1
0
mirror of https://github.com/bitwarden/browser.git synced 2024-10-29 07:59:42 +01:00
Commit Graph

456 Commits

Author SHA1 Message Date
Colton Hurst
01781848f3
SM-904: Remove SecretsManagerBeta (Phase 2) (#6891)
* SM-904: Remove SecretsManagerBeta

* SM-904: Remove additional places sm beta is used

* SM-904: Remove unused SM Beta messages
2024-01-31 17:09:35 -05:00
Matt Gibson
3a9dead640
[PM-5533] migrate provider keys (#7649)
* Provide RSA encryption in encrypt service

* Define state for provider keys

* Require cryptoService

This is temporary until cryptoService has an observable active user private key. We don't want promise-based values in derive functions

* Update crypto service provider keys to observables

* Remove provider keys from state service

* Migrate provider keys out of state account object

* Correct Provider key state types

* Prefix migration with current version number
2024-01-29 16:53:01 -05:00
Todd Martin
c199f02d44
[PM-5638] Bump minimum server version for vault item encryption (#7705)
* PM-5638 Bumped up msv for IVIE

* Updated version to 2024.2.0 for next release.

---------

Co-authored-by: Carlos Gonçalves <cgoncalves@bitwarden.com>
2024-01-29 16:17:16 -05:00
Matt Gibson
1da6733e71
JSON stringify memory items (#7731)
* JSON stringify memory items

stringification is required so they can be reliably sent through messaging

* Simplify null handling
2024-01-29 19:42:58 +00:00
Alex Morask
8468dbab5b
[AC-1842] Secrets Manager Trial Page (#7475)
* Got trial page working without the form set up

* Set up the form to create SM subscription

* Add free SM trial page and sign up

* Conner's changes

* fixed imports

* Set isFromSecretsManagerTrial

* Fixed OrgKey location

* Add isFromSecretsManager prop to free org create

* Add LTO callout

* Switch LTO to background box

* Defect: AC-2081

* Fixed typo "Secrets Manger" to "Secrets Manager"

* Removed discount price logic for storage and secrets manager prices since they don't apply

---------

Co-authored-by: Conner Turnbull <133619638+cturnbull-bitwarden@users.noreply.github.com>
Co-authored-by: Conner Turnbull <cturnbull@bitwarden.com>
2024-01-29 10:45:48 -05:00
aj-rosado
305fd39871
[AC-1782] Flexible collections import behavior in Password Manager and Admin Console (#6888)
* Added logic to only return organisations where user has import permissions and collections that he manages on Import

* Changed the UnassignedCollections validation logic

* Added validation to check if the user is coming from AdminConsole on the import component

* Added import collection service abstraction to allow get admin collections

* Corrected feature flag reads on import component

* Refactor import component methods ngOnInit and performImport to improve codescene
Using FeatureFlag Observable

* Modified validation to allow import if user has organizations to import into

* Using the new organization flexiblecollections property on import

* Created collection-admin-import.service to return all the org collections to the import on Admin Console

* Small changes on import flexible collections

* Fix linting issues

* changed canAccessImport rules and deprecated canAccessImportExport

* Validating if user canAccessImportExport instead of admin before calling the handleOrganizationImportInit.

* AC-2095 - Corrected getAllAdminCollections from ImportCollectionAdminService to properly get all the collections on AdminConsole

* Reverting AC-2095

---------

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2024-01-29 15:11:19 +00:00
Oscar Hinton
c0e157610e
Fix DefaultActiveUserState test always failing locally (#7701)
The test always fails locally due to first setting a local time, and then fetching it through UTC which may have different timezones.
2024-01-26 14:34:42 +01:00
Jared Snider
2c1d215b71
Auth/PM-5242 - Create new User Verification dialog and form input components which support PIN and biometrics verification (#7536)
* PM-5242 - First working draft of copying out web CL implementation of user verification form and dialog components into standalone libs/auth components which could be used in any client.

* PM-5242 - Rename UserVerificationFormComponent to UserVerificationFormInputComponent b/c it doesn't actually have a form and is meant to slot into a form as an input.

* PM-5242 - Update libs/auth angular index to take renamed component into account

* PM-5242 - Clean up UserVerificationDialogComponent as have much cleaner design approach now (maintain existing func while simply adding new requirements for client side validation for passkeys)

* PM-5242 - UserVerificationFormInput component - WIP draft of new client and server split of user verification logic

* PM-5242 - UserVerificationFormInput - WIP - Lots of progress on client side verification layout - more to do

* PM-5242 - UserVerificationFormInputComponent - Add hasMultipleVerificationMethods property so we can only show alternate methods if user has them.

* PM-5242 - UserVerificationFormInputComponent - rename hasMultipleVerificationMethods to hasMultipleClientVerificationOptions

* PM-5242 - Add new user verification biometrics fingerprint icon with proper secondary fill so it displays properly on all themes.

* PM-5242 - Create enum for tracking client user verification states

* PM-5242 - UserVerificationFormInputComponent - WIP - (1) Got biometrics layout working except for error state (2) Emitting active client verification option and biometrics result to dialog (3) Properly identifying if biometrics is enabled in a platform agnostic way (4) Translations TODO

* PM-5242 - UserVerificationDialogComponent - (1) Wire up new inputs and outputs for UserVerificationFormInput (2) Don't show submit button when clientside biometrics verification active

* PM-5242 - UserVerificationFormInputComponent - wired up biometrics failure and retry handling + re-arranged comp properties to put inputs & outputs at the top

* PM-5242 - UserVerificationFormInput component - Add logic to prevent currently active client verification method from being shown an option

* PM-5242 - UserVerificationFormInput - adjust margins

* PM-5242 - User verification dialog and form input comps - replace Verification with VerificationWithSecret type where applicable

* PM-5242 - UserVerificationFormComp - Default to server for backwards compatibility and to avoid requiring the input at all

* PM-5242 - UserVerificationFormInputComp - (1) Rename processChanges to processSecretChanges (2) Short circuit processSecretChanges when biometrics is active (3) Add new function for determining type of verification that has a secret.

* PM-5242 - UserVerificationDialog - Support custom, optional callout in dialog body.

* PM-5242 - UserVerificationDialogComp - support custom confirm button text and type.

* PM-5242 - UserVerificationDialog - Add user verification dialog result type to allow for handling all possible verification scenarios

* PM-5242 - UserVerificationFormInputComp - tweak comment

* PM-5242 - UserVerificationFormInput comp html - add placeholder text for no client verifications found scenario

* PM-5242 - UserVerificationDialogComponent - (1) Add confirm & cancel to dialog result (2) Add cancel method vs using bitDialogClose for specificity (3) Adjust naming of output property to properly specify that it is scoped to client verification (4) Adjust layout of dialog html to handle when no client side verification methods are found.

* PM-5242 - UserVerificationFormInput - Clean up test code

* PM-5242 - UserVerificationFormInput - For server verification, we don't need to check if the user has a local master key hash as we will generate a hash to send to the server for comparison.

* PM-5242 - UserVerificationFormInput html - Remove now unnecessary dev warning as I've provided a default

* PM-5242 - UserVerification Dialog & Form Input - add translations on all clients for all visible text.

* PM-5242 - UserVerificationFormInput html - remove no active client verification handling from form input comp as it is instead emitted upwards to parent dialog component to be handled there.

* PM-5242 - UserVerificationDialogComp - (1) Make UserVerificationDialogResult.noAvailableClientVerificationMethods optional because it isn't needed in cancel flows (thanks Will) (2) Modify static open to intercept closed observable event in order to always return a UserVerificationDialogResult as BitDialog returns empty string when the user clicks the x

* PM-5242 - UserVerificationDialogComp - Simplify dialog param names to remove redundant dialog

* PM-5242 - UserVerificationDialogParams - update comments to match new names

* PM-5242 - UserVerificationDialog Storybook - WIP first draft

* PM-5242 - UserVerificationDialogStoryComponent - WIP - try out having imports the same as the standalone component

* PM-5242 - UserVerificationDialogStoryComponent - more WIP - building now - some stuff displaying

* PM-5242 - UserVerificationDialogStoryComponent - some progress on providers setup

* PM-5242 - Not going to use storybook for user verification dialog

* PM-5242 - UserVerificationDialogComp - move types into own file + add docs

* PM-5242 - Update auth index to export user-verification-dialog.types

* PM-5242 - UserVerificationFormInput & UserVerificationService - Extract out getAvailableVerificationOptions logic into service

* PM-5242 -UserVerificationDialogComponent - Update close logic to handle escape key undefined scenario

* PM-5242 - UserVerificationFormInput - add getInvalidSecretErrorMessage for properly determining invalid secret translation

* PM-5242 - UserVerificationDialogComp - Refactor submit logic to handle different return methodologies in existing MP and OTP user verification service code vs new PIN flow (e.g., throwing an error instead of returning false)

* PM-5242 - PinCryptoService - change error logs to warnings per discussion with Justin

* PM-5242 - UserVerificationFormInput - Biometrics flow on desktop - remove accidentally added period in couldNotCompleteBiometrics translation key.

* PM-5242 - UserVerificationFormInput HTML - Re-arrange order of other client verification options to match design

* PM-5242 - UserVerificationFormInputComponent - Reset inputs as untouched on change of client verification method.

* PM-5242 - UserVerificationDialogComponent - Remove TODO as existing secret change logic turns invalidSecret false when biometrics is swapped to.

* PM-5242 - UserVerificationFormInputComponent - getInvalidSecretErrorMessage - fix PIN error message not being returned.

* PM-5242 - UserVerificationDialogComponent - Add documentation and examples to open method.

* PM-5242 - UserVerificationDialogComponent - tweak open docs

* PM-5242 - Remove accidental period from translation keys on browser & web

* PM-5242 - UserVerificationFormInputComponent - OTP flow needed button module to work

* PM-5242 - UserVerificationDialogParams - Add docs explaining that noAvailableClientVerificationMethods is only for desktop & browser.

* PM-5242 - User-verification-form-input - Adjust layout to meet new design requirements - (1) On load, send OTP without user clicking a button (2) Allow resending of the codes (3) show a code sent message for 3 seconds

* PM-5242 - Browser User Verification - Instantiate PinCryptoService and UserVerification service AFTER instantiating vaultTimeoutSettingsService so that it isn't undefined at run time.

* PM-5242 - JslibServices Module - UserVerificationService - add missing PlatformUtilsServiceAbstraction dependency.

* PM-5242 - Desktop Native Messaging Service - Wrap biometric getUserKeyFromStorage call in try catch because it throws an error if the user cancels the biometrics prompt and doesn't send a response to the browser extension when using the biometrics unlock bridge to the desktop app and OS.

* PM-5242 - Browser Extension - NativeMessagingBackground - if the desktop biometricUnlock command is executed with a canceled (not adjusting misspelling to keep side effects at a min) response, don't bother continuing.

* PM-5242 - BrowserCryptoService - When retrieving the user key via desktop biometrics, return null for user key if the user fails or cancels the biometrics prompt. Otherwise, if there is a user key in memory after unlock, biometrics user verification will always just return the user key from state regardless of if the user has successfully passed the biometrics prompt or not.

* PM-5242 - BrowserCryptoService - extra comments

* PM-5242 - Clean up translations - (1) Remove unused defaultUserVerificationDialogConfirmBtnText (2) Refactor name of defaultUserVerificationDialogTitle to just be verificationRequired which matches existing naming conventions.

* PM-5242 - CLI - fix order of service instantiations to ensure that vaultTimeoutSettingsService isn't undefined for PinCryptoService and UserVerificationService

* PM-5242 - Rename UserVerificationDialogParams to UserVerificationDialogOptions to match existing naming conventions of other CL comps.

* PM-5242 - UserVerificationDialogComponent - dialogParams renamed to dialogOptions

* PM-5242 - UserVerificationService Abstraction - Per PR feedback, use keyof for verificationType

* PM-5242 - UserVerificationBiometricsIcon - Per PR feedback, use https://jakearchibald.github.io/svgomg/ to optimize SVG by 50%.

* PM-5242 - Per PR feedback, clarify UserVerificationDialogOptions.clientSideOnlyVerification comment.

* PM-5242 - UserVerificationTypes - Add comments clarifying all text passed to the UserVerificationDialog are translation keys

* PM-5242 - UserVerificationDialogComp - fix extra new line per PR feedback

* PM-5242 - UserVerificationDialogTypes - per PR feedback and discussion with Will M., export ButtonType from CL so we (and consumers of the dialog) can properly import it via standard CL import.

* PM-5242 - BrowserCryptoService - Adjust comments per PR feedback.

* PM-5242 - UserVerificationDialogComponent - make ActiveClientVerificationOption readonly as it only for component html

* PM-5242 - UserVerificationDialogComp html - finish comment

* PM-5242 - BrowserCryptoService - add returns js doc per PR feedback.

* PM-5242 - UserVerificationDialogComponent - per PR feedback, add unexpected error toast.

* PM-5242  - UserVerificationService - getAvailableVerificationOptions - update params to use keyof like abstraction

* PM-5242 - Mark all existing client specific implemetations of user verification as deprecated.
2024-01-25 14:03:27 -05:00
Justin Baur
45c0c09b71
[PM-5829] Add disk-local option for web (#7669)
* Add `disk-local` option for web

* Fix `web` DI

* Update libs/common/src/platform/state/state-definition.ts

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>

* Rely On Default Implementation for Most of Cache Key

---------

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
2024-01-25 12:48:51 -05:00
✨ Audrey ✨
6b97c0e716
[PM-5840] add duck duck go forwarder (#7674) 2024-01-25 10:24:22 -05:00
✨ Audrey ✨
af4cafa2b9
[PM-5841] add fastmail forwarder (#7676) 2024-01-25 10:23:56 -05:00
✨ Audrey ✨
67f1fc4f95
[PM-5842] add firefox relay forwarder (#7677) 2024-01-25 10:22:55 -05:00
✨ Audrey ✨
f6da6d637c
[PM-5843] add forward email forwarder (#7678) 2024-01-25 10:22:26 -05:00
✨ Audrey ✨
2c69810460
[PM-5844] add simple login forwarder (#7679) 2024-01-25 10:21:51 -05:00
Thomas Rittson
bcb232cc80
[AC-2026] Add flexible collections opt-in UI (#7443) 2024-01-25 16:56:31 +10:00
✨ Audrey ✨
8555dcc613
fix const lint (#7673) 2024-01-24 22:34:59 +00:00
✨ Audrey ✨
df2329f059
[PM-5781] Anon addy forwarder (#7654) 2024-01-24 17:23:39 -05:00
Justin Baur
c1d5351075
[PM-5535] Migrate Environment Service to StateProvider (#7621)
* Migrate EnvironmentService

* Move Migration Test Helper

* Claim StateDefinition

* Add State Migration

* Update StateServices

* Update EnvironmentService Abstraction

* Update DI

* Update Browser Instantiation

* Fix BrowserEnvironmentService

* Update Desktop & CLI Instantiation

* Update Usage

* Create isStringRecord helper

* Fix Old Tests

* Use Existing AccountService

* Don't Rely on Parameter Mutation

* Fix Conflicts
2024-01-24 14:21:50 -05:00
Bernd Schoolmann
842fa5153b
Replace promise.all with for loop for performance reasons (#7582) 2024-01-24 13:42:37 -05:00
Matt Gibson
af0d2f515d
Vault/pm-4185/checksum uris (#6485)
* Validate checksum on decrypt of URI

* Add uri checksum to domain during encryption

* Move hash to stateless encrypt service

* Add checksum field to all the other models necessary for syncing with server

* Remove old test in favor of `describe` block

* PM-4185 Added a boolean to control checksum validation

* PM-4185 Fi unit tests

* [PM-4810][PM-4825][PM-4880] Fix encrypted import and add null check (#6935)

* PM-4810 Bumped up version

* PM-4880 Add null check

* PM-4825 Fix encrypted export

* PM-5462 Fix item saving with blank URI (#7640)

* PM-4185 Add back uriChecksum setting

---------

Co-authored-by: Carlos Gonçalves <cgoncalves@bitwarden.com>
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
Co-authored-by: gbubemismith <gsmithwalter@gmail.com>
Co-authored-by: bnagawiecki <107435978+bnagawiecki@users.noreply.github.com>
2024-01-24 17:22:58 +00:00
Shane Melton
622791307a
[AC-1890] Update the collection PUT/POST response models to include collection permission details (#7512) 2024-01-24 08:26:43 -08:00
Matt Gibson
e23bcb50e8
[PM-5533] Migrate Org Keys to state providers (#7521)
* Move org keys to state providers

* Create state for org keys and derive decrypted for use

* Make state readonly

* Remove org keys from state service

* Migrate user keys state

* Review feedback

* Correct test name

* Refix key types

* `npm run prettier` 🤖
2024-01-23 13:01:49 -08:00
✨ Audrey ✨
dbf836b573
[PM-5606] Add reactive generator service (#7446) 2024-01-23 14:22:52 -05:00
Alex Morask
014281cb93
[AC-1758] Show banner when organization requires a payment method (#7088)
* Add billing banner states to account settings

* Add billing banner service

* Add add-payment-method-banners.component

* Use add-payment-method-banners.component in layouts

* Clear banner on payment method addition

* Ran prettier after CI update

* Finalize banners styling/translations

* Will's (non-Tailwind) feedback

* Review feedback

* Review feedback

* Review feedback

* Replace StateService with StateProvider in BillingBannerService

* Remove StateService methods
2024-01-23 12:47:52 -05:00
✨ Audrey ✨
d5738b7483
[PM-5780] New username generation settings types (#7613)
Split from  #6924
2024-01-23 09:52:20 -05:00
Cesar Gonzalez
0127db44a0
[PM-5551] Removing Autofill v2 and AutofillOverlay Feature Flags (#7642)
* [PM-5551] Removing Autofillv2 and AutofillOverlay Feature Flags

* [PM-5551] Fully removing references to autofill v1
2024-01-22 17:11:07 +00:00
Jake Fink
07af08b893
[PM-2772] add flag to deter process reload if cancel is clicked on biometrics (#7350)
* add flag to deter process reload if cancel is clicked on biometrics

* rename flag

* store biometrics cancelled to disk instead of integrating with process reload

* allow auto-prompt when opening app
2024-01-19 10:08:55 -05:00
Kyle Spearrin
06c7c3fd18
[PM-5149] UI for unique SP entity id on organization sso configs (#7117)
* add ui for making sp entity id unique

* pretty

* updates
2024-01-18 21:54:31 +00:00
Justin Baur
06028c35bc
Fully Test EnvironmentService (#7589)
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
2024-01-18 13:06:54 -05:00
Justin Baur
57609737f1
Fix SingleUserStateProvider (#7593)
* Fix SingleUserStateProvider

- Fix cache key to be unique per instance per user

* Add Specific State Provider Tests

* Add Missing await
2024-01-18 13:02:30 -05:00
Jonathan Prusik
8e9a104bd0
[deps] Autofill: Update prettier to v3.2.2 (#7565)
* [deps] Autofill: Update prettier to v3.2.2

* prettier fixes

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-01-17 16:02:44 -05:00
Thomas Rittson
ee4aa31444
[AC-2027] Update Flexible Collections logic to use organization property (#7445)
* Remove unused feature flag

* Replace feature flag ref with org flag

* Remove deprecated feature flag to discourage use

* Add check to org.canCreateNewCollections

* Adjust init logic of components to avoid race conditions

* Make canCreateNewCollections logic more explicit

* Resolve merge conflicts with vault changes

* Update comments

* Remove uses of old feature flag

* Remove last of old feature flag

* Clean up feature flag

* Fix linting

* Fix linting
2024-01-17 12:33:39 +00:00
Matt Gibson
160a636fa0
Move key types to central location (#7531) 2024-01-17 07:27:44 -05:00
Jared Snider
756c02cec2
Auth/PM-4596 - Extract PIN and Biometrics unlock method logic into re-useable services for user verification (#7107)
* PM-4596 - PinCryptoService first draft

* PM-4596 - PinCryptoService - Refactor pinKeyEncryptedKey retrievals out into own method getPinKeyEncryptedKeys

* PM-4596 - npm ci + npm run prettier to fix lint issues

* PM-4596 - PinCryptoService - Add kdf types

* PM-4596 - PinCryptoService - Refactor pin validation into own helper method.

* PM-4596 - Rename pin-crypto.service.ts to pin-crypto.service.implementation.ts

* PM-4596 - PinCryptoService - add additional logging for error states.

* PM-4596 - JslibServicesModule - register new PinCryptoService and PinCryptoServiceAbstraction

* PM-4596 - PinCryptoService - modify decryptUserKeyWithPin signature to not require email to match MP verification process in user verification service.

* PM-4596 - Lock components - use new PinCryptoService.decryptUserKeyWithPin(...) to get user key + refactor base comp unlock with pin method to improve

* PM-4596 - Lock component - if too many invalid attempts, added toast explaining that we were logging the user out due to excess PIN entry attempts

* PM-4596 - UserVerificationService - (1) Refactor verifyUser(...) to use switch + separate methods for a cleaner parent method + better extensibility for PIN & biometrics which are TBD (2) Add PIN support to validateInput(...)

* PM-4596 - UserVerificationService - add PIN and biometrics functions to verifyUser(...)

* PM-4596 - PinCryptoService Spec - start test file - instantiates properly

* PM-4596 - PinCryptoService tests - WIP

* PM-4596 - PinCryptoService tests - WIP - got success cases working

* PM-4596 - pin-crypto.service.implementation.spec.ts renamed to pin-crypto.service.spec.ts

* PM-4596 - PinCryptoService.getPinKeyEncryptedKeys(...) - add comment + var name change for clarity

* PM-4596 - PinCryptoService tests - test invalid, null return scenarios

* PM-4596 - CLI - bw.ts - update UserVerificationService instantiation to include new pinCryptoService

* PM-4596 - PinCryptoService - import VaultTimeoutSettingsServiceAbstraction instead of implementation for factory creation to get browser building

* PM-4596 - (1) Create pinCryptoServiceFactory for browser background (2) Add it to the existing userVerificationServiceFactory

* PM-4596 - Browser - Main.background.ts - Add pinCryptoService and add to userVerificationService dependencies

* PM-4596 - UserVerificationService - per PR feedback simplify returns of verifyUserByPIN(...) and verifyUserByBiometrics(...)

* PM-4596 - Messages.json on desktop & browser - per PR feedback, adjust tooManyInvalidPinEntryAttemptsLoggingOut translation text to remove "you"

* PM-4596 - VerificationType enum - fix line copy mistake and give BIOMETRICS own, unique value.

* PM-4596 - VerificationType - rename BIOMETRICS to Biometrics to match existing MasterPassword value case.

* PM-4596  - Update verification type to consider whether or not a secret exists as we have added a new verification which doesn't have a type. Add new server and client side verification types.  Update all relevant code to pass compilation checks.

* PM-4596 - More verification type tweaking

* PM-4596 - Verification - verificationHasSecret - tweak logic to be more dynamic and flexible for future verification types

* PM-4596 - UpdateTempPasswordComp - use new MasterPasswordVerification

* PM-4596 - Desktop - DeleteAcctComp - use VerificationWithSecret to solve compile error w/ accessing secret

* PM-4596 - Per discussions with Andreas & Will, move new Pin Crypto services into libs/auth + added @bitwarden/auth path to CLI tsconfig + added new, required index.ts files for exporting service abstractions & implementations

* PM-4596 - Fixed missed import fixes for lock components across clients for pin crypto service after moving into @bitwarden/auth

* PM-4596 - More PinCryptoService import fixes to get browser & desktop building

* PM-4596 - Update desktop lock comp tests to pass by providing new pin crypto service.

* PM-4596 - User verification service -update todo

* PM-4596 - PinCryptoService - per PR feedback, fix auto import wrong paths.

* PM-4596 - PinCryptoService tests - fix imports per PR feedback

* PM-4596 - UserVerificationSvc - rename method to validateSecretInput per PR feedback

* Fix imports

* PM-4596 - PinCryptoService - Refactor naming for clarity and move test cases into describes per PR feedback

* reorg libs/auth; expose only libs/auth/core to cli app

* PM-4596 - UserVerification - Resolve import issue with importing from libs/auth. Can't use @bitwarden/auth for whatever reason.

* PM-4596 - Fix desktop build by fixing import

* PM-4596 - Provide PinCryptoService to UserVerificationService

* PM-4596 - PinCryptoServiceFactory - you cannot import services from @bitwarden/auth in the background b/c it brings along the libs/auth/components and introduces angular into the background context which doesn't have access to angular which causes random test failures. So, we must separate out the core services just like the CLI to only bring along the angular agnostic services from core.

* PM-4596 - Refactor libs/auth to have angular / common + update all imports per discussion with Matt & Will. Introduced circular dep between PinCryptoService + VaultTimeoutSettingsService + UserVerificationService

* PM-4596 - VaultTimeoutSettingsService - Refactor UserVerificationService out of the service and update all service instantiations and tests. The use of the UserVerificationService.hasMasterPassword method no longer needs to be used for backwards compatibility. This resolves the circular dependency between the PinCryptoService, the UserVerificationService, and the VaultTimeoutSettingsService. We will likely refactor the hasMasterPassword method out of the UserVerificationService in the future.

* PM-4596 - Update CL tsconfig.libs.json to add new auth/common and auth/angular paths for jslib-services.module imports of pin crypto service to work and for test code coverage to run successfully.

* PM-4596 - Address PR feedback

* PM-4596 - Update root tsconfig (only used by storybook) to add new libs/auth paths to fix chromatic build pipeline.

* PM-4596 - Actually update tsconfig with proper routes to fix storybook

* PM-4596 - UserVerificationService - verifyUserByBiometrics - add error handling logic to convert failed or cancelled biometrics verification to a usable boolean

* PM-4596 - Add missing await

* PM-4596 - (1) Add log service and log to user verification service biometric flow to ensure errors are at least revealed to the console (2) Fix factory missing PinCryptoServiceInitOptions

* PM-4596 - Use the correct log service abstraction

* PM-4596 - Remove unused types per PR review

---------

Co-authored-by: William Martin <contact@willmartian.com>
2024-01-16 14:52:06 -05:00
Jonathan Prusik
eae845d900
[PM-4260] [BEEEP] Mask TOTP seeds in cipher edit view - similar to how the password is hidden (#6649)
* PoC disallow changing masked values in edit mode and mask TOTP with password

* toggle totp seed visibility independently from password visibility in edit mode

* cleanup

* add fallback value for when a cipher returns a null value for maskedPassword

* toggle masks off for maskable login properties with no value on load

* do not show mask toggle for password or totp if no value is present
2024-01-12 22:35:30 -05:00
Oscar Hinton
93e9937e5c
Add some test cases to the password strength service (#7483)
Co-authored-by: Daniel James Smith <2670567+djsmith85@users.noreply.github.com>
2024-01-12 07:25:33 +01:00
Rui Tomé
48643e45ea
[AC-1893] Removed logic to downgrade Manager roles and remove Edit/Delete any collection permissions for Flexible Collections (#7365) 2024-01-12 07:54:11 +10:00
Justin Baur
0874df8b84
Global State Rewrite (#7515)
* Global State Rewrite

* Apply suggestions from code review

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>

* Prettier

---------

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
2024-01-11 16:32:56 -05:00
Matt Bishop
6baad76088
[PM-5548] Eliminate in-app purchase logic (#7433)
* Eliminate in-app purchase logic

* Remove more in-app logic found, for payment and subscription management

---------

Co-authored-by: Lotus Scott <148992878+lscottbw@users.noreply.github.com>
2024-01-11 15:24:43 -05:00
Matt Gibson
f8d72f0231
[PM-5465] Fix null checks in login view uris (#7421)
* Prefer empty lists to null

* Defensively null check public properties
2024-01-11 14:55:16 +00:00
Thomas Rittson
1f57244d1a
Add organization.flexibleCollections to models (#7442) 2024-01-11 13:52:18 +10:00
Todd Martin
7bd8b00fbf
[PM-2260] Remove TDE feature flag and all conditional logic based on it (#7352) 2024-01-10 12:33:11 -05:00
Matt Gibson
46a3834f46
Add state for everHadUserKey (#7208)
* Migrate ever had user key

* Add DI for state providers

* Add state for everHadUserKey

* Use ever had user key migrator

Co-authored-by: SmithThe4th <gsmithwalter@gmail.com>
Co-authored-by: Carlos Gonçalves <LRNcardozoWDF@users.noreply.github.com>
Co-authored-by: Jason Ng <Jcory.ng@gmail.com>

* Fix test from merge

* Prefer stored observables to getters

getters create a new observable every time they're called, whereas one set in the constructor is created only once.

* Fix another merge issue

* Fix cli background build

---------

Co-authored-by: SmithThe4th <gsmithwalter@gmail.com>
Co-authored-by: Carlos Gonçalves <LRNcardozoWDF@users.noreply.github.com>
Co-authored-by: Jason Ng <Jcory.ng@gmail.com>
2024-01-10 11:51:45 -05:00
Matt Gibson
211d7a2626
Ps/improve state provider fakers (#7494)
* Expand state provider fakes

- default null initial value for fake states
- Easier mocking of key definitions through just the use of key names
  - allows for not exporting KeyDefinition as long as the key doesn't collide
- mock of fake state provider to verify `get` calls
- `nextMock` for use of the fn mock matchers on emissions of `state$`
- `FakeAccountService` which allows for easy initialization and working with account switching

* Small bug fix for cache key collision on key definitions unique by only storage location

* Fix initial value for test
2024-01-10 10:36:19 -05:00
Todd Martin
c9a2f07e04
Remove Fido2VaultCredentials feature flag (#7463)
* Removed Fido2 client credentials feature flag

* Removed test for feature flag.
2024-01-09 12:56:58 -05:00
Ike
6f22f05eee
Update sso prevalidate path (#7479)
* Update sso prevalidate path

* fixed formatting
2024-01-08 11:24:45 -08:00
Matt Gibson
92f593df08
Remove unnecessary complex types (#7451)
#7290 introduced these types, but during development we switched over to specifying dependencies in type parameters instead of an object. This change meant we no longer needed these `Type` or `ShapeToInstance` types, greatly simplifying the types related to derived state.
2024-01-04 16:50:55 -05:00
Justin Baur
5e11cb212d
Combined State (#7383)
* Introduce Combined State

* Cleanup Test

* Update Fakes

* Address PR Feedback

* Update libs/common/src/platform/state/implementations/default-active-user-state.ts

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>

* Prettier

* Get rid of ReplaySubject reference

---------

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
2024-01-04 16:30:20 -05:00
Matt Gibson
06affa9654
Rework derived state (#7290)
* Remove derived state from state classes

* Create provider for derived state

Derived state is automatically stored to memory storage, but can be derived from any observable.

* Fixup state provider method definitions

* Test `DefaultDerivedState`

* remove implementation notes

* Write docs for derived state

* fixup derived state provider types

* Implement buffered delayUntil operator

* Move state types to a common module

* Move mock ports to centra location

* Alias DerivedStateDependency type

* Add dependencies to browser

* Prefer internal rxjs operators for ref counting

* WIP

* Ensure complete on subjects

* Foreground/background messaging for browser

Defers work for browser to the background

* Test foreground port behaviors

* Inject foreground and background derived state services

* remove unnecessary class field

* Adhere to required options

* Add dderived state to CLI

* Prefer type definition in type parameters to options

* Prefer instance method

* Implements factory methods for common uses

* Remove nothing test

* Remove share subject reference

Share manages connector subjects internally and will reuse them until
refcount is 0 and the cleanup time has passed. Saving our own reference
just risks memory leaks without real testability benefits.

* Fix interaction state
2024-01-04 14:47:49 -05:00
Jared Snider
1fdc6629e3
Auth/PM-3859 - Desktop - Create lock mechanism to prevent app menu redraw on sync complete when user logging out (#6920)
* PM-3859 - Desktop App Comp - Build lock mechanism for update app menu which doesn't try to update the menu for users who are being logged out which was causing errors (primary scenario was triggered by logging in on desktop with a TDE user w/out a MP, triggering a sync, then hitting the command to lock the vault right after which would trigger a log out while the sync was still in process.  Then, while the log out was in process, the sync would try and trigger an update to the app menu but it would error as some of the user's state had already been cleaned up)

* PM-3859 - App comp - remove use of promise.all to prevent any race conditions from causing intermittent logout errors with state being cleared and then values trying to be set on the cleared state (I observed setMasterKey get called after state account.keys was cleared - received error when attempting to set value on undefined).

* PM-3859 - Desktop Vault Items Component - on log out, if you were on the vault screen, the loss of focus on the vault search text box would trigger a search 200 ms after log out had been triggered.  This would eventually attempt to set an undefined master key (VaultItemsComponent.doSearch() --> cipherService.getAllDecrypted() --> cryptoService.getUserKeyWithLegacySupport() --> cryptoService.getMasterKey() --> cryptoService.setMasterKey()).  However, at this point, the account had been cleared as part of the log out process and an error would be thrown in the state service for trying to set account.keys.masterKey to undefined when the account and account.keys were undefined. These changes prevent the search from firing until the value changes and also prevents setMasterKey from being called if it is undefined.
2024-01-02 22:22:17 +00:00