back to access_token for safari for now

Some browsers such as Firefox already provide a window.u2f
implementation. Detect the existing implementation and abort from
u2f-api.js.

.dockerignore

@@ -0,0 +1,3 @@
+*
+!dist/*
+!entrypoint.sh

.gitignore

@@ -0,0 +1,203 @@
+## Ignore Visual Studio temporary files, build results, and
+## files generated by popular Visual Studio add-ons.
+
+# User-specific files
+*.suo
+*.user
+*.userosscache
+*.sln.docstates
+
+# User-specific files (MonoDevelop/Xamarin Studio)
+*.userprefs
+
+# Build results
+[Dd]ebug/
+[Dd]ebugPublic/
+[Rr]elease/
+[Rr]eleases/
+x64/
+x86/
+build/
+bld/
+[Bb]in/
+[Oo]bj/
+
+# Visual Studo 2015 cache/options directory
+.vs/
+
+# MSTest test Results
+[Tt]est[Rr]esult*/
+[Bb]uild[Ll]og.*
+
+# NUNIT
+*.VisualState.xml
+TestResult.xml
+
+# Build Results of an ATL Project
+[Dd]ebugPS/
+[Rr]eleasePS/
+dlldata.c
+
+*_i.c
+*_p.c
+*_i.h
+*.ilk
+*.meta
+*.obj
+*.pch
+*.pdb
+*.pgc
+*.pgd
+*.rsp
+*.sbr
+*.tlb
+*.tli
+*.tlh
+*.tmp
+*.tmp_proj
+*.log
+*.vspscc
+*.vssscc
+.builds
+*.pidb
+*.svclog
+*.scc
+
+# Chutzpah Test files
+_Chutzpah*
+
+# Visual C++ cache files
+ipch/
+*.aps
+*.ncb
+*.opensdf
+*.sdf
+*.cachefile
+
+# Visual Studio profiler
+*.psess
+*.vsp
+*.vspx
+
+# TFS 2012 Local Workspace
+$tf/
+
+# Guidance Automation Toolkit
+*.gpState
+
+# ReSharper is a .NET coding add-in
+_ReSharper*/
+*.[Rr]e[Ss]harper
+*.DotSettings.user
+
+# JustCode is a .NET coding addin-in
+.JustCode
+
+# TeamCity is a build add-in
+_TeamCity*
+
+# DotCover is a Code Coverage Tool
+*.dotCover
+
+# NCrunch
+_NCrunch_*
+.*crunch*.local.xml
+
+# MightyMoose
+*.mm.*
+AutoTest.Net/
+
+# Web workbench (sass)
+.sass-cache/
+
+# Installshield output folder
+[Ee]xpress/
+
+# DocProject is a documentation generator add-in
+DocProject/buildhelp/
+DocProject/Help/*.HxT
+DocProject/Help/*.HxC
+DocProject/Help/*.hhc
+DocProject/Help/*.hhk
+DocProject/Help/*.hhp
+DocProject/Help/Html2
+DocProject/Help/html
+
+# Click-Once directory
+publish/
+
+# Publish Web Output
+*.[Pp]ublish.xml
+*.azurePubxml
+# TODO: Comment the next line if you want to checkin your web deploy settings 
+# but database connection strings (with potential passwords) will be unencrypted
+*.pubxml
+*.publishproj
+
+# NuGet Packages
+*.nupkg
+# The packages folder can be ignored because of Package Restore
+**/packages/*
+# except build/, which is used as an MSBuild target.
+!**/packages/build/
+# Uncomment if necessary however generally it will be regenerated when needed
+#!**/packages/repositories.config
+
+# Windows Azure Build Output
+csx/
+*.build.csdef
+
+# Windows Store app package directory
+AppPackages/
+
+# Others
+*.[Cc]ache
+ClientBin/
+[Ss]tyle[Cc]op.*
+~$*
+*~
+*.dbmdl
+*.dbproj.schemaview
+*.pfx
+*.publishsettings
+node_modules/
+bower_components/
+lib/
+css/
+dist/
+
+# RIA/Silverlight projects
+Generated_Code/
+
+# Backup & report files from converting an old project file
+# to a newer Visual Studio version. Backup files are not needed,
+# because we have git ;-)
+_UpgradeReport_Files/
+Backup*/
+UpgradeLog*.XML
+UpgradeLog*.htm
+
+# SQL Server files
+*.mdf
+*.ldf
+
+# Business Intelligence projects
+*.rdl.data
+*.bim.layout
+*.bim_*.settings
+
+# Microsoft Fakes
+FakesAssemblies/
+
+# Node.js Tools for Visual Studio
+.ntvs_analysis.dat
+
+# Visual Studio 6 build log
+*.plg
+
+# Visual Studio 6 workspace options file
+*.opt
+
+# Other
+package-lock.json
+src/js/*.min.js

Dockerfile

@@ -0,0 +1,10 @@
+FROM bitwarden/server
+
+WORKDIR /app
+COPY ./dist .
+
+EXPOSE 80
+
+COPY entrypoint.sh /
+RUN chmod +x /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]

LICENSE.txt

@@ -0,0 +1,674 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    {one line to give the program's name and a brief idea of what it does.}
+    Copyright (C) {year}  {name of author}
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    {project}  Copyright (C) {year}  {fullname}
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<http://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<http://www.gnu.org/philosophy/why-not-lgpl.html>.

README.md

@@ -0,0 +1,32 @@
+[![appveyor build](https://ci.appveyor.com/api/projects/status/github/bitwarden/web?branch=master&svg=true)](https://ci.appveyor.com/project/bitwarden/web) [![Join the chat at https://gitter.im/bitwarden/Lobby](https://badges.gitter.im/bitwarden/Lobby.svg)](https://gitter.im/bitwarden/Lobby)
+
+# bitwarden Web
+
+The bitwarden Web project is an AngularJS application that powers the web vault (https://vault.bitwarden.com/).
+
+<img src="https://i.imgur.com/rxrykeX.png" alt="" width="791" height="739" />
+
+# Build/Run
+
+**Requirements**
+
+- Node.js
+- Gulp
+
+By default the application points to the production API. If you want to change that to point to a local instance of
+the [Core](https://github.com/bitwarden/core) API, you can modify the `package.json` `env` property to `Development`
+and then set your local endpoints in `settings.json`.
+
+Then run the following commands:
+
+- `npm install`
+- `gulp build`
+- `gulp serve`
+
+You can now access the web vault at `http://localhost:4001`.
+
+# Contribute
+
+Code contributions are welcome! Please commit any pull requests against the `master` branch.
+
+Security audits and feedback are welcome. Please open an issue or email us privately if the report is sensitive in nature. You can read our security policy in the [`SECURITY.md`](SECURITY.md) file.

SECURITY.md

@@ -0,0 +1,45 @@
+bitwarden believes that working with security researchers across the globe is crucial to keeping our
+users safe. If you believe you've found a security issue in our product or service, we encourage you to
+notify us. We welcome working with you to resolve the issue promptly. Thanks in advance!
+
+# Disclosure Policy
+
+- Let us know as soon as possible upon discovery of a potential security issue, and we'll make every
+  effort to quickly resolve the issue.
+- Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a
+  third-party. We may publicly disclose the issue before resolving it, if appropriate. 
+- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or
+  degradation of our service. Only interact with accounts you own or with explicit permission of the
+  account holder.
+- If you would like to encrypt your report, please use the PGP key with long ID
+  `0xDE6887086F892325FEC04CC0D847525B6931381F` (available in the public keyserver pool).
+
+# In-scope
+
+- Security issues in any current release of bitwarden. This includes the web vault, browser extension,
+  and mobile apps (iOS and Android). Product downloads are available at https://bitwarden.com. Source
+  code is available at https://github.com/bitwarden.
+
+# Exclusions
+
+The following bug classes are out-of scope:
+
+- Bugs that are already reported on any of bitwarden's issue trackers (https://github.com/bitwarden),
+  or that we already know of. Note that some of our issue tracking is private.
+- Issues in an upstream software dependency (ex: Xamarin, ASP.NET) which are already reported to the
+  upstream maintainer.
+- Attacks requiring physical access to a user's device.
+- Self-XSS
+- Issues related to software or protocols not under bitwarden's control
+- Vulnerabilities in outdated versions of bitwarden
+- Missing security best practices that do not directly lead to a vulnerability
+- Issues that do not have any impact on the general public
+
+While researching, we'd like to ask you to refrain from:
+
+- Denial of service
+- Spamming
+- Social engineering (including phishing) of bitwarden staff or contractors
+- Any physical attempts against bitwarden property or data centers
+
+Thank you for helping keep bitwarden and our users safe!

bitwarden-web.sln

@@ -0,0 +1,39 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 15
+VisualStudioVersion = 15.0.26228.9
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{E24C65DC-7377-472B-9ABA-BC803B73C61A}") = "bitwarden-web", ".", "{25BEDEF4-2CAF-445A-807D-63C17FF85694}"
+	ProjectSection(WebsiteProperties) = preProject
+		TargetFrameworkMoniker = ".NETFramework,Version%3Dv4.6.1"
+		Debug.AspNetCompiler.VirtualPath = "/localhost_15509"
+		Debug.AspNetCompiler.PhysicalPath = "."
+		Debug.AspNetCompiler.TargetPath = "PrecompiledWeb\localhost_15509\"
+		Debug.AspNetCompiler.Updateable = "true"
+		Debug.AspNetCompiler.ForceOverwrite = "true"
+		Debug.AspNetCompiler.FixedNames = "false"
+		Debug.AspNetCompiler.Debug = "True"
+		Release.AspNetCompiler.VirtualPath = "/localhost_15509"
+		Release.AspNetCompiler.PhysicalPath = "."
+		Release.AspNetCompiler.TargetPath = "PrecompiledWeb\localhost_15509\"
+		Release.AspNetCompiler.Updateable = "true"
+		Release.AspNetCompiler.ForceOverwrite = "true"
+		Release.AspNetCompiler.FixedNames = "false"
+		Release.AspNetCompiler.Debug = "False"
+		VWDPort = "15509"
+		SlnRelativePath = "."
+		DefaultWebSiteLanguage = "Visual C#"
+	EndProjectSection
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{25BEDEF4-2CAF-445A-807D-63C17FF85694}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{25BEDEF4-2CAF-445A-807D-63C17FF85694}.Debug|Any CPU.Build.0 = Debug|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal

build.ps1

@@ -0,0 +1,13 @@
+$dir = Split-Path -Parent $MyInvocation.MyCommand.Path
+
+echo "`n# Building Web"
+
+echo "`nBuilding app"
+echo "npm version $(npm --version)"
+echo "gulp version $(gulp --version)"
+npm install
+gulp dist:selfHosted
+
+echo "`nBuilding docker image"
+docker --version
+docker build -t bitwarden/web $dir\.

build.sh

@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+set -e
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+echo ""
+
+if [ $# -gt 0 -a "$1" == "push" ]
+then
+    echo "# Pushing Web"
+    echo ""
+    
+    if [ $# -gt 1 ]
+    then
+        TAG=$2
+        docker push bitwarden/web:$TAG
+    else
+        docker push bitwarden/web
+    fi
+elif [ $# -gt 1 -a "$1" == "tag" ]
+then
+    TAG=$2
+    echo "Tagging Web as '$TAG'"
+    docker tag bitwarden/web bitwarden/web:$TAG
+else
+    echo "# Building Web"
+
+    echo ""
+    echo "Building app"
+    echo "npm version $(npm --version)"
+    echo "gulp version $(gulp --version)"
+    npm install
+    gulp dist:selfHosted
+
+    echo ""
+    echo "Building docker image"
+    docker --version
+    docker build -t bitwarden/web $DIR/.
+fi

entrypoint.sh

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+cp /etc/bitwarden/web/settings.js /app/js/settings.js
+cp /etc/bitwarden/web/app-id.json /app/app-id.json
+dotnet /bitwarden_server/Server.dll /contentRoot=/app /webRoot=. /serveUnknown=false

gulpfile.js

@@ -0,0 +1,486 @@
+/// <binding BeforeBuild='build, dist' Clean='clean' ProjectOpened='build. dist' />
+
+var gulp = require('gulp'),
+    rimraf = require('rimraf'),
+    concat = require('gulp-concat'),
+    rename = require('gulp-rename'),
+    cssmin = require('gulp-cssmin'),
+    uglify = require('gulp-uglify'),
+    ghPages = require('gulp-gh-pages'),
+    less = require('gulp-less'),
+    connect = require('gulp-connect'),
+    ngAnnotate = require('gulp-ng-annotate'),
+    preprocess = require('gulp-preprocess'),
+    runSequence = require('run-sequence'),
+    merge = require('merge-stream'),
+    ngConfig = require('gulp-ng-config'),
+    settings = require('./settings.json'),
+    project = require('./package.json'),
+    jshint = require('gulp-jshint'),
+    _ = require('lodash'),
+    webpack = require('webpack-stream'),
+    browserify = require('browserify'),
+    derequire = require('gulp-derequire'),
+    source = require('vinyl-source-stream');
+
+var paths = {};
+paths.dist = './dist/';
+paths.webroot = './src/'
+paths.js = paths.webroot + 'js/**/*.js';
+paths.minJs = paths.webroot + 'js/**/*.min.js';
+paths.concatJsDest = paths.webroot + 'js/bw.min.js';
+paths.libDir = paths.webroot + 'lib/';
+paths.npmDir = 'node_modules/';
+paths.lessDir = paths.webroot + 'less/';
+paths.cssDir = paths.webroot + 'css/';
+paths.jsDir = paths.webroot + 'js/';
+
+var randomString = Math.random().toString(36).substring(7);
+
+gulp.task('lint', function () {
+    return gulp.src(paths.webroot + 'app/**/*.js')
+        .pipe(jshint())
+        .pipe(jshint.reporter('default'));
+});
+
+gulp.task('build', function (cb) {
+    return runSequence(
+        'clean',
+        ['browserify', 'lib', 'webpack', 'less', 'settings', 'lint', 'min:js'],
+        cb);
+});
+
+gulp.task('clean:js', function (cb) {
+    return rimraf(paths.concatJsDest, cb);
+});
+
+gulp.task('clean:css', function (cb) {
+    return rimraf(paths.cssDir, cb);
+});
+
+gulp.task('clean:lib', function (cb) {
+    return rimraf(paths.libDir, cb);
+});
+
+gulp.task('clean', ['clean:js', 'clean:css', 'clean:lib', 'dist:clean']);
+
+gulp.task('min:js', ['clean:js'], function () {
+    return gulp.src(
+        [
+            paths.js,
+            '!' + paths.minJs,
+            '!' + paths.jsDir + 'fallback*.js',
+            '!' + paths.jsDir + 'u2f-connector.js',
+            '!' + paths.jsDir + 'duo.js',
+            '!' + paths.jsDir + 'settings.js'
+        ], { base: '.' })
+        .pipe(preprocess({ context: { cacheTag: randomString, selfHosted: selfHosted } }))
+        .pipe(concat(paths.concatJsDest))
+        .pipe(uglify())
+        .pipe(gulp.dest('.'));
+});
+
+gulp.task('min:css', [], function () {
+    return gulp.src([paths.cssDir + '**/*.css', '!' + paths.cssDir + '**/*.min.css'], { base: '.' })
+        .pipe(cssmin())
+        .pipe(rename({ suffix: '.min' }))
+        .pipe(gulp.dest('.'));
+});
+
+gulp.task('min', ['min:js', 'min:css']);
+
+gulp.task('lib', ['clean:lib'], function () {
+    var libs = [
+        {
+            src: [
+                paths.npmDir + 'bootstrap/dist/**/*',
+                '!' + paths.npmDir + 'bootstrap/dist/**/npm.js',
+                '!' + paths.npmDir + 'bootstrap/dist/**/css/*theme*'
+            ],
+            dest: paths.libDir + 'bootstrap'
+        },
+        {
+            src: paths.npmDir + 'font-awesome/css/*',
+            dest: paths.libDir + 'font-awesome/css'
+        },
+        {
+            src: paths.npmDir + 'font-awesome/fonts/*',
+            dest: paths.libDir + 'font-awesome/fonts'
+        },
+        {
+            src: paths.npmDir + 'jquery/dist/*.js',
+            dest: paths.libDir + 'jquery'
+        },
+        {
+            src: paths.npmDir + 'admin-lte/dist/js/app*.js',
+            dest: paths.libDir + 'admin-lte/js'
+        },
+        {
+            src: paths.npmDir + 'angular/angular*.js',
+            dest: paths.libDir + 'angular'
+        },
+        {
+            src: paths.npmDir + 'angular-ui-bootstrap/dist/*tpls*.js',
+            dest: paths.libDir + 'angular-ui-bootstrap'
+        },
+        {
+            src: paths.npmDir + 'angular-bootstrap-show-errors/src/*.js',
+            dest: paths.libDir + 'angular-bootstrap-show-errors'
+        },
+        {
+            src: paths.npmDir + 'angular-cookies/*cookies*.js',
+            dest: paths.libDir + 'angular-cookies'
+        },
+        {
+            src: paths.npmDir + 'angular-jwt/dist/*.js',
+            dest: paths.libDir + 'angular-jwt'
+        },
+        {
+            src: paths.npmDir + 'angular-resource/*resource*.js',
+            dest: paths.libDir + 'angular-resource'
+        },
+        {
+            src: paths.npmDir + 'angular-sanitize/*sanitize*.js',
+            dest: paths.libDir + 'angular-sanitize'
+        },
+        {
+            src: [paths.npmDir + 'angular-toastr/dist/**/*.css', paths.npmDir + 'angular-toastr/dist/**/*.js'],
+            dest: paths.libDir + 'angular-toastr'
+        },
+        {
+            src: paths.npmDir + 'angular-ui-router/release/*.js',
+            dest: paths.libDir + 'angular-ui-router'
+        },
+        {
+            src: paths.npmDir + 'angular-messages/*messages*.js',
+            dest: paths.libDir + 'angular-messages'
+        },
+        {
+            src: paths.npmDir + 'ngstorage/*.js',
+            dest: paths.libDir + 'ngstorage'
+        },
+        {
+            src: paths.npmDir + 'papaparse/papaparse*.js',
+            dest: paths.libDir + 'papaparse'
+        },
+        {
+            src: paths.npmDir + 'ngclipboard/dist/ngclipboard*.js',
+            dest: paths.libDir + 'ngclipboard'
+        },
+        {
+            src: paths.npmDir + 'clipboard/dist/clipboard*.js',
+            dest: paths.libDir + 'clipboard'
+        },
+        {
+            src: paths.npmDir + 'node-forge/dist/prime.worker.*',
+            dest: paths.libDir + 'forge'
+        },
+        {
+            src: [
+                paths.npmDir + 'angulartics-google-analytics/lib/angulartics*.js',
+                paths.npmDir + 'angulartics/src/angulartics.js'
+            ],
+            dest: paths.libDir + 'angulartics'
+        },
+        //{
+        //    src: paths.npmDir + 'duo_web_sdk/index.js',
+        //    dest: paths.libDir + 'duo'
+        //},
+        {
+            src: paths.jsDir + 'duo.js',
+            dest: paths.libDir + 'duo'
+        },
+        {
+            src: paths.npmDir + 'angular-promise-polyfill/index.js',
+            dest: paths.libDir + 'angular-promise-polyfill'
+        }
+    ];
+
+    var tasks = libs.map(function (lib) {
+        return gulp.src(lib.src).pipe(gulp.dest(lib.dest));
+    });
+
+    return merge(tasks);
+});
+
+gulp.task('webpack', ['webpack:forge']);
+
+gulp.task('webpack:forge', function () {
+    var forgeDir = paths.npmDir + '/node-forge/lib/';
+
+    return gulp.src([
+        forgeDir + 'pbkdf2.js',
+        forgeDir + 'aes.js',
+        forgeDir + 'rsa.js',
+        forgeDir + 'hmac.js',
+        forgeDir + 'sha256.js',
+        forgeDir + 'random.js',
+        forgeDir + 'forge.js'
+    ]).pipe(webpack({
+        output: {
+            filename: 'forge.js',
+            library: 'forge',
+            libraryTarget: 'umd'
+        },
+        node: {
+            Buffer: false,
+            process: false,
+            crypto: false,
+            setImmediate: false
+        }
+    })).pipe(gulp.dest(paths.libDir + 'forge'));
+});
+
+gulp.task('settings', function () {
+    return config()
+        .pipe(gulp.dest(paths.webroot + 'app'));
+});
+
+function config() {
+    return gulp.src('./settings.json')
+        .pipe(ngConfig('bit', {
+            createModule: false,
+            constants: _.merge({}, {
+                appSettings: {
+                    selfHosted: false,
+                    version: project.version,
+                    environment: project.env
+                }
+            }, require('./settings' + (project.env !== 'Development' ? ('.' + project.env) : '') + '.json') || {})
+        }));
+}
+
+gulp.task('less', function () {
+    return gulp.src(paths.lessDir + 'vault.less')
+        .pipe(less())
+        .pipe(gulp.dest(paths.cssDir));
+});
+
+gulp.task('watch', function () {
+    gulp.watch(paths.lessDir + '*.less', ['less']);
+    gulp.watch('./settings*.json', ['settings']);
+});
+
+gulp.task('browserify', ['browserify:stripe', 'browserify:cc']);
+
+gulp.task('browserify:stripe', function () {
+    return browserify(paths.npmDir + 'angular-stripe/src/index.js',
+        {
+            entry: '.',
+            standalone: 'angularStripe',
+            global: true
+        })
+        .transform('exposify', { expose: { angular: 'angular' } })
+        .bundle()
+        .pipe(source('angular-stripe.js'))
+        .pipe(derequire())
+        .pipe(gulp.dest(paths.libDir + 'angular-stripe'));
+});
+
+gulp.task('browserify:cc', function () {
+    return browserify(paths.npmDir + 'angular-credit-cards/src/index.js',
+        {
+            entry: '.',
+            standalone: 'angularCreditCards'
+        })
+        .transform('exposify', { expose: { angular: 'angular' } })
+        .bundle()
+        .pipe(source('angular-credit-cards.js'))
+        .pipe(derequire())
+        .pipe(gulp.dest(paths.libDir + 'angular-credit-cards'));
+});
+
+gulp.task('dist:clean', function (cb) {
+    return rimraf(paths.dist + '**/*', cb);
+});
+
+gulp.task('dist:move', function () {
+    var moves = [
+        {
+            src: './CNAME',
+            dest: paths.dist
+        },
+        {
+            src: [
+                paths.npmDir + 'bootstrap/dist/**/bootstrap.min.js',
+                paths.npmDir + 'bootstrap/dist/**/bootstrap.min.css',
+                paths.npmDir + 'bootstrap/dist/**/fonts/**/*',
+            ],
+            dest: paths.dist + 'lib/bootstrap'
+        },
+        {
+            src: [
+                paths.npmDir + 'font-awesome/**/font-awesome.min.css',
+                paths.npmDir + 'font-awesome/**/fonts/**/*'
+            ],
+            dest: paths.dist + 'lib/font-awesome'
+        },
+        {
+            src: paths.npmDir + 'jquery/dist/jquery.min.js',
+            dest: paths.dist + 'lib/jquery'
+        },
+        {
+            src: paths.npmDir + 'angular/angular.min.js',
+            dest: paths.dist + 'lib/angular'
+        },
+        {
+            src: paths.npmDir + 'node-forge/dist/prime.worker.*',
+            dest: paths.dist + 'lib/forge'
+        },
+        //{
+        //    src: paths.npmDir + 'duo_web_sdk/index.js',
+        //    dest: paths.dist + 'lib/duo'
+        //},
+        {
+            src: paths.jsDir + 'duo.js',
+            dest: paths.dist + 'js'
+        },
+        {
+            src: paths.jsDir + 'settings.js',
+            dest: paths.dist + 'js'
+        },
+        {
+            src: paths.jsDir + 'bw.min.js',
+            dest: paths.dist + 'js'
+        },
+        {
+            src: [
+                paths.webroot + '**/app/**/*.html',
+                paths.webroot + '**/images/**/*',
+                paths.webroot + 'index.html',
+                paths.webroot + 'u2f-connector.html',
+                paths.webroot + 'duo-connector.html',
+                paths.webroot + 'favicon.ico',
+                paths.webroot + 'app-id.json'
+            ],
+            dest: paths.dist
+        }
+    ];
+
+    var tasks = moves.map(function (move) {
+        return gulp.src(move.src).pipe(gulp.dest(move.dest));
+    });
+
+    return merge(tasks);
+});
+
+gulp.task('dist:css', function () {
+    return gulp
+        .src([
+            paths.cssDir + '**/*.css',
+            '!' + paths.cssDir + '**/*.min.css'
+        ])
+        .pipe(preprocess({ context: { cacheTag: randomString, selfHosted: selfHosted } }))
+        .pipe(cssmin())
+        .pipe(rename({ suffix: '.min' }))
+        .pipe(gulp.dest(paths.dist + 'css'));
+});
+
+gulp.task('dist:js:app', function () {
+    var mainStream = gulp
+        .src([
+            paths.webroot + 'app/app.js',
+            '!' + paths.webroot + 'app/settings.js',
+            paths.webroot + 'app/**/*Module.js',
+            paths.webroot + 'app/**/*.js'
+        ]);
+
+    merge(mainStream, config())
+        .pipe(preprocess({ context: { cacheTag: randomString, selfHosted: selfHosted } }))
+        .pipe(concat(paths.dist + '/js/app.min.js'))
+        .pipe(ngAnnotate())
+        .pipe(uglify())
+        .pipe(gulp.dest('.'));
+});
+
+gulp.task('dist:js:fallback', function () {
+    var mainStream = gulp
+        .src([
+            paths.jsDir + 'fallback*.js'
+        ]);
+
+    merge(mainStream)
+        .pipe(preprocess({ context: { cacheTag: randomString, selfHosted: selfHosted } }))
+        .pipe(uglify())
+        .pipe(rename({ suffix: '.min' }))
+        .pipe(gulp.dest(paths.dist + 'js'));
+});
+
+gulp.task('dist:js:u2f', function () {
+    var mainStream = gulp
+        .src([
+            paths.jsDir + 'u2f*.js'
+        ]);
+
+    merge(mainStream)
+        .pipe(concat(paths.dist + '/js/u2f.min.js'))
+        .pipe(uglify())
+        .pipe(gulp.dest('.'));
+});
+
+gulp.task('dist:js:lib', function () {
+    return gulp
+        .src([
+            paths.libDir + 'angulartics/angulartics.js',
+            paths.libDir + '**/*.js',
+            '!' + paths.libDir + '**/*.min.js',
+            '!' + paths.libDir + 'angular/**/*',
+            '!' + paths.libDir + 'bootstrap/**/*',
+            '!' + paths.libDir + 'jquery/**/*'
+        ])
+        .pipe(concat(paths.dist + '/js/lib.min.js'))
+        .pipe(uglify())
+        .pipe(gulp.dest('.'));
+});
+
+gulp.task('dist:preprocess', function () {
+    return gulp
+        .src([
+            paths.dist + '/**/*.html'
+        ], { base: '.' })
+        .pipe(preprocess({ context: { cacheTag: randomString, selfHosted: selfHosted } }))
+        .pipe(gulp.dest('.'));
+});
+
+gulp.task('dist', ['build'], function (cb) {
+    return runSequence(
+        'dist:clean',
+        ['dist:move', 'dist:css', 'dist:js:app', 'dist:js:lib', 'dist:js:fallback', 'dist:js:u2f'],
+        'dist:preprocess',
+        cb);
+});
+
+var selfHosted = false;
+gulp.task('dist:selfHosted', function (cb) {
+    selfHosted = true;
+    return runSequence('dist', cb);
+});
+
+gulp.task('deploy', ['dist'], function () {
+    return gulp.src(paths.dist + '**/*')
+        .pipe(ghPages({ cacheDir: paths.dist + '.publish' }));
+});
+
+gulp.task('deploy-preview', ['dist'], function () {
+    return gulp.src(paths.dist + '**/*')
+        .pipe(ghPages({
+            cacheDir: paths.dist + '.publish',
+            remoteUrl: 'git@github.com:kspearrin/bitwarden-web-preview.git'
+        }));
+});
+
+gulp.task('serve', function () {
+    connect.server({
+        port: 4001,
+        root: ['src'],
+        //https: true,
+        middleware: function (connect, opt) {
+            return [function (req, res, next) {
+                if (req.originalUrl.indexOf('app-id.json') > -1) {
+                    res.setHeader('Content-Type', 'application/fido.trusted-apps+json');
+                }
+                next();
+            }];
+        }
+    });
+});

package.json

@@ -0,0 +1,55 @@
+{
+  "name": "bitwarden",
+  "version": "1.17.1",
+  "env": "Production",
+  "devDependencies": {
+    "connect": "3.6.3",
+    "lodash": "4.17.4",
+    "gulp": "3.9.1",
+    "gulp-concat": "2.6.1",
+    "gulp-cssmin": "0.2.0",
+    "gulp-less": "3.3.2",
+    "gulp-rename": "1.2.2",
+    "gulp-uglify": "3.0.0",
+    "gulp-gh-pages": "0.5.4",
+    "gulp-preprocess": "2.0.0",
+    "gulp-ng-annotate": "2.0.0",
+    "gulp-ng-config": "1.4.0",
+    "gulp-connect": "5.0.0",
+    "jshint": "2.9.5",
+    "gulp-jshint": "2.0.4",
+    "rimraf": "2.6.1",
+    "run-sequence": "2.1.0",
+    "merge-stream": "1.0.1",
+    "jquery": "2.2.4",
+    "font-awesome": "4.7.0",
+    "bootstrap": "3.3.7",
+    "angular": "1.6.6",
+    "angular-resource": "1.6.6",
+    "angular-sanitize": "1.6.6",
+    "angular-ui-bootstrap": "2.5.0",
+    "angular-ui-router": "0.4.2",
+    "angular-jwt": "0.1.9",
+    "angular-cookies": "1.6.6",
+    "admin-lte": "2.3.11",
+    "angular-toastr": "2.1.1",
+    "angular-bootstrap-show-errors": "2.3.0",
+    "angular-messages": "1.6.6",
+    "ngstorage": "0.3.11",
+    "papaparse": "4.3.5",
+    "clipboard": "1.7.1",
+    "ngclipboard": "1.1.1",
+    "angulartics": "1.4.0",
+    "angulartics-google-analytics": "0.4.0",
+    "node-forge": "0.7.1",
+    "webpack-stream": "4.0.0",
+    "angular-stripe": "5.0.0",
+    "angular-credit-cards": "3.1.6",
+    "browserify": "14.4.0",
+    "vinyl-source-stream": "1.1.0",
+    "gulp-derequire": "2.1.0",
+    "exposify": "0.5.0",
+    "duo_web_sdk": "git+https://github.com/duosecurity/duo_web_sdk.git",
+    "angular-promise-polyfill": "0.0.4"
+  }
+}

settings.Preview.json

@@ -0,0 +1,11 @@
+{
+  "appSettings": {
+    "apiUri": "https://preview-api.bitwarden.com",
+    "identityUri": "https://preview-identity.bitwarden.com",
+    "stripeKey": "pk_test_KPoCfZXu7mznb9uSCPZ2JpTD",
+    "braintreeKey": "sandbox_r72q8jq6_9pnxkwm75f87sdc2",
+    "whitelistDomains": [
+      "preview-api.bitwarden.com"
+    ]
+  }
+}

settings.Production.json

@@ -0,0 +1,11 @@
+{
+  "appSettings": {
+    "apiUri": "https://api.bitwarden.com",
+    "identityUri": "https://identity.bitwarden.com",
+    "stripeKey": "pk_live_bpN0P37nMxrMQkcaHXtAybJk",
+    "braintreeKey": "production_qfbsv8kc_njj2zjtyngtjmbjd",
+    "whitelistDomains": [
+      "api.bitwarden.com"
+    ]
+  }
+}

settings.json

@@ -0,0 +1,11 @@
+{
+  "appSettings": {
+    "apiUri": "http://localhost:4000",
+    "identityUri": "http://localhost:33656",
+    "stripeKey": "pk_test_KPoCfZXu7mznb9uSCPZ2JpTD",
+    "braintreeKey": "sandbox_r72q8jq6_9pnxkwm75f87sdc2",
+    "whitelistDomains": [
+      "localhost"
+    ]
+  }
+}

src/app-id.json

@@ -0,0 +1,15 @@
+{
+  "trustedFacets": [
+    {
+      "version": {
+        "major": 1,
+        "minor": 0
+      },
+      "ids": [
+        "https://vault.bitwarden.com",
+        "ios:bundle-id:com.8bit.bitwarden",
+        "android:apk-key-hash:dUGFzUzf3lmHSLBDBIv+WaFyZMI"
+      ]
+    }
+  ]
+}

src/app/accounts/accountsLoginController.js

@@ -0,0 +1,278 @@
+angular
+    .module('bit.accounts')
+
+    .controller('accountsLoginController', function ($scope, $rootScope, $cookies, apiService, cryptoService, authService,
+        $state, constants, $analytics, $uibModal, $timeout, $window, $filter, toastr) {
+        $scope.state = $state;
+        $scope.twoFactorProviderConstants = constants.twoFactorProvider;
+        $scope.rememberTwoFactor = { checked: false };
+        var stopU2fCheck = true;
+
+        $scope.returnState = $state.params.returnState;
+        $scope.stateEmail = $state.params.email;
+        if (!$scope.returnState && $state.params.org) {
+            $scope.returnState = {
+                name: 'backend.user.settingsCreateOrg',
+                params: { plan: $state.params.org }
+            };
+        }
+        else if (!$scope.returnState && $state.params.premium) {
+            $scope.returnState = {
+                name: 'backend.user.settingsPremium'
+            };
+        }
+
+        if ($state.current.name.indexOf('twoFactor') > -1 && (!$scope.twoFactorProviders || !$scope.twoFactorProviders.length)) {
+            $state.go('frontend.login.info', { returnState: $scope.returnState });
+        }
+
+        var rememberedEmail = $cookies.get(constants.rememberedEmailCookieName);
+        if (rememberedEmail || $scope.stateEmail) {
+            $scope.model = {
+                email: $scope.stateEmail || rememberedEmail,
+                rememberEmail: rememberedEmail !== null
+            };
+
+            $timeout(function () {
+                $("#masterPassword").focus();
+            });
+        }
+        else {
+            $timeout(function () {
+                $("#email").focus();
+            });
+        }
+
+        var _email,
+            _masterPassword;
+
+        $scope.twoFactorProviders = null;
+        $scope.twoFactorProvider = null;
+
+        $scope.login = function (model) {
+            $scope.loginPromise = authService.logIn(model.email, model.masterPassword).then(function (twoFactorProviders) {
+                if (model.rememberEmail) {
+                    var cookieExpiration = new Date();
+                    cookieExpiration.setFullYear(cookieExpiration.getFullYear() + 10);
+
+                    $cookies.put(
+                        constants.rememberedEmailCookieName,
+                        model.email,
+                        { expires: cookieExpiration });
+                }
+                else {
+                    $cookies.remove(constants.rememberedEmailCookieName);
+                }
+
+                if (twoFactorProviders && Object.keys(twoFactorProviders).length > 0) {
+                    _email = model.email;
+                    _masterPassword = model.masterPassword;
+
+                    $scope.twoFactorProviders = cleanProviders(twoFactorProviders);
+                    $scope.twoFactorProvider = getDefaultProvider($scope.twoFactorProviders);
+
+                    $analytics.eventTrack('Logged In To Two-step');
+                    $state.go('frontend.login.twoFactor', { returnState: $scope.returnState }).then(function () {
+                        $timeout(function () {
+                            $("#code").focus();
+                            init();
+                        });
+                    });
+                }
+                else {
+                    $analytics.eventTrack('Logged In');
+                    loggedInGo();
+                }
+
+                model.masterPassword = '';
+            });
+        };
+
+        function getDefaultProvider(twoFactorProviders) {
+            var keys = Object.keys(twoFactorProviders);
+            var providerType = null;
+            var providerPriority = -1;
+            for (var i = 0; i < keys.length; i++) {
+                var provider = $filter('filter')(constants.twoFactorProviderInfo, { type: keys[i], active: true });
+                if (provider.length && provider[0].priority > providerPriority) {
+                    if (provider[0].type === constants.twoFactorProvider.u2f && !u2f.isSupported) {
+                        continue;
+                    }
+
+                    providerType = provider[0].type;
+                    providerPriority = provider[0].priority;
+                }
+            }
+
+            if (providerType === null) {
+                return null;
+            }
+
+            return parseInt(providerType);
+        }
+
+        function cleanProviders(twoFactorProviders) {
+            if (canUseSecurityKey()) {
+                return twoFactorProviders;
+            }
+
+            var keys = Object.keys(twoFactorProviders);
+            for (var i = 0; i < keys.length; i++) {
+                var provider = $filter('filter')(constants.twoFactorProviderInfo, {
+                    type: keys[i],
+                    active: true,
+                    requiresUsb: false
+                });
+                if (!provider.length) {
+                    delete twoFactorProviders[keys[i]];
+                }
+            }
+
+            return twoFactorProviders;
+        }
+
+        // ref: https://stackoverflow.com/questions/11381673/detecting-a-mobile-browser
+        function canUseSecurityKey() {
+            var mobile = false;
+            (function (a) {
+                if (/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino/i.test(a) || /1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i.test(a.substr(0, 4))) {
+                    mobile = true;
+                }
+            })(navigator.userAgent || navigator.vendor || window.opera);
+
+            return !mobile && !navigator.userAgent.match(/iPad/i);
+        }
+
+        $scope.twoFactor = function (token) {
+            if ($scope.twoFactorProvider === constants.twoFactorProvider.email ||
+                $scope.twoFactorProvider === constants.twoFactorProvider.authenticator) {
+                token = token.replace(' ', '');
+            }
+
+            $scope.twoFactorPromise = authService.logIn(_email, _masterPassword, token, $scope.twoFactorProvider,
+                $scope.rememberTwoFactor.checked || false);
+
+            $scope.twoFactorPromise.then(function () {
+                $analytics.eventTrack('Logged In From Two-step');
+                loggedInGo();
+            }, function () {
+                if ($scope.twoFactorProvider === constants.twoFactorProvider.u2f) {
+                    init();
+                }
+            });
+        };
+
+        $scope.anotherMethod = function () {
+            var modal = $uibModal.open({
+                animation: true,
+                templateUrl: 'app/accounts/views/accountsTwoFactorMethods.html',
+                controller: 'accountsTwoFactorMethodsController',
+                resolve: {
+                    providers: function () { return $scope.twoFactorProviders; }
+                }
+            });
+
+            modal.result.then(function (provider) {
+                $scope.twoFactorProvider = provider;
+                $timeout(function () {
+                    $("#code").focus();
+                    init();
+                });
+            });
+        };
+
+        $scope.sendEmail = function (doToast) {
+            if ($scope.twoFactorProvider !== constants.twoFactorProvider.email) {
+                return;
+            }
+
+            return cryptoService.makeKeyAndHash(_email, _masterPassword).then(function (result) {
+                return apiService.twoFactor.sendEmailLogin({
+                    email: _email,
+                    masterPasswordHash: result.hash
+                }).$promise;
+            }).then(function () {
+                if (doToast) {
+                    toastr.success('Verification email sent to ' + $scope.twoFactorEmail + '.');
+                }
+            }, function () {
+                toastr.error('Could not send verification email.');
+            });
+        };
+
+        $scope.$on('$destroy', function () {
+            stopU2fCheck = true;
+        });
+
+        function loggedInGo() {
+            if ($scope.returnState) {
+                $state.go($scope.returnState.name, $scope.returnState.params);
+            }
+            else {
+                $state.go('backend.user.vault');
+            }
+        }
+
+        function init() {
+            stopU2fCheck = true;
+            var params;
+            if ($scope.twoFactorProvider === constants.twoFactorProvider.duo) {
+                params = $scope.twoFactorProviders[constants.twoFactorProvider.duo];
+
+                $window.Duo.init({
+                    host: params.Host,
+                    sig_request: params.Signature,
+                    submit_callback: function (theForm) {
+                        var response = $(theForm).find('input[name="sig_response"]').val();
+                        $scope.twoFactor(response);
+                    }
+                });
+            }
+            else if ($scope.twoFactorProvider === constants.twoFactorProvider.u2f) {
+                stopU2fCheck = false;
+                params = $scope.twoFactorProviders[constants.twoFactorProvider.u2f];
+                var challenges = JSON.parse(params.Challenges);
+
+                initU2f(challenges);
+            }
+            else if ($scope.twoFactorProvider === constants.twoFactorProvider.email) {
+                params = $scope.twoFactorProviders[constants.twoFactorProvider.email];
+                $scope.twoFactorEmail = params.Email;
+                if (Object.keys($scope.twoFactorProviders).length > 1) {
+                    $scope.sendEmail(false);
+                }
+            }
+        }
+
+        function initU2f(challenges) {
+            if (stopU2fCheck) {
+                return;
+            }
+
+            if (challenges.length < 1 || $scope.twoFactorProvider !== constants.twoFactorProvider.u2f) {
+                return;
+            }
+
+            console.log('listening for u2f key...');
+
+            $window.u2f.sign(challenges[0].appId, challenges[0].challenge, [{
+                version: challenges[0].version,
+                keyHandle: challenges[0].keyHandle
+            }], function (data) {
+                if ($scope.twoFactorProvider !== constants.twoFactorProvider.u2f) {
+                    return;
+                }
+
+                if (data.errorCode) {
+                    console.log(data.errorCode);
+
+                    $timeout(function () {
+                        initU2f(challenges);
+                    }, data.errorCode === 5 ? 0 : 1000);
+
+                    return;
+                }
+                $scope.twoFactor(JSON.stringify(data));
+            }, 10);
+        }
+    });

src/app/accounts/accountsLogoutController.js

@@ -0,0 +1,8 @@
+angular
+    .module('bit.accounts')
+
+    .controller('accountsLogoutController', function ($scope, authService, $state, $analytics) {
+        authService.logOut();
+        $analytics.eventTrack('Logged Out');
+        $state.go('frontend.login.info');
+    });

src/app/accounts/accountsModule.js

@@ -0,0 +1,2 @@
+angular
+    .module('bit.accounts', ['ui.bootstrap', 'ngCookies']);

src/app/accounts/accountsOrganizationAcceptController.js

@@ -0,0 +1,45 @@
+angular
+    .module('bit.accounts')
+
+    .controller('accountsOrganizationAcceptController', function ($scope, $state, apiService, authService, toastr, $analytics) {
+        $scope.state = {
+            name: $state.current.name,
+            params: $state.params
+        };
+
+        if (!$state.params.organizationId || !$state.params.organizationUserId || !$state.params.token ||
+            !$state.params.email || !$state.params.organizationName) {
+            $state.go('frontend.login.info').then(function () {
+                toastr.error('Invalid parameters.');
+            });
+            return;
+        }
+
+        $scope.$on('$viewContentLoaded', function () {
+            if (authService.isAuthenticated()) {
+                $scope.accepting = true;
+                apiService.organizationUsers.accept(
+                    {
+                        orgId: $state.params.organizationId,
+                        id: $state.params.organizationUserId
+                    },
+                    {
+                        token: $state.params.token
+                    }, function () {
+                        $analytics.eventTrack('Accepted Invitation');
+                        $state.go('backend.user.vault', null, { location: 'replace' }).then(function () {
+                            toastr.success('You can access this organization once an administrator confirms your membership.' +
+                                ' We\'ll send an email when that happens.', 'Invite Accepted', { timeOut: 10000 });
+                        });
+                    }, function () {
+                        $analytics.eventTrack('Failed To Accept Invitation');
+                        $state.go('backend.user.vault', null, { location: 'replace' }).then(function () {
+                            toastr.error('Unable to accept invitation.', 'Error');
+                        });
+                    });
+            }
+            else {
+                $scope.loading = false;
+            }
+        });
+    });

src/app/accounts/accountsPasswordHintController.js

@@ -0,0 +1,13 @@
+angular
+    .module('bit.accounts')
+
+    .controller('accountsPasswordHintController', function ($scope, $rootScope, apiService, $analytics) {
+        $scope.success = false;
+
+        $scope.submit = function (model) {
+            $scope.submitPromise = apiService.accounts.postPasswordHint({ email: model.email }, function () {
+                $analytics.eventTrack('Requested Password Hint');
+                $scope.success = true;
+            }).$promise;
+        };
+    });

src/app/accounts/accountsRecoverController.js

@@ -0,0 +1,21 @@
+angular
+    .module('bit.accounts')
+
+    .controller('accountsRecoverController', function ($scope, apiService, cryptoService, $analytics) {
+        $scope.success = false;
+
+        $scope.submit = function (model) {
+            var email = model.email.toLowerCase();
+
+            $scope.submitPromise = cryptoService.makeKeyAndHash(model.email, model.masterPassword).then(function (result) {
+                return apiService.twoFactor.recover({
+                    email: email,
+                    masterPasswordHash: result.hash,
+                    recoveryCode: model.code.replace(/\s/g, '').toLowerCase()
+                }).$promise;
+            }).then(function () {
+                $analytics.eventTrack('Recovered 2FA');
+                $scope.success = true;
+            });
+        };
+    });

src/app/accounts/accountsRecoverDeleteController.js

@@ -0,0 +1,13 @@
+angular
+    .module('bit.accounts')
+
+    .controller('accountsRecoverDeleteController', function ($scope, $rootScope, apiService, $analytics) {
+        $scope.success = false;
+
+        $scope.submit = function (model) {
+            $scope.submitPromise = apiService.accounts.postDeleteRecover({ email: model.email }, function () {
+                $analytics.eventTrack('Started Delete Recovery');
+                $scope.success = true;
+            }).$promise;
+        };
+    });

src/app/accounts/accountsRegisterController.js

@@ -0,0 +1,92 @@
+angular
+    .module('bit.accounts')
+
+    .controller('accountsRegisterController', function ($scope, $location, apiService, cryptoService, validationService,
+        $analytics, $state, $timeout) {
+        var params = $location.search();
+        var stateParams = $state.params;
+        $scope.createOrg = stateParams.org;
+
+        if (!stateParams.returnState && stateParams.org) {
+            $scope.returnState = {
+                name: 'backend.user.settingsCreateOrg',
+                params: { plan: $state.params.org }
+            };
+        }
+        else if (!stateParams.returnState && stateParams.premium) {
+            $scope.returnState = {
+                name: 'backend.user.settingsPremium',
+                params: { plan: $state.params.org }
+            };
+        }
+        else {
+            $scope.returnState = stateParams.returnState;
+        }
+
+        $scope.success = false;
+        $scope.model = {
+            email: params.email ? params.email : stateParams.email
+        };
+        $scope.readOnlyEmail = stateParams.email !== null;
+
+
+        $timeout(function () {
+            if ($scope.model.email) {
+                $("#name").focus();
+            }
+            else {
+                $("#email").focus();
+            }
+        });
+
+        $scope.registerPromise = null;
+        $scope.register = function (form) {
+            var error = false;
+
+            if ($scope.model.masterPassword.length < 8) {
+                validationService.addError(form, 'MasterPassword', 'Master password must be at least 8 characters long.', true);
+                error = true;
+            }
+            if ($scope.model.masterPassword !== $scope.model.confirmMasterPassword) {
+                validationService.addError(form, 'ConfirmMasterPassword', 'Master password confirmation does not match.', true);
+                error = true;
+            }
+
+            if (error) {
+                return;
+            }
+
+            var email = $scope.model.email.toLowerCase();
+            var makeResult, encKey;
+
+            $scope.registerPromise = cryptoService.makeKeyAndHash(email, $scope.model.masterPassword).then(function (result) {
+                makeResult = result;
+                encKey = cryptoService.makeEncKey(result.key);
+                return cryptoService.makeKeyPair(encKey.encKey);
+            }).then(function (result) {
+                var request = {
+                    name: $scope.model.name,
+                    email: email,
+                    masterPasswordHash: makeResult.hash,
+                    masterPasswordHint: $scope.model.masterPasswordHint,
+                    key: encKey.encKeyEnc,
+                    keys: {
+                        publicKey: result.publicKey,
+                        encryptedPrivateKey: result.privateKeyEnc
+                    }
+                };
+
+                return apiService.accounts.register(request).$promise;
+            }, function (errors) {
+                validationService.addError(form, null, 'Problem generating keys.', true);
+                return false;
+            }).then(function (result) {
+                if (result === false) {
+                    return;
+                }
+
+                $scope.success = true;
+                $analytics.eventTrack('Registered');
+            });
+        };
+    });

src/app/accounts/accountsTwoFactorMethodsController.js

@@ -0,0 +1,40 @@
+angular
+    .module('bit.accounts')
+
+    .controller('accountsTwoFactorMethodsController', function ($scope, $uibModalInstance, $analytics, providers, constants) {
+        $analytics.eventTrack('accountsTwoFactorMethodsController', { category: 'Modal' });
+
+        $scope.providers = [];
+
+        if (providers.hasOwnProperty(constants.twoFactorProvider.authenticator)) {
+            add(constants.twoFactorProvider.authenticator);
+        }
+        if (providers.hasOwnProperty(constants.twoFactorProvider.yubikey)) {
+            add(constants.twoFactorProvider.yubikey);
+        }
+        if (providers.hasOwnProperty(constants.twoFactorProvider.email)) {
+            add(constants.twoFactorProvider.email);
+        }
+        if (providers.hasOwnProperty(constants.twoFactorProvider.duo)) {
+            add(constants.twoFactorProvider.duo);
+        }
+        if (providers.hasOwnProperty(constants.twoFactorProvider.u2f) && u2f.isSupported) {
+            add(constants.twoFactorProvider.u2f);
+        }
+
+        $scope.choose = function (provider) {
+            $uibModalInstance.close(provider.type);
+        };
+
+        $scope.close = function () {
+            $uibModalInstance.dismiss('close');
+        };
+
+        function add(type) {
+            for (var i = 0; i < constants.twoFactorProviderInfo.length; i++) {
+                if (constants.twoFactorProviderInfo[i].type === type) {
+                    $scope.providers.push(constants.twoFactorProviderInfo[i]);
+                }
+            }
+        }
+    });

src/app/accounts/accountsVerifyEmailController.js

@@ -0,0 +1,28 @@
+angular
+    .module('bit.accounts')
+
+    .controller('accountsVerifyEmailController', function ($scope, $state, apiService, toastr, $analytics) {
+        if (!$state.params.userId || !$state.params.token) {
+            $state.go('frontend.login.info').then(function () {
+                toastr.error('Invalid parameters.');
+            });
+            return;
+        }
+
+        $scope.$on('$viewContentLoaded', function () {
+            apiService.accounts.verifyEmailToken({},
+                {
+                    token: $state.params.token,
+                    userId: $state.params.userId
+                }, function () {
+                    $analytics.eventTrack('Verified Email');
+                    $state.go('frontend.login.info', null, { location: 'replace' }).then(function () {
+                        toastr.success('Your email has been verified. Thank you.', 'Success');
+                    });
+                }, function () {
+                    $state.go('frontend.login.info', null, { location: 'replace' }).then(function () {
+                        toastr.error('Unable to verify email.', 'Error');
+                    });
+                });
+        });
+    });

src/app/accounts/accountsVerifyRecoverDeleteController.js

@@ -0,0 +1,36 @@
+angular
+    .module('bit.accounts')
+
+    .controller('accountsVerifyRecoverDeleteController', function ($scope, $state, apiService, toastr, $analytics) {
+        if (!$state.params.userId || !$state.params.token || !$state.params.email) {
+            $state.go('frontend.login.info').then(function () {
+                toastr.error('Invalid parameters.');
+            });
+            return;
+        }
+
+        $scope.email = $state.params.email;
+
+        $scope.delete = function () {
+            if (!confirm('Are you sure you want to delete this account? This cannot be undone.')) {
+                return;
+            }
+
+            $scope.deleting = true;
+            apiService.accounts.postDeleteRecoverToken({},
+                {
+                    token: $state.params.token,
+                    userId: $state.params.userId
+                }, function () {
+                    $analytics.eventTrack('Recovered Delete');
+                    $state.go('frontend.login.info', null, { location: 'replace' }).then(function () {
+                        toastr.success('Your account has been deleted. You can register a new account again if you like.',
+                            'Success');
+                    });
+                }, function () {
+                    $state.go('frontend.login.info', null, { location: 'replace' }).then(function () {
+                        toastr.error('Unable to delete account.', 'Error');
+                    });
+                });
+        };
+    });

src/app/accounts/views/accountsLogin.html

@@ -0,0 +1,7 @@
+<div class="login-box">
+    <div class="login-logo">
+        <i class="fa fa-shield"></i> <b>bit</b>warden
+    </div>
+    <div class="login-box-body" ui-view>
+    </div>
+</div>

src/app/accounts/views/accountsLoginInfo.html

@@ -0,0 +1,49 @@
+<p class="login-box-msg">Log in to access your vault.</p>
+<form name="loginForm" ng-submit="loginForm.$valid && login(model)" api-form="loginPromise">
+    <div class="callout callout-danger validation-errors" ng-show="loginForm.$errors">
+        <h4>Errors have occurred</h4>
+        <ul>
+            <li ng-repeat="e in loginForm.$errors">{{e}}</li>
+        </ul>
+    </div>
+    <div class="form-group has-feedback" show-errors>
+        <label for="email" class="sr-only">Email</label>
+        <input type="email" id="email" name="Email" class="form-control" placeholder="Email" ng-model="model.email"
+               required api-field />
+        <span class="fa fa-envelope form-control-feedback"></span>
+    </div>
+    <div class="form-group has-feedback" show-errors>
+        <label for="masterPassword" class="sr-only">Master Password</label>
+        <input type="password" id="masterPassword" name="MasterPasswordHash" class="form-control" placeholder="Master Password"
+               ng-model="model.masterPassword"
+               required api-field />
+        <span class="fa fa-lock form-control-feedback"></span>
+    </div>
+    <div class="row">
+        <div class="col-xs-7">
+            <div class="checkbox">
+                <label>
+                    <input type="checkbox" id="rememberEmail" ng-model="model.rememberEmail" /> Remember Email
+                </label>
+            </div>
+        </div>
+        <div class="col-xs-5">
+            <button type="submit" class="btn btn-primary btn-block btn-flat" ng-disabled="loginForm.$loading">
+                <i class="fa fa-refresh fa-spin loading-icon" ng-show="loginForm.$loading"></i>Log In
+            </button>
+        </div>
+    </div>
+    <hr />
+    <ul>
+        <li>
+            <a ui-sref="frontend.register({returnState: returnState, email: stateEmail})">
+                Create a new account
+            </a>
+        </li>
+        <li>
+            <a ui-sref="frontend.passwordHint">
+                Get master password hint
+            </a>
+        </li>
+    </ul>
+</form>

src/app/accounts/views/accountsLoginTwoFactor.html

@@ -0,0 +1,166 @@
+<div ng-if="twoFactorProvider === twoFactorProviderConstants.authenticator ||
+     twoFactorProvider === twoFactorProviderConstants.email">
+    <p class="login-box-msg" ng-if="twoFactorProvider === twoFactorProviderConstants.authenticator">
+        Enter the 6 digit verification code from your authenticator app.
+    </p>
+    <div ng-if="twoFactorProvider === twoFactorProviderConstants.email" class="text-center">
+        <p class="login-box-msg">
+            Enter the 6 digit verification code that was emailed to <b>{{twoFactorEmail}}</b>.
+        </p>
+        <p>
+            Didn't get the email?
+            <a href="#" stop-click ng-click="sendEmail(true)" ng-if="twoFactorProvider === twoFactorProviderConstants.email">
+                Send it again
+            </a>
+        </p>
+    </div>
+    <form name="twoFactorForm" ng-submit="twoFactorForm.$valid && twoFactor(token)" api-form="twoFactorPromise">
+        <div class="callout callout-danger validation-errors" ng-show="twoFactorForm.$errors">
+            <h4>Errors have occurred</h4>
+            <ul>
+                <li ng-repeat="e in twoFactorForm.$errors">{{e}}</li>
+            </ul>
+        </div>
+        <div class="form-group has-feedback" show-errors>
+            <label for="code" class="sr-only">Code</label>
+            <input type="text" id="code" name="Code" class="form-control" placeholder="Verification code"
+                   ng-model="token" required api-field autocomplete="off" autocorrect="off" autocapitalize="off"
+                   spellcheck="false" />
+            <span class="fa fa-lock form-control-feedback"></span>
+        </div>
+        <div class="row">
+            <div class="col-xs-7">
+                <div class="checkbox">
+                    <label>
+                        <input type="checkbox" id="rememberMe" ng-model="rememberTwoFactor.checked" /> Remember Me
+                    </label>
+                </div>
+            </div>
+            <div class="col-xs-5">
+                <button type="submit" class="btn btn-primary btn-block btn-flat" ng-disabled="twoFactorForm.$loading">
+                    <i class="fa fa-refresh fa-spin loading-icon" ng-show="twoFactorForm.$loading"></i>Log In
+                </button>
+            </div>
+        </div>
+    </form>
+</div>
+
+<div ng-if="twoFactorProvider === twoFactorProviderConstants.yubikey">
+    <p class="login-box-msg">
+        Complete logging in with YubiKey.
+    </p>
+    <form name="twoFactorForm" ng-submit="twoFactorForm.$valid && twoFactor(token)" api-form="twoFactorPromise" 
+          autocomplete="off">
+        <div class="callout callout-danger validation-errors" ng-show="twoFactorForm.$errors">
+            <h4>Errors have occurred</h4>
+            <ul>
+                <li ng-repeat="e in twoFactorForm.$errors">{{e}}</li>
+            </ul>
+        </div>
+        <p>Insert your YubiKey into your computer's USB port, then touch its button.</p>
+        <p>
+            <img src="images/two-factor/yubikey.jpg" alt="" class="img-rounded img-responsive" />
+        </p>
+        <div class="form-group" show-errors>
+            <label for="code" class="sr-only">Token</label>
+            <input type="password" id="code" name="Token" class="form-control" ng-model="token" required api-field />
+        </div>
+        <div class="row">
+            <div class="col-xs-7">
+                <div class="checkbox">
+                    <label>
+                        <input type="checkbox" id="rememberMe" ng-model="rememberTwoFactor.checked" /> Remember Me
+                    </label>
+                </div>
+            </div>
+            <div class="col-xs-5">
+                <button type="submit" class="btn btn-primary btn-block btn-flat" ng-disabled="twoFactorForm.$loading">
+                    <i class="fa fa-refresh fa-spin loading-icon" ng-show="twoFactorForm.$loading"></i>Log In
+                </button>
+            </div>
+        </div>
+    </form>
+</div>
+
+<div ng-if="twoFactorProvider === twoFactorProviderConstants.duo">
+    <p class="login-box-msg">
+        Complete logging in with Duo.
+    </p>
+    <form name="twoFactorForm" ng-submit="twoFactorForm.$valid && twoFactor(token)" api-form="twoFactorPromise" 
+          autocomplete="off">
+        <div class="callout callout-danger validation-errors" ng-show="twoFactorForm.$errors">
+            <h4>Errors have occurred</h4>
+            <ul>
+                <li ng-repeat="e in twoFactorForm.$errors">{{e}}</li>
+            </ul>
+        </div>
+        <div id="duoFrameWrapper">
+            <iframe id="duo_iframe"></iframe>
+        </div>
+        <div class="row">
+            <div class="col-xs-7">
+                <div class="checkbox">
+                    <label>
+                        <input type="checkbox" id="rememberMe" ng-model="rememberTwoFactor.checked" /> Remember Me
+                    </label>
+                </div>
+            </div>
+            <div class="col-xs-5">
+                <span ng-show="twoFactorForm.$loading">
+                    <i class="fa fa-refresh fa-spin loading-icon"></i> Logging in...
+                </span>
+            </div>
+        </div>
+    </form>
+</div>
+
+<div ng-if="twoFactorProvider === twoFactorProviderConstants.u2f">
+    <p class="login-box-msg">
+        Complete logging in with FIDO U2F.
+    </p>
+    <form name="twoFactorForm" api-form="twoFactorPromise" autocomplete="off">
+        <div class="callout callout-danger validation-errors" ng-show="twoFactorForm.$errors">
+            <h4>Errors have occurred</h4>
+            <ul>
+                <li ng-repeat="e in twoFactorForm.$errors">{{e}}</li>
+            </ul>
+        </div>
+        <p>Insert your Security Key into your computer's USB port. If it has a button, touch it.</p>
+        <p>
+            <img src="images/two-factor/u2fkey.jpg" alt="" class="img-rounded img-responsive" />
+        </p>
+        <div class="row">
+            <div class="col-xs-7">
+                <div class="checkbox">
+                    <label>
+                        <input type="checkbox" id="rememberMe" ng-model="rememberTwoFactor.checked" /> Remember Me
+                    </label>
+                </div>
+            </div>
+            <div class="col-xs-5">
+                <span ng-show="twoFactorForm.$loading">
+                    <i class="fa fa-refresh fa-spin loading-icon"></i> Logging in...
+                </span>
+            </div>
+        </div>
+    </form>
+</div>
+
+<div ng-if="twoFactorProvider === null">
+    <p>
+        This account has two-step login enabled, however, none of the configured two-step providers are supported by this
+        web browser.
+    </p>
+    Please use a supported web browser (such as Chrome) and/or add additional providers that are better supported
+    across web browsers (such as an authenticator app).
+</div>
+
+<hr />
+<ul>
+    <li>
+        <a stop-click href="#" ng-click="anotherMethod()">Use another two-step login method</a>
+    </li>
+    <li>
+        <a ui-sref="frontend.login.info({returnState: returnState})">Back to log in</a>
+    </li>
+</ul>

src/app/accounts/views/accountsOrganizationAccept.html

@@ -0,0 +1,32 @@
+<div class="login-box">
+    <div class="login-logo">
+        <i class="fa fa-shield"></i> <b>bit</b>warden
+    </div>
+    <div class="login-box-body">
+        <div ng-show="loading">
+            Loading...
+        </div>
+        <div ng-show="accepting">
+            Accepting invitation...
+        </div>
+        <div ng-show="!loading && !accepting">
+            <p class="login-box-msg">Join {{state.params.organizationName}}</p>
+            <p class="text-center"><strong>{{state.params.email}}</strong></p>
+            <p>
+                You've been invited to join the organization listed above.
+                To accept the invitation, you need to log in or create a new bitwarden account.
+            </p>
+            <hr />
+            <div class="row">
+                <div class="col-sm-6">
+                    <a ui-sref="frontend.login.info({returnState: state, email: state.params.email})"
+                       class="btn btn-primary btn-block btn-flat">Log In</a>
+                </div>
+                <div class="col-sm-6">
+                    <a ui-sref="frontend.register({returnState: state, email: state.params.email})"
+                       class="btn btn-primary btn-block btn-flat">Create Account</a>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>

src/app/accounts/views/accountsPasswordHint.html

@@ -0,0 +1,39 @@
+<div class="login-box">
+    <div class="login-logo">
+        <i class="fa fa-shield"></i> <b>bit</b>warden
+    </div>
+    <div class="login-box-body">
+        <p class="login-box-msg">Get your master password hint.</p>
+        <div class="text-center" ng-show="success">
+            <div class="callout callout-success">
+                If your account exists ({{model.email}}) we've sent you an email with your master password hint.
+            </div>
+            <a ui-sref="frontend.login.info">Ready to log in?</a>
+        </div>
+        <form name="passwordHintForm" ng-submit="passwordHintForm.$valid && submit(model)" ng-show="!success"
+              api-form="submitPromise">
+            <div class="callout callout-danger validation-errors" ng-show="passwordHintForm.$errors">
+                <h4>Errors have occurred</h4>
+                <ul>
+                    <li ng-repeat="e in passwordHintForm.$errors">{{e}}</li>
+                </ul>
+            </div>
+            <div class="form-group has-feedback" show-errors>
+                <label for="email" class="sr-only">Your account email address</label>
+                <input type="email" id="email" name="Email" class="form-control" placeholder="Your account email address"
+                       ng-model="model.email" required api-field />
+                <span class="fa fa-envelope form-control-feedback"></span>
+            </div>
+            <div class="row">
+                <div class="col-xs-7">
+                    <a ui-sref="frontend.login.info">Ready to log in?</a>
+                </div>
+                <div class="col-xs-5">
+                    <button type="submit" class="btn btn-primary btn-block btn-flat" ng-disabled="passwordHintForm.$loading">
+                        <i class="fa fa-refresh fa-spin loading-icon" ng-show="passwordHintForm.$loading"></i>Submit
+                    </button>
+                </div>
+            </div>
+        </form>
+    </div>
+</div>

src/app/accounts/views/accountsRecover.html

@@ -0,0 +1,56 @@
+<div class="login-box">
+    <div class="login-logo">
+        <i class="fa fa-shield"></i> <b>bit</b>warden
+    </div>
+    <div class="login-box-body">
+        <p class="login-box-msg">
+            In the event that you cannot access your account through your normal two-step login methods, you can use your
+            two-step login recovery code to disable all two-step providers on your account.
+            <a href="https://help.bitwarden.com/article/lost-two-step-device/" target="_blank">Learn more</a>
+        </p>
+        <div class="text-center" ng-show="success">
+            <div class="callout callout-success">
+                Two-step login has been successfully disabled on your account.
+            </div>
+            <a ui-sref="frontend.login.info">Ready to log in?</a>
+        </div>
+        <form name="recoverForm" ng-submit="recoverForm.$valid && submit(model)" ng-show="!success"
+              api-form="submitPromise">
+            <div class="callout callout-danger validation-errors" ng-show="recoverForm.$errors">
+                <h4>Errors have occurred</h4>
+                <ul>
+                    <li ng-repeat="e in recoverForm.$errors">{{e}}</li>
+                </ul>
+            </div>
+            <div class="form-group has-feedback" show-errors>
+                <label for="email" class="sr-only">Email</label>
+                <input type="email" id="email" name="Email" class="form-control" placeholder="Email" ng-model="model.email"
+                       required api-field />
+                <span class="fa fa-envelope form-control-feedback"></span>
+            </div>
+            <div class="form-group has-feedback" show-errors>
+                <label for="masterPassword" class="sr-only">Master Password</label>
+                <input type="password" id="masterPassword" name="MasterPasswordHash" class="form-control" placeholder="Master Password"
+                       ng-model="model.masterPassword"
+                       required api-field />
+                <span class="fa fa-lock form-control-feedback"></span>
+            </div>
+            <div class="form-group has-feedback" show-errors>
+                <label for="code" class="sr-only">Recovery code</label>
+                <input type="text" id="code" name="RecoveryCode" class="form-control" placeholder="Recovery code"
+                       ng-model="model.code" required api-field />
+                <span class="fa fa-key form-control-feedback"></span>
+            </div>
+            <div class="row">
+                <div class="col-xs-7">
+                    <a ui-sref="frontend.login.info">Ready to log in?</a>
+                </div>
+                <div class="col-xs-5">
+                    <button type="submit" class="btn btn-primary btn-block btn-flat" ng-disabled="recoverForm.$loading">
+                        <i class="fa fa-refresh fa-spin loading-icon" ng-show="recoverForm.$loading"></i>Submit
+                    </button>
+                </div>
+            </div>
+        </form>
+    </div>
+</div>

src/app/accounts/views/accountsRecoverDelete.html

@@ -0,0 +1,39 @@
+<div class="login-box">
+    <div class="login-logo">
+        <i class="fa fa-shield"></i> <b>bit</b>warden
+    </div>
+    <div class="login-box-body">
+        <p class="login-box-msg">Enter your email address below to recover &amp; delete your bitwarden account.</p>
+        <div ng-show="success" class="text-center">
+            <div class="callout callout-success">
+                If your account exists ({{model.email}}) we've sent you an email with further instructions.
+            </div>
+            <a ui-sref="frontend.login.info">Return to log in</a>
+        </div>
+        <form name="form" ng-submit="form.$valid && submit(model)" ng-show="!success"
+              api-form="submitPromise">
+            <div class="callout callout-danger validation-errors" ng-show="form.$errors">
+                <h4>Errors have occurred</h4>
+                <ul>
+                    <li ng-repeat="e in form.$errors">{{e}}</li>
+                </ul>
+            </div>
+            <div class="form-group has-feedback" show-errors>
+                <label for="email" class="sr-only">Your account email address</label>
+                <input type="email" id="email" name="Email" class="form-control" placeholder="Your account email address"
+                       ng-model="model.email" required api-field />
+                <span class="fa fa-envelope form-control-feedback"></span>
+            </div>
+            <div class="row">
+                <div class="col-xs-7">
+                    <a ui-sref="frontend.login.info">Return to log in</a>
+                </div>
+                <div class="col-xs-5">
+                    <button type="submit" class="btn btn-primary btn-block btn-flat" ng-disabled="form.$loading">
+                        <i class="fa fa-refresh fa-spin loading-icon" ng-show="form.$loading"></i>Submit
+                    </button>
+                </div>
+            </div>
+        </form>
+    </div>
+</div>

src/app/accounts/views/accountsRegister.html

@@ -0,0 +1,82 @@
+<div class="register-box">
+    <div class="register-logo">
+        <i class="fa fa-shield"></i> <b>bit</b>warden
+    </div>
+    <div class="register-box-body">
+        <p class="login-box-msg">Create a new account.</p>
+        <div class="text-center" ng-show="success">
+            <div class="callout callout-success">
+                <h4>Account Created!</h4>
+                <p>You may now log in to your new account.</p>
+            </div>
+            <a ui-sref="frontend.login.info({returnState: returnState, email: model.email})">Ready to log in?</a>
+        </div>
+        <form name="registerForm" ng-submit="registerForm.$valid && register(registerForm)" ng-show="!success"
+              api-form="registerPromise">
+            <div class="callout callout-default" ng-show="createOrg">
+                <h4>Create Organization, Step 1</h4>
+                <p>Before creating your organization, you first need to create a free personal account.</p>
+            </div>
+            <div class="callout callout-danger validation-errors" ng-show="registerForm.$errors">
+                <h4>Errors have occurred</h4>
+                <ul>
+                    <li ng-repeat="e in registerForm.$errors">{{e}}</li>
+                </ul>
+            </div>
+            <div class="form-group has-feedback" show-errors>
+                <label for="email" class="sr-only">Email</label>
+                <input type="email" id="email" name="Email" class="form-control" placeholder="Email" ng-model="model.email"
+                       ng-readonly="readOnlyEmail" required api-field />
+                <span class="fa fa-envelope form-control-feedback"></span>
+                <p class="help-block">You'll use your email address to log in.</p>
+            </div>
+            <div class="form-group has-feedback" show-errors>
+                <label for="name" class="sr-only">Your Name</label>
+                <input type="text" id="name" name="Name" class="form-control" ng-model="model.name"
+                       placeholder="Your Name" api-field>
+                <span class="fa fa-user form-control-feedback"></span>
+                <p class="help-block">What should we call you?</p>
+            </div>
+            <div class="form-group has-feedback" show-errors>
+                <label for="masterPassword" class="sr-only">Master Password</label>
+                <input type="password" id="masterPassword" name="MasterPasswordHash" class="form-control"
+                       ng-model="model.masterPassword" placeholder="Master Password" required api-field>
+                <span class="fa fa-lock form-control-feedback"></span>
+                <p class="help-block">The master password is the password you use to access your vault.</p>
+            </div>
+            <div class="form-group has-feedback" show-errors>
+                <label form="confirmMasterPassword" class="sr-only">Re-type Master Password</label>
+                <input type="password" id="confirmMasterPassword" name="ConfirmMasterPassword" class="form-control"
+                       placeholder="Re-type Master Password"
+                       ng-model="model.confirmMasterPassword" required api-field>
+                <span class="fa fa-lock form-control-feedback"></span>
+                <p class="help-block">
+                    It is very important that you do not forget your master password.
+                    There is <u>no way</u> to recover the password in the event that you forget it.
+                </p>
+            </div>
+            <div class="form-group has-feedback" show-errors>
+                <label for="hint" class="sr-only">Master Password Hint (optional)</label>
+                <input type="text" id="hint" name="MasterPasswordHint" class="form-control" ng-model="model.masterPasswordHint"
+                       placeholder="Master Password Hint (optional)" api-field>
+                <span class="fa fa-lightbulb-o form-control-feedback"></span>
+                <p class="help-block">A master password hint can help you remember your password if you forget it.</p>
+            </div>
+            <div class="row">
+                <div class="col-xs-7">
+                    <a ui-sref="frontend.login.info({returnState: returnState})">Already have an account?</a>
+                </div>
+                <div class="col-xs-5">
+                    <button type="submit" class="btn btn-primary btn-block btn-flat" ng-disabled="registerForm.$loading">
+                        <i class="fa fa-refresh fa-spin loading-icon" ng-show="registerForm.$loading"></i>Submit
+                    </button>
+                </div>
+            </div>
+            <hr />
+            By clicking the above "Submit" button, you are agreeing to the
+            <a href="https://bitwarden.com/terms/" target="_blank">Terms of Service</a>
+            and the
+            <a href="https://bitwarden.com/privacy/" target="_blank">Privacy Policy</a>.
+        </form>
+    </div>
+</div>

src/app/accounts/views/accountsTwoFactorMethods.html

@@ -0,0 +1,25 @@
+<div class="modal-header">
+    <button type="button" class="close" ng-click="close()" aria-label="Close"><span aria-hidden="true">&times;</span></button>
+    <h4 class="modal-title"><i class="fa fa-key"></i> Two-step Providers</h4>
+</div>
+<div class="modal-body">
+    <div class="list-group" ng-repeat="provider in providers | orderBy: 'displayOrder'">
+        <a href="#" stop-click class="list-group-item" ng-click="choose(provider)">
+            <img alt="{{::provider.name}}" ng-src="{{'images/two-factor/' + provider.image}}" class="pull-right hidden-xs" />
+            <h4 class="list-group-item-heading">{{::provider.name}}</h4>
+            <p class="list-group-item-text">{{::provider.description}}</p>
+        </a>
+    </div>
+    <div class="list-group" style="margin-bottom: 0;">
+        <a href="https://help.bitwarden.com/article/lost-two-step-device/" target="_blank" class="list-group-item">
+            <h4 class="list-group-item-heading">Recovery Code</h4>
+            <p class="list-group-item-text">
+                Lost access to all of your two-factor providers? Use your recovery code to disable
+                all two-factor providers from your account.
+            </p>
+        </a>
+    </div>
+</div>
+<div class="modal-footer">
+    <button type="button" class="btn btn-default btn-flat" ng-click="close()">Close</button>
+</div>

src/app/accounts/views/accountsVerifyEmail.html

@@ -0,0 +1,8 @@
+<div class="login-box">
+    <div class="login-logo">
+        <i class="fa fa-shield"></i> <b>bit</b>warden
+    </div>
+    <div class="login-box-body">
+        Verifying email...
+    </div>
+</div>

src/app/accounts/views/accountsVerifyRecoverDelete.html

@@ -0,0 +1,21 @@
+<div class="login-box">
+    <div class="login-logo">
+        <i class="fa fa-shield"></i> <b>bit</b>warden
+    </div>
+    <div class="login-box-body">
+        <div ng-if="deleting">
+            Deleting account...
+        </div>
+        <div ng-if="!deleting">
+            <div class="callout callout-warning">
+                <h4><i class="fa fa-warning fa-fw"></i> Warning</h4>
+                This will permanently delete your account. This cannot be undone.
+            </div>
+            <p>
+                You have requested to delete your bitwarden account (<b>{{email}}</b>).
+                Click the button below to confirm and proceed.
+            </p>
+            <button ng-click="delete()" class="btn btn-danger btn-block btn-flat">Delete Account</button>
+        </div>
+    </div>
+</div>

src/app/apiInterceptor.js

@@ -0,0 +1,29 @@
+angular
+    .module('bit')
+
+    .factory('apiInterceptor', function ($injector, $q, toastr) {
+        return {
+            request: function (config) {
+                return config;
+            },
+            response: function (response) {
+                if (response.status === 401 || response.status === 403) {
+                    $injector.get('authService').logOut();
+                    $injector.get('$state').go('frontend.login.info').then(function () {
+                        toastr.warning('Your login session has expired.', 'Logged out');
+                    });
+                }
+
+                return response || $q.when(response);
+            },
+            responseError: function (rejection) {
+                if (rejection.status === 401 || rejection.status === 403) {
+                    $injector.get('authService').logOut();
+                    $injector.get('$state').go('frontend.login.info').then(function () {
+                        toastr.warning('Your login session has expired.', 'Logged out');
+                    });
+                }
+                return $q.reject(rejection);
+            }
+        };
+    });

src/app/app.js

@@ -0,0 +1,27 @@
+angular
+    .module('bit', [
+        'ui.router',
+        'ngMessages',
+        'angular-jwt',
+        'ui.bootstrap.showErrors',
+        'toastr',
+        'angulartics',
+        // @if !selfHosted
+        'angulartics.google.analytics',
+        'angular-stripe',
+        'credit-cards',
+        // @endif
+        'angular-promise-polyfill',
+
+        'bit.directives',
+        'bit.filters',
+        'bit.services',
+
+        'bit.global',
+        'bit.accounts',
+        'bit.vault',
+        'bit.settings',
+        'bit.tools',
+        'bit.organization',
+        'bit.reports'
+    ]);

src/app/config.js

@@ -0,0 +1,382 @@
+angular
+    .module('bit')
+
+    .config(function ($stateProvider, $urlRouterProvider, $httpProvider, jwtInterceptorProvider, jwtOptionsProvider,
+        $uibTooltipProvider, toastrConfig, $locationProvider, $qProvider, appSettings
+        // @if !selfHosted
+        , stripeProvider
+        // @endif
+    ) {
+        angular.extend(appSettings, window.bitwardenAppSettings);
+
+        $qProvider.errorOnUnhandledRejections(false);
+        $locationProvider.hashPrefix('');
+
+        var jwtConfig = {
+            // Using Content-Language header since it is unused and is a CORS-safelisted header. This avoids pre-flights.
+            authHeader: 'Content-Language',
+            whiteListedDomains: appSettings.whitelistDomains
+        };
+
+        // Safari doesn't work with unconventional "Content-Language" header for CORS.
+        // See notes here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
+        var userAgent = navigator.userAgent.toLowerCase();
+        if (userAgent.indexOf('safari') > -1 && userAgent.indexOf('chrome') === -1) {
+            jwtConfig = {
+                urlParam: 'access_token',
+                whiteListedDomains: appSettings.whitelistDomains
+            };
+        }
+
+        jwtOptionsProvider.config(jwtConfig);
+        var refreshPromise;
+        jwtInterceptorProvider.tokenGetter = /*@ngInject*/ function (options, tokenService, authService) {
+            if (options.url.indexOf(appSettings.apiUri) !== 0) {
+                return;
+            }
+
+            if (refreshPromise) {
+                return refreshPromise;
+            }
+
+            var token = tokenService.getToken();
+            if (!token) {
+                return;
+            }
+
+            if (!tokenService.tokenNeedsRefresh(token)) {
+                return token;
+            }
+
+            refreshPromise = authService.refreshAccessToken().then(function (newToken) {
+                refreshPromise = null;
+                return newToken || token;
+            });
+            return refreshPromise;
+        };
+
+        // @if !selfHosted
+        stripeProvider.setPublishableKey(appSettings.stripeKey);
+        // @endif
+
+        angular.extend(toastrConfig, {
+            closeButton: true,
+            progressBar: true,
+            showMethod: 'slideDown',
+            target: '.toast-target'
+        });
+
+        $uibTooltipProvider.options({
+            popupDelay: 600,
+            appendToBody: true
+        });
+
+        if ($httpProvider.defaults.headers.post) {
+            $httpProvider.defaults.headers.post = {};
+        }
+
+        $httpProvider.defaults.headers.post['Content-Type'] = 'text/plain; charset=utf-8';
+
+        // stop IE from caching get requests
+        if (navigator.userAgent.indexOf('MSIE') !== -1 || navigator.appVersion.indexOf('Trident/') > 0) {
+            if (!$httpProvider.defaults.headers.get) {
+                $httpProvider.defaults.headers.get = {};
+            }
+            $httpProvider.defaults.headers.get['Cache-Control'] = 'no-cache';
+            $httpProvider.defaults.headers.get.Pragma = 'no-cache';
+        }
+
+        $httpProvider.interceptors.push('apiInterceptor');
+        $httpProvider.interceptors.push('jwtInterceptor');
+
+        $urlRouterProvider.otherwise('/');
+
+        $stateProvider
+            // Backend
+            .state('backend', {
+                templateUrl: 'app/views/backendLayout.html',
+                abstract: true,
+                data: {
+                    authorize: true
+                }
+            })
+            .state('backend.user', {
+                templateUrl: 'app/views/userLayout.html',
+                abstract: true
+            })
+            .state('backend.user.vault', {
+                url: '^/vault',
+                templateUrl: 'app/vault/views/vault.html',
+                controller: 'vaultController',
+                data: {
+                    pageTitle: 'My Vault',
+                    controlSidebar: true
+                },
+                params: {
+                    refreshFromServer: false
+                }
+            })
+            .state('backend.user.shared', {
+                url: '^/shared',
+                templateUrl: 'app/vault/views/vaultShared.html',
+                controller: 'vaultSharedController',
+                data: { pageTitle: 'Shared' }
+            })
+            .state('backend.user.settings', {
+                url: '^/settings',
+                templateUrl: 'app/settings/views/settings.html',
+                controller: 'settingsController',
+                data: { pageTitle: 'Settings' }
+            })
+            .state('backend.user.settingsDomains', {
+                url: '^/settings/domains',
+                templateUrl: 'app/settings/views/settingsDomains.html',
+                controller: 'settingsDomainsController',
+                data: { pageTitle: 'Domain Settings' }
+            })
+            .state('backend.user.settingsTwoStep', {
+                url: '^/settings/two-step',
+                templateUrl: 'app/settings/views/settingsTwoStep.html',
+                controller: 'settingsTwoStepController',
+                data: { pageTitle: 'Two-step Login' }
+            })
+            .state('backend.user.settingsCreateOrg', {
+                url: '^/settings/create-organization',
+                templateUrl: 'app/settings/views/settingsCreateOrganization.html',
+                controller: 'settingsCreateOrganizationController',
+                data: { pageTitle: 'Create Organization' }
+            })
+            .state('backend.user.settingsBilling', {
+                url: '^/settings/billing',
+                templateUrl: 'app/settings/views/settingsBilling.html',
+                controller: 'settingsBillingController',
+                data: { pageTitle: 'Billing' }
+            })
+            .state('backend.user.settingsPremium', {
+                url: '^/settings/premium',
+                templateUrl: 'app/settings/views/settingsPremium.html',
+                controller: 'settingsPremiumController',
+                data: { pageTitle: 'Go Premium' }
+            })
+            .state('backend.user.tools', {
+                url: '^/tools',
+                templateUrl: 'app/tools/views/tools.html',
+                controller: 'toolsController',
+                data: { pageTitle: 'Tools' }
+            })
+            .state('backend.user.reportsBreach', {
+                url: '^/reports/breach',
+                templateUrl: 'app/reports/views/reportsBreach.html',
+                controller: 'reportsBreachController',
+                data: { pageTitle: 'Data Breach Report' }
+            })
+            .state('backend.user.apps', {
+                url: '^/apps',
+                templateUrl: 'app/views/apps.html',
+                controller: 'appsController',
+                data: { pageTitle: 'Get the Apps' }
+            })
+            .state('backend.org', {
+                templateUrl: 'app/views/organizationLayout.html',
+                abstract: true
+            })
+            .state('backend.org.dashboard', {
+                url: '^/organization/:orgId',
+                templateUrl: 'app/organization/views/organizationDashboard.html',
+                controller: 'organizationDashboardController',
+                data: { pageTitle: 'Organization Dashboard' }
+            })
+            .state('backend.org.people', {
+                url: '/organization/:orgId/people',
+                templateUrl: 'app/organization/views/organizationPeople.html',
+                controller: 'organizationPeopleController',
+                data: { pageTitle: 'Organization People' }
+            })
+            .state('backend.org.collections', {
+                url: '/organization/:orgId/collections',
+                templateUrl: 'app/organization/views/organizationCollections.html',
+                controller: 'organizationCollectionsController',
+                data: { pageTitle: 'Organization Collections' }
+            })
+            .state('backend.org.settings', {
+                url: '/organization/:orgId/settings',
+                templateUrl: 'app/organization/views/organizationSettings.html',
+                controller: 'organizationSettingsController',
+                data: { pageTitle: 'Organization Settings' }
+            })
+            .state('backend.org.billing', {
+                url: '/organization/:orgId/billing',
+                templateUrl: 'app/organization/views/organizationBilling.html',
+                controller: 'organizationBillingController',
+                data: { pageTitle: 'Organization Billing' }
+            })
+            .state('backend.org.vault', {
+                url: '/organization/:orgId/vault',
+                templateUrl: 'app/organization/views/organizationVault.html',
+                controller: 'organizationVaultController',
+                data: { pageTitle: 'Organization Vault' }
+            })
+            .state('backend.org.groups', {
+                url: '/organization/:orgId/groups',
+                templateUrl: 'app/organization/views/organizationGroups.html',
+                controller: 'organizationGroupsController',
+                data: { pageTitle: 'Organization Groups' }
+            })
+
+            // Frontend
+            .state('frontend', {
+                templateUrl: 'app/views/frontendLayout.html',
+                abstract: true,
+                data: {
+                    authorize: false
+                }
+            })
+            .state('frontend.login', {
+                templateUrl: 'app/accounts/views/accountsLogin.html',
+                controller: 'accountsLoginController',
+                params: {
+                    returnState: null,
+                    email: null,
+                    premium: null,
+                    org: null
+                },
+                data: {
+                    bodyClass: 'login-page'
+                }
+            })
+            .state('frontend.login.info', {
+                url: '^/?org&premium&email',
+                templateUrl: 'app/accounts/views/accountsLoginInfo.html',
+                data: {
+                    pageTitle: 'Log In'
+                }
+            })
+            .state('frontend.login.twoFactor', {
+                url: '^/two-step?org&premium&email',
+                templateUrl: 'app/accounts/views/accountsLoginTwoFactor.html',
+                data: {
+                    pageTitle: 'Log In (Two-step)'
+                }
+            })
+            .state('frontend.logout', {
+                url: '^/logout',
+                controller: 'accountsLogoutController',
+                data: {
+                    authorize: true
+                }
+            })
+            .state('frontend.passwordHint', {
+                url: '^/password-hint',
+                templateUrl: 'app/accounts/views/accountsPasswordHint.html',
+                controller: 'accountsPasswordHintController',
+                data: {
+                    pageTitle: 'Master Password Hint',
+                    bodyClass: 'login-page'
+                }
+            })
+            .state('frontend.recover', {
+                url: '^/recover',
+                templateUrl: 'app/accounts/views/accountsRecover.html',
+                controller: 'accountsRecoverController',
+                data: {
+                    pageTitle: 'Recover Account',
+                    bodyClass: 'login-page'
+                }
+            })
+            .state('frontend.recover-delete', {
+                url: '^/recover-delete',
+                templateUrl: 'app/accounts/views/accountsRecoverDelete.html',
+                controller: 'accountsRecoverDeleteController',
+                data: {
+                    pageTitle: 'Delete Account',
+                    bodyClass: 'login-page'
+                }
+            })
+            .state('frontend.verify-recover-delete', {
+                url: '^/verify-recover-delete?userId&token&email',
+                templateUrl: 'app/accounts/views/accountsVerifyRecoverDelete.html',
+                controller: 'accountsVerifyRecoverDeleteController',
+                data: {
+                    pageTitle: 'Confirm Delete Account',
+                    bodyClass: 'login-page'
+                }
+            })
+            .state('frontend.register', {
+                url: '^/register?org&premium',
+                templateUrl: 'app/accounts/views/accountsRegister.html',
+                controller: 'accountsRegisterController',
+                params: {
+                    returnState: null,
+                    email: null,
+                    org: null,
+                    premium: null
+                },
+                data: {
+                    pageTitle: 'Register',
+                    bodyClass: 'register-page'
+                }
+            })
+            .state('frontend.organizationAccept', {
+                url: '^/accept-organization?organizationId&organizationUserId&token&email&organizationName',
+                templateUrl: 'app/accounts/views/accountsOrganizationAccept.html',
+                controller: 'accountsOrganizationAcceptController',
+                data: {
+                    pageTitle: 'Accept Organization Invite',
+                    bodyClass: 'login-page',
+                    skipAuthorize: true
+                }
+            })
+            .state('frontend.verifyEmail', {
+                url: '^/verify-email?userId&token',
+                templateUrl: 'app/accounts/views/accountsVerifyEmail.html',
+                controller: 'accountsVerifyEmailController',
+                data: {
+                    pageTitle: 'Verifying Email',
+                    bodyClass: 'login-page',
+                    skipAuthorize: true
+                }
+            });
+    })
+    .run(function ($rootScope, authService, $state) {
+        $rootScope.$on('$stateChangeSuccess', function () {
+            $('html, body').animate({ scrollTop: 0 }, 200);
+        });
+
+        $rootScope.$on('$stateChangeStart', function (event, toState, toParams) {
+            if (!toState.data || !toState.data.authorize) {
+                if (toState.data && toState.data.skipAuthorize) {
+                    return;
+                }
+
+                if (!authService.isAuthenticated()) {
+                    return;
+                }
+
+                event.preventDefault();
+                $state.go('backend.user.vault');
+                return;
+            }
+
+            if (!authService.isAuthenticated()) {
+                event.preventDefault();
+                authService.logOut();
+                $state.go('frontend.login.info');
+                return;
+            }
+
+            // user is guaranteed to be authenticated becuase of previous check
+            if (toState.name.indexOf('backend.org.') > -1 && toParams.orgId) {
+                // clear vault rootScope when visiting org admin section
+                $rootScope.vaultLogins = $rootScope.vaultFolders = null;
+
+                authService.getUserProfile().then(function (profile) {
+                    var orgs = profile.organizations;
+                    if (!orgs || !(toParams.orgId in orgs) || orgs[toParams.orgId].status !== 2 ||
+                        orgs[toParams.orgId].type === 2) {
+                        event.preventDefault();
+                        $state.go('backend.user.vault');
+                    }
+                });
+            }
+        });
+    });

src/app/constants.js

@@ -0,0 +1,138 @@
+angular.module('bit')
+    .constant('constants', {
+        rememberedEmailCookieName: 'bit.rememberedEmail',
+        encType: {
+            AesCbc256_B64: 0,
+            AesCbc128_HmacSha256_B64: 1,
+            AesCbc256_HmacSha256_B64: 2,
+            Rsa2048_OaepSha256_B64: 3,
+            Rsa2048_OaepSha1_B64: 4,
+            Rsa2048_OaepSha256_HmacSha256_B64: 5,
+            Rsa2048_OaepSha1_HmacSha256_B64: 6
+        },
+        orgUserType: {
+            owner: 0,
+            admin: 1,
+            user: 2
+        },
+        orgUserStatus: {
+            invited: 0,
+            accepted: 1,
+            confirmed: 2
+        },
+        twoFactorProvider: {
+            u2f: 4,
+            yubikey: 3,
+            duo: 2,
+            authenticator: 0,
+            email: 1,
+            remember: 5
+        },
+        twoFactorProviderInfo: [
+            {
+                type: 0,
+                name: 'Authenticator App',
+                description: 'Use an authenticator app (such as Authy or Google Authenticator) to generate time-based ' +
+                'verification codes.',
+                enabled: false,
+                active: true,
+                free: true,
+                image: 'authapp.png',
+                displayOrder: 0,
+                priority: 1,
+                requiresUsb: false
+            },
+            {
+                type: 3,
+                name: 'YubiKey OTP Security Key',
+                description: 'Use a YubiKey to access your account. Works with YubiKey 4, 4 Nano, 4C, and NEO devices.',
+                enabled: false,
+                active: true,
+                image: 'yubico.png',
+                displayOrder: 1,
+                priority: 3,
+                requiresUsb: true
+            },
+            {
+                type: 2,
+                name: 'Duo',
+                description: 'Verify with Duo Security using the Duo Mobile app, SMS, phone call, or U2F security key.',
+                enabled: false,
+                active: true,
+                image: 'duo.png',
+                displayOrder: 2,
+                priority: 2,
+                requiresUsb: false
+            },
+            {
+                type: 4,
+                name: 'FIDO U2F Security Key',
+                description: 'Use any FIDO U2F enabled security key to access your account.',
+                enabled: false,
+                active: true,
+                image: 'fido.png',
+                displayOrder: 3,
+                priority: 4,
+                requiresUsb: true
+            },
+            {
+                type: 1,
+                name: 'Email',
+                description: 'Verification codes will be emailed to you.',
+                enabled: false,
+                active: true,
+                free: true,
+                image: 'gmail.png',
+                displayOrder: 4,
+                priority: 0,
+                requiresUsb: false
+            }
+        ],
+        plans: {
+            free: {
+                basePrice: 0,
+                noAdditionalSeats: true,
+                noPayment: true,
+                upgradeSortOrder: -1
+            },
+            personal: {
+                basePrice: 1,
+                annualBasePrice: 12,
+                baseSeats: 5,
+                seatPrice: 1,
+                annualSeatPrice: 12,
+                maxAdditionalSeats: 5,
+                annualPlanType: 'personalAnnually',
+                upgradeSortOrder: 1
+            },
+            teams: {
+                basePrice: 5,
+                annualBasePrice: 60,
+                monthlyBasePrice: 8,
+                baseSeats: 5,
+                seatPrice: 2,
+                annualSeatPrice: 24,
+                monthlySeatPrice: 2.5,
+                monthPlanType: 'teamsMonthly',
+                annualPlanType: 'teamsAnnually',
+                upgradeSortOrder: 2
+            },
+            enterprise: {
+                seatPrice: 3,
+                annualSeatPrice: 36,
+                monthlySeatPrice: 4,
+                monthPlanType: 'enterpriseMonthly',
+                annualPlanType: 'enterpriseAnnually',
+                upgradeSortOrder: 3
+            }
+        },
+        storageGb: {
+            price: 0.33,
+            monthlyPrice: 0.50,
+            yearlyPrice: 4
+        },
+        premium: {
+            price: 10,
+            yearlyPrice: 10
+        }
+    });

src/app/directives/apiFieldDirective.js

@@ -0,0 +1,30 @@
+angular
+    .module('bit.directives')
+
+    .directive('apiField', function () {
+        var linkFn = function (scope, element, attrs, ngModel) {
+            ngModel.$registerApiError = registerApiError;
+            ngModel.$validators.apiValidate = apiValidator;
+
+            function apiValidator() {
+                ngModel.$setValidity('api', true);
+                return true;
+            }
+
+            function registerApiError() {
+                ngModel.$setValidity('api', false);
+            }
+        };
+
+        return {
+            require: 'ngModel',
+            restrict: 'A',
+            compile: function (elem, attrs) {
+                if (!attrs.name || attrs.name === '') {
+                    throw 'api-field element does not have a valid name attribute';
+                }
+
+                return linkFn;
+            }
+        };
+    });

src/app/directives/apiFormDirective.js

@@ -0,0 +1,45 @@
+angular
+    .module('bit.directives')
+
+    .directive('apiForm', function ($rootScope, validationService, $timeout) {
+        return {
+            require: 'form',
+            restrict: 'A',
+            link: function (scope, element, attrs, formCtrl) {
+                var watchPromise = attrs.apiForm || null;
+                if (watchPromise !== void 0) {
+                    scope.$watch(watchPromise, formSubmitted.bind(null, formCtrl, scope));
+                }
+            }
+        };
+
+        function formSubmitted(form, scope, promise) {
+            if (!promise || !promise.then) {
+                return;
+            }
+
+            // reset errors
+            form.$errors = null;
+
+            // start loading
+            form.$loading = true;
+
+            promise.then(function success(response) {
+                $timeout(function () {
+                    form.$loading = false;
+                });
+            }, function failure(reason) {
+                $timeout(function () {
+                    form.$loading = false;
+                    if (typeof reason === 'string') {
+                        validationService.addError(form, null, reason, true);
+                    }
+                    else {
+                        validationService.addErrors(form, reason);
+                    }
+                    scope.$broadcast('show-errors-check-validity');
+                    $('html, body').animate({ scrollTop: 0 }, 200);
+                });
+            });
+        }
+    });

src/app/directives/directivesModule.js

@@ -0,0 +1,2 @@
+angular
+    .module('bit.directives', []);

src/app/directives/letterAvatarDirective.js

@@ -0,0 +1,151 @@
+angular
+    .module('bit.directives')
+
+    // adaptation of https://github.com/uttesh/ngletteravatar
+    .directive('letterAvatar', function () {
+        // ref: http://stackoverflow.com/a/16348977/1090359
+        function stringToColor(str) {
+            var hash = 0,
+                i = 0;
+            for (i = 0; i < str.length; i++) {
+                hash = str.charCodeAt(i) + ((hash << 5) - hash);
+            }
+
+            var color = '#';
+            for (i = 0; i < 3; i++) {
+                var value = (hash >> (i * 8)) & 0xFF;
+                color += ('00' + value.toString(16)).substr(-2);
+            }
+
+            return color;
+        }
+
+        function getFirstLetters(data, count) {
+            var parts = data.split(' ');
+            if (parts && parts.length > 1) {
+                var text = '';
+                for (var i = 0; i < count; i++) {
+                    text += parts[i].substr(0, 1);
+                }
+                return text;
+            }
+
+            return null;
+        }
+
+        function getSvg(width, height, color) {
+            var svgTag = angular.element('<svg></svg>')
+                .attr({
+                    'xmlns': 'http://www.w3.org/2000/svg',
+                    'pointer-events': 'none',
+                    'width': width,
+                    'height': height
+                })
+                .css({
+                    'background-color': color,
+                    'width': width + 'px',
+                    'height': height + 'px'
+                });
+
+            return svgTag;
+        }
+
+        function getCharText(character, textColor, fontFamily, fontWeight, fontsize) {
+            var textTag = angular.element('<text text-anchor="middle"></text>')
+                .attr({
+                    'y': '50%',
+                    'x': '50%',
+                    'dy': '0.35em',
+                    'pointer-events': 'auto',
+                    'fill': textColor,
+                    'font-family': fontFamily
+                })
+                .text(character)
+                .css({
+                    'font-weight': fontWeight,
+                    'font-size': fontsize + 'px',
+                });
+
+            return textTag;
+        }
+
+        return {
+            restrict: 'AE',
+            replace: true,
+            scope: {
+                data: '@'
+            },
+            link: function (scope, element, attrs) {
+                var params = {
+                    charCount: attrs.charcount || 2,
+                    data: attrs.data,
+                    textColor: attrs.textcolor || '#ffffff',
+                    bgColor: attrs.bgcolor,
+                    height: attrs.avheight || 45,
+                    width: attrs.avwidth || 45,
+                    fontSize: attrs.fontsize || 20,
+                    fontWeight: attrs.fontweight || 300,
+                    fontFamily: attrs.fontfamily || 'Open Sans, HelveticaNeue-Light, Helvetica Neue Light, ' +
+                    'Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif',
+                    round: attrs.round || 'true',
+                    dynamic: attrs.dynamic || 'true',
+                    class: attrs.avclass || '',
+                    border: attrs.avborder || 'false',
+                    borderStyle: attrs.borderstyle || '3px solid white'
+                };
+
+                if (params.dynamic === 'true') {
+                    scope.$watch('data', function () {
+                        generateLetterAvatar();
+                    });
+                }
+                else {
+                    generateLetterAvatar();
+                }
+
+                function generateLetterAvatar() {
+                    var c = null,
+                        upperData = scope.data.toUpperCase();
+
+                    if (params.charCount > 1) {
+                        c = getFirstLetters(upperData, params.charCount);
+                    }
+
+                    if (!c) {
+                        c = upperData.substr(0, params.charCount);
+                    }
+
+                    var cobj = getCharText(c, params.textColor, params.fontFamily, params.fontWeight, params.fontSize);
+                    var color = params.bgColor ? params.bgColor : stringToColor(upperData);
+                    var svg = getSvg(params.width, params.height, color);
+                    svg.append(cobj);
+                    var lvcomponent = angular.element('<div>').append(svg).html();
+
+                    var svgHtml = window.btoa(unescape(encodeURIComponent(lvcomponent)));
+                    var src = 'data:image/svg+xml;base64,' + svgHtml;
+
+                    var img = angular.element('<img>').attr({ src: src, title: scope.data });
+
+                    if (params.round === 'true') {
+                        img.css('border-radius', '50%');
+                    }
+
+                    if (params.border === 'true') {
+                        img.css('border', params.borderStyle);
+                    }
+
+                    if (params.class) {
+                        img.addClass(params.class);
+                    }
+
+                    if (params.dynamic === 'true') {
+                        element.empty();
+                        element.append(img);
+                    }
+                    else {
+                        element.replaceWith(img);
+                    }
+                }
+            }
+        };
+    });

src/app/directives/masterPasswordDirective.js

@@ -0,0 +1,38 @@
+angular
+    .module('bit.directives')
+
+    .directive('masterPassword', function (cryptoService, authService) {
+        return {
+            require: 'ngModel',
+            restrict: 'A',
+            link: function (scope, elem, attr, ngModel) {
+                authService.getUserProfile().then(function (profile) {
+                    // For DOM -> model validation
+                    ngModel.$parsers.unshift(function (value) {
+                        if (!value) {
+                            return undefined;
+                        }
+
+                        return cryptoService.makeKey(value, profile.email).then(function (result) {
+                            var valid = result.keyB64 === cryptoService.getKey().keyB64;
+                            ngModel.$setValidity('masterPassword', valid);
+                            return valid ? value : undefined;
+                        });
+                    });
+
+                    // For model -> DOM validation
+                    ngModel.$formatters.unshift(function (value) {
+                        if (!value) {
+                            return undefined;
+                        }
+
+                        return cryptoService.makeKey(value, profile.email).then(function (result) {
+                            var valid = result.keyB64 === cryptoService.getKey().keyB64;
+                            ngModel.$setValidity('masterPassword', valid);
+                            return value;
+                        });
+                    });
+                });
+            }
+        };
+    });

src/app/directives/pageTitleDirective.js

@@ -0,0 +1,22 @@
+angular
+    .module('bit.directives')
+
+    .directive('pageTitle', function ($rootScope, $timeout, appSettings) {
+        return {
+            link: function (scope, element) {
+                var listener = function (event, toState, toParams, fromState, fromParams) {
+                    // Default title
+                    var title = 'bitwarden Web Vault';
+                    if (toState.data && toState.data.pageTitle) {
+                        title = toState.data.pageTitle + ' - ' + title;
+                    }
+
+                    $timeout(function () {
+                        element.text(title);
+                    });
+                };
+
+                $rootScope.$on('$stateChangeStart', listener);
+            }
+        };
+    });

src/app/directives/passwordMeterDirective.js

@@ -0,0 +1,73 @@
+angular
+    .module('bit.directives')
+
+    .directive('passwordMeter', function () {
+        return {
+            template: '<div class="progress {{outerClass}}"><div class="progress-bar progress-bar-{{valueClass}}" ' +
+                'role="progressbar" aria-valuenow="{{value}}" aria-valuemin="0" aria-valuemax="100" ' +
+                'ng-style="{width : ( value + \'%\' ) }"><span class="sr-only">{{value}}%</span></div></div>',
+            restrict: 'A',
+            scope: {
+                password: '=passwordMeter',
+                username: '=passwordMeterUsername',
+                outerClass: '@?'
+            },
+            link: function (scope) {
+                var measureStrength = function (username, password) {
+                    if (!password || password === username) {
+                        return 0;
+                    }
+
+                    var strength = password.length;
+
+                    if (username && username !== '') {
+                        if (username.indexOf(password) !== -1) strength -= 15;
+                        if (password.indexOf(username) !== -1) strength -= username.length;
+                    }
+
+                    if (password.length > 0 && password.length <= 4) strength += password.length;
+                    else if (password.length >= 5 && password.length <= 7) strength += 6;
+                    else if (password.length >= 8 && password.length <= 15) strength += 12;
+                    else if (password.length >= 16) strength += 18;
+
+                    if (password.match(/[a-z]/)) strength += 1;
+                    if (password.match(/[A-Z]/)) strength += 5;
+                    if (password.match(/\d/)) strength += 5;
+                    if (password.match(/.*\d.*\d.*\d/)) strength += 5;
+                    if (password.match(/[!,@,#,$,%,^,&,*,?,_,~]/)) strength += 5;
+                    if (password.match(/.*[!,@,#,$,%,^,&,*,?,_,~].*[!,@,#,$,%,^,&,*,?,_,~]/)) strength += 5;
+                    if (password.match(/(?=.*[a-z])(?=.*[A-Z])/)) strength += 2;
+                    if (password.match(/(?=.*\d)(?=.*[a-z])(?=.*[A-Z])/)) strength += 2;
+                    if (password.match(/(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!,@,#,$,%,^,&,*,?,_,~])/)) strength += 2;
+
+                    strength = Math.round(strength * 2);
+                    return Math.max(0, Math.min(100, strength));
+                };
+
+                var getClass = function (strength) {
+                    switch (Math.round(strength / 33)) {
+                        case 0:
+                        case 1:
+                            return 'danger';
+                        case 2:
+                            return 'warning';
+                        case 3:
+                            return 'success';
+                    }
+                };
+
+                var updateMeter = function (scope) {
+                    scope.value = measureStrength(scope.username, scope.password);
+                    scope.valueClass = getClass(scope.value);
+                };
+
+                scope.$watch('password', function () {
+                    updateMeter(scope);
+                });
+
+                scope.$watch('username', function () {
+                    updateMeter(scope);
+                });
+            },
+        };
+    });

src/app/directives/passwordViewerDirective.js

@@ -0,0 +1,27 @@
+angular
+    .module('bit.directives')
+
+    .directive('passwordViewer', function () {
+        return {
+            restrict: 'A',
+            link: function (scope, element, attr) {
+                var passwordViewer = attr.passwordViewer;
+                if (!passwordViewer) {
+                    return;
+                }
+
+                element.onclick = function (event) { };
+                element.on('click', function (event) {
+                    var passwordElement = $(passwordViewer);
+                    if (passwordElement && passwordElement.attr('type') === 'password') {
+                        element.removeClass('fa-eye').addClass('fa-eye-slash');
+                        passwordElement.attr('type', 'text');
+                    }
+                    else if (passwordElement && passwordElement.attr('type') === 'text') {
+                        element.removeClass('fa-eye-slash').addClass('fa-eye');
+                        passwordElement.attr('type', 'password');
+                    }
+                });
+            }
+        };
+    });

src/app/directives/stopClickDirective.js

@@ -0,0 +1,11 @@
+angular
+    .module('bit.directives')
+
+    // ref: https://stackoverflow.com/a/14165848/1090359
+    .directive('stopClick', function () {
+        return function (scope, element, attrs) {
+            $(element).click(function (event) {
+                event.preventDefault();
+            });
+        };
+    });

src/app/directives/stopPropDirective.js

@@ -0,0 +1,10 @@
+angular
+    .module('bit.directives')
+
+    .directive('stopProp', function () {
+        return function (scope, element, attrs) {
+            $(element).click(function (event) {
+                event.stopPropagation();
+            });
+        };
+    });

src/app/directives/totpDirective.js

@@ -0,0 +1,193 @@
+angular
+    .module('bit.directives')
+
+    .directive('totp', function ($timeout, $q) {
+        return {
+            template: '<div class="totp{{(low ? \' low\' : \'\')}}" ng-if="code">' +
+            '<span class="totp-countdown"><span class="totp-sec">{{sec}}</span>' +
+            '<svg><g><circle class="totp-circle inner" r="12.6" cy="16" cx="16" style="stroke-dashoffset: {{dash}}px;"></circle>' +
+            '<circle class="totp-circle outer" r="14" cy="16" cx="16"></circle></g></svg></span>' +
+            '<span class="totp-code" id="totp-code">{{codeFormatted}}</span>' +
+            '<a href="#" stop-click class="btn btn-link" ngclipboard ngclipboard-error="clipboardError(e)" ' +
+            'data-clipboard-text="{{code}}" uib-tooltip="Copy Code" tooltip-placement="right">' +
+            '<i class="fa fa-clipboard"></i></a>' +
+            '</div>',
+            restrict: 'A',
+            scope: {
+                key: '=totp'
+            },
+            link: function (scope) {
+                var interval = null;
+
+                var Totp = function () {
+                    var b32Chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
+
+                    var leftpad = function (s, l, p) {
+                        if (l + 1 >= s.length) {
+                            s = Array(l + 1 - s.length).join(p) + s;
+                        }
+                        return s;
+                    };
+
+                    var dec2hex = function (d) {
+                        return (d < 15.5 ? '0' : '') + Math.round(d).toString(16);
+                    };
+
+                    var hex2dec = function (s) {
+                        return parseInt(s, 16);
+                    };
+
+                    var hex2bytes = function (s) {
+                        var bytes = new Uint8Array(s.length / 2);
+                        for (var i = 0; i < s.length; i += 2) {
+                            bytes[i / 2] = parseInt(s.substr(i, 2), 16);
+                        }
+                        return bytes;
+                    };
+
+                    var buff2hex = function (buff) {
+                        var bytes = new Uint8Array(buff);
+                        var hex = [];
+                        for (var i = 0; i < bytes.length; i++) {
+                            hex.push((bytes[i] >>> 4).toString(16));
+                            hex.push((bytes[i] & 0xF).toString(16));
+                        }
+                        return hex.join('');
+                    };
+
+                    var b32tohex = function (s) {
+                        s = s.toUpperCase();
+                        var cleanedInput = '';
+                        var i;
+                        for (i = 0; i < s.length; i++) {
+                            if (b32Chars.indexOf(s[i]) < 0) {
+                                continue;
+                            }
+
+                            cleanedInput += s[i];
+                        }
+                        s = cleanedInput;
+
+                        var bits = '';
+                        var hex = '';
+                        for (i = 0; i < s.length; i++) {
+                            var byteIndex = b32Chars.indexOf(s.charAt(i));
+                            if (byteIndex < 0) {
+                                continue;
+                            }
+                            bits += leftpad(byteIndex.toString(2), 5, '0');
+                        }
+                        for (i = 0; i + 4 <= bits.length; i += 4) {
+                            var chunk = bits.substr(i, 4);
+                            hex = hex + parseInt(chunk, 2).toString(16);
+                        }
+                        return hex;
+                    };
+
+                    var b32tobytes = function (s) {
+                        return hex2bytes(b32tohex(s));
+                    };
+
+                    var sign = function (keyBytes, timeBytes) {
+                        return window.crypto.subtle.importKey('raw', keyBytes,
+                            { name: 'HMAC', hash: { name: 'SHA-1' } }, false, ['sign']).then(function (key) {
+                                return window.crypto.subtle.sign({ name: 'HMAC', hash: { name: 'SHA-1' } }, key, timeBytes);
+                            }).then(function (signature) {
+                                return buff2hex(signature);
+                            }).catch(function (err) {
+                                return null;
+                            });
+                    };
+
+                    this.getCode = function (keyb32) {
+                        var epoch = Math.round(new Date().getTime() / 1000.0);
+                        var timeHex = leftpad(dec2hex(Math.floor(epoch / 30)), 16, '0');
+                        var timeBytes = hex2bytes(timeHex);
+                        var keyBytes = b32tobytes(keyb32);
+
+                        if (!keyBytes.length || !timeBytes.length) {
+                            return $q(function (resolve, reject) {
+                                resolve(null);
+                            });
+                        }
+
+                        return sign(keyBytes, timeBytes).then(function (hashHex) {
+                            if (!hashHex) {
+                                return null;
+                            }
+
+                            var offset = hex2dec(hashHex.substring(hashHex.length - 1));
+                            var otp = (hex2dec(hashHex.substr(offset * 2, 8)) & hex2dec('7fffffff')) + '';
+                            otp = (otp).substr(otp.length - 6, 6);
+                            return otp;
+                        });
+                    };
+                };
+
+                var totp = new Totp();
+
+                var updateCode = function (scope) {
+                    totp.getCode(scope.key).then(function (code) {
+                        $timeout(function () {
+                            if (code) {
+                                scope.codeFormatted = code.substring(0, 3) + ' ' + code.substring(3);
+                                scope.code = code;
+                            }
+                            else {
+                                scope.code = null;
+                                if (interval) {
+                                    clearInterval(interval);
+                                }
+                            }
+                        });
+                    });
+                };
+
+                var tick = function (scope) {
+                    $timeout(function () {
+                        var epoch = Math.round(new Date().getTime() / 1000.0);
+                        var mod = epoch % 30;
+                        var sec = 30 - mod;
+
+                        scope.sec = sec;
+                        scope.dash = (2.62 * mod).toFixed(2);
+                        scope.low = sec <= 7;
+                        if (mod === 0) {
+                            updateCode(scope);
+                        }
+                    });
+                };
+
+                scope.$watch('key', function () {
+                    if (!scope.key) {
+                        scope.code = null;
+                        if (interval) {
+                            clearInterval(interval);
+                        }
+                        return;
+                    }
+
+                    updateCode(scope);
+                    tick(scope);
+
+                    if (interval) {
+                        clearInterval(interval);
+                    }
+
+                    interval = setInterval(function () {
+                        tick(scope);
+                    }, 1000);
+                });
+
+                scope.$on('$destroy', function () {
+                    if (interval) {
+                        clearInterval(interval);
+                    }
+                });
+
+                scope.clipboardError = function (e) {
+                    alert('Your web browser does not support easy clipboard copying.');
+                };
+            },
+        };
+    });

src/app/filters/enumLabelClassFilter.js

@@ -0,0 +1,32 @@
+angular
+    .module('bit.filters')
+
+    .filter('enumLabelClass', function () {
+        return function (input, name) {
+            if (typeof input !== 'number') {
+                return input.toString();
+            }
+
+            var output;
+            switch (name) {
+                case 'OrgUserStatus':
+                    switch (input) {
+                        case 0:
+                            output = 'label-default';
+                            break;
+                        case 1:
+                            output = 'label-warning';
+                            break;
+                        case 2:
+                        /* falls through */
+                        default:
+                            output = 'label-success';
+                    }
+                    break;
+                default:
+                    output = 'label-default';
+            }
+
+            return output;
+        };
+    });

src/app/filters/enumNameFilter.js

@@ -0,0 +1,46 @@
+angular
+    .module('bit.filters')
+
+    .filter('enumName', function () {
+        return function (input, name) {
+            if (typeof input !== 'number') {
+                return input.toString();
+            }
+
+            var output;
+            switch (name) {
+                case 'OrgUserStatus':
+                    switch (input) {
+                        case 0:
+                            output = 'Invited';
+                            break;
+                        case 1:
+                            output = 'Accepted';
+                            break;
+                        case 2:
+                        /* falls through */
+                        default:
+                            output = 'Confirmed';
+                    }
+                    break;
+                case 'OrgUserType':
+                    switch (input) {
+                        case 0:
+                            output = 'Owner';
+                            break;
+                        case 1:
+                            output = 'Admin';
+                            break;
+                        case 2:
+                        /* falls through */
+                        default:
+                            output = 'User';
+                    }
+                    break;
+                default:
+                    output = input.toString();
+            }
+
+            return output;
+        };
+    });

src/app/filters/filtersModule.js

@@ -0,0 +1,2 @@
+angular
+    .module('bit.filters', []);

src/app/global/appsController.js

@@ -0,0 +1,6 @@
+angular
+    .module('bit.global')
+
+    .controller('appsController', function ($scope, $state) {
+
+    });

src/app/global/globalModule.js

@@ -0,0 +1,2 @@
+angular
+    .module('bit.global', []);

src/app/global/mainController.js

@@ -0,0 +1,187 @@
+angular
+    .module('bit.global')
+
+    .controller('mainController', function ($scope, $state, authService, appSettings, toastr, $window, $document,
+        cryptoService, $uibModal, apiService) {
+        var vm = this;
+        vm.skinClass = appSettings.selfHosted ? 'skin-blue-light' : 'skin-blue';
+        vm.bodyClass = '';
+        vm.usingControlSidebar = vm.openControlSidebar = false;
+        vm.searchVaultText = null;
+        vm.version = appSettings.version;
+        vm.outdatedBrowser = $window.navigator.userAgent.indexOf('MSIE') !== -1 ||
+            $window.navigator.userAgent.indexOf('SamsungBrowser') !== -1;
+
+        $scope.currentYear = new Date().getFullYear();
+
+        $scope.$on('$viewContentLoaded', function () {
+            authService.getUserProfile().then(function (profile) {
+                vm.userProfile = profile;
+            });
+
+            if ($.AdminLTE) {
+                if ($.AdminLTE.layout) {
+                    $.AdminLTE.layout.fix();
+                    $.AdminLTE.layout.fixSidebar();
+                }
+
+                if ($.AdminLTE.pushMenu) {
+                    $.AdminLTE.pushMenu.expandOnHover();
+                }
+
+                $document.off('click', '.sidebar li a');
+            }
+        });
+
+        $scope.$on('$stateChangeSuccess', function (event, toState, toParams, fromState, fromParams) {
+            vm.usingEncKey = !!cryptoService.getEncKey();
+            vm.searchVaultText = null;
+
+            if (toState.data.bodyClass) {
+                vm.bodyClass = toState.data.bodyClass;
+                return;
+            }
+            else {
+                vm.bodyClass = '';
+            }
+
+            vm.usingControlSidebar = !!toState.data.controlSidebar;
+            vm.openControlSidebar = vm.usingControlSidebar && $document.width() > 768;
+        });
+
+        $scope.addLogin = function () {
+            $scope.$broadcast('vaultAddLogin');
+        };
+
+        $scope.addFolder = function () {
+            $scope.$broadcast('vaultAddFolder');
+        };
+
+        $scope.addOrganizationLogin = function () {
+            $scope.$broadcast('organizationVaultAddLogin');
+        };
+
+        $scope.addOrganizationCollection = function () {
+            $scope.$broadcast('organizationCollectionsAdd');
+        };
+
+        $scope.inviteOrganizationUser = function () {
+            $scope.$broadcast('organizationPeopleInvite');
+        };
+
+        $scope.addOrganizationGroup = function () {
+            $scope.$broadcast('organizationGroupsAdd');
+        };
+
+        $scope.updateKey = function () {
+            $uibModal.open({
+                animation: true,
+                templateUrl: 'app/settings/views/settingsUpdateKey.html',
+                controller: 'settingsUpdateKeyController'
+            });
+        };
+
+        $scope.verifyEmail = function () {
+            if ($scope.sendingVerify) {
+                return;
+            }
+
+            $scope.sendingVerify = true;
+            apiService.accounts.verifyEmail({}, null).$promise.then(function () {
+                toastr.success('Verification email sent.');
+                $scope.sendingVerify = false;
+                $scope.verifyEmailSent = true;
+            }).catch(function () {
+                toastr.success('Verification email failed.');
+                $scope.sendingVerify = false;
+            });
+        };
+
+        $scope.updateBrowser = function () {
+            $window.open('https://browser-update.org/update.html', '_blank');
+        };
+
+        // Append dropdown menu somewhere else
+        var bodyScrollbarWidth,
+            appendedDropdownMenu,
+            appendedDropdownMenuParent;
+
+        var dropdownHelpers = {
+            scrollbarWidth: function () {
+                if (!bodyScrollbarWidth) {
+                    var bodyElem = $('body');
+                    bodyElem.addClass('bit-position-body-scrollbar-measure');
+                    bodyScrollbarWidth = $window.innerWidth - bodyElem[0].clientWidth;
+                    bodyScrollbarWidth = isFinite(bodyScrollbarWidth) ? bodyScrollbarWidth : 0;
+                    bodyElem.removeClass('bit-position-body-scrollbar-measure');
+                }
+
+                return bodyScrollbarWidth;
+            },
+            scrollbarInfo: function () {
+                return {
+                    width: dropdownHelpers.scrollbarWidth(),
+                    visible: $document.height() > $($window).height()
+                };
+            }
+        };
+
+        $(window).on('show.bs.dropdown', function (e) {
+            /*jshint -W120 */
+            var target = appendedDropdownMenuParent = $(e.target);
+
+            var appendTo = target.data('appendTo');
+            if (!appendTo) {
+                return true;
+            }
+
+            appendedDropdownMenu = target.find('.dropdown-menu');
+            var appendToEl = $(appendTo);
+            appendToEl.append(appendedDropdownMenu.detach());
+
+            var offset = target.offset();
+            var css = {
+                display: 'block',
+                top: offset.top + target.outerHeight() - (appendTo !== 'body' ? $(window).scrollTop() : 0)
+            };
+
+            if (appendedDropdownMenu.hasClass('dropdown-menu-right')) {
+                var scrollbarInfo = dropdownHelpers.scrollbarInfo();
+                var scrollbarWidth = 0;
+                if (scrollbarInfo.visible && scrollbarInfo.width) {
+                    scrollbarWidth = scrollbarInfo.width;
+                }
+
+                css.right = $window.innerWidth - scrollbarWidth - (offset.left + target.prop('offsetWidth')) + 'px';
+                css.left = 'auto';
+            }
+            else {
+                css.left = offset.left + 'px';
+                css.right = 'auto';
+            }
+
+            appendedDropdownMenu.css(css);
+        });
+
+        $(window).on('hide.bs.dropdown', function (e) {
+            if (!appendedDropdownMenu) {
+                return true;
+            }
+
+            $(e.target).append(appendedDropdownMenu.detach());
+            appendedDropdownMenu.hide();
+            appendedDropdownMenu = null;
+            appendedDropdownMenuParent = null;
+        });
+
+        $scope.$on('removeAppendedDropdownMenu', function (event, args) {
+            if (!appendedDropdownMenu && !appendedDropdownMenuParent) {
+                return true;
+            }
+
+            appendedDropdownMenuParent.append(appendedDropdownMenu.detach());
+            appendedDropdownMenu.hide();
+            appendedDropdownMenu = null;
+            appendedDropdownMenuParent = null;
+        });
+    });

src/app/global/paidOrgRequiredController.js

@@ -0,0 +1,26 @@
+angular
+    .module('bit.global')
+
+    .controller('paidOrgRequiredController', function ($scope, $state, $uibModalInstance, $analytics, $uibModalStack, orgId,
+        constants, authService) {
+        $analytics.eventTrack('paidOrgRequiredController', { category: 'Modal' });
+
+        authService.getUserProfile().then(function (profile) {
+            $scope.admin = profile.organizations[orgId].type !== constants.orgUserType.user;
+        });
+
+        $scope.go = function () {
+            if (!$scope.admin) {
+                return;
+            }
+
+            $analytics.eventTrack('Get Paid Org');
+            $state.go('backend.org.billing', { orgId: orgId }).then(function () {
+                $uibModalStack.dismissAll();
+            });
+        };
+
+        $scope.close = function () {
+            $uibModalInstance.dismiss('close');
+        };
+    });

src/app/global/premiumRequiredController.js

@@ -0,0 +1,17 @@
+angular
+    .module('bit.global')
+
+    .controller('premiumRequiredController', function ($scope, $state, $uibModalInstance, $analytics, $uibModalStack) {
+        $analytics.eventTrack('premiumRequiredController', { category: 'Modal' });
+
+        $scope.go = function () {
+            $analytics.eventTrack('Get Premium');
+            $state.go('backend.user.settingsPremium').then(function () {
+                $uibModalStack.dismissAll();
+            });
+        };
+
+        $scope.close = function () {
+            $uibModalInstance.dismiss('close');
+        };
+    });

src/app/global/sideNavController.js

@@ -0,0 +1,65 @@
+angular
+    .module('bit.global')
+
+    .controller('sideNavController', function ($scope, $state, authService, toastr, $analytics, constants, appSettings) {
+        $scope.$state = $state;
+        $scope.params = $state.params;
+        $scope.orgs = [];
+        $scope.name = '';
+
+        if(appSettings.selfHosted) {
+            $scope.orgIconBgColor = '#ffffff';
+            $scope.orgIconBorder = '3px solid #a0a0a0';
+            $scope.orgIconTextColor = '#333333';
+        }
+        else {
+            $scope.orgIconBgColor = '#2c3b41';
+            $scope.orgIconBorder = '3px solid #1a2226';
+            $scope.orgIconTextColor = '#ffffff';
+        }
+
+        authService.getUserProfile().then(function (userProfile) {
+            $scope.name = userProfile.extended && userProfile.extended.name ?
+                userProfile.extended.name : userProfile.email;
+
+            if (!userProfile.organizations) {
+                return;
+            }
+
+            if ($state.includes('backend.org') && ($state.params.orgId in userProfile.organizations)) {
+                $scope.orgProfile = userProfile.organizations[$state.params.orgId];
+            }
+            else {
+                var orgs = [];
+                for (var orgId in userProfile.organizations) {
+                    if (userProfile.organizations.hasOwnProperty(orgId) &&
+                        (userProfile.organizations[orgId].enabled || userProfile.organizations[orgId].type < 2)) { // 2 = User
+                        orgs.push(userProfile.organizations[orgId]);
+                    }
+                }
+                $scope.orgs = orgs;
+            }
+        });
+
+        $scope.viewOrganization = function (org) {
+            if (org.type === constants.orgUserType.user) {
+                toastr.error('You cannot manage this organization.');
+                return;
+            }
+
+            $analytics.eventTrack('View Organization From Side Nav');
+            $state.go('backend.org.dashboard', { orgId: org.id });
+        };
+
+        $scope.searchVault = function () {
+            $state.go('backend.user.vault');
+        };
+
+        $scope.searchOrganizationVault = function () {
+            $state.go('backend.org.vault', { orgId: $state.params.orgId });
+        };
+
+        $scope.isOrgOwner = function (org) {
+            return org && org.type === constants.orgUserType.owner;
+        };
+    });

src/app/global/topNavController.js

@@ -0,0 +1,14 @@
+angular
+    .module('bit.global')
+
+    .controller('topNavController', function ($scope) {
+        $scope.toggleControlSidebar = function () {
+            var bod = $('body');
+            if (!bod.hasClass('control-sidebar-open')) {
+                bod.addClass('control-sidebar-open');
+            }
+            else {
+                bod.removeClass('control-sidebar-open');
+            }
+        };
+    });

src/app/organization/organizationBillingAdjustSeatsController.js

@@ -0,0 +1,37 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationBillingAdjustSeatsController', function ($scope, $state, $uibModalInstance, apiService,
+        $analytics, toastr, add) {
+        $analytics.eventTrack('organizationBillingAdjustSeatsController', { category: 'Modal' });
+        $scope.add = add;
+        $scope.seatAdjustment = 0;
+
+        $scope.submit = function () {
+            var request = {
+                seatAdjustment: $scope.seatAdjustment
+            };
+
+            if (!add) {
+                request.seatAdjustment *= -1;
+            }
+
+            $scope.submitPromise = apiService.organizations.putSeat({ id: $state.params.orgId }, request)
+                .$promise.then(function (response) {
+                    if (add) {
+                        $analytics.eventTrack('Added Seats');
+                        toastr.success('You have added ' + $scope.seatAdjustment + ' seats.');
+                    }
+                    else {
+                        $analytics.eventTrack('Removed Seats');
+                        toastr.success('You have removed ' + $scope.seatAdjustment + ' seats.');
+                    }
+
+                    $uibModalInstance.close();
+                });
+        };
+
+        $scope.close = function () {
+            $uibModalInstance.dismiss('cancel');
+        };
+    });

src/app/organization/organizationBillingAdjustStorageController.js

@@ -0,0 +1,37 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationBillingAdjustStorageController', function ($scope, $state, $uibModalInstance, apiService,
+        $analytics, toastr, add) {
+        $analytics.eventTrack('organizationBillingAdjustStorageController', { category: 'Modal' });
+        $scope.add = add;
+        $scope.storageAdjustment = 0;
+
+        $scope.submit = function () {
+            var request = {
+                storageGbAdjustment: $scope.storageAdjustment
+            };
+
+            if (!add) {
+                request.storageGbAdjustment *= -1;
+            }
+
+            $scope.submitPromise = apiService.organizations.putStorage({ id: $state.params.orgId }, request)
+                .$promise.then(function (response) {
+                    if (add) {
+                        $analytics.eventTrack('Added Organization Storage');
+                        toastr.success('You have added ' + $scope.storageAdjustment + ' GB.');
+                    }
+                    else {
+                        $analytics.eventTrack('Removed Organization Storage');
+                        toastr.success('You have removed ' + $scope.storageAdjustment + ' GB.');
+                    }
+
+                    $uibModalInstance.close();
+                });
+        };
+
+        $scope.close = function () {
+            $uibModalInstance.dismiss('cancel');
+        };
+    });

src/app/organization/organizationBillingChangePaymentController.js

@@ -0,0 +1,62 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationBillingChangePaymentController', function ($scope, $state, $uibModalInstance, apiService,
+        $analytics, toastr, existingPaymentMethod
+        // @if !selfHosted
+        , stripe
+        // @endif
+    ) {
+        $analytics.eventTrack('organizationBillingChangePaymentController', { category: 'Modal' });
+        $scope.existingPaymentMethod = existingPaymentMethod;
+        $scope.paymentMethod = 'card';
+        $scope.showPaymentOptions = true;
+        $scope.hidePaypal = true;
+        $scope.card = {};
+        $scope.bank = {};
+
+        $scope.changePaymentMethod = function (val) {
+            $scope.paymentMethod = val;
+        };
+
+        $scope.submit = function () {
+            var stripeReq = null;
+            if ($scope.paymentMethod === 'card') {
+                stripeReq = stripe.card.createToken($scope.card);
+            }
+            else if ($scope.paymentMethod === 'bank') {
+                $scope.bank.currency = 'USD';
+                $scope.bank.country = 'US';
+                stripeReq = stripe.bankAccount.createToken($scope.bank);
+            }
+            else {
+                return;
+            }
+
+            $scope.submitPromise = stripeReq.then(function (response) {
+                var request = {
+                    paymentToken: response.id
+                };
+
+                return apiService.organizations.putPayment({ id: $state.params.orgId }, request).$promise;
+            }, function (err) {
+                throw err.message;
+            }).then(function (response) {
+                $scope.card = null;
+                if (existingPaymentMethod) {
+                    $analytics.eventTrack('Changed Organization Payment Method');
+                    toastr.success('You have changed your payment method.');
+                }
+                else {
+                    $analytics.eventTrack('Added Organization Payment Method');
+                    toastr.success('You have added a payment method.');
+                }
+
+                $uibModalInstance.close();
+            });
+        };
+
+        $scope.close = function () {
+            $uibModalInstance.dismiss('cancel');
+        };
+    });

src/app/organization/organizationBillingChangePlanController.js

@@ -0,0 +1,14 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationBillingChangePlanController', function ($scope, $state, apiService, $uibModalInstance,
+        toastr, $analytics) {
+        $analytics.eventTrack('organizationBillingChangePlanController', { category: 'Modal' });
+        $scope.submit = function () {
+
+        };
+
+        $scope.close = function () {
+            $uibModalInstance.dismiss('cancel');
+        };
+    });

src/app/organization/organizationBillingController.js

@@ -0,0 +1,295 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationBillingController', function ($scope, apiService, $state, $uibModal, toastr, $analytics,
+        appSettings) {
+        $scope.selfHosted = appSettings.selfHosted;
+        $scope.charges = [];
+        $scope.paymentSource = null;
+        $scope.plan = null;
+        $scope.subscription = null;
+        $scope.loading = true;
+        var license = null;
+        $scope.expiration = null;
+
+        $scope.$on('$viewContentLoaded', function () {
+            load();
+        });
+
+        $scope.changePayment = function () {
+            if ($scope.selfHosted) {
+                return;
+            }
+
+            var modal = $uibModal.open({
+                animation: true,
+                templateUrl: 'app/settings/views/settingsBillingChangePayment.html',
+                controller: 'organizationBillingChangePaymentController',
+                resolve: {
+                    existingPaymentMethod: function () {
+                        return $scope.paymentSource ? $scope.paymentSource.description : null;
+                    }
+                }
+            });
+
+            modal.result.then(function () {
+                load();
+            });
+        };
+
+        $scope.changePlan = function () {
+            if ($scope.selfHosted) {
+                return;
+            }
+
+            var modal = $uibModal.open({
+                animation: true,
+                templateUrl: 'app/organization/views/organizationBillingChangePlan.html',
+                controller: 'organizationBillingChangePlanController',
+                resolve: {
+                    plan: function () {
+                        return $scope.plan;
+                    }
+                }
+            });
+
+            modal.result.then(function () {
+                load();
+            });
+        };
+
+        $scope.adjustSeats = function (add) {
+            if ($scope.selfHosted) {
+                return;
+            }
+
+            var modal = $uibModal.open({
+                animation: true,
+                templateUrl: 'app/organization/views/organizationBillingAdjustSeats.html',
+                controller: 'organizationBillingAdjustSeatsController',
+                resolve: {
+                    add: function () {
+                        return add;
+                    }
+                }
+            });
+
+            modal.result.then(function () {
+                load();
+            });
+        };
+
+        $scope.adjustStorage = function (add) {
+            if ($scope.selfHosted) {
+                return;
+            }
+
+            var modal = $uibModal.open({
+                animation: true,
+                templateUrl: 'app/settings/views/settingsBillingAdjustStorage.html',
+                controller: 'organizationBillingAdjustStorageController',
+                resolve: {
+                    add: function () {
+                        return add;
+                    }
+                }
+            });
+
+            modal.result.then(function () {
+                load();
+            });
+        };
+
+        $scope.verifyBank = function () {
+            if ($scope.selfHosted) {
+                return;
+            }
+
+            var modal = $uibModal.open({
+                animation: true,
+                templateUrl: 'app/organization/views/organizationBillingVerifyBank.html',
+                controller: 'organizationBillingVerifyBankController'
+            });
+
+            modal.result.then(function () {
+                load();
+            });
+        };
+
+        $scope.cancel = function () {
+            if ($scope.selfHosted) {
+                return;
+            }
+
+            if (!confirm('Are you sure you want to cancel? All users will lose access to the organization ' +
+                'at the end of this billing cycle.')) {
+                return;
+            }
+
+            apiService.organizations.putCancel({ id: $state.params.orgId }, {})
+                .$promise.then(function (response) {
+                    $analytics.eventTrack('Canceled Plan');
+                    toastr.success('Organization subscription has been canceled.');
+                    load();
+                });
+        };
+
+        $scope.reinstate = function () {
+            if ($scope.selfHosted) {
+                return;
+            }
+
+            if (!confirm('Are you sure you want to remove the cancellation request and reinstate this organization?')) {
+                return;
+            }
+
+            apiService.organizations.putReinstate({ id: $state.params.orgId }, {})
+                .$promise.then(function (response) {
+                    $analytics.eventTrack('Reinstated Plan');
+                    toastr.success('Organization cancellation request has been removed.');
+                    load();
+                });
+        };
+
+        $scope.updateLicense = function () {
+            if (!$scope.selfHosted) {
+                return;
+            }
+
+            var modal = $uibModal.open({
+                animation: true,
+                templateUrl: 'app/settings/views/settingsBillingUpdateLicense.html',
+                controller: 'organizationBillingUpdateLicenseController'
+            });
+
+            modal.result.then(function () {
+                load();
+            });
+        };
+
+        $scope.license = function () {
+            if ($scope.selfHosted) {
+                return;
+            }
+
+            var installationId = prompt("Enter your installation id");
+            if (!installationId || installationId === '') {
+                return;
+            }
+
+            apiService.organizations.getLicense({
+                id: $state.params.orgId,
+                installationId: installationId
+            }, function (license) {
+                var licenseString = JSON.stringify(license, null, 2);
+                var licenseBlob = new Blob([licenseString]);
+
+                // IE hack. ref http://msdn.microsoft.com/en-us/library/ie/hh779016.aspx
+                if (window.navigator.msSaveOrOpenBlob) {
+                    window.navigator.msSaveBlob(licenseBlob, 'bitwarden_organization_license.json');
+                }
+                else {
+                    var a = window.document.createElement('a');
+                    a.href = window.URL.createObjectURL(licenseBlob, { type: 'text/plain' });
+                    a.download = 'bitwarden_organization_license.json';
+                    document.body.appendChild(a);
+                    // IE: "Access is denied". 
+                    // ref: https://connect.microsoft.com/IE/feedback/details/797361/ie-10-treats-blob-url-as-cross-origin-and-denies-access
+                    a.click();
+                    document.body.removeChild(a);
+                }
+            }, function (err) {
+                if (err.status === 400) {
+                    toastr.error("Invalid installation id.");
+                }
+                else {
+                    toastr.error("Unable to generate license.");
+                }
+            });
+        };
+
+        function load() {
+            apiService.organizations.getBilling({ id: $state.params.orgId }, function (org) {
+                $scope.loading = false;
+                $scope.noSubscription = org.PlanType === 0;
+
+                var i = 0;
+                $scope.expiration = org.Expiration;
+                license = org.License;
+
+                $scope.plan = {
+                    name: org.Plan,
+                    type: org.PlanType,
+                    seats: org.Seats
+                };
+
+                $scope.storage = null;
+                if ($scope && org.MaxStorageGb) {
+                    $scope.storage = {
+                        currentGb: org.StorageGb || 0,
+                        maxGb: org.MaxStorageGb,
+                        currentName: org.StorageName || '0 GB'
+                    };
+
+                    $scope.storage.percentage = +(100 * ($scope.storage.currentGb / $scope.storage.maxGb)).toFixed(2);
+                }
+
+                $scope.subscription = null;
+                if (org.Subscription) {
+                    $scope.subscription = {
+                        trialEndDate: org.Subscription.TrialEndDate,
+                        cancelledDate: org.Subscription.CancelledDate,
+                        status: org.Subscription.Status,
+                        cancelled: org.Subscription.Cancelled,
+                        markedForCancel: !org.Subscription.Cancelled && org.Subscription.CancelAtEndDate
+                    };
+                }
+
+                $scope.nextInvoice = null;
+                if (org.UpcomingInvoice) {
+                    $scope.nextInvoice = {
+                        date: org.UpcomingInvoice.Date,
+                        amount: org.UpcomingInvoice.Amount
+                    };
+                }
+
+                if (org.Subscription && org.Subscription.Items) {
+                    $scope.subscription.items = [];
+                    for (i = 0; i < org.Subscription.Items.length; i++) {
+                        $scope.subscription.items.push({
+                            amount: org.Subscription.Items[i].Amount,
+                            name: org.Subscription.Items[i].Name,
+                            interval: org.Subscription.Items[i].Interval,
+                            qty: org.Subscription.Items[i].Quantity
+                        });
+                    }
+                }
+
+                $scope.paymentSource = null;
+                if (org.PaymentSource) {
+                    $scope.paymentSource = {
+                        type: org.PaymentSource.Type,
+                        description: org.PaymentSource.Description,
+                        cardBrand: org.PaymentSource.CardBrand,
+                        needsVerification: org.PaymentSource.NeedsVerification
+                    };
+                }
+
+                var charges = [];
+                for (i = 0; i < org.Charges.length; i++) {
+                    charges.push({
+                        date: org.Charges[i].CreatedDate,
+                        paymentSource: org.Charges[i].PaymentSource ? org.Charges[i].PaymentSource.Description : '-',
+                        amount: org.Charges[i].Amount,
+                        status: org.Charges[i].Status,
+                        failureMessage: org.Charges[i].FailureMessage,
+                        refunded: org.Charges[i].Refunded,
+                        partiallyRefunded: org.Charges[i].PartiallyRefunded,
+                        refundedAmount: org.Charges[i].RefundedAmount,
+                        invoiceId: org.Charges[i].InvoiceId
+                    });
+                }
+                $scope.charges = charges;
+            });
+        }
+    });

src/app/organization/organizationBillingUpdateLicenseController.js

@@ -0,0 +1,30 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationBillingUpdateLicenseController', function ($scope, $state, $uibModalInstance, apiService,
+        $analytics, toastr, validationService) {
+        $analytics.eventTrack('organizationBillingUpdateLicenseController', { category: 'Modal' });
+
+        $scope.submit = function (form) {
+            var fileEl = document.getElementById('file');
+            var files = fileEl.files;
+            if (!files || !files.length) {
+                validationService.addError(form, 'file', 'Select a license file.', true);
+                return;
+            }
+
+            var fd = new FormData();
+            fd.append('license', files[0]);
+
+            $scope.submitPromise = apiService.organizations.putLicense({ id: $state.params.orgId }, fd)
+                .$promise.then(function (response) {
+                    $analytics.eventTrack('Updated License');
+                    toastr.success('You have updated your license.');
+                    $uibModalInstance.close();
+                });
+        };
+
+        $scope.close = function () {
+            $uibModalInstance.dismiss('cancel');
+        };
+    });

src/app/organization/organizationBillingVerifyBankController.js

@@ -0,0 +1,25 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationBillingVerifyBankController', function ($scope, $state, $uibModalInstance, apiService,
+        $analytics, toastr) {
+        $analytics.eventTrack('organizationBillingVerifyBankController', { category: 'Modal' });
+
+        $scope.submit = function () {
+            var request = {
+                amount1: $scope.amount1,
+                amount2: $scope.amount2
+            };
+
+            $scope.submitPromise = apiService.organizations.postVerifyBank({ id: $state.params.orgId }, request)
+                .$promise.then(function (response) {
+                    $analytics.eventTrack('Verified Bank Account');
+                    toastr.success('You have successfully verified your bank account.');
+                    $uibModalInstance.close();
+                });
+        };
+
+        $scope.close = function () {
+            $uibModalInstance.dismiss('cancel');
+        };
+    });

src/app/organization/organizationCollectionsAddController.js

@@ -0,0 +1,120 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationCollectionsAddController', function ($scope, $state, $uibModalInstance, apiService, cipherService,
+        $analytics, authService) {
+        $analytics.eventTrack('organizationCollectionsAddController', { category: 'Modal' });
+        var groupsLength = 0;
+        $scope.groups = [];
+        $scope.selectedGroups = {};
+        $scope.loading = true;
+        $scope.useGroups = false;
+
+        $uibModalInstance.opened.then(function () {
+            return authService.getUserProfile();
+        }).then(function (profile) {
+            if (profile.organizations) {
+                var org = profile.organizations[$state.params.orgId];
+                $scope.useGroups = !!org.useGroups;
+            }
+
+            if ($scope.useGroups) {
+                return apiService.groups.listOrganization({ orgId: $state.params.orgId }).$promise;
+            }
+
+            return null;
+        }).then(function (groups) {
+            if (!groups) {
+                $scope.loading = false;
+                return;
+            }
+
+            var groupsArr = [];
+            for (var i = 0; i < groups.Data.length; i++) {
+                groupsArr.push({
+                    id: groups.Data[i].Id,
+                    name: groups.Data[i].Name,
+                    accessAll: groups.Data[i].AccessAll
+                });
+
+                if (!groups.Data[i].AccessAll) {
+                    groupsLength++;
+                }
+            }
+
+            $scope.groups = groupsArr;
+            $scope.loading = false;
+        });
+
+        $scope.toggleGroupSelectionAll = function ($event) {
+            var groups = {};
+            if ($event.target.checked) {
+                for (var i = 0; i < $scope.groups.length; i++) {
+                    groups[$scope.groups[i].id] = {
+                        id: $scope.groups[i].id,
+                        readOnly: ($scope.groups[i].id in $scope.selectedGroups) ?
+                            $scope.selectedGroups[$scope.groups[i].id].readOnly : false
+                    };
+                }
+            }
+
+            $scope.selectedGroups = groups;
+        };
+
+        $scope.toggleGroupSelection = function (id) {
+            if (id in $scope.selectedGroups) {
+                delete $scope.selectedGroups[id];
+            }
+            else {
+                $scope.selectedGroups[id] = {
+                    id: id,
+                    readOnly: false
+                };
+            }
+        };
+
+        $scope.toggleGroupReadOnlySelection = function (group) {
+            if (group.id in $scope.selectedGroups) {
+                $scope.selectedGroups[group.id].readOnly = !group.accessAll && !!!$scope.selectedGroups[group.id].readOnly;
+            }
+        };
+
+        $scope.groupSelected = function (group) {
+            return group.id in $scope.selectedGroups || group.accessAll;
+        };
+
+        $scope.allSelected = function () {
+            return Object.keys($scope.selectedGroups).length >= groupsLength;
+        };
+
+        $scope.submit = function (model) {
+            var collection = cipherService.encryptCollection(model, $state.params.orgId);
+
+            if ($scope.useGroups) {
+                collection.groups = [];
+
+                for (var groupId in $scope.selectedGroups) {
+                    if ($scope.selectedGroups.hasOwnProperty(groupId)) {
+                        for (var i = 0; i < $scope.groups.length; i++) {
+                            if ($scope.groups[i].id === $scope.selectedGroups[groupId].id) {
+                                if (!$scope.groups[i].accessAll) {
+                                    collection.groups.push($scope.selectedGroups[groupId]);
+                                }
+                                break;
+                            }
+                        }
+                    }
+                }
+            }
+
+            $scope.submitPromise = apiService.collections.post({ orgId: $state.params.orgId }, collection, function (response) {
+                $analytics.eventTrack('Created Collection');
+                var decCollection = cipherService.decryptCollection(response, $state.params.orgId, true);
+                $uibModalInstance.close(decCollection);
+            }).$promise;
+        };
+
+        $scope.close = function () {
+            $uibModalInstance.dismiss('cancel');
+        };
+    });

src/app/organization/organizationCollectionsController.js

@@ -0,0 +1,101 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationCollectionsController', function ($scope, $state, apiService, $uibModal, cipherService, $filter,
+        toastr, $analytics) {
+        $scope.collections = [];
+        $scope.loading = true;
+        $scope.$on('$viewContentLoaded', function () {
+            loadList();
+        });
+
+        $scope.$on('organizationCollectionsAdd', function (event, args) {
+            $scope.add();
+        });
+
+        $scope.add = function () {
+            var modal = $uibModal.open({
+                animation: true,
+                templateUrl: 'app/organization/views/organizationCollectionsAdd.html',
+                controller: 'organizationCollectionsAddController'
+            });
+
+            modal.result.then(function (collection) {
+                $scope.collections.push(collection);
+            });
+        };
+
+        $scope.edit = function (collection) {
+            var modal = $uibModal.open({
+                animation: true,
+                templateUrl: 'app/organization/views/organizationCollectionsEdit.html',
+                controller: 'organizationCollectionsEditController',
+                resolve: {
+                    id: function () { return collection.id; }
+                }
+            });
+
+            modal.result.then(function (editedCollection) {
+                var existingCollections = $filter('filter')($scope.collections, { id: editedCollection.id }, true);
+                if (existingCollections && existingCollections.length > 0) {
+                    existingCollections[0].name = editedCollection.name;
+                }
+            });
+        };
+
+        $scope.users = function (collection) {
+            var modal = $uibModal.open({
+                animation: true,
+                templateUrl: 'app/organization/views/organizationCollectionsUsers.html',
+                controller: 'organizationCollectionsUsersController',
+                size: 'lg',
+                resolve: {
+                    collection: function () { return collection; }
+                }
+            });
+
+            modal.result.then(function () {
+                // nothing to do
+            });
+        };
+
+        $scope.groups = function (collection) {
+            var modal = $uibModal.open({
+                animation: true,
+                templateUrl: 'app/organization/views/organizationCollectionsGroups.html',
+                controller: 'organizationCollectionsGroupsController',
+                resolve: {
+                    collection: function () { return collection; }
+                }
+            });
+
+            modal.result.then(function () {
+                // nothing to do
+            });
+        };
+
+        $scope.delete = function (collection) {
+            if (!confirm('Are you sure you want to delete this collection (' + collection.name + ')?')) {
+                return;
+            }
+
+            apiService.collections.del({ orgId: $state.params.orgId, id: collection.id }, function () {
+                var index = $scope.collections.indexOf(collection);
+                if (index > -1) {
+                    $scope.collections.splice(index, 1);
+                }
+
+                $analytics.eventTrack('Deleted Collection');
+                toastr.success(collection.name + ' has been deleted.', 'Collection Deleted');
+            }, function () {
+                toastr.error(collection.name + ' was not able to be deleted.', 'Error');
+            });
+        };
+
+        function loadList() {
+            apiService.collections.listOrganization({ orgId: $state.params.orgId }, function (list) {
+                $scope.collections = cipherService.decryptCollections(list.Data, $state.params.orgId, true);
+                $scope.loading = false;
+            });
+        }
+    });

src/app/organization/organizationCollectionsEditController.js

@@ -0,0 +1,139 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationCollectionsEditController', function ($scope, $state, $uibModalInstance, apiService, cipherService,
+        $analytics, id, authService) {
+        $analytics.eventTrack('organizationCollectionsEditController', { category: 'Modal' });
+        var groupsLength = 0;
+        $scope.collection = {};
+        $scope.groups = [];
+        $scope.selectedGroups = {};
+        $scope.loading = true;
+        $scope.useGroups = false;
+
+        $uibModalInstance.opened.then(function () {
+            return apiService.collections.getDetails({ orgId: $state.params.orgId, id: id }).$promise;
+        }).then(function (collection) {
+            $scope.collection = cipherService.decryptCollection(collection);
+
+            var groups = {};
+            if (collection.Groups) {
+                for (var i = 0; i < collection.Groups.length; i++) {
+                    groups[collection.Groups[i].Id] = {
+                        id: collection.Groups[i].Id,
+                        readOnly: collection.Groups[i].ReadOnly
+                    };
+                }
+            }
+            $scope.selectedGroups = groups;
+
+            return authService.getUserProfile();
+        }).then(function (profile) {
+            if (profile.organizations) {
+                var org = profile.organizations[$state.params.orgId];
+                $scope.useGroups = !!org.useGroups;
+            }
+
+            if ($scope.useGroups) {
+                return apiService.groups.listOrganization({ orgId: $state.params.orgId }).$promise;
+            }
+
+            return null;
+        }).then(function (groups) {
+            if (!groups) {
+                $scope.loading = false;
+                return;
+            }
+
+            var groupsArr = [];
+            for (var i = 0; i < groups.Data.length; i++) {
+                groupsArr.push({
+                    id: groups.Data[i].Id,
+                    name: groups.Data[i].Name,
+                    accessAll: groups.Data[i].AccessAll
+                });
+
+                if (!groups.Data[i].AccessAll) {
+                    groupsLength++;
+                }
+            }
+
+            $scope.groups = groupsArr;
+            $scope.loading = false;
+        });
+
+        $scope.toggleGroupSelectionAll = function ($event) {
+            var groups = {};
+            if ($event.target.checked) {
+                for (var i = 0; i < $scope.groups.length; i++) {
+                    groups[$scope.groups[i].id] = {
+                        id: $scope.groups[i].id,
+                        readOnly: ($scope.groups[i].id in $scope.selectedGroups) ?
+                            $scope.selectedGroups[$scope.groups[i].id].readOnly : false
+                    };
+                }
+            }
+
+            $scope.selectedGroups = groups;
+        };
+
+        $scope.toggleGroupSelection = function (id) {
+            if (id in $scope.selectedGroups) {
+                delete $scope.selectedGroups[id];
+            }
+            else {
+                $scope.selectedGroups[id] = {
+                    id: id,
+                    readOnly: false
+                };
+            }
+        };
+
+        $scope.toggleGroupReadOnlySelection = function (group) {
+            if (group.id in $scope.selectedGroups) {
+                $scope.selectedGroups[group.id].readOnly = !group.accessAll && !!!$scope.selectedGroups[group.id].readOnly;
+            }
+        };
+
+        $scope.groupSelected = function (group) {
+            return group.id in $scope.selectedGroups || group.accessAll;
+        };
+
+        $scope.allSelected = function () {
+            return Object.keys($scope.selectedGroups).length >= groupsLength;
+        };
+
+        $scope.submit = function (model) {
+            var collection = cipherService.encryptCollection(model, $state.params.orgId);
+
+            if ($scope.useGroups) {
+                collection.groups = [];
+
+                for (var groupId in $scope.selectedGroups) {
+                    if ($scope.selectedGroups.hasOwnProperty(groupId)) {
+                        for (var i = 0; i < $scope.groups.length; i++) {
+                            if ($scope.groups[i].id === $scope.selectedGroups[groupId].id) {
+                                if (!$scope.groups[i].accessAll) {
+                                    collection.groups.push($scope.selectedGroups[groupId]);
+                                }
+                                break;
+                            }
+                        }
+                    }
+                }
+            }
+
+            $scope.submitPromise = apiService.collections.put({
+                orgId: $state.params.orgId,
+                id: id
+            }, collection, function (response) {
+                $analytics.eventTrack('Edited Collection');
+                var decCollection = cipherService.decryptCollection(response, $state.params.orgId, true);
+                $uibModalInstance.close(decCollection);
+            }).$promise;
+        };
+
+        $scope.close = function () {
+            $uibModalInstance.dismiss('cancel');
+        };
+    });

src/app/organization/organizationCollectionsUsersController.js

@@ -0,0 +1,63 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationCollectionsUsersController', function ($scope, $state, $uibModalInstance, apiService, cipherService,
+        $analytics, collection, toastr) {
+        $analytics.eventTrack('organizationCollectionsUsersController', { category: 'Modal' });
+        $scope.loading = true;
+        $scope.collection = collection;
+        $scope.users = [];
+
+        $uibModalInstance.opened.then(function () {
+            $scope.loading = false;
+            apiService.collections.listUsers(
+                {
+                    orgId: $state.params.orgId,
+                    id: collection.id
+                },
+                function (userList) {
+                    if (userList && userList.Data.length) {
+                        var users = [];
+                        for (var i = 0; i < userList.Data.length; i++) {
+                            users.push({
+                                organizationUserId: userList.Data[i].OrganizationUserId,
+                                name: userList.Data[i].Name,
+                                email: userList.Data[i].Email,
+                                type: userList.Data[i].Type,
+                                status: userList.Data[i].Status,
+                                readOnly: userList.Data[i].ReadOnly,
+                                accessAll: userList.Data[i].AccessAll
+                            });
+                        }
+                        $scope.users = users;
+                    }
+                });
+        });
+
+        $scope.remove = function (user) {
+            if (!confirm('Are you sure you want to remove this user (' + user.email + ') from this ' +
+                'collection (' + collection.name + ')?')) {
+                return;
+            }
+
+            apiService.collections.delUser(
+                {
+                    orgId: $state.params.orgId,
+                    id: collection.id,
+                    orgUserId: user.organizationUserId
+                }, null, function () {
+                    toastr.success(user.email + ' has been removed.', 'User Removed');
+                    $analytics.eventTrack('Removed User From Collection');
+                    var index = $scope.users.indexOf(user);
+                    if (index > -1) {
+                        $scope.users.splice(index, 1);
+                    }
+                }, function () {
+                    toastr.error('Unable to remove user.', 'Error');
+                });
+        };
+
+        $scope.close = function () {
+            $uibModalInstance.dismiss('cancel');
+        };
+    });

src/app/organization/organizationDashboardController.js

@@ -0,0 +1,13 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationDashboardController', function ($scope, authService, $state) {
+        $scope.$on('$viewContentLoaded', function () {
+            authService.getUserProfile().then(function (userProfile) {
+                if (!userProfile.organizations) {
+                    return;
+                }
+                $scope.orgProfile = userProfile.organizations[$state.params.orgId];
+            });
+        });
+    });

src/app/organization/organizationDeleteController.js

@@ -0,0 +1,25 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationDeleteController', function ($scope, $state, apiService, $uibModalInstance, cryptoService,
+        authService, toastr, $analytics) {
+        $analytics.eventTrack('organizationDeleteController', { category: 'Modal' });
+        $scope.submit = function () {
+            $scope.submitPromise = cryptoService.hashPassword($scope.masterPassword).then(function (hash) {
+                return apiService.organizations.del({ id: $state.params.orgId }, {
+                    masterPasswordHash: hash
+                }).$promise;
+            }).then(function () {
+                $uibModalInstance.dismiss('cancel');
+                authService.removeProfileOrganization($state.params.orgId);
+                $analytics.eventTrack('Deleted Organization');
+                return $state.go('backend.user.vault');
+            }).then(function () {
+                toastr.success('This organization and all associated data has been deleted.', 'Organization Deleted');
+            });
+        };
+
+        $scope.close = function () {
+            $uibModalInstance.dismiss('cancel');
+        };
+    });

src/app/organization/organizationGroupsAddController.js

@@ -0,0 +1,87 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationGroupsAddController', function ($scope, $state, $uibModalInstance, apiService, cipherService,
+        $analytics) {
+        $analytics.eventTrack('organizationGroupsAddController', { category: 'Modal' });
+        $scope.collections = [];
+        $scope.selectedCollections = {};
+        $scope.loading = true;
+
+        $uibModalInstance.opened.then(function () {
+            return apiService.collections.listOrganization({ orgId: $state.params.orgId }).$promise;
+        }).then(function (collections) {
+            $scope.collections = cipherService.decryptCollections(collections.Data, $state.params.orgId, true);
+            $scope.loading = false;
+        });
+
+        $scope.toggleCollectionSelectionAll = function ($event) {
+            var collections = {};
+            if ($event.target.checked) {
+                for (var i = 0; i < $scope.collections.length; i++) {
+                    collections[$scope.collections[i].id] = {
+                        id: $scope.collections[i].id,
+                        readOnly: ($scope.collections[i].id in $scope.selectedCollections) ?
+                            $scope.selectedCollections[$scope.collections[i].id].readOnly : false
+                    };
+                }
+            }
+
+            $scope.selectedCollections = collections;
+        };
+
+        $scope.toggleCollectionSelection = function (id) {
+            if (id in $scope.selectedCollections) {
+                delete $scope.selectedCollections[id];
+            }
+            else {
+                $scope.selectedCollections[id] = {
+                    id: id,
+                    readOnly: false
+                };
+            }
+        };
+
+        $scope.toggleCollectionReadOnlySelection = function (id) {
+            if (id in $scope.selectedCollections) {
+                $scope.selectedCollections[id].readOnly = !!!$scope.selectedCollections[id].readOnly;
+            }
+        };
+
+        $scope.collectionSelected = function (collection) {
+            return collection.id in $scope.selectedCollections;
+        };
+
+        $scope.allSelected = function () {
+            return Object.keys($scope.selectedCollections).length === $scope.collections.length;
+        };
+
+        $scope.submit = function (model) {
+            var group = {
+                name: model.name,
+                accessAll: !!model.accessAll,
+                externalId: model.externalId
+            };
+
+            if (!group.accessAll) {
+                group.collections = [];
+                for (var collectionId in $scope.selectedCollections) {
+                    if ($scope.selectedCollections.hasOwnProperty(collectionId)) {
+                        group.collections.push($scope.selectedCollections[collectionId]);
+                    }
+                }
+            }
+
+            $scope.submitPromise = apiService.groups.post({ orgId: $state.params.orgId }, group, function (response) {
+                $analytics.eventTrack('Created Group');
+                $uibModalInstance.close({
+                    id: response.Id,
+                    name: response.Name
+                });
+            }).$promise;
+        };
+
+        $scope.close = function () {
+            $uibModalInstance.dismiss('cancel');
+        };
+    });

src/app/organization/organizationGroupsController.js

@@ -0,0 +1,93 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationGroupsController', function ($scope, $state, apiService, $uibModal, $filter,
+        toastr, $analytics) {
+        $scope.groups = [];
+        $scope.loading = true;
+        $scope.$on('$viewContentLoaded', function () {
+            loadList();
+        });
+
+        $scope.$on('organizationGroupsAdd', function (event, args) {
+            $scope.add();
+        });
+
+        $scope.add = function () {
+            var modal = $uibModal.open({
+                animation: true,
+                templateUrl: 'app/organization/views/organizationGroupsAdd.html',
+                controller: 'organizationGroupsAddController'
+            });
+
+            modal.result.then(function (group) {
+                $scope.groups.push(group);
+            });
+        };
+
+        $scope.edit = function (group) {
+            var modal = $uibModal.open({
+                animation: true,
+                templateUrl: 'app/organization/views/organizationGroupsEdit.html',
+                controller: 'organizationGroupsEditController',
+                resolve: {
+                    id: function () { return group.id; }
+                }
+            });
+
+            modal.result.then(function (editedGroup) {
+                var existingGroups = $filter('filter')($scope.groups, { id: editedGroup.id }, true);
+                if (existingGroups && existingGroups.length > 0) {
+                    existingGroups[0].name = editedGroup.name;
+                }
+            });
+        };
+
+        $scope.users = function (group) {
+            var modal = $uibModal.open({
+                animation: true,
+                templateUrl: 'app/organization/views/organizationGroupsUsers.html',
+                controller: 'organizationGroupsUsersController',
+                size: 'lg',
+                resolve: {
+                    group: function () { return group; }
+                }
+            });
+
+            modal.result.then(function () {
+                // nothing to do
+            });
+        };
+
+        $scope.delete = function (group) {
+            if (!confirm('Are you sure you want to delete this group (' + group.name + ')?')) {
+                return;
+            }
+
+            apiService.groups.del({ orgId: $state.params.orgId, id: group.id }, function () {
+                var index = $scope.groups.indexOf(group);
+                if (index > -1) {
+                    $scope.groups.splice(index, 1);
+                }
+
+                $analytics.eventTrack('Deleted Group');
+                toastr.success(group.name + ' has been deleted.', 'Group Deleted');
+            }, function () {
+                toastr.error(group.name + ' was not able to be deleted.', 'Error');
+            });
+        };
+
+        function loadList() {
+            apiService.groups.listOrganization({ orgId: $state.params.orgId }, function (list) {
+                var groups = [];
+                for (var i = 0; i < list.Data.length; i++) {
+                    groups.push({
+                        id: list.Data[i].Id,
+                        name: list.Data[i].Name
+                    });
+                }
+                $scope.groups = groups;
+                $scope.loading = false;
+            });
+        }
+    });

src/app/organization/organizationGroupsEditController.js

@@ -0,0 +1,110 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationGroupsEditController', function ($scope, $state, $uibModalInstance, apiService, cipherService,
+        $analytics, id) {
+        $analytics.eventTrack('organizationGroupsEditController', { category: 'Modal' });
+        $scope.collections = [];
+        $scope.selectedCollections = {};
+        $scope.loading = true;
+
+        $uibModalInstance.opened.then(function () {
+            return apiService.groups.getDetails({ orgId: $state.params.orgId, id: id }).$promise;
+        }).then(function (group) {
+            $scope.group = {
+                id: id,
+                name: group.Name,
+                externalId: group.ExternalId,
+                accessAll: group.AccessAll
+            };
+
+            var collections = {};
+            if (group.Collections) {
+                for (var i = 0; i < group.Collections.length; i++) {
+                    collections[group.Collections[i].Id] = {
+                        id: group.Collections[i].Id,
+                        readOnly: group.Collections[i].ReadOnly
+                    };
+                }
+            }
+            $scope.selectedCollections = collections;
+
+            return apiService.collections.listOrganization({ orgId: $state.params.orgId }).$promise;
+        }).then(function (collections) {
+            $scope.collections = cipherService.decryptCollections(collections.Data, $state.params.orgId, true);
+            $scope.loading = false;
+        });
+
+        $scope.toggleCollectionSelectionAll = function ($event) {
+            var collections = {};
+            if ($event.target.checked) {
+                for (var i = 0; i < $scope.collections.length; i++) {
+                    collections[$scope.collections[i].id] = {
+                        id: $scope.collections[i].id,
+                        readOnly: ($scope.collections[i].id in $scope.selectedCollections) ?
+                            $scope.selectedCollections[$scope.collections[i].id].readOnly : false
+                    };
+                }
+            }
+
+            $scope.selectedCollections = collections;
+        };
+
+        $scope.toggleCollectionSelection = function (id) {
+            if (id in $scope.selectedCollections) {
+                delete $scope.selectedCollections[id];
+            }
+            else {
+                $scope.selectedCollections[id] = {
+                    id: id,
+                    readOnly: false
+                };
+            }
+        };
+
+        $scope.toggleCollectionReadOnlySelection = function (id) {
+            if (id in $scope.selectedCollections) {
+                $scope.selectedCollections[id].readOnly = !!!$scope.selectedCollections[id].readOnly;
+            }
+        };
+
+        $scope.collectionSelected = function (collection) {
+            return collection.id in $scope.selectedCollections;
+        };
+
+        $scope.allSelected = function () {
+            return Object.keys($scope.selectedCollections).length === $scope.collections.length;
+        };
+
+        $scope.submit = function () {
+            var group = {
+                name: $scope.group.name,
+                accessAll: !!$scope.group.accessAll,
+                externalId: $scope.group.externalId
+            };
+
+            if (!group.accessAll) {
+                group.collections = [];
+                for (var collectionId in $scope.selectedCollections) {
+                    if ($scope.selectedCollections.hasOwnProperty(collectionId)) {
+                        group.collections.push($scope.selectedCollections[collectionId]);
+                    }
+                }
+            }
+
+            $scope.submitPromise = apiService.groups.put({
+                orgId: $state.params.orgId,
+                id: id
+            }, group, function (response) {
+                $analytics.eventTrack('Edited Group');
+                $uibModalInstance.close({
+                    id: response.Id,
+                    name: response.Name
+                });
+            }).$promise;
+        };
+
+        $scope.close = function () {
+            $uibModalInstance.dismiss('cancel');
+        };
+    });

src/app/organization/organizationGroupsUsersController.js

@@ -0,0 +1,57 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationGroupsUsersController', function ($scope, $state, $uibModalInstance, apiService,
+        $analytics, group, toastr) {
+        $analytics.eventTrack('organizationGroupUsersController', { category: 'Modal' });
+        $scope.loading = true;
+        $scope.group = group;
+        $scope.users = [];
+
+        $uibModalInstance.opened.then(function () {
+            return apiService.groups.listUsers({
+                orgId: $state.params.orgId,
+                id: group.id
+            }).$promise;
+        }).then(function (userList) {
+            var users = [];
+            if (userList && userList.Data.length) {
+                for (var i = 0; i < userList.Data.length; i++) {
+                    users.push({
+                        organizationUserId: userList.Data[i].OrganizationUserId,
+                        name: userList.Data[i].Name,
+                        email: userList.Data[i].Email,
+                        type: userList.Data[i].Type,
+                        status: userList.Data[i].Status,
+                        accessAll: userList.Data[i].AccessAll
+                    });
+                }
+            }
+
+            $scope.users = users;
+            $scope.loading = false;
+        });
+
+        $scope.remove = function (user) {
+            if (!confirm('Are you sure you want to remove this user (' + user.email + ') from this ' +
+                'group (' + group.name + ')?')) {
+                return;
+            }
+
+            apiService.groups.delUser({ orgId: $state.params.orgId, id: group.id, orgUserId: user.organizationUserId }, null,
+                function () {
+                    toastr.success(user.email + ' has been removed.', 'User Removed');
+                    $analytics.eventTrack('Removed User From Group');
+                    var index = $scope.users.indexOf(user);
+                    if (index > -1) {
+                        $scope.users.splice(index, 1);
+                    }
+                }, function () {
+                    toastr.error('Unable to remove user.', 'Error');
+                });
+        };
+
+        $scope.close = function () {
+            $uibModalInstance.dismiss('cancel');
+        };
+    });

src/app/organization/organizationModule.js

@@ -0,0 +1,2 @@
+angular
+    .module('bit.organization', ['ui.bootstrap']);

src/app/organization/organizationPeopleController.js

@@ -0,0 +1,134 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationPeopleController', function ($scope, $state, $uibModal, cryptoService, apiService, authService,
+        toastr, $analytics) {
+        $scope.users = [];
+        $scope.useGroups = false;
+
+        $scope.$on('$viewContentLoaded', function () {
+            loadList();
+
+            authService.getUserProfile().then(function (profile) {
+                if (profile.organizations) {
+                    var org = profile.organizations[$state.params.orgId];
+                    $scope.useGroups = !!org.useGroups;
+                }
+            });
+        });
+
+        $scope.reinvite = function (user) {
+            apiService.organizationUsers.reinvite({ orgId: $state.params.orgId, id: user.id }, null, function () {
+                $analytics.eventTrack('Reinvited User');
+                toastr.success(user.email + ' has been invited again.', 'User Invited');
+            }, function () {
+                toastr.error('Unable to invite user.', 'Error');
+            });
+        };
+
+        $scope.delete = function (user) {
+            if (!confirm('Are you sure you want to remove this user (' + user.email + ')?')) {
+                return;
+            }
+
+            apiService.organizationUsers.del({ orgId: $state.params.orgId, id: user.id }, null, function () {
+                $analytics.eventTrack('Deleted User');
+                toastr.success(user.email + ' has been removed.', 'User Removed');
+                var index = $scope.users.indexOf(user);
+                if (index > -1) {
+                    $scope.users.splice(index, 1);
+                }
+            }, function () {
+                toastr.error('Unable to remove user.', 'Error');
+            });
+        };
+
+        $scope.confirm = function (user) {
+            apiService.users.getPublicKey({ id: user.userId }, function (userKey) {
+                var orgKey = cryptoService.getOrgKey($state.params.orgId);
+                if (!orgKey) {
+                    toastr.error('Unable to confirm user.', 'Error');
+                    return;
+                }
+
+                var key = cryptoService.rsaEncrypt(orgKey.key, userKey.PublicKey);
+                apiService.organizationUsers.confirm({ orgId: $state.params.orgId, id: user.id }, { key: key }, function () {
+                    user.status = 2;
+                    $analytics.eventTrack('Confirmed User');
+                    toastr.success(user.email + ' has been confirmed.', 'User Confirmed');
+                }, function () {
+                    toastr.error('Unable to confirm user.', 'Error');
+                });
+            }, function () {
+                toastr.error('Unable to confirm user.', 'Error');
+            });
+        };
+
+        $scope.$on('organizationPeopleInvite', function (event, args) {
+            $scope.invite();
+        });
+
+        $scope.invite = function () {
+            var modal = $uibModal.open({
+                animation: true,
+                templateUrl: 'app/organization/views/organizationPeopleInvite.html',
+                controller: 'organizationPeopleInviteController'
+            });
+
+            modal.result.then(function () {
+                loadList();
+            });
+        };
+
+        $scope.edit = function (orgUser) {
+            var modal = $uibModal.open({
+                animation: true,
+                templateUrl: 'app/organization/views/organizationPeopleEdit.html',
+                controller: 'organizationPeopleEditController',
+                resolve: {
+                    orgUser: function () { return orgUser; }
+                }
+            });
+
+            modal.result.then(function () {
+                loadList();
+            });
+        };
+
+        $scope.groups = function (user) {
+            var modal = $uibModal.open({
+                animation: true,
+                templateUrl: 'app/organization/views/organizationPeopleGroups.html',
+                controller: 'organizationPeopleGroupsController',
+                resolve: {
+                    orgUser: function () { return user; }
+                }
+            });
+
+            modal.result.then(function () {
+
+            });
+        };
+
+        function loadList() {
+            apiService.organizationUsers.list({ orgId: $state.params.orgId }, function (list) {
+                var users = [];
+
+                for (var i = 0; i < list.Data.length; i++) {
+                    var user = {
+                        id: list.Data[i].Id,
+                        userId: list.Data[i].UserId,
+                        name: list.Data[i].Name,
+                        email: list.Data[i].Email,
+                        status: list.Data[i].Status,
+                        type: list.Data[i].Type,
+                        accessAll: list.Data[i].AccessAll
+                    };
+
+                    users.push(user);
+                }
+
+                $scope.users = users;
+            });
+        }
+    });

src/app/organization/organizationPeopleEditController.js

@@ -0,0 +1,104 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationPeopleEditController', function ($scope, $state, $uibModalInstance, apiService, cipherService,
+        orgUser, $analytics) {
+        $analytics.eventTrack('organizationPeopleEditController', { category: 'Modal' });
+
+        $scope.loading = true;
+        $scope.collections = [];
+        $scope.selectedCollections = {};
+
+        $uibModalInstance.opened.then(function () {
+            apiService.collections.listOrganization({ orgId: $state.params.orgId }, function (list) {
+                $scope.collections = cipherService.decryptCollections(list.Data, $state.params.orgId, true);
+                $scope.loading = false;
+            });
+
+            apiService.organizationUsers.get({ orgId: $state.params.orgId, id: orgUser.id }, function (user) {
+                var collections = {};
+                if (user && user.Collections) {
+                    for (var i = 0; i < user.Collections.length; i++) {
+                        collections[user.Collections[i].Id] = {
+                            id: user.Collections[i].Id,
+                            readOnly: user.Collections[i].ReadOnly
+                        };
+                    }
+                }
+                $scope.email = orgUser.email;
+                $scope.type = user.Type;
+                $scope.accessAll = user.AccessAll;
+                $scope.selectedCollections = collections;
+            });
+        });
+
+        $scope.toggleCollectionSelectionAll = function ($event) {
+            var collections = {};
+            if ($event.target.checked) {
+                for (var i = 0; i < $scope.collections.length; i++) {
+                    collections[$scope.collections[i].id] = {
+                        id: $scope.collections[i].id,
+                        readOnly: ($scope.collections[i].id in $scope.selectedCollections) ?
+                            $scope.selectedCollections[$scope.collections[i].id].readOnly : false
+                    };
+                }
+            }
+
+            $scope.selectedCollections = collections;
+        };
+
+        $scope.toggleCollectionSelection = function (id) {
+            if (id in $scope.selectedCollections) {
+                delete $scope.selectedCollections[id];
+            }
+            else {
+                $scope.selectedCollections[id] = {
+                    id: id,
+                    readOnly: false
+                };
+            }
+        };
+
+        $scope.toggleCollectionReadOnlySelection = function (id) {
+            if (id in $scope.selectedCollections) {
+                $scope.selectedCollections[id].readOnly = !!!$scope.selectedCollections[id].readOnly;
+            }
+        };
+
+        $scope.collectionSelected = function (collection) {
+            return collection.id in $scope.selectedCollections;
+        };
+
+        $scope.allSelected = function () {
+            return Object.keys($scope.selectedCollections).length === $scope.collections.length;
+        };
+
+        $scope.submitPromise = null;
+        $scope.submit = function (model) {
+            var collections = [];
+            if (!$scope.accessAll) {
+                for (var collectionId in $scope.selectedCollections) {
+                    if ($scope.selectedCollections.hasOwnProperty(collectionId)) {
+                        collections.push($scope.selectedCollections[collectionId]);
+                    }
+                }
+            }
+
+            $scope.submitPromise = apiService.organizationUsers.put(
+                {
+                    orgId: $state.params.orgId,
+                    id: orgUser.id
+                }, {
+                    type: $scope.type,
+                    collections: collections,
+                    accessAll: $scope.accessAll
+                }, function () {
+                    $analytics.eventTrack('Edited User');
+                    $uibModalInstance.close();
+                }).$promise;
+        };
+
+        $scope.close = function () {
+            $uibModalInstance.dismiss('cancel');
+        };
+    });

src/app/organization/organizationPeopleGroupsController.js

@@ -0,0 +1,85 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationPeopleGroupsController', function ($scope, $state, $uibModalInstance, apiService,
+        orgUser, $analytics) {
+        $analytics.eventTrack('organizationPeopleGroupsController', { category: 'Modal' });
+
+        $scope.loading = true;
+        $scope.groups = [];
+        $scope.selectedGroups = {};
+        $scope.orgUser = orgUser;
+
+        $uibModalInstance.opened.then(function () {
+            return apiService.groups.listOrganization({ orgId: $state.params.orgId }).$promise;
+        }).then(function (groupsList) {
+            var groups = [];
+            for (var i = 0; i < groupsList.Data.length; i++) {
+                groups.push({
+                    id: groupsList.Data[i].Id,
+                    name: groupsList.Data[i].Name
+                });
+            }
+            $scope.groups = groups;
+
+            return apiService.organizationUsers.listGroups({ orgId: $state.params.orgId, id: orgUser.id }).$promise;
+        }).then(function (groupIds) {
+            var selectedGroups = {};
+            if (groupIds) {
+                for (var i = 0; i < groupIds.length; i++) {
+                    selectedGroups[groupIds[i]] = true;
+                }
+            }
+            $scope.selectedGroups = selectedGroups;
+            $scope.loading = false;
+        });
+
+        $scope.toggleGroupSelectionAll = function ($event) {
+            var groups = {};
+            if ($event.target.checked) {
+                for (var i = 0; i < $scope.groups.length; i++) {
+                    groups[$scope.groups[i].id] = true;
+                }
+            }
+
+            $scope.selectedGroups = groups;
+        };
+
+        $scope.toggleGroupSelection = function (id) {
+            if (id in $scope.selectedGroups) {
+                delete $scope.selectedGroups[id];
+            }
+            else {
+                $scope.selectedGroups[id] = true;
+            }
+        };
+
+        $scope.groupSelected = function (group) {
+            return group.id in $scope.selectedGroups;
+        };
+
+        $scope.allSelected = function () {
+            return Object.keys($scope.selectedGroups).length === $scope.groups.length;
+        };
+
+        $scope.submitPromise = null;
+        $scope.submit = function (model) {
+            var groups = [];
+            for (var groupId in $scope.selectedGroups) {
+                if ($scope.selectedGroups.hasOwnProperty(groupId)) {
+                    groups.push(groupId);
+                }
+            }
+
+            $scope.submitPromise = apiService.organizationUsers.putGroups({ orgId: $state.params.orgId, id: orgUser.id }, {
+                groupIds: groups,
+            }, function () {
+                $analytics.eventTrack('Edited User Groups');
+                $uibModalInstance.close();
+            }).$promise;
+        };
+
+        $scope.close = function () {
+            $uibModalInstance.dismiss('cancel');
+        };
+    });

src/app/organization/organizationPeopleInviteController.js

@@ -0,0 +1,91 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationPeopleInviteController', function ($scope, $state, $uibModalInstance, apiService, cipherService,
+        $analytics) {
+        $analytics.eventTrack('organizationPeopleInviteController', { category: 'Modal' });
+
+        $scope.loading = true;
+        $scope.collections = [];
+        $scope.selectedCollections = {};
+        $scope.model = {
+            type: 'User'
+        };
+
+        $uibModalInstance.opened.then(function () {
+            apiService.collections.listOrganization({ orgId: $state.params.orgId }, function (list) {
+                $scope.collections = cipherService.decryptCollections(list.Data, $state.params.orgId, true);
+                $scope.loading = false;
+            });
+        });
+
+        $scope.toggleCollectionSelectionAll = function ($event) {
+            var collections = {};
+            if ($event.target.checked) {
+                for (var i = 0; i < $scope.collections.length; i++) {
+                    collections[$scope.collections[i].id] = {
+                        id: $scope.collections[i].id,
+                        readOnly: ($scope.collections[i].id in $scope.selectedCollections) ?
+                            $scope.selectedCollections[$scope.collections[i].id].readOnly : false
+                    };
+                }
+            }
+
+            $scope.selectedCollections = collections;
+        };
+
+        $scope.toggleCollectionSelection = function (id) {
+            if (id in $scope.selectedCollections) {
+                delete $scope.selectedCollections[id];
+            }
+            else {
+                $scope.selectedCollections[id] = {
+                    id: id,
+                    readOnly: false
+                };
+            }
+        };
+
+        $scope.toggleCollectionReadOnlySelection = function (id) {
+            if (id in $scope.selectedCollections) {
+                $scope.selectedCollections[id].readOnly = !!!$scope.selectedCollections[id].readOnly;
+            }
+        };
+
+        $scope.collectionSelected = function (collection) {
+            return collection.id in $scope.selectedCollections;
+        };
+
+        $scope.allSelected = function () {
+            return Object.keys($scope.selectedCollections).length === $scope.collections.length;
+        };
+
+        $scope.submitPromise = null;
+        $scope.submit = function (model) {
+            var collections = [];
+
+            if (!model.accessAll) {
+                for (var collectionId in $scope.selectedCollections) {
+                    if ($scope.selectedCollections.hasOwnProperty(collectionId)) {
+                        collections.push($scope.selectedCollections[collectionId]);
+                    }
+                }
+            }
+
+            var splitEmails = model.emails.trim().split(/\s*,\s*/);
+
+            $scope.submitPromise = apiService.organizationUsers.invite({ orgId: $state.params.orgId }, {
+                emails: splitEmails,
+                type: model.type,
+                collections: collections,
+                accessAll: model.accessAll
+            }, function () {
+                $analytics.eventTrack('Invited User');
+                $uibModalInstance.close();
+            }).$promise;
+        };
+
+        $scope.close = function () {
+            $uibModalInstance.dismiss('cancel');
+        };
+    });

src/app/organization/organizationSettingsController.js

@@ -0,0 +1,54 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationSettingsController', function ($scope, $state, apiService, toastr, authService, $uibModal,
+        $analytics, appSettings) {
+        $scope.selfHosted = appSettings.selfHosted;
+        $scope.model = {};
+        $scope.$on('$viewContentLoaded', function () {
+            apiService.organizations.get({ id: $state.params.orgId }, function (org) {
+                $scope.model = {
+                    name: org.Name,
+                    billingEmail: org.BillingEmail,
+                    businessName: org.BusinessName
+                };
+            });
+        });
+
+        $scope.generalSave = function () {
+            if ($scope.selfHosted) {
+                return;
+            }
+
+            $scope.generalPromise = apiService.organizations.put({ id: $state.params.orgId }, $scope.model, function (org) {
+                authService.updateProfileOrganization(org).then(function (updatedOrg) {
+                    $analytics.eventTrack('Updated Organization Settings');
+                    toastr.success('Organization has been updated.', 'Success!');
+                });
+            }).$promise;
+        };
+
+        $scope.import = function () {
+            $uibModal.open({
+                animation: true,
+                templateUrl: 'app/tools/views/toolsImport.html',
+                controller: 'organizationSettingsImportController'
+            });
+        };
+
+        $scope.export = function () {
+            $uibModal.open({
+                animation: true,
+                templateUrl: 'app/tools/views/toolsExport.html',
+                controller: 'organizationSettingsExportController'
+            });
+        };
+
+        $scope.delete = function () {
+            $uibModal.open({
+                animation: true,
+                templateUrl: 'app/organization/views/organizationDelete.html',
+                controller: 'organizationDeleteController'
+            });
+        };
+    });

src/app/organization/organizationSettingsExportController.js

@@ -0,0 +1,114 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationSettingsExportController', function ($scope, apiService, $uibModalInstance, cipherService,
+        $q, toastr, $analytics, $state) {
+        $analytics.eventTrack('organizationSettingsExportController', { category: 'Modal' });
+        $scope.export = function (model) {
+            $scope.startedExport = true;
+            var decLogins = [],
+                decCollections = [];
+
+            var collectionsPromise = apiService.collections.listOrganization({ orgId: $state.params.orgId },
+                function (collections) {
+                    decCollections = cipherService.decryptCollections(collections.Data, $state.params.orgId, true);
+                }).$promise;
+
+            var loginsPromise = apiService.ciphers.listOrganizationDetails({ organizationId: $state.params.orgId },
+                function (ciphers) {
+                    for (var i = 0; i < ciphers.Data.length; i++) {
+                        if (ciphers.Data[i].Type === 1) {
+                            var decLogin = cipherService.decryptLogin(ciphers.Data[i]);
+                            decLogins.push(decLogin);
+                        }
+                    }
+                }).$promise;
+
+            $q.all([collectionsPromise, loginsPromise]).then(function () {
+                if (!decLogins.length) {
+                    toastr.error('Nothing to export.', 'Error!');
+                    $scope.close();
+                    return;
+                }
+
+                var collectionsDict = {};
+                for (var i = 0; i < decCollections.length; i++) {
+                    collectionsDict[decCollections[i].id] = decCollections[i];
+                }
+
+                try {
+                    var exportLogins = [];
+                    for (i = 0; i < decLogins.length; i++) {
+                        var login = {
+                            name: decLogins[i].name,
+                            uri: decLogins[i].uri,
+                            username: decLogins[i].username,
+                            password: decLogins[i].password,
+                            notes: decLogins[i].notes,
+                            totp: decLogins[i].totp,
+                            collections: []
+                        };
+
+                        if (decLogins[i].collectionIds) {
+                            for (var j = 0; j < decLogins[i].collectionIds.length; j++) {
+                                if (collectionsDict.hasOwnProperty(decLogins[i].collectionIds[j])) {
+                                    login.collections.push(collectionsDict[decLogins[i].collectionIds[j]].name);
+                                }
+                            }
+                        }
+
+                        exportLogins.push(login);
+                    }
+
+                    var csvString = Papa.unparse(exportLogins);
+                    var csvBlob = new Blob([csvString]);
+
+                    // IE hack. ref http://msdn.microsoft.com/en-us/library/ie/hh779016.aspx
+                    if (window.navigator.msSaveOrOpenBlob) {
+                        window.navigator.msSaveBlob(csvBlob, makeFileName());
+                    }
+                    else {
+                        var a = window.document.createElement('a');
+                        a.href = window.URL.createObjectURL(csvBlob, { type: 'text/plain' });
+                        a.download = makeFileName();
+                        document.body.appendChild(a);
+                        // IE: "Access is denied". 
+                        // ref: https://connect.microsoft.com/IE/feedback/details/797361/ie-10-treats-blob-url-as-cross-origin-and-denies-access
+                        a.click();
+                        document.body.removeChild(a);
+                    }
+
+                    $analytics.eventTrack('Exported Organization Data');
+                    toastr.success('Your data has been exported. Check your browser\'s downloads folder.', 'Success!');
+                    $scope.close();
+                }
+                catch (err) {
+                    toastr.error('Something went wrong. Please try again.', 'Error!');
+                    $scope.close();
+                }
+            }, function () {
+                toastr.error('Something went wrong. Please try again.', 'Error!');
+                $scope.close();
+            });
+        };
+
+        $scope.close = function () {
+            $uibModalInstance.dismiss('cancel');
+        };
+
+        function makeFileName() {
+            var now = new Date();
+            var dateString =
+                now.getFullYear() + '' + padNumber(now.getMonth() + 1, 2) + '' + padNumber(now.getDate(), 2) +
+                padNumber(now.getHours(), 2) + '' + padNumber(now.getMinutes(), 2) +
+                padNumber(now.getSeconds(), 2);
+
+            return 'bitwarden_org_export_' + dateString + '.csv';
+        }
+
+        function padNumber(number, width, paddingCharacter) {
+            paddingCharacter = paddingCharacter || '0';
+            number = number + '';
+            return number.length >= width ? number : new Array(width - number.length + 1).join(paddingCharacter) + number;
+        }
+    });

src/app/organization/organizationSettingsImportController.js

@@ -0,0 +1,128 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationSettingsImportController', function ($scope, $state, apiService, $uibModalInstance, cipherService,
+        toastr, importService, $analytics, $sce, validationService, cryptoService) {
+        $analytics.eventTrack('organizationSettingsImportController', { category: 'Modal' });
+        $scope.model = { source: '' };
+        $scope.source = {};
+        $scope.splitFeatured = false;
+
+        $scope.options = [
+            {
+                id: 'bitwardencsv',
+                name: 'bitwarden (csv)',
+                featured: true,
+                sort: 1,
+                instructions: $sce.trustAsHtml('Export using the web vault (vault.bitwarden.com). ' +
+                    'Log into the web vault and navigate to your organization\'s admin area. Then to go ' +
+                    '"Settings" > "Tools" > "Export".')
+            },
+            {
+                id: 'lastpass',
+                name: 'LastPass (csv)',
+                featured: true,
+                sort: 2,
+                instructions: $sce.trustAsHtml('See detailed instructions on our help site at ' +
+                    '<a target="_blank" href="https://help.bitwarden.com/article/import-from-lastpass/">' +
+                    'https://help.bitwarden.com/article/import-from-lastpass/</a>')
+            }
+        ];
+
+        $scope.setSource = function () {
+            for (var i = 0; i < $scope.options.length; i++) {
+                if ($scope.options[i].id === $scope.model.source) {
+                    $scope.source = $scope.options[i];
+                    break;
+                }
+            }
+        };
+        $scope.setSource();
+
+        $scope.import = function (model, form) {
+            if (!model.source || model.source === '') {
+                validationService.addError(form, 'source', 'Select the format of the import file.', true);
+                return;
+            }
+
+            var file = document.getElementById('file').files[0];
+            if (!file && (!model.fileContents || model.fileContents === '')) {
+                validationService.addError(form, 'file', 'Select the import file or copy/paste the import file contents.', true);
+                return;
+            }
+
+            $scope.processing = true;
+            importService.importOrg(model.source, file || model.fileContents, importSuccess, importError);
+        };
+
+        function importSuccess(collections, logins, collectionRelationships) {
+            if (!collections.length && !logins.length) {
+                importError('Nothing was imported.');
+                return;
+            }
+            else if (logins.length) {
+                var halfway = Math.floor(logins.length / 2);
+                var last = logins.length - 1;
+                if (loginIsBadData(logins[0]) && loginIsBadData(logins[halfway]) && loginIsBadData(logins[last])) {
+                    importError('CSV data is not formatted correctly. Please check your import file and try again.');
+                    return;
+                }
+            }
+
+            apiService.ciphers.importOrg({ orgId: $state.params.orgId }, {
+                collections: cipherService.encryptCollections(collections, $state.params.orgId),
+                ciphers: cipherService.encryptLogins(logins, cryptoService.getOrgKey($state.params.orgId)),
+                collectionRelationships: collectionRelationships
+            }, function () {
+                $uibModalInstance.dismiss('cancel');
+                $state.go('backend.org.vault', { orgId: $state.params.orgId }).then(function () {
+                    $analytics.eventTrack('Imported Org Data', { label: $scope.model.source });
+                    toastr.success('Data has been successfully imported into your vault.', 'Import Success');
+                });
+            }, importError);
+        }
+
+        function loginIsBadData(login) {
+            return (login.name === null || login.name === '--') && (login.password === null || login.password === '');
+        }
+
+        function importError(error) {
+            $analytics.eventTrack('Import Org Data Failed', { label: $scope.model.source });
+            $uibModalInstance.dismiss('cancel');
+
+            if (error) {
+                var data = error.data;
+                if (data && data.ValidationErrors) {
+                    var message = '';
+                    for (var key in data.ValidationErrors) {
+                        if (!data.ValidationErrors.hasOwnProperty(key)) {
+                            continue;
+                        }
+
+                        for (var i = 0; i < data.ValidationErrors[key].length; i++) {
+                            message += (key + ': ' + data.ValidationErrors[key][i] + ' ');
+                        }
+                    }
+
+                    if (message !== '') {
+                        toastr.error(message);
+                        return;
+                    }
+                }
+                else if (data && data.Message) {
+                    toastr.error(data.Message);
+                    return;
+                }
+                else {
+                    toastr.error(error);
+                    return;
+                }
+            }
+
+            toastr.error('Something went wrong. Try again.', 'Oh No!');
+        }
+
+        $scope.close = function () {
+            $uibModalInstance.dismiss('cancel');
+        };
+    });

src/app/organization/organizationVaultAddLoginController.js

@@ -0,0 +1,85 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationVaultAddLoginController', function ($scope, apiService, $uibModalInstance, cryptoService,
+        cipherService, passwordService, $analytics, authService, orgId, $uibModal) {
+        $analytics.eventTrack('organizationVaultAddLoginController', { category: 'Modal' });
+        $scope.login = {};
+        $scope.hideFolders = $scope.hideFavorite = $scope.fromOrg = true;
+
+        authService.getUserProfile().then(function (userProfile) {
+            var orgProfile = userProfile.organizations[orgId];
+            $scope.useTotp = orgProfile.useTotp;
+        });
+
+        $scope.savePromise = null;
+        $scope.save = function (model) {
+            model.organizationId = orgId;
+            var login = cipherService.encryptLogin(model);
+            $scope.savePromise = apiService.ciphers.postAdmin(login, function (loginResponse) {
+                $analytics.eventTrack('Created Organization Login');
+                var decLogin = cipherService.decryptLogin(loginResponse);
+                $uibModalInstance.close(decLogin);
+            }).$promise;
+        };
+
+        $scope.generatePassword = function () {
+            if (!$scope.login.password || confirm('Are you sure you want to overwrite the current password?')) {
+                $analytics.eventTrack('Generated Password From Add');
+                $scope.login.password = passwordService.generatePassword({ length: 12, special: true });
+            }
+        };
+
+        $scope.addField = function () {
+            if (!$scope.login.fields) {
+                $scope.login.fields = [];
+            }
+
+            $scope.login.fields.push({
+                type: '0',
+                name: null,
+                value: null
+            });
+        };
+
+        $scope.removeField = function (field) {
+            var index = $scope.login.fields.indexOf(field);
+            if (index > -1) {
+                $scope.login.fields.splice(index, 1);
+            }
+        };
+
+        $scope.clipboardSuccess = function (e) {
+            e.clearSelection();
+            selectPassword(e);
+        };
+
+        $scope.clipboardError = function (e, password) {
+            if (password) {
+                selectPassword(e);
+            }
+            alert('Your web browser does not support easy clipboard copying. Copy it manually instead.');
+        };
+
+        function selectPassword(e) {
+            var target = $(e.trigger).parent().prev();
+            if (target.attr('type') === 'text') {
+                target.select();
+            }
+        }
+
+        $scope.close = function () {
+            $uibModalInstance.dismiss('close');
+        };
+
+        $scope.showUpgrade = function () {
+            $uibModal.open({
+                animation: true,
+                templateUrl: 'app/views/paidOrgRequired.html',
+                controller: 'paidOrgRequiredController',
+                resolve: {
+                    orgId: function () { return orgId; }
+                }
+            });
+        };
+    });

src/app/organization/organizationVaultAttachmentsController.js

@@ -0,0 +1,94 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationVaultAttachmentsController', function ($scope, apiService, $uibModalInstance, cryptoService,
+        cipherService, loginId, $analytics, validationService, toastr, $timeout) {
+        $analytics.eventTrack('organizationVaultAttachmentsController', { category: 'Modal' });
+        $scope.login = {};
+        $scope.loading = true;
+        $scope.isPremium = true;
+        $scope.canUseAttachments = true;
+        var closing = false;
+
+        apiService.ciphers.getAdmin({ id: loginId }, function (login) {
+            $scope.login = cipherService.decryptLogin(login);
+            $scope.loading = false;
+        }, function () {
+            $scope.loading = false;
+        });
+
+        $scope.save = function (form) {
+            var files = document.getElementById('file').files;
+            if (!files || !files.length) {
+                validationService.addError(form, 'file', 'Select a file.', true);
+                return;
+            }
+
+            var key = cryptoService.getOrgKey($scope.login.organizationId);
+            $scope.savePromise = cipherService.encryptAttachmentFile(key, files[0]).then(function (encValue) {
+                var fd = new FormData();
+                var blob = new Blob([encValue.data], { type: 'application/octet-stream' });
+                fd.append('data', blob, encValue.fileName);
+                return apiService.ciphers.postAttachment({ id: loginId }, fd).$promise;
+            }).then(function (response) {
+                $analytics.eventTrack('Added Attachment');
+                toastr.success('The attachment has been added.');
+                closing = true;
+                $uibModalInstance.close(true);
+            }, function (err) {
+                if (err) {
+                    validationService.addError(form, 'file', err, true);
+                }
+                else {
+                    validationService.addError(form, 'file', 'Something went wrong.', true);
+                }
+            });
+        };
+
+        $scope.download = function (attachment) {
+            attachment.loading = true;
+            var key = cryptoService.getOrgKey($scope.login.organizationId);
+            cipherService.downloadAndDecryptAttachment(key, attachment, true).then(function (res) {
+                $timeout(function () {
+                    attachment.loading = false;
+                });
+            }, function () {
+                $timeout(function () {
+                    attachment.loading = false;
+                });
+            });
+        };
+
+        $scope.remove = function (attachment) {
+            if (!confirm('Are you sure you want to delete this attachment (' + attachment.fileName + ')?')) {
+                return;
+            }
+
+            attachment.loading = true;
+            apiService.ciphers.delAttachment({ id: loginId, attachmentId: attachment.id }).$promise.then(function () {
+                attachment.loading = false;
+                $analytics.eventTrack('Deleted Organization Attachment');
+                var index = $scope.login.attachments.indexOf(attachment);
+                if (index > -1) {
+                    $scope.login.attachments.splice(index, 1);
+                }
+            }, function () {
+                toastr.error('Cannot delete attachment.');
+                attachment.loading = false;
+            });
+        };
+
+        $scope.close = function () {
+            $uibModalInstance.dismiss('cancel');
+        };
+
+        $scope.$on('modal.closing', function (e, reason, closed) {
+            if (closing) {
+                return;
+            }
+
+            e.preventDefault();
+            closing = true;
+            $uibModalInstance.close(!!$scope.login.attachments && $scope.login.attachments.length > 0);
+        });
+    });

src/app/organization/organizationVaultController.js

@@ -0,0 +1,208 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationVaultController', function ($scope, apiService, cipherService, $analytics, $q, $state,
+        $localStorage, $uibModal, $filter, authService) {
+        $scope.logins = [];
+        $scope.collections = [];
+        $scope.loading = true;
+
+        $scope.$on('$viewContentLoaded', function () {
+            var collectionPromise = apiService.collections.listOrganization({ orgId: $state.params.orgId }, function (collections) {
+                var decCollections = [{
+                    id: null,
+                    name: 'Unassigned',
+                    collapsed: $localStorage.collapsedOrgCollections && 'unassigned' in $localStorage.collapsedOrgCollections
+                }];
+
+                for (var i = 0; i < collections.Data.length; i++) {
+                    var decCollection = cipherService.decryptCollection(collections.Data[i], null, true);
+                    decCollection.collapsed = $localStorage.collapsedOrgCollections &&
+                        decCollection.id in $localStorage.collapsedOrgCollections;
+                    decCollections.push(decCollection);
+                }
+
+                $scope.collections = decCollections;
+            }).$promise;
+
+            var cipherPromise = apiService.ciphers.listOrganizationDetails({ organizationId: $state.params.orgId },
+                function (ciphers) {
+                    var decLogins = [];
+
+                    for (var i = 0; i < ciphers.Data.length; i++) {
+                        if (ciphers.Data[i].Type === 1) {
+                            var decLogin = cipherService.decryptLoginPreview(ciphers.Data[i]);
+                            decLogins.push(decLogin);
+                        }
+                    }
+
+                    $scope.logins = decLogins;
+                }).$promise;
+
+            $q.all([collectionPromise, cipherPromise]).then(function () {
+                $scope.loading = false;
+            });
+        });
+
+        $scope.filterByCollection = function (collection) {
+            return function (cipher) {
+                if (!cipher.collectionIds || !cipher.collectionIds.length) {
+                    return collection.id === null;
+                }
+
+                return cipher.collectionIds.indexOf(collection.id) > -1;
+            };
+        };
+
+        $scope.collectionSort = function (item) {
+            if (!item.id) {
+                return '';
+            }
+
+            return item.name.toLowerCase();
+        };
+
+        $scope.collapseExpand = function (collection) {
+            if (!$localStorage.collapsedOrgCollections) {
+                $localStorage.collapsedOrgCollections = {};
+            }
+
+            var id = collection.id || 'unassigned';
+
+            if (id in $localStorage.collapsedOrgCollections) {
+                delete $localStorage.collapsedOrgCollections[id];
+            }
+            else {
+                $localStorage.collapsedOrgCollections[id] = true;
+            }
+        };
+
+        $scope.editLogin = function (login) {
+            var editModel = $uibModal.open({
+                animation: true,
+                templateUrl: 'app/vault/views/vaultEditLogin.html',
+                controller: 'organizationVaultEditLoginController',
+                resolve: {
+                    loginId: function () { return login.id; },
+                    orgId: function () { return $state.params.orgId; }
+                }
+            });
+
+            editModel.result.then(function (returnVal) {
+                if (returnVal.action === 'edit') {
+                    login.name = returnVal.data.name;
+                    login.username = returnVal.data.username;
+                }
+                else if (returnVal.action === 'delete') {
+                    var index = $scope.logins.indexOf(login);
+                    if (index > -1) {
+                        $scope.logins.splice(index, 1);
+                    }
+                }
+            });
+        };
+
+        $scope.$on('organizationVaultAddLogin', function (event, args) {
+            $scope.addLogin();
+        });
+
+        $scope.addLogin = function () {
+            var addModel = $uibModal.open({
+                animation: true,
+                templateUrl: 'app/vault/views/vaultAddLogin.html',
+                controller: 'organizationVaultAddLoginController',
+                resolve: {
+                    orgId: function () { return $state.params.orgId; }
+                }
+            });
+
+            addModel.result.then(function (addedLogin) {
+                $scope.logins.push(addedLogin);
+            });
+        };
+
+        $scope.editCollections = function (cipher) {
+            var modal = $uibModal.open({
+                animation: true,
+                templateUrl: 'app/organization/views/organizationVaultLoginCollections.html',
+                controller: 'organizationVaultLoginCollectionsController',
+                resolve: {
+                    cipher: function () { return cipher; },
+                    collections: function () { return $scope.collections; }
+                }
+            });
+
+            modal.result.then(function (response) {
+                if (response.collectionIds) {
+                    cipher.collectionIds = response.collectionIds;
+                }
+            });
+        };
+
+        $scope.attachments = function (login) {
+            authService.getUserProfile().then(function (profile) {
+                return !!profile.organizations[login.organizationId].maxStorageGb;
+            }).then(function (useStorage) {
+                if (!useStorage) {
+                    $uibModal.open({
+                        animation: true,
+                        templateUrl: 'app/views/paidOrgRequired.html',
+                        controller: 'paidOrgRequiredController',
+                        resolve: {
+                            orgId: function () { return login.organizationId; }
+                        }
+                    });
+                    return;
+                }
+
+                var attachmentModel = $uibModal.open({
+                    animation: true,
+                    templateUrl: 'app/vault/views/vaultAttachments.html',
+                    controller: 'organizationVaultAttachmentsController',
+                    resolve: {
+                        loginId: function () { return login.id; }
+                    }
+                });
+
+                attachmentModel.result.then(function (hasAttachments) {
+                    login.hasAttachments = hasAttachments;
+                });
+            });
+        };
+
+        $scope.removeLogin = function (login, collection) {
+            if (!confirm('Are you sure you want to remove this login (' + login.name + ') from the ' +
+                'collection (' + collection.name + ') ?')) {
+                return;
+            }
+
+            var request = {
+                collectionIds: []
+            };
+
+            for (var i = 0; i < login.collectionIds.length; i++) {
+                if (login.collectionIds[i] !== collection.id) {
+                    request.collectionIds.push(login.collectionIds[i]);
+                }
+            }
+
+            apiService.ciphers.putCollections({ id: login.id }, request).$promise.then(function (response) {
+                $analytics.eventTrack('Removed Login From Collection');
+                login.collectionIds = request.collectionIds;
+            });
+        };
+
+        $scope.deleteLogin = function (login) {
+            if (!confirm('Are you sure you want to delete this login (' + login.name + ')?')) {
+                return;
+            }
+
+            apiService.ciphers.delAdmin({ id: login.id }, function () {
+                $analytics.eventTrack('Deleted Login');
+                var index = $scope.logins.indexOf(login);
+                if (index > -1) {
+                    $scope.logins.splice(index, 1);
+                }
+            });
+        };
+    });

src/app/organization/organizationVaultEditLoginController.js

@@ -0,0 +1,100 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationVaultEditLoginController', function ($scope, apiService, $uibModalInstance, cryptoService,
+        cipherService, passwordService, loginId, $analytics, orgId, $uibModal) {
+        $analytics.eventTrack('organizationVaultEditLoginController', { category: 'Modal' });
+        $scope.login = {};
+        $scope.hideFolders = $scope.hideFavorite = $scope.fromOrg = true;
+
+        apiService.ciphers.getAdmin({ id: loginId }, function (login) {
+            $scope.login = cipherService.decryptLogin(login);
+            $scope.useTotp = $scope.login.organizationUseTotp;
+        });
+
+        $scope.save = function (model) {
+            var login = cipherService.encryptLogin(model);
+            $scope.savePromise = apiService.ciphers.putAdmin({ id: loginId }, login, function (loginResponse) {
+                $analytics.eventTrack('Edited Organization Login');
+                var decLogin = cipherService.decryptLogin(loginResponse);
+                $uibModalInstance.close({
+                    action: 'edit',
+                    data: decLogin
+                });
+            }).$promise;
+        };
+
+        $scope.generatePassword = function () {
+            if (!$scope.login.password || confirm('Are you sure you want to overwrite the current password?')) {
+                $analytics.eventTrack('Generated Password From Edit');
+                $scope.login.password = passwordService.generatePassword({ length: 12, special: true });
+            }
+        };
+
+        $scope.addField = function () {
+            if (!$scope.login.fields) {
+                $scope.login.fields = [];
+            }
+
+            $scope.login.fields.push({
+                type: '0',
+                name: null,
+                value: null
+            });
+        };
+
+        $scope.removeField = function (field) {
+            var index = $scope.login.fields.indexOf(field);
+            if (index > -1) {
+                $scope.login.fields.splice(index, 1);
+            }
+        };
+
+        $scope.clipboardSuccess = function (e) {
+            e.clearSelection();
+            selectPassword(e);
+        };
+
+        $scope.clipboardError = function (e, password) {
+            if (password) {
+                selectPassword(e);
+            }
+            alert('Your web browser does not support easy clipboard copying. Copy it manually instead.');
+        };
+
+        function selectPassword(e) {
+            var target = $(e.trigger).parent().prev();
+            if (target.attr('type') === 'text') {
+                target.select();
+            }
+        }
+
+        $scope.delete = function () {
+            if (!confirm('Are you sure you want to delete this login (' + $scope.login.name + ')?')) {
+                return;
+            }
+
+            apiService.ciphers.delAdmin({ id: $scope.login.id }, function () {
+                $analytics.eventTrack('Deleted Organization Login From Edit');
+                $uibModalInstance.close({
+                    action: 'delete',
+                    data: $scope.login.id
+                });
+            });
+        };
+
+        $scope.close = function () {
+            $uibModalInstance.dismiss('cancel');
+        };
+
+        $scope.showUpgrade = function () {
+            $uibModal.open({
+                animation: true,
+                templateUrl: 'app/views/paidOrgRequired.html',
+                controller: 'paidOrgRequiredController',
+                resolve: {
+                    orgId: function () { return orgId; }
+                }
+            });
+        };
+    });

src/app/organization/organizationVaultLoginCollectionsController.js

@@ -0,0 +1,83 @@
+angular
+    .module('bit.organization')
+
+    .controller('organizationVaultLoginCollectionsController', function ($scope, apiService, $uibModalInstance, cipherService,
+        cipher, $analytics, collections) {
+        $analytics.eventTrack('organizationVaultLoginCollectionsController', { category: 'Modal' });
+        $scope.cipher = {};
+        $scope.collections = [];
+        $scope.selectedCollections = {};
+
+        $uibModalInstance.opened.then(function () {
+            var collectionUsed = [];
+            for (var i = 0; i < collections.length; i++) {
+                if (collections[i].id) {
+                    collectionUsed.push(collections[i]);
+                }
+            }
+            $scope.collections = collectionUsed;
+
+            $scope.cipher = cipher;
+
+            var selectedCollections = {};
+            if ($scope.cipher.collectionIds) {
+                for (i = 0; i < $scope.cipher.collectionIds.length; i++) {
+                    selectedCollections[$scope.cipher.collectionIds[i]] = true;
+                }
+            }
+            $scope.selectedCollections = selectedCollections;
+        });
+
+        $scope.toggleCollectionSelectionAll = function ($event) {
+            var collections = {};
+            if ($event.target.checked) {
+                for (var i = 0; i < $scope.collections.length; i++) {
+                    collections[$scope.collections[i].id] = true;
+                }
+            }
+
+            $scope.selectedCollections = collections;
+        };
+
+        $scope.toggleCollectionSelection = function (id) {
+            if (id in $scope.selectedCollections) {
+                delete $scope.selectedCollections[id];
+            }
+            else {
+                $scope.selectedCollections[id] = true;
+            }
+        };
+
+        $scope.collectionSelected = function (collection) {
+            return collection.id in $scope.selectedCollections;
+        };
+
+        $scope.allSelected = function () {
+            return Object.keys($scope.selectedCollections).length === $scope.collections.length;
+        };
+
+        $scope.submit = function () {
+            var request = {
+                collectionIds: []
+            };
+
+            for (var id in $scope.selectedCollections) {
+                if ($scope.selectedCollections.hasOwnProperty(id)) {
+                    request.collectionIds.push(id);
+                }
+            }
+
+            $scope.submitPromise = apiService.ciphers.putCollectionsAdmin({ id: cipher.id }, request)
+                .$promise.then(function (response) {
+                    $analytics.eventTrack('Edited Login Collections');
+                    $uibModalInstance.close({
+                        action: 'collectionsEdit',
+                        collectionIds: request.collectionIds
+                    });
+                });
+        };
+
+        $scope.close = function () {
+            $uibModalInstance.dismiss('cancel');
+        };
+    });

src/app/organization/views/organizationBilling.html

@@ -0,0 +1,225 @@
+<section class="content-header">
+    <h1>
+        Billing
+        <small>manage your billing &amp; licensing</small>
+    </h1>
+</section>
+<section class="content">
+    <div class="callout callout-warning" ng-if="subscription && subscription.cancelled">
+        <h4><i class="fa fa-warning"></i> Canceled</h4>
+        The subscription to this organization has been canceled.
+    </div>
+    <div class="callout callout-warning" ng-if="subscription && subscription.markedForCancel">
+        <h4><i class="fa fa-warning"></i> Pending Cancellation</h4>
+        <p>
+            The subscription to this organization has been marked for cancellation at the end of the
+            current billing period.
+        </p>
+        <button type="button" class="btn btn-default btn-flat" ng-click="reinstate()">
+            Reinstate Plan
+        </button>
+    </div>
+    <div class="box box-default">
+        <div class="box-header with-border">
+            <h3 class="box-title">Plan</h3>
+        </div>
+        <div class="box-body">
+            <div class="row">
+                <div class="col-sm-6">
+                    <dl ng-if="selfHosted">
+                        <dt>Name</dt>
+                        <dd>{{plan.name || '-'}}</dd>
+                        <dt>Expiration</dt>
+                        <dd ng-if="loading">
+                            Loading...
+                        </dd>
+                        <dd ng-if="!loading && expiration">
+                            {{expiration | date: 'medium'}}
+                        </dd>
+                        <dd ng-if="!loading && !expiration">
+                            Never expires
+                        </dd>
+                    </dl>
+                    <dl ng-if="!selfHosted">
+                        <dt>Name</dt>
+                        <dd>{{plan.name || '-'}}</dd>
+                        <dt>Total Seats</dt>
+                        <dd>{{plan.seats || '-'}}</dd>
+                    </dl>
+                </div>
+                <div class="col-sm-6" ng-if="!selfHosted">
+                    <dl>
+                        <dt>Status</dt>
+                        <dd>
+                            <span style="text-transform: capitalize;">{{(subscription && subscription.status) || '-'}}</span>
+                            <span ng-if="subscription.markedForCancel">- marked for cancellation</span>
+                        </dd>
+                        <dt>Next Charge</dt>
+                        <dd>{{nextInvoice ? ((nextInvoice.date | date: 'mediumDate') + ', ' + (nextInvoice.amount | currency:'$')) : '-'}}</dd>
+                    </dl>
+                </div>
+            </div>
+            <div class="row" ng-if="!selfHosted && !noSubscription">
+                <div class="col-md-6">
+                    <strong>Details</strong>
+                    <div ng-show="loading">
+                        Loading...
+                    </div>
+                    <div class="table-responsive" style="margin: 0;" ng-show="!loading">
+                        <table class="table" style="margin: 0;">
+                            <tbody>
+                                <tr ng-repeat="item in subscription.items">
+                                    <td>
+                                        {{item.name}} {{item.qty > 1 ? '&times;' + item.qty : ''}}
+                                        @ {{item.amount | currency:'$'}} /{{item.interval}}
+                                    </td>
+                                    <td class="text-right">{{(item.qty * item.amount) | currency:'$'}} /{{item.interval}}</td>
+                                </tr>
+                            </tbody>
+                        </table>
+                    </div>
+                </div>
+            </div>
+        </div>
+        <div class="box-footer" ng-if="!selfHosted">
+            <button type="button" class="btn btn-default btn-flat" ng-click="changePlan()">
+                Change Plan
+            </button>
+            <button type="button" class="btn btn-default btn-flat" ng-click="cancel()"
+                    ng-if="!noSubscription && !subscription.cancelled && !subscription.markedForCancel">
+                Cancel Plan
+            </button>
+            <button type="button" class="btn btn-default btn-flat" ng-click="reinstate()"
+                    ng-if="!noSubscription && subscription.markedForCancel">
+                Reinstate Plan
+            </button>
+            <button type="button" class="btn btn-default btn-flat" ng-click="license()"
+                    ng-if="!subscription.cancelled">
+                Download License
+            </button>
+        </div>
+        <div class="box-footer" ng-if="selfHosted">
+            <button type="button" class="btn btn-default btn-flat" ng-click="updateLicense()">
+                Update License
+            </button>
+            <a href="https://vault.bitwarden.com" class="btn btn-default btn-flat" target="_blank">
+                Manage Billing
+            </a>
+        </div>
+    </div>
+    <div class="box box-default">
+        <div class="box-header with-border">
+            <h3 class="box-title">User Seats</h3>
+        </div>
+        <div class="box-body">
+            <div ng-show="loading">
+                Loading...
+            </div>
+            <div ng-show="!loading">
+                You plan currently has a total of <b>{{plan.seats}}</b> seats.
+            </div>
+        </div>
+        <div class="box-footer" ng-if="!selfHosted && !noSubscription">
+            <button type="button" class="btn btn-default btn-flat" ng-click="adjustSeats(true)">
+                Add Seats
+            </button>
+            <button type="button" class="btn btn-default btn-flat" ng-click="adjustSeats(false)">
+                Remove Seats
+            </button>
+        </div>
+    </div>
+    <div class="box box-default" ng-if="storage && !selfHosted">
+        <div class="box-header with-border">
+            <h3 class="box-title">Storage</h3>
+        </div>
+        <div class="box-body">
+            <p>
+                You plan has a total of {{storage.maxGb}} GB of encrypted file storage.
+                You are currently using {{storage.currentName}}.
+            </p>
+            <div class="progress" style="margin: 0;">
+                <div class="progress-bar progress-bar-info" role="progressbar"
+                     aria-valuenow="{{storage.percentage}}" aria-valuemin="0" aria-valuemax="1"
+                     style="min-width: 50px; width: {{storage.percentage}}%;">
+                    {{storage.percentage}}%
+                </div>
+            </div>
+        </div>
+        <div class="box-footer">
+            <button type="button" class="btn btn-default btn-flat" ng-click="adjustStorage(true)">
+                Add Storage
+            </button>
+            <button type="button" class="btn btn-default btn-flat" ng-click="adjustStorage(false)">
+                Remove Storage
+            </button>
+        </div>
+    </div>
+    <div class="box box-default" ng-if="!selfHosted">
+        <div class="box-header with-border">
+            <h3 class="box-title">Payment Method</h3>
+        </div>
+        <div class="box-body">
+            <div ng-show="loading">
+                Loading...
+            </div>
+            <div ng-show="!loading && !paymentSource">
+                <i class="fa fa-credit-card"></i> No payment method on file.
+            </div>
+            <div ng-show="!loading && paymentSource">
+                <div class="callout callout-warning" ng-if="paymentSource.type === 1 && paymentSource.needsVerification">
+                    <h4><i class="fa fa-warning"></i> You must verify your bank account</h4>
+                    <p>
+                        We have made two micro-deposits to your bank account (it may take 1-2 business days to show up).
+                        Enter these amounts to verify the bank account. Failure to verify the bank account will result in a
+                        missed payment and your organization being disabled.
+                    </p>
+                    <button class="btn btn-default btn-flat" ng-click="verifyBank()">Verify Now</button>
+                </div>
+                <i class="fa" ng-class="{'fa-credit-card': paymentSource.type === 0,
+                   'fa-university': paymentSource.type === 1, 'fa-paypal fa-fw text-blue': paymentSource.type === 2}"></i>
+                {{paymentSource.description}}
+            </div>
+        </div>
+        <div class="box-footer">
+            <button type="button" class="btn btn-default btn-flat" ng-click="changePayment()">
+                {{ paymentSource ? 'Change Payment Method' : 'Add Payment Method' }}
+            </button>
+        </div>
+    </div>
+    <div class="box box-default" ng-if="!selfHosted">
+        <div class="box-header with-border">
+            <h3 class="box-title">Charges</h3>
+        </div>
+        <div class="box-body">
+            <div ng-show="loading">
+                Loading...
+            </div>
+            <div ng-show="!loading && !charges.length">
+                No charges.
+            </div>
+            <div class="table-responsive" ng-show="charges.length">
+                <table class="table">
+                    <tbody>
+                        <tr ng-repeat="charge in charges">
+                            <td style="width: 200px">
+                                {{charge.date | date: 'mediumDate'}}
+                            </td>
+                            <td style="min-width: 150px">
+                                {{charge.paymentSource}}
+                            </td>
+                            <td style="width: 150px; text-transform: capitalize;">
+                                {{charge.status}}
+                            </td>
+                            <td class="text-right" style="width: 150px;">
+                                {{charge.amount | currency:'$'}}
+                            </td>
+                        </tr>
+                    </tbody>
+                </table>
+            </div>
+        </div>
+        <div class="box-footer">
+            Note: Any charges will appear on your statement as <b>BITWARDEN</b>.
+        </div>
+    </div>
+</section>

src/app/organization/views/organizationBillingAdjustSeats.html

@@ -0,0 +1,46 @@
+<div class="modal-header">
+    <button type="button" class="close" ng-click="close()" aria-label="Close"><span aria-hidden="true">&times;</span></button>
+    <h4 class="modal-title">
+        <i class="fa fa-users"></i>
+        {{add ? 'Add Seats' : 'Remove Seats'}}
+    </h4>
+</div>
+<form name="form" ng-submit="form.$valid && submit()" api-form="submitPromise" autocomplete="off">
+    <div class="modal-body">
+        <div class="callout callout-default" ng-show="add">
+            <h4><i class="fa fa-dollar"></i> Note About Charges</h4>
+            <p>
+                Adding seats to your plan will result in adjustments to your billing totals and immediately charge your
+                payment method on file. The first charge will be prorated for the remainder of the current billing cycle.
+            </p>
+        </div>
+        <div class="callout callout-default" ng-show="!add">
+            <h4><i class="fa fa-dollar"></i> Note About Charges</h4>
+            <p>
+                Removing seats will result in adjustments to your billing totals that will be prorated as credits
+                to your next billing charge.
+            </p>
+        </div>
+        <div class="callout callout-danger validation-errors" ng-show="form.$errors">
+            <h4>Errors have occurred</h4>
+            <ul>
+                <li ng-repeat="e in form.$errors">{{e}}</li>
+            </ul>
+        </div>
+        <div class="row">
+            <div class="col-md-6">
+                <div class="form-group">
+                    <label for="seats">{{add ? 'Seats To Add' : 'Seats To Remove'}}</label>
+                    <input type="number" id="seats" name="SeatAdjustment" ng-model="seatAdjustment" class="form-control"
+                           required min="0" />
+                </div>
+            </div>
+        </div>
+    </div>
+    <div class="modal-footer">
+        <button type="submit" class="btn btn-primary btn-flat" ng-disabled="form.$loading">
+            <i class="fa fa-refresh fa-spin loading-icon" ng-show="form.$loading"></i>Submit
+        </button>
+        <button type="button" class="btn btn-default btn-flat" ng-click="close()">Close</button>
+    </div>
+</form>

src/app/organization/views/organizationBillingChangePlan.html

@@ -0,0 +1,14 @@
+<div class="modal-header">
+    <button type="button" class="close" ng-click="close()" aria-label="Close"><span aria-hidden="true">&times;</span></button>
+    <h4 class="modal-title"><i class="fa fa-file-text-o"></i> Change Plan</h4>
+</div>
+<form name="form" ng-submit="form.$valid && submit()" api-form="submitPromise" autocomplete="off">
+    <div class="modal-body">
+        You can <a href="https://bitwarden.com/contact/" target="_blank">contact us</a>
+        if you would like to change your plan. Please ensure that you have an active payment
+        method on file.
+    </div>
+    <div class="modal-footer">
+        <button type="button" class="btn btn-default btn-flat" ng-click="close()">Close</button>
+    </div>
+</form>

src/app/organization/views/organizationBillingVerifyBank.html

@@ -0,0 +1,43 @@
+<div class="modal-header">
+    <button type="button" class="close" ng-click="close()" aria-label="Close"><span aria-hidden="true">&times;</span></button>
+    <h4 class="modal-title">
+        <i class="fa fa-check-square-o"></i>
+        Verify Bank Account
+    </h4>
+</div>
+<form name="form" ng-submit="form.$valid && submit()" api-form="submitPromise" autocomplete="off">
+    <div class="modal-body">
+        <p>
+            Enter the two micro-deposit amounts from your bank account. Both amounts will be less than $1.00 each.
+            For example, if we deposited $0.32 and $0.45 you would enter the values "32" and "45".
+        </p>
+        <div class="callout callout-danger validation-errors" ng-show="form.$errors">
+            <h4>Errors have occurred</h4>
+            <ul>
+                <li ng-repeat="e in form.$errors">{{e}}</li>
+            </ul>
+        </div>
+        <div class="form-group">
+            <label for="amount1">Amount 1</label>
+            <div class="input-group">
+                <span class="input-group-addon">$ 0.</span>
+                <input type="number" id="amount1" name="Amount1" ng-model="amount1" class="form-control"
+                       required min="1" max="99" placeholder="xx" />
+            </div>
+        </div>
+        <div class="form-group">
+            <label for="amount2">Amount 2</label>
+            <div class="input-group">
+                <span class="input-group-addon">$ 0.</span>
+                <input type="number" id="amount2" name="Amount2" ng-model="amount2" class="form-control"
+                       required min="1" max="99" placeholder="xx" />
+            </div>
+        </div>
+    </div>
+    <div class="modal-footer">
+        <button type="submit" class="btn btn-primary btn-flat" ng-disabled="form.$loading">
+            <i class="fa fa-refresh fa-spin loading-icon" ng-show="form.$loading"></i>Submit
+        </button>
+        <button type="button" class="btn btn-default btn-flat" ng-click="close()">Close</button>
+    </div>
+</form>

src/app/organization/views/organizationCollections.html

@@ -0,0 +1,70 @@
+<section class="content-header">
+    <h1>
+        Collections
+        <small>control what you share</small>
+    </h1>
+</section>
+<section class="content">
+    <div class="box">
+        <div class="box-header with-border">
+            &nbsp;
+            <div class="box-filters hidden-xs">
+                <div class="form-group form-group-sm has-feedback has-feedback-left">
+                    <input type="text" id="search" class="form-control" placeholder="Search collections..."
+                           style="width: 200px;" ng-model="filterSearch">
+                    <span class="fa fa-search form-control-feedback text-muted" aria-hidden="true"></span>
+                </div>
+            </div>
+            <div class="box-tools">
+                <button type="button" class="btn btn-primary btn-sm btn-flat" ng-click="add()">
+                    <i class="fa fa-fw fa-plus-circle"></i> New Collection
+                </button>
+            </div>
+        </div>
+        <div class="box-body" ng-class="{'no-padding': filteredCollections.length}">
+            <div ng-show="loading && !collections.length">
+                Loading...
+            </div>
+            <div ng-show="!filteredCollections.length && filterSearch">
+                No collections to list.
+            </div>
+            <div ng-show="!loading && !collections.length">
+                <p>There are no collections yet for your organization.</p>
+                <button type="button" ng-click="add()" class="btn btn-default btn-flat">Add a Collection</button>
+            </div>
+            <div class="table-responsive" ng-show="collections.length">
+                <table class="table table-striped table-hover table-vmiddle">
+                    <tbody>
+                        <tr ng-repeat="collection in filteredCollections = (collections | filter: (filterSearch || '') |
+                            orderBy: ['name']) track by collection.id">
+                            <td style="width: 70px;">
+                                <div class="btn-group" data-append-to="body">
+                                    <button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown">
+                                        <i class="fa fa-cog"></i> <span class="caret"></span>
+                                    </button>
+                                    <ul class="dropdown-menu">
+                                        <li>
+                                            <a href="#" stop-click ng-click="users(collection)">
+                                                <i class="fa fa-fw fa-users"></i> Users
+                                            </a>
+                                        </li>
+                                        <li>
+                                            <a href="#" stop-click ng-click="delete(collection)" class="text-red">
+                                                <i class="fa fa-fw fa-trash"></i> Delete
+                                            </a>
+                                        </li>
+                                    </ul>
+                                </div>
+                            </td>
+                            <td valign="middle">
+                                <a href="#" stop-click ng-click="edit(collection)">
+                                    {{collection.name}}
+                                </a>
+                            </td>
+                        </tr>
+                    </tbody>
+                </table>
+            </div>
+        </div>
+    </div>
+</section>

src/app/organization/views/organizationCollectionsAdd.html

@@ -0,0 +1,83 @@
+<div class="modal-header">
+    <button type="button" class="close" ng-click="close()" aria-label="Close"><span aria-hidden="true">&times;</span></button>
+    <h4 class="modal-title"><i class="fa fa-cubes"></i> Add New Collection</h4>
+</div>
+<form name="form" ng-submit="form.$valid && submit(model)" api-form="submitPromise" autocomplete="off">
+    <div class="modal-body">
+        <div class="callout callout-default">
+            <h4><i class="fa fa-info-circle"></i> Note</h4>
+            <p>
+                After creating the collection, you can associate a user to it by selecting a specific user on the "People" page.
+            </p>
+            <p>
+                You can associate new logins to the collection from your organization's "Vault" or by sharing an existing
+                login from "My vault".
+            </p>
+        </div>
+        <div class="callout callout-danger validation-errors" ng-show="form.$errors">
+            <h4>Errors have occurred</h4>
+            <ul>
+                <li ng-repeat="e in form.$errors">{{e}}</li>
+            </ul>
+        </div>
+        <div class="form-group" show-errors>
+            <label for="email">Name</label>
+            <input type="text" id="name" name="Name" ng-model="model.name" class="form-control" required api-field />
+        </div>
+        <div ng-if="useGroups">
+            <h4>Group Access</h4>
+            <div ng-show="loading && !groups.length">
+                Loading groups...
+            </div>
+            <div ng-show="!loading && !groups.length">
+                <p>No groups for your organization.</p>
+            </div>
+            <div class="table-responsive" ng-show="groups.length" style="margin: 0;">
+                <table class="table table-striped table-hover" style="margin: 0;">
+                    <thead>
+                        <tr>
+                            <th style="width: 40px;">
+                                <input type="checkbox"
+                                       ng-checked="allSelected()"
+                                       ng-click="toggleGroupSelectionAll($event)">
+                            </th>
+                            <th>Name</th>
+                            <th style="width: 100px; text-align: center;">Read Only</th>
+                        </tr>
+                    </thead>
+                    <tbody>
+                        <tr ng-repeat="group in groups | orderBy: ['name']">
+                            <td valign="middle">
+                                <input type="checkbox"
+                                       name="selectedGroups[]"
+                                       value="{{group.id}}"
+                                       ng-checked="groupSelected(group)"
+                                       ng-click="toggleGroupSelection(group.id)"
+                                       ng-disabled="group.accessAll">
+                            </td>
+                            <td valign="middle">
+                                {{group.name}}
+                                <i class="fa fa-unlock text-muted fa-fw" ng-show="group.accessAll"
+                                   title="This group can access all items"></i>
+                            </td>
+                            <td style="width: 100px; text-align: center;" valign="middle">
+                                <input type="checkbox"
+                                       name="selectedGroupsReadonly[]"
+                                       value="{{group.id}}"
+                                       ng-disabled="!groupSelected(group) || group.accessAll"
+                                       ng-checked="groupSelected(group) && selectedGroups[group.id].readOnly"
+                                       ng-click="toggleGroupReadOnlySelection(group)">
+                            </td>
+                        </tr>
+                    </tbody>
+                </table>
+            </div>
+        </div>
+    </div>
+    <div class="modal-footer">
+        <button type="submit" class="btn btn-primary btn-flat" ng-disabled="form.$loading">
+            <i class="fa fa-refresh fa-spin loading-icon" ng-show="form.$loading"></i>Submit
+        </button>
+        <button type="button" class="btn btn-default btn-flat" ng-click="close()">Close</button>
+    </div>
+</form>

src/app/organization/views/organizationCollectionsEdit.html

@@ -0,0 +1,84 @@
+<div class="modal-header">
+    <button type="button" class="close" ng-click="close()" aria-label="Close"><span aria-hidden="true">&times;</span></button>
+    <h4 class="modal-title"><i class="fa fa-cubes"></i> Edit Collection</h4>
+</div>
+<form name="form" ng-submit="form.$valid && submit(collection)" api-form="submitPromise" autocomplete="off">
+    <div class="modal-body">
+        <div class="callout callout-default">
+            <h4><i class="fa fa-info-circle"></i> Note</h4>
+            <p>
+                Select "Users" from the listing options to manage existing users for this collection. Associate new users by
+                editing the user's access on the "People" page.
+            </p>
+            <p>
+                You can associate new logins to the collection from your organization's "Vault" or by sharing an existing
+                login from "My vault".
+            </p>
+        </div>
+        <div class="callout callout-danger validation-errors" ng-show="form.$errors">
+            <h4>Errors have occurred</h4>
+            <ul>
+                <li ng-repeat="e in form.$errors">{{e}}</li>
+            </ul>
+        </div>
+        <div class="form-group" show-errors>
+            <label for="email">Name</label>
+            <input type="text" id="name" name="Name" ng-model="collection.name" class="form-control" required api-field />
+        </div>
+        <div ng-if="useGroups">
+            <h4>Group Access</h4>
+            <div ng-show="loading && !groups.length">
+                Loading groups...
+            </div>
+            <div ng-show="!loading && !groups.length">
+                <p>No groups for your organization.</p>
+            </div>
+            <div class="table-responsive" ng-show="groups.length" style="margin: 0;">
+                <table class="table table-striped table-hover" style="margin: 0;">
+                    <thead>
+                        <tr>
+                            <th style="width: 40px;">
+                                <input type="checkbox"
+                                       ng-checked="allSelected()"
+                                       ng-click="toggleGroupSelectionAll($event)">
+                            </th>
+                            <th>Name</th>
+                            <th style="width: 100px; text-align: center;">Read Only</th>
+                        </tr>
+                    </thead>
+                    <tbody>
+                        <tr ng-repeat="group in groups | orderBy: ['name']">
+                            <td valign="middle">
+                                <input type="checkbox"
+                                       name="selectedGroups[]"
+                                       value="{{group.id}}"
+                                       ng-checked="groupSelected(group)"
+                                       ng-click="toggleGroupSelection(group.id)"
+                                       ng-disabled="group.accessAll">
+                            </td>
+                            <td valign="middle">
+                                {{group.name}}
+                                <i class="fa fa-unlock text-muted fa-fw" ng-show="group.accessAll"
+                                   title="This group can access all items"></i>
+                            </td>
+                            <td style="width: 100px; text-align: center;" valign="middle">
+                                <input type="checkbox"
+                                       name="selectedGroupsReadonly[]"
+                                       value="{{group.id}}"
+                                       ng-disabled="!groupSelected(group) || group.accessAll"
+                                       ng-checked="groupSelected(group) && selectedGroups[group.id].readOnly"
+                                       ng-click="toggleGroupReadOnlySelection(group)">
+                            </td>
+                        </tr>
+                    </tbody>
+                </table>
+            </div>
+        </div>
+    </div>
+    <div class="modal-footer">
+        <button type="submit" class="btn btn-primary btn-flat" ng-disabled="form.$loading">
+            <i class="fa fa-refresh fa-spin loading-icon" ng-show="form.$loading"></i>Submit
+        </button>
+        <button type="button" class="btn btn-default btn-flat" ng-click="close()">Close</button>
+    </div>
+</form>