Bump version to 2.22.3 (#1170)

(cherry picked from commit 7fd9427801)

.dockerignore

@@ -1,3 +1,3 @@
 *
-!dist/*
+!build/*
 !entrypoint.sh

.editorconfig

@@ -0,0 +1,18 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+end_of_line = lf
+insert_final_newline = true
+
+# Set default charset
+[*.{js,ts,scss,html}]
+charset = utf-8
+indent_style = space
+indent_size = 4
+
+[*.{ts}]
+quote_type = single

.gitattributes

@@ -0,0 +1,3 @@
+*.sh eol=lf
+.dockerignore eol=lf
+dockerfile eol=lf

.github/workflows/build.yml

@@ -0,0 +1,282 @@
+name: Build
+
+on:
+  workflow_dispatch:
+    inputs:
+      custom_tag_extension:
+        description: "Custom image tag extension"
+        required: false
+  push:
+    branches-ignore:
+      - 'l10n_master'
+      - 'gh-pages'
+
+jobs:
+  cloc:
+    name: CLOC
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+
+      - name: Set up cloc
+        run: |
+          sudo apt update
+          sudo apt -y install cloc
+
+      - name: Print lines of code
+        run: cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git
+
+
+  build-selfhost:
+    name: Build SelfHost Docker image
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up Node
+        uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
+        with:
+          node-version: '14'
+
+      - name: Update NPM
+        run: |
+          npm install -g npm@7
+
+      - name: Cache npm
+        id: npm-cache
+        uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6
+        with:
+          path: '~/.npm'
+          key: ${{ runner.os }}-${{ github.run_id }}-npm-${{ hashFiles('**/package-lock.json') }}
+
+      - name: Print environment
+        run: |
+          whoami
+          node --version
+          npm --version
+          gulp --version
+          docker --version
+          echo "GitHub ref: $GITHUB_REF"
+          echo "GitHub event: $GITHUB_EVENT"
+
+      - name: Login to Azure
+        if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
+        uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
+        with:
+          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+
+      - name: Retrieve secrets
+        if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
+        id: retrieve-secrets
+        uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
+        with:
+          keyvault: "bitwarden-prod-kv"
+          secrets: "docker-password, 
+                    docker-username,
+                    dct-delegate-2-repo-passphrase,
+                    dct-delegate-2-key"
+
+      - name: Log into Docker
+        if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
+        run: echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
+        env:
+          DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }}
+          DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }}
+
+      - name: Setup Docker Trust
+        if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
+        run: |
+          mkdir -p ~/.docker/trust/private
+
+          echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key
+        env:
+          DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c"
+          DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }}
+
+      - name: Checkout repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+
+      - name: Restore
+        run: dotnet tool restore
+
+      - name: Install dependencies
+        run: npm install
+
+      - name: Build
+        run: |
+          echo -e "# Building Web\n"
+          echo "Building app"
+          echo "npm version $(npm --version)"
+          npm run dist:selfhost
+
+          echo -e "\nBuilding Docker image"
+          docker --version
+          docker build -t bitwarden/web .
+
+      - name: Tag rc branch
+        if: github.ref == 'refs/heads/rc'
+        run: docker tag bitwarden/web bitwarden/web:rc
+
+      - name: Tag dev
+        if: github.ref == 'refs/heads/master'
+        run: docker tag bitwarden/web bitwarden/web:dev
+
+      - name: List Docker images
+        if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
+        run: docker images
+
+      - name: Push rc images
+        if: github.ref == 'refs/heads/rc'
+        run: docker push bitwarden/web:rc
+        env: 
+          DOCKER_CONTENT_TRUST: 1
+          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}
+
+      - name: Push dev images
+        if: github.ref == 'refs/heads/master'
+        run: docker push bitwarden/web:dev
+        env: 
+          DOCKER_CONTENT_TRUST: 1
+          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}
+
+      - name: Log out of Docker
+        if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc'
+        run: docker logout
+
+
+  build-qa:
+    name: Build QA Docker image
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up Node
+        uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
+        with:
+          node-version: '14'
+
+      - name: Update NPM
+        run: |
+          npm install -g npm@7
+
+      - name: Cache npm
+        id: npm-cache
+        uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6
+        with:
+          path: '~/.npm'
+          key: ${{ runner.os }}-${{ github.run_id }}-npm-${{ hashFiles('**/package-lock.json') }}
+
+      - name: Print environment
+        run: |
+          whoami
+          node --version
+          npm --version
+          gulp --version
+          docker --version
+          echo "GitHub ref: $GITHUB_REF"
+          echo "GitHub event: $GITHUB_EVENT"
+
+      - name: Login to Azure
+        uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
+        with:
+          creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}
+
+      - name: Log into container registry
+        run: az acr login -n bitwardenqa
+
+      - name: Checkout repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+
+      - name: Restore
+        run: dotnet tool restore
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build
+        run: |
+          echo -e "# Building Web\n"
+          echo "Building app"
+          echo "npm version $(npm --version)"
+          npm run build:qa
+
+          echo -e "\nBuilding Docker image"
+          docker --version
+          docker build -t bitwardenqa.azurecr.io/web .
+
+      - name: Get image tag
+        id: image_tag
+        run: |
+          IMAGE_TAG=$(echo "$GITHUB_REF" | awk '{split($0, a, "/"); print a[3];}')
+          TAG_EXTENSION=${{ github.events.inputs.custom_tag_extension }}
+
+          if [[ $TAG_EXTENSION ]]; then
+            IMAGE_TAG=$IMAGE_TAG-$TAG_EXTENSION
+          fi  
+          echo "::set-output name=value::$IMAGE_TAG"
+
+      - name: Tag image
+        env:
+          IMAGE_TAG: ${{ steps.image_tag.outputs.value }}
+        run: docker tag bitwardenqa.azurecr.io/web "bitwardenqa.azurecr.io/web:$IMAGE_TAG"
+
+      - name: Tag dev
+        if: github.ref == 'refs/heads/master'
+        run: docker tag bitwardenqa.azurecr.io/web bitwardenqa.azurecr.io/web:dev
+
+      - name: List Docker images
+        run: docker images
+
+      - name: Push image
+        env:
+          IMAGE_TAG: ${{ steps.image_tag.outputs.value }}
+        run: docker push "bitwardenqa.azurecr.io/web:$IMAGE_TAG"
+
+      - name: Push dev images
+        if: github.ref == 'refs/heads/master'
+        run: docker push bitwardenqa.azurecr.io/web:dev
+
+      - name: Log out of Docker
+        run: docker logout
+
+
+  windows:
+    name: Test code on Windows
+    runs-on: windows-latest
+    steps:
+      - name: Set up NuGet
+        uses: nuget/setup-nuget@04b0c2b8d1b97922f67eca497d7cf0bf17b8ffe1
+        with:
+          nuget-version: 'latest'
+
+      - name: Set up MSBuild
+        uses: microsoft/setup-msbuild@c26a08ba26249b81327e26f6ef381897b6a8754d
+
+      - name: Set up Node
+        uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
+        with:
+          node-version: '14'
+
+      - name: Update NPM
+        run: |
+          npm install -g npm@7
+
+      - name: Print environment
+        run: |
+          nuget help | grep Version
+          msbuild -version
+          dotnet --info
+          node --version
+          npm --version
+          echo "GitHub ref: $GITHUB_REF"
+          echo "GitHub event: $GITHUB_EVENT"
+        env:
+          GITHUB_REF: ${{ github.ref }}
+          GITHUB_EVENT: ${{ github.event_name }}
+
+      - name: Checkout repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+
+      - name: npm install
+        run: npm install
+
+      - name: npm build
+        run: npm run build:prod
+

.github/workflows/crowdin-sync.yml

@@ -0,0 +1,133 @@
+name: Crowdin Sync
+
+on:
+  workflow_dispatch:
+    inputs: {}
+  #schedule:
+  #  - cron: '0 0 * * *'
+
+jobs:
+  crowdin-sync:
+    name: Autosync
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f  # v2.3.4
+
+      - name: Setup git config
+        run: |
+          git config user.name = "GitHub Action Bot"
+          git config user.email = "<>"
+
+      - name: Get Crowndin Sync Branch
+        id: branch
+        run: |
+          BRANCH_NAME=crowdin-auto-sync
+          BRANCH_EXISTED=true
+
+          git fetch -a
+          git switch master
+          if [ $(git branch -a | egrep "remotes/origin/${BRANCH_NAME}$" | wc -l) -eq 0 ]; then
+            BRANCH_EXISTED=false
+            git switch -c $BRANCH_NAME
+          else
+            git switch $BRANCH_NAME
+          fi
+          git branch
+
+          echo "::set-output name=branch-existed::${BRANCH_EXISTED}"
+          echo "::set-output name=branch-name::${BRANCH_NAME}"
+
+      - name: Login to Azure
+        uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
+        with:
+          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
+        with:
+          keyvault: "bitwarden-prod-kv"
+          secrets: "crowdin-api-token"
+
+      - name: Get Crowdin updates
+        env:
+          CROWDIN_BASE_URL="https://api.crowdin.com/api/v2/projects"
+          CROWDIN_PROJECT_ID="308189"
+        run: |
+          # Step 1: GET master branchId
+          BRANCH_ID=$(
+              curl -s -H "Authorization: Bearer $CROWDIN_API_TOKEN" \
+              $CROWDIN_BASE_URL/$CROWDIN_PROJECT_ID/branches | jq -r '.data[0].data.id'
+          )
+
+          # Step 2: POST Build the translations and get store build id
+          BUILD_ID=$(
+              curl -X POST -s \
+              -H "Authorization: Bearer $CROWDIN_API_TOKEN" \
+              -H "Content-Type: application/json" \
+              $CROWDIN_BASE_URL/$CROWDIN_PROJECT_ID/translations/builds \
+              -d "{\"branchId\": $BRANCH_ID}" | jq -r '.data.id'
+          )
+
+          MAX_TRIES=12
+          for try in {1..$MAX_TRIES}; do
+              BRANCH_STATUS=$(
+                  curl -s -H "Authorization: Bearer $CROWDIN_API_TOKEN" \
+                  $CROWDIN_BASE_URL/$CROWDIN_PROJECT_ID/translations/builds/$BUILD_ID | jq -r '.data.status'
+              )
+              echo "[*] Build status: $BRANCH_STATUS"
+              if [[ "$BRANCH_STATUS" == "finished" ]]; then
+                  break
+              fi
+
+              if [[ $try -eq $MAX_TRIES ]]; then
+                  echo "[!] Exceeded tries: $try"
+                  exit 1
+              else
+                  sleep 5
+              fi
+          done
+
+          # Step 4: when build is finished, get download url
+          DOWNLOAD_URL=$(
+              curl -s -H "Authorization: Bearer $CROWDIN_API_TOKEN" \
+              $CROWDIN_BASE_URL/$CROWDIN_PROJECT_ID/translations/builds/$BUILD_ID/download | jq -r '.data.url'
+          )
+
+          # Step 5: download the translations via the download url
+          SAVE_FILE=translations.zip
+          curl -s $DOWNLOAD_URL --output $SAVE_FILE
+          echo "[*]    Saved to: $SAVE_FILE"
+
+          # Step 6: Unzip and cleanup
+          unzip -o $SAVE_FILE
+          rm $SAVE_FILE
+
+      - name: Commit changes
+        env:
+          BRANCH_NAME: ${{ steps.branch.outputs.branch-name }}
+        run: |
+          echo "[*] Adding new translations"
+          git add .
+          echo "=====Translations Changed====="
+          git status
+          echo "=============================="
+          echo "[*] Committing"
+          git commit -m "Autosync Crowdin translations"
+          echo "[*] Pushing"
+          git push -u origin $BRANCH_NAME
+
+      - name: Create/Update PR
+        env:
+          BRANCH_NAME: ${{ steps.cherry-pick.outputs.branch-name }}
+          BRANCH_EXISTED: ${{ steps.cherry-pick.outputs.branch-existed }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          if [ "$BRANCH_EXISTED" == "false" ]; then
+            echo "[*] Creating PR"
+            gh pr create --title "Autosync Crowdin Translations" \
+            --body "Autosync the updated translations"
+          else
+            echo "[*] Existing PR updated"
+          fi

.github/workflows/deploy.yml

@@ -0,0 +1,73 @@
+name: Deploy
+
+on: 
+  workflow_dispatch:
+    inputs:
+      release_version:
+        description: "Release Tag Version <vX.X.X>"
+        required: true
+  release:
+    types:
+      - published
+
+
+jobs:
+  deploy:
+    name: Deploy Web Vault
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f  # v2.3.4
+        with:
+          ref: gh-pages
+
+      - name: Get release version
+        id: release-version
+        run: |
+          if [[ "${{ github.event_name }}" == "release" ]]; then
+              echo "::set-output name=version::${{ github.event.release.tag_name }}"
+          else
+              echo "::set-output name=version::${{ github.event.inputs.release_version }}"
+          fi
+
+      - name: Create deploy branch
+        run: |
+          git switch -c deploy-${{ steps.release-version.outputs.version }}
+          git push -u origin deploy-${{ steps.release-version.outputs.version }}
+
+      - name: Checkout Repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f  # v2.3.4
+        with:
+          ref: rc
+
+      - name: setup git config
+        run: |
+          git config user.name = "GitHub Action Bot"
+          git config user.email = "<>"
+          git config --global url."https://github.com/".insteadOf ssh://git@github.com/
+          git config --global url."https://".insteadOf ssh://
+
+      - name: Install and Build
+        run: |
+          npm run sub:init
+          npm ci
+          npm run dist
+
+      - name: Deploy GitHub Pages
+        uses: crazy-max/ghaction-github-pages@db4476a01402e1a7ce05f41832040eef16d14925  # v2.5.0
+        with:
+          target_branch: deploy-${{ steps.release-version.outputs.version }}
+          build_dir: build
+          keep_history: true
+          commit_message: "Staging deploy ${{ steps.release-version.outputs.version }}"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create Deploy PR
+        run: |
+          gh pr create --title "Deploy $VERSION" --body "Deploying $VERSION" --base gh-pages --head "$PR_BRANCH"
+        env:
+          VERSION: ${{ steps.release-version.outputs.version }}
+          PR_BRANCH: deploy-${{ steps.release-version.outputs.version }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+

.github/workflows/qa-deploy.yml

@@ -0,0 +1,70 @@
+name: QA Deploy
+
+on: 
+  workflow_dispatch:
+    inputs:
+      image_extension:
+        description: "Image tag extension"
+        required: false
+
+env:
+  QA_CLUSTER_RESOURCE_GROUP: "bitwarden-devops"
+  QA_CLUSTER_NAME: "dev-aks"
+  QA_K8S_NAMESPACE: "bw-qa"
+  QA_K8S_APP_NAME: "bw-web"
+
+jobs:
+  deploy:
+    name: Deploy QA Web
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v2
+
+      - name: Setup
+        run:
+          export PATH=$PATH:~/work/web/web
+
+      - name: Login to Azure
+        uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
+        with:
+          creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
+        with:
+          keyvault: "bitwarden-qa-kv"
+          secrets: "dev-aks-kubectl-credentials"
+
+      - name: Login to dev-aks-kubectl SP
+        uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
+        with:
+          creds: ${{ env.dev-aks-kubectl-credentials }}
+
+      - name: Setup AKS access
+        env:
+          USER_ID: ${{ env.qa-kubectl-managed-identity-clientId }}
+        run: |
+          echo "---az install---"
+          az aks install-cli --install-location ./kubectl --kubelogin-install-location ./kubelogin
+          echo "---az get-creds---"
+          az aks get-credentials -n $QA_CLUSTER_NAME -g $QA_CLUSTER_RESOURCE_GROUP
+
+      - name: Get image tag
+        id: image_tag
+        run: |
+          IMAGE_TAG=$(echo "$GITHUB_REF" | awk '{split($0, a, "/"); print a[3];}')
+          TAG_EXTENSION=${{ github.events.inputs.image_extension }}
+
+          if [[ $TAG_EXTENSION ]]; then
+            IMAGE_TAG=$IMAGE_TAG-$TAG_EXTENSION
+          fi  
+          echo "::set-output name=value::$IMAGE_TAG"
+
+      - name: Deploy Web image
+        env:
+          IMAGE_TAG: ${{ steps.image_tag.outputs.value }}
+        run: |
+          kubectl set image -n $QA_K8S_NAMESPACE deployment/web web=bitwardenqa.azurecr.io/web:$IMAGE_TAG --record
+          kubectl rollout status deployment/web -n $QA_K8S_NAMESPACE

.github/workflows/release.yml

@@ -0,0 +1,157 @@
+name: Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      release_tag_name_input:
+        description: "Release Tag Name <X.X.X>"
+        required: true
+
+jobs:
+  setup:
+    runs-on: ubuntu-latest
+    outputs:
+      release_upload_url: ${{ steps.create_release.outputs.upload_url }}
+      release_version: ${{ steps.create_tags.outputs.package_version }}
+      tag_version: ${{ steps.create_tags.outputs.tag_version }}
+    steps:
+      - name: Branch check
+        run: |
+          if [[ "$GITHUB_REF" != "refs/heads/rc" ]]; then
+            echo "==================================="
+            echo "[!] Can only release from rc branch"
+            echo "==================================="
+            exit 1
+          fi
+
+      - name: Checkout repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f  # 2.3.4
+
+      - name: Create Release Vars
+        id: create_tags
+        run: |
+          case "${RELEASE_TAG_NAME_INPUT:0:1}" in
+            v)
+              echo "RELEASE_NAME=${RELEASE_TAG_NAME_INPUT:1}" >> $GITHUB_ENV
+              echo "RELEASE_TAG_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
+              echo "::set-output name=package_version::${RELEASE_TAG_NAME_INPUT:1}"
+              echo "::set-output name=tag_version::$RELEASE_TAG_NAME_INPUT"
+              ;;
+            [0-9])
+              echo "RELEASE_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
+              echo "RELEASE_TAG_NAME=v$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV
+              echo "::set-output name=package_version::$RELEASE_TAG_NAME_INPUT"
+              echo "::set-output name=tag_version::v$RELEASE_TAG_NAME_INPUT"
+              ;;
+            *)
+              exit 1
+              ;;
+          esac
+        env:
+          RELEASE_TAG_NAME_INPUT: ${{ github.event.inputs.release_tag_name_input }}
+
+      - name: Create Draft Release
+        id: create_release
+        uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e  # 1.1.4 - Repo Archived
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ env.RELEASE_TAG_NAME }}
+          release_name: Version ${{ env.RELEASE_NAME }}
+          draft: true
+          prerelease: false
+
+  ubuntu:
+    runs-on: ubuntu-latest
+    needs: setup
+    env:
+      RELEASE_VERSION: ${{ needs.setup.outputs.release_version }}
+    steps:
+      - name: Set up Node
+        uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
+        with:
+          node-version: '14'
+
+      - name: Update NPM
+        run: |
+          npm install -g npm@7
+
+      - name: Print environment
+        run: |
+          whoami
+          node --version
+          npm --version
+          gulp --version
+          docker --version
+          echo "GitHub ref: $GITHUB_REF"
+          echo "GitHub event: $GITHUB_EVENT"
+
+      - name: Login to Azure
+        uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
+        with:
+          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
+        with:
+          keyvault: "bitwarden-prod-kv"
+          secrets: "docker-password, 
+                    docker-username,
+                    dct-delegate-2-repo-passphrase,
+                    dct-delegate-2-key"
+
+      - name: Log into Docker
+        run: echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
+        env:
+          DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }}
+          DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }}
+
+      - name: Setup Docker Trust
+        if: github.ref == 'refs/heads/master' || github.event_name == 'release' || github.ref == 'refs/heads/rc'
+        run: |
+          mkdir -p ~/.docker/trust/private
+
+          echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key
+        env:
+          DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c"
+          DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }}
+
+      - name: Checkout repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+
+      - name: Restore
+        run: dotnet tool restore
+
+      - name: Build
+        run: |
+          echo -e "# Building Web\n"
+          echo "Building app"
+          echo "npm version $(npm --version)"
+          npm install
+          npm run dist:selfhost
+
+          echo -e "\nBuilding Docker image"
+          docker --version
+          docker build -t bitwarden/web .
+
+      - name: Tag version
+        run: docker tag bitwarden/web bitwarden/web:$RELEASE_VERSION
+
+      - name: List Docker images
+        run: docker images
+
+      - name: Push latest images
+        run: docker push bitwarden/web:latest
+        env: 
+          DOCKER_CONTENT_TRUST: 1
+          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}
+
+      - name: Push version images
+        run: docker push bitwarden/web:$RELEASE_VERSION
+        env:
+          DOCKER_CONTENT_TRUST: 1
+          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }}
+
+      - name: Log out of Docker
+        run: docker logout

.gitignore

@@ -1,202 +1,15 @@
-## Ignore Visual Studio temporary files, build results, and
-## files generated by popular Visual Studio add-ons.
-
-# User-specific files
-*.suo
-*.user
-*.userosscache
-*.sln.docstates
-
-# User-specific files (MonoDevelop/Xamarin Studio)
-*.userprefs
-
-# Build results
-[Dd]ebug/
-[Dd]ebugPublic/
-[Rr]elease/
-[Rr]eleases/
-x64/
-x86/
-build/
-bld/
-[Bb]in/
-[Oo]bj/
-
-# Visual Studo 2015 cache/options directory
-.vs/
-
-# MSTest test Results
-[Tt]est[Rr]esult*/
-[Bb]uild[Ll]og.*
-
-# NUNIT
-*.VisualState.xml
-TestResult.xml
-
-# Build Results of an ATL Project
-[Dd]ebugPS/
-[Rr]eleasePS/
-dlldata.c
-
-*_i.c
-*_p.c
-*_i.h
-*.ilk
-*.meta
-*.obj
-*.pch
-*.pdb
-*.pgc
-*.pgd
-*.rsp
-*.sbr
-*.tlb
-*.tli
-*.tlh
-*.tmp
-*.tmp_proj
-*.log
-*.vspscc
-*.vssscc
-.builds
-*.pidb
-*.svclog
-*.scc
-
-# Chutzpah Test files
-_Chutzpah*
-
-# Visual C++ cache files
-ipch/
-*.aps
-*.ncb
-*.opensdf
-*.sdf
-*.cachefile
-
-# Visual Studio profiler
-*.psess
-*.vsp
-*.vspx
-
-# TFS 2012 Local Workspace
-$tf/
-
-# Guidance Automation Toolkit
-*.gpState
-
-# ReSharper is a .NET coding add-in
-_ReSharper*/
-*.[Rr]e[Ss]harper
-*.DotSettings.user
-
-# JustCode is a .NET coding addin-in
-.JustCode
-
-# TeamCity is a build add-in
-_TeamCity*
-
-# DotCover is a Code Coverage Tool
-*.dotCover
-
-# NCrunch
-_NCrunch_*
-.*crunch*.local.xml
-
-# MightyMoose
-*.mm.*
-AutoTest.Net/
-
-# Web workbench (sass)
-.sass-cache/
-
-# Installshield output folder
-[Ee]xpress/
-
-# DocProject is a documentation generator add-in
-DocProject/buildhelp/
-DocProject/Help/*.HxT
-DocProject/Help/*.HxC
-DocProject/Help/*.hhc
-DocProject/Help/*.hhk
-DocProject/Help/*.hhp
-DocProject/Help/Html2
-DocProject/Help/html
-
-# Click-Once directory
-publish/
-
-# Publish Web Output
-*.[Pp]ublish.xml
-*.azurePubxml
-# TODO: Comment the next line if you want to checkin your web deploy settings 
-# but database connection strings (with potential passwords) will be unencrypted
-*.pubxml
-*.publishproj
-
-# NuGet Packages
-*.nupkg
-# The packages folder can be ignored because of Package Restore
-**/packages/*
-# except build/, which is used as an MSBuild target.
-!**/packages/build/
-# Uncomment if necessary however generally it will be regenerated when needed
-#!**/packages/repositories.config
-
-# Windows Azure Build Output
-csx/
-*.build.csdef
-
-# Windows Store app package directory
-AppPackages/
-
-# Others
-*.[Cc]ache
-ClientBin/
-[Ss]tyle[Cc]op.*
-~$*
-*~
-*.dbmdl
-*.dbproj.schemaview
-*.pfx
-*.publishsettings
-node_modules/
-bower_components/
-lib/
+.vs
+.idea
+.DS_Store
+node_modules
+npm-debug.log
+vwd.webinfo
 css/
 dist/
-
-# RIA/Silverlight projects
-Generated_Code/
-
-# Backup & report files from converting an old project file
-# to a newer Visual Studio version. Backup files are not needed,
-# because we have git ;-)
-_UpgradeReport_Files/
-Backup*/
-UpgradeLog*.XML
-UpgradeLog*.htm
-
-# SQL Server files
-*.mdf
-*.ldf
-
-# Business Intelligence projects
-*.rdl.data
-*.bim.layout
-*.bim_*.settings
-
-# Microsoft Fakes
-FakesAssemblies/
-
-# Node.js Tools for Visual Studio
-.ntvs_analysis.dat
-
-# Visual Studio 6 build log
-*.plg
-
-# Visual Studio 6 workspace options file
-*.opt
-
-# Other
-src/js/*.min.js
+*.pem
+*.crx
+*.zip
+*.swp
+build/
+!dev-server.shared.pem
+config/development.json

.gitmodules

@@ -0,0 +1,4 @@
+[submodule "jslib"]
+	path = jslib
+	url = https://github.com/bitwarden/jslib.git
+	branch = master

CONTRIBUTING.md

@@ -0,0 +1,41 @@
+# How to Contribute
+
+Contributions of all kinds are welcome!
+
+Please visit our [Community Forums](https://community.bitwarden.com/) for general community discussion and the development roadmap.
+
+Here is how you can get involved:
+
+* **Request a new feature:** Go to the [Feature Requests category](https://community.bitwarden.com/c/feature-requests/) of the Community Forums. Please search existing feature requests before making a new one
+  
+* **Write code for a new feature:** Make a new post in the [Github Contributions category](https://community.bitwarden.com/c/github-contributions/) of the Community Forums. Include a description of your proposed contribution, screeshots, and links to any relevant feature requests. This helps get feedback from the community and Bitwarden team members before you start writing code
+  
+* **Report a bug or submit a bugfix:** Use Github issues and pull requests
+  
+* **Write documentation:** Submit a pull request to the [Bitwarden help repository](https://github.com/bitwarden/help)
+  
+* **Help other users:** Go to the [User-to-User Support category](https://community.bitwarden.com/c/support/) on the Community Forums
+  
+* **Translate:** See the localization (l10n) section below
+
+## Contributor Agreement
+
+Please sign the [Contributor Agreement](https://cla-assistant.io/bitwarden/web) if you intend on contributing to any Github repository. Pull requests cannot be accepted and merged unless the author has signed the Contributor Agreement.
+
+## Pull Request Guidelines
+
+* use `npm run lint` and fix any linting suggestions before submitting a pull request
+* commit any pull requests against the `master` branch
+* include a link to your Community Forums post
+
+# Localization (l10n)
+
+[![Crowdin](https://d322cqt584bo4o.cloudfront.net/bitwarden-web/localized.svg)](https://crowdin.com/project/bitwarden-web)
+
+We use a translation tool called [Crowdin](https://crowdin.com) to help manage our localization efforts across many different languages.
+
+If you are interested in helping translate the Bitwarden web vault into another language (or make a translation correction), please register an account at Crowdin and join our project here: https://crowdin.com/project/bitwarden-web
+
+If the language that you are interested in translating is not already listed, create a new account on Crowdin, join the project, and contact the project owner (https://crowdin.com/profile/kspearrin).
+
+You can read Crowdin's getting started guide for translators here: https://support.crowdin.com/crowdin-intro/

Dockerfile

@@ -1,15 +1,20 @@
 FROM bitwarden/server
 
+LABEL com.bitwarden.product="bitwarden"
+
 RUN apt-get update \
     && apt-get install -y --no-install-recommends \
         gosu \
+        curl \
 && rm -rf /var/lib/apt/lists/*
 
 ENV ASPNETCORE_URLS http://+:5000
 WORKDIR /app
 EXPOSE 5000
-COPY ./dist .
+COPY ./build .
 COPY entrypoint.sh /
 RUN chmod +x /entrypoint.sh
 
+HEALTHCHECK CMD curl -f http://localhost:5000 || exit 1
+
 ENTRYPOINT ["/entrypoint.sh"]

ISSUE_TEMPLATE.md

@@ -3,3 +3,50 @@ Please do not submit feature requests. The [Community Forums][1] has a
 section for submitting, voting for, and discussing product feature requests.
 [1]: https://community.bitwarden.com
 -->
+
+## Describe the Bug
+
+<!-- Comment:
+A clear and concise description of what the bug is.
+-->
+
+## Steps To Reproduce
+
+<!-- Comment:
+How can we reproduce the behavior:
+-->
+
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. Click on '...'
+
+## Expected Result
+
+<!-- Comment:
+A clear and concise description of what you expected to happen.
+-->
+
+## Actual Result
+
+<!-- Comment:
+A clear and concise description of what is happening.
+-->
+
+## Screenshots or Videos
+
+<!-- Comment:
+If applicable, add screenshots and/or a short video to help explain your problem.
+-->
+
+## Environment
+
+- Operating system: [e.g. Windows 10, Mac OS Catalina]
+- Browser: [e.g. Firefox 73.0.1]
+- Build Version (Bottom of the page): [2.13.0]
+
+## Additional Context
+
+<!-- Comment:
+Add any other context about the problem here.
+-->

LICENSE.txt

@@ -1,674 +1,17 @@
-                    GNU GENERAL PUBLIC LICENSE
-                       Version 3, 29 June 2007
-
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-                            Preamble
-
-  The GNU General Public License is a free, copyleft license for
-software and other kinds of works.
-
-  The licenses for most software and other practical works are designed
-to take away your freedom to share and change the works.  By contrast,
-the GNU General Public License is intended to guarantee your freedom to
-share and change all versions of a program--to make sure it remains free
-software for all its users.  We, the Free Software Foundation, use the
-GNU General Public License for most of our software; it applies also to
-any other work released this way by its authors.  You can apply it to
-your programs, too.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-them if you wish), that you receive source code or can get it if you
-want it, that you can change the software or use pieces of it in new
-free programs, and that you know you can do these things.
-
-  To protect your rights, we need to prevent others from denying you
-these rights or asking you to surrender the rights.  Therefore, you have
-certain responsibilities if you distribute copies of the software, or if
-you modify it: responsibilities to respect the freedom of others.
-
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must pass on to the recipients the same
-freedoms that you received.  You must make sure that they, too, receive
-or can get the source code.  And you must show them these terms so they
-know their rights.
-
-  Developers that use the GNU GPL protect your rights with two steps:
-(1) assert copyright on the software, and (2) offer you this License
-giving you legal permission to copy, distribute and/or modify it.
-
-  For the developers' and authors' protection, the GPL clearly explains
-that there is no warranty for this free software.  For both users' and
-authors' sake, the GPL requires that modified versions be marked as
-changed, so that their problems will not be attributed erroneously to
-authors of previous versions.
-
-  Some devices are designed to deny users access to install or run
-modified versions of the software inside them, although the manufacturer
-can do so.  This is fundamentally incompatible with the aim of
-protecting users' freedom to change the software.  The systematic
-pattern of such abuse occurs in the area of products for individuals to
-use, which is precisely where it is most unacceptable.  Therefore, we
-have designed this version of the GPL to prohibit the practice for those
-products.  If such problems arise substantially in other domains, we
-stand ready to extend this provision to those domains in future versions
-of the GPL, as needed to protect the freedom of users.
-
-  Finally, every program is threatened constantly by software patents.
-States should not allow patents to restrict development and use of
-software on general-purpose computers, but in those that do, we wish to
-avoid the special danger that patents applied to a free program could
-make it effectively proprietary.  To prevent this, the GPL assures that
-patents cannot be used to render the program non-free.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-                       TERMS AND CONDITIONS
-
-  0. Definitions.
-
-  "This License" refers to version 3 of the GNU General Public License.
-
-  "Copyright" also means copyright-like laws that apply to other kinds of
-works, such as semiconductor masks.
-
-  "The Program" refers to any copyrightable work licensed under this
-License.  Each licensee is addressed as "you".  "Licensees" and
-"recipients" may be individuals or organizations.
-
-  To "modify" a work means to copy from or adapt all or part of the work
-in a fashion requiring copyright permission, other than the making of an
-exact copy.  The resulting work is called a "modified version" of the
-earlier work or a work "based on" the earlier work.
-
-  A "covered work" means either the unmodified Program or a work based
-on the Program.
-
-  To "propagate" a work means to do anything with it that, without
-permission, would make you directly or secondarily liable for
-infringement under applicable copyright law, except executing it on a
-computer or modifying a private copy.  Propagation includes copying,
-distribution (with or without modification), making available to the
-public, and in some countries other activities as well.
-
-  To "convey" a work means any kind of propagation that enables other
-parties to make or receive copies.  Mere interaction with a user through
-a computer network, with no transfer of a copy, is not conveying.
-
-  An interactive user interface displays "Appropriate Legal Notices"
-to the extent that it includes a convenient and prominently visible
-feature that (1) displays an appropriate copyright notice, and (2)
-tells the user that there is no warranty for the work (except to the
-extent that warranties are provided), that licensees may convey the
-work under this License, and how to view a copy of this License.  If
-the interface presents a list of user commands or options, such as a
-menu, a prominent item in the list meets this criterion.
-
-  1. Source Code.
-
-  The "source code" for a work means the preferred form of the work
-for making modifications to it.  "Object code" means any non-source
-form of a work.
-
-  A "Standard Interface" means an interface that either is an official
-standard defined by a recognized standards body, or, in the case of
-interfaces specified for a particular programming language, one that
-is widely used among developers working in that language.
-
-  The "System Libraries" of an executable work include anything, other
-than the work as a whole, that (a) is included in the normal form of
-packaging a Major Component, but which is not part of that Major
-Component, and (b) serves only to enable use of the work with that
-Major Component, or to implement a Standard Interface for which an
-implementation is available to the public in source code form.  A
-"Major Component", in this context, means a major essential component
-(kernel, window system, and so on) of the specific operating system
-(if any) on which the executable work runs, or a compiler used to
-produce the work, or an object code interpreter used to run it.
-
-  The "Corresponding Source" for a work in object code form means all
-the source code needed to generate, install, and (for an executable
-work) run the object code and to modify the work, including scripts to
-control those activities.  However, it does not include the work's
-System Libraries, or general-purpose tools or generally available free
-programs which are used unmodified in performing those activities but
-which are not part of the work.  For example, Corresponding Source
-includes interface definition files associated with source files for
-the work, and the source code for shared libraries and dynamically
-linked subprograms that the work is specifically designed to require,
-such as by intimate data communication or control flow between those
-subprograms and other parts of the work.
-
-  The Corresponding Source need not include anything that users
-can regenerate automatically from other parts of the Corresponding
-Source.
-
-  The Corresponding Source for a work in source code form is that
-same work.
-
-  2. Basic Permissions.
-
-  All rights granted under this License are granted for the term of
-copyright on the Program, and are irrevocable provided the stated
-conditions are met.  This License explicitly affirms your unlimited
-permission to run the unmodified Program.  The output from running a
-covered work is covered by this License only if the output, given its
-content, constitutes a covered work.  This License acknowledges your
-rights of fair use or other equivalent, as provided by copyright law.
-
-  You may make, run and propagate covered works that you do not
-convey, without conditions so long as your license otherwise remains
-in force.  You may convey covered works to others for the sole purpose
-of having them make modifications exclusively for you, or provide you
-with facilities for running those works, provided that you comply with
-the terms of this License in conveying all material for which you do
-not control copyright.  Those thus making or running the covered works
-for you must do so exclusively on your behalf, under your direction
-and control, on terms that prohibit them from making any copies of
-your copyrighted material outside their relationship with you.
-
-  Conveying under any other circumstances is permitted solely under
-the conditions stated below.  Sublicensing is not allowed; section 10
-makes it unnecessary.
-
-  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
-
-  No covered work shall be deemed part of an effective technological
-measure under any applicable law fulfilling obligations under article
-11 of the WIPO copyright treaty adopted on 20 December 1996, or
-similar laws prohibiting or restricting circumvention of such
-measures.
-
-  When you convey a covered work, you waive any legal power to forbid
-circumvention of technological measures to the extent such circumvention
-is effected by exercising rights under this License with respect to
-the covered work, and you disclaim any intention to limit operation or
-modification of the work as a means of enforcing, against the work's
-users, your or third parties' legal rights to forbid circumvention of
-technological measures.
-
-  4. Conveying Verbatim Copies.
-
-  You may convey verbatim copies of the Program's source code as you
-receive it, in any medium, provided that you conspicuously and
-appropriately publish on each copy an appropriate copyright notice;
-keep intact all notices stating that this License and any
-non-permissive terms added in accord with section 7 apply to the code;
-keep intact all notices of the absence of any warranty; and give all
-recipients a copy of this License along with the Program.
-
-  You may charge any price or no price for each copy that you convey,
-and you may offer support or warranty protection for a fee.
-
-  5. Conveying Modified Source Versions.
-
-  You may convey a work based on the Program, or the modifications to
-produce it from the Program, in the form of source code under the
-terms of section 4, provided that you also meet all of these conditions:
-
-    a) The work must carry prominent notices stating that you modified
-    it, and giving a relevant date.
-
-    b) The work must carry prominent notices stating that it is
-    released under this License and any conditions added under section
-    7.  This requirement modifies the requirement in section 4 to
-    "keep intact all notices".
-
-    c) You must license the entire work, as a whole, under this
-    License to anyone who comes into possession of a copy.  This
-    License will therefore apply, along with any applicable section 7
-    additional terms, to the whole of the work, and all its parts,
-    regardless of how they are packaged.  This License gives no
-    permission to license the work in any other way, but it does not
-    invalidate such permission if you have separately received it.
-
-    d) If the work has interactive user interfaces, each must display
-    Appropriate Legal Notices; however, if the Program has interactive
-    interfaces that do not display Appropriate Legal Notices, your
-    work need not make them do so.
-
-  A compilation of a covered work with other separate and independent
-works, which are not by their nature extensions of the covered work,
-and which are not combined with it such as to form a larger program,
-in or on a volume of a storage or distribution medium, is called an
-"aggregate" if the compilation and its resulting copyright are not
-used to limit the access or legal rights of the compilation's users
-beyond what the individual works permit.  Inclusion of a covered work
-in an aggregate does not cause this License to apply to the other
-parts of the aggregate.
-
-  6. Conveying Non-Source Forms.
-
-  You may convey a covered work in object code form under the terms
-of sections 4 and 5, provided that you also convey the
-machine-readable Corresponding Source under the terms of this License,
-in one of these ways:
-
-    a) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by the
-    Corresponding Source fixed on a durable physical medium
-    customarily used for software interchange.
-
-    b) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by a
-    written offer, valid for at least three years and valid for as
-    long as you offer spare parts or customer support for that product
-    model, to give anyone who possesses the object code either (1) a
-    copy of the Corresponding Source for all the software in the
-    product that is covered by this License, on a durable physical
-    medium customarily used for software interchange, for a price no
-    more than your reasonable cost of physically performing this
-    conveying of source, or (2) access to copy the
-    Corresponding Source from a network server at no charge.
-
-    c) Convey individual copies of the object code with a copy of the
-    written offer to provide the Corresponding Source.  This
-    alternative is allowed only occasionally and noncommercially, and
-    only if you received the object code with such an offer, in accord
-    with subsection 6b.
-
-    d) Convey the object code by offering access from a designated
-    place (gratis or for a charge), and offer equivalent access to the
-    Corresponding Source in the same way through the same place at no
-    further charge.  You need not require recipients to copy the
-    Corresponding Source along with the object code.  If the place to
-    copy the object code is a network server, the Corresponding Source
-    may be on a different server (operated by you or a third party)
-    that supports equivalent copying facilities, provided you maintain
-    clear directions next to the object code saying where to find the
-    Corresponding Source.  Regardless of what server hosts the
-    Corresponding Source, you remain obligated to ensure that it is
-    available for as long as needed to satisfy these requirements.
-
-    e) Convey the object code using peer-to-peer transmission, provided
-    you inform other peers where the object code and Corresponding
-    Source of the work are being offered to the general public at no
-    charge under subsection 6d.
-
-  A separable portion of the object code, whose source code is excluded
-from the Corresponding Source as a System Library, need not be
-included in conveying the object code work.
-
-  A "User Product" is either (1) a "consumer product", which means any
-tangible personal property which is normally used for personal, family,
-or household purposes, or (2) anything designed or sold for incorporation
-into a dwelling.  In determining whether a product is a consumer product,
-doubtful cases shall be resolved in favor of coverage.  For a particular
-product received by a particular user, "normally used" refers to a
-typical or common use of that class of product, regardless of the status
-of the particular user or of the way in which the particular user
-actually uses, or expects or is expected to use, the product.  A product
-is a consumer product regardless of whether the product has substantial
-commercial, industrial or non-consumer uses, unless such uses represent
-the only significant mode of use of the product.
-
-  "Installation Information" for a User Product means any methods,
-procedures, authorization keys, or other information required to install
-and execute modified versions of a covered work in that User Product from
-a modified version of its Corresponding Source.  The information must
-suffice to ensure that the continued functioning of the modified object
-code is in no case prevented or interfered with solely because
-modification has been made.
-
-  If you convey an object code work under this section in, or with, or
-specifically for use in, a User Product, and the conveying occurs as
-part of a transaction in which the right of possession and use of the
-User Product is transferred to the recipient in perpetuity or for a
-fixed term (regardless of how the transaction is characterized), the
-Corresponding Source conveyed under this section must be accompanied
-by the Installation Information.  But this requirement does not apply
-if neither you nor any third party retains the ability to install
-modified object code on the User Product (for example, the work has
-been installed in ROM).
-
-  The requirement to provide Installation Information does not include a
-requirement to continue to provide support service, warranty, or updates
-for a work that has been modified or installed by the recipient, or for
-the User Product in which it has been modified or installed.  Access to a
-network may be denied when the modification itself materially and
-adversely affects the operation of the network or violates the rules and
-protocols for communication across the network.
-
-  Corresponding Source conveyed, and Installation Information provided,
-in accord with this section must be in a format that is publicly
-documented (and with an implementation available to the public in
-source code form), and must require no special password or key for
-unpacking, reading or copying.
-
-  7. Additional Terms.
-
-  "Additional permissions" are terms that supplement the terms of this
-License by making exceptions from one or more of its conditions.
-Additional permissions that are applicable to the entire Program shall
-be treated as though they were included in this License, to the extent
-that they are valid under applicable law.  If additional permissions
-apply only to part of the Program, that part may be used separately
-under those permissions, but the entire Program remains governed by
-this License without regard to the additional permissions.
-
-  When you convey a copy of a covered work, you may at your option
-remove any additional permissions from that copy, or from any part of
-it.  (Additional permissions may be written to require their own
-removal in certain cases when you modify the work.)  You may place
-additional permissions on material, added by you to a covered work,
-for which you have or can give appropriate copyright permission.
-
-  Notwithstanding any other provision of this License, for material you
-add to a covered work, you may (if authorized by the copyright holders of
-that material) supplement the terms of this License with terms:
-
-    a) Disclaiming warranty or limiting liability differently from the
-    terms of sections 15 and 16 of this License; or
-
-    b) Requiring preservation of specified reasonable legal notices or
-    author attributions in that material or in the Appropriate Legal
-    Notices displayed by works containing it; or
-
-    c) Prohibiting misrepresentation of the origin of that material, or
-    requiring that modified versions of such material be marked in
-    reasonable ways as different from the original version; or
-
-    d) Limiting the use for publicity purposes of names of licensors or
-    authors of the material; or
-
-    e) Declining to grant rights under trademark law for use of some
-    trade names, trademarks, or service marks; or
-
-    f) Requiring indemnification of licensors and authors of that
-    material by anyone who conveys the material (or modified versions of
-    it) with contractual assumptions of liability to the recipient, for
-    any liability that these contractual assumptions directly impose on
-    those licensors and authors.
-
-  All other non-permissive additional terms are considered "further
-restrictions" within the meaning of section 10.  If the Program as you
-received it, or any part of it, contains a notice stating that it is
-governed by this License along with a term that is a further
-restriction, you may remove that term.  If a license document contains
-a further restriction but permits relicensing or conveying under this
-License, you may add to a covered work material governed by the terms
-of that license document, provided that the further restriction does
-not survive such relicensing or conveying.
-
-  If you add terms to a covered work in accord with this section, you
-must place, in the relevant source files, a statement of the
-additional terms that apply to those files, or a notice indicating
-where to find the applicable terms.
-
-  Additional terms, permissive or non-permissive, may be stated in the
-form of a separately written license, or stated as exceptions;
-the above requirements apply either way.
-
-  8. Termination.
-
-  You may not propagate or modify a covered work except as expressly
-provided under this License.  Any attempt otherwise to propagate or
-modify it is void, and will automatically terminate your rights under
-this License (including any patent licenses granted under the third
-paragraph of section 11).
-
-  However, if you cease all violation of this License, then your
-license from a particular copyright holder is reinstated (a)
-provisionally, unless and until the copyright holder explicitly and
-finally terminates your license, and (b) permanently, if the copyright
-holder fails to notify you of the violation by some reasonable means
-prior to 60 days after the cessation.
-
-  Moreover, your license from a particular copyright holder is
-reinstated permanently if the copyright holder notifies you of the
-violation by some reasonable means, this is the first time you have
-received notice of violation of this License (for any work) from that
-copyright holder, and you cure the violation prior to 30 days after
-your receipt of the notice.
-
-  Termination of your rights under this section does not terminate the
-licenses of parties who have received copies or rights from you under
-this License.  If your rights have been terminated and not permanently
-reinstated, you do not qualify to receive new licenses for the same
-material under section 10.
-
-  9. Acceptance Not Required for Having Copies.
-
-  You are not required to accept this License in order to receive or
-run a copy of the Program.  Ancillary propagation of a covered work
-occurring solely as a consequence of using peer-to-peer transmission
-to receive a copy likewise does not require acceptance.  However,
-nothing other than this License grants you permission to propagate or
-modify any covered work.  These actions infringe copyright if you do
-not accept this License.  Therefore, by modifying or propagating a
-covered work, you indicate your acceptance of this License to do so.
-
-  10. Automatic Licensing of Downstream Recipients.
-
-  Each time you convey a covered work, the recipient automatically
-receives a license from the original licensors, to run, modify and
-propagate that work, subject to this License.  You are not responsible
-for enforcing compliance by third parties with this License.
-
-  An "entity transaction" is a transaction transferring control of an
-organization, or substantially all assets of one, or subdividing an
-organization, or merging organizations.  If propagation of a covered
-work results from an entity transaction, each party to that
-transaction who receives a copy of the work also receives whatever
-licenses to the work the party's predecessor in interest had or could
-give under the previous paragraph, plus a right to possession of the
-Corresponding Source of the work from the predecessor in interest, if
-the predecessor has it or can get it with reasonable efforts.
-
-  You may not impose any further restrictions on the exercise of the
-rights granted or affirmed under this License.  For example, you may
-not impose a license fee, royalty, or other charge for exercise of
-rights granted under this License, and you may not initiate litigation
-(including a cross-claim or counterclaim in a lawsuit) alleging that
-any patent claim is infringed by making, using, selling, offering for
-sale, or importing the Program or any portion of it.
-
-  11. Patents.
-
-  A "contributor" is a copyright holder who authorizes use under this
-License of the Program or a work on which the Program is based.  The
-work thus licensed is called the contributor's "contributor version".
-
-  A contributor's "essential patent claims" are all patent claims
-owned or controlled by the contributor, whether already acquired or
-hereafter acquired, that would be infringed by some manner, permitted
-by this License, of making, using, or selling its contributor version,
-but do not include claims that would be infringed only as a
-consequence of further modification of the contributor version.  For
-purposes of this definition, "control" includes the right to grant
-patent sublicenses in a manner consistent with the requirements of
-this License.
-
-  Each contributor grants you a non-exclusive, worldwide, royalty-free
-patent license under the contributor's essential patent claims, to
-make, use, sell, offer for sale, import and otherwise run, modify and
-propagate the contents of its contributor version.
-
-  In the following three paragraphs, a "patent license" is any express
-agreement or commitment, however denominated, not to enforce a patent
-(such as an express permission to practice a patent or covenant not to
-sue for patent infringement).  To "grant" such a patent license to a
-party means to make such an agreement or commitment not to enforce a
-patent against the party.
-
-  If you convey a covered work, knowingly relying on a patent license,
-and the Corresponding Source of the work is not available for anyone
-to copy, free of charge and under the terms of this License, through a
-publicly available network server or other readily accessible means,
-then you must either (1) cause the Corresponding Source to be so
-available, or (2) arrange to deprive yourself of the benefit of the
-patent license for this particular work, or (3) arrange, in a manner
-consistent with the requirements of this License, to extend the patent
-license to downstream recipients.  "Knowingly relying" means you have
-actual knowledge that, but for the patent license, your conveying the
-covered work in a country, or your recipient's use of the covered work
-in a country, would infringe one or more identifiable patents in that
-country that you have reason to believe are valid.
-
-  If, pursuant to or in connection with a single transaction or
-arrangement, you convey, or propagate by procuring conveyance of, a
-covered work, and grant a patent license to some of the parties
-receiving the covered work authorizing them to use, propagate, modify
-or convey a specific copy of the covered work, then the patent license
-you grant is automatically extended to all recipients of the covered
-work and works based on it.
-
-  A patent license is "discriminatory" if it does not include within
-the scope of its coverage, prohibits the exercise of, or is
-conditioned on the non-exercise of one or more of the rights that are
-specifically granted under this License.  You may not convey a covered
-work if you are a party to an arrangement with a third party that is
-in the business of distributing software, under which you make payment
-to the third party based on the extent of your activity of conveying
-the work, and under which the third party grants, to any of the
-parties who would receive the covered work from you, a discriminatory
-patent license (a) in connection with copies of the covered work
-conveyed by you (or copies made from those copies), or (b) primarily
-for and in connection with specific products or compilations that
-contain the covered work, unless you entered into that arrangement,
-or that patent license was granted, prior to 28 March 2007.
-
-  Nothing in this License shall be construed as excluding or limiting
-any implied license or other defenses to infringement that may
-otherwise be available to you under applicable patent law.
-
-  12. No Surrender of Others' Freedom.
-
-  If conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot convey a
-covered work so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you may
-not convey it at all.  For example, if you agree to terms that obligate you
-to collect a royalty for further conveying from those to whom you convey
-the Program, the only way you could satisfy both those terms and this
-License would be to refrain entirely from conveying the Program.
-
-  13. Use with the GNU Affero General Public License.
-
-  Notwithstanding any other provision of this License, you have
-permission to link or combine any covered work with a work licensed
-under version 3 of the GNU Affero General Public License into a single
-combined work, and to convey the resulting work.  The terms of this
-License will continue to apply to the part which is the covered work,
-but the special requirements of the GNU Affero General Public License,
-section 13, concerning interaction through a network will apply to the
-combination as such.
-
-  14. Revised Versions of this License.
-
-  The Free Software Foundation may publish revised and/or new versions of
-the GNU General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-  Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU General
-Public License "or any later version" applies to it, you have the
-option of following the terms and conditions either of that numbered
-version or of any later version published by the Free Software
-Foundation.  If the Program does not specify a version number of the
-GNU General Public License, you may choose any version ever published
-by the Free Software Foundation.
-
-  If the Program specifies that a proxy can decide which future
-versions of the GNU General Public License can be used, that proxy's
-public statement of acceptance of a version permanently authorizes you
-to choose that version for the Program.
-
-  Later license versions may give you additional or different
-permissions.  However, no additional obligations are imposed on any
-author or copyright holder as a result of your choosing to follow a
-later version.
-
-  15. Disclaimer of Warranty.
-
-  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
-APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
-HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
-OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
-THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
-IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
-ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
-  16. Limitation of Liability.
-
-  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
-THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
-GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
-USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
-DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
-PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
-EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGES.
-
-  17. Interpretation of Sections 15 and 16.
-
-  If the disclaimer of warranty and limitation of liability provided
-above cannot be given local legal effect according to their terms,
-reviewing courts shall apply local law that most closely approximates
-an absolute waiver of all civil liability in connection with the
-Program, unless a warranty or assumption of liability accompanies a
-copy of the Program in return for a fee.
-
-                     END OF TERMS AND CONDITIONS
-
-            How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-state the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    {one line to give the program's name and a brief idea of what it does.}
-    Copyright (C) {year}  {name of author}
-
-    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-Also add information on how to contact you by electronic and paper mail.
-
-  If the program does terminal interaction, make it output a short
-notice like this when it starts in an interactive mode:
-
-    {project}  Copyright (C) {year}  {fullname}
-    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, your program's commands
-might be different; for a GUI interface, you would use an "about box".
-
-  You should also get your employer (if you work as a programmer) or school,
-if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU GPL, see
-<http://www.gnu.org/licenses/>.
-
-  The GNU General Public License does not permit incorporating your program
-into proprietary programs.  If your program is a subroutine library, you
-may consider it more useful to permit linking proprietary applications with
-the library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.  But first, please read
-<http://www.gnu.org/philosophy/why-not-lgpl.html>.
+Source code in this repository is covered by one of two licenses: (i) the
+GNU General Public License (GPL) v3.0 (ii) the Bitwarden License v1.0. The
+default license throughout the repository is GPL v3.0 unless the header
+specifies another license. Bitwarden Licensed code is found only in the
+/bitwarden_license directory.
+
+GPL v3.0:
+https://github.com/bitwarden/web/blob/master/LICENSE_GPL.txt
+
+Bitwarden License v1.0:
+https://github.com/bitwarden/web/blob/master/LICENSE_BITWARDEN.txt
+
+No grant of any rights in the trademarks, service marks, or logos of Bitwarden is
+made (except as may be necessary to comply with the notice requirements as
+applicable), and use of any Bitwarden trademarks must comply with Bitwarden
+Trademark Guidelines 
+<https://github.com/bitwarden/server/blob/master/TRADEMARK_GUIDELINES.md>.

LICENSE_BITWARDEN.txt

@@ -0,0 +1,182 @@
+BITWARDEN LICENSE AGREEMENT
+Version 1, 4 September 2020
+
+PLEASE CAREFULLY READ THIS BITWARDEN LICENSE AGREEMENT ("AGREEMENT"). THIS
+AGREEMENT CONSTITUTES A LEGALLY BINDING AGREEMENT BETWEEN YOU AND BITWARDEN,
+INC. ("BITWARDEN") AND GOVERNS YOUR USE OF THE COMMERCIAL MODULES (DEFINED
+BELOW). BY COPYING OR USING THE COMMERCIAL MODULES, YOU AGREE TO THIS AGREEMENT.
+IF YOU DO NOT AGREE WITH THIS AGREEMENT, YOU MAY NOT COPY OR USE THE COMMERCIAL
+MODULES. IF YOU ARE COPYING OR USING THE COMMERCIAL MODULES ON BEHALF OF A LEGAL
+ENTITY, YOU REPRESENT AND WARRANT THAT YOU HAVE AUTHORITY TO AGREE TO THIS
+AGREEMENT ON BEHALF OF SUCH ENTITY. IF YOU DO NOT HAVE SUCH AUTHORITY, DO NOT
+COPY OR USE THE COMMERCIAL MODULES IN ANY MANNER.
+
+This Agreement is entered into by and between Bitwarden and you, or the legal
+entity on behalf of whom you are acting (as applicable, "You" or "Your").
+
+1. DEFINITIONS
+
+"Bitwarden Software" means the Bitwarden server software, libraries, and
+Commercial Modules.
+
+"Commercial Modules" means the modules designed to work with and enhance the
+Bitwarden Software to which this Agreement is linked, referenced, or appended.
+
+2. LICENSES, RESTRICTIONS AND THIRD PARTY CODE
+
+2.1   Commercial Module License. Subject to Your compliance with this Agreement,
+Bitwarden hereby grants to You a limited, non-exclusive, non-transferable,
+royalty-free license to use the Commercial Modules for the sole purposes of
+internal development and internal testing, and only in a non-production
+environment.
+
+2.2   Reservation of Rights. As between Bitwarden and You, Bitwarden owns all
+right, title and interest in and to the Bitwarden Software, and except as
+expressly set forth in Sections 2.1, no other license to the Bitwarden Software
+is granted to You under this Agreement, by implication, estoppel, or otherwise.
+
+2.3   Restrictions. You agree not to: (i) except as expressly permitted in
+Section 2.1, sell, rent, lease, distribute, sublicense, loan or otherwise
+transfer the Commercial Modules to any third party; (ii) alter or remove any
+trademarks, service mark, and logo included with the Commercial Modules, or
+(iii) use the Commercial Modules to create a competing product or service.
+Bitwarden is not obligated to provide maintenance and support services for the
+Bitwarden Software licensed under this Agreement.
+
+2.4   Third Party Software. The Commercial Modules may contain or be provided
+with third party open source libraries, components, utilities and other open
+source software (collectively, "Open Source Software"). Notwithstanding anything
+to the contrary herein, use of the Open Source Software will be subject to the
+license terms and conditions applicable to such Open Source Software. To the
+extent any condition of this Agreement conflicts with any license to the Open
+Source Software, the Open Source Software license will govern with respect to
+such Open Source Software only.
+
+2.5 This Agreement does not grant any rights in the trademarks, service marks, or
+logos of any Contributor (except as may be necessary to comply with the notice
+requirements in Section 2.3), and use of any Bitwarden trademarks must comply with
+Bitwarden Trademark Guidelines
+<https://github.com/bitwarden/server/blob/master/TRADEMARK_GUIDELINES.md>.
+
+3. TERMINATION
+
+3.1   Termination. This Agreement will automatically terminate upon notice from
+Bitwarden, which notice may be by email or posting in the location where the
+Commercial Modules are made available.
+
+3.2   Effect of Termination. Upon any termination of this Agreement, for any
+reason, You will promptly cease use of the Commercial Modules and destroy any
+copies thereof. For the avoidance of doubt, termination of this Agreement will
+not affect Your right to Bitwarden Software, other than the Commercial Modules,
+made available pursuant to an Open Source Software license.
+
+3.3   Survival. Sections 1, 2.2 -2.4, 3.2, 3.3, 4, and 5 will survive any
+termination of this Agreement.
+
+4. DISCLAIMER AND LIMITATION OF LIABILITY
+
+4.1   Disclaimer of Warranties. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE
+LAW, THE BITWARDEN SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED REGARDING OR RELATING TO THE BITWARDEN SOFTWARE, INCLUDING
+ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
+TITLE, AND NON-INFRINGEMENT. FURTHER, BITWARDEN DOES NOT WARRANT RESULTS OF USE
+OR THAT THE BITWARDEN SOFTWARE WILL BE ERROR FREE OR THAT THE USE OF THE
+BITWARDEN SOFTWARE WILL BE UNINTERRUPTED.
+
+4.2   Limitation of Liability. IN NO EVENT WILL BITWARDEN OR ITS LICENSORS BE
+LIABLE TO YOU OR ANY THIRD PARTY UNDER THIS AGREEMENT FOR (I) ANY AMOUNTS IN
+EXCESS OF US $25 OR (II) FOR ANY SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF
+ANY KIND, INCLUDING FOR ANY LOSS OF PROFITS, LOSS OF USE, BUSINESS INTERRUPTION,
+LOSS OF DATA, COST OF SUBSTITUTE GOODS OR SERVICES, WHETHER ALLEGED AS A BREACH
+OF CONTRACT OR TORTIOUS CONDUCT, INCLUDING NEGLIGENCE, EVEN IF BITWARDEN HAS
+BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+5. MISCELLANEOUS
+
+5.1   Assignment. You may not assign or otherwise transfer this Agreement or any
+rights or obligations hereunder, in whole or in part, whether by operation of
+law or otherwise, to any third party without Bitwarden's prior written consent.
+Any purported transfer, assignment or delegation without such prior written
+consent will be null and void and of no force or effect. Bitwarden may assign
+this Agreement to any successor to its business or assets to which this
+Agreement relates, whether by merger, sale of assets, sale of stock,
+reorganization or otherwise. Subject to this Section 5.1, this Agreement will be
+binding upon and inure to the benefit of the parties hereto, and their
+respective successors and permitted assigns.
+
+5.2   Entire Agreement; Modification; Waiver. This Agreement represents the
+entire agreement between the parties, and supersedes all prior agreements and
+understandings, written or oral, with respect to the matters covered by this
+Agreement, and is not intended to confer upon any third party any rights or
+remedies hereunder. You acknowledge that You have not entered in this Agreement
+based on any representations other than those contained herein. No modification
+of or amendment to this Agreement, nor any waiver of any rights under this
+Agreement, will be effective unless in writing and signed by both parties. The
+waiver of one breach or default or any delay in exercising any rights will not
+constitute a waiver of any subsequent breach or default.
+
+5.3   Governing Law. This Agreement will in all respects be governed by the laws
+of the State of California without reference to its principles of conflicts of
+laws. The parties hereby agree that all disputes arising out of this Agreement
+will be subject to the exclusive jurisdiction of and venue in the federal and
+state courts within Los Angeles County, California. You hereby consent to the
+personal and exclusive jurisdiction and venue of these courts. The parties
+hereby disclaim and exclude the application hereto of the United Nations
+Convention on Contracts for the International Sale of Goods.
+
+5.4   Severability. If any provision of this Agreement is held invalid or
+unenforceable under applicable law by a court of competent jurisdiction, it will
+be replaced with the valid provision that most closely reflects the intent of
+the parties and the remaining provisions of the Agreement will remain in full
+force and effect.
+
+5.5   Relationship of the Parties. Nothing in this Agreement is to be construed
+as creating an agency, partnership, or joint venture relationship between the
+parties hereto. Neither party will have any right or authority to assume or
+create any obligations or to make any representations or warranties on behalf of
+any other party, whether express or implied, or to bind the other party in any
+respect whatsoever.
+
+5.6   Notices. All notices permitted or required under this Agreement will be in
+writing and will be deemed to have been given when delivered in person
+(including by overnight courier), or three (3) business days after being mailed
+by first class, registered or certified mail, postage prepaid, to the address of
+the party specified in this Agreement or such other address as either party may
+specify in writing.
+
+5.7   U.S. Government Restricted Rights. If Commercial Modules is being licensed
+by the U.S. Government, the Commercial Modules is deemed to be "commercial
+computer software" and "commercial computer documentation" developed exclusively
+at private expense, and (a) if acquired by or on behalf of a civilian agency,
+will be subject solely to the terms of this computer software license as
+specified in 48 C.F.R. 12.212 of the Federal Acquisition Regulations and its
+successors; and (b) if acquired by or on behalf of units of the Department of
+Defense ("DOD") will be subject to the terms of this commercial computer
+software license as specified in 48 C.F.R. 227.7202-2, DOD FAR Supplement and
+its successors.
+
+5.8   Injunctive Relief. A breach or threatened breach by You of Section 2 may
+cause irreparable harm for which damages at law may not provide adequate relief,
+and therefore Bitwarden will be entitled to seek injunctive relief in any
+applicable jurisdiction without being required to post a bond.
+
+5.9   Export Law Assurances. You understand that the Commercial Modules is
+subject to export control laws and regulations. You may not download or
+otherwise export or re-export the Commercial Modules or any underlying
+information or technology except in full compliance with all applicable laws and
+regulations, in particular, but without limitation, United States export control
+laws. None of the Commercial Modules or any underlying information or technology
+may be downloaded or otherwise exported or re- exported: (a) into (or to a
+national or resident of) any country to which the United States has embargoed
+goods; or (b) to anyone on the U.S. Treasury Department's list of specially
+designated nationals or the U.S. Commerce Department's list of prohibited
+countries or debarred or denied persons or entities. You hereby agree to the
+foregoing and represents and warrants that You are not located in, under control
+of, or a national or resident of any such country or on any such list.
+
+5.10  Construction. The titles and section headings used in this Agreement are
+for ease of reference only and will not be used in the interpretation or
+construction of this Agreement. No rule of construction resolving any ambiguity
+in favor of the non-drafting party will be applied hereto. The word "including",
+when used herein, is illustrative rather than exclusive and means "including,
+without limitation."

LICENSE_GPL.txt

@@ -0,0 +1,674 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    {one line to give the program's name and a brief idea of what it does.}
+    Copyright (C) {year}  {name of author}
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    {project}  Copyright (C) {year}  {fullname}
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<http://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<http://www.gnu.org/philosophy/why-not-lgpl.html>.

README.md

@@ -1,32 +1,70 @@
-[![appveyor build](https://ci.appveyor.com/api/projects/status/github/bitwarden/web?branch=master&svg=true)](https://ci.appveyor.com/project/bitwarden/web) [![DockerHub](https://img.shields.io/docker/pulls/bitwarden/web.svg)](https://hub.docker.com/u/bitwarden/) [![Join the chat at https://gitter.im/bitwarden/Lobby](https://badges.gitter.im/bitwarden/Lobby.svg)](https://gitter.im/bitwarden/Lobby)
+<p align="center">
+    <img src="https://raw.githubusercontent.com/bitwarden/brand/master/screenshots/web-vault-macbook.png" alt="" width="600" height="358" />
+</p>
+<p align="center">
+    The Bitwarden web project is an Angular application that powers the web vault (https://vault.bitwarden.com/).
+</p>
+<p align="center">
+  <a href="https://github.com/bitwarden/web/actions?query=branch:master" target="_blank">
+    <img src="https://github.com/bitwarden/web/actions/workflows/build.yml/badge.svg?branch=master" alt="Github Workflow build on master" />
+  </a>
+  <a href="https://crowdin.com/project/bitwarden-web" target="_blank">
+    <img src="https://d322cqt584bo4o.cloudfront.net/bitwarden-web/localized.svg" alt="Crowdin" />
+  </a>
+  <a href="https://hub.docker.com/u/bitwarden/" target="_blank">
+    <img src="https://img.shields.io/docker/pulls/bitwarden/web.svg" alt="DockerHub" />
+  </a>
+  <a href="https://gitter.im/bitwarden/Lobby" target="_blank">
+    <img src="https://badges.gitter.im/bitwarden/Lobby.svg" alt="gitter chat" />
+  </a>
+</p>
 
-# Bitwarden Web Vault
+## Build/Run
 
-The Bitwarden web project is an AngularJS application that powers the web vault (https://vault.bitwarden.com/).
+### Requirements
 
-<img src="https://i.imgur.com/rxrykeX.png" alt="" width="791" height="739" />
+- [Node.js](https://nodejs.org) v14.17 or greater
+- NPM v7
 
-# Build/Run
+### Run the app
 
-**Requirements**
+For local development, run the app with:
 
-- Node.js
-- Gulp
+```
+npm install
+npm run build:watch
+```
 
-By default the application points to the production API. If you want to change that to point to a local instance of
-the [Core](https://github.com/bitwarden/core) API, you can modify the `package.json` `env` property to `Development`
-and then set your local endpoints in `settings.json`.
+You can now access the web vault in your browser at `https://localhost:8080`.
 
-Then run the following commands:
+If you want to point the development web vault to the production APIs, you can run using:
 
-- `npm install`
-- `gulp build`
-- `gulp serve`
+```
+npm install
+ENV=production npm run build:watch
+```
 
-You can now access the web vault at `http://localhost:4001`.
+You can also manually adjusting your API endpoint settings by adding `config/development.json` overriding any of the values in `config/base.json`. For example:
 
-# Contribute
+```typescript
+{
+    "proxyApi": "http://your-api-url",
+    "proxyIdentity": "http://your-identity-url",
+    "proxyEvents": "http://your-events-url",
+    "proxyNotifications": "http://your-notifications-url",
+    "proxyPortal": "http://your-portal-url",
+    "allowedHosts": ["hostnames-to-allow-in-webpack"]
+}
+```
 
-Code contributions are welcome! Please commit any pull requests against the `master` branch.
+To pick up the overrides in the newly created `config/development.json` file, run the app with:
+
+```
+npm run build:dev:watch
+```
+
+## Contribute
+
+Code contributions are welcome! Please commit any pull requests against the `master` branch. Learn more about how to contribute by reading the [`CONTRIBUTING.md`](CONTRIBUTING.md) file.
 
 Security audits and feedback are welcome. Please open an issue or email us privately if the report is sensitive in nature. You can read our security policy in the [`SECURITY.md`](SECURITY.md) file.

bitwarden-web.sln

@@ -1,39 +0,0 @@
-
-Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio 15
-VisualStudioVersion = 15.0.26228.9
-MinimumVisualStudioVersion = 10.0.40219.1
-Project("{E24C65DC-7377-472B-9ABA-BC803B73C61A}") = "bitwarden-web", ".", "{25BEDEF4-2CAF-445A-807D-63C17FF85694}"
-	ProjectSection(WebsiteProperties) = preProject
-		TargetFrameworkMoniker = ".NETFramework,Version%3Dv4.6.1"
-		Debug.AspNetCompiler.VirtualPath = "/localhost_15509"
-		Debug.AspNetCompiler.PhysicalPath = "."
-		Debug.AspNetCompiler.TargetPath = "PrecompiledWeb\localhost_15509\"
-		Debug.AspNetCompiler.Updateable = "true"
-		Debug.AspNetCompiler.ForceOverwrite = "true"
-		Debug.AspNetCompiler.FixedNames = "false"
-		Debug.AspNetCompiler.Debug = "True"
-		Release.AspNetCompiler.VirtualPath = "/localhost_15509"
-		Release.AspNetCompiler.PhysicalPath = "."
-		Release.AspNetCompiler.TargetPath = "PrecompiledWeb\localhost_15509\"
-		Release.AspNetCompiler.Updateable = "true"
-		Release.AspNetCompiler.ForceOverwrite = "true"
-		Release.AspNetCompiler.FixedNames = "false"
-		Release.AspNetCompiler.Debug = "False"
-		VWDPort = "15509"
-		SlnRelativePath = "."
-		DefaultWebSiteLanguage = "Visual C#"
-	EndProjectSection
-EndProject
-Global
-	GlobalSection(SolutionConfigurationPlatforms) = preSolution
-		Debug|Any CPU = Debug|Any CPU
-	EndGlobalSection
-	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{25BEDEF4-2CAF-445A-807D-63C17FF85694}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{25BEDEF4-2CAF-445A-807D-63C17FF85694}.Debug|Any CPU.Build.0 = Debug|Any CPU
-	EndGlobalSection
-	GlobalSection(SolutionProperties) = preSolution
-		HideSolutionNode = FALSE
-	EndGlobalSection
-EndGlobal

bitwarden_license/README.md

@@ -0,0 +1,3 @@
+# Bitwarden Licensed Code
+
+All source code under this directory is licensed under the [Bitwarden License Agreement](https://github.com/bitwarden/web/blob/master/LICENSE_BITWARDEN.txt).

bitwarden_license/src/app/app-routing.module.ts

@@ -0,0 +1,15 @@
+import { NgModule } from '@angular/core';
+import { RouterModule, Routes } from '@angular/router';
+
+const routes: Routes = [
+    {
+        path: 'providers',
+        loadChildren: async () => (await import('./providers/providers.module')).ProvidersModule,
+    },
+];
+
+@NgModule({
+    imports: [RouterModule.forChild(routes)],
+    exports: [RouterModule],
+})
+export class AppRoutingModule { }

bitwarden_license/src/app/app.module.ts

@@ -0,0 +1,30 @@
+import { ToasterModule } from 'angular2-toaster';
+import { InfiniteScrollModule } from 'ngx-infinite-scroll';
+
+import { DragDropModule } from '@angular/cdk/drag-drop';
+import { NgModule } from '@angular/core';
+import { FormsModule } from '@angular/forms';
+import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
+
+import { AppRoutingModule } from './app-routing.module';
+
+import { AppComponent } from 'src/app/app.component';
+import { OssRoutingModule } from 'src/app/oss-routing.module';
+import { OssModule } from 'src/app/oss.module';
+import { ServicesModule } from 'src/app/services/services.module';
+
+@NgModule({
+    imports: [
+        OssModule,
+        BrowserAnimationsModule,
+        FormsModule,
+        ServicesModule,
+        ToasterModule.forRoot(),
+        InfiniteScrollModule,
+        DragDropModule,
+        AppRoutingModule,
+        OssRoutingModule,
+    ],
+    bootstrap: [AppComponent],
+})
+export class AppModule { }

bitwarden_license/src/app/main.ts

@@ -0,0 +1,17 @@
+import { enableProdMode } from '@angular/core';
+import { platformBrowserDynamic } from '@angular/platform-browser-dynamic';
+
+import 'bootstrap';
+import 'jquery';
+import 'popper.js';
+
+// tslint:disable-next-line
+require('src/scss/styles.scss');
+
+import { AppModule } from './app.module';
+
+if (process.env.NODE_ENV === 'production') {
+    enableProdMode();
+}
+
+platformBrowserDynamic().bootstrapModule(AppModule, { preserveWhitespaces: true });

bitwarden_license/src/app/providers/clients/add-organization.component.html

@@ -0,0 +1,35 @@
+<div class="modal fade" tabindex="-1" role="dialog" aria-modal="true" aria-labelledby="addTitle">
+    <div class="modal-dialog modal-dialog-scrollable" role="document">
+        <div class="modal-content">
+            <div class="modal-header">
+                <h2 class="modal-title" id="addTitle">
+                    {{'addExistingOrganization' | i18n}}
+                </h2>
+                <button type="button" class="close" data-dismiss="modal" appA11yTitle="{{'close' | i18n}}">
+                    <span aria-hidden="true">&times;</span>
+                </button>
+            </div>
+            <div class="modal-body">
+                <div class="card-body text-center" *ngIf="loading">
+                    <i class="fa fa-spinner fa-spin" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+                    {{'loading' | i18n}}
+                </div>
+                <ng-container *ngIf="!loading">
+                    <table class="table table-hover table-list">
+                        <tr *ngFor="let o of organizations">
+                            <td width="30">
+                                <app-avatar [data]="o.name" size="25" [circle]="true" [fontSize]="14"></app-avatar>
+                            </td>
+                            <td>
+                                {{o.name}}
+                            </td>
+                            <td>
+                                <button class="btn btn-outline-secondary pull-right" (click)="add(o)" [disabled]="formPromise">Add</button>
+                            </td>
+                        </tr>
+                    </table>
+                </ng-container>
+            </div>
+        </div>
+    </div>
+</div>

bitwarden_license/src/app/providers/clients/add-organization.component.ts

@@ -0,0 +1,83 @@
+import {
+    Component,
+    EventEmitter,
+    Input,
+    OnInit,
+    Output
+} from '@angular/core';
+import { ToasterService } from 'angular2-toaster';
+
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+import { UserService } from 'jslib-common/abstractions/user.service';
+
+import { ValidationService } from 'jslib-angular/services/validation.service';
+
+import { ProviderService } from '../services/provider.service';
+
+import { Organization } from 'jslib-common/models/domain/organization';
+import { Provider } from 'jslib-common/models/domain/provider';
+
+import { PlanType } from 'jslib-common/enums/planType';
+
+@Component({
+    selector: 'provider-add-organization',
+    templateUrl: 'add-organization.component.html',
+})
+export class AddOrganizationComponent implements OnInit {
+
+    @Input() providerId: string;
+    @Input() organizations: Organization[];
+    @Output() onAddedOrganization = new EventEmitter();
+
+    provider: Provider;
+    formPromise: Promise<any>;
+    loading = true;
+
+    constructor(private userService: UserService, private providerService: ProviderService,
+        private toasterService: ToasterService, private i18nService: I18nService,
+        private platformUtilsService: PlatformUtilsService, private validationService: ValidationService,
+        private apiService: ApiService) { }
+
+    async ngOnInit() {
+        await this.load();
+    }
+
+    async load() {
+        if (this.providerId == null) {
+            return;
+        }
+
+        this.provider = await this.userService.getProvider(this.providerId);
+
+        this.loading = false;
+    }
+
+    async add(organization: Organization) {
+        if (this.formPromise) {
+            return;
+        }
+
+        const confirmed = await this.platformUtilsService.showDialog(
+            this.i18nService.t('addOrganizationConfirmation', organization.name, this.provider.name), organization.name,
+            this.i18nService.t('yes'), this.i18nService.t('no'), 'warning');
+
+        if (!confirmed) {
+            return false;
+        }
+
+        try {
+            this.formPromise = this.providerService.addOrganizationToProvider(this.providerId, organization.id);
+            await this.formPromise;
+        } catch (e) {
+            this.validationService.showError(e);
+            return;
+        } finally {
+            this.formPromise = null;
+        }
+
+        this.toasterService.popAsync('success', null, this.i18nService.t('organizationJoinedProvider'));
+        this.onAddedOrganization.emit();
+    }
+}

bitwarden_license/src/app/providers/clients/clients.component.html

@@ -0,0 +1,62 @@
+<div class="page-header d-flex">
+    <h1>{{'clients' | i18n}}</h1>
+
+    <div class="ml-auto d-flex">
+        <div>
+            <label class="sr-only" for="search">{{'search' | i18n}}</label>
+            <input type="search" class="form-control form-control-sm" id="search" placeholder="{{'search' | i18n}}"
+                [(ngModel)]="searchText">
+        </div>
+        <a class="btn btn-sm btn-outline-primary ml-3" routerLink="create" *ngIf="manageOrganizations">
+            <i class="fa fa-plus fa-fw" aria-hidden="true"></i>
+            {{'newClientOrganization' | i18n}}
+        </a>
+        <button class="btn btn-sm btn-outline-primary ml-3" (click)="addExistingOrganization()"
+            *ngIf="manageOrganizations && showAddExisting">
+            <i class="fa fa-plus fa-fw" aria-hidden="true"></i>
+            {{'addExistingOrganization' | i18n}}
+        </button>
+    </div>
+</div>
+
+<ng-container *ngIf="loading">
+    <i class="fa fa-spinner fa-spin text-muted" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+    <span class="sr-only">{{'loading' | i18n}}</span>
+</ng-container>
+
+<ng-container
+    *ngIf="!loading && (clients | search:searchText:'organizationName':'id') as searchedClients">
+    <p *ngIf="!searchedClients.length">{{'noClientsInList' | i18n}}</p>
+    <ng-container *ngIf="searchedClients.length">
+        <table class="table table-hover table-list" infiniteScroll [infiniteScrollDistance]="1"
+            [infiniteScrollDisabled]="!isPaging()" (scrolled)="loadMore()">
+            <tbody>
+                <tr *ngFor="let o of searchedClients">
+                    <td width="30">
+                        <app-avatar [data]="o.organizationName" size="25" [circle]="true" [fontSize]="14"></app-avatar>
+                    </td>
+                    <td>
+                        <a [routerLink]="['/organizations', o.organizationId]">{{o.organizationName}}</a>
+                    </td>
+                    <td class="table-list-options" *ngIf="manageOrganizations">
+                        <div class="dropdown" appListDropdown>
+                            <button class="btn btn-outline-secondary dropdown-toggle" type="button"
+                                data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"
+                                appA11yTitle="{{'options' | i18n}}">
+                                <i class="fa fa-cog fa-lg" aria-hidden="true"></i>
+                            </button>
+                            <div class="dropdown-menu dropdown-menu-right">
+                                <a class="dropdown-item text-danger" href="#" appStopClick (click)="remove(o)">
+                                    <i class="fa fa-fw fa-remove" aria-hidden="true"></i>
+                                    {{'remove' | i18n}}
+                                </a>
+                            </div>
+                        </div>
+                    </td>
+                </tr>
+            </tbody>
+        </table>
+    </ng-container>
+</ng-container>
+
+<ng-template #add></ng-template>

bitwarden_license/src/app/providers/clients/clients.component.ts

@@ -0,0 +1,169 @@
+import {
+    Component,
+    ComponentFactoryResolver,
+    OnInit,
+    ViewChild,
+    ViewContainerRef
+} from '@angular/core';
+import { ActivatedRoute } from '@angular/router';
+import { ToasterService } from 'angular2-toaster';
+
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { LogService } from 'jslib-common/abstractions/log.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+import { SearchService } from 'jslib-common/abstractions/search.service';
+import { UserService } from 'jslib-common/abstractions/user.service';
+
+import { PlanType } from 'jslib-common/enums/planType';
+import { ProviderUserType } from 'jslib-common/enums/providerUserType';
+
+import { ValidationService } from 'jslib-angular/services/validation.service';
+
+import {
+    ProviderOrganizationOrganizationDetailsResponse
+} from 'jslib-common/models/response/provider/providerOrganizationResponse';
+import { Organization } from 'jslib-common/models/domain/organization';
+
+import { ModalComponent } from 'src/app/modal.component';
+
+import { ProviderService } from '../services/provider.service';
+
+import { AddOrganizationComponent } from './add-organization.component';
+
+const DisallowedPlanTypes = [PlanType.Free, PlanType.FamiliesAnnually2019, PlanType.FamiliesAnnually];
+
+@Component({
+    templateUrl: 'clients.component.html',
+})
+export class ClientsComponent implements OnInit {
+
+    @ViewChild('add', { read: ViewContainerRef, static: true }) addModalRef: ViewContainerRef;
+
+    providerId: any;
+    searchText: string;
+    addableOrganizations: Organization[];
+    loading = true;
+    manageOrganizations = false;
+    showAddExisting = false;
+
+    clients: ProviderOrganizationOrganizationDetailsResponse[];
+    pagedClients: ProviderOrganizationOrganizationDetailsResponse[];
+    modal: ModalComponent;
+
+    protected didScroll = false;
+    protected pageSize = 100;
+    protected actionPromise: Promise<any>;
+    private pagedClientsCount = 0;
+
+    constructor(private route: ActivatedRoute, private userService: UserService,
+        private apiService: ApiService, private searchService: SearchService,
+        private platformUtilsService: PlatformUtilsService, private i18nService: I18nService,
+        private toasterService: ToasterService, private validationService: ValidationService,
+        private providerService: ProviderService, private componentFactoryResolver: ComponentFactoryResolver,
+        private logService: LogService) { }
+
+    async ngOnInit() {
+        this.route.parent.params.subscribe(async params => {
+            this.providerId = params.providerId;
+
+            await this.load();
+
+            const queryParamsSub = this.route.queryParams.subscribe(async qParams => {
+                this.searchText = qParams.search;
+                if (queryParamsSub != null) {
+                    queryParamsSub.unsubscribe();
+                }
+            });
+        });
+    }
+
+    async load() {
+        const response = await this.apiService.getProviderClients(this.providerId);
+        this.clients = response.data != null && response.data.length > 0 ? response.data : [];
+        this.manageOrganizations = (await this.userService.getProvider(this.providerId)).type === ProviderUserType.ProviderAdmin;
+        const candidateOrgs = (await this.userService.getAllOrganizations()).filter(o => o.isOwner && o.providerId == null);
+        const allowedOrgsIds = await Promise.all(candidateOrgs.map(o => this.apiService.getOrganization(o.id))).then(orgs =>
+            orgs.filter(o => !DisallowedPlanTypes.includes(o.planType))
+                .map(o => o.id));
+        this.addableOrganizations = candidateOrgs.filter(o => allowedOrgsIds.includes(o.id));
+
+        this.showAddExisting = this.addableOrganizations.length != 0;
+        this.loading = false;
+    }
+
+    isPaging() {
+        const searching = this.isSearching();
+        if (searching && this.didScroll) {
+            this.resetPaging();
+        }
+        return !searching && this.clients && this.clients.length > this.pageSize;
+    }
+
+    isSearching() {
+        return this.searchService.isSearchable(this.searchText);
+    }
+
+    async resetPaging() {
+        this.pagedClients = [];
+        this.loadMore();
+    }
+
+
+    loadMore() {
+        if (!this.clients || this.clients.length <= this.pageSize) {
+            return;
+        }
+        const pagedLength = this.pagedClients.length;
+        let pagedSize = this.pageSize;
+        if (pagedLength === 0 && this.pagedClientsCount > this.pageSize) {
+            pagedSize = this.pagedClientsCount;
+        }
+        if (this.clients.length > pagedLength) {
+            this.pagedClients = this.pagedClients.concat(this.clients.slice(pagedLength, pagedLength + pagedSize));
+        }
+        this.pagedClientsCount = this.pagedClients.length;
+        this.didScroll = this.pagedClients.length > this.pageSize;
+    }
+
+    addExistingOrganization() {
+        const factory = this.componentFactoryResolver.resolveComponentFactory(ModalComponent);
+        this.modal = this.addModalRef.createComponent(factory).instance;
+        const childComponent = this.modal.show<AddOrganizationComponent>(AddOrganizationComponent, this.addModalRef);
+
+        childComponent.providerId = this.providerId;
+        childComponent.organizations = this.addableOrganizations;
+        childComponent.onAddedOrganization.subscribe(async () => {
+            try {
+                await this.load();
+                this.modal.close();
+            } catch (e) {
+                this.logService.error(`Handled exception: ${e}`);
+            }
+        });
+
+        this.modal.onClosed.subscribe(() => {
+            this.modal = null;
+        });
+    }
+
+    async remove(organization: ProviderOrganizationOrganizationDetailsResponse) {
+        const confirmed = await this.platformUtilsService.showDialog(
+            this.i18nService.t('detachOrganizationConfirmation'), organization.organizationName,
+            this.i18nService.t('yes'), this.i18nService.t('no'), 'warning');
+
+        if (!confirmed) {
+            return false;
+        }
+
+        this.actionPromise = this.providerService.detachOrganizastion(this.providerId, organization.id);
+        try {
+            await this.actionPromise;
+            this.toasterService.popAsync('success', null, this.i18nService.t('detachedOrganization', organization.organizationName));
+            await this.load();
+        } catch (e) {
+            this.validationService.showError(e);
+        }
+        this.actionPromise = null;
+    }
+}

bitwarden_license/src/app/providers/clients/create-organization.component.html

@@ -0,0 +1,5 @@
+<div class="page-header">
+    <h1>{{'newClientOrganization' | i18n}}</h1>
+</div>
+<p>{{'newClientOrganizationDesc' | i18n}}</p>
+<app-organization-plans [providerId]="providerId"></app-organization-plans>

bitwarden_license/src/app/providers/clients/create-organization.component.ts

@@ -0,0 +1,26 @@
+import {
+    Component,
+    OnInit,
+    ViewChild,
+} from '@angular/core';
+import { ActivatedRoute } from '@angular/router';
+
+import { OrganizationPlansComponent } from 'src/app/settings/organization-plans.component';
+
+@Component({
+    selector: 'app-create-organization',
+    templateUrl: 'create-organization.component.html',
+})
+export class CreateOrganizationComponent implements OnInit {
+    @ViewChild(OrganizationPlansComponent, { static: true }) orgPlansComponent: OrganizationPlansComponent;
+
+    providerId: string;
+
+    constructor(private route: ActivatedRoute) { }
+
+    ngOnInit() {
+        this.route.parent.params.subscribe(async params => {
+            this.providerId = params.providerId;
+        });
+    }
+}

bitwarden_license/src/app/providers/manage/accept-provider.component.html

@@ -0,0 +1,35 @@
+<div class="mt-5 d-flex justify-content-center" *ngIf="loading">
+    <div>
+        <img src="/src/images/logo-dark@2x.png" class="mb-4 logo" alt="Bitwarden">
+        <p class="text-center">
+            <i class="fa fa-spinner fa-spin fa-2x text-muted" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+            <span class="sr-only">{{'loading' | i18n}}</span>
+        </p>
+    </div>
+</div>
+<div class="container" *ngIf="!loading && !authed">
+    <div class="row justify-content-md-center mt-5">
+        <div class="col-5">
+            <p class="lead text-center mb-4">{{'joinProvider' | i18n}}</p>
+            <div class="card d-block">
+                <div class="card-body">
+                    <p class="text-center">
+                        {{providerName}}
+                        <strong class="d-block mt-2">{{email}}</strong>
+                    </p>
+                    <p>{{'joinProviderDesc' | i18n}}</p>
+                    <hr>
+                    <div class="d-flex">
+                        <a routerLink="/" [queryParams]="{email: email}" class="btn btn-primary btn-block">
+                            {{'logIn' | i18n}}
+                        </a>
+                        <a routerLink="/register" [queryParams]="{email: email}"
+                            class="btn btn-primary btn-block ml-2 mt-0">
+                            {{'createAccount' | i18n}}
+                        </a>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>

bitwarden_license/src/app/providers/manage/accept-provider.component.ts

@@ -0,0 +1,48 @@
+import { Component } from '@angular/core';
+import { ActivatedRoute, Router } from '@angular/router';
+import { Toast, ToasterService } from 'angular2-toaster';
+
+import { BaseAcceptComponent } from 'src/app/common/base.accept.component';
+
+import { ApiService } from 'jslib-common/abstractions/api.service';
+
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { StateService } from 'jslib-common/abstractions/state.service';
+import { UserService } from 'jslib-common/abstractions/user.service';
+import { ProviderUserAcceptRequest } from 'jslib-common/models/request/provider/providerUserAcceptRequest';
+
+@Component({
+    selector: 'app-accept-provider',
+    templateUrl: 'accept-provider.component.html',
+})
+export class AcceptProviderComponent extends BaseAcceptComponent {
+    providerName: string;
+
+    failedMessage = 'providerInviteAcceptFailed';
+
+    requiredParameters = ['providerId', 'providerUserId', 'token'];
+
+    constructor(router: Router, toasterService: ToasterService, i18nService: I18nService, route: ActivatedRoute,
+        userService: UserService, stateService: StateService, private apiService: ApiService) {
+        super(router, toasterService, i18nService, route, userService, stateService);
+    }
+
+    async authedHandler(qParams: any) {
+        const request = new ProviderUserAcceptRequest();
+        request.token = qParams.token;
+
+        await this.apiService.postProviderUserAccept(qParams.providerId, qParams.providerUserId, request);
+        const toast: Toast = {
+            type: 'success',
+            title: this.i18nService.t('inviteAccepted'),
+            body: this.i18nService.t('providerInviteAcceptedDesc'),
+            timeout: 10000,
+        };
+        this.toasterService.popAsync(toast);
+        this.router.navigate(['/vault']);
+    }
+
+    async unauthedHandler(qParams: any) {
+        this.providerName = qParams.providerName;
+    }
+}

bitwarden_license/src/app/providers/manage/bulk/bulk-confirm.component.ts

@@ -0,0 +1,38 @@
+import {
+    Component,
+    Input,
+} from '@angular/core';
+
+import { ProviderUserBulkConfirmRequest } from 'jslib-common/models/request/provider/providerUserBulkConfirmRequest';
+import { ProviderUserBulkRequest } from 'jslib-common/models/request/provider/providerUserBulkRequest';
+
+import { ProviderUserStatusType } from 'jslib-common/enums/providerUserStatusType';
+
+import { BulkConfirmComponent as OrganizationBulkConfirmComponent } from 'src/app/organizations/manage/bulk/bulk-confirm.component';
+import { BulkUserDetails } from 'src/app/organizations/manage/bulk/bulk-status.component';
+
+@Component({
+    templateUrl: '/src/app/organizations/manage/bulk/bulk-confirm.component.html',
+})
+export class BulkConfirmComponent extends OrganizationBulkConfirmComponent {
+
+    @Input() providerId: string;
+
+    protected isAccepted(user: BulkUserDetails) {
+        return user.status === ProviderUserStatusType.Accepted;
+    }
+
+    protected async getPublicKeys() {
+        const request = new ProviderUserBulkRequest(this.filteredUsers.map(user => user.id));
+        return await this.apiService.postProviderUsersPublicKey(this.providerId, request);
+    }
+
+    protected getCryptoKey() {
+        return this.cryptoService.getProviderKey(this.providerId);
+    }
+
+    protected async postConfirmRequest(userIdsWithKeys: any[]) {
+        const request = new ProviderUserBulkConfirmRequest(userIdsWithKeys);
+        return await this.apiService.postProviderUserBulkConfirm(this.providerId, request);
+    }
+}

bitwarden_license/src/app/providers/manage/bulk/bulk-remove.component.ts

@@ -0,0 +1,21 @@
+import {
+    Component,
+    Input,
+} from '@angular/core';
+
+import { ProviderUserBulkRequest } from 'jslib-common/models/request/provider/providerUserBulkRequest';
+
+import { BulkRemoveComponent as OrganizationBulkRemoveComponent } from 'src/app/organizations/manage/bulk/bulk-remove.component';
+
+@Component({
+    templateUrl: '/src/app/organizations/manage/bulk/bulk-remove.component.html',
+})
+export class BulkRemoveComponent extends OrganizationBulkRemoveComponent {
+
+    @Input() providerId: string;
+
+    async deleteUsers() {
+        const request = new ProviderUserBulkRequest(this.users.map(user => user.id));
+        return await this.apiService.deleteManyProviderUsers(this.providerId, request);
+    }
+}

bitwarden_license/src/app/providers/manage/events.component.html

@@ -0,0 +1,68 @@
+<div class="page-header d-flex">
+    <h1>{{'eventLogs' | i18n}}</h1>
+    <div class="ml-auto d-flex">
+        <div class="form-inline">
+            <label class="sr-only" for="start">{{'startDate' | i18n}}</label>
+            <input type="datetime-local" class="form-control form-control-sm" id="start"
+                placeholder="{{'startDate' | i18n}}" [(ngModel)]="start" placeholder="YYYY-MM-DDTHH:MM"
+                (change)="dirtyDates = true">
+            <span class="mx-2">-</span>
+            <label class="sr-only" for="end">{{'endDate' | i18n}}</label>
+            <input type="datetime-local" class="form-control form-control-sm" id="end"
+                placeholder="{{'endDate' | i18n}}" [(ngModel)]="end" placeholder="YYYY-MM-DDTHH:MM"
+                (change)="dirtyDates = true">
+        </div>
+        <form #refreshForm [appApiAction]="refreshPromise" class="d-inline">
+            <button type="button" class="btn btn-sm btn-outline-primary ml-3" (click)="loadEvents(true)"
+                [disabled]="loaded && refreshForm.loading">
+                <i class="fa fa-refresh fa-fw" aria-hidden="true" [ngClass]="{'fa-spin': loaded && refreshForm.loading}"></i>
+                {{'refresh' | i18n}}
+            </button>
+        </form>
+        <form #exportForm [appApiAction]="exportPromise" class="d-inline">
+            <button type="button" class="btn btn-sm btn-outline-primary btn-submit manual ml-3"
+                [ngClass]="{loading:exportForm.loading}" (click)="exportEvents()"
+                [disabled]="loaded && exportForm.loading || dirtyDates">
+                <i class="fa fa-spinner fa-spin" aria-hidden="true"></i>
+                <span>{{'export' | i18n}}</span>
+            </button>
+        </form>
+    </div>
+</div>
+<ng-container *ngIf="!loaded">
+    <i class="fa fa-spinner fa-spin text-muted" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+    <span class="sr-only">{{'loading' | i18n}}</span>
+</ng-container>
+<ng-container *ngIf="loaded">
+    <p *ngIf="!events || !events.length">{{'noEventsInList' | i18n}}</p>
+    <table class="table table-hover" *ngIf="events && events.length">
+        <thead>
+            <tr>
+                <th class="border-top-0" width="210">{{'timestamp' | i18n}}</th>
+                <th class="border-top-0" width="40">
+                    <span class="sr-only">{{'device' | i18n}}</span>
+                </th>
+                <th class="border-top-0" width="150">{{'user' | i18n}}</th>
+                <th class="border-top-0">{{'event' | i18n}}</th>
+            </tr>
+        </thead>
+        <tbody>
+            <tr *ngFor="let e of events">
+                <td>{{e.date | date:'medium'}}</td>
+                <td>
+                    <i class="text-muted fa fa-lg {{e.appIcon}}" title="{{e.appName}}, {{e.ip}}" aria-hidden="true"></i>
+                    <span class="sr-only">{{e.appName}}, {{e.ip}}</span>
+                </td>
+                <td>
+                    <span title="{{e.userEmail}}">{{e.userName}}</span>
+                </td>
+                <td [innerHTML]="e.message"></td>
+            </tr>
+        </tbody>
+    </table>
+    <button #moreBtn [appApiAction]="morePromise" type="button" class="btn btn-block btn-link btn-submit"
+        (click)="loadEvents(false)" [disabled]="loaded && moreBtn.loading" *ngIf="continuationToken">
+        <i class="fa fa-spinner fa-spin" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+        <span>{{'loadMore' | i18n}}</span>
+    </button>
+</ng-container>

bitwarden_license/src/app/providers/manage/events.component.ts

@@ -0,0 +1,71 @@
+import {
+    Component,
+    OnInit,
+} from '@angular/core';
+import { ActivatedRoute, Router } from '@angular/router';
+import { ToasterService } from 'angular2-toaster';
+
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { ExportService } from 'jslib-common/abstractions/export.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { LogService } from 'jslib-common/abstractions/log.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+import { UserService } from 'jslib-common/abstractions/user.service';
+
+import { UserNamePipe } from 'jslib-angular/pipes/user-name.pipe';
+
+import { EventResponse } from 'jslib-common/models/response/eventResponse';
+
+import { EventService } from 'src/app/services/event.service';
+
+import { BaseEventsComponent } from 'src/app/common/base.events.component';
+
+@Component({
+    selector: 'provider-events',
+    templateUrl: 'events.component.html',
+})
+export class EventsComponent extends BaseEventsComponent implements OnInit {
+    exportFileName: string = 'provider-events';
+    providerId: string;
+
+    private providerUsersUserIdMap = new Map<string, any>();
+    private providerUsersIdMap = new Map<string, any>();
+
+    constructor(private apiService: ApiService, private route: ActivatedRoute, eventService: EventService,
+        i18nService: I18nService, toasterService: ToasterService, private userService: UserService,
+        exportService: ExportService, platformUtilsService: PlatformUtilsService, private router: Router,
+        logService: LogService, private userNamePipe: UserNamePipe) {
+        super(eventService, i18nService, toasterService, exportService, platformUtilsService, logService);
+    }
+
+    async ngOnInit() {
+        this.route.parent.parent.params.subscribe(async params => {
+            this.providerId = params.providerId;
+            const provider = await this.userService.getProvider(this.providerId);
+            if (provider == null || !provider.useEvents) {
+                this.router.navigate(['/providers', this.providerId]);
+                return;
+            }
+            await this.load();
+        });
+    }
+
+    async load() {
+        const response = await this.apiService.getProviderUsers(this.providerId);
+        response.data.forEach(u => {
+            const name = this.userNamePipe.transform(u);
+            this.providerUsersIdMap.set(u.id, { name: name, email: u.email });
+            this.providerUsersUserIdMap.set(u.userId, { name: name, email: u.email });
+        });
+        await this.loadEvents(true);
+        this.loaded = true;
+    }
+
+    protected requestEvents(startDate: string, endDate: string, continuationToken: string) {
+        return this.apiService.getEventsProvider(this.providerId, startDate, endDate, continuationToken);
+    }
+
+    protected getUserName(r: EventResponse, userId: string) {
+        return userId != null && this.providerUsersUserIdMap.has(userId) ? this.providerUsersUserIdMap.get(userId) : null;
+    }
+}

bitwarden_license/src/app/providers/manage/manage.component.html

@@ -0,0 +1,22 @@
+<div class="container page-content">
+    <div class="row">
+        <div class="col-3">
+            <div class="card" *ngIf="provider">
+                <div class="card-header">{{'manage' | i18n}}</div>
+                <div class="list-group list-group-flush">
+                    <a routerLink="people" class="list-group-item" routerLinkActive="active"
+                        *ngIf="provider.canManageUsers">
+                        {{'people' | i18n}}
+                    </a>
+                    <a routerLink="events" class="list-group-item" routerLinkActive="active"
+                        *ngIf="provider.canAccessEventLogs && accessEvents">
+                        {{'eventLogs' | i18n}}
+                    </a>
+                </div>
+            </div>
+        </div>
+        <div class="col-9">
+            <router-outlet></router-outlet>
+        </div>
+    </div>
+</div>

bitwarden_license/src/app/providers/manage/manage.component.ts

@@ -0,0 +1,27 @@
+import {
+    Component,
+    OnInit,
+} from '@angular/core';
+import { ActivatedRoute } from '@angular/router';
+
+import { UserService } from 'jslib-common/abstractions/user.service';
+
+import { Provider } from 'jslib-common/models/domain/provider';
+
+@Component({
+    selector: 'provider-manage',
+    templateUrl: 'manage.component.html',
+})
+export class ManageComponent implements OnInit {
+    provider: Provider;
+    accessEvents = false;
+
+    constructor(private route: ActivatedRoute, private userService: UserService) { }
+
+    ngOnInit() {
+        this.route.parent.params.subscribe(async params => {
+            this.provider = await this.userService.getProvider(params.providerId);
+            this.accessEvents = this.provider.useEvents;
+        });
+    }
+}

bitwarden_license/src/app/providers/manage/people.component.html

@@ -0,0 +1,149 @@
+<div class="page-header d-flex">
+    <h1>{{'people' | i18n}}</h1>
+    <div class="ml-auto d-flex">
+        <div class="btn-group btn-group-sm" role="group">
+            <button type="button" class="btn btn-outline-secondary" [ngClass]="{active: status == null}"
+                (click)="filter(null)">
+                {{'all' | i18n}}
+                <span class="badge badge-pill badge-info" *ngIf="allCount">{{allCount}}</span>
+            </button>
+            <button type="button" class="btn btn-outline-secondary"
+                [ngClass]="{active: status == userStatusType.Invited}"
+                (click)="filter(userStatusType.Invited)">
+                {{'invited' | i18n}}
+                <span class="badge badge-pill badge-info" *ngIf="invitedCount">{{invitedCount}}</span>
+            </button>
+            <button type="button" class="btn btn-outline-secondary"
+                [ngClass]="{active: status == userStatusType.Accepted}"
+                (click)="filter(userStatusType.Accepted)">
+                {{'accepted' | i18n}}
+                <span class="badge badge-pill badge-warning" *ngIf="acceptedCount">{{acceptedCount}}</span>
+            </button>
+        </div>
+        <div class="ml-3">
+            <label class="sr-only" for="search">{{'search' | i18n}}</label>
+            <input type="search" class="form-control form-control-sm" id="search" placeholder="{{'search' | i18n}}"
+                [(ngModel)]="searchText">
+        </div>
+        <div class="dropdown ml-3" appListDropdown>
+            <button class="btn btn-sm btn-outline-secondary dropdown-toggle" type="button" id="bulkActionsButton"
+                data-toggle="dropdown" aria-haspopup="true" aria-expanded="false" appA11yTitle="{{'options' | i18n}}">
+                <i class="fa fa-cog" aria-hidden="true"></i>
+            </button>
+            <div class="dropdown-menu dropdown-menu-right" aria-labelledby="bulkActionsButton">
+                <button class="dropdown-item" appStopClick (click)="bulkReinvite()">
+                    <i class="fa fa-fw fa-envelope-o" aria-hidden="true"></i>
+                    {{'reinviteSelected' | i18n}}
+                </button>
+                <button class="dropdown-item text-success" appStopClick (click)="bulkConfirm()"
+                    *ngIf="showBulkConfirmUsers">
+                    <i class="fa fa-fw fa-check" aria-hidden="true"></i>
+                    {{'confirmSelected' | i18n}}
+                </button>
+                <button class="dropdown-item text-danger" appStopClick (click)="bulkRemove()">
+                    <i class="fa fa-fw fa-remove" aria-hidden="true"></i>
+                    {{'remove' | i18n}}
+                </button>
+                <div class="dropdown-divider"></div>
+                <button class="dropdown-item" appStopClick (click)="selectAll(true)">
+                    <i class="fa fa-fw fa-check-square-o" aria-hidden="true"></i>
+                    {{'selectAll' | i18n}}
+                </button>
+                <button class="dropdown-item" appStopClick (click)="selectAll(false)">
+                    <i class="fa fa-fw fa-minus-square-o" aria-hidden="true"></i>
+                    {{'unselectAll' | i18n}}
+                </button>
+            </div>
+        </div>        
+        <button type="button" class="btn btn-sm btn-outline-primary ml-3" (click)="invite()">
+            <i class="fa fa-plus fa-fw" aria-hidden="true"></i>
+            {{'inviteUser' | i18n}}
+        </button>
+    </div>
+</div>
+<ng-container *ngIf="loading">
+    <i class="fa fa-spinner fa-spin text-muted" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+    <span class="sr-only">{{'loading' | i18n}}</span>
+</ng-container>
+<ng-container
+    *ngIf="!loading && (isPaging() ? pagedUsers : users | search:searchText:'name':'email':'id') as searchedUsers">
+    <p *ngIf="!searchedUsers.length">{{'noUsersInList' | i18n}}</p>
+    <ng-container *ngIf="searchedUsers.length">
+        <app-callout type="info" title="{{'confirmUsers' | i18n}}" icon="fa-check-circle" *ngIf="showConfirmUsers">
+            {{'providerUsersNeedConfirmed' | i18n}}
+        </app-callout>
+        <table class="table table-hover table-list" infiniteScroll [infiniteScrollDistance]="1"
+            [infiniteScrollDisabled]="!isPaging()" (scrolled)="loadMore()">
+            <tbody>
+                <tr *ngFor="let u of searchedUsers">
+                    <td (click)="checkUser(u)" class="table-list-checkbox">
+                        <input type="checkbox" [(ngModel)]="u.checked" appStopProp>
+                    </td>
+                    <td width="30">
+                        <app-avatar [data]="u | userName" [email]="u.email" size="25" [circle]="true"
+                            [fontSize]="14"></app-avatar>
+                    </td>
+                    <td>
+                        <a href="#" appStopClick (click)="edit(u)">{{u.email}}</a>
+                        <span class="badge badge-secondary"
+                            *ngIf="u.status === userStatusType.Invited">{{'invited' | i18n}}</span>
+                        <span class="badge badge-warning"
+                            *ngIf="u.status === userStatusType.Accepted">{{'accepted' | i18n}}</span>
+                        <small class="text-muted d-block" *ngIf="u.name">{{u.name}}</small>
+                    </td>
+                    <td>
+                        <ng-container *ngIf="u.twoFactorEnabled">
+                            <i class="fa fa-lock" title="{{'userUsingTwoStep' | i18n}}" aria-hidden="true"></i>
+                            <span class="sr-only">{{'userUsingTwoStep' | i18n}}</span>
+                        </ng-container>
+                    </td>
+                    <td>
+                        <span *ngIf="u.type === userType.ProviderAdmin">{{'providerAdmin' | i18n}}</span>
+                        <span *ngIf="u.type === userType.ServiceUser">{{'serviceUser' | i18n}}</span>
+                        <span *ngIf="u.type === userType.Custom">{{'custom' | i18n}}</span>
+                    </td>
+                    <td class="table-list-options">
+                        <div class="dropdown" appListDropdown>
+                            <button class="btn btn-outline-secondary dropdown-toggle" type="button"
+                                data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"
+                                appA11yTitle="{{'options' | i18n}}">
+                                <i class="fa fa-cog fa-lg" aria-hidden="true"></i>
+                            </button>
+                            <div class="dropdown-menu dropdown-menu-right">
+                                <a class="dropdown-item" href="#" appStopClick (click)="reinvite(u)"
+                                    *ngIf="u.status === userStatusType.Invited">
+                                    <i class="fa fa-fw fa-envelope-o" aria-hidden="true"></i>
+                                    {{'resendInvitation' | i18n}}
+                                </a>
+                                <a class="dropdown-item text-success" href="#" appStopClick (click)="confirm(u)"
+                                    *ngIf="u.status === userStatusType.Accepted">
+                                    <i class="fa fa-fw fa-check" aria-hidden="true"></i>
+                                    {{'confirm' | i18n}}
+                                </a>
+                                <a class="dropdown-item" href="#" appStopClick (click)="groups(u)" *ngIf="accessGroups">
+                                    <i class="fa fa-fw fa-sitemap" aria-hidden="true"></i>
+                                    {{'groups' | i18n}}
+                                </a>
+                                <a class="dropdown-item" href="#" appStopClick (click)="events(u)"
+                                    *ngIf="accessEvents && u.status === userStatusType.Confirmed">
+                                    <i class="fa fa-fw fa-file-text-o" aria-hidden="true"></i>
+                                    {{'eventLogs' | i18n}}
+                                </a>
+                                <a class="dropdown-item text-danger" href="#" appStopClick (click)="remove(u)">
+                                    <i class="fa fa-fw fa-remove" aria-hidden="true"></i>
+                                    {{'remove' | i18n}}
+                                </a>
+                            </div>
+                        </div>
+                    </td>
+                </tr>
+            </tbody>
+        </table>
+    </ng-container>
+</ng-container>
+<ng-template #addEdit></ng-template>
+<ng-template #eventsTemplate></ng-template>
+<ng-template #confirmTemplate></ng-template>
+<ng-template #bulkStatusTemplate></ng-template>
+<ng-template #bulkConfirmTemplate></ng-template>
+<ng-template #bulkRemoveTemplate></ng-template>

bitwarden_license/src/app/providers/manage/people.component.ts

@@ -0,0 +1,286 @@
+import {
+    Component,
+    ComponentFactoryResolver,
+    OnInit,
+    ViewChild,
+    ViewContainerRef
+} from '@angular/core';
+import { ActivatedRoute, Router } from '@angular/router';
+import { ToasterService } from 'angular2-toaster';
+
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { CryptoService } from 'jslib-common/abstractions/crypto.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { LogService } from 'jslib-common/abstractions/log.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+import { SearchService } from 'jslib-common/abstractions/search.service';
+import { StorageService } from 'jslib-common/abstractions/storage.service';
+import { UserService } from 'jslib-common/abstractions/user.service';
+
+import { ValidationService } from 'jslib-angular/services/validation.service';
+
+import { ProviderUserStatusType } from 'jslib-common/enums/providerUserStatusType';
+import { ProviderUserType } from 'jslib-common/enums/providerUserType';
+
+import { SearchPipe } from 'jslib-angular/pipes/search.pipe';
+import { UserNamePipe } from 'jslib-angular/pipes/user-name.pipe';
+
+import { ListResponse } from 'jslib-common/models/response/listResponse';
+import { ProviderUserUserDetailsResponse } from 'jslib-common/models/response/provider/providerUserResponse';
+
+import { ProviderUserBulkRequest } from 'jslib-common/models/request/provider/providerUserBulkRequest';
+import { ProviderUserConfirmRequest } from 'jslib-common/models/request/provider/providerUserConfirmRequest';
+import { ProviderUserBulkResponse } from 'jslib-common/models/response/provider/providerUserBulkResponse';
+
+import { BasePeopleComponent } from 'src/app/common/base.people.component';
+import { ModalComponent } from 'src/app/modal.component';
+import { BulkStatusComponent } from 'src/app/organizations/manage/bulk/bulk-status.component';
+import { EntityEventsComponent } from 'src/app/organizations/manage/entity-events.component';
+import { BulkConfirmComponent } from './bulk/bulk-confirm.component';
+import { BulkRemoveComponent } from './bulk/bulk-remove.component';
+import { UserAddEditComponent } from './user-add-edit.component';
+
+@Component({
+    selector: 'provider-people',
+    templateUrl: 'people.component.html',
+})
+export class PeopleComponent extends BasePeopleComponent<ProviderUserUserDetailsResponse> implements OnInit {
+
+    @ViewChild('addEdit', { read: ViewContainerRef, static: true }) addEditModalRef: ViewContainerRef;
+    @ViewChild('groupsTemplate', { read: ViewContainerRef, static: true }) groupsModalRef: ViewContainerRef;
+    @ViewChild('eventsTemplate', { read: ViewContainerRef, static: true }) eventsModalRef: ViewContainerRef;
+    @ViewChild('bulkStatusTemplate', { read: ViewContainerRef, static: true }) bulkStatusModalRef: ViewContainerRef;
+    @ViewChild('bulkConfirmTemplate', { read: ViewContainerRef, static: true }) bulkConfirmModalRef: ViewContainerRef;
+    @ViewChild('bulkRemoveTemplate', { read: ViewContainerRef, static: true }) bulkRemoveModalRef: ViewContainerRef;
+
+    userType = ProviderUserType;
+    userStatusType = ProviderUserStatusType;
+    providerId: string;
+    accessEvents = false;
+
+    constructor(apiService: ApiService, private route: ActivatedRoute,
+        i18nService: I18nService, componentFactoryResolver: ComponentFactoryResolver,
+        platformUtilsService: PlatformUtilsService, toasterService: ToasterService,
+        cryptoService: CryptoService, private userService: UserService, private router: Router,
+        storageService: StorageService, searchService: SearchService, validationService: ValidationService,
+        logService: LogService, searchPipe: SearchPipe, userNamePipe: UserNamePipe) {
+        super(apiService, searchService, i18nService, platformUtilsService, toasterService, cryptoService,
+            storageService, validationService, componentFactoryResolver, logService, searchPipe, userNamePipe);
+    }
+
+    ngOnInit() {
+        this.route.parent.params.subscribe(async params => {
+            this.providerId = params.providerId;
+            const provider = await this.userService.getProvider(this.providerId);
+
+            if (!provider.canManageUsers) {
+                this.router.navigate(['../'], { relativeTo: this.route });
+                return;
+            }
+
+            this.accessEvents = provider.useEvents;
+
+            await this.load();
+
+            const queryParamsSub = this.route.queryParams.subscribe(async qParams => {
+                this.searchText = qParams.search;
+                if (qParams.viewEvents != null) {
+                    const user = this.users.filter(u => u.id === qParams.viewEvents);
+                    if (user.length > 0 && user[0].status === ProviderUserStatusType.Confirmed) {
+                        this.events(user[0]);
+                    }
+                }
+                if (queryParamsSub != null) {
+                    queryParamsSub.unsubscribe();
+                }
+            });
+        });
+    }
+
+    getUsers(): Promise<ListResponse<ProviderUserUserDetailsResponse>> {
+        return this.apiService.getProviderUsers(this.providerId);
+    }
+
+    deleteUser(id: string): Promise<any> {
+        return this.apiService.deleteProviderUser(this.providerId, id);
+    }
+
+    reinviteUser(id: string): Promise<any> {
+        return this.apiService.postProviderUserReinvite(this.providerId, id);
+    }
+
+    async confirmUser(user: ProviderUserUserDetailsResponse, publicKey: Uint8Array): Promise<any> {
+        const providerKey = await this.cryptoService.getProviderKey(this.providerId);
+        const key = await this.cryptoService.rsaEncrypt(providerKey.key, publicKey.buffer);
+        const request = new ProviderUserConfirmRequest();
+        request.key = key.encryptedString;
+        await this.apiService.postProviderUserConfirm(this.providerId, user.id, request);
+    }
+
+    edit(user: ProviderUserUserDetailsResponse) {
+        if (this.modal != null) {
+            this.modal.close();
+        }
+
+        const factory = this.componentFactoryResolver.resolveComponentFactory(ModalComponent);
+        this.modal = this.addEditModalRef.createComponent(factory).instance;
+        const childComponent = this.modal.show<UserAddEditComponent>(
+            UserAddEditComponent, this.addEditModalRef);
+
+        childComponent.name = this.userNamePipe.transform(user);
+        childComponent.providerId = this.providerId;
+        childComponent.providerUserId = user != null ? user.id : null;
+        childComponent.onSavedUser.subscribe(() => {
+            this.modal.close();
+            this.load();
+        });
+        childComponent.onDeletedUser.subscribe(() => {
+            this.modal.close();
+            this.removeUser(user);
+        });
+
+        this.modal.onClosed.subscribe(() => {
+            this.modal = null;
+        });
+    }
+
+    async events(user: ProviderUserUserDetailsResponse) {
+        if (this.modal != null) {
+            this.modal.close();
+        }
+
+        const factory = this.componentFactoryResolver.resolveComponentFactory(ModalComponent);
+        this.modal = this.eventsModalRef.createComponent(factory).instance;
+        const childComponent = this.modal.show<EntityEventsComponent>(
+            EntityEventsComponent, this.eventsModalRef);
+
+        childComponent.name = this.userNamePipe.transform(user);
+        childComponent.providerId = this.providerId;
+        childComponent.entityId = user.id;
+        childComponent.showUser = false;
+        childComponent.entity = 'user';
+
+        this.modal.onClosed.subscribe(() => {
+            this.modal = null;
+        });
+    }
+
+    async bulkRemove() {
+        if (this.actionPromise != null) {
+            return;
+        }
+
+        if (this.modal != null) {
+            this.modal.close();
+        }
+
+        const factory = this.componentFactoryResolver.resolveComponentFactory(ModalComponent);
+        this.modal = this.bulkRemoveModalRef.createComponent(factory).instance;
+        const childComponent = this.modal.show(BulkRemoveComponent, this.bulkRemoveModalRef);
+
+        childComponent.providerId = this.providerId;
+        childComponent.users = this.getCheckedUsers();
+
+        this.modal.onClosed.subscribe(async () => {
+            await this.load();
+            this.modal = null;
+        });
+    }
+
+    async bulkReinvite() {
+        if (this.actionPromise != null) {
+            return;
+        }
+
+        const users = this.getCheckedUsers();
+        const filteredUsers = users.filter(u => u.status === ProviderUserStatusType.Invited);
+
+        if (filteredUsers.length <= 0) {
+            this.toasterService.popAsync('error', this.i18nService.t('errorOccurred'),
+                this.i18nService.t('noSelectedUsersApplicable'));
+            return;
+        }
+
+        try {
+            const request = new ProviderUserBulkRequest(filteredUsers.map(user => user.id));
+            const response = this.apiService.postManyProviderUserReinvite(this.providerId, request);
+            this.showBulkStatus(users, filteredUsers, response, this.i18nService.t('bulkReinviteMessage'));
+        } catch (e) {
+            this.validationService.showError(e);
+        }
+        this.actionPromise = null;
+    }
+
+    async bulkConfirm() {
+        if (this.actionPromise != null) {
+            return;
+        }
+
+        if (this.modal != null) {
+            this.modal.close();
+        }
+
+        const factory = this.componentFactoryResolver.resolveComponentFactory(ModalComponent);
+        this.modal = this.bulkConfirmModalRef.createComponent(factory).instance;
+        const childComponent = this.modal.show(BulkConfirmComponent, this.bulkConfirmModalRef);
+
+        childComponent.providerId = this.providerId;
+        childComponent.users = this.getCheckedUsers();
+
+        this.modal.onClosed.subscribe(async () => {
+            await this.load();
+            this.modal = null;
+        });
+    }
+
+    private async showBulkStatus(users: ProviderUserUserDetailsResponse[], filteredUsers: ProviderUserUserDetailsResponse[],
+        request: Promise<ListResponse<ProviderUserBulkResponse>>, successfullMessage: string) {
+
+        const factory = this.componentFactoryResolver.resolveComponentFactory(ModalComponent);
+        this.modal = this.bulkStatusModalRef.createComponent(factory).instance;
+        const childComponent = this.modal.show<BulkStatusComponent>(
+            BulkStatusComponent, this.bulkStatusModalRef);
+
+        childComponent.loading = true;
+
+        // Workaround to handle closing the modal shortly after it has been opened
+        let close = false;
+        this.modal.onShown.subscribe(() => {
+            if (close) {
+                this.modal.close();
+            }
+        });
+
+        this.modal.onClosed.subscribe(() => {
+            this.modal = null;
+        });
+
+        try {
+            const response = await request;
+
+            if (this.modal) {
+                const keyedErrors: any = response.data.filter(r => r.error !== '').reduce((a, x) => ({ ...a, [x.id]: x.error }), {});
+                const keyedFilteredUsers: any = filteredUsers.reduce((a, x) => ({ ...a, [x.id]: x }), {});
+
+                childComponent.users = users.map(user => {
+                    let message = keyedErrors[user.id] ?? successfullMessage;
+                    if (!keyedFilteredUsers.hasOwnProperty(user.id)) {
+                        message = this.i18nService.t('bulkFilteredMessage');
+                    }
+
+                    return {
+                        user: user,
+                        error: keyedErrors.hasOwnProperty(user.id),
+                        message: message,
+                    };
+                });
+                childComponent.loading = false;
+            }
+        } catch {
+            close = true;
+            if (this.modal) {
+                this.modal.close();
+            }
+        }
+    }
+}

bitwarden_license/src/app/providers/manage/user-add-edit.component.html

@@ -0,0 +1,71 @@
+<div class="modal fade" tabindex="-1" role="dialog" aria-modal="true" aria-labelledby="userAddEditTitle">
+    <div class="modal-dialog modal-dialog-scrollable modal-lg" role="document">
+        <form class="modal-content" #form (ngSubmit)="submit()" [appApiAction]="formPromise" ngNativeValidate>
+            <div class="modal-header">
+                <h2 class="modal-title" id="userAddEditTitle">
+                    {{title}}
+                    <small class="text-muted" *ngIf="name">{{name}}</small>
+                </h2>
+                <button type="button" class="close" data-dismiss="modal" appA11yTitle="{{'close' | i18n}}">
+                    <span aria-hidden="true">&times;</span>
+                </button>
+            </div>
+            <div class="modal-body" *ngIf="loading">
+                <i class="fa fa-spinner fa-spin text-muted" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+                <span class="sr-only">{{'loading' | i18n}}</span>
+            </div>
+            <div class="modal-body" *ngIf="!loading">
+                <ng-container *ngIf="!editMode">
+                    <p>{{'providerInviteUserDesc' | i18n}}</p>
+                    <div class="form-group mb-4">
+                        <label for="emails">{{'email' | i18n}}</label>
+                        <input id="emails" class="form-control" type="text" name="Emails" [(ngModel)]="emails" required
+                            appAutoFocus>
+                        <small class="text-muted">{{'inviteMultipleEmailDesc' | i18n : '20'}}</small>
+                    </div>
+                </ng-container>
+                <h3>
+                    {{'userType' | i18n}}
+                    <a target="_blank" rel="noopener" appA11yTitle="{{'learnMore' | i18n}}"
+                        href="https://bitwarden.com/help/article/user-types-access-control/#user-types">
+                        <i class="fa fa-question-circle-o" aria-hidden="true"></i>
+                    </a>
+                </h3>
+                <div class="form-check mt-2 form-check-block">
+                    <input class="form-check-input" type="radio" name="userType" id="userTypeServiceUser"
+                        [value]="userType.ServiceUser" [(ngModel)]="type">
+                    <label class="form-check-label" for="userTypeServiceUser">
+                        {{'serviceUser' | i18n}}
+                        <small>{{'serviceUserDesc' | i18n}}</small>
+                    </label>
+                </div>
+                <div class="form-check mt-2 form-check-block">
+                    <input class="form-check-input" type="radio" name="userType" id="userTypeProviderAdmin"
+                        [value]="userType.ProviderAdmin" [(ngModel)]="type">
+                    <label class="form-check-label" for="userTypeProviderAdmin">
+                        {{'providerAdmin' | i18n}}
+                        <small>{{'providerAdminDesc' | i18n}}</small>
+                    </label>
+                </div>
+            </div>
+            <div class="modal-footer">
+                <button type="submit" class="btn btn-primary btn-submit" [disabled]="form.loading">
+                    <i class="fa fa-spinner fa-spin" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+                    <span>{{'save' | i18n}}</span>
+                </button>
+                <button type="button" class="btn btn-outline-secondary" data-dismiss="modal">
+                    {{'cancel' | i18n}}
+                </button>
+                <div class="ml-auto">
+                    <button #deleteBtn type="button" (click)="delete()" class="btn btn-outline-danger"
+                        appA11yTitle="{{'delete' | i18n}}" *ngIf="editMode" [disabled]="deleteBtn.loading"
+                        [appApiAction]="deletePromise">
+                        <i class="fa fa-trash-o fa-lg fa-fw" [hidden]="deleteBtn.loading" aria-hidden="true"></i>
+                        <i class="fa fa-spinner fa-spin fa-lg fa-fw" [hidden]="!deleteBtn.loading"
+                            title="{{'loading' | i18n}}" aria-hidden="true"></i>
+                    </button>
+                </div>
+            </div>
+        </form>
+    </div>
+</div>

bitwarden_license/src/app/providers/manage/user-add-edit.component.ts

@@ -0,0 +1,104 @@
+import {
+    Component,
+    EventEmitter,
+    Input,
+    OnInit,
+    Output,
+} from '@angular/core';
+
+import { ToasterService } from 'angular2-toaster';
+
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+
+import { ProviderUserInviteRequest } from 'jslib-common/models/request/provider/providerUserInviteRequest';
+
+import { PermissionsApi } from 'jslib-common/models/api/permissionsApi';
+
+import { ProviderUserType } from 'jslib-common/enums/providerUserType';
+import { ProviderUserUpdateRequest } from 'jslib-common/models/request/provider/providerUserUpdateRequest';
+
+@Component({
+    selector: 'provider-user-add-edit',
+    templateUrl: 'user-add-edit.component.html',
+})
+export class UserAddEditComponent implements OnInit {
+    @Input() name: string;
+    @Input() providerUserId: string;
+    @Input() providerId: string;
+    @Output() onSavedUser = new EventEmitter();
+    @Output() onDeletedUser = new EventEmitter();
+
+    loading = true;
+    editMode: boolean = false;
+    title: string;
+    emails: string;
+    type: ProviderUserType = ProviderUserType.ServiceUser;
+    permissions = new PermissionsApi();
+    showCustom = false;
+    access: 'all' | 'selected' = 'selected';
+    formPromise: Promise<any>;
+    deletePromise: Promise<any>;
+    userType = ProviderUserType;
+
+    constructor(private apiService: ApiService, private i18nService: I18nService,
+        private toasterService: ToasterService, private platformUtilsService: PlatformUtilsService) { }
+
+    async ngOnInit() {
+        this.editMode = this.loading = this.providerUserId != null;
+
+        if (this.editMode) {
+            this.editMode = true;
+            this.title = this.i18nService.t('editUser');
+            try {
+                const user = await this.apiService.getProviderUser(this.providerId, this.providerUserId);
+                this.type = user.type;
+            } catch { }
+        } else {
+            this.title = this.i18nService.t('inviteUser');
+        }
+
+        this.loading = false;
+    }
+
+    async submit() {
+        try {
+            if (this.editMode) {
+                const request = new ProviderUserUpdateRequest();
+                request.type = this.type;
+                this.formPromise = this.apiService.putProviderUser(this.providerId, this.providerUserId, request);
+            } else {
+                const request = new ProviderUserInviteRequest();
+                request.emails = this.emails.trim().split(/\s*,\s*/);
+                request.type = this.type;
+                this.formPromise = this.apiService.postProviderUserInvite(this.providerId, request);
+            }
+            await this.formPromise;
+            this.toasterService.popAsync('success', null,
+                this.i18nService.t(this.editMode ? 'editedUserId' : 'invitedUsers', this.name));
+            this.onSavedUser.emit();
+        } catch { }
+    }
+
+    async delete() {
+        if (!this.editMode) {
+            return;
+        }
+
+        const confirmed = await this.platformUtilsService.showDialog(
+            this.i18nService.t('removeUserConfirmation'), this.name,
+            this.i18nService.t('yes'), this.i18nService.t('no'), 'warning');
+        if (!confirmed) {
+            return false;
+        }
+
+        try {
+            this.deletePromise = this.apiService.deleteProviderUser(this.providerId, this.providerUserId);
+            await this.deletePromise;
+            this.toasterService.popAsync('success', null, this.i18nService.t('removedUserId', this.name));
+            this.onDeletedUser.emit();
+        } catch { }
+    }
+
+}

bitwarden_license/src/app/providers/providers-layout.component.html

@@ -0,0 +1,44 @@
+<app-navbar></app-navbar>
+<div class="org-nav" *ngIf="provider">
+    <div class="container d-flex">
+        <div class="d-flex flex-column">
+            <div class="my-auto d-flex align-items-center pl-1">
+                <app-avatar [data]="provider.name" size="45" [circle]="true"></app-avatar>
+                <div class="org-name ml-3">
+                    <span>{{provider.name}}</span>
+                    <small class="text-muted">{{'provider' | i18n}}</small>
+                </div>
+                <div class="ml-3 card border-danger text-danger bg-transparent" *ngIf="!provider.enabled">
+                    <div class="card-body py-2">
+                        <i class="fa fa-exclamation-triangle" aria-hidden="true"></i>
+                        {{'providerIsDisabled' | i18n}}
+                    </div>
+                </div>
+            </div>
+            <ul class="nav nav-tabs" *ngIf="showMenuBar">
+                <li class="nav-item">
+                    <a class="nav-link" routerLink="clients" routerLinkActive="active">
+                        <i class="fa fa-university" aria-hidden="true"></i>
+                        {{'clients' | i18n}}
+                    </a>
+                </li>
+                <li class="nav-item" *ngIf="showManageTab">
+                    <a class="nav-link" [routerLink]="manageRoute" routerLinkActive="active">
+                        <i class="fa fa-sliders" aria-hidden="true"></i>
+                        {{'manage' | i18n}}
+                    </a>
+                </li>
+                <li class="nav-item" *ngIf="showSettingsTab">
+                    <a class="nav-link" routerLink="settings" routerLinkActive="active">
+                        <i class="fa fa-cogs" aria-hidden="true"></i>
+                        {{'settings' | i18n}}
+                    </a>
+                </li>
+            </ul>
+        </div>
+    </div>
+</div>
+<div class="container page-content">
+    <router-outlet></router-outlet>
+</div>
+<app-footer></app-footer>

bitwarden_license/src/app/providers/providers-layout.component.ts

@@ -0,0 +1,51 @@
+import { Component } from '@angular/core';
+import { ActivatedRoute } from '@angular/router';
+
+import { UserService } from 'jslib-common/abstractions/user.service';
+
+import { Provider } from 'jslib-common/models/domain/provider';
+
+@Component({
+    selector: 'providers-layout',
+    templateUrl: 'providers-layout.component.html',
+})
+export class ProvidersLayoutComponent {
+
+    provider: Provider;
+    private providerId: string;
+
+    constructor(private route: ActivatedRoute, private userService: UserService) { }
+
+    ngOnInit() {
+        document.body.classList.remove('layout_frontend');
+        this.route.params.subscribe(async params => {
+            this.providerId = params.providerId;
+            await this.load();
+        });
+    }
+
+    async load() {
+        this.provider = await this.userService.getProvider(this.providerId);
+    }
+
+    get showMenuBar() {
+        return this.showManageTab || this.showSettingsTab;
+    }
+
+    get showManageTab() {
+        return this.provider.canManageUsers || this.provider.canAccessEventLogs;
+    }
+
+    get showSettingsTab() {
+        return this.provider.isProviderAdmin;
+    }
+
+    get manageRoute(): string {
+        switch (true) {
+            case this.provider.canManageUsers:
+                return 'manage/people';
+            case this.provider.canAccessEventLogs:
+                return 'manage/events';
+        }
+    }
+}

bitwarden_license/src/app/providers/providers-routing.module.ts

@@ -0,0 +1,123 @@
+import { NgModule } from '@angular/core';
+import { RouterModule, Routes } from '@angular/router';
+
+import { AuthGuardService } from 'jslib-angular/services/auth-guard.service';
+import { Permissions } from 'jslib-common/enums/permissions';
+
+import { AddOrganizationComponent } from './clients/add-organization.component';
+import { ClientsComponent } from './clients/clients.component';
+import { CreateOrganizationComponent } from './clients/create-organization.component';
+import { AcceptProviderComponent } from './manage/accept-provider.component';
+import { EventsComponent } from './manage/events.component';
+import { ManageComponent } from './manage/manage.component';
+import { PeopleComponent } from './manage/people.component';
+import { ProvidersLayoutComponent } from './providers-layout.component';
+import { SettingsComponent } from './settings/settings.component';
+import { SetupProviderComponent } from './setup/setup-provider.component';
+import { SetupComponent } from './setup/setup.component';
+
+import { FrontendLayoutComponent } from 'src/app/layouts/frontend-layout.component';
+
+import { ProvidersComponent } from 'src/app/providers/providers.component';
+import { ProviderGuardService } from './services/provider-guard.service';
+import { ProviderTypeGuardService } from './services/provider-type-guard.service';
+import { AccountComponent } from './settings/account.component';
+
+const routes: Routes = [
+    {
+        path: '',
+        canActivate: [AuthGuardService],
+        component: ProvidersComponent,
+    },
+    {
+        path: '',
+        component: FrontendLayoutComponent,
+        children: [
+            {
+                path: 'setup-provider',
+                component: SetupProviderComponent,
+                data: { titleId: 'setupProvider' },
+            },
+            {
+                path: 'accept-provider',
+                component: AcceptProviderComponent,
+                data: { titleId: 'acceptProvider' },
+            },
+        ],
+    },
+    {
+        path: '',
+        canActivate: [AuthGuardService],
+        children: [
+            {
+                path: 'setup',
+                component: SetupComponent,
+            },
+            {
+                path: ':providerId',
+                component: ProvidersLayoutComponent,
+                canActivate: [ProviderGuardService],
+                children: [
+                    { path: '', pathMatch: 'full', redirectTo: 'clients' },
+                    { path: 'clients/create', component: CreateOrganizationComponent },
+                    { path: 'clients', component: ClientsComponent, data: { titleId: 'clients' } },
+                    {
+                        path: 'manage',
+                        component: ManageComponent,
+                        children: [
+                            {
+                                path: '',
+                                pathMatch: 'full',
+                                redirectTo: 'people',
+                            },
+                            {
+                                path: 'people',
+                                component: PeopleComponent,
+                                canActivate: [ProviderTypeGuardService],
+                                data: {
+                                    titleId: 'people',
+                                    permissions: [Permissions.ManageUsers],
+                                },
+                            },
+                            {
+                                path: 'events',
+                                component: EventsComponent,
+                                canActivate: [ProviderTypeGuardService],
+                                data: {
+                                    titleId: 'eventLogs',
+                                    permissions: [Permissions.AccessEventLogs],
+                                },
+                            },
+                        ],
+                    },
+                    {
+                        path: 'settings',
+                        component: SettingsComponent,
+                        children: [
+                            {
+                                path: '',
+                                pathMatch: 'full',
+                                redirectTo: 'account',
+                            },
+                            {
+                                path: 'account',
+                                component: AccountComponent,
+                                canActivate: [ProviderTypeGuardService],
+                                data: {
+                                    titleId: 'myProvider',
+                                    permissions: [Permissions.ManageProvider],
+                                },
+                            },
+                        ],
+                    },
+                ],
+            },
+        ],
+    },
+];
+
+@NgModule({
+    imports: [RouterModule.forChild(routes)],
+    exports: [RouterModule],
+})
+export class ProvidersRoutingModule { }

bitwarden_license/src/app/providers/providers.module.ts

@@ -0,0 +1,62 @@
+import { CommonModule } from '@angular/common';
+import { NgModule } from '@angular/core';
+import { FormsModule } from '@angular/forms';
+
+import { ProviderGuardService } from './services/provider-guard.service';
+import { ProviderTypeGuardService } from './services/provider-type-guard.service';
+import { ProviderService } from './services/provider.service';
+
+import { ProvidersLayoutComponent } from './providers-layout.component';
+import { ProvidersRoutingModule } from './providers-routing.module';
+
+import { AddOrganizationComponent } from './clients/add-organization.component';
+import { ClientsComponent } from './clients/clients.component';
+import { CreateOrganizationComponent } from './clients/create-organization.component';
+
+import { AcceptProviderComponent } from './manage/accept-provider.component';
+import { BulkConfirmComponent } from './manage/bulk/bulk-confirm.component';
+import { BulkRemoveComponent } from './manage/bulk/bulk-remove.component';
+import { EventsComponent } from './manage/events.component';
+import { ManageComponent } from './manage/manage.component';
+import { PeopleComponent } from './manage/people.component';
+import { UserAddEditComponent } from './manage/user-add-edit.component';
+
+import { AccountComponent } from './settings/account.component';
+import { SettingsComponent } from './settings/settings.component';
+
+import { SetupProviderComponent } from './setup/setup-provider.component';
+import { SetupComponent } from './setup/setup.component';
+
+import { OssModule } from 'src/app/oss.module';
+
+@NgModule({
+    imports: [
+        CommonModule,
+        FormsModule,
+        OssModule,
+        ProvidersRoutingModule,
+    ],
+    declarations: [
+        AcceptProviderComponent,
+        AccountComponent,
+        AddOrganizationComponent,
+        BulkConfirmComponent,
+        BulkRemoveComponent,
+        ClientsComponent,
+        CreateOrganizationComponent,
+        EventsComponent,
+        ManageComponent,
+        PeopleComponent,
+        ProvidersLayoutComponent,
+        SettingsComponent,
+        SetupComponent,
+        SetupProviderComponent,
+        UserAddEditComponent,
+    ],
+    providers: [
+        ProviderService,
+        ProviderGuardService,
+        ProviderTypeGuardService,
+    ],
+})
+export class ProvidersModule {}

bitwarden_license/src/app/providers/services/provider-guard.service.ts

@@ -0,0 +1,32 @@
+import { Injectable } from '@angular/core';
+import {
+    ActivatedRouteSnapshot,
+    CanActivate,
+    Router,
+} from '@angular/router';
+
+import { ToasterService } from 'angular2-toaster';
+
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { UserService } from 'jslib-common/abstractions/user.service';
+
+@Injectable()
+export class ProviderGuardService implements CanActivate {
+    constructor(private userService: UserService, private router: Router,
+        private toasterService: ToasterService, private i18nService: I18nService) { }
+
+    async canActivate(route: ActivatedRouteSnapshot) {
+        const provider = await this.userService.getProvider(route.params.providerId);
+        if (provider == null) {
+            this.router.navigate(['/']);
+            return false;
+        }
+        if (!provider.isProviderAdmin && !provider.enabled) {
+            this.toasterService.popAsync('error', null, this.i18nService.t('providerIsDisabled'));
+            this.router.navigate(['/']);
+            return false;
+        }
+
+        return true;
+    }
+}

bitwarden_license/src/app/providers/services/provider-type-guard.service.ts

@@ -0,0 +1,31 @@
+import { Injectable } from '@angular/core';
+import {
+    ActivatedRouteSnapshot,
+    CanActivate,
+    Router,
+} from '@angular/router';
+
+import { UserService } from 'jslib-common/abstractions/user.service';
+
+import { Permissions } from 'jslib-common/enums/permissions';
+
+@Injectable()
+export class ProviderTypeGuardService implements CanActivate {
+    constructor(private userService: UserService, private router: Router) { }
+
+    async canActivate(route: ActivatedRouteSnapshot) {
+        const provider = await this.userService.getProvider(route.params.providerId);
+        const permissions = route.data == null ? null : route.data.permissions as Permissions[];
+
+        if (
+            (permissions.indexOf(Permissions.AccessEventLogs) !== -1 && provider.canAccessEventLogs) ||
+            (permissions.indexOf(Permissions.ManageProvider) !== -1 && provider.isProviderAdmin) ||
+            (permissions.indexOf(Permissions.ManageUsers) !== -1 && provider.canManageUsers)
+        ) {
+            return true;
+        }
+
+        this.router.navigate(['/providers', provider.id]);
+        return false;
+    }
+}

bitwarden_license/src/app/providers/services/provider.service.ts

@@ -0,0 +1,32 @@
+import { Injectable } from '@angular/core';
+
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { CryptoService } from 'jslib-common/abstractions/crypto.service';
+import { SyncService } from 'jslib-common/abstractions/sync.service';
+
+import { ProviderAddOrganizationRequest } from 'jslib-common/models/request/provider/providerAddOrganizationRequest';
+
+@Injectable()
+export class ProviderService {
+    constructor(private cryptoService: CryptoService, private syncService: SyncService, private apiService: ApiService) {}
+
+    async addOrganizationToProvider(providerId: string, organizationId: string) {
+        const orgKey = await this.cryptoService.getOrgKey(organizationId);
+        const providerKey = await this.cryptoService.getProviderKey(providerId);
+
+        const encryptedOrgKey = await this.cryptoService.encrypt(orgKey.key, providerKey);
+
+        const request = new ProviderAddOrganizationRequest();
+        request.organizationId = organizationId;
+        request.key = encryptedOrgKey.encryptedString;
+
+        const response = await this.apiService.postProviderAddOrganization(providerId, request);
+        await this.syncService.fullSync(true);
+        return response;
+    }
+
+    async detachOrganizastion(providerId: string, organizationId: string): Promise<any> {
+        await this.apiService.deleteProviderOrganization(providerId, organizationId);
+        await this.syncService.fullSync(true);
+    }
+}

bitwarden_license/src/app/providers/settings/account.component.html

@@ -0,0 +1,30 @@
+<div class="page-header">
+    <h1>{{'myProvider' | i18n}}</h1>
+</div>
+<div *ngIf="loading">
+    <i class="fa fa-spinner fa-spin text-muted" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+    <span class="sr-only">{{'loading' | i18n}}</span>
+</div>
+<form *ngIf="provider && !loading" #form (ngSubmit)="submit()" [appApiAction]="formPromise" ngNativeValidate>
+    <div class="row">
+        <div class="col-6">
+            <div class="form-group">
+                <label for="name">{{'providerName' | i18n}}</label>
+                <input id="name" class="form-control" type="text" name="Name" [(ngModel)]="provider.name"
+                    [disabled]="selfHosted">
+            </div>
+            <div class="form-group">
+                <label for="billingEmail">{{'billingEmail' | i18n}}</label>
+                <input id="billingEmail" class="form-control" type="text" name="BillingEmail"
+                    [(ngModel)]="provider.billingEmail" [disabled]="selfHosted">
+            </div>
+        </div>
+        <div class="col-6">
+            <app-avatar data="{{provider.name}}" dynamic="true" size="75" fontSize="35"></app-avatar>
+        </div>
+    </div>
+    <button type="submit" class="btn btn-primary btn-submit" [disabled]="form.loading">
+        <i class="fa fa-spinner fa-spin" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+        <span>{{'save' | i18n}}</span>
+    </button>
+</form>

bitwarden_license/src/app/providers/settings/account.component.ts

@@ -0,0 +1,62 @@
+import { Component } from '@angular/core';
+import { ActivatedRoute } from '@angular/router';
+import { ToasterService } from 'angular2-toaster';
+
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { LogService } from 'jslib-common/abstractions/log.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+import { SyncService } from 'jslib-common/abstractions/sync.service';
+
+import { ProviderUpdateRequest } from 'jslib-common/models/request/provider/providerUpdateRequest';
+
+import { ProviderResponse } from 'jslib-common/models/response/provider/providerResponse';
+
+@Component({
+    selector: 'provider-account',
+    templateUrl: 'account.component.html',
+})
+export class AccountComponent {
+    selfHosted = false;
+    loading = true;
+    provider: ProviderResponse;
+    formPromise: Promise<any>;
+    taxFormPromise: Promise<any>;
+
+    private providerId: string;
+
+    constructor(private apiService: ApiService, private i18nService: I18nService,
+        private toasterService: ToasterService, private route: ActivatedRoute,
+        private syncService: SyncService, private platformUtilsService: PlatformUtilsService,
+        private logService: LogService) { }
+
+    async ngOnInit() {
+        this.selfHosted = this.platformUtilsService.isSelfHost();
+        this.route.parent.parent.params.subscribe(async params => {
+            this.providerId = params.providerId;
+            try {
+                this.provider = await this.apiService.getProvider(this.providerId);
+            } catch (e) {
+                this.logService.error(`Handled exception: ${e}`);
+            }
+        });
+        this.loading = false;
+    }
+
+    async submit() {
+        try {
+            const request = new ProviderUpdateRequest();
+            request.name = this.provider.name;
+            request.businessName = this.provider.businessName;
+            request.billingEmail = this.provider.billingEmail;
+
+            this.formPromise = this.apiService.putProvider(this.providerId, request).then(() => {
+                return this.syncService.fullSync(true);
+            });
+            await this.formPromise;
+            this.toasterService.popAsync('success', null, this.i18nService.t('providerUpdated'));
+        } catch (e) {
+            this.logService.error(`Handled exception: ${e}`);
+        }
+    }
+}

bitwarden_license/src/app/providers/settings/settings.component.html

@@ -0,0 +1,17 @@
+<div class="container page-content">
+    <div class="row">
+        <div class="col-3">
+            <div class="card">
+                <div class="card-header">{{'settings' | i18n}}</div>
+                <div class="list-group list-group-flush">
+                    <a routerLink="account" class="list-group-item" routerLinkActive="active">
+                        {{'myProvider' | i18n}}
+                    </a>
+                </div>
+            </div>
+        </div>
+        <div class="col-9">
+            <router-outlet></router-outlet>
+        </div>
+    </div>
+</div>

bitwarden_license/src/app/providers/settings/settings.component.ts

@@ -0,0 +1,20 @@
+import { Component } from '@angular/core';
+import { ActivatedRoute } from '@angular/router';
+
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+import { UserService } from 'jslib-common/abstractions/user.service';
+
+@Component({
+    selector: 'provider-settings',
+    templateUrl: 'settings.component.html',
+})
+export class SettingsComponent {
+    constructor(private route: ActivatedRoute, private userService: UserService,
+        private platformUtilsService: PlatformUtilsService) { }
+
+    ngOnInit() {
+        this.route.parent.params.subscribe(async params => {
+            const provider = await this.userService.getProvider(params.providerId);
+        });
+    }
+}

bitwarden_license/src/app/providers/setup/setup-provider.component.html

@@ -0,0 +1,27 @@
+<div class="mt-5 d-flex justify-content-center" *ngIf="loading">
+    <div>
+        <img src="/src/images/logo-dark@2x.png" class="mb-4 logo" alt="Bitwarden">
+        <p class="text-center">
+            <i class="fa fa-spinner fa-spin fa-2x text-muted" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+            <span class="sr-only">{{'loading' | i18n}}</span>
+        </p>
+    </div>
+</div>
+<div class="container" *ngIf="!loading && !authed">
+    <div class="row justify-content-md-center mt-5">
+        <div class="col-5">
+            <p class="lead text-center mb-4">{{'setupProvider' | i18n}}</p>
+            <div class="card d-block">
+                <div class="card-body">
+                    <p>{{'setupProviderLoginDesc' | i18n}}</p>
+                    <hr>
+                    <div class="d-flex">
+                        <a routerLink="/" [queryParams]="{email: email}" class="btn btn-primary btn-block">
+                            {{'logIn' | i18n}}
+                        </a>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>

bitwarden_license/src/app/providers/setup/setup-provider.component.ts

@@ -0,0 +1,22 @@
+import { Component } from '@angular/core';
+
+import { BaseAcceptComponent } from 'src/app/common/base.accept.component';
+
+@Component({
+    selector: 'app-setup-provider',
+    templateUrl: 'setup-provider.component.html',
+})
+export class SetupProviderComponent extends BaseAcceptComponent {
+
+    failedShortMessage = 'inviteAcceptFailedShort';
+    failedMessage = 'inviteAcceptFailed';
+
+    requiredParameters = ['providerId', 'email', 'token'];
+
+    async authedHandler(qParams: any) {
+        this.router.navigate(['/providers/setup'], {queryParams: qParams});
+    }
+
+    // tslint:disable-next-line
+    async unauthedHandler(qParams: any) {}
+}

bitwarden_license/src/app/providers/setup/setup.component.html

@@ -0,0 +1,32 @@
+<app-navbar></app-navbar>
+<div class="container page-content">
+    <div class="page-header">
+        <h1>{{'setupProvider' | i18n}}</h1>
+    </div>
+    <p>{{'setupProviderDesc' | i18n}}</p>
+
+    <form #form (ngSubmit)="submit()" [appApiAction]="formPromise" ngNativeValidate *ngIf="loading">
+        <h2 class="mt-5">{{'generalInformation' | i18n}}</h2>
+        <div class="row">
+            <div class="form-group col-6">
+                <label for="name">{{'providerName' | i18n}}</label>
+                <input id="name" class="form-control" type="text" name="Name" [(ngModel)]="name" required>
+            </div>
+            <div class="form-group col-6">
+                <label for="billingEmail">{{'billingEmail' | i18n}}</label>
+                <input id="billingEmail" class="form-control" type="text" name="BillingEmail" [(ngModel)]="billingEmail" required>
+            </div>
+        </div>
+
+        <div class="mt-4">
+            <button type="submit" class="btn btn-primary btn-submit" [disabled]="form.loading">
+                <i class="fa fa-spinner fa-spin" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+                <span>{{'submit' | i18n}}</span>
+            </button>
+            <button type="button" class="btn btn-outline-secondary" (click)="cancel()" *ngIf="showCancel">
+                {{'cancel' | i18n}}
+            </button>
+        </div>
+    </form>
+</div>
+<app-footer></app-footer>

bitwarden_license/src/app/providers/setup/setup.component.ts

@@ -0,0 +1,94 @@
+import {
+    Component,
+    OnInit,
+} from '@angular/core';
+import {
+    ActivatedRoute,
+    Router,
+} from '@angular/router';
+import {
+    Toast,
+    ToasterService,
+} from 'angular2-toaster';
+
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { CryptoService } from 'jslib-common/abstractions/crypto.service';
+
+import { ValidationService } from 'jslib-angular/services/validation.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { SyncService } from 'jslib-common/abstractions/sync.service';
+import { ProviderSetupRequest } from 'jslib-common/models/request/provider/providerSetupRequest';
+
+@Component({
+    selector: 'provider-setup',
+    templateUrl: 'setup.component.html',
+})
+export class SetupComponent implements OnInit {
+    loading = true;
+    authed = false;
+    email: string;
+    formPromise: Promise<any>;
+
+    providerId: string;
+    token: string;
+    name: string;
+    billingEmail: string;
+
+    constructor(private router: Router, private toasterService: ToasterService,
+        private i18nService: I18nService, private route: ActivatedRoute,
+        private cryptoService: CryptoService, private apiService: ApiService,
+        private syncService: SyncService, private validationService: ValidationService) { }
+
+    ngOnInit() {
+        document.body.classList.remove('layout_frontend');
+        let fired = false;
+        this.route.queryParams.subscribe(async qParams => {
+            if (fired) {
+                return;
+            }
+            fired = true;
+            const error = qParams.providerId == null || qParams.email == null || qParams.token == null;
+
+            if (error) {
+                const toast: Toast = {
+                    type: 'error',
+                    title: null,
+                    body: this.i18nService.t('emergencyInviteAcceptFailed'),
+                    timeout: 10000,
+                };
+                this.toasterService.popAsync(toast);
+                this.router.navigate(['/']);
+            } else {
+                this.providerId = qParams.providerId;
+                this.token = qParams.token;
+            }
+        });
+    }
+
+    async submit() {
+        this.formPromise = this.doSubmit();
+        await this.formPromise;
+        this.formPromise = null;
+    }
+
+    async doSubmit() {
+        try {
+            const shareKey = await this.cryptoService.makeShareKey();
+            const key = shareKey[0].encryptedString;
+
+            const request = new ProviderSetupRequest();
+            request.name = this.name;
+            request.billingEmail = this.billingEmail;
+            request.token = this.token;
+            request.key = key;
+
+            const provider = await this.apiService.postProviderSetup(this.providerId, request);
+            this.toasterService.popAsync('success', null, this.i18nService.t('providerSetup'));
+            await this.syncService.fullSync(true);
+
+            this.router.navigate(['/providers', provider.id]);
+        } catch (e) {
+            this.validationService.showError(e);
+        }
+    }
+}

bitwarden_license/webpack.config.js

@@ -0,0 +1,12 @@
+const AngularCompilerPlugin = require('@ngtools/webpack').AngularCompilerPlugin;
+
+const webpackConfig = require('../webpack.config');
+
+webpackConfig.entry['app/main'] = './bitwarden_license/src/app/main.ts';
+webpackConfig.plugins[webpackConfig.plugins.length -1] = new AngularCompilerPlugin({
+    tsConfigPath: 'tsconfig.json',
+    entryModule: 'bitwarden_license/src/app/app.module#AppModule',
+    sourceMap: true,
+});
+
+module.exports = webpackConfig;

build.ps1

@@ -1,13 +0,0 @@
-$dir = Split-Path -Parent $MyInvocation.MyCommand.Path
-
-echo "`n# Building Web"
-
-echo "`nBuilding app"
-echo "npm version $(npm --version)"
-echo "gulp version $(gulp --version)"
-npm install
-gulp dist:selfHosted
-
-echo "`nBuilding docker image"
-docker --version
-docker build -t bitwarden/web $dir\.

build.sh

@@ -1,33 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-
-echo ""
-
-if [ $# -gt 1 -a "$1" == "push" ]
-then
-    TAG=$2
-    echo "# Pushing Web ($TAG)"
-    echo ""
-    docker push bitwarden/web:$TAG
-elif [ $# -gt 1 -a "$1" == "tag" ]
-then
-    TAG=$2
-    echo "Tagging Web as '$TAG'"
-    docker tag bitwarden/web bitwarden/web:$TAG
-else
-    echo "# Building Web"
-
-    echo ""
-    echo "Building app"
-    echo "npm version $(npm --version)"
-    echo "gulp version $(gulp --version)"
-    npm install
-    gulp dist:selfHosted
-
-    echo ""
-    echo "Building docker image"
-    docker --version
-    docker build -t bitwarden/web $DIR/.
-fi

config.js

@@ -0,0 +1,29 @@
+function load(envName) {
+    const envOverrides = {
+        'production': () => require('./config/production.json'),
+        'qa': () => require('./config/qa.json'),
+        'development': () => require('./config/development.json'),
+    };
+
+    const baseConfig = require('./config/base.json');
+    const overrideConfig = envOverrides.hasOwnProperty(envName) ? envOverrides[envName]() : {};
+
+    return {
+        ...baseConfig,
+        ...overrideConfig
+    };
+}
+
+function log(configObj) {
+    const repeatNum = 50
+    console.log(`${"=".repeat(repeatNum)}\nenvConfig`)
+    Object.entries(configObj).map(([key, value]) => {
+        console.log(`  ${key}: ${value}`)
+    })
+    console.log(`${"=".repeat(repeatNum)}`)
+}
+
+module.exports = {
+    load,
+    log
+};

config/base.json

@@ -0,0 +1,8 @@
+{
+    "proxyApi": "http://localhost:4000",
+    "proxyIdentity": "http://localhost:33656",
+    "proxyEvents": "http://localhost:46273",
+    "proxyNotifications": "http://localhost:61840",
+    "proxyPortal": "http://localhost:52313",
+    "allowedHosts": []
+}

config/production.json

@@ -0,0 +1,7 @@
+{
+    "proxyApi": "https://api.bitwarden.com",
+    "proxyIdentity": "https://identity.bitwarden.com",
+    "proxyEvents": "https://events.bitwarden.com",
+    "proxyNotifications": "https://notifications.bitwarden.com",
+    "proxyPortal": "https://portal.bitwarden.com"
+}

config/qa.json

@@ -0,0 +1,7 @@
+{
+    "proxyApi": "https://api.qa.bitwarden.com",
+    "proxyIdentity": "https://identity.qa.bitwarden.com",
+    "proxyEvents": "https://events.qa.bitwarden.com",
+    "proxyNotifications": "https://notifications.qa.bitwarden.com",
+    "proxyPortal": "https://portal.qa.bitwarden.com"
+}

crowdin.yml

@@ -0,0 +1,13 @@
+files:
+  - source: /src/locales/en/messages.json
+    translation: /src/locales/%two_letters_code%/%original_file_name%
+    update_option: update_as_unapproved
+    languages_mapping:
+      two_letters_code:
+        pt-PT: pt_PT
+        pt-BR: pt_BR
+        zh-CN: zh_CN
+        zh-TW: zh_TW
+        en-GB: en_GB
+        en-IN: en_IN
+        sr-CY: sr_CY

dev-server.shared.pem

@@ -0,0 +1,45 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDaEy1cPw07irjg
+4wUgaxshW7oQrgVoNZYRROmdU20K22L+HyG2ahW6usiWw8+6fPgVve7Y1z+/GYsK
+DhaDdY1Ket3JvZHxoAJ/+6lYY+05PhtmYnyEZzZlnuYx/tu3vyGpsXqMpzL3ZrX2
+Mh2dWE7ZXKxsyig4wSDJhBPMrW8HKXLrLR/JPFhu/nz5MpRF5LfzWU13FEfmS43s
+PEkBCn5ZxhVX4eNclQhTl7oOo5LU+KCWn+C/GPQir7pdmMoYF6D5j3qtbsq9irPe
+qR7HsM9z6DnX+L0mF31P2S6OTgLT3kuWJn9vqLUwvQWGFvSSzpw7JgGBK3eX6zE9
+2koGWP9NAgMBAAECggEAIpwCie5TykxU1RQSfzegYaXuHLGRmB1RCMKYFOjlmGCD
+EHOeZRXnBvCX3x2KfT1SHhk7q9xVeJ20LE9aEVj5qIVhZ6AXZnKPkwI8uRN61afe
+r1wYCOdcgbo7LFoXQs0pqYXKPkJW217IqB8CBjO6p9KGZumago9cBb9ZaRVpVohZ
+c6YHeatrna2mPb/EUPHdT0RHHQ5Dz2ToPjCkDtxsNHLZLekR35WIMtCBlp0xY5hb
+5h54ZxnaMihvHTLa8L/pgxGEUsP+XFpdXkM1oREzh8tDRFcUL8mUVZq8bGyzALn5
+MxDhdXqxrnyD2cQ/cSqXLs1/2mh5eccU3g5IaNtrAQKBgQD0Q4K2UYXa8jWQu7jI
+b37zwr2EypLFjeluqF4fxs+oz3UYEXeBDK0Td19/tze6/XieKibKDtFrOZQwDDKC
+AVxD7Dm58T9Jf4LDHNYOfYL3X/E4H+JrVBh94s0B00jVJ6TnEQDMuLi+wMGtvTdW
+huxoNefIWKf73ozvxIF+nsyeDQKBgQDkjYoXkBtfNgQR42RVA0/UdLLDWWctMU4F
+sJYc1bLL3txbf+fK7QzbU/ggLMW0hv8/IdyirGJhW3G0K0yhpAOlPhe36qv4QyhD
+o2nFlRrzfzvGJAgH9b1s+VcL/cSIuv4aCkbv97DAoQGPzAWEKv5gY1iw1DsGgrz5
+svZUvd7WQQKBgQDPrp7yuTngQNP+bT3dXb9JLqjIwRwt0E1LgugUiIuDcnCSuDct
+iEOYK4UNKBDAckcd46T7Y8H3MwumFpjTJKj4L1+dk1tF+J6Lmnb99wVlozOLjsCK
+lQQF9NJt3OEuKvjwZeqSJfUeavHB8QGeFjXnHP4nwAmEA2M9cYzQxeAf+QKBgCbS
+U+6Er+GQT0iqk1RNZ7XyzJqaCQiII3Sb9iOXuPMgO9Xe+ARkF5b5wF/Wuw5bD+gt
+XEjVdzCKU9oCsNWUAnqC/Yxj9CoLXj9+9mx1U0qhBgo1/Jc9ipuEDuEejc+b06Wg
+sUP5krBlqNpAEX/Nvb+poFsI8a29b1QKrgTe64cBAoGALg92rZBG60N2n8fTokou
+f1fui8Ftb+vOVGv9CM6icmNuwXeMF40A33Hvx14XLFk6B5p5dtVyOR660rRv4HRV
+cBUm5wwCZjwR5Aj83XGR0PRbTNFNngHbawQiutSo6dw8cNNKCZMywVh2KX29dsLh
+0Yj++kb8+G1kzFonR8WWoC8=
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICwzCCAaugAwIBAgIJAN5sbMfEx05qMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
+BAMTCWxvY2FsaG9zdDAeFw0xODA2MDUwMzMxNDhaFw0yODA2MDIwMzMxNDhaMBQx
+EjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBANoTLVw/DTuKuODjBSBrGyFbuhCuBWg1lhFE6Z1TbQrbYv4fIbZqFbq6yJbD
+z7p8+BW97tjXP78ZiwoOFoN1jUp63cm9kfGgAn/7qVhj7Tk+G2ZifIRnNmWe5jH+
+27e/IamxeoynMvdmtfYyHZ1YTtlcrGzKKDjBIMmEE8ytbwcpcustH8k8WG7+fPky
+lEXkt/NZTXcUR+ZLjew8SQEKflnGFVfh41yVCFOXug6jktT4oJaf4L8Y9CKvul2Y
+yhgXoPmPeq1uyr2Ks96pHsewz3PoOdf4vSYXfU/ZLo5OAtPeS5Ymf2+otTC9BYYW
+9JLOnDsmAYErd5frMT3aSgZY/00CAwEAAaMYMBYwFAYDVR0RBA0wC4IJbG9jYWxo
+b3N0MA0GCSqGSIb3DQEBCwUAA4IBAQCBTn7szrcs+fSs1Q/a2O3ng35zcme6NRhp
+T65RP0ooj3tPT9QlTJyKjo9Yb2RW2RGVbQO86mkYe9N9wcZkzurZ6KDqsfBn3FkI
+eZA1G/za907Dt/25mOdrsav7NmFBwxo9iuZ/cozgneK1mAXOu4nDI5yYvAlvNA6E
+iXgls4WX1LtHL5b9YV7Jz27d5tTmGxEimakMBo+zr10vCtMCsTlDs/ChamnI7ljN
+7B4WIVUMI3xOZzqClLnSzFJNReAlapjtGtp1qH6Y+6aZ9OErIwZOjE9CYYvm6MbE
+CblXQ9Uifpwrc09TA5S2Y/9+VxUBF9xlxh8hkcGLTzlNFDzVWdmR
+-----END CERTIFICATE-----

entrypoint.sh

@@ -5,60 +5,35 @@
 GROUPNAME="bitwarden"
 USERNAME="bitwarden"
 
-CURRENTGID=`getent group $GROUPNAME | cut -d: -f3`
-LGID=${LOCAL_GID:-999}
+LUID=${LOCAL_UID:-0}
+LGID=${LOCAL_GID:-0}
 
-NOUSER=`id -u $USERNAME > /dev/null 2>&1; echo $?`
-LUID=${LOCAL_UID:-999}
+# Step down from host root to well-known nobody/nogroup user
 
-# Step down from host root
-
-if [ $LGID == 0 ]
+if [ $LUID -eq 0 ]
 then
-    LGID=999
+    LUID=65534
+fi
+if [ $LGID -eq 0 ]
+then
+    LGID=65534
 fi
 
-if [ $LUID == 0 ]
-then
-    LUID=999
-fi
+# Create user and group
 
-# Create group
-
-if [ $CURRENTGID ]
-then
-    if [ "$CURRENTGID" != "$LGID" ]
-    then
-        groupmod -g $LGID $GROUPNAME
-    fi
-else
-    groupadd -g $LGID $GROUPNAME
-fi
-
-# Create user and assign group
-
-if [ $NOUSER == 0 ] && [ `id -u $USERNAME` != $LUID ]
-then
-    usermod -u $LUID $USERNAME
-elif [ $NOUSER == 1 ]
-then
-    useradd -r -u $LUID -g $GROUPNAME $USERNAME
-fi
-
-# Make home directory for user
-
-if [ ! -d "/home/$USERNAME" ]
-then
-    mkhomedir_helper $USERNAME
-fi
+groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 ||
+groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1
+useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 ||
+usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1
+mkhomedir_helper $USERNAME
 
 # The rest...
 
 chown -R $USERNAME:$GROUPNAME /etc/bitwarden
-cp /etc/bitwarden/web/settings.js /app/js/settings.js
 cp /etc/bitwarden/web/app-id.json /app/app-id.json
+cp /etc/bitwarden/web/assetlinks.json /app/assetlinks.json
 chown -R $USERNAME:$GROUPNAME /app
 chown -R $USERNAME:$GROUPNAME /bitwarden_server
 
-gosu $USERNAME:$GROUPNAME dotnet /bitwarden_server/Server.dll \
-    /contentRoot=/app /webRoot=. /serveUnknown=false
+exec gosu $USERNAME:$GROUPNAME dotnet /bitwarden_server/Server.dll \
+    /contentRoot=/app /webRoot=. /serveUnknown=false /webVault=true

gulpfile.js

@@ -1,499 +1,37 @@
-/// <binding BeforeBuild='build, dist' Clean='clean' ProjectOpened='build. dist' />
+const gulp = require('gulp');
+const googleWebFonts = require('gulp-google-webfonts');
+const del = require('del');
+const package = require('./package.json');
+const fs = require('fs');
 
-var gulp = require('gulp'),
-    rimraf = require('rimraf'),
-    concat = require('gulp-concat'),
-    rename = require('gulp-rename'),
-    cssmin = require('gulp-cssmin'),
-    uglify = require('gulp-uglify'),
-    ghPages = require('gulp-gh-pages'),
-    less = require('gulp-less'),
-    connect = require('gulp-connect'),
-    ngAnnotate = require('gulp-ng-annotate'),
-    preprocess = require('gulp-preprocess'),
-    runSequence = require('run-sequence'),
-    jeditor = require("gulp-json-editor"),
-    merge = require('merge-stream'),
-    ngConfig = require('gulp-ng-config'),
-    settings = require('./settings.json'),
-    project = require('./package.json'),
-    jshint = require('gulp-jshint'),
-    _ = require('lodash'),
-    webpack = require('webpack-stream'),
-    browserify = require('browserify'),
-    derequire = require('gulp-derequire'),
-    source = require('vinyl-source-stream');
+const paths = {
+    node_modules: './node_modules/',
+    src: './src/',
+    build: './build/',
+    cssDir: './src/css/',
+};
 
-var paths = {};
-paths.dist = './dist/';
-paths.webroot = './src/';
-paths.js = paths.webroot + 'js/**/*.js';
-paths.minJs = paths.webroot + 'js/**/*.min.js';
-paths.concatJsDest = paths.webroot + 'js/bw.min.js';
-paths.libDir = paths.webroot + 'lib/';
-paths.npmDir = 'node_modules/';
-paths.lessDir = paths.webroot + 'less/';
-paths.cssDir = paths.webroot + 'css/';
-paths.jsDir = paths.webroot + 'js/';
-
-var randomString = Math.random().toString(36).substring(7);
-
-gulp.task('lint', function () {
-    return gulp.src(paths.webroot + 'app/**/*.js')
-        .pipe(jshint())
-        .pipe(jshint.reporter('default'));
-});
-
-gulp.task('build', function (cb) {
-    return runSequence(
-        'clean',
-        ['browserify', 'lib', 'webpack', 'less', 'settings', 'lint', 'min:js'],
-        cb);
-});
-
-gulp.task('clean:js', function (cb) {
-    return rimraf(paths.concatJsDest, cb);
-});
-
-gulp.task('clean:css', function (cb) {
-    return rimraf(paths.cssDir, cb);
-});
-
-gulp.task('clean:lib', function (cb) {
-    return rimraf(paths.libDir, cb);
-});
-
-gulp.task('clean', ['clean:js', 'clean:css', 'clean:lib', 'dist:clean']);
-
-gulp.task('min:js', ['clean:js'], function () {
-    return gulp.src(
-        [
-            paths.js,
-            '!' + paths.minJs,
-            '!' + paths.jsDir + 'fallback*.js',
-            '!' + paths.jsDir + 'u2f-connector.js',
-            '!' + paths.jsDir + 'duo-connector.js',
-            '!' + paths.jsDir + 'duo.js',
-            '!' + paths.jsDir + 'settings.js'
-        ], { base: '.' })
-        .pipe(preprocess({ context: { cacheTag: randomString, selfHosted: selfHosted } }))
-        .pipe(concat(paths.concatJsDest))
-        //.pipe(uglify())
-        .pipe(gulp.dest('.'));
-});
-
-gulp.task('min:css', [], function () {
-    return gulp.src([paths.cssDir + '**/*.css', '!' + paths.cssDir + '**/*.min.css'], { base: '.' })
-        .pipe(cssmin())
-        .pipe(rename({ suffix: '.min' }))
-        .pipe(gulp.dest('.'));
-});
-
-gulp.task('min', ['min:js', 'min:css']);
-
-gulp.task('lib', ['clean:lib'], function () {
-    var libs = [
-        {
-            src: [
-                paths.npmDir + 'bootstrap/dist/**/*',
-                '!' + paths.npmDir + 'bootstrap/dist/**/npm.js',
-                '!' + paths.npmDir + 'bootstrap/dist/**/css/*theme*'
-            ],
-            dest: paths.libDir + 'bootstrap'
-        },
-        {
-            src: paths.npmDir + 'font-awesome/css/*',
-            dest: paths.libDir + 'font-awesome/css'
-        },
-        {
-            src: paths.npmDir + 'font-awesome/fonts/*',
-            dest: paths.libDir + 'font-awesome/fonts'
-        },
-        {
-            src: paths.npmDir + 'jquery/dist/*.js',
-            dest: paths.libDir + 'jquery'
-        },
-        {
-            src: paths.npmDir + 'admin-lte/dist/js/app*.js',
-            dest: paths.libDir + 'admin-lte/js'
-        },
-        {
-            src: paths.npmDir + 'angular/angular*.js',
-            dest: paths.libDir + 'angular'
-        },
-        {
-            src: paths.npmDir + 'angular-ui-bootstrap/dist/*tpls*.js',
-            dest: paths.libDir + 'angular-ui-bootstrap'
-        },
-        {
-            src: paths.npmDir + 'angular-bootstrap-show-errors/src/*.js',
-            dest: paths.libDir + 'angular-bootstrap-show-errors'
-        },
-        {
-            src: paths.npmDir + 'angular-cookies/*cookies*.js',
-            dest: paths.libDir + 'angular-cookies'
-        },
-        {
-            src: paths.npmDir + 'angular-jwt/dist/*.js',
-            dest: paths.libDir + 'angular-jwt'
-        },
-        {
-            src: paths.npmDir + 'angular-resource/*resource*.js',
-            dest: paths.libDir + 'angular-resource'
-        },
-        {
-            src: paths.npmDir + 'angular-sanitize/*sanitize*.js',
-            dest: paths.libDir + 'angular-sanitize'
-        },
-        {
-            src: [paths.npmDir + 'angular-toastr/dist/**/*.css', paths.npmDir + 'angular-toastr/dist/**/*.js'],
-            dest: paths.libDir + 'angular-toastr'
-        },
-        {
-            src: paths.npmDir + 'angular-ui-router/release/*.js',
-            dest: paths.libDir + 'angular-ui-router'
-        },
-        {
-            src: paths.npmDir + 'angular-messages/*messages*.js',
-            dest: paths.libDir + 'angular-messages'
-        },
-        {
-            src: paths.npmDir + 'ngstorage/*.js',
-            dest: paths.libDir + 'ngstorage'
-        },
-        {
-            src: paths.npmDir + 'papaparse/papaparse*.js',
-            dest: paths.libDir + 'papaparse'
-        },
-        {
-            src: paths.npmDir + 'ngclipboard/dist/ngclipboard*.js',
-            dest: paths.libDir + 'ngclipboard'
-        },
-        {
-            src: paths.npmDir + 'clipboard/dist/clipboard*.js',
-            dest: paths.libDir + 'clipboard'
-        },
-        {
-            src: paths.npmDir + 'node-forge/dist/prime.worker.*',
-            dest: paths.libDir + 'forge'
-        },
-        {
-            src: [
-                paths.npmDir + 'angulartics-google-analytics/lib/angulartics*.js',
-                paths.npmDir + 'angulartics/src/angulartics.js'
-            ],
-            dest: paths.libDir + 'angulartics'
-        },
-        //{
-        //    src: paths.npmDir + 'duo_web_sdk/index.js',
-        //    dest: paths.libDir + 'duo'
-        //},
-        {
-            src: paths.jsDir + 'duo.js',
-            dest: paths.libDir + 'duo'
-        },
-        {
-            src: paths.npmDir + 'angular-promise-polyfill/index.js',
-            dest: paths.libDir + 'angular-promise-polyfill'
-        }
-    ];
-
-    var tasks = libs.map(function (lib) {
-        return gulp.src(lib.src).pipe(gulp.dest(lib.dest));
-    });
-
-    return merge(tasks);
-});
-
-gulp.task('webpack', ['webpack:forge']);
-
-gulp.task('webpack:forge', function () {
-    var forgeDir = paths.npmDir + '/node-forge/lib/';
-
-    return gulp.src([
-        forgeDir + 'pbkdf2.js',
-        forgeDir + 'aes.js',
-        forgeDir + 'rsa.js',
-        forgeDir + 'hmac.js',
-        forgeDir + 'sha256.js',
-        forgeDir + 'random.js',
-        forgeDir + 'forge.js'
-    ]).pipe(webpack({
-        output: {
-            filename: 'forge.js',
-            library: 'forge',
-            libraryTarget: 'umd'
-        },
-        node: {
-            Buffer: false,
-            process: false,
-            crypto: false,
-            setImmediate: false
-        }
-    })).pipe(gulp.dest(paths.libDir + 'forge'));
-});
-
-gulp.task('settings', function () {
-    return config()
-        .pipe(gulp.dest(paths.webroot + 'app'));
-});
-
-function config() {
-    return gulp.src('./settings.json')
-        .pipe(ngConfig('bit', {
-            createModule: false,
-            constants: _.merge({}, {
-                appSettings: {
-                    selfHosted: false,
-                    version: project.version,
-                    environment: project.env
-                }
-            }, require('./settings' + (project.env !== 'Development' ? ('.' + project.env) : '') + '.json') || {})
-        }));
+function clean() {
+    return del([paths.cssDir]);
 }
 
-gulp.task('less', function () {
-    return gulp.src(paths.lessDir + 'vault.less')
-        .pipe(less())
+function webfonts() {
+    return gulp.src('./webfonts.list')
+        .pipe(googleWebFonts({
+            fontsDir: 'webfonts',
+            cssFilename: 'webfonts.css',
+            format: 'woff',
+        }))
         .pipe(gulp.dest(paths.cssDir));
-});
+};
 
-gulp.task('watch', function () {
-    gulp.watch(paths.lessDir + '*.less', ['less']);
-    gulp.watch('./settings*.json', ['settings']);
-});
+function version(cb) {
+    fs.writeFileSync(paths.build + 'version.json', '{"version":"' + package.version + '"}');
+    cb();
+}
 
-gulp.task('browserify', ['browserify:stripe', 'browserify:cc']);
-
-gulp.task('browserify:stripe', function () {
-    return browserify(paths.npmDir + 'angular-stripe/src/index.js',
-        {
-            entry: '.',
-            standalone: 'angularStripe',
-            global: true
-        })
-        .transform('exposify', { expose: { angular: 'angular' } })
-        .bundle()
-        .pipe(source('angular-stripe.js'))
-        .pipe(derequire())
-        .pipe(gulp.dest(paths.libDir + 'angular-stripe'));
-});
-
-gulp.task('browserify:cc', function () {
-    return browserify(paths.npmDir + 'angular-credit-cards/src/index.js',
-        {
-            entry: '.',
-            standalone: 'angularCreditCards'
-        })
-        .transform('exposify', { expose: { angular: 'angular' } })
-        .bundle()
-        .pipe(source('angular-credit-cards.js'))
-        .pipe(derequire())
-        .pipe(gulp.dest(paths.libDir + 'angular-credit-cards'));
-});
-
-gulp.task('dist:clean', function (cb) {
-    return rimraf(paths.dist + '**/*', cb);
-});
-
-gulp.task('dist:move', function () {
-    var moves = [
-        {
-            src: './CNAME',
-            dest: paths.dist
-        },
-        {
-            src: [
-                paths.npmDir + 'bootstrap/dist/**/bootstrap.min.js',
-                paths.npmDir + 'bootstrap/dist/**/bootstrap.min.css',
-                paths.npmDir + 'bootstrap/dist/**/fonts/**/*'
-            ],
-            dest: paths.dist + 'lib/bootstrap'
-        },
-        {
-            src: [
-                paths.npmDir + 'font-awesome/**/font-awesome.min.css',
-                paths.npmDir + 'font-awesome/**/fonts/**/*'
-            ],
-            dest: paths.dist + 'lib/font-awesome'
-        },
-        {
-            src: paths.npmDir + 'jquery/dist/jquery.min.js',
-            dest: paths.dist + 'lib/jquery'
-        },
-        {
-            src: paths.npmDir + 'angular/angular.min.js',
-            dest: paths.dist + 'lib/angular'
-        },
-        {
-            src: paths.npmDir + 'node-forge/dist/prime.worker.*',
-            dest: paths.dist + 'lib/forge'
-        },
-        //{
-        //    src: paths.npmDir + 'duo_web_sdk/index.js',
-        //    dest: paths.dist + 'lib/duo'
-        //},
-        {
-            src: paths.jsDir + 'duo.js',
-            dest: paths.dist + 'js'
-        },
-        {
-            src: paths.jsDir + 'duo-connector.js',
-            dest: paths.dist + 'js'
-        },
-        {
-            src: paths.jsDir + 'settings.js',
-            dest: paths.dist + 'js'
-        },
-        {
-            src: paths.jsDir + 'bw.min.js',
-            dest: paths.dist + 'js'
-        },
-        {
-            src: [
-                paths.webroot + '**/app/**/*.html',
-                paths.webroot + '**/images/**/*',
-                paths.webroot + 'index.html',
-                paths.webroot + 'u2f-connector.html',
-                paths.webroot + 'duo-connector.html',
-                paths.webroot + 'favicon.ico',
-                paths.webroot + 'manifest.json',
-                paths.webroot + 'app-id.json'
-            ],
-            dest: paths.dist
-        }
-    ];
-
-    var tasks = moves.map(function (move) {
-        return gulp.src(move.src).pipe(gulp.dest(move.dest));
-    });
-
-    return merge(tasks);
-});
-
-gulp.task('dist:css', function () {
-    return gulp
-        .src([
-            paths.cssDir + '**/*.css',
-            '!' + paths.cssDir + '**/*.min.css'
-        ])
-        .pipe(preprocess({ context: { cacheTag: randomString, selfHosted: selfHosted } }))
-        .pipe(cssmin())
-        .pipe(rename({ suffix: '.min' }))
-        .pipe(gulp.dest(paths.dist + 'css'));
-});
-
-gulp.task('dist:js:app', function () {
-    var mainStream = gulp
-        .src([
-            paths.webroot + 'app/app.js',
-            '!' + paths.webroot + 'app/settings.js',
-            paths.webroot + 'app/**/*Module.js',
-            paths.webroot + 'app/**/*.js'
-        ]);
-
-    merge(mainStream, config())
-        .pipe(preprocess({ context: { cacheTag: randomString, selfHosted: selfHosted } }))
-        .pipe(concat(paths.dist + '/js/app.min.js'))
-        .pipe(ngAnnotate())
-        //.pipe(uglify())
-        .pipe(gulp.dest('.'));
-});
-
-gulp.task('dist:js:fallback', function () {
-    var mainStream = gulp
-        .src([
-            paths.jsDir + 'fallback*.js'
-        ]);
-
-    merge(mainStream)
-        .pipe(preprocess({ context: { cacheTag: randomString, selfHosted: selfHosted } }))
-        //.pipe(uglify())
-        .pipe(rename({ suffix: '.min' }))
-        .pipe(gulp.dest(paths.dist + 'js'));
-});
-
-gulp.task('dist:js:u2f', function () {
-    var mainStream = gulp
-        .src([
-            paths.jsDir + 'u2f*.js'
-        ]);
-
-    merge(mainStream)
-        .pipe(concat(paths.dist + '/js/u2f.min.js'))
-        //.pipe(uglify())
-        .pipe(gulp.dest('.'));
-});
-
-gulp.task('dist:js:lib', function () {
-    return gulp
-        .src([
-            paths.libDir + 'angulartics/angulartics.js',
-            paths.libDir + '**/*.js',
-            '!' + paths.libDir + '**/*.min.js',
-            '!' + paths.libDir + 'angular/**/*',
-            '!' + paths.libDir + 'bootstrap/**/*',
-            '!' + paths.libDir + 'jquery/**/*'
-        ])
-        .pipe(concat(paths.dist + '/js/lib.min.js'))
-        //.pipe(uglify())
-        .pipe(gulp.dest('.'));
-});
-
-gulp.task('dist:preprocess', function () {
-    return gulp
-        .src([
-            paths.dist + '/**/*.html'
-        ], { base: '.' })
-        .pipe(preprocess({ context: { cacheTag: randomString, selfHosted: selfHosted } }))
-        .pipe(gulp.dest('.'));
-});
-
-gulp.task('dist:version', function () {
-    gulp.src(paths.webroot + 'version.json').pipe(jeditor({
-        'version': project.version
-    })).pipe(gulp.dest(paths.dist));
-});
-
-gulp.task('dist', ['build'], function (cb) {
-    return runSequence(
-        'dist:clean',
-        ['dist:move', 'dist:css', 'dist:js:app', 'dist:js:lib', 'dist:js:fallback', 'dist:js:u2f', 'dist:version'],
-        'dist:preprocess',
-        cb);
-});
-
-var selfHosted = false;
-gulp.task('dist:selfHosted', function (cb) {
-    selfHosted = true;
-    return runSequence('dist', cb);
-});
-
-gulp.task('deploy', ['dist'], function () {
-    return gulp.src(paths.dist + '**/*')
-        .pipe(ghPages({ cacheDir: paths.dist + '.publish' }));
-});
-
-gulp.task('deploy-preview', ['dist'], function () {
-    return gulp.src(paths.dist + '**/*')
-        .pipe(ghPages({
-            cacheDir: paths.dist + '.publish',
-            remoteUrl: 'git@github.com:bitwarden/web-preview.git'
-        }));
-});
-
-gulp.task('serve', function () {
-    connect.server({
-        port: 4001,
-        root: ['src'],
-        //https: true,
-        middleware: function (connect, opt) {
-            return [function (req, res, next) {
-                if (req.originalUrl.indexOf('app-id.json') > -1) {
-                    res.setHeader('Content-Type', 'application/fido.trusted-apps+json');
-                }
-                next();
-            }];
-        }
-    });
-});
+exports.clean = clean;
+exports.webfonts = gulp.series(clean, webfonts);
+exports.prebuild = gulp.series(clean, webfonts);
+exports.version = version;
+exports.postdist = version;

package.json

@@ -1,56 +1,94 @@
 {
-  "name": "bitwarden",
-  "version": "1.26.0",
-  "env": "Production",
+  "name": "bitwarden-web",
+  "version": "2.22.3",
+  "license": "GPL-3.0",
+  "repository": "https://github.com/bitwarden/web",
+  "scripts": {
+    "sub:init": "git submodule update --init --recursive",
+    "sub:update": "git submodule update --remote",
+    "sub:pull": "git submodule foreach git pull origin master",
+    "preinstall": "npm run sub:init",
+    "symlink:win": "rm -rf ./jslib && cmd /c mklink /J .\\jslib ..\\jslib",
+    "symlink:mac": "npm run symlink:lin",
+    "symlink:lin": "rm -rf ./jslib && ln -s ../jslib ./jslib",
+    "build": "gulp prebuild && webpack -c bitwarden_license/webpack.config.js",
+    "build:oss": "gulp prebuild && webpack",
+    "build:watch": "gulp prebuild && webpack serve -c bitwarden_license/webpack.config.js",
+    "build:watch:oss": "gulp prebuild && webpack serve",
+    "build:dev": "cross-env ENV=development npm run build",
+    "build:dev:watch": "cross-env ENV=development npm run build:watch",
+    "build:qa": "cross-env NODE_ENV=production ENV=qa npm run build",
+    "build:qa:watch": "cross-env NODE_ENV=production ENV=qa npm run build:watch",
+    "build:prod": "cross-env NODE_ENV=production ENV=production npm run build",
+    "build:prod:oss": "cross-env NODE_ENV=production ENV=production npm run build:oss",
+    "build:prod:watch": "cross-env NODE_ENV=production ENV=production npm run build:watch",
+    "build:selfhost": "cross-env SELF_HOST=true npm run build:watch",
+    "build:selfhost:watch": "cross-env SELF_HOST=true npm run build:watch",
+    "build:selfhost:prod": "cross-env SELF_HOST=true NODE_ENV=production npm run build",
+    "build:selfhost:prod:oss": "cross-env SELF_HOST=true NODE_ENV=production npm run build:oss",
+    "build:selfhost:prod:watch": "cross-env SELF_HOST=true NODE_ENV=production npm run build:watch",
+    "clean:l10n": "git push origin --delete l10n_master",
+    "dist": "npm run build:prod && gulp postdist",
+    "dist:oss": "npm run build:prod:oss && gulp postdist",
+    "dist:selfhost": "npm run build:selfhost:prod && gulp postdist",
+    "dist:selfhost:oss": "npm run build:selfhost:prod:oss && gulp postdist",
+    "deploy": "npm run dist && gh-pages -d build",
+    "deploy:dev": "npm run dist && gh-pages -d build -r git@github.com:kspearrin/bitwarden-web-dev.git",
+    "lint": "tslint 'src/**/*.ts' 'bitwarden_license/src/**/*.ts' || true",
+    "lint:fix": "tslint 'src/**/*.ts' 'bitwarden_license/src/**/*.ts' --fix"
+  },
   "devDependencies": {
-    "connect": "3.6.5",
-    "lodash": "4.17.4",
-    "gulp": "3.9.1",
-    "gulp-concat": "2.6.1",
-    "gulp-cssmin": "0.2.0",
-    "gulp-less": "3.3.2",
-    "gulp-rename": "1.2.2",
-    "gulp-uglify": "3.0.0",
-    "gulp-gh-pages": "git+https://github.com/tekd/gulp-gh-pages.git#update-dependency",
-    "gulp-preprocess": "2.0.0",
-    "gulp-ng-annotate": "2.0.0",
-    "gulp-ng-config": "1.5.0",
-    "gulp-connect": "5.0.0",
-    "gulp-json-editor": "2.2.2",
-    "jshint": "2.9.5",
-    "gulp-jshint": "2.0.4",
-    "rimraf": "2.6.2",
-    "run-sequence": "2.2.0",
-    "merge-stream": "1.0.1",
-    "jquery": "3.2.1",
+    "@angular/compiler-cli": "^11.2.11",
+    "@ngtools/webpack": "^11.2.10",
+    "@types/jquery": "^3.5.5",
+    "@types/node": "^14.17.2",
+    "@types/webcrypto": "^0.0.28",
+    "@types/webpack": "^4.4.27",
+    "clean-webpack-plugin": "^3.0.0",
+    "copy-webpack-plugin": "^6.4.0",
+    "cross-env": "^7.0.3",
+    "css-loader": "^5.2.3",
+    "del": "^6.0.0",
+    "file-loader": "^6.2.0",
+    "gh-pages": "^3.1.0",
+    "gulp": "^4.0.2",
+    "gulp-google-webfonts": "^4.0.0",
+    "html-loader": "^1.3.2",
+    "html-webpack-plugin": "^4.5.1",
+    "mini-css-extract-plugin": "^1.5.0",
+    "sass": "^1.32.10",
+    "sass-loader": "^10.1.1",
+    "style-loader": "^2.0.0",
+    "tapable": "^1.1.3",
+    "terser-webpack-plugin": "^4.2.3",
+    "ts-loader": "^8.1.0",
+    "tslint": "^6.1.3",
+    "tslint-loader": "^3.5.4",
+    "typescript": "4.1.5",
+    "webpack": "^4.46.0",
+    "webpack-cli": "^4.6.0",
+    "webpack-dev-server": "^3.11.2"
+  },
+  "dependencies": {
+    "@bitwarden/jslib-angular": "file:jslib/angular",
+    "@bitwarden/jslib-common": "file:jslib/common",
+    "angular2-toaster": "11.0.1",
+    "bootstrap": "4.6.0",
+    "braintree-web-drop-in": "1.30.1",
+    "browser-hrtime": "^1.1.8",
+    "core-js": "^3.11.0",
+    "date-input-polyfill": "^2.14.0",
     "font-awesome": "4.7.0",
-    "bootstrap": "3.3.7",
-    "angular": "1.6.7",
-    "angular-resource": "1.6.7",
-    "angular-sanitize": "1.6.7",
-    "angular-ui-bootstrap": "2.5.6",
-    "angular-ui-router": "0.4.2",
-    "angular-jwt": "0.1.9",
-    "angular-cookies": "1.6.7",
-    "admin-lte": "2.3.11",
-    "angular-toastr": "2.1.1",
-    "angular-bootstrap-show-errors": "2.3.0",
-    "angular-messages": "1.6.7",
-    "ngstorage": "0.3.11",
-    "papaparse": "4.3.6",
-    "clipboard": "1.7.1",
-    "ngclipboard": "1.1.2",
-    "angulartics": "1.5.0",
-    "angulartics-google-analytics": "0.4.0",
-    "node-forge": "0.7.1",
-    "webpack-stream": "4.0.0",
-    "angular-stripe": "5.0.0",
-    "angular-credit-cards": "3.1.6",
-    "browserify": "14.5.0",
-    "vinyl-source-stream": "1.1.0",
-    "gulp-derequire": "2.1.0",
-    "exposify": "0.5.0",
-    "duo_web_sdk": "git+https://github.com/duosecurity/duo_web_sdk.git",
-    "angular-promise-polyfill": "0.0.4"
+    "jquery": "3.6.0",
+    "ngx-infinite-scroll": "^10.0.1",
+    "popper.js": "1.16.1",
+    "qrious": "4.0.2",
+    "sweetalert2": "^10.16.6",
+    "webcrypto-shim": "0.1.7",
+    "whatwg-fetch": "3.6.2"
+  },
+  "engines": {
+    "node": "~14",
+    "npm": "~7"
   }
 }

settings.Preview.json

@@ -1,9 +0,0 @@
-{
-  "appSettings": {
-    "apiUri": "/api",
-    "identityUri": "/identity",
-    "iconsUri": "https://icons.bitwarden.com",
-    "stripeKey": "pk_test_KPoCfZXu7mznb9uSCPZ2JpTD",
-    "braintreeKey": "sandbox_r72q8jq6_9pnxkwm75f87sdc2"
-  }
-}

settings.Production.json

@@ -1,9 +0,0 @@
-{
-  "appSettings": {
-    "apiUri": "/api",
-    "identityUri": "/identity",
-    "iconsUri": "https://icons.bitwarden.com",
-    "stripeKey": "pk_live_bpN0P37nMxrMQkcaHXtAybJk",
-    "braintreeKey": "production_qfbsv8kc_njj2zjtyngtjmbjd"
-  }
-}

settings.json

@@ -1,9 +0,0 @@
-{
-  "appSettings": {
-    "apiUri": "http://localhost:4000",
-    "identityUri": "http://localhost:33656",
-    "iconsUri": "https://icons.bitwarden.com",
-    "stripeKey": "pk_test_KPoCfZXu7mznb9uSCPZ2JpTD",
-    "braintreeKey": "sandbox_r72q8jq6_9pnxkwm75f87sdc2"
-  }
-}

src/404.html

@@ -0,0 +1,50 @@
+<!DOCTYPE html>
+<html lang="en">
+    <head>
+        <meta charset="utf-8">
+        <meta http-equiv="X-UA-Compatible" content="IE=edge">
+        <meta name="viewport" content="width=device-width, initial-scale=1">
+
+        <link href="/404/bootstrap.min.css" rel="stylesheet" type="text/css"
+            integrity="sha384-B0vP5xmATw1+K9KRQjQERJvTumQW0nPEzvF6L/Z6nronJ3oUOFUFpCjEUQouq2+l">
+        <link href="/404/font-awesome.min.css" rel="stylesheet" type="text/css"
+            integrity="sha512-SfTiTlX6kk+qitfevl/7LibUOeJWlt9rbyDn92a1DqWOw9vWG2MFoays0sgObmWazO5BQPiFucnnEAjpAB+/Sw==">
+        <link href="/404/styles.css" rel="stylesheet" type="text/css">
+
+        <link rel="apple-touch-icon" sizes="180x180" href="/images/icons/apple-touch-icon.png">
+        <link rel="icon" type="image/png" sizes="32x32" href="/images/icons/favicon-32x32.png">
+        <link rel="icon" type="image/png" sizes="16x16" href="/images/icons/favicon-16x16.png">
+        <link rel="mask-icon" href="/images/icons/safari-pinned-tab.svg" color="#175DDC">
+        <link rel="manifest" href="/manifest.json">
+
+        <title>Page not found!</title>
+        <meta name="description" content="404 Page Not Found">
+    </head>
+
+    <body>
+        <div class="banner">
+            <div class="container inner banner">
+                <div class="row align-items-center">
+                    <div class="col brand">
+                        <i class="fa fa-shield"></i>&nbsp;
+                        <strong>bit</strong>warden</span>
+                    </div>
+                </div>
+            </div>
+        </div>
+        <div class="container inner content">
+            <h2>Page not found!</h2>
+            <p>Sorry, but the page you were looking for could not be found.</p>
+            <p>
+                <a href="/">
+                    <img src="/images/404.png" class="img-fluid" alt="404 image" width="80%"/>
+                </a>
+            </p>
+            <p>You can <a href="/">return to the web vault</a>, check our <a href="https://status.bitwarden.com/">status page</a>
+                or <a href="https://bitwarden.com/contact/">contact us</a>.</p>
+        </div>
+        <div class="container footer text-muted content">
+            © Copyright 2021 Bitwarden, Inc.
+        </div>
+    </body>
+</html>

src/404/styles.css

@@ -0,0 +1,119 @@
+@font-face {
+	font-family: 'Open Sans';
+	font-style: italic;
+	font-weight: 300;
+	src: url(../fonts/Open_Sans-italic-300.woff) format('woff');
+	unicode-range: U+0-10FFFF;
+}
+
+@font-face {
+	font-family: 'Open Sans';
+	font-style: italic;
+	font-weight: 400;
+	src: url(../fonts/Open_Sans-italic-400.woff) format('woff');
+	unicode-range: U+0-10FFFF;
+}
+
+@font-face {
+	font-family: 'Open Sans';
+	font-style: italic;
+	font-weight: 600;
+	src: url(../fonts/Open_Sans-italic-600.woff) format('woff');
+	unicode-range: U+0-10FFFF;
+}
+
+@font-face {
+	font-family: 'Open Sans';
+	font-style: italic;
+	font-weight: 700;
+	src: url(../fonts/Open_Sans-italic-700.woff) format('woff');
+	unicode-range: U+0-10FFFF;
+}
+
+@font-face {
+	font-family: 'Open Sans';
+	font-style: italic;
+	font-weight: 800;
+	src: url(../fonts/Open_Sans-italic-800.woff) format('woff');
+	unicode-range: U+0-10FFFF;
+}
+
+@font-face {
+	font-family: 'Open Sans';
+	font-style: normal;
+	font-weight: 300;
+	src: url(../fonts/Open_Sans-normal-300.woff) format('woff');
+	unicode-range: U+0-10FFFF;
+}
+
+@font-face {
+	font-family: 'Open Sans';
+	font-style: normal;
+	font-weight: 400;
+	src: url(../fonts/Open_Sans-normal-400.woff) format('woff');
+	unicode-range: U+0-10FFFF;
+}
+
+@font-face {
+	font-family: 'Open Sans';
+	font-style: normal;
+	font-weight: 600;
+	src: url(../fonts/Open_Sans-normal-600.woff) format('woff');
+	unicode-range: U+0-10FFFF;
+}
+
+@font-face {
+	font-family: 'Open Sans';
+	font-style: normal;
+	font-weight: 700;
+	src: url(../fonts/Open_Sans-normal-700.woff) format('woff');
+	unicode-range: U+0-10FFFF;
+}
+
+@font-face {
+	font-family: 'Open Sans';
+	font-style: normal;
+	font-weight: 800;
+	src: url(../fonts/Open_Sans-normal-800.woff) format('woff');
+	unicode-range: U+0-10FFFF;
+}
+
+body {
+    font-family: 'Open Sans';
+}
+
+html, body, .row {
+    height: 100%;
+    -webkit-font-smoothing: antialiased;
+}
+
+h2 {
+    font-size: 25px;
+    margin-bottom: 12.5px;
+    font-weight: 500;
+    line-height: 1.1;
+}
+
+.brand {
+  font-size: 23px;
+  line-height: 25px;
+  color: #fff;
+  font-family: "Open Sans","Helvetica Neue",Helvetica,Arial,sans-serif;
+}
+
+.banner {
+    background-color: #175DDC;
+    height: 56px;
+}
+
+.content {
+    padding-top: 20px;
+    padding-bottom: 20px;
+    padding-left: 15px;
+    padding-right: 15px;
+}
+
+.footer {
+    padding: 40px 0 40px 0;
+    border-top: 1px solid #dee2e6;
+}

src/app-id.json

@@ -8,7 +8,8 @@
       "ids": [
         "https://vault.bitwarden.com",
         "ios:bundle-id:com.8bit.bitwarden",
-        "android:apk-key-hash:dUGFzUzf3lmHSLBDBIv+WaFyZMI"
+        "android:apk-key-hash:dUGFzUzf3lmHSLBDBIv+WaFyZMI",
+        "android:apk-key-hash:pSCbprJwYtwCZOPOpmU6YuPBs/g"
       ]
     }
   ]

src/app/accounts/accept-emergency.component.html

@@ -0,0 +1,34 @@
+<div class="mt-5 d-flex justify-content-center" *ngIf="loading">
+    <div>
+        <img src="../../images/logo-dark@2x.png" class="mb-4 logo" alt="Bitwarden">
+        <p class="text-center">
+            <i class="fa fa-spinner fa-spin fa-2x text-muted" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+            <span class="sr-only">{{'loading' | i18n}}</span>
+        </p>
+    </div>
+</div>
+<div class="container" *ngIf="!loading && !authed">
+    <div class="row justify-content-md-center mt-5">
+        <div class="col-5">
+            <p class="lead text-center mb-4">{{'emergencyAccess' | i18n}}</p>
+            <div class="card d-block">
+                <div class="card-body">
+                    <p class="text-center">
+                        {{name}}
+                    </p>
+                    <p>{{'acceptEmergencyAccess' | i18n}}</p>
+                    <hr>
+                    <div class="d-flex">
+                        <a routerLink="/" [queryParams]="{email: email}" class="btn btn-primary btn-block">
+                            {{'logIn' | i18n}}
+                        </a>
+                        <a routerLink="/register" [queryParams]="{email: email}"
+                            class="btn btn-primary btn-block ml-2 mt-0">
+                            {{'createAccount' | i18n}}
+                        </a>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>

src/app/accounts/accept-emergency.component.ts

@@ -0,0 +1,60 @@
+import { Component } from '@angular/core';
+import {
+    ActivatedRoute,
+    Router,
+} from '@angular/router';
+
+import {
+    Toast,
+    ToasterService,
+} from 'angular2-toaster';
+
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { StateService } from 'jslib-common/abstractions/state.service';
+import { UserService } from 'jslib-common/abstractions/user.service';
+import { EmergencyAccessAcceptRequest } from 'jslib-common/models/request/emergencyAccessAcceptRequest';
+import { BaseAcceptComponent } from '../common/base.accept.component';
+
+@Component({
+    selector: 'app-accept-emergency',
+    templateUrl: 'accept-emergency.component.html',
+})
+export class AcceptEmergencyComponent extends BaseAcceptComponent {
+
+    name: string;
+
+    protected requiredParameters: string[] = ['id', 'name', 'email', 'token'];
+    protected failedShortMessage = 'emergencyInviteAcceptFailedShort';
+    protected failedMessage = 'emergencyInviteAcceptFailed';
+
+    constructor(router: Router, toasterService: ToasterService,
+        i18nService: I18nService, route: ActivatedRoute,
+        private apiService: ApiService, userService: UserService,
+        stateService: StateService) {
+        super(router, toasterService, i18nService, route, userService, stateService);
+    }
+
+    async authedHandler(qParams: any): Promise<void> {
+        const request = new EmergencyAccessAcceptRequest();
+        request.token = qParams.token;
+        this.actionPromise = this.apiService.postEmergencyAccessAccept(qParams.id, request);
+        await this.actionPromise;
+        const toast: Toast = {
+            type: 'success',
+            title: this.i18nService.t('inviteAccepted'),
+            body: this.i18nService.t('emergencyInviteAcceptedDesc'),
+            timeout: 10000,
+        };
+        this.toasterService.popAsync(toast);
+        this.router.navigate(['/vault']);
+    }
+
+    async unauthedHandler(qParams: any): Promise<void> {
+        this.name = qParams.name;
+        if (this.name != null) {
+            // Fix URL encoding of space issue with Angular
+            this.name = this.name.replace(/\+/g, ' ');
+        }
+    }
+}

src/app/accounts/accept-organization.component.html

@@ -0,0 +1,35 @@
+<div class="mt-5 d-flex justify-content-center" *ngIf="loading">
+    <div>
+        <img src="../../images/logo-dark@2x.png" class="mb-4 logo" alt="Bitwarden">
+        <p class="text-center">
+            <i class="fa fa-spinner fa-spin fa-2x text-muted" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+            <span class="sr-only">{{'loading' | i18n}}</span>
+        </p>
+    </div>
+</div>
+<div class="container" *ngIf="!loading && !authed">
+    <div class="row justify-content-md-center mt-5">
+        <div class="col-5">
+            <p class="lead text-center mb-4">{{'joinOrganization' | i18n}}</p>
+            <div class="card d-block">
+                <div class="card-body">
+                    <p class="text-center">
+                        {{orgName}}
+                        <strong class="d-block mt-2">{{email}}</strong>
+                    </p>
+                    <p>{{'joinOrganizationDesc' | i18n}}</p>
+                    <hr>
+                    <div class="d-flex">
+                        <a routerLink="/" [queryParams]="{email: email}" class="btn btn-primary btn-block">
+                            {{'logIn' | i18n}}
+                        </a>
+                        <a routerLink="/register" [queryParams]="{email: email}"
+                            class="btn btn-primary btn-block ml-2 mt-0">
+                            {{'createAccount' | i18n}}
+                        </a>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>

src/app/accounts/accept-organization.component.ts

@@ -0,0 +1,114 @@
+import { Component } from '@angular/core';
+import {
+    ActivatedRoute,
+    Router,
+} from '@angular/router';
+
+import {
+    Toast,
+    ToasterService,
+} from 'angular2-toaster';
+
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { CryptoService } from 'jslib-common/abstractions/crypto.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { PolicyService } from 'jslib-common/abstractions/policy.service';
+import { StateService } from 'jslib-common/abstractions/state.service';
+import { UserService } from 'jslib-common/abstractions/user.service';
+
+import { OrganizationUserAcceptRequest } from 'jslib-common/models/request/organizationUserAcceptRequest';
+import { OrganizationUserResetPasswordEnrollmentRequest } from 'jslib-common/models/request/organizationUserResetPasswordEnrollmentRequest';
+
+import { Utils } from 'jslib-common/misc/utils';
+import { Policy } from 'jslib-common/models/domain/policy';
+import { BaseAcceptComponent } from '../common/base.accept.component';
+
+@Component({
+    selector: 'app-accept-organization',
+    templateUrl: 'accept-organization.component.html',
+})
+export class AcceptOrganizationComponent extends BaseAcceptComponent {
+    orgName: string;
+
+    protected requiredParameters: string[] = ['organizationId', 'organizationUserId', 'token'];
+
+    constructor(router: Router, toasterService: ToasterService,
+        i18nService: I18nService, route: ActivatedRoute,
+        private apiService: ApiService, userService: UserService,
+        stateService: StateService, private cryptoService: CryptoService,
+        private policyService: PolicyService) {
+        super(router, toasterService, i18nService, route, userService, stateService);
+    }
+
+    async authedHandler(qParams: any): Promise<void> {
+        const request = new OrganizationUserAcceptRequest();
+        request.token = qParams.token;
+        if (await this.performResetPasswordAutoEnroll(qParams)) {
+            this.actionPromise = this.apiService.postOrganizationUserAccept(qParams.organizationId,
+                qParams.organizationUserId, request).then(() => {
+                    // Retrieve Public Key
+                    return this.apiService.getOrganizationKeys(qParams.organizationId);
+                }).then(async response => {
+                    if (response == null) {
+                        throw new Error(this.i18nService.t('resetPasswordOrgKeysError'));
+                    }
+
+                    const publicKey = Utils.fromB64ToArray(response.publicKey);
+
+                    // RSA Encrypt user's encKey.key with organization public key
+                    const encKey = await this.cryptoService.getEncKey();
+                    const encryptedKey = await this.cryptoService.rsaEncrypt(encKey.key, publicKey.buffer);
+
+                    // Create request and execute enrollment
+                    const resetRequest = new OrganizationUserResetPasswordEnrollmentRequest();
+                    resetRequest.resetPasswordKey = encryptedKey.encryptedString;
+
+                    // Get User Id
+                    const userId = await this.userService.getUserId();
+
+                    return this.apiService.putOrganizationUserResetPasswordEnrollment(qParams.organizationId, userId, resetRequest);
+                });
+        } else {
+            this.actionPromise = this.apiService.postOrganizationUserAccept(qParams.organizationId,
+                qParams.organizationUserId, request);
+        }
+
+        await this.actionPromise;
+        const toast: Toast = {
+            type: 'success',
+            title: this.i18nService.t('inviteAccepted'),
+            body: this.i18nService.t('inviteAcceptedDesc'),
+            timeout: 10000,
+        };
+        this.toasterService.popAsync(toast);
+
+        await this.stateService.remove('orgInvitation');
+        this.router.navigate(['/vault']);
+    }
+
+    async unauthedHandler(qParams: any): Promise<void> {
+        this.orgName = qParams.organizationName;
+        if (this.orgName != null) {
+            // Fix URL encoding of space issue with Angular
+            this.orgName = this.orgName.replace(/\+/g, ' ');
+        }
+        await this.stateService.save('orgInvitation', qParams);
+    }
+
+    private async performResetPasswordAutoEnroll(qParams: any): Promise<boolean> {
+        let policyList: Policy[] = null;
+        try {
+            const policies = await this.apiService.getPoliciesByToken(qParams.organizationId, qParams.token,
+                qParams.email, qParams.organizationUserId);
+            policyList = this.policyService.mapPoliciesFromToken(policies);
+        } catch { }
+
+        if (policyList != null) {
+            const result = this.policyService.getResetPasswordPolicyOptions(policyList, qParams.organizationId);
+            // Return true if policy enabled and auto-enroll enabled
+            return result[1] && result[0].autoEnrollEnabled;
+        }
+
+        return false;
+    }
+}

src/app/accounts/accountsLoginController.js

@@ -1,279 +0,0 @@
-angular
-    .module('bit.accounts')
-
-    .controller('accountsLoginController', function ($scope, $rootScope, $cookies, apiService, cryptoService, authService,
-        $state, constants, $analytics, $uibModal, $timeout, $window, $filter, toastr) {
-        $scope.state = $state;
-        $scope.twoFactorProviderConstants = constants.twoFactorProvider;
-        $scope.rememberTwoFactor = { checked: false };
-        var stopU2fCheck = true;
-
-        $scope.returnState = $state.params.returnState;
-        $scope.stateEmail = $state.params.email;
-        if (!$scope.returnState && $state.params.org) {
-            $scope.returnState = {
-                name: 'backend.user.settingsCreateOrg',
-                params: { plan: $state.params.org }
-            };
-        }
-        else if (!$scope.returnState && $state.params.premium) {
-            $scope.returnState = {
-                name: 'backend.user.settingsPremium'
-            };
-        }
-
-        if ($state.current.name.indexOf('twoFactor') > -1 && (!$scope.twoFactorProviders || !$scope.twoFactorProviders.length)) {
-            $state.go('frontend.login.info', { returnState: $scope.returnState });
-        }
-
-        var rememberedEmail = $cookies.get(constants.rememberedEmailCookieName);
-        if (rememberedEmail || $scope.stateEmail) {
-            $scope.model = {
-                email: $scope.stateEmail || rememberedEmail,
-                rememberEmail: rememberedEmail !== null
-            };
-
-            $timeout(function () {
-                $("#masterPassword").focus();
-            });
-        }
-        else {
-            $timeout(function () {
-                $("#email").focus();
-            });
-        }
-
-        var _email,
-            _masterPassword;
-
-        $scope.twoFactorProviders = null;
-        $scope.twoFactorProvider = null;
-
-        $scope.login = function (model) {
-            $scope.loginPromise = authService.logIn(model.email, model.masterPassword).then(function (twoFactorProviders) {
-                if (model.rememberEmail) {
-                    var cookieExpiration = new Date();
-                    cookieExpiration.setFullYear(cookieExpiration.getFullYear() + 10);
-
-                    $cookies.put(
-                        constants.rememberedEmailCookieName,
-                        model.email,
-                        { expires: cookieExpiration });
-                }
-                else {
-                    $cookies.remove(constants.rememberedEmailCookieName);
-                }
-
-                if (twoFactorProviders && Object.keys(twoFactorProviders).length > 0) {
-                    _email = model.email;
-                    _masterPassword = model.masterPassword;
-
-                    $scope.twoFactorProviders = cleanProviders(twoFactorProviders);
-                    $scope.twoFactorProvider = getDefaultProvider($scope.twoFactorProviders);
-
-                    $analytics.eventTrack('Logged In To Two-step');
-                    $state.go('frontend.login.twoFactor', { returnState: $scope.returnState }).then(function () {
-                        $timeout(function () {
-                            $("#code").focus();
-                            init();
-                        });
-                    });
-                }
-                else {
-                    $analytics.eventTrack('Logged In');
-                    loggedInGo();
-                }
-
-                model.masterPassword = '';
-            });
-        };
-
-        function getDefaultProvider(twoFactorProviders) {
-            var keys = Object.keys(twoFactorProviders);
-            var providerType = null;
-            var providerPriority = -1;
-            for (var i = 0; i < keys.length; i++) {
-                var provider = $filter('filter')(constants.twoFactorProviderInfo, { type: keys[i], active: true });
-                if (provider.length && provider[0].priority > providerPriority) {
-                    if (provider[0].type === constants.twoFactorProvider.u2f && !u2f.isSupported) {
-                        continue;
-                    }
-
-                    providerType = provider[0].type;
-                    providerPriority = provider[0].priority;
-                }
-            }
-
-            if (providerType === null) {
-                return null;
-            }
-
-            return parseInt(providerType);
-        }
-
-        function cleanProviders(twoFactorProviders) {
-            if (canUseSecurityKey()) {
-                return twoFactorProviders;
-            }
-
-            var keys = Object.keys(twoFactorProviders);
-            for (var i = 0; i < keys.length; i++) {
-                var provider = $filter('filter')(constants.twoFactorProviderInfo, {
-                    type: keys[i],
-                    active: true,
-                    requiresUsb: false
-                });
-                if (!provider.length) {
-                    delete twoFactorProviders[keys[i]];
-                }
-            }
-
-            return twoFactorProviders;
-        }
-
-        // ref: https://stackoverflow.com/questions/11381673/detecting-a-mobile-browser
-        function canUseSecurityKey() {
-            var mobile = false;
-            (function (a) {
-                if (/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino/i.test(a) || /1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i.test(a.substr(0, 4))) {
-                    mobile = true;
-                }
-            })(navigator.userAgent || navigator.vendor || window.opera);
-
-            return !mobile && !navigator.userAgent.match(/iPad/i);
-        }
-
-        $scope.twoFactor = function (token) {
-            if ($scope.twoFactorProvider === constants.twoFactorProvider.email ||
-                $scope.twoFactorProvider === constants.twoFactorProvider.authenticator) {
-                token = token.replace(' ', '');
-            }
-
-            $scope.twoFactorPromise = authService.logIn(_email, _masterPassword, token, $scope.twoFactorProvider,
-                $scope.rememberTwoFactor.checked || false);
-
-            $scope.twoFactorPromise.then(function () {
-                $analytics.eventTrack('Logged In From Two-step');
-                loggedInGo();
-            }, function () {
-                if ($scope.twoFactorProvider === constants.twoFactorProvider.u2f) {
-                    init();
-                }
-            });
-        };
-
-        $scope.anotherMethod = function () {
-            var modal = $uibModal.open({
-                animation: true,
-                templateUrl: 'app/accounts/views/accountsTwoFactorMethods.html',
-                controller: 'accountsTwoFactorMethodsController',
-                resolve: {
-                    providers: function () { return $scope.twoFactorProviders; }
-                }
-            });
-
-            modal.result.then(function (provider) {
-                $scope.twoFactorProvider = provider;
-                $timeout(function () {
-                    $("#code").focus();
-                    init();
-                });
-            });
-        };
-
-        $scope.sendEmail = function (doToast) {
-            if ($scope.twoFactorProvider !== constants.twoFactorProvider.email) {
-                return;
-            }
-
-            return cryptoService.makeKeyAndHash(_email, _masterPassword).then(function (result) {
-                return apiService.twoFactor.sendEmailLogin({
-                    email: _email,
-                    masterPasswordHash: result.hash
-                }).$promise;
-            }).then(function () {
-                if (doToast) {
-                    toastr.success('Verification email sent to ' + $scope.twoFactorEmail + '.');
-                }
-            }, function () {
-                toastr.error('Could not send verification email.');
-            });
-        };
-
-        $scope.$on('$destroy', function () {
-            stopU2fCheck = true;
-        });
-
-        function loggedInGo() {
-            if ($scope.returnState) {
-                $state.go($scope.returnState.name, $scope.returnState.params);
-            }
-            else {
-                $state.go('backend.user.vault');
-            }
-        }
-
-        function init() {
-            stopU2fCheck = true;
-            var params;
-            if ($scope.twoFactorProvider === constants.twoFactorProvider.duo ||
-                $scope.twoFactorProvider === constants.twoFactorProvider.organizationDuo) {
-                params = $scope.twoFactorProviders[$scope.twoFactorProvider];
-
-                $window.Duo.init({
-                    host: params.Host,
-                    sig_request: params.Signature,
-                    submit_callback: function (theForm) {
-                        var response = $(theForm).find('input[name="sig_response"]').val();
-                        $scope.twoFactor(response);
-                    }
-                });
-            }
-            else if ($scope.twoFactorProvider === constants.twoFactorProvider.u2f) {
-                stopU2fCheck = false;
-                params = $scope.twoFactorProviders[constants.twoFactorProvider.u2f];
-                var challenges = JSON.parse(params.Challenges);
-
-                initU2f(challenges);
-            }
-            else if ($scope.twoFactorProvider === constants.twoFactorProvider.email) {
-                params = $scope.twoFactorProviders[constants.twoFactorProvider.email];
-                $scope.twoFactorEmail = params.Email;
-                if (Object.keys($scope.twoFactorProviders).length > 1) {
-                    $scope.sendEmail(false);
-                }
-            }
-        }
-
-        function initU2f(challenges) {
-            if (stopU2fCheck) {
-                return;
-            }
-
-            if (challenges.length < 1 || $scope.twoFactorProvider !== constants.twoFactorProvider.u2f) {
-                return;
-            }
-
-            console.log('listening for u2f key...');
-
-            $window.u2f.sign(challenges[0].appId, challenges[0].challenge, [{
-                version: challenges[0].version,
-                keyHandle: challenges[0].keyHandle
-            }], function (data) {
-                if ($scope.twoFactorProvider !== constants.twoFactorProvider.u2f) {
-                    return;
-                }
-
-                if (data.errorCode) {
-                    console.log(data.errorCode);
-
-                    $timeout(function () {
-                        initU2f(challenges);
-                    }, data.errorCode === 5 ? 0 : 1000);
-
-                    return;
-                }
-                $scope.twoFactor(JSON.stringify(data));
-            }, 10);
-        }
-    });

src/app/accounts/accountsLogoutController.js

@@ -1,8 +0,0 @@
-angular
-    .module('bit.accounts')
-
-    .controller('accountsLogoutController', function ($scope, authService, $state, $analytics) {
-        authService.logOut();
-        $analytics.eventTrack('Logged Out');
-        $state.go('frontend.login.info');
-    });

src/app/accounts/accountsModule.js

@@ -1,2 +0,0 @@
-angular
-    .module('bit.accounts', ['ui.bootstrap', 'ngCookies']);

src/app/accounts/accountsOrganizationAcceptController.js

@@ -1,45 +0,0 @@
-angular
-    .module('bit.accounts')
-
-    .controller('accountsOrganizationAcceptController', function ($scope, $state, apiService, authService, toastr, $analytics) {
-        $scope.state = {
-            name: $state.current.name,
-            params: $state.params
-        };
-
-        if (!$state.params.organizationId || !$state.params.organizationUserId || !$state.params.token ||
-            !$state.params.email || !$state.params.organizationName) {
-            $state.go('frontend.login.info').then(function () {
-                toastr.error('Invalid parameters.');
-            });
-            return;
-        }
-
-        $scope.$on('$viewContentLoaded', function () {
-            if (authService.isAuthenticated()) {
-                $scope.accepting = true;
-                apiService.organizationUsers.accept(
-                    {
-                        orgId: $state.params.organizationId,
-                        id: $state.params.organizationUserId
-                    },
-                    {
-                        token: $state.params.token
-                    }, function () {
-                        $analytics.eventTrack('Accepted Invitation');
-                        $state.go('backend.user.vault', null, { location: 'replace' }).then(function () {
-                            toastr.success('You can access this organization once an administrator confirms your membership.' +
-                                ' We\'ll send an email when that happens.', 'Invite Accepted', { timeOut: 10000 });
-                        });
-                    }, function () {
-                        $analytics.eventTrack('Failed To Accept Invitation');
-                        $state.go('backend.user.vault', null, { location: 'replace' }).then(function () {
-                            toastr.error('Unable to accept invitation.', 'Error');
-                        });
-                    });
-            }
-            else {
-                $scope.loading = false;
-            }
-        });
-    });

src/app/accounts/accountsPasswordHintController.js

@@ -1,13 +0,0 @@
-angular
-    .module('bit.accounts')
-
-    .controller('accountsPasswordHintController', function ($scope, $rootScope, apiService, $analytics) {
-        $scope.success = false;
-
-        $scope.submit = function (model) {
-            $scope.submitPromise = apiService.accounts.postPasswordHint({ email: model.email }, function () {
-                $analytics.eventTrack('Requested Password Hint');
-                $scope.success = true;
-            }).$promise;
-        };
-    });

src/app/accounts/accountsRecoverController.js

@@ -1,21 +0,0 @@
-angular
-    .module('bit.accounts')
-
-    .controller('accountsRecoverController', function ($scope, apiService, cryptoService, $analytics) {
-        $scope.success = false;
-
-        $scope.submit = function (model) {
-            var email = model.email.toLowerCase();
-
-            $scope.submitPromise = cryptoService.makeKeyAndHash(model.email, model.masterPassword).then(function (result) {
-                return apiService.twoFactor.recover({
-                    email: email,
-                    masterPasswordHash: result.hash,
-                    recoveryCode: model.code.replace(/\s/g, '').toLowerCase()
-                }).$promise;
-            }).then(function () {
-                $analytics.eventTrack('Recovered 2FA');
-                $scope.success = true;
-            });
-        };
-    });

src/app/accounts/accountsRecoverDeleteController.js

@@ -1,13 +0,0 @@
-angular
-    .module('bit.accounts')
-
-    .controller('accountsRecoverDeleteController', function ($scope, $rootScope, apiService, $analytics) {
-        $scope.success = false;
-
-        $scope.submit = function (model) {
-            $scope.submitPromise = apiService.accounts.postDeleteRecover({ email: model.email }, function () {
-                $analytics.eventTrack('Started Delete Recovery');
-                $scope.success = true;
-            }).$promise;
-        };
-    });

src/app/accounts/accountsRegisterController.js

@@ -1,92 +0,0 @@
-angular
-    .module('bit.accounts')
-
-    .controller('accountsRegisterController', function ($scope, $location, apiService, cryptoService, validationService,
-        $analytics, $state, $timeout) {
-        var params = $location.search();
-        var stateParams = $state.params;
-        $scope.createOrg = stateParams.org;
-
-        if (!stateParams.returnState && stateParams.org) {
-            $scope.returnState = {
-                name: 'backend.user.settingsCreateOrg',
-                params: { plan: $state.params.org }
-            };
-        }
-        else if (!stateParams.returnState && stateParams.premium) {
-            $scope.returnState = {
-                name: 'backend.user.settingsPremium',
-                params: { plan: $state.params.org }
-            };
-        }
-        else {
-            $scope.returnState = stateParams.returnState;
-        }
-
-        $scope.success = false;
-        $scope.model = {
-            email: params.email ? params.email : stateParams.email
-        };
-        $scope.readOnlyEmail = stateParams.email !== null;
-
-
-        $timeout(function () {
-            if ($scope.model.email) {
-                $("#name").focus();
-            }
-            else {
-                $("#email").focus();
-            }
-        });
-
-        $scope.registerPromise = null;
-        $scope.register = function (form) {
-            var error = false;
-
-            if ($scope.model.masterPassword.length < 8) {
-                validationService.addError(form, 'MasterPassword', 'Master password must be at least 8 characters long.', true);
-                error = true;
-            }
-            if ($scope.model.masterPassword !== $scope.model.confirmMasterPassword) {
-                validationService.addError(form, 'ConfirmMasterPassword', 'Master password confirmation does not match.', true);
-                error = true;
-            }
-
-            if (error) {
-                return;
-            }
-
-            var email = $scope.model.email.toLowerCase();
-            var makeResult, encKey;
-
-            $scope.registerPromise = cryptoService.makeKeyAndHash(email, $scope.model.masterPassword).then(function (result) {
-                makeResult = result;
-                encKey = cryptoService.makeEncKey(result.key);
-                return cryptoService.makeKeyPair(encKey.encKey);
-            }).then(function (result) {
-                var request = {
-                    name: $scope.model.name,
-                    email: email,
-                    masterPasswordHash: makeResult.hash,
-                    masterPasswordHint: $scope.model.masterPasswordHint,
-                    key: encKey.encKeyEnc,
-                    keys: {
-                        publicKey: result.publicKey,
-                        encryptedPrivateKey: result.privateKeyEnc
-                    }
-                };
-
-                return apiService.accounts.register(request).$promise;
-            }, function (errors) {
-                validationService.addError(form, null, 'Problem generating keys.', true);
-                return false;
-            }).then(function (result) {
-                if (result === false) {
-                    return;
-                }
-
-                $scope.success = true;
-                $analytics.eventTrack('Registered');
-            });
-        };
-    });

src/app/accounts/accountsTwoFactorMethodsController.js

@@ -1,43 +0,0 @@
-angular
-    .module('bit.accounts')
-
-    .controller('accountsTwoFactorMethodsController', function ($scope, $uibModalInstance, $analytics, providers, constants) {
-        $analytics.eventTrack('accountsTwoFactorMethodsController', { category: 'Modal' });
-
-        $scope.providers = [];
-
-        if (providers.hasOwnProperty(constants.twoFactorProvider.organizationDuo)) {
-            add(constants.twoFactorProvider.organizationDuo);
-        }
-        if (providers.hasOwnProperty(constants.twoFactorProvider.authenticator)) {
-            add(constants.twoFactorProvider.authenticator);
-        }
-        if (providers.hasOwnProperty(constants.twoFactorProvider.yubikey)) {
-            add(constants.twoFactorProvider.yubikey);
-        }
-        if (providers.hasOwnProperty(constants.twoFactorProvider.email)) {
-            add(constants.twoFactorProvider.email);
-        }
-        if (providers.hasOwnProperty(constants.twoFactorProvider.duo)) {
-            add(constants.twoFactorProvider.duo);
-        }
-        if (providers.hasOwnProperty(constants.twoFactorProvider.u2f) && u2f.isSupported) {
-            add(constants.twoFactorProvider.u2f);
-        }
-
-        $scope.choose = function (provider) {
-            $uibModalInstance.close(provider.type);
-        };
-
-        $scope.close = function () {
-            $uibModalInstance.dismiss('close');
-        };
-
-        function add(type) {
-            for (var i = 0; i < constants.twoFactorProviderInfo.length; i++) {
-                if (constants.twoFactorProviderInfo[i].type === type) {
-                    $scope.providers.push(constants.twoFactorProviderInfo[i]);
-                }
-            }
-        }
-    });

src/app/accounts/accountsVerifyEmailController.js

@@ -1,28 +0,0 @@
-angular
-    .module('bit.accounts')
-
-    .controller('accountsVerifyEmailController', function ($scope, $state, apiService, toastr, $analytics) {
-        if (!$state.params.userId || !$state.params.token) {
-            $state.go('frontend.login.info').then(function () {
-                toastr.error('Invalid parameters.');
-            });
-            return;
-        }
-
-        $scope.$on('$viewContentLoaded', function () {
-            apiService.accounts.verifyEmailToken({},
-                {
-                    token: $state.params.token,
-                    userId: $state.params.userId
-                }, function () {
-                    $analytics.eventTrack('Verified Email');
-                    $state.go('frontend.login.info', null, { location: 'replace' }).then(function () {
-                        toastr.success('Your email has been verified. Thank you.', 'Success');
-                    });
-                }, function () {
-                    $state.go('frontend.login.info', null, { location: 'replace' }).then(function () {
-                        toastr.error('Unable to verify email.', 'Error');
-                    });
-                });
-        });
-    });

src/app/accounts/accountsVerifyRecoverDeleteController.js

@@ -1,36 +0,0 @@
-angular
-    .module('bit.accounts')
-
-    .controller('accountsVerifyRecoverDeleteController', function ($scope, $state, apiService, toastr, $analytics) {
-        if (!$state.params.userId || !$state.params.token || !$state.params.email) {
-            $state.go('frontend.login.info').then(function () {
-                toastr.error('Invalid parameters.');
-            });
-            return;
-        }
-
-        $scope.email = $state.params.email;
-
-        $scope.delete = function () {
-            if (!confirm('Are you sure you want to delete this account? This cannot be undone.')) {
-                return;
-            }
-
-            $scope.deleting = true;
-            apiService.accounts.postDeleteRecoverToken({},
-                {
-                    token: $state.params.token,
-                    userId: $state.params.userId
-                }, function () {
-                    $analytics.eventTrack('Recovered Delete');
-                    $state.go('frontend.login.info', null, { location: 'replace' }).then(function () {
-                        toastr.success('Your account has been deleted. You can register a new account again if you like.',
-                            'Success');
-                    });
-                }, function () {
-                    $state.go('frontend.login.info', null, { location: 'replace' }).then(function () {
-                        toastr.error('Unable to delete account.', 'Error');
-                    });
-                });
-        };
-    });

src/app/accounts/hint.component.html

@@ -0,0 +1,27 @@
+<form #form (ngSubmit)="submit()" [appApiAction]="formPromise" class="container" ngNativeValidate>
+    <div class="row justify-content-md-center mt-5">
+        <div class="col-5">
+            <p class="lead text-center mb-4">{{'passwordHint' | i18n}}</p>
+            <div class="card d-block">
+                <div class="card-body">
+                    <div class="form-group">
+                        <label for="email">{{'emailAddress' | i18n}}</label>
+                        <input id="email" class="form-control" type="text" name="Email" [(ngModel)]="email" required
+                            appAutofocus inputmode="email" appInputVerbatim="false">
+                        <small class="form-text text-muted">{{'enterEmailToGetHint' | i18n}}</small>
+                    </div>
+                    <hr>
+                    <div class="d-flex">
+                        <button type="submit" class="btn btn-primary btn-block btn-submit" [disabled]="form.loading">
+                            <span [hidden]="form.loading">{{'submit' | i18n}}</span>
+                            <i class="fa fa-spinner fa-spin" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+                        </button>
+                        <a routerLink="/" class="btn btn-outline-secondary btn-block ml-2 mt-0">
+                            {{'cancel' | i18n}}
+                        </a>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+</form>

src/app/accounts/hint.component.ts

@@ -0,0 +1,19 @@
+import { Component } from '@angular/core';
+import { Router } from '@angular/router';
+
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+
+import { HintComponent as BaseHintComponent } from 'jslib-angular/components/hint.component';
+
+@Component({
+    selector: 'app-hint',
+    templateUrl: 'hint.component.html',
+})
+export class HintComponent extends BaseHintComponent {
+    constructor(router: Router, i18nService: I18nService,
+        apiService: ApiService, platformUtilsService: PlatformUtilsService) {
+        super(router, i18nService, apiService, platformUtilsService);
+    }
+}

src/app/accounts/lock.component.html

@@ -0,0 +1,42 @@
+<form #form (ngSubmit)="submit()" [appApiAction]="formPromise" class="container" ngNativeValidate>
+    <div class="row justify-content-md-center mt-5">
+        <div class="col-5">
+            <p class="text-center mb-4">
+                <i class="fa fa-lock fa-4x text-muted" aria-hidden="true"></i>
+            </p>
+            <p class="lead text-center mx-4 mb-4">{{'yourVaultIsLocked' | i18n}}</p>
+            <div class="card d-block">
+                <div class="card-body">
+                    <div class="form-group">
+                        <label for="masterPassword">{{'masterPass' | i18n}}</label>
+                        <div class="d-flex">
+                            <input id="masterPassword" type="{{showPassword ? 'text' : 'password'}}"
+                                name="MasterPassword" class="text-monospace form-control" [(ngModel)]="masterPassword"
+                                required appAutofocus appInputVerbatim>
+                            <button type="button" class="ml-1 btn btn-link" appA11yTitle="{{'toggleVisibility' | i18n}}"
+                                (click)="togglePassword()">
+                                <i class="fa fa-lg" aria-hidden="true"
+                                    [ngClass]="{'fa-eye': !showPassword, 'fa-eye-slash': showPassword}"></i>
+                            </button>
+                        </div>
+                        <small class="text-muted form-text">
+                            {{'loggedInAsEmailOn' | i18n : email : webVaultHostname}}
+                        </small>
+                    </div>
+                    <hr>
+                    <div class="d-flex">
+                        <button type="submit" class="btn btn-primary btn-block btn-submit" [disabled]="form.loading">
+                            <span>
+                                <i class="fa fa-unlock-alt" aria-hidden="true"></i> {{'unlock' | i18n}}
+                            </span>
+                            <i class="fa fa-spinner fa-spin" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+                        </button>
+                        <button type="button" class="btn btn-outline-secondary btn-block ml-2 mt-0" (click)="logOut()">
+                            {{'logOut' | i18n}}
+                        </button>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+</form>

src/app/accounts/lock.component.ts

@@ -0,0 +1,44 @@
+import { Component } from '@angular/core';
+import { Router } from '@angular/router';
+
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { CryptoService } from 'jslib-common/abstractions/crypto.service';
+import { EnvironmentService } from 'jslib-common/abstractions/environment.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { MessagingService } from 'jslib-common/abstractions/messaging.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+import { StateService } from 'jslib-common/abstractions/state.service';
+import { StorageService } from 'jslib-common/abstractions/storage.service';
+import { UserService } from 'jslib-common/abstractions/user.service';
+import { VaultTimeoutService } from 'jslib-common/abstractions/vaultTimeout.service';
+
+import { RouterService } from '../services/router.service';
+
+import { LockComponent as BaseLockComponent } from 'jslib-angular/components/lock.component';
+
+@Component({
+    selector: 'app-lock',
+    templateUrl: 'lock.component.html',
+})
+export class LockComponent extends BaseLockComponent {
+    constructor(router: Router, i18nService: I18nService,
+        platformUtilsService: PlatformUtilsService, messagingService: MessagingService,
+        userService: UserService, cryptoService: CryptoService,
+        storageService: StorageService, vaultTimeoutService: VaultTimeoutService,
+        environmentService: EnvironmentService, private routerService: RouterService,
+        stateService: StateService, apiService: ApiService) {
+        super(router, i18nService, platformUtilsService, messagingService, userService, cryptoService,
+            storageService, vaultTimeoutService, environmentService, stateService, apiService);
+    }
+
+    async ngOnInit() {
+        await super.ngOnInit();
+        this.onSuccessfulSubmit = () => {
+            const previousUrl = this.routerService.getPreviousUrl();
+            if (previousUrl !== '/' && previousUrl.indexOf('lock') === -1) {
+                this.successRoute = previousUrl;
+            }
+            this.router.navigate([this.successRoute]);
+        };
+    }
+}

src/app/accounts/login.component.html

@@ -0,0 +1,61 @@
+<form #form (ngSubmit)="submit()" [appApiAction]="formPromise" class="container" ngNativeValidate>
+    <div class="row justify-content-md-center mt-5">
+        <div class="col-5">
+            <img src="../../images/logo-dark@2x.png" class="logo mb-2" alt="Bitwarden">
+            <p class="lead text-center mx-4 mb-4">{{'loginOrCreateNewAccount' | i18n}}</p>
+            <div class="card d-block">
+                <div class="card-body">
+                    <app-callout type="warning" title="{{'resetPasswordPolicyAutoEnroll' | i18n}}"
+                        *ngIf="showResetPasswordAutoEnrollWarning">
+                        {{'resetPasswordAutoEnrollInviteWarning' | i18n}}
+                    </app-callout>
+                    <div class="form-group">
+                        <label for="email">{{'emailAddress' | i18n}}</label>
+                        <input id="email" class="form-control" type="text" name="Email" [(ngModel)]="email" required
+                            inputmode="email" appInputVerbatim="false">
+                    </div>
+                    <div class="form-group">
+                        <label for="masterPassword">{{'masterPass' | i18n}}</label>
+                        <div class="d-flex">
+                            <input id="masterPassword" type="{{showPassword ? 'text' : 'password'}}"
+                                name="MasterPassword" class="text-monospace form-control" [(ngModel)]="masterPassword"
+                                required appInputVerbatim>
+                            <button type="button" class="ml-1 btn btn-link" appA11yTitle="{{'toggleVisibility' | i18n}}"
+                                (click)="togglePassword()">
+                                <i class="fa fa-lg" aria-hidden="true"
+                                    [ngClass]="{'fa-eye': !showPassword, 'fa-eye-slash': showPassword}"></i>
+                            </button>
+                        </div>
+                        <small class="form-text">
+                            <a routerLink="/hint">{{'getMasterPasswordHint' | i18n}}</a>
+                        </small>
+                    </div>
+                    <div class="form-check mb-3">
+                        <input type="checkbox" class="form-check-input" id="rememberEmail" name="RememberEmail"
+                            [(ngModel)]="rememberEmail">
+                        <label class="form-check-label" for="rememberEmail">{{'rememberEmail' | i18n}}</label>
+                    </div>
+                    <div class="mb-n3" [hidden]="!showCaptcha()"><iframe id="hcaptcha_iframe" height="80"></iframe></div>
+                    <hr>
+                    <div class="d-flex">
+                        <button type="submit" class="btn btn-primary btn-block btn-submit" [disabled]="form.loading">
+                            <span>
+                                <i class="fa fa-sign-in" aria-hidden="true"></i> {{'logIn' | i18n}}
+                            </span>
+                            <i class="fa fa-spinner fa-spin" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+                        </button>
+                        <a routerLink="/register" [queryParams]="{email: email}"
+                            class="btn btn-outline-secondary btn-block ml-2 mt-0">
+                            <i class="fa fa-pencil-square-o" aria-hidden="true"></i> {{'createAccount' | i18n}}
+                        </a>
+                    </div>
+                    <div class="d-flex">
+                        <a routerLink="/sso" class="btn btn-outline-secondary btn-block mt-2">
+                            <i class="fa fa-bank" aria-hidden="true"></i> {{'enterpriseSingleSignOn' | i18n}}
+                        </a>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+</form>

src/app/accounts/login.component.ts

@@ -0,0 +1,87 @@
+import { Component } from '@angular/core';
+import {
+    ActivatedRoute,
+    Router,
+} from '@angular/router';
+
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { AuthService } from 'jslib-common/abstractions/auth.service';
+import { CryptoFunctionService } from 'jslib-common/abstractions/cryptoFunction.service';
+import { EnvironmentService } from 'jslib-common/abstractions/environment.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { PasswordGenerationService } from 'jslib-common/abstractions/passwordGeneration.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+import { PolicyService } from 'jslib-common/abstractions/policy.service';
+import { StateService } from 'jslib-common/abstractions/state.service';
+import { StorageService } from 'jslib-common/abstractions/storage.service';
+
+import { LoginComponent as BaseLoginComponent } from 'jslib-angular/components/login.component';
+
+import { Policy } from 'jslib-common/models/domain/policy';
+
+@Component({
+    selector: 'app-login',
+    templateUrl: 'login.component.html',
+})
+export class LoginComponent extends BaseLoginComponent {
+
+    showResetPasswordAutoEnrollWarning = false;
+
+    constructor(authService: AuthService, router: Router,
+        i18nService: I18nService, private route: ActivatedRoute,
+        storageService: StorageService, stateService: StateService,
+        platformUtilsService: PlatformUtilsService, environmentService: EnvironmentService,
+        passwordGenerationService: PasswordGenerationService, cryptoFunctionService: CryptoFunctionService,
+        private apiService: ApiService, private policyService: PolicyService) {
+        super(authService, router,
+            platformUtilsService, i18nService,
+            stateService, environmentService,
+            passwordGenerationService, cryptoFunctionService,
+            storageService);
+        this.onSuccessfulLoginNavigate = this.goAfterLogIn;
+    }
+
+    async ngOnInit() {
+        const queryParamsSub = this.route.queryParams.subscribe(async qParams => {
+            if (qParams.email != null && qParams.email.indexOf('@') > -1) {
+                this.email = qParams.email;
+            }
+            if (qParams.premium != null) {
+                this.stateService.save('loginRedirect', { route: '/settings/premium' });
+            } else if (qParams.org != null) {
+                this.stateService.save('loginRedirect',
+                    { route: '/settings/create-organization', qParams: { plan: qParams.org } });
+            }
+            await super.ngOnInit();
+            if (queryParamsSub != null) {
+                queryParamsSub.unsubscribe();
+            }
+        });
+
+        const invite = await this.stateService.get<any>('orgInvitation');
+        if (invite != null) {
+            let policyList: Policy[] = null;
+            try {
+                const policies = await this.apiService.getPoliciesByToken(invite.organizationId, invite.token,
+                    invite.email, invite.organizationUserId);
+                policyList = this.policyService.mapPoliciesFromToken(policies);
+            } catch { }
+
+            if (policyList != null) {
+                const result = this.policyService.getResetPasswordPolicyOptions(policyList, invite.organizationId);
+                // Set to true if policy enabled and auto-enroll enabled
+                this.showResetPasswordAutoEnrollWarning = result[1] && result[0].autoEnrollEnabled;
+            }
+        }
+    }
+
+    async goAfterLogIn() {
+        const loginRedirect = await this.stateService.get<any>('loginRedirect');
+        if (loginRedirect != null) {
+            this.router.navigate([loginRedirect.route], { queryParams: loginRedirect.qParams });
+            await this.stateService.remove('loginRedirect');
+        } else {
+            this.router.navigate([this.successRoute]);
+        }
+    }
+}