From 4b67cd24b451255981218cb5e9436b23fbbda5e7 Mon Sep 17 00:00:00 2001
From: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
Date: Wed, 16 Oct 2024 18:28:27 -0400
Subject: [PATCH 01/10] Auth/PM-8112 - UI refresh - Registration Components
 (#11353)

* PM-8112 - Update classes of existing registration icons

* PM-8112 - Add new icons

* PM-8112 - Export icons from libs/auth

* PM-8112 - RegistrationStart - Add new user icon as page icon

* PM-8112 - Replace RegistrationCheckEmailIcon with new icon so it displays properly

* PM-8112 - RegistrationFinish - Add new icon across clients

* PM-8112 - Registration start comp - update page icon and page title on state change to match figma

* PM-8112 - RegistrationFinish - adding most of framework for changing page title & subtitle when an org invite is in state.

* PM-8112 - Add joinOrganizationName to all clients translations

* PM-8112 - RegistrationFinish - Remove default page title & subtitle and let onInit logic figure out what to set based on flows.

* PM-8112 - RegistrationStart - Fix setAnonLayoutWrapperData calls

* PM-8112 - RegistrationFinish - simplify qParams init logic to make handling loading and page title and subtitle setting easier.

* PM-8112 - Registration Link expired - move icon to page icon out of main content

* PM-8112 - RegistrationFinish - Refactor init logic further into distinct flows.

* PM-8112 - Fix icons

* PM-8112 - Extension AppRoutingModule - move sign up start & finish routes under extension anon layout

* PM-8112 - Fix storybook

* PM-8112 - Clean up unused prop

* PM-8112 - RegistrationLockAltIcon tweaks

* PM-8112 - Update icons to have proper styling

* PM-8112 - RegistrationUserAddIcon - remove unnecessary svg class

* PM-8112 - Fix icons
---
 apps/browser/src/_locales/en/messages.json    |   9 ++
 apps/browser/src/popup/app-routing.module.ts  |  86 ++++++------
 apps/desktop/src/app/app-routing.module.ts    |  10 +-
 apps/desktop/src/locales/en/messages.json     |   9 ++
 .../web-registration-finish.service.spec.ts   |  30 +++++
 .../web-registration-finish.service.ts        |   9 ++
 apps/web/src/app/oss-routing.module.ts        |  12 +-
 apps/web/src/locales/en/messages.json         |   9 ++
 libs/auth/src/angular/icons/index.ts          |   3 +
 .../icons/registration-check-email.icon.ts    |  29 +++--
 .../icons/registration-expired-link.icon.ts   |  21 +--
 .../icons/registration-lock-alt.icon.ts       |  41 ++++++
 .../icons/registration-user-add.icon.ts       |  24 ++++
 ...efault-registration-finish.service.spec.ts |   8 ++
 .../default-registration-finish.service.ts    |   4 +
 .../registration-finish.component.ts          | 123 +++++++++++-------
 .../registration-finish.service.ts            |   9 +-
 .../registration-link-expired.component.html  |   2 -
 .../registration-start.component.html         |  13 --
 .../registration-start.component.ts           |  16 ++-
 .../registration-start.stories.ts             |  10 ++
 21 files changed, 336 insertions(+), 141 deletions(-)
 create mode 100644 libs/auth/src/angular/icons/registration-lock-alt.icon.ts
 create mode 100644 libs/auth/src/angular/icons/registration-user-add.icon.ts

diff --git a/apps/browser/src/_locales/en/messages.json b/apps/browser/src/_locales/en/messages.json
index 25386222d4..290663f434 100644
--- a/apps/browser/src/_locales/en/messages.json
+++ b/apps/browser/src/_locales/en/messages.json
@@ -71,6 +71,15 @@
   "joinOrganization": {
     "message": "Join organization"
   },
+  "joinOrganizationName": {
+    "message": "Join $ORGANIZATIONNAME$",
+    "placeholders": {
+      "organizationName": {
+        "content": "$1",
+        "example": "My Org Name"
+      }
+    }
+  },
   "finishJoiningThisOrganizationBySettingAMasterPassword": {
     "message": "Finish joining this organization by setting a master password."
   },
diff --git a/apps/browser/src/popup/app-routing.module.ts b/apps/browser/src/popup/app-routing.module.ts
index 0bf26f8c07..1a95ad7483 100644
--- a/apps/browser/src/popup/app-routing.module.ts
+++ b/apps/browser/src/popup/app-routing.module.ts
@@ -20,9 +20,11 @@ import {
   LockV2Component,
   PasswordHintComponent,
   RegistrationFinishComponent,
+  RegistrationLockAltIcon,
   RegistrationStartComponent,
   RegistrationStartSecondaryComponent,
   RegistrationStartSecondaryComponentData,
+  RegistrationUserAddIcon,
   SetPasswordJitComponent,
   UserLockIcon,
 } from "@bitwarden/auth/angular";
@@ -448,6 +450,47 @@ const routes: Routes = [
     path: "",
     component: ExtensionAnonLayoutWrapperComponent,
     children: [
+      {
+        path: "signup",
+        canActivate: [canAccessFeature(FeatureFlag.EmailVerification), unauthGuardFn()],
+        data: {
+          state: "signup",
+          pageIcon: RegistrationUserAddIcon,
+          pageTitle: {
+            key: "createAccount",
+          },
+          showBackButton: true,
+        } satisfies RouteDataProperties & ExtensionAnonLayoutWrapperData,
+        children: [
+          {
+            path: "",
+            component: RegistrationStartComponent,
+          },
+          {
+            path: "",
+            component: RegistrationStartSecondaryComponent,
+            outlet: "secondary",
+            data: {
+              loginRoute: "/home",
+            } satisfies RegistrationStartSecondaryComponentData,
+          },
+        ],
+      },
+      {
+        path: "finish-signup",
+        canActivate: [canAccessFeature(FeatureFlag.EmailVerification), unauthGuardFn()],
+        data: {
+          pageIcon: RegistrationLockAltIcon,
+          state: "finish-signup",
+          showBackButton: true,
+        } satisfies RouteDataProperties & ExtensionAnonLayoutWrapperData,
+        children: [
+          {
+            path: "",
+            component: RegistrationFinishComponent,
+          },
+        ],
+      },
       {
         path: "lockV2",
         canActivate: [canAccessFeature(FeatureFlag.ExtensionRefresh), lockGuard()],
@@ -472,49 +515,6 @@ const routes: Routes = [
     path: "",
     component: AnonLayoutWrapperComponent,
     children: [
-      {
-        path: "signup",
-        canActivate: [canAccessFeature(FeatureFlag.EmailVerification), unauthGuardFn()],
-        data: {
-          state: "signup",
-          pageTitle: {
-            key: "createAccount",
-          },
-        } satisfies RouteDataProperties & AnonLayoutWrapperData,
-        children: [
-          {
-            path: "",
-            component: RegistrationStartComponent,
-          },
-          {
-            path: "",
-            component: RegistrationStartSecondaryComponent,
-            outlet: "secondary",
-            data: {
-              loginRoute: "/home",
-            } satisfies RegistrationStartSecondaryComponentData,
-          },
-        ],
-      },
-      {
-        path: "finish-signup",
-        canActivate: [canAccessFeature(FeatureFlag.EmailVerification), unauthGuardFn()],
-        data: {
-          pageTitle: {
-            key: "setAStrongPassword",
-          },
-          pageSubtitle: {
-            key: "finishCreatingYourAccountBySettingAPassword",
-          },
-          state: "finish-signup",
-        } satisfies RouteDataProperties & AnonLayoutWrapperData,
-        children: [
-          {
-            path: "",
-            component: RegistrationFinishComponent,
-          },
-        ],
-      },
       {
         path: "set-password-jit",
         canActivate: [canAccessFeature(FeatureFlag.EmailVerification)],
diff --git a/apps/desktop/src/app/app-routing.module.ts b/apps/desktop/src/app/app-routing.module.ts
index e8ae31e78a..8b8f62047f 100644
--- a/apps/desktop/src/app/app-routing.module.ts
+++ b/apps/desktop/src/app/app-routing.module.ts
@@ -19,9 +19,11 @@ import {
   LockV2Component,
   PasswordHintComponent,
   RegistrationFinishComponent,
+  RegistrationLockAltIcon,
   RegistrationStartComponent,
   RegistrationStartSecondaryComponent,
   RegistrationStartSecondaryComponentData,
+  RegistrationUserAddIcon,
   SetPasswordJitComponent,
   UserLockIcon,
 } from "@bitwarden/auth/angular";
@@ -169,6 +171,7 @@ const routes: Routes = [
         path: "signup",
         canActivate: [canAccessFeature(FeatureFlag.EmailVerification), unauthGuardFn()],
         data: {
+          pageIcon: RegistrationUserAddIcon,
           pageTitle: {
             key: "createAccount",
           },
@@ -192,12 +195,7 @@ const routes: Routes = [
         path: "finish-signup",
         canActivate: [canAccessFeature(FeatureFlag.EmailVerification), unauthGuardFn()],
         data: {
-          pageTitle: {
-            key: "setAStrongPassword",
-          },
-          pageSubtitle: {
-            key: "finishCreatingYourAccountBySettingAPassword",
-          },
+          pageIcon: RegistrationLockAltIcon,
         } satisfies AnonLayoutWrapperData,
         children: [
           {
diff --git a/apps/desktop/src/locales/en/messages.json b/apps/desktop/src/locales/en/messages.json
index 4647853f71..9924a91fa3 100644
--- a/apps/desktop/src/locales/en/messages.json
+++ b/apps/desktop/src/locales/en/messages.json
@@ -602,6 +602,15 @@
   "joinOrganization": {
     "message": "Join organization"
   },
+  "joinOrganizationName": {
+    "message": "Join $ORGANIZATIONNAME$",
+    "placeholders": {
+      "organizationName": {
+        "content": "$1",
+        "example": "My Org Name"
+      }
+    }
+  },
   "finishJoiningThisOrganizationBySettingAMasterPassword": {
     "message": "Finish joining this organization by setting a master password."
   },
diff --git a/apps/web/src/app/auth/core/services/registration/web-registration-finish.service.spec.ts b/apps/web/src/app/auth/core/services/registration/web-registration-finish.service.spec.ts
index 2faf3f85d1..45eb3c5c0d 100644
--- a/apps/web/src/app/auth/core/services/registration/web-registration-finish.service.spec.ts
+++ b/apps/web/src/app/auth/core/services/registration/web-registration-finish.service.spec.ts
@@ -52,6 +52,36 @@ describe("DefaultRegistrationFinishService", () => {
     expect(service).not.toBeFalsy();
   });
 
+  describe("getOrgNameFromOrgInvite()", () => {
+    let orgInvite: OrganizationInvite | null;
+
+    beforeEach(() => {
+      orgInvite = new OrganizationInvite();
+      orgInvite.organizationId = "organizationId";
+      orgInvite.organizationUserId = "organizationUserId";
+      orgInvite.token = "orgInviteToken";
+      orgInvite.email = "email";
+    });
+
+    it("returns null when the org invite is null", async () => {
+      acceptOrgInviteService.getOrganizationInvite.mockResolvedValue(null);
+
+      const result = await service.getOrgNameFromOrgInvite();
+
+      expect(result).toBeNull();
+      expect(acceptOrgInviteService.getOrganizationInvite).toHaveBeenCalled();
+    });
+
+    it("returns the organization name from the organization invite when it exists", async () => {
+      acceptOrgInviteService.getOrganizationInvite.mockResolvedValue(orgInvite);
+
+      const result = await service.getOrgNameFromOrgInvite();
+
+      expect(result).toEqual(orgInvite.organizationName);
+      expect(acceptOrgInviteService.getOrganizationInvite).toHaveBeenCalled();
+    });
+  });
+
   describe("getMasterPasswordPolicyOptsFromOrgInvite()", () => {
     let orgInvite: OrganizationInvite | null;
 
diff --git a/apps/web/src/app/auth/core/services/registration/web-registration-finish.service.ts b/apps/web/src/app/auth/core/services/registration/web-registration-finish.service.ts
index 5239601bbc..560196dd19 100644
--- a/apps/web/src/app/auth/core/services/registration/web-registration-finish.service.ts
+++ b/apps/web/src/app/auth/core/services/registration/web-registration-finish.service.ts
@@ -32,6 +32,15 @@ export class WebRegistrationFinishService
     super(cryptoService, accountApiService);
   }
 
+  override async getOrgNameFromOrgInvite(): Promise<string | null> {
+    const orgInvite = await this.acceptOrgInviteService.getOrganizationInvite();
+    if (orgInvite == null) {
+      return null;
+    }
+
+    return orgInvite.organizationName;
+  }
+
   override async getMasterPasswordPolicyOptsFromOrgInvite(): Promise<MasterPasswordPolicyOptions | null> {
     // If there's a deep linked org invite, use it to get the password policies
     const orgInvite = await this.acceptOrgInviteService.getOrganizationInvite();
diff --git a/apps/web/src/app/oss-routing.module.ts b/apps/web/src/app/oss-routing.module.ts
index fa4da88ce7..8822800b36 100644
--- a/apps/web/src/app/oss-routing.module.ts
+++ b/apps/web/src/app/oss-routing.module.ts
@@ -25,6 +25,9 @@ import {
   LockV2Component,
   LockIcon,
   UserLockIcon,
+  RegistrationUserAddIcon,
+  RegistrationLockAltIcon,
+  RegistrationExpiredLinkIcon,
 } from "@bitwarden/auth/angular";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 
@@ -234,6 +237,7 @@ const routes: Routes = [
         path: "signup",
         canActivate: [canAccessFeature(FeatureFlag.EmailVerification), unauthGuardFn()],
         data: {
+          pageIcon: RegistrationUserAddIcon,
           pageTitle: {
             key: "createAccount",
           },
@@ -258,12 +262,7 @@ const routes: Routes = [
         path: "finish-signup",
         canActivate: [canAccessFeature(FeatureFlag.EmailVerification), unauthGuardFn()],
         data: {
-          pageTitle: {
-            key: "setAStrongPassword",
-          },
-          pageSubtitle: {
-            key: "finishCreatingYourAccountBySettingAPassword",
-          },
+          pageIcon: RegistrationLockAltIcon,
           titleId: "setAStrongPassword",
         } satisfies RouteDataProperties & AnonLayoutWrapperData,
         children: [
@@ -310,6 +309,7 @@ const routes: Routes = [
         path: "signup-link-expired",
         canActivate: [canAccessFeature(FeatureFlag.EmailVerification), unauthGuardFn()],
         data: {
+          pageIcon: RegistrationExpiredLinkIcon,
           pageTitle: {
             key: "expiredLink",
           },
diff --git a/apps/web/src/locales/en/messages.json b/apps/web/src/locales/en/messages.json
index 96e987a7f6..5125bb1bfe 100644
--- a/apps/web/src/locales/en/messages.json
+++ b/apps/web/src/locales/en/messages.json
@@ -3781,6 +3781,15 @@
   "joinOrganization": {
     "message": "Join organization"
   },
+  "joinOrganizationName": {
+    "message": "Join $ORGANIZATIONNAME$",
+    "placeholders": {
+      "organizationName": {
+        "content": "$1",
+        "example": "My Org Name"
+      }
+    }
+  },
   "joinOrganizationDesc": {
     "message": "You've been invited to join the organization listed above. To accept the invitation, you need to log in or create a new Bitwarden account."
   },
diff --git a/libs/auth/src/angular/icons/index.ts b/libs/auth/src/angular/icons/index.ts
index cfcad992e3..26e668b784 100644
--- a/libs/auth/src/angular/icons/index.ts
+++ b/libs/auth/src/angular/icons/index.ts
@@ -3,3 +3,6 @@ export * from "./bitwarden-shield.icon";
 export * from "./lock.icon";
 export * from "./user-lock.icon";
 export * from "./user-verification-biometrics-fingerprint.icon";
+export * from "./registration-user-add.icon";
+export * from "./registration-lock-alt.icon";
+export * from "./registration-expired-link.icon";
diff --git a/libs/auth/src/angular/icons/registration-check-email.icon.ts b/libs/auth/src/angular/icons/registration-check-email.icon.ts
index 1d173ff585..6f7dd6a2d6 100644
--- a/libs/auth/src/angular/icons/registration-check-email.icon.ts
+++ b/libs/auth/src/angular/icons/registration-check-email.icon.ts
@@ -1,12 +1,23 @@
 import { svgIcon } from "@bitwarden/components";
 
 export const RegistrationCheckEmailIcon = svgIcon`
-<svg xmlns="http://www.w3.org/2000/svg" width="144" height="113" fill="none">
-<g fill="#175DDC" clip-path="url(#a)">
-    <path class="tw-fill-primary-600" fill-rule="evenodd" d="M39.19 26.64c0-.765.62-1.384 1.383-1.384h18.785a1.383 1.383 0 0 1 0 2.766H40.573c-.764 0-1.383-.619-1.383-1.383ZM39.19 37.819c0-.764.62-1.383 1.383-1.383H58.81a1.383 1.383 0 0 1 0 2.766H40.573c-.764 0-1.383-.62-1.383-1.383ZM39.19 48.998c0-.764.62-1.383 1.383-1.383H61.82a1.383 1.383 0 0 1 0 2.766H40.573c-.764 0-1.383-.62-1.383-1.383Z" clip-rule="evenodd"/>
-    <path class="tw-fill-primary-600" d="M94.576 60.504c0 .382.31.692.691.692 14.892 0 26.977-11.935 26.977-26.675a.692.692 0 0 0-1.383 0c0 13.96-11.451 25.292-25.594 25.292a.691.691 0 0 0-.691.691ZM68.982 35.213c.382 0 .692-.31.692-.692 0-13.96 11.45-25.291 25.593-25.291a.691.691 0 1 0 0-1.383c-14.89 0-26.976 11.935-26.976 26.674 0 .382.31.692.691.692Z"/>
-    <path class="tw-fill-primary-600" fill-rule="evenodd" d="M95.387 2.926c-6.295 0-12.16 1.84-17.086 5.013l-1.136-.877a9.68 9.68 0 0 0-11.705-.096l-8.172 6.098a1.33 1.33 0 0 0-.064.05H33.393a4.149 4.149 0 0 0-4.149 4.15v16.753c-.07.035-.14.078-.205.127l-8.464 6.315a9.68 9.68 0 0 0-3.89 7.759v51.696c0 5.346 4.333 9.68 9.68 9.68h90.733c5.346 0 9.68-4.334 9.68-9.68v-26.48l8.099 8.098a4.84 4.84 0 0 0 6.845 0l.721-.721a4.84 4.84 0 0 0 0-6.845l-15.665-15.665V44.056c0-.587-.366-1.089-.882-1.29a31.666 31.666 0 0 0 1.086-8.245c0-17.45-14.146-31.595-31.595-31.595Zm28.625 52.61v-7.624a31.463 31.463 0 0 1-2.803 4.82l2.803 2.803Zm-4.51-.6a31.84 31.84 0 0 1-3.651 3.659l20.981 20.982c.81.81 2.124.81 2.934 0l.721-.722a2.073 2.073 0 0 0 0-2.933l-20.985-20.986Zm-5.851 5.37a31.434 31.434 0 0 1-16.653 5.77l-.023.014-9.463 5.427a15.205 15.205 0 0 1 2.167 1.666l33.149 30.601a6.876 6.876 0 0 0 1.184-3.87V70.668l-10.361-10.362ZM29.244 37.442l-7.014 5.234a6.914 6.914 0 0 0-2.588 3.925c.062.025.123.056.183.091l9.42 5.626V37.442Zm2.766 16.527 8.172 4.881c.124-.036.255-.056.39-.056h27.813a1.383 1.383 0 0 1 0 2.766H44.72l13.656 8.156a15.208 15.208 0 0 1 4.116-.567H79.36c1.801 0 3.571.32 5.233.928.095-.103.206-.193.334-.267l6.805-3.902C76.004 64.097 63.791 50.735 63.791 34.52a31.454 31.454 0 0 1 6.082-18.64h-36.48c-.764 0-1.383.619-1.383 1.383v36.705Zm40.135-40.851a31.78 31.78 0 0 1 3.8-3.504l-.47-.363a6.914 6.914 0 0 0-8.36-.068l-5.27 3.932h10.212c.03 0 .059 0 .088.003ZM66.557 34.52c0-15.922 12.907-28.83 28.83-28.83 15.922 0 28.829 12.908 28.829 28.83 0 15.922-12.907 28.83-28.83 28.83-15.922 0-28.83-12.908-28.83-28.83ZM19.45 49.691v50.223c0 1.418.428 2.738 1.16 3.835l31.298-30.315a15.21 15.21 0 0 1 3.266-2.41L19.45 49.69Zm3.124 56.007a6.888 6.888 0 0 0 3.79 1.13h90.734a6.879 6.879 0 0 0 3.752-1.106L87.803 75.216a12.446 12.446 0 0 0-8.442-3.301H62.49a12.446 12.446 0 0 0-8.658 3.506l-31.259 30.277Z" clip-rule="evenodd"/></g><defs><clipPath id="a">
-    <path class="tw-fill-primary-600" fill="#fff" d="M.09 0h143.82v112.705H.09z"/>
-    </clipPath>
-    </defs>
-</svg>`;
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 120 100" fill="none">
+    <path class="tw-stroke-art-primary"  stroke-linecap="round" stroke-width="2.477"
+        d="M104.552 42.242v12.023M48.415 17.31l6.51-4.858a7.43 7.43 0 0 1 8.984.074l1.172.904M24.844 34.897l-6.857 5.116A7.43 7.43 0 0 0 15 45.97v42.366a7.43 7.43 0 0 0 7.43 7.43h74.691a7.43 7.43 0 0 0 7.431-7.43V64.291" />
+    <path class="tw-stroke-art-primary"  stroke-linecap="round" stroke-width="2.477"
+        d="M25.48 50.5V20.058a2.477 2.477 0 0 1 2.476-2.477h32.091" />
+    <path class="tw-stroke-art-accent" stroke-linecap="round" stroke-width="2.477"
+        d="M33.778 27.71h15.674M33.778 37.037h15.217M33.778 46.364h17.728M33.778 55.691h23.206" />
+    <path class="tw-stroke-art-primary" stroke-width="2.477"
+        d="M102.645 93.86 74.211 67.614a12.384 12.384 0 0 0-8.4-3.284H52.41c-3.216 0-6.306 1.251-8.616 3.488L16.904 93.86" />
+    <path class="tw-stroke-art-primary" stroke-linecap="round" stroke-width="2.477" d="m71.36 64.73 8.904-5.106" />
+    <path class="tw-stroke-art-primary" stroke-linecap="round" stroke-width="2.477" d="M1.238-1.238h37.47"
+        transform="matrix(.85856 .5127 .51278 -.85852 15.476 43.85)" />
+    <path class="tw-stroke-art-primary" stroke-linecap="round" stroke-linejoin="round" stroke-width="2.477"
+        d="M104.722 34.286c0 13.922-11.286 25.207-25.209 25.207-13.922 0-25.208-11.285-25.208-25.207 0-13.92 11.286-25.206 25.208-25.206 13.923 0 25.209 11.285 25.209 25.206Z" />
+    <path class="tw-stroke-art-accent" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.238"
+        d="M101.346 34.287c0 11.972-9.82 21.678-21.932 21.678m0-43.355c-12.113 0-21.932 9.705-21.932 21.677" />
+    <path class="tw-stroke-art-primary" stroke-linecap="round" stroke-linejoin="round" stroke-width="2.477"
+        d="m99.636 49.689 3.853 3.852 14.322 14.32a3.096 3.096 0 0 1 0 4.379l-.303.303a3.097 3.097 0 0 1-4.379 0l-14.322-14.32-3.852-3.853" />
+</svg>
+`;
diff --git a/libs/auth/src/angular/icons/registration-expired-link.icon.ts b/libs/auth/src/angular/icons/registration-expired-link.icon.ts
index 50bcc53808..3323c7f0b2 100644
--- a/libs/auth/src/angular/icons/registration-expired-link.icon.ts
+++ b/libs/auth/src/angular/icons/registration-expired-link.icon.ts
@@ -1,20 +1,9 @@
 import { svgIcon } from "@bitwarden/components";
 
 export const RegistrationExpiredLinkIcon = svgIcon`
-<svg width="64" height="64" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
-    <g clip-path="url(#clip0_8198_6255)">
-        <path 
-            class="tw-fill-primary-600"
-            d="M2.70609 5.38455C3.71495 3.18341 5.95991 1.65214 8.56633 1.65214C12.1167 1.65214 14.9948 4.4927 14.9948 7.99672C14.9948 11.5007 12.1167 14.3413 8.56633 14.3413C5.90396 14.3413 3.61848 12.7438 2.64241 10.4652C2.53502 10.2144 2.24202 10.0971 1.98799 10.2031C1.73396 10.3091 1.61509 10.5983 1.72248 10.849C2.8493 13.4796 5.48864 15.327 8.56633 15.327C12.6683 15.327 15.9936 12.0451 15.9936 7.99672C15.9936 3.9483 12.6683 0.666412 8.56633 0.666412C5.41721 0.666412 2.72675 2.60033 1.64603 5.33002L0.858226 3.92917C0.734524 3.70921 0.455929 3.63117 0.235967 3.75487C0.0160044 3.87858 -0.0620299 4.15717 0.0616722 4.37713L1.35147 6.6706C1.47517 6.89056 1.75377 6.9686 1.97373 6.8449L4.2672 5.5551C4.48716 5.4314 4.5652 5.1528 4.44149 4.93284C4.31779 4.71288 4.0392 4.63484 3.81923 4.75854L2.70609 5.38455Z"
-            fill="#175DDC" />
-        <path
-            class="tw-fill-primary-600"
-            d="M10.7225 10.2926C10.6408 10.3474 10.5437 10.3767 10.4447 10.3767C10.318 10.3767 10.1962 10.3283 10.1041 10.2418L8.14837 8.41125C8.09985 8.36578 8.06123 8.31053 8.03449 8.24991C8.00775 8.18928 7.99389 8.12376 7.99389 8.05727V3.49271C7.99389 3.36314 8.04588 3.23896 8.13896 3.14704C8.23204 3.05512 8.3578 3.00378 8.48901 3.00378C8.62021 3.00378 8.74597 3.05561 8.83905 3.14704C8.93213 3.23847 8.98412 3.36314 8.98412 3.49271V7.84605L10.7853 9.53284C10.8571 9.60031 10.9071 9.68734 10.9284 9.78268C10.9497 9.87802 10.9413 9.97776 10.9047 10.0687C10.868 10.1596 10.8042 10.2379 10.7225 10.2926Z"
-            fill="#175DDC" />
-    </g>
-    <defs>
-        <clipPath id="clip0_8198_6255">
-            <rect width="15.9952" height="15.9952" fill="white" />
-        </clipPath>
-    </defs>
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 120 100" fill="none">
+    <path class="tw-art-primary" fill="#175DDC"
+        d="M36.167 38.348c4.543-9.911 14.651-16.806 26.387-16.806 15.986 0 28.945 12.79 28.945 28.567 0 15.777-12.96 28.568-28.945 28.568-11.988 0-22.278-7.193-26.673-17.453-.484-1.13-1.803-1.657-2.947-1.18a2.209 2.209 0 0 0-1.195 2.908c5.073 11.845 16.957 20.163 30.815 20.163 18.47 0 33.442-14.777 33.442-33.006 0-18.228-14.972-33.006-33.442-33.006-14.18 0-26.294 8.708-31.16 20.999l-3.547-6.307a2.057 2.057 0 0 0-3.586 2.017l5.807 10.326a2.057 2.057 0 0 0 2.802.785l10.327-5.808a2.057 2.057 0 1 0-2.018-3.586l-5.012 2.819Z" />
+    <path class="tw-art-primary" fill="#175DDC"
+        d="M72.263 60.447a2.25 2.25 0 0 1-2.785-.229l-8.806-8.242a2.229 2.229 0 0 1-.512-.727 2.148 2.148 0 0 1-.183-.867V29.829c0-.583.234-1.142.653-1.556a2.251 2.251 0 0 1 3.152 0c.42.412.653.973.653 1.556v19.602l8.11 7.595a2.178 2.178 0 0 1 .537 2.413c-.164.41-.452.761-.82 1.008Z" />
 </svg>`;
diff --git a/libs/auth/src/angular/icons/registration-lock-alt.icon.ts b/libs/auth/src/angular/icons/registration-lock-alt.icon.ts
new file mode 100644
index 0000000000..511f9710dc
--- /dev/null
+++ b/libs/auth/src/angular/icons/registration-lock-alt.icon.ts
@@ -0,0 +1,41 @@
+import { svgIcon } from "@bitwarden/components";
+
+export const RegistrationLockAltIcon = svgIcon`
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 120 100" fill="none">
+    <path class="tw-fill-art-primary"  fill-rule="evenodd"
+        d="M47.048 77.093a1 1 0 0 1 1 1v5.811a1 1 0 0 1-2 0v-5.811a1 1 0 0 1 1-1Z"
+        clip-rule="evenodd" />
+    <path class="tw-fill-art-primary"  fill-rule="evenodd"
+        d="M53.547 81.8a1 1 0 0 1-.643 1.26l-5.548 1.795a1 1 0 1 1-.616-1.902l5.547-1.797a1 1 0 0 1 1.26.644Z"
+        clip-rule="evenodd" />
+    <path class="tw-fill-art-primary"  fill-rule="evenodd"
+        d="M46.462 83.094a1 1 0 0 1 1.396.225l3.435 4.755a1 1 0 1 1-1.622 1.17l-3.434-4.754a1 1 0 0 1 .225-1.396Z"
+        clip-rule="evenodd" />
+    <path class="tw-fill-art-primary"  fill-rule="evenodd"
+        d="M47.634 83.094a1 1 0 0 1 .225 1.396l-3.434 4.755a1 1 0 1 1-1.621-1.171l3.434-4.755a1 1 0 0 1 1.396-.225Z"
+        clip-rule="evenodd" />
+    <path class="tw-fill-art-primary"  fill-rule="evenodd"
+        d="M40.549 81.8a1 1 0 0 1 1.26-.644l5.547 1.797a1 1 0 1 1-.617 1.902l-5.547-1.796a1 1 0 0 1-.643-1.26ZM65.91 77.093a1 1 0 0 1 1 1v5.811a1 1 0 0 1-2 0v-5.811a1 1 0 0 1 1-1Z"
+        clip-rule="evenodd" />
+    <path class="tw-fill-art-primary"  fill-rule="evenodd"
+        d="M72.463 81.802a1 1 0 0 1-.647 1.258l-5.6 1.796a1 1 0 0 1-.611-1.904l5.6-1.796a1 1 0 0 1 1.258.646Z"
+        clip-rule="evenodd" />
+    <path class="tw-fill-art-primary"  fill-rule="evenodd"
+        d="M65.325 83.094a1 1 0 0 1 1.396.225l3.434 4.755a1 1 0 0 1-1.621 1.17L65.1 84.49a1 1 0 0 1 .225-1.396Z"
+        clip-rule="evenodd" />
+    <path class="tw-fill-art-primary"  fill-rule="evenodd"
+        d="M66.49 83.09a1 1 0 0 1 .235 1.394l-3.382 4.755a1 1 0 1 1-1.63-1.16l3.382-4.754a1 1 0 0 1 1.394-.236Z"
+        clip-rule="evenodd" />
+    <path class="tw-fill-art-primary"  fill-rule="evenodd"
+        d="M59.41 81.8a1 1 0 0 1 1.26-.644l5.548 1.797a1 1 0 1 1-.616 1.902l-5.548-1.796a1 1 0 0 1-.643-1.26ZM77.5 88.5a1 1 0 0 1 1-1h11a1 1 0 1 1 0 2h-11a1 1 0 0 1-1-1ZM94.5 88.5a1 1 0 0 1 1-1h11a1 1 0 0 1 0 2h-11a1 1 0 0 1-1-1Z"
+        clip-rule="evenodd" />
+    <path class="tw-fill-art-accent"  fill-rule="evenodd"
+        d="M105 72.5H46c-5.799 0-10.5 4.701-10.5 10.5v.5C35.5 89.299 40.201 94 46 94h59c5.799 0 10.5-4.701 10.5-10.5V83c0-5.799-4.701-10.5-10.5-10.5Zm-59-2c-6.904 0-12.5 5.596-12.5 12.5v.5C33.5 90.404 39.096 96 46 96h59c6.904 0 12.5-5.596 12.5-12.5V83c0-6.904-5.596-12.5-12.5-12.5H46Z"
+        clip-rule="evenodd" />
+    <path class="tw-fill-art-primary"  fill-rule="evenodd"
+        d="M30.5 42.5a7 7 0 0 0-7 7V85a7 7 0 0 0 7 7h9v2h-9a9 9 0 0 1-9-9V49.5a9 9 0 0 1 9-9h49a9 9 0 0 1 9 9v22.25h-2V49.5a7 7 0 0 0-7-7h-49Z"
+        clip-rule="evenodd" />
+    <path class="tw-fill-art-primary"  fill-rule="evenodd"
+        d="M54.75 5C43.592 5 34.5 14.056 34.5 25.15V41h-2V25.15C32.5 12.943 42.496 3 54.75 3 67.002 3 77 12.889 77 25.15V41h-2V25.15C75 14.005 65.91 5 54.75 5ZM51 54.158c0-1.996 1.543-3.658 3.5-3.658s3.5 1.662 3.5 3.658a3.722 3.722 0 0 1-1.201 2.758L56.8 57v6.106c0 1.298-1.006 2.395-2.3 2.395-1.294 0-2.3-1.097-2.3-2.395V57l.001-.083A3.722 3.722 0 0 1 51 54.158Zm3.5-2.658c-1.357 0-2.5 1.165-2.5 2.658a2.71 2.71 0 0 0 1.029 2.148l.231.18-.043.29c-.011.072-.017.147-.017.223v6.106c0 .795.606 1.395 1.3 1.395.694 0 1.3-.6 1.3-1.395V57c0-.076-.006-.15-.017-.224l-.043-.29.231-.179A2.71 2.71 0 0 0 57 54.158c0-1.493-1.143-2.658-2.5-2.658Z"
+        clip-rule="evenodd" />
+</svg>`;
diff --git a/libs/auth/src/angular/icons/registration-user-add.icon.ts b/libs/auth/src/angular/icons/registration-user-add.icon.ts
new file mode 100644
index 0000000000..69240cd029
--- /dev/null
+++ b/libs/auth/src/angular/icons/registration-user-add.icon.ts
@@ -0,0 +1,24 @@
+import { svgIcon } from "@bitwarden/components";
+
+export const RegistrationUserAddIcon = svgIcon`
+<svg xmlns="http://www.w3.org/2000/svg"  viewBox="0 0 120 100" fill="none">
+    <path class="tw-fill-art-primary"  fill-rule="evenodd"
+        d="M0 21.627a7.798 7.798 0 0 1 7.798-7.798H89.38a7.798 7.798 0 0 1 7.799 7.798v8.764h-2.4v-8.764a5.399 5.399 0 0 0-5.398-5.398H7.797A5.399 5.399 0 0 0 2.4 21.627v49.19a5.399 5.399 0 0 0 5.4 5.399h9.483v2.399H7.798A7.798 7.798 0 0 1 0 70.817v-49.19Zm49.378 54.589h13.498v2.399H49.378v-2.4Z"
+        clip-rule="evenodd" />
+    <path class="tw-fill-art-primary" fill-rule="evenodd"
+        d="M88.78 61.819c8.946 0 16.197-7.252 16.197-16.197s-7.251-16.196-16.196-16.196-16.197 7.251-16.197 16.196S79.836 61.82 88.781 61.82Zm0 2.4c10.27 0 18.597-8.326 18.597-18.597 0-10.27-8.326-18.596-18.596-18.596s-18.596 8.326-18.596 18.596S78.51 64.218 88.78 64.218Z"
+        clip-rule="evenodd" />
+    <path class="tw-fill-art-primary" fill-rule="evenodd"
+        d="M61.005 90.612h54.28c1.303 0 1.833-.344 2.01-.53.128-.134.396-.517.226-1.586-2.187-13.74-14.213-24.278-28.752-24.278S62.203 74.757 60.017 88.496c-.09.569.026 1.226.279 1.662.115.199.23.305.316.359.072.045.184.095.393.095Zm0 2.4h54.28c3.346 0 5.104-1.76 4.605-4.894-2.371-14.903-15.402-26.3-31.121-26.3-15.72 0-28.75 11.397-31.122 26.3-.337 2.122.744 4.894 3.358 4.894Z"
+        clip-rule="evenodd" />
+    <path class="tw-fill-art-accent"  fill-rule="evenodd"
+        d="M77.983 21.027a1.2 1.2 0 0 1-1.2-1.2v-.6a1.2 1.2 0 0 1 2.4 0v.6a1.2 1.2 0 0 1-1.2 1.2ZM83.382 21.027a1.2 1.2 0 0 1-1.2-1.2v-.497a1.2 1.2 0 1 1 2.4 0v.498a1.2 1.2 0 0 1-1.2 1.2ZM88.78 21.027a1.2 1.2 0 0 1-1.2-1.2v-.497a1.2 1.2 0 1 1 2.4 0v.498a1.2 1.2 0 0 1-1.2 1.2Z"
+        clip-rule="evenodd" />
+    <path class="tw-fill-art-primary" fill-rule="evenodd" d="M95.083 24.027H0v-1.2h95.083v1.2Z"
+        clip-rule="evenodd" />
+    <g clip-path="url(#a)">
+        <path class="tw-fill-art-accent" 
+            d="M32.727 93.11a16.908 16.908 0 0 1-9.477-2.91 17.228 17.228 0 0 1-6.284-7.752 17.467 17.467 0 0 1-.97-9.98 17.343 17.343 0 0 1 4.669-8.843 17.002 17.002 0 0 1 8.735-4.727 16.867 16.867 0 0 1 9.856.982 17.113 17.113 0 0 1 7.656 6.362 17.419 17.419 0 0 1 2.875 9.596 17.4 17.4 0 0 1-5.003 12.208 16.977 16.977 0 0 1-12.057 5.065Zm0-32.245c-2.924 0-5.784.877-8.216 2.523a14.932 14.932 0 0 0-5.447 6.72 15.148 15.148 0 0 0-.84 8.652 15.028 15.028 0 0 0 4.047 7.667 14.729 14.729 0 0 0 7.572 4.098c2.87.578 5.842.281 8.545-.851a14.827 14.827 0 0 0 6.637-5.515 15.11 15.11 0 0 0 2.493-8.319 15.087 15.087 0 0 0-4.336-10.583 14.714 14.714 0 0 0-10.453-4.39l-.002-.002Zm8.82 14.168h-6.9a1.105 1.105 0 0 1-.793-.333 1.149 1.149 0 0 1-.328-.802v-6.99a.81.81 0 0 0-.233-.568.793.793 0 0 0-1.357.569v6.985a1.144 1.144 0 0 1-.328.802 1.115 1.115 0 0 1-.793.332h-6.907a.788.788 0 0 0-.562.237.812.812 0 0 0 0 1.139.79.79 0 0 0 .562.235h6.899c.296 0 .582.12.791.333.21.212.329.5.329.8v6.99c0 .213.084.418.232.57a.788.788 0 0 0 1.125 0 .809.809 0 0 0 .232-.57v-6.98c0-.301.119-.59.329-.802.21-.212.494-.332.79-.332h6.906a.795.795 0 0 0 .795-.806.81.81 0 0 0-.232-.569.791.791 0 0 0-.563-.236l.004-.004h.002Z" />
+    </g>
+</svg>
+`;
diff --git a/libs/auth/src/angular/registration/registration-finish/default-registration-finish.service.spec.ts b/libs/auth/src/angular/registration/registration-finish/default-registration-finish.service.spec.ts
index 5417d617a9..fe6b9b2c7d 100644
--- a/libs/auth/src/angular/registration/registration-finish/default-registration-finish.service.spec.ts
+++ b/libs/auth/src/angular/registration/registration-finish/default-registration-finish.service.spec.ts
@@ -37,6 +37,14 @@ describe("DefaultRegistrationFinishService", () => {
     });
   });
 
+  describe("getOrgNameFromOrgInvite()", () => {
+    it("returns null", async () => {
+      const result = await service.getOrgNameFromOrgInvite();
+
+      expect(result).toBeNull();
+    });
+  });
+
   describe("finishRegistration()", () => {
     let email: string;
     let emailVerificationToken: string;
diff --git a/libs/auth/src/angular/registration/registration-finish/default-registration-finish.service.ts b/libs/auth/src/angular/registration/registration-finish/default-registration-finish.service.ts
index 63b01be995..6d77c77749 100644
--- a/libs/auth/src/angular/registration/registration-finish/default-registration-finish.service.ts
+++ b/libs/auth/src/angular/registration/registration-finish/default-registration-finish.service.ts
@@ -15,6 +15,10 @@ export class DefaultRegistrationFinishService implements RegistrationFinishServi
     protected accountApiService: AccountApiService,
   ) {}
 
+  getOrgNameFromOrgInvite(): Promise<string | null> {
+    return null;
+  }
+
   getMasterPasswordPolicyOptsFromOrgInvite(): Promise<MasterPasswordPolicyOptions | null> {
     return null;
   }
diff --git a/libs/auth/src/angular/registration/registration-finish/registration-finish.component.ts b/libs/auth/src/angular/registration/registration-finish/registration-finish.component.ts
index ef40d95dce..be9d8abe5b 100644
--- a/libs/auth/src/angular/registration/registration-finish/registration-finish.component.ts
+++ b/libs/auth/src/angular/registration/registration-finish/registration-finish.component.ts
@@ -1,7 +1,7 @@
 import { CommonModule } from "@angular/common";
 import { Component, OnDestroy, OnInit } from "@angular/core";
 import { ActivatedRoute, Params, Router, RouterModule } from "@angular/router";
-import { EMPTY, Subject, from, switchMap, takeUntil, tap } from "rxjs";
+import { Subject, firstValueFrom } from "rxjs";
 
 import { JslibModule } from "@bitwarden/angular/jslib.module";
 import { MasterPasswordPolicyOptions } from "@bitwarden/common/admin-console/models/domain/master-password-policy-options";
@@ -15,6 +15,7 @@ import { ValidationService } from "@bitwarden/common/platform/abstractions/valid
 import { ToastService } from "@bitwarden/components";
 
 import { LoginStrategyServiceAbstraction, PasswordLoginCredentials } from "../../../common";
+import { AnonLayoutWrapperDataService } from "../../anon-layout/anon-layout-wrapper-data.service";
 import { InputPasswordComponent } from "../../input-password/input-password.component";
 import { PasswordInputResult } from "../../input-password/password-input-result";
 
@@ -60,55 +61,72 @@ export class RegistrationFinishComponent implements OnInit, OnDestroy {
     private accountApiService: AccountApiService,
     private loginStrategyService: LoginStrategyServiceAbstraction,
     private logService: LogService,
+    private anonLayoutWrapperDataService: AnonLayoutWrapperDataService,
   ) {}
 
   async ngOnInit() {
-    this.listenForQueryParamChanges();
-    this.masterPasswordPolicyOptions =
-      await this.registrationFinishService.getMasterPasswordPolicyOptsFromOrgInvite();
+    const qParams = await firstValueFrom(this.activatedRoute.queryParams);
+    this.handleQueryParams(qParams);
+
+    if (
+      qParams.fromEmail &&
+      qParams.fromEmail === "true" &&
+      this.email &&
+      this.emailVerificationToken
+    ) {
+      await this.initEmailVerificationFlow();
+    } else {
+      // Org Invite flow OR registration with email verification disabled Flow
+      const orgInviteFlow = await this.initOrgInviteFlowIfPresent();
+
+      if (!orgInviteFlow) {
+        this.initRegistrationWithEmailVerificationDisabledFlow();
+      }
+    }
+
+    this.loading = false;
   }
 
-  private listenForQueryParamChanges() {
-    this.activatedRoute.queryParams
-      .pipe(
-        tap((qParams: Params) => {
-          if (qParams.email != null && qParams.email.indexOf("@") > -1) {
-            this.email = qParams.email;
-          }
+  private handleQueryParams(qParams: Params) {
+    if (qParams.email != null && qParams.email.indexOf("@") > -1) {
+      this.email = qParams.email;
+    }
 
-          if (qParams.token != null) {
-            this.emailVerificationToken = qParams.token;
-          }
+    if (qParams.token != null) {
+      this.emailVerificationToken = qParams.token;
+    }
 
-          if (qParams.orgSponsoredFreeFamilyPlanToken != null) {
-            this.orgSponsoredFreeFamilyPlanToken = qParams.orgSponsoredFreeFamilyPlanToken;
-          }
+    if (qParams.orgSponsoredFreeFamilyPlanToken != null) {
+      this.orgSponsoredFreeFamilyPlanToken = qParams.orgSponsoredFreeFamilyPlanToken;
+    }
 
-          if (qParams.acceptEmergencyAccessInviteToken != null && qParams.emergencyAccessId) {
-            this.acceptEmergencyAccessInviteToken = qParams.acceptEmergencyAccessInviteToken;
-            this.emergencyAccessId = qParams.emergencyAccessId;
-          }
-        }),
-        switchMap((qParams: Params) => {
-          if (
-            qParams.fromEmail &&
-            qParams.fromEmail === "true" &&
-            this.email &&
-            this.emailVerificationToken
-          ) {
-            return from(
-              this.registerVerificationEmailClicked(this.email, this.emailVerificationToken),
-            );
-          } else {
-            // org invite flow
-            this.loading = false;
-            return EMPTY;
-          }
-        }),
+    if (qParams.acceptEmergencyAccessInviteToken != null && qParams.emergencyAccessId) {
+      this.acceptEmergencyAccessInviteToken = qParams.acceptEmergencyAccessInviteToken;
+      this.emergencyAccessId = qParams.emergencyAccessId;
+    }
+  }
 
-        takeUntil(this.destroy$),
-      )
-      .subscribe();
+  private async initOrgInviteFlowIfPresent(): Promise<boolean> {
+    this.masterPasswordPolicyOptions =
+      await this.registrationFinishService.getMasterPasswordPolicyOptsFromOrgInvite();
+
+    const orgName = await this.registrationFinishService.getOrgNameFromOrgInvite();
+    if (orgName) {
+      // Org invite exists
+      // Set the page title and subtitle appropriately
+      this.anonLayoutWrapperDataService.setAnonLayoutWrapperData({
+        pageTitle: {
+          key: "joinOrganizationName",
+          placeholders: [orgName],
+        },
+        pageSubtitle: {
+          key: "finishJoiningThisOrganizationBySettingAMasterPassword",
+        },
+      });
+      return true;
+    }
+
+    return false;
   }
 
   async handlePasswordFormSubmit(passwordInputResult: PasswordInputResult) {
@@ -162,9 +180,24 @@ export class RegistrationFinishComponent implements OnInit, OnDestroy {
     this.submitting = false;
   }
 
+  private setDefaultPageTitleAndSubtitle() {
+    this.anonLayoutWrapperDataService.setAnonLayoutWrapperData({
+      pageTitle: {
+        key: "setAStrongPassword",
+      },
+      pageSubtitle: {
+        key: "finishCreatingYourAccountBySettingAPassword",
+      },
+    });
+  }
+
+  private async initEmailVerificationFlow() {
+    this.setDefaultPageTitleAndSubtitle();
+    await this.registerVerificationEmailClicked(this.email, this.emailVerificationToken);
+  }
+
   private async registerVerificationEmailClicked(email: string, emailVerificationToken: string) {
     const request = new RegisterVerificationEmailClickedRequest(email, emailVerificationToken);
-
     try {
       const result = await this.accountApiService.registerVerificationEmailClicked(request);
 
@@ -174,11 +207,9 @@ export class RegistrationFinishComponent implements OnInit, OnDestroy {
           message: this.i18nService.t("emailVerifiedV2"),
           variant: "success",
         });
-        this.loading = false;
       }
     } catch (e) {
       await this.handleRegisterVerificationEmailClickedError(e);
-      this.loading = false;
     }
   }
 
@@ -204,6 +235,10 @@ export class RegistrationFinishComponent implements OnInit, OnDestroy {
     }
   }
 
+  private initRegistrationWithEmailVerificationDisabledFlow() {
+    this.setDefaultPageTitleAndSubtitle();
+  }
+
   ngOnDestroy(): void {
     this.destroy$.next();
     this.destroy$.complete();
diff --git a/libs/auth/src/angular/registration/registration-finish/registration-finish.service.ts b/libs/auth/src/angular/registration/registration-finish/registration-finish.service.ts
index b585aa78ed..b7abd38108 100644
--- a/libs/auth/src/angular/registration/registration-finish/registration-finish.service.ts
+++ b/libs/auth/src/angular/registration/registration-finish/registration-finish.service.ts
@@ -3,6 +3,13 @@ import { MasterPasswordPolicyOptions } from "@bitwarden/common/admin-console/mod
 import { PasswordInputResult } from "../../input-password/password-input-result";
 
 export abstract class RegistrationFinishService {
+  /**
+   * Retrieves the organization name from an organization invite if it exists.
+   * Organization invites can currently only be accepted on the web.
+   * @returns a promise which resolves to the organization name string or null if no invite exists.
+   */
+  abstract getOrgNameFromOrgInvite(): Promise<string | null>;
+
   /**
    * Gets the master password policy options from an organization invite if it exits.
    * Organization invites can currently only be accepted on the web.
@@ -18,7 +25,7 @@ export abstract class RegistrationFinishService {
    * @param orgSponsoredFreeFamilyPlanToken The optional org sponsored free family plan token.
    * @param acceptEmergencyAccessInviteToken The optional accept emergency access invite token.
    * @param emergencyAccessId The optional emergency access id which is required to validate the emergency access invite token.
-   * Returns a promise which resolves to the captcha bypass token string upon a successful account creation.
+   * @returns a promise which resolves to the captcha bypass token string upon a successful account creation.
    */
   abstract finishRegistration(
     email: string,
diff --git a/libs/auth/src/angular/registration/registration-link-expired/registration-link-expired.component.html b/libs/auth/src/angular/registration/registration-link-expired/registration-link-expired.component.html
index 5aa6866bbe..7714990231 100644
--- a/libs/auth/src/angular/registration/registration-link-expired/registration-link-expired.component.html
+++ b/libs/auth/src/angular/registration/registration-link-expired/registration-link-expired.component.html
@@ -1,6 +1,4 @@
 <div class="tw-flex tw-flex-col tw-items-center tw-justify-center">
-  <bit-icon [icon]="Icons.RegistrationExpiredLinkIcon" class="tw-mb-6"></bit-icon>
-
   <p
     bitTypography="body1"
     class="tw-text-center tw-mb-3 tw-text-main"
diff --git a/libs/auth/src/angular/registration/registration-start/registration-start.component.html b/libs/auth/src/angular/registration/registration-start/registration-start.component.html
index ad30f4a87a..de3611a597 100644
--- a/libs/auth/src/angular/registration/registration-start/registration-start.component.html
+++ b/libs/auth/src/angular/registration/registration-start/registration-start.component.html
@@ -79,19 +79,6 @@
 
 <ng-container *ngIf="state === RegistrationStartState.CHECK_EMAIL">
   <div class="tw-flex tw-flex-col tw-items-center tw-justify-center">
-    <bit-icon [icon]="Icons.RegistrationCheckEmailIcon" class="tw-mb-6"></bit-icon>
-
-    <h2
-      bitTypography="h2"
-      id="check_your_email_heading"
-      class="tw-font-bold tw-mb-3 tw-text-main"
-      tabindex="0"
-      aria-describedby="follow_the_link_body"
-      appAutofocus
-    >
-      {{ "checkYourEmail" | i18n }}
-    </h2>
-
     <p bitTypography="body1" class="tw-text-center tw-mb-3 tw-text-main" id="follow_the_link_body">
       {{ "followTheLinkInTheEmailSentTo" | i18n }}
       <span class="tw-font-bold">{{ email.value }}</span>
diff --git a/libs/auth/src/angular/registration/registration-start/registration-start.component.ts b/libs/auth/src/angular/registration/registration-start/registration-start.component.ts
index 141bff1152..258f811ec8 100644
--- a/libs/auth/src/angular/registration/registration-start/registration-start.component.ts
+++ b/libs/auth/src/angular/registration/registration-start/registration-start.component.ts
@@ -18,6 +18,8 @@ import {
   LinkModule,
 } from "@bitwarden/components";
 
+import { AnonLayoutWrapperDataService } from "../../anon-layout/anon-layout-wrapper-data.service";
+import { RegistrationUserAddIcon } from "../../icons";
 import { RegistrationCheckEmailIcon } from "../../icons/registration-check-email.icon";
 import { RegistrationEnvSelectorComponent } from "../registration-env-selector/registration-env-selector.component";
 
@@ -54,7 +56,6 @@ export class RegistrationStartComponent implements OnInit, OnDestroy {
 
   state: RegistrationStartState = RegistrationStartState.USER_DATA_ENTRY;
   RegistrationStartState = RegistrationStartState;
-  readonly Icons = { RegistrationCheckEmailIcon };
 
   isSelfHost = false;
 
@@ -88,6 +89,7 @@ export class RegistrationStartComponent implements OnInit, OnDestroy {
     private platformUtilsService: PlatformUtilsService,
     private accountApiService: AccountApiService,
     private router: Router,
+    private anonLayoutWrapperDataService: AnonLayoutWrapperDataService,
   ) {
     this.isSelfHost = platformUtilsService.isSelfHost();
   }
@@ -148,6 +150,12 @@ export class RegistrationStartComponent implements OnInit, OnDestroy {
 
     // Result is null, so email verification is required
     this.state = RegistrationStartState.CHECK_EMAIL;
+    this.anonLayoutWrapperDataService.setAnonLayoutWrapperData({
+      pageTitle: {
+        key: "checkYourEmail",
+      },
+      pageIcon: RegistrationCheckEmailIcon,
+    });
     this.registrationStartStateChange.emit(this.state);
   };
 
@@ -171,6 +179,12 @@ export class RegistrationStartComponent implements OnInit, OnDestroy {
 
   goBack() {
     this.state = RegistrationStartState.USER_DATA_ENTRY;
+    this.anonLayoutWrapperDataService.setAnonLayoutWrapperData({
+      pageIcon: RegistrationUserAddIcon,
+      pageTitle: {
+        key: "createAccount",
+      },
+    });
     this.registrationStartStateChange.emit(this.state);
   }
 
diff --git a/libs/auth/src/angular/registration/registration-start/registration-start.stories.ts b/libs/auth/src/angular/registration/registration-start/registration-start.stories.ts
index e4d016de49..f7f6185280 100644
--- a/libs/auth/src/angular/registration/registration-start/registration-start.stories.ts
+++ b/libs/auth/src/angular/registration/registration-start/registration-start.stories.ts
@@ -30,6 +30,8 @@ import {
 // FIXME: remove `/apps` import from `/libs`
 // eslint-disable-next-line import/no-restricted-paths
 import { PreloadedEnglishI18nModule } from "../../../../../../apps/web/src/app/core/tests";
+import { AnonLayoutWrapperDataService } from "../../anon-layout/anon-layout-wrapper-data.service";
+import { AnonLayoutWrapperData } from "../../anon-layout/anon-layout-wrapper.component";
 
 import { RegistrationStartComponent } from "./registration-start.component";
 
@@ -88,6 +90,14 @@ const decorators = (options: {
             getClientType: () => options.clientType || ClientType.Web,
           } as Partial<PlatformUtilsService>,
         },
+        {
+          provide: AnonLayoutWrapperDataService,
+          useValue: {
+            setAnonLayoutWrapperData: (data: AnonLayoutWrapperData) => {
+              return;
+            },
+          } as Partial<AnonLayoutWrapperDataService>,
+        },
         {
           provide: ToastService,
           useValue: {

From 80e6b1afd1907c45fdcb019d06b88d93f61db322 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?=
 <mchecinski@bitwarden.com>
Date: Thu, 17 Oct 2024 11:32:08 +0200
Subject: [PATCH 02/10] [BRE-101] Remove dept-devops from CODEOWNERS (#9564)

* BRE-101: Remove dept-devops from CODEOWNERS

* Fix

* Update codeowners
---
 .github/CODEOWNERS | 33 ++++++++++++++++++++++++---------
 1 file changed, 24 insertions(+), 9 deletions(-)

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 7a7bb31ea5..ad802d791e 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -114,18 +114,33 @@ apps/desktop/destkop_native/core/src/biometric/ @bitwarden/team-key-management-d
 apps/desktop/src/services/native-messaging.service.ts @bitwarden/team-key-management-dev
 apps/browser/src/background/nativeMessaging.background.ts @bitwarden/team-key-management-dev
 
-## DevOps team files ##
-/.github/workflows @bitwarden/dept-devops
-
-# DevOps for Docker changes.
-**/Dockerfile @bitwarden/dept-devops
-**/*.Dockerfile @bitwarden/dept-devops
-**/.dockerignore @bitwarden/dept-devops
-**/entrypoint.sh @bitwarden/dept-devops
-
 ## Locales ##
 apps/browser/src/_locales/en/messages.json
 apps/browser/store/locales/en
 apps/cli/src/locales/en/messages.json
 apps/desktop/src/locales/en/messages.json
 apps/web/src/locales/en/messages.json
+
+## BRE team owns these workflows ##
+.github/workflows/brew-bump-desktop.yml @bitwarden/dept-bre
+.github/workflows/deploy-web.yml @bitwarden/dept-bre
+.github/workflows/publish-cli.yml @bitwarden/dept-bre
+.github/workflows/publish-desktop.yml @bitwarden/dept-bre
+.github/workflows/publish-web.yml @bitwarden/dept-bre
+.github/workflows/retrieve-current-desktop-rollout.yml @bitwarden/dept-bre
+.github/workflows/staged-rollout-desktop.yml @bitwarden/dept-bre
+
+## Shared ownership workflows ##
+.github/workflows/release-browser.yml
+.github/workflows/release-cli.yml
+.github/workflows/release-desktop-beta.yml
+.github/workflows/release-desktop.yml
+.github/workflows/release-web.yml
+.github/workflows/version-auto-bump.yml
+.github/workflows/version-bump.yml
+
+## Docker files have shared ownership ##
+**/Dockerfile
+**/*.Dockerfile
+**/.dockerignore
+**/entrypoint.sh

From 073ee4739b0844c9558be7dc45f202bb3bd0a850 Mon Sep 17 00:00:00 2001
From: Addison Beck <github@addisonbeck.com>
Date: Thu, 17 Oct 2024 06:34:34 -0400
Subject: [PATCH 03/10] Split `Organization.LimitCollectionCreationDeletion`
 into two separate business rules (#11223)

* Declare feature flag

* Introduce new model properties

* Reference feature toggle in template

* Fix bugs caught during manual testing
---
 .../settings/account.component.html           | 28 ++++++--
 .../settings/account.component.ts             | 69 +++++++++++++++----
 apps/web/src/locales/en/messages.json         |  6 ++
 .../collections/models/collection.view.ts     |  2 +-
 .../models/data/organization.data.spec.ts     |  3 +
 .../models/data/organization.data.ts          |  6 ++
 .../models/domain/organization.ts             | 11 ++-
 ...on-collection-management-update.request.ts |  3 +
 .../models/response/organization.response.ts  |  6 ++
 .../response/profile-organization.response.ts |  6 ++
 .../services/key-connector.service.spec.ts    |  3 +-
 libs/common/src/enums/feature-flag.enum.ts    |  2 +
 12 files changed, 120 insertions(+), 25 deletions(-)

diff --git a/apps/web/src/app/admin-console/organizations/settings/account.component.html b/apps/web/src/app/admin-console/organizations/settings/account.component.html
index e4d3ee7de9..d1a1a09192 100644
--- a/apps/web/src/app/admin-console/organizations/settings/account.component.html
+++ b/apps/web/src/app/admin-console/organizations/settings/account.component.html
@@ -52,7 +52,11 @@
   <form
     *ngIf="org && !loading"
     [bitSubmit]="submitCollectionManagement"
-    [formGroup]="collectionManagementFormGroup"
+    [formGroup]="
+      limitCollectionCreationDeletionSplitFeatureFlagIsEnabled
+        ? collectionManagementFormGroup_VNext
+        : collectionManagementFormGroup
+    "
   >
     <h1 bitTypography="h1" class="tw-mt-16 tw-pb-2.5">{{ "collectionManagement" | i18n }}</h1>
     <p bitTypography="body1">{{ "collectionManagementDesc" | i18n }}</p>
@@ -60,12 +64,24 @@
       <bit-label>{{ "allowAdminAccessToAllCollectionItemsDesc" | i18n }}</bit-label>
       <input type="checkbox" bitCheckbox formControlName="allowAdminAccessToAllCollectionItems" />
     </bit-form-control>
-    <bit-form-control>
-      <bit-label>{{ "limitCollectionCreationDeletionDesc" | i18n }}</bit-label>
-      <input type="checkbox" bitCheckbox formControlName="limitCollectionCreationDeletion" />
-    </bit-form-control>
+    <ng-container *ngIf="limitCollectionCreationDeletionSplitFeatureFlagIsEnabled">
+      <bit-form-control>
+        <bit-label>{{ "limitCollectionCreationDesc" | i18n }}</bit-label>
+        <input type="checkbox" bitCheckbox formControlName="limitCollectionCreation" />
+      </bit-form-control>
+      <bit-form-control>
+        <bit-label>{{ "limitCollectionDeletionDesc" | i18n }}</bit-label>
+        <input type="checkbox" bitCheckbox formControlName="limitCollectionDeletion" />
+      </bit-form-control>
+    </ng-container>
+    <ng-container *ngIf="!limitCollectionCreationDeletionSplitFeatureFlagIsEnabled">
+      <bit-form-control>
+        <bit-label>{{ "limitCollectionCreationDeletionDesc" | i18n }}</bit-label>
+        <input type="checkbox" bitCheckbox formControlName="limitCollectionCreationDeletion" />
+      </bit-form-control>
+    </ng-container>
     <button
-      *ngIf="!selfHosted"
+      *ngIf="!selfHosted || limitCollectionCreationDeletionSplitFeatureFlagIsEnabled"
       type="submit"
       bitButton
       bitFormButton
diff --git a/apps/web/src/app/admin-console/organizations/settings/account.component.ts b/apps/web/src/app/admin-console/organizations/settings/account.component.ts
index 8c97a176fb..67e94fad37 100644
--- a/apps/web/src/app/admin-console/organizations/settings/account.component.ts
+++ b/apps/web/src/app/admin-console/organizations/settings/account.component.ts
@@ -10,6 +10,8 @@ import { OrganizationCollectionManagementUpdateRequest } from "@bitwarden/common
 import { OrganizationKeysRequest } from "@bitwarden/common/admin-console/models/request/organization-keys.request";
 import { OrganizationUpdateRequest } from "@bitwarden/common/admin-console/models/request/organization-update.request";
 import { OrganizationResponse } from "@bitwarden/common/admin-console/models/response/organization.response";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
@@ -38,6 +40,8 @@ export class AccountComponent implements OnInit, OnDestroy {
   org: OrganizationResponse;
   taxFormPromise: Promise<unknown>;
 
+  limitCollectionCreationDeletionSplitFeatureFlagIsEnabled: boolean;
+
   // FormGroup validators taken from server Organization domain object
   protected formGroup = this.formBuilder.group({
     orgName: this.formBuilder.control(
@@ -53,6 +57,7 @@ export class AccountComponent implements OnInit, OnDestroy {
     ),
   });
 
+  // Deprecated. Delete with https://bitwarden.atlassian.net/browse/PM-10863
   protected collectionManagementFormGroup = this.formBuilder.group({
     limitCollectionCreationDeletion: this.formBuilder.control({ value: false, disabled: true }),
     allowAdminAccessToAllCollectionItems: this.formBuilder.control({
@@ -61,6 +66,15 @@ export class AccountComponent implements OnInit, OnDestroy {
     }),
   });
 
+  protected collectionManagementFormGroup_VNext = this.formBuilder.group({
+    limitCollectionCreation: this.formBuilder.control({ value: false, disabled: false }),
+    limitCollectionDeletion: this.formBuilder.control({ value: false, disabled: false }),
+    allowAdminAccessToAllCollectionItems: this.formBuilder.control({
+      value: false,
+      disabled: false,
+    }),
+  });
+
   protected organizationId: string;
   protected publicKeyBuffer: Uint8Array;
 
@@ -78,11 +92,17 @@ export class AccountComponent implements OnInit, OnDestroy {
     private dialogService: DialogService,
     private formBuilder: FormBuilder,
     private toastService: ToastService,
+    private configService: ConfigService,
   ) {}
 
   async ngOnInit() {
     this.selfHosted = this.platformUtilsService.isSelfHost();
 
+    this.configService
+      .getFeatureFlag$(FeatureFlag.LimitCollectionCreationDeletionSplit)
+      .pipe(takeUntil(this.destroy$))
+      .subscribe((x) => (this.limitCollectionCreationDeletionSplitFeatureFlagIsEnabled = x));
+
     this.route.params
       .pipe(
         switchMap((params) => this.organizationService.get$(params.organizationId)),
@@ -104,10 +124,15 @@ export class AccountComponent implements OnInit, OnDestroy {
         this.canUseApi = organization.useApi;
 
         // Update disabled states - reactive forms prefers not using disabled attribute
-        if (!this.selfHosted) {
-          this.formGroup.get("orgName").enable();
-          this.collectionManagementFormGroup.get("limitCollectionCreationDeletion").enable();
-          this.collectionManagementFormGroup.get("allowAdminAccessToAllCollectionItems").enable();
+        // Disabling these fields for self hosted orgs is deprecated
+        // This block can be completely removed as part of
+        // https://bitwarden.atlassian.net/browse/PM-10863
+        if (!this.limitCollectionCreationDeletionSplitFeatureFlagIsEnabled) {
+          if (!this.selfHosted) {
+            this.formGroup.get("orgName").enable();
+            this.collectionManagementFormGroup.get("limitCollectionCreationDeletion").enable();
+            this.collectionManagementFormGroup.get("allowAdminAccessToAllCollectionItems").enable();
+          }
         }
 
         if (!this.selfHosted && this.canEditSubscription) {
@@ -125,10 +150,18 @@ export class AccountComponent implements OnInit, OnDestroy {
           orgName: this.org.name,
           billingEmail: this.org.billingEmail,
         });
-        this.collectionManagementFormGroup.patchValue({
-          limitCollectionCreationDeletion: this.org.limitCollectionCreationDeletion,
-          allowAdminAccessToAllCollectionItems: this.org.allowAdminAccessToAllCollectionItems,
-        });
+        if (this.limitCollectionCreationDeletionSplitFeatureFlagIsEnabled) {
+          this.collectionManagementFormGroup_VNext.patchValue({
+            limitCollectionCreation: this.org.limitCollectionCreation,
+            limitCollectionDeletion: this.org.limitCollectionDeletion,
+            allowAdminAccessToAllCollectionItems: this.org.allowAdminAccessToAllCollectionItems,
+          });
+        } else {
+          this.collectionManagementFormGroup.patchValue({
+            limitCollectionCreationDeletion: this.org.limitCollectionCreationDeletion,
+            allowAdminAccessToAllCollectionItems: this.org.allowAdminAccessToAllCollectionItems,
+          });
+        }
 
         this.loading = false;
       });
@@ -177,15 +210,23 @@ export class AccountComponent implements OnInit, OnDestroy {
 
   submitCollectionManagement = async () => {
     // Early exit if self-hosted
-    if (this.selfHosted) {
+    if (this.selfHosted && !this.limitCollectionCreationDeletionSplitFeatureFlagIsEnabled) {
       return;
     }
-
     const request = new OrganizationCollectionManagementUpdateRequest();
-    request.limitCreateDeleteOwnerAdmin =
-      this.collectionManagementFormGroup.value.limitCollectionCreationDeletion;
-    request.allowAdminAccessToAllCollectionItems =
-      this.collectionManagementFormGroup.value.allowAdminAccessToAllCollectionItems;
+    if (this.limitCollectionCreationDeletionSplitFeatureFlagIsEnabled) {
+      request.limitCollectionCreation =
+        this.collectionManagementFormGroup_VNext.value.limitCollectionCreation;
+      request.limitCollectionDeletion =
+        this.collectionManagementFormGroup_VNext.value.limitCollectionDeletion;
+      request.allowAdminAccessToAllCollectionItems =
+        this.collectionManagementFormGroup_VNext.value.allowAdminAccessToAllCollectionItems;
+    } else {
+      request.limitCreateDeleteOwnerAdmin =
+        this.collectionManagementFormGroup.value.limitCollectionCreationDeletion;
+      request.allowAdminAccessToAllCollectionItems =
+        this.collectionManagementFormGroup.value.allowAdminAccessToAllCollectionItems;
+    }
 
     await this.organizationApiService.updateCollectionManagement(this.organizationId, request);
 
diff --git a/apps/web/src/locales/en/messages.json b/apps/web/src/locales/en/messages.json
index 5125bb1bfe..22bac8865b 100644
--- a/apps/web/src/locales/en/messages.json
+++ b/apps/web/src/locales/en/messages.json
@@ -8201,6 +8201,12 @@
   "limitCollectionCreationDeletionDesc": {
     "message": "Limit collection creation and deletion to owners and admins"
   },
+  "limitCollectionCreationDesc": {
+    "message": "Limit collection creation to owners and admins"
+  },
+  "limitCollectionDeletionDesc": {
+    "message": "Limit collection deletion to owners and admins"
+  },
   "allowAdminAccessToAllCollectionItemsDesc": {
     "message": "Owners and admins can manage all collections and items"
   },
diff --git a/libs/admin-console/src/common/collections/models/collection.view.ts b/libs/admin-console/src/common/collections/models/collection.view.ts
index 3a00ef57f1..037509634b 100644
--- a/libs/admin-console/src/common/collections/models/collection.view.ts
+++ b/libs/admin-console/src/common/collections/models/collection.view.ts
@@ -74,7 +74,7 @@ export class CollectionView implements View, ITreeNodeObject {
       );
     }
 
-    const canDeleteManagedCollections = !org?.limitCollectionCreationDeletion || org.isAdmin;
+    const canDeleteManagedCollections = !org?.limitCollectionDeletion || org.isAdmin;
 
     // Only use individual permissions, not admin permissions
     return canDeleteManagedCollections && this.manage;
diff --git a/libs/common/src/admin-console/models/data/organization.data.spec.ts b/libs/common/src/admin-console/models/data/organization.data.spec.ts
index 7b0d1ea2e9..4e90be7f27 100644
--- a/libs/common/src/admin-console/models/data/organization.data.spec.ts
+++ b/libs/common/src/admin-console/models/data/organization.data.spec.ts
@@ -51,6 +51,9 @@ describe("ORGANIZATIONS state", () => {
         keyConnectorEnabled: false,
         keyConnectorUrl: "kcu",
         accessSecretsManager: false,
+        limitCollectionCreation: false,
+        limitCollectionDeletion: false,
+        // Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
         limitCollectionCreationDeletion: false,
         allowAdminAccessToAllCollectionItems: false,
         familySponsorshipLastSyncDate: new Date(),
diff --git a/libs/common/src/admin-console/models/data/organization.data.ts b/libs/common/src/admin-console/models/data/organization.data.ts
index 77f7908caf..a5cae0af80 100644
--- a/libs/common/src/admin-console/models/data/organization.data.ts
+++ b/libs/common/src/admin-console/models/data/organization.data.ts
@@ -52,6 +52,9 @@ export class OrganizationData {
   familySponsorshipValidUntil?: Date;
   familySponsorshipToDelete?: boolean;
   accessSecretsManager: boolean;
+  limitCollectionCreation: boolean;
+  limitCollectionDeletion: boolean;
+  // Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
   limitCollectionCreationDeletion: boolean;
   allowAdminAccessToAllCollectionItems: boolean;
 
@@ -110,6 +113,9 @@ export class OrganizationData {
     this.familySponsorshipValidUntil = response.familySponsorshipValidUntil;
     this.familySponsorshipToDelete = response.familySponsorshipToDelete;
     this.accessSecretsManager = response.accessSecretsManager;
+    this.limitCollectionCreation = response.limitCollectionCreation;
+    this.limitCollectionDeletion = response.limitCollectionDeletion;
+    // Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
     this.limitCollectionCreationDeletion = response.limitCollectionCreationDeletion;
     this.allowAdminAccessToAllCollectionItems = response.allowAdminAccessToAllCollectionItems;
 
diff --git a/libs/common/src/admin-console/models/domain/organization.ts b/libs/common/src/admin-console/models/domain/organization.ts
index 8c28bcb493..0ded0ef331 100644
--- a/libs/common/src/admin-console/models/domain/organization.ts
+++ b/libs/common/src/admin-console/models/domain/organization.ts
@@ -68,7 +68,11 @@ export class Organization {
   /**
    * Refers to the ability for an organization to limit collection creation and deletion to owners and admins only
    */
+  limitCollectionCreation: boolean;
+  limitCollectionDeletion: boolean;
+  // Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
   limitCollectionCreationDeletion: boolean;
+
   /**
    * Refers to the ability for an owner/admin to access all collection items, regardless of assigned collections
    */
@@ -125,6 +129,9 @@ export class Organization {
     this.familySponsorshipValidUntil = obj.familySponsorshipValidUntil;
     this.familySponsorshipToDelete = obj.familySponsorshipToDelete;
     this.accessSecretsManager = obj.accessSecretsManager;
+    this.limitCollectionCreation = obj.limitCollectionCreation;
+    this.limitCollectionDeletion = obj.limitCollectionDeletion;
+    // Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
     this.limitCollectionCreationDeletion = obj.limitCollectionCreationDeletion;
     this.allowAdminAccessToAllCollectionItems = obj.allowAdminAccessToAllCollectionItems;
   }
@@ -163,9 +170,7 @@ export class Organization {
   }
 
   get canCreateNewCollections() {
-    return (
-      !this.limitCollectionCreationDeletion || this.isAdmin || this.permissions.createNewCollections
-    );
+    return !this.limitCollectionCreation || this.isAdmin || this.permissions.createNewCollections;
   }
 
   get canEditAnyCollection() {
diff --git a/libs/common/src/admin-console/models/request/organization-collection-management-update.request.ts b/libs/common/src/admin-console/models/request/organization-collection-management-update.request.ts
index 26275650b0..baf9a2ca45 100644
--- a/libs/common/src/admin-console/models/request/organization-collection-management-update.request.ts
+++ b/libs/common/src/admin-console/models/request/organization-collection-management-update.request.ts
@@ -1,4 +1,7 @@
 export class OrganizationCollectionManagementUpdateRequest {
+  limitCollectionCreation: boolean;
+  limitCollectionDeletion: boolean;
+  // Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
   limitCreateDeleteOwnerAdmin: boolean;
   allowAdminAccessToAllCollectionItems: boolean;
 }
diff --git a/libs/common/src/admin-console/models/response/organization.response.ts b/libs/common/src/admin-console/models/response/organization.response.ts
index b47aecf453..aaa28e48a5 100644
--- a/libs/common/src/admin-console/models/response/organization.response.ts
+++ b/libs/common/src/admin-console/models/response/organization.response.ts
@@ -32,6 +32,9 @@ export class OrganizationResponse extends BaseResponse {
   smServiceAccounts?: number;
   maxAutoscaleSmSeats?: number;
   maxAutoscaleSmServiceAccounts?: number;
+  limitCollectionCreation: boolean;
+  limitCollectionDeletion: boolean;
+  // Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
   limitCollectionCreationDeletion: boolean;
   allowAdminAccessToAllCollectionItems: boolean;
 
@@ -69,6 +72,9 @@ export class OrganizationResponse extends BaseResponse {
     this.smServiceAccounts = this.getResponseProperty("SmServiceAccounts");
     this.maxAutoscaleSmSeats = this.getResponseProperty("MaxAutoscaleSmSeats");
     this.maxAutoscaleSmServiceAccounts = this.getResponseProperty("MaxAutoscaleSmServiceAccounts");
+    this.limitCollectionCreation = this.getResponseProperty("LimitCollectionCreation");
+    this.limitCollectionDeletion = this.getResponseProperty("LimitCollectionDeletion");
+    // Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
     this.limitCollectionCreationDeletion = this.getResponseProperty(
       "LimitCollectionCreationDeletion",
     );
diff --git a/libs/common/src/admin-console/models/response/profile-organization.response.ts b/libs/common/src/admin-console/models/response/profile-organization.response.ts
index 693a7db4eb..bccb3c3cc6 100644
--- a/libs/common/src/admin-console/models/response/profile-organization.response.ts
+++ b/libs/common/src/admin-console/models/response/profile-organization.response.ts
@@ -49,6 +49,9 @@ export class ProfileOrganizationResponse extends BaseResponse {
   familySponsorshipValidUntil?: Date;
   familySponsorshipToDelete?: boolean;
   accessSecretsManager: boolean;
+  limitCollectionCreation: boolean;
+  limitCollectionDeletion: boolean;
+  // Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
   limitCollectionCreationDeletion: boolean;
   allowAdminAccessToAllCollectionItems: boolean;
 
@@ -109,6 +112,9 @@ export class ProfileOrganizationResponse extends BaseResponse {
     }
     this.familySponsorshipToDelete = this.getResponseProperty("FamilySponsorshipToDelete");
     this.accessSecretsManager = this.getResponseProperty("AccessSecretsManager");
+    this.limitCollectionCreation = this.getResponseProperty("LimitCollectionCreation");
+    this.limitCollectionDeletion = this.getResponseProperty("LimitCollectionDeletion");
+    // Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
     this.limitCollectionCreationDeletion = this.getResponseProperty(
       "LimitCollectionCreationDeletion",
     );
diff --git a/libs/common/src/auth/services/key-connector.service.spec.ts b/libs/common/src/auth/services/key-connector.service.spec.ts
index 0d36bc8595..eb3e4cfc0e 100644
--- a/libs/common/src/auth/services/key-connector.service.spec.ts
+++ b/libs/common/src/auth/services/key-connector.service.spec.ts
@@ -362,7 +362,8 @@ describe("KeyConnectorService", () => {
           familySponsorshipValidUntil: null,
           familySponsorshipToDelete: null,
           accessSecretsManager: false,
-          limitCollectionCreationDeletion: true,
+          limitCollectionCreation: true,
+          limitCollectionDeletion: true,
           allowAdminAccessToAllCollectionItems: true,
           flexibleCollections: false,
           object: "profileOrganization",
diff --git a/libs/common/src/enums/feature-flag.enum.ts b/libs/common/src/enums/feature-flag.enum.ts
index d954f31c19..fd3833d10e 100644
--- a/libs/common/src/enums/feature-flag.enum.ts
+++ b/libs/common/src/enums/feature-flag.enum.ts
@@ -36,6 +36,7 @@ export enum FeatureFlag {
   Pm3478RefactorOrganizationUserApi = "pm-3478-refactor-organizationuser-api",
   AccessIntelligence = "pm-13227-access-intelligence",
   Pm13322AddPolicyDefinitions = "pm-13322-add-policy-definitions",
+  LimitCollectionCreationDeletionSplit = "pm-10863-limit-collection-creation-deletion-split",
 }
 
 export type AllowedFeatureFlagTypes = boolean | number | string;
@@ -82,6 +83,7 @@ export const DefaultFeatureFlagValue = {
   [FeatureFlag.Pm3478RefactorOrganizationUserApi]: FALSE,
   [FeatureFlag.AccessIntelligence]: FALSE,
   [FeatureFlag.Pm13322AddPolicyDefinitions]: FALSE,
+  [FeatureFlag.LimitCollectionCreationDeletionSplit]: FALSE,
 } satisfies Record<FeatureFlag, AllowedFeatureFlagTypes>;
 
 export type DefaultFeatureFlagValueType = typeof DefaultFeatureFlagValue;

From 3a042ba80828bd7ef9d68aab58554ba0629733c1 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 17 Oct 2024 09:11:08 -0400
Subject: [PATCH 04/10] [deps] Design System: Update tailwindcss to v3.4.14
 (#11313)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 07210a6013..038c98a0ec 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -173,7 +173,7 @@
         "sass-loader": "16.0.1",
         "storybook": "8.2.9",
         "style-loader": "3.3.4",
-        "tailwindcss": "3.4.11",
+        "tailwindcss": "3.4.14",
         "ts-jest": "29.2.2",
         "ts-loader": "9.5.1",
         "tsconfig-paths-webpack-plugin": "4.1.0",
@@ -35775,9 +35775,9 @@
       "license": "MIT"
     },
     "node_modules/tailwindcss": {
-      "version": "3.4.11",
-      "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.11.tgz",
-      "integrity": "sha512-qhEuBcLemjSJk5ajccN9xJFtM/h0AVCPaA6C92jNP+M2J8kX+eMJHI7R2HFKUvvAsMpcfLILMCFYSeDwpMmlUg==",
+      "version": "3.4.14",
+      "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.14.tgz",
+      "integrity": "sha512-IcSvOcTRcUtQQ7ILQL5quRDg7Xs93PdJEk1ZLbhhvJc7uj/OAhYOnruEiwnGgBvUtaUAJ8/mhSw1o8L2jCiENA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
diff --git a/package.json b/package.json
index eb871be776..402b7c482d 100644
--- a/package.json
+++ b/package.json
@@ -134,7 +134,7 @@
     "sass-loader": "16.0.1",
     "storybook": "8.2.9",
     "style-loader": "3.3.4",
-    "tailwindcss": "3.4.11",
+    "tailwindcss": "3.4.14",
     "ts-jest": "29.2.2",
     "ts-loader": "9.5.1",
     "tsconfig-paths-webpack-plugin": "4.1.0",

From 783305696aac9b7abae9698b69760d58f120cd5f Mon Sep 17 00:00:00 2001
From: Daniel James Smith <2670567+djsmith85@users.noreply.github.com>
Date: Thu, 17 Oct 2024 15:22:56 +0200
Subject: [PATCH 05/10] Fix stories title for card-component (#11562)

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
---
 libs/tools/card/src/card.stories.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libs/tools/card/src/card.stories.ts b/libs/tools/card/src/card.stories.ts
index 94a794dba1..0187783a77 100644
--- a/libs/tools/card/src/card.stories.ts
+++ b/libs/tools/card/src/card.stories.ts
@@ -7,7 +7,7 @@ import { I18nMockService, TypographyModule } from "@bitwarden/components";
 import { CardComponent } from "./card.component";
 
 export default {
-  title: "Toools/Card",
+  title: "Tools/Card",
   component: CardComponent,
   decorators: [
     moduleMetadata({

From 288b0cff2fd3e9ac0ff5727752fde4d7c81344db Mon Sep 17 00:00:00 2001
From: Jordan Aasen <166539328+jaasen-livefront@users.noreply.github.com>
Date: Thu, 17 Oct 2024 06:28:02 -0700
Subject: [PATCH 06/10] fix send options viewsLeft (#11594)

---
 .../options/send-options.component.ts         | 24 ++++++++++---------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/libs/tools/send/send-ui/src/send-form/components/options/send-options.component.ts b/libs/tools/send/send-ui/src/send-form/components/options/send-options.component.ts
index 10099479f1..c8122dd431 100644
--- a/libs/tools/send/send-ui/src/send-form/components/options/send-options.component.ts
+++ b/libs/tools/send/send-ui/src/send-form/components/options/send-options.component.ts
@@ -27,16 +27,16 @@ import { SendFormContainer } from "../../send-form-container";
   templateUrl: "./send-options.component.html",
   standalone: true,
   imports: [
+    CardComponent,
+    CheckboxModule,
+    CommonModule,
+    FormFieldModule,
+    IconButtonModule,
+    JslibModule,
+    ReactiveFormsModule,
     SectionComponent,
     SectionHeaderComponent,
     TypographyModule,
-    JslibModule,
-    CardComponent,
-    FormFieldModule,
-    ReactiveFormsModule,
-    IconButtonModule,
-    CheckboxModule,
-    CommonModule,
   ],
 })
 export class SendOptionsComponent implements OnInit {
@@ -61,10 +61,12 @@ export class SendOptionsComponent implements OnInit {
     return this.config.mode === "edit" && this.sendOptionsForm.value.maxAccessCount !== null;
   }
 
-  get viewsLeft(): number {
-    return this.sendOptionsForm.value.maxAccessCount
-      ? this.sendOptionsForm.value.maxAccessCount - this.sendOptionsForm.value.accessCount
-      : 0;
+  get viewsLeft() {
+    return String(
+      this.sendOptionsForm.value.maxAccessCount
+        ? this.sendOptionsForm.value.maxAccessCount - this.sendOptionsForm.value.accessCount
+        : 0,
+    );
   }
 
   constructor(

From e8f0135d50e283c0ca53ea36e724f368c74e7b31 Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Thu, 17 Oct 2024 06:58:07 -0700
Subject: [PATCH 07/10] [PM-12806] Enforce 5000 iteration minimum for prelogin
 (#11332)

* Enforce 5000 iteration minimum for prelogin

* Fix tests

* Add more extensive tests

* Add loginstrategy prelogin downgrade test
---
 .../change-kdf-confirmation.component.ts      |   2 +-
 .../login-strategy.service.spec.ts            |  71 ++++++++++++
 .../login-strategy.service.ts                 |   3 +
 .../src/auth/models/domain/kdf-config.ts      |  49 +++++++-
 .../auth/services/kdf-config.service.spec.ts  | 105 +++++++++++++++---
 5 files changed, 212 insertions(+), 18 deletions(-)

diff --git a/apps/web/src/app/auth/settings/security/change-kdf/change-kdf-confirmation.component.ts b/apps/web/src/app/auth/settings/security/change-kdf/change-kdf-confirmation.component.ts
index 295037ce6b..2249c83ebc 100644
--- a/apps/web/src/app/auth/settings/security/change-kdf/change-kdf-confirmation.component.ts
+++ b/apps/web/src/app/auth/settings/security/change-kdf/change-kdf-confirmation.component.ts
@@ -61,7 +61,7 @@ export class ChangeKdfConfirmationComponent {
     const masterPassword = this.form.value.masterPassword;
 
     // Ensure the KDF config is valid.
-    this.kdfConfig.validateKdfConfig();
+    this.kdfConfig.validateKdfConfigForSetting();
 
     const request = new KdfRequest();
     request.kdf = this.kdfConfig.kdfType;
diff --git a/libs/auth/src/common/services/login-strategies/login-strategy.service.spec.ts b/libs/auth/src/common/services/login-strategies/login-strategy.service.spec.ts
index 778ad7c74c..14662bb4b8 100644
--- a/libs/auth/src/common/services/login-strategies/login-strategy.service.spec.ts
+++ b/libs/auth/src/common/services/login-strategies/login-strategy.service.spec.ts
@@ -11,9 +11,11 @@ import { TokenService } from "@bitwarden/common/auth/abstractions/token.service"
 import { TwoFactorService } from "@bitwarden/common/auth/abstractions/two-factor.service";
 import { TwoFactorProviderType } from "@bitwarden/common/auth/enums/two-factor-provider-type";
 import { AuthResult } from "@bitwarden/common/auth/models/domain/auth-result";
+import { PBKDF2KdfConfig } from "@bitwarden/common/auth/models/domain/kdf-config";
 import { TokenTwoFactorRequest } from "@bitwarden/common/auth/models/request/identity-token/token-two-factor.request";
 import { IdentityTokenResponse } from "@bitwarden/common/auth/models/response/identity-token.response";
 import { IdentityTwoFactorResponse } from "@bitwarden/common/auth/models/response/identity-two-factor.response";
+import { PreloginResponse } from "@bitwarden/common/auth/models/response/prelogin.response";
 import { FakeMasterPasswordService } from "@bitwarden/common/auth/services/master-password/fake-master-password.service";
 import { BillingAccountProfileStateService } from "@bitwarden/common/billing/abstractions/account/billing-account-profile-state.service";
 import { VaultTimeoutAction } from "@bitwarden/common/enums/vault-timeout-action.enum";
@@ -159,6 +161,9 @@ describe("LoginStrategyService", () => {
       new IdentityTokenResponse({
         ForcePasswordReset: false,
         Kdf: KdfType.Argon2id,
+        KdfIterations: 2,
+        KdfMemory: 16,
+        KdfParallelism: 1,
         Key: "KEY",
         PrivateKey: "PRIVATE_KEY",
         ResetMasterPassword: false,
@@ -169,6 +174,15 @@ describe("LoginStrategyService", () => {
         token_type: "Bearer",
       }),
     );
+    apiService.postPrelogin.mockResolvedValue(
+      new PreloginResponse({
+        Kdf: KdfType.Argon2id,
+        KdfIterations: 2,
+        KdfMemory: 16,
+        KdfParallelism: 1,
+      }),
+    );
+
     tokenService.decodeAccessToken.calledWith("ACCESS_TOKEN").mockResolvedValue({
       sub: "USER_ID",
       name: "NAME",
@@ -194,6 +208,15 @@ describe("LoginStrategyService", () => {
       }),
     );
 
+    apiService.postPrelogin.mockResolvedValue(
+      new PreloginResponse({
+        Kdf: KdfType.Argon2id,
+        KdfIterations: 2,
+        KdfMemory: 16,
+        KdfParallelism: 1,
+      }),
+    );
+
     await sut.logIn(credentials);
 
     const twoFactorToken = new TokenTwoFactorRequest(
@@ -205,6 +228,9 @@ describe("LoginStrategyService", () => {
       new IdentityTokenResponse({
         ForcePasswordReset: false,
         Kdf: KdfType.Argon2id,
+        KdfIterations: 2,
+        KdfMemory: 16,
+        KdfParallelism: 1,
         Key: "KEY",
         PrivateKey: "PRIVATE_KEY",
         ResetMasterPassword: false,
@@ -241,6 +267,15 @@ describe("LoginStrategyService", () => {
       }),
     );
 
+    apiService.postPrelogin.mockResolvedValue(
+      new PreloginResponse({
+        Kdf: KdfType.Argon2id,
+        KdfIterations: 2,
+        KdfMemory: 16,
+        KdfParallelism: 1,
+      }),
+    );
+
     await sut.logIn(credentials);
 
     loginStrategyCacheExpirationState.stateSubject.next(new Date(Date.now() - 1000 * 60 * 5));
@@ -253,4 +288,40 @@ describe("LoginStrategyService", () => {
 
     await expect(sut.logInTwoFactor(twoFactorToken, "CAPTCHA")).rejects.toThrow();
   });
+
+  it("throw error on too low kdf config", async () => {
+    const credentials = new PasswordLoginCredentials("EMAIL", "MASTER_PASSWORD");
+    apiService.postIdentityToken.mockResolvedValue(
+      new IdentityTokenResponse({
+        ForcePasswordReset: false,
+        Kdf: KdfType.PBKDF2_SHA256,
+        KdfIterations: PBKDF2KdfConfig.PRELOGIN_ITERATIONS.min - 1,
+        Key: "KEY",
+        PrivateKey: "PRIVATE_KEY",
+        ResetMasterPassword: false,
+        access_token: "ACCESS_TOKEN",
+        expires_in: 3600,
+        refresh_token: "REFRESH_TOKEN",
+        scope: "api offline_access",
+        token_type: "Bearer",
+      }),
+    );
+    apiService.postPrelogin.mockResolvedValue(
+      new PreloginResponse({
+        Kdf: KdfType.PBKDF2_SHA256,
+        KdfIterations: PBKDF2KdfConfig.PRELOGIN_ITERATIONS.min - 1,
+      }),
+    );
+
+    tokenService.decodeAccessToken.calledWith("ACCESS_TOKEN").mockResolvedValue({
+      sub: "USER_ID",
+      name: "NAME",
+      email: "EMAIL",
+      premium: false,
+    });
+
+    await expect(sut.logIn(credentials)).rejects.toThrow(
+      `PBKDF2 iterations must be between ${PBKDF2KdfConfig.PRELOGIN_ITERATIONS.min} and ${PBKDF2KdfConfig.PRELOGIN_ITERATIONS.max}`,
+    );
+  });
 });
diff --git a/libs/auth/src/common/services/login-strategies/login-strategy.service.ts b/libs/auth/src/common/services/login-strategies/login-strategy.service.ts
index 89c2bc01d9..35f2b90bbd 100644
--- a/libs/auth/src/common/services/login-strategies/login-strategy.service.ts
+++ b/libs/auth/src/common/services/login-strategies/login-strategy.service.ts
@@ -264,6 +264,9 @@ export class LoginStrategyService implements LoginStrategyServiceAbstraction {
         throw e;
       }
     }
+
+    kdfConfig.validateKdfConfigForPrelogin();
+
     return await this.cryptoService.makeMasterKey(masterPassword, email, kdfConfig);
   }
 
diff --git a/libs/common/src/auth/models/domain/kdf-config.ts b/libs/common/src/auth/models/domain/kdf-config.ts
index 7378081550..908b187e30 100644
--- a/libs/common/src/auth/models/domain/kdf-config.ts
+++ b/libs/common/src/auth/models/domain/kdf-config.ts
@@ -13,6 +13,7 @@ export type KdfConfig = PBKDF2KdfConfig | Argon2KdfConfig;
  */
 export class PBKDF2KdfConfig {
   static ITERATIONS = new RangeWithDefault(600_000, 2_000_000, 600_000);
+  static PRELOGIN_ITERATIONS = new RangeWithDefault(5000, 2_000_000, 600_000);
   kdfType: KdfType.PBKDF2_SHA256 = KdfType.PBKDF2_SHA256;
   iterations: number;
 
@@ -21,10 +22,10 @@ export class PBKDF2KdfConfig {
   }
 
   /**
-   * Validates the PBKDF2 KDF configuration.
+   * Validates the PBKDF2 KDF configuration for updating the KDF config.
    * A Valid PBKDF2 KDF configuration has KDF iterations between the 600_000 and 2_000_000.
    */
-  validateKdfConfig(): void {
+  validateKdfConfigForSetting(): void {
     if (!PBKDF2KdfConfig.ITERATIONS.inRange(this.iterations)) {
       throw new Error(
         `PBKDF2 iterations must be between ${PBKDF2KdfConfig.ITERATIONS.min} and ${PBKDF2KdfConfig.ITERATIONS.max}`,
@@ -32,6 +33,18 @@ export class PBKDF2KdfConfig {
     }
   }
 
+  /**
+   * Validates the PBKDF2 KDF configuration for pre-login.
+   * A Valid PBKDF2 KDF configuration has KDF iterations between the 5000 and 2_000_000.
+   */
+  validateKdfConfigForPrelogin(): void {
+    if (!PBKDF2KdfConfig.PRELOGIN_ITERATIONS.inRange(this.iterations)) {
+      throw new Error(
+        `PBKDF2 iterations must be between ${PBKDF2KdfConfig.PRELOGIN_ITERATIONS.min} and ${PBKDF2KdfConfig.PRELOGIN_ITERATIONS.max}`,
+      );
+    }
+  }
+
   static fromJSON(json: Jsonify<PBKDF2KdfConfig>): PBKDF2KdfConfig {
     return new PBKDF2KdfConfig(json.iterations);
   }
@@ -44,6 +57,11 @@ export class Argon2KdfConfig {
   static MEMORY = new RangeWithDefault(16, 1024, 64);
   static PARALLELISM = new RangeWithDefault(1, 16, 4);
   static ITERATIONS = new RangeWithDefault(2, 10, 3);
+
+  static PRELOGIN_MEMORY = Argon2KdfConfig.MEMORY;
+  static PRELOGIN_PARALLELISM = Argon2KdfConfig.PARALLELISM;
+  static PRELOGIN_ITERATIONS = Argon2KdfConfig.ITERATIONS;
+
   kdfType: KdfType.Argon2id = KdfType.Argon2id;
   iterations: number;
   memory: number;
@@ -56,10 +74,10 @@ export class Argon2KdfConfig {
   }
 
   /**
-   * Validates the Argon2 KDF configuration.
+   * Validates the Argon2 KDF configuration for updating the KDF config.
    * A Valid Argon2 KDF configuration has iterations between 2 and 10, memory between 16mb and 1024mb, and parallelism between 1 and 16.
    */
-  validateKdfConfig(): void {
+  validateKdfConfigForSetting(): void {
     if (!Argon2KdfConfig.ITERATIONS.inRange(this.iterations)) {
       throw new Error(
         `Argon2 iterations must be between ${Argon2KdfConfig.ITERATIONS.min} and ${Argon2KdfConfig.ITERATIONS.max}`,
@@ -79,6 +97,29 @@ export class Argon2KdfConfig {
     }
   }
 
+  /**
+   * Validates the Argon2 KDF configuration for pre-login.
+   */
+  validateKdfConfigForPrelogin(): void {
+    if (!Argon2KdfConfig.PRELOGIN_ITERATIONS.inRange(this.iterations)) {
+      throw new Error(
+        `Argon2 iterations must be between ${Argon2KdfConfig.PRELOGIN_ITERATIONS.min} and ${Argon2KdfConfig.PRELOGIN_ITERATIONS.max}`,
+      );
+    }
+
+    if (!Argon2KdfConfig.PRELOGIN_MEMORY.inRange(this.memory)) {
+      throw new Error(
+        `Argon2 memory must be between ${Argon2KdfConfig.PRELOGIN_MEMORY.min}mb and ${Argon2KdfConfig.PRELOGIN_MEMORY.max}mb`,
+      );
+    }
+
+    if (!Argon2KdfConfig.PRELOGIN_PARALLELISM.inRange(this.parallelism)) {
+      throw new Error(
+        `Argon2 parallelism must be between ${Argon2KdfConfig.PRELOGIN_PARALLELISM.min} and ${Argon2KdfConfig.PRELOGIN_PARALLELISM.max}.`,
+      );
+    }
+  }
+
   static fromJSON(json: Jsonify<Argon2KdfConfig>): Argon2KdfConfig {
     return new Argon2KdfConfig(json.iterations, json.memory, json.parallelism);
   }
diff --git a/libs/common/src/auth/services/kdf-config.service.spec.ts b/libs/common/src/auth/services/kdf-config.service.spec.ts
index 7f8357ffb5..968b0cbd8f 100644
--- a/libs/common/src/auth/services/kdf-config.service.spec.ts
+++ b/libs/common/src/auth/services/kdf-config.service.spec.ts
@@ -58,41 +58,120 @@ describe("KdfConfigService", () => {
     }
   });
 
-  it("validateKdfConfig(): should validate the PBKDF2 KDF config", () => {
+  it("validateKdfConfigForSetting(): should validate the PBKDF2 KDF config", () => {
     const kdfConfig: PBKDF2KdfConfig = new PBKDF2KdfConfig(600_000);
-    expect(() => kdfConfig.validateKdfConfig()).not.toThrow();
+    expect(() => kdfConfig.validateKdfConfigForSetting()).not.toThrow();
   });
 
-  it("validateKdfConfig(): should validate the Argon2id KDF config", () => {
+  it("validateKdfConfigForSetting(): should validate the Argon2id KDF config", () => {
     const kdfConfig: Argon2KdfConfig = new Argon2KdfConfig(3, 64, 4);
-    expect(() => kdfConfig.validateKdfConfig()).not.toThrow();
+    expect(() => kdfConfig.validateKdfConfigForSetting()).not.toThrow();
   });
 
-  it("validateKdfConfig(): should throw an error for invalid PBKDF2 iterations", () => {
-    const kdfConfig: PBKDF2KdfConfig = new PBKDF2KdfConfig(100);
-    expect(() => kdfConfig.validateKdfConfig()).toThrow(
+  it("validateKdfConfigForSetting(): should throw an error for invalid PBKDF2 iterations", () => {
+    const kdfConfig: PBKDF2KdfConfig = new PBKDF2KdfConfig(100000);
+    expect(() => kdfConfig.validateKdfConfigForSetting()).toThrow(
       `PBKDF2 iterations must be between ${PBKDF2KdfConfig.ITERATIONS.min} and ${PBKDF2KdfConfig.ITERATIONS.max}`,
     );
   });
 
-  it("validateKdfConfig(): should throw an error for invalid Argon2 iterations", () => {
+  it("validateKdfConfigForSetting(): should throw an error for invalid Argon2 iterations", () => {
     const kdfConfig: Argon2KdfConfig = new Argon2KdfConfig(11, 64, 4);
-    expect(() => kdfConfig.validateKdfConfig()).toThrow(
+    expect(() => kdfConfig.validateKdfConfigForSetting()).toThrow(
       `Argon2 iterations must be between ${Argon2KdfConfig.ITERATIONS.min} and ${Argon2KdfConfig.ITERATIONS.max}`,
     );
   });
 
-  it("validateKdfConfig(): should throw an error for invalid Argon2 memory", () => {
+  it("validateKdfConfigForSetting(): should throw an error for invalid Argon2 memory", () => {
     const kdfConfig: Argon2KdfConfig = new Argon2KdfConfig(3, 1025, 4);
-    expect(() => kdfConfig.validateKdfConfig()).toThrow(
+    expect(() => kdfConfig.validateKdfConfigForSetting()).toThrow(
       `Argon2 memory must be between ${Argon2KdfConfig.MEMORY.min}mb and ${Argon2KdfConfig.MEMORY.max}mb`,
     );
   });
 
-  it("validateKdfConfig(): should throw an error for invalid Argon2 parallelism", () => {
+  it("validateKdfConfigForSetting(): should throw an error for invalid Argon2 parallelism", () => {
     const kdfConfig: Argon2KdfConfig = new Argon2KdfConfig(3, 64, 17);
-    expect(() => kdfConfig.validateKdfConfig()).toThrow(
+    expect(() => kdfConfig.validateKdfConfigForSetting()).toThrow(
       `Argon2 parallelism must be between ${Argon2KdfConfig.PARALLELISM.min} and ${Argon2KdfConfig.PARALLELISM.max}`,
     );
   });
+
+  it("validateKdfConfigForPrelogin(): should validate the PBKDF2 KDF config", () => {
+    const kdfConfig: PBKDF2KdfConfig = new PBKDF2KdfConfig(600_000);
+    expect(() => kdfConfig.validateKdfConfigForPrelogin()).not.toThrow();
+  });
+
+  it("validateKdfConfigForPrelogin(): should validate the Argon2id KDF config", () => {
+    const kdfConfig: Argon2KdfConfig = new Argon2KdfConfig(3, 64, 4);
+    expect(() => kdfConfig.validateKdfConfigForPrelogin()).not.toThrow();
+  });
+
+  it("validateKdfConfigForPrelogin(): should throw an error for too low PBKDF2 iterations", () => {
+    const kdfConfig: PBKDF2KdfConfig = new PBKDF2KdfConfig(
+      PBKDF2KdfConfig.PRELOGIN_ITERATIONS.min - 1,
+    );
+    expect(() => kdfConfig.validateKdfConfigForPrelogin()).toThrow(
+      `PBKDF2 iterations must be between ${PBKDF2KdfConfig.PRELOGIN_ITERATIONS.min} and ${PBKDF2KdfConfig.PRELOGIN_ITERATIONS.max}`,
+    );
+  });
+
+  it("validateKdfConfigForPrelogin(): should throw an error for too high PBKDF2 iterations", () => {
+    const kdfConfig: PBKDF2KdfConfig = new PBKDF2KdfConfig(
+      PBKDF2KdfConfig.PRELOGIN_ITERATIONS.max + 1,
+    );
+    expect(() => kdfConfig.validateKdfConfigForPrelogin()).toThrow(
+      `PBKDF2 iterations must be between ${PBKDF2KdfConfig.PRELOGIN_ITERATIONS.min} and ${PBKDF2KdfConfig.PRELOGIN_ITERATIONS.max}`,
+    );
+  });
+
+  it("validateKdfConfigForPrelogin(): should throw an error for too low Argon2 iterations", () => {
+    const kdfConfig: Argon2KdfConfig = new Argon2KdfConfig(
+      Argon2KdfConfig.ITERATIONS.min - 1,
+      64,
+      4,
+    );
+    expect(() => kdfConfig.validateKdfConfigForPrelogin()).toThrow(
+      `Argon2 iterations must be between ${Argon2KdfConfig.ITERATIONS.min} and ${Argon2KdfConfig.ITERATIONS.max}`,
+    );
+  });
+
+  it("validateKdfConfigForPrelogin(): should throw an error for too high Argon2 iterations", () => {
+    const kdfConfig: Argon2KdfConfig = new Argon2KdfConfig(
+      Argon2KdfConfig.PRELOGIN_ITERATIONS.max + 1,
+      64,
+      4,
+    );
+    expect(() => kdfConfig.validateKdfConfigForPrelogin()).toThrow(
+      `Argon2 iterations must be between ${Argon2KdfConfig.ITERATIONS.min} and ${Argon2KdfConfig.ITERATIONS.max}`,
+    );
+  });
+
+  it("validateKdfConfigForPrelogin(): should throw an error for too low Argon2 memory", () => {
+    const kdfConfig: Argon2KdfConfig = new Argon2KdfConfig(
+      3,
+      Argon2KdfConfig.PRELOGIN_MEMORY.min - 1,
+      4,
+    );
+    expect(() => kdfConfig.validateKdfConfigForPrelogin()).toThrow(
+      `Argon2 memory must be between ${Argon2KdfConfig.PRELOGIN_MEMORY.min}mb and ${Argon2KdfConfig.PRELOGIN_MEMORY.max}mb`,
+    );
+  });
+
+  it("validateKdfConfigForPrelogin(): should throw an error for too high Argon2 memory", () => {
+    const kdfConfig: Argon2KdfConfig = new Argon2KdfConfig(
+      3,
+      Argon2KdfConfig.PRELOGIN_MEMORY.max + 1,
+      4,
+    );
+    expect(() => kdfConfig.validateKdfConfigForPrelogin()).toThrow(
+      `Argon2 memory must be between ${Argon2KdfConfig.PRELOGIN_MEMORY.min}mb and ${Argon2KdfConfig.PRELOGIN_MEMORY.max}mb`,
+    );
+  });
+
+  it("validateKdfConfigForPrelogin(): should throw an error for too high Argon2 parallelism", () => {
+    const kdfConfig: Argon2KdfConfig = new Argon2KdfConfig(3, 64, 17);
+    expect(() => kdfConfig.validateKdfConfigForPrelogin()).toThrow(
+      `Argon2 parallelism must be between ${Argon2KdfConfig.PRELOGIN_PARALLELISM.min} and ${Argon2KdfConfig.PRELOGIN_PARALLELISM.max}`,
+    );
+  });
 });

From f6f487bdce6885f8603d4d19661b598a109abf5f Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 17 Oct 2024 10:45:49 -0400
Subject: [PATCH 08/10] [deps] DevOps: Update gh minor (#11537)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .github/workflows/auto-branch-updater.yml  |  2 +-
 .github/workflows/build-browser.yml        | 30 +++----
 .github/workflows/build-cli.yml            | 24 +++---
 .github/workflows/build-desktop.yml        | 96 +++++++++++-----------
 .github/workflows/build-web.yml            | 12 +--
 .github/workflows/chromatic.yml            |  6 +-
 .github/workflows/crowdin-pull.yml         |  2 +-
 .github/workflows/lint.yml                 |  2 +-
 .github/workflows/locales-lint.yml         |  4 +-
 .github/workflows/publish-cli.yml          |  6 +-
 .github/workflows/publish-desktop.yml      |  4 +-
 .github/workflows/publish-web.yml          |  4 +-
 .github/workflows/release-browser.yml      |  4 +-
 .github/workflows/release-cli.yml          |  2 +-
 .github/workflows/release-desktop-beta.yml | 74 ++++++++---------
 .github/workflows/release-desktop.yml      |  2 +-
 .github/workflows/release-web.yml          |  2 +-
 .github/workflows/scan.yml                 | 10 +--
 .github/workflows/test.yml                 |  8 +-
 .github/workflows/version-bump.yml         |  4 +-
 20 files changed, 149 insertions(+), 149 deletions(-)

diff --git a/.github/workflows/auto-branch-updater.yml b/.github/workflows/auto-branch-updater.yml
index 372aa92eba..7b69b4405c 100644
--- a/.github/workflows/auto-branch-updater.yml
+++ b/.github/workflows/auto-branch-updater.yml
@@ -29,7 +29,7 @@ jobs:
         run: echo "branch=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT
 
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           ref: 'eu-web-${{ steps.setup.outputs.branch }}'
           fetch-depth: 0
diff --git a/.github/workflows/build-browser.yml b/.github/workflows/build-browser.yml
index 096fff8db3..0e59610bb2 100644
--- a/.github/workflows/build-browser.yml
+++ b/.github/workflows/build-browser.yml
@@ -43,7 +43,7 @@ jobs:
       node_version: ${{ steps.retrieve-node-version.outputs.node_version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Get Package Version
         id: gen_vars
@@ -73,7 +73,7 @@ jobs:
         working-directory: apps/browser
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Testing locales - extName length
         run: |
@@ -111,7 +111,7 @@ jobs:
       _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Set up Node
         uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
@@ -169,63 +169,63 @@ jobs:
         working-directory: browser-source/apps/browser
 
       - name: Upload Opera artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: dist-opera-${{ env._BUILD_NUMBER }}.zip
           path: browser-source/apps/browser/dist/dist-opera.zip
           if-no-files-found: error
 
       - name: Upload Opera MV3 artifact (DO NOT USE FOR PROD)
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: DO-NOT-USE-FOR-PROD-dist-opera-MV3-${{ env._BUILD_NUMBER }}.zip
           path: browser-source/apps/browser/dist/dist-opera-mv3.zip
           if-no-files-found: error
 
       - name: Upload Chrome MV3 artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: dist-chrome-MV3-${{ env._BUILD_NUMBER }}.zip
           path: browser-source/apps/browser/dist/dist-chrome-mv3.zip
           if-no-files-found: error
 
       - name: Upload Chrome MV3 Beta artifact (DO NOT USE FOR PROD)
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: DO-NOT-USE-FOR-PROD-dist-chrome-MV3-beta-${{ env._BUILD_NUMBER }}.zip
           path: browser-source/apps/browser/dist/dist-chrome-mv3-beta.zip
           if-no-files-found: error
 
       - name: Upload Firefox artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: dist-firefox-${{ env._BUILD_NUMBER }}.zip
           path: browser-source/apps/browser/dist/dist-firefox.zip
           if-no-files-found: error
 
       - name: Upload Firefox MV3 artifact (DO NOT USE FOR PROD)
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: DO-NOT-USE-FOR-PROD-dist-firefox-MV3-${{ env._BUILD_NUMBER }}.zip
           path: browser-source/apps/browser/dist/dist-firefox-mv3.zip
           if-no-files-found: error
 
       - name: Upload Edge artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: dist-edge-${{ env._BUILD_NUMBER }}.zip
           path: browser-source/apps/browser/dist/dist-edge.zip
           if-no-files-found: error
 
       - name: Upload Edge MV3 artifact (DO NOT USE FOR PROD)
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: DO-NOT-USE-FOR-PROD-dist-edge-MV3-${{ env._BUILD_NUMBER }}.zip
           path: browser-source/apps/browser/dist/dist-edge-mv3.zip
           if-no-files-found: error
 
       - name: Upload browser source
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: browser-source-${{ env._BUILD_NUMBER }}.zip
           path: browser-source.zip
@@ -242,7 +242,7 @@ jobs:
       _NODE_VERSION: ${{ needs.setup.outputs.node_version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Set up Node
         uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
@@ -340,7 +340,7 @@ jobs:
           ls -la
 
       - name: Upload Safari artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: dist-safari-${{ env._BUILD_NUMBER }}.zip
           path: apps/browser/dist/dist-safari.zip
@@ -355,7 +355,7 @@ jobs:
       - build-safari
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Login to Azure
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
diff --git a/.github/workflows/build-cli.yml b/.github/workflows/build-cli.yml
index b5b212423a..26d30fb5b9 100644
--- a/.github/workflows/build-cli.yml
+++ b/.github/workflows/build-cli.yml
@@ -43,7 +43,7 @@ jobs:
       node_version: ${{ steps.retrieve-node-version.outputs.node_version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Get Package Version
         id: retrieve-package-version
@@ -84,7 +84,7 @@ jobs:
       _WIN_PKG_VERSION: 3.5
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Setup Unix Vars
         run: |
@@ -130,14 +130,14 @@ jobs:
           matrix.license_type.artifact_prefix }}-${{ env.LOWER_RUNNER_OS }}-sha256-${{ env._PACKAGE_VERSION }}.txt
 
       - name: Upload unix zip asset
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: bw${{ matrix.license_type.artifact_prefix }}-${{ env.LOWER_RUNNER_OS }}-${{ env._PACKAGE_VERSION }}.zip
           path: apps/cli/dist/bw${{ matrix.license_type.artifact_prefix }}-${{ env.LOWER_RUNNER_OS }}-${{ env._PACKAGE_VERSION }}.zip
           if-no-files-found: error
 
       - name: Upload unix checksum asset
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: bw${{ matrix.license_type.artifact_prefix }}-${{ env.LOWER_RUNNER_OS }}-sha256-${{ env._PACKAGE_VERSION }}.txt
           path: apps/cli/dist/bw${{ matrix.license_type.artifact_prefix }}-${{ env.LOWER_RUNNER_OS }}-sha256-${{ env._PACKAGE_VERSION }}.txt
@@ -162,7 +162,7 @@ jobs:
       _WIN_PKG_VERSION: 3.5
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Setup Windows builder
         run: |
@@ -269,14 +269,14 @@ jobs:
             -t sha256 | Out-File -Encoding ASCII ./dist/bw${{ matrix.license_type.artifact_prefix }}-windows-sha256-${env:_PACKAGE_VERSION}.txt
 
       - name: Upload windows zip asset
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: bw${{ matrix.license_type.artifact_prefix }}-windows-${{ env._PACKAGE_VERSION }}.zip
           path: apps/cli/dist/bw${{ matrix.license_type.artifact_prefix }}-windows-${{ env._PACKAGE_VERSION }}.zip
           if-no-files-found: error
 
       - name: Upload windows checksum asset
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: bw${{ matrix.license_type.artifact_prefix }}-windows-sha256-${{ env._PACKAGE_VERSION }}.txt
           path: apps/cli/dist/bw${{ matrix.license_type.artifact_prefix }}-windows-sha256-${{ env._PACKAGE_VERSION }}.txt
@@ -284,7 +284,7 @@ jobs:
 
       - name: Upload Chocolatey asset
         if: matrix.license_type.build_prefix == 'bit'
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: bitwarden-cli.${{ env._PACKAGE_VERSION }}.nupkg
           path: apps/cli/dist/chocolatey/bitwarden-cli.${{ env._PACKAGE_VERSION }}.nupkg
@@ -295,7 +295,7 @@ jobs:
 
       - name: Upload NPM Build Directory asset
         if: matrix.license_type.build_prefix == 'bit'
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: bitwarden-cli-${{ env._PACKAGE_VERSION }}-npm-build.zip
           path: apps/cli/bitwarden-cli-${{ env._PACKAGE_VERSION }}-npm-build.zip
@@ -312,7 +312,7 @@ jobs:
       _PACKAGE_VERSION: ${{ needs.setup.outputs.package_version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Print environment
         run: |
@@ -364,14 +364,14 @@ jobs:
         run: sudo snap remove bw
 
       - name: Upload snap asset
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: bw_${{ env._PACKAGE_VERSION }}_amd64.snap
           path: apps/cli/dist/snap/bw_${{ env._PACKAGE_VERSION }}_amd64.snap
           if-no-files-found: error
 
       - name: Upload snap checksum asset
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: bw-snap-sha256-${{ env._PACKAGE_VERSION }}.txt
           path: apps/cli/dist/snap/bw-snap-sha256-${{ env._PACKAGE_VERSION }}.txt
diff --git a/.github/workflows/build-desktop.yml b/.github/workflows/build-desktop.yml
index 5022184bd0..7f01d1fa66 100644
--- a/.github/workflows/build-desktop.yml
+++ b/.github/workflows/build-desktop.yml
@@ -38,7 +38,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Verify
         run: |
@@ -67,7 +67,7 @@ jobs:
         working-directory: apps/desktop
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Get Package Version
         id: retrieve-version
@@ -140,7 +140,7 @@ jobs:
         working-directory: apps/desktop
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Set up Node
         uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
@@ -169,7 +169,7 @@ jobs:
         working-directory: ./
 
       - name: Cache Native Module
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
         id: cache
         with:
           path: |
@@ -194,42 +194,42 @@ jobs:
         run: npm run dist:lin
 
       - name: Upload .deb artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-amd64.deb
           path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-amd64.deb
           if-no-files-found: error
 
       - name: Upload .rpm artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-x86_64.rpm
           path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x86_64.rpm
           if-no-files-found: error
 
       - name: Upload .freebsd artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-x64.freebsd
           path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x64.freebsd
           if-no-files-found: error
 
       - name: Upload .snap artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: bitwarden_${{ env._PACKAGE_VERSION }}_amd64.snap
           path: apps/desktop/dist/bitwarden_${{ env._PACKAGE_VERSION }}_amd64.snap
           if-no-files-found: error
 
       - name: Upload .AppImage artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-x86_64.AppImage
           path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x86_64.AppImage
           if-no-files-found: error
 
       - name: Upload auto-update artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: ${{ needs.setup.outputs.release_channel }}-linux.yml
           path: apps/desktop/dist/${{ needs.setup.outputs.release_channel }}-linux.yml
@@ -250,7 +250,7 @@ jobs:
       NODE_OPTIONS: --max_old_space_size=4096
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Set up Node
         uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
@@ -299,7 +299,7 @@ jobs:
         working-directory: ./
 
       - name: Cache Native Module
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
         id: cache
         with:
           path: |
@@ -354,91 +354,91 @@ jobs:
             -NewName bitwarden-${{ env._PACKAGE_VERSION }}-arm64.nsis.7z
 
       - name: Upload portable exe artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-Portable-${{ env._PACKAGE_VERSION }}.exe
           path: apps/desktop/dist/Bitwarden-Portable-${{ env._PACKAGE_VERSION }}.exe
           if-no-files-found: error
 
       - name: Upload installer exe artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-Installer-${{ env._PACKAGE_VERSION }}.exe
           path: apps/desktop/dist/nsis-web/Bitwarden-Installer-${{ env._PACKAGE_VERSION }}.exe
           if-no-files-found: error
 
       - name: Upload appx ia32 artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.appx
           path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.appx
           if-no-files-found: error
 
       - name: Upload store appx ia32 artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-ia32-store.appx
           path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-ia32-store.appx
           if-no-files-found: error
 
       - name: Upload NSIS ia32 artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: bitwarden-${{ env._PACKAGE_VERSION }}-ia32.nsis.7z
           path: apps/desktop/dist/nsis-web/bitwarden-${{ env._PACKAGE_VERSION }}-ia32.nsis.7z
           if-no-files-found: error
 
       - name: Upload appx x64 artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-x64.appx
           path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x64.appx
           if-no-files-found: error
 
       - name: Upload store appx x64 artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-x64-store.appx
           path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x64-store.appx
           if-no-files-found: error
 
       - name: Upload NSIS x64 artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: bitwarden-${{ env._PACKAGE_VERSION }}-x64.nsis.7z
           path: apps/desktop/dist/nsis-web/bitwarden-${{ env._PACKAGE_VERSION }}-x64.nsis.7z
           if-no-files-found: error
 
       - name: Upload appx ARM64 artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-arm64.appx
           path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-arm64.appx
           if-no-files-found: error
 
       - name: Upload store appx ARM64 artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-arm64-store.appx
           path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-arm64-store.appx
           if-no-files-found: error
 
       - name: Upload NSIS ARM64 artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: bitwarden-${{ env._PACKAGE_VERSION }}-arm64.nsis.7z
           path: apps/desktop/dist/nsis-web/bitwarden-${{ env._PACKAGE_VERSION }}-arm64.nsis.7z
           if-no-files-found: error
 
       - name: Upload nupkg artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: bitwarden.${{ env._PACKAGE_VERSION }}.nupkg
           path: apps/desktop/dist/chocolatey/bitwarden.${{ env._PACKAGE_VERSION }}.nupkg
           if-no-files-found: error
 
       - name: Upload auto-update artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: ${{ needs.setup.outputs.release_channel }}.yml
           path: apps/desktop/dist/nsis-web/${{ needs.setup.outputs.release_channel }}.yml
@@ -458,7 +458,7 @@ jobs:
         working-directory: apps/desktop
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Set up Node
         uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
@@ -484,14 +484,14 @@ jobs:
 
       - name: Cache Build
         id: build-cache
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
         with:
           path: apps/desktop/build
           key: ${{ runner.os }}-${{ github.run_id }}-build
 
       - name: Cache Safari
         id: safari-cache
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
         with:
           path: apps/browser/dist/Safari
           key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
@@ -584,7 +584,7 @@ jobs:
         working-directory: ./
 
       - name: Cache Native Module
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
         id: cache
         with:
           path: |
@@ -624,7 +624,7 @@ jobs:
         working-directory: apps/desktop
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Set up Node
         uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
@@ -650,14 +650,14 @@ jobs:
 
       - name: Get Build Cache
         id: build-cache
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
         with:
           path: apps/desktop/build
           key: ${{ runner.os }}-${{ github.run_id }}-build
 
       - name: Setup Safari Cache
         id: safari-cache
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
         with:
           path: apps/browser/dist/Safari
           key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
@@ -750,7 +750,7 @@ jobs:
         working-directory: ./
 
       - name: Cache Native Module
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
         id: cache
         with:
           path: |
@@ -799,28 +799,28 @@ jobs:
         run: npm run pack:mac
 
       - name: Upload .zip artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-universal-mac.zip
           path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-universal-mac.zip
           if-no-files-found: error
 
       - name: Upload .dmg artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-universal.dmg
           path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-universal.dmg
           if-no-files-found: error
 
       - name: Upload .dmg blockmap artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-universal.dmg.blockmap
           path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-universal.dmg.blockmap
           if-no-files-found: error
 
       - name: Upload auto-update artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: ${{ needs.setup.outputs.release_channel }}-mac.yml
           path: apps/desktop/dist/${{ needs.setup.outputs.release_channel }}-mac.yml
@@ -843,7 +843,7 @@ jobs:
         working-directory: apps/desktop
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Set up Node
         uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
@@ -869,14 +869,14 @@ jobs:
 
       - name: Get Build Cache
         id: build-cache
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
         with:
           path: apps/desktop/build
           key: ${{ runner.os }}-${{ github.run_id }}-build
 
       - name: Setup Safari Cache
         id: safari-cache
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
         with:
           path: apps/browser/dist/Safari
           key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
@@ -976,7 +976,7 @@ jobs:
         working-directory: ./
 
       - name: Cache Native Module
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
         id: cache
         with:
           path: |
@@ -1025,7 +1025,7 @@ jobs:
         run: npm run pack:mac:mas
 
       - name: Upload .pkg artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-universal.pkg
           path: apps/desktop/dist/mas-universal/Bitwarden-${{ env._PACKAGE_VERSION }}-universal.pkg
@@ -1090,7 +1090,7 @@ jobs:
         working-directory: apps/desktop
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Set up Node
         uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
@@ -1111,14 +1111,14 @@ jobs:
 
       - name: Get Build Cache
         id: build-cache
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
         with:
           path: apps/desktop/build
           key: ${{ runner.os }}-${{ github.run_id }}-build
 
       - name: Setup Safari Cache
         id: safari-cache
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
         with:
           path: apps/browser/dist/Safari
           key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
@@ -1211,7 +1211,7 @@ jobs:
         working-directory: ./
 
       - name: Cache Native Module
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
         id: cache
         with:
           path: |
@@ -1263,7 +1263,7 @@ jobs:
           zip -r Bitwarden-${{ env._PACKAGE_VERSION }}-masdev-universal.zip Bitwarden.app
 
       - name: Upload masdev artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-masdev-universal.zip
           path: apps/desktop/dist/mas-dev-universal/Bitwarden-${{ env._PACKAGE_VERSION }}-masdev-universal.zip
@@ -1281,7 +1281,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Login to Azure
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
diff --git a/.github/workflows/build-web.yml b/.github/workflows/build-web.yml
index 4551a7baac..21b976f912 100644
--- a/.github/workflows/build-web.yml
+++ b/.github/workflows/build-web.yml
@@ -45,7 +45,7 @@ jobs:
       node_version: ${{ steps.retrieve-node-version.outputs.node_version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Get GitHub sha as version
         id: version
@@ -91,7 +91,7 @@ jobs:
 
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Set up Node
         uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
@@ -130,7 +130,7 @@ jobs:
         run: zip -r web-${{ env._VERSION }}-${{ matrix.name }}.zip build
 
       - name: Upload ${{ matrix.name }} artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: web-${{ env._VERSION }}-${{ matrix.name }}.zip
           path: apps/web/web-${{ env._VERSION }}-${{ matrix.name }}.zip
@@ -157,7 +157,7 @@ jobs:
       _VERSION: ${{ needs.setup.outputs.version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Check Branch to Publish
         env:
@@ -234,7 +234,7 @@ jobs:
         run: echo "name=$_AZ_REGISTRY/${PROJECT_NAME}:${IMAGE_TAG}" >> $GITHUB_OUTPUT
 
       - name: Build Docker image
-        uses: docker/build-push-action@32945a339266b759abcbdc89316275140b0fc960 # v6.8.0
+        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
         with:
           context: apps/web
           file: apps/web/Dockerfile
@@ -255,7 +255,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Login to Azure
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
diff --git a/.github/workflows/chromatic.yml b/.github/workflows/chromatic.yml
index b52ecc1c40..0352c0ca2e 100644
--- a/.github/workflows/chromatic.yml
+++ b/.github/workflows/chromatic.yml
@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: Check out repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           ref: ${{  github.event.pull_request.head.sha }}
           fetch-depth: 0
@@ -44,7 +44,7 @@ jobs:
 
       - name: Cache NPM
         id: npm-cache
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
         with:
           path: "~/.npm"
           key: ${{ runner.os }}-npm-chromatic-${{ hashFiles('**/package-lock.json') }}
@@ -57,7 +57,7 @@ jobs:
         run: npm run build-storybook:ci
 
       - name: Publish to Chromatic
-        uses: chromaui/action@f4e60a7072abcac4203f4ca50613f28e199a52ba # v11.10.4
+        uses: chromaui/action@bbbf288765438d5fd2be13e1d80d542a39e74108 # v11.12.1
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           projectToken: ${{ secrets.CHROMATIC_PROJECT_TOKEN }}
diff --git a/.github/workflows/crowdin-pull.yml b/.github/workflows/crowdin-pull.yml
index b319e5365f..974e30c28e 100644
--- a/.github/workflows/crowdin-pull.yml
+++ b/.github/workflows/crowdin-pull.yml
@@ -23,7 +23,7 @@ jobs:
             crowdin_project_id: "308189"
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Login to Azure
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index ad8c5dd40d..b06365fa97 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Lint filenames (no capital characters)
         run: |
diff --git a/.github/workflows/locales-lint.yml b/.github/workflows/locales-lint.yml
index db2c66f7b8..a701d63d10 100644
--- a/.github/workflows/locales-lint.yml
+++ b/.github/workflows/locales-lint.yml
@@ -15,9 +15,9 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
       - name: Checkout base branch repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           ref: ${{ github.event.pull_request.base.sha }}
           path: base
diff --git a/.github/workflows/publish-cli.yml b/.github/workflows/publish-cli.yml
index f9c4b85e8a..a54d70b8d3 100644
--- a/.github/workflows/publish-cli.yml
+++ b/.github/workflows/publish-cli.yml
@@ -92,7 +92,7 @@ jobs:
       _PKG_VERSION: ${{ needs.setup.outputs.release-version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Login to Azure
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
@@ -129,7 +129,7 @@ jobs:
       _PKG_VERSION: ${{ needs.setup.outputs.release-version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Login to Azure
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
@@ -169,7 +169,7 @@ jobs:
       _PKG_VERSION: ${{ needs.setup.outputs.release-version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Login to Azure
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
diff --git a/.github/workflows/publish-desktop.yml b/.github/workflows/publish-desktop.yml
index 0816a86b1b..8103dd7b7c 100644
--- a/.github/workflows/publish-desktop.yml
+++ b/.github/workflows/publish-desktop.yml
@@ -184,7 +184,7 @@ jobs:
       _RELEASE_TAG: ${{ needs.setup.outputs.tag-name }}
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Login to Azure
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
@@ -228,7 +228,7 @@ jobs:
       _RELEASE_TAG: ${{ needs.setup.outputs.tag-name }}
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Print Environment
         run: |
diff --git a/.github/workflows/publish-web.yml b/.github/workflows/publish-web.yml
index 02a60ee422..e26d536aad 100644
--- a/.github/workflows/publish-web.yml
+++ b/.github/workflows/publish-web.yml
@@ -27,7 +27,7 @@ jobs:
       tag_version: ${{ steps.version.outputs.tag }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Branch check
         if: ${{ inputs.publish_type != 'Dry Run' }}
@@ -67,7 +67,7 @@ jobs:
           echo "Github Release Option: $_RELEASE_OPTION"
 
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       ########## ACR ##########
       - name: Login to Azure - PROD Subscription
diff --git a/.github/workflows/release-browser.yml b/.github/workflows/release-browser.yml
index f190889414..860acce2b7 100644
--- a/.github/workflows/release-browser.yml
+++ b/.github/workflows/release-browser.yml
@@ -27,7 +27,7 @@ jobs:
       release-version: ${{ steps.version.outputs.version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Branch check
         if: ${{ github.event.inputs.release_type != 'Dry Run' }}
@@ -56,7 +56,7 @@ jobs:
     needs: setup
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Testing locales - extName length
         run: |
diff --git a/.github/workflows/release-cli.yml b/.github/workflows/release-cli.yml
index 8f5123b50b..60e5bc025b 100644
--- a/.github/workflows/release-cli.yml
+++ b/.github/workflows/release-cli.yml
@@ -27,7 +27,7 @@ jobs:
       release-version: ${{ steps.version.outputs.version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Branch check
         if: ${{ inputs.release_type != 'Dry Run' }}
diff --git a/.github/workflows/release-desktop-beta.yml b/.github/workflows/release-desktop-beta.yml
index 23b06d71dd..19b3ac2d22 100644
--- a/.github/workflows/release-desktop-beta.yml
+++ b/.github/workflows/release-desktop-beta.yml
@@ -24,7 +24,7 @@ jobs:
       node_version: ${{ steps.retrieve-node-version.outputs.node_version }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Branch check
         run: |
@@ -125,7 +125,7 @@ jobs:
         working-directory: apps/desktop
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           ref: ${{ needs.setup.outputs.branch-name }}
 
@@ -159,42 +159,42 @@ jobs:
         run: npm run dist:lin
 
       - name: Upload .deb artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-amd64.deb
           path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-amd64.deb
           if-no-files-found: error
 
       - name: Upload .rpm artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-x86_64.rpm
           path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x86_64.rpm
           if-no-files-found: error
 
       - name: Upload .freebsd artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-x64.freebsd
           path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x64.freebsd
           if-no-files-found: error
 
       - name: Upload .snap artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: bitwarden_${{ env._PACKAGE_VERSION }}_amd64.snap
           path: apps/desktop/dist/bitwarden_${{ env._PACKAGE_VERSION }}_amd64.snap
           if-no-files-found: error
 
       - name: Upload .AppImage artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-x86_64.AppImage
           path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x86_64.AppImage
           if-no-files-found: error
 
       - name: Upload auto-update artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: ${{ needs.setup.outputs.release-channel }}-linux.yml
           path: apps/desktop/dist/${{ needs.setup.outputs.release-channel }}-linux.yml
@@ -215,7 +215,7 @@ jobs:
       NODE_OPTIONS: --max_old_space_size=4096
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           ref: ${{ needs.setup.outputs.branch-name }}
 
@@ -300,91 +300,91 @@ jobs:
             -NewName bitwarden-${{ env._PACKAGE_VERSION }}-arm64.nsis.7z
 
       - name: Upload portable exe artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-Portable-${{ env._PACKAGE_VERSION }}.exe
           path: apps/desktop/dist/Bitwarden-Portable-${{ env._PACKAGE_VERSION }}.exe
           if-no-files-found: error
 
       - name: Upload installer exe artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-Installer-${{ env._PACKAGE_VERSION }}.exe
           path: apps/desktop/dist/nsis-web/Bitwarden-Installer-${{ env._PACKAGE_VERSION }}.exe
           if-no-files-found: error
 
       - name: Upload appx ia32 artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.appx
           path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-ia32.appx
           if-no-files-found: error
 
       - name: Upload store appx ia32 artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-ia32-store.appx
           path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-ia32-store.appx
           if-no-files-found: error
 
       - name: Upload NSIS ia32 artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: bitwarden-${{ env._PACKAGE_VERSION }}-ia32.nsis.7z
           path: apps/desktop/dist/nsis-web/bitwarden-${{ env._PACKAGE_VERSION }}-ia32.nsis.7z
           if-no-files-found: error
 
       - name: Upload appx x64 artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-x64.appx
           path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x64.appx
           if-no-files-found: error
 
       - name: Upload store appx x64 artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-x64-store.appx
           path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-x64-store.appx
           if-no-files-found: error
 
       - name: Upload NSIS x64 artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: bitwarden-${{ env._PACKAGE_VERSION }}-x64.nsis.7z
           path: apps/desktop/dist/nsis-web/bitwarden-${{ env._PACKAGE_VERSION }}-x64.nsis.7z
           if-no-files-found: error
 
       - name: Upload appx ARM64 artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-arm64.appx
           path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-arm64.appx
           if-no-files-found: error
 
       - name: Upload store appx ARM64 artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-arm64-store.appx
           path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-arm64-store.appx
           if-no-files-found: error
 
       - name: Upload NSIS ARM64 artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: bitwarden-${{ env._PACKAGE_VERSION }}-arm64.nsis.7z
           path: apps/desktop/dist/nsis-web/bitwarden-${{ env._PACKAGE_VERSION }}-arm64.nsis.7z
           if-no-files-found: error
 
       - name: Upload nupkg artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: bitwarden.${{ env._PACKAGE_VERSION }}.nupkg
           path: apps/desktop/dist/chocolatey/bitwarden.${{ env._PACKAGE_VERSION }}.nupkg
           if-no-files-found: error
 
       - name: Upload auto-update artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: ${{ needs.setup.outputs.release-channel }}.yml
           path: apps/desktop/dist/nsis-web/${{ needs.setup.outputs.release-channel }}.yml
@@ -404,7 +404,7 @@ jobs:
         working-directory: apps/desktop
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           ref: ${{ needs.setup.outputs.branch-name }}
 
@@ -427,14 +427,14 @@ jobs:
 
       - name: Cache Build
         id: build-cache
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
         with:
           path: apps/desktop/build
           key: ${{ runner.os }}-${{ github.run_id }}-build
 
       - name: Cache Safari
         id: safari-cache
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
         with:
           path: apps/browser/dist/Safari
           key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
@@ -538,7 +538,7 @@ jobs:
         working-directory: apps/desktop
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           ref: ${{ needs.setup.outputs.branch-name }}
 
@@ -561,14 +561,14 @@ jobs:
 
       - name: Get Build Cache
         id: build-cache
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
         with:
           path: apps/desktop/build
           key: ${{ runner.os }}-${{ github.run_id }}-build
 
       - name: Setup Safari Cache
         id: safari-cache
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
         with:
           path: apps/browser/dist/Safari
           key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
@@ -708,28 +708,28 @@ jobs:
         run: npm run pack:mac
 
       - name: Upload .zip artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-universal-mac.zip
           path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-universal-mac.zip
           if-no-files-found: error
 
       - name: Upload .dmg artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-universal.dmg
           path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-universal.dmg
           if-no-files-found: error
 
       - name: Upload .dmg blockmap artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-universal.dmg.blockmap
           path: apps/desktop/dist/Bitwarden-${{ env._PACKAGE_VERSION }}-universal.dmg.blockmap
           if-no-files-found: error
 
       - name: Upload auto-update artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: ${{ needs.setup.outputs.release-channel }}-mac.yml
           path: apps/desktop/dist/${{ needs.setup.outputs.release-channel }}-mac.yml
@@ -751,7 +751,7 @@ jobs:
         working-directory: apps/desktop
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           ref: ${{ needs.setup.outputs.branch-name }}
 
@@ -774,14 +774,14 @@ jobs:
 
       - name: Get Build Cache
         id: build-cache
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
         with:
           path: apps/desktop/build
           key: ${{ runner.os }}-${{ github.run_id }}-build
 
       - name: Setup Safari Cache
         id: safari-cache
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
         with:
           path: apps/browser/dist/Safari
           key: ${{ runner.os }}-${{ github.run_id }}-safari-extension
@@ -916,7 +916,7 @@ jobs:
           APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
 
       - name: Upload .pkg artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: Bitwarden-${{ env._PACKAGE_VERSION }}-universal.pkg
           path: apps/desktop/dist/mas-universal/Bitwarden-${{ env._PACKAGE_VERSION }}-universal.pkg
@@ -1011,7 +1011,7 @@ jobs:
       - release
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Setup git config
         run: |
diff --git a/.github/workflows/release-desktop.yml b/.github/workflows/release-desktop.yml
index d69c15559b..7c5228478a 100644
--- a/.github/workflows/release-desktop.yml
+++ b/.github/workflows/release-desktop.yml
@@ -27,7 +27,7 @@ jobs:
       release-channel: ${{ steps.release-channel.outputs.channel }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Branch check
         if: ${{ github.event.inputs.release_type != 'Dry Run' }}
diff --git a/.github/workflows/release-web.yml b/.github/workflows/release-web.yml
index 92f5701889..7f18242909 100644
--- a/.github/workflows/release-web.yml
+++ b/.github/workflows/release-web.yml
@@ -24,7 +24,7 @@ jobs:
       tag_version: ${{ steps.version.outputs.tag }}
     steps:
       - name: Checkout repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Branch check
         if: ${{ github.event.inputs.release_type != 'Dry Run' }}
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
index f15a14dd11..5afd133afd 100644
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@@ -27,12 +27,12 @@ jobs:
 
     steps:
       - name: Check out repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           ref: ${{  github.event.pull_request.head.sha }}
 
       - name: Scan with Checkmarx
-        uses: checkmarx/ast-github-action@9fda5a4a2c297608117a5a56af424502a9192e57 # 2.0.34
+        uses: checkmarx/ast-github-action@f0869bd1a37fddc06499a096101e6c900e815d81 # 2.0.36
         env:
           INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}"
         with:
@@ -47,7 +47,7 @@ jobs:
             --output-path . ${{ env.INCREMENTAL }}
 
       - name: Upload Checkmarx results to GitHub
-        uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
+        uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
         with:
           sarif_file: cx_result.sarif
 
@@ -61,13 +61,13 @@ jobs:
 
     steps:
       - name: Check out repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           fetch-depth: 0
           ref: ${{  github.event.pull_request.head.sha }}
 
       - name: Scan with SonarCloud
-        uses: sonarsource/sonarcloud-github-action@eb211723266fe8e83102bac7361f0a05c3ac1d1b # v3.0.0
+        uses: sonarsource/sonarcloud-github-action@383f7e52eae3ab0510c3cb0e7d9d150bbaeab838 # v3.1.0
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index fd378213c9..0f3cfd56c9 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -41,7 +41,7 @@ jobs:
 
     steps:
       - name: Check out repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Get Node Version
         id: retrieve-node-version
@@ -86,13 +86,13 @@ jobs:
           fail-on-error: true
 
       - name: Upload coverage to codecov.io
-        uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
+        uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0
         if: ${{ needs.check-test-secrets.outputs.available == 'true' }}
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
 
       - name: Upload results to codecov.io
-        uses: codecov/test-results-action@1b5b448b98e58ba90d1a1a1d9fcb72ca2263be46 # v1.0.0
+        uses: codecov/test-results-action@9739113ad922ea0a9abb4b2c0f8bf6a4aa8ef820 # v1.0.1
         if: ${{ needs.check-test-secrets.outputs.available == 'true' }}
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
@@ -121,7 +121,7 @@ jobs:
           sudo apt-get install -y gnome-keyring dbus-x11
 
       - name: Check out repo
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
 
       - name: Build
         working-directory: ./apps/desktop/desktop_native
diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml
index d18097ee1c..457cdd08fe 100644
--- a/.github/workflows/version-bump.yml
+++ b/.github/workflows/version-bump.yml
@@ -58,7 +58,7 @@ jobs:
           fi
 
       - name: Checkout Branch
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           ref: main
 
@@ -533,7 +533,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout Branch
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
         with:
           ref: main
 

From a5f856da2a73ef912ddc86e15f84a4b8eda1b243 Mon Sep 17 00:00:00 2001
From: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
Date: Thu, 17 Oct 2024 10:47:08 -0400
Subject: [PATCH 09/10] Component Library - Add Icon documentation (#11571)

* Add Icon documentation

* Add 7th bullet

* Icon docs - add context on how to go from hex values to appropriate tailwind classes.

* 7th bullet needs bold to look right

* Add color icon per suggestion
---
 libs/components/src/icon/icon.mdx | 99 +++++++++++++++++++++++++++++++
 1 file changed, 99 insertions(+)
 create mode 100644 libs/components/src/icon/icon.mdx

diff --git a/libs/components/src/icon/icon.mdx b/libs/components/src/icon/icon.mdx
new file mode 100644
index 0000000000..d8b881b7e8
--- /dev/null
+++ b/libs/components/src/icon/icon.mdx
@@ -0,0 +1,99 @@
+import { Meta, Story, Controls } from "@storybook/addon-docs";
+
+import * as stories from "./icon.stories";
+
+<Meta of={stories} />
+
+# Icon Use Instructions
+
+- Icons will generally be attached to the associated Jira task.
+  - Designers should minify any SVGs before attaching them to Jira using a tool like
+    [SVGOMG](https://jakearchibald.github.io/svgomg/).
+    - **Note:** Ensure the "Remove viewbox" option is toggled off if responsive resizing of the icon
+      is desired.
+
+## Developer Instructions
+
+1. **Download the SVG** and import it as an `.svg` initially into the IDE of your choice.
+
+   - The SVG should be formatted using either a built-in formatter or an external tool like
+     [SVG Formatter Beautifier](https://codebeautify.org/svg-formatter-beautifier) to make applying
+     classes easier.
+
+2. **Rename the file** as a `<name>.icon.ts` TypeScript file.
+
+3. **Import** `svgIcon` from `@bitwarden/components`.
+
+4. **Define and export** a `const` to represent your `svgIcon`.
+
+   ```typescript
+   export const ExampleIcon = svgIcon`<svg … </svg>`;
+   ```
+
+5. **Replace any hardcoded strokes or fills** with the appropriate Tailwind class.
+
+   - **Note:** Stroke is used when styling the outline of an SVG path, while fill is used when
+     styling the inside of an SVG path.
+
+   - A non-comprehensive list of common colors and their associated classes is below:
+
+     | Hardcoded Value                                                                                                                          | Tailwind Stroke Class     | Tailwind Fill Class     | Tailwind Variable       |
+     | ---------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | ----------------------- | ----------------------- |
+     | `#020F66` <span style={{ display: "inline-block", width: "8px", height: "8px", borderRadius: "50%", backgroundColor: "#020F66"}}></span> | `tw-stroke-art-primary`   | `tw-fill-art-primary`   | `--color-art-primary`   |
+     | `#10949D` <span style={{ display: "inline-block", width: "8px", height: "8px", borderRadius: "50%", backgroundColor: "#10949D"}}></span> | `tw-stroke-art-accent`    | `tw-fill-art-accent`    | `--color-art-accent`    |
+     | `#2CDDE9` <span style={{ display: "inline-block", width: "8px", height: "8px", borderRadius: "50%", backgroundColor: "#2CDDE9"}}></span> | `tw-stroke-art-accent`    | `tw-fill-art-accent`    | `--color-art-accent`    |
+     | `#89929F` <span style={{ display: "inline-block", width: "8px", height: "8px", borderRadius: "50%", backgroundColor: "#89929F"}}></span> | `tw-stroke-secondary-600` | `tw-fill-secondary-600` | `--color-secondary-600` |
+
+   - If the hex that you have on an SVG path is not listed above, there are a few ways to figure out
+     the appropriate Tailwind class:
+
+     - **Option 1: Figma**
+       - Open the SVG in Figma.
+       - Click on an individual path on the SVG until you see the path's properties in the
+         right-hand panel.
+       - Scroll down to the Colors section.
+         - Example: `Color/Art/Primary`
+         - This also includes Hex or RGB values that can be used to find the appropriate Tailwind
+           variable as well if you follow the manual search option below.
+       - Create the appropriate stroke or fill class from the color used.
+         - Example: `Color/Art/Primary` corresponds to `--color-art-primary` which corresponds to
+           `tw-stroke-art-primary` or `tw-fill-art-primary`.
+     - **Option 2: Manual Search**
+       - Take the path's stroke or fill hex value and convert it to RGB using a tool like
+         [Hex to RGB](https://www.rgbtohex.net/hex-to-rgb/).
+       - Search for the RGB value without commas in our `tw-theme.css` to find the Tailwind variable
+         that corresponds to the color.
+       - Create the appropriate stroke or fill class using the Tailwind variable.
+         - Example: `--color-art-primary` corresponds to `tw-stroke-art-primary` or
+           `tw-fill-art-primary`.
+
+6. **Import your SVG const** anywhere you want to use the SVG.
+
+   - **Angular Component Example:**
+
+     - **TypeScript:**
+
+       ```typescript
+       import { Component } from "@angular/core";
+       import { ExampleIcon } from "your/path/here";
+       import { IconModule } from '@bitwarden/components';
+
+       @Component({
+         selector: "app-example",
+         standalone: true,
+         imports: [IconModule],
+         templateUrl: "./example.component.html",
+       })
+       export class ExampleComponent {
+         readonly Icons = { ExampleIcon, Example2Icon };
+         ...
+       }
+       ```
+
+     - **HTML:**
+       ```html
+       <bit-icon [icon]="Icons.ExampleIcon"></bit-icon>
+       ```
+
+7. **Ensure your SVG renders properly** according to Figma in both light and dark modes on a client
+   which supports multiple style modes.

From 97e195cd7b45613d59b2a13f9e9e32958e469f3f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rui=20Tom=C3=A9?=
 <108268980+r-tome@users.noreply.github.com>
Date: Thu, 17 Oct 2024 16:06:33 +0100
Subject: [PATCH 10/10] [PM-11404] Account Management: Prevent a verified user
 from purging their vault (#11411)

* Update AccountService to include a method for setting the managedByOrganizationId

* Update AccountComponent to conditionally show the purgeVault button based on a feature flag and if the user is managed by an organization

* Add missing method to FakeAccountService

* Remove the setAccountManagedByOrganizationId method from the AccountService abstract class.

* Refactor AccountComponent to use OrganizationService to check for managing organization

* Rename managesActiveUser to userIsManagedByOrganization

* Refactor userIsManagedByOrganization property to be non-nullable in organization data and response models

* Refactor organization.data.spec.ts to include non-nullable userIsManagedByOrganization property
---
 .../settings/account/account.component.html   |  8 ++++++-
 .../settings/account/account.component.ts     | 22 ++++++++++++++++++-
 .../models/data/organization.data.spec.ts     |  1 +
 .../models/data/organization.data.ts          |  2 ++
 .../models/domain/organization.ts             |  7 ++++++
 .../response/profile-organization.response.ts |  2 ++
 .../src/models/response/profile.response.ts   |  2 --
 7 files changed, 40 insertions(+), 4 deletions(-)

diff --git a/apps/web/src/app/auth/settings/account/account.component.html b/apps/web/src/app/auth/settings/account/account.component.html
index c176469371..71508f7ae9 100644
--- a/apps/web/src/app/auth/settings/account/account.component.html
+++ b/apps/web/src/app/auth/settings/account/account.component.html
@@ -12,7 +12,13 @@
     <button type="button" bitButton buttonType="danger" (click)="deauthorizeSessions()">
       {{ "deauthorizeSessions" | i18n }}
     </button>
-    <button type="button" bitButton buttonType="danger" [bitAction]="purgeVault">
+    <button
+      *ngIf="showPurgeVault$ | async"
+      type="button"
+      bitButton
+      buttonType="danger"
+      [bitAction]="purgeVault"
+    >
       {{ "purgeVault" | i18n }}
     </button>
     <button type="button" bitButton buttonType="danger" [bitAction]="deleteAccount">
diff --git a/apps/web/src/app/auth/settings/account/account.component.ts b/apps/web/src/app/auth/settings/account/account.component.ts
index 6ee7662374..dd8dc881f6 100644
--- a/apps/web/src/app/auth/settings/account/account.component.ts
+++ b/apps/web/src/app/auth/settings/account/account.component.ts
@@ -1,8 +1,11 @@
 import { Component, OnInit, ViewChild, ViewContainerRef } from "@angular/core";
-import { lastValueFrom } from "rxjs";
+import { lastValueFrom, map, Observable, of, switchMap } from "rxjs";
 
 import { ModalService } from "@bitwarden/angular/services/modal.service";
+import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { DialogService } from "@bitwarden/components";
 
 import { PurgeVaultComponent } from "../../../vault/settings/purge-vault.component";
@@ -19,15 +22,32 @@ export class AccountComponent implements OnInit {
   deauthModalRef: ViewContainerRef;
 
   showChangeEmail = true;
+  showPurgeVault$: Observable<boolean>;
 
   constructor(
     private modalService: ModalService,
     private dialogService: DialogService,
     private userVerificationService: UserVerificationService,
+    private configService: ConfigService,
+    private organizationService: OrganizationService,
   ) {}
 
   async ngOnInit() {
     this.showChangeEmail = await this.userVerificationService.hasMasterPassword();
+    this.showPurgeVault$ = this.configService
+      .getFeatureFlag$(FeatureFlag.AccountDeprovisioning)
+      .pipe(
+        switchMap((isAccountDeprovisioningEnabled) =>
+          isAccountDeprovisioningEnabled
+            ? this.organizationService.organizations$.pipe(
+                map(
+                  (organizations) =>
+                    !organizations.some((o) => o.userIsManagedByOrganization === true),
+                ),
+              )
+            : of(true),
+        ),
+      );
   }
 
   async deauthorizeSessions() {
diff --git a/libs/common/src/admin-console/models/data/organization.data.spec.ts b/libs/common/src/admin-console/models/data/organization.data.spec.ts
index 4e90be7f27..0b3d512817 100644
--- a/libs/common/src/admin-console/models/data/organization.data.spec.ts
+++ b/libs/common/src/admin-console/models/data/organization.data.spec.ts
@@ -57,6 +57,7 @@ describe("ORGANIZATIONS state", () => {
         limitCollectionCreationDeletion: false,
         allowAdminAccessToAllCollectionItems: false,
         familySponsorshipLastSyncDate: new Date(),
+        userIsManagedByOrganization: false,
       },
     };
     const result = sut.deserializer(JSON.parse(JSON.stringify(expectedResult)));
diff --git a/libs/common/src/admin-console/models/data/organization.data.ts b/libs/common/src/admin-console/models/data/organization.data.ts
index a5cae0af80..0c0dedad25 100644
--- a/libs/common/src/admin-console/models/data/organization.data.ts
+++ b/libs/common/src/admin-console/models/data/organization.data.ts
@@ -57,6 +57,7 @@ export class OrganizationData {
   // Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
   limitCollectionCreationDeletion: boolean;
   allowAdminAccessToAllCollectionItems: boolean;
+  userIsManagedByOrganization: boolean;
 
   constructor(
     response?: ProfileOrganizationResponse,
@@ -118,6 +119,7 @@ export class OrganizationData {
     // Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
     this.limitCollectionCreationDeletion = response.limitCollectionCreationDeletion;
     this.allowAdminAccessToAllCollectionItems = response.allowAdminAccessToAllCollectionItems;
+    this.userIsManagedByOrganization = response.userIsManagedByOrganization;
 
     this.isMember = options.isMember;
     this.isProviderUser = options.isProviderUser;
diff --git a/libs/common/src/admin-console/models/domain/organization.ts b/libs/common/src/admin-console/models/domain/organization.ts
index 0ded0ef331..42436e0a93 100644
--- a/libs/common/src/admin-console/models/domain/organization.ts
+++ b/libs/common/src/admin-console/models/domain/organization.ts
@@ -77,6 +77,12 @@ export class Organization {
    * Refers to the ability for an owner/admin to access all collection items, regardless of assigned collections
    */
   allowAdminAccessToAllCollectionItems: boolean;
+  /**
+   * Indicates if this organization manages the user.
+   * A user is considered managed by an organization if their email domain
+   * matches one of the verified domains of that organization, and the user is a member of it.
+   */
+  userIsManagedByOrganization: boolean;
 
   constructor(obj?: OrganizationData) {
     if (obj == null) {
@@ -134,6 +140,7 @@ export class Organization {
     // Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
     this.limitCollectionCreationDeletion = obj.limitCollectionCreationDeletion;
     this.allowAdminAccessToAllCollectionItems = obj.allowAdminAccessToAllCollectionItems;
+    this.userIsManagedByOrganization = obj.userIsManagedByOrganization;
   }
 
   get canAccess() {
diff --git a/libs/common/src/admin-console/models/response/profile-organization.response.ts b/libs/common/src/admin-console/models/response/profile-organization.response.ts
index bccb3c3cc6..4d9366e662 100644
--- a/libs/common/src/admin-console/models/response/profile-organization.response.ts
+++ b/libs/common/src/admin-console/models/response/profile-organization.response.ts
@@ -54,6 +54,7 @@ export class ProfileOrganizationResponse extends BaseResponse {
   // Deprecated: https://bitwarden.atlassian.net/browse/PM-10863
   limitCollectionCreationDeletion: boolean;
   allowAdminAccessToAllCollectionItems: boolean;
+  userIsManagedByOrganization: boolean;
 
   constructor(response: any) {
     super(response);
@@ -121,5 +122,6 @@ export class ProfileOrganizationResponse extends BaseResponse {
     this.allowAdminAccessToAllCollectionItems = this.getResponseProperty(
       "AllowAdminAccessToAllCollectionItems",
     );
+    this.userIsManagedByOrganization = this.getResponseProperty("UserIsManagedByOrganization");
   }
 }
diff --git a/libs/common/src/models/response/profile.response.ts b/libs/common/src/models/response/profile.response.ts
index 24aeb11cdb..6b6555fc56 100644
--- a/libs/common/src/models/response/profile.response.ts
+++ b/libs/common/src/models/response/profile.response.ts
@@ -21,7 +21,6 @@ export class ProfileResponse extends BaseResponse {
   securityStamp: string;
   forcePasswordReset: boolean;
   usesKeyConnector: boolean;
-  managedByOrganizationId?: string | null;
   organizations: ProfileOrganizationResponse[] = [];
   providers: ProfileProviderResponse[] = [];
   providerOrganizations: ProfileProviderOrganizationResponse[] = [];
@@ -43,7 +42,6 @@ export class ProfileResponse extends BaseResponse {
     this.securityStamp = this.getResponseProperty("SecurityStamp");
     this.forcePasswordReset = this.getResponseProperty("ForcePasswordReset") ?? false;
     this.usesKeyConnector = this.getResponseProperty("UsesKeyConnector") ?? false;
-    this.managedByOrganizationId = this.getResponseProperty("ManagedByOrganizationId");
 
     const organizations = this.getResponseProperty("Organizations");
     if (organizations != null) {