: ProviderService) {}

  ngOnInit() {
    this.route.parent.params.subscribe(async (params) => {
-      const provider = await this.providerService.get(params.providerId);
+      await this.providerService.get(params.providerId);
    });
  }
 }
--- a/bitwarden_license/src/app/providers/setup/setup-provider.component.html
+++ b/bitwarden_license/src/app/providers/setup/setup-provider.component.html
@@ -20,7 +20,11 @@
          <p>{{ "setupProviderLoginDesc" | i18n }}</p>
          <hr />
          <div class="d-flex">
-            <a routerLink="/" [queryParams]="{ email: email }" class="btn btn-primary btn-block">
+            <a
+              routerLink="/login"
+              [queryParams]="{ email: email }"
+              class="btn btn-primary btn-block"
+            >
              {{ "logIn" | i18n }}
            </a>
          </div>
--- a/bitwarden_license/src/app/providers/setup/setup-provider.component.ts
+++ b/bitwarden_license/src/app/providers/setup/setup-provider.component.ts
@@ -16,6 +16,7 @@ export class SetupProviderComponent extends BaseAcceptComponent {
    this.router.navigate(["/providers/setup"], { queryParams: qParams });
  }

-  // tslint:disable-next-line
-  async unauthedHandler(qParams: any) {}
+  async unauthedHandler(qParams: any) {
+    // Empty
+  }
 }
--- a/bitwarden_license/src/app/providers/setup/setup.component.ts
+++ b/bitwarden_license/src/app/providers/setup/setup.component.ts
@@ -1,12 +1,10 @@
 import { Component, OnInit } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
-
 import { first } from "rxjs/operators";

+import { ValidationService } from "jslib-angular/services/validation.service";
 import { ApiService } from "jslib-common/abstractions/api.service";
 import { CryptoService } from "jslib-common/abstractions/crypto.service";
-
-import { ValidationService } from "jslib-angular/services/validation.service";
 import { I18nService } from "jslib-common/abstractions/i18n.service";
 import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
 import { SyncService } from "jslib-common/abstractions/sync.service";
--- a/config/base.json
+++ b/config/base.json
@@ -7,6 +7,7 @@
    "buttonAction": "https://www.sandbox.paypal.com/cgi-bin/webscr"
  },
  "dev": {
+    "port": 8080,
    "allowedHosts": "auto"
  }
 }
--- a/config/selfhosted.json
+++ b/config/selfhosted.json
@@ -1 +1,9 @@
-{}
+{
+  "dev": {
+    "proxyApi": "http://localhost:4001",
+    "proxyIdentity": "http://localhost:33657",
+    "proxyEvents": "http://localhost:46274",
+    "proxyNotifications": "http://localhost:61841",
+    "port": 8081
+  }
+}
--- a/2
+++ b/2
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "@bitwarden/web-vault",
-  "version": "2.25.1",
+  "version": "2022.05.0",
  "license": "GPL-3.0",
  "repository": "https://github.com/bitwarden/web",
  "scripts": {
@@ -29,8 +29,8 @@
    "dist:bit:selfhost": "npm run build:bit:selfhost:prod",
    "deploy": "npm run dist:bit && gh-pages -d build",
    "deploy:dev": "npm run dist:bit && gh-pages -d build -r git@github.com:kspearrin/bitwarden-web-dev.git",
-    "lint": "tslint 'src/**/*.ts' 'bitwarden_license/src/**/*.ts' && prettier --check .",
-    "lint:fix": "tslint 'src/**/*.ts' 'bitwarden_license/src/**/*.ts' --fix",
+    "lint": "eslint . && prettier --check .",
+    "lint:fix": "eslint . --fix",
    "prettier": "prettier --write .",
    "prepare": "husky install"
  },
@@ -41,11 +41,18 @@
    "@types/node": "^16.11.12",
    "@types/webcrypto": "^0.0.28",
    "@types/webpack": "^5.28.0",
+    "@typescript-eslint/eslint-plugin": "^5.10.1",
+    "@typescript-eslint/parser": "^5.10.1",
+    "autoprefixer": "^10.4.2",
    "buffer": "^6.0.3",
    "clean-webpack-plugin": "^4.0.0",
    "copy-webpack-plugin": "^10.0.0",
    "cross-env": "^7.0.3",
    "css-loader": "^6.5.1",
+    "eslint": "^8.7.0",
+    "eslint-config-prettier": "^8.3.0",
+    "eslint-import-resolver-typescript": "^2.5.0",
+    "eslint-plugin-import": "^2.25.4",
    "gh-pages": "^3.1.0",
    "html-loader": "^3.0.1",
    "html-webpack-injector": "1.1.4",
@@ -53,15 +60,17 @@
    "husky": "^7.0.4",
    "lint-staged": "^12.1.2",
    "mini-css-extract-plugin": "^2.4.5",
+    "postcss": "^8.4.6",
+    "postcss-loader": "^6.2.1",
    "prettier": "2.5.1",
    "process": "^0.11.10",
+    "rimraf": "^3.0.2",
    "sass": "^1.32.10",
    "sass-loader": "^12.4.0",
    "style-loader": "^3.3.1",
+    "tailwindcss": "^3.0.18",
    "terser-webpack-plugin": "^5.2.5",
    "ts-loader": "^9.2.5",
-    "tslint": "^6.1.3",
-    "tslint-loader": "^3.5.4",
    "typescript": "4.3.5",
    "util": "^0.12.4",
    "webpack": "^5.64.4",
@@ -81,27 +90,30 @@
    "@bitwarden/jslib-angular": "file:jslib/angular",
    "@bitwarden/jslib-common": "file:jslib/common",
    "bootstrap": "4.6.0",
-    "braintree-web-drop-in": "1.30.1",
+    "braintree-web-drop-in": "1.33.1",
    "browser-hrtime": "^1.1.8",
    "core-js": "^3.11.0",
    "date-input-polyfill": "^2.14.0",
-    "font-awesome": "4.7.0",
    "jquery": "3.6.0",
+    "jszip": "^3.7.1",
    "ngx-infinite-scroll": "^10.0.1",
    "ngx-toastr": "14.1.4",
+    "node-forge": "^1.3.1",
    "popper.js": "1.16.1",
    "qrious": "4.0.2",
    "rxjs": "^7.4.0",
    "sweetalert2": "^10.16.6",
    "webcrypto-shim": "0.1.7",
-    "whatwg-fetch": "3.6.2"
+    "whatwg-fetch": "3.6.2",
+    "zone.js": "0.11.4"
  },
  "engines": {
    "node": "~16",
    "npm": "~8"
  },
  "lint-staged": {
-    "*": "prettier --ignore-unknown --write",
+    "./!(jslib)**": "prettier --ignore-unknown --write",
+    "*.ts": "eslint --fix",
    "*.png": "node scripts/optimize.js"
  }
 }
--- a/postcss.config.js
+++ b/postcss.config.js
@@ -0,0 +1,4 @@
+/* eslint-disable no-undef */
+module.exports = {
+  plugins: [require("tailwindcss"), require("autoprefixer"), require("postcss-nested")],
+};
--- a/src/abstractions/state.service.ts
+++ b/src/abstractions/state.service.ts
@@ -0,0 +1,9 @@
+import { StateService as BaseStateService } from "jslib-common/abstractions/state.service";
+import { StorageOptions } from "jslib-common/models/domain/storageOptions";
+
+import { Account } from "src/models/account";
+
+export abstract class StateService extends BaseStateService<Account> {
+  getRememberEmail: (options?: StorageOptions) => Promise<boolean>;
+  setRememberEmail: (value: boolean, options?: StorageOptions) => Promise<void>;
+}
--- a/src/app/accounts/accept-emergency.component.html
+++ b/src/app/accounts/accept-emergency.component.html
@@ -23,7 +23,11 @@
          <p>{{ "acceptEmergencyAccess" | i18n }}</p>
          <hr />
          <div class="d-flex">
-            <a routerLink="/" [queryParams]="{ email: email }" class="btn btn-primary btn-block">
+            <a
+              routerLink="/login"
+              [queryParams]="{ email: email }"
+              class="btn btn-primary btn-block"
+            >
              {{ "logIn" | i18n }}
            </a>
            <a
--- a/src/app/accounts/accept-emergency.component.ts
+++ b/src/app/accounts/accept-emergency.component.ts
@@ -6,6 +6,7 @@ import { I18nService } from "jslib-common/abstractions/i18n.service";
 import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
 import { StateService } from "jslib-common/abstractions/state.service";
 import { EmergencyAccessAcceptRequest } from "jslib-common/models/request/emergencyAccessAcceptRequest";
+
 import { BaseAcceptComponent } from "../common/base.accept.component";

@Component({
--- a/src/app/accounts/accept-organization.component.html
+++ b/src/app/accounts/accept-organization.component.html
@@ -24,7 +24,11 @@
          <p>{{ "joinOrganizationDesc" | i18n }}</p>
          <hr />
          <div class="d-flex">
-            <a routerLink="/" [queryParams]="{ email: email }" class="btn btn-primary btn-block">
+            <a
+              routerLink="/login"
+              [queryParams]="{ email: email }"
+              class="btn btn-primary btn-block"
+            >
              {{ "logIn" | i18n }}
            </a>
            <a
--- a/src/app/accounts/accept-organization.component.ts
+++ b/src/app/accounts/accept-organization.component.ts
@@ -8,12 +8,11 @@ import { LogService } from "jslib-common/abstractions/log.service";
 import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
 import { PolicyService } from "jslib-common/abstractions/policy.service";
 import { StateService } from "jslib-common/abstractions/state.service";
-
+import { Utils } from "jslib-common/misc/utils";
+import { Policy } from "jslib-common/models/domain/policy";
 import { OrganizationUserAcceptRequest } from "jslib-common/models/request/organizationUserAcceptRequest";
 import { OrganizationUserResetPasswordEnrollmentRequest } from "jslib-common/models/request/organizationUserResetPasswordEnrollmentRequest";

-import { Utils } from "jslib-common/misc/utils";
-import { Policy } from "jslib-common/models/domain/policy";
 import { BaseAcceptComponent } from "../common/base.accept.component";

@Component({
--- a/src/app/accounts/hint.component.html
+++ b/src/app/accounts/hint.component.html
@@ -33,7 +33,7 @@
                aria-hidden="true"
              ></i>
            </button>
-            <a routerLink="/" class="btn btn-outline-secondary btn-block ml-2 mt-0">
+            <a routerLink="/login" class="btn btn-outline-secondary btn-block ml-2 mt-0">
              {{ "cancel" | i18n }}
            </a>
          </div>
--- a/src/app/accounts/hint.component.ts
+++ b/src/app/accounts/hint.component.ts
@@ -1,13 +1,12 @@
 import { Component } from "@angular/core";
 import { Router } from "@angular/router";

+import { HintComponent as BaseHintComponent } from "jslib-angular/components/hint.component";
 import { ApiService } from "jslib-common/abstractions/api.service";
 import { I18nService } from "jslib-common/abstractions/i18n.service";
 import { LogService } from "jslib-common/abstractions/log.service";
 import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";

-import { HintComponent as BaseHintComponent } from "jslib-angular/components/hint.component";
-
@Component({
  selector: "app-hint",
  templateUrl: "hint.component.html",
--- a/src/app/accounts/lock.component.ts
+++ b/src/app/accounts/lock.component.ts
@@ -1,6 +1,7 @@
 import { Component, NgZone } from "@angular/core";
 import { Router } from "@angular/router";

+import { LockComponent as BaseLockComponent } from "jslib-angular/components/lock.component";
 import { ApiService } from "jslib-common/abstractions/api.service";
 import { CryptoService } from "jslib-common/abstractions/crypto.service";
 import { EnvironmentService } from "jslib-common/abstractions/environment.service";
@@ -14,8 +15,6 @@ import { VaultTimeoutService } from "jslib-common/abstractions/vaultTimeout.serv

 import { RouterService } from "../services/router.service";

-import { LockComponent as BaseLockComponent } from "jslib-angular/components/lock.component";
-
@Component({
  selector: "app-lock",
  templateUrl: "lock.component.html",
@@ -56,10 +55,10 @@ export class LockComponent extends BaseLockComponent {
    await super.ngOnInit();
    this.onSuccessfulSubmit = async () => {
      const previousUrl = this.routerService.getPreviousUrl();
-      if (previousUrl !== "/" && previousUrl.indexOf("lock") === -1) {
+      if (previousUrl && previousUrl !== "/" && previousUrl.indexOf("lock") === -1) {
        this.successRoute = previousUrl;
      }
-      this.router.navigate([this.successRoute]);
+      this.router.navigateByUrl(this.successRoute);
    };
  }
 }
--- a/src/app/accounts/login.component.html
+++ b/src/app/accounts/login.component.html
@@ -86,7 +86,7 @@
              [queryParams]="{ email: email }"
              class="btn btn-outline-secondary btn-block ml-2 mt-0"
            >
-              <i class="bwi bwi-pencil-square-o" aria-hidden="true"></i>
+              <i class="bwi bwi-pencil-square" aria-hidden="true"></i>
              {{ "createAccount" | i18n }}
            </a>
          </div>
--- a/src/app/accounts/login.component.ts
+++ b/src/app/accounts/login.component.ts
@@ -1,22 +1,26 @@
 import { Component, NgZone } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
-
 import { first } from "rxjs/operators";

+import { LoginComponent as BaseLoginComponent } from "jslib-angular/components/login.component";
 import { ApiService } from "jslib-common/abstractions/api.service";
 import { AuthService } from "jslib-common/abstractions/auth.service";
 import { CryptoFunctionService } from "jslib-common/abstractions/cryptoFunction.service";
 import { EnvironmentService } from "jslib-common/abstractions/environment.service";
 import { I18nService } from "jslib-common/abstractions/i18n.service";
 import { LogService } from "jslib-common/abstractions/log.service";
+import { MessagingService } from "jslib-common/abstractions/messaging.service";
 import { PasswordGenerationService } from "jslib-common/abstractions/passwordGeneration.service";
 import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
 import { PolicyService } from "jslib-common/abstractions/policy.service";
-import { StateService } from "jslib-common/abstractions/state.service";
-
-import { LoginComponent as BaseLoginComponent } from "jslib-angular/components/login.component";
-
+import { PolicyData } from "jslib-common/models/data/policyData";
+import { MasterPasswordPolicyOptions } from "jslib-common/models/domain/masterPasswordPolicyOptions";
 import { Policy } from "jslib-common/models/domain/policy";
+import { ListResponse } from "jslib-common/models/response/listResponse";
+import { PolicyResponse } from "jslib-common/models/response/policyResponse";
+
+import { StateService } from "../../abstractions/state.service";
+import { RouterService } from "../services/router.service";

@Component({
  selector: "app-login",
@@ -24,13 +28,14 @@ import { Policy } from "jslib-common/models/domain/policy";
 })
 export class LoginComponent extends BaseLoginComponent {
  showResetPasswordAutoEnrollWarning = false;
+  enforcedPasswordPolicyOptions: MasterPasswordPolicyOptions;
+  policies: ListResponse<PolicyResponse>;

  constructor(
    authService: AuthService,
    router: Router,
    i18nService: I18nService,
    private route: ActivatedRoute,
-    stateService: StateService,
    platformUtilsService: PlatformUtilsService,
    environmentService: EnvironmentService,
    passwordGenerationService: PasswordGenerationService,
@@ -38,7 +43,10 @@ export class LoginComponent extends BaseLoginComponent {
    private apiService: ApiService,
    private policyService: PolicyService,
    logService: LogService,
-    ngZone: NgZone
+    ngZone: NgZone,
+    protected stateService: StateService,
+    private messagingService: MessagingService,
+    private routerService: RouterService
  ) {
    super(
      authService,
@@ -52,6 +60,9 @@ export class LoginComponent extends BaseLoginComponent {
      logService,
      ngZone
    );
+    this.onSuccessfulLogin = async () => {
+      this.messagingService.send("setFullWidth");
+    };
    this.onSuccessfulLoginNavigate = this.goAfterLogIn;
  }

@@ -61,58 +72,108 @@ export class LoginComponent extends BaseLoginComponent {
        this.email = qParams.email;
      }
      if (qParams.premium != null) {
-        this.stateService.setLoginRedirect({ route: "/settings/premium" });
+        this.routerService.setPreviousUrl("/settings/premium");
      } else if (qParams.org != null) {
-        this.stateService.setLoginRedirect({
-          route: "/settings/create-organization",
-          qParams: { plan: qParams.org },
+        const route = this.router.createUrlTree(["create-organization"], {
+          queryParams: { plan: qParams.org },
        });
+        this.routerService.setPreviousUrl(route.toString());
      }

      // Are they coming from an email for sponsoring a families organization
      if (qParams.sponsorshipToken != null) {
-        // After logging in redirect them to setup the families sponsorship
-        this.stateService.setLoginRedirect({
-          route: "/setup/families-for-enterprise",
-          qParams: { token: qParams.sponsorshipToken },
+        const route = this.router.createUrlTree(["setup/families-for-enterprise"], {
+          queryParams: { token: qParams.sponsorshipToken },
        });
+        this.routerService.setPreviousUrl(route.toString());
      }
      await super.ngOnInit();
+      this.rememberEmail = await this.stateService.getRememberEmail();
    });

    const invite = await this.stateService.getOrganizationInvitation();
    if (invite != null) {
      let policyList: Policy[] = null;
      try {
-        const policies = await this.apiService.getPoliciesByToken(
+        this.policies = await this.apiService.getPoliciesByToken(
          invite.organizationId,
          invite.token,
          invite.email,
          invite.organizationUserId
        );
-        policyList = this.policyService.mapPoliciesFromToken(policies);
+        policyList = this.policyService.mapPoliciesFromToken(this.policies);
      } catch (e) {
        this.logService.error(e);
      }

      if (policyList != null) {
-        const result = this.policyService.getResetPasswordPolicyOptions(
+        const resetPasswordPolicy = this.policyService.getResetPasswordPolicyOptions(
          policyList,
          invite.organizationId
        );
        // Set to true if policy enabled and auto-enroll enabled
-        this.showResetPasswordAutoEnrollWarning = result[1] && result[0].autoEnrollEnabled;
+        this.showResetPasswordAutoEnrollWarning =
+          resetPasswordPolicy[1] && resetPasswordPolicy[0].autoEnrollEnabled;
+
+        this.enforcedPasswordPolicyOptions =
+          await this.policyService.getMasterPasswordPolicyOptions(policyList);
      }
    }
  }

  async goAfterLogIn() {
-    const loginRedirect = await this.stateService.getLoginRedirect();
-    if (loginRedirect != null) {
-      this.router.navigate([loginRedirect.route], { queryParams: loginRedirect.qParams });
-      await this.stateService.setLoginRedirect(null);
+    // Check master password against policy
+    if (this.enforcedPasswordPolicyOptions != null) {
+      const strengthResult = this.passwordGenerationService.passwordStrength(
+        this.masterPassword,
+        this.getPasswordStrengthUserInput()
+      );
+      const masterPasswordScore = strengthResult == null ? null : strengthResult.score;
+
+      // If invalid, save policies and require update
+      if (
+        !this.policyService.evaluateMasterPassword(
+          masterPasswordScore,
+          this.masterPassword,
+          this.enforcedPasswordPolicyOptions
+        )
+      ) {
+        const policiesData: { [id: string]: PolicyData } = {};
+        this.policies.data.map((p) => (policiesData[p.id] = new PolicyData(p)));
+        await this.policyService.replace(policiesData);
+        this.router.navigate(["update-password"]);
+        return;
+      }
+    }
+
+    const previousUrl = this.routerService.getPreviousUrl();
+    if (previousUrl) {
+      this.router.navigateByUrl(previousUrl);
    } else {
      this.router.navigate([this.successRoute]);
    }
  }
+
+  async submit() {
+    await this.stateService.setRememberEmail(this.rememberEmail);
+    if (!this.rememberEmail) {
+      await this.stateService.setRememberedEmail(null);
+    }
+    await super.submit();
+  }
+
+  private getPasswordStrengthUserInput() {
+    let userInput: string[] = [];
+    const atPosition = this.email.indexOf("@");
+    if (atPosition > -1) {
+      userInput = userInput.concat(
+        this.email
+          .substr(0, atPosition)
+          .trim()
+          .toLowerCase()
+          .split(/[^A-Za-z0-9]/)
+      );
+    }
+    return userInput;
+  }
 }
--- a/src/app/accounts/recover-delete.component.html
+++ b/src/app/accounts/recover-delete.component.html
@@ -33,7 +33,7 @@
                aria-hidden="true"
              ></i>
            </button>
-            <a routerLink="/" class="btn btn-outline-secondary btn-block ml-2 mt-0">
+            <a routerLink="/login" class="btn btn-outline-secondary btn-block ml-2 mt-0">
              {{ "cancel" | i18n }}
            </a>
          </div>
--- a/src/app/accounts/recover-delete.component.ts
+++ b/src/app/accounts/recover-delete.component.ts
@@ -5,7 +5,6 @@ import { ApiService } from "jslib-common/abstractions/api.service";
 import { I18nService } from "jslib-common/abstractions/i18n.service";
 import { LogService } from "jslib-common/abstractions/log.service";
 import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
-
 import { DeleteRecoverRequest } from "jslib-common/models/request/deleteRecoverRequest";

@Component({
--- a/src/app/accounts/recover-two-factor.component.html
+++ b/src/app/accounts/recover-two-factor.component.html
@@ -7,7 +7,7 @@
          <p>
            {{ "recoverAccountTwoStepDesc" | i18n }}
            <a
-              href="https://help.bitwarden.com/article/lost-two-step-device/"
+              href="https://bitwarden.com/help/lost-two-step-device/"
              target="_blank"
              rel="noopener"
              >{{ "learnMore" | i18n }}</a
@@ -65,7 +65,7 @@
                aria-hidden="true"
              ></i>
            </button>
-            <a routerLink="/" class="btn btn-outline-secondary btn-block ml-2 mt-0">
+            <a routerLink="/login" class="btn btn-outline-secondary btn-block ml-2 mt-0">
              {{ "cancel" | i18n }}
            </a>
          </div>
--- a/src/app/accounts/recover-two-factor.component.ts
+++ b/src/app/accounts/recover-two-factor.component.ts
@@ -7,7 +7,6 @@ import { CryptoService } from "jslib-common/abstractions/crypto.service";
 import { I18nService } from "jslib-common/abstractions/i18n.service";
 import { LogService } from "jslib-common/abstractions/log.service";
 import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
-
 import { TwoFactorRecoveryRequest } from "jslib-common/models/request/twoFactorRecoveryRequest";

@Component({
--- a/src/app/accounts/register.component.html
+++ b/src/app/accounts/register.component.html
@@ -1,44 +1,100 @@
 <div class="layout" [ngClass]="['layout', layout]">
-  <header class="header" *ngIf="layout === 'enterprise2'">
+  <!-- TEAMS 1 Header -->
+  <header
+    class="header"
+    *ngIf="
+      layout === 'default' ||
+      layout === 'teams' ||
+      layout === 'teams1' ||
+      layout === 'teams2' ||
+      layout === 'enterprise' ||
+      layout === 'enterprise1' ||
+      layout === 'enterprise2' ||
+      layout === 'cnetcmpgnent' ||
+      layout === 'cnetcmpgnteams' ||
+      layout === 'cnetcmpgnind'
+    "
+  >
    <div class="container">
      <div class="row">
        <div class="col-7">
          <img
            alt="Bitwarden"
            class="logo mb-2"
-            src="../../images/register-layout/logo-horizontal-white.png"
+            src="../../images/register-layout/logo-horizontal-white.svg"
          />
        </div>
      </div>
    </div>
  </header>
+
  <form #form (ngSubmit)="submit()" [appApiAction]="formPromise" class="container" ngNativeValidate>
    <div class="row">
      <div class="col-7" *ngIf="layout">
        <div class="mt-5">
-          <div *ngIf="layout === 'enterprise2'">
-            <h2>Companies globally trust Bitwarden for password management.</h2>
-            <p>Start your 7-day free trial!</p>
-            <p class="highlight">Quickly deploy your <b>organization</b></p>
-            <p>Use Bitwarden across all platforms</p>
+          <!-- Default Body -->
+          <div
+            *ngIf="
+              layout === 'teams' ||
+              layout === 'enterprise' ||
+              layout === 'enterprise1' ||
+              layout === 'default'
+            "
+          >
+            <h1>The Bitwarden Password Manager</h1>
+            <h2>
+              Trusted by millions of individuals, teams, and organizations worldwide for secure
+              password storage and sharing.
+            </h2>
+            <p>Store logins, secure notes, and more</p>
            <p>Collaborate and share securely</p>
-            <figure>
-              <figcaption>
-                <cite>
-                  <img src="../../images/register-layout/wired-logo.png" alt="Wired" />
-                </cite>
-              </figcaption>
-              <blockquote>
-                "Bitwarden has become a popular choice among open-source software advocates. After
-                using it for a few months, I can see why." - February 2020
-              </blockquote>
-            </figure>
+            <p>Access anywhere on any device</p>
+            <p>Create your account to get started</p>
          </div>
-          <div *ngIf="layout === 'enterprise3'">
-            <p>Enterprise 3 layout</p>
+
+          <!-- Teams & Enterprise Body -->
+          <div *ngIf="layout === 'teams1' || layout === 'teams2' || layout === 'enterprise2'">
+            <h1>
+              Start Your <span *ngIf="layout === 'teams1' || layout === 'teams1'">Teams<br /></span
+              ><span *ngIf="layout === 'enterprise2'">Enterprise</span> Free Trial Now
+            </h1>
+            <h2>
+              Millions of individuals, teams, and organizations worldwide trust Bitwarden for secure
+              password storage and sharing.
+            </h2>
+            <p>Collaborate and share securely</p>
+            <p>Deploy and manage quickly and easily</p>
+            <p>Access anywhere on any device</p>
+            <p>Create your account to get started</p>
          </div>
-          <div *ngIf="layout === 'enterprise4'">
-            <p>Enterprise 4 layout</p>
+
+          <!-- CNET Campaign Teams & Enterprise Body -->
+          <div *ngIf="layout === 'cnetcmpgnteams' || layout === 'cnetcmpgnent'">
+            <h1>
+              Start Your <span *ngIf="layout === 'cnetcmpgnteams'">Teams<br /></span
+              ><span *ngIf="layout === 'cnetcmpgnent'">Enterprise</span> Free Trial Now
+            </h1>
+            <h2>
+              Millions of individuals, teams, and organizations worldwide trust Bitwarden for secure
+              password storage and sharing.
+            </h2>
+            <p>Collaborate and share securely</p>
+            <p>Deploy and manage quickly and easily</p>
+            <p>Access anywhere on any device</p>
+            <p>Create your account to get started</p>
+          </div>
+
+          <!-- CNET Campaign Premium Body -->
+          <div *ngIf="layout === 'cnetcmpgnind'">
+            <h1>Start Your Premium Account Now</h1>
+            <h2>
+              Millions of individuals, teams, and organizations worldwide trust Bitwarden for secure
+              password storage and sharing.
+            </h2>
+            <p>Store logins, secure notes, and more</p>
+            <p>Secure your account with advanced two-step login</p>
+            <p>Access anywhere on any device</p>
+            <p>Create your account to get started</p>
          </div>
        </div>
      </div>
@@ -202,7 +258,7 @@
                      aria-hidden="true"
                    ></i>
                  </button>
-                  <a routerLink="/" class="btn btn-outline-secondary btn-block ml-2 mt-0">
+                  <a routerLink="/login" class="btn btn-outline-secondary btn-block ml-2 mt-0">
                    {{ "cancel" | i18n }}
                  </a>
                </div>
@@ -212,5 +268,88 @@
        </div>
      </div>
    </div>
+    <div class="row">
+      <div class="col-7 d-flex align-items-center">
+        <div
+          *ngIf="
+            layout === 'cnetcmpgnent' || layout === 'cnetcmpgnteams' || layout === 'cnetcmpgnind'
+          "
+        >
+          <figure>
+            <figcaption>
+              <cite>
+                <img
+                  src="../../images/register-layout/cnet-logo.svg"
+                  class="w-25 d-block mx-auto"
+                  alt="cnet logo"
+                />
+              </cite>
+            </figcaption>
+            <blockquote class="mx-auto text-center px-4">
+              "No more excuses; start using Bitwarden today. The identity you save could be your
+              own. The money definitely will be."
+            </blockquote>
+          </figure>
+        </div>
+
+        <div
+          *ngIf="
+            layout === 'teams' ||
+            layout === 'teams1' ||
+            layout === 'teams2' ||
+            layout === 'enterprise' ||
+            layout === 'enterprise1' ||
+            layout === 'enterprise2' ||
+            layout === 'default'
+          "
+        >
+          <figure>
+            <figcaption>
+              <cite>
+                <img
+                  src="../../images/register-layout/forbes-logo.svg"
+                  class="w-25 d-block mx-auto"
+                  alt="Forbes Logo"
+                />
+              </cite>
+            </figcaption>
+            <blockquote class="mx-auto text-center px-4">
+              “Bitwarden boasts the backing of some of the world's best security experts and an
+              attractive, easy-to-use interface”
+            </blockquote>
+          </figure>
+        </div>
+      </div>
+      <div
+        *ngIf="
+          layout === 'cnetcmpgnent' || layout === 'cnetcmpgnteams' || layout === 'cnetcmpgnind'
+        "
+        class="col-5 d-flex align-items-center justify-content-center"
+      >
+        <img
+          src="../../images/register-layout/usnews-360-badge.svg"
+          class="w-50 d-block"
+          alt="US News 360 Reviews Best Password Manager"
+        />
+      </div>
+      <div
+        *ngIf="
+          layout === 'teams' ||
+          layout === 'teams1' ||
+          layout === 'teams2' ||
+          layout === 'enterprise' ||
+          layout === 'enterprise1' ||
+          layout === 'enterprise2' ||
+          layout === 'default'
+        "
+        class="col-5 d-flex align-items-center justify-content-center"
+      >
+        <img
+          src="../../images/register-layout/usnews-360-badge.svg"
+          class="w-50 d-block"
+          alt="US News 360 Reviews Best Password Manager"
+        />
+      </div>
+    </div>
  </form>
 </div>
--- a/src/app/accounts/register.component.ts
+++ b/src/app/accounts/register.component.ts
@@ -1,8 +1,8 @@
 import { Component } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
-
 import { first } from "rxjs/operators";

+import { RegisterComponent as BaseRegisterComponent } from "jslib-angular/components/register.component";
 import { ApiService } from "jslib-common/abstractions/api.service";
 import { AuthService } from "jslib-common/abstractions/auth.service";
 import { CryptoService } from "jslib-common/abstractions/crypto.service";
@@ -13,15 +13,13 @@ import { PasswordGenerationService } from "jslib-common/abstractions/passwordGen
 import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
 import { PolicyService } from "jslib-common/abstractions/policy.service";
 import { StateService } from "jslib-common/abstractions/state.service";
-
-import { RegisterComponent as BaseRegisterComponent } from "jslib-angular/components/register.component";
-
+import { PolicyData } from "jslib-common/models/data/policyData";
 import { MasterPasswordPolicyOptions } from "jslib-common/models/domain/masterPasswordPolicyOptions";
 import { Policy } from "jslib-common/models/domain/policy";
-
-import { PolicyData } from "jslib-common/models/data/policyData";
 import { ReferenceEventRequest } from "jslib-common/models/request/referenceEventRequest";

+import { RouterService } from "../services/router.service";
+
@Component({
  selector: "app-register",
  templateUrl: "register.component.html",
@@ -45,7 +43,8 @@ export class RegisterComponent extends BaseRegisterComponent {
    passwordGenerationService: PasswordGenerationService,
    private policyService: PolicyService,
    environmentService: EnvironmentService,
-    logService: LogService
+    logService: LogService,
+    private routerService: RouterService
  ) {
    super(
      authService,
@@ -68,14 +67,14 @@ export class RegisterComponent extends BaseRegisterComponent {
        this.email = qParams.email;
      }
      if (qParams.premium != null) {
-        this.stateService.setLoginRedirect({ route: "/settings/premium" });
+        this.routerService.setPreviousUrl("/settings/premium");
      } else if (qParams.org != null) {
        this.showCreateOrgMessage = true;
        this.referenceData.flow = qParams.org;
-        this.stateService.setLoginRedirect({
-          route: "/settings/create-organization",
-          qParams: { plan: qParams.org },
+        const route = this.router.createUrlTree(["create-organization"], {
+          queryParams: { plan: qParams.org },
        });
+        this.routerService.setPreviousUrl(route.toString());
      }
      if (qParams.layout != null) {
        this.layout = this.referenceData.layout = qParams.layout;
@@ -92,10 +91,10 @@ export class RegisterComponent extends BaseRegisterComponent {
      // Are they coming from an email for sponsoring a families organization
      if (qParams.sponsorshipToken != null) {
        // After logging in redirect them to setup the families sponsorship
-        this.stateService.setLoginRedirect({
-          route: "/setup/families-for-enterprise",
-          qParams: { token: qParams.sponsorshipToken },
+        const route = this.router.createUrlTree(["setup/families-for-enterprise"], {
+          queryParams: { plan: qParams.sponsorshipToken },
        });
+        this.routerService.setPreviousUrl(route.toString());
      }
      if (this.referenceData.id === "") {
        this.referenceData.id = null;
--- a/src/app/accounts/set-password.component.ts
+++ b/src/app/accounts/set-password.component.ts
@@ -1,6 +1,7 @@
 import { Component } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";

+import { SetPasswordComponent as BaseSetPasswordComponent } from "jslib-angular/components/set-password.component";
 import { ApiService } from "jslib-common/abstractions/api.service";
 import { CryptoService } from "jslib-common/abstractions/crypto.service";
 import { I18nService } from "jslib-common/abstractions/i18n.service";
@@ -11,8 +12,6 @@ import { PolicyService } from "jslib-common/abstractions/policy.service";
 import { StateService } from "jslib-common/abstractions/state.service";
 import { SyncService } from "jslib-common/abstractions/sync.service";

-import { SetPasswordComponent as BaseSetPasswordComponent } from "jslib-angular/components/set-password.component";
-
@Component({
  selector: "app-set-password",
  templateUrl: "set-password.component.html",
--- a/src/app/accounts/sso.component.html
+++ b/src/app/accounts/sso.component.html
@@ -41,7 +41,7 @@
                aria-hidden="true"
              ></i>
            </button>
-            <a routerLink="/" class="btn btn-outline-secondary btn-block ml-2 mt-0">
+            <a routerLink="/login" class="btn btn-outline-secondary btn-block ml-2 mt-0">
              {{ "cancel" | i18n }}
            </a>
          </div>
--- a/src/app/accounts/sso.component.ts
+++ b/src/app/accounts/sso.component.ts
@@ -1,8 +1,8 @@
 import { Component } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
-
 import { first } from "rxjs/operators";

+import { SsoComponent as BaseSsoComponent } from "jslib-angular/components/sso.component";
 import { ApiService } from "jslib-common/abstractions/api.service";
 import { AuthService } from "jslib-common/abstractions/auth.service";
 import { CryptoFunctionService } from "jslib-common/abstractions/cryptoFunction.service";
@@ -13,8 +13,6 @@ import { PasswordGenerationService } from "jslib-common/abstractions/passwordGen
 import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
 import { StateService } from "jslib-common/abstractions/state.service";

-import { SsoComponent as BaseSsoComponent } from "jslib-angular/components/sso.component";
-
@Component({
  selector: "app-sso",
  templateUrl: "sso.component.html",
--- a/src/app/accounts/two-factor-options.component.ts
+++ b/src/app/accounts/two-factor-options.component.ts
@@ -1,11 +1,10 @@
 import { Component } from "@angular/core";
 import { Router } from "@angular/router";

-import { AuthService } from "jslib-common/abstractions/auth.service";
+import { TwoFactorOptionsComponent as BaseTwoFactorOptionsComponent } from "jslib-angular/components/two-factor-options.component";
 import { I18nService } from "jslib-common/abstractions/i18n.service";
 import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
-
-import { TwoFactorOptionsComponent as BaseTwoFactorOptionsComponent } from "jslib-angular/components/two-factor-options.component";
+import { TwoFactorService } from "jslib-common/abstractions/twoFactor.service";

@Component({
  selector: "app-two-factor-options",
@@ -13,11 +12,11 @@ import { TwoFactorOptionsComponent as BaseTwoFactorOptionsComponent } from "jsli
 })
 export class TwoFactorOptionsComponent extends BaseTwoFactorOptionsComponent {
  constructor(
-    authService: AuthService,
+    twoFactorService: TwoFactorService,
    router: Router,
    i18nService: I18nService,
    platformUtilsService: PlatformUtilsService
  ) {
-    super(authService, router, i18nService, platformUtilsService, window);
+    super(twoFactorService, router, i18nService, platformUtilsService, window);
  }
 }
--- a/src/app/accounts/two-factor.component.html
+++ b/src/app/accounts/two-factor.component.html
@@ -114,6 +114,9 @@
            <p>{{ "noTwoStepProviders2" | i18n }}</p>
          </ng-container>
          <hr />
+          <div [hidden]="!showCaptcha()">
+            <iframe id="hcaptcha_iframe" height="80"></iframe>
+          </div>
          <div class="d-flex mb-3">
            <button
              type="submit"
@@ -135,7 +138,7 @@
                aria-hidden="true"
              ></i>
            </button>
-            <a routerLink="/" class="btn btn-outline-secondary btn-block ml-2 mt-0">
+            <a routerLink="/login" class="btn btn-outline-secondary btn-block ml-2 mt-0">
              {{ "cancel" | i18n }}
            </a>
          </div>
--- a/src/app/accounts/two-factor.component.ts
+++ b/src/app/accounts/two-factor.component.ts
@@ -1,20 +1,20 @@
 import { Component, ViewChild, ViewContainerRef } from "@angular/core";
-
 import { ActivatedRoute, Router } from "@angular/router";

+import { TwoFactorComponent as BaseTwoFactorComponent } from "jslib-angular/components/two-factor.component";
+import { ModalService } from "jslib-angular/services/modal.service";
 import { ApiService } from "jslib-common/abstractions/api.service";
+import { AppIdService } from "jslib-common/abstractions/appId.service";
 import { AuthService } from "jslib-common/abstractions/auth.service";
 import { EnvironmentService } from "jslib-common/abstractions/environment.service";
 import { I18nService } from "jslib-common/abstractions/i18n.service";
 import { LogService } from "jslib-common/abstractions/log.service";
 import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
 import { StateService } from "jslib-common/abstractions/state.service";
-
-import { ModalService } from "jslib-angular/services/modal.service";
-
+import { TwoFactorService } from "jslib-common/abstractions/twoFactor.service";
 import { TwoFactorProviderType } from "jslib-common/enums/twoFactorProviderType";

-import { TwoFactorComponent as BaseTwoFactorComponent } from "jslib-angular/components/two-factor.component";
+import { RouterService } from "../services/router.service";

 import { TwoFactorOptionsComponent } from "./two-factor-options.component";

@@ -36,7 +36,10 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
    environmentService: EnvironmentService,
    private modalService: ModalService,
    route: ActivatedRoute,
-    logService: LogService
+    logService: LogService,
+    twoFactorService: TwoFactorService,
+    appIdService: AppIdService,
+    private routerService: RouterService
  ) {
    super(
      authService,
@@ -48,7 +51,9 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
      environmentService,
      stateService,
      route,
-      logService
+      logService,
+      twoFactorService,
+      appIdService
    );
    this.onSuccessfulLoginNavigate = this.goAfterLogIn;
  }
@@ -71,10 +76,9 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
  }

  async goAfterLogIn() {
-    const loginRedirect = await this.stateService.getLoginRedirect();
-    if (loginRedirect != null) {
-      this.router.navigate([loginRedirect.route], { queryParams: loginRedirect.qParams });
-      await this.stateService.setLoginRedirect(null);
+    const previousUrl = this.routerService.getPreviousUrl();
+    if (previousUrl) {
+      this.router.navigateByUrl(previousUrl);
    } else {
      this.router.navigate([this.successRoute], {
        queryParams: {
--- a/src/app/accounts/update-password.component.html
+++ b/src/app/accounts/update-password.component.html
@@ -0,0 +1,90 @@
+<form #form (ngSubmit)="submit()" [appApiAction]="formPromise" ngNativeValidate autocomplete="off">
+  <div class="row justify-content-md-center mt-5">
+    <div class="col-4">
+      <p class="lead text-center mb-4">{{ "updateMasterPassword" | i18n }}</p>
+      <div class="card d-block">
+        <div class="card-body">
+          <app-callout type="warning">{{ "masterPasswordInvalidWarning" | i18n }} </app-callout>
+          <app-callout
+            type="info"
+            [enforcedPolicyOptions]="enforcedPolicyOptions"
+            *ngIf="enforcedPolicyOptions"
+          ></app-callout>
+
+          <form
+            #form
+            (ngSubmit)="submit()"
+            [appApiAction]="formPromise"
+            ngNativeValidate
+            autocomplete="off"
+          >
+            <div class="row">
+              <div class="col-6">
+                <div class="form-group">
+                  <label for="currentMasterPassword">{{ "currentMasterPass" | i18n }}</label>
+                  <input
+                    id="currentMasterPassword"
+                    type="password"
+                    name="MasterPasswordHash"
+                    class="form-control"
+                    [(ngModel)]="currentMasterPassword"
+                    required
+                    appInputVerbatim
+                  />
+                </div>
+              </div>
+            </div>
+            <div class="row">
+              <div class="col-6">
+                <div class="form-group">
+                  <label for="newMasterPassword">{{ "newMasterPass" | i18n }}</label>
+                  <input
+                    id="newMasterPassword"
+                    type="password"
+                    name="NewMasterPasswordHash"
+                    class="form-control mb-1"
+                    [(ngModel)]="masterPassword"
+                    (input)="updatePasswordStrength()"
+                    required
+                    appInputVerbatim
+                    autocomplete="new-password"
+                  />
+                  <app-password-strength
+                    [score]="masterPasswordScore"
+                    [showText]="true"
+                  ></app-password-strength>
+                </div>
+              </div>
+              <div class="col-6">
+                <div class="form-group">
+                  <label for="masterPasswordRetype">{{ "confirmNewMasterPass" | i18n }}</label>
+                  <input
+                    id="masterPasswordRetype"
+                    type="password"
+                    name="MasterPasswordRetype"
+                    class="form-control"
+                    [(ngModel)]="masterPasswordRetype"
+                    required
+                    appInputVerbatim
+                    autocomplete="new-password"
+                  />
+                </div>
+              </div>
+            </div>
+            <button type="submit" class="btn btn-primary btn-submit" [disabled]="form.loading">
+              <i
+                class="fa fa-spinner fa-spin"
+                title="{{ 'loading' | i18n }}"
+                aria-hidden="true"
+              ></i>
+              <span>{{ "changeMasterPassword" | i18n }}</span>
+            </button>
+            <button (click)="cancel()" type="button" class="btn btn-outline-secondary">
+              <span>{{ "cancel" | i18n }}</span>
+            </button>
+          </form>
+        </div>
+      </div>
+    </div>
+  </div>
+</form>
--- a/src/app/accounts/update-password.component.ts
+++ b/src/app/accounts/update-password.component.ts
@@ -0,0 +1,48 @@
+import { Component } from "@angular/core";
+import { Router } from "@angular/router";
+
+import { UpdatePasswordComponent as BaseUpdatePasswordComponent } from "jslib-angular/components/update-password.component";
+import { ApiService } from "jslib-common/abstractions/api.service";
+import { CryptoService } from "jslib-common/abstractions/crypto.service";
+import { I18nService } from "jslib-common/abstractions/i18n.service";
+import { LogService } from "jslib-common/abstractions/log.service";
+import { MessagingService } from "jslib-common/abstractions/messaging.service";
+import { PasswordGenerationService } from "jslib-common/abstractions/passwordGeneration.service";
+import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
+import { PolicyService } from "jslib-common/abstractions/policy.service";
+import { StateService } from "jslib-common/abstractions/state.service";
+import { UserVerificationService } from "jslib-common/abstractions/userVerification.service";
+
+@Component({
+  selector: "app-update-password",
+  templateUrl: "update-password.component.html",
+})
+export class UpdatePasswordComponent extends BaseUpdatePasswordComponent {
+  constructor(
+    router: Router,
+    i18nService: I18nService,
+    platformUtilsService: PlatformUtilsService,
+    passwordGenerationService: PasswordGenerationService,
+    policyService: PolicyService,
+    cryptoService: CryptoService,
+    messagingService: MessagingService,
+    apiService: ApiService,
+    logService: LogService,
+    stateService: StateService,
+    userVerificationService: UserVerificationService
+  ) {
+    super(
+      router,
+      i18nService,
+      platformUtilsService,
+      passwordGenerationService,
+      policyService,
+      cryptoService,
+      messagingService,
+      apiService,
+      stateService,
+      userVerificationService,
+      logService
+    );
+  }
+}
--- a/src/app/accounts/update-temp-password.component.ts
+++ b/src/app/accounts/update-temp-password.component.ts
@@ -1,5 +1,6 @@
 import { Component } from "@angular/core";

+import { UpdateTempPasswordComponent as BaseUpdateTempPasswordComponent } from "jslib-angular/components/update-temp-password.component";
 import { ApiService } from "jslib-common/abstractions/api.service";
 import { CryptoService } from "jslib-common/abstractions/crypto.service";
 import { I18nService } from "jslib-common/abstractions/i18n.service";
@@ -8,10 +9,8 @@ import { MessagingService } from "jslib-common/abstractions/messaging.service";
 import { PasswordGenerationService } from "jslib-common/abstractions/passwordGeneration.service";
 import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
 import { PolicyService } from "jslib-common/abstractions/policy.service";
-import { SyncService } from "jslib-common/abstractions/sync.service";
-
-import { UpdateTempPasswordComponent as BaseUpdateTempPasswordComponent } from "jslib-angular/components/update-temp-password.component";
 import { StateService } from "jslib-common/abstractions/state.service";
+import { SyncService } from "jslib-common/abstractions/sync.service";

@Component({
  selector: "app-update-temp-password",
--- a/src/app/accounts/verify-email-token.component.ts
+++ b/src/app/accounts/verify-email-token.component.ts
@@ -1,6 +1,5 @@
 import { Component, OnInit } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
-
 import { first } from "rxjs/operators";

 import { ApiService } from "jslib-common/abstractions/api.service";
@@ -8,7 +7,6 @@ import { I18nService } from "jslib-common/abstractions/i18n.service";
 import { LogService } from "jslib-common/abstractions/log.service";
 import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
 import { StateService } from "jslib-common/abstractions/state.service";
-
 import { VerifyEmailRequest } from "jslib-common/models/request/verifyEmailRequest";

@Component({
--- a/src/app/accounts/verify-recover-delete.component.html
+++ b/src/app/accounts/verify-recover-delete.component.html
@@ -23,7 +23,7 @@
                aria-hidden="true"
              ></i>
            </button>
-            <a routerLink="/" class="btn btn-outline-secondary btn-block ml-2 mt-0">
+            <a routerLink="/login" class="btn btn-outline-secondary btn-block ml-2 mt-0">
              {{ "cancel" | i18n }}
            </a>
          </div>
--- a/src/app/accounts/verify-recover-delete.component.ts
+++ b/src/app/accounts/verify-recover-delete.component.ts
@@ -1,13 +1,11 @@
 import { Component, OnInit } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
-
 import { first } from "rxjs/operators";

 import { ApiService } from "jslib-common/abstractions/api.service";
 import { I18nService } from "jslib-common/abstractions/i18n.service";
 import { LogService } from "jslib-common/abstractions/log.service";
 import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
-
 import { VerifyDeleteRecoverRequest } from "jslib-common/models/request/verifyDeleteRecoverRequest";

@Component({
--- a/src/app/app.component.ts
+++ b/src/app/app.component.ts
@@ -21,14 +21,10 @@ import { PolicyService } from "jslib-common/abstractions/policy.service";
 import { SearchService } from "jslib-common/abstractions/search.service";
 import { SettingsService } from "jslib-common/abstractions/settings.service";
 import { StateService } from "jslib-common/abstractions/state.service";
-import { StorageService } from "jslib-common/abstractions/storage.service";
 import { SyncService } from "jslib-common/abstractions/sync.service";
 import { TokenService } from "jslib-common/abstractions/token.service";
 import { VaultTimeoutService } from "jslib-common/abstractions/vaultTimeout.service";

-import { PolicyListService } from "./services/policy-list.service";
-import { RouterService } from "./services/router.service";
-
 import { DisableSendPolicy } from "./organizations/policies/disable-send.component";
 import { MasterPasswordPolicy } from "./organizations/policies/master-password.component";
 import { PasswordGeneratorPolicy } from "./organizations/policies/password-generator.component";
@@ -38,6 +34,8 @@ import { ResetPasswordPolicy } from "./organizations/policies/reset-password.com
 import { SendOptionsPolicy } from "./organizations/policies/send-options.component";
 import { SingleOrgPolicy } from "./organizations/policies/single-org.component";
 import { TwoFactorAuthenticationPolicy } from "./organizations/policies/two-factor-authentication.component";
+import { PolicyListService } from "./services/policy-list.service";
+import { RouterService } from "./services/router.service";

 const BroadcasterSubscriptionId = "AppComponent";
 const IdleTimeout = 60000 * 10; // 10 minutes
@@ -93,11 +91,17 @@ export class AppComponent implements OnDestroy, OnInit {
      this.ngZone.run(async () => {
        switch (message.command) {
          case "loggedIn":
+            this.notificationsService.updateConnection(false);
+            break;
          case "loggedOut":
+            this.routerService.setPreviousUrl(null);
+            this.notificationsService.updateConnection(false);
+            break;
          case "unlocked":
            this.notificationsService.updateConnection(false);
            break;
          case "authBlocked":
+            this.routerService.setPreviousUrl(message.url);
            this.router.navigate(["/"]);
            break;
          case "logout":
@@ -111,13 +115,13 @@ export class AppComponent implements OnDestroy, OnInit {
            this.router.navigate(["lock"]);
            break;
          case "lockedUrl":
-            window.setTimeout(() => this.routerService.setPreviousUrl(message.url), 500);
+            this.routerService.setPreviousUrl(message.url);
            break;
          case "syncStarted":
            break;
          case "syncCompleted":
            break;
-          case "upgradeOrganization":
+          case "upgradeOrganization": {
            const upgradeConfirmed = await this.platformUtilsService.showDialog(
              this.i18nService.t("upgradeOrganizationDesc"),
              this.i18nService.t("upgradeOrganization"),
@@ -133,7 +137,8 @@ export class AppComponent implements OnDestroy, OnInit {
              ]);
            }
            break;
-          case "premiumRequired":
+          }
+          case "premiumRequired": {
            const premiumConfirmed = await this.platformUtilsService.showDialog(
              this.i18nService.t("premiumRequiredDesc"),
              this.i18nService.t("premiumRequired"),
@@ -144,7 +149,8 @@ export class AppComponent implements OnDestroy, OnInit {
              this.router.navigate(["settings/premium"]);
            }
            break;
-          case "emailVerificationRequired":
+          }
+          case "emailVerificationRequired": {
            const emailVerificationConfirmed = await this.platformUtilsService.showDialog(
              this.i18nService.t("emailVerificationRequiredDesc"),
              this.i18nService.t("emailVerificationRequired"),
@@ -153,10 +159,11 @@ export class AppComponent implements OnDestroy, OnInit {
            );
            if (emailVerificationConfirmed) {
              this.platformUtilsService.launchUri(
-                "https://bitwarden.com/help/article/create-bitwarden-account/"
+                "https://bitwarden.com/help/create-bitwarden-account/"
              );
            }
            break;
+          }
          case "showToast":
            this.showToast(message);
            break;
@@ -210,7 +217,6 @@ export class AppComponent implements OnDestroy, OnInit {
    await Promise.all([
      this.eventService.clearEvents(),
      this.syncService.setLastSync(new Date(0)),
-      this.tokenService.clearToken(),
      this.cryptoService.clearKeys(),
      this.settingsService.clear(userId),
      this.cipherService.clear(userId),
--- a/src/app/app.module.ts
+++ b/src/app/app.module.ts
@@ -1,11 +1,8 @@
-import { InfiniteScrollModule } from "ngx-infinite-scroll";
-
 import { DragDropModule } from "@angular/cdk/drag-drop";
 import { NgModule } from "@angular/core";
 import { FormsModule } from "@angular/forms";
 import { BrowserAnimationsModule } from "@angular/platform-browser/animations";
-
-import { BitwardenToastModule } from "jslib-angular/components/toastr.component";
+import { InfiniteScrollModule } from "ngx-infinite-scroll";

 import { AppComponent } from "./app.component";
 import { OssRoutingModule } from "./oss-routing.module";
@@ -19,11 +16,6 @@ import { WildcardRoutingModule } from "./wildcard-routing.module";
    BrowserAnimationsModule,
    FormsModule,
    ServicesModule,
-    BitwardenToastModule.forRoot({
-      maxOpened: 5,
-      autoDismiss: true,
-      closeButton: true,
-    }),
    InfiniteScrollModule,
    DragDropModule,
    OssRoutingModule,
--- a/src/app/common/base.accept.component.ts
+++ b/src/app/common/base.accept.component.ts
@@ -1,6 +1,5 @@
 import { Directive, OnInit } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
-
 import { first } from "rxjs/operators";

 import { I18nService } from "jslib-common/abstractions/i18n.service";
@@ -31,7 +30,6 @@ export abstract class BaseAcceptComponent implements OnInit {

  ngOnInit() {
    this.route.queryParams.pipe(first()).subscribe(async (qParams) => {
-      await this.stateService.setLoginRedirect(null);
      let error = this.requiredParameters.some((e) => qParams?.[e] == null || qParams[e] === "");
      let errorMessage: string = null;
      if (!error) {
@@ -45,11 +43,6 @@ export abstract class BaseAcceptComponent implements OnInit {
            errorMessage = e.message;
          }
        } else {
-          await this.stateService.setLoginRedirect({
-            route: this.getRedirectRoute(),
-            qParams: qParams,
-          });
-
          this.email = qParams.email;
          await this.unauthedHandler(qParams);
        }
@@ -67,10 +60,4 @@ export abstract class BaseAcceptComponent implements OnInit {
      this.loading = false;
    });
  }
-
-  getRedirectRoute() {
-    const urlTree = this.router.parseUrl(this.router.url);
-    urlTree.queryParams = {};
-    return urlTree.toString();
-  }
 }
--- a/src/app/common/base.events.component.ts
+++ b/src/app/common/base.events.component.ts
@@ -4,11 +4,9 @@ import { ExportService } from "jslib-common/abstractions/export.service";
 import { I18nService } from "jslib-common/abstractions/i18n.service";
 import { LogService } from "jslib-common/abstractions/log.service";
 import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
-
-import { EventView } from "jslib-common/models/view/eventView";
-
 import { EventResponse } from "jslib-common/models/response/eventResponse";
 import { ListResponse } from "jslib-common/models/response/listResponse";
+import { EventView } from "jslib-common/models/view/eventView";

 import { EventService } from "src/app/services/event.service";

@@ -19,7 +17,7 @@ export abstract class BaseEventsComponent {
  events: EventView[];
  start: string;
  end: string;
-  dirtyDates: boolean = true;
+  dirtyDates = true;
  continuationToken: string;
  refreshPromise: Promise<any>;
  exportPromise: Promise<any>;
@@ -124,17 +122,20 @@ export abstract class BaseEventsComponent {
        const userId = r.actingUserId == null ? r.userId : r.actingUserId;
        const eventInfo = await this.eventService.getEventInfo(r);
        const user = this.getUserName(r, userId);
+        const userName = user != null ? user.name : this.i18nService.t("unknown");
+
        return new EventView({
          message: eventInfo.message,
          humanReadableMessage: eventInfo.humanReadableMessage,
          appIcon: eventInfo.appIcon,
          appName: eventInfo.appName,
          userId: userId,
-          userName: user != null ? user.name : this.i18nService.t("unknown"),
+          userName: r.installationId != null ? `Installation: ${r.installationId}` : userName,
          userEmail: user != null ? user.email : "",
          date: r.date,
          ip: r.ipAddress,
          type: r.type,
+          installationId: r.installationId,
        });
      })
    );
--- a/src/app/common/base.people.component.ts
+++ b/src/app/common/base.people.component.ts
@@ -1,5 +1,9 @@
 import { Directive, ViewChild, ViewContainerRef } from "@angular/core";

+import { SearchPipe } from "jslib-angular/pipes/search.pipe";
+import { UserNamePipe } from "jslib-angular/pipes/user-name.pipe";
+import { ModalService } from "jslib-angular/services/modal.service";
+import { ValidationService } from "jslib-angular/services/validation.service";
 import { ApiService } from "jslib-common/abstractions/api.service";
 import { CryptoService } from "jslib-common/abstractions/crypto.service";
 import { I18nService } from "jslib-common/abstractions/i18n.service";
@@ -7,24 +11,15 @@ import { LogService } from "jslib-common/abstractions/log.service";
 import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
 import { SearchService } from "jslib-common/abstractions/search.service";
 import { StateService } from "jslib-common/abstractions/state.service";
-
-import { ModalService } from "jslib-angular/services/modal.service";
-import { ValidationService } from "jslib-angular/services/validation.service";
-
-import { SearchPipe } from "jslib-angular/pipes/search.pipe";
-import { UserNamePipe } from "jslib-angular/pipes/user-name.pipe";
-
 import { OrganizationUserStatusType } from "jslib-common/enums/organizationUserStatusType";
 import { OrganizationUserType } from "jslib-common/enums/organizationUserType";
 import { ProviderUserStatusType } from "jslib-common/enums/providerUserStatusType";
 import { ProviderUserType } from "jslib-common/enums/providerUserType";
-
+import { Utils } from "jslib-common/misc/utils";
 import { ListResponse } from "jslib-common/models/response/listResponse";
 import { OrganizationUserUserDetailsResponse } from "jslib-common/models/response/organizationUserResponse";
 import { ProviderUserUserDetailsResponse } from "jslib-common/models/response/provider/providerUserResponse";

-import { Utils } from "jslib-common/misc/utils";
-
 import { UserConfirmComponent } from "../organizations/manage/user-confirm.component";

 type StatusType = OrganizationUserStatusType | ProviderUserStatusType;
--- a/src/app/components/nested-checkbox.component.ts
+++ b/src/app/components/nested-checkbox.component.ts
@@ -1,4 +1,5 @@
 import { Component, EventEmitter, Input, Output } from "@angular/core";
+
 import { Utils } from "jslib-common/misc/utils";

@Component({
--- a/src/app/components/organization-switcher.component.html
+++ b/src/app/components/organization-switcher.component.html
@@ -0,0 +1,68 @@
+<div *ngIf="loaded && activeOrganization != null" class="tw-flex">
+  <button
+    class="tw-flex tw-items-center tw-bg-background-alt tw-border-none"
+    type="button"
+    id="pickerButton"
+    [appA11yTitle]="'organizationPicker' | i18n"
+    [bitMenuTriggerFor]="orgPickerMenu"
+  >
+    <app-avatar
+      [data]="activeOrganization.name"
+      size="45"
+      [circle]="true"
+      [dynamic]="true"
+    ></app-avatar>
+    <div class="tw-flex">
+      <div class="org-name tw-ml-3">
+        <span>{{ activeOrganization.name }}</span>
+        <small class="tw-text-muted">{{ "organization" | i18n }}</small>
+      </div>
+      <div class="tw-ml-3">
+        <i class="bwi bwi-angle-down tw-text-main" aria-hidden="true"></i>
+      </div>
+    </div>
+  </button>
+  <div>
+    <div
+      class="tw-ml-3 tw-border tw-border-solid tw-rounded tw-border-danger-500 tw-text-danger"
+      *ngIf="!activeOrganization.enabled"
+    >
+      <div class="tw-py-2 tw-px-5">
+        <i class="bwi bwi-exclamation-triangle" aria-hidden="true"></i>
+        {{ "organizationIsDisabled" | i18n }}
+      </div>
+    </div>
+    <div
+      class="tw-ml-3 tw-border tw-border-solid tw-rounded tw-border-info-500 tw-text-info"
+      *ngIf="activeOrganization.isProviderUser"
+    >
+      <div class="tw-py-2 tw-px-5">
+        <i class="bwi bwi-exclamation-triangle" aria-hidden="true"></i>
+        {{ "accessingUsingProvider" | i18n: activeOrganization.providerName }}
+      </div>
+    </div>
+  </div>
+
+  <bit-menu #orgPickerMenu>
+    <ul aria-labelledby="pickerButton" class="tw-p-0 tw-m-0">
+      <li *ngFor="let org of organizations" class="tw-list-none tw-flex tw-flex-col" role="none">
+        <a bit-menu-item [routerLink]="['/organizations', org.id]">
+          <i
+            class="bwi bwi-check mr-2"
+            [ngClass]="org.id === activeOrganization.id ? 'visible' : 'invisible'"
+          >
+            <span class="tw-sr-only">{{ "currentOrganization" | i18n }}</span>
+          </i>
+          {{ org.name }}
+        </a>
+      </li>
+      <bit-menu-divider></bit-menu-divider>
+      <li class="tw-list-none" role="none">
+        <a bit-menu-item routerLink="/create-organization">
+          <i class="bwi bwi-plus mr-2"></i>
+          {{ "newOrganization" | i18n }}</a
+        >
+      </li>
+    </ul>
+  </bit-menu>
+</div>
--- a/src/app/components/organization-switcher.component.ts
+++ b/src/app/components/organization-switcher.component.ts
@@ -0,0 +1,34 @@
+import { Component, Input, OnInit } from "@angular/core";
+
+import { I18nService } from "jslib-common/abstractions/i18n.service";
+import { OrganizationService } from "jslib-common/abstractions/organization.service";
+import { Utils } from "jslib-common/misc/utils";
+import { Organization } from "jslib-common/models/domain/organization";
+
+import { NavigationPermissionsService } from "../organizations/services/navigation-permissions.service";
+
+@Component({
+  selector: "app-organization-switcher",
+  templateUrl: "organization-switcher.component.html",
+})
+export class OrganizationSwitcherComponent implements OnInit {
+  constructor(private organizationService: OrganizationService, private i18nService: I18nService) {}
+
+  @Input() activeOrganization: Organization = null;
+  organizations: Organization[] = [];
+
+  loaded = false;
+
+  async ngOnInit() {
+    await this.load();
+  }
+
+  async load() {
+    const orgs = await this.organizationService.getAll();
+    this.organizations = orgs
+      .filter((org) => NavigationPermissionsService.canAccessAdmin(org))
+      .sort(Utils.getSortFunction(this.i18nService, "name"));
+
+    this.loaded = true;
+  }
+}
--- a/src/app/components/premium-badge.component.ts
+++ b/src/app/components/premium-badge.component.ts
@@ -0,0 +1,19 @@
+import { Component } from "@angular/core";
+
+import { MessagingService } from "jslib-common/abstractions/messaging.service";
+
+@Component({
+  selector: "app-premium-badge",
+  template: `
+    <button *appNotPremium bit-badge badgeType="success" (click)="premiumRequired()">
+      {{ "premium" | i18n }}
+    </button>
+  `,
+})
+export class PremiumBadgeComponent {
+  constructor(private messagingService: MessagingService) {}
+
+  premiumRequired() {
+    this.messagingService.send("premiumRequired");
+  }
+}
--- a/src/app/guards/home.guard.ts
+++ b/src/app/guards/home.guard.ts
@@ -0,0 +1,22 @@
+import { Injectable } from "@angular/core";
+import { ActivatedRouteSnapshot, CanActivate, Router } from "@angular/router";
+
+import { AuthService } from "jslib-common/abstractions/auth.service";
+import { AuthenticationStatus } from "jslib-common/enums/authenticationStatus";
+
+@Injectable()
+export class HomeGuard implements CanActivate {
+  constructor(private router: Router, private authService: AuthService) {}
+
+  async canActivate(route: ActivatedRouteSnapshot) {
+    const authStatus = await this.authService.getAuthStatus();
+
+    if (authStatus === AuthenticationStatus.LoggedOut) {
+      return this.router.createUrlTree(["/login"], { queryParams: route.queryParams });
+    }
+    if (authStatus === AuthenticationStatus.Locked) {
+      return this.router.createUrlTree(["/lock"], { queryParams: route.queryParams });
+    }
+    return this.router.createUrlTree(["/vault"], { queryParams: route.queryParams });
+  }
+}
--- a/src/app/layouts/footer.component.ts
+++ b/src/app/layouts/footer.component.ts
@@ -8,7 +8,7 @@ import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.se
 })
 export class FooterComponent implements OnInit {
  version: string;
-  year: string = "2015";
+  year = "2015";

  constructor(private platformUtilsService: PlatformUtilsService) {}

--- a/src/app/layouts/frontend-layout.component.ts
+++ b/src/app/layouts/frontend-layout.component.ts
@@ -8,7 +8,7 @@ import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.se
 })
 export class FrontendLayoutComponent implements OnInit, OnDestroy {
  version: string;
-  year: string = "2015";
+  year = "2015";

  constructor(private platformUtilsService: PlatformUtilsService) {}

--- a/src/app/layouts/navbar.component.html
+++ b/src/app/layouts/navbar.component.html
@@ -6,11 +6,22 @@
    <div class="collapse navbar-collapse">
      <ul class="navbar-nav">
        <li class="nav-item" routerLinkActive="active">
-          <a class="nav-link" routerLink="/vault">{{ "myVault" | i18n }}</a>
+          <a class="nav-link" routerLink="/vault">{{ "vaults" | i18n }}</a>
        </li>
        <li class="nav-item" routerLinkActive="active">
          <a class="nav-link" routerLink="/sends">{{ "send" | i18n }}</a>
        </li>
+        <li class="nav-item" routerLinkActive="active">
+          <a class="nav-link" routerLink="/tools">{{ "tools" | i18n }}</a>
+        </li>
+        <li class="nav-item" routerLinkActive="active">
+          <a class="nav-link" routerLink="/reports">{{ "reports" | i18n }}</a>
+        </li>
+        <li *ngIf="organizations.length >= 1" class="nav-item" routerLinkActive="active">
+          <a class="nav-link" [routerLink]="['/organizations', organizations[0].id]">{{
+            "organizations" | i18n
+          }}</a>
+        </li>
        <ng-container *ngIf="providers.length >= 1">
          <li class="nav-item" routerLinkActive="active" *ngIf="providers.length == 1">
            <a class="nav-link" [routerLink]="['/providers', providers[0].id]">{{
@@ -21,28 +32,24 @@
            <a class="nav-link" routerLink="/providers">{{ "provider" | i18n }}</a>
          </li>
        </ng-container>
-        <li class="nav-item" routerLinkActive="active">
-          <a class="nav-link" routerLink="/tools">{{ "tools" | i18n }}</a>
-        </li>
-        <li class="nav-item" routerLinkActive="active">
-          <a class="nav-link" routerLink="/settings">{{ "settings" | i18n }}</a>
-        </li>
      </ul>
    </div>
    <ul class="navbar-nav flex-row ml-md-auto d-none d-md-flex">
-      <li class="nav-item dropdown">
-        <a
-          class="nav-item nav-link dropdown-toggle"
-          href="#"
-          id="nav-profile"
-          data-toggle="dropdown"
-          aria-haspopup="true"
-          aria-expanded="false"
+      <li>
+        <button
+          [bitMenuTriggerFor]="accountMenu"
+          class="tw-border-0 tw-bg-transparent tw-text-alt2 tw-opacity-70 hover:tw-opacity-90"
        >
          <i class="bwi bwi-user-circle bwi-lg" aria-hidden="true"></i>
-        </a>
-        <div class="dropdown-menu dropdown-menu-right" aria-labelledby="nav-profile">
-          <div class="dropdown-item-text d-flex align-items-center" *ngIf="name" appStopProp>
+          <i class="bwi bwi-caret-down bwi-sm" aria-hidden="true"></i>
+        </button>
+        <bit-menu class="dropdown-menu" #accountMenu>
+          <div class="tw-max-w-[300px] tw-min-w-[200px] tw-flex tw-flex-col">
+            <div
+              class="tw-flex tw-items-center tw-leading-tight tw-text-info tw-py-1 tw-px-4"
+              *ngIf="name"
+              appStopProp
+            >
              <app-avatar
                [data]="name"
                [email]="email"
@@ -50,39 +57,37 @@
                fontSize="14"
                [circle]="true"
              ></app-avatar>
-            <div class="ml-2 overflow-hidden">
+              <div class="tw-ml-2 tw-block tw-overflow-hidden tw-whitespace-nowrap">
                <span>{{ "loggedInAs" | i18n }}</span>
-              <small class="text-muted">{{ name }}</small>
+                <small class="tw-text-muted tw-block tw-overflow-hidden tw-whitespace-nowrap">{{
+                  name
+                }}</small>
              </div>
            </div>
-          <div class="dropdown-divider"></div>
-          <a class="dropdown-item" href="#" routerLink="/settings/account">
+            <bit-menu-divider></bit-menu-divider>
+            <a bit-menu-item routerLink="/settings/account">
              <i class="bwi bwi-fw bwi-user" aria-hidden="true"></i>
-            {{ "myAccount" | i18n }}
+              {{ "accountSettings" | i18n }}
            </a>
-          <a class="dropdown-item" href="https://help.bitwarden.com" target="_blank" rel="noopener">
+            <a bit-menu-item href="https://bitwarden.com/help/" target="_blank" rel="noopener">
              <i class="bwi bwi-fw bwi-question-circle" aria-hidden="true"></i>
              {{ "getHelp" | i18n }}
            </a>
-          <a
-            class="dropdown-item"
-            href="https://bitwarden.com/download/"
-            target="_blank"
-            rel="noopener"
-          >
+            <a bit-menu-item href="https://bitwarden.com/download/" target="_blank" rel="noopener">
              <i class="bwi bwi-fw bwi-download" aria-hidden="true"></i>
              {{ "getApps" | i18n }}
            </a>
-          <div class="dropdown-divider"></div>
-          <button type="button" class="dropdown-item" (click)="lock()">
+            <bit-menu-divider></bit-menu-divider>
+            <button bit-menu-item type="button" (click)="lock()">
              <i class="bwi bwi-fw bwi-lock" aria-hidden="true"></i>
              {{ "lockNow" | i18n }}
            </button>
-          <button type="button" class="dropdown-item" (click)="logOut()">
+            <button bit-menu-item type="button" (click)="logOut()">
              <i class="bwi bwi-fw bwi-sign-out" aria-hidden="true"></i>
              {{ "logOut" | i18n }}
            </button>
          </div>
+        </bit-menu>
      </li>
    </ul>
  </div>
--- a/src/app/layouts/navbar.component.ts
+++ b/src/app/layouts/navbar.component.ts
@@ -1,13 +1,19 @@
-import { Component, OnInit } from "@angular/core";
+import { Component, NgZone, OnInit } from "@angular/core";

+import { BroadcasterService } from "jslib-common/abstractions/broadcaster.service";
+import { I18nService } from "jslib-common/abstractions/i18n.service";
 import { MessagingService } from "jslib-common/abstractions/messaging.service";
+import { OrganizationService } from "jslib-common/abstractions/organization.service";
 import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
 import { ProviderService } from "jslib-common/abstractions/provider.service";
 import { SyncService } from "jslib-common/abstractions/sync.service";
 import { TokenService } from "jslib-common/abstractions/token.service";
-
+import { Utils } from "jslib-common/misc/utils";
+import { Organization } from "jslib-common/models/domain/organization";
 import { Provider } from "jslib-common/models/domain/provider";

+import { NavigationPermissionsService as OrgNavigationPermissionsService } from "../organizations/services/navigation-permissions.service";
+
@Component({
  selector: "app-navbar",
  templateUrl: "navbar.component.html",
@@ -17,13 +23,18 @@ export class NavbarComponent implements OnInit {
  name: string;
  email: string;
  providers: Provider[] = [];
+  organizations: Organization[] = [];

  constructor(
    private messagingService: MessagingService,
    private platformUtilsService: PlatformUtilsService,
    private tokenService: TokenService,
    private providerService: ProviderService,
-    private syncService: SyncService
+    private syncService: SyncService,
+    private organizationService: OrganizationService,
+    private i18nService: I18nService,
+    private broadcasterService: BroadcasterService,
+    private ngZone: NgZone
  ) {
    this.selfHosted = this.platformUtilsService.isSelfHost();
  }
@@ -35,11 +46,32 @@ export class NavbarComponent implements OnInit {
      this.name = this.email;
    }

-    // Ensure provides are loaded
+    // Ensure providers and organizations are loaded
    if ((await this.syncService.getLastSync()) == null) {
      await this.syncService.fullSync(false);
    }
    this.providers = await this.providerService.getAll();
+
+    this.organizations = await this.buildOrganizations();
+
+    this.broadcasterService.subscribe(this.constructor.name, async (message: any) => {
+      this.ngZone.run(async () => {
+        switch (message.command) {
+          case "organizationCreated":
+            if (this.organizations.length < 1) {
+              this.organizations = await this.buildOrganizations();
+            }
+            break;
+        }
+      });
+    });
+  }
+
+  async buildOrganizations() {
+    const allOrgs = await this.organizationService.getAll();
+    return allOrgs
+      .filter((org) => OrgNavigationPermissionsService.canAccessAdmin(org))
+      .sort(Utils.getSortFunction(this.i18nService, "name"));
  }

  lock() {
--- a/Show More
+++ b/Show More