Update trigger paths

- Additional formatting
- Updates to some actions
- Refined build workflows

.github/workflows/build-cli.yml

@@ -0,0 +1,354 @@
+---
+name: Build CLI
+
+on:
+  push:
+    branches-ignore:
+      - 'l10n_master'
+    paths:
+      - 'apps/cli/**'
+  workflow_dispatch: {}
+
+defaults:
+  run:
+    working-directory: apps/cli
+
+jobs:
+  cloc:
+    name: CLOC
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2
+
+      - name: Set up cloc
+        run: |
+          sudo apt update
+          sudo apt -y install cloc
+
+      - name: Print lines of code
+        run: cloc --include-lang TypeScript,JavaScript --vcs git
+
+
+  setup:
+    name: Setup
+    runs-on: ubuntu-20.04
+    outputs:
+      package_version: ${{ steps.retrieve-version.outputs.package_version }}
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2
+
+      - name: Get Package Version
+        id: retrieve-version
+        run: |
+          PKG_VERSION=$(jq -r .version package.json)
+          echo "::set-output name=package_version::$PKG_VERSION"
+
+
+  cli:
+    name: Build CLI
+    runs-on: windows-2019
+    needs:
+      - setup
+    env:
+      _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
+      _WIN_PKG_FETCH_VERSION: 16.14.2
+      _WIN_PKG_VERSION: 3.3
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2
+
+      - name: Setup Windows builder
+        run: |
+          choco install checksum --no-progress
+          choco install reshack --no-progress
+
+      - name: Set up Node
+        uses: actions/setup-node@56337c425554a6be30cdef71bf441f15be286854  # v3.1.1
+        with:
+          cache: 'npm'
+          cache-dependency-path: 'apps/cli/**/package-lock.json'
+          node-version: '16'
+
+      - name: Get pkg-fetch
+        shell: pwsh
+        run: |
+          cd $HOME
+          $fetchedUrl = "https://github.com/vercel/pkg-fetch/releases/download/v$env:_WIN_PKG_VERSION/node-v$env:_WIN_PKG_FETCH_VERSION-win-x64"
+          New-Item -ItemType directory -Path .\.pkg-cache
+          New-Item -ItemType directory -Path .\.pkg-cache\v$env:_WIN_PKG_VERSION
+          Invoke-RestMethod -Uri $fetchedUrl `
+            -OutFile ".\.pkg-cache\v$env:_WIN_PKG_VERSION\fetched-v$env:_WIN_PKG_FETCH_VERSION-win-x64"
+
+      - name: Setup Version Info
+        shell: pwsh
+        run: |
+          $major,$minor,$patch = $env:_PACKAGE_VERSION.split('.')
+          $versionInfo = @"
+          1 VERSIONINFO
+          FILEVERSION $major,$minor,$patch,0
+          PRODUCTVERSION $major,$minor,$patch,0
+          FILEOS 0x40004
+          FILETYPE 0x1
+          {
+          BLOCK "StringFileInfo"
+          {
+            BLOCK "040904b0"
+            {
+              VALUE "CompanyName", "Bitwarden Inc."
+              VALUE "ProductName", "Bitwarden"
+              VALUE "FileDescription", "Bitwarden CLI"
+              VALUE "FileVersion", "$env:_PACKAGE_VERSION"
+              VALUE "ProductVersion", "$env:_PACKAGE_VERSION"
+              VALUE "OriginalFilename", "bw.exe"
+              VALUE "InternalName", "bw"
+              VALUE "LegalCopyright", "Copyright Bitwarden Inc."
+            }
+          }
+          BLOCK "VarFileInfo"
+          {
+            VALUE "Translation", 0x0409 0x04B0
+          }
+          }
+          "@
+          $versionInfo | Out-File ./version-info.rc
+      # https://github.com/vercel/pkg-fetch/issues/188
+
+      - name: Resource Hacker
+        shell: cmd
+        run: |
+          set PATH=%PATH%;C:\Program Files (x86)\Resource Hacker
+          set WIN_PKG=C:\Users\runneradmin\.pkg-cache\v%_WIN_PKG_VERSION%\fetched-v%_WIN_PKG_FETCH_VERSION%-win-x64
+          set WIN_PKG_BUILT=C:\Users\runneradmin\.pkg-cache\v%_WIN_PKG_VERSION%\built-v%_WIN_PKG_FETCH_VERSION%-win-x64
+          copy %WIN_PKG% %WIN_PKG_BUILT%
+          ResourceHacker -open %WIN_PKG_BUILT% -save %WIN_PKG_BUILT% -action delete -mask ICONGROUP,1,
+          ResourceHacker -open version-info.rc -save version-info.res -action compile
+          ResourceHacker -open %WIN_PKG_BUILT% -save %WIN_PKG_BUILT% -action addoverwrite -resource version-info.res
+
+      - name: Setup sub-module
+        run: npm run sub:init
+
+      - name: Install
+        run: npm ci
+
+      - name: Run tests
+        run: npm run test
+
+      - name: Build & Package
+        run: npm run dist
+
+      - name: Package Chocolatey
+        shell: pwsh
+        run: |
+          Copy-Item -Path stores/chocolatey -Destination dist/chocolatey -Recurse
+          Copy-Item dist/windows/bw.exe -Destination dist/chocolatey/tools
+          Copy-Item LICENSE.txt -Destination dist/chocolatey/tools
+          choco pack dist/chocolatey/bitwarden-cli.nuspec --version ${{ env._PACKAGE_VERSION }} --out dist/chocolatey
+
+      - name: Zip
+        shell: cmd
+        run: |
+          7z a ./dist/bw-windows-%_PACKAGE_VERSION%.zip ./dist/windows/bw.exe
+          7z a ./dist/bw-macos-%_PACKAGE_VERSION%.zip ./dist/macos/bw
+          7z a ./dist/bw-linux-%_PACKAGE_VERSION%.zip ./dist/linux/bw
+
+      - name: Version Test
+        run: |
+          dir ./dist/
+          Expand-Archive -Path "./dist/bw-windows-${env:_PACKAGE_VERSION}.zip" -DestinationPath "./test/windows"
+          $testVersion = Invoke-Expression '& ./test/windows/bw.exe -v'
+          echo "version: $env:_PACKAGE_VERSION"
+          echo "testVersion: $testVersion"
+          if($testVersion -ne $env:_PACKAGE_VERSION) {
+            Throw "Version test failed."
+          }
+
+      - name: Create checksums
+        run: |
+          checksum -f="./dist/bw-windows-${env:_PACKAGE_VERSION}.zip" `
+            -t sha256 | Out-File -Encoding ASCII ./dist/bw-windows-sha256-${env:_PACKAGE_VERSION}.txt
+          checksum -f="./dist/bw-macos-${env:_PACKAGE_VERSION}.zip" `
+            -t sha256 | Out-File -Encoding ASCII ./dist/bw-macos-sha256-${env:_PACKAGE_VERSION}.txt
+          checksum -f="./dist/bw-linux-${env:_PACKAGE_VERSION}.zip" `
+            -t sha256 | Out-File -Encoding ASCII ./dist/bw-linux-sha256-${env:_PACKAGE_VERSION}.txt
+
+      - name: Upload windows zip asset
+        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        with:
+          name: bw-windows-${{ env._PACKAGE_VERSION }}.zip
+          path: apps/cli/dist/bw-windows-${{ env._PACKAGE_VERSION }}.zip
+          if-no-files-found: error
+
+      - name: Upload windows checksum asset
+        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        with:
+          name: bw-windows-sha256-${{ env._PACKAGE_VERSION }}.txt
+          path: apps/cli/dist/bw-windows-sha256-${{ env._PACKAGE_VERSION }}.txt
+          if-no-files-found: error
+
+      - name: Upload macos zip asset
+        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        with:
+          name: bw-macos-${{ env._PACKAGE_VERSION }}.zip
+          path: apps/cli/dist/bw-macos-${{ env._PACKAGE_VERSION }}.zip
+          if-no-files-found: error
+
+      - name: Upload macos checksum asset
+        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        with:
+          name: bw-macos-sha256-${{ env._PACKAGE_VERSION }}.txt
+          path: apps/cli/dist/bw-macos-sha256-${{ env._PACKAGE_VERSION }}.txt
+          if-no-files-found: error
+
+      - name: Upload linux zip asset
+        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        with:
+          name: bw-linux-${{ env._PACKAGE_VERSION }}.zip
+          path: apps/cli/dist/bw-linux-${{ env._PACKAGE_VERSION }}.zip
+          if-no-files-found: error
+
+      - name: Upload linux checksum asset
+        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        with:
+          name: bw-linux-sha256-${{ env._PACKAGE_VERSION }}.txt
+          path: apps/cli/dist/bw-linux-sha256-${{ env._PACKAGE_VERSION }}.txt
+          if-no-files-found: error
+
+      - name: Upload Chocolatey asset
+        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        with:
+          name: bitwarden-cli.${{ env._PACKAGE_VERSION }}.nupkg
+          path: apps/cli/dist/chocolatey/bitwarden-cli.${{ env._PACKAGE_VERSION }}.nupkg
+          if-no-files-found: error
+
+      - name: Upload NPM Build Directory asset
+        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        with:
+          name: bitwarden-cli-${{ env._PACKAGE_VERSION }}-npm-build.zip
+          path: apps/cli/build
+          if-no-files-found: error
+
+  snap:
+    name: Build Snap
+    runs-on: ubuntu-20.04
+    needs: [setup, cli]
+    env:
+      _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2
+
+      - name: Print environment
+        run: |
+          whoami
+          echo "GitHub ref: $GITHUB_REF"
+          echo "GitHub event: $GITHUB_EVENT"
+          echo "BW Package Version: $_PACKAGE_VERSION"
+
+      - name: Get bw linux cli
+        uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741
+        with:
+          name: bw-linux-${{ env._PACKAGE_VERSION }}.zip
+          path: apps/cli/dist/snap
+
+      - name: Setup Snap Package
+        run: |
+          cp -r stores/snap/* -t dist/snap
+          sed -i s/__version__/${{ env._PACKAGE_VERSION }}/g dist/snap/snapcraft.yaml
+          cd dist/snap
+          ls -alth
+
+      - name: Build snap
+        uses: snapcore/action-build@ea14cdeb353272f75977040488ca191880509a8c  # v1.1.0
+        with:
+          path: apps/cli/dist/snap
+
+      - name: Create checksum
+        run: |
+          cd dist/snap
+          ls -alth
+          sha256sum bw_${{ env._PACKAGE_VERSION }}_amd64.snap \
+            | awk '{split($0, a); print a[1]}' > bw-snap-sha256-${{ env._PACKAGE_VERSION }}.txt
+
+      - name: Install Snap
+        run: sudo snap install dist/snap/bw*.snap --dangerous
+
+      - name: Test Snap
+        shell: pwsh
+        run: |
+          $testVersion = Invoke-Expression '& bw -v'
+          if($testVersion -ne $env:_PACKAGE_VERSION) {
+            Throw "Version test failed."
+          }
+        env:
+          BITWARDENCLI_APPDATA_DIR: "/home/runner/snap/bw/x1/.config/Bitwarden CLI"
+
+      - name: Cleanup Test & Update Snap for Publish
+        shell: pwsh
+        run: sudo snap remove bw
+
+      - name: Upload snap asset
+        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        with:
+          name: bw_${{ env._PACKAGE_VERSION }}_amd64.snap
+          path: apps/cli/dist/snap/bw_${{ env._PACKAGE_VERSION }}_amd64.snap
+          if-no-files-found: error
+
+      - name: Upload snap checksum asset
+        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535
+        with:
+          name: bw-snap-sha256-${{ env._PACKAGE_VERSION }}.txt
+          path: apps/cli/dist/snap/bw-snap-sha256-${{ env._PACKAGE_VERSION }}.txt
+          if-no-files-found: error
+
+
+  check-failures:
+    name: Check for failures
+    if: always()
+    runs-on: ubuntu-20.04
+    needs:
+      - cloc
+      - setup
+      - cli
+      - snap
+    steps:
+      - name: Check if any job failed
+        if: ${{ (github.ref == 'refs/heads/master') || (github.ref == 'refs/heads/rc') }}
+        env:
+          CLOC_STATUS: ${{ needs.cloc.result }}
+          SETUP_STATUS: ${{ needs.setup.result }}
+          CLI_STATUS: ${{ needs.cli.result }}
+          SNAP_STATUS: ${{ needs.snap.result }}
+        run: |
+          if [ "$CLOC_STATUS" = "failure" ]; then
+              exit 1
+          elif [ "$SETUP_STATUS" = "failure" ]; then
+              exit 1
+          elif [ "$CLI_STATUS" = "failure" ]; then
+              exit 1
+          elif [ "$SNAP_STATUS" = "failure" ]; then
+              exit 1
+          fi
+
+      - name: Login to Azure - Prod Subscription
+        uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010  # v1.1
+        if: failure()
+        with:
+          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f
+        if: failure()
+        with:
+          keyvault: "bitwarden-prod-kv"
+          secrets: "devops-alerts-slack-webhook-url"
+
+      - name: Notify Slack on failure
+        uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33
+        if: failure()
+        env:
+          SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }}
+        with:
+          status: ${{ job.status }}

.github/workflows/build-web.yml

@@ -0,0 +1,497 @@
+---
+name: Build Web
+
+on:
+  push:
+    branches-ignore:
+      - 'l10n_master'
+      - 'gh-pages'
+    paths:
+      - 'apps/web/**'
+  workflow_dispatch:
+    inputs:
+        custom_tag_extension:
+          description: "Custom image tag extension"
+          required: false
+defaults:
+  run:
+    working-directory: apps/web
+
+jobs:
+  cloc:
+    name: CLOC
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2
+
+      - name: Set up cloc
+        run: |
+          sudo apt update
+          sudo apt -y install cloc
+
+      - name: Print lines of code
+        run: cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git
+
+
+  setup:
+    name: Setup
+    runs-on: ubuntu-20.04
+    outputs:
+      version: ${{ steps.version.outputs.value }}
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2
+
+      - name: Get GitHub sha as version
+        id: version
+        run: echo "::set-output name=value::${GITHUB_SHA:0:7}"
+
+
+  build-oss-selfhost:
+    name: Build OSS zip
+    runs-on: ubuntu-20.04
+    needs:
+      - setup
+    env:
+      _VERSION: ${{ needs.setup.outputs.version }}
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2
+
+      - name: Set up Node
+        uses: actions/setup-node@56337c425554a6be30cdef71bf441f15be286854  # v3.1.1
+        with:
+          cache: 'npm'
+          cache-dependency-path: 'apps/web/**/package-lock.json'
+          node-version: "16"
+
+      - name: Print environment
+        run: |
+          whoami
+          node --version
+          npm --version
+          gulp --version
+          docker --version
+          echo "GitHub ref: $GITHUB_REF"
+          echo "GitHub event: $GITHUB_EVENT"
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build OSS selfhost
+        run: |
+          npm run dist:oss:selfhost
+          zip -r web-$_VERSION-selfhosted-open-source.zip build
+
+      - name: Upload build artifact
+        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535  # v3.0.0
+        with:
+          name: web-${{ env._VERSION }}-selfhosted-open-source.zip
+          path: apps/web/web-${{ env._VERSION }}-selfhosted-open-source.zip
+          if-no-files-found: error
+
+
+  build-cloud:
+    name: Build Cloud zip
+    runs-on: ubuntu-20.04
+    needs:
+      - setup
+    env:
+      _VERSION: ${{ needs.setup.outputs.version }}
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2
+
+      - name: Set up Node
+        uses: actions/setup-node@56337c425554a6be30cdef71bf441f15be286854  # v3.1.1
+        with:
+          cache: 'npm'
+          cache-dependency-path: 'apps/web/**/package-lock.json'
+          node-version: "16"
+
+      - name: Print environment
+        run: |
+          whoami
+          node --version
+          npm --version
+          gulp --version
+          docker --version
+          echo "GitHub ref: $GITHUB_REF"
+          echo "GitHub event: $GITHUB_EVENT"
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build Cloud
+        run: |
+          npm run dist:bit:cloud
+          zip -r web-$_VERSION-cloud-COMMERCIAL.zip build
+
+      - name: Upload build artifact
+        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535  # v3.0.0
+        with:
+          name: web-${{ env._VERSION }}-cloud-COMMERCIAL.zip
+          path: apps/web/web-${{ env._VERSION }}-cloud-COMMERCIAL.zip
+          if-no-files-found: error
+
+
+  build-commercial-selfhost:
+    name: Build SelfHost Docker image
+    runs-on: ubuntu-20.04
+    needs:
+      - setup
+    env:
+      _VERSION: ${{ needs.setup.outputs.version }}
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2
+
+      - name: Set up Node
+        uses: actions/setup-node@56337c425554a6be30cdef71bf441f15be286854  # v3.1.1
+        with:
+          cache: 'npm'
+          cache-dependency-path: 'apps/web/**/package-lock.json'
+          node-version: "16"
+
+      - name: Print environment
+        run: |
+          whoami
+          node --version
+          npm --version
+          gulp --version
+          docker --version
+          echo "GitHub ref: $GITHUB_REF"
+          echo "GitHub event: $GITHUB_EVENT"
+
+      - name: Setup DCT
+        if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc'
+        id: setup-dct
+        uses: bitwarden/gh-actions/setup-docker-trust@a8c384a05a974c05c48374c818b004be221d43ff
+        with:
+          azure-creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          azure-keyvault-name: "bitwarden-prod-kv"
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build
+        run: |
+          echo -e "# Building Web\n"
+          echo "Building app"
+          echo "npm version $(npm --version)"
+
+          npm run dist:bit:selfhost
+          zip -r web-$_VERSION-selfhosted-COMMERCIAL.zip build
+
+      - name: Upload build artifact
+        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535  # v3.0.0
+        with:
+          name: web-${{ env._VERSION }}-selfhosted-COMMERCIAL.zip
+          path: apps/web/web-${{ env._VERSION }}-selfhosted-COMMERCIAL.zip
+          if-no-files-found: error
+
+      - name: Build Docker image
+        run: |
+          echo -e "\nBuilding Docker image"
+          docker --version
+          docker build -t bitwarden/web .
+
+      - name: Tag rc branch
+        if: github.ref == 'refs/heads/rc'
+        run: docker tag bitwarden/web bitwarden/web:rc
+
+      - name: Tag dev
+        if: github.ref == 'refs/heads/master'
+        run: docker tag bitwarden/web bitwarden/web:dev
+
+      - name: Tag hotfix branch
+        if: github.ref == 'refs/heads/hotfix-rc'
+        run: docker tag bitwarden/web bitwarden/web:hotfix-rc
+
+      - name: List Docker images
+        if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc'
+        run: docker images
+
+      - name: Push rc image
+        if: github.ref == 'refs/heads/rc'
+        run: docker push bitwarden/web:rc
+        env:
+          DOCKER_CONTENT_TRUST: 1
+          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
+
+      - name: Push dev image
+        if: github.ref == 'refs/heads/master'
+        run: docker push bitwarden/web:dev
+        env:
+          DOCKER_CONTENT_TRUST: 1
+          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
+
+      - name: Push hotfix image
+        if: github.ref == 'refs/heads/hotfix-rc'
+        run: docker push bitwarden/web:hotfix-rc
+        env:
+          DOCKER_CONTENT_TRUST: 1
+          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
+
+      - name: Log out of Docker
+        if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' || github.ref == 'refs/heads/hotfix-rc'
+        run: |
+          docker logout
+          echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV
+
+      - name: Login to Azure - QA Subscription
+        uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010  # v1.1
+        with:
+          creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}
+
+      - name: Login to Azure ACR
+        run: az acr login -n bitwardenqa
+
+      - name: Tag and Push RC to Azure ACR QA registry
+        env:
+          REGISTRY: bitwardenqa.azurecr.io
+        run: |
+          IMAGE_TAG=$(echo "${GITHUB_REF:11}" | sed "s#/#-#g")  # slash safe branch name
+          if [[ "$IMAGE_TAG" == "master" ]]; then
+            IMAGE_TAG=dev
+          fi
+          docker tag bitwarden/web \
+            $REGISTRY/web-sh:$IMAGE_TAG
+          docker push $REGISTRY/web-sh:$IMAGE_TAG
+
+      - name: Log out of Docker
+        run: docker logout
+
+
+  build-qa:
+    name: Build Docker images for QA environment
+    runs-on: ubuntu-20.04
+    needs:
+      - setup
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2
+
+      - name: Set up Node
+        uses: actions/setup-node@56337c425554a6be30cdef71bf441f15be286854  # v3.1.1
+        with:
+          cache: 'npm'
+          cache-dependency-path: 'apps/web/**/package-lock.json'
+          node-version: "16"
+
+      - name: Print environment
+        run: |
+          whoami
+          node --version
+          npm --version
+          gulp --version
+          docker --version
+          echo "GitHub ref: $GITHUB_REF"
+          echo "GitHub event: $GITHUB_EVENT"
+
+      - name: Login to Azure
+        uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010  # v1.1
+        with:
+          creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}
+
+      - name: Log into container registry
+        run: az acr login -n bitwardenqa
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build
+        run: |
+          echo -e "# Building Web\n"
+          echo "Building app"
+          echo "npm version $(npm --version)"
+          VERSION=$( jq -r ".version" package.json)
+          jq --arg version "$VERSION - ${GITHUB_SHA:0:7}" '.version = $version' package.json > package.json.tmp
+          mv package.json.tmp package.json
+
+          npm run build:bit:qa
+
+          echo "{\"commit_hash\": \"$GITHUB_SHA\", \"ref\": \"$GITHUB_REF\"}" | jq . > build/info.json
+
+          echo -e "\nBuilding Docker image"
+          docker --version
+          docker build -t bitwardenqa.azurecr.io/web .
+
+      - name: Get image tag
+        id: image-tag
+        run: |
+          IMAGE_TAG=$(echo "${GITHUB_REF:11}" | sed "s#/#-#g")
+          TAG_EXTENSION=${{ github.event.inputs.custom_tag_extension }}
+
+          if [[ $TAG_EXTENSION ]]; then
+            IMAGE_TAG=$IMAGE_TAG-$TAG_EXTENSION
+          fi
+          echo "::set-output name=value::$IMAGE_TAG"
+
+      - name: Tag image
+        env:
+          IMAGE_TAG: ${{ steps.image-tag.outputs.value }}
+        run: docker tag bitwardenqa.azurecr.io/web "bitwardenqa.azurecr.io/web:$IMAGE_TAG"
+
+      - name: Tag dev
+        if: github.ref == 'refs/heads/master'
+        run: docker tag bitwardenqa.azurecr.io/web bitwardenqa.azurecr.io/web:dev
+
+      - name: List Docker images
+        run: docker images
+
+      - name: Push image
+        env:
+          IMAGE_TAG: ${{ steps.image-tag.outputs.value }}
+        run: docker push "bitwardenqa.azurecr.io/web:$IMAGE_TAG"
+
+      - name: Push dev images
+        if: github.ref == 'refs/heads/master'
+        run: docker push bitwardenqa.azurecr.io/web:dev
+
+      - name: Log out of Docker
+        run: docker logout
+
+
+  windows:
+    name: Test code on Windows
+    runs-on: windows-2019
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2
+
+      - name: Set up NuGet
+        uses: nuget/setup-nuget@b2bc17b761a1d88cab755a776c7922eb26eefbfa  # v1.0.6
+        with:
+          nuget-version: "latest"
+
+      - name: Set up Node
+        uses: actions/setup-node@56337c425554a6be30cdef71bf441f15be286854  # v3.1.1
+        with:
+          cache: 'npm'
+          cache-dependency-path: 'apps/web/**/package-lock.json'
+          node-version: "16"
+
+      - name: Print environment
+        run: |
+          nuget help | grep Version
+          node --version
+          npm --version
+          echo "GitHub ref: $GITHUB_REF"
+          echo "GitHub event: $GITHUB_EVENT"
+        env:
+          GITHUB_REF: ${{ github.ref }}
+          GITHUB_EVENT: ${{ github.event_name }}
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: NPM build
+        run: npm run build:bit:cloud
+
+
+  crowdin-push:
+    name: Crowdin Push
+    if: github.ref == 'refs/heads/master'
+    needs:
+      - build-oss-selfhost
+      - build-cloud
+      - build-commercial-selfhost
+      - build-qa
+    runs-on: ubuntu-20.04
+    env:
+      _CROWDIN_PROJECT_ID: "308189"
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2  # v2.3.4
+
+      - name: Login to Azure
+        uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010  # v1.1
+        with:
+          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f  # v1.0.0
+        with:
+          keyvault: "bitwarden-prod-kv"
+          secrets: "crowdin-api-token"
+
+      - name: Upload Sources
+        uses: crowdin/github-action@a3160b9e5a9e00739392c23da5e580c6cabe526d  # v1.4.8
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}
+        with:
+          config: crowdin.yml
+          crowdin_branch_name: master
+          upload_sources: true
+          upload_translations: false
+
+
+  check-failures:
+    name: Check for failures
+    if: always()
+    runs-on: ubuntu-20.04
+    needs:
+      - cloc
+      - setup
+      - build-oss-selfhost
+      - build-cloud
+      - build-commercial-selfhost
+      - build-qa
+      - crowdin-push
+      - windows
+    steps:
+      - name: Check if any job failed
+        if: ${{ (github.ref == 'refs/heads/master') || (github.ref == 'refs/heads/rc') }}
+        env:
+          CLOC_STATUS: ${{ needs.cloc.result }}
+          SETUP_STATUS: ${{ needs.setup.result }}
+          BUILD_OSS_SELFHOST_STATUS: ${{ needs.build-oss-selfhost.result }}
+          BUILD_CLOUD_STATUS: ${{ needs.build-cloud.result }}
+          BUILD_COMMERCIAL_SELFHOST_STATUS: ${{ needs.build-commercial-selfhost.result }}
+          BUILD_QA_STATUS: ${{ needs.build-qa.result }}
+          CROWDIN_PUSH_STATUS: ${{ needs.crowdin-push.result }}
+          WINDOWS_STATUS: ${{ needs.windows.result }}
+        run: |
+          if [ "$CLOC_STATUS" = "failure" ]; then
+              exit 1
+          elif [ "$SETUP_STATUS" = "failure" ]; then
+              exit 1
+          elif [ "$BUILD_OSS_SELFHOST_STATUS" = "failure" ]; then
+              exit 1
+          elif [ "$BUILD_CLOUD_STATUS" = "failure" ]; then
+              exit 1
+          elif [ "$BUILD_COMMERCIAL_SELFHOST_STATUS" = "failure" ]; then
+              exit 1
+          elif [ "$BUILD_QA_STATUS" = "failure" ]; then
+              exit 1
+          elif [ "$CROWDIN_PUSH_STATUS" = "failure" ]; then
+              exit 1
+          elif [ "$WINDOWS_STATUS" = "failure" ]; then
+              exit 1
+          fi
+
+      - name: Login to Azure - Prod Subscription
+        uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010  # v1.1
+        if: failure()
+        with:
+          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f  # v1.0.0
+        if: failure()
+        with:
+          keyvault: "bitwarden-prod-kv"
+          secrets: "devops-alerts-slack-webhook-url"
+
+      - name: Notify Slack on failure
+        uses: act10ns/slack@da3191ebe2e67f49b46880b4633f5591a96d1d33  # v1.5.1
+        if: failure()
+        env:
+          SLACK_WEBHOOK_URL: ${{ steps.retrieve-secrets.outputs.devops-alerts-slack-webhook-url }}
+        with:
+          status: ${{ job.status }}

.github/workflows/release-cli.yml

@@ -0,0 +1,211 @@
+---
+name: Release CLI
+
+on:
+  workflow_dispatch:
+    inputs:
+      release_type:
+        description: 'Release Options'
+        required: true
+        default: 'Initial Release'
+        type: choice
+        options:
+          - Initial Release
+          - Redeploy
+          - Dry Run
+
+defaults:
+  run:
+    working-directory: apps/cli
+
+jobs:
+  setup:
+    name: Setup
+    runs-on: ubuntu-20.04
+    outputs:
+      package_version: ${{ steps.retrieve-version.outputs.package_version }}
+      branch-name: ${{ steps.branch.outputs.branch-name }}
+    steps:
+      - name: Branch check
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        run: |
+          if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc/*" ]]; then
+            echo "==================================="
+            echo "[!] Can only release from the 'rc' or 'hotfix-rc/*' branches"
+            echo "==================================="
+            exit 1
+          fi
+
+      - name: Checkout repo
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2
+
+      - name: Retrieve CLI release version
+        id: retrieve-version
+        run: |
+          PKG_VERSION=$(jq -r .version package.json)
+          echo "::set-output name=package_version::$PKG_VERSION"
+
+      - name: Check to make sure CLI release version has been bumped
+        if: ${{ github.event.inputs.release_type == 'Initial Release' }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          latest_ver=$(
+            curl -sL https://api.github.com/repos/$GITHUB_REPOSITORY/releases | jq -r 'first(.[] | select(.tag_name | startswith("cli"))).tag_name'
+          )
+          latest_ver=${latest_ver:1}
+          echo "Latest version: $latest_ver"
+          ver=${{ steps.retrieve-version.outputs.package_version }}
+          echo "Version: $ver"
+          if [ "$latest_ver" = "$ver" ]; then
+            echo "Version has not been bumped!"
+            exit 1
+          fi
+        shell: bash
+
+      - name: Get branch name
+        id: branch
+        run: |
+          BRANCH_NAME=$(basename ${{ github.ref }})
+          echo "::set-output name=branch-name::$BRANCH_NAME"
+
+      - name: Download all artifacts
+        uses: bitwarden/gh-actions/download-artifacts@c1fa8e09871a860862d6bbe36184b06d2c7e35a8
+        with:
+          workflow: build-ci.yml
+          path: apps/cli
+          workflow_conclusion: success
+          branch: ${{ steps.branch.outputs.branch-name }}
+
+      - name: Create release
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        uses: ncipollo/release-action@58ae73b360456532aafd58ee170c045abbeaee37  # v1.10.0
+        env:
+          PKG_VERSION: ${{ steps.retrieve-version.outputs.package_version }}
+        with:
+          artifacts: "bw-windows-${{ env.PKG_VERSION }}.zip,
+                      bw-windows-sha256-${{ env.PKG_VERSION }}.txt,
+                      bw-macos-${{ env.PKG_VERSION }}.zip,
+                      bw-macos-sha256-${{ env.PKG_VERSION }}.txt,
+                      bw-linux-${{ env.PKG_VERSION }}.zip,
+                      bw-linux-sha256-${{ env.PKG_VERSION }}.txt,
+                      bitwarden-cli.${{ env.PKG_VERSION }}.nupkg,
+                      bw_${{ env.PKG_VERSION }}_amd64.snap,
+                      bw-snap-sha256-${{ env.PKG_VERSION }}.txt"
+          commit: ${{ github.sha }}
+          tag: v${{ env.PKG_VERSION }}
+          name: Version ${{ env.PKG_VERSION }}
+          body: "<insert release notes here>"
+          token: ${{ secrets.GITHUB_TOKEN }}
+          draft: true
+
+
+  snap:
+    name: Deploy Snap
+    runs-on: ubuntu-20.04
+    needs: setup
+    env:
+      _PKG_VERSION: ${{ needs.setup.outputs.package_version }}
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2
+
+      - name: Login to Azure
+        uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010  # v1.1
+        with:
+          creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f
+        with:
+          keyvault: "bitwarden-prod-kv"
+          secrets: "snapcraft-store-token"
+
+      - name: Install Snap
+        uses: samuelmeuli/action-snapcraft@10d7d0a84d9d86098b19f872257df314b0bd8e2d  # v1.2.0
+        with:
+          snapcraft_token: ${{ steps.retrieve-secrets.outputs.snapcraft-store-token }}
+
+      - name: Download artifacts
+        uses: bitwarden/gh-actions/download-artifacts@c1fa8e09871a860862d6bbe36184b06d2c7e35a8
+        with:
+          workflow: build-cli.yml
+          path: apps/cli
+          workflow_conclusion: success
+          branch: ${{ needs.setup.outputs.branch-name }}
+          artifacts: bw_${{ env._PKG_VERSION }}_amd64.snap
+
+      - name: Publish Snap & logout
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        run: |
+          snapcraft push bw_${{ env._PKG_VERSION }}_amd64.snap --release stable
+          snapcraft logout
+
+
+  choco:
+    name: Deploy Choco
+    runs-on: windows-2019
+    needs: setup
+    env:
+      _PKG_VERSION: ${{ needs.setup.outputs.package_version }}
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2
+
+      - name: Setup Chocolatey
+        run: choco apikey --key $env:CHOCO_API_KEY --source https://push.chocolatey.org/
+        env:
+          CHOCO_API_KEY: ${{ secrets.CHOCO_API_KEY }}
+
+      - name: Make dist dir
+        shell: pwsh
+        run: New-Item -ItemType directory -Path ./dist
+
+      - name: Download artifacts
+        uses: bitwarden/gh-actions/download-artifacts@c1fa8e09871a860862d6bbe36184b06d2c7e35a8
+        with:
+          workflow: build-cli.yml
+          path: apps/cli
+          workflow_conclusion: success
+          branch: ${{ needs.setup.outputs.branch-name }}
+          artifacts: bitwarden-cli.${{ env._PKG_VERSION }}.nupkg
+
+      - name: Push to Chocolatey
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        shell: pwsh
+        run: |
+          cd dist
+          choco push
+
+
+  npm:
+    name: Publish NPM
+    runs-on: ubuntu-20.04
+    needs: setup
+    env:
+      _PKG_VERSION: ${{ needs.setup.outputs.package_version }}
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2
+
+      - name: Download artifacts
+        uses: bitwarden/gh-actions/download-artifacts@c1fa8e09871a860862d6bbe36184b06d2c7e35a8
+        with:
+          workflow: build-cli.yml
+          path: apps/cli
+          workflow_conclusion: success
+          branch: ${{ needs.setup.outputs.branch-name }}
+          artifacts: bitwarden-cli-${{ env._PKG_VERSION }}-npm-build.zip
+
+      - name: Setup NPM
+        run: echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > .npmrc
+        env:
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+      - name: Install Husky
+        run: npm install -g husky
+
+      - name: Publish NPM
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        run: npm publish --access public

.github/workflows/release-qa-web.yml

@@ -0,0 +1,69 @@
+---
+name: Web QA Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      image_extension:
+        description: "Image tag extension"
+        required: false
+
+env:
+  _QA_CLUSTER_RESOURCE_GROUP: "bw-env-qa"
+  _QA_CLUSTER_NAME: "bw-aks-qa"
+  _QA_K8S_NAMESPACE: "bw-qa"
+  _QA_K8S_APP_NAME: "bw-web"
+
+jobs:
+  deploy:
+    name: Deploy QA Web
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2
+
+      - name: Setup
+        run: export PATH=$PATH:~/work/web/web
+
+      - name: Login to Azure
+        uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010  # v1.1
+        with:
+          creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: Azure/get-keyvault-secrets@b5c723b9ac7870c022b8c35befe620b7009b336f  # v1
+        with:
+          keyvault: "bitwarden-qa-kv"
+          secrets: "qa-aks-kubectl-credentials"
+
+      - name: Login with qa-aks-kubectl-credentials SP
+        uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010  # v1.1
+        with:
+          creds: ${{ env.qa-aks-kubectl-credentials }}
+
+      - name: Setup AKS access
+        run: |
+          echo "---az install---"
+          az aks install-cli --install-location ./kubectl --kubelogin-install-location ./kubelogin
+          echo "---az get-creds---"
+          az aks get-credentials -n $_QA_CLUSTER_NAME -g $_QA_CLUSTER_RESOURCE_GROUP
+
+      - name: Get image tag
+        id: image_tag
+        run: |
+          IMAGE_TAG=$(echo "${GITHUB_REF:11}" | sed "s#/#-#g")
+          TAG_EXTENSION=${{ github.event.inputs.image_extension }}
+
+          if [[ $TAG_EXTENSION ]]; then
+            IMAGE_TAG=$IMAGE_TAG-$TAG_EXTENSION
+          fi
+          echo "::set-output name=value::$IMAGE_TAG"
+
+      - name: Deploy Web image
+        env:
+          IMAGE_TAG: ${{ steps.image_tag.outputs.value }}
+        run: |
+          kubectl set image -n $_QA_K8S_NAMESPACE deployment/web web=bitwardenqa.azurecr.io/web:$IMAGE_TAG --record
+          kubectl rollout restart -n $_QA_K8S_NAMESPACE deployment/web
+          kubectl rollout status deployment/web -n $_QA_K8S_NAMESPACE

.github/workflows/release-web.yml

@@ -0,0 +1,350 @@
+---
+name: Release Web
+
+on:
+  workflow_dispatch:
+    inputs:
+      release_type:
+        description: 'Release Options'
+        required: true
+        default: 'Initial Release'
+        type: choice
+        options:
+          - Initial Release
+          - Redeploy
+          - Dry Run
+
+defaults:
+  run:
+    working-directory: apps/web
+
+jobs:
+  setup:
+    name: Setup
+    runs-on: ubuntu-20.04
+    outputs:
+      release_version: ${{ steps.version.outputs.package }}
+      tag_version: ${{ steps.version.outputs.tag }}
+      branch_name: ${{ steps.branch.outputs.branch_name }}
+    steps:
+      - name: Branch check
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        run: |
+          if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc/*" ]]; then
+            echo "==================================="
+            echo "[!] Can only release from the 'rc' or 'hotfix-rc/*' branches"
+            echo "==================================="
+            exit 1
+          fi
+
+      - name: Checkout repo
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2
+
+      - name: Check Release Version
+        id: version
+        run: |
+          version=$( jq -r ".version" package.json)
+          previous_release_tag_version=$(
+            curl -sL https://api.github.com/repos/$GITHUB_REPOSITORY/releases/latest | jq -r ".tag_name"
+          )
+
+          if [ "v$version" == "$previous_release_tag_version" ] && \
+          [ "${{ github.event.inputs.release_type }}" == "Initial Release" ]; then
+            echo "[!] Already released v$version. Please bump version to continue"
+            exit 1
+          fi
+
+          echo "::set-output name=package::$version"
+          echo "::set-output name=tag::v$version"
+
+      - name: Get branch name
+        id: branch
+        run: |
+          BRANCH_NAME=$(basename ${{ github.ref }})
+          echo "::set-output name=branch_name::$BRANCH_NAME"
+
+
+  self-host:
+    name: Release self-host docker
+    runs-on: ubuntu-20.04
+    needs: setup
+    env:
+      _BRANCH_NAME: ${{ needs.setup.outputs.branch_name }}
+      _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }}
+      _RELEASE_OPTION: ${{ github.event.inputs.release_type }}
+    steps:
+      - name: Print environment
+        run: |
+          whoami
+          docker --version
+          echo "GitHub ref: $GITHUB_REF"
+          echo "GitHub event: $GITHUB_EVENT"
+          echo "Github Release Option: $_RELEASE_OPTION"
+
+      - name: Checkout repo
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2
+
+      ########## DockerHub ##########
+      - name: Setup DCT
+        id: setup-dct
+        uses: bitwarden/gh-actions/setup-docker-trust@a8c384a05a974c05c48374c818b004be221d43ff
+        with:
+          azure-creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }}
+          azure-keyvault-name: "bitwarden-prod-kv"
+
+      - name: Pull latest selfhost image
+        run: |
+          if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
+            docker pull bitwarden/web:latest
+          else
+            docker pull bitwarden/web:$_BRANCH_NAME
+          fi
+
+      - name: Tag version and latest
+        run: |
+          if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
+            docker tag bitwarden/web:latest bitwarden/web:dryrun
+          else
+            docker tag bitwarden/web:$_BRANCH_NAME bitwarden/web:$_RELEASE_VERSION
+            docker tag bitwarden/web:$_BRANCH_NAME bitwarden/web:latest
+          fi
+
+      - name: Push version and latest image
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        env:
+          DOCKER_CONTENT_TRUST: 1
+          DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }}
+        run: |
+          docker push bitwarden/web:$_RELEASE_VERSION
+          docker push bitwarden/web:latest
+
+      - name: Log out of Docker and disable Docker Notary
+        run: |
+          docker logout
+          echo "DOCKER_CONTENT_TRUST=0" >> $GITHUB_ENV
+
+      ########## ACR ##########
+      - name: Login to Azure - QA Subscription
+        uses: Azure/login@ec3c14589bd3e9312b3cc8c41e6860e258df9010  # v1.1
+        with:
+          creds: ${{ secrets.AZURE_QA_KV_CREDENTIALS }}
+
+      - name: Login to Azure ACR
+        run: az acr login -n bitwardenqa
+
+      - name: Tag version and latest
+        env:
+          REGISTRY: bitwardenqa.azurecr.io
+        run: |
+          if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
+            docker tag bitwarden/web:latest $REGISTRY/web:dryrun
+          else
+            docker tag bitwarden/web:$_BRANCH_NAME $REGISTRY/web:$_RELEASE_VERSION
+            docker tag bitwarden/web:$_BRANCH_NAME $REGISTRY/web:latest
+
+            docker tag bitwarden/web:$_BRANCH_NAME $REGISTRY/web-sh:$_RELEASE_VERSION
+            docker tag bitwarden/web:$_BRANCH_NAME $REGISTRY/web-sh:latest
+          fi
+
+      - name: Push version and latest image
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        env:
+          REGISTRY: bitwardenqa.azurecr.io
+        run: |
+          docker push $REGISTRY/web:$_RELEASE_VERSION
+          docker push $REGISTRY/web:latest
+
+          docker push $REGISTRY/web-sh:$_RELEASE_VERSION
+          docker push $REGISTRY/web-sh:latest
+
+      - name: Log out of Docker
+        run: docker logout
+
+
+  ghpages-deploy:
+    name: Deploy Web Vault to GitHub Pages
+    runs-on: ubuntu-20.04
+    needs:
+      - setup
+      - self-host
+    env:
+      _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }}
+      _TAG_VERSION: ${{ needs.setup.outputs.tag_version }}
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2  # v2.4.0
+        with:
+          ref: gh-pages
+
+      - name: Create gh-pages-deploy branch
+        run: |
+          git switch -c gh-pages-deploy-$_TAG_VERSION
+          git push -u origin gh-pages-deploy-$_TAG_VERSION
+
+      - name: Checkout Repo
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2  # v2.4.0
+
+      - name: Setup git config
+        run: |
+          git config user.name = "GitHub Action Bot"
+          git config user.email = "<>"
+          git config --global url."https://github.com/".insteadOf ssh://git@github.com/
+          git config --global url."https://".insteadOf ssh://
+
+      - name: Download latest cloud asset
+        uses: bitwarden/gh-actions/download-artifacts@c1fa8e09871a860862d6bbe36184b06d2c7e35a8
+        with:
+          workflow: build-web.yml
+          path: apps/web
+          workflow_conclusion: success
+          branch: ${{ needs.setup.outputs.branch_name }}
+          artifacts: web-*-cloud-COMMERCIAL.zip
+
+      # This should result in a build directory in the current working directory
+      - name: Unzip build asset
+        run: unzip web-*-cloud-COMMERCIAL.zip
+
+      - name: Deploy GitHub Pages
+        uses: crazy-max/ghaction-github-pages@a117e4aa1fb4854d021546d2abdfac95be568a3a  # v2.6.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          target_branch: gh-pages-deploy-${{ needs.setup.outputs.tag_version }}
+          build_dir: build
+          keep_history: true
+          commit_message: "Staging deploy ${{ needs.setup.outputs.release_version }}"
+          dry_run: ${{ github.event.inputs.release_type == 'Dry Run' }}
+
+      - name: Create GitHub Pages Deploy PR
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        env:
+          PR_BRANCH: gh-pages-deploy-${{ env._TAG_VERSION }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh pr create --title "Deploy $_RELEASE_VERSION to GitHub Pages" \
+            --body "Deploying $_RELEASE_VERSION" \
+            --base gh-pages \
+            --head "$PR_BRANCH"
+
+
+  cfpages-deploy:
+    name: Deploy Web Vault to CloudFlare Pages branch
+    runs-on: ubuntu-20.04
+    needs:
+      - setup
+      - self-host
+    env:
+      _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }}
+      _TAG_VERSION: ${{ needs.setup.outputs.tag_version }}
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2  # v2.4.0
+
+      - name: Download latest cloud asset
+        uses: bitwarden/gh-actions/download-artifacts@c1fa8e09871a860862d6bbe36184b06d2c7e35a8
+        with:
+          workflow: build-web.yml
+          path: apps/web
+          workflow_conclusion: success
+          branch: ${{ needs.setup.outputs.branch_name }}
+          artifacts: web-*-cloud-COMMERCIAL.zip
+
+      # This should result in a build directory in the current working directory
+      - name: Unzip build asset
+        run: unzip web-*-cloud-COMMERCIAL.zip
+
+      - name: Checkout Repo
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2  # v2.4.0
+        with:
+          ref: deploy
+          path: deployment
+
+      - name: Setup git config
+        run: |
+          git config --global user.name = "GitHub Action Bot"
+          git config --global user.email = "<>"
+          git config --global url."https://github.com/".insteadOf ssh://git@github.com/
+          git config --global url."https://".insteadOf ssh://
+
+      - name: Deploy CloudFlare Pages
+        run: |
+          rm -rf ./*
+          cp -R ../build/* .
+        working-directory: deployment
+
+      - name: Create cf-pages-deploy branch
+        run: |
+          git switch -c cf-pages-deploy-$_TAG_VERSION
+          git add .
+          git commit -m "Staging deploy ${{ needs.setup.outputs.release_version }}"
+          git push -u origin cf-pages-deploy-$_TAG_VERSION
+        working-directory: deployment
+
+      - name: Create CloudFlare Pages Deploy PR
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        env:
+          PR_BRANCH: cf-pages-deploy-${{ env._TAG_VERSION }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh pr create --title "Deploy $_RELEASE_VERSION to CloudFlare Pages" \
+            --body "Deploying $_RELEASE_VERSION" \
+            --base deploy \
+            --head "$PR_BRANCH"
+
+
+  release:
+    name: Create GitHub Release
+    runs-on: ubuntu-20.04
+    needs:
+      - setup
+      - self-host
+      - ghpages-deploy
+      - cfpages-deploy
+    steps:
+      - name: Download latest build artifacts
+        uses: bitwarden/gh-actions/download-artifacts@c1fa8e09871a860862d6bbe36184b06d2c7e35a8
+        with:
+          workflow: build-web.yml
+          path: apps/web
+          workflow_conclusion: success
+          branch: ${{ needs.setup.outputs.branch_name }}
+          artifacts: "web-*-selfhosted-COMMERCIAL.zip,
+            web-*-selfhosted-open-source.zip"
+
+      - name: Rename assets
+        run: |
+          mv web-*-selfhosted-COMMERCIAL.zip web-${{ needs.setup.outputs.release_version }}-selfhosted-COMMERCIAL.zip
+          mv web-*-selfhosted-open-source.zip web-${{ needs.setup.outputs.release_version }}-selfhosted-open-source.zip
+
+      - name: Create release
+        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        uses: ncipollo/release-action@58ae73b360456532aafd58ee170c045abbeaee37  # v1.10.0
+        with:
+          name: "Version ${{ needs.setup.outputs.release_version }}"
+          commit: ${{ github.sha }}
+          tag: "${{ needs.setup.outputs.tag_version }}"
+          body: "<insert release notes here>"
+          artifacts: "web-${{ needs.setup.outputs.release_version }}-selfhosted-COMMERCIAL.zip,
+            web-${{ needs.setup.outputs.release_version }}-selfhosted-open-source.zip"
+          token: ${{ secrets.GITHUB_TOKEN }}
+          draft: true
+
+
+  dry-run:
+    name: Dry Run Cleanup
+    runs-on: ubuntu-20.04
+    if: ${{ github.event.inputs.release_type == 'Dry Run' }}
+    env:
+      _TAG_VERSION: ${{ needs.setup.outputs.tag_version }}
+    needs:
+      - setup
+      - release
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b  # v3.0.2
+
+      - name: Remove gh-pages-deploy branch
+        run: git push origin --delete gh-pages-deploy-$_TAG_VERSION
+
+      - name: Remove cf-pages-deploy branch
+        run: git push origin --delete cf-pages-deploy-$_TAG_VERSION

CONTRIBUTING.md

@@ -10,7 +10,7 @@ Here is how you can get involved:
 - **Write code for a new feature:** Make a new post in the [Github Contributions category](https://community.bitwarden.com/c/github-contributions/) of the Community Forums. Include a description of your proposed contribution, screeshots, and links to any relevant feature requests. This helps get feedback from the community and Bitwarden team members before you start writing code
 - **Report a bug or submit a bugfix:** Use Github issues and pull requests
 - **Write documentation:** Submit a pull request to the [Bitwarden help repository](https://github.com/bitwarden/help)
-- **Help other users:** Go to the [User-to-User Support category](https://community.bitwarden.com/c/support/) on the Community Forums
+- **Help other users:** Go to the [Ask the Bitwarden Community category](https://community.bitwarden.com/c/support/) on the Community Forums
 - **Translate:** See the localization (l10n) section below
 
 ## Contributor Agreement
@@ -31,6 +31,6 @@ We use a translation tool called [Crowdin](https://crowdin.com) to help manage o
 
 If you are interested in helping translate the Bitwarden web vault into another language (or make a translation correction), please register an account at Crowdin and join our project here: https://crowdin.com/project/bitwarden-web
 
-If the language that you are interested in translating is not already listed, create a new account on Crowdin, join the project, and contact the project owner (https://crowdin.com/profile/kspearrin).
+If the language that you are interested in translating is not already listed, create a new account on Crowdin, join the project, and contact the project owner (https://crowdin.com/profile/dwbit).
 
 You can read Crowdin's getting started guide for translators here: https://support.crowdin.com/crowdin-intro/

README.md

@@ -1,3 +1,9 @@
+> **Repository Reorganization in Progress**
+>
+> We are currently migrating some projects over to a mono repository. For existing PR's we will be providing documentation on how to move/migrate them. To minimize the overhead we are actively reviewing open PRs. If possible please ensure any pending comments are resolved as soon as possible.
+>
+> New pull requests created during this transition period may not get addressed —if needed, please create a new PR after the reorganization is complete.
+
 <p align="center">
     <img src="https://raw.githubusercontent.com/bitwarden/brand/master/screenshots/web-vault-macbook.png" alt="" width="600" height="358" />
 </p>

bitwarden_license/src/app/app.module.ts

@@ -8,6 +8,7 @@ import { InfiniteScrollModule } from "ngx-infinite-scroll";
 import { JslibModule } from "jslib-angular/jslib.module";
 
 import { OssRoutingModule } from "src/app/oss-routing.module";
+import { OssModule } from "src/app/oss.module";
 import { ServicesModule } from "src/app/services/services.module";
 import { WildcardRoutingModule } from "src/app/wildcard-routing.module";
 
@@ -19,6 +20,7 @@ import { MaximumVaultTimeoutPolicyComponent } from "./policies/maximum-vault-tim
 
 @NgModule({
   imports: [
+    OssModule,
     JslibModule,
     BrowserAnimationsModule,
     FormsModule,

bitwarden_license/src/app/providers/manage/accept-provider.component.html

@@ -24,7 +24,11 @@
           <p>{{ "joinProviderDesc" | i18n }}</p>
           <hr />
           <div class="d-flex">
-            <a routerLink="/" [queryParams]="{ email: email }" class="btn btn-primary btn-block">
+            <a
+              routerLink="/login"
+              [queryParams]="{ email: email }"
+              class="btn btn-primary btn-block"
+            >
               {{ "logIn" | i18n }}
             </a>
             <a

bitwarden_license/src/app/providers/setup/setup-provider.component.html

@@ -20,7 +20,11 @@
           <p>{{ "setupProviderLoginDesc" | i18n }}</p>
           <hr />
           <div class="d-flex">
-            <a routerLink="/" [queryParams]="{ email: email }" class="btn btn-primary btn-block">
+            <a
+              routerLink="/login"
+              [queryParams]="{ email: email }"
+              class="btn btn-primary btn-block"
+            >
               {{ "logIn" | i18n }}
             </a>
           </div>

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bitwarden/web-vault",
-  "version": "2.27.0",
+  "version": "2.28.1",
   "license": "GPL-3.0",
   "repository": "https://github.com/bitwarden/web",
   "scripts": {
@@ -90,7 +90,7 @@
     "@bitwarden/jslib-angular": "file:jslib/angular",
     "@bitwarden/jslib-common": "file:jslib/common",
     "bootstrap": "4.6.0",
-    "braintree-web-drop-in": "1.30.1",
+    "braintree-web-drop-in": "1.33.1",
     "browser-hrtime": "^1.1.8",
     "core-js": "^3.11.0",
     "date-input-polyfill": "^2.14.0",

src/app/accounts/accept-emergency.component.html

@@ -23,7 +23,11 @@
           <p>{{ "acceptEmergencyAccess" | i18n }}</p>
           <hr />
           <div class="d-flex">
-            <a routerLink="/" [queryParams]="{ email: email }" class="btn btn-primary btn-block">
+            <a
+              routerLink="/login"
+              [queryParams]="{ email: email }"
+              class="btn btn-primary btn-block"
+            >
               {{ "logIn" | i18n }}
             </a>
             <a

src/app/accounts/accept-organization.component.html

@@ -24,7 +24,11 @@
           <p>{{ "joinOrganizationDesc" | i18n }}</p>
           <hr />
           <div class="d-flex">
-            <a routerLink="/" [queryParams]="{ email: email }" class="btn btn-primary btn-block">
+            <a
+              routerLink="/login"
+              [queryParams]="{ email: email }"
+              class="btn btn-primary btn-block"
+            >
               {{ "logIn" | i18n }}
             </a>
             <a

src/app/accounts/hint.component.html

@@ -33,7 +33,7 @@
                 aria-hidden="true"
               ></i>
             </button>
-            <a routerLink="/" class="btn btn-outline-secondary btn-block ml-2 mt-0">
+            <a routerLink="/login" class="btn btn-outline-secondary btn-block ml-2 mt-0">
               {{ "cancel" | i18n }}
             </a>
           </div>

src/app/accounts/lock.component.ts

@@ -58,7 +58,7 @@ export class LockComponent extends BaseLockComponent {
       if (previousUrl !== "/" && previousUrl.indexOf("lock") === -1) {
         this.successRoute = previousUrl;
       }
-      this.router.navigate([this.successRoute]);
+      this.router.navigateByUrl(this.successRoute);
     };
   }
 }

src/app/accounts/login.component.ts

@@ -20,6 +20,7 @@ import { ListResponse } from "jslib-common/models/response/listResponse";
 import { PolicyResponse } from "jslib-common/models/response/policyResponse";
 
 import { StateService } from "../../abstractions/state.service";
+import { RouterService } from "../services/router.service";
 
 @Component({
   selector: "app-login",
@@ -44,7 +45,8 @@ export class LoginComponent extends BaseLoginComponent {
     logService: LogService,
     ngZone: NgZone,
     protected stateService: StateService,
-    private messagingService: MessagingService
+    private messagingService: MessagingService,
+    private routerService: RouterService
   ) {
     super(
       authService,
@@ -70,21 +72,20 @@ export class LoginComponent extends BaseLoginComponent {
         this.email = qParams.email;
       }
       if (qParams.premium != null) {
-        this.stateService.setLoginRedirect({ route: "/settings/premium" });
+        this.routerService.setPreviousUrl("/settings/premium");
       } else if (qParams.org != null) {
-        this.stateService.setLoginRedirect({
-          route: "/settings/create-organization",
-          qParams: { plan: qParams.org },
+        const route = this.router.createUrlTree(["settings/create-organization"], {
+          queryParams: { plan: qParams.org },
         });
+        this.routerService.setPreviousUrl(route.toString());
       }
 
       // Are they coming from an email for sponsoring a families organization
       if (qParams.sponsorshipToken != null) {
-        // After logging in redirect them to setup the families sponsorship
-        this.stateService.setLoginRedirect({
-          route: "/setup/families-for-enterprise",
-          qParams: { token: qParams.sponsorshipToken },
+        const route = this.router.createUrlTree(["setup/families-for-enterprise"], {
+          queryParams: { token: qParams.sponsorshipToken },
         });
+        this.routerService.setPreviousUrl(route.toString());
       }
       await super.ngOnInit();
       this.rememberEmail = await this.stateService.getRememberEmail();
@@ -145,10 +146,9 @@ export class LoginComponent extends BaseLoginComponent {
       }
     }
 
-    const loginRedirect = await this.stateService.getLoginRedirect();
-    if (loginRedirect != null) {
-      this.router.navigate([loginRedirect.route], { queryParams: loginRedirect.qParams });
-      await this.stateService.setLoginRedirect(null);
+    const previousUrl = this.routerService.getPreviousUrl();
+    if (previousUrl) {
+      this.router.navigateByUrl(previousUrl);
     } else {
       this.router.navigate([this.successRoute]);
     }

src/app/accounts/recover-delete.component.html

@@ -33,7 +33,7 @@
                 aria-hidden="true"
               ></i>
             </button>
-            <a routerLink="/" class="btn btn-outline-secondary btn-block ml-2 mt-0">
+            <a routerLink="/login" class="btn btn-outline-secondary btn-block ml-2 mt-0">
               {{ "cancel" | i18n }}
             </a>
           </div>

src/app/accounts/recover-two-factor.component.html

@@ -65,7 +65,7 @@
                 aria-hidden="true"
               ></i>
             </button>
-            <a routerLink="/" class="btn btn-outline-secondary btn-block ml-2 mt-0">
+            <a routerLink="/login" class="btn btn-outline-secondary btn-block ml-2 mt-0">
               {{ "cancel" | i18n }}
             </a>
           </div>

src/app/accounts/register.component.html

@@ -258,7 +258,7 @@
                       aria-hidden="true"
                     ></i>
                   </button>
-                  <a routerLink="/" class="btn btn-outline-secondary btn-block ml-2 mt-0">
+                  <a routerLink="/login" class="btn btn-outline-secondary btn-block ml-2 mt-0">
                     {{ "cancel" | i18n }}
                   </a>
                 </div>

src/app/accounts/register.component.ts

@@ -18,6 +18,8 @@ import { MasterPasswordPolicyOptions } from "jslib-common/models/domain/masterPa
 import { Policy } from "jslib-common/models/domain/policy";
 import { ReferenceEventRequest } from "jslib-common/models/request/referenceEventRequest";
 
+import { RouterService } from "../services/router.service";
+
 @Component({
   selector: "app-register",
   templateUrl: "register.component.html",
@@ -41,7 +43,8 @@ export class RegisterComponent extends BaseRegisterComponent {
     passwordGenerationService: PasswordGenerationService,
     private policyService: PolicyService,
     environmentService: EnvironmentService,
-    logService: LogService
+    logService: LogService,
+    private routerService: RouterService
   ) {
     super(
       authService,
@@ -64,14 +67,14 @@ export class RegisterComponent extends BaseRegisterComponent {
         this.email = qParams.email;
       }
       if (qParams.premium != null) {
-        this.stateService.setLoginRedirect({ route: "/settings/premium" });
+        this.routerService.setPreviousUrl("/settings/premium");
       } else if (qParams.org != null) {
         this.showCreateOrgMessage = true;
         this.referenceData.flow = qParams.org;
-        this.stateService.setLoginRedirect({
-          route: "/settings/create-organization",
-          qParams: { plan: qParams.org },
+        const route = this.router.createUrlTree(["settings/create-organization"], {
+          queryParams: { plan: qParams.org },
         });
+        this.routerService.setPreviousUrl(route.toString());
       }
       if (qParams.layout != null) {
         this.layout = this.referenceData.layout = qParams.layout;
@@ -88,10 +91,10 @@ export class RegisterComponent extends BaseRegisterComponent {
       // Are they coming from an email for sponsoring a families organization
       if (qParams.sponsorshipToken != null) {
         // After logging in redirect them to setup the families sponsorship
-        this.stateService.setLoginRedirect({
-          route: "/setup/families-for-enterprise",
-          qParams: { token: qParams.sponsorshipToken },
+        const route = this.router.createUrlTree(["setup/families-for-enterprise"], {
+          queryParams: { plan: qParams.sponsorshipToken },
         });
+        this.routerService.setPreviousUrl(route.toString());
       }
       if (this.referenceData.id === "") {
         this.referenceData.id = null;

src/app/accounts/sso.component.html

@@ -41,7 +41,7 @@
                 aria-hidden="true"
               ></i>
             </button>
-            <a routerLink="/" class="btn btn-outline-secondary btn-block ml-2 mt-0">
+            <a routerLink="/login" class="btn btn-outline-secondary btn-block ml-2 mt-0">
               {{ "cancel" | i18n }}
             </a>
           </div>

src/app/accounts/two-factor.component.html

@@ -138,7 +138,7 @@
                 aria-hidden="true"
               ></i>
             </button>
-            <a routerLink="/" class="btn btn-outline-secondary btn-block ml-2 mt-0">
+            <a routerLink="/login" class="btn btn-outline-secondary btn-block ml-2 mt-0">
               {{ "cancel" | i18n }}
             </a>
           </div>

src/app/accounts/two-factor.component.ts

@@ -4,6 +4,7 @@ import { ActivatedRoute, Router } from "@angular/router";
 import { TwoFactorComponent as BaseTwoFactorComponent } from "jslib-angular/components/two-factor.component";
 import { ModalService } from "jslib-angular/services/modal.service";
 import { ApiService } from "jslib-common/abstractions/api.service";
+import { AppIdService } from "jslib-common/abstractions/appId.service";
 import { AuthService } from "jslib-common/abstractions/auth.service";
 import { EnvironmentService } from "jslib-common/abstractions/environment.service";
 import { I18nService } from "jslib-common/abstractions/i18n.service";
@@ -13,6 +14,8 @@ import { StateService } from "jslib-common/abstractions/state.service";
 import { TwoFactorService } from "jslib-common/abstractions/twoFactor.service";
 import { TwoFactorProviderType } from "jslib-common/enums/twoFactorProviderType";
 
+import { RouterService } from "../services/router.service";
+
 import { TwoFactorOptionsComponent } from "./two-factor-options.component";
 
 @Component({
@@ -34,7 +37,9 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
     private modalService: ModalService,
     route: ActivatedRoute,
     logService: LogService,
-    twoFactorService: TwoFactorService
+    twoFactorService: TwoFactorService,
+    appIdService: AppIdService,
+    private routerService: RouterService
   ) {
     super(
       authService,
@@ -47,7 +52,8 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
       stateService,
       route,
       logService,
-      twoFactorService
+      twoFactorService,
+      appIdService
     );
     this.onSuccessfulLoginNavigate = this.goAfterLogIn;
   }
@@ -70,10 +76,9 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
   }
 
   async goAfterLogIn() {
-    const loginRedirect = await this.stateService.getLoginRedirect();
-    if (loginRedirect != null) {
-      this.router.navigate([loginRedirect.route], { queryParams: loginRedirect.qParams });
-      await this.stateService.setLoginRedirect(null);
+    const previousUrl = this.routerService.getPreviousUrl();
+    if (previousUrl) {
+      this.router.navigateByUrl(previousUrl);
     } else {
       this.router.navigate([this.successRoute], {
         queryParams: {

src/app/accounts/verify-recover-delete.component.html

@@ -23,7 +23,7 @@
                 aria-hidden="true"
               ></i>
             </button>
-            <a routerLink="/" class="btn btn-outline-secondary btn-block ml-2 mt-0">
+            <a routerLink="/login" class="btn btn-outline-secondary btn-block ml-2 mt-0">
               {{ "cancel" | i18n }}
             </a>
           </div>

src/app/app.component.ts

@@ -91,11 +91,17 @@ export class AppComponent implements OnDestroy, OnInit {
       this.ngZone.run(async () => {
         switch (message.command) {
           case "loggedIn":
+            this.notificationsService.updateConnection(false);
+            break;
           case "loggedOut":
+            this.routerService.setPreviousUrl(null);
+            this.notificationsService.updateConnection(false);
+            break;
           case "unlocked":
             this.notificationsService.updateConnection(false);
             break;
           case "authBlocked":
+            this.routerService.setPreviousUrl(message.url);
             this.router.navigate(["/"]);
             break;
           case "logout":
@@ -109,7 +115,7 @@ export class AppComponent implements OnDestroy, OnInit {
             this.router.navigate(["lock"]);
             break;
           case "lockedUrl":
-            window.setTimeout(() => this.routerService.setPreviousUrl(message.url), 500);
+            this.routerService.setPreviousUrl(message.url);
             break;
           case "syncStarted":
             break;

src/app/common/base.accept.component.ts

@@ -30,7 +30,6 @@ export abstract class BaseAcceptComponent implements OnInit {
 
   ngOnInit() {
     this.route.queryParams.pipe(first()).subscribe(async (qParams) => {
-      await this.stateService.setLoginRedirect(null);
       let error = this.requiredParameters.some((e) => qParams?.[e] == null || qParams[e] === "");
       let errorMessage: string = null;
       if (!error) {
@@ -44,11 +43,6 @@ export abstract class BaseAcceptComponent implements OnInit {
             errorMessage = e.message;
           }
         } else {
-          await this.stateService.setLoginRedirect({
-            route: this.getRedirectRoute(),
-            qParams: qParams,
-          });
-
           this.email = qParams.email;
           await this.unauthedHandler(qParams);
         }
@@ -66,10 +60,4 @@ export abstract class BaseAcceptComponent implements OnInit {
       this.loading = false;
     });
   }
-
-  getRedirectRoute() {
-    const urlTree = this.router.parseUrl(this.router.url);
-    urlTree.queryParams = {};
-    return urlTree.toString();
-  }
 }

src/app/guards/home.guard.ts

@@ -0,0 +1,22 @@
+import { Injectable } from "@angular/core";
+import { ActivatedRouteSnapshot, CanActivate, Router } from "@angular/router";
+
+import { AuthService } from "jslib-common/abstractions/auth.service";
+import { AuthenticationStatus } from "jslib-common/enums/authenticationStatus";
+
+@Injectable()
+export class HomeGuard implements CanActivate {
+  constructor(private router: Router, private authService: AuthService) {}
+
+  async canActivate(route: ActivatedRouteSnapshot) {
+    const authStatus = await this.authService.getAuthStatus();
+
+    if (authStatus === AuthenticationStatus.LoggedOut) {
+      return this.router.createUrlTree(["/login"], { queryParams: route.queryParams });
+    }
+    if (authStatus === AuthenticationStatus.Locked) {
+      return this.router.createUrlTree(["/lock"], { queryParams: route.queryParams });
+    }
+    return this.router.createUrlTree(["/vault"], { queryParams: route.queryParams });
+  }
+}

src/app/organizations/settings/delete-organization.component.html

@@ -44,8 +44,8 @@
             </ng-container>
           </ng-template>
         </p>
-        <app-verify-master-password [(ngModel)]="masterPassword" ngDefaultControl name="secret">
-        </app-verify-master-password>
+        <app-user-verification [(ngModel)]="masterPassword" ngDefaultControl name="secret">
+        </app-user-verification>
       </div>
       <div class="modal-footer">
         <button type="submit" class="btn btn-danger btn-submit" [disabled]="form.loading">

src/app/organizations/sponsorships/accept-family-sponsorship.component.html

@@ -0,0 +1,13 @@
+<div class="mt-5 d-flex justify-content-center" *ngIf="loading">
+  <div>
+    <img class="mb-4 logo logo-themed" alt="Bitwarden" />
+    <p class="text-center">
+      <i
+        class="bwi bwi-spinner bwi-spin bwi-2x text-muted"
+        title="{{ 'loading' | i18n }}"
+        aria-hidden="true"
+      ></i>
+      <span class="sr-only">{{ "loading" | i18n }}</span>
+    </p>
+  </div>
+</div>

src/app/organizations/sponsorships/accept-family-sponsorship.component.ts

@@ -0,0 +1,26 @@
+import { Component } from "@angular/core";
+
+import { BaseAcceptComponent } from "src/app/common/base.accept.component";
+
+@Component({
+  selector: "app-accept-family-sponsorship",
+  templateUrl: "accept-family-sponsorship.component.html",
+})
+export class AcceptFamilySponsorshipComponent extends BaseAcceptComponent {
+  failedShortMessage = "inviteAcceptFailedShort";
+  failedMessage = "inviteAcceptFailed";
+
+  requiredParameters = ["email", "token"];
+
+  async authedHandler(qParams: any) {
+    this.router.navigate(["/setup/families-for-enterprise"], { queryParams: qParams });
+  }
+
+  async unauthedHandler(qParams: any) {
+    if (!qParams.register) {
+      this.router.navigate(["/login"], { queryParams: { email: qParams.email } });
+    } else {
+      this.router.navigate(["/register"], { queryParams: { email: qParams.email } });
+    }
+  }
+}

src/app/organizations/vault/vault.component.ts

@@ -12,6 +12,7 @@ import { first } from "rxjs/operators";
 
 import { ModalService } from "jslib-angular/services/modal.service";
 import { BroadcasterService } from "jslib-common/abstractions/broadcaster.service";
+import { CipherService } from "jslib-common/abstractions/cipher.service";
 import { I18nService } from "jslib-common/abstractions/i18n.service";
 import { MessagingService } from "jslib-common/abstractions/messaging.service";
 import { OrganizationService } from "jslib-common/abstractions/organization.service";
@@ -64,7 +65,8 @@ export class VaultComponent implements OnInit, OnDestroy {
     private messagingService: MessagingService,
     private broadcasterService: BroadcasterService,
     private ngZone: NgZone,
-    private platformUtilsService: PlatformUtilsService
+    private platformUtilsService: PlatformUtilsService,
+    private cipherService: CipherService
   ) {}
 
   ngOnInit() {
@@ -126,6 +128,24 @@ export class VaultComponent implements OnInit, OnDestroy {
             this.viewEvents(cipher[0]);
           }
         }
+
+        this.route.queryParams.subscribe(async (params) => {
+          if (params.cipherId) {
+            if ((await this.cipherService.get(params.cipherId)) != null) {
+              this.editCipherId(params.cipherId);
+            } else {
+              this.platformUtilsService.showToast(
+                "error",
+                this.i18nService.t("errorOccurred"),
+                this.i18nService.t("unknownCipher")
+              );
+              this.router.navigate([], {
+                queryParams: { cipherId: null },
+                queryParamsHandling: "merge",
+              });
+            }
+          }
+        });
       });
     });
   }
@@ -257,12 +277,16 @@ export class VaultComponent implements OnInit, OnDestroy {
   }
 
   async editCipher(cipher: CipherView) {
+    return this.editCipherId(cipher?.id);
+  }
+
+  async editCipherId(cipherId: string) {
     const [modal, childComponent] = await this.modalService.openViewRef(
       AddEditComponent,
       this.cipherAddEditModalRef,
       (comp) => {
         comp.organization = this.organization;
-        comp.cipherId = cipher == null ? null : cipher.id;
+        comp.cipherId = cipherId;
         comp.onSavedCipher.subscribe(async () => {
           modal.close();
           await this.ciphersComponent.refresh();
@@ -278,6 +302,11 @@ export class VaultComponent implements OnInit, OnDestroy {
       }
     );
 
+    modal.onClosedPromise().then(() => {
+      this.route.params;
+      this.router.navigate([], { queryParams: { cipherId: null }, queryParamsHandling: "merge" });
+    });
+
     return childComponent;
   }
 
@@ -321,6 +350,7 @@ export class VaultComponent implements OnInit, OnDestroy {
     this.router.navigate([], {
       relativeTo: this.route,
       queryParams: queryParams,
+      queryParamsHandling: "merge",
       replaceUrl: true,
     });
   }

src/app/oss-routing.module.ts

@@ -22,6 +22,7 @@ import { UpdatePasswordComponent } from "./accounts/update-password.component";
 import { UpdateTempPasswordComponent } from "./accounts/update-temp-password.component";
 import { VerifyEmailTokenComponent } from "./accounts/verify-email-token.component";
 import { VerifyRecoverDeleteComponent } from "./accounts/verify-recover-delete.component";
+import { HomeGuard } from "./guards/home.guard";
 import { FrontendLayoutComponent } from "./layouts/frontend-layout.component";
 import { OrganizationLayoutComponent } from "./layouts/organization-layout.component";
 import { UserLayoutComponent } from "./layouts/user-layout.component";
@@ -36,6 +37,7 @@ import { OrganizationBillingComponent } from "./organizations/settings/organizat
 import { OrganizationSubscriptionComponent } from "./organizations/settings/organization-subscription.component";
 import { SettingsComponent as OrgSettingsComponent } from "./organizations/settings/settings.component";
 import { TwoFactorSetupComponent as OrgTwoFactorSetupComponent } from "./organizations/settings/two-factor-setup.component";
+import { AcceptFamilySponsorshipComponent } from "./organizations/sponsorships/accept-family-sponsorship.component";
 import { FamiliesForEnterpriseSetupComponent } from "./organizations/sponsorships/families-for-enterprise-setup.component";
 import { ExportComponent as OrgExportComponent } from "./organizations/tools/export.component";
 import { ExposedPasswordsReportComponent as OrgExposedPasswordsReportComponent } from "./organizations/tools/exposed-passwords-report.component";
@@ -73,8 +75,15 @@ const routes: Routes = [
   {
     path: "",
     component: FrontendLayoutComponent,
+    data: { doNotSaveUrl: true },
     children: [
-      { path: "", pathMatch: "full", component: LoginComponent, canActivate: [UnauthGuardService] },
+      {
+        path: "",
+        pathMatch: "full",
+        children: [], // Children lets us have an empty component.
+        canActivate: [HomeGuard], // Redirects either to vault, login or lock page.
+      },
+      { path: "login", component: LoginComponent, canActivate: [UnauthGuardService] },
       { path: "2fa", component: TwoFactorComponent, canActivate: [UnauthGuardService] },
       {
         path: "register",
@@ -108,12 +117,17 @@ const routes: Routes = [
       {
         path: "accept-organization",
         component: AcceptOrganizationComponent,
-        data: { titleId: "joinOrganization" },
+        data: { titleId: "joinOrganization", doNotSaveUrl: false },
       },
       {
         path: "accept-emergency",
         component: AcceptEmergencyComponent,
-        data: { titleId: "acceptEmergency" },
+        data: { titleId: "acceptEmergency", doNotSaveUrl: false },
+      },
+      {
+        path: "accept-families-for-enterprise",
+        component: AcceptFamilySponsorshipComponent,
+        data: { titleId: "acceptFamilySponsorship", doNotSaveUrl: false },
       },
       { path: "recover", pathMatch: "full", redirectTo: "recover-2fa" },
       {

src/app/oss.module.ts

@@ -57,7 +57,7 @@ import { BadgeModule, ButtonModule } from "@bitwarden/components";
 import { InfiniteScrollModule } from "ngx-infinite-scroll";
 import { ToastrModule } from "ngx-toastr";
 
-import { VerifyMasterPasswordComponent } from "jslib-angular/components/verify-master-password.component";
+import { UserVerificationComponent } from "jslib-angular/components/user-verification.component";
 import { JslibModule } from "jslib-angular/jslib.module";
 
 import { AcceptEmergencyComponent } from "./accounts/accept-emergency.component";
@@ -122,6 +122,7 @@ import { OrganizationBillingComponent } from "./organizations/settings/organizat
 import { OrganizationSubscriptionComponent } from "./organizations/settings/organization-subscription.component";
 import { SettingsComponent as OrgSettingComponent } from "./organizations/settings/settings.component";
 import { TwoFactorSetupComponent as OrgTwoFactorSetupComponent } from "./organizations/settings/two-factor-setup.component";
+import { AcceptFamilySponsorshipComponent } from "./organizations/sponsorships/accept-family-sponsorship.component";
 import { FamiliesForEnterpriseSetupComponent } from "./organizations/sponsorships/families-for-enterprise-setup.component";
 import { ExportComponent as OrgExportComponent } from "./organizations/tools/export.component";
 import { ExposedPasswordsReportComponent as OrgExposedPasswordsReportComponent } from "./organizations/tools/exposed-passwords-report.component";
@@ -283,6 +284,7 @@ registerLocaleData(localeZhTw, "zh-TW");
   declarations: [
     PremiumBadgeComponent,
     AcceptEmergencyComponent,
+    AcceptFamilySponsorshipComponent,
     AcceptOrganizationComponent,
     AccessComponent,
     AccountComponent,
@@ -431,11 +433,11 @@ registerLocaleData(localeZhTw, "zh-TW");
     UserBillingComponent,
     UserLayoutComponent,
     UserSubscriptionComponent,
+    UserVerificationComponent,
     VaultComponent,
     VaultTimeoutInputComponent,
     VerifyEmailComponent,
     VerifyEmailTokenComponent,
-    VerifyMasterPasswordComponent,
     VerifyRecoverDeleteComponent,
     WeakPasswordsReportComponent,
   ],

src/app/services/init.service.ts

@@ -0,0 +1,69 @@
+import { Inject, Injectable } from "@angular/core";
+
+import { WINDOW } from "jslib-angular/services/jslib-services.module";
+import { CryptoService as CryptoServiceAbstraction } from "jslib-common/abstractions/crypto.service";
+import {
+  EnvironmentService as EnvironmentServiceAbstraction,
+  Urls,
+} from "jslib-common/abstractions/environment.service";
+import { EventService as EventLoggingServiceAbstraction } from "jslib-common/abstractions/event.service";
+import { I18nService as I18nServiceAbstraction } from "jslib-common/abstractions/i18n.service";
+import { NotificationsService as NotificationsServiceAbstraction } from "jslib-common/abstractions/notifications.service";
+import { PlatformUtilsService as PlatformUtilsServiceAbstraction } from "jslib-common/abstractions/platformUtils.service";
+import { StateService as StateServiceAbstraction } from "jslib-common/abstractions/state.service";
+import { TwoFactorService as TwoFactorServiceAbstraction } from "jslib-common/abstractions/twoFactor.service";
+import { VaultTimeoutService as VaultTimeoutServiceAbstraction } from "jslib-common/abstractions/vaultTimeout.service";
+import { ThemeType } from "jslib-common/enums/themeType";
+import { ContainerService } from "jslib-common/services/container.service";
+import { EventService as EventLoggingService } from "jslib-common/services/event.service";
+import { VaultTimeoutService as VaultTimeoutService } from "jslib-common/services/vaultTimeout.service";
+
+import { I18nService as I18nService } from "../../services/i18n.service";
+
+@Injectable()
+export class InitService {
+  constructor(
+    @Inject(WINDOW) private win: Window,
+    private environmentService: EnvironmentServiceAbstraction,
+    private notificationsService: NotificationsServiceAbstraction,
+    private vaultTimeoutService: VaultTimeoutServiceAbstraction,
+    private i18nService: I18nServiceAbstraction,
+    private eventLoggingService: EventLoggingServiceAbstraction,
+    private twoFactorService: TwoFactorServiceAbstraction,
+    private stateService: StateServiceAbstraction,
+    private platformUtilsService: PlatformUtilsServiceAbstraction,
+    private cryptoService: CryptoServiceAbstraction
+  ) {}
+
+  init() {
+    return async () => {
+      await this.stateService.init();
+
+      const urls = process.env.URLS as Urls;
+      urls.base ??= this.win.location.origin;
+      this.environmentService.setUrls(urls);
+
+      setTimeout(() => this.notificationsService.init(), 3000);
+
+      (this.vaultTimeoutService as VaultTimeoutService).init(true);
+      const locale = await this.stateService.getLocale();
+      await (this.i18nService as I18nService).init(locale);
+      (this.eventLoggingService as EventLoggingService).init(true);
+      this.twoFactorService.init();
+      const htmlEl = this.win.document.documentElement;
+      htmlEl.classList.add("locale_" + this.i18nService.translationLocale);
+
+      // Initial theme is set in index.html which must be updated if there are any changes to theming logic
+      this.platformUtilsService.onDefaultSystemThemeChange(async (sysTheme) => {
+        const bwTheme = await this.stateService.getTheme();
+        if (bwTheme === ThemeType.System) {
+          htmlEl.classList.remove("theme_" + ThemeType.Light, "theme_" + ThemeType.Dark);
+          htmlEl.classList.add("theme_" + sysTheme);
+        }
+      });
+
+      const containerService = new ContainerService(this.cryptoService);
+      containerService.attachToWindow(this.win);
+    };
+  }
+}

src/app/services/organization-guard.service.ts

@@ -4,6 +4,7 @@ import { ActivatedRouteSnapshot, CanActivate, Router } from "@angular/router";
 import { I18nService } from "jslib-common/abstractions/i18n.service";
 import { OrganizationService } from "jslib-common/abstractions/organization.service";
 import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
+import { SyncService } from "jslib-common/abstractions/sync.service";
 
 @Injectable()
 export class OrganizationGuardService implements CanActivate {
@@ -11,14 +12,19 @@ export class OrganizationGuardService implements CanActivate {
     private router: Router,
     private platformUtilsService: PlatformUtilsService,
     private i18nService: I18nService,
-    private organizationService: OrganizationService
+    private organizationService: OrganizationService,
+    private syncService: SyncService
   ) {}
 
   async canActivate(route: ActivatedRouteSnapshot) {
+    // TODO: We need to fix this issue once and for all.
+    if ((await this.syncService.getLastSync()) == null) {
+      await this.syncService.fullSync(false);
+    }
+
     const org = await this.organizationService.get(route.params.organizationId);
     if (org == null) {
-      this.router.navigate(["/"]);
-      return false;
+      return this.router.createUrlTree(["/"]);
     }
     if (!org.isOwner && !org.enabled) {
       this.platformUtilsService.showToast(
@@ -26,8 +32,7 @@ export class OrganizationGuardService implements CanActivate {
         null,
         this.i18nService.t("organizationIsDisabled")
       );
-      this.router.navigate(["/"]);
-      return false;
+      return this.router.createUrlTree(["/"]);
     }
 
     return true;

src/app/services/router.service.ts

@@ -1,6 +1,7 @@
 import { Injectable } from "@angular/core";
 import { Title } from "@angular/platform-browser";
 import { ActivatedRoute, NavigationEnd, Router } from "@angular/router";
+import { filter } from "rxjs";
 
 import { I18nService } from "jslib-common/abstractions/i18n.service";
 
@@ -16,31 +17,22 @@ export class RouterService {
     i18nService: I18nService
   ) {
     this.currentUrl = this.router.url;
-    router.events.subscribe((event) => {
-      if (event instanceof NavigationEnd) {
-        this.previousUrl = this.currentUrl;
+
+    router.events
+      .pipe(filter((e) => e instanceof NavigationEnd))
+      .subscribe((event: NavigationEnd) => {
         this.currentUrl = event.url;
 
         let title = i18nService.t("pageTitle", "Bitwarden");
-        let titleId: string = null;
-        let rawTitle: string = null;
         let child = this.activatedRoute.firstChild;
-        while (child != null) {
-          if (child.firstChild != null) {
-            child = child.firstChild;
-          } else if (child.snapshot.data != null && child.snapshot.data.title != null) {
-            rawTitle = child.snapshot.data.title;
-            break;
-          } else if (child.snapshot.data != null && child.snapshot.data.titleId != null) {
-            titleId = child.snapshot.data.titleId;
-            break;
-          } else {
-            titleId = null;
-            rawTitle = null;
-            break;
-          }
+        while (child.firstChild) {
+          child = child.firstChild;
         }
 
+        const titleId: string = child?.snapshot?.data?.titleId;
+        const rawTitle: string = child?.snapshot?.data?.title;
+        const updateUrl = !child?.snapshot?.data?.doNotSaveUrl ?? true;
+
         if (titleId != null || rawTitle != null) {
           const newTitle = rawTitle != null ? rawTitle : i18nService.t(titleId);
           if (newTitle != null && newTitle !== "") {
@@ -48,8 +40,10 @@ export class RouterService {
           }
         }
         this.titleService.setTitle(title);
-      }
-    });
+        if (updateUrl) {
+          this.setPreviousUrl(this.currentUrl);
+        }
+      });
   }
 
   getPreviousUrl() {

src/app/services/services.module.ts

@@ -1,38 +1,31 @@
 import { APP_INITIALIZER, NgModule } from "@angular/core";
 import { ToastrModule } from "ngx-toastr";
 
-import { JslibServicesModule } from "jslib-angular/services/jslib-services.module";
+import {
+  JslibServicesModule,
+  SECURE_STORAGE,
+  STATE_FACTORY,
+  STATE_SERVICE_USE_CACHE,
+  LOCALES_DIRECTORY,
+  SYSTEM_LANGUAGE,
+} from "jslib-angular/services/jslib-services.module";
 import { ModalService as ModalServiceAbstraction } from "jslib-angular/services/modal.service";
 import { ApiService as ApiServiceAbstraction } from "jslib-common/abstractions/api.service";
 import { CipherService as CipherServiceAbstraction } from "jslib-common/abstractions/cipher.service";
 import { CollectionService as CollectionServiceAbstraction } from "jslib-common/abstractions/collection.service";
 import { CryptoService as CryptoServiceAbstraction } from "jslib-common/abstractions/crypto.service";
-import { CryptoFunctionService as CryptoFunctionServiceAbstraction } from "jslib-common/abstractions/cryptoFunction.service";
-import {
-  EnvironmentService as EnvironmentServiceAbstraction,
-  Urls,
-} from "jslib-common/abstractions/environment.service";
-import { EventService as EventLoggingServiceAbstraction } from "jslib-common/abstractions/event.service";
 import { FolderService as FolderServiceAbstraction } from "jslib-common/abstractions/folder.service";
 import { I18nService as I18nServiceAbstraction } from "jslib-common/abstractions/i18n.service";
 import { ImportService as ImportServiceAbstraction } from "jslib-common/abstractions/import.service";
 import { LogService } from "jslib-common/abstractions/log.service";
 import { MessagingService as MessagingServiceAbstraction } from "jslib-common/abstractions/messaging.service";
-import { NotificationsService as NotificationsServiceAbstraction } from "jslib-common/abstractions/notifications.service";
 import { PasswordRepromptService as PasswordRepromptServiceAbstraction } from "jslib-common/abstractions/passwordReprompt.service";
 import { PlatformUtilsService as PlatformUtilsServiceAbstraction } from "jslib-common/abstractions/platformUtils.service";
 import { StateService as BaseStateServiceAbstraction } from "jslib-common/abstractions/state.service";
 import { StateMigrationService as StateMigrationServiceAbstraction } from "jslib-common/abstractions/stateMigration.service";
 import { StorageService as StorageServiceAbstraction } from "jslib-common/abstractions/storage.service";
-import { TwoFactorService as TwoFactorServiceAbstraction } from "jslib-common/abstractions/twoFactor.service";
-import { VaultTimeoutService as VaultTimeoutServiceAbstraction } from "jslib-common/abstractions/vaultTimeout.service";
-import { ThemeType } from "jslib-common/enums/themeType";
 import { StateFactory } from "jslib-common/factories/stateFactory";
-import { ContainerService } from "jslib-common/services/container.service";
-import { CryptoService } from "jslib-common/services/crypto.service";
-import { EventService as EventLoggingService } from "jslib-common/services/event.service";
 import { ImportService } from "jslib-common/services/import.service";
-import { VaultTimeoutService } from "jslib-common/services/vaultTimeout.service";
 
 import { StateService as StateServiceAbstraction } from "../../abstractions/state.service";
 import { Account } from "../../models/account";
@@ -45,109 +38,55 @@ import { PasswordRepromptService } from "../../services/passwordReprompt.service
 import { StateService } from "../../services/state.service";
 import { StateMigrationService } from "../../services/stateMigration.service";
 import { WebPlatformUtilsService } from "../../services/webPlatformUtils.service";
+import { HomeGuard } from "../guards/home.guard";
 
 import { EventService } from "./event.service";
+import { InitService } from "./init.service";
 import { ModalService } from "./modal.service";
 import { OrganizationGuardService } from "./organization-guard.service";
 import { OrganizationTypeGuardService } from "./organization-type-guard.service";
 import { PolicyListService } from "./policy-list.service";
 import { RouterService } from "./router.service";
 
-export function initFactory(
-  window: Window,
-  environmentService: EnvironmentServiceAbstraction,
-  notificationsService: NotificationsServiceAbstraction,
-  vaultTimeoutService: VaultTimeoutService,
-  i18nService: I18nService,
-  eventLoggingService: EventLoggingService,
-  twoFactorService: TwoFactorServiceAbstraction,
-  stateService: StateServiceAbstraction,
-  platformUtilsService: PlatformUtilsServiceAbstraction,
-  cryptoService: CryptoServiceAbstraction
-): () => void {
-  return async () => {
-    await stateService.init();
-
-    const urls = process.env.URLS as Urls;
-    urls.base ??= window.location.origin;
-    environmentService.setUrls(urls);
-
-    setTimeout(() => notificationsService.init(), 3000);
-
-    vaultTimeoutService.init(true);
-    const locale = await stateService.getLocale();
-    await i18nService.init(locale);
-    eventLoggingService.init(true);
-    twoFactorService.init();
-    const htmlEl = window.document.documentElement;
-    htmlEl.classList.add("locale_" + i18nService.translationLocale);
-
-    // Initial theme is set in index.html which must be updated if there are any changes to theming logic
-    platformUtilsService.onDefaultSystemThemeChange(async (sysTheme) => {
-      const bwTheme = await stateService.getTheme();
-      if (bwTheme === ThemeType.System) {
-        htmlEl.classList.remove("theme_" + ThemeType.Light, "theme_" + ThemeType.Dark);
-        htmlEl.classList.add("theme_" + sysTheme);
-      }
-    });
-
-    const containerService = new ContainerService(cryptoService);
-    containerService.attachToWindow(window);
-  };
-}
-
 @NgModule({
   imports: [ToastrModule, JslibServicesModule],
   declarations: [],
   providers: [
-    {
-      provide: APP_INITIALIZER,
-      useFactory: initFactory,
-      deps: [
-        "WINDOW",
-        EnvironmentServiceAbstraction,
-        NotificationsServiceAbstraction,
-        VaultTimeoutServiceAbstraction,
-        I18nServiceAbstraction,
-        EventLoggingServiceAbstraction,
-        TwoFactorServiceAbstraction,
-        StateServiceAbstraction,
-        PlatformUtilsServiceAbstraction,
-        CryptoServiceAbstraction,
-      ],
-      multi: true,
-    },
+    InitService,
     OrganizationGuardService,
     OrganizationTypeGuardService,
     RouterService,
     EventService,
     PolicyListService,
+    {
+      provide: APP_INITIALIZER,
+      useFactory: (initService: InitService) => initService.init(),
+      deps: [InitService],
+      multi: true,
+    },
+    {
+      provide: STATE_FACTORY,
+      useValue: new StateFactory(GlobalState, Account),
+    },
+    {
+      provide: STATE_SERVICE_USE_CACHE,
+      useValue: false,
+    },
     {
       provide: I18nServiceAbstraction,
-      useFactory: (window: Window) => new I18nService(window.navigator.language, "locales"),
-      deps: ["WINDOW"],
+      useClass: I18nService,
+      deps: [SYSTEM_LANGUAGE, LOCALES_DIRECTORY],
     },
     { provide: StorageServiceAbstraction, useClass: HtmlStorageService },
     {
-      provide: "SECURE_STORAGE",
+      provide: SECURE_STORAGE,
       // TODO: platformUtilsService.isDev has a helper for this, but using that service here results in a circular dependency.
       // We have a tech debt item in the backlog to break up platformUtilsService, but in the meantime simply checking the environement here is less cumbersome.
       useClass: process.env.NODE_ENV === "development" ? HtmlStorageService : MemoryStorageService,
     },
     {
       provide: PlatformUtilsServiceAbstraction,
-      useFactory: (
-        i18nService: I18nServiceAbstraction,
-        messagingService: MessagingServiceAbstraction,
-        logService: LogService,
-        stateService: StateServiceAbstraction
-      ) => new WebPlatformUtilsService(i18nService, messagingService, logService, stateService),
-      deps: [
-        I18nServiceAbstraction,
-        MessagingServiceAbstraction,
-        LogService,
-        StateServiceAbstraction,
-      ],
+      useClass: WebPlatformUtilsService,
     },
     { provide: MessagingServiceAbstraction, useClass: BroadcasterMessagingService },
     { provide: ModalServiceAbstraction, useClass: ModalService },
@@ -164,50 +103,21 @@ export function initFactory(
         CryptoServiceAbstraction,
       ],
     },
-    {
-      provide: CryptoServiceAbstraction,
-      useClass: CryptoService,
-      deps: [
-        CryptoFunctionServiceAbstraction,
-        PlatformUtilsServiceAbstraction,
-        LogService,
-        StateServiceAbstraction,
-      ],
-    },
     {
       provide: StateMigrationServiceAbstraction,
-      useFactory: (
-        storageService: StorageServiceAbstraction,
-        secureStorageService: StorageServiceAbstraction
-      ) =>
-        new StateMigrationService(
-          storageService,
-          secureStorageService,
-          new StateFactory(GlobalState, Account)
-        ),
-      deps: [StorageServiceAbstraction, "SECURE_STORAGE"],
+      useClass: StateMigrationService,
+      deps: [StorageServiceAbstraction, SECURE_STORAGE, STATE_FACTORY],
     },
     {
       provide: StateServiceAbstraction,
-      useFactory: (
-        storageService: StorageServiceAbstraction,
-        secureStorageService: StorageServiceAbstraction,
-        logService: LogService,
-        stateMigrationService: StateMigrationServiceAbstraction
-      ) =>
-        new StateService(
-          storageService,
-          secureStorageService,
-          logService,
-          stateMigrationService,
-          new StateFactory(GlobalState, Account),
-          false
-        ),
+      useClass: StateService,
       deps: [
         StorageServiceAbstraction,
-        "SECURE_STORAGE",
+        SECURE_STORAGE,
         LogService,
         StateMigrationServiceAbstraction,
+        STATE_FACTORY,
+        STATE_SERVICE_USE_CACHE,
       ],
     },
     {
@@ -218,6 +128,7 @@ export function initFactory(
       provide: PasswordRepromptServiceAbstraction,
       useClass: PasswordRepromptService,
     },
+    HomeGuard,
   ],
 })
 export class ServicesModule {}

src/app/settings/api-key.component.html

@@ -20,13 +20,13 @@
       </div>
       <div class="modal-body">
         <p>{{ apiKeyDescription | i18n }}</p>
-        <app-verify-master-password
+        <app-user-verification
           [(ngModel)]="masterPassword"
           ngDefaultControl
           name="secret"
           *ngIf="!clientSecret"
         >
-        </app-verify-master-password>
+        </app-user-verification>
 
         <app-callout type="warning" *ngIf="clientSecret">{{ apiKeyWarning | i18n }}</app-callout>
         <app-callout

src/app/settings/deauthorize-sessions.component.html

@@ -21,8 +21,8 @@
       <div class="modal-body">
         <p>{{ "deauthorizeSessionsDesc" | i18n }}</p>
         <app-callout type="warning">{{ "deauthorizeSessionsWarning" | i18n }}</app-callout>
-        <app-verify-master-password [(ngModel)]="masterPassword" ngDefaultControl name="secret">
-        </app-verify-master-password>
+        <app-user-verification [(ngModel)]="masterPassword" ngDefaultControl name="secret">
+        </app-user-verification>
       </div>
       <div class="modal-footer">
         <button type="submit" class="btn btn-danger btn-submit" [disabled]="form.loading">

src/app/settings/delete-account.component.html

@@ -21,8 +21,8 @@
       <div class="modal-body">
         <p>{{ "deleteAccountDesc" | i18n }}</p>
         <app-callout type="warning">{{ "deleteAccountWarning" | i18n }}</app-callout>
-        <app-verify-master-password [(ngModel)]="masterPassword" ngDefaultControl name="secret">
-        </app-verify-master-password>
+        <app-user-verification [(ngModel)]="masterPassword" ngDefaultControl name="secret">
+        </app-user-verification>
       </div>
       <div class="modal-footer">
         <button type="submit" class="btn btn-danger btn-submit" [disabled]="form.loading">

src/app/settings/options.component.ts

@@ -74,7 +74,7 @@ export class OptionsComponent implements OnInit {
     this.enableGravatars = await this.stateService.getEnableGravitars();
     this.enableFullWidth = await this.stateService.getEnableFullWidth();
 
-    this.locale = await this.stateService.getLocale();
+    this.locale = (await this.stateService.getLocale()) ?? null;
     this.startingLocale = this.locale;
 
     this.theme = await this.stateService.getTheme();

src/app/settings/purge-vault.component.html

@@ -21,8 +21,8 @@
       <div class="modal-body">
         <p>{{ (organizationId ? "purgeOrgVaultDesc" : "purgeVaultDesc") | i18n }}</p>
         <app-callout type="warning">{{ "purgeVaultWarning" | i18n }}</app-callout>
-        <app-verify-master-password [(ngModel)]="masterPassword" ngDefaultControl name="secret">
-        </app-verify-master-password>
+        <app-user-verification [(ngModel)]="masterPassword" ngDefaultControl name="secret">
+        </app-user-verification>
       </div>
       <div class="modal-footer">
         <button type="submit" class="btn btn-danger btn-submit" [disabled]="form.loading">

src/app/settings/two-factor-verify.component.html

@@ -1,8 +1,8 @@
 <form #form (ngSubmit)="submit()" [appApiAction]="formPromise" ngNativeValidate>
   <div class="modal-body">
     <p>{{ "twoStepLoginAuthDesc" | i18n }}</p>
-    <app-verify-master-password [(ngModel)]="secret" ngDefaultControl name="secret">
-    </app-verify-master-password>
+    <app-user-verification [(ngModel)]="secret" ngDefaultControl name="secret">
+    </app-user-verification>
   </div>
   <div class="modal-footer">
     <button type="submit" class="btn btn-primary btn-submit" [disabled]="form.loading">

src/app/tools/export.component.html

@@ -27,17 +27,16 @@
   </div>
   <div class="row">
     <div class="form-group col-6">
-      <app-verify-master-password ngDefaultControl formControlName="secret" name="secret">
-      </app-verify-master-password>
+      <app-user-verification ngDefaultControl formControlName="secret" name="secret">
+      </app-user-verification>
     </div>
   </div>
-  <button type="submit" class="btn btn-primary" [disabled]="form.loading || exportForm.disabled">
-    <i
-      class="bwi bwi-spinner bwi-spin"
-      title="{{ 'loading' | i18n }}"
-      aria-hidden="true"
-      *ngIf="form.loading"
-    ></i>
-    <span *ngIf="!form.loading">{{ "exportVault" | i18n }}</span>
+  <button
+    type="submit"
+    class="btn btn-primary btn-submit"
+    [disabled]="form.loading || exportForm.disabled"
+  >
+    <i class="bwi bwi-spinner bwi-spin" title="{{ 'loading' | i18n }}" aria-hidden="true"></i>
+    <span>{{ "exportVault" | i18n }}</span>
   </button>
 </form>

src/app/tools/generator.component.html

@@ -20,14 +20,14 @@
     ></div>
   </div>
 </div>
-<div class="form-group">
-  <label class="d-block">{{ "whatWouldYouLikeToGenerate" | i18n }}</label>
+<div class="form-group" role="radiogroup" aria-labelledby="typeHeading">
+  <label id="typeHeading" class="d-block">{{ "whatWouldYouLikeToGenerate" | i18n }}</label>
   <div class="form-check form-check-inline" *ngFor="let o of typeOptions">
     <input
       class="form-check-input"
       type="radio"
       [(ngModel)]="type"
-      name="Type_{{ o.value }}"
+      name="Type"
       id="type_{{ o.value }}"
       [value]="o.value"
       (change)="typeChanged()"
@@ -39,14 +39,14 @@
   </div>
 </div>
 <ng-container *ngIf="type === 'password'">
-  <div class="form-group">
-    <label class="d-block">{{ "passwordType" | i18n }}</label>
+  <div aria-labelledby="passwordTypeHeading" class="form-group" role="radiogroup">
+    <label id="passwordTypeHeading" class="d-block">{{ "passwordType" | i18n }}</label>
     <div class="form-check form-check-inline" *ngFor="let o of passTypeOptions">
       <input
         class="form-check-input"
         type="radio"
         [(ngModel)]="passwordOptions.type"
-        name="PasswordType_{{ o.value }}"
+        name="PasswordType"
         id="passwordType_{{ o.value }}"
         [value]="o.value"
         (change)="savePasswordOptions()"
@@ -161,6 +161,7 @@
           (change)="savePasswordOptions()"
           [(ngModel)]="passwordOptions.uppercase"
           [disabled]="enforcedPasswordPolicyOptions?.useUppercase"
+          attr.aria-label="{{ 'uppercase' | i18n }}"
         />
         <label for="uppercase" class="form-check-label">A-Z</label>
       </div>
@@ -172,6 +173,7 @@
           (change)="savePasswordOptions()"
           [(ngModel)]="passwordOptions.lowercase"
           [disabled]="enforcedPasswordPolicyOptions?.useLowercase"
+          attr.aria-label="{{ 'lowercase' | i18n }}"
         />
         <label for="lowercase" class="form-check-label">a-z</label>
       </div>
@@ -183,6 +185,7 @@
           (change)="savePasswordOptions()"
           [(ngModel)]="passwordOptions.number"
           [disabled]="enforcedPasswordPolicyOptions?.useNumbers"
+          attr.aria-label="{{ 'numbers' | i18n }}"
         />
         <label for="numbers" class="form-check-label">0-9</label>
       </div>
@@ -194,6 +197,7 @@
           (change)="savePasswordOptions()"
           [(ngModel)]="passwordOptions.special"
           [disabled]="enforcedPasswordPolicyOptions?.useSpecial"
+          attr.aria-label="{{ 'specialCharacters' | i18n }}"
         />
         <label for="special" class="form-check-label">!@#$%^&amp;*</label>
       </div>
@@ -231,9 +235,9 @@
   </div>
 </ng-container>
 <ng-container *ngIf="type === 'username'">
-  <div class="form-group">
+  <div aria-labelledby="usernameTypeHeading" class="form-group" role="radiogroup">
     <div class="d-block">
-      <label>{{ "usernameType" | i18n }}</label>
+      <label id="usernameTypeHeading">{{ "usernameType" | i18n }}</label>
       <a
         class="ml-auto"
         href="https://bitwarden.com/help/generator/#username-types"
@@ -249,7 +253,7 @@
         class="form-check-input"
         type="radio"
         [(ngModel)]="usernameOptions.type"
-        name="UsernameType_{{ o.value }}"
+        name="UsernameType"
         id="usernameType_{{ o.value }}"
         [value]="o.value"
         (change)="saveUsernameOptions()"
@@ -261,23 +265,82 @@
       </label>
     </div>
   </div>
-  <div class="form-group" *ngIf="usernameOptions.type === 'forwarded'">
-    <div class="form-check form-check-inline" *ngFor="let o of forwardOptions">
-      <input
-        class="form-check-input"
-        type="radio"
-        [(ngModel)]="usernameOptions.forwardedService"
-        name="ForwardType_{{ o.value }}"
-        id="forwardtype_{{ o.value }}"
-        [value]="o.value"
-        (change)="saveUsernameOptions()"
-        [checked]="usernameOptions.forwardedService === o.value"
-      />
-      <label class="form-check-label" for="forwardtype_{{ o.value }}">
-        {{ o.name }}
-      </label>
+  <ng-container *ngIf="usernameOptions.type === 'forwarded'">
+    <div class="form-group">
+      <label class="d-block">{{ "service" | i18n }}</label>
+      <div class="form-check" *ngFor="let o of forwardOptions">
+        <input
+          class="form-check-input"
+          type="radio"
+          [(ngModel)]="usernameOptions.forwardedService"
+          name="ForwardType"
+          id="forwardtype_{{ o.value }}"
+          [value]="o.value"
+          (change)="saveUsernameOptions()"
+          [checked]="usernameOptions.forwardedService === o.value"
+        />
+        <label class="form-check-label" for="forwardtype_{{ o.value }}">
+          {{ o.name }}
+        </label>
+      </div>
     </div>
-  </div>
+    <div class="row" *ngIf="usernameOptions.forwardedService === 'simplelogin'">
+      <div class="form-group col-4">
+        <label for="simplelogin-apikey">{{ "apiKey" | i18n }}</label>
+        <input
+          id="simplelogin-apikey"
+          class="form-control"
+          type="password"
+          [(ngModel)]="usernameOptions.forwardedSimpleLoginApiKey"
+          (blur)="saveUsernameOptions()"
+        />
+      </div>
+      <div class="form-group col-4">
+        <label for="simplelogin-hostname">{{ "hostname" | i18n }}</label>
+        <input
+          id="simplelogin-hostname"
+          class="form-control"
+          type="text"
+          [(ngModel)]="usernameOptions.forwardedSimpleLoginHostname"
+          (blur)="saveUsernameOptions()"
+        />
+      </div>
+    </div>
+    <div class="row" *ngIf="usernameOptions.forwardedService === 'anonaddy'">
+      <div class="form-group col-4">
+        <label for="anonaddy-apikey">{{ "apiAccessToken" | i18n }}</label>
+        <input
+          id="anonaddy-apikey"
+          class="form-control"
+          type="password"
+          [(ngModel)]="usernameOptions.forwardedAnonAddyApiToken"
+          (blur)="saveUsernameOptions()"
+        />
+      </div>
+      <div class="form-group col-4">
+        <label for="anonaddy-domain">{{ "domainName" | i18n }}</label>
+        <input
+          id="anonaddy-domain"
+          class="form-control"
+          type="text"
+          [(ngModel)]="usernameOptions.forwardedAnonAddyDomain"
+          (blur)="saveUsernameOptions()"
+        />
+      </div>
+    </div>
+    <div class="row" *ngIf="usernameOptions.forwardedService === 'firefoxrelay'">
+      <div class="form-group col-4">
+        <label for="firefox-apikey">{{ "apiAccessToken" | i18n }}</label>
+        <input
+          id="firefox-apikey"
+          class="form-control"
+          type="password"
+          [(ngModel)]="usernameOptions.forwardedFirefoxApiToken"
+          (blur)="saveUsernameOptions()"
+        />
+      </div>
+    </div>
+  </ng-container>
   <div class="row" *ngIf="usernameOptions.type === 'subaddress'">
     <div class="form-group col-4">
       <label for="subaddress-email">{{ "emailAddress" | i18n }}</label>
@@ -329,9 +392,15 @@
       </div>
     </div>
   </ng-container>
-  <div>
-    <button type="button" class="btn btn-primary" (click)="regenerate()">
-      {{ "regenerateUsername" | i18n }}
+  <div #form [appApiAction]="usernameGeneratingPromise">
+    <button
+      type="button"
+      class="btn btn-submit btn-primary"
+      (click)="regenerate()"
+      [disabled]="form.loading"
+    >
+      <i class="bwi bwi-spinner bwi-spin" title="{{ 'loading' | i18n }}" aria-hidden="true"></i>
+      <span>{{ "regenerateUsername" | i18n }}</span>
     </button>
     <button type="button" class="btn btn-outline-secondary" (click)="copy()">
       {{ "copyUsername" | i18n }}

src/app/tools/generator.component.ts

@@ -4,6 +4,7 @@ import { ActivatedRoute } from "@angular/router";
 import { GeneratorComponent as BaseGeneratorComponent } from "jslib-angular/components/generator.component";
 import { ModalService } from "jslib-angular/services/modal.service";
 import { I18nService } from "jslib-common/abstractions/i18n.service";
+import { LogService } from "jslib-common/abstractions/log.service";
 import { PasswordGenerationService } from "jslib-common/abstractions/passwordGeneration.service";
 import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
 import { StateService } from "jslib-common/abstractions/state.service";
@@ -25,6 +26,7 @@ export class GeneratorComponent extends BaseGeneratorComponent {
     stateService: StateService,
     platformUtilsService: PlatformUtilsService,
     i18nService: I18nService,
+    logService: LogService,
     route: ActivatedRoute,
     private modalService: ModalService
   ) {
@@ -34,9 +36,15 @@ export class GeneratorComponent extends BaseGeneratorComponent {
       platformUtilsService,
       stateService,
       i18nService,
+      logService,
       route,
       window
     );
+    // Cannot use Firefox Relay on the web vault yet due to CORS issues with Firefox Relay API
+    this.forwardOptions.splice(
+      this.forwardOptions.findIndex((o) => o.value === "firefoxrelay"),
+      1
+    );
   }
 
   async history() {

src/app/vault/ciphers.component.html

@@ -17,10 +17,10 @@
         </td>
         <td (click)="checkCipher(c)" class="reduced-lh wrap">
           <a
-            href="#"
-            appStopClick
             appStopProp
-            (click)="selectCipher(c)"
+            [routerLink]="[]"
+            [queryParams]="{ cipherId: c.id }"
+            queryParamsHandling="merge"
             title="{{ 'editItem' | i18n }}"
             >{{ c.name }}</a
           >

src/app/vault/vault.component.ts

@@ -12,6 +12,7 @@ import { first } from "rxjs/operators";
 
 import { ModalService } from "jslib-angular/services/modal.service";
 import { BroadcasterService } from "jslib-common/abstractions/broadcaster.service";
+import { CipherService } from "jslib-common/abstractions/cipher.service";
 import { CryptoService } from "jslib-common/abstractions/crypto.service";
 import { I18nService } from "jslib-common/abstractions/i18n.service";
 import { MessagingService } from "jslib-common/abstractions/messaging.service";
@@ -85,7 +86,8 @@ export class VaultComponent implements OnInit, OnDestroy {
     private ngZone: NgZone,
     private stateService: StateService,
     private organizationService: OrganizationService,
-    private providerService: ProviderService
+    private providerService: ProviderService,
+    private cipherService: CipherService
   ) {}
 
   async ngOnInit() {
@@ -136,6 +138,24 @@ export class VaultComponent implements OnInit, OnDestroy {
         }
       }
 
+      this.route.queryParams.subscribe(async (params) => {
+        if (params.cipherId) {
+          if ((await this.cipherService.get(params.cipherId)) != null) {
+            this.editCipherId(params.cipherId);
+          } else {
+            this.platformUtilsService.showToast(
+              "error",
+              this.i18nService.t("errorOccurred"),
+              this.i18nService.t("unknownCipher")
+            );
+            this.router.navigate([], {
+              queryParams: { cipherId: null },
+              queryParamsHandling: "merge",
+            });
+          }
+        }
+      });
+
       this.broadcasterService.subscribe(BroadcasterSubscriptionId, (message: any) => {
         this.ngZone.run(async () => {
           switch (message.command) {
@@ -334,11 +354,15 @@ export class VaultComponent implements OnInit, OnDestroy {
   }
 
   async editCipher(cipher: CipherView) {
+    return this.editCipherId(cipher?.id);
+  }
+
+  async editCipherId(id: string) {
     const [modal, childComponent] = await this.modalService.openViewRef(
       AddEditComponent,
       this.cipherAddEditModalRef,
       (comp) => {
-        comp.cipherId = cipher == null ? null : cipher.id;
+        comp.cipherId = id;
         comp.onSavedCipher.subscribe(async () => {
           modal.close();
           await this.ciphersComponent.refresh();
@@ -354,6 +378,11 @@ export class VaultComponent implements OnInit, OnDestroy {
       }
     );
 
+    modal.onClosedPromise().then(() => {
+      this.route.params;
+      this.router.navigate([], { queryParams: { cipherId: null }, queryParamsHandling: "merge" });
+    });
+
     return childComponent;
   }
 
@@ -388,6 +417,7 @@ export class VaultComponent implements OnInit, OnDestroy {
     this.router.navigate([], {
       relativeTo: this.route,
       queryParams: queryParams,
+      queryParamsHandling: "merge",
       replaceUrl: true,
     });
   }

src/locales/en/messages.json

@@ -891,6 +891,20 @@
   "length": {
     "message": "Length"
   },
+  "uppercase": {
+    "message": "Uppercase (A-Z)",
+    "description": "Include uppercase letters in the password generator."
+  },
+  "lowercase": {
+    "message": "Lowercase (a-z)",
+    "description": "Include lowercase letters in the password generator."
+  },
+  "numbers": {
+    "message": "Numbers (0-9)"
+  },
+  "specialCharacters": {
+    "message": "Special Characters (!@#$%^&*)"
+  }, 
   "numWords": {
     "message": "Number of Words"
   },
@@ -1431,7 +1445,8 @@
     "message": "Reports"
   },
   "reportsDesc": {
-    "message": "Identify and close security gaps in your online accounts by clicking the reports below."
+    "message": "Identify and close security gaps in your online accounts by clicking the reports below.",
+    "description": "Vault Health Reports can be used to evaluate the security of your Bitwarden Personal or Organization Vault."
   },
   "unsecuredWebsitesReport": {
     "message": "Unsecure Websites"
@@ -4871,12 +4886,29 @@
     "message": "Use your domain's configured catch-all inbox."
   },
   "random": {
-    "message": "Random"
+    "message": "Random",
+    "description": "Generates domain-based username using random letters"
   },
   "randomWord": {
     "message": "Random Word"
   },
   "service": {
     "message": "Service"
+  },
+  "forwardedEmail": {
+    "message": "Forwarded Email Alias"
+  },
+  "forwardedEmailDesc": {
+    "message": "Generate an email alias with an external forwarding service."
+  },
+  "hostname": {
+    "message": "Hostname",
+    "description": "Part of a URL."
+  },
+  "apiAccessToken": {
+    "message": "API Access Token"
+  },
+  "unknownCipher": {
+    "message": "Unknown Item, you may need to login with another account to access this item."
   }
 }

src/services/webPlatformUtils.service.ts

@@ -1,3 +1,4 @@
+import { Injectable } from "@angular/core";
 import Swal, { SweetAlertIcon } from "sweetalert2";
 
 import { I18nService } from "jslib-common/abstractions/i18n.service";
@@ -9,6 +10,7 @@ import { ClientType } from "jslib-common/enums/clientType";
 import { DeviceType } from "jslib-common/enums/deviceType";
 import { ThemeType } from "jslib-common/enums/themeType";
 
+@Injectable()
 export class WebPlatformUtilsService implements PlatformUtilsService {
   private browserCache: DeviceType = null;
   private prefersColorSchemeDark = window.matchMedia("(prefers-color-scheme: dark)");

webpack.config.js

@@ -205,7 +205,7 @@ const devServer =
               {
                 key: "Content-Security-Policy",
                 value:
-                  "default-src 'self'; script-src 'self' 'sha256-ryoU+5+IUZTuUyTElqkrQGBJXr1brEv6r2CA62WUw8w=' https://js.stripe.com https://js.braintreegateway.com https://www.paypalobjects.com; style-src 'self' https://assets.braintreegateway.com https://*.paypal.com 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-JVRXyYPueLWdwGwY9m/7u4QlZ1xeQdqUj2t8OVIzZE4='; img-src 'self' data: https://icons.bitwarden.net https://*.paypal.com https://www.paypalobjects.com https://q.stripe.com https://haveibeenpwned.com https://www.gravatar.com; child-src 'self' https://js.stripe.com https://assets.braintreegateway.com https://*.paypal.com https://*.duosecurity.com; frame-src 'self' https://js.stripe.com https://assets.braintreegateway.com https://*.paypal.com https://*.duosecurity.com; connect-src 'self' wss://notifications.bitwarden.com https://notifications.bitwarden.com https://cdn.bitwarden.net https://api.pwnedpasswords.com https://2fa.directory/api/v3/totp.json https://api.stripe.com https://www.paypal.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://*.braintree-api.com https://*.blob.core.windows.net; object-src 'self' blob:;",
+                  "default-src 'self'; script-src 'self' 'sha256-ryoU+5+IUZTuUyTElqkrQGBJXr1brEv6r2CA62WUw8w=' https://js.stripe.com https://js.braintreegateway.com https://www.paypalobjects.com; style-src 'self' https://assets.braintreegateway.com https://*.paypal.com 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-JVRXyYPueLWdwGwY9m/7u4QlZ1xeQdqUj2t8OVIzZE4='; img-src 'self' data: https://icons.bitwarden.net https://*.paypal.com https://www.paypalobjects.com https://q.stripe.com https://haveibeenpwned.com https://www.gravatar.com; child-src 'self' https://js.stripe.com https://assets.braintreegateway.com https://*.paypal.com https://*.duosecurity.com; frame-src 'self' https://js.stripe.com https://assets.braintreegateway.com https://*.paypal.com https://*.duosecurity.com; connect-src 'self' wss://notifications.bitwarden.com https://notifications.bitwarden.com https://cdn.bitwarden.net https://api.pwnedpasswords.com https://2fa.directory/api/v3/totp.json https://api.stripe.com https://www.paypal.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://*.braintree-api.com https://*.blob.core.windows.net https://app.simplelogin.io/api/alias/random/new https://app.anonaddy.com/api/v1/aliases; object-src 'self' blob:;",
               },
             ];
           }