From e68e449aff78b8eabb002162e809b5e352e7b67d Mon Sep 17 00:00:00 2001 From: Oscar Hinton Date: Tue, 19 Sep 2023 23:10:00 +0200 Subject: [PATCH 01/24] [BEEEP] [PM-3865] Remove button groups (#6253) --- .../manage/entity-users.component.html | 173 ------------------ .../manage/entity-users.component.ts | 160 ---------------- .../manage/organization-manage.module.ts | 12 -- apps/web/src/app/oss.module.ts | 2 - apps/web/src/scss/styles.scss | 2 +- .../providers/manage/people.component.html | 53 +++--- .../providers/manage/people.component.ts | 1 + .../providers/providers.module.ts | 10 +- 8 files changed, 32 insertions(+), 381 deletions(-) delete mode 100644 apps/web/src/app/admin-console/organizations/manage/entity-users.component.html delete mode 100644 apps/web/src/app/admin-console/organizations/manage/entity-users.component.ts delete mode 100644 apps/web/src/app/admin-console/organizations/manage/organization-manage.module.ts diff --git a/apps/web/src/app/admin-console/organizations/manage/entity-users.component.html b/apps/web/src/app/admin-console/organizations/manage/entity-users.component.html deleted file mode 100644 index e9296973a7..0000000000 --- a/apps/web/src/app/admin-console/organizations/manage/entity-users.component.html +++ /dev/null @@ -1,173 +0,0 @@ - diff --git a/apps/web/src/app/admin-console/organizations/manage/entity-users.component.ts b/apps/web/src/app/admin-console/organizations/manage/entity-users.component.ts deleted file mode 100644 index af0c344a29..0000000000 --- a/apps/web/src/app/admin-console/organizations/manage/entity-users.component.ts +++ /dev/null @@ -1,160 +0,0 @@ -import { Component, EventEmitter, Input, OnInit, Output } from "@angular/core"; - -import { SearchPipe } from "@bitwarden/angular/pipes/search.pipe"; -import { ApiService } from "@bitwarden/common/abstractions/api.service"; -import { OrganizationUserService } from "@bitwarden/common/abstractions/organization-user/organization-user.service"; -import { OrganizationUserUserDetailsResponse } from "@bitwarden/common/abstractions/organization-user/responses"; -import { - OrganizationUserStatusType, - OrganizationUserType, -} from "@bitwarden/common/admin-console/enums"; -import { SelectionReadOnlyRequest } from "@bitwarden/common/admin-console/models/request/selection-read-only.request"; -import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service"; -import { LogService } from "@bitwarden/common/platform/abstractions/log.service"; -import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service"; -import { Utils } from "@bitwarden/common/platform/misc/utils"; - -@Component({ - selector: "app-entity-users", - templateUrl: "entity-users.component.html", - providers: [SearchPipe], -}) -export class EntityUsersComponent implements OnInit { - @Input() entity: "group" | "collection"; - @Input() entityId: string; - @Input() entityName: string; - @Input() organizationId: string; - @Output() onEditedUsers = new EventEmitter(); - - organizationUserType = OrganizationUserType; - organizationUserStatusType = OrganizationUserStatusType; - - showSelected = false; - loading = true; - formPromise: Promise; - selectedCount = 0; - searchText: string; - - private allUsers: OrganizationUserUserDetailsResponse[] = []; - - constructor( - private search: SearchPipe, - private apiService: ApiService, - private i18nService: I18nService, - private platformUtilsService: PlatformUtilsService, - private organizationUserService: OrganizationUserService, - private logService: LogService - ) {} - - async ngOnInit() { - await this.loadUsers(); - this.loading = false; - } - - get users() { - if (this.showSelected) { - return this.allUsers.filter((u) => (u as any).checked); - } else { - return this.allUsers; - } - } - - get searchedUsers() { - return this.search.transform(this.users, this.searchText, "name", "email", "id"); - } - - get scrollViewportStyle() { - return `min-height: 120px; height: ${120 + this.searchedUsers.length * 46}px`; - } - - async loadUsers() { - const users = await this.organizationUserService.getAllUsers(this.organizationId); - this.allUsers = users.data.map((r) => r).sort(Utils.getSortFunction(this.i18nService, "email")); - if (this.entity === "group") { - const response = await this.apiService.getGroupUsers(this.organizationId, this.entityId); - if (response != null && users.data.length > 0) { - response.forEach((s) => { - const user = users.data.filter((u) => u.id === s); - if (user != null && user.length > 0) { - (user[0] as any).checked = true; - } - }); - } - } else if (this.entity === "collection") { - const response = await this.apiService.getCollectionUsers(this.organizationId, this.entityId); - if (response != null && users.data.length > 0) { - response.forEach((s) => { - const user = users.data.filter((u) => !u.accessAll && u.id === s.id); - if (user != null && user.length > 0) { - (user[0] as any).checked = true; - (user[0] as any).readOnly = s.readOnly; - (user[0] as any).hidePasswords = s.hidePasswords; - } - }); - } - } - - this.allUsers.forEach((u) => { - if (this.entity === "collection" && u.accessAll) { - (u as any).checked = true; - } - if ((u as any).checked) { - this.selectedCount++; - } - }); - } - - check(u: OrganizationUserUserDetailsResponse) { - if (this.entity === "collection" && u.accessAll) { - return; - } - (u as any).checked = !(u as any).checked; - this.selectedChanged(u); - } - - selectedChanged(u: OrganizationUserUserDetailsResponse) { - if ((u as any).checked) { - this.selectedCount++; - } else { - if (this.entity === "collection") { - (u as any).readOnly = false; - (u as any).hidePasswords = false; - } - this.selectedCount--; - } - } - - filterSelected(showSelected: boolean) { - this.showSelected = showSelected; - } - - async submit() { - try { - if (this.entity === "group") { - const selections = this.users.filter((u) => (u as any).checked).map((u) => u.id); - this.formPromise = this.apiService.putGroupUsers( - this.organizationId, - this.entityId, - selections - ); - } else { - const selections = this.users - .filter((u) => (u as any).checked && !u.accessAll) - .map( - (u) => - new SelectionReadOnlyRequest(u.id, !!(u as any).readOnly, !!(u as any).hidePasswords) - ); - this.formPromise = this.apiService.putCollectionUsers( - this.organizationId, - this.entityId, - selections - ); - } - await this.formPromise; - this.platformUtilsService.showToast("success", null, this.i18nService.t("updatedUsers")); - this.onEditedUsers.emit(); - } catch (e) { - this.logService.error(e); - } - } -} diff --git a/apps/web/src/app/admin-console/organizations/manage/organization-manage.module.ts b/apps/web/src/app/admin-console/organizations/manage/organization-manage.module.ts deleted file mode 100644 index 9a7b166962..0000000000 --- a/apps/web/src/app/admin-console/organizations/manage/organization-manage.module.ts +++ /dev/null @@ -1,12 +0,0 @@ -import { ScrollingModule } from "@angular/cdk/scrolling"; -import { NgModule } from "@angular/core"; - -import { EntityUsersComponent } from "../../../admin-console/organizations/manage/entity-users.component"; -import { SharedModule } from "../../../shared"; - -@NgModule({ - imports: [SharedModule, ScrollingModule], - declarations: [EntityUsersComponent], - exports: [EntityUsersComponent], -}) -export class OrganizationManageModule {} diff --git a/apps/web/src/app/oss.module.ts b/apps/web/src/app/oss.module.ts index 1428aaea19..d15addba3e 100644 --- a/apps/web/src/app/oss.module.ts +++ b/apps/web/src/app/oss.module.ts @@ -1,7 +1,6 @@ import { NgModule } from "@angular/core"; import { OrganizationCreateModule } from "./admin-console/organizations/create/organization-create.module"; -import { OrganizationManageModule } from "./admin-console/organizations/manage/organization-manage.module"; import { OrganizationUserModule } from "./admin-console/organizations/users/organization-user.module"; import { LoginModule } from "./auth/login/login.module"; import { TrialInitiationModule } from "./auth/trial-initiation/trial-initiation.module"; @@ -16,7 +15,6 @@ import { VaultFilterModule } from "./vault/individual-vault/vault-filter/vault-f TrialInitiationModule, VaultFilterModule, OrganizationBadgeModule, - OrganizationManageModule, OrganizationUserModule, OrganizationCreateModule, LoginModule, diff --git a/apps/web/src/scss/styles.scss b/apps/web/src/scss/styles.scss index 2c0f9c21fd..05cd9fef4e 100644 --- a/apps/web/src/scss/styles.scss +++ b/apps/web/src/scss/styles.scss @@ -20,7 +20,7 @@ @import "~bootstrap/scss/_buttons"; @import "~bootstrap/scss/_transitions"; @import "~bootstrap/scss/_dropdown"; -@import "~bootstrap/scss/_button-group"; +// @import "~bootstrap/scss/_button-group"; @import "~bootstrap/scss/_input-group"; // @import "~bootstrap/scss/_custom-forms"; @import "~bootstrap/scss/_nav"; diff --git a/bitwarden_license/bit-web/src/app/admin-console/providers/manage/people.component.html b/bitwarden_license/bit-web/src/app/admin-console/providers/manage/people.component.html index 152253fe4d..90160daead 100644 --- a/bitwarden_license/bit-web/src/app/admin-console/providers/manage/people.component.html +++ b/bitwarden_license/bit-web/src/app/admin-console/providers/manage/people.component.html @@ -1,48 +1,37 @@

{{ "people" | i18n }}

-
- - - -
+ + +
- - + [placeholder]="'search' | i18n" + >
- diff --git a/bitwarden_license/bit-web/src/app/admin-console/providers/manage/people.component.ts b/bitwarden_license/bit-web/src/app/admin-console/providers/manage/people.component.ts index 3f36527116..6afa4ac9ff 100644 --- a/bitwarden_license/bit-web/src/app/admin-console/providers/manage/people.component.ts +++ b/bitwarden_license/bit-web/src/app/admin-console/providers/manage/people.component.ts @@ -50,6 +50,7 @@ export class PeopleComponent userType = ProviderUserType; userStatusType = ProviderUserStatusType; + status: ProviderUserStatusType = null; providerId: string; accessEvents = false; diff --git a/bitwarden_license/bit-web/src/app/admin-console/providers/providers.module.ts b/bitwarden_license/bit-web/src/app/admin-console/providers/providers.module.ts index cda2a108f7..70bc6241b6 100644 --- a/bitwarden_license/bit-web/src/app/admin-console/providers/providers.module.ts +++ b/bitwarden_license/bit-web/src/app/admin-console/providers/providers.module.ts @@ -4,6 +4,7 @@ import { FormsModule } from "@angular/forms"; import { JslibModule } from "@bitwarden/angular/jslib.module"; import { ModalService } from "@bitwarden/angular/services/modal.service"; +import { SearchModule } from "@bitwarden/components"; import { OssModule } from "@bitwarden/web-vault/app/oss.module"; import { AddOrganizationComponent } from "./clients/add-organization.component"; @@ -26,7 +27,14 @@ import { SetupProviderComponent } from "./setup/setup-provider.component"; import { SetupComponent } from "./setup/setup.component"; @NgModule({ - imports: [CommonModule, FormsModule, OssModule, JslibModule, ProvidersRoutingModule], + imports: [ + CommonModule, + FormsModule, + OssModule, + JslibModule, + SearchModule, + ProvidersRoutingModule, + ], declarations: [ AcceptProviderComponent, AccountComponent, From 284eda6cd30301ecba0bbb54ff0cbee45052a13a Mon Sep 17 00:00:00 2001 From: Thomas Rittson <31796059+eliykat@users.noreply.github.com> Date: Wed, 20 Sep 2023 09:35:20 +1000 Subject: [PATCH 02/24] Remove sm-ga-billing feature flag (#6213) --- .../organization-subscription-cloud.component.ts | 10 ---------- .../settings/organization-plans.component.html | 2 +- .../billing/settings/organization-plans.component.ts | 11 +---------- libs/common/src/enums/feature-flag.enum.ts | 1 - 4 files changed, 2 insertions(+), 22 deletions(-) diff --git a/apps/web/src/app/billing/organizations/organization-subscription-cloud.component.ts b/apps/web/src/app/billing/organizations/organization-subscription-cloud.component.ts index b419f74326..5d5e644925 100644 --- a/apps/web/src/app/billing/organizations/organization-subscription-cloud.component.ts +++ b/apps/web/src/app/billing/organizations/organization-subscription-cloud.component.ts @@ -12,8 +12,6 @@ import { Organization } from "@bitwarden/common/admin-console/models/domain/orga import { BitwardenProductType, PlanType } from "@bitwarden/common/billing/enums"; import { OrganizationSubscriptionResponse } from "@bitwarden/common/billing/models/response/organization-subscription.response"; import { BillingSubscriptionItemResponse } from "@bitwarden/common/billing/models/response/subscription.response"; -import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum"; -import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction"; import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service"; import { LogService } from "@bitwarden/common/platform/abstractions/log.service"; import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service"; @@ -62,7 +60,6 @@ export class OrganizationSubscriptionCloudComponent implements OnInit, OnDestroy private organizationApiService: OrganizationApiServiceAbstraction, private route: ActivatedRoute, private dialogService: DialogService, - private configService: ConfigServiceAbstraction, private datePipe: DatePipe ) {} @@ -133,13 +130,6 @@ export class OrganizationSubscriptionCloudComponent implements OnInit, OnDestroy !this.subscriptionMarkedForCancel; this.loading = false; - - // Remove the remaining lines when the sm-ga-billing flag is deleted - const smBillingEnabled = await this.configService.getFeatureFlag( - FeatureFlag.SecretsManagerBilling - ); - this.showSecretsManagerSubscribe = this.showSecretsManagerSubscribe && smBillingEnabled; - this.showAdjustSecretsManager = this.showAdjustSecretsManager && smBillingEnabled; } get subscription() { diff --git a/apps/web/src/app/billing/settings/organization-plans.component.html b/apps/web/src/app/billing/settings/organization-plans.component.html index b933157903..06d04dc4e4 100644 --- a/apps/web/src/app/billing/settings/organization-plans.component.html +++ b/apps/web/src/app/billing/settings/organization-plans.component.html @@ -276,7 +276,7 @@
( - FeatureFlag.SecretsManagerBilling, - false - ); - this.loading = false; } diff --git a/libs/common/src/enums/feature-flag.enum.ts b/libs/common/src/enums/feature-flag.enum.ts index 8f30478ced..f87a8ef52c 100644 --- a/libs/common/src/enums/feature-flag.enum.ts +++ b/libs/common/src/enums/feature-flag.enum.ts @@ -3,7 +3,6 @@ export enum FeatureFlag { DisplayLowKdfIterationWarningFlag = "display-kdf-iteration-warning", TrustedDeviceEncryption = "trusted-device-encryption", AutofillV2 = "autofill-v2", - SecretsManagerBilling = "sm-ga-billing", } // Replace this with a type safe lookup of the feature flag values in PM-2282 From 79606c9d9ca40bfa8dd1cc7e2e14fc001054d395 Mon Sep 17 00:00:00 2001 From: Vince Grassia <593223+vgrassia@users.noreply.github.com> Date: Wed, 20 Sep 2023 11:09:12 -0400 Subject: [PATCH 03/24] Add patches to Browser source (#6349) --- .github/workflows/build-browser.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-browser.yml b/.github/workflows/build-browser.yml index b1242ee23e..5e64dc3587 100644 --- a/.github/workflows/build-browser.yml +++ b/.github/workflows/build-browser.yml @@ -149,7 +149,11 @@ jobs: FILES=$(find . -maxdepth 1 -type f) for FILE in $FILES; do cp "$FILE" browser-source/; done - # Copy apps/browser to Browser source directory + # Copy patches to the Browser source directory + mkdir -p browser-source/patches + cp -r patches/* browser-source/patches + + # Copy apps/browser to the Browser source directory mkdir -p browser-source/apps/browser cp -r apps/browser/* browser-source/apps/browser From 9e8a67f3bb0e496bb8819578ae14d96cd901032d Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 20 Sep 2023 11:14:04 -0400 Subject: [PATCH 04/24] Bumped browser version to 2023.9.1 (#6350) Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com> --- apps/browser/package.json | 2 +- apps/browser/src/manifest.json | 2 +- apps/browser/src/manifest.v3.json | 2 +- package-lock.json | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/apps/browser/package.json b/apps/browser/package.json index 87d78d61b7..fb7b8ad19b 100644 --- a/apps/browser/package.json +++ b/apps/browser/package.json @@ -1,6 +1,6 @@ { "name": "@bitwarden/browser", - "version": "2023.9.0", + "version": "2023.9.1", "scripts": { "build": "webpack", "build:mv3": "cross-env MANIFEST_VERSION=3 webpack", diff --git a/apps/browser/src/manifest.json b/apps/browser/src/manifest.json index 0e75778f26..7bd5e9f5a0 100644 --- a/apps/browser/src/manifest.json +++ b/apps/browser/src/manifest.json @@ -2,7 +2,7 @@ "manifest_version": 2, "name": "__MSG_extName__", "short_name": "__MSG_appName__", - "version": "2023.9.0", + "version": "2023.9.1", "description": "__MSG_extDesc__", "default_locale": "en", "author": "Bitwarden Inc.", diff --git a/apps/browser/src/manifest.v3.json b/apps/browser/src/manifest.v3.json index fabd611ad9..7a42aa0ffa 100644 --- a/apps/browser/src/manifest.v3.json +++ b/apps/browser/src/manifest.v3.json @@ -3,7 +3,7 @@ "minimum_chrome_version": "102.0", "name": "__MSG_extName__", "short_name": "__MSG_appName__", - "version": "2023.9.0", + "version": "2023.9.1", "description": "__MSG_extDesc__", "default_locale": "en", "author": "Bitwarden Inc.", diff --git a/package-lock.json b/package-lock.json index 935c06c99c..c1f654797c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -190,7 +190,7 @@ }, "apps/browser": { "name": "@bitwarden/browser", - "version": "2023.9.0" + "version": "2023.9.1" }, "apps/cli": { "name": "@bitwarden/cli", From f0526296e489a9c2882acacfdabffd5f50a2b99d Mon Sep 17 00:00:00 2001 From: Cesar Gonzalez Date: Wed, 20 Sep 2023 10:25:58 -0500 Subject: [PATCH 05/24] [PM-4011] Remove Autofill Injection in All Frames (#6348) * [PM-4011] Remove Autofill Injection in All Frames * [PM-4011] Adding jest tests for the fix --- apps/browser/src/autofill/services/autofill.service.spec.ts | 4 +++- apps/browser/src/autofill/services/autofill.service.ts | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/apps/browser/src/autofill/services/autofill.service.spec.ts b/apps/browser/src/autofill/services/autofill.service.spec.ts index 5fc4b76c4c..e6a629cfc9 100644 --- a/apps/browser/src/autofill/services/autofill.service.spec.ts +++ b/apps/browser/src/autofill/services/autofill.service.spec.ts @@ -75,7 +75,7 @@ describe("AutofillService", () => { const autofillV1Script = "autofill.js"; const autofillV2Script = "autofill-init.js"; const defaultAutofillScripts = ["autofiller.js", "notificationBar.js", "contextMenuHandler.js"]; - const defaultExecuteScriptOptions = { allFrames: true, runAt: "document_start" }; + const defaultExecuteScriptOptions = { runAt: "document_start" }; let tabMock: chrome.tabs.Tab; let sender: chrome.runtime.MessageSender; @@ -91,11 +91,13 @@ describe("AutofillService", () => { [autofillV1Script, ...defaultAutofillScripts].forEach((scriptName) => { expect(BrowserApi.executeScriptInTab).toHaveBeenCalledWith(tabMock.id, { file: `content/${scriptName}`, + frameId: sender.frameId, ...defaultExecuteScriptOptions, }); }); expect(BrowserApi.executeScriptInTab).not.toHaveBeenCalledWith(tabMock.id, { file: `content/${autofillV2Script}`, + frameId: sender.frameId, ...defaultExecuteScriptOptions, }); }); diff --git a/apps/browser/src/autofill/services/autofill.service.ts b/apps/browser/src/autofill/services/autofill.service.ts index dc2a4918c3..fcf4dffd4a 100644 --- a/apps/browser/src/autofill/services/autofill.service.ts +++ b/apps/browser/src/autofill/services/autofill.service.ts @@ -62,7 +62,7 @@ export default class AutofillService implements AutofillServiceInterface { for (const injectedScript of injectedScripts) { await BrowserApi.executeScriptInTab(sender.tab.id, { file: `content/${injectedScript}`, - allFrames: true, + frameId: sender.frameId, runAt: "document_start", }); } From 020018085a99cdf7e29355668347afdf421132c0 Mon Sep 17 00:00:00 2001 From: Vince Grassia <593223+vgrassia@users.noreply.github.com> Date: Wed, 20 Sep 2023 14:34:21 -0400 Subject: [PATCH 06/24] Revert change to if key's (#6353) --- .github/workflows/release-desktop.yml | 36 +++++++++++++-------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/release-desktop.yml b/.github/workflows/release-desktop.yml index 22b76f4640..3dbc08f985 100644 --- a/.github/workflows/release-desktop.yml +++ b/.github/workflows/release-desktop.yml @@ -56,7 +56,7 @@ jobs: uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Branch check - if: ${{ inputs.release_type != 'Dry Run' }} + if: ${{ github.event.inputs.release_type != 'Dry Run' }} run: | if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc-desktop" ]]; then echo "===================================" @@ -93,7 +93,7 @@ jobs: esac - name: Create GitHub deployment - if: ${{ inputs.release_type != 'Dry Run' }} + if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: chrnorm/deployment-action@d42cde7132fcec920de534fffc3be83794335c00 # v2.0.5 id: deployment with: @@ -122,7 +122,7 @@ jobs: cf-prod-account" - name: Download all artifacts - if: ${{ inputs.release_type != 'Dry Run' }} + if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe with: workflow: build-desktop.yml @@ -131,7 +131,7 @@ jobs: path: apps/desktop/artifacts - name: Dry Run - Download all artifacts - if: ${{ inputs.release_type == 'Dry Run' }} + if: ${{ github.event.inputs.release_type == 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe with: workflow: build-desktop.yml @@ -146,7 +146,7 @@ jobs: run: mv Bitwarden-${{ env.PKG_VERSION }}-universal.pkg Bitwarden-${{ env.PKG_VERSION }}-universal.pkg.archive - name: Set staged rollout percentage - if: ${{ inputs.electron_publish == 'true' }} + if: ${{ github.event.inputs.electron_publish == 'true' }} env: RELEASE_CHANNEL: ${{ steps.release-channel.outputs.channel }} ROLLOUT_PCT: ${{ inputs.rollout_percentage }} @@ -156,7 +156,7 @@ jobs: echo "stagingPercentage: ${ROLLOUT_PCT}" >> apps/desktop/artifacts/${RELEASE_CHANNEL}-mac.yml - name: Publish artifacts to S3 - if: ${{ inputs.release_type != 'Dry Run' && inputs.electron_publish == 'true' }} + if: ${{ github.event.inputs.release_type != 'Dry Run' && github.event.inputs.electron_publish == 'true' }} env: AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.aws-electron-access-id }} AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.aws-electron-access-key }} @@ -170,7 +170,7 @@ jobs: --quiet - name: Publish artifacts to R2 - if: ${{ inputs.release_type != 'Dry Run' && inputs.electron_publish == 'true' }} + if: ${{ github.event.inputs.release_type != 'Dry Run' && github.event.inputs.electron_publish == 'true' }} env: AWS_ACCESS_KEY_ID: ${{ steps.retrieve-secrets.outputs.r2-electron-access-id }} AWS_SECRET_ACCESS_KEY: ${{ steps.retrieve-secrets.outputs.r2-electron-access-key }} @@ -192,7 +192,7 @@ jobs: - name: Create Release uses: ncipollo/release-action@a2e71bdd4e7dab70ca26a852f29600c98b33153e # v1.12.0 - if: ${{ steps.release-channel.outputs.channel == 'latest' && inputs.release_type != 'Dry Run' && inputs.github_release == 'true' }} + if: ${{ steps.release-channel.outputs.channel == 'latest' && github.event.inputs.release_type != 'Dry Run' && github.event.inputs.github_release == 'true' }} env: PKG_VERSION: ${{ steps.version.outputs.version }} RELEASE_CHANNEL: ${{ steps.release-channel.outputs.channel }} @@ -230,7 +230,7 @@ jobs: draft: true - name: Update deployment status to Success - if: ${{ inputs.release_type != 'Dry Run' && success() }} + if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1 with: token: '${{ secrets.GITHUB_TOKEN }}' @@ -238,7 +238,7 @@ jobs: deployment-id: ${{ steps.deployment.outputs.deployment_id }} - name: Update deployment status to Failure - if: ${{ inputs.release_type != 'Dry Run' && failure() }} + if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1 with: token: '${{ secrets.GITHUB_TOKEN }}' @@ -249,7 +249,7 @@ jobs: name: Deploy Snap runs-on: ubuntu-22.04 needs: setup - if: ${{ inputs.snap_publish == 'true' }} + if: ${{ github.event.inputs.snap_publish == 'true' }} env: _PKG_VERSION: ${{ needs.setup.outputs.release-version }} steps: @@ -278,7 +278,7 @@ jobs: working-directory: apps/desktop - name: Download Snap artifact - if: ${{ inputs.release_type != 'Dry Run' }} + if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe with: workflow: build-desktop.yml @@ -288,7 +288,7 @@ jobs: path: apps/desktop/dist - name: Dry Run - Download Snap artifact - if: ${{ inputs.release_type == 'Dry Run' }} + if: ${{ github.event.inputs.release_type == 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe with: workflow: build-desktop.yml @@ -298,7 +298,7 @@ jobs: path: apps/desktop/dist - name: Deploy to Snap Store - if: ${{ inputs.release_type != 'Dry Run' }} + if: ${{ github.event.inputs.release_type != 'Dry Run' }} env: SNAPCRAFT_STORE_CREDENTIALS: ${{ steps.retrieve-secrets.outputs.snapcraft-store-token }} run: | @@ -310,7 +310,7 @@ jobs: name: Deploy Choco runs-on: windows-2019 needs: setup - if: ${{ inputs.choco_publish == 'true' }} + if: ${{ github.event.inputs.choco_publish == 'true' }} env: _PKG_VERSION: ${{ needs.setup.outputs.release-version }} steps: @@ -346,7 +346,7 @@ jobs: working-directory: apps/desktop - name: Download choco artifact - if: ${{ inputs.release_type != 'Dry Run' }} + if: ${{ github.event.inputs.release_type != 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe with: workflow: build-desktop.yml @@ -356,7 +356,7 @@ jobs: path: apps/desktop/dist - name: Dry Run - Download choco artifact - if: ${{ inputs.release_type == 'Dry Run' }} + if: ${{ github.event.inputs.release_type == 'Dry Run' }} uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe with: workflow: build-desktop.yml @@ -366,7 +366,7 @@ jobs: path: apps/desktop/dist - name: Push to Chocolatey - if: ${{ inputs.release_type != 'Dry Run' }} + if: ${{ github.event.inputs.release_type != 'Dry Run' }} shell: pwsh run: choco push --source=https://push.chocolatey.org/ working-directory: apps/desktop/dist From 8c06508435ebc92aa34f574edcefa984bb9a10f3 Mon Sep 17 00:00:00 2001 From: Jake Fink Date: Wed, 20 Sep 2023 15:57:01 -0400 Subject: [PATCH 07/24] [PM-3726] Force migration of legacy user's encryption key (#6195) * [PM-3726] migrate legacy user's encryption key * [PM-3726] add 2fa support and pr feedback * [PM-3726] revert launch.json & webpack.config changes * [PM-3726] remove update key component - also remove card in vault since legacy users can't login * [PM-3726] Fix i18n & PR feedback * [PM-3726] make standalone component * [PM-3726] linter * [PM-3726] missing await * [PM-3726] logout legacy users with vault timeout to never * [PM-3726] add await * [PM-3726] skip auto key migration for legacy users * [PM-3726] pr feedback * [PM-3726] move check for web into migrate method --------- Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com> --- apps/browser/src/_locales/en/messages.json | 4 +- apps/cli/src/auth/commands/login.command.ts | 5 + apps/desktop/src/locales/en/messages.json | 4 +- .../web/src/app/auth/login/login.component.ts | 9 + .../migrate-legacy-encryption.component.html | 36 ++ .../migrate-legacy-encryption.component.ts | 82 +++++ .../migrate-legacy-encryption.service.spec.ts | 345 ++++++++++++++++++ .../migrate-legacy-encryption.service.ts | 215 +++++++++++ .../settings/change-password.component.ts | 6 - apps/web/src/app/auth/two-factor.component.ts | 9 + apps/web/src/app/oss-routing.module.ts | 7 + .../app/settings/change-email.component.ts | 6 - .../change-kdf-confirmation.component.ts | 5 - .../app/settings/update-key.component.html | 55 --- .../src/app/settings/update-key.component.ts | 108 ------ .../src/app/shared/loose-components.module.ts | 3 - .../individual-vault/vault.component.html | 13 - .../vault/individual-vault/vault.component.ts | 15 +- apps/web/src/locales/en/messages.json | 13 +- .../src/auth/components/login.component.ts | 17 + .../auth/components/two-factor.component.ts | 15 + libs/angular/src/auth/guards/lock.guard.ts | 15 + .../vault/components/attachments.component.ts | 24 -- .../auth/login-strategies/login.strategy.ts | 19 +- .../password-login.strategy.ts | 8 + .../src/auth/models/domain/auth-result.ts | 1 + .../platform/abstractions/crypto.service.ts | 6 + .../src/platform/services/crypto.service.ts | 48 ++- .../vault-timeout/vault-timeout.service.ts | 9 + .../src/vault/services/cipher.service.ts | 5 - 30 files changed, 834 insertions(+), 273 deletions(-) create mode 100644 apps/web/src/app/auth/migrate-encryption/migrate-legacy-encryption.component.html create mode 100644 apps/web/src/app/auth/migrate-encryption/migrate-legacy-encryption.component.ts create mode 100644 apps/web/src/app/auth/migrate-encryption/migrate-legacy-encryption.service.spec.ts create mode 100644 apps/web/src/app/auth/migrate-encryption/migrate-legacy-encryption.service.ts delete mode 100644 apps/web/src/app/settings/update-key.component.html delete mode 100644 apps/web/src/app/settings/update-key.component.ts diff --git a/apps/browser/src/_locales/en/messages.json b/apps/browser/src/_locales/en/messages.json index 6e95df17b0..bf1eedd826 100644 --- a/apps/browser/src/_locales/en/messages.json +++ b/apps/browser/src/_locales/en/messages.json @@ -771,8 +771,8 @@ "featureUnavailable": { "message": "Feature unavailable" }, - "updateKey": { - "message": "You cannot use this feature until you update your encryption key." + "encryptionKeyMigrationRequired": { + "message": "Encryption key migration required. Please login through the web vault to update your encryption key." }, "premiumMembership": { "message": "Premium membership" diff --git a/apps/cli/src/auth/commands/login.command.ts b/apps/cli/src/auth/commands/login.command.ts index c6e16ccecd..5cef79a09f 100644 --- a/apps/cli/src/auth/commands/login.command.ts +++ b/apps/cli/src/auth/commands/login.command.ts @@ -209,6 +209,11 @@ export class LoginCommand { new PasswordLogInCredentials(email, password, null, twoFactor) ); } + if (response.requiresEncryptionKeyMigration) { + return Response.error( + "Encryption key migration required. Please login through the web vault to update your encryption key." + ); + } if (response.captchaSiteKey) { const credentials = new PasswordLogInCredentials(email, password); const handledResponse = await this.handleCaptchaRequired(twoFactor, credentials); diff --git a/apps/desktop/src/locales/en/messages.json b/apps/desktop/src/locales/en/messages.json index 15606aa220..09d848c363 100644 --- a/apps/desktop/src/locales/en/messages.json +++ b/apps/desktop/src/locales/en/messages.json @@ -475,8 +475,8 @@ "maxFileSize": { "message": "Maximum file size is 500 MB." }, - "updateKey": { - "message": "You cannot use this feature until you update your encryption key." + "encryptionKeyMigrationRequired": { + "message": "Encryption key migration required. Please login through the web vault to update your encryption key." }, "editedFolder": { "message": "Folder saved" diff --git a/apps/web/src/app/auth/login/login.component.ts b/apps/web/src/app/auth/login/login.component.ts index 3bc65542b7..72d8e3766e 100644 --- a/apps/web/src/app/auth/login/login.component.ts +++ b/apps/web/src/app/auth/login/login.component.ts @@ -15,6 +15,7 @@ import { PolicyResponse } from "@bitwarden/common/admin-console/models/response/ import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service"; import { DevicesApiServiceAbstraction } from "@bitwarden/common/auth/abstractions/devices-api.service.abstraction"; import { LoginService } from "@bitwarden/common/auth/abstractions/login.service"; +import { AuthResult } from "@bitwarden/common/auth/models/domain/auth-result"; import { ListResponse } from "@bitwarden/common/models/response/list.response"; import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service"; import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service"; @@ -210,4 +211,12 @@ export class LoginComponent extends BaseLoginComponent implements OnInit, OnDest } await super.submit(false); } + + protected override handleMigrateEncryptionKey(result: AuthResult): boolean { + if (!result.requiresEncryptionKeyMigration) { + return false; + } + this.router.navigate(["migrate-legacy-encryption"]); + return true; + } } diff --git a/apps/web/src/app/auth/migrate-encryption/migrate-legacy-encryption.component.html b/apps/web/src/app/auth/migrate-encryption/migrate-legacy-encryption.component.html new file mode 100644 index 0000000000..2fdb4711cd --- /dev/null +++ b/apps/web/src/app/auth/migrate-encryption/migrate-legacy-encryption.component.html @@ -0,0 +1,36 @@ +
+
+
+

{{ "updateEncryptionKey" | i18n }}

+
+

+ {{ "updateEncryptionSchemeDesc" | i18n }} + {{ "learnMore" | i18n }} +

+ {{ "updateEncryptionKeyWarning" | i18n }} + + + {{ "masterPass" | i18n }} + + + + +
+
+
+
diff --git a/apps/web/src/app/auth/migrate-encryption/migrate-legacy-encryption.component.ts b/apps/web/src/app/auth/migrate-encryption/migrate-legacy-encryption.component.ts new file mode 100644 index 0000000000..d1bb74c066 --- /dev/null +++ b/apps/web/src/app/auth/migrate-encryption/migrate-legacy-encryption.component.ts @@ -0,0 +1,82 @@ +import { Component } from "@angular/core"; +import { FormControl, FormGroup, Validators } from "@angular/forms"; + +import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service"; +import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service"; +import { LogService } from "@bitwarden/common/platform/abstractions/log.service"; +import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service"; +import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service"; + +import { SharedModule } from "../../shared"; + +import { MigrateFromLegacyEncryptionService } from "./migrate-legacy-encryption.service"; + +// The master key was originally used to encrypt user data, before the user key was introduced. +// This component is used to migrate from the old encryption scheme to the new one. +@Component({ + standalone: true, + imports: [SharedModule], + providers: [MigrateFromLegacyEncryptionService], + templateUrl: "migrate-legacy-encryption.component.html", +}) +export class MigrateFromLegacyEncryptionComponent { + protected formGroup = new FormGroup({ + masterPassword: new FormControl("", [Validators.required]), + }); + + constructor( + private i18nService: I18nService, + private platformUtilsService: PlatformUtilsService, + private migrationService: MigrateFromLegacyEncryptionService, + private cryptoService: CryptoService, + private messagingService: MessagingService, + private logService: LogService + ) {} + + submit = async () => { + this.formGroup.markAsTouched(); + + if (this.formGroup.invalid) { + return; + } + + const hasUserKey = await this.cryptoService.hasUserKey(); + if (hasUserKey) { + this.messagingService.send("logout"); + throw new Error("User key already exists, cannot migrate legacy encryption."); + } + + const masterPassword = this.formGroup.value.masterPassword; + + try { + // Create new user key + const [newUserKey, masterKeyEncUserKey] = await this.migrationService.createNewUserKey( + masterPassword + ); + + // Update admin recover keys + await this.migrationService.updateAllAdminRecoveryKeys(masterPassword, newUserKey); + + // Update emergency access + await this.migrationService.updateEmergencyAccesses(newUserKey); + + // Update keys, folders, ciphers, and sends + await this.migrationService.updateKeysAndEncryptedData( + masterPassword, + newUserKey, + masterKeyEncUserKey + ); + + this.platformUtilsService.showToast( + "success", + this.i18nService.t("keyUpdated"), + this.i18nService.t("logBackInOthersToo"), + { timeout: 15000 } + ); + this.messagingService.send("logout"); + } catch (e) { + this.logService.error(e); + throw e; + } + }; +} diff --git a/apps/web/src/app/auth/migrate-encryption/migrate-legacy-encryption.service.spec.ts b/apps/web/src/app/auth/migrate-encryption/migrate-legacy-encryption.service.spec.ts new file mode 100644 index 0000000000..88bbdc4e5b --- /dev/null +++ b/apps/web/src/app/auth/migrate-encryption/migrate-legacy-encryption.service.spec.ts @@ -0,0 +1,345 @@ +import { mock } from "jest-mock-extended"; +import { BehaviorSubject } from "rxjs"; + +import { ApiService } from "@bitwarden/common/abstractions/api.service"; +import { OrganizationUserService } from "@bitwarden/common/abstractions/organization-user/organization-user.service"; +import { OrganizationUserResetPasswordEnrollmentRequest } from "@bitwarden/common/abstractions/organization-user/requests"; +import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction"; +import { Organization } from "@bitwarden/common/admin-console/models/domain/organization"; +import { OrganizationKeysResponse } from "@bitwarden/common/admin-console/models/response/organization-keys.response"; +import { OrganizationApiService } from "@bitwarden/common/admin-console/services/organization/organization-api.service"; +import { EmergencyAccessStatusType } from "@bitwarden/common/auth/enums/emergency-access-status-type"; +import { EmergencyAccessUpdateRequest } from "@bitwarden/common/auth/models/request/emergency-access-update.request"; +import { EmergencyAccessGranteeDetailsResponse } from "@bitwarden/common/auth/models/response/emergency-access.response"; +import { EncryptionType, KdfType } from "@bitwarden/common/enums"; +import { ListResponse } from "@bitwarden/common/models/response/list.response"; +import { UserKeyResponse } from "@bitwarden/common/models/response/user-key.response"; +import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service"; +import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service"; +import { StateService } from "@bitwarden/common/platform/abstractions/state.service"; +import { EncString } from "@bitwarden/common/platform/models/domain/enc-string"; +import { + MasterKey, + SymmetricCryptoKey, + UserKey, +} from "@bitwarden/common/platform/models/domain/symmetric-crypto-key"; +import { Send } from "@bitwarden/common/tools/send/models/domain/send"; +import { SendService } from "@bitwarden/common/tools/send/services/send.service.abstraction"; +import { CsprngArray } from "@bitwarden/common/types/csprng"; +import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service"; +import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction"; +import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction"; +import { Cipher } from "@bitwarden/common/vault/models/domain/cipher"; +import { Folder } from "@bitwarden/common/vault/models/domain/folder"; +import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view"; +import { FolderView } from "@bitwarden/common/vault/models/view/folder.view"; + +import { MigrateFromLegacyEncryptionService } from "./migrate-legacy-encryption.service"; + +describe("migrateFromLegacyEncryptionService", () => { + let migrateFromLegacyEncryptionService: MigrateFromLegacyEncryptionService; + + const organizationService = mock(); + const organizationApiService = mock(); + const organizationUserService = mock(); + const apiService = mock(); + const encryptService = mock(); + const cryptoService = mock(); + const syncService = mock(); + const cipherService = mock(); + const folderService = mock(); + const sendService = mock(); + const stateService = mock(); + let folderViews: BehaviorSubject; + let sends: BehaviorSubject; + + beforeEach(() => { + jest.clearAllMocks(); + + migrateFromLegacyEncryptionService = new MigrateFromLegacyEncryptionService( + organizationService, + organizationApiService, + organizationUserService, + apiService, + cryptoService, + encryptService, + syncService, + cipherService, + folderService, + sendService, + stateService + ); + }); + + it("instantiates", () => { + expect(migrateFromLegacyEncryptionService).not.toBeFalsy(); + }); + + describe("createNewUserKey", () => { + it("validates master password and legacy user", async () => { + const mockMasterPassword = "mockMasterPassword"; + const mockRandomBytes = new Uint8Array(64) as CsprngArray; + const mockMasterKey = new SymmetricCryptoKey(mockRandomBytes) as MasterKey; + stateService.getEmail.mockResolvedValue("mockEmail"); + stateService.getKdfType.mockResolvedValue(KdfType.PBKDF2_SHA256); + stateService.getKdfConfig.mockResolvedValue({ iterations: 100000 }); + cryptoService.makeMasterKey.mockResolvedValue(mockMasterKey); + cryptoService.isLegacyUser.mockResolvedValue(false); + + await expect( + migrateFromLegacyEncryptionService.createNewUserKey(mockMasterPassword) + ).rejects.toThrowError("Invalid master password or user may not be legacy"); + }); + }); + + describe("updateKeysAndEncryptedData", () => { + let mockMasterPassword: string; + let mockUserKey: UserKey; + let mockEncUserKey: EncString; + + beforeEach(() => { + mockMasterPassword = "mockMasterPassword"; + + const mockRandomBytes = new Uint8Array(64) as CsprngArray; + mockUserKey = new SymmetricCryptoKey(mockRandomBytes) as UserKey; + mockEncUserKey = new EncString("mockEncUserKey"); + + const mockFolders = [createMockFolder("1", "Folder 1"), createMockFolder("2", "Folder 2")]; + const mockCiphers = [createMockCipher("1", "Cipher 1"), createMockCipher("2", "Cipher 2")]; + const mockSends = [createMockSend("1", "Send 1"), createMockSend("2", "Send 2")]; + + cryptoService.getPrivateKey.mockResolvedValue(new Uint8Array(64) as CsprngArray); + + folderViews = new BehaviorSubject(mockFolders); + folderService.folderViews$ = folderViews; + + cipherService.getAllDecrypted.mockResolvedValue(mockCiphers); + + sends = new BehaviorSubject(mockSends); + sendService.sends$ = sends; + + encryptService.encrypt.mockImplementation((plainValue, userKey) => { + return Promise.resolve( + new EncString(EncryptionType.AesCbc256_HmacSha256_B64, "Encrypted: " + plainValue) + ); + }); + + folderService.encrypt.mockImplementation((folder, userKey) => { + const encryptedFolder = new Folder(); + encryptedFolder.id = folder.id; + encryptedFolder.name = new EncString( + EncryptionType.AesCbc256_HmacSha256_B64, + "Encrypted: " + folder.name + ); + return Promise.resolve(encryptedFolder); + }); + + cipherService.encrypt.mockImplementation((cipher, userKey) => { + const encryptedCipher = new Cipher(); + encryptedCipher.id = cipher.id; + encryptedCipher.name = new EncString( + EncryptionType.AesCbc256_HmacSha256_B64, + "Encrypted: " + cipher.name + ); + return Promise.resolve(encryptedCipher); + }); + }); + + it("derives the master key in case it hasn't been set", async () => { + await migrateFromLegacyEncryptionService.updateKeysAndEncryptedData( + mockMasterPassword, + mockUserKey, + mockEncUserKey + ); + + expect(cryptoService.getOrDeriveMasterKey).toHaveBeenCalled(); + }); + + it("syncs latest data", async () => { + await migrateFromLegacyEncryptionService.updateKeysAndEncryptedData( + mockMasterPassword, + mockUserKey, + mockEncUserKey + ); + expect(syncService.fullSync).toHaveBeenCalledWith(true); + }); + + it("does not post new account data if sync fails", async () => { + syncService.fullSync.mockRejectedValueOnce(new Error("sync failed")); + + await expect( + migrateFromLegacyEncryptionService.updateKeysAndEncryptedData( + mockMasterPassword, + mockUserKey, + mockEncUserKey + ) + ).rejects.toThrowError("sync failed"); + + expect(apiService.postAccountKey).not.toHaveBeenCalled(); + }); + + it("does not post new account data if data retrieval fails", async () => { + (migrateFromLegacyEncryptionService as any).encryptCiphers = async () => { + throw new Error("Ciphers failed to be retrieved"); + }; + + await expect( + migrateFromLegacyEncryptionService.updateKeysAndEncryptedData( + mockMasterPassword, + mockUserKey, + mockEncUserKey + ) + ).rejects.toThrowError("Ciphers failed to be retrieved"); + + expect(apiService.postAccountKey).not.toHaveBeenCalled(); + }); + }); + + describe("updateEmergencyAccesses", () => { + let mockUserKey: UserKey; + + beforeEach(() => { + const mockRandomBytes = new Uint8Array(64) as CsprngArray; + mockUserKey = new SymmetricCryptoKey(mockRandomBytes) as UserKey; + + const mockEmergencyAccess = { + data: [ + createMockEmergencyAccess("0", "EA 0", EmergencyAccessStatusType.Invited), + createMockEmergencyAccess("1", "EA 1", EmergencyAccessStatusType.Accepted), + createMockEmergencyAccess("2", "EA 2", EmergencyAccessStatusType.Confirmed), + createMockEmergencyAccess("3", "EA 3", EmergencyAccessStatusType.RecoveryInitiated), + createMockEmergencyAccess("4", "EA 4", EmergencyAccessStatusType.RecoveryApproved), + ], + } as ListResponse; + apiService.getEmergencyAccessTrusted.mockResolvedValue(mockEmergencyAccess); + apiService.getUserPublicKey.mockResolvedValue({ + userId: "mockUserId", + publicKey: "mockPublicKey", + } as UserKeyResponse); + + cryptoService.rsaEncrypt.mockImplementation((plainValue, publicKey) => { + return Promise.resolve( + new EncString(EncryptionType.Rsa2048_OaepSha1_B64, "Encrypted: " + plainValue) + ); + }); + }); + + it("Only updates emergency accesses with allowed statuses", async () => { + await migrateFromLegacyEncryptionService.updateEmergencyAccesses(mockUserKey); + + expect(apiService.putEmergencyAccess).not.toHaveBeenCalledWith( + "0", + expect.any(EmergencyAccessUpdateRequest) + ); + expect(apiService.putEmergencyAccess).not.toHaveBeenCalledWith( + "1", + expect.any(EmergencyAccessUpdateRequest) + ); + }); + }); + + describe("updateAllAdminRecoveryKeys", () => { + let mockMasterPassword: string; + let mockUserKey: UserKey; + + beforeEach(() => { + mockMasterPassword = "mockMasterPassword"; + + const mockRandomBytes = new Uint8Array(64) as CsprngArray; + mockUserKey = new SymmetricCryptoKey(mockRandomBytes) as UserKey; + + organizationService.getAll.mockResolvedValue([ + createOrganization("1", "Org 1", true), + createOrganization("2", "Org 2", true), + createOrganization("3", "Org 3", false), + createOrganization("4", "Org 4", false), + ]); + + organizationApiService.getKeys.mockImplementation((orgId) => { + return Promise.resolve({ + publicKey: orgId + "mockPublicKey", + privateKey: orgId + "mockPrivateKey", + } as OrganizationKeysResponse); + }); + }); + + it("Only updates organizations that are enrolled in admin recovery", async () => { + await migrateFromLegacyEncryptionService.updateAllAdminRecoveryKeys( + mockMasterPassword, + mockUserKey + ); + + expect( + organizationUserService.putOrganizationUserResetPasswordEnrollment + ).toHaveBeenCalledWith( + "1", + expect.any(String), + expect.any(OrganizationUserResetPasswordEnrollmentRequest) + ); + expect( + organizationUserService.putOrganizationUserResetPasswordEnrollment + ).toHaveBeenCalledWith( + "2", + expect.any(String), + expect.any(OrganizationUserResetPasswordEnrollmentRequest) + ); + expect( + organizationUserService.putOrganizationUserResetPasswordEnrollment + ).not.toHaveBeenCalledWith( + "3", + expect.any(String), + expect.any(OrganizationUserResetPasswordEnrollmentRequest) + ); + expect( + organizationUserService.putOrganizationUserResetPasswordEnrollment + ).not.toHaveBeenCalledWith( + "4", + expect.any(String), + expect.any(OrganizationUserResetPasswordEnrollmentRequest) + ); + }); + }); +}); + +function createMockFolder(id: string, name: string): FolderView { + const folder = new FolderView(); + folder.id = id; + folder.name = name; + return folder; +} + +function createMockCipher(id: string, name: string): CipherView { + const cipher = new CipherView(); + cipher.id = id; + cipher.name = name; + return cipher; +} + +function createMockSend(id: string, name: string): Send { + const send = new Send(); + send.id = id; + send.name = new EncString(EncryptionType.AesCbc256_HmacSha256_B64, name); + return send; +} + +function createMockEmergencyAccess( + id: string, + name: string, + status: EmergencyAccessStatusType +): EmergencyAccessGranteeDetailsResponse { + const emergencyAccess = new EmergencyAccessGranteeDetailsResponse({}); + emergencyAccess.id = id; + emergencyAccess.name = name; + emergencyAccess.type = 0; + emergencyAccess.status = status; + return emergencyAccess; +} + +function createOrganization(id: string, name: string, resetPasswordEnrolled: boolean) { + const org = new Organization(); + org.id = id; + org.name = name; + org.resetPasswordEnrolled = resetPasswordEnrolled; + org.userId = "mockUserID"; + return org; +} diff --git a/apps/web/src/app/auth/migrate-encryption/migrate-legacy-encryption.service.ts b/apps/web/src/app/auth/migrate-encryption/migrate-legacy-encryption.service.ts new file mode 100644 index 0000000000..35005fdce4 --- /dev/null +++ b/apps/web/src/app/auth/migrate-encryption/migrate-legacy-encryption.service.ts @@ -0,0 +1,215 @@ +import { Injectable } from "@angular/core"; +import { firstValueFrom } from "rxjs"; + +import { ApiService } from "@bitwarden/common/abstractions/api.service"; +import { OrganizationUserService } from "@bitwarden/common/abstractions/organization-user/organization-user.service"; +import { OrganizationUserResetPasswordEnrollmentRequest } from "@bitwarden/common/abstractions/organization-user/requests"; +import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction"; +import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction"; +import { EmergencyAccessStatusType } from "@bitwarden/common/auth/enums/emergency-access-status-type"; +import { EmergencyAccessUpdateRequest } from "@bitwarden/common/auth/models/request/emergency-access-update.request"; +import { UpdateKeyRequest } from "@bitwarden/common/models/request/update-key.request"; +import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service"; +import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service"; +import { StateService } from "@bitwarden/common/platform/abstractions/state.service"; +import { Utils } from "@bitwarden/common/platform/misc/utils"; +import { EncryptedString, EncString } from "@bitwarden/common/platform/models/domain/enc-string"; +import { UserKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key"; +import { SendWithIdRequest } from "@bitwarden/common/tools/send/models/request/send-with-id.request"; +import { SendService } from "@bitwarden/common/tools/send/services/send.service.abstraction"; +import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service"; +import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction"; +import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction"; +import { CipherWithIdRequest } from "@bitwarden/common/vault/models/request/cipher-with-id.request"; +import { FolderWithIdRequest } from "@bitwarden/common/vault/models/request/folder-with-id.request"; + +// TODO: PM-3797 - This service should be expanded and used for user key rotations in change-password.component.ts +@Injectable() +export class MigrateFromLegacyEncryptionService { + constructor( + private organizationService: OrganizationService, + private organizationApiService: OrganizationApiServiceAbstraction, + private organizationUserService: OrganizationUserService, + private apiService: ApiService, + private cryptoService: CryptoService, + private encryptService: EncryptService, + private syncService: SyncService, + private cipherService: CipherService, + private folderService: FolderService, + private sendService: SendService, + private stateService: StateService + ) {} + + /** + * Validates the master password and creates a new user key. + * @returns A new user key along with the encrypted version + */ + async createNewUserKey(masterPassword: string): Promise<[UserKey, EncString]> { + // Create master key to validate the master password + const masterKey = await this.cryptoService.makeMasterKey( + masterPassword, + await this.stateService.getEmail(), + await this.stateService.getKdfType(), + await this.stateService.getKdfConfig() + ); + + if (!masterKey) { + throw new Error("Invalid master password"); + } + + if (!(await this.cryptoService.isLegacyUser(masterKey))) { + throw new Error("Invalid master password or user may not be legacy"); + } + + // Set master key again in case it was lost (could be lost on refresh) + await this.cryptoService.setMasterKey(masterKey); + return await this.cryptoService.makeUserKey(masterKey); + } + + /** + * Updates the user key, master key hash, private key, folders, ciphers, and sends + * on the server. + * @param masterPassword The master password + * @param newUserKey The new user key + * @param newEncUserKey The new encrypted user key + */ + async updateKeysAndEncryptedData( + masterPassword: string, + newUserKey: UserKey, + newEncUserKey: EncString + ): Promise { + // Create new request and add master key and hash + const request = new UpdateKeyRequest(); + request.key = newEncUserKey.encryptedString; + request.masterPasswordHash = await this.cryptoService.hashMasterKey( + masterPassword, + await this.cryptoService.getOrDeriveMasterKey(masterPassword) + ); + + // Sync before encrypting to make sure we have latest data + await this.syncService.fullSync(true); + + request.privateKey = await this.encryptPrivateKey(newUserKey); + request.folders = await this.encryptFolders(newUserKey); + request.ciphers = await this.encryptCiphers(newUserKey); + request.sends = await this.encryptSends(newUserKey); + + return this.apiService.postAccountKey(request); + } + + /** + * Gets user's emergency access details from server and encrypts with new user key + * on the server. + * @param newUserKey The new user key + */ + async updateEmergencyAccesses(newUserKey: UserKey) { + const emergencyAccess = await this.apiService.getEmergencyAccessTrusted(); + // Any Invited or Accepted requests won't have the key yet, so we don't need to update them + const allowedStatuses = new Set([ + EmergencyAccessStatusType.Confirmed, + EmergencyAccessStatusType.RecoveryInitiated, + EmergencyAccessStatusType.RecoveryApproved, + ]); + const filteredAccesses = emergencyAccess.data.filter((d) => allowedStatuses.has(d.status)); + + for (const details of filteredAccesses) { + // Get public key of grantee + const publicKeyResponse = await this.apiService.getUserPublicKey(details.granteeId); + const publicKey = Utils.fromB64ToArray(publicKeyResponse.publicKey); + + // Encrypt new user key with public key + const encryptedKey = await this.cryptoService.rsaEncrypt(newUserKey.key, publicKey); + + const updateRequest = new EmergencyAccessUpdateRequest(); + updateRequest.type = details.type; + updateRequest.waitTimeDays = details.waitTimeDays; + updateRequest.keyEncrypted = encryptedKey.encryptedString; + + await this.apiService.putEmergencyAccess(details.id, updateRequest); + } + } + + /** Updates all admin recovery keys on the server with the new user key + * @param masterPassword The user's master password + * @param newUserKey The new user key + */ + async updateAllAdminRecoveryKeys(masterPassword: string, newUserKey: UserKey) { + const allOrgs = await this.organizationService.getAll(); + + for (const org of allOrgs) { + // If not already enrolled, skip + if (!org.resetPasswordEnrolled) { + continue; + } + + // Retrieve public key + const response = await this.organizationApiService.getKeys(org.id); + const publicKey = Utils.fromB64ToArray(response?.publicKey); + + // Re-enroll - encrypt user key with organization public key + const encryptedKey = await this.cryptoService.rsaEncrypt(newUserKey.key, publicKey); + + // Create/Execute request + const request = new OrganizationUserResetPasswordEnrollmentRequest(); + request.resetPasswordKey = encryptedKey.encryptedString; + request.masterPasswordHash = await this.cryptoService.hashMasterKey( + masterPassword, + await this.cryptoService.getOrDeriveMasterKey(masterPassword) + ); + + await this.organizationUserService.putOrganizationUserResetPasswordEnrollment( + org.id, + org.userId, + request + ); + } + } + + private async encryptPrivateKey(newUserKey: UserKey): Promise { + const privateKey = await this.cryptoService.getPrivateKey(); + if (!privateKey) { + return; + } + return (await this.encryptService.encrypt(privateKey, newUserKey)).encryptedString; + } + + private async encryptFolders(newUserKey: UserKey): Promise { + const folders = await firstValueFrom(this.folderService.folderViews$); + if (!folders) { + return; + } + return await Promise.all( + folders.map(async (folder) => { + const encryptedFolder = await this.folderService.encrypt(folder, newUserKey); + return new FolderWithIdRequest(encryptedFolder); + }) + ); + } + + private async encryptCiphers(newUserKey: UserKey): Promise { + const ciphers = await this.cipherService.getAllDecrypted(); + if (!ciphers) { + return; + } + return await Promise.all( + ciphers.map(async (cipher) => { + const encryptedCipher = await this.cipherService.encrypt(cipher, newUserKey); + return new CipherWithIdRequest(encryptedCipher); + }) + ); + } + + private async encryptSends(newUserKey: UserKey): Promise { + const sends = await firstValueFrom(this.sendService.sends$); + if (!sends) { + return; + } + return await Promise.all( + sends.map(async (send) => { + const sendKey = await this.encryptService.decryptToBytes(send.key, null); + send.key = (await this.encryptService.encrypt(sendKey, newUserKey)) ?? send.key; + return new SendWithIdRequest(send); + }) + ); + } +} diff --git a/apps/web/src/app/auth/settings/change-password.component.ts b/apps/web/src/app/auth/settings/change-password.component.ts index 00baee44d0..9ed8227316 100644 --- a/apps/web/src/app/auth/settings/change-password.component.ts +++ b/apps/web/src/app/auth/settings/change-password.component.ts @@ -145,12 +145,6 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent { } async submit() { - const hasUserKey = await this.cryptoService.hasUserKey(); - if (!hasUserKey) { - this.platformUtilsService.showToast("error", null, this.i18nService.t("updateKey")); - return; - } - if (this.masterPasswordHint != null && this.masterPasswordHint == this.masterPassword) { this.platformUtilsService.showToast( "error", diff --git a/apps/web/src/app/auth/two-factor.component.ts b/apps/web/src/app/auth/two-factor.component.ts index 2990331761..2dbb650874 100644 --- a/apps/web/src/app/auth/two-factor.component.ts +++ b/apps/web/src/app/auth/two-factor.component.ts @@ -9,6 +9,7 @@ import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service"; import { LoginService } from "@bitwarden/common/auth/abstractions/login.service"; import { TwoFactorService } from "@bitwarden/common/auth/abstractions/two-factor.service"; import { TwoFactorProviderType } from "@bitwarden/common/auth/enums/two-factor-provider-type"; +import { AuthResult } from "@bitwarden/common/auth/models/domain/auth-result"; import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service"; import { ConfigServiceAbstraction } from "@bitwarden/common/platform/abstractions/config/config.service.abstraction"; import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service"; @@ -86,6 +87,14 @@ export class TwoFactorComponent extends BaseTwoFactorComponent { ); } + protected override handleMigrateEncryptionKey(result: AuthResult): boolean { + if (!result.requiresEncryptionKeyMigration) { + return false; + } + this.router.navigate(["migrate-legacy-encryption"]); + return true; + } + goAfterLogIn = async () => { this.loginService.clearValues(); const previousUrl = this.routerService.getPreviousUrl(); diff --git a/apps/web/src/app/oss-routing.module.ts b/apps/web/src/app/oss-routing.module.ts index e6f4caa112..3a08a5863a 100644 --- a/apps/web/src/app/oss-routing.module.ts +++ b/apps/web/src/app/oss-routing.module.ts @@ -175,6 +175,13 @@ const routes: Routes = [ canActivate: [AuthGuard], data: { titleId: "removeMasterPassword" }, }, + { + path: "migrate-legacy-encryption", + loadComponent: () => + import("./auth/migrate-encryption/migrate-legacy-encryption.component").then( + (mod) => mod.MigrateFromLegacyEncryptionComponent + ), + }, ], }, { diff --git a/apps/web/src/app/settings/change-email.component.ts b/apps/web/src/app/settings/change-email.component.ts index 76e78fcba9..3321187af8 100644 --- a/apps/web/src/app/settings/change-email.component.ts +++ b/apps/web/src/app/settings/change-email.component.ts @@ -42,12 +42,6 @@ export class ChangeEmailComponent implements OnInit { } async submit() { - const hasUserKey = await this.cryptoService.hasUserKey(); - if (!hasUserKey) { - this.platformUtilsService.showToast("error", null, this.i18nService.t("updateKey")); - return; - } - this.newEmail = this.newEmail.trim().toLowerCase(); if (!this.tokenSent) { const request = new EmailTokenRequest(); diff --git a/apps/web/src/app/settings/change-kdf/change-kdf-confirmation.component.ts b/apps/web/src/app/settings/change-kdf/change-kdf-confirmation.component.ts index dd2a8c45d9..169b1bbdfa 100644 --- a/apps/web/src/app/settings/change-kdf/change-kdf-confirmation.component.ts +++ b/apps/web/src/app/settings/change-kdf/change-kdf-confirmation.component.ts @@ -46,11 +46,6 @@ export class ChangeKdfConfirmationComponent { async submit() { this.loading = true; - const hasUserKey = await this.cryptoService.hasUserKey(); - if (!hasUserKey) { - this.platformUtilsService.showToast("error", null, this.i18nService.t("updateKey")); - return; - } try { this.formPromise = this.makeKeyAndSaveAsync(); diff --git a/apps/web/src/app/settings/update-key.component.html b/apps/web/src/app/settings/update-key.component.html deleted file mode 100644 index 7b94a6dca0..0000000000 --- a/apps/web/src/app/settings/update-key.component.html +++ /dev/null @@ -1,55 +0,0 @@ - diff --git a/apps/web/src/app/settings/update-key.component.ts b/apps/web/src/app/settings/update-key.component.ts deleted file mode 100644 index 8c7d7cf882..0000000000 --- a/apps/web/src/app/settings/update-key.component.ts +++ /dev/null @@ -1,108 +0,0 @@ -import { Component } from "@angular/core"; -import { firstValueFrom } from "rxjs"; - -import { ApiService } from "@bitwarden/common/abstractions/api.service"; -import { UpdateKeyRequest } from "@bitwarden/common/models/request/update-key.request"; -import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service"; -import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service"; -import { LogService } from "@bitwarden/common/platform/abstractions/log.service"; -import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service"; -import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service"; -import { EncString } from "@bitwarden/common/platform/models/domain/enc-string"; -import { CipherWithIdRequest } from "@bitwarden/common/vault//models/request/cipher-with-id.request"; -import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service"; -import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction"; -import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction"; -import { FolderWithIdRequest } from "@bitwarden/common/vault/models/request/folder-with-id.request"; - -@Component({ - selector: "app-update-key", - templateUrl: "update-key.component.html", -}) -export class UpdateKeyComponent { - masterPassword: string; - formPromise: Promise; - - constructor( - private apiService: ApiService, - private i18nService: I18nService, - private platformUtilsService: PlatformUtilsService, - private cryptoService: CryptoService, - private messagingService: MessagingService, - private syncService: SyncService, - private folderService: FolderService, - private cipherService: CipherService, - private logService: LogService - ) {} - - async submit() { - const hasUserKey = await this.cryptoService.hasUserKey(); - if (hasUserKey) { - return; - } - - if (this.masterPassword == null || this.masterPassword === "") { - this.platformUtilsService.showToast( - "error", - this.i18nService.t("errorOccurred"), - this.i18nService.t("masterPasswordRequired") - ); - return; - } - - try { - this.formPromise = this.makeRequest().then((request) => { - return this.apiService.postAccountKey(request); - }); - await this.formPromise; - this.platformUtilsService.showToast( - "success", - this.i18nService.t("keyUpdated"), - this.i18nService.t("logBackInOthersToo"), - { timeout: 15000 } - ); - this.messagingService.send("logout"); - } catch (e) { - this.logService.error(e); - } - } - - private async makeRequest(): Promise { - const masterKey = await this.cryptoService.getMasterKey(); - const newUserKey = await this.cryptoService.makeUserKey(masterKey); - const privateKey = await this.cryptoService.getPrivateKey(); - let encPrivateKey: EncString = null; - if (privateKey != null) { - encPrivateKey = await this.cryptoService.encrypt(privateKey, newUserKey[0]); - } - const request = new UpdateKeyRequest(); - request.privateKey = encPrivateKey != null ? encPrivateKey.encryptedString : null; - request.key = newUserKey[1].encryptedString; - request.masterPasswordHash = await this.cryptoService.hashMasterKey( - this.masterPassword, - await this.cryptoService.getOrDeriveMasterKey(this.masterPassword) - ); - - await this.syncService.fullSync(true); - - const folders = await firstValueFrom(this.folderService.folderViews$); - for (let i = 0; i < folders.length; i++) { - if (folders[i].id == null) { - continue; - } - const folder = await this.folderService.encrypt(folders[i], newUserKey[0]); - request.folders.push(new FolderWithIdRequest(folder)); - } - - const ciphers = await this.cipherService.getAllDecrypted(); - for (let i = 0; i < ciphers.length; i++) { - if (ciphers[i].organizationId != null) { - continue; - } - const cipher = await this.cipherService.encrypt(ciphers[i], newUserKey[0]); - request.ciphers.push(new CipherWithIdRequest(cipher)); - } - - return request; - } -} diff --git a/apps/web/src/app/shared/loose-components.module.ts b/apps/web/src/app/shared/loose-components.module.ts index 4552162cc8..b9c220ab5e 100644 --- a/apps/web/src/app/shared/loose-components.module.ts +++ b/apps/web/src/app/shared/loose-components.module.ts @@ -86,7 +86,6 @@ import { PurgeVaultComponent } from "../settings/purge-vault.component"; import { SecurityKeysComponent } from "../settings/security-keys.component"; import { SecurityComponent } from "../settings/security.component"; import { SettingsComponent } from "../settings/settings.component"; -import { UpdateKeyComponent } from "../settings/update-key.component"; import { UpdateLicenseComponent } from "../settings/update-license.component"; import { VaultTimeoutInputComponent } from "../settings/vault-timeout-input.component"; import { GeneratorComponent } from "../tools/generator.component"; @@ -216,7 +215,6 @@ import { SharedModule } from "./shared.module"; TwoFactorVerifyComponent, TwoFactorWebAuthnComponent, TwoFactorYubiKeyComponent, - UpdateKeyComponent, UpdateLicenseComponent, UpdatePasswordComponent, UpdateTempPasswordComponent, @@ -319,7 +317,6 @@ import { SharedModule } from "./shared.module"; TwoFactorVerifyComponent, TwoFactorWebAuthnComponent, TwoFactorYubiKeyComponent, - UpdateKeyComponent, UpdateLicenseComponent, UpdatePasswordComponent, UpdateTempPasswordComponent, diff --git a/apps/web/src/app/vault/individual-vault/vault.component.html b/apps/web/src/app/vault/individual-vault/vault.component.html index dece0ea10f..265bdec2ce 100644 --- a/apps/web/src/app/vault/individual-vault/vault.component.html +++ b/apps/web/src/app/vault/individual-vault/vault.component.html @@ -77,19 +77,6 @@
-
-
- - {{ "updateKeyTitle" | i18n }} -
-
-

{{ "updateEncryptionKeyShortDesc" | i18n }}

- -
-
- ; deletePromises: { [id: string]: Promise } = {}; @@ -50,15 +49,6 @@ export class AttachmentsComponent implements OnInit { } async submit() { - if (!this.hasUpdatedKey) { - this.platformUtilsService.showToast( - "error", - this.i18nService.t("errorOccurred"), - this.i18nService.t("updateKey") - ); - return; - } - const fileEl = document.getElementById("file") as HTMLInputElement; const files = fileEl.files; if (files == null || files.length === 0) { @@ -191,7 +181,6 @@ export class AttachmentsComponent implements OnInit { this.cipherDomain = await this.loadCipher(); this.cipher = await this.cipherDomain.decrypt(); - this.hasUpdatedKey = await this.cryptoService.hasUserKey(); const canAccessPremium = await this.stateService.getCanAccessPremium(); this.canAccessAttachments = canAccessPremium || this.cipher.organizationId != null; @@ -206,19 +195,6 @@ export class AttachmentsComponent implements OnInit { if (confirmed) { this.platformUtilsService.launchUri("https://vault.bitwarden.com/#/?premium=purchase"); } - } else if (!this.hasUpdatedKey) { - const confirmed = await this.dialogService.openSimpleDialog({ - title: { key: "featureUnavailable" }, - content: { key: "updateKey" }, - acceptButtonText: { key: "learnMore" }, - type: "warning", - }); - - if (confirmed) { - this.platformUtilsService.launchUri( - "https://bitwarden.com/help/account-encryption-key/#rotate-your-encryption-key" - ); - } } } diff --git a/libs/common/src/auth/login-strategies/login.strategy.ts b/libs/common/src/auth/login-strategies/login.strategy.ts index 96855a3410..d8b0f5ca89 100644 --- a/libs/common/src/auth/login-strategies/login.strategy.ts +++ b/libs/common/src/auth/login-strategies/login.strategy.ts @@ -1,4 +1,5 @@ import { ApiService } from "../../abstractions/api.service"; +import { ClientType } from "../../enums"; import { KeysRequest } from "../../models/request/keys.request"; import { AppIdService } from "../../platform/abstractions/app-id.service"; import { CryptoService } from "../../platform/abstractions/crypto.service"; @@ -151,6 +152,16 @@ export abstract class LogInStrategy { protected async processTokenResponse(response: IdentityTokenResponse): Promise { const result = new AuthResult(); + + // Old encryption keys must be migrated, but is currently only available on web. + // Other clients shouldn't continue the login process. + if (this.encryptionKeyMigrationRequired(response)) { + result.requiresEncryptionKeyMigration = true; + if (this.platformUtilsService.getClientType() !== ClientType.Web) { + return result; + } + } + result.resetMasterPassword = response.resetMasterPassword; // Convert boolean to enum @@ -166,9 +177,7 @@ export abstract class LogInStrategy { } await this.setMasterKey(response); - await this.setUserKey(response); - await this.setPrivateKey(response); this.messagingService.send("loggedIn"); @@ -183,6 +192,12 @@ export abstract class LogInStrategy { protected abstract setPrivateKey(response: IdentityTokenResponse): Promise; + // Old accounts used master key for encryption. We are forcing migrations but only need to + // check on password logins + protected encryptionKeyMigrationRequired(response: IdentityTokenResponse): boolean { + return false; + } + protected async createKeyPairForOldAccount() { try { const [publicKey, privateKey] = await this.cryptoService.makeKeyPair(); diff --git a/libs/common/src/auth/login-strategies/password-login.strategy.ts b/libs/common/src/auth/login-strategies/password-login.strategy.ts index 7f7ec58569..0bcc679ae9 100644 --- a/libs/common/src/auth/login-strategies/password-login.strategy.ts +++ b/libs/common/src/auth/login-strategies/password-login.strategy.ts @@ -147,6 +147,10 @@ export class PasswordLogInStrategy extends LogInStrategy { } protected override async setUserKey(response: IdentityTokenResponse): Promise { + // If migration is required, we won't have a user key to set yet. + if (this.encryptionKeyMigrationRequired(response)) { + return; + } await this.cryptoService.setMasterKeyEncryptedUserKey(response.key); const masterKey = await this.cryptoService.getMasterKey(); @@ -162,6 +166,10 @@ export class PasswordLogInStrategy extends LogInStrategy { ); } + protected override encryptionKeyMigrationRequired(response: IdentityTokenResponse): boolean { + return !response.key; + } + private getMasterPasswordPolicyOptionsFromResponse( response: IdentityTokenResponse | IdentityTwoFactorResponse | IdentityCaptchaResponse ): MasterPasswordPolicyOptions { diff --git a/libs/common/src/auth/models/domain/auth-result.ts b/libs/common/src/auth/models/domain/auth-result.ts index c0a6f034ae..6900cba1c4 100644 --- a/libs/common/src/auth/models/domain/auth-result.ts +++ b/libs/common/src/auth/models/domain/auth-result.ts @@ -17,6 +17,7 @@ export class AuthResult { twoFactorProviders: Map = null; ssoEmail2FaSessionToken?: string; email: string; + requiresEncryptionKeyMigration: boolean; get requiresCaptcha() { return !Utils.isNullOrWhitespace(this.captchaSiteKey); diff --git a/libs/common/src/platform/abstractions/crypto.service.ts b/libs/common/src/platform/abstractions/crypto.service.ts index 42f60bde84..a868484bd0 100644 --- a/libs/common/src/platform/abstractions/crypto.service.ts +++ b/libs/common/src/platform/abstractions/crypto.service.ts @@ -42,6 +42,12 @@ export abstract class CryptoService { * @returns The user key */ getUserKey: (userId?: string) => Promise; + + /** + * Checks if the user is using an old encryption scheme that used the master key + * for encryption of data instead of the user key. + */ + isLegacyUser: (masterKey?: MasterKey, userId?: string) => Promise; /** * Use for encryption/decryption of data in order to support legacy * encryption models. It will return the user key if available, diff --git a/libs/common/src/platform/services/crypto.service.ts b/libs/common/src/platform/services/crypto.service.ts index 1f5cd10edc..3b4090ef34 100644 --- a/libs/common/src/platform/services/crypto.service.ts +++ b/libs/common/src/platform/services/crypto.service.ts @@ -77,6 +77,12 @@ export class CryptoService implements CryptoServiceAbstraction { } } + async isLegacyUser(masterKey?: MasterKey, userId?: string): Promise { + return await this.validateUserKey( + (masterKey ?? (await this.getMasterKey(userId))) as unknown as UserKey + ); + } + async getUserKeyWithLegacySupport(userId?: string): Promise { const userKey = await this.getUserKey(userId); if (userKey) { @@ -510,7 +516,8 @@ export class CryptoService implements CryptoServiceAbstraction { } async makeKeyPair(key?: SymmetricCryptoKey): Promise<[string, EncString]> { - key ||= await this.getUserKey(); + // Default to user key + key ||= await this.getUserKeyWithLegacySupport(); const keyPair = await this.cryptoFunctionService.rsaGenerateKeyPair(2048); const publicB64 = Utils.fromBufferToB64(keyPair[0]); @@ -943,23 +950,30 @@ export class CryptoService implements CryptoServiceAbstraction { async migrateAutoKeyIfNeeded(userId?: string) { const oldAutoKey = await this.stateService.getCryptoMasterKeyAuto({ userId: userId }); - if (oldAutoKey) { - // decrypt - const masterKey = new SymmetricCryptoKey(Utils.fromB64ToArray(oldAutoKey)) as MasterKey; - const encryptedUserKey = await this.stateService.getEncryptedCryptoSymmetricKey({ - userId: userId, - }); - const userKey = await this.decryptUserKeyWithMasterKey( - masterKey, - new EncString(encryptedUserKey), - userId - ); - // migrate - await this.stateService.setUserKeyAutoUnlock(userKey.keyB64, { userId: userId }); - await this.stateService.setCryptoMasterKeyAuto(null, { userId: userId }); - // set encrypted user key in case user immediately locks without syncing - await this.setMasterKeyEncryptedUserKey(encryptedUserKey); + if (!oldAutoKey) { + return; } + // Decrypt + const masterKey = new SymmetricCryptoKey(Utils.fromB64ToArray(oldAutoKey)) as MasterKey; + if (await this.isLegacyUser(masterKey, userId)) { + // Legacy users don't have a user key, so no need to migrate. + // Instead, set the master key for additional isLegacyUser checks that will log the user out. + await this.setMasterKey(masterKey, userId); + return; + } + const encryptedUserKey = await this.stateService.getEncryptedCryptoSymmetricKey({ + userId: userId, + }); + const userKey = await this.decryptUserKeyWithMasterKey( + masterKey, + new EncString(encryptedUserKey), + userId + ); + // Migrate + await this.stateService.setUserKeyAutoUnlock(userKey.keyB64, { userId: userId }); + await this.stateService.setCryptoMasterKeyAuto(null, { userId: userId }); + // Set encrypted user key in case user immediately locks without syncing + await this.setMasterKeyEncryptedUserKey(encryptedUserKey); } async decryptAndMigrateOldPinKey( diff --git a/libs/common/src/services/vault-timeout/vault-timeout.service.ts b/libs/common/src/services/vault-timeout/vault-timeout.service.ts index 0fbbf51bd6..9e5a78834f 100644 --- a/libs/common/src/services/vault-timeout/vault-timeout.service.ts +++ b/libs/common/src/services/vault-timeout/vault-timeout.service.ts @@ -5,6 +5,7 @@ import { VaultTimeoutSettingsService } from "../../abstractions/vault-timeout/va import { VaultTimeoutService as VaultTimeoutServiceAbstraction } from "../../abstractions/vault-timeout/vault-timeout.service"; import { AuthService } from "../../auth/abstractions/auth.service"; import { AuthenticationStatus } from "../../auth/enums/authentication-status"; +import { ClientType } from "../../enums"; import { VaultTimeoutAction } from "../../enums/vault-timeout-action.enum"; import { CryptoService } from "../../platform/abstractions/crypto.service"; import { MessagingService } from "../../platform/abstractions/messaging.service"; @@ -141,10 +142,18 @@ export class VaultTimeoutService implements VaultTimeoutServiceAbstraction { } private async migrateKeyForNeverLockIfNeeded(): Promise { + // Web can't set vault timeout to never + if (this.platformUtilsService.getClientType() == ClientType.Web) { + return; + } const accounts = await firstValueFrom(this.stateService.accounts$); for (const userId in accounts) { if (userId != null) { await this.cryptoService.migrateAutoKeyIfNeeded(userId); + // Legacy users should be logged out since we're not on the web vault and can't migrate. + if (await this.cryptoService.isLegacyUser(null, userId)) { + await this.logOut(userId); + } } } } diff --git a/libs/common/src/vault/services/cipher.service.ts b/libs/common/src/vault/services/cipher.service.ts index 0bae9a607a..f03cb88e6e 100644 --- a/libs/common/src/vault/services/cipher.service.ts +++ b/libs/common/src/vault/services/cipher.service.ts @@ -329,11 +329,6 @@ export class CipherService implements CipherServiceAbstraction { return await this.getDecryptedCipherCache(); } - const hasKey = await this.cryptoService.hasUserKey(); - if (!hasKey) { - throw new Error("No user key found."); - } - const ciphers = await this.getAll(); const orgKeys = await this.cryptoService.getOrgKeys(); const userKey = await this.cryptoService.getUserKeyWithLegacySupport(); From 014b32b488dcab3cbba813961e014fff37a05dd6 Mon Sep 17 00:00:00 2001 From: Jonathan Prusik Date: Wed, 20 Sep 2023 16:09:32 -0400 Subject: [PATCH 08/24] code cleanup (#6238) --- libs/common/src/vault/services/cipher.service.ts | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/libs/common/src/vault/services/cipher.service.ts b/libs/common/src/vault/services/cipher.service.ts index f03cb88e6e..03c70cca84 100644 --- a/libs/common/src/vault/services/cipher.service.ts +++ b/libs/common/src/vault/services/cipher.service.ts @@ -398,14 +398,21 @@ export class CipherService implements CipherServiceAbstraction { defaultMatch ??= await this.stateService.getDefaultUriMatch(); return ciphers.filter((cipher) => { - if (cipher.deletedDate != null) { + const cipherIsLogin = cipher.type === CipherType.Login && cipher.login !== null; + + if (cipher.deletedDate !== null) { return false; } - if (includeOtherTypes != null && includeOtherTypes.indexOf(cipher.type) > -1) { + + if ( + Array.isArray(includeOtherTypes) && + includeOtherTypes.includes(cipher.type) && + !cipherIsLogin + ) { return true; } - if (cipher.type === CipherType.Login && cipher.login !== null) { + if (cipherIsLogin) { return cipher.login.matchesUri(url, equivalentDomains, defaultMatch); } From 5346025c77e323caf52452e75f8c30c0ca924ddc Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 20 Sep 2023 18:36:17 -0400 Subject: [PATCH 09/24] Bumped desktop version to 2023.9.1 (#6356) Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com> --- apps/desktop/package.json | 2 +- apps/desktop/src/package-lock.json | 4 ++-- apps/desktop/src/package.json | 2 +- package-lock.json | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/apps/desktop/package.json b/apps/desktop/package.json index 8103f20311..719e680dd2 100644 --- a/apps/desktop/package.json +++ b/apps/desktop/package.json @@ -1,7 +1,7 @@ { "name": "@bitwarden/desktop", "description": "A secure and free password manager for all of your devices.", - "version": "2023.9.0", + "version": "2023.9.1", "keywords": [ "bitwarden", "password", diff --git a/apps/desktop/src/package-lock.json b/apps/desktop/src/package-lock.json index b1b465d26a..fc1f62db02 100644 --- a/apps/desktop/src/package-lock.json +++ b/apps/desktop/src/package-lock.json @@ -1,12 +1,12 @@ { "name": "@bitwarden/desktop", - "version": "2023.9.0", + "version": "2023.9.1", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@bitwarden/desktop", - "version": "2023.9.0", + "version": "2023.9.1", "license": "GPL-3.0", "dependencies": { "@bitwarden/desktop-native": "file:../desktop_native" diff --git a/apps/desktop/src/package.json b/apps/desktop/src/package.json index 77e29a988b..eca9f71541 100644 --- a/apps/desktop/src/package.json +++ b/apps/desktop/src/package.json @@ -2,7 +2,7 @@ "name": "@bitwarden/desktop", "productName": "Bitwarden", "description": "A secure and free password manager for all of your devices.", - "version": "2023.9.0", + "version": "2023.9.1", "author": "Bitwarden Inc. (https://bitwarden.com)", "homepage": "https://bitwarden.com", "license": "GPL-3.0", diff --git a/package-lock.json b/package-lock.json index c1f654797c..96e308fb6b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -230,7 +230,7 @@ }, "apps/desktop": { "name": "@bitwarden/desktop", - "version": "2023.9.0", + "version": "2023.9.1", "hasInstallScript": true, "license": "GPL-3.0" }, From 5d14afb97f38cc892da2885f3d43232b21714807 Mon Sep 17 00:00:00 2001 From: Will Martin Date: Wed, 20 Sep 2023 18:47:28 -0400 Subject: [PATCH 10/24] [CL-130] fix select styles on desktop & browser --- apps/browser/src/popup/scss/popup.scss | 1 + apps/desktop/src/scss/styles.scss | 1 + 2 files changed, 2 insertions(+) diff --git a/apps/browser/src/popup/scss/popup.scss b/apps/browser/src/popup/scss/popup.scss index 7d718b8664..0d7e428138 100644 --- a/apps/browser/src/popup/scss/popup.scss +++ b/apps/browser/src/popup/scss/popup.scss @@ -12,3 +12,4 @@ @import "environment.scss"; @import "pages.scss"; @import "@angular/cdk/overlay-prebuilt.css"; +@import "../../../../../libs/components/src/multi-select/scss/bw.theme"; diff --git a/apps/desktop/src/scss/styles.scss b/apps/desktop/src/scss/styles.scss index 049cf10b97..033a0f8b67 100644 --- a/apps/desktop/src/scss/styles.scss +++ b/apps/desktop/src/scss/styles.scss @@ -17,3 +17,4 @@ @import "left-nav.scss"; @import "loading.scss"; @import "../../../../libs/angular/src/scss/icons.scss"; +@import "../../../../libs/components/src/multi-select/scss/bw.theme"; From 5b69d52f027ccc2f86d0ef33288194080df1fa43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garc=C3=ADa?= Date: Thu, 21 Sep 2023 07:04:17 -0600 Subject: [PATCH 11/24] Ensure chrome.storage listeners also get cleaned up in Safari to avoid memory leak (#6354) --- .../src/platform/browser/browser-api.ts | 40 ++++++++++++++----- .../services/browser-state.service.ts | 3 +- 2 files changed, 32 insertions(+), 11 deletions(-) diff --git a/apps/browser/src/platform/browser/browser-api.ts b/apps/browser/src/platform/browser/browser-api.ts index 5a5596a795..b71b8b80b6 100644 --- a/apps/browser/src/platform/browser/browser-api.ts +++ b/apps/browser/src/platform/browser/browser-api.ts @@ -199,7 +199,10 @@ export class BrowserApi { BrowserApi.removeTab(tabToClose.id); } + // Keep track of all the events registered in a Safari popup so we can remove + // them when the popup gets unloaded, otherwise we cause a memory leak private static registeredMessageListeners: any[] = []; + private static registeredStorageChangeListeners: any[] = []; static messageListener( name: string, @@ -207,21 +210,38 @@ export class BrowserApi { ) { chrome.runtime.onMessage.addListener(callback); - // Keep track of all the events registered in a Safari popup so we can remove - // them when the popup gets unloaded, otherwise we cause a memory leak if (BrowserApi.isSafariApi && !BrowserApi.isBackgroundPage(window)) { BrowserApi.registeredMessageListeners.push(callback); - - // The MDN recommend using 'visibilitychange' but that event is fired any time the popup window is obscured as well - // 'pagehide' works just like 'unload' but is compatible with the back/forward cache, so we prefer using that one - window.onpagehide = () => { - for (const callback of BrowserApi.registeredMessageListeners) { - chrome.runtime.onMessage.removeListener(callback); - } - }; + BrowserApi.setupUnloadListeners(); } } + static storageChangeListener( + callback: Parameters[0] + ) { + chrome.storage.onChanged.addListener(callback); + + if (BrowserApi.isSafariApi && !BrowserApi.isBackgroundPage(window)) { + BrowserApi.registeredStorageChangeListeners.push(callback); + BrowserApi.setupUnloadListeners(); + } + } + + // Setup the event to destroy all the listeners when the popup gets unloaded in Safari, otherwise we get a memory leak + private static setupUnloadListeners() { + // The MDN recommend using 'visibilitychange' but that event is fired any time the popup window is obscured as well + // 'pagehide' works just like 'unload' but is compatible with the back/forward cache, so we prefer using that one + window.onpagehide = () => { + for (const callback of BrowserApi.registeredMessageListeners) { + chrome.runtime.onMessage.removeListener(callback); + } + + for (const callback of BrowserApi.registeredStorageChangeListeners) { + chrome.storage.onChanged.removeListener(callback); + } + }; + } + static sendMessage(subscriber: string, arg: any = {}) { const message = Object.assign({}, { command: subscriber }, arg); return chrome.runtime.sendMessage(message); diff --git a/apps/browser/src/platform/services/browser-state.service.ts b/apps/browser/src/platform/services/browser-state.service.ts index 5e356e7fbe..ec6851beb8 100644 --- a/apps/browser/src/platform/services/browser-state.service.ts +++ b/apps/browser/src/platform/services/browser-state.service.ts @@ -14,6 +14,7 @@ import { Account } from "../../models/account"; import { BrowserComponentState } from "../../models/browserComponentState"; import { BrowserGroupingsComponentState } from "../../models/browserGroupingsComponentState"; import { BrowserSendComponentState } from "../../models/browserSendComponentState"; +import { BrowserApi } from "../browser/browser-api"; import { browserSession, sessionSync } from "../decorators/session-sync-observable"; import { BrowserStateService as StateServiceAbstraction } from "./abstractions/browser-state.service"; @@ -56,7 +57,7 @@ export class BrowserStateService // the background page that can get out of sync. We need to work out the // best way to handle caching with multiple instances of the state service. if (useAccountCache) { - chrome.storage.onChanged.addListener((changes, namespace) => { + BrowserApi.storageChangeListener((changes, namespace) => { if (namespace === "local") { for (const key of Object.keys(changes)) { if (key !== "accountActivity" && this.accountDiskCache.value[key]) { From 02af0fed4c23a0327a12b2d1c9441144d0eeb170 Mon Sep 17 00:00:00 2001 From: Will Martin Date: Thu, 21 Sep 2023 10:23:20 -0400 Subject: [PATCH 12/24] [CL-113] add readonly styles to bitInput (#6220) * add readonly styles and story * only add style to input & textarea --- .../src/form-field/form-field.stories.ts | 18 ++++++++++++++++++ libs/components/src/input/input.directive.ts | 1 + 2 files changed, 19 insertions(+) diff --git a/libs/components/src/form-field/form-field.stories.ts b/libs/components/src/form-field/form-field.stories.ts index 4c85a18607..305b514266 100644 --- a/libs/components/src/form-field/form-field.stories.ts +++ b/libs/components/src/form-field/form-field.stories.ts @@ -157,6 +157,24 @@ export const Disabled: Story = { args: {}, }; +export const Readonly: Story = { + render: (args) => ({ + props: args, + template: ` + + Input + + + + + Textarea + + + `, + }), + args: {}, +}; + export const InputGroup: Story = { render: (args) => ({ props: args, diff --git a/libs/components/src/input/input.directive.ts b/libs/components/src/input/input.directive.ts index 60589208d5..b9f71ff8d5 100644 --- a/libs/components/src/input/input.directive.ts +++ b/libs/components/src/input/input.directive.ts @@ -44,6 +44,7 @@ export class BitInputDirective implements BitFormFieldControl { "focus:tw-ring-primary-700", "focus:tw-z-10", "disabled:tw-bg-secondary-100", + "[&:is(input,textarea):read-only]:tw-bg-secondary-100", ].filter((s) => s != ""); } From 217e081859d3b7a3f08b04ad9d36f8e7979ecad9 Mon Sep 17 00:00:00 2001 From: Shane Melton Date: Thu, 21 Sep 2023 08:37:52 -0700 Subject: [PATCH 13/24] Hide generator type radio options when the generator is opened from an add/edit page (#6240) --- .../browser/src/tools/popup/generator/generator.component.html | 3 +-- apps/desktop/src/app/tools/generator.component.html | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/apps/browser/src/tools/popup/generator/generator.component.html b/apps/browser/src/tools/popup/generator/generator.component.html index 5c9c749201..13d35b6cd7 100644 --- a/apps/browser/src/tools/popup/generator/generator.component.html +++ b/apps/browser/src/tools/popup/generator/generator.component.html @@ -75,7 +75,7 @@
-
+
-
+
+
+ {{ "turnOffMasterPasswordPromptToEditField" | i18n }} +
diff --git a/apps/browser/src/vault/popup/components/vault/add-edit.component.ts b/apps/browser/src/vault/popup/components/vault/add-edit.component.ts index 6148e31dd6..54cb08ae89 100644 --- a/apps/browser/src/vault/popup/components/vault/add-edit.component.ts +++ b/apps/browser/src/vault/popup/components/vault/add-edit.component.ts @@ -264,4 +264,27 @@ export class AddEditComponent extends BaseAddEditComponent { } }, 200); } + + repromptChanged() { + super.repromptChanged(); + + if (!this.showAutoFillOnPageLoadOptions) { + return; + } + + if (this.reprompt) { + this.platformUtilsService.showToast( + "info", + null, + this.i18nService.t("passwordRepromptDisabledAutofillOnPageLoad") + ); + return; + } + + this.platformUtilsService.showToast( + "info", + null, + this.i18nService.t("autofillOnPageLoadSetToDefault") + ); + } } diff --git a/libs/angular/src/vault/components/add-edit.component.ts b/libs/angular/src/vault/components/add-edit.component.ts index 6bcd72082b..377fe88b63 100644 --- a/libs/angular/src/vault/components/add-edit.component.ts +++ b/libs/angular/src/vault/components/add-edit.component.ts @@ -272,6 +272,9 @@ export class AddEditComponent implements OnInit, OnDestroy { } this.previousCipherId = this.cipherId; this.reprompt = this.cipher.reprompt !== CipherRepromptType.None; + if (this.reprompt) { + this.cipher.login.autofillOnPageLoad = this.autofillOnPageLoadOptions[2].value; + } } async submit(): Promise { @@ -570,8 +573,10 @@ export class AddEditComponent implements OnInit, OnDestroy { this.reprompt = !this.reprompt; if (this.reprompt) { this.cipher.reprompt = CipherRepromptType.Password; + this.cipher.login.autofillOnPageLoad = this.autofillOnPageLoadOptions[2].value; } else { this.cipher.reprompt = CipherRepromptType.None; + this.cipher.login.autofillOnPageLoad = this.autofillOnPageLoadOptions[0].value; } } From ca65548b3ac221781b527c5d318ef3c0ea67da62 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 25 Sep 2023 08:33:02 -0400 Subject: [PATCH 21/24] Update bitwarden/gh-actions digest to 62d1bf7 (#6385) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/brew-bump-cli.yml | 2 +- .github/workflows/brew-bump-desktop.yml | 2 +- .github/workflows/build-browser.yml | 4 ++-- .github/workflows/build-cli.yml | 2 +- .github/workflows/build-desktop.yml | 8 +++---- .github/workflows/build-web.yml | 6 ++--- .github/workflows/crowdin-pull.yml | 4 ++-- .github/workflows/deploy-eu-prod-web.yml | 4 ++-- .github/workflows/deploy-eu-qa-web.yml | 4 ++-- .github/workflows/deploy-non-prod-web.yml | 2 +- .github/workflows/release-browser.yml | 6 ++--- .github/workflows/release-cli.yml | 24 ++++++++++---------- .github/workflows/release-desktop-beta.yml | 8 +++---- .github/workflows/release-desktop.yml | 22 +++++++++--------- .github/workflows/release-web.yml | 12 +++++----- .github/workflows/staged-rollout-desktop.yml | 2 +- .github/workflows/version-bump.yml | 6 ++--- .github/workflows/workflow-linter.yml | 2 +- 18 files changed, 60 insertions(+), 60 deletions(-) diff --git a/.github/workflows/brew-bump-cli.yml b/.github/workflows/brew-bump-cli.yml index 477c9ace58..d2e998eacb 100644 --- a/.github/workflows/brew-bump-cli.yml +++ b/.github/workflows/brew-bump-cli.yml @@ -23,7 +23,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: keyvault: "bitwarden-ci" secrets: "brew-bump-workflow-pat" diff --git a/.github/workflows/brew-bump-desktop.yml b/.github/workflows/brew-bump-desktop.yml index 0a5c394716..1856cc5fb8 100644 --- a/.github/workflows/brew-bump-desktop.yml +++ b/.github/workflows/brew-bump-desktop.yml @@ -23,7 +23,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: keyvault: "bitwarden-ci" secrets: "brew-bump-workflow-pat" diff --git a/.github/workflows/build-browser.yml b/.github/workflows/build-browser.yml index 5e64dc3587..57c2fdcef0 100644 --- a/.github/workflows/build-browser.yml +++ b/.github/workflows/build-browser.yml @@ -361,7 +361,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@37ffa14164a7308bc273829edfe75c97cd562375 + uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: keyvault: "bitwarden-ci" secrets: "crowdin-api-token" @@ -423,7 +423,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets if: failure() - uses: bitwarden/gh-actions/get-keyvault-secrets@37ffa14164a7308bc273829edfe75c97cd562375 + uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: keyvault: "bitwarden-ci" secrets: "devops-alerts-slack-webhook-url" diff --git a/.github/workflows/build-cli.yml b/.github/workflows/build-cli.yml index 4d19c7e7cc..9fa71cb24f 100644 --- a/.github/workflows/build-cli.yml +++ b/.github/workflows/build-cli.yml @@ -404,7 +404,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets if: failure() - uses: bitwarden/gh-actions/get-keyvault-secrets@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: keyvault: "bitwarden-ci" secrets: "devops-alerts-slack-webhook-url" diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml index 8dfb88163a..6db1e59a3f 100644 --- a/.github/workflows/build-desktop.yml +++ b/.github/workflows/build-desktop.yml @@ -277,7 +277,7 @@ jobs: node-gyp install $(node -v) - name: Install AST - uses: bitwarden/gh-actions/install-ast@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/install-ast@62d1bf7c3e31c458cc7236b1e69a475d235cd78f - name: Set up environmentF run: choco install checksum --no-progress @@ -302,7 +302,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: keyvault: "bitwarden-ci" secrets: "code-signing-vault-url, @@ -1190,7 +1190,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: keyvault: "bitwarden-ci" secrets: "crowdin-api-token" @@ -1269,7 +1269,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets if: failure() - uses: bitwarden/gh-actions/get-keyvault-secrets@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: keyvault: "bitwarden-ci" secrets: "devops-alerts-slack-webhook-url" diff --git a/.github/workflows/build-web.yml b/.github/workflows/build-web.yml index 72117bde1f..f545844846 100644 --- a/.github/workflows/build-web.yml +++ b/.github/workflows/build-web.yml @@ -188,7 +188,7 @@ jobs: - name: Retrieve github PAT secrets id: retrieve-secret-pat - uses: bitwarden/gh-actions/get-keyvault-secrets@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: keyvault: "bitwarden-ci" secrets: "github-pat-bitwarden-devops-bot-repo-scope" @@ -264,7 +264,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: keyvault: "bitwarden-ci" secrets: "crowdin-api-token" @@ -325,7 +325,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets if: failure() - uses: bitwarden/gh-actions/get-keyvault-secrets@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: keyvault: "bitwarden-ci" secrets: "devops-alerts-slack-webhook-url" diff --git a/.github/workflows/crowdin-pull.yml b/.github/workflows/crowdin-pull.yml index fed766e71d..d14938cc46 100644 --- a/.github/workflows/crowdin-pull.yml +++ b/.github/workflows/crowdin-pull.yml @@ -32,13 +32,13 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: keyvault: "bitwarden-ci" secrets: "crowdin-api-token, github-gpg-private-key, github-gpg-private-key-passphrase" - name: Download translations - uses: bitwarden/gh-actions/crowdin@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/crowdin@62d1bf7c3e31c458cc7236b1e69a475d235cd78f env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }} diff --git a/.github/workflows/deploy-eu-prod-web.yml b/.github/workflows/deploy-eu-prod-web.yml index f051207680..523e0f44de 100644 --- a/.github/workflows/deploy-eu-prod-web.yml +++ b/.github/workflows/deploy-eu-prod-web.yml @@ -24,13 +24,13 @@ jobs: - name: Retrieve Storage Account connection string id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: keyvault: webvault-westeurope-prod secrets: "sa-bitwarden-web-vault-dev-key-temp" - name: Download latest cloud asset - uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/download-artifacts@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: workflow: build-web.yml path: apps/web diff --git a/.github/workflows/deploy-eu-qa-web.yml b/.github/workflows/deploy-eu-qa-web.yml index 34525eaa5f..2a1e271f18 100644 --- a/.github/workflows/deploy-eu-qa-web.yml +++ b/.github/workflows/deploy-eu-qa-web.yml @@ -24,13 +24,13 @@ jobs: - name: Retrieve Storage Account connection string id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: keyvault: webvaulteu-westeurope-qa secrets: "sa-bitwarden-web-vault-dev-key-temp" - name: Download latest cloud asset - uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/download-artifacts@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: workflow: build-web.yml path: apps/web diff --git a/.github/workflows/deploy-non-prod-web.yml b/.github/workflows/deploy-non-prod-web.yml index f7411f5432..78e0f12b7e 100644 --- a/.github/workflows/deploy-non-prod-web.yml +++ b/.github/workflows/deploy-non-prod-web.yml @@ -67,7 +67,7 @@ jobs: uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Download latest cloud asset - uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/download-artifacts@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: workflow: build-web.yml path: apps/web diff --git a/.github/workflows/release-browser.yml b/.github/workflows/release-browser.yml index 407f81deb6..5fd9441f14 100644 --- a/.github/workflows/release-browser.yml +++ b/.github/workflows/release-browser.yml @@ -41,7 +41,7 @@ jobs: - name: Check Release Version id: version - uses: bitwarden/gh-actions/release-version-check@58a2fdfbd3f1fc7e6727bc5dc51d159f4df07072 + uses: bitwarden/gh-actions/release-version-check@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: release-type: ${{ github.event.inputs.release_type }} project-type: ts @@ -103,7 +103,7 @@ jobs: - name: Download latest Release build artifacts if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/download-artifacts@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: workflow: build-browser.yml workflow_conclusion: success @@ -116,7 +116,7 @@ jobs: - name: Dry Run - Download latest master build artifacts if: ${{ github.event.inputs.release_type == 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/download-artifacts@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: workflow: build-browser.yml workflow_conclusion: success diff --git a/.github/workflows/release-cli.yml b/.github/workflows/release-cli.yml index 9ff812bf30..7c21cafcfd 100644 --- a/.github/workflows/release-cli.yml +++ b/.github/workflows/release-cli.yml @@ -57,7 +57,7 @@ jobs: - name: Check Release Version id: version - uses: bitwarden/gh-actions/release-version-check@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/release-version-check@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: release-type: ${{ github.event.inputs.release_type }} project-type: ts @@ -78,7 +78,7 @@ jobs: - name: Download all Release artifacts if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/download-artifacts@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: workflow: build-cli.yml path: apps/cli @@ -87,7 +87,7 @@ jobs: - name: Dry Run - Download all artifacts if: ${{ github.event.inputs.release_type == 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/download-artifacts@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: workflow: build-cli.yml path: apps/cli @@ -150,7 +150,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: keyvault: "bitwarden-ci" secrets: "snapcraft-store-token" @@ -162,7 +162,7 @@ jobs: - name: Download artifacts if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/download-artifacts@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: workflow: build-cli.yml path: apps/cli @@ -172,7 +172,7 @@ jobs: - name: Dry Run - Download artifacts if: ${{ github.event.inputs.release_type == 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/download-artifacts@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: workflow: build-cli.yml path: apps/cli @@ -206,7 +206,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: keyvault: "bitwarden-ci" secrets: "cli-choco-api-key" @@ -222,7 +222,7 @@ jobs: - name: Download artifacts if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/download-artifacts@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: workflow: build-cli.yml path: apps/cli/dist @@ -232,7 +232,7 @@ jobs: - name: Dry Run - Download artifacts if: ${{ github.event.inputs.release_type == 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/download-artifacts@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: workflow: build-cli.yml path: apps/cli/dist @@ -265,14 +265,14 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: keyvault: "bitwarden-ci" secrets: "npm-api-key" - name: Download artifacts if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/download-artifacts@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: workflow: build-cli.yml path: apps/cli/build @@ -282,7 +282,7 @@ jobs: - name: Dry Run - Download artifacts if: ${{ github.event.inputs.release_type == 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/download-artifacts@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: workflow: build-cli.yml path: apps/cli/build diff --git a/.github/workflows/release-desktop-beta.yml b/.github/workflows/release-desktop-beta.yml index 335d705d2d..ce09a7d80a 100644 --- a/.github/workflows/release-desktop-beta.yml +++ b/.github/workflows/release-desktop-beta.yml @@ -47,7 +47,7 @@ jobs: - name: Check Release Version id: version - uses: bitwarden/gh-actions/release-version-check@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/release-version-check@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: release-type: 'Initial Release' project-type: ts @@ -231,7 +231,7 @@ jobs: node-gyp install $(node -v) - name: Install AST - uses: bitwarden/gh-actions/install-ast@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/install-ast@62d1bf7c3e31c458cc7236b1e69a475d235cd78f - name: Set up environment run: choco install checksum --no-progress @@ -249,7 +249,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: keyvault: "bitwarden-ci" secrets: "code-signing-vault-url, @@ -932,7 +932,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: keyvault: "bitwarden-ci" secrets: "aws-electron-access-id, diff --git a/.github/workflows/release-desktop.yml b/.github/workflows/release-desktop.yml index 3dbc08f985..f60020c732 100644 --- a/.github/workflows/release-desktop.yml +++ b/.github/workflows/release-desktop.yml @@ -67,7 +67,7 @@ jobs: - name: Check Release Version id: version - uses: bitwarden/gh-actions/release-version-check@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/release-version-check@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: release-type: ${{ inputs.release_type }} project-type: ts @@ -110,7 +110,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: keyvault: "bitwarden-ci" secrets: "aws-electron-access-id, @@ -123,7 +123,7 @@ jobs: - name: Download all artifacts if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/download-artifacts@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: workflow: build-desktop.yml workflow_conclusion: success @@ -132,7 +132,7 @@ jobs: - name: Dry Run - Download all artifacts if: ${{ github.event.inputs.release_type == 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/download-artifacts@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: workflow: build-desktop.yml workflow_conclusion: success @@ -185,7 +185,7 @@ jobs: --endpoint-url https://${CF_ACCOUNT}.r2.cloudflarestorage.com - name: Get checksum files - uses: bitwarden/gh-actions/get-checksum@82cfceb235b308c2eb63923824e61d8350d280db + uses: bitwarden/gh-actions/get-checksum@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: packages_dir: "apps/desktop/artifacts" file_path: "apps/desktop/artifacts/sha256-checksums.txt" @@ -263,7 +263,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: keyvault: "bitwarden-ci" secrets: "snapcraft-store-token" @@ -279,7 +279,7 @@ jobs: - name: Download Snap artifact if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/download-artifacts@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: workflow: build-desktop.yml workflow_conclusion: success @@ -289,7 +289,7 @@ jobs: - name: Dry Run - Download Snap artifact if: ${{ github.event.inputs.release_type == 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/download-artifacts@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: workflow: build-desktop.yml workflow_conclusion: success @@ -329,7 +329,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: keyvault: "bitwarden-ci" secrets: "cli-choco-api-key" @@ -347,7 +347,7 @@ jobs: - name: Download choco artifact if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/download-artifacts@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: workflow: build-desktop.yml workflow_conclusion: success @@ -357,7 +357,7 @@ jobs: - name: Dry Run - Download choco artifact if: ${{ github.event.inputs.release_type == 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/download-artifacts@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: workflow: build-desktop.yml workflow_conclusion: success diff --git a/.github/workflows/release-web.yml b/.github/workflows/release-web.yml index 5b4b7195ae..46113b94b4 100644 --- a/.github/workflows/release-web.yml +++ b/.github/workflows/release-web.yml @@ -41,7 +41,7 @@ jobs: - name: Check Release Version id: version - uses: bitwarden/gh-actions/release-version-check@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/release-version-check@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: release-type: ${{ github.event.inputs.release_type }} project-type: ts @@ -130,7 +130,7 @@ jobs: - name: Retrieve bot secrets id: retrieve-bot-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: keyvault: bitwarden-ci secrets: "github-pat-bitwarden-devops-bot-repo-scope" @@ -144,7 +144,7 @@ jobs: - name: Download latest cloud asset if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/download-artifacts@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: workflow: build-web.yml path: assets @@ -154,7 +154,7 @@ jobs: - name: Dry Run - Download latest cloud asset if: ${{ github.event.inputs.release_type == 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/download-artifacts@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: workflow: build-web.yml path: assets @@ -227,7 +227,7 @@ jobs: - name: Download latest build artifacts if: ${{ github.event.inputs.release_type != 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/download-artifacts@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: workflow: build-web.yml path: apps/web/artifacts @@ -238,7 +238,7 @@ jobs: - name: Dry Run - Download latest build artifacts if: ${{ github.event.inputs.release_type == 'Dry Run' }} - uses: bitwarden/gh-actions/download-artifacts@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/download-artifacts@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: workflow: build-web.yml path: apps/web/artifacts diff --git a/.github/workflows/staged-rollout-desktop.yml b/.github/workflows/staged-rollout-desktop.yml index ce56cc205d..b0c57e1a1b 100644 --- a/.github/workflows/staged-rollout-desktop.yml +++ b/.github/workflows/staged-rollout-desktop.yml @@ -26,7 +26,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: keyvault: "bitwarden-ci" secrets: "aws-electron-access-id, diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml index c650e42ecf..f50a6fe6cd 100644 --- a/.github/workflows/version-bump.yml +++ b/.github/workflows/version-bump.yml @@ -54,7 +54,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: keyvault: "bitwarden-ci" secrets: "github-gpg-private-key, github-gpg-private-key-passphrase" @@ -125,14 +125,14 @@ jobs: - name: Bump Browser Version - Manifest if: ${{ inputs.bump_browser == true }} - uses: bitwarden/gh-actions/version-bump@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/version-bump@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: version: ${{ inputs.version_number }} file_path: "apps/browser/src/manifest.json" - name: Bump Browser Version - Manifest v3 if: ${{ inputs.bump_browser == true }} - uses: bitwarden/gh-actions/version-bump@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/version-bump@62d1bf7c3e31c458cc7236b1e69a475d235cd78f with: version: ${{ inputs.version_number }} file_path: "apps/browser/src/manifest.v3.json" diff --git a/.github/workflows/workflow-linter.yml b/.github/workflows/workflow-linter.yml index aef3077eb3..f38d228dda 100644 --- a/.github/workflows/workflow-linter.yml +++ b/.github/workflows/workflow-linter.yml @@ -8,4 +8,4 @@ on: jobs: call-workflow: - uses: bitwarden/gh-actions/.github/workflows/workflow-linter.yml@67ab95d7a466bcefdedf3f93cbc10bcff436edfe + uses: bitwarden/gh-actions/.github/workflows/workflow-linter.yml@62d1bf7c3e31c458cc7236b1e69a475d235cd78f From d0037bb257abd06725bac186c4164f9417b87832 Mon Sep 17 00:00:00 2001 From: Conner Turnbull <133619638+cturnbull-bitwarden@users.noreply.github.com> Date: Mon, 25 Sep 2023 09:53:50 -0400 Subject: [PATCH 22/24] Add Braintree sandbox to permitted sources in CSP (#6381) --- apps/web/webpack.config.js | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/web/webpack.config.js b/apps/web/webpack.config.js index c7d2bcb5e0..96deb2f80e 100644 --- a/apps/web/webpack.config.js +++ b/apps/web/webpack.config.js @@ -272,6 +272,7 @@ const devServer = https://api.2fa.directory/v3/totp.json https://api.stripe.com https://www.paypal.com + https://api.sandbox.braintreegateway.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://*.braintree-api.com From e4fee0c7663ce455ca75b60e853c26635ab26b13 Mon Sep 17 00:00:00 2001 From: Ikko Eltociear Ashimine Date: Tue, 26 Sep 2023 03:49:59 +0900 Subject: [PATCH 23/24] fix typo in base.scss (#6399) appropiate -> appropriate --- apps/desktop/src/scss/base.scss | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/desktop/src/scss/base.scss b/apps/desktop/src/scss/base.scss index 31be3f1bcc..3912d6cbf1 100644 --- a/apps/desktop/src/scss/base.scss +++ b/apps/desktop/src/scss/base.scss @@ -17,7 +17,7 @@ body { body { color: $text-color; - // We initially rely on electron to provide the appropiate background color. + // We initially rely on electron to provide the appropriate background color. // This ensures the background color while reloading is correct to avoid a jarring missmatch. background-color: transparent; From 5616e69e1020f904e018bf6e8e1eb963f47156f2 Mon Sep 17 00:00:00 2001 From: Daniel James Smith <2670567+djsmith85@users.noreply.github.com> Date: Mon, 25 Sep 2023 22:09:12 +0200 Subject: [PATCH 24/24] Removed unused references to ModalService (#6371) Co-authored-by: Daniel James Smith --- .../app/admin-console/organizations/manage/groups.component.ts | 2 -- .../organizations/tools/import-export/org-import.component.ts | 3 --- apps/web/src/app/tools/import-export/import.component.ts | 2 -- apps/web/src/app/tools/send/send.component.ts | 2 -- .../service-accounts/access/access-tokens.component.ts | 2 -- 5 files changed, 11 deletions(-) diff --git a/apps/web/src/app/admin-console/organizations/manage/groups.component.ts b/apps/web/src/app/admin-console/organizations/manage/groups.component.ts index f2167c0e5f..5473f2eff6 100644 --- a/apps/web/src/app/admin-console/organizations/manage/groups.component.ts +++ b/apps/web/src/app/admin-console/organizations/manage/groups.component.ts @@ -15,7 +15,6 @@ import { import { first } from "rxjs/operators"; import { SearchPipe } from "@bitwarden/angular/pipes/search.pipe"; -import { ModalService } from "@bitwarden/angular/services/modal.service"; import { ApiService } from "@bitwarden/common/abstractions/api.service"; import { SearchService } from "@bitwarden/common/abstractions/search.service"; import { ListResponse } from "@bitwarden/common/models/response/list.response"; @@ -126,7 +125,6 @@ export class GroupsComponent implements OnInit, OnDestroy { private groupService: GroupService, private route: ActivatedRoute, private i18nService: I18nService, - private modalService: ModalService, private dialogService: DialogService, private platformUtilsService: PlatformUtilsService, private searchService: SearchService, diff --git a/apps/web/src/app/admin-console/organizations/tools/import-export/org-import.component.ts b/apps/web/src/app/admin-console/organizations/tools/import-export/org-import.component.ts index 3c9b5858e0..e8dad8baf4 100644 --- a/apps/web/src/app/admin-console/organizations/tools/import-export/org-import.component.ts +++ b/apps/web/src/app/admin-console/organizations/tools/import-export/org-import.component.ts @@ -3,7 +3,6 @@ import { FormBuilder } from "@angular/forms"; import { ActivatedRoute, Router } from "@angular/router"; import { switchMap, takeUntil } from "rxjs/operators"; -import { ModalService } from "@bitwarden/angular/services/modal.service"; import { canAccessVaultTab, OrganizationService, @@ -42,7 +41,6 @@ export class OrganizationImportComponent extends ImportComponent { policyService: PolicyService, organizationService: OrganizationService, logService: LogService, - modalService: ModalService, syncService: SyncService, dialogService: DialogService, folderService: FolderService, @@ -56,7 +54,6 @@ export class OrganizationImportComponent extends ImportComponent { platformUtilsService, policyService, logService, - modalService, syncService, dialogService, folderService, diff --git a/apps/web/src/app/tools/import-export/import.component.ts b/apps/web/src/app/tools/import-export/import.component.ts index de2de35777..1f71b2fd77 100644 --- a/apps/web/src/app/tools/import-export/import.component.ts +++ b/apps/web/src/app/tools/import-export/import.component.ts @@ -5,7 +5,6 @@ import * as JSZip from "jszip"; import { concat, Observable, Subject, lastValueFrom, combineLatest } from "rxjs"; import { map, takeUntil } from "rxjs/operators"; -import { ModalService } from "@bitwarden/angular/services/modal.service"; import { canAccessImportExport, OrganizationService, @@ -76,7 +75,6 @@ export class ImportComponent implements OnInit, OnDestroy { protected platformUtilsService: PlatformUtilsService, protected policyService: PolicyService, private logService: LogService, - protected modalService: ModalService, protected syncService: SyncService, protected dialogService: DialogService, protected folderService: FolderService, diff --git a/apps/web/src/app/tools/send/send.component.ts b/apps/web/src/app/tools/send/send.component.ts index 7301c3bcac..6b5f10dd3a 100644 --- a/apps/web/src/app/tools/send/send.component.ts +++ b/apps/web/src/app/tools/send/send.component.ts @@ -1,7 +1,6 @@ import { Component, NgZone, ViewChild, ViewContainerRef } from "@angular/core"; import { lastValueFrom } from "rxjs"; -import { ModalService } from "@bitwarden/angular/services/modal.service"; import { SendComponent as BaseSendComponent } from "@bitwarden/angular/tools/send/send.component"; import { SearchService } from "@bitwarden/common/abstractions/search.service"; import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction"; @@ -52,7 +51,6 @@ export class SendComponent extends BaseSendComponent { ngZone: NgZone, searchService: SearchService, policyService: PolicyService, - private modalService: ModalService, private broadcasterService: BroadcasterService, logService: LogService, sendApiService: SendApiService, diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/access/access-tokens.component.ts b/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/access/access-tokens.component.ts index 24080d3e7d..ea264e8aa4 100644 --- a/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/access/access-tokens.component.ts +++ b/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/access/access-tokens.component.ts @@ -10,7 +10,6 @@ import { takeUntil, } from "rxjs"; -import { ModalService } from "@bitwarden/angular/services/modal.service"; import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service"; import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service"; import { DialogService } from "@bitwarden/components"; @@ -37,7 +36,6 @@ export class AccessTokenComponent implements OnInit, OnDestroy { private route: ActivatedRoute, private accessService: AccessService, private dialogService: DialogService, - private modalService: ModalService, private platformUtilsService: PlatformUtilsService, private i18nService: I18nService, private serviceAccountService: ServiceAccountService