Merge branch 'main' into autofill/pm-5189-fix-issues-present-with-inline-menu-rendering-in-iframes

apps/browser/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bitwarden/browser",
-  "version": "2024.3.1",
+  "version": "2024.4.1",
   "scripts": {
     "build": "webpack",
     "build:mv3": "cross-env MANIFEST_VERSION=3 webpack",

apps/browser/src/_locales/en/messages.json

@@ -3005,5 +3005,8 @@
   },
   "passkeyRemoved": {
     "message": "Passkey removed"
+  },
+  "unassignedItemsBanner": {
+    "message": "Notice: Unassigned organization items are no longer visible in the All Vaults view and only accessible via the Admin Console. Assign these items to a collection from the Admin Console to make them visible."
   }
 }

apps/browser/src/_locales/eu/messages.json

@@ -95,10 +95,10 @@
     "message": "Auto-fill login"
   },
   "autoFillCard": {
-    "message": "Auto-fill card"
+    "message": "Auto-bete txartela"
   },
   "autoFillIdentity": {
-    "message": "Auto-fill identity"
+    "message": "Auto-bete nortasuna"
   },
   "generatePasswordCopied": {
     "message": "Sortu pasahitza (kopiatuta)"
@@ -110,19 +110,19 @@
     "message": "Bat datozen saio-hasierarik gabe"
   },
   "noCards": {
-    "message": "No cards"
+    "message": "Txartelik ez"
   },
   "noIdentities": {
-    "message": "No identities"
+    "message": "Nortasunik ez"
   },
   "addLoginMenu": {
     "message": "Add login"
   },
   "addCardMenu": {
-    "message": "Add card"
+    "message": "Gehitu txartela"
   },
   "addIdentityMenu": {
-    "message": "Add identity"
+    "message": "Gehitu nortasuna"
   },
   "unlockVaultMenu": {
     "message": "Desblokeatu kutxa gotorra"
@@ -223,10 +223,10 @@
     "message": "Bitwarden Laguntza zentroa"
   },
   "communityForums": {
-    "message": "Explore Bitwarden community forums"
+    "message": "Esploratu Bitwarden komunitatearen foroak"
   },
   "contactSupport": {
-    "message": "Contact Bitwarden support"
+    "message": "Jarri harremanetan Bitwardeneko laguntza taldearekin"
   },
   "sync": {
     "message": "Sinkronizatu"
@@ -269,7 +269,7 @@
     "message": "Luzera"
   },
   "passwordMinLength": {
-    "message": "Minimum password length"
+    "message": "Pasahitzaren gutxieneko luzera"
   },
   "uppercase": {
     "message": "Letra larria (A-Z)"
@@ -1064,7 +1064,7 @@
     "message": "Edit browser settings."
   },
   "autofillOverlayVisibilityOff": {
-    "message": "Off",
+    "message": "Itzalita",
     "description": "Overlay setting select option for disabling autofill overlay"
   },
   "autofillOverlayVisibilityOnFieldFocus": {
@@ -1592,10 +1592,10 @@
     "message": "Ezarri pasahitz nagusia"
   },
   "currentMasterPass": {
-    "message": "Current master password"
+    "message": "Oraingo pasahitz nagusia"
   },
   "newMasterPass": {
-    "message": "New master password"
+    "message": "Pasahitz nagusi berria"
   },
   "confirmNewMasterPass": {
     "message": "Confirm new master password"
@@ -2266,10 +2266,10 @@
     "message": "Please make sure your vault is unlocked and the Fingerprint phrase matches on the other device."
   },
   "resendNotification": {
-    "message": "Resend notification"
+    "message": "Berbidali jakinarazpena"
   },
   "viewAllLoginOptions": {
-    "message": "View all log in options"
+    "message": "Ikusi erregistro guztiak ezarpenetan"
   },
   "notificationSentDevice": {
     "message": "A notification has been sent to your device."
@@ -2293,13 +2293,13 @@
     "message": "Check known data breaches for this password"
   },
   "important": {
-    "message": "Important:"
+    "message": "Garrantzitsua:"
   },
   "masterPasswordHint": {
     "message": "Your master password cannot be recovered if you forget it!"
   },
   "characterMinimum": {
-    "message": "$LENGTH$ character minimum",
+    "message": "$LENGTH$ karaktere gutxienez",
     "placeholders": {
       "length": {
         "content": "$1",
@@ -2326,7 +2326,7 @@
     "message": "Select an item from this screen, or explore other options in settings."
   },
   "gotIt": {
-    "message": "Got it"
+    "message": "Ulertuta"
   },
   "autofillSettings": {
     "message": "Auto-fill settings"
@@ -2359,25 +2359,25 @@
     "message": "Logging in on"
   },
   "opensInANewWindow": {
-    "message": "Opens in a new window"
+    "message": "Leiho berri batean irekitzen da"
   },
   "deviceApprovalRequired": {
     "message": "Device approval required. Select an approval option below:"
   },
   "rememberThisDevice": {
-    "message": "Remember this device"
+    "message": "Gogoratu gailu hau"
   },
   "uncheckIfPublicDevice": {
     "message": "Uncheck if using a public device"
   },
   "approveFromYourOtherDevice": {
-    "message": "Approve from your other device"
+    "message": "Onartu zure beste gailutik"
   },
   "requestAdminApproval": {
-    "message": "Request admin approval"
+    "message": "Eskatu administratzailearen onarpena"
   },
   "approveWithMasterPassword": {
-    "message": "Approve with master password"
+    "message": "Onartu pasahitz nagusiarekin"
   },
   "ssoIdentifierRequired": {
     "message": "Organization SSO identifier is required."
@@ -2390,31 +2390,31 @@
     "message": "Access denied. You do not have permission to view this page."
   },
   "general": {
-    "message": "General"
+    "message": "Orokorra"
   },
   "display": {
-    "message": "Display"
+    "message": "Bistaratzea"
   },
   "accountSuccessfullyCreated": {
-    "message": "Account successfully created!"
+    "message": "Kontua zuzen sortu da!"
   },
   "adminApprovalRequested": {
-    "message": "Admin approval requested"
+    "message": "Administratzailearen onarpena eskatuta"
   },
   "adminApprovalRequestSentToAdmins": {
-    "message": "Your request has been sent to your admin."
+    "message": "Zure eskaera zure administratzaileari bidali zaio."
   },
   "youWillBeNotifiedOnceApproved": {
-    "message": "You will be notified once approved."
+    "message": "Jakinaraziko zaizu onartzen denean."
   },
   "troubleLoggingIn": {
-    "message": "Trouble logging in?"
+    "message": "Arazoak saioa hasterakoan?"
   },
   "loginApproved": {
     "message": "Login approved"
   },
   "userEmailMissing": {
-    "message": "User email missing"
+    "message": "Erabiltzailearen emaila falta da"
   },
   "deviceTrusted": {
     "message": "Device trusted"
@@ -2540,19 +2540,19 @@
     "description": "Notification button text for starting a fileless import."
   },
   "importing": {
-    "message": "Importing...",
+    "message": "Inportatzen...",
     "description": "Notification message for when an import is in progress."
   },
   "dataSuccessfullyImported": {
-    "message": "Data successfully imported!",
+    "message": "Datuak zuzen inportatu dira!",
     "description": "Notification message for when an import has completed successfully."
   },
   "dataImportFailed": {
-    "message": "Error importing. Check console for details.",
+    "message": "Errorea gertatu da inportatzean. Begiratu xehetasunak kontsolan.",
     "description": "Notification message for when an import has failed."
   },
   "importNetworkError": {
-    "message": "Network error encountered during import.",
+    "message": "Sareko errorea gertatu da inportatzerakoan.",
     "description": "Notification message for when an import has failed due to a network error."
   },
   "aliasDomain": {
@@ -2602,11 +2602,11 @@
     "description": "Screen reader text for when a login item is focused where a partial username is displayed. SR will announce this phrase before reading the text of the partial username"
   },
   "noItemsToShow": {
-    "message": "No items to show",
+    "message": "Ez dago elementurik erakusteko",
     "description": "Text to show in overlay if there are no matching items"
   },
   "newItem": {
-    "message": "New item",
+    "message": "Elementu berria",
     "description": "Button text to display in overlay when there are no matching items"
   },
   "addNewVaultItem": {
@@ -2618,32 +2618,32 @@
     "description": "Screen reader text for announcing when the overlay opens on the page"
   },
   "turnOn": {
-    "message": "Turn on"
+    "message": "Piztu"
   },
   "ignore": {
-    "message": "Ignore"
+    "message": "Ezikusi"
   },
   "importData": {
-    "message": "Import data",
+    "message": "Inportatu datuak",
     "description": "Used for the header of the import dialog, the import button and within the file-password-prompt"
   },
   "importError": {
-    "message": "Import error"
+    "message": "Errorea inportatzerakoan"
   },
   "importErrorDesc": {
-    "message": "There was a problem with the data you tried to import. Please resolve the errors listed below in your source file and try again."
+    "message": "Inportatzen saiatu zaren datuekin arazo bat egon da. Mesedez, konpondu ondoren adierazten diren akatsak eta saiatu berriro."
   },
   "resolveTheErrorsBelowAndTryAgain": {
-    "message": "Resolve the errors below and try again."
+    "message": "Konpondu beheko akatsak eta saiatu berriro."
   },
   "description": {
-    "message": "Description"
+    "message": "Deskribapena"
   },
   "importSuccess": {
-    "message": "Data successfully imported"
+    "message": "Datuak zuzen inportatu dira"
   },
   "importSuccessNumberOfItems": {
-    "message": "A total of $AMOUNT$ items were imported.",
+    "message": "Guztira $AMOUNT$ elementu inportatu dira.",
     "placeholders": {
       "amount": {
         "content": "$1",
@@ -2652,7 +2652,7 @@
     }
   },
   "tryAgain": {
-    "message": "Try again"
+    "message": "Saiatu berriro"
   },
   "verificationRequiredForActionSetPinToContinue": {
     "message": "Verification required for this action. Set a PIN to continue."
@@ -2661,10 +2661,10 @@
     "message": "Set PIN"
   },
   "verifyWithBiometrics": {
-    "message": "Verify with biometrics"
+    "message": "Egiaztatu biometria erabiliz"
   },
   "awaitingConfirmation": {
-    "message": "Awaiting confirmation"
+    "message": "Baieztapenaren zain"
   },
   "couldNotCompleteBiometrics": {
     "message": "Could not complete biometrics."
@@ -2673,13 +2673,13 @@
     "message": "Need a different method?"
   },
   "useMasterPassword": {
-    "message": "Use master password"
+    "message": "Erabili pasahitz nagusia"
   },
   "usePin": {
-    "message": "Use PIN"
+    "message": "Erabili PIN kodea"
   },
   "useBiometrics": {
-    "message": "Use biometrics"
+    "message": "Erabili biometria"
   },
   "enterVerificationCodeSentToEmail": {
     "message": "Enter the verification code that was sent to your email."
@@ -2688,10 +2688,10 @@
     "message": "Resend code"
   },
   "total": {
-    "message": "Total"
+    "message": "Guztira"
   },
   "importWarning": {
-    "message": "You are importing data to $ORGANIZATION$. Your data may be shared with members of this organization. Do you want to proceed?",
+    "message": "$ORGANIZATION$(e)ra datuak inportatzen ari zara. Zure datuak erakunde horretako kideekin parteka daitezke. Jarraitu nahi duzu?",
     "placeholders": {
       "organization": {
         "content": "$1",
@@ -2810,7 +2810,7 @@
     "message": "You do not have a matching login for this site."
   },
   "confirm": {
-    "message": "Confirm"
+    "message": "Berretsi"
   },
   "savePasskey": {
     "message": "Save passkey"

apps/browser/src/_locales/fi/messages.json

@@ -11,7 +11,7 @@
     "description": "Extension description"
   },
   "loginOrCreateNewAccount": {
-    "message": "Käytä salattua holviasi kirjautumalla sisään tai tai luo uusi tili."
+    "message": "Käytä salattua holviasi kirjautumalla sisään tai luo uusi tili."
   },
   "createAccount": {
     "message": "Luo tili"
@@ -802,7 +802,7 @@
     "message": "Lue lisää"
   },
   "authenticatorKeyTotp": {
-    "message": "Todennusaavain (TOTP)"
+    "message": "Todennusavain (TOTP)"
   },
   "verificationCodeTotp": {
     "message": "Todennuskoodi (TOTP)"

apps/browser/src/auth/background/service-factories/auth-request-service.factory.ts

@@ -17,18 +17,21 @@ import {
   FactoryOptions,
   factory,
 } from "../../../platform/background/service-factories/factory-options";
+
+import { accountServiceFactory, AccountServiceInitOptions } from "./account-service.factory";
 import {
-  stateServiceFactory,
+  internalMasterPasswordServiceFactory,
-  StateServiceInitOptions,
+  MasterPasswordServiceInitOptions,
-} from "../../../platform/background/service-factories/state-service.factory";
+} from "./master-password-service.factory";
 
 type AuthRequestServiceFactoryOptions = FactoryOptions;
 
 export type AuthRequestServiceInitOptions = AuthRequestServiceFactoryOptions &
   AppIdServiceInitOptions &
+  AccountServiceInitOptions &
+  MasterPasswordServiceInitOptions &
   CryptoServiceInitOptions &
-  ApiServiceInitOptions &
+  ApiServiceInitOptions;
-  StateServiceInitOptions;
 
 export function authRequestServiceFactory(
   cache: { authRequestService?: AuthRequestServiceAbstraction } & CachedServices,
@@ -41,9 +44,10 @@ export function authRequestServiceFactory(
     async () =>
       new AuthRequestService(
         await appIdServiceFactory(cache, opts),
+        await accountServiceFactory(cache, opts),
+        await internalMasterPasswordServiceFactory(cache, opts),
         await cryptoServiceFactory(cache, opts),
         await apiServiceFactory(cache, opts),
-        await stateServiceFactory(cache, opts),
       ),
   );
 }

apps/browser/src/auth/background/service-factories/key-connector-service.factory.ts

@@ -31,6 +31,11 @@ import {
   StateProviderInitOptions,
 } from "../../../platform/background/service-factories/state-provider.factory";
 
+import { accountServiceFactory, AccountServiceInitOptions } from "./account-service.factory";
+import {
+  internalMasterPasswordServiceFactory,
+  MasterPasswordServiceInitOptions,
+} from "./master-password-service.factory";
 import { TokenServiceInitOptions, tokenServiceFactory } from "./token-service.factory";
 
 type KeyConnectorServiceFactoryOptions = FactoryOptions & {
@@ -40,6 +45,8 @@ type KeyConnectorServiceFactoryOptions = FactoryOptions & {
 };
 
 export type KeyConnectorServiceInitOptions = KeyConnectorServiceFactoryOptions &
+  AccountServiceInitOptions &
+  MasterPasswordServiceInitOptions &
   CryptoServiceInitOptions &
   ApiServiceInitOptions &
   TokenServiceInitOptions &
@@ -58,6 +65,8 @@ export function keyConnectorServiceFactory(
     opts,
     async () =>
       new KeyConnectorService(
+        await accountServiceFactory(cache, opts),
+        await internalMasterPasswordServiceFactory(cache, opts),
         await cryptoServiceFactory(cache, opts),
         await apiServiceFactory(cache, opts),
         await tokenServiceFactory(cache, opts),

apps/browser/src/auth/background/service-factories/login-strategy-service.factory.ts

@@ -59,6 +59,7 @@ import {
   PasswordStrengthServiceInitOptions,
 } from "../../../tools/background/service_factories/password-strength-service.factory";
 
+import { accountServiceFactory, AccountServiceInitOptions } from "./account-service.factory";
 import {
   authRequestServiceFactory,
   AuthRequestServiceInitOptions,
@@ -71,6 +72,10 @@ import {
   keyConnectorServiceFactory,
   KeyConnectorServiceInitOptions,
 } from "./key-connector-service.factory";
+import {
+  internalMasterPasswordServiceFactory,
+  MasterPasswordServiceInitOptions,
+} from "./master-password-service.factory";
 import { tokenServiceFactory, TokenServiceInitOptions } from "./token-service.factory";
 import { twoFactorServiceFactory, TwoFactorServiceInitOptions } from "./two-factor-service.factory";
 import {
@@ -81,6 +86,8 @@ import {
 type LoginStrategyServiceFactoryOptions = FactoryOptions;
 
 export type LoginStrategyServiceInitOptions = LoginStrategyServiceFactoryOptions &
+  AccountServiceInitOptions &
+  MasterPasswordServiceInitOptions &
   CryptoServiceInitOptions &
   ApiServiceInitOptions &
   TokenServiceInitOptions &
@@ -111,6 +118,8 @@ export function loginStrategyServiceFactory(
     opts,
     async () =>
       new LoginStrategyService(
+        await accountServiceFactory(cache, opts),
+        await internalMasterPasswordServiceFactory(cache, opts),
         await cryptoServiceFactory(cache, opts),
         await apiServiceFactory(cache, opts),
         await tokenServiceFactory(cache, opts),

apps/browser/src/auth/background/service-factories/master-password-service.factory.ts

@@ -0,0 +1,42 @@
+import {
+  InternalMasterPasswordServiceAbstraction,
+  MasterPasswordServiceAbstraction,
+} from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
+import { MasterPasswordService } from "@bitwarden/common/auth/services/master-password/master-password.service";
+
+import {
+  CachedServices,
+  factory,
+  FactoryOptions,
+} from "../../../platform/background/service-factories/factory-options";
+import {
+  stateProviderFactory,
+  StateProviderInitOptions,
+} from "../../../platform/background/service-factories/state-provider.factory";
+
+type MasterPasswordServiceFactoryOptions = FactoryOptions;
+
+export type MasterPasswordServiceInitOptions = MasterPasswordServiceFactoryOptions &
+  StateProviderInitOptions;
+
+export function internalMasterPasswordServiceFactory(
+  cache: { masterPasswordService?: InternalMasterPasswordServiceAbstraction } & CachedServices,
+  opts: MasterPasswordServiceInitOptions,
+): Promise<InternalMasterPasswordServiceAbstraction> {
+  return factory(
+    cache,
+    "masterPasswordService",
+    opts,
+    async () => new MasterPasswordService(await stateProviderFactory(cache, opts)),
+  );
+}
+
+export async function masterPasswordServiceFactory(
+  cache: { masterPasswordService?: InternalMasterPasswordServiceAbstraction } & CachedServices,
+  opts: MasterPasswordServiceInitOptions,
+): Promise<MasterPasswordServiceAbstraction> {
+  return (await internalMasterPasswordServiceFactory(
+    cache,
+    opts,
+  )) as MasterPasswordServiceAbstraction;
+}

apps/browser/src/auth/background/service-factories/user-verification-service.factory.ts

@@ -31,6 +31,11 @@ import {
   stateServiceFactory,
 } from "../../../platform/background/service-factories/state-service.factory";
 
+import { accountServiceFactory, AccountServiceInitOptions } from "./account-service.factory";
+import {
+  internalMasterPasswordServiceFactory,
+  MasterPasswordServiceInitOptions,
+} from "./master-password-service.factory";
 import { PinCryptoServiceInitOptions, pinCryptoServiceFactory } from "./pin-crypto-service.factory";
 import {
   userDecryptionOptionsServiceFactory,
@@ -46,6 +51,8 @@ type UserVerificationServiceFactoryOptions = FactoryOptions;
 export type UserVerificationServiceInitOptions = UserVerificationServiceFactoryOptions &
   StateServiceInitOptions &
   CryptoServiceInitOptions &
+  AccountServiceInitOptions &
+  MasterPasswordServiceInitOptions &
   I18nServiceInitOptions &
   UserVerificationApiServiceInitOptions &
   UserDecryptionOptionsServiceInitOptions &
@@ -66,6 +73,8 @@ export function userVerificationServiceFactory(
       new UserVerificationService(
         await stateServiceFactory(cache, opts),
         await cryptoServiceFactory(cache, opts),
+        await accountServiceFactory(cache, opts),
+        await internalMasterPasswordServiceFactory(cache, opts),
         await i18nServiceFactory(cache, opts),
         await userVerificationApiServiceFactory(cache, opts),
         await userDecryptionOptionsServiceFactory(cache, opts),

apps/browser/src/auth/popup/lock.component.ts

@@ -12,6 +12,7 @@ import { InternalPolicyService } from "@bitwarden/common/admin-console/abstracti
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
@@ -41,6 +42,7 @@ export class LockComponent extends BaseLockComponent {
   fido2PopoutSessionData$ = fido2PopoutSessionData$();
 
   constructor(
+    masterPasswordService: InternalMasterPasswordServiceAbstraction,
     router: Router,
     i18nService: I18nService,
     platformUtilsService: PlatformUtilsService,
@@ -66,6 +68,7 @@ export class LockComponent extends BaseLockComponent {
     accountService: AccountService,
   ) {
     super(
+      masterPasswordService,
       router,
       i18nService,
       platformUtilsService,

apps/browser/src/auth/popup/set-password.component.ts

@@ -1,65 +1,9 @@
 import { Component } from "@angular/core";
-import { ActivatedRoute, Router } from "@angular/router";
 
 import { SetPasswordComponent as BaseSetPasswordComponent } from "@bitwarden/angular/auth/components/set-password.component";
-import { InternalUserDecryptionOptionsServiceAbstraction } from "@bitwarden/auth/common";
-import { ApiService } from "@bitwarden/common/abstractions/api.service";
-import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
-import { OrganizationUserService } from "@bitwarden/common/admin-console/abstractions/organization-user/organization-user.service";
-import { PolicyApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/policy/policy-api.service.abstraction";
-import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
-import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
-import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
-import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
-import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
-import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
-import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
-import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
-import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
-import { DialogService } from "@bitwarden/components";
 
 @Component({
   selector: "app-set-password",
   templateUrl: "set-password.component.html",
 })
-export class SetPasswordComponent extends BaseSetPasswordComponent {
+export class SetPasswordComponent extends BaseSetPasswordComponent {}
-  constructor(
-    apiService: ApiService,
-    i18nService: I18nService,
-    cryptoService: CryptoService,
-    messagingService: MessagingService,
-    stateService: StateService,
-    passwordGenerationService: PasswordGenerationServiceAbstraction,
-    platformUtilsService: PlatformUtilsService,
-    policyApiService: PolicyApiServiceAbstraction,
-    policyService: PolicyService,
-    router: Router,
-    syncService: SyncService,
-    route: ActivatedRoute,
-    organizationApiService: OrganizationApiServiceAbstraction,
-    organizationUserService: OrganizationUserService,
-    userDecryptionOptionsService: InternalUserDecryptionOptionsServiceAbstraction,
-    ssoLoginService: SsoLoginServiceAbstraction,
-    dialogService: DialogService,
-  ) {
-    super(
-      i18nService,
-      cryptoService,
-      messagingService,
-      passwordGenerationService,
-      platformUtilsService,
-      policyApiService,
-      policyService,
-      router,
-      apiService,
-      syncService,
-      route,
-      stateService,
-      organizationApiService,
-      organizationUserService,
-      userDecryptionOptionsService,
-      ssoLoginService,
-      dialogService,
-    );
-  }
-}

apps/browser/src/auth/popup/sso.component.ts

@@ -9,7 +9,9 @@ import {
   UserDecryptionOptionsServiceAbstraction,
 } from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
@@ -45,7 +47,9 @@ export class SsoComponent extends BaseSsoComponent {
     logService: LogService,
     userDecryptionOptionsService: UserDecryptionOptionsServiceAbstraction,
     configService: ConfigService,
-    protected authService: AuthService,
+    masterPasswordService: InternalMasterPasswordServiceAbstraction,
+    accountService: AccountService,
+    private authService: AuthService,
     @Inject(WINDOW) private win: Window,
   ) {
     super(
@@ -63,6 +67,8 @@ export class SsoComponent extends BaseSsoComponent {
       logService,
       userDecryptionOptionsService,
       configService,
+      masterPasswordService,
+      accountService,
     );
 
     environmentService.environment$.pipe(takeUntilDestroyed()).subscribe((env) => {

apps/browser/src/auth/popup/two-factor.component.ts

@@ -11,6 +11,8 @@ import {
   UserDecryptionOptionsServiceAbstraction,
 } from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { TwoFactorService } from "@bitwarden/common/auth/abstractions/two-factor.service";
 import { TwoFactorProviderType } from "@bitwarden/common/auth/enums/two-factor-provider-type";
@@ -58,6 +60,8 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
     configService: ConfigService,
     ssoLoginService: SsoLoginServiceAbstraction,
     private dialogService: DialogService,
+    masterPasswordService: InternalMasterPasswordServiceAbstraction,
+    accountService: AccountService,
     @Inject(WINDOW) protected win: Window,
     private browserMessagingApi: ZonedMessageListenerService,
   ) {
@@ -78,6 +82,8 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
       userDecryptionOptionsService,
       ssoLoginService,
       configService,
+      masterPasswordService,
+      accountService,
     );
     super.onSuccessfulLogin = async () => {
       // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.

apps/browser/src/autofill/utils/index.spec.ts

@@ -8,7 +8,6 @@ import {
   generateRandomCustomElementName,
   sendExtensionMessage,
   setElementStyles,
-  getFromLocalStorage,
   setupExtensionDisconnectAction,
   setupAutofillInitDisconnectAction,
 } from "./index";
@@ -124,33 +123,6 @@ describe("setElementStyles", () => {
   });
 });
 
-describe("getFromLocalStorage", () => {
-  it("returns a promise with the storage object pulled from the extension storage api", async () => {
-    const localStorage: Record<string, any> = {
-      testValue: "test",
-      another: "another",
-    };
-    jest.spyOn(chrome.storage.local, "get").mockImplementation((keys, callback) => {
-      const localStorageObject: Record<string, string> = {};
-
-      if (typeof keys === "string") {
-        localStorageObject[keys] = localStorage[keys];
-      } else if (Array.isArray(keys)) {
-        for (const key of keys) {
-          localStorageObject[key] = localStorage[key];
-        }
-      }
-
-      callback(localStorageObject);
-    });
-
-    const returnValue = await getFromLocalStorage("testValue");
-
-    expect(chrome.storage.local.get).toHaveBeenCalled();
-    expect(returnValue).toEqual({ testValue: "test" });
-  });
-});
-
 describe("setupExtensionDisconnectAction", () => {
   afterEach(() => {
     jest.clearAllMocks();

apps/browser/src/autofill/utils/index.ts

@@ -106,18 +106,6 @@ function setElementStyles(
   }
 }
 
-/**
- * Get data from local storage based on the keys provided.
- *
- * @param keys - String or array of strings of keys to get from local storage
- * @deprecated Do not call this, use state-relevant services instead
- */
-async function getFromLocalStorage(keys: string | string[]): Promise<Record<string, any>> {
-  return new Promise((resolve) => {
-    chrome.storage.local.get(keys, (storage: Record<string, any>) => resolve(storage));
-  });
-}
-
 /**
  * Sets up a long-lived connection with the extension background
  * and triggers an onDisconnect event if the extension context
@@ -279,7 +267,6 @@ export {
   buildSvgDomElement,
   sendExtensionMessage,
   setElementStyles,
-  getFromLocalStorage,
   setupExtensionDisconnectAction,
   setupAutofillInitDisconnectAction,
   elementIsFillableFormField,

apps/browser/src/background/main.background.ts

@@ -10,6 +10,7 @@ import {
   AuthRequestServiceAbstraction,
   AuthRequestService,
   LoginEmailServiceAbstraction,
+  LoginEmailService,
 } from "@bitwarden/auth/common";
 import { ApiService as ApiServiceAbstraction } from "@bitwarden/common/abstractions/api.service";
 import { AuditService as AuditServiceAbstraction } from "@bitwarden/common/abstractions/audit.service";
@@ -32,6 +33,7 @@ import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abst
 import { DevicesServiceAbstraction } from "@bitwarden/common/auth/abstractions/devices/devices.service.abstraction";
 import { DevicesApiServiceAbstraction } from "@bitwarden/common/auth/abstractions/devices-api.service.abstraction";
 import { KeyConnectorService as KeyConnectorServiceAbstraction } from "@bitwarden/common/auth/abstractions/key-connector.service";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { TokenService as TokenServiceAbstraction } from "@bitwarden/common/auth/abstractions/token.service";
 import { TwoFactorService as TwoFactorServiceAbstraction } from "@bitwarden/common/auth/abstractions/two-factor.service";
@@ -46,6 +48,7 @@ import { DeviceTrustCryptoService } from "@bitwarden/common/auth/services/device
 import { DevicesServiceImplementation } from "@bitwarden/common/auth/services/devices/devices.service.implementation";
 import { DevicesApiServiceImplementation } from "@bitwarden/common/auth/services/devices-api.service.implementation";
 import { KeyConnectorService } from "@bitwarden/common/auth/services/key-connector.service";
+import { MasterPasswordService } from "@bitwarden/common/auth/services/master-password/master-password.service";
 import { SsoLoginService } from "@bitwarden/common/auth/services/sso-login.service";
 import { TokenService } from "@bitwarden/common/auth/services/token.service";
 import { TwoFactorService } from "@bitwarden/common/auth/services/two-factor.service";
@@ -232,7 +235,7 @@ import RuntimeBackground from "./runtime.background";
 
 export default class MainBackground {
   messagingService: MessagingServiceAbstraction;
-  storageService: AbstractStorageService & ObservableStorageService;
+  storageService: BrowserLocalStorageService;
   secureStorageService: AbstractStorageService;
   memoryStorageService: AbstractMemoryStorageService;
   memoryStorageForStateProviders: AbstractMemoryStorageService & ObservableStorageService;
@@ -242,6 +245,7 @@ export default class MainBackground {
   keyGenerationService: KeyGenerationServiceAbstraction;
   cryptoService: CryptoServiceAbstraction;
   cryptoFunctionService: CryptoFunctionServiceAbstraction;
+  masterPasswordService: InternalMasterPasswordServiceAbstraction;
   tokenService: TokenServiceAbstraction;
   appIdService: AppIdServiceAbstraction;
   apiService: ApiServiceAbstraction;
@@ -361,7 +365,8 @@ export default class MainBackground {
     const logoutCallback = async (expired: boolean, userId?: UserId) =>
       await this.logout(expired, userId);
 
-    this.messagingService = this.popupOnlyContext
+    this.messagingService =
+      this.isPrivateMode && BrowserApi.isManifestVersion(2)
         ? new BrowserMessagingPrivateModeBackgroundService()
         : new BrowserMessagingService();
     this.logService = new ConsoleLogService(false);
@@ -405,7 +410,8 @@ export default class MainBackground {
       storageServiceProvider,
     );
 
-    this.encryptService = flagEnabled("multithreadDecryption")
+    this.encryptService =
+      flagEnabled("multithreadDecryption") && BrowserApi.isManifestVersion(2)
         ? new MultithreadEncryptServiceImplementation(
             this.cryptoFunctionService,
             this.logService,
@@ -480,8 +486,11 @@ export default class MainBackground {
 
     const themeStateService = new DefaultThemeStateService(this.globalStateProvider);
 
+    this.masterPasswordService = new MasterPasswordService(this.stateProvider);
+
     this.i18nService = new I18nService(BrowserApi.getUILanguage(), this.globalStateProvider);
     this.cryptoService = new BrowserCryptoService(
+      this.masterPasswordService,
       this.keyGenerationService,
       this.cryptoFunctionService,
       this.encryptService,
@@ -508,7 +517,7 @@ export default class MainBackground {
       this.apiService,
       this.fileUploadService,
     );
-    this.searchService = new SearchService(this.logService, this.i18nService);
+    this.searchService = new SearchService(this.logService, this.i18nService, this.stateProvider);
 
     this.collectionService = new CollectionService(
       this.cryptoService,
@@ -525,6 +534,8 @@ export default class MainBackground {
     this.badgeSettingsService = new BadgeSettingsService(this.stateProvider);
     this.policyApiService = new PolicyApiService(this.policyService, this.apiService);
     this.keyConnectorService = new KeyConnectorService(
+      this.accountService,
+      this.masterPasswordService,
       this.cryptoService,
       this.apiService,
       this.tokenService,
@@ -550,10 +561,13 @@ export default class MainBackground {
     const backgroundMessagingService = new (class extends MessagingServiceAbstraction {
       // AuthService should send the messages to the background not popup.
       send = (subscriber: string, arg: any = {}) => {
+        if (BrowserApi.isManifestVersion(3)) {
+          that.messagingService.send(subscriber, arg);
+          return;
+        }
+
         const message = Object.assign({}, { command: subscriber }, arg);
-        // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
+        void that.runtimeBackground.processMessage(message, that as any);
-        // eslint-disable-next-line @typescript-eslint/no-floating-promises
-        that.runtimeBackground.processMessage(message, that as any);
       };
     })();
 
@@ -578,9 +592,10 @@ export default class MainBackground {
 
     this.authRequestService = new AuthRequestService(
       this.appIdService,
+      this.accountService,
+      this.masterPasswordService,
       this.cryptoService,
       this.apiService,
-      this.stateService,
     );
 
     this.authService = new AuthService(
@@ -596,7 +611,11 @@ export default class MainBackground {
       this.stateProvider,
     );
 
+    this.loginEmailService = new LoginEmailService(this.stateProvider);
+
     this.loginStrategyService = new LoginStrategyService(
+      this.accountService,
+      this.masterPasswordService,
       this.cryptoService,
       this.apiService,
       this.tokenService,
@@ -672,6 +691,8 @@ export default class MainBackground {
     this.userVerificationService = new UserVerificationService(
       this.stateService,
       this.cryptoService,
+      this.accountService,
+      this.masterPasswordService,
       this.i18nService,
       this.userVerificationApiService,
       this.userDecryptionOptionsService,
@@ -694,6 +715,8 @@ export default class MainBackground {
     this.vaultSettingsService = new VaultSettingsService(this.stateProvider);
 
     this.vaultTimeoutService = new VaultTimeoutService(
+      this.accountService,
+      this.masterPasswordService,
       this.cipherService,
       this.folderService,
       this.collectionService,
@@ -729,6 +752,8 @@ export default class MainBackground {
     this.providerService = new ProviderService(this.stateProvider);
 
     this.syncService = new SyncService(
+      this.masterPasswordService,
+      this.accountService,
       this.apiService,
       this.domainSettingsService,
       this.folderService,
@@ -878,6 +903,8 @@ export default class MainBackground {
       this.fido2Service,
     );
     this.nativeMessagingBackground = new NativeMessagingBackground(
+      this.accountService,
+      this.masterPasswordService,
       this.cryptoService,
       this.cryptoFunctionService,
       this.runtimeBackground,
@@ -1108,7 +1135,7 @@ export default class MainBackground {
 
       const status = await this.authService.getAuthStatus(userId);
       const forcePasswordReset =
-        (await this.stateService.getForceSetPasswordReason({ userId: userId })) !=
+        (await firstValueFrom(this.masterPasswordService.forceSetPasswordReason$(userId))) !=
         ForceSetPasswordReason.None;
 
       await this.systemService.clearPendingClipboard();
@@ -1159,10 +1186,10 @@ export default class MainBackground {
     const newActiveUser = await this.stateService.clean({ userId: userId });
 
     if (userId == null || userId === currentUserId) {
-      this.searchService.clearIndex();
+      await this.searchService.clearIndex();
     }
 
-    await this.stateEventRunnerService.handleEvent("logout", currentUserId as UserId);
+    await this.stateEventRunnerService.handleEvent("logout", userId);
 
     if (newActiveUser != null) {
       // we have a new active user, do not continue tearing down application
@@ -1237,18 +1264,8 @@ export default class MainBackground {
       return;
     }
 
-    const getStorage = (): Promise<any> =>
+    const storage = await this.storageService.getAll();
-      new Promise((resolve) => {
+    await this.storageService.clear();
-        chrome.storage.local.get(null, (o: any) => resolve(o));
-      });
-
-    const clearStorage = (): Promise<void> =>
-      new Promise((resolve) => {
-        chrome.storage.local.clear(() => resolve());
-      });
-
-    const storage = await getStorage();
-    await clearStorage();
 
     for (const key in storage) {
       // eslint-disable-next-line

apps/browser/src/background/nativeMessaging.background.ts

@@ -1,6 +1,8 @@
 import { firstValueFrom } from "rxjs";
 
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
@@ -71,6 +73,8 @@ export class NativeMessagingBackground {
   private validatingFingerprint: boolean;
 
   constructor(
+    private accountService: AccountService,
+    private masterPasswordService: InternalMasterPasswordServiceAbstraction,
     private cryptoService: CryptoService,
     private cryptoFunctionService: CryptoFunctionService,
     private runtimeBackground: RuntimeBackground,
@@ -336,10 +340,14 @@ export class NativeMessagingBackground {
               ) as UserKey;
               await this.cryptoService.setUserKey(userKey);
             } else if (message.keyB64) {
+              const userId = (await firstValueFrom(this.accountService.activeAccount$))?.id;
               // Backwards compatibility to support cases in which the user hasn't updated their desktop app
               // TODO: Remove after 2023.10 release (https://bitwarden.atlassian.net/browse/PM-3472)
-              let encUserKey = await this.stateService.getEncryptedCryptoSymmetricKey();
+              const encUserKeyPrim = await this.stateService.getEncryptedCryptoSymmetricKey();
-              encUserKey ||= await this.stateService.getMasterKeyEncryptedUserKey();
+              const encUserKey =
+                encUserKeyPrim != null
+                  ? new EncString(encUserKeyPrim)
+                  : await this.masterPasswordService.getMasterKeyEncryptedUserKey(userId);
               if (!encUserKey) {
                 throw new Error("No encrypted user key found");
               }
@@ -348,9 +356,9 @@ export class NativeMessagingBackground {
               ) as MasterKey;
               const userKey = await this.cryptoService.decryptUserKeyWithMasterKey(
                 masterKey,
-                new EncString(encUserKey),
+                encUserKey,
               );
-              await this.cryptoService.setMasterKey(masterKey);
+              await this.masterPasswordService.setMasterKey(masterKey, userId);
               await this.cryptoService.setUserKey(userKey);
             } else {
               throw new Error("No key received");

apps/browser/src/background/service-factories/search-service.factory.ts

@@ -14,12 +14,17 @@ import {
   logServiceFactory,
   LogServiceInitOptions,
 } from "../../platform/background/service-factories/log-service.factory";
+import {
+  stateProviderFactory,
+  StateProviderInitOptions,
+} from "../../platform/background/service-factories/state-provider.factory";
 
 type SearchServiceFactoryOptions = FactoryOptions;
 
 export type SearchServiceInitOptions = SearchServiceFactoryOptions &
   LogServiceInitOptions &
-  I18nServiceInitOptions;
+  I18nServiceInitOptions &
+  StateProviderInitOptions;
 
 export function searchServiceFactory(
   cache: { searchService?: AbstractSearchService } & CachedServices,
@@ -33,6 +38,7 @@ export function searchServiceFactory(
       new SearchService(
         await logServiceFactory(cache, opts),
         await i18nServiceFactory(cache, opts),
+        await stateProviderFactory(cache, opts),
       ),
   );
 }

apps/browser/src/background/service-factories/vault-timeout-service.factory.ts

@@ -1,9 +1,17 @@
 import { VaultTimeoutService as AbstractVaultTimeoutService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout.service";
 
+import {
+  accountServiceFactory,
+  AccountServiceInitOptions,
+} from "../../auth/background/service-factories/account-service.factory";
 import {
   authServiceFactory,
   AuthServiceInitOptions,
 } from "../../auth/background/service-factories/auth-service.factory";
+import {
+  internalMasterPasswordServiceFactory,
+  MasterPasswordServiceInitOptions,
+} from "../../auth/background/service-factories/master-password-service.factory";
 import {
   CryptoServiceInitOptions,
   cryptoServiceFactory,
@@ -57,6 +65,8 @@ type VaultTimeoutServiceFactoryOptions = FactoryOptions & {
 };
 
 export type VaultTimeoutServiceInitOptions = VaultTimeoutServiceFactoryOptions &
+  AccountServiceInitOptions &
+  MasterPasswordServiceInitOptions &
   CipherServiceInitOptions &
   FolderServiceInitOptions &
   CollectionServiceInitOptions &
@@ -79,6 +89,8 @@ export function vaultTimeoutServiceFactory(
     opts,
     async () =>
       new VaultTimeoutService(
+        await accountServiceFactory(cache, opts),
+        await internalMasterPasswordServiceFactory(cache, opts),
         await cipherServiceFactory(cache, opts),
         await folderServiceFactory(cache, opts),
         await collectionServiceFactory(cache, opts),

apps/browser/src/manifest.json

@@ -2,7 +2,7 @@
   "manifest_version": 2,
   "name": "__MSG_extName__",
   "short_name": "__MSG_appName__",
-  "version": "2024.3.1",
+  "version": "2024.4.1",
   "description": "__MSG_extDesc__",
   "default_locale": "en",
   "author": "Bitwarden Inc.",

apps/browser/src/manifest.v3.json

@@ -3,7 +3,7 @@
   "minimum_chrome_version": "102.0",
   "name": "__MSG_extName__",
   "short_name": "__MSG_appName__",
-  "version": "2024.3.1",
+  "version": "2024.4.1",
   "description": "__MSG_extDesc__",
   "default_locale": "en",
   "author": "Bitwarden Inc.",

apps/browser/src/platform/background/service-factories/crypto-service.factory.ts

@@ -4,6 +4,10 @@ import {
   AccountServiceInitOptions,
   accountServiceFactory,
 } from "../../../auth/background/service-factories/account-service.factory";
+import {
+  internalMasterPasswordServiceFactory,
+  MasterPasswordServiceInitOptions,
+} from "../../../auth/background/service-factories/master-password-service.factory";
 import {
   StateServiceInitOptions,
   stateServiceFactory,
@@ -34,6 +38,7 @@ import { StateProviderInitOptions, stateProviderFactory } from "./state-provider
 type CryptoServiceFactoryOptions = FactoryOptions;
 
 export type CryptoServiceInitOptions = CryptoServiceFactoryOptions &
+  MasterPasswordServiceInitOptions &
   KeyGenerationServiceInitOptions &
   CryptoFunctionServiceInitOptions &
   EncryptServiceInitOptions &
@@ -53,6 +58,7 @@ export function cryptoServiceFactory(
     opts,
     async () =>
       new BrowserCryptoService(
+        await internalMasterPasswordServiceFactory(cache, opts),
         await keyGenerationServiceFactory(cache, opts),
         await cryptoFunctionServiceFactory(cache, opts),
         await encryptServiceFactory(cache, opts),

apps/browser/src/platform/decorators/session-sync-observable/session-syncer.ts

@@ -93,6 +93,10 @@ export class SessionSyncer {
   }
 
   async update(serializedValue: any) {
+    if (!serializedValue) {
+      return;
+    }
+
     const unBuiltValue = JSON.parse(serializedValue);
     if (!BrowserApi.isManifestVersion(3) && BrowserApi.isBackgroundPage(self)) {
       await this.memoryStorageService.save(this.metaData.sessionKey, serializedValue);
@@ -104,6 +108,10 @@ export class SessionSyncer {
   }
 
   private async updateSession(value: any) {
+    if (!value) {
+      return;
+    }
+
     const serializedValue = JSON.stringify(value);
     if (BrowserApi.isManifestVersion(3) || BrowserApi.isBackgroundPage(self)) {
       await this.memoryStorageService.save(this.metaData.sessionKey, serializedValue);

apps/browser/src/platform/services/abstractions/abstract-chrome-storage-api.service.ts

@@ -10,6 +10,8 @@ import { fromChromeEvent } from "../../browser/from-chrome-event";
 
 export const serializationIndicator = "__json__";
 
+type serializedObject = { [serializationIndicator]: true; value: string };
+
 export const objToStore = (obj: any) => {
   if (obj == null) {
     return null;
@@ -61,11 +63,7 @@ export default abstract class AbstractChromeStorageService
     return new Promise((resolve) => {
       this.chromeStorageApi.get(key, (obj: any) => {
         if (obj != null && obj[key] != null) {
-          let value = obj[key];
+          resolve(this.processGetObject(obj[key]));
-          if (value[serializationIndicator] && typeof value.value === "string") {
-            value = JSON.parse(value.value);
-          }
-          resolve(value as T);
           return;
         }
         resolve(null);
@@ -95,4 +93,22 @@ export default abstract class AbstractChromeStorageService
       });
     });
   }
+
+  /** Backwards compatible resolution of retrieved object with new serialized storage */
+  protected processGetObject<T>(obj: T | serializedObject): T | null {
+    if (this.isSerialized(obj)) {
+      obj = JSON.parse(obj.value);
+    }
+    return obj as T;
+  }
+
+  /** Type guard for whether an object is tagged as serialized */
+  protected isSerialized<T>(value: T | serializedObject): value is serializedObject {
+    const asSerialized = value as serializedObject;
+    return (
+      asSerialized != null &&
+      asSerialized[serializationIndicator] &&
+      typeof asSerialized.value === "string"
+    );
+  }
 }

apps/browser/src/platform/services/abstractions/chrome-storage-api.service.spec.ts

@@ -66,6 +66,7 @@ describe("ChromeStorageApiService", () => {
 
   describe("get", () => {
     let getMock: jest.Mock;
+    const key = "key";
 
     beforeEach(() => {
       // setup get
@@ -76,7 +77,6 @@ describe("ChromeStorageApiService", () => {
     });
 
     it("returns a stored value when it is serialized", async () => {
-      const key = "key";
       const value = { key: "value" };
       store[key] = objToStore(value);
       const result = await service.get(key);
@@ -84,7 +84,6 @@ describe("ChromeStorageApiService", () => {
     });
 
     it("returns a stored value when it is not serialized", async () => {
-      const key = "key";
       const value = "value";
       store[key] = value;
       const result = await service.get(key);
@@ -95,5 +94,12 @@ describe("ChromeStorageApiService", () => {
       const result = await service.get("key");
       expect(result).toBeNull();
     });
+
+    it("returns null when the stored object is null", async () => {
+      store[key] = null;
+
+      const result = await service.get(key);
+      expect(result).toBeNull();
+    });
   });
 });

apps/browser/src/platform/services/browser-crypto.service.ts

@@ -1,6 +1,7 @@
 import { firstValueFrom } from "rxjs";
 
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
 import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
 import { KeyGenerationService } from "@bitwarden/common/platform/abstractions/key-generation.service";
@@ -17,6 +18,7 @@ import { UserKey } from "@bitwarden/common/types/key";
 
 export class BrowserCryptoService extends CryptoService {
   constructor(
+    masterPasswordService: InternalMasterPasswordServiceAbstraction,
     keyGenerationService: KeyGenerationService,
     cryptoFunctionService: CryptoFunctionService,
     encryptService: EncryptService,
@@ -28,6 +30,7 @@ export class BrowserCryptoService extends CryptoService {
     private biometricStateService: BiometricStateService,
   ) {
     super(
+      masterPasswordService,
       keyGenerationService,
       cryptoFunctionService,
       encryptService,

apps/browser/src/platform/services/browser-local-storage.service.spec.ts

@@ -0,0 +1,89 @@
+import { objToStore } from "./abstractions/abstract-chrome-storage-api.service";
+import BrowserLocalStorageService from "./browser-local-storage.service";
+
+describe("BrowserLocalStorageService", () => {
+  let service: BrowserLocalStorageService;
+  let store: Record<any, any>;
+
+  beforeEach(() => {
+    store = {};
+
+    service = new BrowserLocalStorageService();
+  });
+
+  describe("clear", () => {
+    let clearMock: jest.Mock;
+
+    beforeEach(() => {
+      clearMock = chrome.storage.local.clear as jest.Mock;
+    });
+
+    it("uses the api to clear", async () => {
+      await service.clear();
+
+      expect(clearMock).toHaveBeenCalledTimes(1);
+    });
+  });
+
+  describe("getAll", () => {
+    let getMock: jest.Mock;
+
+    beforeEach(() => {
+      // setup get
+      getMock = chrome.storage.local.get as jest.Mock;
+      getMock.mockImplementation((key, callback) => {
+        if (key == null) {
+          callback(store);
+        } else {
+          callback({ [key]: store[key] });
+        }
+      });
+    });
+
+    it("returns all values", async () => {
+      store["key1"] = "string";
+      store["key2"] = 0;
+      const result = await service.getAll();
+
+      expect(result).toEqual(store);
+    });
+
+    it("handles empty stores", async () => {
+      const result = await service.getAll();
+
+      expect(result).toEqual({});
+    });
+
+    it("handles stores with null values", async () => {
+      store["key"] = null;
+
+      const result = await service.getAll();
+      expect(result).toEqual(store);
+    });
+
+    it("handles values processed for storage", async () => {
+      const obj = { test: 2 };
+      const key = "key";
+      store[key] = objToStore(obj);
+
+      const result = await service.getAll();
+
+      expect(result).toEqual({
+        [key]: obj,
+      });
+    });
+
+    // This is a test of backwards compatibility before local storage was serialized.
+    it("handles values that were stored without processing for storage", async () => {
+      const obj = { test: 2 };
+      const key = "key";
+      store[key] = obj;
+
+      const result = await service.getAll();
+
+      expect(result).toEqual({
+        [key]: obj,
+      });
+    });
+  });
+});

apps/browser/src/platform/services/browser-local-storage.service.ts

@@ -4,4 +4,32 @@ export default class BrowserLocalStorageService extends AbstractChromeStorageSer
   constructor() {
     super(chrome.storage.local);
   }
+
+  /**
+   * Clears local storage
+   */
+  async clear() {
+    await chrome.storage.local.clear();
+  }
+
+  /**
+   * Retrieves all objects stored in local storage.
+   *
+   * @remarks This method processes values prior to resolving, do not use `chrome.storage.local` directly
+   * @returns Promise resolving to keyed object of all stored data
+   */
+  async getAll(): Promise<Record<string, unknown>> {
+    return new Promise((resolve) => {
+      this.chromeStorageApi.get(null, (allStorage) => {
+        const resolved = Object.entries(allStorage).reduce(
+          (agg, [key, value]) => {
+            agg[key] = this.processGetObject(value);
+            return agg;
+          },
+          {} as Record<string, unknown>,
+        );
+        resolve(resolved);
+      });
+    });
+  }
 }

apps/browser/src/popup/services/popup-search.service.ts

@@ -1,17 +1,14 @@
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
+import { StateProvider } from "@bitwarden/common/platform/state";
 import { SearchService } from "@bitwarden/common/services/search.service";
 
 export class PopupSearchService extends SearchService {
-  constructor(
+  constructor(logService: LogService, i18nService: I18nService, stateProvider: StateProvider) {
-    private mainSearchService: SearchService,
+    super(logService, i18nService, stateProvider);
-    logService: LogService,
-    i18nService: I18nService,
-  ) {
-    super(logService, i18nService);
   }
 
-  clearIndex() {
+  clearIndex(): Promise<void> {
     throw new Error("Not available.");
   }
 
@@ -19,7 +16,7 @@ export class PopupSearchService extends SearchService {
     throw new Error("Not available.");
   }
 
-  getIndexForSearch() {
+  async getIndexForSearch() {
-    return this.mainSearchService.getIndexForSearch();
+    return await super.getIndexForSearch();
   }
 }

apps/browser/src/popup/services/services.module.ts

@@ -62,6 +62,7 @@ import { StateService as BaseStateServiceAbstraction } from "@bitwarden/common/p
 import {
   AbstractMemoryStorageService,
   AbstractStorageService,
+  ObservableStorageService,
 } from "@bitwarden/common/platform/abstractions/storage.service";
 import { StateFactory } from "@bitwarden/common/platform/factories/state-factory";
 import { GlobalState } from "@bitwarden/common/platform/models/domain/global-state";
@@ -74,17 +75,15 @@ import {
   GlobalStateProvider,
   StateProvider,
 } from "@bitwarden/common/platform/state";
-import { SearchService } from "@bitwarden/common/services/search.service";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
 import { UsernameGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/username";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { CollectionService } from "@bitwarden/common/vault/abstractions/collection.service";
-import { CipherFileUploadService } from "@bitwarden/common/vault/abstractions/file-upload/cipher-file-upload.service";
 import { FolderService as FolderServiceAbstraction } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
-import { TotpService } from "@bitwarden/common/vault/abstractions/totp.service";
+import { TotpService as TotpServiceAbstraction } from "@bitwarden/common/vault/abstractions/totp.service";
+import { TotpService } from "@bitwarden/common/vault/services/totp.service";
 import { DialogService } from "@bitwarden/components";
-import { VaultExportServiceAbstraction } from "@bitwarden/vault-export-core";
 
 import { UnauthGuardService } from "../../auth/popup/services";
 import { AutofillService as AutofillServiceAbstraction } from "../../autofill/services/abstractions/autofill.service";
@@ -159,7 +158,7 @@ const safeProviders: SafeProvider[] = [
   safeProvider({
     provide: MessagingService,
     useFactory: () => {
-      return needsBackgroundInit
+      return needsBackgroundInit && BrowserApi.isManifestVersion(2)
         ? new BrowserMessagingPrivateModePopupService()
         : new BrowserMessagingService();
     },
@@ -187,19 +186,8 @@ const safeProviders: SafeProvider[] = [
   }),
   safeProvider({
     provide: SearchServiceAbstraction,
-    useFactory: (logService: LogService, i18nService: I18nServiceAbstraction) => {
+    useClass: PopupSearchService,
-      return new PopupSearchService(
+    deps: [LogService, I18nServiceAbstraction, StateProvider],
-        getBgService<SearchService>("searchService")(),
-        logService,
-        i18nService,
-      );
-    },
-    deps: [LogService, I18nServiceAbstraction],
-  }),
-  safeProvider({
-    provide: CipherFileUploadService,
-    useFactory: getBgService<CipherFileUploadService>("cipherFileUploadService"),
-    deps: [],
   }),
   safeProvider({
     provide: CipherService,
@@ -231,11 +219,6 @@ const safeProviders: SafeProvider[] = [
     useClass: BrowserEnvironmentService,
     deps: [LogService, StateProvider, AccountServiceAbstraction],
   }),
-  safeProvider({
-    provide: TotpService,
-    useFactory: getBgService<TotpService>("totpService"),
-    deps: [],
-  }),
   safeProvider({
     provide: I18nServiceAbstraction,
     useFactory: (globalStateProvider: GlobalStateProvider) => {
@@ -252,6 +235,11 @@ const safeProviders: SafeProvider[] = [
     },
     deps: [EncryptService],
   }),
+  safeProvider({
+    provide: TotpServiceAbstraction,
+    useClass: TotpService,
+    deps: [CryptoFunctionService, LogService],
+  }),
   safeProvider({
     provide: AuthRequestServiceAbstraction,
     useFactory: getBgService<AuthRequestServiceAbstraction>("authRequestService"),
@@ -325,7 +313,7 @@ const safeProviders: SafeProvider[] = [
     deps: [
       CipherService,
       AutofillSettingsServiceAbstraction,
-      TotpService,
+      TotpServiceAbstraction,
       EventCollectionServiceAbstraction,
       LogService,
       DomainSettingsService,
@@ -333,11 +321,6 @@ const safeProviders: SafeProvider[] = [
       BillingAccountProfileStateService,
     ],
   }),
-  safeProvider({
-    provide: VaultExportServiceAbstraction,
-    useFactory: getBgService<VaultExportServiceAbstraction>("exportService"),
-    deps: [],
-  }),
   safeProvider({
     provide: KeyConnectorService,
     useFactory: getBgService<KeyConnectorService>("keyConnectorService"),
@@ -387,7 +370,15 @@ const safeProviders: SafeProvider[] = [
   }),
   safeProvider({
     provide: OBSERVABLE_MEMORY_STORAGE,
-    useClass: ForegroundMemoryStorageService,
+    useFactory: () => {
+      if (BrowserApi.isManifestVersion(2)) {
+        return new ForegroundMemoryStorageService();
+      }
+
+      return getBgService<AbstractStorageService & ObservableStorageService>(
+        "memoryStorageForStateProviders",
+      )();
+    },
     deps: [],
   }),
   safeProvider({

apps/browser/src/tools/popup/send/send-groupings.component.ts

@@ -171,9 +171,7 @@ export class SendGroupingsComponent extends BaseSendComponent {
   }
 
   showSearching() {
-    return (
+    return this.hasSearched || (!this.searchPending && this.isSearchable);
-      this.hasSearched || (!this.searchPending && this.searchService.isSearchable(this.searchText))
-    );
   }
 
   private calculateTypeCounts() {

apps/browser/src/vault/popup/components/action-buttons.component.ts

@@ -6,7 +6,7 @@ import { BillingAccountProfileStateService } from "@bitwarden/common/billing/abs
 import { EventType } from "@bitwarden/common/enums";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
-import { TotpService } from "@bitwarden/common/vault/abstractions/totp.service";
+import { TotpService as TotpServiceAbstraction } from "@bitwarden/common/vault/abstractions/totp.service";
 import { CipherType } from "@bitwarden/common/vault/enums";
 import { CipherRepromptType } from "@bitwarden/common/vault/enums/cipher-reprompt-type";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
@@ -31,7 +31,7 @@ export class ActionButtonsComponent implements OnInit, OnDestroy {
     private i18nService: I18nService,
     private platformUtilsService: PlatformUtilsService,
     private eventCollectionService: EventCollectionService,
-    private totpService: TotpService,
+    private totpService: TotpServiceAbstraction,
     private passwordRepromptService: PasswordRepromptService,
     private billingAccountProfileStateService: BillingAccountProfileStateService,
   ) {}

apps/browser/src/vault/popup/components/fido2/fido2.component.ts

@@ -311,7 +311,7 @@ export class Fido2Component implements OnInit, OnDestroy {
   }
 
   protected async search() {
-    this.hasSearched = this.searchService.isSearchable(this.searchText);
+    this.hasSearched = await this.searchService.isSearchable(this.searchText);
     this.searchPending = true;
     if (this.hasSearched) {
       this.displayedCiphers = await this.searchService.searchCiphers(

apps/browser/src/vault/popup/components/vault/current-tab.component.html

@@ -36,19 +36,32 @@
   </div>
   <ng-container *ngIf="loaded">
     <app-vault-select (onVaultSelectionChanged)="load()"></app-vault-select>
-    <app-callout *ngIf="showHowToAutofill" type="info" title="{{ 'howToAutofill' | i18n }}">
+    <app-callout
-      <p>{{ autofillCalloutText }}</p>
+      *ngIf="
+        (unassignedItemsBannerEnabled$ | async) &&
+        (unassignedItemsBannerService.showBanner$ | async)
+      "
+      type="info"
+    >
+      <p>
+        {{ "unassignedItemsBanner" | i18n }}
+        <a
+          href="https://bitwarden.com/help/unassigned-vault-items-moved-to-admin-console"
+          bitLink
+          linkType="contrast"
+          target="_blank"
+          rel="noreferrer"
+          >{{ "learnMore" | i18n }}</a
+        >
+      </p>
       <button
         type="button"
         class="btn primary callout-half"
         appStopClick
-        (click)="dismissCallout()"
+        (click)="unassignedItemsBannerService.hideBanner()"
       >
         {{ "gotIt" | i18n }}
       </button>
-      <button type="button" class="btn callout-half" appStopClick (click)="goToSettings()">
-        {{ "autofillSettings" | i18n }}
-      </button>
     </app-callout>
     <div class="box list" *ngIf="loginCiphers">
       <h2 class="box-header">

apps/browser/src/vault/popup/components/vault/current-tab.component.ts

@@ -1,13 +1,16 @@
 import { ChangeDetectorRef, Component, NgZone, OnDestroy, OnInit } from "@angular/core";
 import { Router } from "@angular/router";
-import { Subject, firstValueFrom } from "rxjs";
+import { Subject, firstValueFrom, from } from "rxjs";
-import { debounceTime, takeUntil } from "rxjs/operators";
+import { debounceTime, switchMap, takeUntil } from "rxjs/operators";
 
+import { UnassignedItemsBannerService } from "@bitwarden/angular/services/unassigned-items-banner.service";
 import { SearchService } from "@bitwarden/common/abstractions/search.service";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { AutofillOverlayVisibility } from "@bitwarden/common/autofill/constants";
 import { AutofillSettingsServiceAbstraction } from "@bitwarden/common/autofill/services/autofill-settings.service";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { BroadcasterService } from "@bitwarden/common/platform/abstractions/broadcaster.service";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
@@ -53,6 +56,11 @@ export class CurrentTabComponent implements OnInit, OnDestroy {
   private totpTimeout: number;
   private loadedTimeout: number;
   private searchTimeout: number;
+  private initPageDetailsTimeout: number;
+
+  protected unassignedItemsBannerEnabled$ = this.configService.getFeatureFlag$(
+    FeatureFlag.UnassignedItemsBanner,
+  );
 
   constructor(
     private platformUtilsService: PlatformUtilsService,
@@ -70,6 +78,8 @@ export class CurrentTabComponent implements OnInit, OnDestroy {
     private organizationService: OrganizationService,
     private vaultFilterService: VaultFilterService,
     private vaultSettingsService: VaultSettingsService,
+    private configService: ConfigService,
+    protected unassignedItemsBannerService: UnassignedItemsBannerService,
   ) {}
 
   async ngOnInit() {
@@ -120,8 +130,14 @@ export class CurrentTabComponent implements OnInit, OnDestroy {
     }
 
     this.search$
-      .pipe(debounceTime(500), takeUntil(this.destroy$))
+      .pipe(
-      .subscribe(() => this.searchVault());
+        debounceTime(500),
+        switchMap(() => {
+          return from(this.searchVault());
+        }),
+        takeUntil(this.destroy$),
+      )
+      .subscribe();
 
     const autofillOnPageLoadOrgPolicy = await firstValueFrom(
       this.autofillSettingsService.activateAutofillOnPageLoadFromPolicy$,
@@ -232,14 +248,12 @@ export class CurrentTabComponent implements OnInit, OnDestroy {
     }
   }
 
-  searchVault() {
+  async searchVault() {
-    if (!this.searchService.isSearchable(this.searchText)) {
+    if (!(await this.searchService.isSearchable(this.searchText))) {
       return;
     }
 
-    // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
+    await this.router.navigate(["/tabs/vault"], { queryParams: { searchText: this.searchText } });
-    // eslint-disable-next-line @typescript-eslint/no-floating-promises
-    this.router.navigate(["/tabs/vault"], { queryParams: { searchText: this.searchText } });
   }
 
   closeOnEsc(e: KeyboardEvent) {
@@ -303,18 +317,13 @@ export class CurrentTabComponent implements OnInit, OnDestroy {
     });
 
     if (this.loginCiphers.length) {
-      void BrowserApi.tabSendMessage(this.tab, {
-        command: "collectPageDetails",
-        tab: this.tab,
-        sender: BroadcasterSubscriptionId,
-      });
-
       this.loginCiphers = this.loginCiphers.sort((a, b) =>
         this.cipherService.sortCiphersByLastUsedThenName(a, b),
       );
     }
 
     this.isLoading = this.loaded = true;
+    this.collectTabPageDetails();
   }
 
   async goToSettings() {
@@ -352,4 +361,19 @@ export class CurrentTabComponent implements OnInit, OnDestroy {
       this.autofillCalloutText = this.i18nService.t("autofillSelectInfoWithoutCommand");
     }
   }
+
+  private collectTabPageDetails() {
+    void BrowserApi.tabSendMessage(this.tab, {
+      command: "collectPageDetails",
+      tab: this.tab,
+      sender: BroadcasterSubscriptionId,
+    });
+
+    window.clearTimeout(this.initPageDetailsTimeout);
+    this.initPageDetailsTimeout = window.setTimeout(() => {
+      if (this.pageDetails.length === 0) {
+        this.collectTabPageDetails();
+      }
+    }, 250);
+  }
 }

apps/browser/src/vault/popup/components/vault/vault-filter.component.ts

@@ -1,8 +1,8 @@
 import { Location } from "@angular/common";
 import { ChangeDetectorRef, Component, NgZone, OnDestroy, OnInit } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
-import { firstValueFrom } from "rxjs";
+import { BehaviorSubject, Subject, firstValueFrom, from } from "rxjs";
-import { first } from "rxjs/operators";
+import { first, switchMap, takeUntil } from "rxjs/operators";
 
 import { VaultFilter } from "@bitwarden/angular/vault/vault-filter/models/vault-filter.model";
 import { SearchService } from "@bitwarden/common/abstractions/search.service";
@@ -53,7 +53,6 @@ export class VaultFilterComponent implements OnInit, OnDestroy {
   folderCounts = new Map<string, number>();
   collectionCounts = new Map<string, number>();
   typeCounts = new Map<CipherType, number>();
-  searchText: string;
   state: BrowserGroupingsComponentState;
   showLeftHeader = true;
   searchPending = false;
@@ -71,6 +70,16 @@ export class VaultFilterComponent implements OnInit, OnDestroy {
   private hasSearched = false;
   private hasLoadedAllCiphers = false;
   private allCiphers: CipherView[] = null;
+  private destroy$ = new Subject<void>();
+  private _searchText$ = new BehaviorSubject<string>("");
+  private isSearchable: boolean = false;
+
+  get searchText() {
+    return this._searchText$.value;
+  }
+  set searchText(value: string) {
+    this._searchText$.next(value);
+  }
 
   constructor(
     private i18nService: I18nService,
@@ -148,6 +157,15 @@ export class VaultFilterComponent implements OnInit, OnDestroy {
         BrowserPopupUtils.setContentScrollY(window, this.state?.scrollY);
       }
     });
+
+    this._searchText$
+      .pipe(
+        switchMap((searchText) => from(this.searchService.isSearchable(searchText))),
+        takeUntil(this.destroy$),
+      )
+      .subscribe((isSearchable) => {
+        this.isSearchable = isSearchable;
+      });
   }
 
   ngOnDestroy() {
@@ -161,6 +179,8 @@ export class VaultFilterComponent implements OnInit, OnDestroy {
     // eslint-disable-next-line @typescript-eslint/no-floating-promises
     this.saveState();
     this.broadcasterService.unsubscribe(ComponentId);
+    this.destroy$.next();
+    this.destroy$.complete();
   }
 
   async load() {
@@ -181,7 +201,7 @@ export class VaultFilterComponent implements OnInit, OnDestroy {
   async loadCiphers() {
     this.allCiphers = await this.cipherService.getAllDecrypted();
     if (!this.hasLoadedAllCiphers) {
-      this.hasLoadedAllCiphers = !this.searchService.isSearchable(this.searchText);
+      this.hasLoadedAllCiphers = !(await this.searchService.isSearchable(this.searchText));
     }
     await this.search(null);
     this.getCounts();
@@ -210,7 +230,7 @@ export class VaultFilterComponent implements OnInit, OnDestroy {
     }
     const filterDeleted = (c: CipherView) => !c.isDeleted;
     if (timeout == null) {
-      this.hasSearched = this.searchService.isSearchable(this.searchText);
+      this.hasSearched = this.isSearchable;
       this.ciphers = await this.searchService.searchCiphers(
         this.searchText,
         filterDeleted,
@@ -223,7 +243,7 @@ export class VaultFilterComponent implements OnInit, OnDestroy {
     }
     this.searchPending = true;
     this.searchTimeout = setTimeout(async () => {
-      this.hasSearched = this.searchService.isSearchable(this.searchText);
+      this.hasSearched = this.isSearchable;
       if (!this.hasLoadedAllCiphers && !this.hasSearched) {
         await this.loadCiphers();
       } else {
@@ -381,9 +401,7 @@ export class VaultFilterComponent implements OnInit, OnDestroy {
   }
 
   showSearching() {
-    return (
+    return this.hasSearched || (!this.searchPending && this.isSearchable);
-      this.hasSearched || (!this.searchPending && this.searchService.isSearchable(this.searchText))
-    );
   }
 
   closeOnEsc(e: KeyboardEvent) {

apps/browser/src/vault/popup/components/vault/view.component.ts

@@ -20,7 +20,7 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
-import { TotpService } from "@bitwarden/common/vault/abstractions/totp.service";
+import { TotpService as TotpServiceAbstraction } from "@bitwarden/common/vault/abstractions/totp.service";
 import { CipherType } from "@bitwarden/common/vault/enums";
 import { Cipher } from "@bitwarden/common/vault/models/domain/cipher";
 import { LoginUriView } from "@bitwarden/common/vault/models/view/login-uri.view";
@@ -74,7 +74,7 @@ export class ViewComponent extends BaseViewComponent {
   constructor(
     cipherService: CipherService,
     folderService: FolderService,
-    totpService: TotpService,
+    totpService: TotpServiceAbstraction,
     tokenService: TokenService,
     i18nService: I18nService,
     cryptoService: CryptoService,

apps/cli/src/auth/commands/unlock.command.ts

@@ -1,6 +1,10 @@
+import { firstValueFrom } from "rxjs";
+
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { KeyConnectorService } from "@bitwarden/common/auth/abstractions/key-connector.service";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { SecretVerificationRequest } from "@bitwarden/common/auth/models/request/secret-verification.request";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
@@ -18,6 +22,8 @@ import { CliUtils } from "../../utils";
 
 export class UnlockCommand {
   constructor(
+    private accountService: AccountService,
+    private masterPasswordService: InternalMasterPasswordServiceAbstraction,
     private cryptoService: CryptoService,
     private stateService: StateService,
     private cryptoFunctionService: CryptoFunctionService,
@@ -45,11 +51,14 @@ export class UnlockCommand {
     const kdf = await this.stateService.getKdfType();
     const kdfConfig = await this.stateService.getKdfConfig();
     const masterKey = await this.cryptoService.makeMasterKey(password, email, kdf, kdfConfig);
-    const storedKeyHash = await this.cryptoService.getMasterKeyHash();
+    const userId = (await firstValueFrom(this.accountService.activeAccount$))?.id;
+    const storedMasterKeyHash = await firstValueFrom(
+      this.masterPasswordService.masterKeyHash$(userId),
+    );
 
     let passwordValid = false;
     if (masterKey != null) {
-      if (storedKeyHash != null) {
+      if (storedMasterKeyHash != null) {
         passwordValid = await this.cryptoService.compareAndUpdateKeyHash(password, masterKey);
       } else {
         const serverKeyHash = await this.cryptoService.hashMasterKey(
@@ -67,7 +76,7 @@ export class UnlockCommand {
             masterKey,
             HashPurpose.LocalAuthorization,
           );
-          await this.cryptoService.setMasterKeyHash(localKeyHash);
+          await this.masterPasswordService.setMasterKeyHash(localKeyHash, userId);
         } catch {
           // Ignore
         }
@@ -75,7 +84,7 @@ export class UnlockCommand {
     }
 
     if (passwordValid) {
-      await this.cryptoService.setMasterKey(masterKey);
+      await this.masterPasswordService.setMasterKey(masterKey, userId);
       const userKey = await this.cryptoService.decryptUserKeyWithMasterKey(masterKey);
       await this.cryptoService.setUserKey(userKey);
 

apps/cli/src/bw.ts

@@ -28,6 +28,7 @@ import { AccountService } from "@bitwarden/common/auth/abstractions/account.serv
 import { AvatarService as AvatarServiceAbstraction } from "@bitwarden/common/auth/abstractions/avatar.service";
 import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
 import { DevicesApiServiceAbstraction } from "@bitwarden/common/auth/abstractions/devices-api.service.abstraction";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { AccountServiceImplementation } from "@bitwarden/common/auth/services/account.service";
 import { AuthService } from "@bitwarden/common/auth/services/auth.service";
 import { AvatarService } from "@bitwarden/common/auth/services/avatar.service";
@@ -168,6 +169,7 @@ export class Main {
   organizationUserService: OrganizationUserService;
   collectionService: CollectionService;
   vaultTimeoutService: VaultTimeoutService;
+  masterPasswordService: InternalMasterPasswordServiceAbstraction;
   vaultTimeoutSettingsService: VaultTimeoutSettingsService;
   syncService: SyncService;
   eventCollectionService: EventCollectionServiceAbstraction;
@@ -352,6 +354,7 @@ export class Main {
     );
 
     this.cryptoService = new CryptoService(
+      this.masterPasswordService,
       this.keyGenerationService,
       this.cryptoFunctionService,
       this.encryptService,
@@ -411,7 +414,7 @@ export class Main {
       this.sendService,
     );
 
-    this.searchService = new SearchService(this.logService, this.i18nService);
+    this.searchService = new SearchService(this.logService, this.i18nService, this.stateProvider);
 
     this.broadcasterService = new BroadcasterService();
 
@@ -432,6 +435,8 @@ export class Main {
     this.policyApiService = new PolicyApiService(this.policyService, this.apiService);
 
     this.keyConnectorService = new KeyConnectorService(
+      this.accountService,
+      this.masterPasswordService,
       this.cryptoService,
       this.apiService,
       this.tokenService,
@@ -471,9 +476,10 @@ export class Main {
 
     this.authRequestService = new AuthRequestService(
       this.appIdService,
+      this.accountService,
+      this.masterPasswordService,
       this.cryptoService,
       this.apiService,
-      this.stateService,
     );
 
     this.billingAccountProfileStateService = new DefaultBillingAccountProfileStateService(
@@ -481,6 +487,8 @@ export class Main {
     );
 
     this.loginStrategyService = new LoginStrategyService(
+      this.accountService,
+      this.masterPasswordService,
       this.cryptoService,
       this.apiService,
       this.tokenService,
@@ -568,6 +576,8 @@ export class Main {
     this.userVerificationService = new UserVerificationService(
       this.stateService,
       this.cryptoService,
+      this.accountService,
+      this.masterPasswordService,
       this.i18nService,
       this.userVerificationApiService,
       this.userDecryptionOptionsService,
@@ -578,6 +588,8 @@ export class Main {
     );
 
     this.vaultTimeoutService = new VaultTimeoutService(
+      this.accountService,
+      this.masterPasswordService,
       this.cipherService,
       this.folderService,
       this.collectionService,
@@ -596,6 +608,8 @@ export class Main {
     this.avatarService = new AvatarService(this.apiService, this.stateProvider);
 
     this.syncService = new SyncService(
+      this.masterPasswordService,
+      this.accountService,
       this.apiService,
       this.domainSettingsService,
       this.folderService,

apps/cli/src/commands/serve.command.ts

@@ -122,6 +122,8 @@ export class ServeCommand {
     this.shareCommand = new ShareCommand(this.main.cipherService);
     this.lockCommand = new LockCommand(this.main.vaultTimeoutService);
     this.unlockCommand = new UnlockCommand(
+      this.main.accountService,
+      this.main.masterPasswordService,
       this.main.cryptoService,
       this.main.stateService,
       this.main.cryptoFunctionService,

apps/cli/src/program.ts

@@ -253,6 +253,8 @@ export class Program {
         if (!cmd.check) {
           await this.exitIfNotAuthed();
           const command = new UnlockCommand(
+            this.main.accountService,
+            this.main.masterPasswordService,
             this.main.cryptoService,
             this.main.stateService,
             this.main.cryptoFunctionService,
@@ -613,6 +615,8 @@ export class Program {
         this.processResponse(response, true);
       } else {
         const command = new UnlockCommand(
+          this.main.accountService,
+          this.main.masterPasswordService,
           this.main.cryptoService,
           this.main.stateService,
           this.main.cryptoFunctionService,

apps/desktop/desktop_native/Cargo.lock

@@ -1237,18 +1237,18 @@ dependencies = [
 
 [[package]]
 name = "thiserror"
-version = "1.0.51"
+version = "1.0.58"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f11c217e1416d6f036b870f14e0413d480dbf28edbee1f877abaf0206af43bb7"
+checksum = "03468839009160513471e86a034bb2c5c0e4baae3b43f79ffc55c4a5427b3297"
 dependencies = [
  "thiserror-impl",
 ]
 
 [[package]]
 name = "thiserror-impl"
-version = "1.0.51"
+version = "1.0.58"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "01742297787513b79cf8e29d1056ede1313e2420b7b3b15d0a768b4921f549df"
+checksum = "c61f3ba182994efc43764a46c018c347bc492c79f024e705f46567b418f6d4f7"
 dependencies = [
  "proc-macro2",
  "quote",

apps/desktop/desktop_native/Cargo.toml

@@ -24,7 +24,7 @@ rand = "=0.8.5"
 retry = "=2.0.0"
 scopeguard = "=1.2.0"
 sha2 = "=0.10.8"
-thiserror = "=1.0.51"
+thiserror = "=1.0.58"
 typenum = "=1.17.0"
 
 [build-dependencies]

apps/desktop/electron-builder.json

@@ -203,7 +203,7 @@
       "si",
       "sk",
       "sl",
-      "sr",
+      "sr-cyrl",
       "sv",
       "te",
       "th",
@@ -228,6 +228,7 @@
     "artifactName": "${productName}-${version}-${arch}.${ext}"
   },
   "snap": {
+    "summary": "After installation enable required `password-manager-service` by running `sudo snap connect bitwarden:password-manager-service`.",
     "autoStart": true,
     "base": "core22",
     "confinement": "strict",

apps/desktop/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@bitwarden/desktop",
   "description": "A secure and free password manager for all of your devices.",
-  "version": "2024.3.2",
+  "version": "2024.4.1",
   "keywords": [
     "bitwarden",
     "password",

apps/desktop/src/app/app.component.ts

@@ -26,6 +26,7 @@ import { InternalPolicyService } from "@bitwarden/common/admin-console/abstracti
 import { ProviderService } from "@bitwarden/common/admin-console/abstractions/provider.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { KeyConnectorService } from "@bitwarden/common/auth/abstractions/key-connector.service";
+import { MasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
 import { ForceSetPasswordReason } from "@bitwarden/common/auth/models/domain/force-set-password-reason";
@@ -120,6 +121,7 @@ export class AppComponent implements OnInit, OnDestroy {
   private accountCleanUpInProgress: { [userId: string]: boolean } = {};
 
   constructor(
+    private masterPasswordService: MasterPasswordServiceAbstraction,
     private broadcasterService: BroadcasterService,
     private folderService: InternalFolderService,
     private syncService: SyncService,
@@ -408,8 +410,9 @@ export class AppComponent implements OnInit, OnDestroy {
               (await this.authService.getAuthStatus(message.userId)) ===
               AuthenticationStatus.Locked;
             const forcedPasswordReset =
-              (await this.stateService.getForceSetPasswordReason({ userId: message.userId })) !=
+              (await firstValueFrom(
-              ForceSetPasswordReason.None;
+                this.masterPasswordService.forceSetPasswordReason$(message.userId),
+              )) != ForceSetPasswordReason.None;
             if (locked) {
               this.messagingService.send("locked", { userId: message.userId });
             } else if (forcedPasswordReset) {
@@ -606,7 +609,7 @@ export class AppComponent implements OnInit, OnDestroy {
     // This must come last otherwise the logout will prematurely trigger
     // a process reload before all the state service user data can be cleaned up
     if (userBeingLoggedOut === preLogoutActiveUserId) {
-      this.searchService.clearIndex();
+      await this.searchService.clearIndex();
       this.authService.logOut(async () => {
         if (expired) {
           this.platformUtilsService.showToast(

apps/desktop/src/app/services/services.module.ts

@@ -20,6 +20,7 @@ import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vaul
 import { PolicyService as PolicyServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { AccountService as AccountServiceAbstraction } from "@bitwarden/common/auth/abstractions/account.service";
 import { AuthService as AuthServiceAbstraction } from "@bitwarden/common/auth/abstractions/auth.service";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { TokenService } from "@bitwarden/common/auth/abstractions/token.service";
 import { AutofillSettingsServiceAbstraction } from "@bitwarden/common/autofill/services/autofill-settings.service";
 import { BroadcasterService as BroadcasterServiceAbstraction } from "@bitwarden/common/platform/abstractions/broadcaster.service";
@@ -228,6 +229,7 @@ const safeProviders: SafeProvider[] = [
     provide: CryptoServiceAbstraction,
     useClass: ElectronCryptoService,
     deps: [
+      InternalMasterPasswordServiceAbstraction,
       KeyGenerationServiceAbstraction,
       CryptoFunctionServiceAbstraction,
       EncryptService,

apps/desktop/src/auth/lock.component.spec.ts

@@ -14,7 +14,9 @@ import { PolicyApiServiceAbstraction } from "@bitwarden/common/admin-console/abs
 import { InternalPolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
+import { FakeMasterPasswordService } from "@bitwarden/common/auth/services/master-password/fake-master-password.service";
 import { BroadcasterService } from "@bitwarden/common/platform/abstractions/broadcaster.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
@@ -52,6 +54,7 @@ describe("LockComponent", () => {
   let broadcasterServiceMock: MockProxy<BroadcasterService>;
   let platformUtilsServiceMock: MockProxy<PlatformUtilsService>;
   let activatedRouteMock: MockProxy<ActivatedRoute>;
+  let mockMasterPasswordService: FakeMasterPasswordService;
 
   const mockUserId = Utils.newGuid() as UserId;
   const accountService: FakeAccountService = mockAccountServiceWith(mockUserId);
@@ -67,6 +70,8 @@ describe("LockComponent", () => {
     activatedRouteMock = mock<ActivatedRoute>();
     activatedRouteMock.queryParams = mock<ActivatedRoute["queryParams"]>();
 
+    mockMasterPasswordService = new FakeMasterPasswordService();
+
     biometricStateService.dismissedRequirePasswordOnStartCallout$ = of(false);
     biometricStateService.promptAutomatically$ = of(false);
     biometricStateService.promptCancelled$ = of(false);
@@ -74,6 +79,7 @@ describe("LockComponent", () => {
     await TestBed.configureTestingModule({
       declarations: [LockComponent, I18nPipe],
       providers: [
+        { provide: InternalMasterPasswordServiceAbstraction, useValue: mockMasterPasswordService },
         {
           provide: I18nService,
           useValue: mock<I18nService>(),

apps/desktop/src/auth/lock.component.ts

@@ -11,6 +11,7 @@ import { PolicyApiServiceAbstraction } from "@bitwarden/common/admin-console/abs
 import { InternalPolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { DeviceType } from "@bitwarden/common/enums";
 import { BroadcasterService } from "@bitwarden/common/platform/abstractions/broadcaster.service";
@@ -38,6 +39,7 @@ export class LockComponent extends BaseLockComponent {
   private autoPromptBiometric = false;
 
   constructor(
+    masterPasswordService: InternalMasterPasswordServiceAbstraction,
     router: Router,
     i18nService: I18nService,
     platformUtilsService: PlatformUtilsService,
@@ -63,6 +65,7 @@ export class LockComponent extends BaseLockComponent {
     accountService: AccountService,
   ) {
     super(
+      masterPasswordService,
       router,
       i18nService,
       platformUtilsService,

apps/desktop/src/auth/set-password.component.ts

@@ -8,6 +8,8 @@ import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-conso
 import { OrganizationUserService } from "@bitwarden/common/admin-console/abstractions/organization-user/organization-user.service";
 import { PolicyApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/policy/policy-api.service.abstraction";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { BroadcasterService } from "@bitwarden/common/platform/abstractions/broadcaster.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
@@ -29,6 +31,8 @@ const BroadcasterSubscriptionId = "SetPasswordComponent";
 })
 export class SetPasswordComponent extends BaseSetPasswordComponent implements OnDestroy {
   constructor(
+    accountService: AccountService,
+    masterPasswordService: InternalMasterPasswordServiceAbstraction,
     apiService: ApiService,
     i18nService: I18nService,
     cryptoService: CryptoService,
@@ -50,6 +54,8 @@ export class SetPasswordComponent extends BaseSetPasswordComponent implements On
     dialogService: DialogService,
   ) {
     super(
+      accountService,
+      masterPasswordService,
       i18nService,
       cryptoService,
       messagingService,

apps/desktop/src/auth/sso.component.ts

@@ -7,6 +7,8 @@ import {
   UserDecryptionOptionsServiceAbstraction,
 } from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
@@ -39,6 +41,8 @@ export class SsoComponent extends BaseSsoComponent {
     logService: LogService,
     userDecryptionOptionsService: UserDecryptionOptionsServiceAbstraction,
     configService: ConfigService,
+    masterPasswordService: InternalMasterPasswordServiceAbstraction,
+    accountService: AccountService,
   ) {
     super(
       ssoLoginService,
@@ -55,6 +59,8 @@ export class SsoComponent extends BaseSsoComponent {
       logService,
       userDecryptionOptionsService,
       configService,
+      masterPasswordService,
+      accountService,
     );
     super.onSuccessfulLogin = async () => {
       // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.

apps/desktop/src/auth/two-factor.component.ts

@@ -11,6 +11,8 @@ import {
   UserDecryptionOptionsServiceAbstraction,
 } from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { TwoFactorService } from "@bitwarden/common/auth/abstractions/two-factor.service";
 import { TwoFactorProviderType } from "@bitwarden/common/auth/enums/two-factor-provider-type";
@@ -60,6 +62,8 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
     userDecryptionOptionsService: UserDecryptionOptionsServiceAbstraction,
     ssoLoginService: SsoLoginServiceAbstraction,
     configService: ConfigService,
+    masterPasswordService: InternalMasterPasswordServiceAbstraction,
+    accountService: AccountService,
     @Inject(WINDOW) protected win: Window,
   ) {
     super(
@@ -79,6 +83,8 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
       userDecryptionOptionsService,
       ssoLoginService,
       configService,
+      masterPasswordService,
+      accountService,
     );
     super.onSuccessfulLogin = async () => {
       // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.

apps/desktop/src/locales/fi/messages.json

@@ -494,7 +494,7 @@
     "message": "Kansio poistettiin"
   },
   "loginOrCreateNewAccount": {
-    "message": "Käytä salattua holviasi kirjautumalla sisään tai tai luo uusi tili."
+    "message": "Käytä salattua holviasi kirjautumalla sisään tai luo uusi tili."
   },
   "createAccount": {
     "message": "Luo tili"
@@ -2689,7 +2689,7 @@
     "description": "Label indicating the most common import formats"
   },
   "troubleshooting": {
-    "message": "Vianmääritys"
+    "message": "Vianselvitys"
   },
   "disableHardwareAccelerationRestart": {
     "message": "Poista laitteistokiihdytys käytöstä ja käynnistä sovellus uudelleen"

apps/desktop/src/locales/zh_TW/messages.json

@@ -404,7 +404,7 @@
     "message": "長度"
   },
   "passwordMinLength": {
-    "message": "Minimum password length"
+    "message": "最小密碼長度"
   },
   "uppercase": {
     "message": "大寫 (A-Z)"
@@ -561,10 +561,10 @@
     "message": "帳戶已建立！現在可以登入了。"
   },
   "youSuccessfullyLoggedIn": {
-    "message": "You successfully logged in"
+    "message": "你已成功登入"
   },
   "youMayCloseThisWindow": {
-    "message": "You may close this window"
+    "message": "你可以關閉此視窗"
   },
   "masterPassSent": {
     "message": "已寄出包含您主密碼提示的電子郵件。"
@@ -1546,15 +1546,15 @@
     "message": "設定主密碼"
   },
   "orgPermissionsUpdatedMustSetPassword": {
-    "message": "Your organization permissions were updated, requiring you to set a master password.",
+    "message": "你的組織權限已更新，要求你設定一個主密碼。",
     "description": "Used as a card title description on the set password page to explain why the user is there"
   },
   "orgRequiresYouToSetPassword": {
-    "message": "Your organization requires you to set a master password.",
+    "message": "你的組織要求你設定一個主密碼。",
     "description": "Used as a card title description on the set password page to explain why the user is there"
   },
   "verificationRequired": {
-    "message": "Verification required",
+    "message": "需要驗證",
     "description": "Default title for the user verification dialog."
   },
   "currentMasterPass": {
@@ -1645,10 +1645,10 @@
     "message": "在您的桌面和瀏覽器閒建立連綫時，透過要求指紋短語確認，以添加一個額外的安全層。每次建立連綫都需要使用者干預和驗證。"
   },
   "enableHardwareAcceleration": {
-    "message": "Use hardware acceleration"
+    "message": "使用硬體加速"
   },
   "enableHardwareAccelerationDesc": {
-    "message": "By default this setting is ON. Turn OFF only if you experience graphical issues. Restart is required."
+    "message": "此設定預設為開啟。僅當你遇到圖形問題時才關閉。需要重新啟動。"
   },
   "approve": {
     "message": "核准"
@@ -1889,40 +1889,40 @@
     "message": "您的主密碼不符合一個或多個組織原則要求。您必須立即更新您的主密碼才能存取密碼庫。進行此動作將登出您目前的工作階段，需要您重新登入。其他裝置上的工作階段可能繼續長達一小時。"
   },
   "tryAgain": {
-    "message": "Try again"
+    "message": "再試一次"
   },
   "verificationRequiredForActionSetPinToContinue": {
-    "message": "Verification required for this action. Set a PIN to continue."
+    "message": "此操作需要驗證。設定 PIN 碼以繼續。"
   },
   "setPin": {
-    "message": "Set PIN"
+    "message": "設定 PIN 碼"
   },
   "verifyWithBiometrics": {
-    "message": "Verify with biometrics"
+    "message": "使用生物辨識進行驗證"
   },
   "awaitingConfirmation": {
-    "message": "Awaiting confirmation"
+    "message": "正在等待確認"
   },
   "couldNotCompleteBiometrics": {
-    "message": "Could not complete biometrics."
+    "message": "無法完成生物辨識。"
   },
   "needADifferentMethod": {
-    "message": "Need a different method?"
+    "message": "需要不同的方法嗎？"
   },
   "useMasterPassword": {
-    "message": "Use master password"
+    "message": "使用主密碼"
   },
   "usePin": {
-    "message": "Use PIN"
+    "message": "使用 PIN 碼"
   },
   "useBiometrics": {
-    "message": "Use biometrics"
+    "message": "使用生物辨識"
   },
   "enterVerificationCodeSentToEmail": {
     "message": "Enter the verification code that was sent to your email."
   },
   "resendCode": {
-    "message": "Resend code"
+    "message": "重新傳送驗證碼"
   },
   "hours": {
     "message": "小時"
@@ -2465,7 +2465,7 @@
     "message": "全部清除"
   },
   "plusNMore": {
-    "message": "+ $QUANTITY$ more",
+    "message": "+ $QUANTITY$ 個更多",
     "placeholders": {
       "quantity": {
         "content": "$1",
@@ -2477,7 +2477,7 @@
     "message": "子選單"
   },
   "skipToContent": {
-    "message": "Skip to content"
+    "message": "跳至內容"
   },
   "typePasskey": {
     "message": "密碼金鑰"
@@ -2621,13 +2621,13 @@
     "message": "使用者名稱或密碼不正確"
   },
   "incorrectPassword": {
-    "message": "Incorrect password"
+    "message": "密碼不正確"
   },
   "incorrectCode": {
-    "message": "Incorrect code"
+    "message": "驗證碼不正確"
   },
   "incorrectPin": {
-    "message": "Incorrect PIN"
+    "message": "PIN 碼不正確"
   },
   "multifactorAuthenticationFailed": {
     "message": "多因素驗證失敗"
@@ -2685,22 +2685,22 @@
     "message": "將與您的 LastPass 帳戶關聯的 YubiKey 插入電腦的 USB 連接埠，然後觸摸其按鈕。"
   },
   "commonImportFormats": {
-    "message": "Common formats",
+    "message": "常見格式",
     "description": "Label indicating the most common import formats"
   },
   "troubleshooting": {
-    "message": "Troubleshooting"
+    "message": "疑難排解"
   },
   "disableHardwareAccelerationRestart": {
-    "message": "Disable hardware acceleration and restart"
+    "message": "停用硬體加速並重新啟動"
   },
   "enableHardwareAccelerationRestart": {
-    "message": "Enable hardware acceleration and restart"
+    "message": "啟用硬體加速並重新啟動"
   },
   "removePasskey": {
-    "message": "Remove passkey"
+    "message": "移除金鑰"
   },
   "passkeyRemoved": {
-    "message": "Passkey removed"
+    "message": "金鑰已移除"
   }
 }

apps/desktop/src/package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "@bitwarden/desktop",
-  "version": "2024.3.2",
+  "version": "2024.4.1",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@bitwarden/desktop",
-      "version": "2024.3.2",
+      "version": "2024.4.1",
       "license": "GPL-3.0",
       "dependencies": {
         "@bitwarden/desktop-native": "file:../desktop_native",

apps/desktop/src/package.json

@@ -2,7 +2,7 @@
   "name": "@bitwarden/desktop",
   "productName": "Bitwarden",
   "description": "A secure and free password manager for all of your devices.",
-  "version": "2024.3.2",
+  "version": "2024.4.1",
   "author": "Bitwarden Inc. <hello@bitwarden.com> (https://bitwarden.com)",
   "homepage": "https://bitwarden.com",
   "license": "GPL-3.0",

apps/desktop/src/platform/services/electron-crypto.service.spec.ts

@@ -1,6 +1,7 @@
 import { FakeStateProvider } from "@bitwarden/common/../spec/fake-state-provider";
 import { mock } from "jest-mock-extended";
 
+import { FakeMasterPasswordService } from "@bitwarden/common/auth/services/master-password/fake-master-password.service";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
 import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
 import { KeyGenerationService } from "@bitwarden/common/platform/abstractions/key-generation.service";
@@ -30,6 +31,7 @@ describe("electronCryptoService", () => {
   const platformUtilService = mock<PlatformUtilsService>();
   const logService = mock<LogService>();
   const stateService = mock<StateService>();
+  let masterPasswordService: FakeMasterPasswordService;
   let accountService: FakeAccountService;
   let stateProvider: FakeStateProvider;
   const biometricStateService = mock<BiometricStateService>();
@@ -38,9 +40,11 @@ describe("electronCryptoService", () => {
 
   beforeEach(() => {
     accountService = mockAccountServiceWith("userId" as UserId);
+    masterPasswordService = new FakeMasterPasswordService();
     stateProvider = new FakeStateProvider(accountService);
 
     sut = new ElectronCryptoService(
+      masterPasswordService,
       keyGenerationService,
       cryptoFunctionService,
       encryptService,

apps/desktop/src/platform/services/electron-crypto.service.ts

@@ -1,6 +1,7 @@
 import { firstValueFrom } from "rxjs";
 
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
 import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
 import { KeyGenerationService } from "@bitwarden/common/platform/abstractions/key-generation.service";
@@ -20,6 +21,7 @@ import { UserKey, MasterKey } from "@bitwarden/common/types/key";
 
 export class ElectronCryptoService extends CryptoService {
   constructor(
+    masterPasswordService: InternalMasterPasswordServiceAbstraction,
     keyGenerationService: KeyGenerationService,
     cryptoFunctionService: CryptoFunctionService,
     encryptService: EncryptService,
@@ -31,6 +33,7 @@ export class ElectronCryptoService extends CryptoService {
     private biometricStateService: BiometricStateService,
   ) {
     super(
+      masterPasswordService,
       keyGenerationService,
       cryptoFunctionService,
       encryptService,
@@ -159,12 +162,16 @@ export class ElectronCryptoService extends CryptoService {
       const oldBiometricKey = await this.stateService.getCryptoMasterKeyBiometric({ userId });
       // decrypt
       const masterKey = new SymmetricCryptoKey(Utils.fromB64ToArray(oldBiometricKey)) as MasterKey;
-      let encUserKey = await this.stateService.getEncryptedCryptoSymmetricKey();
+      userId ??= (await firstValueFrom(this.accountService.activeAccount$))?.id;
-      encUserKey = encUserKey ?? (await this.stateService.getMasterKeyEncryptedUserKey());
+      const encUserKeyPrim = await this.stateService.getEncryptedCryptoSymmetricKey();
+      const encUserKey =
+        encUserKeyPrim != null
+          ? new EncString(encUserKeyPrim)
+          : await this.masterPasswordService.getMasterKeyEncryptedUserKey(userId);
       if (!encUserKey) {
         throw new Error("No user key found during biometric migration");
       }
-      const userKey = await this.decryptUserKeyWithMasterKey(masterKey, new EncString(encUserKey));
+      const userKey = await this.decryptUserKeyWithMasterKey(masterKey, encUserKey);
       // migrate
       await this.storeBiometricKey(userKey, userId);
       await this.stateService.setCryptoMasterKeyBiometric(null, { userId });

apps/desktop/src/services/native-messaging.service.ts

@@ -1,6 +1,7 @@
 import { Injectable, NgZone } from "@angular/core";
 import { firstValueFrom } from "rxjs";
 
+import { MasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
@@ -30,6 +31,7 @@ export class NativeMessagingService {
   private sharedSecrets = new Map<string, SymmetricCryptoKey>();
 
   constructor(
+    private masterPasswordService: MasterPasswordServiceAbstraction,
     private cryptoFunctionService: CryptoFunctionService,
     private cryptoService: CryptoService,
     private platformUtilService: PlatformUtilsService,
@@ -162,7 +164,9 @@ export class NativeMessagingService {
             KeySuffixOptions.Biometric,
             message.userId,
           );
-          const masterKey = await this.cryptoService.getMasterKey(message.userId);
+          const masterKey = await firstValueFrom(
+            this.masterPasswordService.masterKey$(message.userId as UserId),
+          );
 
           if (userKey != null) {
             // we send the master key still for backwards compatibility

apps/web/src/app/admin-console/common/base.people.component.ts

@@ -1,5 +1,5 @@
-import { Directive, ViewChild, ViewContainerRef } from "@angular/core";
+import { Directive, OnDestroy, OnInit, ViewChild, ViewContainerRef } from "@angular/core";
-import { firstValueFrom } from "rxjs";
+import { BehaviorSubject, Subject, firstValueFrom, from, switchMap, takeUntil } from "rxjs";
 
 import { SearchPipe } from "@bitwarden/angular/pipes/search.pipe";
 import { UserNamePipe } from "@bitwarden/angular/pipes/user-name.pipe";
@@ -33,7 +33,9 @@ const MaxCheckedCount = 500;
 @Directive()
 export abstract class BasePeopleComponent<
     UserType extends ProviderUserUserDetailsResponse | OrganizationUserView,
-> {
+  >
+  implements OnInit, OnDestroy
+{
   @ViewChild("confirmTemplate", { read: ViewContainerRef, static: true })
   confirmModalRef: ViewContainerRef;
 
@@ -88,7 +90,6 @@ export abstract class BasePeopleComponent<
   status: StatusType;
   users: UserType[] = [];
   pagedUsers: UserType[] = [];
-  searchText: string;
   actionPromise: Promise<void>;
 
   protected allUsers: UserType[] = [];
@@ -97,7 +98,19 @@ export abstract class BasePeopleComponent<
   protected didScroll = false;
   protected pageSize = 100;
 
+  protected destroy$ = new Subject<void>();
+
   private pagedUsersCount = 0;
+  private _searchText$ = new BehaviorSubject<string>("");
+  private isSearching: boolean = false;
+
+  get searchText() {
+    return this._searchText$.value;
+  }
+
+  set searchText(value: string) {
+    this._searchText$.next(value);
+  }
 
   constructor(
     protected apiService: ApiService,
@@ -122,6 +135,22 @@ export abstract class BasePeopleComponent<
   abstract reinviteUser(id: string): Promise<void>;
   abstract confirmUser(user: UserType, publicKey: Uint8Array): Promise<void>;
 
+  ngOnInit(): void {
+    this._searchText$
+      .pipe(
+        switchMap((searchText) => from(this.searchService.isSearchable(searchText))),
+        takeUntil(this.destroy$),
+      )
+      .subscribe((isSearchable) => {
+        this.isSearching = isSearchable;
+      });
+  }
+
+  ngOnDestroy(): void {
+    this.destroy$.next();
+    this.destroy$.complete();
+  }
+
   async load() {
     const response = await this.getUsers();
     this.statusMap.clear();
@@ -390,12 +419,8 @@ export abstract class BasePeopleComponent<
     }
   }
 
-  isSearching() {
-    return this.searchService.isSearchable(this.searchText);
-  }
-
   isPaging() {
-    const searching = this.isSearching();
+    const searching = this.isSearching;
     if (searching && this.didScroll) {
       // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
       // eslint-disable-next-line @typescript-eslint/no-floating-promises

apps/web/src/app/admin-console/organizations/manage/groups.component.ts

@@ -91,15 +91,16 @@ export class GroupsComponent implements OnInit, OnDestroy {
   private pagedGroupsCount = 0;
   private pagedGroups: GroupDetailsRow[];
   private searchedGroups: GroupDetailsRow[];
-  private _searchText: string;
+  private _searchText$ = new BehaviorSubject<string>("");
   private destroy$ = new Subject<void>();
   private refreshGroups$ = new BehaviorSubject<void>(null);
+  private isSearching: boolean = false;
 
   get searchText() {
-    return this._searchText;
+    return this._searchText$.value;
   }
   set searchText(value: string) {
-    this._searchText = value;
+    this._searchText$.next(value);
     // Manually update as we are not using the search pipe in the template
     this.updateSearchedGroups();
   }
@@ -114,7 +115,7 @@ export class GroupsComponent implements OnInit, OnDestroy {
     if (this.isPaging()) {
       return this.pagedGroups;
     }
-    if (this.isSearching()) {
+    if (this.isSearching) {
       return this.searchedGroups;
     }
     return this.groups;
@@ -180,6 +181,15 @@ export class GroupsComponent implements OnInit, OnDestroy {
         takeUntil(this.destroy$),
       )
       .subscribe();
+
+    this._searchText$
+      .pipe(
+        switchMap((searchText) => this.searchService.isSearchable(searchText)),
+        takeUntil(this.destroy$),
+      )
+      .subscribe((isSearchable) => {
+        this.isSearching = isSearchable;
+      });
   }
 
   ngOnDestroy() {
@@ -297,10 +307,6 @@ export class GroupsComponent implements OnInit, OnDestroy {
     this.loadMore();
   }
 
-  isSearching() {
-    return this.searchService.isSearchable(this.searchText);
-  }
-
   check(groupRow: GroupDetailsRow) {
     groupRow.checked = !groupRow.checked;
   }
@@ -310,7 +316,7 @@ export class GroupsComponent implements OnInit, OnDestroy {
   }
 
   isPaging() {
-    const searching = this.isSearching();
+    const searching = this.isSearching;
     if (searching && this.didScroll) {
       this.resetPaging();
     }
@@ -340,7 +346,7 @@ export class GroupsComponent implements OnInit, OnDestroy {
   }
 
   private updateSearchedGroups() {
-    if (this.searchService.isSearchable(this.searchText)) {
+    if (this.isSearching) {
       // Making use of the pipe in the component as we need know which groups where filtered
       this.searchedGroups = this.searchPipe.transform(
         this.groups,

apps/web/src/app/admin-console/organizations/members/people.component.ts

@@ -1,4 +1,4 @@
-import { Component, OnDestroy, OnInit, ViewChild, ViewContainerRef } from "@angular/core";
+import { Component, ViewChild, ViewContainerRef } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
 import {
   combineLatest,
@@ -9,7 +9,6 @@ import {
   map,
   Observable,
   shareReplay,
-  Subject,
   switchMap,
   takeUntil,
 } from "rxjs";
@@ -73,10 +72,7 @@ import { ResetPasswordComponent } from "./components/reset-password.component";
   selector: "app-org-people",
   templateUrl: "people.component.html",
 })
-export class PeopleComponent
+export class PeopleComponent extends BasePeopleComponent<OrganizationUserView> {
-  extends BasePeopleComponent<OrganizationUserView>
-  implements OnInit, OnDestroy
-{
   @ViewChild("groupsTemplate", { read: ViewContainerRef, static: true })
   groupsModalRef: ViewContainerRef;
   @ViewChild("confirmTemplate", { read: ViewContainerRef, static: true })
@@ -99,7 +95,6 @@ export class PeopleComponent
   orgResetPasswordPolicyEnabled = false;
 
   protected canUseSecretsManager$: Observable<boolean>;
-  private destroy$ = new Subject<void>();
 
   constructor(
     apiService: ApiService,
@@ -210,8 +205,7 @@ export class PeopleComponent
   }
 
   ngOnDestroy(): void {
-    this.destroy$.next();
+    super.ngOnDestroy();
-    this.destroy$.complete();
   }
 
   async load() {

apps/web/src/app/app.component.ts

@@ -281,7 +281,7 @@ export class AppComponent implements OnDestroy, OnInit {
 
     await this.stateEventRunnerService.handleEvent("logout", userId as UserId);
 
-    this.searchService.clearIndex();
+    await this.searchService.clearIndex();
     this.authService.logOut(async () => {
       if (expired) {
         this.platformUtilsService.showToast(

apps/web/src/app/auth/key-rotation/user-key-rotation.service.spec.ts

@@ -2,6 +2,7 @@ import { mock, MockProxy } from "jest-mock-extended";
 import { BehaviorSubject } from "rxjs";
 
 import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
+import { FakeMasterPasswordService } from "@bitwarden/common/auth/services/master-password/fake-master-password.service";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
@@ -9,7 +10,6 @@ import { EncryptionType } from "@bitwarden/common/platform/enums";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
 import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
-import { FakeAccountService, mockAccountServiceWith } from "@bitwarden/common/spec";
 import { Send } from "@bitwarden/common/tools/send/models/domain/send";
 import { SendService } from "@bitwarden/common/tools/send/services/send.service.abstraction";
 import { UserId } from "@bitwarden/common/types/guid";
@@ -22,6 +22,10 @@ import { Folder } from "@bitwarden/common/vault/models/domain/folder";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
 import { FolderView } from "@bitwarden/common/vault/models/view/folder.view";
 
+import {
+  FakeAccountService,
+  mockAccountServiceWith,
+} from "../../../../../../libs/common/spec/fake-account-service";
 import { OrganizationUserResetPasswordService } from "../../admin-console/organizations/members/services/organization-user-reset-password/organization-user-reset-password.service";
 import { StateService } from "../../core";
 import { EmergencyAccessService } from "../emergency-access";
@@ -46,8 +50,10 @@ describe("KeyRotationService", () => {
 
   const mockUserId = Utils.newGuid() as UserId;
   const mockAccountService: FakeAccountService = mockAccountServiceWith(mockUserId);
+  let mockMasterPasswordService: FakeMasterPasswordService = new FakeMasterPasswordService();
 
   beforeAll(() => {
+    mockMasterPasswordService = new FakeMasterPasswordService();
     mockApiService = mock<UserKeyRotationApiService>();
     mockCipherService = mock<CipherService>();
     mockFolderService = mock<FolderService>();
@@ -61,6 +67,7 @@ describe("KeyRotationService", () => {
     mockConfigService = mock<ConfigService>();
 
     keyRotationService = new UserKeyRotationService(
+      mockMasterPasswordService,
       mockApiService,
       mockCipherService,
       mockFolderService,
@@ -174,7 +181,10 @@ describe("KeyRotationService", () => {
     it("saves the master key in state after creation", async () => {
       await keyRotationService.rotateUserKeyAndEncryptedData("mockMasterPassword");
 
-      expect(mockCryptoService.setMasterKey).toHaveBeenCalledWith("mockMasterKey" as any);
+      expect(mockMasterPasswordService.mock.setMasterKey).toHaveBeenCalledWith(
+        "mockMasterKey" as any,
+        mockUserId,
+      );
     });
 
     it("uses legacy rotation if feature flag is off", async () => {

apps/web/src/app/auth/key-rotation/user-key-rotation.service.ts

@@ -3,6 +3,7 @@ import { firstValueFrom } from "rxjs";
 
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
@@ -25,6 +26,7 @@ import { UserKeyRotationApiService } from "./user-key-rotation-api.service";
 @Injectable()
 export class UserKeyRotationService {
   constructor(
+    private masterPasswordService: InternalMasterPasswordServiceAbstraction,
     private apiService: UserKeyRotationApiService,
     private cipherService: CipherService,
     private folderService: FolderService,
@@ -61,7 +63,8 @@ export class UserKeyRotationService {
     }
 
     // Set master key again in case it was lost (could be lost on refresh)
-    await this.cryptoService.setMasterKey(masterKey);
+    const userId = (await firstValueFrom(this.accountService.activeAccount$))?.id;
+    await this.masterPasswordService.setMasterKey(masterKey, userId);
     const [newUserKey, newEncUserKey] = await this.cryptoService.makeUserKey(masterKey);
 
     if (!newUserKey || !newEncUserKey) {

apps/web/src/app/auth/lock.component.ts

@@ -1,80 +1,12 @@
-import { Component, NgZone } from "@angular/core";
+import { Component } from "@angular/core";
-import { Router } from "@angular/router";
 
 import { LockComponent as BaseLockComponent } from "@bitwarden/angular/auth/components/lock.component";
-import { PinCryptoServiceAbstraction } from "@bitwarden/auth/common";
-import { ApiService } from "@bitwarden/common/abstractions/api.service";
-import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout-settings.service";
-import { VaultTimeoutService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout.service";
-import { PolicyApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/policy/policy-api.service.abstraction";
-import { InternalPolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
-import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
-import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
-import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
-import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
-import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
-import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
-import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
-import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
-import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
-import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
-import { BiometricStateService } from "@bitwarden/common/platform/biometrics/biometric-state.service";
-import { PasswordStrengthServiceAbstraction } from "@bitwarden/common/tools/password-strength";
-import { DialogService } from "@bitwarden/components";
 
 @Component({
   selector: "app-lock",
   templateUrl: "lock.component.html",
 })
 export class LockComponent extends BaseLockComponent {
-  constructor(
-    router: Router,
-    i18nService: I18nService,
-    platformUtilsService: PlatformUtilsService,
-    messagingService: MessagingService,
-    cryptoService: CryptoService,
-    vaultTimeoutService: VaultTimeoutService,
-    vaultTimeoutSettingsService: VaultTimeoutSettingsService,
-    environmentService: EnvironmentService,
-    stateService: StateService,
-    apiService: ApiService,
-    logService: LogService,
-    ngZone: NgZone,
-    policyApiService: PolicyApiServiceAbstraction,
-    policyService: InternalPolicyService,
-    passwordStrengthService: PasswordStrengthServiceAbstraction,
-    dialogService: DialogService,
-    deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction,
-    userVerificationService: UserVerificationService,
-    pinCryptoService: PinCryptoServiceAbstraction,
-    biometricStateService: BiometricStateService,
-    accountService: AccountService,
-  ) {
-    super(
-      router,
-      i18nService,
-      platformUtilsService,
-      messagingService,
-      cryptoService,
-      vaultTimeoutService,
-      vaultTimeoutSettingsService,
-      environmentService,
-      stateService,
-      apiService,
-      logService,
-      ngZone,
-      policyApiService,
-      policyService,
-      passwordStrengthService,
-      dialogService,
-      deviceTrustCryptoService,
-      userVerificationService,
-      pinCryptoService,
-      biometricStateService,
-      accountService,
-    );
-  }
-
   async ngOnInit() {
     await super.ngOnInit();
     this.onSuccessfulSubmit = async () => {

apps/web/src/app/auth/sso.component.ts

@@ -10,6 +10,8 @@ import {
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { OrgDomainApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization-domain/org-domain-api.service.abstraction";
 import { OrganizationDomainSsoDetailsResponse } from "@bitwarden/common/admin-console/abstractions/organization-domain/responses/organization-domain-sso-details.response";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { HttpStatusCode } from "@bitwarden/common/enums";
 import { ErrorResponse } from "@bitwarden/common/models/response/error.response";
@@ -46,6 +48,8 @@ export class SsoComponent extends BaseSsoComponent {
     private validationService: ValidationService,
     userDecryptionOptionsService: UserDecryptionOptionsServiceAbstraction,
     configService: ConfigService,
+    masterPasswordService: InternalMasterPasswordServiceAbstraction,
+    accountService: AccountService,
   ) {
     super(
       ssoLoginService,
@@ -62,6 +66,8 @@ export class SsoComponent extends BaseSsoComponent {
       logService,
       userDecryptionOptionsService,
       configService,
+      masterPasswordService,
+      accountService,
     );
     this.redirectUri = window.location.origin + "/sso-connector.html";
     this.clientId = "web";

apps/web/src/app/auth/two-factor.component.ts

@@ -10,6 +10,8 @@ import {
   UserDecryptionOptionsServiceAbstraction,
 } from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { TwoFactorService } from "@bitwarden/common/auth/abstractions/two-factor.service";
 import { TwoFactorProviderType } from "@bitwarden/common/auth/enums/two-factor-provider-type";
@@ -50,6 +52,8 @@ export class TwoFactorComponent extends BaseTwoFactorComponent implements OnDest
     userDecryptionOptionsService: UserDecryptionOptionsServiceAbstraction,
     ssoLoginService: SsoLoginServiceAbstraction,
     configService: ConfigService,
+    masterPasswordService: InternalMasterPasswordServiceAbstraction,
+    accountService: AccountService,
     @Inject(WINDOW) protected win: Window,
   ) {
     super(
@@ -69,6 +73,8 @@ export class TwoFactorComponent extends BaseTwoFactorComponent implements OnDest
       userDecryptionOptionsService,
       ssoLoginService,
       configService,
+      masterPasswordService,
+      accountService,
     );
     this.onSuccessfulLoginNavigate = this.goAfterLogIn;
   }

apps/web/src/app/billing/shared/tax-info.component.html

@@ -279,10 +279,7 @@
       />
     </div>
   </div>
-  <div
+  <div class="col-6" *ngIf="showTaxIdCheckbox">
-    class="col-6"
-    *ngIf="organizationId && taxInfo.country !== 'US' && countrySupportsTax(taxInfo.country)"
-  >
     <div class="form-group form-check">
       <input
         class="form-check-input"
@@ -295,21 +292,22 @@
     </div>
   </div>
 </div>
-<div
+<div class="row" *ngIf="showTaxIdFields">
-  class="row"
-  *ngIf="organizationId && taxInfo.includeTaxId && countrySupportsTax(taxInfo.country)"
->
   <div class="col-6">
     <div class="form-group">
       <label for="taxId">{{ "taxIdNumber" | i18n }}</label>
-      <input id="taxId" class="form-control" type="text" name="taxId" [(ngModel)]="taxInfo.taxId" />
+      <input
+        id="taxId"
+        class="form-control"
+        type="text"
+        name="taxId"
+        [(ngModel)]="taxInfo.taxId"
+        [required]="taxInfo.includeTaxId"
+      />
     </div>
   </div>
 </div>
-<div
+<div class="row" *ngIf="showTaxIdFields">
-  class="row"
-  *ngIf="organizationId && taxInfo.includeTaxId && countrySupportsTax(taxInfo.country)"
->
   <div class="col-6">
     <div class="form-group">
       <label for="addressLine1">{{ "address1" | i18n }}</label>

apps/web/src/app/billing/shared/tax-info.component.ts

@@ -3,7 +3,7 @@ import { ActivatedRoute } from "@angular/router";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
-import { OrganizationTaxInfoUpdateRequest } from "@bitwarden/common/billing/models/request/organization-tax-info-update.request";
+import { ExpandedTaxInfoUpdateRequest } from "@bitwarden/common/billing/models/request/expanded-tax-info-update.request";
 import { TaxInfoUpdateRequest } from "@bitwarden/common/billing/models/request/tax-info-update.request";
 import { TaxInfoResponse } from "@bitwarden/common/billing/models/response/tax-info.response";
 import { TaxRateResponse } from "@bitwarden/common/billing/models/response/tax-rate.response";
@@ -29,6 +29,7 @@ export class TaxInfoComponent {
 
   loading = true;
   organizationId: string;
+  providerId: string;
   taxInfo: TaxInfoView = {
     taxId: null,
     line1: null,
@@ -61,6 +62,12 @@ export class TaxInfoComponent {
   ) {}
 
   async ngOnInit() {
+    // Provider setup
+    // eslint-disable-next-line rxjs-angular/prefer-takeuntil, rxjs/no-async-subscribe
+    this.route.queryParams.subscribe((params) => {
+      this.providerId = params.providerId;
+    });
+
     // eslint-disable-next-line rxjs-angular/prefer-takeuntil, rxjs/no-async-subscribe
     this.route.parent.parent.params.subscribe(async (params) => {
       this.organizationId = params.organizationId;
@@ -126,9 +133,25 @@ export class TaxInfoComponent {
     }
   }
 
+  get showTaxIdCheckbox() {
+    return (
+      (this.organizationId || this.providerId) &&
+      this.taxInfo.country !== "US" &&
+      this.countrySupportsTax(this.taxInfo.country)
+    );
+  }
+
+  get showTaxIdFields() {
+    return (
+      (this.organizationId || this.providerId) &&
+      this.taxInfo.includeTaxId &&
+      this.countrySupportsTax(this.taxInfo.country)
+    );
+  }
+
   getTaxInfoRequest(): TaxInfoUpdateRequest {
-    if (this.organizationId) {
+    if (this.organizationId || this.providerId) {
-      const request = new OrganizationTaxInfoUpdateRequest();
+      const request = new ExpandedTaxInfoUpdateRequest();
       request.country = this.taxInfo.country;
       request.postalCode = this.taxInfo.postalCode;
 
@@ -164,7 +187,7 @@ export class TaxInfoComponent {
     return this.organizationId
       ? this.organizationApiService.updateTaxInfo(
           this.organizationId,
-          request as OrganizationTaxInfoUpdateRequest,
+          request as ExpandedTaxInfoUpdateRequest,
         )
       : this.apiService.putTaxInfo(request);
   }

apps/web/src/app/layouts/header/web-header.component.html

@@ -1,16 +1,18 @@
 <bit-banner
   class="-tw-m-6 tw-flex tw-flex-col tw-pb-6"
-  (onClose)="webLayoutMigrationBannerService.hideBanner()"
+  (onClose)="unassignedItemsBannerService.hideBanner()"
-  *ngIf="webLayoutMigrationBannerService.showBanner$ | async"
+  *ngIf="
+    (unassignedItemsBannerEnabled$ | async) && (unassignedItemsBannerService.showBanner$ | async)
+  "
 >
-  {{ "newWebApp" | i18n }}
+  {{ "unassignedItemsBanner" | i18n }}
   <a
-    href="https://bitwarden.com/blog/bitwarden-design-updating-the-navigation-in-the-web-app"
+    href="https://bitwarden.com/help/unassigned-vault-items-moved-to-admin-console"
     bitLink
     linkType="contrast"
     target="_blank"
     rel="noreferrer"
-    >{{ "releaseBlog" | i18n }}</a
+    >{{ "learnMore" | i18n }}</a
   >
 </bit-banner>
 <header

apps/web/src/app/layouts/header/web-header.component.ts

@@ -2,15 +2,16 @@ import { Component, Input } from "@angular/core";
 import { ActivatedRoute } from "@angular/router";
 import { combineLatest, map, Observable } from "rxjs";
 
+import { UnassignedItemsBannerService } from "@bitwarden/angular/services/unassigned-items-banner.service";
 import { VaultTimeoutSettingsService } from "@bitwarden/common/abstractions/vault-timeout/vault-timeout-settings.service";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { VaultTimeoutAction } from "@bitwarden/common/enums/vault-timeout-action.enum";
+import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { AccountProfile } from "@bitwarden/common/platform/models/domain/account";
 
-import { WebLayoutMigrationBannerService } from "./web-layout-migration-banner.service";
-
 @Component({
   selector: "app-header",
   templateUrl: "./web-header.component.html",
@@ -31,6 +32,9 @@ export class WebHeaderComponent {
   protected canLock$: Observable<boolean>;
   protected selfHosted: boolean;
   protected hostname = location.hostname;
+  protected unassignedItemsBannerEnabled$ = this.configService.getFeatureFlag$(
+    FeatureFlag.UnassignedItemsBanner,
+  );
 
   constructor(
     private route: ActivatedRoute,
@@ -38,7 +42,8 @@ export class WebHeaderComponent {
     private platformUtilsService: PlatformUtilsService,
     private vaultTimeoutSettingsService: VaultTimeoutSettingsService,
     private messagingService: MessagingService,
-    protected webLayoutMigrationBannerService: WebLayoutMigrationBannerService,
+    protected unassignedItemsBannerService: UnassignedItemsBannerService,
+    private configService: ConfigService,
   ) {
     this.routeData$ = this.route.data.pipe(
       map((params) => {

apps/web/src/app/vault/individual-vault/vault.component.ts

@@ -272,7 +272,7 @@ export class VaultComponent implements OnInit, OnDestroy {
       concatMap(async ([ciphers, filter, searchText]) => {
         const filterFunction = createFilterFunction(filter);
 
-        if (this.searchService.isSearchable(searchText)) {
+        if (await this.searchService.isSearchable(searchText)) {
           return await this.searchService.searchCiphers(searchText, [filterFunction], ciphers);
         }
 
@@ -283,7 +283,7 @@ export class VaultComponent implements OnInit, OnDestroy {
 
     const collections$ = combineLatest([nestedCollections$, filter$, this.currentSearchText$]).pipe(
       filter(([collections, filter]) => collections != undefined && filter != undefined),
-      map(([collections, filter, searchText]) => {
+      concatMap(async ([collections, filter, searchText]) => {
         if (filter.collectionId === undefined || filter.collectionId === Unassigned) {
           return [];
         }
@@ -303,7 +303,7 @@ export class VaultComponent implements OnInit, OnDestroy {
           collectionsToReturn = selectedCollection?.children.map((c) => c.node) ?? [];
         }
 
-        if (this.searchService.isSearchable(searchText)) {
+        if (await this.searchService.isSearchable(searchText)) {
           collectionsToReturn = this.searchPipe.transform(
             collectionsToReturn,
             searchText,

apps/web/src/app/vault/org-vault/vault.component.ts

@@ -331,7 +331,7 @@ export class VaultComponent implements OnInit, OnDestroy {
           }
         }
 
-        this.searchService.indexCiphers(ciphers, organization.id);
+        await this.searchService.indexCiphers(ciphers, organization.id);
         return ciphers;
       }),
     );
@@ -350,7 +350,7 @@ export class VaultComponent implements OnInit, OnDestroy {
 
     const collections$ = combineLatest([nestedCollections$, filter$, this.currentSearchText$]).pipe(
       filter(([collections, filter]) => collections != undefined && filter != undefined),
-      map(([collections, filter, searchText]) => {
+      concatMap(async ([collections, filter, searchText]) => {
         if (
           filter.collectionId === Unassigned ||
           (filter.collectionId === undefined && filter.type !== undefined)
@@ -369,7 +369,7 @@ export class VaultComponent implements OnInit, OnDestroy {
           collectionsToReturn = selectedCollection?.children.map((c) => c.node) ?? [];
         }
 
-        if (this.searchService.isSearchable(searchText)) {
+        if (await this.searchService.isSearchable(searchText)) {
           collectionsToReturn = this.searchPipe.transform(
             collectionsToReturn,
             searchText,
@@ -436,7 +436,7 @@ export class VaultComponent implements OnInit, OnDestroy {
 
         const filterFunction = createFilterFunction(filter);
 
-        if (this.searchService.isSearchable(searchText)) {
+        if (await this.searchService.isSearchable(searchText)) {
           return await this.searchService.searchCiphers(searchText, [filterFunction], ciphers);
         }
 

apps/web/src/locales/en/messages.json

@@ -7899,5 +7899,8 @@
   },
   "machineAccountAccessUpdated": {
     "message": "Machine account access updated"
+  },
+  "unassignedItemsBanner": {
+    "message": "Notice: Unassigned organization items are no longer visible in your All Vaults view across devices and are now only accessible via the Admin Console. Assign these items to a collection from the Admin Console to make them visible."
   }
 }

bitwarden_license/bit-web/src/app/admin-console/organizations/manage/domain-verification/domain-add-edit-dialog/domain-add-edit-dialog.component.html

@@ -26,7 +26,7 @@
         <bit-hint>{{ "domainNameInputHint" | i18n }}</bit-hint>
       </bit-form-field>
 
-      <bit-form-field>
+      <bit-form-field *ngIf="data?.orgDomain">
         <bit-label>{{ "dnsTxtRecord" | i18n }}</bit-label>
         <input bitInput formControlName="txt" />
         <bit-hint>{{ "dnsTxtRecordInputHint" | i18n }}</bit-hint>
@@ -42,7 +42,7 @@
       </bit-form-field>
 
       <bit-callout
-        *ngIf="!data?.orgDomain?.verifiedDate"
+        *ngIf="data?.orgDomain && !data?.orgDomain?.verifiedDate"
         type="info"
         title="{{ 'automaticDomainVerification' | i18n }}"
       >
@@ -51,7 +51,10 @@
     </div>
     <ng-container bitDialogFooter>
       <button type="submit" bitButton bitFormButton buttonType="primary">
-        <span *ngIf="!data?.orgDomain?.verifiedDate">{{ "verifyDomain" | i18n }}</span>
+        <span *ngIf="!data?.orgDomain">{{ "next" | i18n }}</span>
+        <span *ngIf="data?.orgDomain && !data?.orgDomain?.verifiedDate">{{
+          "verifyDomain" | i18n
+        }}</span>
         <span *ngIf="data?.orgDomain?.verifiedDate">{{ "reverifyDomain" | i18n }}</span>
       </button>
       <button bitButton buttonType="secondary" (click)="dialogRef.close()" type="button">

bitwarden_license/bit-web/src/app/admin-console/organizations/manage/domain-verification/domain-add-edit-dialog/domain-add-edit-dialog.component.ts

@@ -13,7 +13,6 @@ import { CryptoFunctionService as CryptoFunctionServiceAbstraction } from "@bitw
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { ValidationService } from "@bitwarden/common/platform/abstractions/validation.service";
-import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { DialogService } from "@bitwarden/components";
 
 import { domainNameValidator } from "./validators/domain-name.validator";
@@ -90,17 +89,6 @@ export class DomainAddEditDialogComponent implements OnInit, OnDestroy {
       // Edit
       this.domainForm.patchValue(this.data.orgDomain);
       this.domainForm.disable();
-    } else {
-      // Add
-
-      // Figuring out the proper length of our DNS TXT Record value was fun.
-      // DNS-Based Service Discovery RFC: https://www.ietf.org/rfc/rfc6763.txt; see section 6.1
-      // Google uses 43 chars for their TXT record value: https://support.google.com/a/answer/2716802
-      // So, chose a magic # of 33 bytes to achieve at least that once converted to base 64 (47 char length).
-      const generatedTxt = `bw=${Utils.fromBufferToB64(
-        await this.cryptoFunctionService.randomBytes(33),
-      )}`;
-      this.txtCtrl.setValue(generatedTxt);
     }
 
     this.setupFormListeners();
@@ -121,6 +109,7 @@ export class DomainAddEditDialogComponent implements OnInit, OnDestroy {
   // End Form methods
 
   // Async Form Actions
+  // Creates a new domain record. The DNS TXT Record will be generated server-side and returned in the response.
   saveDomain = async (): Promise<void> => {
     if (this.domainForm.invalid) {
       this.platformUtilsService.showToast("error", null, this.i18nService.t("domainFormInvalid"));
@@ -130,14 +119,14 @@ export class DomainAddEditDialogComponent implements OnInit, OnDestroy {
     this.domainNameCtrl.disable();
 
     const request: OrganizationDomainRequest = new OrganizationDomainRequest(
-      this.txtCtrl.value,
       this.domainNameCtrl.value,
     );
 
     try {
       this.data.orgDomain = await this.orgDomainApiService.post(this.data.organizationId, request);
+      // Patch the DNS TXT Record that was generated server-side
+      this.domainForm.controls.txt.patchValue(this.data.orgDomain.txt);
       this.platformUtilsService.showToast("success", null, this.i18nService.t("domainSaved"));
-      await this.verifyDomain();
     } catch (e) {
       this.handleDomainSaveError(e);
     }

bitwarden_license/bit-web/src/app/admin-console/providers/clients/clients.component.ts

@@ -1,7 +1,7 @@
 import { Component, OnInit } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
-import { firstValueFrom } from "rxjs";
+import { BehaviorSubject, Subject, firstValueFrom, from } from "rxjs";
-import { first } from "rxjs/operators";
+import { first, switchMap, takeUntil } from "rxjs/operators";
 
 import { ModalService } from "@bitwarden/angular/services/modal.service";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
@@ -39,7 +39,6 @@ const DisallowedPlanTypes = [
 // eslint-disable-next-line rxjs-angular/prefer-takeuntil
 export class ClientsComponent implements OnInit {
   providerId: string;
-  searchText: string;
   addableOrganizations: Organization[];
   loading = true;
   manageOrganizations = false;
@@ -57,6 +56,17 @@ export class ClientsComponent implements OnInit {
     FeatureFlag.EnableConsolidatedBilling,
     false,
   );
+  private destroy$ = new Subject<void>();
+  private _searchText$ = new BehaviorSubject<string>("");
+  private isSearching: boolean = false;
+
+  get searchText() {
+    return this._searchText$.value;
+  }
+
+  set searchText(value: string) {
+    this._searchText$.next(value);
+  }
 
   constructor(
     private route: ActivatedRoute,
@@ -77,27 +87,41 @@ export class ClientsComponent implements OnInit {
   ) {}
 
   async ngOnInit() {
-    // eslint-disable-next-line rxjs-angular/prefer-takeuntil, rxjs/no-async-subscribe
-
     const enableConsolidatedBilling = await firstValueFrom(this.enableConsolidatedBilling$);
 
     if (enableConsolidatedBilling) {
       await this.router.navigate(["../manage-client-organizations"], { relativeTo: this.route });
     } else {
-      // eslint-disable-next-line rxjs-angular/prefer-takeuntil, rxjs/no-async-subscribe
+      this.route.parent.params
-      this.route.parent.params.subscribe(async (params) => {
+        .pipe(
+          switchMap((params) => {
             this.providerId = params.providerId;
+            return from(this.load());
+          }),
+          takeUntil(this.destroy$),
+        )
+        .subscribe();
 
-        await this.load();
+      this.route.queryParams.pipe(first(), takeUntil(this.destroy$)).subscribe((qParams) => {
-
-        /* eslint-disable-next-line rxjs-angular/prefer-takeuntil, rxjs/no-async-subscribe, rxjs/no-nested-subscribe */
-        this.route.queryParams.pipe(first()).subscribe(async (qParams) => {
         this.searchText = qParams.search;
       });
+
+      this._searchText$
+        .pipe(
+          switchMap((searchText) => from(this.searchService.isSearchable(searchText))),
+          takeUntil(this.destroy$),
+        )
+        .subscribe((isSearchable) => {
+          this.isSearching = isSearchable;
         });
     }
   }
 
+  ngOnDestroy() {
+    this.destroy$.next();
+    this.destroy$.complete();
+  }
+
   async load() {
     const response = await this.apiService.getProviderClients(this.providerId);
     this.clients = response.data != null && response.data.length > 0 ? response.data : [];
@@ -118,20 +142,14 @@ export class ClientsComponent implements OnInit {
   }
 
   isPaging() {
-    const searching = this.isSearching();
+    const searching = this.isSearching;
     if (searching && this.didScroll) {
-      // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-      // eslint-disable-next-line @typescript-eslint/no-floating-promises
       this.resetPaging();
     }
     return !searching && this.clients && this.clients.length > this.pageSize;
   }
 
-  isSearching() {
+  resetPaging() {
-    return this.searchService.isSearchable(this.searchText);
-  }
-
-  async resetPaging() {
     this.pagedClients = [];
     this.loadMore();
   }

bitwarden_license/bit-web/src/app/admin-console/providers/manage/people.component.ts

@@ -1,4 +1,4 @@
-import { Component, OnInit, ViewChild, ViewContainerRef } from "@angular/core";
+import { Component, ViewChild, ViewContainerRef } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
 import { first } from "rxjs/operators";
 
@@ -34,10 +34,7 @@ import { UserAddEditComponent } from "./user-add-edit.component";
   templateUrl: "people.component.html",
 })
 // eslint-disable-next-line rxjs-angular/prefer-takeuntil
-export class PeopleComponent
+export class PeopleComponent extends BasePeopleComponent<ProviderUserUserDetailsResponse> {
-  extends BasePeopleComponent<ProviderUserUserDetailsResponse>
-  implements OnInit
-{
   @ViewChild("addEdit", { read: ViewContainerRef, static: true }) addEditModalRef: ViewContainerRef;
   @ViewChild("groupsTemplate", { read: ViewContainerRef, static: true })
   groupsModalRef: ViewContainerRef;
@@ -119,6 +116,10 @@ export class PeopleComponent
     });
   }
 
+  ngOnDestroy(): void {
+    super.ngOnDestroy();
+  }
+
   getUsers(): Promise<ListResponse<ProviderUserUserDetailsResponse>> {
     return this.apiService.getProviderUsers(this.providerId);
   }

bitwarden_license/bit-web/src/app/admin-console/providers/providers.module.ts

@@ -4,7 +4,7 @@ import { FormsModule } from "@angular/forms";
 
 import { JslibModule } from "@bitwarden/angular/jslib.module";
 import { SearchModule } from "@bitwarden/components";
-import { OrganizationPlansComponent } from "@bitwarden/web-vault/app/billing";
+import { OrganizationPlansComponent, TaxInfoComponent } from "@bitwarden/web-vault/app/billing";
 import { PaymentMethodWarningsModule } from "@bitwarden/web-vault/app/billing/shared";
 import { OssModule } from "@bitwarden/web-vault/app/oss.module";
 
@@ -39,6 +39,7 @@ import { SetupComponent } from "./setup/setup.component";
     SearchModule,
     ProvidersLayoutComponent,
     PaymentMethodWarningsModule,
+    TaxInfoComponent,
   ],
   declarations: [
     AcceptProviderComponent,

bitwarden_license/bit-web/src/app/admin-console/providers/setup/setup.component.html

@@ -25,6 +25,9 @@
           required
         />
       </div>
+      <div *ngIf="enableConsolidatedBilling$ | async" class="form-group col-12">
+        <app-tax-info />
+      </div>
     </div>
 
     <div class="mt-4">

bitwarden_license/bit-web/src/app/admin-console/providers/setup/setup.component.ts

@@ -1,9 +1,11 @@
-import { Component, OnInit } from "@angular/core";
+import { Component, OnInit, ViewChild } from "@angular/core";
 import { ActivatedRoute, Router } from "@angular/router";
+import { firstValueFrom } from "rxjs";
 import { first } from "rxjs/operators";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { ProviderSetupRequest } from "@bitwarden/common/admin-console/models/request/provider/provider-setup.request";
+import { ExpandedTaxInfoUpdateRequest } from "@bitwarden/common/billing/models/request/expanded-tax-info-update.request";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
@@ -12,6 +14,7 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { ValidationService } from "@bitwarden/common/platform/abstractions/validation.service";
 import { ProviderKey } from "@bitwarden/common/types/key";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
+import { TaxInfoComponent } from "@bitwarden/web-vault/app/billing";
 
 @Component({
   selector: "provider-setup",
@@ -19,6 +22,8 @@ import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.serv
 })
 // eslint-disable-next-line rxjs-angular/prefer-takeuntil
 export class SetupComponent implements OnInit {
+  @ViewChild(TaxInfoComponent) taxInfoComponent: TaxInfoComponent;
+
   loading = true;
   authed = false;
   email: string;
@@ -34,6 +39,11 @@ export class SetupComponent implements OnInit {
     false,
   );
 
+  protected enableConsolidatedBilling$ = this.configService.getFeatureFlag$(
+    FeatureFlag.EnableConsolidatedBilling,
+    false,
+  );
+
   constructor(
     private router: Router,
     private platformUtilsService: PlatformUtilsService,
@@ -102,6 +112,22 @@ export class SetupComponent implements OnInit {
       request.token = this.token;
       request.key = key;
 
+      const enableConsolidatedBilling = await firstValueFrom(this.enableConsolidatedBilling$);
+
+      if (enableConsolidatedBilling) {
+        request.taxInfo = new ExpandedTaxInfoUpdateRequest();
+        const taxInfoView = this.taxInfoComponent.taxInfo;
+        request.taxInfo.country = taxInfoView.country;
+        request.taxInfo.postalCode = taxInfoView.postalCode;
+        if (taxInfoView.includeTaxId) {
+          request.taxInfo.taxId = taxInfoView.taxId;
+          request.taxInfo.line1 = taxInfoView.line1;
+          request.taxInfo.line2 = taxInfoView.line2;
+          request.taxInfo.city = taxInfoView.city;
+          request.taxInfo.state = taxInfoView.state;
+        }
+      }
+
       const provider = await this.apiService.postProviderSetup(this.providerId, request);
       this.platformUtilsService.showToast("success", null, this.i18nService.t("providerSetup"));
       await this.syncService.fullSync(true);

bitwarden_license/bit-web/src/app/billing/providers/clients/manage-client-organizations.component.ts

@@ -1,8 +1,8 @@
 import { SelectionModel } from "@angular/cdk/collections";
-import { Component, OnInit } from "@angular/core";
+import { Component, OnDestroy, OnInit } from "@angular/core";
 import { ActivatedRoute } from "@angular/router";
-import { firstValueFrom } from "rxjs";
+import { BehaviorSubject, Subject, firstValueFrom, from } from "rxjs";
-import { first } from "rxjs/operators";
+import { first, switchMap, takeUntil } from "rxjs/operators";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { SearchService } from "@bitwarden/common/abstractions/search.service";
@@ -23,12 +23,22 @@ import { ManageClientOrganizationSubscriptionComponent } from "./manage-client-o
 })
 
 // eslint-disable-next-line rxjs-angular/prefer-takeuntil
-export class ManageClientOrganizationsComponent implements OnInit {
+export class ManageClientOrganizationsComponent implements OnInit, OnDestroy {
   providerId: string;
   loading = true;
   manageOrganizations = false;
 
+  private destroy$ = new Subject<void>();
+  private _searchText$ = new BehaviorSubject<string>("");
+  private isSearching: boolean = false;
+
+  get searchText() {
+    return this._searchText$.value;
+  }
+
   set searchText(search: string) {
+    this._searchText$.value;
+
     this.selection.clear();
     this.dataSource.filter = search;
   }
@@ -67,6 +77,20 @@ export class ManageClientOrganizationsComponent implements OnInit {
         this.searchText = qParams.search;
       });
     });
+
+    this._searchText$
+      .pipe(
+        switchMap((searchText) => from(this.searchService.isSearchable(searchText))),
+        takeUntil(this.destroy$),
+      )
+      .subscribe((isSearchable) => {
+        this.isSearching = isSearchable;
+      });
+  }
+
+  ngOnDestroy(): void {
+    this.destroy$.next();
+    this.destroy$.complete();
   }
 
   async load() {
@@ -80,7 +104,7 @@ export class ManageClientOrganizationsComponent implements OnInit {
   }
 
   isPaging() {
-    const searching = this.isSearching();
+    const searching = this.isSearching;
     if (searching && this.didScroll) {
       // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
       // eslint-disable-next-line @typescript-eslint/no-floating-promises
@@ -89,10 +113,6 @@ export class ManageClientOrganizationsComponent implements OnInit {
     return !searching && this.clients && this.clients.length > this.pageSize;
   }
 
-  isSearching() {
-    return this.searchService.isSearchable(this.searchText);
-  }
-
   async resetPaging() {
     this.pagedClients = [];
     this.loadMore();

bitwarden_license/bit-web/src/app/secrets-manager/overview/sm-onboarding-tasks.service.ts

@@ -3,16 +3,21 @@ import { Observable, map } from "rxjs";
 
 import {
   ActiveUserState,
-  KeyDefinition,
   SM_ONBOARDING_DISK,
   StateProvider,
+  UserKeyDefinition,
 } from "@bitwarden/common/platform/state";
 
 export type SMOnboardingTasks = Record<string, Record<string, boolean>>;
 
-const SM_ONBOARDING_TASKS_KEY = new KeyDefinition<SMOnboardingTasks>(SM_ONBOARDING_DISK, "tasks", {
+const SM_ONBOARDING_TASKS_KEY = new UserKeyDefinition<SMOnboardingTasks>(
+  SM_ONBOARDING_DISK,
+  "tasks",
+  {
     deserializer: (b) => b,
-});
+    clearOn: [], // Used to track tasks completed by a user, we don't want to reshow if they've locked or logged out and came back to the app
+  },
+);
 
 @Injectable({
   providedIn: "root",

libs/angular/jest.config.js

@@ -10,7 +10,11 @@ module.exports = {
   displayName: "libs/angular tests",
   preset: "jest-preset-angular",
   setupFilesAfterEnv: ["<rootDir>/test.setup.ts"],
-  moduleNameMapper: pathsToModuleNameMapper(compilerOptions?.paths || {}, {
+  moduleNameMapper: pathsToModuleNameMapper(
+    // lets us use @bitwarden/common/spec in tests
+    { "@bitwarden/common/spec": ["../common/spec"], ...(compilerOptions?.paths ?? {}) },
+    {
       prefix: "<rootDir>/",
-  }),
+    },
+  ),
 };

libs/angular/src/auth/components/lock.component.ts

@@ -12,6 +12,7 @@ import { InternalPolicyService } from "@bitwarden/common/admin-console/abstracti
 import { MasterPasswordPolicyOptions } from "@bitwarden/common/admin-console/models/domain/master-password-policy-options";
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { ForceSetPasswordReason } from "@bitwarden/common/auth/models/domain/force-set-password-reason";
 import { SecretVerificationRequest } from "@bitwarden/common/auth/models/request/secret-verification.request";
@@ -56,6 +57,7 @@ export class LockComponent implements OnInit, OnDestroy {
   private destroy$ = new Subject<void>();
 
   constructor(
+    protected masterPasswordService: InternalMasterPasswordServiceAbstraction,
     protected router: Router,
     protected i18nService: I18nService,
     protected platformUtilsService: PlatformUtilsService,
@@ -206,6 +208,7 @@ export class LockComponent implements OnInit, OnDestroy {
   }
 
   private async doUnlockWithMasterPassword() {
+    const userId = (await firstValueFrom(this.accountService.activeAccount$))?.id;
     const kdf = await this.stateService.getKdfType();
     const kdfConfig = await this.stateService.getKdfConfig();
 
@@ -215,11 +218,13 @@ export class LockComponent implements OnInit, OnDestroy {
       kdf,
       kdfConfig,
     );
-    const storedPasswordHash = await this.cryptoService.getMasterKeyHash();
+    const storedMasterKeyHash = await firstValueFrom(
+      this.masterPasswordService.masterKeyHash$(userId),
+    );
 
     let passwordValid = false;
 
-    if (storedPasswordHash != null) {
+    if (storedMasterKeyHash != null) {
       // Offline unlock possible
       passwordValid = await this.cryptoService.compareAndUpdateKeyHash(
         this.masterPassword,
@@ -244,7 +249,7 @@ export class LockComponent implements OnInit, OnDestroy {
           masterKey,
           HashPurpose.LocalAuthorization,
         );
-        await this.cryptoService.setMasterKeyHash(localKeyHash);
+        await this.masterPasswordService.setMasterKeyHash(localKeyHash, userId);
       } catch (e) {
         this.logService.error(e);
       } finally {
@@ -262,7 +267,7 @@ export class LockComponent implements OnInit, OnDestroy {
     }
 
     const userKey = await this.cryptoService.decryptUserKeyWithMasterKey(masterKey);
-    await this.cryptoService.setMasterKey(masterKey);
+    await this.masterPasswordService.setMasterKey(masterKey, userId);
     await this.setUserKeyAndContinue(userKey, true);
   }
 
@@ -292,8 +297,10 @@ export class LockComponent implements OnInit, OnDestroy {
         }
 
         if (this.requirePasswordChange()) {
-          await this.stateService.setForceSetPasswordReason(
+          const userId = (await firstValueFrom(this.accountService.activeAccount$))?.id;
+          await this.masterPasswordService.setForceSetPasswordReason(
             ForceSetPasswordReason.WeakMasterPassword,
+            userId,
           );
           // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
           // eslint-disable-next-line @typescript-eslint/no-floating-promises

libs/angular/src/auth/components/set-password.component.ts

@@ -12,6 +12,8 @@ import { PolicyApiServiceAbstraction } from "@bitwarden/common/admin-console/abs
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { MasterPasswordPolicyOptions } from "@bitwarden/common/admin-console/models/domain/master-password-policy-options";
 import { OrganizationAutoEnrollStatusResponse } from "@bitwarden/common/admin-console/models/response/organization-auto-enroll-status.response";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { ForceSetPasswordReason } from "@bitwarden/common/auth/models/domain/force-set-password-reason";
 import { SetPasswordRequest } from "@bitwarden/common/auth/models/request/set-password.request";
@@ -29,6 +31,7 @@ import {
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
+import { UserId } from "@bitwarden/common/types/guid";
 import { MasterKey, UserKey } from "@bitwarden/common/types/key";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 import { DialogService } from "@bitwarden/components";
@@ -45,11 +48,14 @@ export class SetPasswordComponent extends BaseChangePasswordComponent {
   resetPasswordAutoEnroll = false;
   onSuccessfulChangePassword: () => Promise<void>;
   successRoute = "vault";
+  userId: UserId;
 
   forceSetPasswordReason: ForceSetPasswordReason = ForceSetPasswordReason.None;
   ForceSetPasswordReason = ForceSetPasswordReason;
 
   constructor(
+    private accountService: AccountService,
+    private masterPasswordService: InternalMasterPasswordServiceAbstraction,
     i18nService: I18nService,
     cryptoService: CryptoService,
     messagingService: MessagingService,
@@ -88,7 +94,11 @@ export class SetPasswordComponent extends BaseChangePasswordComponent {
     await this.syncService.fullSync(true);
     this.syncLoading = false;
 
-    this.forceSetPasswordReason = await this.stateService.getForceSetPasswordReason();
+    this.userId = (await firstValueFrom(this.accountService.activeAccount$))?.id;
+
+    this.forceSetPasswordReason = await firstValueFrom(
+      this.masterPasswordService.forceSetPasswordReason$(this.userId),
+    );
 
     this.route.queryParams
       .pipe(
@@ -176,7 +186,6 @@ export class SetPasswordComponent extends BaseChangePasswordComponent {
             if (response == null) {
               throw new Error(this.i18nService.t("resetPasswordOrgKeysError"));
             }
-            const userId = await this.stateService.getUserId();
             const publicKey = Utils.fromB64ToArray(response.publicKey);
 
             // RSA Encrypt user key with organization public key
@@ -189,7 +198,7 @@ export class SetPasswordComponent extends BaseChangePasswordComponent {
 
             return this.organizationUserService.putOrganizationUserResetPasswordEnrollment(
               this.orgId,
-              userId,
+              this.userId,
               resetRequest,
             );
           });
@@ -226,7 +235,10 @@ export class SetPasswordComponent extends BaseChangePasswordComponent {
     keyPair: [string, EncString] | null,
   ) {
     // Clear force set password reason to allow navigation back to vault.
-    await this.stateService.setForceSetPasswordReason(ForceSetPasswordReason.None);
+    await this.masterPasswordService.setForceSetPasswordReason(
+      ForceSetPasswordReason.None,
+      this.userId,
+    );
 
     // User now has a password so update account decryption options in state
     const userDecryptionOpts = await firstValueFrom(
@@ -237,7 +249,7 @@ export class SetPasswordComponent extends BaseChangePasswordComponent {
 
     await this.stateService.setKdfType(this.kdf);
     await this.stateService.setKdfConfig(this.kdfConfig);
-    await this.cryptoService.setMasterKey(masterKey);
+    await this.masterPasswordService.setMasterKey(masterKey, this.userId);
     await this.cryptoService.setUserKey(userKey[0]);
 
     // Set private key only for new JIT provisioned users in MP encryption orgs
@@ -255,6 +267,6 @@ export class SetPasswordComponent extends BaseChangePasswordComponent {
       masterKey,
       HashPurpose.LocalAuthorization,
     );
-    await this.cryptoService.setMasterKeyHash(localMasterKeyHash);
+    await this.masterPasswordService.setMasterKeyHash(localMasterKeyHash, this.userId);
   }
 }

libs/angular/src/auth/components/sso.component.spec.ts

@@ -12,10 +12,13 @@ import {
   UserDecryptionOptionsServiceAbstraction,
 } from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { TwoFactorProviderType } from "@bitwarden/common/auth/enums/two-factor-provider-type";
 import { AuthResult } from "@bitwarden/common/auth/models/domain/auth-result";
 import { ForceSetPasswordReason } from "@bitwarden/common/auth/models/domain/force-set-password-reason";
+import { FakeMasterPasswordService } from "@bitwarden/common/auth/services/master-password/fake-master-password.service";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
@@ -23,7 +26,9 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
+import { FakeAccountService, mockAccountServiceWith } from "@bitwarden/common/spec";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
+import { UserId } from "@bitwarden/common/types/guid";
 
 import { SsoComponent } from "./sso.component";
 // test component that extends the SsoComponent
@@ -48,6 +53,7 @@ describe("SsoComponent", () => {
   let component: TestSsoComponent;
   let _component: SsoComponentProtected;
   let fixture: ComponentFixture<TestSsoComponent>;
+  const userId = "userId" as UserId;
 
   // Mock Services
   let mockLoginStrategyService: MockProxy<LoginStrategyServiceAbstraction>;
@@ -67,6 +73,8 @@ describe("SsoComponent", () => {
   let mockLogService: MockProxy<LogService>;
   let mockUserDecryptionOptionsService: MockProxy<UserDecryptionOptionsServiceAbstraction>;
   let mockConfigService: MockProxy<ConfigService>;
+  let mockMasterPasswordService: FakeMasterPasswordService;
+  let mockAccountService: FakeAccountService;
 
   // Mock authService.logIn params
   let code: string;
@@ -117,6 +125,8 @@ describe("SsoComponent", () => {
     mockLogService = mock();
     mockUserDecryptionOptionsService = mock();
     mockConfigService = mock();
+    mockAccountService = mockAccountServiceWith(userId);
+    mockMasterPasswordService = new FakeMasterPasswordService();
 
     // Mock loginStrategyService.logIn params
     code = "code";
@@ -199,6 +209,8 @@ describe("SsoComponent", () => {
         },
         { provide: LogService, useValue: mockLogService },
         { provide: ConfigService, useValue: mockConfigService },
+        { provide: InternalMasterPasswordServiceAbstraction, useValue: mockMasterPasswordService },
+        { provide: AccountService, useValue: mockAccountService },
       ],
     });
 
@@ -365,8 +377,9 @@ describe("SsoComponent", () => {
           await _component.logIn(code, codeVerifier, orgIdFromState);
           expect(mockLoginStrategyService.logIn).toHaveBeenCalledTimes(1);
 
-          expect(mockStateService.setForceSetPasswordReason).toHaveBeenCalledWith(
+          expect(mockMasterPasswordService.mock.setForceSetPasswordReason).toHaveBeenCalledWith(
             ForceSetPasswordReason.TdeUserWithoutPasswordHasPasswordResetPermission,
+            userId,
           );
 
           expect(mockOnSuccessfulLoginTdeNavigate).not.toHaveBeenCalled();

libs/angular/src/auth/components/sso.component.ts

@@ -11,6 +11,8 @@ import {
   UserDecryptionOptionsServiceAbstraction,
 } from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { AuthResult } from "@bitwarden/common/auth/models/domain/auth-result";
 import { ForceSetPasswordReason } from "@bitwarden/common/auth/models/domain/force-set-password-reason";
@@ -66,6 +68,8 @@ export class SsoComponent {
     protected logService: LogService,
     protected userDecryptionOptionsService: UserDecryptionOptionsServiceAbstraction,
     protected configService: ConfigService,
+    protected masterPasswordService: InternalMasterPasswordServiceAbstraction,
+    protected accountService: AccountService,
   ) {}
 
   async ngOnInit() {
@@ -290,8 +294,10 @@ export class SsoComponent {
       // Set flag so that auth guard can redirect to set password screen after decryption (trusted or untrusted device)
       // Note: we cannot directly navigate in this scenario as we are in a pre-decryption state, and
       // if you try to set a new MP before decrypting, you will invalidate the user's data by making a new user key.
-      await this.stateService.setForceSetPasswordReason(
+      const userId = (await firstValueFrom(this.accountService.activeAccount$))?.id;
+      await this.masterPasswordService.setForceSetPasswordReason(
         ForceSetPasswordReason.TdeUserWithoutPasswordHasPasswordResetPermission,
+        userId,
       );
     }
 

libs/angular/src/auth/components/two-factor.component.spec.ts

@@ -15,11 +15,14 @@ import {
   UserDecryptionOptionsServiceAbstraction,
 } from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { TwoFactorService } from "@bitwarden/common/auth/abstractions/two-factor.service";
 import { AuthResult } from "@bitwarden/common/auth/models/domain/auth-result";
 import { ForceSetPasswordReason } from "@bitwarden/common/auth/models/domain/force-set-password-reason";
 import { TokenTwoFactorRequest } from "@bitwarden/common/auth/models/request/identity-token/token-two-factor.request";
+import { FakeMasterPasswordService } from "@bitwarden/common/auth/services/master-password/fake-master-password.service";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
@@ -27,6 +30,8 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
+import { FakeAccountService, mockAccountServiceWith } from "@bitwarden/common/spec";
+import { UserId } from "@bitwarden/common/types/guid";
 
 import { TwoFactorComponent } from "./two-factor.component";
 
@@ -46,6 +51,7 @@ describe("TwoFactorComponent", () => {
   let _component: TwoFactorComponentProtected;
 
   let fixture: ComponentFixture<TestTwoFactorComponent>;
+  const userId = "userId" as UserId;
 
   // Mock Services
   let mockLoginStrategyService: MockProxy<LoginStrategyServiceAbstraction>;
@@ -63,6 +69,8 @@ describe("TwoFactorComponent", () => {
   let mockUserDecryptionOptionsService: MockProxy<UserDecryptionOptionsServiceAbstraction>;
   let mockSsoLoginService: MockProxy<SsoLoginServiceAbstraction>;
   let mockConfigService: MockProxy<ConfigService>;
+  let mockMasterPasswordService: FakeMasterPasswordService;
+  let mockAccountService: FakeAccountService;
 
   let mockUserDecryptionOpts: {
     noMasterPassword: UserDecryptionOptions;
@@ -93,6 +101,8 @@ describe("TwoFactorComponent", () => {
     mockUserDecryptionOptionsService = mock<UserDecryptionOptionsServiceAbstraction>();
     mockSsoLoginService = mock<SsoLoginServiceAbstraction>();
     mockConfigService = mock<ConfigService>();
+    mockAccountService = mockAccountServiceWith(userId);
+    mockMasterPasswordService = new FakeMasterPasswordService();
 
     mockUserDecryptionOpts = {
       noMasterPassword: new UserDecryptionOptions({
@@ -170,6 +180,8 @@ describe("TwoFactorComponent", () => {
         },
         { provide: SsoLoginServiceAbstraction, useValue: mockSsoLoginService },
         { provide: ConfigService, useValue: mockConfigService },
+        { provide: InternalMasterPasswordServiceAbstraction, useValue: mockMasterPasswordService },
+        { provide: AccountService, useValue: mockAccountService },
       ],
     });
 
@@ -407,9 +419,9 @@ describe("TwoFactorComponent", () => {
             await component.doSubmit();
 
             // Assert
-
+            expect(mockMasterPasswordService.mock.setForceSetPasswordReason).toHaveBeenCalledWith(
-            expect(mockStateService.setForceSetPasswordReason).toHaveBeenCalledWith(
               ForceSetPasswordReason.TdeUserWithoutPasswordHasPasswordResetPermission,
+              userId,
             );
 
             expect(mockRouter.navigate).toHaveBeenCalledTimes(1);

libs/angular/src/auth/components/two-factor.component.ts

@@ -14,6 +14,8 @@ import {
   UserDecryptionOptionsServiceAbstraction,
 } from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { TwoFactorService } from "@bitwarden/common/auth/abstractions/two-factor.service";
 import { AuthenticationType } from "@bitwarden/common/auth/enums/authentication-type";
@@ -92,6 +94,8 @@ export class TwoFactorComponent extends CaptchaProtectedComponent implements OnI
     protected userDecryptionOptionsService: UserDecryptionOptionsServiceAbstraction,
     protected ssoLoginService: SsoLoginServiceAbstraction,
     protected configService: ConfigService,
+    protected masterPasswordService: InternalMasterPasswordServiceAbstraction,
+    protected accountService: AccountService,
   ) {
     super(environmentService, i18nService, platformUtilsService);
     this.webAuthnSupported = this.platformUtilsService.supportsWebAuthn(win);
@@ -342,8 +346,10 @@ export class TwoFactorComponent extends CaptchaProtectedComponent implements OnI
       // Set flag so that auth guard can redirect to set password screen after decryption (trusted or untrusted device)
       // Note: we cannot directly navigate to the set password screen in this scenario as we are in a pre-decryption state, and
       // if you try to set a new MP before decrypting, you will invalidate the user's data by making a new user key.
-      await this.stateService.setForceSetPasswordReason(
+      const userId = (await firstValueFrom(this.accountService.activeAccount$))?.id;
+      await this.masterPasswordService.setForceSetPasswordReason(
         ForceSetPasswordReason.TdeUserWithoutPasswordHasPasswordResetPermission,
+        userId,
       );
     }
 

libs/angular/src/auth/components/update-temp-password.component.ts

@@ -1,9 +1,12 @@
 import { Directive } from "@angular/core";
 import { Router } from "@angular/router";
+import { firstValueFrom } from "rxjs";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
 import { MasterPasswordPolicyOptions } from "@bitwarden/common/admin-console/models/domain/master-password-policy-options";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { VerificationType } from "@bitwarden/common/auth/enums/verification-type";
 import { ForceSetPasswordReason } from "@bitwarden/common/auth/models/domain/force-set-password-reason";
@@ -56,6 +59,8 @@ export class UpdateTempPasswordComponent extends BaseChangePasswordComponent {
     private userVerificationService: UserVerificationService,
     protected router: Router,
     dialogService: DialogService,
+    private accountService: AccountService,
+    private masterPasswordService: InternalMasterPasswordServiceAbstraction,
   ) {
     super(
       i18nService,
@@ -72,7 +77,8 @@ export class UpdateTempPasswordComponent extends BaseChangePasswordComponent {
   async ngOnInit() {
     await this.syncService.fullSync(true);
 
-    this.reason = await this.stateService.getForceSetPasswordReason();
+    const userId = (await firstValueFrom(this.accountService.activeAccount$))?.id;
+    this.reason = await firstValueFrom(this.masterPasswordService.forceSetPasswordReason$(userId));
 
     // If we somehow end up here without a reason, go back to the home page
     if (this.reason == ForceSetPasswordReason.None) {
@@ -163,7 +169,11 @@ export class UpdateTempPasswordComponent extends BaseChangePasswordComponent {
         this.i18nService.t("updatedMasterPassword"),
       );
 
-      await this.stateService.setForceSetPasswordReason(ForceSetPasswordReason.None);
+      const userId = (await firstValueFrom(this.accountService.activeAccount$))?.id;
+      await this.masterPasswordService.setForceSetPasswordReason(
+        ForceSetPasswordReason.None,
+        userId,
+      );
 
       if (this.onSuccessfulChangePassword != null) {
         // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.

libs/angular/src/auth/guards/auth.guard.ts

@@ -1,12 +1,14 @@
 import { Injectable } from "@angular/core";
 import { ActivatedRouteSnapshot, CanActivate, Router, RouterStateSnapshot } from "@angular/router";
+import { firstValueFrom } from "rxjs";
 
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { KeyConnectorService } from "@bitwarden/common/auth/abstractions/key-connector.service";
+import { MasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
 import { ForceSetPasswordReason } from "@bitwarden/common/auth/models/domain/force-set-password-reason";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
-import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 
 @Injectable()
 export class AuthGuard implements CanActivate {
@@ -15,7 +17,8 @@ export class AuthGuard implements CanActivate {
     private router: Router,
     private messagingService: MessagingService,
     private keyConnectorService: KeyConnectorService,
-    private stateService: StateService,
+    private accountService: AccountService,
+    private masterPasswordService: MasterPasswordServiceAbstraction,
   ) {}
 
   async canActivate(route: ActivatedRouteSnapshot, routerState: RouterStateSnapshot) {
@@ -40,7 +43,10 @@ export class AuthGuard implements CanActivate {
       return this.router.createUrlTree(["/remove-password"]);
     }
 
-    const forceSetPasswordReason = await this.stateService.getForceSetPasswordReason();
+    const userId = (await firstValueFrom(this.accountService.activeAccount$)).id;
+    const forceSetPasswordReason = await firstValueFrom(
+      this.masterPasswordService.forceSetPasswordReason$(userId),
+    );
 
     if (
       forceSetPasswordReason ===

libs/angular/src/services/jslib-services.module.ts

@@ -60,6 +60,10 @@ import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abst
 import { DevicesServiceAbstraction } from "@bitwarden/common/auth/abstractions/devices/devices.service.abstraction";
 import { DevicesApiServiceAbstraction } from "@bitwarden/common/auth/abstractions/devices-api.service.abstraction";
 import { KeyConnectorService as KeyConnectorServiceAbstraction } from "@bitwarden/common/auth/abstractions/key-connector.service";
+import {
+  InternalMasterPasswordServiceAbstraction,
+  MasterPasswordServiceAbstraction,
+} from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { PasswordResetEnrollmentServiceAbstraction } from "@bitwarden/common/auth/abstractions/password-reset-enrollment.service.abstraction";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { TokenService as TokenServiceAbstraction } from "@bitwarden/common/auth/abstractions/token.service";
@@ -78,6 +82,7 @@ import { DeviceTrustCryptoService } from "@bitwarden/common/auth/services/device
 import { DevicesServiceImplementation } from "@bitwarden/common/auth/services/devices/devices.service.implementation";
 import { DevicesApiServiceImplementation } from "@bitwarden/common/auth/services/devices-api.service.implementation";
 import { KeyConnectorService } from "@bitwarden/common/auth/services/key-connector.service";
+import { MasterPasswordService } from "@bitwarden/common/auth/services/master-password/master-password.service";
 import { PasswordResetEnrollmentServiceImplementation } from "@bitwarden/common/auth/services/password-reset-enrollment.service.implementation";
 import { SsoLoginService } from "@bitwarden/common/auth/services/sso-login.service";
 import { TokenService } from "@bitwarden/common/auth/services/token.service";
@@ -359,6 +364,8 @@ const safeProviders: SafeProvider[] = [
     provide: LoginStrategyServiceAbstraction,
     useClass: LoginStrategyService,
     deps: [
+      AccountServiceAbstraction,
+      InternalMasterPasswordServiceAbstraction,
       CryptoServiceAbstraction,
       ApiServiceAbstraction,
       TokenServiceAbstraction,
@@ -521,6 +528,7 @@ const safeProviders: SafeProvider[] = [
     provide: CryptoServiceAbstraction,
     useClass: CryptoService,
     deps: [
+      InternalMasterPasswordServiceAbstraction,
       KeyGenerationServiceAbstraction,
       CryptoFunctionServiceAbstraction,
       EncryptService,
@@ -587,6 +595,8 @@ const safeProviders: SafeProvider[] = [
     provide: SyncServiceAbstraction,
     useClass: SyncService,
     deps: [
+      InternalMasterPasswordServiceAbstraction,
+      AccountServiceAbstraction,
       ApiServiceAbstraction,
       DomainSettingsService,
       InternalFolderService,
@@ -626,6 +636,8 @@ const safeProviders: SafeProvider[] = [
     provide: VaultTimeoutService,
     useClass: VaultTimeoutService,
     deps: [
+      AccountServiceAbstraction,
+      InternalMasterPasswordServiceAbstraction,
       CipherServiceAbstraction,
       FolderServiceAbstraction,
       CollectionServiceAbstraction,
@@ -714,7 +726,7 @@ const safeProviders: SafeProvider[] = [
   safeProvider({
     provide: SearchServiceAbstraction,
     useClass: SearchService,
-    deps: [LogService, I18nServiceAbstraction],
+    deps: [LogService, I18nServiceAbstraction, StateProvider],
   }),
   safeProvider({
     provide: NotificationsServiceAbstraction,
@@ -771,10 +783,21 @@ const safeProviders: SafeProvider[] = [
     useClass: PolicyApiService,
     deps: [InternalPolicyService, ApiServiceAbstraction],
   }),
+  safeProvider({
+    provide: InternalMasterPasswordServiceAbstraction,
+    useClass: MasterPasswordService,
+    deps: [StateProvider],
+  }),
+  safeProvider({
+    provide: MasterPasswordServiceAbstraction,
+    useExisting: InternalMasterPasswordServiceAbstraction,
+  }),
   safeProvider({
     provide: KeyConnectorServiceAbstraction,
     useClass: KeyConnectorService,
     deps: [
+      AccountServiceAbstraction,
+      InternalMasterPasswordServiceAbstraction,
       CryptoServiceAbstraction,
       ApiServiceAbstraction,
       TokenServiceAbstraction,
@@ -791,6 +814,8 @@ const safeProviders: SafeProvider[] = [
     deps: [
       StateServiceAbstraction,
       CryptoServiceAbstraction,
+      AccountServiceAbstraction,
+      InternalMasterPasswordServiceAbstraction,
       I18nServiceAbstraction,
       UserVerificationApiServiceAbstraction,
       UserDecryptionOptionsServiceAbstraction,
@@ -934,9 +959,10 @@ const safeProviders: SafeProvider[] = [
     useClass: AuthRequestService,
     deps: [
       AppIdServiceAbstraction,
+      AccountServiceAbstraction,
+      InternalMasterPasswordServiceAbstraction,
       CryptoServiceAbstraction,
       ApiServiceAbstraction,
-      StateServiceAbstraction,
     ],
   }),
   safeProvider({

libs/angular/src/services/unassigned-items-banner.api.service.ts

@@ -0,0 +1,19 @@
+import { Injectable } from "@angular/core";
+
+import { ApiService } from "@bitwarden/common/abstractions/api.service";
+
+@Injectable({ providedIn: "root" })
+export class UnassignedItemsBannerApiService {
+  constructor(private apiService: ApiService) {}
+
+  async getShowUnassignedCiphersBanner(): Promise<boolean> {
+    const r = await this.apiService.send(
+      "GET",
+      "/ciphers/has-unassigned-ciphers",
+      null,
+      true,
+      true,
+    );
+    return r;
+  }
+}

libs/angular/src/services/unassigned-items-banner.service.spec.ts

@@ -0,0 +1,51 @@
+import { MockProxy, mock } from "jest-mock-extended";
+import { firstValueFrom } from "rxjs";
+
+import { FakeStateProvider, mockAccountServiceWith } from "@bitwarden/common/spec";
+import { UserId } from "@bitwarden/common/types/guid";
+
+import { UnassignedItemsBannerApiService } from "./unassigned-items-banner.api.service";
+import { SHOW_BANNER_KEY, UnassignedItemsBannerService } from "./unassigned-items-banner.service";
+
+describe("UnassignedItemsBanner", () => {
+  let stateProvider: FakeStateProvider;
+  let apiService: MockProxy<UnassignedItemsBannerApiService>;
+
+  const sutFactory = () => new UnassignedItemsBannerService(stateProvider, apiService);
+
+  beforeEach(() => {
+    const fakeAccountService = mockAccountServiceWith("userId" as UserId);
+    stateProvider = new FakeStateProvider(fakeAccountService);
+    apiService = mock();
+  });
+
+  it("shows the banner if showBanner local state is true", async () => {
+    const showBanner = stateProvider.activeUser.getFake(SHOW_BANNER_KEY);
+    showBanner.nextState(true);
+
+    const sut = sutFactory();
+    expect(await firstValueFrom(sut.showBanner$)).toBe(true);
+    expect(apiService.getShowUnassignedCiphersBanner).not.toHaveBeenCalled();
+  });
+
+  it("does not show the banner if showBanner local state is false", async () => {
+    const showBanner = stateProvider.activeUser.getFake(SHOW_BANNER_KEY);
+    showBanner.nextState(false);
+
+    const sut = sutFactory();
+    expect(await firstValueFrom(sut.showBanner$)).toBe(false);
+    expect(apiService.getShowUnassignedCiphersBanner).not.toHaveBeenCalled();
+  });
+
+  it("fetches from server if local state has not been set yet", async () => {
+    apiService.getShowUnassignedCiphersBanner.mockResolvedValue(true);
+
+    const showBanner = stateProvider.activeUser.getFake(SHOW_BANNER_KEY);
+    showBanner.nextState(undefined);
+
+    const sut = sutFactory();
+
+    expect(await firstValueFrom(sut.showBanner$)).toBe(true);
+    expect(apiService.getShowUnassignedCiphersBanner).toHaveBeenCalledTimes(1);
+  });
+});

libs/angular/src/services/unassigned-items-banner.service.ts

@@ -0,0 +1,47 @@
+import { Injectable } from "@angular/core";
+import { concatMap } from "rxjs";
+
+import {
+  StateProvider,
+  UNASSIGNED_ITEMS_BANNER_DISK,
+  UserKeyDefinition,
+} from "@bitwarden/common/platform/state";
+
+import { UnassignedItemsBannerApiService } from "./unassigned-items-banner.api.service";
+
+export const SHOW_BANNER_KEY = new UserKeyDefinition<boolean>(
+  UNASSIGNED_ITEMS_BANNER_DISK,
+  "showBanner",
+  {
+    deserializer: (b) => b,
+    clearOn: [],
+  },
+);
+
+/** Displays a banner that tells users how to move their unassigned items into a collection. */
+@Injectable({ providedIn: "root" })
+export class UnassignedItemsBannerService {
+  private _showBanner = this.stateProvider.getActive(SHOW_BANNER_KEY);
+
+  showBanner$ = this._showBanner.state$.pipe(
+    concatMap(async (showBannerState) => {
+      // null indicates that the user has not seen or dismissed the banner yet - get the flag from server
+      if (showBannerState == null) {
+        const showBannerResponse = await this.apiService.getShowUnassignedCiphersBanner();
+        await this._showBanner.update(() => showBannerResponse);
+        return showBannerResponse;
+      }
+
+      return showBannerState;
+    }),
+  );
+
+  constructor(
+    private stateProvider: StateProvider,
+    private apiService: UnassignedItemsBannerApiService,
+  ) {}
+
+  async hideBanner() {
+    await this._showBanner.update(() => false);
+  }
+}

libs/angular/src/tools/send/send.component.ts

@@ -1,5 +1,13 @@
 import { Directive, NgZone, OnDestroy, OnInit } from "@angular/core";
-import { Subject, firstValueFrom, mergeMap, takeUntil } from "rxjs";
+import {
+  BehaviorSubject,
+  Subject,
+  firstValueFrom,
+  mergeMap,
+  from,
+  switchMap,
+  takeUntil,
+} from "rxjs";
 
 import { SearchService } from "@bitwarden/common/abstractions/search.service";
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
@@ -24,7 +32,6 @@ export class SendComponent implements OnInit, OnDestroy {
   expired = false;
   type: SendType = null;
   sends: SendView[] = [];
-  searchText: string;
   selectedType: SendType;
   selectedAll: boolean;
   filter: (cipher: SendView) => boolean;
@@ -39,6 +46,8 @@ export class SendComponent implements OnInit, OnDestroy {
   private searchTimeout: any;
   private destroy$ = new Subject<void>();
   private _filteredSends: SendView[];
+  private _searchText$ = new BehaviorSubject<string>("");
+  protected isSearchable: boolean = false;
 
   get filteredSends(): SendView[] {
     return this._filteredSends;
@@ -48,6 +57,14 @@ export class SendComponent implements OnInit, OnDestroy {
     this._filteredSends = filteredSends;
   }
 
+  get searchText() {
+    return this._searchText$.value;
+  }
+
+  set searchText(value: string) {
+    this._searchText$.next(value);
+  }
+
   constructor(
     protected sendService: SendService,
     protected i18nService: I18nService,
@@ -68,6 +85,15 @@ export class SendComponent implements OnInit, OnDestroy {
       .subscribe((policyAppliesToActiveUser) => {
         this.disableSend = policyAppliesToActiveUser;
       });
+
+    this._searchText$
+      .pipe(
+        switchMap((searchText) => from(this.searchService.isSearchable(searchText))),
+        takeUntil(this.destroy$),
+      )
+      .subscribe((isSearchable) => {
+        this.isSearchable = isSearchable;
+      });
   }
 
   ngOnDestroy() {
@@ -122,14 +148,14 @@ export class SendComponent implements OnInit, OnDestroy {
       clearTimeout(this.searchTimeout);
     }
     if (timeout == null) {
-      this.hasSearched = this.searchService.isSearchable(this.searchText);
+      this.hasSearched = this.isSearchable;
       this.filteredSends = this.sends.filter((s) => this.filter == null || this.filter(s));
       this.applyTextSearch();
       return;
     }
     this.searchPending = true;
     this.searchTimeout = setTimeout(async () => {
-      this.hasSearched = this.searchService.isSearchable(this.searchText);
+      this.hasSearched = this.isSearchable;
       this.filteredSends = this.sends.filter((s) => this.filter == null || this.filter(s));
       this.applyTextSearch();
       this.searchPending = false;

libs/angular/src/vault/components/vault-items.component.ts

@@ -1,4 +1,5 @@
-import { Directive, EventEmitter, Input, Output } from "@angular/core";
+import { Directive, EventEmitter, Input, OnDestroy, OnInit, Output } from "@angular/core";
+import { BehaviorSubject, Subject, from, switchMap, takeUntil } from "rxjs";
 
 import { SearchService } from "@bitwarden/common/abstractions/search.service";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
@@ -6,7 +7,7 @@ import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.servi
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
 
 @Directive()
-export class VaultItemsComponent {
+export class VaultItemsComponent implements OnInit, OnDestroy {
   @Input() activeCipherId: string = null;
   @Output() onCipherClicked = new EventEmitter<CipherView>();
   @Output() onCipherRightClicked = new EventEmitter<CipherView>();
@@ -23,13 +24,15 @@ export class VaultItemsComponent {
 
   protected searchPending = false;
 
+  private destroy$ = new Subject<void>();
   private searchTimeout: any = null;
-  private _searchText: string = null;
+  private isSearchable: boolean = false;
+  private _searchText$ = new BehaviorSubject<string>("");
   get searchText() {
-    return this._searchText;
+    return this._searchText$.value;
   }
   set searchText(value: string) {
-    this._searchText = value;
+    this._searchText$.next(value);
   }
 
   constructor(
@@ -37,6 +40,21 @@ export class VaultItemsComponent {
     protected cipherService: CipherService,
   ) {}
 
+  ngOnInit(): void {
+    this._searchText$
+      .pipe(
+        switchMap((searchText) => from(this.searchService.isSearchable(searchText))),
+        takeUntil(this.destroy$),
+      )
+      .subscribe((isSearchable) => {
+        this.isSearchable = isSearchable;
+      });
+  }
+
+  ngOnDestroy(): void {
+    throw new Error("Method not implemented.");
+  }
+
   async load(filter: (cipher: CipherView) => boolean = null, deleted = false) {
     this.deleted = deleted ?? false;
     await this.applyFilter(filter);
@@ -90,7 +108,7 @@ export class VaultItemsComponent {
   }
 
   isSearching() {
-    return !this.searchPending && this.searchService.isSearchable(this.searchText);
+    return !this.searchPending && this.isSearchable;
   }
 
   protected deletedFilter: (cipher: CipherView) => boolean = (c) => c.isDeleted === this.deleted;

libs/auth/src/common/login-strategies/auth-request-login.strategy.spec.ts

@@ -5,6 +5,7 @@ import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abst
 import { TokenService } from "@bitwarden/common/auth/abstractions/token.service";
 import { TwoFactorService } from "@bitwarden/common/auth/abstractions/two-factor.service";
 import { IdentityTokenResponse } from "@bitwarden/common/auth/models/response/identity-token.response";
+import { FakeMasterPasswordService } from "@bitwarden/common/auth/services/master-password/fake-master-password.service";
 import { BillingAccountProfileStateService } from "@bitwarden/common/billing/abstractions/account/billing-account-profile-state.service";
 import { AppIdService } from "@bitwarden/common/platform/abstractions/app-id.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
@@ -14,7 +15,9 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import { FakeAccountService, mockAccountServiceWith } from "@bitwarden/common/spec";
 import { CsprngArray } from "@bitwarden/common/types/csprng";
+import { UserId } from "@bitwarden/common/types/guid";
 import { MasterKey, UserKey } from "@bitwarden/common/types/key";
 
 import { InternalUserDecryptionOptionsServiceAbstraction } from "../abstractions/user-decryption-options.service.abstraction";
@@ -42,6 +45,10 @@ describe("AuthRequestLoginStrategy", () => {
   let deviceTrustCryptoService: MockProxy<DeviceTrustCryptoServiceAbstraction>;
   let billingAccountProfileStateService: MockProxy<BillingAccountProfileStateService>;
 
+  const mockUserId = Utils.newGuid() as UserId;
+  let accountService: FakeAccountService;
+  let masterPasswordService: FakeMasterPasswordService;
+
   let authRequestLoginStrategy: AuthRequestLoginStrategy;
   let credentials: AuthRequestLoginCredentials;
   let tokenResponse: IdentityTokenResponse;
@@ -71,12 +78,17 @@ describe("AuthRequestLoginStrategy", () => {
     deviceTrustCryptoService = mock<DeviceTrustCryptoServiceAbstraction>();
     billingAccountProfileStateService = mock<BillingAccountProfileStateService>();
 
+    accountService = mockAccountServiceWith(mockUserId);
+    masterPasswordService = new FakeMasterPasswordService();
+
     tokenService.getTwoFactorToken.mockResolvedValue(null);
     appIdService.getAppId.mockResolvedValue(deviceId);
     tokenService.decodeAccessToken.mockResolvedValue({});
 
     authRequestLoginStrategy = new AuthRequestLoginStrategy(
       cache,
+      accountService,
+      masterPasswordService,
       cryptoService,
       apiService,
       tokenService,
@@ -108,13 +120,16 @@ describe("AuthRequestLoginStrategy", () => {
     const masterKey = new SymmetricCryptoKey(new Uint8Array(64).buffer as CsprngArray) as MasterKey;
     const userKey = new SymmetricCryptoKey(new Uint8Array(64).buffer as CsprngArray) as UserKey;
 
-    cryptoService.getMasterKey.mockResolvedValue(masterKey);
+    masterPasswordService.masterKeySubject.next(masterKey);
     cryptoService.decryptUserKeyWithMasterKey.mockResolvedValue(userKey);
 
     await authRequestLoginStrategy.logIn(credentials);
 
-    expect(cryptoService.setMasterKey).toHaveBeenCalledWith(masterKey);
+    expect(masterPasswordService.mock.setMasterKey).toHaveBeenCalledWith(masterKey, mockUserId);
-    expect(cryptoService.setMasterKeyHash).toHaveBeenCalledWith(decMasterKeyHash);
+    expect(masterPasswordService.mock.setMasterKeyHash).toHaveBeenCalledWith(
+      decMasterKeyHash,
+      mockUserId,
+    );
     expect(cryptoService.setMasterKeyEncryptedUserKey).toHaveBeenCalledWith(tokenResponse.key);
     expect(cryptoService.setUserKey).toHaveBeenCalledWith(userKey);
     expect(deviceTrustCryptoService.trustDeviceIfRequired).toHaveBeenCalled();
@@ -136,8 +151,8 @@ describe("AuthRequestLoginStrategy", () => {
     await authRequestLoginStrategy.logIn(credentials);
 
     // setMasterKey and setMasterKeyHash should not be called
-    expect(cryptoService.setMasterKey).not.toHaveBeenCalled();
+    expect(masterPasswordService.mock.setMasterKey).not.toHaveBeenCalled();
-    expect(cryptoService.setMasterKeyHash).not.toHaveBeenCalled();
+    expect(masterPasswordService.mock.setMasterKeyHash).not.toHaveBeenCalled();
 
     // setMasterKeyEncryptedUserKey, setUserKey, and setPrivateKey should still be called
     expect(cryptoService.setMasterKeyEncryptedUserKey).toHaveBeenCalledWith(tokenResponse.key);