Fix repeat ng insert on safari (#1270)

(cherry picked from commit cf5823fe71)

.github/ISSUE_TEMPLATE/bug.yml

@@ -0,0 +1,93 @@
+name: Bug Report
+description: File a bug report
+labels: [bug]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this bug report!
+        
+        Please do not submit feature requests. The [Community Forums](https://community.bitwarden.com) has a section for submitting, voting for, and discussing product feature requests.
+  - type: textarea
+    id: reproduce
+    attributes:
+      label: Steps To Reproduce
+      description: How can we reproduce the behavior.
+      value: |
+        1. Go to '...'
+        2. Click on '....'
+        3. Scroll down to '....'
+        4. Click on '...'
+    validations:
+      required: true
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected Result
+      description: A clear and concise description of what you expected to happen.
+    validations:
+      required: true
+  - type: textarea
+    id: actual
+    attributes:
+      label: Actual Result
+      description: A clear and concise description of what is happening.
+    validations:
+      required: true
+  - type: textarea
+    id: screenshots
+    attributes:
+      label: Screenshots or Videos
+      description: If applicable, add screenshots and/or a short video to help explain your problem.
+  - type: textarea
+    id: additional-context
+    attributes:
+      label: Additional Context
+      description: Add any other context about the problem here.
+  - type: dropdown
+    id: os
+    attributes:
+      label: Operating System
+      description: What operating system are you seeing the problem on?
+      multiple: true
+      options:
+        - Windows
+        - macOS
+        - Linux
+        - Android
+        - iOS
+    validations:
+      required: true
+  - type: input
+    id: os-version
+    attributes:
+      label: Operating System Version
+      description: What version of the operating system(s) are you seeing the problem on?
+  - type: dropdown
+    id: browsers
+    attributes:
+      label: Web Browser
+      description: What browser(s) are you seeing the problem on?
+      multiple: true
+      options:
+        - Chrome
+        - Safari
+        - Microsoft Edge
+        - Firefox
+        - Opera
+        - Brave
+        - Vivaldi
+    validations:
+      required: true
+  - type: input
+    id: browser-version
+    attributes:
+      label: Browser Version
+      description: What version of the browser(s) are you seeing the problem on?
+  - type: input
+    id: version
+    attributes:
+      label: Build Version
+      description: What version of our software are you running? (Bottom of the page)
+    validations:
+      required: true

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,14 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Feature Requests
+    url: https://community.bitwarden.com/c/feature-requests/
+    about: Request new features using the Community Forums. Please search existing feature requests before making a new one.
+  - name: Bitwarden Community Forums
+    url: https://community.bitwarden.com
+    about: Please visit the community forums for general community discussion, support and the development roadmap.
+  - name: Customer Support
+    url: https://bitwarden.com/contact/
+    about: Please contact our customer support for account issues and general customer support.
+  - name: Security Issues
+    url: https://hackerone.com/bitwarden
+    about: We use HackerOne to manage security disclosures.

.github/workflows/build.yml

@@ -1,20 +1,24 @@
-name: build
+---
+name: Build
 
 on:
+  workflow_dispatch:
+    inputs:
+      custom_tag_extension:
+        description: "Custom image tag extension"
+        required: false
   push:
     branches-ignore:
       - 'l10n_master'
       - 'gh-pages'
-  release:
-    types:
-      - published
 
 jobs:
   cloc:
-    runs-on: ubuntu-latest
+    name: CLOC
+    runs-on: ubuntu-20.04
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
 
       - name: Set up cloc
         run: |
@@ -24,13 +28,44 @@ jobs:
       - name: Print lines of code
         run: cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git
 
-  ubuntu:
-    runs-on: ubuntu-latest
+
+  setup:
+    name: Setup
+    runs-on: ubuntu-20.04
+    outputs:
+      version: ${{ steps.version.outputs.value }}
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+
+      - name: Get GitHub sha as version
+        id: version
+        run: |
+          echo "::set-output name=value::${GITHUB_SHA:0:7}"
+
+
+  build-oss-selfhost:
+    name: Build OSS zip
+    runs-on: ubuntu-20.04
+    needs: setup
+    env:
+      _VERSION: ${{ needs.setup.outputs.version }}
     steps:
       - name: Set up Node
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
         with:
-          node-version: '10.x'
+          node-version: '14'
+
+      - name: Update NPM
+        run: |
+          npm install -g npm@7
+
+      - name: Cache npm
+        id: npm-cache
+        uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353  # v2.1.6
+        with:
+          path: '~/.npm'
+          key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
 
       - name: Print environment
         run: |
@@ -41,43 +76,147 @@ jobs:
           docker --version
           echo "GitHub ref: $GITHUB_REF"
           echo "GitHub event: $GITHUB_EVENT"
-        env:
-          GITHUB_REF: ${{ github.ref }}
-          GITHUB_EVENT: ${{ github.event_name }}
-
-      - name: Log into docker
-        if: github.ref == 'refs/heads/master' || github.event_name == 'release' || github.ref == 'refs/heads/rc'
-        run:  echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
-        env:
-          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
-          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
-
-      - name: Setup Docker Trust
-        if: github.ref == 'refs/heads/master' || github.event_name == 'release' || github.ref == 'refs/heads/rc'
-        run: |
-          mkdir -p ~/.docker/trust/private
-
-          echo "${{ secrets.DOCKER_DELEGATION_KEY }}" > ~/.docker/trust/private/$DOCKER_DELEGATION_KEY_ID.key
-          echo "${{ secrets.DOCKER_REPO_WEB_KEY }}" > ~/.docker/trust/private/$DOCKER_WEB_KEY_ID.key
-        env:
-          DOCKER_DELEGATION_KEY_ID: "5702b22123e058cbd96a7a43000cb981ae98ef3f2f4aa34138ab3dc1d011e446"
-          DOCKER_WEB_KEY_ID: "0f88641697187f42a31b584897cd4edfe80360a5209122d9e7f71af17a6422e4"
 
       - name: Checkout repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build OSS selfhost
+        run: |
+          npm run dist:oss:selfhost
+          zip -r web-$_VERSION-selfhosted-open-source.zip build
+
+      - name: Upload build artifact
+        uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700  # v2.2.3
+        with:
+          name: web-${{ env._VERSION }}-selfhosted-open-source.zip
+          path: ./web-${{ env._VERSION }}-selfhosted-open-source.zip
+          if-no-files-found: error
+
+
+  build-cloud:
+    name: Build Cloud zip
+    runs-on: ubuntu-20.04
+    needs: setup
+    env:
+      _VERSION: ${{ needs.setup.outputs.version }}
+    steps:
+      - name: Set up Node
+        uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
+        with:
+          node-version: '14'
+
+      - name: Update NPM
+        run: |
+          npm install -g npm@7
+
+      - name: Cache npm
+        id: npm-cache
+        uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353  # v2.1.6
+        with:
+          path: '~/.npm'
+          key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
+
+      - name: Print environment
+        run: |
+          whoami
+          node --version
+          npm --version
+          gulp --version
+          docker --version
+          echo "GitHub ref: $GITHUB_REF"
+          echo "GitHub event: $GITHUB_EVENT"
+
+      - name: Checkout repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build Cloud
+        run: |
+          npm run dist:bit:cloud
+          zip -r web-$_VERSION-cloud-COMMERCIAL.zip build
+
+      - name: Upload build artifact
+        uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700  # v2.2.3
+        with:
+          name: web-${{ env._VERSION }}-cloud-COMMERCIAL.zip
+          path: ./web-${{ env._VERSION }}-cloud-COMMERCIAL.zip
+          if-no-files-found: error
+
+
+  build-commercial-selfhost:
+    name: Build SelfHost Docker image
+    runs-on: ubuntu-20.04
+    needs: setup
+    env:
+      _VERSION: ${{ needs.setup.outputs.version }}
+    steps:
+      - name: Set up Node
+        uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
+        with:
+          node-version: '14'
+
+      - name: Update NPM
+        run: |
+          npm install -g npm@7
+
+      - name: Cache npm
+        id: npm-cache
+        uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353  # v2.1.6
+        with:
+          path: '~/.npm'
+          key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
+
+      - name: Print environment
+        run: |
+          whoami
+          node --version
+          npm --version
+          gulp --version
+          docker --version
+          echo "GitHub ref: $GITHUB_REF"
+          echo "GitHub event: $GITHUB_EVENT"
+
+      - name: Setup DCT
+        if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/release'
+        id: setup-dct
+        uses: bitwarden/gh-actions/setup-docker-trust@a8c384a05a974c05c48374c818b004be221d43ff
+        with:
+          azure-creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          azure-keyvault-name: "bitwarden-prod-kv"
+
+      - name: Checkout repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
 
       - name: Restore
         run: dotnet tool restore
 
+      - name: Install dependencies
+        run: npm ci
+
       - name: Build
         run: |
           echo -e "# Building Web\n"
           echo "Building app"
           echo "npm version $(npm --version)"
-          npm install
-          npm run dist:selfhost
 
-          echo -e "\nBuilding docker image"
+          npm run dist:bit:selfhost
+          zip -r web-$_VERSION-selfhosted-COMMERCIAL.zip build
+
+      - name: Upload build artifact
+        uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700  # v2.2.3
+        with:
+          name: web-${{ env._VERSION }}-selfhosted-COMMERCIAL.zip
+          path: ./web-${{ env._VERSION }}-selfhosted-COMMERCIAL.zip
+          if-no-files-found: error
+
+      - name: Build Docker image
+        run: |
+          echo -e "\nBuilding Docker image"
           docker --version
           docker build -t bitwarden/web .
 
@@ -86,101 +225,192 @@ jobs:
         run: docker tag bitwarden/web bitwarden/web:rc
 
       - name: Tag dev
-        if: github.ref == 'refs/heads/master' || github.event_name == 'release'
+        if: github.ref == 'refs/heads/master'
         run: docker tag bitwarden/web bitwarden/web:dev
 
-      - name: Tag beta
-        if: github.event_name == 'release'
-        run: docker tag bitwarden/web bitwarden/web:beta
+      - name: Tag release branch
+        if: github.ref == 'refs/heads/release'
+        run: docker tag bitwarden/web bitwarden/web:latest
 
-      - name: Tag version
-        if: github.event_name == 'release'
-        run: docker tag bitwarden/web:$($env:RELEASE_TAG_NAME.trimStart('v'))
-        shell: pwsh
-        env:
-          RELEASE_TAG_NAME: ${{ github.event.release.tag_name }}
-
-      - name: List docker images
-        if: github.ref == 'refs/heads/master' || github.event_name == 'release' || github.ref == 'refs/heads/rc'
+      - name: List Docker images
+        if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/release'
         run: docker images
 
-      - name: Push rc images
+      - name: Push rc image
         if: github.ref == 'refs/heads/rc'
         run: docker push bitwarden/web:rc
-        env: 
-          DOCKER_CONTENT_TRUST: 1
-          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}
-
-      - name: Push dev images
-        if: github.ref == 'refs/heads/master' || github.event_name == 'release'
-        run: docker push bitwarden/web:dev
-        env: 
-          DOCKER_CONTENT_TRUST: 1
-          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}
-
-      - name: Push beta images
-        if: github.event_name == 'release'
-        run: docker push bitwarden/web:beta
-        env: 
-          DOCKER_CONTENT_TRUST: 1
-          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}
-
-      - name: Push latest images
-        if: github.event_name == 'release'
-        run: docker push bitwarden/web:latest
-        env: 
-          DOCKER_CONTENT_TRUST: 1
-          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}
-
-      - name: Push version images
-        if: github.event_name == 'release'
-        run: docker push bitwarden/web:$($env:RELEASE_TAG_NAME.trimStart('v'))
-        shell: pwsh
         env:
-          RELEASE_TAG_NAME: ${{ github.event.release.tag_name }}
           DOCKER_CONTENT_TRUST: 1
-          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ secrets.DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE }}
+          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
 
-      - name: Log out of docker
-        if: github.ref == 'refs/heads/master' || github.event_name == 'release' || github.ref == 'refs/heads/rc'
+      - name: Push dev image
+        if: github.ref == 'refs/heads/master'
+        run: docker push bitwarden/web:dev
+        env:
+          DOCKER_CONTENT_TRUST: 1
+          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
+
+      - name: Push latest image
+        if: github.ref == 'refs/heads/release'
+        run: docker push bitwarden/web:latest
+        env:
+          DOCKER_CONTENT_TRUST: 1
+          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
+
+      - name: Log out of Docker
+        if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/release'
         run: docker logout
 
+
+  build-qa:
+    name: Build Docker images for QA environment
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Set up Node
+        uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
+        with:
+          node-version: '14'
+
+      - name: Update NPM
+        run: |
+          npm install -g npm@7
+
+      - name: Cache npm
+        id: npm-cache
+        uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353  # v2.1.6
+        with:
+          path: '~/.npm'
+          key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
+
+      - name: Print environment
+        run: |
+          whoami
+          node --version
+          npm --version
+          gulp --version
+          docker --version
+          echo "GitHub ref: $GITHUB_REF"
+          echo "GitHub event: $GITHUB_EVENT"
+
+      - name: Login to Azure
+        uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
+        with:
+          creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}
+
+      - name: Log into container registry
+        run: az acr login -n bitwardenqa
+
+      - name: Checkout repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+
+      - name: Restore
+        run: dotnet tool restore
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build
+        run: |
+          echo -e "# Building Web\n"
+          echo "Building app"
+          echo "npm version $(npm --version)"
+          VERSION=$( jq -r ".version" package.json)
+          jq --arg version "$VERSION - ${GITHUB_SHA:0:7}" '.version = $version' package.json > package.json.tmp
+          mv package.json.tmp package.json
+
+          npm run build:bit:qa
+
+          echo "{\"commit_hash\": \"$GITHUB_SHA\", \"ref\": \"$GITHUB_REF\"}" | jq . > build/info.json
+
+          echo -e "\nBuilding Docker image"
+          docker --version
+          docker build -t bitwardenqa.azurecr.io/web .
+
+      - name: Get image tag
+        id: image-tag
+        run: |
+          IMAGE_TAG=$(echo "$GITHUB_REF" | awk '{split($0, a, "/"); print a[3];}')
+          TAG_EXTENSION=${{ github.event.inputs.custom_tag_extension }}
+
+          if [[ $TAG_EXTENSION ]]; then
+            IMAGE_TAG=$IMAGE_TAG-$TAG_EXTENSION
+          fi
+          echo "::set-output name=value::$IMAGE_TAG"
+
+      - name: Tag image
+        env:
+          IMAGE_TAG: ${{ steps.image-tag.outputs.value }}
+        run: docker tag bitwardenqa.azurecr.io/web "bitwardenqa.azurecr.io/web:$IMAGE_TAG"
+
+      - name: Tag dev
+        if: github.ref == 'refs/heads/master'
+        run: docker tag bitwardenqa.azurecr.io/web bitwardenqa.azurecr.io/web:dev
+
+      - name: List Docker images
+        run: docker images
+
+      - name: Push image
+        env:
+          IMAGE_TAG: ${{ steps.image-tag.outputs.value }}
+        run: docker push "bitwardenqa.azurecr.io/web:$IMAGE_TAG"
+
+      - name: Push dev images
+        if: github.ref == 'refs/heads/master'
+        run: docker push bitwardenqa.azurecr.io/web:dev
+
+      - name: Log out of Docker
+        run: docker logout
+
+
   windows:
-    runs-on: windows-latest
+    name: Test code on Windows
+    runs-on: windows-2019
     steps:
       - name: Set up NuGet
-        uses: nuget/setup-nuget@v1
+        uses: nuget/setup-nuget@04b0c2b8d1b97922f67eca497d7cf0bf17b8ffe1
         with:
           nuget-version: 'latest'
 
       - name: Set up MSBuild
-        uses: microsoft/setup-msbuild@v1
+        uses: microsoft/setup-msbuild@c26a08ba26249b81327e26f6ef381897b6a8754d
+
+      - name: Cache npm
+        id: npm-cache
+        uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353  # v2.1.6
+        with:
+          path: '~/.npm'
+          key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }}
 
       - name: Set up Node
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea
         with:
-          node-version: '10.x'
+          node-version: '14'
+
+      - name: Update NPM
+        run: |
+          npm install -g npm@7
 
       - name: Print environment
         run: |
-          nuget help
+          nuget help | grep Version
           msbuild -version
           dotnet --info
           node --version
           npm --version
-          Write-Output "GitHub ref: $env:GITHUB_REF"
-          Write-Output "GitHub event: $env:GITHUB_EVENT"
-        shell: pwsh
+          echo "GitHub ref: $GITHUB_REF"
+          echo "GitHub event: $GITHUB_EVENT"
         env:
           GITHUB_REF: ${{ github.ref }}
           GITHUB_EVENT: ${{ github.event_name }}
 
       - name: Checkout repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
 
-      - name: npm install
-        run: npm install
+      - name: Install dependencies
+        run: npm ci
 
-      - name: npm build
-        run: npm run build:prod
+      - name: NPM install
+        run: npm ci
 
+      - name: NPM build
+        run: npm run build:bit:cloud

.github/workflows/crowdin-sync.yml

@@ -0,0 +1,49 @@
+---
+name: Crowdin Sync
+
+on:
+  workflow_dispatch:
+    inputs: {}
+# schedule:
+#   - cron: '0 0 * * *'
+
+jobs:
+  crowdin-sync:
+    name: Autosync
+    runs-on: ubuntu-20.04
+    env:
+      _CROWDIN_PROJECT_ID: "308189"
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f  # v2.3.4
+
+      - name: Login to Azure
+        uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
+        with:
+          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
+        with:
+          keyvault: "bitwarden-prod-kv"
+          secrets: "crowdin-api-token"
+
+      - name: Download translations
+        uses: crowdin/github-action@e39093fd75daae7859c68eded4b43d42ec78d8ea
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}
+        with:
+          config: crowdin.yml
+          crowdin_branch_name: master
+          upload_sources: false
+          upload_translations: false
+          download_translations: true
+          github_user_name: "github-actions"
+          github_user_email: "<>"
+          commit_message: "Autosync the updated translations"
+          localization_branch_name: crowdin-auto-sync
+          create_pull_request: true
+          pull_request_title: "Autosync Crowdin Translations"
+          pull_request_body: "Autosync the updated translations"

.github/workflows/qa-deploy.yml

@@ -0,0 +1,72 @@
+---
+name: QA Deploy
+
+on:
+  workflow_dispatch:
+    inputs:
+      image_extension:
+        description: "Image tag extension"
+        required: false
+
+env:
+  _QA_CLUSTER_RESOURCE_GROUP: "bitwarden-devops"
+  _QA_CLUSTER_NAME: "dev-aks"
+  _QA_K8S_NAMESPACE: "bw-qa"
+  _QA_K8S_APP_NAME: "bw-web"
+
+jobs:
+  deploy:
+    name: Deploy QA Web
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f  # v2.3.4
+
+      - name: Setup
+        run:
+          export PATH=$PATH:~/work/web/web
+
+      - name: Login to Azure
+        uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
+        with:
+          creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403
+        with:
+          keyvault: "bitwarden-qa-kv"
+          secrets: "dev-aks-kubectl-credentials"
+
+      - name: Login to dev-aks-kubectl SP
+        uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a
+        with:
+          creds: ${{ env.dev-aks-kubectl-credentials }}
+
+      - name: Setup AKS access
+        env:
+          USER_ID: ${{ env.qa-kubectl-managed-identity-clientId }}
+        run: |
+          echo "---az install---"
+          az aks install-cli --install-location ./kubectl --kubelogin-install-location ./kubelogin
+          echo "---az get-creds---"
+          az aks get-credentials -n $_QA_CLUSTER_NAME -g $_QA_CLUSTER_RESOURCE_GROUP
+
+      - name: Get image tag
+        id: image_tag
+        run: |
+          IMAGE_TAG=$(echo "$GITHUB_REF" | awk '{split($0, a, "/"); print a[3];}')
+          TAG_EXTENSION=${{ github.event.inputs.image_extension }}
+
+          if [[ $TAG_EXTENSION ]]; then
+            IMAGE_TAG=$IMAGE_TAG-$TAG_EXTENSION
+          fi
+          echo "::set-output name=value::$IMAGE_TAG"
+
+      - name: Deploy Web image
+        env:
+          IMAGE_TAG: ${{ steps.image_tag.outputs.value }}
+        run: |
+          kubectl set image -n $_QA_K8S_NAMESPACE deployment/web web=bitwardenqa.azurecr.io/web:$IMAGE_TAG --record
+          kubectl rollout restart -n $_QA_K8S_NAMESPACE deployment/web
+          kubectl rollout status deployment/web -n $_QA_K8S_NAMESPACE

.github/workflows/release.yml

@@ -0,0 +1,187 @@
+---
+name: Release
+
+on:
+  workflow_dispatch:
+    inputs: {}
+
+jobs:
+  setup:
+    name: Setup
+    runs-on: ubuntu-20.04
+    outputs:
+      release_version: ${{ steps.version.outputs.package }}
+      tag_version: ${{ steps.version.outputs.tag }}
+    steps:
+      - name: Branch check
+        run: |
+          if [[ "$GITHUB_REF" != "refs/heads/release" ]]; then
+            echo "==================================="
+            echo "[!] Can only release from the 'release' branch"
+            echo "==================================="
+            exit 1
+          fi
+
+      - name: Checkout repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f  # 2.3.4
+
+      - name: Check Release Version
+        id: version
+        run: |
+          version=$( jq -r ".version" package.json)
+          previous_release_tag_version=$(
+            curl -sL https://api.github.com/repos/$GITHUB_REPOSITORY/releases/latest | jq -r ".tag_name"
+          )
+
+          if [ "v$version" == "$previous_release_tag_version" ]; then
+            echo "[!] Already released v$version. Please bump version to continue"
+            exit 1
+          fi
+
+          echo "::set-output name=package::$version"
+          echo "::set-output name=tag::v$version"
+
+
+  self-host:
+    name: Release self-host docker
+    runs-on: ubuntu-20.04
+    needs: setup
+    env:
+      _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }}
+    steps:
+      - name: Print environment
+        run: |
+          whoami
+          docker --version
+          echo "GitHub ref: $GITHUB_REF"
+          echo "GitHub event: $GITHUB_EVENT"
+
+      - name: Setup DCT
+        id: setup-dct
+        uses: bitwarden/gh-actions/setup-docker-trust@a8c384a05a974c05c48374c818b004be221d43ff
+        with:
+          azure-creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          azure-keyvault-name: "bitwarden-prod-kv"
+
+      - name: Checkout repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
+
+      - name: Pull latest selfhost Release image
+        run: docker pull bitwarden/web:latest
+
+      - name: Tag version
+        run: |
+          docker tag bitwarden/web:latest bitwarden/web:$_RELEASE_VERSION
+
+      - name: List Docker images
+        run: docker images
+
+      - name: Push images
+        run: |
+          docker push bitwarden/web:$_RELEASE_VERSION
+        env:
+          DOCKER_CONTENT_TRUST: 1
+          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
+
+      - name: Log out of Docker
+        run: docker logout
+
+
+  ghpages-deploy:
+    name: Deploy Web Vault
+    runs-on: ubuntu-20.04
+    needs:
+      - setup
+      - self-host
+    env:
+      _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }}
+      _TAG_VERSION: ${{ needs.setup.outputs.tag_version }}
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f  # v2.3.4
+        with:
+          ref: gh-pages
+
+      - name: Create deploy branch
+        run: |
+          git switch -c deploy-$_TAG_VERSION
+          git push -u origin deploy-$_TAG_VERSION
+
+      - name: Checkout Repo
+        uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f  # v2.3.4
+        with:
+          ref: release
+
+      - name: Setup git config
+        run: |
+          git config user.name = "GitHub Action Bot"
+          git config user.email = "<>"
+          git config --global url."https://github.com/".insteadOf ssh://git@github.com/
+          git config --global url."https://".insteadOf ssh://
+
+      - name: Download latest cloud asset
+        uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
+        with:
+          workflow: build.yml
+          workflow_conclusion: success
+          branch: release
+          artifacts: web-*-cloud-COMMERCIAL.zip
+
+      # This should result in a build directory in the current working directory
+      - name: Unzip build asset
+        run: unzip web-*-cloud-COMMERCIAL.zip
+
+      - name: Deploy GitHub Pages
+        uses: crazy-max/ghaction-github-pages@db4476a01402e1a7ce05f41832040eef16d14925  # v2.5.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          target_branch: deploy-${{ needs.setup.outputs.tag_version }}
+          build_dir: build
+          keep_history: true
+          commit_message: "Staging deploy ${{ needs.setup.outputs.release_version }}"
+
+      - name: Create Deploy PR
+        env:
+          PR_BRANCH: deploy-${{ env._TAG_VERSION }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh pr create --title "Deploy $_RELEASE_VERSION" \
+            --body "Deploying $_RELEASE_VERSION" \
+            --base gh-pages \
+            --head "$PR_BRANCH"
+
+
+  release:
+    name: Create GitHub Release
+    runs-on: ubuntu-20.04
+    needs:
+      - setup
+      - self-host
+      - ghpages-deploy
+    steps:
+      - name: Download latest build artifacts
+        uses: bitwarden/gh-actions/download-artifacts@23433be15ed6fd046ce12b6889c5184a8d9c8783
+        with:
+          workflow: build.yml
+          workflow_conclusion: success
+          branch: release
+          artifacts: "web-*-selfhosted-COMMERCIAL.zip,
+                      web-*-selfhosted-open-source.zip"
+
+      - name: Rename assets
+        run: |
+          mv web-*-selfhosted-COMMERCIAL.zip web-${{ needs.setup.outputs.release_version }}-selfhosted-COMMERCIAL.zip
+          mv web-*-selfhosted-open-source.zip web-${{ needs.setup.outputs.release_version }}-selfhosted-open-source.zip
+
+      - name: Create release
+        uses: ncipollo/release-action@95215a3cb6e6a1908b3c44e00b4fdb15548b1e09
+        with:
+          name: "Version ${{ needs.setup.outputs.release_version }}"
+          commit: ${{ github.sha }}
+          tag: "${{ needs.setup.outputs.tag_version }}"
+          body: "<insert release notes here>"
+          artifacts: "web-${{ needs.setup.outputs.release_version }}-selfhosted-COMMERCIAL.zip,
+                      web-${{ needs.setup.outputs.release_version }}-selfhosted-open-source.zip"
+          token: ${{ secrets.GITHUB_TOKEN }}
+          draft: true

.gitignore

@@ -9,6 +9,7 @@ dist/
 *.pem
 *.crx
 *.zip
+*.swp
 build/
 !dev-server.shared.pem
-config/development.json
+config/local.json

ISSUE_TEMPLATE.md

@@ -1,52 +0,0 @@
-<!--
-Please do not submit feature requests. The [Community Forums][1] has a
-section for submitting, voting for, and discussing product feature requests.
-[1]: https://community.bitwarden.com
--->
-
-## Describe the Bug
-
-<!-- Comment:
-A clear and concise description of what the bug is.
--->
-
-## Steps To Reproduce
-
-<!-- Comment:
-How can we reproduce the behavior:
--->
-
-1. Go to '...'
-2. Click on '....'
-3. Scroll down to '....'
-4. Click on '...'
-
-## Expected Result
-
-<!-- Comment:
-A clear and concise description of what you expected to happen.
--->
-
-## Actual Result
-
-<!-- Comment:
-A clear and concise description of what is happening.
--->
-
-## Screenshots or Videos
-
-<!-- Comment:
-If applicable, add screenshots and/or a short video to help explain your problem.
--->
-
-## Environment
-
-- Operating system: [e.g. Windows 10, Mac OS Catalina]
-- Browser: [e.g. Firefox 73.0.1]
-- Build Version (Bottom of the page): [2.13.0]
-
-## Additional Context
-
-<!-- Comment:
-Add any other context about the problem here.
--->

LICENSE.txt

@@ -1,674 +1,17 @@
-                    GNU GENERAL PUBLIC LICENSE
-                       Version 3, 29 June 2007
-
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-                            Preamble
-
-  The GNU General Public License is a free, copyleft license for
-software and other kinds of works.
-
-  The licenses for most software and other practical works are designed
-to take away your freedom to share and change the works.  By contrast,
-the GNU General Public License is intended to guarantee your freedom to
-share and change all versions of a program--to make sure it remains free
-software for all its users.  We, the Free Software Foundation, use the
-GNU General Public License for most of our software; it applies also to
-any other work released this way by its authors.  You can apply it to
-your programs, too.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-them if you wish), that you receive source code or can get it if you
-want it, that you can change the software or use pieces of it in new
-free programs, and that you know you can do these things.
-
-  To protect your rights, we need to prevent others from denying you
-these rights or asking you to surrender the rights.  Therefore, you have
-certain responsibilities if you distribute copies of the software, or if
-you modify it: responsibilities to respect the freedom of others.
-
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must pass on to the recipients the same
-freedoms that you received.  You must make sure that they, too, receive
-or can get the source code.  And you must show them these terms so they
-know their rights.
-
-  Developers that use the GNU GPL protect your rights with two steps:
-(1) assert copyright on the software, and (2) offer you this License
-giving you legal permission to copy, distribute and/or modify it.
-
-  For the developers' and authors' protection, the GPL clearly explains
-that there is no warranty for this free software.  For both users' and
-authors' sake, the GPL requires that modified versions be marked as
-changed, so that their problems will not be attributed erroneously to
-authors of previous versions.
-
-  Some devices are designed to deny users access to install or run
-modified versions of the software inside them, although the manufacturer
-can do so.  This is fundamentally incompatible with the aim of
-protecting users' freedom to change the software.  The systematic
-pattern of such abuse occurs in the area of products for individuals to
-use, which is precisely where it is most unacceptable.  Therefore, we
-have designed this version of the GPL to prohibit the practice for those
-products.  If such problems arise substantially in other domains, we
-stand ready to extend this provision to those domains in future versions
-of the GPL, as needed to protect the freedom of users.
-
-  Finally, every program is threatened constantly by software patents.
-States should not allow patents to restrict development and use of
-software on general-purpose computers, but in those that do, we wish to
-avoid the special danger that patents applied to a free program could
-make it effectively proprietary.  To prevent this, the GPL assures that
-patents cannot be used to render the program non-free.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-                       TERMS AND CONDITIONS
-
-  0. Definitions.
-
-  "This License" refers to version 3 of the GNU General Public License.
-
-  "Copyright" also means copyright-like laws that apply to other kinds of
-works, such as semiconductor masks.
-
-  "The Program" refers to any copyrightable work licensed under this
-License.  Each licensee is addressed as "you".  "Licensees" and
-"recipients" may be individuals or organizations.
-
-  To "modify" a work means to copy from or adapt all or part of the work
-in a fashion requiring copyright permission, other than the making of an
-exact copy.  The resulting work is called a "modified version" of the
-earlier work or a work "based on" the earlier work.
-
-  A "covered work" means either the unmodified Program or a work based
-on the Program.
-
-  To "propagate" a work means to do anything with it that, without
-permission, would make you directly or secondarily liable for
-infringement under applicable copyright law, except executing it on a
-computer or modifying a private copy.  Propagation includes copying,
-distribution (with or without modification), making available to the
-public, and in some countries other activities as well.
-
-  To "convey" a work means any kind of propagation that enables other
-parties to make or receive copies.  Mere interaction with a user through
-a computer network, with no transfer of a copy, is not conveying.
-
-  An interactive user interface displays "Appropriate Legal Notices"
-to the extent that it includes a convenient and prominently visible
-feature that (1) displays an appropriate copyright notice, and (2)
-tells the user that there is no warranty for the work (except to the
-extent that warranties are provided), that licensees may convey the
-work under this License, and how to view a copy of this License.  If
-the interface presents a list of user commands or options, such as a
-menu, a prominent item in the list meets this criterion.
-
-  1. Source Code.
-
-  The "source code" for a work means the preferred form of the work
-for making modifications to it.  "Object code" means any non-source
-form of a work.
-
-  A "Standard Interface" means an interface that either is an official
-standard defined by a recognized standards body, or, in the case of
-interfaces specified for a particular programming language, one that
-is widely used among developers working in that language.
-
-  The "System Libraries" of an executable work include anything, other
-than the work as a whole, that (a) is included in the normal form of
-packaging a Major Component, but which is not part of that Major
-Component, and (b) serves only to enable use of the work with that
-Major Component, or to implement a Standard Interface for which an
-implementation is available to the public in source code form.  A
-"Major Component", in this context, means a major essential component
-(kernel, window system, and so on) of the specific operating system
-(if any) on which the executable work runs, or a compiler used to
-produce the work, or an object code interpreter used to run it.
-
-  The "Corresponding Source" for a work in object code form means all
-the source code needed to generate, install, and (for an executable
-work) run the object code and to modify the work, including scripts to
-control those activities.  However, it does not include the work's
-System Libraries, or general-purpose tools or generally available free
-programs which are used unmodified in performing those activities but
-which are not part of the work.  For example, Corresponding Source
-includes interface definition files associated with source files for
-the work, and the source code for shared libraries and dynamically
-linked subprograms that the work is specifically designed to require,
-such as by intimate data communication or control flow between those
-subprograms and other parts of the work.
-
-  The Corresponding Source need not include anything that users
-can regenerate automatically from other parts of the Corresponding
-Source.
-
-  The Corresponding Source for a work in source code form is that
-same work.
-
-  2. Basic Permissions.
-
-  All rights granted under this License are granted for the term of
-copyright on the Program, and are irrevocable provided the stated
-conditions are met.  This License explicitly affirms your unlimited
-permission to run the unmodified Program.  The output from running a
-covered work is covered by this License only if the output, given its
-content, constitutes a covered work.  This License acknowledges your
-rights of fair use or other equivalent, as provided by copyright law.
-
-  You may make, run and propagate covered works that you do not
-convey, without conditions so long as your license otherwise remains
-in force.  You may convey covered works to others for the sole purpose
-of having them make modifications exclusively for you, or provide you
-with facilities for running those works, provided that you comply with
-the terms of this License in conveying all material for which you do
-not control copyright.  Those thus making or running the covered works
-for you must do so exclusively on your behalf, under your direction
-and control, on terms that prohibit them from making any copies of
-your copyrighted material outside their relationship with you.
-
-  Conveying under any other circumstances is permitted solely under
-the conditions stated below.  Sublicensing is not allowed; section 10
-makes it unnecessary.
-
-  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
-
-  No covered work shall be deemed part of an effective technological
-measure under any applicable law fulfilling obligations under article
-11 of the WIPO copyright treaty adopted on 20 December 1996, or
-similar laws prohibiting or restricting circumvention of such
-measures.
-
-  When you convey a covered work, you waive any legal power to forbid
-circumvention of technological measures to the extent such circumvention
-is effected by exercising rights under this License with respect to
-the covered work, and you disclaim any intention to limit operation or
-modification of the work as a means of enforcing, against the work's
-users, your or third parties' legal rights to forbid circumvention of
-technological measures.
-
-  4. Conveying Verbatim Copies.
-
-  You may convey verbatim copies of the Program's source code as you
-receive it, in any medium, provided that you conspicuously and
-appropriately publish on each copy an appropriate copyright notice;
-keep intact all notices stating that this License and any
-non-permissive terms added in accord with section 7 apply to the code;
-keep intact all notices of the absence of any warranty; and give all
-recipients a copy of this License along with the Program.
-
-  You may charge any price or no price for each copy that you convey,
-and you may offer support or warranty protection for a fee.
-
-  5. Conveying Modified Source Versions.
-
-  You may convey a work based on the Program, or the modifications to
-produce it from the Program, in the form of source code under the
-terms of section 4, provided that you also meet all of these conditions:
-
-    a) The work must carry prominent notices stating that you modified
-    it, and giving a relevant date.
-
-    b) The work must carry prominent notices stating that it is
-    released under this License and any conditions added under section
-    7.  This requirement modifies the requirement in section 4 to
-    "keep intact all notices".
-
-    c) You must license the entire work, as a whole, under this
-    License to anyone who comes into possession of a copy.  This
-    License will therefore apply, along with any applicable section 7
-    additional terms, to the whole of the work, and all its parts,
-    regardless of how they are packaged.  This License gives no
-    permission to license the work in any other way, but it does not
-    invalidate such permission if you have separately received it.
-
-    d) If the work has interactive user interfaces, each must display
-    Appropriate Legal Notices; however, if the Program has interactive
-    interfaces that do not display Appropriate Legal Notices, your
-    work need not make them do so.
-
-  A compilation of a covered work with other separate and independent
-works, which are not by their nature extensions of the covered work,
-and which are not combined with it such as to form a larger program,
-in or on a volume of a storage or distribution medium, is called an
-"aggregate" if the compilation and its resulting copyright are not
-used to limit the access or legal rights of the compilation's users
-beyond what the individual works permit.  Inclusion of a covered work
-in an aggregate does not cause this License to apply to the other
-parts of the aggregate.
-
-  6. Conveying Non-Source Forms.
-
-  You may convey a covered work in object code form under the terms
-of sections 4 and 5, provided that you also convey the
-machine-readable Corresponding Source under the terms of this License,
-in one of these ways:
-
-    a) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by the
-    Corresponding Source fixed on a durable physical medium
-    customarily used for software interchange.
-
-    b) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by a
-    written offer, valid for at least three years and valid for as
-    long as you offer spare parts or customer support for that product
-    model, to give anyone who possesses the object code either (1) a
-    copy of the Corresponding Source for all the software in the
-    product that is covered by this License, on a durable physical
-    medium customarily used for software interchange, for a price no
-    more than your reasonable cost of physically performing this
-    conveying of source, or (2) access to copy the
-    Corresponding Source from a network server at no charge.
-
-    c) Convey individual copies of the object code with a copy of the
-    written offer to provide the Corresponding Source.  This
-    alternative is allowed only occasionally and noncommercially, and
-    only if you received the object code with such an offer, in accord
-    with subsection 6b.
-
-    d) Convey the object code by offering access from a designated
-    place (gratis or for a charge), and offer equivalent access to the
-    Corresponding Source in the same way through the same place at no
-    further charge.  You need not require recipients to copy the
-    Corresponding Source along with the object code.  If the place to
-    copy the object code is a network server, the Corresponding Source
-    may be on a different server (operated by you or a third party)
-    that supports equivalent copying facilities, provided you maintain
-    clear directions next to the object code saying where to find the
-    Corresponding Source.  Regardless of what server hosts the
-    Corresponding Source, you remain obligated to ensure that it is
-    available for as long as needed to satisfy these requirements.
-
-    e) Convey the object code using peer-to-peer transmission, provided
-    you inform other peers where the object code and Corresponding
-    Source of the work are being offered to the general public at no
-    charge under subsection 6d.
-
-  A separable portion of the object code, whose source code is excluded
-from the Corresponding Source as a System Library, need not be
-included in conveying the object code work.
-
-  A "User Product" is either (1) a "consumer product", which means any
-tangible personal property which is normally used for personal, family,
-or household purposes, or (2) anything designed or sold for incorporation
-into a dwelling.  In determining whether a product is a consumer product,
-doubtful cases shall be resolved in favor of coverage.  For a particular
-product received by a particular user, "normally used" refers to a
-typical or common use of that class of product, regardless of the status
-of the particular user or of the way in which the particular user
-actually uses, or expects or is expected to use, the product.  A product
-is a consumer product regardless of whether the product has substantial
-commercial, industrial or non-consumer uses, unless such uses represent
-the only significant mode of use of the product.
-
-  "Installation Information" for a User Product means any methods,
-procedures, authorization keys, or other information required to install
-and execute modified versions of a covered work in that User Product from
-a modified version of its Corresponding Source.  The information must
-suffice to ensure that the continued functioning of the modified object
-code is in no case prevented or interfered with solely because
-modification has been made.
-
-  If you convey an object code work under this section in, or with, or
-specifically for use in, a User Product, and the conveying occurs as
-part of a transaction in which the right of possession and use of the
-User Product is transferred to the recipient in perpetuity or for a
-fixed term (regardless of how the transaction is characterized), the
-Corresponding Source conveyed under this section must be accompanied
-by the Installation Information.  But this requirement does not apply
-if neither you nor any third party retains the ability to install
-modified object code on the User Product (for example, the work has
-been installed in ROM).
-
-  The requirement to provide Installation Information does not include a
-requirement to continue to provide support service, warranty, or updates
-for a work that has been modified or installed by the recipient, or for
-the User Product in which it has been modified or installed.  Access to a
-network may be denied when the modification itself materially and
-adversely affects the operation of the network or violates the rules and
-protocols for communication across the network.
-
-  Corresponding Source conveyed, and Installation Information provided,
-in accord with this section must be in a format that is publicly
-documented (and with an implementation available to the public in
-source code form), and must require no special password or key for
-unpacking, reading or copying.
-
-  7. Additional Terms.
-
-  "Additional permissions" are terms that supplement the terms of this
-License by making exceptions from one or more of its conditions.
-Additional permissions that are applicable to the entire Program shall
-be treated as though they were included in this License, to the extent
-that they are valid under applicable law.  If additional permissions
-apply only to part of the Program, that part may be used separately
-under those permissions, but the entire Program remains governed by
-this License without regard to the additional permissions.
-
-  When you convey a copy of a covered work, you may at your option
-remove any additional permissions from that copy, or from any part of
-it.  (Additional permissions may be written to require their own
-removal in certain cases when you modify the work.)  You may place
-additional permissions on material, added by you to a covered work,
-for which you have or can give appropriate copyright permission.
-
-  Notwithstanding any other provision of this License, for material you
-add to a covered work, you may (if authorized by the copyright holders of
-that material) supplement the terms of this License with terms:
-
-    a) Disclaiming warranty or limiting liability differently from the
-    terms of sections 15 and 16 of this License; or
-
-    b) Requiring preservation of specified reasonable legal notices or
-    author attributions in that material or in the Appropriate Legal
-    Notices displayed by works containing it; or
-
-    c) Prohibiting misrepresentation of the origin of that material, or
-    requiring that modified versions of such material be marked in
-    reasonable ways as different from the original version; or
-
-    d) Limiting the use for publicity purposes of names of licensors or
-    authors of the material; or
-
-    e) Declining to grant rights under trademark law for use of some
-    trade names, trademarks, or service marks; or
-
-    f) Requiring indemnification of licensors and authors of that
-    material by anyone who conveys the material (or modified versions of
-    it) with contractual assumptions of liability to the recipient, for
-    any liability that these contractual assumptions directly impose on
-    those licensors and authors.
-
-  All other non-permissive additional terms are considered "further
-restrictions" within the meaning of section 10.  If the Program as you
-received it, or any part of it, contains a notice stating that it is
-governed by this License along with a term that is a further
-restriction, you may remove that term.  If a license document contains
-a further restriction but permits relicensing or conveying under this
-License, you may add to a covered work material governed by the terms
-of that license document, provided that the further restriction does
-not survive such relicensing or conveying.
-
-  If you add terms to a covered work in accord with this section, you
-must place, in the relevant source files, a statement of the
-additional terms that apply to those files, or a notice indicating
-where to find the applicable terms.
-
-  Additional terms, permissive or non-permissive, may be stated in the
-form of a separately written license, or stated as exceptions;
-the above requirements apply either way.
-
-  8. Termination.
-
-  You may not propagate or modify a covered work except as expressly
-provided under this License.  Any attempt otherwise to propagate or
-modify it is void, and will automatically terminate your rights under
-this License (including any patent licenses granted under the third
-paragraph of section 11).
-
-  However, if you cease all violation of this License, then your
-license from a particular copyright holder is reinstated (a)
-provisionally, unless and until the copyright holder explicitly and
-finally terminates your license, and (b) permanently, if the copyright
-holder fails to notify you of the violation by some reasonable means
-prior to 60 days after the cessation.
-
-  Moreover, your license from a particular copyright holder is
-reinstated permanently if the copyright holder notifies you of the
-violation by some reasonable means, this is the first time you have
-received notice of violation of this License (for any work) from that
-copyright holder, and you cure the violation prior to 30 days after
-your receipt of the notice.
-
-  Termination of your rights under this section does not terminate the
-licenses of parties who have received copies or rights from you under
-this License.  If your rights have been terminated and not permanently
-reinstated, you do not qualify to receive new licenses for the same
-material under section 10.
-
-  9. Acceptance Not Required for Having Copies.
-
-  You are not required to accept this License in order to receive or
-run a copy of the Program.  Ancillary propagation of a covered work
-occurring solely as a consequence of using peer-to-peer transmission
-to receive a copy likewise does not require acceptance.  However,
-nothing other than this License grants you permission to propagate or
-modify any covered work.  These actions infringe copyright if you do
-not accept this License.  Therefore, by modifying or propagating a
-covered work, you indicate your acceptance of this License to do so.
-
-  10. Automatic Licensing of Downstream Recipients.
-
-  Each time you convey a covered work, the recipient automatically
-receives a license from the original licensors, to run, modify and
-propagate that work, subject to this License.  You are not responsible
-for enforcing compliance by third parties with this License.
-
-  An "entity transaction" is a transaction transferring control of an
-organization, or substantially all assets of one, or subdividing an
-organization, or merging organizations.  If propagation of a covered
-work results from an entity transaction, each party to that
-transaction who receives a copy of the work also receives whatever
-licenses to the work the party's predecessor in interest had or could
-give under the previous paragraph, plus a right to possession of the
-Corresponding Source of the work from the predecessor in interest, if
-the predecessor has it or can get it with reasonable efforts.
-
-  You may not impose any further restrictions on the exercise of the
-rights granted or affirmed under this License.  For example, you may
-not impose a license fee, royalty, or other charge for exercise of
-rights granted under this License, and you may not initiate litigation
-(including a cross-claim or counterclaim in a lawsuit) alleging that
-any patent claim is infringed by making, using, selling, offering for
-sale, or importing the Program or any portion of it.
-
-  11. Patents.
-
-  A "contributor" is a copyright holder who authorizes use under this
-License of the Program or a work on which the Program is based.  The
-work thus licensed is called the contributor's "contributor version".
-
-  A contributor's "essential patent claims" are all patent claims
-owned or controlled by the contributor, whether already acquired or
-hereafter acquired, that would be infringed by some manner, permitted
-by this License, of making, using, or selling its contributor version,
-but do not include claims that would be infringed only as a
-consequence of further modification of the contributor version.  For
-purposes of this definition, "control" includes the right to grant
-patent sublicenses in a manner consistent with the requirements of
-this License.
-
-  Each contributor grants you a non-exclusive, worldwide, royalty-free
-patent license under the contributor's essential patent claims, to
-make, use, sell, offer for sale, import and otherwise run, modify and
-propagate the contents of its contributor version.
-
-  In the following three paragraphs, a "patent license" is any express
-agreement or commitment, however denominated, not to enforce a patent
-(such as an express permission to practice a patent or covenant not to
-sue for patent infringement).  To "grant" such a patent license to a
-party means to make such an agreement or commitment not to enforce a
-patent against the party.
-
-  If you convey a covered work, knowingly relying on a patent license,
-and the Corresponding Source of the work is not available for anyone
-to copy, free of charge and under the terms of this License, through a
-publicly available network server or other readily accessible means,
-then you must either (1) cause the Corresponding Source to be so
-available, or (2) arrange to deprive yourself of the benefit of the
-patent license for this particular work, or (3) arrange, in a manner
-consistent with the requirements of this License, to extend the patent
-license to downstream recipients.  "Knowingly relying" means you have
-actual knowledge that, but for the patent license, your conveying the
-covered work in a country, or your recipient's use of the covered work
-in a country, would infringe one or more identifiable patents in that
-country that you have reason to believe are valid.
-
-  If, pursuant to or in connection with a single transaction or
-arrangement, you convey, or propagate by procuring conveyance of, a
-covered work, and grant a patent license to some of the parties
-receiving the covered work authorizing them to use, propagate, modify
-or convey a specific copy of the covered work, then the patent license
-you grant is automatically extended to all recipients of the covered
-work and works based on it.
-
-  A patent license is "discriminatory" if it does not include within
-the scope of its coverage, prohibits the exercise of, or is
-conditioned on the non-exercise of one or more of the rights that are
-specifically granted under this License.  You may not convey a covered
-work if you are a party to an arrangement with a third party that is
-in the business of distributing software, under which you make payment
-to the third party based on the extent of your activity of conveying
-the work, and under which the third party grants, to any of the
-parties who would receive the covered work from you, a discriminatory
-patent license (a) in connection with copies of the covered work
-conveyed by you (or copies made from those copies), or (b) primarily
-for and in connection with specific products or compilations that
-contain the covered work, unless you entered into that arrangement,
-or that patent license was granted, prior to 28 March 2007.
-
-  Nothing in this License shall be construed as excluding or limiting
-any implied license or other defenses to infringement that may
-otherwise be available to you under applicable patent law.
-
-  12. No Surrender of Others' Freedom.
-
-  If conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot convey a
-covered work so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you may
-not convey it at all.  For example, if you agree to terms that obligate you
-to collect a royalty for further conveying from those to whom you convey
-the Program, the only way you could satisfy both those terms and this
-License would be to refrain entirely from conveying the Program.
-
-  13. Use with the GNU Affero General Public License.
-
-  Notwithstanding any other provision of this License, you have
-permission to link or combine any covered work with a work licensed
-under version 3 of the GNU Affero General Public License into a single
-combined work, and to convey the resulting work.  The terms of this
-License will continue to apply to the part which is the covered work,
-but the special requirements of the GNU Affero General Public License,
-section 13, concerning interaction through a network will apply to the
-combination as such.
-
-  14. Revised Versions of this License.
-
-  The Free Software Foundation may publish revised and/or new versions of
-the GNU General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-  Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU General
-Public License "or any later version" applies to it, you have the
-option of following the terms and conditions either of that numbered
-version or of any later version published by the Free Software
-Foundation.  If the Program does not specify a version number of the
-GNU General Public License, you may choose any version ever published
-by the Free Software Foundation.
-
-  If the Program specifies that a proxy can decide which future
-versions of the GNU General Public License can be used, that proxy's
-public statement of acceptance of a version permanently authorizes you
-to choose that version for the Program.
-
-  Later license versions may give you additional or different
-permissions.  However, no additional obligations are imposed on any
-author or copyright holder as a result of your choosing to follow a
-later version.
-
-  15. Disclaimer of Warranty.
-
-  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
-APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
-HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
-OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
-THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
-IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
-ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
-  16. Limitation of Liability.
-
-  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
-THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
-GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
-USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
-DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
-PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
-EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGES.
-
-  17. Interpretation of Sections 15 and 16.
-
-  If the disclaimer of warranty and limitation of liability provided
-above cannot be given local legal effect according to their terms,
-reviewing courts shall apply local law that most closely approximates
-an absolute waiver of all civil liability in connection with the
-Program, unless a warranty or assumption of liability accompanies a
-copy of the Program in return for a fee.
-
-                     END OF TERMS AND CONDITIONS
-
-            How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-state the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    {one line to give the program's name and a brief idea of what it does.}
-    Copyright (C) {year}  {name of author}
-
-    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-Also add information on how to contact you by electronic and paper mail.
-
-  If the program does terminal interaction, make it output a short
-notice like this when it starts in an interactive mode:
-
-    {project}  Copyright (C) {year}  {fullname}
-    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, your program's commands
-might be different; for a GUI interface, you would use an "about box".
-
-  You should also get your employer (if you work as a programmer) or school,
-if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU GPL, see
-<http://www.gnu.org/licenses/>.
-
-  The GNU General Public License does not permit incorporating your program
-into proprietary programs.  If your program is a subroutine library, you
-may consider it more useful to permit linking proprietary applications with
-the library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.  But first, please read
-<http://www.gnu.org/philosophy/why-not-lgpl.html>.
+Source code in this repository is covered by one of two licenses: (i) the
+GNU General Public License (GPL) v3.0 (ii) the Bitwarden License v1.0. The
+default license throughout the repository is GPL v3.0 unless the header
+specifies another license. Bitwarden Licensed code is found only in the
+/bitwarden_license directory.
+
+GPL v3.0:
+https://github.com/bitwarden/web/blob/master/LICENSE_GPL.txt
+
+Bitwarden License v1.0:
+https://github.com/bitwarden/web/blob/master/LICENSE_BITWARDEN.txt
+
+No grant of any rights in the trademarks, service marks, or logos of Bitwarden is
+made (except as may be necessary to comply with the notice requirements as
+applicable), and use of any Bitwarden trademarks must comply with Bitwarden
+Trademark Guidelines 
+<https://github.com/bitwarden/server/blob/master/TRADEMARK_GUIDELINES.md>.

LICENSE_BITWARDEN.txt

@@ -0,0 +1,182 @@
+BITWARDEN LICENSE AGREEMENT
+Version 1, 4 September 2020
+
+PLEASE CAREFULLY READ THIS BITWARDEN LICENSE AGREEMENT ("AGREEMENT"). THIS
+AGREEMENT CONSTITUTES A LEGALLY BINDING AGREEMENT BETWEEN YOU AND BITWARDEN,
+INC. ("BITWARDEN") AND GOVERNS YOUR USE OF THE COMMERCIAL MODULES (DEFINED
+BELOW). BY COPYING OR USING THE COMMERCIAL MODULES, YOU AGREE TO THIS AGREEMENT.
+IF YOU DO NOT AGREE WITH THIS AGREEMENT, YOU MAY NOT COPY OR USE THE COMMERCIAL
+MODULES. IF YOU ARE COPYING OR USING THE COMMERCIAL MODULES ON BEHALF OF A LEGAL
+ENTITY, YOU REPRESENT AND WARRANT THAT YOU HAVE AUTHORITY TO AGREE TO THIS
+AGREEMENT ON BEHALF OF SUCH ENTITY. IF YOU DO NOT HAVE SUCH AUTHORITY, DO NOT
+COPY OR USE THE COMMERCIAL MODULES IN ANY MANNER.
+
+This Agreement is entered into by and between Bitwarden and you, or the legal
+entity on behalf of whom you are acting (as applicable, "You" or "Your").
+
+1. DEFINITIONS
+
+"Bitwarden Software" means the Bitwarden server software, libraries, and
+Commercial Modules.
+
+"Commercial Modules" means the modules designed to work with and enhance the
+Bitwarden Software to which this Agreement is linked, referenced, or appended.
+
+2. LICENSES, RESTRICTIONS AND THIRD PARTY CODE
+
+2.1   Commercial Module License. Subject to Your compliance with this Agreement,
+Bitwarden hereby grants to You a limited, non-exclusive, non-transferable,
+royalty-free license to use the Commercial Modules for the sole purposes of
+internal development and internal testing, and only in a non-production
+environment.
+
+2.2   Reservation of Rights. As between Bitwarden and You, Bitwarden owns all
+right, title and interest in and to the Bitwarden Software, and except as
+expressly set forth in Sections 2.1, no other license to the Bitwarden Software
+is granted to You under this Agreement, by implication, estoppel, or otherwise.
+
+2.3   Restrictions. You agree not to: (i) except as expressly permitted in
+Section 2.1, sell, rent, lease, distribute, sublicense, loan or otherwise
+transfer the Commercial Modules to any third party; (ii) alter or remove any
+trademarks, service mark, and logo included with the Commercial Modules, or
+(iii) use the Commercial Modules to create a competing product or service.
+Bitwarden is not obligated to provide maintenance and support services for the
+Bitwarden Software licensed under this Agreement.
+
+2.4   Third Party Software. The Commercial Modules may contain or be provided
+with third party open source libraries, components, utilities and other open
+source software (collectively, "Open Source Software"). Notwithstanding anything
+to the contrary herein, use of the Open Source Software will be subject to the
+license terms and conditions applicable to such Open Source Software. To the
+extent any condition of this Agreement conflicts with any license to the Open
+Source Software, the Open Source Software license will govern with respect to
+such Open Source Software only.
+
+2.5 This Agreement does not grant any rights in the trademarks, service marks, or
+logos of any Contributor (except as may be necessary to comply with the notice
+requirements in Section 2.3), and use of any Bitwarden trademarks must comply with
+Bitwarden Trademark Guidelines
+<https://github.com/bitwarden/server/blob/master/TRADEMARK_GUIDELINES.md>.
+
+3. TERMINATION
+
+3.1   Termination. This Agreement will automatically terminate upon notice from
+Bitwarden, which notice may be by email or posting in the location where the
+Commercial Modules are made available.
+
+3.2   Effect of Termination. Upon any termination of this Agreement, for any
+reason, You will promptly cease use of the Commercial Modules and destroy any
+copies thereof. For the avoidance of doubt, termination of this Agreement will
+not affect Your right to Bitwarden Software, other than the Commercial Modules,
+made available pursuant to an Open Source Software license.
+
+3.3   Survival. Sections 1, 2.2 -2.4, 3.2, 3.3, 4, and 5 will survive any
+termination of this Agreement.
+
+4. DISCLAIMER AND LIMITATION OF LIABILITY
+
+4.1   Disclaimer of Warranties. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE
+LAW, THE BITWARDEN SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED REGARDING OR RELATING TO THE BITWARDEN SOFTWARE, INCLUDING
+ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
+TITLE, AND NON-INFRINGEMENT. FURTHER, BITWARDEN DOES NOT WARRANT RESULTS OF USE
+OR THAT THE BITWARDEN SOFTWARE WILL BE ERROR FREE OR THAT THE USE OF THE
+BITWARDEN SOFTWARE WILL BE UNINTERRUPTED.
+
+4.2   Limitation of Liability. IN NO EVENT WILL BITWARDEN OR ITS LICENSORS BE
+LIABLE TO YOU OR ANY THIRD PARTY UNDER THIS AGREEMENT FOR (I) ANY AMOUNTS IN
+EXCESS OF US $25 OR (II) FOR ANY SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF
+ANY KIND, INCLUDING FOR ANY LOSS OF PROFITS, LOSS OF USE, BUSINESS INTERRUPTION,
+LOSS OF DATA, COST OF SUBSTITUTE GOODS OR SERVICES, WHETHER ALLEGED AS A BREACH
+OF CONTRACT OR TORTIOUS CONDUCT, INCLUDING NEGLIGENCE, EVEN IF BITWARDEN HAS
+BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+5. MISCELLANEOUS
+
+5.1   Assignment. You may not assign or otherwise transfer this Agreement or any
+rights or obligations hereunder, in whole or in part, whether by operation of
+law or otherwise, to any third party without Bitwarden's prior written consent.
+Any purported transfer, assignment or delegation without such prior written
+consent will be null and void and of no force or effect. Bitwarden may assign
+this Agreement to any successor to its business or assets to which this
+Agreement relates, whether by merger, sale of assets, sale of stock,
+reorganization or otherwise. Subject to this Section 5.1, this Agreement will be
+binding upon and inure to the benefit of the parties hereto, and their
+respective successors and permitted assigns.
+
+5.2   Entire Agreement; Modification; Waiver. This Agreement represents the
+entire agreement between the parties, and supersedes all prior agreements and
+understandings, written or oral, with respect to the matters covered by this
+Agreement, and is not intended to confer upon any third party any rights or
+remedies hereunder. You acknowledge that You have not entered in this Agreement
+based on any representations other than those contained herein. No modification
+of or amendment to this Agreement, nor any waiver of any rights under this
+Agreement, will be effective unless in writing and signed by both parties. The
+waiver of one breach or default or any delay in exercising any rights will not
+constitute a waiver of any subsequent breach or default.
+
+5.3   Governing Law. This Agreement will in all respects be governed by the laws
+of the State of California without reference to its principles of conflicts of
+laws. The parties hereby agree that all disputes arising out of this Agreement
+will be subject to the exclusive jurisdiction of and venue in the federal and
+state courts within Los Angeles County, California. You hereby consent to the
+personal and exclusive jurisdiction and venue of these courts. The parties
+hereby disclaim and exclude the application hereto of the United Nations
+Convention on Contracts for the International Sale of Goods.
+
+5.4   Severability. If any provision of this Agreement is held invalid or
+unenforceable under applicable law by a court of competent jurisdiction, it will
+be replaced with the valid provision that most closely reflects the intent of
+the parties and the remaining provisions of the Agreement will remain in full
+force and effect.
+
+5.5   Relationship of the Parties. Nothing in this Agreement is to be construed
+as creating an agency, partnership, or joint venture relationship between the
+parties hereto. Neither party will have any right or authority to assume or
+create any obligations or to make any representations or warranties on behalf of
+any other party, whether express or implied, or to bind the other party in any
+respect whatsoever.
+
+5.6   Notices. All notices permitted or required under this Agreement will be in
+writing and will be deemed to have been given when delivered in person
+(including by overnight courier), or three (3) business days after being mailed
+by first class, registered or certified mail, postage prepaid, to the address of
+the party specified in this Agreement or such other address as either party may
+specify in writing.
+
+5.7   U.S. Government Restricted Rights. If Commercial Modules is being licensed
+by the U.S. Government, the Commercial Modules is deemed to be "commercial
+computer software" and "commercial computer documentation" developed exclusively
+at private expense, and (a) if acquired by or on behalf of a civilian agency,
+will be subject solely to the terms of this computer software license as
+specified in 48 C.F.R. 12.212 of the Federal Acquisition Regulations and its
+successors; and (b) if acquired by or on behalf of units of the Department of
+Defense ("DOD") will be subject to the terms of this commercial computer
+software license as specified in 48 C.F.R. 227.7202-2, DOD FAR Supplement and
+its successors.
+
+5.8   Injunctive Relief. A breach or threatened breach by You of Section 2 may
+cause irreparable harm for which damages at law may not provide adequate relief,
+and therefore Bitwarden will be entitled to seek injunctive relief in any
+applicable jurisdiction without being required to post a bond.
+
+5.9   Export Law Assurances. You understand that the Commercial Modules is
+subject to export control laws and regulations. You may not download or
+otherwise export or re-export the Commercial Modules or any underlying
+information or technology except in full compliance with all applicable laws and
+regulations, in particular, but without limitation, United States export control
+laws. None of the Commercial Modules or any underlying information or technology
+may be downloaded or otherwise exported or re- exported: (a) into (or to a
+national or resident of) any country to which the United States has embargoed
+goods; or (b) to anyone on the U.S. Treasury Department's list of specially
+designated nationals or the U.S. Commerce Department's list of prohibited
+countries or debarred or denied persons or entities. You hereby agree to the
+foregoing and represents and warrants that You are not located in, under control
+of, or a national or resident of any such country or on any such list.
+
+5.10  Construction. The titles and section headings used in this Agreement are
+for ease of reference only and will not be used in the interpretation or
+construction of this Agreement. No rule of construction resolving any ambiguity
+in favor of the non-drafting party will be applied hereto. The word "including",
+when used herein, is illustrative rather than exclusive and means "including,
+without limitation."

LICENSE_GPL.txt

@@ -0,0 +1,674 @@
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+  The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works.  By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.  We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors.  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights.  Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received.  You must make sure that they, too, receive
+or can get the source code.  And you must show them these terms so they
+know their rights.
+
+  Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+  For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software.  For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+  Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so.  This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software.  The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable.  Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products.  If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+  Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary.  To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                       TERMS AND CONDITIONS
+
+  0. Definitions.
+
+  "This License" refers to version 3 of the GNU General Public License.
+
+  "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+  "The Program" refers to any copyrightable work licensed under this
+License.  Each licensee is addressed as "you".  "Licensees" and
+"recipients" may be individuals or organizations.
+
+  To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy.  The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+  A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+  To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy.  Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+  To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies.  Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+  An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License.  If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+  1. Source Code.
+
+  The "source code" for a work means the preferred form of the work
+for making modifications to it.  "Object code" means any non-source
+form of a work.
+
+  A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+  The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form.  A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+  The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities.  However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work.  For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+  The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+  The Corresponding Source for a work in source code form is that
+same work.
+
+  2. Basic Permissions.
+
+  All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met.  This License explicitly affirms your unlimited
+permission to run the unmodified Program.  The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work.  This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+  You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force.  You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright.  Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+  Conveying under any other circumstances is permitted solely under
+the conditions stated below.  Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+  No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+  When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+  4. Conveying Verbatim Copies.
+
+  You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+  You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+  5. Conveying Modified Source Versions.
+
+  You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+    a) The work must carry prominent notices stating that you modified
+    it, and giving a relevant date.
+
+    b) The work must carry prominent notices stating that it is
+    released under this License and any conditions added under section
+    7.  This requirement modifies the requirement in section 4 to
+    "keep intact all notices".
+
+    c) You must license the entire work, as a whole, under this
+    License to anyone who comes into possession of a copy.  This
+    License will therefore apply, along with any applicable section 7
+    additional terms, to the whole of the work, and all its parts,
+    regardless of how they are packaged.  This License gives no
+    permission to license the work in any other way, but it does not
+    invalidate such permission if you have separately received it.
+
+    d) If the work has interactive user interfaces, each must display
+    Appropriate Legal Notices; however, if the Program has interactive
+    interfaces that do not display Appropriate Legal Notices, your
+    work need not make them do so.
+
+  A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit.  Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+  6. Conveying Non-Source Forms.
+
+  You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+    a) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by the
+    Corresponding Source fixed on a durable physical medium
+    customarily used for software interchange.
+
+    b) Convey the object code in, or embodied in, a physical product
+    (including a physical distribution medium), accompanied by a
+    written offer, valid for at least three years and valid for as
+    long as you offer spare parts or customer support for that product
+    model, to give anyone who possesses the object code either (1) a
+    copy of the Corresponding Source for all the software in the
+    product that is covered by this License, on a durable physical
+    medium customarily used for software interchange, for a price no
+    more than your reasonable cost of physically performing this
+    conveying of source, or (2) access to copy the
+    Corresponding Source from a network server at no charge.
+
+    c) Convey individual copies of the object code with a copy of the
+    written offer to provide the Corresponding Source.  This
+    alternative is allowed only occasionally and noncommercially, and
+    only if you received the object code with such an offer, in accord
+    with subsection 6b.
+
+    d) Convey the object code by offering access from a designated
+    place (gratis or for a charge), and offer equivalent access to the
+    Corresponding Source in the same way through the same place at no
+    further charge.  You need not require recipients to copy the
+    Corresponding Source along with the object code.  If the place to
+    copy the object code is a network server, the Corresponding Source
+    may be on a different server (operated by you or a third party)
+    that supports equivalent copying facilities, provided you maintain
+    clear directions next to the object code saying where to find the
+    Corresponding Source.  Regardless of what server hosts the
+    Corresponding Source, you remain obligated to ensure that it is
+    available for as long as needed to satisfy these requirements.
+
+    e) Convey the object code using peer-to-peer transmission, provided
+    you inform other peers where the object code and Corresponding
+    Source of the work are being offered to the general public at no
+    charge under subsection 6d.
+
+  A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+  A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling.  In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage.  For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product.  A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+  "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source.  The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+  If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information.  But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+  The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed.  Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+  Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+  7. Additional Terms.
+
+  "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law.  If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+  When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it.  (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.)  You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+  Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+    a) Disclaiming warranty or limiting liability differently from the
+    terms of sections 15 and 16 of this License; or
+
+    b) Requiring preservation of specified reasonable legal notices or
+    author attributions in that material or in the Appropriate Legal
+    Notices displayed by works containing it; or
+
+    c) Prohibiting misrepresentation of the origin of that material, or
+    requiring that modified versions of such material be marked in
+    reasonable ways as different from the original version; or
+
+    d) Limiting the use for publicity purposes of names of licensors or
+    authors of the material; or
+
+    e) Declining to grant rights under trademark law for use of some
+    trade names, trademarks, or service marks; or
+
+    f) Requiring indemnification of licensors and authors of that
+    material by anyone who conveys the material (or modified versions of
+    it) with contractual assumptions of liability to the recipient, for
+    any liability that these contractual assumptions directly impose on
+    those licensors and authors.
+
+  All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10.  If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term.  If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+  If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+  Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+  8. Termination.
+
+  You may not propagate or modify a covered work except as expressly
+provided under this License.  Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+  However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+  Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+  Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License.  If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+  9. Acceptance Not Required for Having Copies.
+
+  You are not required to accept this License in order to receive or
+run a copy of the Program.  Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance.  However,
+nothing other than this License grants you permission to propagate or
+modify any covered work.  These actions infringe copyright if you do
+not accept this License.  Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+  10. Automatic Licensing of Downstream Recipients.
+
+  Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License.  You are not responsible
+for enforcing compliance by third parties with this License.
+
+  An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations.  If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+  You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License.  For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+  11. Patents.
+
+  A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based.  The
+work thus licensed is called the contributor's "contributor version".
+
+  A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version.  For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+  Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+  In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement).  To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+  If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients.  "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+  If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+  A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License.  You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+  Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+  12. No Surrender of Others' Freedom.
+
+  If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all.  For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+  13. Use with the GNU Affero General Public License.
+
+  Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work.  The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+  14. Revised Versions of this License.
+
+  The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+  Each version is given a distinguishing version number.  If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation.  If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+  If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+  Later license versions may give you additional or different
+permissions.  However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+  15. Disclaimer of Warranty.
+
+  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. Limitation of Liability.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+  17. Interpretation of Sections 15 and 16.
+
+  If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    {one line to give the program's name and a brief idea of what it does.}
+    Copyright (C) {year}  {name of author}
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+  If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+    {project}  Copyright (C) {year}  {fullname}
+    This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+  You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<http://www.gnu.org/licenses/>.
+
+  The GNU General Public License does not permit incorporating your program
+into proprietary programs.  If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.  But first, please read
+<http://www.gnu.org/philosophy/why-not-lgpl.html>.

README.md

@@ -23,7 +23,8 @@
 
 ### Requirements
 
-- [Node.js](https://nodejs.org) v8.11 or greater
+- [Node.js](https://nodejs.org) v14.17 or greater
+- NPM v7
 
 ### Run the app
 
@@ -31,7 +32,7 @@ For local development, run the app with:
 
 ```
 npm install
-npm run build:watch
+npm run build:oss:watch
 ```
 
 You can now access the web vault in your browser at `https://localhost:8080`.
@@ -40,27 +41,25 @@ If you want to point the development web vault to the production APIs, you can r
 
 ```
 npm install
-ENV=production npm run build:watch
+ENV=production npm run build:oss:watch
 ```
 
-You can also manually adjusting your API endpoint settings by adding `config/development.js` overriding any of the values in `config/base.json`. For example:
+You can also manually adjusting your API endpoint settings by adding `config/local.json` overriding any of the following values:
 
-```typescript
+```json
 {
     "proxyApi": "http://your-api-url",
     "proxyIdentity": "http://your-identity-url",
     "proxyEvents": "http://your-events-url",
     "proxyNotifications": "http://your-notifications-url",
-    "proxyPortal": "http://your-portal-url",
-    "allowedHosts": ["hostnames-to-allow-in-webpack"]
+    "allowedHosts": ["hostnames-to-allow-in-webpack"],
+    "urls": {
+      
+    }
 }
 ```
 
-To pick up the overrides in the newly created `config/development.js` file, run the app with:
-
-```
-npm run build:dev:watch
-```
+Where the `urls` object is defined by the [Urls type in jslib](https://github.com/bitwarden/jslib/blob/master/common/src/abstractions/environment.service.ts).
 
 ## Contribute
 

bitwarden_license/README.md

@@ -0,0 +1,3 @@
+# Bitwarden Licensed Code
+
+All source code under this directory is licensed under the [Bitwarden License Agreement](https://github.com/bitwarden/web/blob/master/LICENSE_BITWARDEN.txt).

bitwarden_license/src/app/app-routing.module.ts

@@ -0,0 +1,15 @@
+import { NgModule } from '@angular/core';
+import { RouterModule, Routes } from '@angular/router';
+
+const routes: Routes = [
+    {
+        path: 'providers',
+        loadChildren: async () => (await import('./providers/providers.module')).ProvidersModule,
+    },
+];
+
+@NgModule({
+    imports: [RouterModule.forChild(routes)],
+    exports: [RouterModule],
+})
+export class AppRoutingModule { }

bitwarden_license/src/app/app.component.ts

@@ -0,0 +1,22 @@
+import { Component } from '@angular/core';
+
+import { AppComponent as BaseAppComponent } from 'src/app/app.component';
+import { DisablePersonalVaultExportPolicy } from './policies/disable-personal-vault-export.component';
+import { MaximumVaultTimeoutPolicy } from './policies/maximum-vault-timeout.component';
+
+@Component({
+    selector: 'app-root',
+    templateUrl: '../../../src/app/app.component.html',
+})
+export class AppComponent extends BaseAppComponent {
+
+    ngOnInit() {
+        super.ngOnInit();
+
+        this.policyListService.addPolicies([
+            new MaximumVaultTimeoutPolicy(),
+            new DisablePersonalVaultExportPolicy(),
+        ]);
+    }
+
+}

bitwarden_license/src/app/app.module.ts

@@ -0,0 +1,44 @@
+import { ToasterModule } from 'angular2-toaster';
+import { InfiniteScrollModule } from 'ngx-infinite-scroll';
+
+import { DragDropModule } from '@angular/cdk/drag-drop';
+import { NgModule } from '@angular/core';
+import { FormsModule, ReactiveFormsModule } from '@angular/forms';
+import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
+import { RouterModule } from '@angular/router';
+
+import { AppRoutingModule } from './app-routing.module';
+import { AppComponent } from './app.component';
+import { OrganizationsModule } from './organizations/organizations.module';
+import { DisablePersonalVaultExportPolicyComponent } from './policies/disable-personal-vault-export.component';
+import { MaximumVaultTimeoutPolicyComponent } from './policies/maximum-vault-timeout.component';
+
+import { OssRoutingModule } from 'src/app/oss-routing.module';
+import { OssModule } from 'src/app/oss.module';
+import { ServicesModule } from 'src/app/services/services.module';
+import { WildcardRoutingModule } from 'src/app/wildcard-routing.module';
+
+@NgModule({
+    imports: [
+        OssModule,
+        BrowserAnimationsModule,
+        FormsModule,
+        ReactiveFormsModule,
+        ServicesModule,
+        ToasterModule.forRoot(),
+        InfiniteScrollModule,
+        DragDropModule,
+        AppRoutingModule,
+        OssRoutingModule,
+        OrganizationsModule,
+        RouterModule,
+        WildcardRoutingModule, // Needs to be last to catch all non-existing routes
+    ],
+    declarations: [
+        AppComponent,
+        MaximumVaultTimeoutPolicyComponent,
+        DisablePersonalVaultExportPolicyComponent,
+    ],
+    bootstrap: [AppComponent],
+})
+export class AppModule { }

bitwarden_license/src/app/main.ts

@@ -0,0 +1,17 @@
+import { enableProdMode } from '@angular/core';
+import { platformBrowserDynamic } from '@angular/platform-browser-dynamic';
+
+import 'bootstrap';
+import 'jquery';
+import 'popper.js';
+
+// tslint:disable-next-line
+require('src/scss/styles.scss');
+
+import { AppModule } from './app.module';
+
+if (process.env.NODE_ENV === 'production') {
+    enableProdMode();
+}
+
+platformBrowserDynamic().bootstrapModule(AppModule, { preserveWhitespaces: true });

bitwarden_license/src/app/organizations/manage/sso.component.html

@@ -0,0 +1,284 @@
+<div class="page-header d-flex">
+    <h1>{{'singleSignOn' | i18n}}</h1>
+</div>
+
+<ng-container *ngIf="loading">
+    <i class="fa fa-spinner fa-spin text-muted" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+    <span class="sr-only">{{'loading' | i18n}}</span>
+</ng-container>
+
+<form #form (ngSubmit)="submit()" [formGroup]="data" [appApiAction]="formPromise" *ngIf="!loading">
+    <div class="form-group">
+        <div class="form-check">
+            <input class="form-check-input" type="checkbox" id="enabled" [formControl]="enabled" name="Enabled">
+            <label class="form-check-label" for="enabled">{{'enabled' | i18n}}</label>
+        </div>
+    </div>
+
+    <div class="form-group">
+        <label for="type">{{'type' | i18n}}</label>
+        <select class="form-control" id="type" formControlName="configType">
+            <option value="0" disabled>{{'selectType' | i18n}}</option>
+            <option value="1">OpenID Connect</option>
+            <option value="2">SAML 2.0</option>
+        </select>
+    </div>
+
+    <!-- OIDC -->
+    <div *ngIf="data.value.configType == 1">
+        <div class="config-section">
+            <h2>{{'openIdConnectConfig' | i18n}}</h2>
+            <div class="form-group">
+                <label>{{'callbackPath' | i18n}}</label>
+                <div class="input-group">
+                    <input class="form-control" readonly [value]="callbackPath">
+                    <div class="input-group-append">
+                        <button type="button" class="btn btn-outline-secondary"
+                            appA11yTitle="{{'copyValue' | i18n}}"
+                            (click)="copy(callbackPath)">
+                            <i class="fa fa-lg fa-clone" aria-hidden="true"></i>
+                        </button>
+                    </div>
+                </div>
+            </div>
+            <div class="form-group">
+                <label>{{'signedOutCallbackPath' | i18n}}</label>
+                <div class="input-group">
+                    <input class="form-control" readonly [value]="signedOutCallbackPath">
+                    <div class="input-group-append">
+                        <button type="button" class="btn btn-outline-secondary"
+                            appA11yTitle="{{'copyValue' | i18n}}"
+                            (click)="copy(signedOutCallbackPath)">
+                            <i class="fa fa-lg fa-clone" aria-hidden="true"></i>
+                        </button>
+                    </div>
+                </div>
+            </div>
+            <div class="form-group">
+                <label>{{'authority' | i18n}}</label>
+                <input class="form-control" formControlName="authority">
+            </div>
+            <div class="form-group">
+                <label>{{'clientId' | i18n}}</label>
+                <input class="form-control" formControlName="clientId">
+            </div>
+            <div class="form-group">
+                <label>{{'clientSecret' | i18n}}</label>
+                <input class="form-control" formControlName="clientSecret">
+            </div>
+            <div class="form-group">
+                <label>{{'metadataAddress' | i18n}}</label>
+                <input class="form-control" formControlName="metadataAddress">
+            </div>
+            <div class="form-group">
+                <label>{{'oidcRedirectBehavior' | i18n}}</label>
+                <select class="form-control" formControlName="redirectBehavior">
+                    <option value="0">Redirect GET</option>
+                    <option value="1">Form POST</option>
+                </select>
+            </div>
+            <div class="form-group">
+                <div class="form-check">
+                    <input class="form-check-input" type="checkbox" id="getClaimsFromUserInfoEndpoint"
+                        formControlName="getClaimsFromUserInfoEndpoint">
+                    <label class="form-check-label" for="getClaimsFromUserInfoEndpoint">
+                        {{'getClaimsFromUserInfoEndpoint' | i18n}}
+                    </label>
+                </div>
+            </div>
+            <div class="form-group">
+                <label>{{'additionalScopes' | i18n}}</label>
+                <input class="form-control" formControlName="additionalScopes">
+            </div>
+            <div class="form-group">
+                <label>{{'additionalUserIdClaimTypes' | i18n}}</label>
+                <input class="form-control" formControlName="additionalUserIdClaimTypes">
+            </div>
+            <div class="form-group">
+                <label>{{'additionalEmailClaimTypes' | i18n}}</label>
+                <input class="form-control" formControlName="additionalEmailClaimTypes">
+            </div>
+            <div class="form-group">
+                <label>{{'additionalNameClaimTypes' | i18n}}</label>
+                <input class="form-control" formControlName="additionalNameClaimTypes">
+            </div>
+            <div class="form-group">
+                <label>{{'acrValues' | i18n}}</label>
+                <input class="form-control" formControlName="acrValues">
+            </div>
+            <div class="form-group">
+                <label>{{'expectedReturnAcrValue' | i18n}}</label>
+                <input class="form-control" formControlName="expectedReturnAcrValue">
+            </div>
+        </div>
+    </div>
+
+    <div *ngIf="data.value.configType == 2">
+        <!-- SAML2 SP -->
+        <div class="config-section">
+            <h2>{{'samlSpConfig' | i18n}}</h2>
+            <div class="form-group">
+                <label>{{'spEntityId' | i18n}}</label>
+                <div class="input-group">
+                    <input class="form-control" readonly [value]="spEntityId" >
+                    <div class="input-group-append">
+                        <button type="button" class="btn btn-outline-secondary"
+                            appA11yTitle="{{'copyValue' | i18n}}"
+                            (click)="copy(spEntityId)">
+                            <i class="fa fa-lg fa-clone" aria-hidden="true"></i>
+                        </button>
+                    </div>
+                </div>
+            </div>
+            <div class="form-group">
+                <label>{{'spMetadataUrl' | i18n}}</label>
+                <div class="input-group">
+                    <input class="form-control" readonly [value]="spMetadataUrl">
+                    <div class="input-group-append">
+                        <button type="button" class="btn btn-outline-secondary"
+                            appA11yTitle="{{'launch' | i18n}}"
+                            (click)="launchUri(spMetadataUrl)">
+                            <i class="fa fa-lg fa-external-link" aria-hidden="true"></i>
+                        </button>
+                        <button type="button" class="btn btn-outline-secondary"
+                            appA11yTitle="{{'copyValue' | i18n}}"
+                            (click)="copy(spMetadataUrl)">
+                            <i class="fa fa-lg fa-clone" aria-hidden="true"></i>
+                        </button>
+                    </div>
+                </div>
+            </div>
+            <div class="form-group">
+                <label>{{'spAcsUrl' | i18n}}</label>
+                <div class="input-group">
+                    <input class="form-control" readonly [value]="spAcsUrl">
+                    <div class="input-group-append">
+                        <button type="button" class="btn btn-outline-secondary"
+                            appA11yTitle="{{'copyValue' | i18n}}"
+                            (click)="copy(spAcsUrl)">
+                            <i class="fa fa-lg fa-clone" aria-hidden="true"></i>
+                        </button>
+                    </div>
+                </div>
+            </div>
+            <div class="form-group">
+                <label>{{'spNameIdFormat' | i18n}}</label>
+                <select class="form-control" formControlName="spNameIdFormat">
+                    <option value="0">Not Configured</option>
+                    <option value="1">Unspecified</option>
+                    <option value="2">Email Address</option>
+                    <option value="3">X.509 Subject Name</option>
+                    <option value="4">Windows Domain Qualified Name</option>
+                    <option value="5">Kerberos Principal Name</option>
+                    <option value="6">Entity Identifier</option>
+                    <option value="7">Persistent</option>
+                    <option value="8">Transient</option>
+                </select>
+            </div>
+            <div class="form-group">
+                <label>{{'spOutboundSigningAlgorithm' | i18n}}</label>
+                <select class="form-control" formControlName="spOutboundSigningAlgorithm">
+                    <option *ngFor="let o of samlSigningAlgorithms" [ngValue]="o">{{o}}</option>
+                </select>
+            </div>
+            <div class="form-group">
+                <label>{{'spSigningBehavior' | i18n}}</label>
+                <select class="form-control" formControlName="spSigningBehavior">
+                    <option value="0">If IdP Wants Authn Requests Signed</option>
+                    <option value="1">Always</option>
+                    <option value="3">Never</option>
+                </select>
+            </div>
+            <div class="form-group">
+                <label>{{'spMinIncomingSigningAlgorithm' | i18n}}</label>
+                <select class="form-control" formControlName="spMinIncomingSigningAlgorithm">
+                    <option *ngFor="let o of samlSigningAlgorithms" [ngValue]="o">{{o}}</option>
+                </select>
+            </div>
+            <div class="form-group">
+                <div class="form-check">
+                    <input class="form-check-input" type="checkbox" id="spWantAssertionsSigned" formControlName="spWantAssertionsSigned">
+                    <label class="form-check-label" for="spWantAssertionsSigned">{{'spWantAssertionsSigned' | i18n}}</label>
+                </div>
+            </div>
+            <div class="form-group">
+                <div class="form-check">
+                    <input class="form-check-input" type="checkbox" id="spValidateCertificates" formControlName="spValidateCertificates">
+                    <label class="form-check-label" for="spValidateCertificates">{{'spValidateCertificates' | i18n}}</label>
+                </div>
+            </div>
+        </div>
+
+        <!-- SAML2 IDP -->
+        <div class="config-section">
+            <h2>{{'samlIdpConfig' | i18n}}</h2>
+
+            <div class="form-group">
+                <label>{{'idpEntityId' | i18n}}</label>
+                <input class="form-control" formControlName="idpEntityId">
+            </div>
+            <div class="form-group">
+                <label>{{'idpBindingType' | i18n}}</label>
+                <select class="form-control" formControlName="idpBindingType">
+                    <option value="1">Redirect</option>
+                    <option value="2">HTTP POST</option>
+                    <option value="4">Artifact</option>
+                </select>
+            </div>
+            <div class="form-group">
+                <label>{{'idpSingleSignOnServiceUrl' | i18n}}</label>
+                <input class="form-control" formControlName="idpSingleSignOnServiceUrl">
+            </div>
+            <div class="form-group">
+                <label>{{'idpSingleLogoutServiceUrl' | i18n}}</label>
+                <input class="form-control" formControlName="idpSingleLogoutServiceUrl">
+            </div>
+            <div class="form-group">
+                <label>{{'idpArtifactResolutionServiceUrl' | i18n}}</label>
+                <input class="form-control" formControlName="idpArtifactResolutionServiceUrl">
+            </div>
+            <div class="form-group">
+                <label>{{'idpX509PublicCert' | i18n}}</label>
+                <textarea formControlName="idpX509PublicCert" class="form-control form-control-sm text-monospace" rows="6"></textarea>
+            </div>
+            <div class="form-group">
+                <label>{{'idpOutboundSigningAlgorithm' | i18n}}</label>
+                <select class="form-control" formControlName="idpOutboundSigningAlgorithm">
+                    <option *ngFor="let o of samlSigningAlgorithms" [ngValue]="o">{{o}}</option>
+                </select>
+            </div>
+            <div class="form-group">
+                <div class="form-check">
+                    <input class="form-check-input" type="checkbox" id="idpAllowUnsolicitedAuthnResponse"
+                        formControlName="idpAllowUnsolicitedAuthnResponse">
+                    <label class="form-check-label" for="idpAllowUnsolicitedAuthnResponse">
+                        {{'idpAllowUnsolicitedAuthnResponse' | i18n}}
+                    </label>
+                </div>
+            </div>
+            <div class="form-group">
+                <div class="form-check">
+                    <input class="form-check-input" type="checkbox" id="idpDisableOutboundLogoutRequests"
+                        formControlName="idpDisableOutboundLogoutRequests">
+                    <label class="form-check-label" for="idpDisableOutboundLogoutRequests">
+                        {{'idpDisableOutboundLogoutRequests' | i18n}}
+                    </label>
+                </div>
+            </div>
+            <div class="form-group">
+                <div class="form-check">
+                    <input class="form-check-input" type="checkbox" id="idpWantAuthnRequestsSigned"
+                        formControlName="idpWantAuthnRequestsSigned">
+                    <label class="form-check-label" for="idpWantAuthnRequestsSigned">
+                        {{'idpWantAuthnRequestsSigned' | i18n}}
+                    </label>
+                </div>
+            </div>
+        </div>
+    </div>
+
+    <button type="submit" class="btn btn-primary btn-submit" [disabled]="form.loading">
+        <i class="fa fa-spinner fa-spin" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+        <span>{{'save' | i18n}}</span>
+    </button>
+</form>

bitwarden_license/src/app/organizations/manage/sso.component.ts

@@ -0,0 +1,121 @@
+import {
+    Component,
+    OnInit,
+} from '@angular/core';
+import { FormBuilder } from '@angular/forms';
+import { ActivatedRoute } from '@angular/router';
+
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+import { OrganizationSsoRequest } from 'jslib-common/models/request/organization/organizationSsoRequest';
+
+@Component({
+    selector: 'app-org-manage-sso',
+    templateUrl: 'sso.component.html',
+})
+export class SsoComponent implements OnInit {
+
+    samlSigningAlgorithms = [
+        'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
+        'http://www.w3.org/2000/09/xmldsig#rsa-sha384',
+        'http://www.w3.org/2000/09/xmldsig#rsa-sha512',
+        'http://www.w3.org/2000/09/xmldsig#rsa-sha1',
+    ];
+
+    loading = true;
+    organizationId: string;
+    formPromise: Promise<any>;
+
+    callbackPath: string;
+    signedOutCallbackPath: string;
+    spEntityId: string;
+    spMetadataUrl: string;
+    spAcsUrl: string;
+
+    enabled = this.fb.control(false);
+    data = this.fb.group({
+        configType: [],
+
+        // OpenId
+        authority: [],
+        clientId: [],
+        clientSecret: [],
+        metadataAddress: [],
+        redirectBehavior: [],
+        getClaimsFromUserInfoEndpoint: [],
+        additionalScopes: [],
+        additionalUserIdClaimTypes: [],
+        additionalEmailClaimTypes: [],
+        additionalNameClaimTypes: [],
+        acrValues: [],
+        expectedReturnAcrValue: [],
+
+        // SAML
+        spNameIdFormat: [],
+        spOutboundSigningAlgorithm: [],
+        spSigningBehavior: [],
+        spMinIncomingSigningAlgorithm: [],
+        spWantAssertionsSigned: [],
+        spValidateCertificates: [],
+
+        idpEntityId: [],
+        idpBindingType: [],
+        idpSingleSignOnServiceUrl: [],
+        idpSingleLogoutServiceUrl: [],
+        idpArtifactResolutionServiceUrl: [],
+        idpX509PublicCert: [],
+        idpOutboundSigningAlgorithm: [],
+        idpAllowUnsolicitedAuthnResponse: [],
+        idpDisableOutboundLogoutRequests: [],
+        idpWantAuthnRequestsSigned: [],
+    });
+
+    constructor(private fb: FormBuilder, private route: ActivatedRoute, private apiService: ApiService,
+        private platformUtilsService: PlatformUtilsService, private i18nService: I18nService) { }
+
+    async ngOnInit() {
+        this.route.parent.parent.params.subscribe(async params => {
+            this.organizationId = params.organizationId;
+            await this.load();
+        });
+    }
+
+    async load() {
+        const ssoSettings = await this.apiService.getOrganizationSso(this.organizationId);
+
+        this.data.patchValue(ssoSettings.data);
+        this.enabled.setValue(ssoSettings.enabled);
+
+        this.callbackPath = ssoSettings.urls.callbackPath;
+        this.signedOutCallbackPath = ssoSettings.urls.signedOutCallbackPath;
+        this.spEntityId = ssoSettings.urls.spEntityId;
+        this.spMetadataUrl = ssoSettings.urls.spMetadataUrl;
+        this.spAcsUrl = ssoSettings.urls.spAcsUrl;
+
+        this.loading = false;
+    }
+
+    copy(value: string) {
+        this.platformUtilsService.copyToClipboard(value);
+    }
+
+    launchUri(url: string) {
+        this.platformUtilsService.launchUri(url);
+    }
+
+    async submit() {
+        const request = new OrganizationSsoRequest();
+        request.enabled = this.enabled.value;
+        request.data = this.data.value;
+
+        this.formPromise = this.apiService.postOrganizationSso(this.organizationId, request);
+
+        const response = await this.formPromise;
+        this.data.patchValue(response.data);
+        this.enabled.setValue(response.enabled);
+
+        this.formPromise = null;
+        this.platformUtilsService.showToast('success', null, this.i18nService.t('ssoSettingsSaved'));
+    }
+}

bitwarden_license/src/app/organizations/organizations-routing.module.ts

@@ -0,0 +1,54 @@
+import { NgModule } from '@angular/core';
+import { RouterModule, Routes } from '@angular/router';
+
+import { AuthGuardService } from 'jslib-angular/services/auth-guard.service';
+
+import { Permissions } from 'jslib-common/enums/permissions';
+
+import { OrganizationLayoutComponent } from 'src/app/layouts/organization-layout.component';
+import { ManageComponent } from 'src/app/organizations/manage/manage.component';
+import { OrganizationGuardService } from 'src/app/services/organization-guard.service';
+import { OrganizationTypeGuardService } from 'src/app/services/organization-type-guard.service';
+
+import { SsoComponent } from './manage/sso.component';
+
+const routes: Routes = [
+    {
+        path: 'organizations/:organizationId',
+        component: OrganizationLayoutComponent,
+        canActivate: [AuthGuardService, OrganizationGuardService],
+        children: [
+            {
+                path: 'manage',
+                component: ManageComponent,
+                canActivate: [OrganizationTypeGuardService],
+                data: {
+                    permissions: [
+                        Permissions.CreateNewCollections,
+                        Permissions.EditAnyCollection,
+                        Permissions.DeleteAnyCollection,
+                        Permissions.EditAssignedCollections,
+                        Permissions.DeleteAssignedCollections,
+                        Permissions.AccessEventLogs,
+                        Permissions.ManageGroups,
+                        Permissions.ManageUsers,
+                        Permissions.ManagePolicies,
+                        Permissions.ManageSso,
+                    ],
+                },
+                children: [
+                    {
+                        path: 'sso',
+                        component: SsoComponent,
+                    },
+                ],
+            },
+        ],
+    },
+];
+
+@NgModule({
+    imports: [RouterModule.forChild(routes)],
+    exports: [RouterModule],
+})
+export class OrganizationsRoutingModule { }

bitwarden_license/src/app/organizations/organizations.module.ts

@@ -0,0 +1,22 @@
+import { CommonModule } from '@angular/common';
+import { NgModule } from '@angular/core';
+import { FormsModule, ReactiveFormsModule } from '@angular/forms';
+
+import { OssModule } from 'src/app/oss.module';
+
+import { SsoComponent } from './manage/sso.component';
+import { OrganizationsRoutingModule } from './organizations-routing.module';
+
+@NgModule({
+    imports: [
+        CommonModule,
+        FormsModule,
+        ReactiveFormsModule,
+        OssModule,
+        OrganizationsRoutingModule,
+    ],
+    declarations: [
+        SsoComponent,
+    ],
+})
+export class OrganizationsModule {}

bitwarden_license/src/app/policies/disable-personal-vault-export.component.html

@@ -0,0 +1,6 @@
+<div class="form-group">
+    <div class="form-check">
+        <input class="form-check-input" type="checkbox" id="enabled" [formControl]="enabled" name="Enabled">
+        <label class="form-check-label" for="enabled">{{'enabled' | i18n}}</label>
+    </div>
+</div>

bitwarden_license/src/app/policies/disable-personal-vault-export.component.ts

@@ -0,0 +1,24 @@
+import { Component } from '@angular/core';
+import { FormBuilder } from '@angular/forms';
+
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+
+import { PolicyType } from 'jslib-common/enums/policyType';
+
+import { PolicyRequest } from 'jslib-common/models/request/policyRequest';
+
+import { BasePolicy, BasePolicyComponent } from 'src/app/organizations/policies/base-policy.component';
+
+export class DisablePersonalVaultExportPolicy extends BasePolicy {
+    name = 'disablePersonalVaultExport';
+    description = 'disablePersonalVaultExportDesc';
+    type = PolicyType.DisablePersonalVaultExport;
+    component = DisablePersonalVaultExportPolicyComponent;
+}
+
+@Component({
+    selector: 'policy-disable-personal-vault-export',
+    templateUrl: 'disable-personal-vault-export.component.html',
+})
+export class DisablePersonalVaultExportPolicyComponent extends BasePolicyComponent {
+}

bitwarden_license/src/app/policies/maximum-vault-timeout.component.html

@@ -0,0 +1,27 @@
+<app-callout type="tip" title="{{'prerequisite' | i18n}}">
+    {{'requireSsoPolicyReq' | i18n}}
+</app-callout>
+
+<div class="form-group">
+    <div class="form-check">
+        <input class="form-check-input" type="checkbox" id="enabled" [formControl]="enabled" name="Enabled">
+        <label class="form-check-label" for="enabled">{{'enabled' | i18n}}</label>
+    </div>
+</div>
+
+<div [formGroup]="data">
+    <div class="form-group">
+        <label for="hours">{{'maximumVaultTimeoutLabel' | i18n}}</label>
+        <div class="row">
+            <div class="col-6">
+                <input id="hours" class="form-control" type="number" min="0" name="hours" formControlName="hours">
+                <small>{{'hours' | i18n }}</small>
+            </div>
+            <div class="col-6">
+                <input id="minutes" class="form-control" type="number" min="0" max="59" name="minutes"
+                    formControlName="minutes">
+                <small>{{'minutes' | i18n }}</small>
+            </div>
+        </div>
+    </div>
+</div>

bitwarden_license/src/app/policies/maximum-vault-timeout.component.ts

@@ -0,0 +1,70 @@
+import { Component } from '@angular/core';
+import { FormBuilder } from '@angular/forms';
+
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+
+import { PolicyType } from 'jslib-common/enums/policyType';
+
+import { PolicyRequest } from 'jslib-common/models/request/policyRequest';
+
+import { BasePolicy, BasePolicyComponent } from 'src/app/organizations/policies/base-policy.component';
+
+export class MaximumVaultTimeoutPolicy extends BasePolicy {
+    name = 'maximumVaultTimeout';
+    description = 'maximumVaultTimeoutDesc';
+    type = PolicyType.MaximumVaultTimeout;
+    component = MaximumVaultTimeoutPolicyComponent;
+}
+
+@Component({
+    selector: 'policy-maximum-timeout',
+    templateUrl: 'maximum-vault-timeout.component.html',
+})
+export class MaximumVaultTimeoutPolicyComponent extends BasePolicyComponent {
+
+    data = this.fb.group({
+        hours: [null],
+        minutes: [null],
+    });
+
+    constructor(private fb: FormBuilder, private i18nService: I18nService) {
+        super();
+    }
+
+    loadData() {
+        const minutes = this.policyResponse.data?.minutes;
+
+        if (minutes == null) {
+            return;
+        }
+
+        this.data.patchValue({
+            hours: Math.floor(minutes / 60),
+            minutes: minutes % 60,
+        });
+    }
+
+    buildRequestData() {
+        if (this.data.value.hours == null && this.data.value.minutes == null) {
+            return null;
+        }
+
+        return {
+            minutes: this.data.value.hours * 60 + this.data.value.minutes,
+        };
+    }
+
+    buildRequest(policiesEnabledMap: Map<PolicyType, boolean>): Promise<PolicyRequest> {
+        const singleOrgEnabled = policiesEnabledMap.get(PolicyType.SingleOrg) ?? false;
+        if (this.enabled.value && !singleOrgEnabled) {
+            throw new Error(this.i18nService.t('requireSsoPolicyReqError'));
+        }
+
+        const data = this.buildRequestData();
+        if (data?.minutes == null || data?.minutes <= 0) {
+            throw new Error(this.i18nService.t('invalidMaximumVaultTimeout'));
+        }
+
+        return super.buildRequest(policiesEnabledMap);
+    }
+}

bitwarden_license/src/app/providers/clients/add-organization.component.html

@@ -0,0 +1,35 @@
+<div class="modal fade" tabindex="-1" role="dialog" aria-modal="true" aria-labelledby="addTitle">
+    <div class="modal-dialog modal-dialog-scrollable" role="document">
+        <div class="modal-content">
+            <div class="modal-header">
+                <h2 class="modal-title" id="addTitle">
+                    {{'addExistingOrganization' | i18n}}
+                </h2>
+                <button type="button" class="close" data-dismiss="modal" appA11yTitle="{{'close' | i18n}}">
+                    <span aria-hidden="true">&times;</span>
+                </button>
+            </div>
+            <div class="modal-body">
+                <div class="card-body text-center" *ngIf="loading">
+                    <i class="fa fa-spinner fa-spin" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+                    {{'loading' | i18n}}
+                </div>
+                <ng-container *ngIf="!loading">
+                    <table class="table table-hover table-list">
+                        <tr *ngFor="let o of organizations">
+                            <td width="30">
+                                <app-avatar [data]="o.name" size="25" [circle]="true" [fontSize]="14"></app-avatar>
+                            </td>
+                            <td>
+                                {{o.name}}
+                            </td>
+                            <td>
+                                <button class="btn btn-outline-secondary pull-right" (click)="add(o)" [disabled]="formPromise">Add</button>
+                            </td>
+                        </tr>
+                    </table>
+                </ng-container>
+            </div>
+        </div>
+    </div>
+</div>

bitwarden_license/src/app/providers/clients/add-organization.component.ts

@@ -0,0 +1,83 @@
+import {
+    Component,
+    EventEmitter,
+    Input,
+    OnInit,
+    Output
+} from '@angular/core';
+import { ToasterService } from 'angular2-toaster';
+
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+import { UserService } from 'jslib-common/abstractions/user.service';
+
+import { ValidationService } from 'jslib-angular/services/validation.service';
+
+import { ProviderService } from '../services/provider.service';
+
+import { Organization } from 'jslib-common/models/domain/organization';
+import { Provider } from 'jslib-common/models/domain/provider';
+
+import { PlanType } from 'jslib-common/enums/planType';
+
+@Component({
+    selector: 'provider-add-organization',
+    templateUrl: 'add-organization.component.html',
+})
+export class AddOrganizationComponent implements OnInit {
+
+    @Input() providerId: string;
+    @Input() organizations: Organization[];
+    @Output() onAddedOrganization = new EventEmitter();
+
+    provider: Provider;
+    formPromise: Promise<any>;
+    loading = true;
+
+    constructor(private userService: UserService, private providerService: ProviderService,
+        private toasterService: ToasterService, private i18nService: I18nService,
+        private platformUtilsService: PlatformUtilsService, private validationService: ValidationService,
+        private apiService: ApiService) { }
+
+    async ngOnInit() {
+        await this.load();
+    }
+
+    async load() {
+        if (this.providerId == null) {
+            return;
+        }
+
+        this.provider = await this.userService.getProvider(this.providerId);
+
+        this.loading = false;
+    }
+
+    async add(organization: Organization) {
+        if (this.formPromise) {
+            return;
+        }
+
+        const confirmed = await this.platformUtilsService.showDialog(
+            this.i18nService.t('addOrganizationConfirmation', organization.name, this.provider.name), organization.name,
+            this.i18nService.t('yes'), this.i18nService.t('no'), 'warning');
+
+        if (!confirmed) {
+            return false;
+        }
+
+        try {
+            this.formPromise = this.providerService.addOrganizationToProvider(this.providerId, organization.id);
+            await this.formPromise;
+        } catch (e) {
+            this.validationService.showError(e);
+            return;
+        } finally {
+            this.formPromise = null;
+        }
+
+        this.toasterService.popAsync('success', null, this.i18nService.t('organizationJoinedProvider'));
+        this.onAddedOrganization.emit();
+    }
+}

bitwarden_license/src/app/providers/clients/clients.component.html

@@ -0,0 +1,62 @@
+<div class="page-header d-flex">
+    <h1>{{'clients' | i18n}}</h1>
+
+    <div class="ml-auto d-flex">
+        <div>
+            <label class="sr-only" for="search">{{'search' | i18n}}</label>
+            <input type="search" class="form-control form-control-sm" id="search" placeholder="{{'search' | i18n}}"
+                [(ngModel)]="searchText">
+        </div>
+        <a class="btn btn-sm btn-outline-primary ml-3" routerLink="create" *ngIf="manageOrganizations">
+            <i class="fa fa-plus fa-fw" aria-hidden="true"></i>
+            {{'newClientOrganization' | i18n}}
+        </a>
+        <button class="btn btn-sm btn-outline-primary ml-3" (click)="addExistingOrganization()"
+            *ngIf="manageOrganizations && showAddExisting">
+            <i class="fa fa-plus fa-fw" aria-hidden="true"></i>
+            {{'addExistingOrganization' | i18n}}
+        </button>
+    </div>
+</div>
+
+<ng-container *ngIf="loading">
+    <i class="fa fa-spinner fa-spin text-muted" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+    <span class="sr-only">{{'loading' | i18n}}</span>
+</ng-container>
+
+<ng-container
+    *ngIf="!loading && (clients | search:searchText:'organizationName':'id') as searchedClients">
+    <p *ngIf="!searchedClients.length">{{'noClientsInList' | i18n}}</p>
+    <ng-container *ngIf="searchedClients.length">
+        <table class="table table-hover table-list" infiniteScroll [infiniteScrollDistance]="1"
+            [infiniteScrollDisabled]="!isPaging()" (scrolled)="loadMore()">
+            <tbody>
+                <tr *ngFor="let o of searchedClients">
+                    <td width="30">
+                        <app-avatar [data]="o.organizationName" size="25" [circle]="true" [fontSize]="14"></app-avatar>
+                    </td>
+                    <td>
+                        <a [routerLink]="['/organizations', o.organizationId]">{{o.organizationName}}</a>
+                    </td>
+                    <td class="table-list-options" *ngIf="manageOrganizations">
+                        <div class="dropdown" appListDropdown>
+                            <button class="btn btn-outline-secondary dropdown-toggle" type="button"
+                                data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"
+                                appA11yTitle="{{'options' | i18n}}">
+                                <i class="fa fa-cog fa-lg" aria-hidden="true"></i>
+                            </button>
+                            <div class="dropdown-menu dropdown-menu-right">
+                                <a class="dropdown-item text-danger" href="#" appStopClick (click)="remove(o)">
+                                    <i class="fa fa-fw fa-remove" aria-hidden="true"></i>
+                                    {{'remove' | i18n}}
+                                </a>
+                            </div>
+                        </div>
+                    </td>
+                </tr>
+            </tbody>
+        </table>
+    </ng-container>
+</ng-container>
+
+<ng-template #add></ng-template>

bitwarden_license/src/app/providers/clients/clients.component.ts

@@ -0,0 +1,160 @@
+import {
+    Component,
+    OnInit,
+    ViewChild,
+    ViewContainerRef
+} from '@angular/core';
+import { ActivatedRoute } from '@angular/router';
+import { ToasterService } from 'angular2-toaster';
+
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { LogService } from 'jslib-common/abstractions/log.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+import { SearchService } from 'jslib-common/abstractions/search.service';
+import { UserService } from 'jslib-common/abstractions/user.service';
+
+import { ModalService } from 'jslib-angular/services/modal.service';
+import { ValidationService } from 'jslib-angular/services/validation.service';
+
+import { PlanType } from 'jslib-common/enums/planType';
+import { ProviderUserType } from 'jslib-common/enums/providerUserType';
+
+import { Organization } from 'jslib-common/models/domain/organization';
+import {
+    ProviderOrganizationOrganizationDetailsResponse
+} from 'jslib-common/models/response/provider/providerOrganizationResponse';
+
+import { ProviderService } from '../services/provider.service';
+
+import { AddOrganizationComponent } from './add-organization.component';
+
+const DisallowedPlanTypes = [PlanType.Free, PlanType.FamiliesAnnually2019, PlanType.FamiliesAnnually];
+
+@Component({
+    templateUrl: 'clients.component.html',
+})
+export class ClientsComponent implements OnInit {
+
+    @ViewChild('add', { read: ViewContainerRef, static: true }) addModalRef: ViewContainerRef;
+
+    providerId: any;
+    searchText: string;
+    addableOrganizations: Organization[];
+    loading = true;
+    manageOrganizations = false;
+    showAddExisting = false;
+
+    clients: ProviderOrganizationOrganizationDetailsResponse[];
+    pagedClients: ProviderOrganizationOrganizationDetailsResponse[];
+
+    protected didScroll = false;
+    protected pageSize = 100;
+    protected actionPromise: Promise<any>;
+    private pagedClientsCount = 0;
+
+    constructor(private route: ActivatedRoute, private userService: UserService,
+        private apiService: ApiService, private searchService: SearchService,
+        private platformUtilsService: PlatformUtilsService, private i18nService: I18nService,
+        private toasterService: ToasterService, private validationService: ValidationService,
+        private providerService: ProviderService, private logService: LogService,
+        private modalService: ModalService) { }
+
+    async ngOnInit() {
+        this.route.parent.params.subscribe(async params => {
+            this.providerId = params.providerId;
+
+            await this.load();
+
+            const queryParamsSub = this.route.queryParams.subscribe(async qParams => {
+                this.searchText = qParams.search;
+                if (queryParamsSub != null) {
+                    queryParamsSub.unsubscribe();
+                }
+            });
+        });
+    }
+
+    async load() {
+        const response = await this.apiService.getProviderClients(this.providerId);
+        this.clients = response.data != null && response.data.length > 0 ? response.data : [];
+        this.manageOrganizations = (await this.userService.getProvider(this.providerId)).type === ProviderUserType.ProviderAdmin;
+        const candidateOrgs = (await this.userService.getAllOrganizations()).filter(o => o.isOwner && o.providerId == null);
+        const allowedOrgsIds = await Promise.all(candidateOrgs.map(o => this.apiService.getOrganization(o.id))).then(orgs =>
+            orgs.filter(o => !DisallowedPlanTypes.includes(o.planType))
+                .map(o => o.id));
+        this.addableOrganizations = candidateOrgs.filter(o => allowedOrgsIds.includes(o.id));
+
+        this.showAddExisting = this.addableOrganizations.length !== 0;
+        this.loading = false;
+    }
+
+    isPaging() {
+        const searching = this.isSearching();
+        if (searching && this.didScroll) {
+            this.resetPaging();
+        }
+        return !searching && this.clients && this.clients.length > this.pageSize;
+    }
+
+    isSearching() {
+        return this.searchService.isSearchable(this.searchText);
+    }
+
+    async resetPaging() {
+        this.pagedClients = [];
+        this.loadMore();
+    }
+
+
+    loadMore() {
+        if (!this.clients || this.clients.length <= this.pageSize) {
+            return;
+        }
+        const pagedLength = this.pagedClients.length;
+        let pagedSize = this.pageSize;
+        if (pagedLength === 0 && this.pagedClientsCount > this.pageSize) {
+            pagedSize = this.pagedClientsCount;
+        }
+        if (this.clients.length > pagedLength) {
+            this.pagedClients = this.pagedClients.concat(this.clients.slice(pagedLength, pagedLength + pagedSize));
+        }
+        this.pagedClientsCount = this.pagedClients.length;
+        this.didScroll = this.pagedClients.length > this.pageSize;
+    }
+
+    async addExistingOrganization() {
+        const [modal] = await this.modalService.openViewRef(AddOrganizationComponent, this.addModalRef, comp => {
+            comp.providerId = this.providerId;
+            comp.organizations = this.addableOrganizations;
+            comp.onAddedOrganization.subscribe(async () => {
+                try {
+                    await this.load();
+                    modal.close();
+                } catch (e) {
+                    this.logService.error(`Handled exception: ${e}`);
+                }
+            });
+        });
+    }
+
+    async remove(organization: ProviderOrganizationOrganizationDetailsResponse) {
+        const confirmed = await this.platformUtilsService.showDialog(
+            this.i18nService.t('detachOrganizationConfirmation'), organization.organizationName,
+            this.i18nService.t('yes'), this.i18nService.t('no'), 'warning');
+
+        if (!confirmed) {
+            return false;
+        }
+
+        this.actionPromise = this.providerService.detachOrganizastion(this.providerId, organization.id);
+        try {
+            await this.actionPromise;
+            this.toasterService.popAsync('success', null, this.i18nService.t('detachedOrganization', organization.organizationName));
+            await this.load();
+        } catch (e) {
+            this.validationService.showError(e);
+        }
+        this.actionPromise = null;
+    }
+}

bitwarden_license/src/app/providers/clients/create-organization.component.html

@@ -0,0 +1,5 @@
+<div class="page-header">
+    <h1>{{'newClientOrganization' | i18n}}</h1>
+</div>
+<p>{{'newClientOrganizationDesc' | i18n}}</p>
+<app-organization-plans [providerId]="providerId"></app-organization-plans>

bitwarden_license/src/app/providers/clients/create-organization.component.ts

@@ -0,0 +1,26 @@
+import {
+    Component,
+    OnInit,
+    ViewChild,
+} from '@angular/core';
+import { ActivatedRoute } from '@angular/router';
+
+import { OrganizationPlansComponent } from 'src/app/settings/organization-plans.component';
+
+@Component({
+    selector: 'app-create-organization',
+    templateUrl: 'create-organization.component.html',
+})
+export class CreateOrganizationComponent implements OnInit {
+    @ViewChild(OrganizationPlansComponent, { static: true }) orgPlansComponent: OrganizationPlansComponent;
+
+    providerId: string;
+
+    constructor(private route: ActivatedRoute) { }
+
+    ngOnInit() {
+        this.route.parent.params.subscribe(async params => {
+            this.providerId = params.providerId;
+        });
+    }
+}

bitwarden_license/src/app/providers/manage/accept-provider.component.html

@@ -0,0 +1,35 @@
+<div class="mt-5 d-flex justify-content-center" *ngIf="loading">
+    <div>
+        <img class="mb-4 logo logo-themed" alt="Bitwarden">
+        <p class="text-center">
+            <i class="fa fa-spinner fa-spin fa-2x text-muted" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+            <span class="sr-only">{{'loading' | i18n}}</span>
+        </p>
+    </div>
+</div>
+<div class="container" *ngIf="!loading && !authed">
+    <div class="row justify-content-md-center mt-5">
+        <div class="col-5">
+            <p class="lead text-center mb-4">{{'joinProvider' | i18n}}</p>
+            <div class="card d-block">
+                <div class="card-body">
+                    <p class="text-center">
+                        {{providerName}}
+                        <strong class="d-block mt-2">{{email}}</strong>
+                    </p>
+                    <p>{{'joinProviderDesc' | i18n}}</p>
+                    <hr>
+                    <div class="d-flex">
+                        <a routerLink="/" [queryParams]="{email: email}" class="btn btn-primary btn-block">
+                            {{'logIn' | i18n}}
+                        </a>
+                        <a routerLink="/register" [queryParams]="{email: email}"
+                            class="btn btn-primary btn-block ml-2 mt-0">
+                            {{'createAccount' | i18n}}
+                        </a>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>

bitwarden_license/src/app/providers/manage/accept-provider.component.ts

@@ -0,0 +1,48 @@
+import { Component } from '@angular/core';
+import { ActivatedRoute, Router } from '@angular/router';
+import { Toast, ToasterService } from 'angular2-toaster';
+
+import { BaseAcceptComponent } from 'src/app/common/base.accept.component';
+
+import { ApiService } from 'jslib-common/abstractions/api.service';
+
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { StateService } from 'jslib-common/abstractions/state.service';
+import { UserService } from 'jslib-common/abstractions/user.service';
+import { ProviderUserAcceptRequest } from 'jslib-common/models/request/provider/providerUserAcceptRequest';
+
+@Component({
+    selector: 'app-accept-provider',
+    templateUrl: 'accept-provider.component.html',
+})
+export class AcceptProviderComponent extends BaseAcceptComponent {
+    providerName: string;
+
+    failedMessage = 'providerInviteAcceptFailed';
+
+    requiredParameters = ['providerId', 'providerUserId', 'token'];
+
+    constructor(router: Router, toasterService: ToasterService, i18nService: I18nService, route: ActivatedRoute,
+        userService: UserService, stateService: StateService, private apiService: ApiService) {
+        super(router, toasterService, i18nService, route, userService, stateService);
+    }
+
+    async authedHandler(qParams: any) {
+        const request = new ProviderUserAcceptRequest();
+        request.token = qParams.token;
+
+        await this.apiService.postProviderUserAccept(qParams.providerId, qParams.providerUserId, request);
+        const toast: Toast = {
+            type: 'success',
+            title: this.i18nService.t('inviteAccepted'),
+            body: this.i18nService.t('providerInviteAcceptedDesc'),
+            timeout: 10000,
+        };
+        this.toasterService.popAsync(toast);
+        this.router.navigate(['/vault']);
+    }
+
+    async unauthedHandler(qParams: any) {
+        this.providerName = qParams.providerName;
+    }
+}

bitwarden_license/src/app/providers/manage/bulk/bulk-confirm.component.ts

@@ -0,0 +1,38 @@
+import {
+    Component,
+    Input,
+} from '@angular/core';
+
+import { ProviderUserBulkConfirmRequest } from 'jslib-common/models/request/provider/providerUserBulkConfirmRequest';
+import { ProviderUserBulkRequest } from 'jslib-common/models/request/provider/providerUserBulkRequest';
+
+import { ProviderUserStatusType } from 'jslib-common/enums/providerUserStatusType';
+
+import { BulkConfirmComponent as OrganizationBulkConfirmComponent } from 'src/app/organizations/manage/bulk/bulk-confirm.component';
+import { BulkUserDetails } from 'src/app/organizations/manage/bulk/bulk-status.component';
+
+@Component({
+    templateUrl: '/src/app/organizations/manage/bulk/bulk-confirm.component.html',
+})
+export class BulkConfirmComponent extends OrganizationBulkConfirmComponent {
+
+    @Input() providerId: string;
+
+    protected isAccepted(user: BulkUserDetails) {
+        return user.status === ProviderUserStatusType.Accepted;
+    }
+
+    protected async getPublicKeys() {
+        const request = new ProviderUserBulkRequest(this.filteredUsers.map(user => user.id));
+        return await this.apiService.postProviderUsersPublicKey(this.providerId, request);
+    }
+
+    protected getCryptoKey() {
+        return this.cryptoService.getProviderKey(this.providerId);
+    }
+
+    protected async postConfirmRequest(userIdsWithKeys: any[]) {
+        const request = new ProviderUserBulkConfirmRequest(userIdsWithKeys);
+        return await this.apiService.postProviderUserBulkConfirm(this.providerId, request);
+    }
+}

bitwarden_license/src/app/providers/manage/bulk/bulk-remove.component.ts

@@ -0,0 +1,21 @@
+import {
+    Component,
+    Input,
+} from '@angular/core';
+
+import { ProviderUserBulkRequest } from 'jslib-common/models/request/provider/providerUserBulkRequest';
+
+import { BulkRemoveComponent as OrganizationBulkRemoveComponent } from 'src/app/organizations/manage/bulk/bulk-remove.component';
+
+@Component({
+    templateUrl: '/src/app/organizations/manage/bulk/bulk-remove.component.html',
+})
+export class BulkRemoveComponent extends OrganizationBulkRemoveComponent {
+
+    @Input() providerId: string;
+
+    async deleteUsers() {
+        const request = new ProviderUserBulkRequest(this.users.map(user => user.id));
+        return await this.apiService.deleteManyProviderUsers(this.providerId, request);
+    }
+}

bitwarden_license/src/app/providers/manage/events.component.html

@@ -0,0 +1,68 @@
+<div class="page-header d-flex">
+    <h1>{{'eventLogs' | i18n}}</h1>
+    <div class="ml-auto d-flex">
+        <div class="form-inline">
+            <label class="sr-only" for="start">{{'startDate' | i18n}}</label>
+            <input type="datetime-local" class="form-control form-control-sm" id="start"
+                placeholder="{{'startDate' | i18n}}" [(ngModel)]="start" placeholder="YYYY-MM-DDTHH:MM"
+                (change)="dirtyDates = true">
+            <span class="mx-2">-</span>
+            <label class="sr-only" for="end">{{'endDate' | i18n}}</label>
+            <input type="datetime-local" class="form-control form-control-sm" id="end"
+                placeholder="{{'endDate' | i18n}}" [(ngModel)]="end" placeholder="YYYY-MM-DDTHH:MM"
+                (change)="dirtyDates = true">
+        </div>
+        <form #refreshForm [appApiAction]="refreshPromise" class="d-inline">
+            <button type="button" class="btn btn-sm btn-outline-primary ml-3" (click)="loadEvents(true)"
+                [disabled]="loaded && refreshForm.loading">
+                <i class="fa fa-refresh fa-fw" aria-hidden="true" [ngClass]="{'fa-spin': loaded && refreshForm.loading}"></i>
+                {{'refresh' | i18n}}
+            </button>
+        </form>
+        <form #exportForm [appApiAction]="exportPromise" class="d-inline">
+            <button type="button" class="btn btn-sm btn-outline-primary btn-submit manual ml-3"
+                [ngClass]="{loading:exportForm.loading}" (click)="exportEvents()"
+                [disabled]="loaded && exportForm.loading || dirtyDates">
+                <i class="fa fa-spinner fa-spin" aria-hidden="true"></i>
+                <span>{{'export' | i18n}}</span>
+            </button>
+        </form>
+    </div>
+</div>
+<ng-container *ngIf="!loaded">
+    <i class="fa fa-spinner fa-spin text-muted" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+    <span class="sr-only">{{'loading' | i18n}}</span>
+</ng-container>
+<ng-container *ngIf="loaded">
+    <p *ngIf="!events || !events.length">{{'noEventsInList' | i18n}}</p>
+    <table class="table table-hover" *ngIf="events && events.length">
+        <thead>
+            <tr>
+                <th class="border-top-0" width="210">{{'timestamp' | i18n}}</th>
+                <th class="border-top-0" width="40">
+                    <span class="sr-only">{{'device' | i18n}}</span>
+                </th>
+                <th class="border-top-0" width="150">{{'user' | i18n}}</th>
+                <th class="border-top-0">{{'event' | i18n}}</th>
+            </tr>
+        </thead>
+        <tbody>
+            <tr *ngFor="let e of events">
+                <td>{{e.date | date:'medium'}}</td>
+                <td>
+                    <i class="text-muted fa fa-lg {{e.appIcon}}" title="{{e.appName}}, {{e.ip}}" aria-hidden="true"></i>
+                    <span class="sr-only">{{e.appName}}, {{e.ip}}</span>
+                </td>
+                <td>
+                    <span title="{{e.userEmail}}">{{e.userName}}</span>
+                </td>
+                <td [innerHTML]="e.message"></td>
+            </tr>
+        </tbody>
+    </table>
+    <button #moreBtn [appApiAction]="morePromise" type="button" class="btn btn-block btn-link btn-submit"
+        (click)="loadEvents(false)" [disabled]="loaded && moreBtn.loading" *ngIf="continuationToken">
+        <i class="fa fa-spinner fa-spin" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+        <span>{{'loadMore' | i18n}}</span>
+    </button>
+</ng-container>

bitwarden_license/src/app/providers/manage/events.component.ts

@@ -0,0 +1,71 @@
+import {
+    Component,
+    OnInit,
+} from '@angular/core';
+import { ActivatedRoute, Router } from '@angular/router';
+import { ToasterService } from 'angular2-toaster';
+
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { ExportService } from 'jslib-common/abstractions/export.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { LogService } from 'jslib-common/abstractions/log.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+import { UserService } from 'jslib-common/abstractions/user.service';
+
+import { UserNamePipe } from 'jslib-angular/pipes/user-name.pipe';
+
+import { EventResponse } from 'jslib-common/models/response/eventResponse';
+
+import { EventService } from 'src/app/services/event.service';
+
+import { BaseEventsComponent } from 'src/app/common/base.events.component';
+
+@Component({
+    selector: 'provider-events',
+    templateUrl: 'events.component.html',
+})
+export class EventsComponent extends BaseEventsComponent implements OnInit {
+    exportFileName: string = 'provider-events';
+    providerId: string;
+
+    private providerUsersUserIdMap = new Map<string, any>();
+    private providerUsersIdMap = new Map<string, any>();
+
+    constructor(private apiService: ApiService, private route: ActivatedRoute, eventService: EventService,
+        i18nService: I18nService, toasterService: ToasterService, private userService: UserService,
+        exportService: ExportService, platformUtilsService: PlatformUtilsService, private router: Router,
+        logService: LogService, private userNamePipe: UserNamePipe) {
+        super(eventService, i18nService, toasterService, exportService, platformUtilsService, logService);
+    }
+
+    async ngOnInit() {
+        this.route.parent.parent.params.subscribe(async params => {
+            this.providerId = params.providerId;
+            const provider = await this.userService.getProvider(this.providerId);
+            if (provider == null || !provider.useEvents) {
+                this.router.navigate(['/providers', this.providerId]);
+                return;
+            }
+            await this.load();
+        });
+    }
+
+    async load() {
+        const response = await this.apiService.getProviderUsers(this.providerId);
+        response.data.forEach(u => {
+            const name = this.userNamePipe.transform(u);
+            this.providerUsersIdMap.set(u.id, { name: name, email: u.email });
+            this.providerUsersUserIdMap.set(u.userId, { name: name, email: u.email });
+        });
+        await this.loadEvents(true);
+        this.loaded = true;
+    }
+
+    protected requestEvents(startDate: string, endDate: string, continuationToken: string) {
+        return this.apiService.getEventsProvider(this.providerId, startDate, endDate, continuationToken);
+    }
+
+    protected getUserName(r: EventResponse, userId: string) {
+        return userId != null && this.providerUsersUserIdMap.has(userId) ? this.providerUsersUserIdMap.get(userId) : null;
+    }
+}

bitwarden_license/src/app/providers/manage/manage.component.html

@@ -0,0 +1,22 @@
+<div class="container page-content">
+    <div class="row">
+        <div class="col-3">
+            <div class="card" *ngIf="provider">
+                <div class="card-header">{{'manage' | i18n}}</div>
+                <div class="list-group list-group-flush">
+                    <a routerLink="people" class="list-group-item" routerLinkActive="active"
+                        *ngIf="provider.canManageUsers">
+                        {{'people' | i18n}}
+                    </a>
+                    <a routerLink="events" class="list-group-item" routerLinkActive="active"
+                        *ngIf="provider.canAccessEventLogs && accessEvents">
+                        {{'eventLogs' | i18n}}
+                    </a>
+                </div>
+            </div>
+        </div>
+        <div class="col-9">
+            <router-outlet></router-outlet>
+        </div>
+    </div>
+</div>

bitwarden_license/src/app/providers/manage/manage.component.ts

@@ -0,0 +1,27 @@
+import {
+    Component,
+    OnInit,
+} from '@angular/core';
+import { ActivatedRoute } from '@angular/router';
+
+import { UserService } from 'jslib-common/abstractions/user.service';
+
+import { Provider } from 'jslib-common/models/domain/provider';
+
+@Component({
+    selector: 'provider-manage',
+    templateUrl: 'manage.component.html',
+})
+export class ManageComponent implements OnInit {
+    provider: Provider;
+    accessEvents = false;
+
+    constructor(private route: ActivatedRoute, private userService: UserService) { }
+
+    ngOnInit() {
+        this.route.parent.params.subscribe(async params => {
+            this.provider = await this.userService.getProvider(params.providerId);
+            this.accessEvents = this.provider.useEvents;
+        });
+    }
+}

bitwarden_license/src/app/providers/manage/people.component.html

@@ -0,0 +1,149 @@
+<div class="page-header d-flex">
+    <h1>{{'people' | i18n}}</h1>
+    <div class="ml-auto d-flex">
+        <div class="btn-group btn-group-sm" role="group">
+            <button type="button" class="btn btn-outline-secondary" [ngClass]="{active: status == null}"
+                (click)="filter(null)">
+                {{'all' | i18n}}
+                <span class="badge badge-pill badge-info" *ngIf="allCount">{{allCount}}</span>
+            </button>
+            <button type="button" class="btn btn-outline-secondary"
+                [ngClass]="{active: status == userStatusType.Invited}"
+                (click)="filter(userStatusType.Invited)">
+                {{'invited' | i18n}}
+                <span class="badge badge-pill badge-info" *ngIf="invitedCount">{{invitedCount}}</span>
+            </button>
+            <button type="button" class="btn btn-outline-secondary"
+                [ngClass]="{active: status == userStatusType.Accepted}"
+                (click)="filter(userStatusType.Accepted)">
+                {{'accepted' | i18n}}
+                <span class="badge badge-pill badge-warning" *ngIf="acceptedCount">{{acceptedCount}}</span>
+            </button>
+        </div>
+        <div class="ml-3">
+            <label class="sr-only" for="search">{{'search' | i18n}}</label>
+            <input type="search" class="form-control form-control-sm" id="search" placeholder="{{'search' | i18n}}"
+                [(ngModel)]="searchText">
+        </div>
+        <div class="dropdown ml-3" appListDropdown>
+            <button class="btn btn-sm btn-outline-secondary dropdown-toggle" type="button" id="bulkActionsButton"
+                data-toggle="dropdown" aria-haspopup="true" aria-expanded="false" appA11yTitle="{{'options' | i18n}}">
+                <i class="fa fa-cog" aria-hidden="true"></i>
+            </button>
+            <div class="dropdown-menu dropdown-menu-right" aria-labelledby="bulkActionsButton">
+                <button class="dropdown-item" appStopClick (click)="bulkReinvite()">
+                    <i class="fa fa-fw fa-envelope-o" aria-hidden="true"></i>
+                    {{'reinviteSelected' | i18n}}
+                </button>
+                <button class="dropdown-item text-success" appStopClick (click)="bulkConfirm()"
+                    *ngIf="showBulkConfirmUsers">
+                    <i class="fa fa-fw fa-check" aria-hidden="true"></i>
+                    {{'confirmSelected' | i18n}}
+                </button>
+                <button class="dropdown-item text-danger" appStopClick (click)="bulkRemove()">
+                    <i class="fa fa-fw fa-remove" aria-hidden="true"></i>
+                    {{'remove' | i18n}}
+                </button>
+                <div class="dropdown-divider"></div>
+                <button class="dropdown-item" appStopClick (click)="selectAll(true)">
+                    <i class="fa fa-fw fa-check-square-o" aria-hidden="true"></i>
+                    {{'selectAll' | i18n}}
+                </button>
+                <button class="dropdown-item" appStopClick (click)="selectAll(false)">
+                    <i class="fa fa-fw fa-minus-square-o" aria-hidden="true"></i>
+                    {{'unselectAll' | i18n}}
+                </button>
+            </div>
+        </div>        
+        <button type="button" class="btn btn-sm btn-outline-primary ml-3" (click)="invite()">
+            <i class="fa fa-plus fa-fw" aria-hidden="true"></i>
+            {{'inviteUser' | i18n}}
+        </button>
+    </div>
+</div>
+<ng-container *ngIf="loading">
+    <i class="fa fa-spinner fa-spin text-muted" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+    <span class="sr-only">{{'loading' | i18n}}</span>
+</ng-container>
+<ng-container
+    *ngIf="!loading && (isPaging() ? pagedUsers : users | search:searchText:'name':'email':'id') as searchedUsers">
+    <p *ngIf="!searchedUsers.length">{{'noUsersInList' | i18n}}</p>
+    <ng-container *ngIf="searchedUsers.length">
+        <app-callout type="info" title="{{'confirmUsers' | i18n}}" icon="fa-check-circle" *ngIf="showConfirmUsers">
+            {{'providerUsersNeedConfirmed' | i18n}}
+        </app-callout>
+        <table class="table table-hover table-list" infiniteScroll [infiniteScrollDistance]="1"
+            [infiniteScrollDisabled]="!isPaging()" (scrolled)="loadMore()">
+            <tbody>
+                <tr *ngFor="let u of searchedUsers">
+                    <td (click)="checkUser(u)" class="table-list-checkbox">
+                        <input type="checkbox" [(ngModel)]="u.checked" appStopProp>
+                    </td>
+                    <td width="30">
+                        <app-avatar [data]="u | userName" [email]="u.email" size="25" [circle]="true"
+                            [fontSize]="14"></app-avatar>
+                    </td>
+                    <td>
+                        <a href="#" appStopClick (click)="edit(u)">{{u.email}}</a>
+                        <span class="badge badge-secondary"
+                            *ngIf="u.status === userStatusType.Invited">{{'invited' | i18n}}</span>
+                        <span class="badge badge-warning"
+                            *ngIf="u.status === userStatusType.Accepted">{{'accepted' | i18n}}</span>
+                        <small class="text-muted d-block" *ngIf="u.name">{{u.name}}</small>
+                    </td>
+                    <td>
+                        <ng-container *ngIf="u.twoFactorEnabled">
+                            <i class="fa fa-lock" title="{{'userUsingTwoStep' | i18n}}" aria-hidden="true"></i>
+                            <span class="sr-only">{{'userUsingTwoStep' | i18n}}</span>
+                        </ng-container>
+                    </td>
+                    <td>
+                        <span *ngIf="u.type === userType.ProviderAdmin">{{'providerAdmin' | i18n}}</span>
+                        <span *ngIf="u.type === userType.ServiceUser">{{'serviceUser' | i18n}}</span>
+                        <span *ngIf="u.type === userType.Custom">{{'custom' | i18n}}</span>
+                    </td>
+                    <td class="table-list-options">
+                        <div class="dropdown" appListDropdown>
+                            <button class="btn btn-outline-secondary dropdown-toggle" type="button"
+                                data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"
+                                appA11yTitle="{{'options' | i18n}}">
+                                <i class="fa fa-cog fa-lg" aria-hidden="true"></i>
+                            </button>
+                            <div class="dropdown-menu dropdown-menu-right">
+                                <a class="dropdown-item" href="#" appStopClick (click)="reinvite(u)"
+                                    *ngIf="u.status === userStatusType.Invited">
+                                    <i class="fa fa-fw fa-envelope-o" aria-hidden="true"></i>
+                                    {{'resendInvitation' | i18n}}
+                                </a>
+                                <a class="dropdown-item text-success" href="#" appStopClick (click)="confirm(u)"
+                                    *ngIf="u.status === userStatusType.Accepted">
+                                    <i class="fa fa-fw fa-check" aria-hidden="true"></i>
+                                    {{'confirm' | i18n}}
+                                </a>
+                                <a class="dropdown-item" href="#" appStopClick (click)="groups(u)" *ngIf="accessGroups">
+                                    <i class="fa fa-fw fa-sitemap" aria-hidden="true"></i>
+                                    {{'groups' | i18n}}
+                                </a>
+                                <a class="dropdown-item" href="#" appStopClick (click)="events(u)"
+                                    *ngIf="accessEvents && u.status === userStatusType.Confirmed">
+                                    <i class="fa fa-fw fa-file-text-o" aria-hidden="true"></i>
+                                    {{'eventLogs' | i18n}}
+                                </a>
+                                <a class="dropdown-item text-danger" href="#" appStopClick (click)="remove(u)">
+                                    <i class="fa fa-fw fa-remove" aria-hidden="true"></i>
+                                    {{'remove' | i18n}}
+                                </a>
+                            </div>
+                        </div>
+                    </td>
+                </tr>
+            </tbody>
+        </table>
+    </ng-container>
+</ng-container>
+<ng-template #addEdit></ng-template>
+<ng-template #eventsTemplate></ng-template>
+<ng-template #confirmTemplate></ng-template>
+<ng-template #bulkStatusTemplate></ng-template>
+<ng-template #bulkConfirmTemplate></ng-template>
+<ng-template #bulkRemoveTemplate></ng-template>

bitwarden_license/src/app/providers/manage/people.component.ts

@@ -0,0 +1,238 @@
+import {
+    Component,
+    OnInit,
+    ViewChild,
+    ViewContainerRef
+} from '@angular/core';
+import { ActivatedRoute, Router } from '@angular/router';
+import { ToasterService } from 'angular2-toaster';
+
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { CryptoService } from 'jslib-common/abstractions/crypto.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { LogService } from 'jslib-common/abstractions/log.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+import { SearchService } from 'jslib-common/abstractions/search.service';
+import { StorageService } from 'jslib-common/abstractions/storage.service';
+import { UserService } from 'jslib-common/abstractions/user.service';
+
+import { ModalService } from 'jslib-angular/services/modal.service';
+import { ValidationService } from 'jslib-angular/services/validation.service';
+
+import { ProviderUserStatusType } from 'jslib-common/enums/providerUserStatusType';
+import { ProviderUserType } from 'jslib-common/enums/providerUserType';
+
+import { SearchPipe } from 'jslib-angular/pipes/search.pipe';
+import { UserNamePipe } from 'jslib-angular/pipes/user-name.pipe';
+
+import { ListResponse } from 'jslib-common/models/response/listResponse';
+import { ProviderUserUserDetailsResponse } from 'jslib-common/models/response/provider/providerUserResponse';
+
+import { ProviderUserBulkRequest } from 'jslib-common/models/request/provider/providerUserBulkRequest';
+import { ProviderUserConfirmRequest } from 'jslib-common/models/request/provider/providerUserConfirmRequest';
+import { ProviderUserBulkResponse } from 'jslib-common/models/response/provider/providerUserBulkResponse';
+
+import { BasePeopleComponent } from 'src/app/common/base.people.component';
+import { BulkStatusComponent } from 'src/app/organizations/manage/bulk/bulk-status.component';
+import { EntityEventsComponent } from 'src/app/organizations/manage/entity-events.component';
+import { BulkConfirmComponent } from './bulk/bulk-confirm.component';
+import { BulkRemoveComponent } from './bulk/bulk-remove.component';
+import { UserAddEditComponent } from './user-add-edit.component';
+
+@Component({
+    selector: 'provider-people',
+    templateUrl: 'people.component.html',
+})
+export class PeopleComponent extends BasePeopleComponent<ProviderUserUserDetailsResponse> implements OnInit {
+
+    @ViewChild('addEdit', { read: ViewContainerRef, static: true }) addEditModalRef: ViewContainerRef;
+    @ViewChild('groupsTemplate', { read: ViewContainerRef, static: true }) groupsModalRef: ViewContainerRef;
+    @ViewChild('eventsTemplate', { read: ViewContainerRef, static: true }) eventsModalRef: ViewContainerRef;
+    @ViewChild('bulkStatusTemplate', { read: ViewContainerRef, static: true }) bulkStatusModalRef: ViewContainerRef;
+    @ViewChild('bulkConfirmTemplate', { read: ViewContainerRef, static: true }) bulkConfirmModalRef: ViewContainerRef;
+    @ViewChild('bulkRemoveTemplate', { read: ViewContainerRef, static: true }) bulkRemoveModalRef: ViewContainerRef;
+
+    userType = ProviderUserType;
+    userStatusType = ProviderUserStatusType;
+    providerId: string;
+    accessEvents = false;
+
+    constructor(apiService: ApiService, private route: ActivatedRoute,
+        i18nService: I18nService, modalService: ModalService,
+        platformUtilsService: PlatformUtilsService, toasterService: ToasterService,
+        cryptoService: CryptoService, private userService: UserService, private router: Router,
+        storageService: StorageService, searchService: SearchService, validationService: ValidationService,
+        logService: LogService, searchPipe: SearchPipe, userNamePipe: UserNamePipe) {
+        super(apiService, searchService, i18nService, platformUtilsService, toasterService, cryptoService,
+            storageService, validationService, modalService, logService, searchPipe, userNamePipe);
+    }
+
+    ngOnInit() {
+        this.route.parent.params.subscribe(async params => {
+            this.providerId = params.providerId;
+            const provider = await this.userService.getProvider(this.providerId);
+
+            if (!provider.canManageUsers) {
+                this.router.navigate(['../'], { relativeTo: this.route });
+                return;
+            }
+
+            this.accessEvents = provider.useEvents;
+
+            await this.load();
+
+            const queryParamsSub = this.route.queryParams.subscribe(async qParams => {
+                this.searchText = qParams.search;
+                if (qParams.viewEvents != null) {
+                    const user = this.users.filter(u => u.id === qParams.viewEvents);
+                    if (user.length > 0 && user[0].status === ProviderUserStatusType.Confirmed) {
+                        this.events(user[0]);
+                    }
+                }
+                if (queryParamsSub != null) {
+                    queryParamsSub.unsubscribe();
+                }
+            });
+        });
+    }
+
+    getUsers(): Promise<ListResponse<ProviderUserUserDetailsResponse>> {
+        return this.apiService.getProviderUsers(this.providerId);
+    }
+
+    deleteUser(id: string): Promise<any> {
+        return this.apiService.deleteProviderUser(this.providerId, id);
+    }
+
+    reinviteUser(id: string): Promise<any> {
+        return this.apiService.postProviderUserReinvite(this.providerId, id);
+    }
+
+    async confirmUser(user: ProviderUserUserDetailsResponse, publicKey: Uint8Array): Promise<any> {
+        const providerKey = await this.cryptoService.getProviderKey(this.providerId);
+        const key = await this.cryptoService.rsaEncrypt(providerKey.key, publicKey.buffer);
+        const request = new ProviderUserConfirmRequest();
+        request.key = key.encryptedString;
+        await this.apiService.postProviderUserConfirm(this.providerId, user.id, request);
+    }
+
+    async edit(user: ProviderUserUserDetailsResponse) {
+        const [modal] = await this.modalService.openViewRef(UserAddEditComponent, this.addEditModalRef, comp => {
+            comp.name = this.userNamePipe.transform(user);
+            comp.providerId = this.providerId;
+            comp.providerUserId = user != null ? user.id : null;
+            comp.onSavedUser.subscribe(() => {
+                modal.close();
+                this.load();
+            });
+            comp.onDeletedUser.subscribe(() => {
+                modal.close();
+                this.removeUser(user);
+            });
+        });
+    }
+
+    async events(user: ProviderUserUserDetailsResponse) {
+        const [modal] = await this.modalService.openViewRef(EntityEventsComponent, this.eventsModalRef, comp => {
+            comp.name = this.userNamePipe.transform(user);
+            comp.providerId = this.providerId;
+            comp.entityId = user.id;
+            comp.showUser = false;
+            comp.entity = 'user';
+        });
+    }
+
+    async bulkRemove() {
+        if (this.actionPromise != null) {
+            return;
+        }
+
+        const [modal] = await this.modalService.openViewRef(BulkRemoveComponent, this.bulkRemoveModalRef, comp => {
+            comp.providerId = this.providerId;
+            comp.users = this.getCheckedUsers();
+        });
+
+        await modal.onClosedPromise();
+        await this.load();
+    }
+
+    async bulkReinvite() {
+        if (this.actionPromise != null) {
+            return;
+        }
+
+        const users = this.getCheckedUsers();
+        const filteredUsers = users.filter(u => u.status === ProviderUserStatusType.Invited);
+
+        if (filteredUsers.length <= 0) {
+            this.toasterService.popAsync('error', this.i18nService.t('errorOccurred'),
+                this.i18nService.t('noSelectedUsersApplicable'));
+            return;
+        }
+
+        try {
+            const request = new ProviderUserBulkRequest(filteredUsers.map(user => user.id));
+            const response = this.apiService.postManyProviderUserReinvite(this.providerId, request);
+            this.showBulkStatus(users, filteredUsers, response, this.i18nService.t('bulkReinviteMessage'));
+        } catch (e) {
+            this.validationService.showError(e);
+        }
+        this.actionPromise = null;
+    }
+
+    async bulkConfirm() {
+        if (this.actionPromise != null) {
+            return;
+        }
+
+        const [modal] = await this.modalService.openViewRef(BulkConfirmComponent, this.bulkConfirmModalRef, comp => {
+            comp.providerId = this.providerId;
+            comp.users = this.getCheckedUsers();
+        });
+
+        await modal.onClosedPromise();
+        await this.load();
+    }
+
+    private async showBulkStatus(users: ProviderUserUserDetailsResponse[], filteredUsers: ProviderUserUserDetailsResponse[],
+        request: Promise<ListResponse<ProviderUserBulkResponse>>, successfullMessage: string) {
+
+        const [modal, childComponent] = await this.modalService.openViewRef(BulkStatusComponent, this.bulkStatusModalRef, comp => {
+            comp.loading = true;
+        });
+
+        // Workaround to handle closing the modal shortly after it has been opened
+        let close = false;
+        modal.onShown.subscribe(() => {
+            if (close) {
+                modal.close();
+            }
+        });
+
+        try {
+            const response = await request;
+
+            if (modal) {
+                const keyedErrors: any = response.data.filter(r => r.error !== '').reduce((a, x) => ({ ...a, [x.id]: x.error }), {});
+                const keyedFilteredUsers: any = filteredUsers.reduce((a, x) => ({ ...a, [x.id]: x }), {});
+
+                childComponent.users = users.map(user => {
+                    let message = keyedErrors[user.id] ?? successfullMessage;
+                    if (!keyedFilteredUsers.hasOwnProperty(user.id)) {
+                        message = this.i18nService.t('bulkFilteredMessage');
+                    }
+
+                    return {
+                        user: user,
+                        error: keyedErrors.hasOwnProperty(user.id),
+                        message: message,
+                    };
+                });
+                childComponent.loading = false;
+            }
+        } catch {
+            close = true;
+            modal.close();
+        }
+    }
+}

bitwarden_license/src/app/providers/manage/user-add-edit.component.html

@@ -0,0 +1,71 @@
+<div class="modal fade" tabindex="-1" role="dialog" aria-modal="true" aria-labelledby="userAddEditTitle">
+    <div class="modal-dialog modal-dialog-scrollable modal-lg" role="document">
+        <form class="modal-content" #form (ngSubmit)="submit()" [appApiAction]="formPromise" ngNativeValidate>
+            <div class="modal-header">
+                <h2 class="modal-title" id="userAddEditTitle">
+                    {{title}}
+                    <small class="text-muted" *ngIf="name">{{name}}</small>
+                </h2>
+                <button type="button" class="close" data-dismiss="modal" appA11yTitle="{{'close' | i18n}}">
+                    <span aria-hidden="true">&times;</span>
+                </button>
+            </div>
+            <div class="modal-body" *ngIf="loading">
+                <i class="fa fa-spinner fa-spin text-muted" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+                <span class="sr-only">{{'loading' | i18n}}</span>
+            </div>
+            <div class="modal-body" *ngIf="!loading">
+                <ng-container *ngIf="!editMode">
+                    <p>{{'providerInviteUserDesc' | i18n}}</p>
+                    <div class="form-group mb-4">
+                        <label for="emails">{{'email' | i18n}}</label>
+                        <input id="emails" class="form-control" type="text" name="Emails" [(ngModel)]="emails" required
+                            appAutoFocus>
+                        <small class="text-muted">{{'inviteMultipleEmailDesc' | i18n : '20'}}</small>
+                    </div>
+                </ng-container>
+                <h3>
+                    {{'userType' | i18n}}
+                    <a target="_blank" rel="noopener" appA11yTitle="{{'learnMore' | i18n}}"
+                        href="https://bitwarden.com/help/article/user-types-access-control/#user-types">
+                        <i class="fa fa-question-circle-o" aria-hidden="true"></i>
+                    </a>
+                </h3>
+                <div class="form-check mt-2 form-check-block">
+                    <input class="form-check-input" type="radio" name="userType" id="userTypeServiceUser"
+                        [value]="userType.ServiceUser" [(ngModel)]="type">
+                    <label class="form-check-label" for="userTypeServiceUser">
+                        {{'serviceUser' | i18n}}
+                        <small>{{'serviceUserDesc' | i18n}}</small>
+                    </label>
+                </div>
+                <div class="form-check mt-2 form-check-block">
+                    <input class="form-check-input" type="radio" name="userType" id="userTypeProviderAdmin"
+                        [value]="userType.ProviderAdmin" [(ngModel)]="type">
+                    <label class="form-check-label" for="userTypeProviderAdmin">
+                        {{'providerAdmin' | i18n}}
+                        <small>{{'providerAdminDesc' | i18n}}</small>
+                    </label>
+                </div>
+            </div>
+            <div class="modal-footer">
+                <button type="submit" class="btn btn-primary btn-submit" [disabled]="form.loading">
+                    <i class="fa fa-spinner fa-spin" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+                    <span>{{'save' | i18n}}</span>
+                </button>
+                <button type="button" class="btn btn-outline-secondary" data-dismiss="modal">
+                    {{'cancel' | i18n}}
+                </button>
+                <div class="ml-auto">
+                    <button #deleteBtn type="button" (click)="delete()" class="btn btn-outline-danger"
+                        appA11yTitle="{{'delete' | i18n}}" *ngIf="editMode" [disabled]="deleteBtn.loading"
+                        [appApiAction]="deletePromise">
+                        <i class="fa fa-trash-o fa-lg fa-fw" [hidden]="deleteBtn.loading" aria-hidden="true"></i>
+                        <i class="fa fa-spinner fa-spin fa-lg fa-fw" [hidden]="!deleteBtn.loading"
+                            title="{{'loading' | i18n}}" aria-hidden="true"></i>
+                    </button>
+                </div>
+            </div>
+        </form>
+    </div>
+</div>

bitwarden_license/src/app/providers/manage/user-add-edit.component.ts

@@ -0,0 +1,104 @@
+import {
+    Component,
+    EventEmitter,
+    Input,
+    OnInit,
+    Output,
+} from '@angular/core';
+
+import { ToasterService } from 'angular2-toaster';
+
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+
+import { ProviderUserInviteRequest } from 'jslib-common/models/request/provider/providerUserInviteRequest';
+
+import { PermissionsApi } from 'jslib-common/models/api/permissionsApi';
+
+import { ProviderUserType } from 'jslib-common/enums/providerUserType';
+import { ProviderUserUpdateRequest } from 'jslib-common/models/request/provider/providerUserUpdateRequest';
+
+@Component({
+    selector: 'provider-user-add-edit',
+    templateUrl: 'user-add-edit.component.html',
+})
+export class UserAddEditComponent implements OnInit {
+    @Input() name: string;
+    @Input() providerUserId: string;
+    @Input() providerId: string;
+    @Output() onSavedUser = new EventEmitter();
+    @Output() onDeletedUser = new EventEmitter();
+
+    loading = true;
+    editMode: boolean = false;
+    title: string;
+    emails: string;
+    type: ProviderUserType = ProviderUserType.ServiceUser;
+    permissions = new PermissionsApi();
+    showCustom = false;
+    access: 'all' | 'selected' = 'selected';
+    formPromise: Promise<any>;
+    deletePromise: Promise<any>;
+    userType = ProviderUserType;
+
+    constructor(private apiService: ApiService, private i18nService: I18nService,
+        private toasterService: ToasterService, private platformUtilsService: PlatformUtilsService) { }
+
+    async ngOnInit() {
+        this.editMode = this.loading = this.providerUserId != null;
+
+        if (this.editMode) {
+            this.editMode = true;
+            this.title = this.i18nService.t('editUser');
+            try {
+                const user = await this.apiService.getProviderUser(this.providerId, this.providerUserId);
+                this.type = user.type;
+            } catch { }
+        } else {
+            this.title = this.i18nService.t('inviteUser');
+        }
+
+        this.loading = false;
+    }
+
+    async submit() {
+        try {
+            if (this.editMode) {
+                const request = new ProviderUserUpdateRequest();
+                request.type = this.type;
+                this.formPromise = this.apiService.putProviderUser(this.providerId, this.providerUserId, request);
+            } else {
+                const request = new ProviderUserInviteRequest();
+                request.emails = this.emails.trim().split(/\s*,\s*/);
+                request.type = this.type;
+                this.formPromise = this.apiService.postProviderUserInvite(this.providerId, request);
+            }
+            await this.formPromise;
+            this.toasterService.popAsync('success', null,
+                this.i18nService.t(this.editMode ? 'editedUserId' : 'invitedUsers', this.name));
+            this.onSavedUser.emit();
+        } catch { }
+    }
+
+    async delete() {
+        if (!this.editMode) {
+            return;
+        }
+
+        const confirmed = await this.platformUtilsService.showDialog(
+            this.i18nService.t('removeUserConfirmation'), this.name,
+            this.i18nService.t('yes'), this.i18nService.t('no'), 'warning');
+        if (!confirmed) {
+            return false;
+        }
+
+        try {
+            this.deletePromise = this.apiService.deleteProviderUser(this.providerId, this.providerUserId);
+            await this.deletePromise;
+            this.toasterService.popAsync('success', null, this.i18nService.t('removedUserId', this.name));
+            this.onDeletedUser.emit();
+        } catch { }
+    }
+
+}

bitwarden_license/src/app/providers/providers-layout.component.html

@@ -0,0 +1,44 @@
+<app-navbar></app-navbar>
+<div class="org-nav" *ngIf="provider">
+    <div class="container d-flex">
+        <div class="d-flex flex-column">
+            <div class="my-auto d-flex align-items-center pl-1">
+                <app-avatar [data]="provider.name" size="45" [circle]="true"></app-avatar>
+                <div class="org-name ml-3">
+                    <span>{{provider.name}}</span>
+                    <small class="text-muted">{{'provider' | i18n}}</small>
+                </div>
+                <div class="ml-3 card border-danger text-danger bg-transparent" *ngIf="!provider.enabled">
+                    <div class="card-body py-2">
+                        <i class="fa fa-exclamation-triangle" aria-hidden="true"></i>
+                        {{'providerIsDisabled' | i18n}}
+                    </div>
+                </div>
+            </div>
+            <ul class="nav nav-tabs" *ngIf="showMenuBar">
+                <li class="nav-item">
+                    <a class="nav-link" routerLink="clients" routerLinkActive="active">
+                        <i class="fa fa-university" aria-hidden="true"></i>
+                        {{'clients' | i18n}}
+                    </a>
+                </li>
+                <li class="nav-item" *ngIf="showManageTab">
+                    <a class="nav-link" [routerLink]="manageRoute" routerLinkActive="active">
+                        <i class="fa fa-sliders" aria-hidden="true"></i>
+                        {{'manage' | i18n}}
+                    </a>
+                </li>
+                <li class="nav-item" *ngIf="showSettingsTab">
+                    <a class="nav-link" routerLink="settings" routerLinkActive="active">
+                        <i class="fa fa-cogs" aria-hidden="true"></i>
+                        {{'settings' | i18n}}
+                    </a>
+                </li>
+            </ul>
+        </div>
+    </div>
+</div>
+<div class="container page-content">
+    <router-outlet></router-outlet>
+</div>
+<app-footer></app-footer>

bitwarden_license/src/app/providers/providers-layout.component.ts

@@ -0,0 +1,51 @@
+import { Component } from '@angular/core';
+import { ActivatedRoute } from '@angular/router';
+
+import { UserService } from 'jslib-common/abstractions/user.service';
+
+import { Provider } from 'jslib-common/models/domain/provider';
+
+@Component({
+    selector: 'providers-layout',
+    templateUrl: 'providers-layout.component.html',
+})
+export class ProvidersLayoutComponent {
+
+    provider: Provider;
+    private providerId: string;
+
+    constructor(private route: ActivatedRoute, private userService: UserService) { }
+
+    ngOnInit() {
+        document.body.classList.remove('layout_frontend');
+        this.route.params.subscribe(async params => {
+            this.providerId = params.providerId;
+            await this.load();
+        });
+    }
+
+    async load() {
+        this.provider = await this.userService.getProvider(this.providerId);
+    }
+
+    get showMenuBar() {
+        return this.showManageTab || this.showSettingsTab;
+    }
+
+    get showManageTab() {
+        return this.provider.canManageUsers || this.provider.canAccessEventLogs;
+    }
+
+    get showSettingsTab() {
+        return this.provider.isProviderAdmin;
+    }
+
+    get manageRoute(): string {
+        switch (true) {
+            case this.provider.canManageUsers:
+                return 'manage/people';
+            case this.provider.canAccessEventLogs:
+                return 'manage/events';
+        }
+    }
+}

bitwarden_license/src/app/providers/providers-routing.module.ts

@@ -0,0 +1,123 @@
+import { NgModule } from '@angular/core';
+import { RouterModule, Routes } from '@angular/router';
+
+import { AuthGuardService } from 'jslib-angular/services/auth-guard.service';
+import { Permissions } from 'jslib-common/enums/permissions';
+
+import { AddOrganizationComponent } from './clients/add-organization.component';
+import { ClientsComponent } from './clients/clients.component';
+import { CreateOrganizationComponent } from './clients/create-organization.component';
+import { AcceptProviderComponent } from './manage/accept-provider.component';
+import { EventsComponent } from './manage/events.component';
+import { ManageComponent } from './manage/manage.component';
+import { PeopleComponent } from './manage/people.component';
+import { ProvidersLayoutComponent } from './providers-layout.component';
+import { SettingsComponent } from './settings/settings.component';
+import { SetupProviderComponent } from './setup/setup-provider.component';
+import { SetupComponent } from './setup/setup.component';
+
+import { FrontendLayoutComponent } from 'src/app/layouts/frontend-layout.component';
+
+import { ProvidersComponent } from 'src/app/providers/providers.component';
+import { ProviderGuardService } from './services/provider-guard.service';
+import { ProviderTypeGuardService } from './services/provider-type-guard.service';
+import { AccountComponent } from './settings/account.component';
+
+const routes: Routes = [
+    {
+        path: '',
+        canActivate: [AuthGuardService],
+        component: ProvidersComponent,
+    },
+    {
+        path: '',
+        component: FrontendLayoutComponent,
+        children: [
+            {
+                path: 'setup-provider',
+                component: SetupProviderComponent,
+                data: { titleId: 'setupProvider' },
+            },
+            {
+                path: 'accept-provider',
+                component: AcceptProviderComponent,
+                data: { titleId: 'acceptProvider' },
+            },
+        ],
+    },
+    {
+        path: '',
+        canActivate: [AuthGuardService],
+        children: [
+            {
+                path: 'setup',
+                component: SetupComponent,
+            },
+            {
+                path: ':providerId',
+                component: ProvidersLayoutComponent,
+                canActivate: [ProviderGuardService],
+                children: [
+                    { path: '', pathMatch: 'full', redirectTo: 'clients' },
+                    { path: 'clients/create', component: CreateOrganizationComponent },
+                    { path: 'clients', component: ClientsComponent, data: { titleId: 'clients' } },
+                    {
+                        path: 'manage',
+                        component: ManageComponent,
+                        children: [
+                            {
+                                path: '',
+                                pathMatch: 'full',
+                                redirectTo: 'people',
+                            },
+                            {
+                                path: 'people',
+                                component: PeopleComponent,
+                                canActivate: [ProviderTypeGuardService],
+                                data: {
+                                    titleId: 'people',
+                                    permissions: [Permissions.ManageUsers],
+                                },
+                            },
+                            {
+                                path: 'events',
+                                component: EventsComponent,
+                                canActivate: [ProviderTypeGuardService],
+                                data: {
+                                    titleId: 'eventLogs',
+                                    permissions: [Permissions.AccessEventLogs],
+                                },
+                            },
+                        ],
+                    },
+                    {
+                        path: 'settings',
+                        component: SettingsComponent,
+                        children: [
+                            {
+                                path: '',
+                                pathMatch: 'full',
+                                redirectTo: 'account',
+                            },
+                            {
+                                path: 'account',
+                                component: AccountComponent,
+                                canActivate: [ProviderTypeGuardService],
+                                data: {
+                                    titleId: 'myProvider',
+                                    permissions: [Permissions.ManageProvider],
+                                },
+                            },
+                        ],
+                    },
+                ],
+            },
+        ],
+    },
+];
+
+@NgModule({
+    imports: [RouterModule.forChild(routes)],
+    exports: [RouterModule],
+})
+export class ProvidersRoutingModule { }

bitwarden_license/src/app/providers/providers.module.ts

@@ -0,0 +1,69 @@
+import { CommonModule } from '@angular/common';
+import { ComponentFactoryResolver } from '@angular/core';
+import { NgModule } from '@angular/core';
+import { FormsModule } from '@angular/forms';
+
+import { ModalService } from 'jslib-angular/services/modal.service';
+
+import { ProviderGuardService } from './services/provider-guard.service';
+import { ProviderTypeGuardService } from './services/provider-type-guard.service';
+import { ProviderService } from './services/provider.service';
+
+import { ProvidersLayoutComponent } from './providers-layout.component';
+import { ProvidersRoutingModule } from './providers-routing.module';
+
+import { AddOrganizationComponent } from './clients/add-organization.component';
+import { ClientsComponent } from './clients/clients.component';
+import { CreateOrganizationComponent } from './clients/create-organization.component';
+
+import { AcceptProviderComponent } from './manage/accept-provider.component';
+import { BulkConfirmComponent } from './manage/bulk/bulk-confirm.component';
+import { BulkRemoveComponent } from './manage/bulk/bulk-remove.component';
+import { EventsComponent } from './manage/events.component';
+import { ManageComponent } from './manage/manage.component';
+import { PeopleComponent } from './manage/people.component';
+import { UserAddEditComponent } from './manage/user-add-edit.component';
+
+import { AccountComponent } from './settings/account.component';
+import { SettingsComponent } from './settings/settings.component';
+
+import { SetupProviderComponent } from './setup/setup-provider.component';
+import { SetupComponent } from './setup/setup.component';
+
+import { OssModule } from 'src/app/oss.module';
+
+@NgModule({
+    imports: [
+        CommonModule,
+        FormsModule,
+        OssModule,
+        ProvidersRoutingModule,
+    ],
+    declarations: [
+        AcceptProviderComponent,
+        AccountComponent,
+        AddOrganizationComponent,
+        BulkConfirmComponent,
+        BulkRemoveComponent,
+        ClientsComponent,
+        CreateOrganizationComponent,
+        EventsComponent,
+        ManageComponent,
+        PeopleComponent,
+        ProvidersLayoutComponent,
+        SettingsComponent,
+        SetupComponent,
+        SetupProviderComponent,
+        UserAddEditComponent,
+    ],
+    providers: [
+        ProviderService,
+        ProviderGuardService,
+        ProviderTypeGuardService,
+    ],
+})
+export class ProvidersModule {
+    constructor(modalService: ModalService, componentFactoryResolver: ComponentFactoryResolver) {
+        modalService.registerComponentFactoryResolver(AddOrganizationComponent, componentFactoryResolver);
+    }
+}

bitwarden_license/src/app/providers/services/provider-guard.service.ts

@@ -0,0 +1,32 @@
+import { Injectable } from '@angular/core';
+import {
+    ActivatedRouteSnapshot,
+    CanActivate,
+    Router,
+} from '@angular/router';
+
+import { ToasterService } from 'angular2-toaster';
+
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { UserService } from 'jslib-common/abstractions/user.service';
+
+@Injectable()
+export class ProviderGuardService implements CanActivate {
+    constructor(private userService: UserService, private router: Router,
+        private toasterService: ToasterService, private i18nService: I18nService) { }
+
+    async canActivate(route: ActivatedRouteSnapshot) {
+        const provider = await this.userService.getProvider(route.params.providerId);
+        if (provider == null) {
+            this.router.navigate(['/']);
+            return false;
+        }
+        if (!provider.isProviderAdmin && !provider.enabled) {
+            this.toasterService.popAsync('error', null, this.i18nService.t('providerIsDisabled'));
+            this.router.navigate(['/']);
+            return false;
+        }
+
+        return true;
+    }
+}

bitwarden_license/src/app/providers/services/provider-type-guard.service.ts

@@ -0,0 +1,31 @@
+import { Injectable } from '@angular/core';
+import {
+    ActivatedRouteSnapshot,
+    CanActivate,
+    Router,
+} from '@angular/router';
+
+import { UserService } from 'jslib-common/abstractions/user.service';
+
+import { Permissions } from 'jslib-common/enums/permissions';
+
+@Injectable()
+export class ProviderTypeGuardService implements CanActivate {
+    constructor(private userService: UserService, private router: Router) { }
+
+    async canActivate(route: ActivatedRouteSnapshot) {
+        const provider = await this.userService.getProvider(route.params.providerId);
+        const permissions = route.data == null ? null : route.data.permissions as Permissions[];
+
+        if (
+            (permissions.indexOf(Permissions.AccessEventLogs) !== -1 && provider.canAccessEventLogs) ||
+            (permissions.indexOf(Permissions.ManageProvider) !== -1 && provider.isProviderAdmin) ||
+            (permissions.indexOf(Permissions.ManageUsers) !== -1 && provider.canManageUsers)
+        ) {
+            return true;
+        }
+
+        this.router.navigate(['/providers', provider.id]);
+        return false;
+    }
+}

bitwarden_license/src/app/providers/services/provider.service.ts

@@ -0,0 +1,32 @@
+import { Injectable } from '@angular/core';
+
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { CryptoService } from 'jslib-common/abstractions/crypto.service';
+import { SyncService } from 'jslib-common/abstractions/sync.service';
+
+import { ProviderAddOrganizationRequest } from 'jslib-common/models/request/provider/providerAddOrganizationRequest';
+
+@Injectable()
+export class ProviderService {
+    constructor(private cryptoService: CryptoService, private syncService: SyncService, private apiService: ApiService) {}
+
+    async addOrganizationToProvider(providerId: string, organizationId: string) {
+        const orgKey = await this.cryptoService.getOrgKey(organizationId);
+        const providerKey = await this.cryptoService.getProviderKey(providerId);
+
+        const encryptedOrgKey = await this.cryptoService.encrypt(orgKey.key, providerKey);
+
+        const request = new ProviderAddOrganizationRequest();
+        request.organizationId = organizationId;
+        request.key = encryptedOrgKey.encryptedString;
+
+        const response = await this.apiService.postProviderAddOrganization(providerId, request);
+        await this.syncService.fullSync(true);
+        return response;
+    }
+
+    async detachOrganizastion(providerId: string, organizationId: string): Promise<any> {
+        await this.apiService.deleteProviderOrganization(providerId, organizationId);
+        await this.syncService.fullSync(true);
+    }
+}

bitwarden_license/src/app/providers/settings/account.component.html

@@ -0,0 +1,30 @@
+<div class="page-header">
+    <h1>{{'myProvider' | i18n}}</h1>
+</div>
+<div *ngIf="loading">
+    <i class="fa fa-spinner fa-spin text-muted" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+    <span class="sr-only">{{'loading' | i18n}}</span>
+</div>
+<form *ngIf="provider && !loading" #form (ngSubmit)="submit()" [appApiAction]="formPromise" ngNativeValidate>
+    <div class="row">
+        <div class="col-6">
+            <div class="form-group">
+                <label for="name">{{'providerName' | i18n}}</label>
+                <input id="name" class="form-control" type="text" name="Name" [(ngModel)]="provider.name"
+                    [disabled]="selfHosted">
+            </div>
+            <div class="form-group">
+                <label for="billingEmail">{{'billingEmail' | i18n}}</label>
+                <input id="billingEmail" class="form-control" type="text" name="BillingEmail"
+                    [(ngModel)]="provider.billingEmail" [disabled]="selfHosted">
+            </div>
+        </div>
+        <div class="col-6">
+            <app-avatar data="{{provider.name}}" dynamic="true" size="75" fontSize="35"></app-avatar>
+        </div>
+    </div>
+    <button type="submit" class="btn btn-primary btn-submit" [disabled]="form.loading">
+        <i class="fa fa-spinner fa-spin" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+        <span>{{'save' | i18n}}</span>
+    </button>
+</form>

bitwarden_license/src/app/providers/settings/account.component.ts

@@ -0,0 +1,62 @@
+import { Component } from '@angular/core';
+import { ActivatedRoute } from '@angular/router';
+import { ToasterService } from 'angular2-toaster';
+
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { LogService } from 'jslib-common/abstractions/log.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+import { SyncService } from 'jslib-common/abstractions/sync.service';
+
+import { ProviderUpdateRequest } from 'jslib-common/models/request/provider/providerUpdateRequest';
+
+import { ProviderResponse } from 'jslib-common/models/response/provider/providerResponse';
+
+@Component({
+    selector: 'provider-account',
+    templateUrl: 'account.component.html',
+})
+export class AccountComponent {
+    selfHosted = false;
+    loading = true;
+    provider: ProviderResponse;
+    formPromise: Promise<any>;
+    taxFormPromise: Promise<any>;
+
+    private providerId: string;
+
+    constructor(private apiService: ApiService, private i18nService: I18nService,
+        private toasterService: ToasterService, private route: ActivatedRoute,
+        private syncService: SyncService, private platformUtilsService: PlatformUtilsService,
+        private logService: LogService) { }
+
+    async ngOnInit() {
+        this.selfHosted = this.platformUtilsService.isSelfHost();
+        this.route.parent.parent.params.subscribe(async params => {
+            this.providerId = params.providerId;
+            try {
+                this.provider = await this.apiService.getProvider(this.providerId);
+            } catch (e) {
+                this.logService.error(`Handled exception: ${e}`);
+            }
+        });
+        this.loading = false;
+    }
+
+    async submit() {
+        try {
+            const request = new ProviderUpdateRequest();
+            request.name = this.provider.name;
+            request.businessName = this.provider.businessName;
+            request.billingEmail = this.provider.billingEmail;
+
+            this.formPromise = this.apiService.putProvider(this.providerId, request).then(() => {
+                return this.syncService.fullSync(true);
+            });
+            await this.formPromise;
+            this.toasterService.popAsync('success', null, this.i18nService.t('providerUpdated'));
+        } catch (e) {
+            this.logService.error(`Handled exception: ${e}`);
+        }
+    }
+}

bitwarden_license/src/app/providers/settings/settings.component.html

@@ -0,0 +1,17 @@
+<div class="container page-content">
+    <div class="row">
+        <div class="col-3">
+            <div class="card">
+                <div class="card-header">{{'settings' | i18n}}</div>
+                <div class="list-group list-group-flush">
+                    <a routerLink="account" class="list-group-item" routerLinkActive="active">
+                        {{'myProvider' | i18n}}
+                    </a>
+                </div>
+            </div>
+        </div>
+        <div class="col-9">
+            <router-outlet></router-outlet>
+        </div>
+    </div>
+</div>

bitwarden_license/src/app/providers/settings/settings.component.ts

@@ -0,0 +1,20 @@
+import { Component } from '@angular/core';
+import { ActivatedRoute } from '@angular/router';
+
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+import { UserService } from 'jslib-common/abstractions/user.service';
+
+@Component({
+    selector: 'provider-settings',
+    templateUrl: 'settings.component.html',
+})
+export class SettingsComponent {
+    constructor(private route: ActivatedRoute, private userService: UserService,
+        private platformUtilsService: PlatformUtilsService) { }
+
+    ngOnInit() {
+        this.route.parent.params.subscribe(async params => {
+            const provider = await this.userService.getProvider(params.providerId);
+        });
+    }
+}

bitwarden_license/src/app/providers/setup/setup-provider.component.html

@@ -0,0 +1,27 @@
+<div class="mt-5 d-flex justify-content-center" *ngIf="loading">
+    <div>
+        <img class="mb-4 logo logo-themed" alt="Bitwarden">
+        <p class="text-center">
+            <i class="fa fa-spinner fa-spin fa-2x text-muted" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+            <span class="sr-only">{{'loading' | i18n}}</span>
+        </p>
+    </div>
+</div>
+<div class="container" *ngIf="!loading && !authed">
+    <div class="row justify-content-md-center mt-5">
+        <div class="col-5">
+            <p class="lead text-center mb-4">{{'setupProvider' | i18n}}</p>
+            <div class="card d-block">
+                <div class="card-body">
+                    <p>{{'setupProviderLoginDesc' | i18n}}</p>
+                    <hr>
+                    <div class="d-flex">
+                        <a routerLink="/" [queryParams]="{email: email}" class="btn btn-primary btn-block">
+                            {{'logIn' | i18n}}
+                        </a>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>

bitwarden_license/src/app/providers/setup/setup-provider.component.ts

@@ -0,0 +1,22 @@
+import { Component } from '@angular/core';
+
+import { BaseAcceptComponent } from 'src/app/common/base.accept.component';
+
+@Component({
+    selector: 'app-setup-provider',
+    templateUrl: 'setup-provider.component.html',
+})
+export class SetupProviderComponent extends BaseAcceptComponent {
+
+    failedShortMessage = 'inviteAcceptFailedShort';
+    failedMessage = 'inviteAcceptFailed';
+
+    requiredParameters = ['providerId', 'email', 'token'];
+
+    async authedHandler(qParams: any) {
+        this.router.navigate(['/providers/setup'], {queryParams: qParams});
+    }
+
+    // tslint:disable-next-line
+    async unauthedHandler(qParams: any) {}
+}

bitwarden_license/src/app/providers/setup/setup.component.html

@@ -0,0 +1,32 @@
+<app-navbar></app-navbar>
+<div class="container page-content">
+    <div class="page-header">
+        <h1>{{'setupProvider' | i18n}}</h1>
+    </div>
+    <p>{{'setupProviderDesc' | i18n}}</p>
+
+    <form #form (ngSubmit)="submit()" [appApiAction]="formPromise" ngNativeValidate *ngIf="loading">
+        <h2 class="mt-5">{{'generalInformation' | i18n}}</h2>
+        <div class="row">
+            <div class="form-group col-6">
+                <label for="name">{{'providerName' | i18n}}</label>
+                <input id="name" class="form-control" type="text" name="Name" [(ngModel)]="name" required>
+            </div>
+            <div class="form-group col-6">
+                <label for="billingEmail">{{'billingEmail' | i18n}}</label>
+                <input id="billingEmail" class="form-control" type="text" name="BillingEmail" [(ngModel)]="billingEmail" required>
+            </div>
+        </div>
+
+        <div class="mt-4">
+            <button type="submit" class="btn btn-primary btn-submit" [disabled]="form.loading">
+                <i class="fa fa-spinner fa-spin" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+                <span>{{'submit' | i18n}}</span>
+            </button>
+            <button type="button" class="btn btn-outline-secondary" (click)="cancel()" *ngIf="showCancel">
+                {{'cancel' | i18n}}
+            </button>
+        </div>
+    </form>
+</div>
+<app-footer></app-footer>

bitwarden_license/src/app/providers/setup/setup.component.ts

@@ -0,0 +1,106 @@
+import {
+    Component,
+    OnInit,
+} from '@angular/core';
+import {
+    ActivatedRoute,
+    Router,
+} from '@angular/router';
+import {
+    Toast,
+    ToasterService,
+} from 'angular2-toaster';
+
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { CryptoService } from 'jslib-common/abstractions/crypto.service';
+
+import { ValidationService } from 'jslib-angular/services/validation.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { SyncService } from 'jslib-common/abstractions/sync.service';
+import { ProviderSetupRequest } from 'jslib-common/models/request/provider/providerSetupRequest';
+
+@Component({
+    selector: 'provider-setup',
+    templateUrl: 'setup.component.html',
+})
+export class SetupComponent implements OnInit {
+    loading = true;
+    authed = false;
+    email: string;
+    formPromise: Promise<any>;
+
+    providerId: string;
+    token: string;
+    name: string;
+    billingEmail: string;
+
+    constructor(private router: Router, private toasterService: ToasterService,
+        private i18nService: I18nService, private route: ActivatedRoute,
+        private cryptoService: CryptoService, private apiService: ApiService,
+        private syncService: SyncService, private validationService: ValidationService) { }
+
+    ngOnInit() {
+        document.body.classList.remove('layout_frontend');
+        let fired = false;
+        this.route.queryParams.subscribe(async qParams => {
+            if (fired) {
+                return;
+            }
+            fired = true;
+            const error = qParams.providerId == null || qParams.email == null || qParams.token == null;
+
+            if (error) {
+                const toast: Toast = {
+                    type: 'error',
+                    title: null,
+                    body: this.i18nService.t('emergencyInviteAcceptFailed'),
+                    timeout: 10000,
+                };
+                this.toasterService.popAsync(toast);
+                this.router.navigate(['/']);
+                return;
+            }
+
+            this.providerId = qParams.providerId;
+            this.token = qParams.token;
+
+            // Check if provider exists, redirect if it does
+            try {
+                const provider = await this.apiService.getProvider(this.providerId);
+                if (provider.name != null) {
+                    this.router.navigate(['/providers', provider.id], { replaceUrl: true });
+                }
+            } catch (e) {
+                this.validationService.showError(e);
+                this.router.navigate(['/']);
+            }
+        });
+    }
+
+    async submit() {
+        this.formPromise = this.doSubmit();
+        await this.formPromise;
+        this.formPromise = null;
+    }
+
+    async doSubmit() {
+        try {
+            const shareKey = await this.cryptoService.makeShareKey();
+            const key = shareKey[0].encryptedString;
+
+            const request = new ProviderSetupRequest();
+            request.name = this.name;
+            request.billingEmail = this.billingEmail;
+            request.token = this.token;
+            request.key = key;
+
+            const provider = await this.apiService.postProviderSetup(this.providerId, request);
+            this.toasterService.popAsync('success', null, this.i18nService.t('providerSetup'));
+            await this.syncService.fullSync(true);
+
+            this.router.navigate(['/providers', provider.id]);
+        } catch (e) {
+            this.validationService.showError(e);
+        }
+    }
+}

bitwarden_license/webpack.config.js

@@ -0,0 +1,12 @@
+const AngularCompilerPlugin = require('@ngtools/webpack').AngularCompilerPlugin;
+
+const webpackConfig = require('../webpack.config');
+
+webpackConfig.entry['app/main'] = './bitwarden_license/src/app/main.ts';
+webpackConfig.plugins[webpackConfig.plugins.length -1] = new AngularCompilerPlugin({
+    tsConfigPath: 'tsconfig.json',
+    entryModule: 'bitwarden_license/src/app/app.module#AppModule',
+    sourceMap: true,
+});
+
+module.exports = webpackConfig;

config.js

@@ -1,26 +1,29 @@
 function load(envName) {
-    const envOverrides = {
-        'production': () => require('./config/production.json'),
-        'qa': () => require('./config/qa.json'),
-        'development': () => require('./config/development.json'),
-    };
-
-    const baseConfig = require('./config/base.json');
-    const overrideConfig = envOverrides.hasOwnProperty(envName) ? envOverrides[envName]() : {};
-
     return {
-        ...baseConfig,
-        ...overrideConfig
+        ...require('./config/base.json'),
+        ...loadConfig(envName),
+        ...loadConfig('local'),
     };
 }
 
 function log(configObj) {
-    const repeatNum = 50
-    console.log(`${"=".repeat(repeatNum)}\nenvConfig`)
-    Object.entries(configObj).map(([key, value]) => {
-        console.log(`  ${key}: ${value}`)
-    })
-    console.log(`${"=".repeat(repeatNum)}`)
+    const repeatNum = 50;
+    console.log(`${"=".repeat(repeatNum)}\nenvConfig`);
+    console.log(JSON.stringify(configObj, null, 2));
+    console.log(`${"=".repeat(repeatNum)}`);
+}
+
+function loadConfig(configName) {
+    try {
+        return require(`./config/${configName}.json`);
+    } catch (e) {
+        if (e instanceof Error && e.code === "MODULE_NOT_FOUND") {
+            return {};
+        }
+        else {
+            throw e;
+        }
+    }
 }
 
 module.exports = {

config/base.json

@@ -1,8 +1,9 @@
 {
-    "proxyApi": "http://localhost:4000",
-    "proxyIdentity": "http://localhost:33656",
-    "proxyEvents": "http://localhost:46273",
-    "proxyNotifications": "http://localhost:61840",
-    "proxyPortal": "http://localhost:52313",
-    "allowedHosts": []
+    "urls": {},
+    "stripeKey": "pk_test_KPoCfZXu7mznb9uSCPZ2JpTD",
+    "braintreeKey": "sandbox_r72q8jq6_9pnxkwm75f87sdc2",
+    "paypal": {
+        "businessId": "AD3LAUZSNVPJY",
+        "buttonAction": "https://www.sandbox.paypal.com/cgi-bin/webscr"
+    }
 }

config/cloud.json

@@ -0,0 +1,12 @@
+{
+    "urls": {
+        "icons": "https://icons.bitwarden.net",
+        "notifications": "https://notifications.bitwarden.com"
+    },
+    "stripeKey": "pk_live_bpN0P37nMxrMQkcaHXtAybJk",
+    "braintreeKey": "production_qfbsv8kc_njj2zjtyngtjmbjd",
+    "paypal": {
+        "businessId": "4ZDA7DLUUJGMN",
+        "buttonAction": "https://www.paypal.com/cgi-bin/webscr"
+    }
+}

config/development.json

@@ -0,0 +1,10 @@
+{
+    "proxyApi": "http://localhost:4000",
+    "proxyIdentity": "http://localhost:33656",
+    "proxyEvents": "http://localhost:46273",
+    "proxyNotifications": "http://localhost:61840",
+    "allowedHosts": [],
+    "urls": {
+        "notifications": "http://localhost:61840"
+    }
+}

config/production.json

@@ -1,7 +0,0 @@
-{
-    "proxyApi": "https://api.bitwarden.com",
-    "proxyIdentity": "https://identity.bitwarden.com",
-    "proxyEvents": "https://events.bitwarden.com",
-    "proxyNotifications": "https://notifications.bitwarden.com",
-    "proxyPortal": "https://portal.bitwarden.com"
-}

config/qa.json

@@ -1,7 +1,6 @@
 {
-    "proxyApi": "https://api.qa.bitwarden.com",
-    "proxyIdentity": "https://identity.qa.bitwarden.com",
-    "proxyEvents": "https://events.qa.bitwarden.com",
-    "proxyNotifications": "https://notifications.qa.bitwarden.com",
-    "proxyPortal": "https://portal.qa.bitwarden.com"
+    "urls": {
+        "icons": "https://icons.qa.bitwarden.pw",
+        "notifications": "https://notifications.qa.bitwarden.pw"
+    }
 }

config/self-hosted.json

@@ -0,0 +1 @@
+{}

crowdin.yml

@@ -1,3 +1,5 @@
+project_id_env: _CROWDIN_PROJECT_ID
+api_token_env: CROWDIN_API_TOKEN
 files:
   - source: /src/locales/en/messages.json
     translation: /src/locales/%two_letters_code%/%original_file_name%
@@ -10,3 +12,4 @@ files:
         zh-TW: zh_TW
         en-GB: en_GB
         en-IN: en_IN
+        sr-CY: sr_CY

gulpfile.js

@@ -1,37 +0,0 @@
-const gulp = require('gulp');
-const googleWebFonts = require('gulp-google-webfonts');
-const del = require('del');
-const package = require('./package.json');
-const fs = require('fs');
-
-const paths = {
-    node_modules: './node_modules/',
-    src: './src/',
-    build: './build/',
-    cssDir: './src/css/',
-};
-
-function clean() {
-    return del([paths.cssDir]);
-}
-
-function webfonts() {
-    return gulp.src('./webfonts.list')
-        .pipe(googleWebFonts({
-            fontsDir: 'webfonts',
-            cssFilename: 'webfonts.css',
-            format: 'woff',
-        }))
-        .pipe(gulp.dest(paths.cssDir));
-};
-
-function version(cb) {
-    fs.writeFileSync(paths.build + 'version.json', '{"version":"' + package.version + '"}');
-    cb();
-}
-
-exports.clean = clean;
-exports.webfonts = gulp.series(clean, webfonts);
-exports.prebuild = gulp.series(clean, webfonts);
-exports.version = version;
-exports.postdist = version;

package.json

@@ -1,107 +1,88 @@
 {
   "name": "bitwarden-web",
-  "version": "2.19.0",
+  "version": "2.24.2",
   "license": "GPL-3.0",
   "repository": "https://github.com/bitwarden/web",
   "scripts": {
     "sub:init": "git submodule update --init --recursive",
     "sub:update": "git submodule update --remote",
     "sub:pull": "git submodule foreach git pull origin master",
-    "postinstall": "npm run sub:init",
+    "preinstall": "npm run sub:init",
     "symlink:win": "rm -rf ./jslib && cmd /c mklink /J .\\jslib ..\\jslib",
     "symlink:mac": "npm run symlink:lin",
     "symlink:lin": "rm -rf ./jslib && ln -s ../jslib ./jslib",
-    "build": "gulp prebuild && webpack",
-    "build:watch": "gulp prebuild && webpack-dev-server",
-    "build:dev": "gulp prebuild && cross-env ENV=development webpack",
-    "build:dev:watch": "gulp prebuild && cross-env ENV=development webpack-dev-server",
-    "build:qa": "gulp prebuild && cross-env NODE_ENV=production ENV=qa webpack",
-    "build:qa:watch": "gulp prebuild && cross-env NODE_ENV=production ENV=qa webpack-dev-server",
-    "build:prod": "gulp prebuild && cross-env NODE_ENV=production ENV=production webpack",
-    "build:prod:watch": "gulp prebuild && cross-env NODE_ENV=production ENV=production webpack-dev-server",
-    "build:selfhost": "gulp prebuild && cross-env SELF_HOST=true webpack-dev-server",
-    "build:selfhost:watch": "gulp prebuild && cross-env SELF_HOST=true webpack-dev-server",
-    "build:selfhost:prod": "gulp prebuild && cross-env SELF_HOST=true NODE_ENV=production webpack",
-    "build:selfhost:prod:watch": "gulp prebuild && cross-env SELF_HOST=true NODE_ENV=production webpack-dev-server",
+    "build:oss": "webpack",
+    "build:bit": "webpack -c bitwarden_license/webpack.config.js",
+    "build:oss:watch": "webpack serve",
+    "build:bit:watch": "webpack serve -c bitwarden_license/webpack.config.js",
+    "build:bit:dev": "cross-env ENV=development npm run build:bit",
+    "build:bit:dev:watch": "cross-env ENV=development npm run build:bit:watch",
+    "build:bit:qa": "cross-env NODE_ENV=production ENV=qa npm run build:bit",
+    "build:bit:cloud": "cross-env NODE_ENV=production ENV=cloud npm run build:bit",
+    "build:oss:selfhost:watch": "cross-env ENV=selfhosted npm run build:oss:watch",
+    "build:bit:selfhost:watch": "cross-env ENV=selfhosted npm run build:bit:watch",
+    "build:oss:selfhost:prod": "cross-env ENV=selfhosted NODE_ENV=production npm run build:oss",
+    "build:bit:selfhost:prod": "cross-env ENV=selfhosted NODE_ENV=production npm run build:bit",
     "clean:l10n": "git push origin --delete l10n_master",
-    "dist": "npm run build:prod && gulp postdist",
-    "dist:selfhost": "npm run build:selfhost:prod && gulp postdist",
-    "deploy": "npm run dist && gh-pages -d build",
-    "deploy:dev": "npm run dist && gh-pages -d build -r git@github.com:kspearrin/bitwarden-web-dev.git",
-    "lint": "tslint 'src/**/*.ts' || true",
-    "lint:fix": "tslint 'src/**/*.ts' --fix"
+    "dist:bit:cloud": "npm run build:bit:cloud",
+    "dist:oss:selfhost": "npm run build:oss:selfhost:prod",
+    "dist:bit:selfhost": "npm run build:bit:selfhost:prod",
+    "deploy": "npm run dist:bit && gh-pages -d build",
+    "deploy:dev": "npm run dist:bit && gh-pages -d build -r git@github.com:kspearrin/bitwarden-web-dev.git",
+    "lint": "tslint 'src/**/*.ts' 'bitwarden_license/src/**/*.ts' || true",
+    "lint:fix": "tslint 'src/**/*.ts' 'bitwarden_license/src/**/*.ts' --fix"
   },
   "devDependencies": {
-    "@angular/compiler-cli": "^9.1.12",
-    "@ngtools/webpack": "^9.1.12",
+    "@angular/compiler-cli": "^11.2.11",
+    "@ngtools/webpack": "^11.2.10",
     "@types/jquery": "^3.5.5",
-    "@types/lunr": "^2.3.3",
-    "@types/node": "^10.17.28",
-    "@types/node-forge": "^0.9.7",
-    "@types/papaparse": "^5.2.0",
+    "@types/node": "^14.17.2",
     "@types/webcrypto": "^0.0.28",
-    "@types/webpack": "^4.4.11",
-    "@types/zxcvbn": "^4.4.0",
-    "angular2-template-loader": "^0.6.2",
-    "clean-webpack-plugin": "^0.1.19",
-    "copy-webpack-plugin": "^5.1.1",
-    "cross-env": "^5.2.0",
-    "css-loader": "^1.0.0",
-    "del": "^3.0.0",
-    "file-loader": "^2.0.0",
-    "gh-pages": "^1.2.0",
-    "gulp": "^4.0.0",
-    "gulp-google-webfonts": "^2.0.0",
-    "html-loader": "^0.5.5",
-    "html-webpack-plugin": "^3.2.0",
-    "mini-css-extract-plugin": "^0.9.0",
-    "node-sass": "^4.13.1",
-    "sass-loader": "^7.1.0",
-    "style-loader": "^0.23.0",
-    "terser-webpack-plugin": "^1.2.3",
-    "ts-loader": "^7.0.5",
+    "@types/webpack": "^4.4.27",
+    "clean-webpack-plugin": "^3.0.0",
+    "copy-webpack-plugin": "^6.4.0",
+    "cross-env": "^7.0.3",
+    "css-loader": "^5.2.3",
+    "del": "^6.0.0",
+    "file-loader": "^6.2.0",
+    "gh-pages": "^3.1.0",
+    "html-loader": "^1.3.2",
+    "html-webpack-injector": "1.1.4",
+    "html-webpack-plugin": "^4.5.1",
+    "mini-css-extract-plugin": "^1.5.0",
+    "sass": "^1.32.10",
+    "sass-loader": "^10.1.1",
+    "style-loader": "^2.0.0",
+    "tapable": "^1.1.3",
+    "terser-webpack-plugin": "^4.2.3",
+    "ts-loader": "^8.1.0",
     "tslint": "^6.1.3",
     "tslint-loader": "^3.5.4",
-    "typescript": "3.8.3",
-    "webpack": "^4.29.0",
-    "webpack-cli": "^3.2.1",
-    "webpack-dev-server": "^3.1.14"
+    "typescript": "4.1.5",
+    "webpack": "^4.46.0",
+    "webpack-cli": "^4.6.0",
+    "webpack-dev-server": "^3.11.2"
   },
   "dependencies": {
-    "@angular/animations": "9.1.12",
-    "@angular/cdk": "9.2.4",
-    "@angular/common": "9.1.12",
-    "@angular/compiler": "9.1.12",
-    "@angular/core": "9.1.12",
-    "@angular/forms": "9.1.12",
-    "@angular/platform-browser": "9.1.12",
-    "@angular/platform-browser-dynamic": "9.1.12",
-    "@angular/router": "9.1.12",
-    "@microsoft/signalr": "3.1.13",
-    "@microsoft/signalr-protocol-msgpack": "3.1.13",
-    "angular2-toaster": "8.0.0",
-    "big-integer": "1.6.48",
-    "bootstrap": "4.3.1",
-    "braintree-web-drop-in": "1.13.0",
+    "@bitwarden/jslib-angular": "file:jslib/angular",
+    "@bitwarden/jslib-common": "file:jslib/common",
+    "angular2-toaster": "11.0.1",
+    "bootstrap": "4.6.0",
+    "braintree-web-drop-in": "1.30.1",
     "browser-hrtime": "^1.1.8",
-    "core-js": "2.6.2",
+    "core-js": "^3.11.0",
     "date-input-polyfill": "^2.14.0",
-    "duo_web_sdk": "git+https://github.com/duosecurity/duo_web_sdk.git#410a9186cc34663c4913b17d6528067cd3331f1d",
     "font-awesome": "4.7.0",
     "jquery": "3.6.0",
-    "lunr": "2.3.3",
-    "ngx-infinite-scroll": "7.0.1",
-    "node-forge": "0.10.0",
-    "papaparse": "5.2.0",
-    "popper.js": "1.14.4",
+    "ngx-infinite-scroll": "^10.0.1",
+    "popper.js": "1.16.1",
     "qrious": "4.0.2",
-    "rxjs": "6.6.2",
-    "sweetalert2": "10.15.4",
-    "tslib": "^2.0.1",
-    "web-animations-js": "2.3.1",
-    "webcrypto-shim": "0.1.4",
-    "whatwg-fetch": "3.0.0",
-    "zone.js": "0.10.3",
-    "zxcvbn": "4.4.2"
+    "sweetalert2": "^10.16.6",
+    "webcrypto-shim": "0.1.7",
+    "whatwg-fetch": "3.6.2"
+  },
+  "engines": {
+    "node": "~14",
+    "npm": "~7"
   }
 }

src/app/accounts/accept-emergency.component.html

@@ -1,6 +1,6 @@
 <div class="mt-5 d-flex justify-content-center" *ngIf="loading">
     <div>
-        <img src="../../images/logo-dark@2x.png" class="mb-4 logo" alt="Bitwarden">
+        <img class="mb-4 logo logo-themed" alt="Bitwarden">
         <p class="text-center">
             <i class="fa fa-spinner fa-spin fa-2x text-muted" title="{{'loading' | i18n}}" aria-hidden="true"></i>
             <span class="sr-only">{{'loading' | i18n}}</span>

src/app/accounts/accept-emergency.component.ts

@@ -1,7 +1,4 @@
-import {
-    Component,
-    OnInit,
-} from '@angular/core';
+import { Component } from '@angular/core';
 import {
     ActivatedRoute,
     Router,
@@ -12,82 +9,52 @@ import {
     ToasterService,
 } from 'angular2-toaster';
 
-import { ApiService } from 'jslib/abstractions/api.service';
-import { I18nService } from 'jslib/abstractions/i18n.service';
-import { StateService } from 'jslib/abstractions/state.service';
-import { UserService } from 'jslib/abstractions/user.service';
-import { EmergencyAccessAcceptRequest } from 'jslib/models/request/emergencyAccessAcceptRequest';
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { StateService } from 'jslib-common/abstractions/state.service';
+import { UserService } from 'jslib-common/abstractions/user.service';
+import { EmergencyAccessAcceptRequest } from 'jslib-common/models/request/emergencyAccessAcceptRequest';
+import { BaseAcceptComponent } from '../common/base.accept.component';
 
 @Component({
     selector: 'app-accept-emergency',
     templateUrl: 'accept-emergency.component.html',
 })
-export class AcceptEmergencyComponent implements OnInit {
-    loading = true;
-    authed = false;
+export class AcceptEmergencyComponent extends BaseAcceptComponent {
+
     name: string;
-    email: string;
-    actionPromise: Promise<any>;
 
-    constructor(private router: Router, private toasterService: ToasterService,
-        private i18nService: I18nService, private route: ActivatedRoute,
-        private apiService: ApiService, private userService: UserService,
-        private stateService: StateService) { }
+    protected requiredParameters: string[] = ['id', 'name', 'email', 'token'];
+    protected failedShortMessage = 'emergencyInviteAcceptFailedShort';
+    protected failedMessage = 'emergencyInviteAcceptFailed';
 
-    ngOnInit() {
-        let fired = false;
-        this.route.queryParams.subscribe(async qParams => {
-            if (fired) {
-                return;
-            }
-            fired = true;
-            await this.stateService.remove('emergencyInvitation');
-            let error = qParams.id == null || qParams.name == null || qParams.email == null || qParams.token == null;
-            let errorMessage: string = null;
-            if (!error) {
-                this.authed = await this.userService.isAuthenticated();
-                if (this.authed) {
-                    const request = new EmergencyAccessAcceptRequest();
-                    request.token = qParams.token;
-                    try {
-                        this.actionPromise = this.apiService.postEmergencyAccessAccept(qParams.id, request);
-                        await this.actionPromise;
-                        const toast: Toast = {
-                            type: 'success',
-                            title: this.i18nService.t('inviteAccepted'),
-                            body: this.i18nService.t('emergencyInviteAcceptedDesc'),
-                            timeout: 10000,
-                        };
-                        this.toasterService.popAsync(toast);
-                        this.router.navigate(['/vault']);
-                    } catch (e) {
-                        error = true;
-                        errorMessage = e.message;
-                    }
-                } else {
-                    await this.stateService.save('emergencyInvitation', qParams);
-                    this.email = qParams.email;
-                    this.name = qParams.name;
-                    if (this.name != null) {
-                        // Fix URL encoding of space issue with Angular
-                        this.name = this.name.replace(/\+/g, ' ');
-                    }
-                }
-            }
+    constructor(router: Router, toasterService: ToasterService,
+        i18nService: I18nService, route: ActivatedRoute,
+        private apiService: ApiService, userService: UserService,
+        stateService: StateService) {
+        super(router, toasterService, i18nService, route, userService, stateService);
+    }
 
-            if (error) {
-                const toast: Toast = {
-                    type: 'error',
-                    title: null,
-                    body: errorMessage != null ? this.i18nService.t('emergencyInviteAcceptFailedShort', errorMessage) :
-                        this.i18nService.t('emergencyInviteAcceptFailed'),
-                    timeout: 10000,
-                };
-                this.toasterService.popAsync(toast);
-                this.router.navigate(['/']);
-            }
+    async authedHandler(qParams: any): Promise<void> {
+        const request = new EmergencyAccessAcceptRequest();
+        request.token = qParams.token;
+        this.actionPromise = this.apiService.postEmergencyAccessAccept(qParams.id, request);
+        await this.actionPromise;
+        const toast: Toast = {
+            type: 'success',
+            title: this.i18nService.t('inviteAccepted'),
+            body: this.i18nService.t('emergencyInviteAcceptedDesc'),
+            timeout: 10000,
+        };
+        this.toasterService.popAsync(toast);
+        this.router.navigate(['/vault']);
+    }
 
-            this.loading = false;
-        });
+    async unauthedHandler(qParams: any): Promise<void> {
+        this.name = qParams.name;
+        if (this.name != null) {
+            // Fix URL encoding of space issue with Angular
+            this.name = this.name.replace(/\+/g, ' ');
+        }
     }
 }

src/app/accounts/accept-organization.component.ts

@@ -1,7 +1,4 @@
-import {
-    Component,
-    OnInit,
-} from '@angular/core';
+import { Component } from '@angular/core';
 import {
     ActivatedRoute,
     Router,
@@ -12,84 +9,106 @@ import {
     ToasterService,
 } from 'angular2-toaster';
 
-import { ApiService } from 'jslib/abstractions/api.service';
-import { I18nService } from 'jslib/abstractions/i18n.service';
-import { StateService } from 'jslib/abstractions/state.service';
-import { UserService } from 'jslib/abstractions/user.service';
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { CryptoService } from 'jslib-common/abstractions/crypto.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { PolicyService } from 'jslib-common/abstractions/policy.service';
+import { StateService } from 'jslib-common/abstractions/state.service';
+import { UserService } from 'jslib-common/abstractions/user.service';
 
-import { OrganizationUserAcceptRequest } from 'jslib/models/request/organizationUserAcceptRequest';
+import { OrganizationUserAcceptRequest } from 'jslib-common/models/request/organizationUserAcceptRequest';
+import { OrganizationUserResetPasswordEnrollmentRequest } from 'jslib-common/models/request/organizationUserResetPasswordEnrollmentRequest';
+
+import { Utils } from 'jslib-common/misc/utils';
+import { Policy } from 'jslib-common/models/domain/policy';
+import { BaseAcceptComponent } from '../common/base.accept.component';
 
 @Component({
     selector: 'app-accept-organization',
     templateUrl: 'accept-organization.component.html',
 })
-export class AcceptOrganizationComponent implements OnInit {
-    loading = true;
-    authed = false;
+export class AcceptOrganizationComponent extends BaseAcceptComponent {
     orgName: string;
-    email: string;
-    actionPromise: Promise<any>;
 
-    constructor(private router: Router, private toasterService: ToasterService,
-        private i18nService: I18nService, private route: ActivatedRoute,
-        private apiService: ApiService, private userService: UserService,
-        private stateService: StateService) { }
+    protected requiredParameters: string[] = ['organizationId', 'organizationUserId', 'token'];
 
-    ngOnInit() {
-        let fired = false;
-        this.route.queryParams.subscribe(async qParams => {
-            if (fired) {
-                return;
-            }
-            fired = true;
-            await this.stateService.remove('orgInvitation');
-            let error = qParams.organizationId == null || qParams.organizationUserId == null || qParams.token == null;
-            let errorMessage: string = null;
-            if (!error) {
-                this.authed = await this.userService.isAuthenticated();
-                if (this.authed) {
-                    const request = new OrganizationUserAcceptRequest();
-                    request.token = qParams.token;
-                    try {
-                        this.actionPromise = this.apiService.postOrganizationUserAccept(qParams.organizationId,
-                            qParams.organizationUserId, request);
-                        await this.actionPromise;
-                        const toast: Toast = {
-                            type: 'success',
-                            title: this.i18nService.t('inviteAccepted'),
-                            body: this.i18nService.t('inviteAcceptedDesc'),
-                            timeout: 10000,
-                        };
-                        this.toasterService.popAsync(toast);
-                        this.router.navigate(['/vault']);
-                    } catch (e) {
-                        error = true;
-                        errorMessage = e.message;
+    constructor(router: Router, toasterService: ToasterService,
+        i18nService: I18nService, route: ActivatedRoute,
+        private apiService: ApiService, userService: UserService,
+        stateService: StateService, private cryptoService: CryptoService,
+        private policyService: PolicyService) {
+        super(router, toasterService, i18nService, route, userService, stateService);
+    }
+
+    async authedHandler(qParams: any): Promise<void> {
+        const request = new OrganizationUserAcceptRequest();
+        request.token = qParams.token;
+        if (await this.performResetPasswordAutoEnroll(qParams)) {
+            this.actionPromise = this.apiService.postOrganizationUserAccept(qParams.organizationId,
+                qParams.organizationUserId, request).then(() => {
+                    // Retrieve Public Key
+                    return this.apiService.getOrganizationKeys(qParams.organizationId);
+                }).then(async response => {
+                    if (response == null) {
+                        throw new Error(this.i18nService.t('resetPasswordOrgKeysError'));
                     }
-                } else {
-                    await this.stateService.save('orgInvitation', qParams);
-                    this.email = qParams.email;
-                    this.orgName = qParams.organizationName;
-                    if (this.orgName != null) {
-                        // Fix URL encoding of space issue with Angular
-                        this.orgName = this.orgName.replace(/\+/g, ' ');
-                    }
-                }
-            }
 
-            if (error) {
-                const toast: Toast = {
-                    type: 'error',
-                    title: null,
-                    body: errorMessage != null ? this.i18nService.t('inviteAcceptFailedShort', errorMessage) :
-                        this.i18nService.t('inviteAcceptFailed'),
-                    timeout: 10000,
-                };
-                this.toasterService.popAsync(toast);
-                this.router.navigate(['/']);
-            }
+                    const publicKey = Utils.fromB64ToArray(response.publicKey);
 
-            this.loading = false;
-        });
+                    // RSA Encrypt user's encKey.key with organization public key
+                    const encKey = await this.cryptoService.getEncKey();
+                    const encryptedKey = await this.cryptoService.rsaEncrypt(encKey.key, publicKey.buffer);
+
+                    // Create request and execute enrollment
+                    const resetRequest = new OrganizationUserResetPasswordEnrollmentRequest();
+                    resetRequest.resetPasswordKey = encryptedKey.encryptedString;
+
+                    // Get User Id
+                    const userId = await this.userService.getUserId();
+
+                    return this.apiService.putOrganizationUserResetPasswordEnrollment(qParams.organizationId, userId, resetRequest);
+                });
+        } else {
+            this.actionPromise = this.apiService.postOrganizationUserAccept(qParams.organizationId,
+                qParams.organizationUserId, request);
+        }
+
+        await this.actionPromise;
+        const toast: Toast = {
+            type: 'success',
+            title: this.i18nService.t('inviteAccepted'),
+            body: this.i18nService.t('inviteAcceptedDesc'),
+            timeout: 10000,
+        };
+        this.toasterService.popAsync(toast);
+
+        await this.stateService.remove('orgInvitation');
+        this.router.navigate(['/vault']);
+    }
+
+    async unauthedHandler(qParams: any): Promise<void> {
+        this.orgName = qParams.organizationName;
+        if (this.orgName != null) {
+            // Fix URL encoding of space issue with Angular
+            this.orgName = this.orgName.replace(/\+/g, ' ');
+        }
+        await this.stateService.save('orgInvitation', qParams);
+    }
+
+    private async performResetPasswordAutoEnroll(qParams: any): Promise<boolean> {
+        let policyList: Policy[] = null;
+        try {
+            const policies = await this.apiService.getPoliciesByToken(qParams.organizationId, qParams.token,
+                qParams.email, qParams.organizationUserId);
+            policyList = this.policyService.mapPoliciesFromToken(policies);
+        } catch { }
+
+        if (policyList != null) {
+            const result = this.policyService.getResetPasswordPolicyOptions(policyList, qParams.organizationId);
+            // Return true if policy enabled and auto-enroll enabled
+            return result[1] && result[0].autoEnrollEnabled;
+        }
+
+        return false;
     }
 }

src/app/accounts/hint.component.ts

@@ -1,11 +1,11 @@
 import { Component } from '@angular/core';
 import { Router } from '@angular/router';
 
-import { ApiService } from 'jslib/abstractions/api.service';
-import { I18nService } from 'jslib/abstractions/i18n.service';
-import { PlatformUtilsService } from 'jslib/abstractions/platformUtils.service';
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
 
-import { HintComponent as BaseHintComponent } from 'jslib/angular/components/hint.component';
+import { HintComponent as BaseHintComponent } from 'jslib-angular/components/hint.component';
 
 @Component({
     selector: 'app-hint',

src/app/accounts/lock.component.ts

@@ -1,20 +1,20 @@
 import { Component } from '@angular/core';
 import { Router } from '@angular/router';
 
-import { ApiService } from 'jslib/abstractions/api.service';
-import { CryptoService } from 'jslib/abstractions/crypto.service';
-import { EnvironmentService } from 'jslib/abstractions/environment.service';
-import { I18nService } from 'jslib/abstractions/i18n.service';
-import { MessagingService } from 'jslib/abstractions/messaging.service';
-import { PlatformUtilsService } from 'jslib/abstractions/platformUtils.service';
-import { StateService } from 'jslib/abstractions/state.service';
-import { StorageService } from 'jslib/abstractions/storage.service';
-import { UserService } from 'jslib/abstractions/user.service';
-import { VaultTimeoutService } from 'jslib/abstractions/vaultTimeout.service';
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { CryptoService } from 'jslib-common/abstractions/crypto.service';
+import { EnvironmentService } from 'jslib-common/abstractions/environment.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { MessagingService } from 'jslib-common/abstractions/messaging.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+import { StateService } from 'jslib-common/abstractions/state.service';
+import { StorageService } from 'jslib-common/abstractions/storage.service';
+import { UserService } from 'jslib-common/abstractions/user.service';
+import { VaultTimeoutService } from 'jslib-common/abstractions/vaultTimeout.service';
 
 import { RouterService } from '../services/router.service';
 
-import { LockComponent as BaseLockComponent } from 'jslib/angular/components/lock.component';
+import { LockComponent as BaseLockComponent } from 'jslib-angular/components/lock.component';
 
 @Component({
     selector: 'app-lock',

src/app/accounts/login.component.html

@@ -1,10 +1,14 @@
 <form #form (ngSubmit)="submit()" [appApiAction]="formPromise" class="container" ngNativeValidate>
     <div class="row justify-content-md-center mt-5">
         <div class="col-5">
-            <img src="../../images/logo-dark@2x.png" class="logo mb-2" alt="Bitwarden">
+            <img class="mb-2 logo logo-themed" alt="Bitwarden">
             <p class="lead text-center mx-4 mb-4">{{'loginOrCreateNewAccount' | i18n}}</p>
             <div class="card d-block">
                 <div class="card-body">
+                    <app-callout type="warning" title="{{'resetPasswordPolicyAutoEnroll' | i18n}}"
+                        *ngIf="showResetPasswordAutoEnrollWarning">
+                        {{'resetPasswordAutoEnrollInviteWarning' | i18n}}
+                    </app-callout>
                     <div class="form-group">
                         <label for="email">{{'emailAddress' | i18n}}</label>
                         <input id="email" class="form-control" type="text" name="Email" [(ngModel)]="email" required
@@ -26,11 +30,12 @@
                             <a routerLink="/hint">{{'getMasterPasswordHint' | i18n}}</a>
                         </small>
                     </div>
-                    <div class="form-check">
+                    <div class="form-check mb-3">
                         <input type="checkbox" class="form-check-input" id="rememberEmail" name="RememberEmail"
                             [(ngModel)]="rememberEmail">
                         <label class="form-check-label" for="rememberEmail">{{'rememberEmail' | i18n}}</label>
                     </div>
+                    <div class="mb-n3" [hidden]="!showCaptcha()"><iframe id="hcaptcha_iframe" height="80"></iframe></div>
                     <hr>
                     <div class="d-flex">
                         <button type="submit" class="btn btn-primary btn-block btn-submit" [disabled]="form.loading">

src/app/accounts/login.component.ts

@@ -4,27 +4,35 @@ import {
     Router,
 } from '@angular/router';
 
-import { AuthService } from 'jslib/abstractions/auth.service';
-import { CryptoFunctionService } from 'jslib/abstractions/cryptoFunction.service';
-import { EnvironmentService } from 'jslib/abstractions/environment.service';
-import { I18nService } from 'jslib/abstractions/i18n.service';
-import { PasswordGenerationService } from 'jslib/abstractions/passwordGeneration.service';
-import { PlatformUtilsService } from 'jslib/abstractions/platformUtils.service';
-import { StateService } from 'jslib/abstractions/state.service';
-import { StorageService } from 'jslib/abstractions/storage.service';
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { AuthService } from 'jslib-common/abstractions/auth.service';
+import { CryptoFunctionService } from 'jslib-common/abstractions/cryptoFunction.service';
+import { EnvironmentService } from 'jslib-common/abstractions/environment.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { PasswordGenerationService } from 'jslib-common/abstractions/passwordGeneration.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+import { PolicyService } from 'jslib-common/abstractions/policy.service';
+import { StateService } from 'jslib-common/abstractions/state.service';
+import { StorageService } from 'jslib-common/abstractions/storage.service';
 
-import { LoginComponent as BaseLoginComponent } from 'jslib/angular/components/login.component';
+import { LoginComponent as BaseLoginComponent } from 'jslib-angular/components/login.component';
+
+import { Policy } from 'jslib-common/models/domain/policy';
 
 @Component({
     selector: 'app-login',
     templateUrl: 'login.component.html',
 })
 export class LoginComponent extends BaseLoginComponent {
+
+    showResetPasswordAutoEnrollWarning = false;
+
     constructor(authService: AuthService, router: Router,
         i18nService: I18nService, private route: ActivatedRoute,
         storageService: StorageService, stateService: StateService,
         platformUtilsService: PlatformUtilsService, environmentService: EnvironmentService,
-        passwordGenerationService: PasswordGenerationService, cryptoFunctionService: CryptoFunctionService) {
+        passwordGenerationService: PasswordGenerationService, cryptoFunctionService: CryptoFunctionService,
+        private apiService: ApiService, private policyService: PolicyService) {
         super(authService, router,
             platformUtilsService, i18nService,
             stateService, environmentService,
@@ -49,23 +57,31 @@ export class LoginComponent extends BaseLoginComponent {
                 queryParamsSub.unsubscribe();
             }
         });
-    }
 
-    async goAfterLogIn() {
-        const orgInvite = await this.stateService.get<any>('orgInvitation');
-        const emergencyInvite = await this.stateService.get<any>('emergencyInvitation');
-        if (orgInvite != null) {
-            this.router.navigate(['accept-organization'], { queryParams: orgInvite });
-        } else if (emergencyInvite != null) {
-            this.router.navigate(['accept-emergency'], { queryParams: emergencyInvite });
-        } else {
-            const loginRedirect = await this.stateService.get<any>('loginRedirect');
-            if (loginRedirect != null) {
-                this.router.navigate([loginRedirect.route], { queryParams: loginRedirect.qParams });
-                await this.stateService.remove('loginRedirect');
-            } else {
-                this.router.navigate([this.successRoute]);
+        const invite = await this.stateService.get<any>('orgInvitation');
+        if (invite != null) {
+            let policyList: Policy[] = null;
+            try {
+                const policies = await this.apiService.getPoliciesByToken(invite.organizationId, invite.token,
+                    invite.email, invite.organizationUserId);
+                policyList = this.policyService.mapPoliciesFromToken(policies);
+            } catch { }
+
+            if (policyList != null) {
+                const result = this.policyService.getResetPasswordPolicyOptions(policyList, invite.organizationId);
+                // Set to true if policy enabled and auto-enroll enabled
+                this.showResetPasswordAutoEnrollWarning = result[1] && result[0].autoEnrollEnabled;
             }
         }
     }
+
+    async goAfterLogIn() {
+        const loginRedirect = await this.stateService.get<any>('loginRedirect');
+        if (loginRedirect != null) {
+            this.router.navigate([loginRedirect.route], { queryParams: loginRedirect.qParams });
+            await this.stateService.remove('loginRedirect');
+        } else {
+            this.router.navigate([this.successRoute]);
+        }
+    }
 }

src/app/accounts/recover-delete.component.ts

@@ -3,10 +3,10 @@ import { Router } from '@angular/router';
 
 import { ToasterService } from 'angular2-toaster';
 
-import { ApiService } from 'jslib/abstractions/api.service';
-import { I18nService } from 'jslib/abstractions/i18n.service';
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
 
-import { DeleteRecoverRequest } from 'jslib/models/request/deleteRecoverRequest';
+import { DeleteRecoverRequest } from 'jslib-common/models/request/deleteRecoverRequest';
 
 @Component({
     selector: 'app-recover-delete',

src/app/accounts/recover-two-factor.component.ts

@@ -3,12 +3,12 @@ import { Router } from '@angular/router';
 
 import { ToasterService } from 'angular2-toaster';
 
-import { ApiService } from 'jslib/abstractions/api.service';
-import { AuthService } from 'jslib/abstractions/auth.service';
-import { CryptoService } from 'jslib/abstractions/crypto.service';
-import { I18nService } from 'jslib/abstractions/i18n.service';
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { AuthService } from 'jslib-common/abstractions/auth.service';
+import { CryptoService } from 'jslib-common/abstractions/crypto.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
 
-import { TwoFactorRecoveryRequest } from 'jslib/models/request/twoFactorRecoveryRequest';
+import { TwoFactorRecoveryRequest } from 'jslib-common/models/request/twoFactorRecoveryRequest';
 
 @Component({
     selector: 'app-recover-two-factor',

src/app/accounts/register.component.html

@@ -62,24 +62,8 @@
                                     <small class="form-text text-muted">{{'yourNameDesc' | i18n}}</small>
                                 </div>
                                 <div class="form-group">
-                                    <app-callout type="info" *ngIf="enforcedPolicyOptions">
-                                        {{'masterPasswordPolicyInEffect' | i18n}}
-                                        <ul class="mb-0">
-                                            <li *ngIf="enforcedPolicyOptions?.minComplexity > 0">
-                                                {{'policyInEffectMinComplexity' | i18n : getPasswordScoreAlertDisplay()}}
-                                            </li>
-                                            <li *ngIf="enforcedPolicyOptions?.minLength > 0">
-                                                {{'policyInEffectMinLength' | i18n : enforcedPolicyOptions?.minLength.toString()}}
-                                            </li>
-                                            <li *ngIf="enforcedPolicyOptions?.requireUpper">
-                                                {{'policyInEffectUppercase' | i18n}}</li>
-                                            <li *ngIf="enforcedPolicyOptions?.requireLower">
-                                                {{'policyInEffectLowercase' | i18n}}</li>
-                                            <li *ngIf="enforcedPolicyOptions?.requireNumbers">
-                                                {{'policyInEffectNumbers' | i18n}}</li>
-                                            <li *ngIf="enforcedPolicyOptions?.requireSpecial">
-                                                {{'policyInEffectSpecial' | i18n : '!@#$%^&*'}}</li>
-                                        </ul>
+                                    <app-callout type="info" [enforcedPolicyOptions]="enforcedPolicyOptions"
+                                        *ngIf="enforcedPolicyOptions">
                                     </app-callout>
                                     <label for="masterPassword">{{'masterPass' | i18n}}</label>
                                     <div class="d-flex">
@@ -121,6 +105,7 @@
                                     <input id="hint" class="form-control" type="text" name="Hint" [(ngModel)]="hint">
                                     <small class="form-text text-muted">{{'masterPassHintDesc' | i18n}}</small>
                                 </div>
+                                <div [hidden]="!showCaptcha()"><iframe id="hcaptcha_iframe" height="80"></iframe></div>
                                 <div class="form-group" *ngIf="showTerms">
                                     <div class="form-check">
                                         <input class="form-check-input" type="checkbox" id="acceptPolicies"

src/app/accounts/register.component.ts

@@ -4,22 +4,23 @@ import {
     Router,
 } from '@angular/router';
 
-import { ApiService } from 'jslib/abstractions/api.service';
-import { AuthService } from 'jslib/abstractions/auth.service';
-import { CryptoService } from 'jslib/abstractions/crypto.service';
-import { I18nService } from 'jslib/abstractions/i18n.service';
-import { PasswordGenerationService } from 'jslib/abstractions/passwordGeneration.service';
-import { PlatformUtilsService } from 'jslib/abstractions/platformUtils.service';
-import { PolicyService } from 'jslib/abstractions/policy.service';
-import { StateService } from 'jslib/abstractions/state.service';
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { AuthService } from 'jslib-common/abstractions/auth.service';
+import { CryptoService } from 'jslib-common/abstractions/crypto.service';
+import { EnvironmentService } from 'jslib-common/abstractions/environment.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { PasswordGenerationService } from 'jslib-common/abstractions/passwordGeneration.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+import { PolicyService } from 'jslib-common/abstractions/policy.service';
+import { StateService } from 'jslib-common/abstractions/state.service';
 
-import { RegisterComponent as BaseRegisterComponent } from 'jslib/angular/components/register.component';
+import { RegisterComponent as BaseRegisterComponent } from 'jslib-angular/components/register.component';
 
-import { MasterPasswordPolicyOptions } from 'jslib/models/domain/masterPasswordPolicyOptions';
-import { Policy } from 'jslib/models/domain/policy';
+import { MasterPasswordPolicyOptions } from 'jslib-common/models/domain/masterPasswordPolicyOptions';
+import { Policy } from 'jslib-common/models/domain/policy';
 
-import { PolicyData } from 'jslib/models/data/policyData';
-import { ReferenceEventRequest } from 'jslib/models/request/referenceEventRequest';
+import { PolicyData } from 'jslib-common/models/data/policyData';
+import { ReferenceEventRequest } from 'jslib-common/models/request/referenceEventRequest';
 
 @Component({
     selector: 'app-register',
@@ -36,29 +37,10 @@ export class RegisterComponent extends BaseRegisterComponent {
         i18nService: I18nService, cryptoService: CryptoService,
         apiService: ApiService, private route: ActivatedRoute,
         stateService: StateService, platformUtilsService: PlatformUtilsService,
-        passwordGenerationService: PasswordGenerationService, private policyService: PolicyService) {
+        passwordGenerationService: PasswordGenerationService, private policyService: PolicyService,
+        environmentService: EnvironmentService) {
         super(authService, router, i18nService, cryptoService, apiService, stateService, platformUtilsService,
-            passwordGenerationService);
-    }
-
-    getPasswordScoreAlertDisplay() {
-        if (this.enforcedPolicyOptions == null) {
-            return '';
-        }
-
-        let str: string;
-        switch (this.enforcedPolicyOptions.minComplexity) {
-            case 4:
-                str = this.i18nService.t('strong');
-                break;
-            case 3:
-                str = this.i18nService.t('good');
-                break;
-            default:
-                str = this.i18nService.t('weak');
-                break;
-        }
-        return str + ' (' + this.enforcedPolicyOptions.minComplexity + ')';
+            passwordGenerationService, environmentService);
     }
 
     async ngOnInit() {
@@ -105,6 +87,8 @@ export class RegisterComponent extends BaseRegisterComponent {
         if (this.policies != null) {
             this.enforcedPolicyOptions = await this.policyService.getMasterPasswordPolicyOptions(this.policies);
         }
+
+        await super.ngOnInit();
     }
 
     async submit() {

src/app/accounts/set-password.component.html

@@ -9,25 +9,13 @@
                 </div>
                 <div class="card-body" *ngIf="!syncLoading">
                     <app-callout type="info">{{'ssoCompleteRegistration' | i18n}}</app-callout>
+                    <app-callout type="warning" title="{{'resetPasswordPolicyAutoEnroll' | i18n}}"
+                        *ngIf="resetPasswordAutoEnroll">
+                        {{'resetPasswordAutoEnrollInviteWarning' | i18n}}
+                    </app-callout>
                     <div class="form-group">
-                        <app-callout type="info" *ngIf="enforcedPolicyOptions">
-                            {{'masterPasswordPolicyInEffect' | i18n}}
-                            <ul class="mb-0">
-                                <li *ngIf="enforcedPolicyOptions?.minComplexity > 0">
-                                    {{'policyInEffectMinComplexity' | i18n : getPasswordScoreAlertDisplay()}}
-                                </li>
-                                <li *ngIf="enforcedPolicyOptions?.minLength > 0">
-                                    {{'policyInEffectMinLength' | i18n : enforcedPolicyOptions?.minLength.toString()}}
-                                </li>
-                                <li *ngIf="enforcedPolicyOptions?.requireUpper">
-                                    {{'policyInEffectUppercase' | i18n}}</li>
-                                <li *ngIf="enforcedPolicyOptions?.requireLower">
-                                    {{'policyInEffectLowercase' | i18n}}</li>
-                                <li *ngIf="enforcedPolicyOptions?.requireNumbers">
-                                    {{'policyInEffectNumbers' | i18n}}</li>
-                                <li *ngIf="enforcedPolicyOptions?.requireSpecial">
-                                    {{'policyInEffectSpecial' | i18n : '!@#$%^&*'}}</li>
-                            </ul>
+                        <app-callout type="info" [enforcedPolicyOptions]="enforcedPolicyOptions"
+                            *ngIf="enforcedPolicyOptions">
                         </app-callout>
                         <label for="masterPassword">{{'masterPass' | i18n}}</label>
                         <div class="d-flex">

src/app/accounts/set-password.component.ts

@@ -4,19 +4,19 @@ import {
     Router,
 } from '@angular/router';
 
-import { ApiService } from 'jslib/abstractions/api.service';
-import { CryptoService } from 'jslib/abstractions/crypto.service';
-import { I18nService } from 'jslib/abstractions/i18n.service';
-import { MessagingService } from 'jslib/abstractions/messaging.service';
-import { PasswordGenerationService } from 'jslib/abstractions/passwordGeneration.service';
-import { PlatformUtilsService } from 'jslib/abstractions/platformUtils.service';
-import { PolicyService } from 'jslib/abstractions/policy.service';
-import { SyncService } from 'jslib/abstractions/sync.service';
-import { UserService } from 'jslib/abstractions/user.service';
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { CryptoService } from 'jslib-common/abstractions/crypto.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { MessagingService } from 'jslib-common/abstractions/messaging.service';
+import { PasswordGenerationService } from 'jslib-common/abstractions/passwordGeneration.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+import { PolicyService } from 'jslib-common/abstractions/policy.service';
+import { SyncService } from 'jslib-common/abstractions/sync.service';
+import { UserService } from 'jslib-common/abstractions/user.service';
 
 import {
     SetPasswordComponent as BaseSetPasswordComponent,
-} from 'jslib/angular/components/set-password.component';
+} from 'jslib-angular/components/set-password.component';
 
 @Component({
     selector: 'app-set-password',

src/app/accounts/sso.component.html

@@ -1,7 +1,7 @@
 <form #form (ngSubmit)="submit()" class="container" [appApiAction]="initiateSsoFormPromise" ngNativeValidate>
     <div class="row justify-content-md-center mt-5">
         <div class="col-5">
-            <img src="../../images/logo-dark@2x.png" class="logo mb-2" alt="Bitwarden">
+            <img class="logo mb-2 logo-themed" alt="Bitwarden">
             <div class="card d-block mt-4">
                 <div class="card-body" *ngIf="loggingIn">
                     <i class="fa fa-spinner fa-spin" title="{{'loading' | i18n}}" aria-hidden="true"></i>

src/app/accounts/sso.component.ts

@@ -4,16 +4,17 @@ import {
     Router,
 } from '@angular/router';
 
-import { ApiService } from 'jslib/abstractions/api.service';
-import { AuthService } from 'jslib/abstractions/auth.service';
-import { CryptoFunctionService } from 'jslib/abstractions/cryptoFunction.service';
-import { I18nService } from 'jslib/abstractions/i18n.service';
-import { PasswordGenerationService } from 'jslib/abstractions/passwordGeneration.service';
-import { PlatformUtilsService } from 'jslib/abstractions/platformUtils.service';
-import { StateService } from 'jslib/abstractions/state.service';
-import { StorageService } from 'jslib/abstractions/storage.service';
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { AuthService } from 'jslib-common/abstractions/auth.service';
+import { CryptoFunctionService } from 'jslib-common/abstractions/cryptoFunction.service';
+import { EnvironmentService } from 'jslib-common/abstractions/environment.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { PasswordGenerationService } from 'jslib-common/abstractions/passwordGeneration.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+import { StateService } from 'jslib-common/abstractions/state.service';
+import { StorageService } from 'jslib-common/abstractions/storage.service';
 
-import { SsoComponent as BaseSsoComponent } from 'jslib/angular/components/sso.component';
+import { SsoComponent as BaseSsoComponent } from 'jslib-angular/components/sso.component';
 
 const IdentifierStorageKey = 'ssoOrgIdentifier';
 
@@ -26,10 +27,10 @@ export class SsoComponent extends BaseSsoComponent {
         i18nService: I18nService, route: ActivatedRoute,
         storageService: StorageService, stateService: StateService,
         platformUtilsService: PlatformUtilsService, apiService: ApiService,
-        cryptoFunctionService: CryptoFunctionService,
+        cryptoFunctionService: CryptoFunctionService, environmentService: EnvironmentService,
         passwordGenerationService: PasswordGenerationService) {
         super(authService, router, i18nService, route, storageService, stateService, platformUtilsService,
-            apiService, cryptoFunctionService, passwordGenerationService);
+            apiService, cryptoFunctionService, environmentService, passwordGenerationService);
         this.redirectUri = window.location.origin + '/sso-connector.html';
         this.clientId = 'web';
     }

src/app/accounts/two-factor-options.component.html

@@ -1,5 +1,5 @@
 <div class="modal fade" tabindex="-1" role="dialog" aria-modal="true" aria-labelledby="twoStepOptionsTitle">
-    <div class="modal-dialog" role="document">
+    <div class="modal-dialog modal-dialog-scrollable" role="document">
         <div class="modal-content">
             <div class="modal-header">
                 <h2 class="modal-title" id="twoStepOptionsTitle">{{'twoStepOptions' | i18n}}</h2>
@@ -7,17 +7,19 @@
                     <span aria-hidden="true">&times;</span>
                 </button>
             </div>
-            <div class="list-group list-group-flush">
-                <a href="#" appStopClick *ngFor="let p of providers" (click)="choose(p)"
-                    class="list-group-item list-group-item-action">
-                    <img [src]="'images/two-factor/' + p.type + '.png'" alt="" class="pull-right">
-                    <h3>{{p.name}}</h3>
-                    {{p.description}}
-                </a>
-                <a href="#" appStopClick class="list-group-item list-group-item-action" (click)="recover()">
-                    <h3>{{'recoveryCodeTitle' | i18n}}</h3>
-                    {{'recoveryCodeDesc' | i18n}}
-                </a>
+            <div class="modal-body">
+                <div class="list-group list-group-flush">
+                    <a href="#" appStopClick *ngFor="let p of providers" (click)="choose(p)"
+                        class="list-group-item list-group-item-action">
+                        <img [src]="'images/two-factor/' + p.type + '.png'" alt="" class="pull-right">
+                        <h3>{{p.name}}</h3>
+                        {{p.description}}
+                    </a>
+                    <a href="#" appStopClick class="list-group-item list-group-item-action" (click)="recover()">
+                        <h3>{{'recoveryCodeTitle' | i18n}}</h3>
+                        {{'recoveryCodeDesc' | i18n}}
+                    </a>
+                </div>
             </div>
             <div class="modal-footer">
                 <button type="button" class="btn btn-outline-secondary" data-dismiss="modal">{{'close' | i18n}}</button>

src/app/accounts/two-factor-options.component.ts

@@ -1,13 +1,13 @@
 import { Component } from '@angular/core';
 import { Router } from '@angular/router';
 
-import { AuthService } from 'jslib/abstractions/auth.service';
-import { I18nService } from 'jslib/abstractions/i18n.service';
-import { PlatformUtilsService } from 'jslib/abstractions/platformUtils.service';
+import { AuthService } from 'jslib-common/abstractions/auth.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
 
 import {
     TwoFactorOptionsComponent as BaseTwoFactorOptionsComponent,
-} from 'jslib/angular/components/two-factor-options.component';
+} from 'jslib-angular/components/two-factor-options.component';
 
 @Component({
     selector: 'app-two-factor-options',

src/app/accounts/two-factor.component.html

@@ -35,7 +35,7 @@
                     </ng-container>
                     <ng-container *ngIf="selectedProviderType === providerType.WebAuthn">
                         <div id="web-authn-frame" class="mb-3">
-                            <iframe id="webauthn_iframe"></iframe>
+                            <iframe id="webauthn_iframe" [allow]="webAuthnAllow"></iframe>
                         </div>
                     </ng-container>
                     <ng-container *ngIf="selectedProviderType === providerType.Duo ||

src/app/accounts/two-factor.component.ts

@@ -1,6 +1,5 @@
 import {
     Component,
-    ComponentFactoryResolver,
     ViewChild,
     ViewContainerRef,
 } from '@angular/core';
@@ -10,22 +9,22 @@ import {
     Router,
 } from '@angular/router';
 
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { AuthService } from 'jslib-common/abstractions/auth.service';
+import { EnvironmentService } from 'jslib-common/abstractions/environment.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+import { StateService } from 'jslib-common/abstractions/state.service';
+import { StorageService } from 'jslib-common/abstractions/storage.service';
+
+import { ModalService } from 'jslib-angular/services/modal.service';
+
+import { TwoFactorProviderType } from 'jslib-common/enums/twoFactorProviderType';
+
+import { TwoFactorComponent as BaseTwoFactorComponent } from 'jslib-angular/components/two-factor.component';
+
 import { TwoFactorOptionsComponent } from './two-factor-options.component';
 
-import { ModalComponent } from '../modal.component';
-
-import { TwoFactorProviderType } from 'jslib/enums/twoFactorProviderType';
-
-import { ApiService } from 'jslib/abstractions/api.service';
-import { AuthService } from 'jslib/abstractions/auth.service';
-import { EnvironmentService } from 'jslib/abstractions/environment.service';
-import { I18nService } from 'jslib/abstractions/i18n.service';
-import { PlatformUtilsService } from 'jslib/abstractions/platformUtils.service';
-import { StateService } from 'jslib/abstractions/state.service';
-import { StorageService } from 'jslib/abstractions/storage.service';
-
-import { TwoFactorComponent as BaseTwoFactorComponent } from 'jslib/angular/components/two-factor.component';
-
 @Component({
     selector: 'app-two-factor',
     templateUrl: 'two-factor.component.html',
@@ -36,48 +35,37 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
     constructor(authService: AuthService, router: Router,
         i18nService: I18nService, apiService: ApiService,
         platformUtilsService: PlatformUtilsService, stateService: StateService,
-        environmentService: EnvironmentService, private componentFactoryResolver: ComponentFactoryResolver,
+        environmentService: EnvironmentService, private modalService: ModalService,
         storageService: StorageService, route: ActivatedRoute) {
         super(authService, router, i18nService, apiService, platformUtilsService, window, environmentService,
             stateService, storageService, route);
         this.onSuccessfulLoginNavigate = this.goAfterLogIn;
     }
 
-    anotherMethod() {
-        const factory = this.componentFactoryResolver.resolveComponentFactory(ModalComponent);
-        const modal = this.twoFactorOptionsModal.createComponent(factory).instance;
-        const childComponent = modal.show<TwoFactorOptionsComponent>(TwoFactorOptionsComponent,
-            this.twoFactorOptionsModal);
-
-        childComponent.onProviderSelected.subscribe(async (provider: TwoFactorProviderType) => {
-            modal.close();
-            this.selectedProviderType = provider;
-            await this.init();
-        });
-        childComponent.onRecoverSelected.subscribe(() => {
-            modal.close();
+    async anotherMethod() {
+        const [modal] = await this.modalService.openViewRef(TwoFactorOptionsComponent, this.twoFactorOptionsModal, comp => {
+            comp.onProviderSelected.subscribe(async (provider: TwoFactorProviderType) => {
+                modal.close();
+                this.selectedProviderType = provider;
+                await this.init();
+            });
+            comp.onRecoverSelected.subscribe(() => {
+                modal.close();
+            });
         });
     }
 
     async goAfterLogIn() {
-        const orgInvite = await this.stateService.get<any>('orgInvitation');
-        const emergencyInvite = await this.stateService.get<any>('emergencyInvitation');
-        if (orgInvite != null) {
-            this.router.navigate(['accept-organization'], { queryParams: orgInvite });
-        } else if (emergencyInvite != null) {
-            this.router.navigate(['accept-emergency'], { queryParams: emergencyInvite });
+        const loginRedirect = await this.stateService.get<any>('loginRedirect');
+        if (loginRedirect != null) {
+            this.router.navigate([loginRedirect.route], { queryParams: loginRedirect.qParams });
+            await this.stateService.remove('loginRedirect');
         } else {
-            const loginRedirect = await this.stateService.get<any>('loginRedirect');
-            if (loginRedirect != null) {
-                this.router.navigate([loginRedirect.route], { queryParams: loginRedirect.qParams });
-                await this.stateService.remove('loginRedirect');
-            } else {
-                this.router.navigate([this.successRoute], {
-                    queryParams: {
-                        identifier: this.identifier,
-                    },
-                });
-            }
+            this.router.navigate([this.successRoute], {
+                queryParams: {
+                    identifier: this.identifier,
+                },
+            });
         }
     }
 }

src/app/accounts/update-temp-password.component.html

@@ -0,0 +1,65 @@
+<form #form (ngSubmit)="submit()" [appApiAction]="formPromise" ngNativeValidate autocomplete="off">
+    <div class="row justify-content-md-center mt-5">
+        <div class="col-4">
+            <p class="lead text-center mb-4">{{'updateMasterPassword' | i18n}}</p>
+            <div class="card d-block">
+                <div class="card-body">
+                    <app-callout type="warning">{{'updateMasterPasswordWarning' | i18n}}
+                    </app-callout>
+                    <div class="form-group">
+                        <app-callout type="info" [enforcedPolicyOptions]="enforcedPolicyOptions"
+                            *ngIf="enforcedPolicyOptions">
+                        </app-callout>
+                        <label for="masterPassword">{{'masterPass' | i18n}}</label>
+                        <div class="d-flex">
+                            <div class="w-100">
+                                <input id="masterPassword" type="{{showPassword ? 'text' : 'password'}}"
+                                    name="MasterPasswordHash" class="text-monospace form-control mb-1"
+                                    [(ngModel)]="masterPassword" (input)="updatePasswordStrength()" required
+                                    appInputVerbatim>
+                                <app-password-strength [score]="masterPasswordScore" [showText]="true">
+                                </app-password-strength>
+                            </div>
+                            <div>
+                                <button type="button" class="ml-1 btn btn-link"
+                                    appA11yTitle="{{'toggleVisibility' | i18n}}" (click)="togglePassword(false)">
+                                    <i class="fa fa-lg" aria-hidden="true"
+                                        [ngClass]="{'fa-eye': !showPassword, 'fa-eye-slash': showPassword}"></i>
+                                </button>
+                                <div class="progress-bar invisible"></div>
+                            </div>
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <label for="masterPasswordRetype">{{'reTypeMasterPass' | i18n}}</label>
+                        <div class="d-flex">
+                            <input id="masterPasswordRetype" type="{{showPassword ? 'text' : 'password'}}"
+                                name="MasterPasswordRetype" class="text-monospace form-control"
+                                [(ngModel)]="masterPasswordRetype" required appInputVerbatim>
+                            <button type="button" class="ml-1 btn btn-link" appA11yTitle="{{'toggleVisibility' | i18n}}"
+                                (click)="togglePassword(true)">
+                                <i class="fa fa-lg" aria-hidden="true"
+                                    [ngClass]="{'fa-eye': !showPassword, 'fa-eye-slash': showPassword}"></i>
+                            </button>
+                        </div>
+                    </div>
+                    <div class="form-group">
+                        <label for="hint">{{'masterPassHint' | i18n}}</label>
+                        <input id="hint" class="form-control" type="text" name="Hint" [(ngModel)]="hint">
+                        <small class="form-text text-muted">{{'masterPassHintDesc' | i18n}}</small>
+                    </div>
+                    <hr>
+                    <div class="d-flex">
+                        <button type="submit" class="btn btn-primary btn-block btn-submit" [disabled]="form.loading">
+                            <i class="fa fa-spinner fa-spin" title="{{'loading' | i18n}}" aria-hidden="true"></i>
+                            <span>{{'submit' | i18n}}</span>
+                        </button>
+                        <button type="button" class="btn btn-outline-secondary btn-block ml-2 mt-0" (click)="logOut()">
+                            {{'logOut' | i18n}}
+                        </button>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+</form>

src/app/accounts/update-temp-password.component.ts

@@ -0,0 +1,29 @@
+import { Component } from '@angular/core';
+
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { CryptoService } from 'jslib-common/abstractions/crypto.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { MessagingService } from 'jslib-common/abstractions/messaging.service';
+import { PasswordGenerationService } from 'jslib-common/abstractions/passwordGeneration.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+import { PolicyService } from 'jslib-common/abstractions/policy.service';
+import { SyncService } from 'jslib-common/abstractions/sync.service';
+import { UserService } from 'jslib-common/abstractions/user.service';
+
+import { UpdateTempPasswordComponent as BaseUpdateTempPasswordComponent } from 'jslib-angular/components/update-temp-password.component';
+
+@Component({
+    selector: 'app-update-temp-password',
+    templateUrl: 'update-temp-password.component.html',
+})
+
+export class UpdateTempPasswordComponent extends BaseUpdateTempPasswordComponent {
+    constructor(i18nService: I18nService, platformUtilsService: PlatformUtilsService,
+        passwordGenerationService: PasswordGenerationService, policyService: PolicyService,
+        cryptoService: CryptoService, userService: UserService,
+        messagingService: MessagingService, apiService: ApiService,
+        syncService: SyncService) {
+        super(i18nService, platformUtilsService, passwordGenerationService, policyService, cryptoService,
+            userService, messagingService, apiService, syncService);
+    }
+}

src/app/accounts/verify-email-token.component.html

@@ -1,6 +1,6 @@
 <div class="mt-5 d-flex justify-content-center">
     <div>
-        <img src="../../images/logo-dark@2x.png" class="mb-4 logo" alt="Bitwarden">
+        <img class="mb-4 logo logo-themed" alt="Bitwarden">
         <p class="text-center">
             <i class="fa fa-spinner fa-spin fa-2x text-muted" title="{{'loading' | i18n}}" aria-hidden="true"></i>
             <span class="sr-only">{{'loading' | i18n}}</span>

src/app/accounts/verify-email-token.component.ts

@@ -9,11 +9,11 @@ import {
 
 import { ToasterService } from 'angular2-toaster';
 
-import { ApiService } from 'jslib/abstractions/api.service';
-import { I18nService } from 'jslib/abstractions/i18n.service';
-import { UserService } from 'jslib/abstractions/user.service';
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { UserService } from 'jslib-common/abstractions/user.service';
 
-import { VerifyEmailRequest } from 'jslib/models/request/verifyEmailRequest';
+import { VerifyEmailRequest } from 'jslib-common/models/request/verifyEmailRequest';
 
 @Component({
     selector: 'app-verify-email-token',

src/app/accounts/verify-recover-delete.component.ts

@@ -9,10 +9,10 @@ import {
 
 import { ToasterService } from 'angular2-toaster';
 
-import { ApiService } from 'jslib/abstractions/api.service';
-import { I18nService } from 'jslib/abstractions/i18n.service';
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
 
-import { VerifyDeleteRecoverRequest } from 'jslib/models/request/verifyDeleteRecoverRequest';
+import { VerifyDeleteRecoverRequest } from 'jslib-common/models/request/verifyDeleteRecoverRequest';
 
 @Component({
     selector: 'app-verify-recover-delete',

src/app/app.component.ts

@@ -1,5 +1,5 @@
 import * as jq from 'jquery';
-import Swal from 'sweetalert2/dist/sweetalert2.js';
+import Swal from 'sweetalert2';
 
 import {
     BodyOutputType,
@@ -21,33 +21,44 @@ import {
     Router,
 } from '@angular/router';
 
-import { BroadcasterService } from 'jslib/angular/services/broadcaster.service';
+import { BroadcasterService } from 'jslib-angular/services/broadcaster.service';
 
-import { StorageService } from 'jslib/abstractions/storage.service';
+import { StorageService } from 'jslib-common/abstractions/storage.service';
 
-import { AuthService } from 'jslib/abstractions/auth.service';
-import { CipherService } from 'jslib/abstractions/cipher.service';
-import { CollectionService } from 'jslib/abstractions/collection.service';
-import { CryptoService } from 'jslib/abstractions/crypto.service';
-import { EventService } from 'jslib/abstractions/event.service';
-import { FolderService } from 'jslib/abstractions/folder.service';
-import { I18nService } from 'jslib/abstractions/i18n.service';
-import { NotificationsService } from 'jslib/abstractions/notifications.service';
-import { PasswordGenerationService } from 'jslib/abstractions/passwordGeneration.service';
-import { PlatformUtilsService } from 'jslib/abstractions/platformUtils.service';
-import { PolicyService } from 'jslib/abstractions/policy.service';
-import { SearchService } from 'jslib/abstractions/search.service';
-import { SettingsService } from 'jslib/abstractions/settings.service';
-import { StateService } from 'jslib/abstractions/state.service';
-import { SyncService } from 'jslib/abstractions/sync.service';
-import { TokenService } from 'jslib/abstractions/token.service';
-import { UserService } from 'jslib/abstractions/user.service';
-import { VaultTimeoutService } from 'jslib/abstractions/vaultTimeout.service';
+import { AuthService } from 'jslib-common/abstractions/auth.service';
+import { CipherService } from 'jslib-common/abstractions/cipher.service';
+import { CollectionService } from 'jslib-common/abstractions/collection.service';
+import { CryptoService } from 'jslib-common/abstractions/crypto.service';
+import { EventService } from 'jslib-common/abstractions/event.service';
+import { FolderService } from 'jslib-common/abstractions/folder.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { NotificationsService } from 'jslib-common/abstractions/notifications.service';
+import { PasswordGenerationService } from 'jslib-common/abstractions/passwordGeneration.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+import { PolicyService } from 'jslib-common/abstractions/policy.service';
+import { SearchService } from 'jslib-common/abstractions/search.service';
+import { SettingsService } from 'jslib-common/abstractions/settings.service';
+import { StateService } from 'jslib-common/abstractions/state.service';
+import { SyncService } from 'jslib-common/abstractions/sync.service';
+import { TokenService } from 'jslib-common/abstractions/token.service';
+import { UserService } from 'jslib-common/abstractions/user.service';
+import { VaultTimeoutService } from 'jslib-common/abstractions/vaultTimeout.service';
 
-import { ConstantsService } from 'jslib/services/constants.service';
+import { ConstantsService } from 'jslib-common/services/constants.service';
 
+import { PolicyListService } from './services/policy-list.service';
 import { RouterService } from './services/router.service';
 
+import { DisableSendPolicy } from './organizations/policies/disable-send.component';
+import { MasterPasswordPolicy } from './organizations/policies/master-password.component';
+import { PasswordGeneratorPolicy } from './organizations/policies/password-generator.component';
+import { PersonalOwnershipPolicy } from './organizations/policies/personal-ownership.component';
+import { RequireSsoPolicy } from './organizations/policies/require-sso.component';
+import { ResetPasswordPolicy } from './organizations/policies/reset-password.component';
+import { SendOptionsPolicy } from './organizations/policies/send-options.component';
+import { SingleOrgPolicy } from './organizations/policies/single-org.component';
+import { TwoFactorAuthenticationPolicy } from './organizations/policies/two-factor-authentication.component';
+
 const BroadcasterSubscriptionId = 'AppComponent';
 const IdleTimeout = 60000 * 10; // 10 minutes
 
@@ -56,6 +67,7 @@ const IdleTimeout = 60000 * 10; // 10 minutes
     templateUrl: 'app.component.html',
 })
 export class AppComponent implements OnDestroy, OnInit {
+
     toasterConfig: ToasterConfig = new ToasterConfig({
         showCloseButton: true,
         mouseoverTimerStop: true,
@@ -80,7 +92,7 @@ export class AppComponent implements OnDestroy, OnInit {
         private sanitizer: DomSanitizer, private searchService: SearchService,
         private notificationsService: NotificationsService, private routerService: RouterService,
         private stateService: StateService, private eventService: EventService,
-        private policyService: PolicyService) { }
+        private policyService: PolicyService, protected policyListService: PolicyListService) { }
 
     ngOnInit() {
         this.ngZone.runOutsideAngular(() => {
@@ -170,6 +182,18 @@ export class AppComponent implements OnDestroy, OnInit {
             }
         });
 
+        this.policyListService.addPolicies([
+            new TwoFactorAuthenticationPolicy(),
+            new MasterPasswordPolicy(),
+            new PasswordGeneratorPolicy(),
+            new SingleOrgPolicy(),
+            new RequireSsoPolicy(),
+            new PersonalOwnershipPolicy(),
+            new DisableSendPolicy(),
+            new SendOptionsPolicy(),
+            new ResetPasswordPolicy(),
+        ]);
+
         this.setFullWidth();
     }
 

src/app/app.module.ts

@@ -1,457 +1,32 @@
-import 'core-js';
-
 import { ToasterModule } from 'angular2-toaster';
 import { InfiniteScrollModule } from 'ngx-infinite-scroll';
 
-import { AppRoutingModule } from './app-routing.module';
-
 import { DragDropModule } from '@angular/cdk/drag-drop';
 import { NgModule } from '@angular/core';
 import { FormsModule } from '@angular/forms';
-import { BrowserModule } from '@angular/platform-browser';
 import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
 
-import { ServicesModule } from './services/services.module';
-
 import { AppComponent } from './app.component';
-import { ModalComponent } from './modal.component';
-
-import { AvatarComponent } from './components/avatar.component';
-import { PasswordStrengthComponent } from './components/password-strength.component';
-
-import { FooterComponent } from './layouts/footer.component';
-import { FrontendLayoutComponent } from './layouts/frontend-layout.component';
-import { NavbarComponent } from './layouts/navbar.component';
-import { OrganizationLayoutComponent } from './layouts/organization-layout.component';
-import { UserLayoutComponent } from './layouts/user-layout.component';
-
-import { AcceptEmergencyComponent } from './accounts/accept-emergency.component';
-import { AcceptOrganizationComponent } from './accounts/accept-organization.component';
-import { HintComponent } from './accounts/hint.component';
-import { LockComponent } from './accounts/lock.component';
-import { LoginComponent } from './accounts/login.component';
-import { RecoverDeleteComponent } from './accounts/recover-delete.component';
-import { RecoverTwoFactorComponent } from './accounts/recover-two-factor.component';
-import { RegisterComponent } from './accounts/register.component';
-import { SetPasswordComponent } from './accounts/set-password.component';
-import { SsoComponent } from './accounts/sso.component';
-import { TwoFactorOptionsComponent } from './accounts/two-factor-options.component';
-import { TwoFactorComponent } from './accounts/two-factor.component';
-import { VerifyEmailTokenComponent } from './accounts/verify-email-token.component';
-import { VerifyRecoverDeleteComponent } from './accounts/verify-recover-delete.component';
-
-import {
-    CollectionAddEditComponent as OrgCollectionAddEditComponent,
-} from './organizations/manage/collection-add-edit.component';
-import { CollectionsComponent as OrgManageCollectionsComponent } from './organizations/manage/collections.component';
-import { EntityEventsComponent as OrgEntityEventsComponent } from './organizations/manage/entity-events.component';
-import { EntityUsersComponent as OrgEntityUsersComponent } from './organizations/manage/entity-users.component';
-import { EventsComponent as OrgEventsComponent } from './organizations/manage/events.component';
-import { GroupAddEditComponent as OrgGroupAddEditComponent } from './organizations/manage/group-add-edit.component';
-import { GroupsComponent as OrgGroupsComponent } from './organizations/manage/groups.component';
-import { ManageComponent as OrgManageComponent } from './organizations/manage/manage.component';
-import { PeopleComponent as OrgPeopleComponent } from './organizations/manage/people.component';
-import { PoliciesComponent as OrgPoliciesComponent } from './organizations/manage/policies.component';
-import { PolicyEditComponent as OrgPolicyEditComponent } from './organizations/manage/policy-edit.component';
-import { UserAddEditComponent as OrgUserAddEditComponent } from './organizations/manage/user-add-edit.component';
-import { UserConfirmComponent as OrgUserConfirmComponent } from './organizations/manage/user-confirm.component';
-import { UserGroupsComponent as OrgUserGroupsComponent } from './organizations/manage/user-groups.component';
-
-import { AccountComponent as OrgAccountComponent } from './organizations/settings/account.component';
-import { AdjustSeatsComponent } from './organizations/settings/adjust-seats.component';
-import { ChangePlanComponent } from './organizations/settings/change-plan.component';
-import { DeleteOrganizationComponent } from './organizations/settings/delete-organization.component';
-import { DownloadLicenseComponent } from './organizations/settings/download-license.component';
-import { OrganizationBillingComponent } from './organizations/settings/organization-billing.component';
-import { OrganizationSubscriptionComponent } from './organizations/settings/organization-subscription.component';
-import { SettingsComponent as OrgSettingComponent } from './organizations/settings/settings.component';
-import {
-    TwoFactorSetupComponent as OrgTwoFactorSetupComponent,
-} from './organizations/settings/two-factor-setup.component';
-
-import { ExportComponent as OrgExportComponent } from './organizations/tools/export.component';
-import {
-    ExposedPasswordsReportComponent as OrgExposedPasswordsReportComponent,
-} from './organizations/tools/exposed-passwords-report.component';
-import { ImportComponent as OrgImportComponent } from './organizations/tools/import.component';
-import {
-    InactiveTwoFactorReportComponent as OrgInactiveTwoFactorReportComponent,
-} from './organizations/tools/inactive-two-factor-report.component';
-import {
-    ReusedPasswordsReportComponent as OrgReusedPasswordsReportComponent,
-} from './organizations/tools/reused-passwords-report.component';
-import { ToolsComponent as OrgToolsComponent } from './organizations/tools/tools.component';
-import {
-    UnsecuredWebsitesReportComponent as OrgUnsecuredWebsitesReportComponent,
-} from './organizations/tools/unsecured-websites-report.component';
-import {
-    WeakPasswordsReportComponent as OrgWeakPasswordsReportComponent,
-} from './organizations/tools/weak-passwords-report.component';
-
-import { AddEditComponent as OrgAddEditComponent } from './organizations/vault/add-edit.component';
-import { AttachmentsComponent as OrgAttachmentsComponent } from './organizations/vault/attachments.component';
-import { CiphersComponent as OrgCiphersComponent } from './organizations/vault/ciphers.component';
-import { CollectionsComponent as OrgCollectionsComponent } from './organizations/vault/collections.component';
-import { GroupingsComponent as OrgGroupingsComponent } from './organizations/vault/groupings.component';
-import { VaultComponent as OrgVaultComponent } from './organizations/vault/vault.component';
-
-import { AccessComponent } from './send/access.component';
-import { AddEditComponent as SendAddEditComponent } from './send/add-edit.component';
-import { SendComponent } from './send/send.component';
-
-import { AccountComponent } from './settings/account.component';
-import { AddCreditComponent } from './settings/add-credit.component';
-import { AdjustPaymentComponent } from './settings/adjust-payment.component';
-import { AdjustStorageComponent } from './settings/adjust-storage.component';
-import { ApiKeyComponent } from './settings/api-key.component';
-import { ChangeEmailComponent } from './settings/change-email.component';
-import { ChangeKdfComponent } from './settings/change-kdf.component';
-import { ChangePasswordComponent } from './settings/change-password.component';
-import { CreateOrganizationComponent } from './settings/create-organization.component';
-import { DeauthorizeSessionsComponent } from './settings/deauthorize-sessions.component';
-import { DeleteAccountComponent } from './settings/delete-account.component';
-import { DomainRulesComponent } from './settings/domain-rules.component';
-import { EmergencyAccessAddEditComponent } from './settings/emergency-access-add-edit.component';
-import { EmergencyAccessAttachmentsComponent } from './settings/emergency-access-attachments.component';
-import { EmergencyAccessConfirmComponent } from './settings/emergency-access-confirm.component';
-import { EmergencyAccessTakeoverComponent } from './settings/emergency-access-takeover.component';
-import { EmergencyAccessViewComponent } from './settings/emergency-access-view.component';
-import { EmergencyAccessComponent } from './settings/emergency-access.component';
-import { EmergencyAddEditComponent } from './settings/emergency-add-edit.component';
-import { LinkSsoComponent } from './settings/link-sso.component';
-import { OptionsComponent } from './settings/options.component';
-import { OrganizationPlansComponent } from './settings/organization-plans.component';
-import { OrganizationsComponent } from './settings/organizations.component';
-import { PaymentComponent } from './settings/payment.component';
-import { PremiumComponent } from './settings/premium.component';
-import { ProfileComponent } from './settings/profile.component';
-import { PurgeVaultComponent } from './settings/purge-vault.component';
-import { SettingsComponent } from './settings/settings.component';
-import { TaxInfoComponent } from './settings/tax-info.component';
-import { TwoFactorAuthenticatorComponent } from './settings/two-factor-authenticator.component';
-import { TwoFactorDuoComponent } from './settings/two-factor-duo.component';
-import { TwoFactorEmailComponent } from './settings/two-factor-email.component';
-import { TwoFactorRecoveryComponent } from './settings/two-factor-recovery.component';
-import { TwoFactorSetupComponent } from './settings/two-factor-setup.component';
-import { TwoFactorVerifyComponent } from './settings/two-factor-verify.component';
-import { TwoFactorWebAuthnComponent } from './settings/two-factor-webauthn.component';
-import { TwoFactorYubiKeyComponent } from './settings/two-factor-yubikey.component';
-import { UpdateKeyComponent } from './settings/update-key.component';
-import { UpdateLicenseComponent } from './settings/update-license.component';
-import { UserBillingComponent } from './settings/user-billing.component';
-import { UserSubscriptionComponent } from './settings/user-subscription.component';
-import { VerifyEmailComponent } from './settings/verify-email.component';
-
-import { BreachReportComponent } from './tools/breach-report.component';
-import { ExportComponent } from './tools/export.component';
-import { ExposedPasswordsReportComponent } from './tools/exposed-passwords-report.component';
-import { ImportComponent } from './tools/import.component';
-import { InactiveTwoFactorReportComponent } from './tools/inactive-two-factor-report.component';
-import { PasswordGeneratorHistoryComponent } from './tools/password-generator-history.component';
-import { PasswordGeneratorComponent } from './tools/password-generator.component';
-import { ReusedPasswordsReportComponent } from './tools/reused-passwords-report.component';
-import { ToolsComponent } from './tools/tools.component';
-import { UnsecuredWebsitesReportComponent } from './tools/unsecured-websites-report.component';
-import { WeakPasswordsReportComponent } from './tools/weak-passwords-report.component';
-
-import { AddEditComponent } from './vault/add-edit.component';
-import { AttachmentsComponent } from './vault/attachments.component';
-import { BulkActionsComponent } from './vault/bulk-actions.component';
-import { BulkDeleteComponent } from './vault/bulk-delete.component';
-import { BulkMoveComponent } from './vault/bulk-move.component';
-import { BulkRestoreComponent } from './vault/bulk-restore.component';
-import { BulkShareComponent } from './vault/bulk-share.component';
-import { CiphersComponent } from './vault/ciphers.component';
-import { CollectionsComponent } from './vault/collections.component';
-import { FolderAddEditComponent } from './vault/folder-add-edit.component';
-import { GroupingsComponent } from './vault/groupings.component';
-import { SendInfoComponent } from './vault/send-info.component';
-import { ShareComponent } from './vault/share.component';
-import { VaultComponent } from './vault/vault.component';
-
-import { CalloutComponent } from 'jslib/angular/components/callout.component';
-import { IconComponent } from 'jslib/angular/components/icon.component';
-
-import { A11yTitleDirective } from 'jslib/angular/directives/a11y-title.directive';
-import { ApiActionDirective } from 'jslib/angular/directives/api-action.directive';
-import { AutofocusDirective } from 'jslib/angular/directives/autofocus.directive';
-import { BlurClickDirective } from 'jslib/angular/directives/blur-click.directive';
-import { BoxRowDirective } from 'jslib/angular/directives/box-row.directive';
-import { FallbackSrcDirective } from 'jslib/angular/directives/fallback-src.directive';
-import { InputVerbatimDirective } from 'jslib/angular/directives/input-verbatim.directive';
-import { SelectCopyDirective } from 'jslib/angular/directives/select-copy.directive';
-import { StopClickDirective } from 'jslib/angular/directives/stop-click.directive';
-import { StopPropDirective } from 'jslib/angular/directives/stop-prop.directive';
-import { TrueFalseValueDirective } from 'jslib/angular/directives/true-false-value.directive';
-
-import { ColorPasswordPipe } from 'jslib/angular/pipes/color-password.pipe';
-import { I18nPipe } from 'jslib/angular/pipes/i18n.pipe';
-import { SearchCiphersPipe } from 'jslib/angular/pipes/search-ciphers.pipe';
-import { SearchPipe } from 'jslib/angular/pipes/search.pipe';
-
-import {
-    DatePipe,
-    registerLocaleData,
-} from '@angular/common';
-import localeCa from '@angular/common/locales/ca';
-import localeCs from '@angular/common/locales/cs';
-import localeDa from '@angular/common/locales/da';
-import localeDe from '@angular/common/locales/de';
-import localeEl from '@angular/common/locales/el';
-import localeEnGb from '@angular/common/locales/en-GB';
-import localeEs from '@angular/common/locales/es';
-import localeEt from '@angular/common/locales/et';
-import localeFr from '@angular/common/locales/fr';
-import localeHe from '@angular/common/locales/he';
-import localeIt from '@angular/common/locales/it';
-import localeJa from '@angular/common/locales/ja';
-import localeKo from '@angular/common/locales/ko';
-import localeLv from '@angular/common/locales/lv';
-import localeMl from '@angular/common/locales/ml';
-import localeNb from '@angular/common/locales/nb';
-import localeNl from '@angular/common/locales/nl';
-import localePl from '@angular/common/locales/pl';
-import localePtBr from '@angular/common/locales/pt';
-import localePtPt from '@angular/common/locales/pt-PT';
-import localeRu from '@angular/common/locales/ru';
-import localeSk from '@angular/common/locales/sk';
-import localeSv from '@angular/common/locales/sv';
-import localeUk from '@angular/common/locales/uk';
-import localeZhCn from '@angular/common/locales/zh-Hans';
-import localeZhTw from '@angular/common/locales/zh-Hant';
-
-registerLocaleData(localeCa, 'ca');
-registerLocaleData(localeCs, 'cs');
-registerLocaleData(localeDa, 'da');
-registerLocaleData(localeDe, 'de');
-registerLocaleData(localeEl, 'el');
-registerLocaleData(localeEnGb, 'en-GB');
-registerLocaleData(localeEs, 'es');
-registerLocaleData(localeEt, 'et');
-registerLocaleData(localeFr, 'fr');
-registerLocaleData(localeHe, 'he');
-registerLocaleData(localeIt, 'it');
-registerLocaleData(localeJa, 'ja');
-registerLocaleData(localeKo, 'ko');
-registerLocaleData(localeLv, 'lv');
-registerLocaleData(localeMl, 'ml');
-registerLocaleData(localeNb, 'nb');
-registerLocaleData(localeNl, 'nl');
-registerLocaleData(localePl, 'pl');
-registerLocaleData(localePtBr, 'pt-BR');
-registerLocaleData(localePtPt, 'pt-PT');
-registerLocaleData(localeRu, 'ru');
-registerLocaleData(localeSk, 'sk');
-registerLocaleData(localeSv, 'sv');
-registerLocaleData(localeUk, 'uk');
-registerLocaleData(localeZhCn, 'zh-CN');
-registerLocaleData(localeZhTw, 'zh-TW');
+import { OssRoutingModule } from './oss-routing.module';
+import { OssModule } from './oss.module';
+import { ServicesModule } from './services/services.module';
+import { WildcardRoutingModule } from './wildcard-routing.module';
 
 @NgModule({
     imports: [
-        BrowserModule,
+        OssModule,
         BrowserAnimationsModule,
         FormsModule,
-        AppRoutingModule,
         ServicesModule,
         ToasterModule.forRoot(),
         InfiniteScrollModule,
         DragDropModule,
+        OssRoutingModule,
+        WildcardRoutingModule, // Needs to be last to catch all non-existing routes
     ],
     declarations: [
-        A11yTitleDirective,
-        AcceptEmergencyComponent,
-        AccessComponent,
-        AcceptOrganizationComponent,
-        AccountComponent,
-        SetPasswordComponent,
-        AddCreditComponent,
-        AddEditComponent,
-        AdjustPaymentComponent,
-        AdjustSeatsComponent,
-        AdjustStorageComponent,
-        ApiActionDirective,
-        ApiKeyComponent,
         AppComponent,
-        AttachmentsComponent,
-        AutofocusDirective,
-        AvatarComponent,
-        BlurClickDirective,
-        BoxRowDirective,
-        BreachReportComponent,
-        BulkActionsComponent,
-        BulkDeleteComponent,
-        BulkMoveComponent,
-        BulkRestoreComponent,
-        BulkShareComponent,
-        CalloutComponent,
-        ChangeEmailComponent,
-        ChangeKdfComponent,
-        ChangePasswordComponent,
-        ChangePlanComponent,
-        CiphersComponent,
-        CollectionsComponent,
-        ColorPasswordPipe,
-        CreateOrganizationComponent,
-        DeauthorizeSessionsComponent,
-        DeleteAccountComponent,
-        DeleteOrganizationComponent,
-        DomainRulesComponent,
-        DownloadLicenseComponent,
-        EmergencyAccessAddEditComponent,
-        EmergencyAccessAttachmentsComponent,
-        EmergencyAccessComponent,
-        EmergencyAccessConfirmComponent,
-        EmergencyAccessTakeoverComponent,
-        EmergencyAccessViewComponent,
-        EmergencyAddEditComponent,
-        ExportComponent,
-        ExposedPasswordsReportComponent,
-        FallbackSrcDirective,
-        FolderAddEditComponent,
-        FooterComponent,
-        FrontendLayoutComponent,
-        GroupingsComponent,
-        HintComponent,
-        I18nPipe,
-        IconComponent,
-        ImportComponent,
-        InactiveTwoFactorReportComponent,
-        InputVerbatimDirective,
-        LinkSsoComponent,
-        LockComponent,
-        LoginComponent,
-        ModalComponent,
-        NavbarComponent,
-        OptionsComponent,
-        OrgAccountComponent,
-        OrgAddEditComponent,
-        OrganizationBillingComponent,
-        OrganizationPlansComponent,
-        OrganizationSubscriptionComponent,
-        OrgAttachmentsComponent,
-        OrgCiphersComponent,
-        OrgCollectionAddEditComponent,
-        OrgCollectionsComponent,
-        OrgEntityEventsComponent,
-        OrgEntityUsersComponent,
-        OrgEventsComponent,
-        OrgExportComponent,
-        OrgExposedPasswordsReportComponent,
-        OrgImportComponent,
-        OrgInactiveTwoFactorReportComponent,
-        OrgGroupAddEditComponent,
-        OrgGroupingsComponent,
-        OrgGroupsComponent,
-        OrgManageCollectionsComponent,
-        OrgManageComponent,
-        OrgPeopleComponent,
-        OrgPolicyEditComponent,
-        OrgPoliciesComponent,
-        OrgReusedPasswordsReportComponent,
-        OrgSettingComponent,
-        OrgToolsComponent,
-        OrgTwoFactorSetupComponent,
-        OrgUserAddEditComponent,
-        OrgUserConfirmComponent,
-        OrgUserGroupsComponent,
-        OrganizationsComponent,
-        OrganizationLayoutComponent,
-        OrgUnsecuredWebsitesReportComponent,
-        OrgVaultComponent,
-        OrgWeakPasswordsReportComponent,
-        PasswordGeneratorComponent,
-        PasswordGeneratorHistoryComponent,
-        PasswordStrengthComponent,
-        PaymentComponent,
-        PremiumComponent,
-        ProfileComponent,
-        PurgeVaultComponent,
-        RecoverDeleteComponent,
-        RecoverTwoFactorComponent,
-        RegisterComponent,
-        ReusedPasswordsReportComponent,
-        SearchCiphersPipe,
-        SearchPipe,
-        SelectCopyDirective,
-        SendAddEditComponent,
-        SendComponent,
-        SendInfoComponent,
-        SettingsComponent,
-        ShareComponent,
-        SsoComponent,
-        StopClickDirective,
-        StopPropDirective,
-        TaxInfoComponent,
-        ToolsComponent,
-        TrueFalseValueDirective,
-        TwoFactorAuthenticatorComponent,
-        TwoFactorComponent,
-        TwoFactorDuoComponent,
-        TwoFactorEmailComponent,
-        TwoFactorOptionsComponent,
-        TwoFactorRecoveryComponent,
-        TwoFactorSetupComponent,
-        TwoFactorVerifyComponent,
-        TwoFactorWebAuthnComponent,
-        TwoFactorYubiKeyComponent,
-        UnsecuredWebsitesReportComponent,
-        UpdateKeyComponent,
-        UpdateLicenseComponent,
-        UserBillingComponent,
-        UserLayoutComponent,
-        UserSubscriptionComponent,
-        VaultComponent,
-        VerifyEmailComponent,
-        VerifyEmailTokenComponent,
-        VerifyRecoverDeleteComponent,
-        WeakPasswordsReportComponent,
     ],
-    entryComponents: [
-        AddEditComponent,
-        ApiKeyComponent,
-        AttachmentsComponent,
-        BulkActionsComponent,
-        BulkDeleteComponent,
-        BulkMoveComponent,
-        BulkRestoreComponent,
-        BulkShareComponent,
-        CollectionsComponent,
-        DeauthorizeSessionsComponent,
-        DeleteAccountComponent,
-        DeleteOrganizationComponent,
-        EmergencyAccessAddEditComponent,
-        EmergencyAccessAttachmentsComponent,
-        EmergencyAccessConfirmComponent,
-        EmergencyAccessTakeoverComponent,
-        EmergencyAddEditComponent,
-        FolderAddEditComponent,
-        ModalComponent,
-        OrgAddEditComponent,
-        OrgAttachmentsComponent,
-        OrgCollectionAddEditComponent,
-        OrgCollectionsComponent,
-        OrgEntityEventsComponent,
-        OrgEntityUsersComponent,
-        OrgGroupAddEditComponent,
-        OrgPolicyEditComponent,
-        OrgUserAddEditComponent,
-        OrgUserConfirmComponent,
-        OrgUserGroupsComponent,
-        PasswordGeneratorHistoryComponent,
-        PurgeVaultComponent,
-        SendAddEditComponent,
-        ShareComponent,
-        TwoFactorAuthenticatorComponent,
-        TwoFactorDuoComponent,
-        TwoFactorEmailComponent,
-        TwoFactorOptionsComponent,
-        TwoFactorRecoveryComponent,
-        TwoFactorWebAuthnComponent,
-        TwoFactorYubiKeyComponent,
-        UpdateKeyComponent,
-    ],
-    providers: [DatePipe],
     bootstrap: [AppComponent],
 })
 export class AppModule { }

src/app/common/base.accept.component.ts

@@ -0,0 +1,90 @@
+import {
+    Directive,
+    OnInit,
+} from '@angular/core';
+import {
+    ActivatedRoute,
+    Router,
+} from '@angular/router';
+
+import {
+    Toast,
+    ToasterService,
+} from 'angular2-toaster';
+
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { StateService } from 'jslib-common/abstractions/state.service';
+import { UserService } from 'jslib-common/abstractions/user.service';
+
+@Directive()
+export abstract class BaseAcceptComponent implements OnInit {
+    loading = true;
+    authed = false;
+    email: string;
+    actionPromise: Promise<any>;
+
+    protected requiredParameters: string[] = [];
+    protected failedShortMessage = 'inviteAcceptFailedShort';
+    protected failedMessage = 'inviteAcceptFailed';
+
+    constructor(protected router: Router, protected toasterService: ToasterService,
+        protected i18nService: I18nService, protected route: ActivatedRoute,
+        protected userService: UserService, protected stateService: StateService) { }
+
+    abstract authedHandler(qParams: any): Promise<void>;
+    abstract unauthedHandler(qParams: any): Promise<void>;
+
+    ngOnInit() {
+        let fired = false;
+        this.route.queryParams.subscribe(async qParams => {
+            if (fired) {
+                return;
+            }
+            fired = true;
+            await this.stateService.remove('loginRedirect');
+
+            let error = this.requiredParameters.some(e => qParams?.[e] == null || qParams[e] === '');
+            let errorMessage: string = null;
+            if (!error) {
+                this.authed = await this.userService.isAuthenticated();
+
+                if (this.authed) {
+                    try {
+                        await this.authedHandler(qParams);
+                    } catch (e) {
+                        error = true;
+                        errorMessage = e.message;
+                    }
+                } else {
+                    await this.stateService.save('loginRedirect', {
+                        route: this.getRedirectRoute(),
+                        qParams: qParams,
+                    });
+
+                    this.email = qParams.email;
+                    await this.unauthedHandler(qParams);
+                }
+            }
+
+            if (error) {
+                const toast: Toast = {
+                    type: 'error',
+                    title: null,
+                    body: errorMessage != null ? this.i18nService.t(this.failedShortMessage, errorMessage) :
+                        this.i18nService.t(this.failedMessage),
+                    timeout: 10000,
+                };
+                this.toasterService.popAsync(toast);
+                this.router.navigate(['/']);
+            }
+
+            this.loading = false;
+        });
+    }
+
+    getRedirectRoute() {
+        const urlTree = this.router.parseUrl(this.router.url);
+        urlTree.queryParams = {};
+        return urlTree.toString();
+    }
+}

src/app/common/base.events.component.ts

@@ -0,0 +1,157 @@
+import { Directive } from '@angular/core';
+import { ToasterService } from 'angular2-toaster';
+
+import { ExportService } from 'jslib-common/abstractions/export.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { LogService } from 'jslib-common/abstractions/log.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+
+import { EventView } from 'jslib-common/models/view/eventView';
+
+import { EventResponse } from 'jslib-common/models/response/eventResponse';
+import { ListResponse } from 'jslib-common/models/response/listResponse';
+
+import { EventService } from 'src/app/services/event.service';
+
+@Directive()
+export abstract class BaseEventsComponent {
+    loading = true;
+    loaded = false;
+    events: EventView[];
+    start: string;
+    end: string;
+    dirtyDates: boolean = true;
+    continuationToken: string;
+    refreshPromise: Promise<any>;
+    exportPromise: Promise<any>;
+    morePromise: Promise<any>;
+
+    abstract readonly exportFileName: string;
+
+    constructor(protected eventService: EventService, protected i18nService: I18nService,
+        protected toasterService: ToasterService, protected exportService: ExportService,
+        protected platformUtilsService: PlatformUtilsService, protected logService: LogService) {
+        const defaultDates = this.eventService.getDefaultDateFilters();
+        this.start = defaultDates[0];
+        this.end = defaultDates[1];
+    }
+
+    async exportEvents() {
+        if (this.appApiPromiseUnfulfilled() || this.dirtyDates) {
+            return;
+        }
+
+        this.loading = true;
+
+        const dates = this.parseDates();
+        if (dates == null) {
+            return;
+        }
+
+        try {
+            this.exportPromise = this.export(dates[0], dates[1]);
+
+            await this.exportPromise;
+        } catch (e) {
+            this.logService.error(`Handled exception: ${e}`);
+        }
+
+        this.exportPromise = null;
+        this.loading = false;
+    }
+
+    async loadEvents(clearExisting: boolean) {
+        if (this.appApiPromiseUnfulfilled()) {
+            return;
+        }
+
+        const dates = this.parseDates();
+        if (dates == null) {
+            return;
+        }
+
+        this.loading = true;
+        let events: EventView[] = [];
+        try {
+            const promise = this.loadAndParseEvents(dates[0], dates[1], clearExisting ? null : this.continuationToken);
+            if (clearExisting) {
+                this.refreshPromise = promise;
+            } else {
+                this.morePromise = promise;
+            }
+            const result = await promise;
+            this.continuationToken = result.continuationToken;
+            events = result.events;
+        } catch (e) {
+            this.logService.error(`Handled exception: ${e}`);
+        }
+
+        if (!clearExisting && this.events != null && this.events.length > 0) {
+            this.events = this.events.concat(events);
+        } else {
+            this.events = events;
+        }
+
+        this.dirtyDates = false;
+        this.loading = false;
+        this.morePromise = null;
+        this.refreshPromise = null;
+    }
+
+    protected abstract requestEvents(startDate: string, endDate: string, continuationToken: string): Promise<ListResponse<EventResponse>>;
+    protected abstract getUserName(r: EventResponse, userId: string): { name: string, email: string };
+
+    protected async loadAndParseEvents(startDate: string, endDate: string, continuationToken: string) {
+        const response = await this.requestEvents(startDate, endDate, continuationToken);
+
+        const events = await Promise.all(response.data.map(async r => {
+            const userId = r.actingUserId == null ? r.userId : r.actingUserId;
+            const eventInfo = await this.eventService.getEventInfo(r);
+            const user = this.getUserName(r, userId);
+            return new EventView({
+                message: eventInfo.message,
+                humanReadableMessage: eventInfo.humanReadableMessage,
+                appIcon: eventInfo.appIcon,
+                appName: eventInfo.appName,
+                userId: userId,
+                userName: user != null ? user.name : this.i18nService.t('unknown'),
+                userEmail: user != null ? user.email : '',
+                date: r.date,
+                ip: r.ipAddress,
+                type: r.type,
+            });
+        }));
+        return { continuationToken: response.continuationToken, events: events };
+    }
+
+    protected parseDates() {
+        let dates: string[] = null;
+        try {
+            dates = this.eventService.formatDateFilters(this.start, this.end);
+        } catch (e) {
+            this.toasterService.popAsync('error', this.i18nService.t('errorOccurred'),
+                this.i18nService.t('invalidDateRange'));
+            return null;
+        }
+        return dates;
+    }
+
+    protected appApiPromiseUnfulfilled() {
+        return this.refreshPromise != null || this.morePromise != null || this.exportPromise != null;
+    }
+
+    private async export(start: string, end: string) {
+        let continuationToken = this.continuationToken;
+        let events = [].concat(this.events);
+
+        while (continuationToken != null) {
+            const result = await this.loadAndParseEvents(start, end, continuationToken);
+            continuationToken = result.continuationToken;
+            events = events.concat(result.events);
+        }
+
+        const data = await this.exportService.getEventExport(events);
+        const fileName = this.exportService.getFileName(this.exportFileName, 'csv');
+        this.platformUtilsService.saveFile(window, data, { type: 'text/plain' }, fileName);
+    }
+}

src/app/common/base.people.component.ts

@@ -0,0 +1,305 @@
+import {
+    Directive,
+    ViewChild,
+    ViewContainerRef
+} from '@angular/core';
+import { ToasterService } from 'angular2-toaster';
+
+import { ValidationService } from 'jslib-angular/services/validation.service';
+import { ApiService } from 'jslib-common/abstractions/api.service';
+import { CryptoService } from 'jslib-common/abstractions/crypto.service';
+import { I18nService } from 'jslib-common/abstractions/i18n.service';
+import { LogService } from 'jslib-common/abstractions/log.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+import { SearchService } from 'jslib-common/abstractions/search.service';
+import { StorageService } from 'jslib-common/abstractions/storage.service';
+
+import { ConstantsService } from 'jslib-common/services/constants.service';
+
+import { ModalService } from 'jslib-angular/services/modal.service';
+
+import { SearchPipe } from 'jslib-angular/pipes/search.pipe';
+import { UserNamePipe } from 'jslib-angular/pipes/user-name.pipe';
+
+import { OrganizationUserStatusType } from 'jslib-common/enums/organizationUserStatusType';
+import { OrganizationUserType } from 'jslib-common/enums/organizationUserType';
+import { ProviderUserStatusType } from 'jslib-common/enums/providerUserStatusType';
+import { ProviderUserType } from 'jslib-common/enums/providerUserType';
+
+import { ListResponse } from 'jslib-common/models/response/listResponse';
+import { OrganizationUserUserDetailsResponse } from 'jslib-common/models/response/organizationUserResponse';
+import { ProviderUserUserDetailsResponse } from 'jslib-common/models/response/provider/providerUserResponse';
+
+import { Utils } from 'jslib-common/misc/utils';
+
+import { UserConfirmComponent } from '../organizations/manage/user-confirm.component';
+
+type StatusType = OrganizationUserStatusType | ProviderUserStatusType;
+
+const MaxCheckedCount = 500;
+
+@Directive()
+export abstract class BasePeopleComponent<UserType extends ProviderUserUserDetailsResponse | OrganizationUserUserDetailsResponse>  {
+
+    @ViewChild('confirmTemplate', { read: ViewContainerRef, static: true }) confirmModalRef: ViewContainerRef;
+
+    get allCount() {
+        return this.allUsers != null ? this.allUsers.length : 0;
+    }
+
+    get invitedCount() {
+        return this.statusMap.has(this.userStatusType.Invited) ?
+            this.statusMap.get(this.userStatusType.Invited).length : 0;
+    }
+
+    get acceptedCount() {
+        return this.statusMap.has(this.userStatusType.Accepted) ?
+            this.statusMap.get(this.userStatusType.Accepted).length : 0;
+    }
+
+    get confirmedCount() {
+        return this.statusMap.has(this.userStatusType.Confirmed) ?
+            this.statusMap.get(this.userStatusType.Confirmed).length : 0;
+    }
+
+    get showConfirmUsers(): boolean {
+        return this.allUsers != null && this.statusMap != null && this.allUsers.length > 1 &&
+            this.confirmedCount > 0 && this.confirmedCount < 3 && this.acceptedCount > 0;
+    }
+
+    get showBulkConfirmUsers(): boolean {
+        return this.acceptedCount > 0;
+    }
+
+    abstract userType: typeof OrganizationUserType | typeof ProviderUserType;
+    abstract userStatusType: typeof OrganizationUserStatusType | typeof ProviderUserStatusType;
+
+    loading = true;
+    statusMap = new Map<StatusType, UserType[]>();
+    status: StatusType;
+    users: UserType[] = [];
+    pagedUsers: UserType[] = [];
+    searchText: string;
+    actionPromise: Promise<any>;
+
+    protected allUsers: UserType[] = [];
+
+    protected didScroll = false;
+    protected pageSize = 100;
+
+    private pagedUsersCount = 0;
+
+    constructor(protected apiService: ApiService, private searchService: SearchService,
+        protected i18nService: I18nService, private platformUtilsService: PlatformUtilsService,
+        protected toasterService: ToasterService, protected cryptoService: CryptoService,
+        private storageService: StorageService, protected validationService: ValidationService,
+        protected modalService: ModalService, private logService: LogService,
+        private searchPipe: SearchPipe, protected userNamePipe: UserNamePipe) { }
+
+    abstract edit(user: UserType): void;
+    abstract getUsers(): Promise<ListResponse<UserType>>;
+    abstract deleteUser(id: string): Promise<any>;
+    abstract reinviteUser(id: string): Promise<any>;
+    abstract confirmUser(user: UserType, publicKey: Uint8Array): Promise<any>;
+
+    async load() {
+        const response = await this.getUsers();
+        this.statusMap.clear();
+        for (const status of Utils.iterateEnum(this.userStatusType)) {
+            this.statusMap.set(status, []);
+        }
+
+        this.allUsers = response.data != null && response.data.length > 0 ? response.data : [];
+        this.allUsers.sort(Utils.getSortFunction(this.i18nService, 'email'));
+        this.allUsers.forEach(u => {
+            if (!this.statusMap.has(u.status)) {
+                this.statusMap.set(u.status, [u]);
+            } else {
+                this.statusMap.get(u.status).push(u);
+            }
+        });
+        this.filter(this.status);
+        this.loading = false;
+    }
+
+    filter(status: StatusType) {
+        this.status = status;
+        if (this.status != null) {
+            this.users = this.statusMap.get(this.status);
+        } else {
+            this.users = this.allUsers;
+        }
+        // Reset checkbox selecton
+        this.selectAll(false);
+        this.resetPaging();
+    }
+
+    loadMore() {
+        if (!this.users || this.users.length <= this.pageSize) {
+            return;
+        }
+        const pagedLength = this.pagedUsers.length;
+        let pagedSize = this.pageSize;
+        if (pagedLength === 0 && this.pagedUsersCount > this.pageSize) {
+            pagedSize = this.pagedUsersCount;
+        }
+        if (this.users.length > pagedLength) {
+            this.pagedUsers = this.pagedUsers.concat(this.users.slice(pagedLength, pagedLength + pagedSize));
+        }
+        this.pagedUsersCount = this.pagedUsers.length;
+        this.didScroll = this.pagedUsers.length > this.pageSize;
+    }
+
+    checkUser(user: OrganizationUserUserDetailsResponse, select?: boolean) {
+        (user as any).checked = select == null ? !(user as any).checked : select;
+    }
+
+    selectAll(select: boolean) {
+        if (select) {
+            this.selectAll(false);
+        }
+
+        const filteredUsers = this.searchPipe.transform(this.users, this.searchText, 'name', 'email', 'id');
+
+        const selectCount = select && filteredUsers.length > MaxCheckedCount
+            ? MaxCheckedCount
+            : filteredUsers.length;
+        for (let i = 0; i < selectCount; i++) {
+            this.checkUser(filteredUsers[i], select);
+        }
+    }
+
+    async resetPaging() {
+        this.pagedUsers = [];
+        this.loadMore();
+    }
+
+    invite() {
+        this.edit(null);
+    }
+
+    async remove(user: UserType) {
+        const confirmed = await this.platformUtilsService.showDialog(
+            this.i18nService.t('removeUserConfirmation'), this.userNamePipe.transform(user),
+            this.i18nService.t('yes'), this.i18nService.t('no'), 'warning');
+
+        if (!confirmed) {
+            return false;
+        }
+
+        this.actionPromise = this.deleteUser(user.id);
+        try {
+            await this.actionPromise;
+            this.toasterService.popAsync('success', null, this.i18nService.t('removedUserId', this.userNamePipe.transform(user)));
+            this.removeUser(user);
+        } catch (e) {
+            this.validationService.showError(e);
+        }
+        this.actionPromise = null;
+    }
+
+    async reinvite(user: UserType) {
+        if (this.actionPromise != null) {
+            return;
+        }
+
+        this.actionPromise = this.reinviteUser(user.id);
+        try {
+            await this.actionPromise;
+            this.toasterService.popAsync('success', null, this.i18nService.t('hasBeenReinvited', this.userNamePipe.transform(user)));
+        } catch (e) {
+            this.validationService.showError(e);
+        }
+        this.actionPromise = null;
+    }
+
+    async confirm(user: UserType) {
+        function updateUser(self: BasePeopleComponent<UserType>) {
+            user.status = self.userStatusType.Confirmed;
+            const mapIndex = self.statusMap.get(self.userStatusType.Accepted).indexOf(user);
+            if (mapIndex > -1) {
+                self.statusMap.get(self.userStatusType.Accepted).splice(mapIndex, 1);
+                self.statusMap.get(self.userStatusType.Confirmed).push(user);
+            }
+        }
+
+        const confirmUser = async (publicKey: Uint8Array) => {
+            try {
+                this.actionPromise = this.confirmUser(user, publicKey);
+                await this.actionPromise;
+                updateUser(this);
+                this.toasterService.popAsync('success', null, this.i18nService.t('hasBeenConfirmed', this.userNamePipe.transform(user)));
+            } catch (e) {
+                this.validationService.showError(e);
+                throw e;
+            } finally {
+                this.actionPromise = null;
+            }
+        };
+
+        if (this.actionPromise != null) {
+            return;
+        }
+
+        try {
+            const publicKeyResponse = await this.apiService.getUserPublicKey(user.userId);
+            const publicKey = Utils.fromB64ToArray(publicKeyResponse.publicKey);
+
+            const autoConfirm = await this.storageService.get<boolean>(ConstantsService.autoConfirmFingerprints);
+            if (autoConfirm == null || !autoConfirm) {
+                const [modal] = await this.modalService.openViewRef(UserConfirmComponent, this.confirmModalRef, comp => {
+                    comp.name = this.userNamePipe.transform(user);
+                    comp.userId = user != null ? user.userId : null;
+                    comp.publicKey = publicKey;
+                    comp.onConfirmedUser.subscribe(async () => {
+                        try {
+                            comp.formPromise = confirmUser(publicKey);
+                            await comp.formPromise;
+                            modal.close();
+                        } catch { }
+                    });
+                });
+                return;
+            }
+
+            try {
+                const fingerprint = await this.cryptoService.getFingerprint(user.userId, publicKey.buffer);
+                this.logService.info(`User's fingerprint: ${fingerprint.join('-')}`);
+            } catch { }
+            await confirmUser(publicKey);
+        } catch (e) {
+            this.logService.error(`Handled exception: ${e}`);
+        }
+    }
+
+    isSearching() {
+        return this.searchService.isSearchable(this.searchText);
+    }
+
+    isPaging() {
+        const searching = this.isSearching();
+        if (searching && this.didScroll) {
+            this.resetPaging();
+        }
+        return !searching && this.users && this.users.length > this.pageSize;
+    }
+
+    protected getCheckedUsers() {
+        return this.users.filter(u => (u as any).checked);
+    }
+
+    protected removeUser(user: UserType) {
+        let index = this.users.indexOf(user);
+        if (index > -1) {
+            this.users.splice(index, 1);
+            this.resetPaging();
+        }
+        if (this.statusMap.has(user.status)) {
+            index = this.statusMap.get(user.status).indexOf(user);
+            if (index > -1) {
+                this.statusMap.get(user.status).splice(index, 1);
+            }
+        }
+    }
+
+}