* add user asymmetric key api service
* Add user asymmetric key regen service
* add feature flag
* Add LoginSuccessHandlerService
* add loginSuccessHandlerService to BaseLoginViaWebAuthnComponent
* Only run loginSuccessHandlerService if webAuthn is used for vault decryption.
* Updates for TS strict
* bump SDK version
* swap to combineLatest
* Update abstractions
Intercepts browser back button press on the login screen to properly
transition back to email entry portion instead of unexpected navigation.
Resolves PM-15987
* use organization properties for access permissions
* clean up refactor
* simplify logic
* refactor canAccessIntegrationEditor to have all the permission checks
This PR fixes a bug in the LockComponent refresh that affected the setup/save and use passkey flows. The user was wrongly directly to the /vault after unlock instead of to /fido2 (the passkey screen).
Feature Flag: ExtensionRefresh ON
Consolidates existing SSO components into a single unified component in
libs/auth, matching the new design system. This implementation:
- Creates a new shared SsoComponent with extracted business logic
- Adds feature flag support for unauth-ui-refresh
- Updates page styling including new icons and typography
- Preserves web client claimed domain logic
- Maintains backwards compatibility with legacy views
PM-8114
---------
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
* enabling drag and drop for cipher fields
* adding drag and drop to totp and fido
* removing code changes to wrong file
* undoing uneeded change
* Changes suggested by Shane
* fixes
* fixes
* moving export to the correct spot
---------
Co-authored-by: --global <>
* Add proxy support for file uploads
Instead of using node's native fetch we extend ApiService with NodeApiService to add support for proxies using `node-fetch`
* Fix constructors for FileUploadService in browser
* Fix dependency on ApiService within jslib-services.module
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* Use typescript-strict-plugin to iteratively turn on strict
* Add strict testing to pipeline
Can be executed locally through either `npm run test:types` for full type checking including spec files, or `npx tsc-strict` for only tsconfig.json included files.
* turn on strict for scripts directory
* Use plugin for all tsconfigs in monorepo
vscode is capable of executing tsc with plugins, but uses the most relevant tsconfig to do so. If the plugin is not a part of that config, it is skipped and developers get no feedback of strict compile time issues. These updates remedy that at the cost of slightly more complex removal of the plugin when the time comes.
* remove plugin from configs that extend one that already has it
* Update workspace settings to honor strict plugin
* Apply strict-plugin to native message test runner
* Update vscode workspace to use root tsc version
* `./node_modules/.bin/update-strict-comments` 🤖
This is a one-time operation. All future files should adhere to strict type checking.
* Add fixme to `ts-strict-ignore` comments
* `update-strict-comments` 🤖
repeated for new merge files
* feat: scaffold desktop_objc
* feat: rename fido2 to autofill
* feat: scaffold electron autofill
* feat: auto call hello world on init
* feat: scaffold call to basic objc function
* feat: simple log that checks if autofill is enabled
* feat: adding some availability guards
* feat: scaffold services and allow calls from inspector
* feat: create custom type for returning strings across rust/objc boundary
* chore: clean up comments
* feat: enable ARC
* feat: add util function `c_string_to_nsstring`
* chore: refactor and rename to `run_command`
* feat: add try-catch around command execution
* feat: properly implement command calling
Add static typing. Add proper error handling.
* feat: add autoreleasepool to avoid memory leaks
* chore: change objc names to camelCase
* fix: error returning
* feat: extract some helper functions into utils class
* feat: scaffold status command
* feat: implement status command
* feat: implement password credential mapping
* wip: implement sync command
This crashes because we are not properly handling the fact that `saveCredentialIdentities` uses callbacks, resulting in a race condition where we try to access a variable (result) that has already gotten dealloc'd.
* feat: first version of callback
* feat: make run_command async
* feat: functioning callback returns
* chore: refactor to make objc code easier to read and use
* feat: refactor everything to use new callback return method
* feat: re-implement status command with callback
* fix: warning about CommandContext not being FFI-safe
* feat: implement sync command using callbacks
* feat: implement manual password credential sync
* feat: add auto syncing
* docs: add todo
* feat: add support for passkeys
* chore: move desktop autofill service to init service
* feat: auto-add all .m files to builder
* fix: native build on unix and windows
* fix: unused compiler warnings
* fix: napi type exports
* feat: add corresponding dist command
* feat: comment signing profile until we fix signing
* fix: build breaking on non-macOS platforms
* chore: cargo lock update
* chore: revert accidental version change
* feat: put sync behind feature flag
* chore: put files in autofill folder
* fix: obj-c code not recompiling on changes
* feat: add `namespace` to commands
* fix: linting complaining about flag
* feat: add autofill as owner of their objc code
* chore: make autofill owner of run_command in core crate
* fix: re-add napi annotation
* fix: remove dev bypass
* Added conditional to check if a cipher can be delete by user
* Added change detection on push
* Added directive to check if user can delete a cipher
* Added directive to check if user can delete a cipher
* Replaced check with directive
* removed takeUntilDestroyed
Add timeout state management for two-factor authentication flows in web, desktop,
and browser extension clients. Includes:
- New timeout screen component with 5-minute session limit
- Updated UI elements and styling
- Comprehensive test coverage
Refs: PM-13659
* updating new menus to allow tab + enter to submit the link/button
* Updating New actions to use button instead of a for accessibiity purposes
* refactor
* refactor
* test fix
* fixes
* fixing tests
* fixing test
* fixing tests
---------
Co-authored-by: --global <>
* Add changes for enabled policy
* Remove unused property
* Refactor the changes
* remove duplicated across multiple components
* Add some test and documentations to service
* Correct the comment free family sponsorship for isExemptFromPolicy
This PR ensures that, on the Chrome browser extension, biometrics gets auto-prompted when the user selects "Ask for biometrics on launch" by resetting the `isInitialLockScreen` to `true` on active account change.
Feature flag: `ExtensionRefresh` ON.
* PM-15115 - Captcha being deprecated so remove from new UI refreshed login component + start putting deprecated comments on some things.
* PM-15115 - Add Jira ticket to TODOs per best practice
* Stub out dialog
* Genericize LoginApprovalComponent
* update ipc mocks
* Remove changes to account component
* Remove changes to account component
* Remove debug
* Remove test component
* Remove added translations
* Fix failing test
* Run lint and prettier
* Rename LoginApprovalServiceAbstraction to LoginApprovalComponentServiceAbstraction
* Add back missing "isVisible" check before calling loginRequest
* Rename classes to contain "Component" in the name
* Add missing space between "login attempt" and fingerprint phrase
* Require email
* Create CredentialGeneratorHistoryDialogComponent to be re-used on web and desktop
* Add button to open credential histpry on web
* Add button to open credential history on desktop (#12101)
- Register route to open new CredentialGeneratorHistoryDialogComponent when FeatureFlag/GeneratorToolsModernization is enabled
- Add button to credential generator
- Add missing keys to en/messages.json
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Creates a refreshed and consolidated `LoginDecryptionOptionsComponent` for use on all visual clients, which will be used when the `UnauthenticatedExtensionUIRefresh` feature flag is on.
* feat: add tests for guidToRawFormat
* feat: add support for parsing b64 credential ids
* refactor: change interface to use Uint8Array for simplification
Technically this deviates from the specification, but nobody is going to be using the authenticator directly but us so it shouldn't matter. We're gonna switch to `passkey-rs` anyways so
* feat: change how the authenticator parses credential ids to support b64
* PM-12077 - Initial work on web process reload - more testing required.
* PM-12077 - Clarify comment
* PM-12077 - Improving UX of logout with process reload.
* PM-12077 - Final tweaks for process reload
* PM-12077 - Remove no longer accurate comment.
* PM-12077 - Per PR feedback, clean up logout reason
---------
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
* Manually route to signup page when the email verification feature flag is enabled
* Revert "Manually route to signup page when the email verification feature flag is enabled"
This reverts commit f3a2b412b9.
* Do not show toast when redirecting to signup
Creates a refreshed and consolidated LoginViaAuthRequestComponent for use on all visual clients, which will be used when the UnauthenticatedExtensionUIRefresh feature flag is on.
* move vault headings to their own component
* update aria-label to bind to the data attribute
* move vault headings to the vault-v2 folder
* integrate disclosure trigger to hide vault filters
* remove built in margin on search component
- spacing will be managed by the parent component
* add event emitter so consuming components can know when disclosure status has changed
* add filter badge when filters are selected and the filters are hidden
* persist filter visibility state to disk
* add supporting text for the filter button
* remove extra file
* only read from stored state on component launch.
- I noticed delays when trying to use stored state as the source of truth
* use two-way data binding for change event
* update vault headers to use two way data binds from disclosure component
- also adjust consuming changes
* add border thickness
* add ticket to the FIXME
* move number of filters observable into service
* move state coordination into filter service
* only expose state and update methods from filter service
* simplify observables to avoid needed state lifecycle methods
* remove comment
* fix test imports
* update badge colors
---------
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
* Add the new policy
* Add the free family policy behind flag
* Patch build process
* Revert "Patch build process"
This reverts commit 4024e974b1.
* [PM-13346] Email notification impacts (#11967)
* Changes error notification for disabled offer
* Add the feature to the change
* Add the missing dot
* Remove the authenicated endpoint
* Add the changes for error toast
* Resolve the lint issue
* rename file a correctly
* Remove the floating promise comments
* Delete unwanted comments
---------
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
* feat: update sdk service abstraction with documentation and new `userClient$` function
* feat: add uninitialized user client with cache
* feat: initialize user crypto
* feat: initialize org keys
* fix: org crypto not initializing properly
* feat: avoid creating clients unnecessarily
* chore: remove dev print/subscription
* fix: clean up cache
* chore: update sdk version
* feat: implement clean-up logic (#11504)
* chore: bump sdk version to fix build issues
* chore: bump sdk version to fix build issues
* fix: missing constructor parameters
* refactor: simplify free() and delete() calls
* refactor: use a named function for client creation
* fix: client never freeing after refactor
* fix: broken impl and race condition in tests
* feat: add sdk override to desktop build
* feat: add SDK version to browser about dialog
* feat: add sdk override to browser build
* fix: `npm ci` overriding the override
* fix: artifacts not properly downloaded
* fix: switch to new repository
* feat: add debug version function to web
* feat: add sdk-version to CLI
* feat: add version to desktop
* feat: add override to cli
* feat: add override to web
* fix: cli version acting as default command
* fix: consistent workflow input name
* feat: add error handling
* feat: upgrade sdk-internal
* fix: forgot to update package lock
* fix: broken CI build
move sdk version to a regular command
* chore: revert version changes
* refactor: move error handling code
* chore: bump SDK to 0.2.0.main-1
* fix: clean up references to inputs.sdk_commit
* refactor: rename `init` to `applyVersionToWindow`
* revert passphrase minimum
* add recommendation text to browser refresh; hide hint text when value exceeds recommendation
* migrate validators to generator configuration
* [CL-245] Update palette to new light and dark theme colors (#8633)
* [CL-245] Add new color swatches to storybook (#8697)
* [CL-238] update typography (#8997)
* [CL-230] [CL-296] Update button styles (#9345)
* [CL-237] Update menu styles for extension refresh (#9525)
* [CL-267] Add 100-level color variants and update primary-600 (#9550)
* [CL-286] Update badge to use focus-visible instead of focus (#9551)
* [CL-250] Update badge styles for extension refresh (#9572)
* [CL-234] callout style refresh (#9920)
* [CL-233] Update form field styles (#9776)
* [CL-239][CL-251][CL-342] dialog style refresh (#10096)
* [CL-239] simple dialog style refresh
* [CL-342] fix text overflow in dialog; add story
* [CL-244] readonly fields (#10164)
* [CL-352] Fix Angular errors related to form element changes (#10211)
* [CL-273] Update styles for checkbox and form control (#10146)
* [CL-274] Update styling for radio button (#10333)
* [CL-338] Remove extra space in item content when end slot is empty (#10350)
* [CL-377] Fix extension style conflict for input background (#10351)
* [CL-271] Update styles for toggle (#10377)
* [CL-381] Update spacing around form elements (#10432)
* [CL-229] Update icon button styles (#10405)
* [CL-380] Remove hover state from disabled form fields (#10639)
* [CL-405] Allow toggle group input to be full width (#10658)
* [CL-389] Exclude end slot label content from truncation (#10508)
* [CL-383] Remove manual focus when password toggle is clicked (#10749)
* [CL-278][CL-391] misc bit-item style fixes (#10758)
* [CL-391] use pointer cursor on hover when link or button
* [CL-210] Change base font size from 14px to 16px (#10779)
* [CL-291] Finalize styling for chip select (#10771)
* [CL-257] update banner component styles (#10766)
* [CL-443] Fix sizing issues (#10893)
* [CL-445] Fix small sizing and spacing issues (#10962)
* [CL-382] Reduce element shifting on readonly hover (#10956)
* [CL-396] Update theme colors to new hexes (#10968)
* [CL-395] Remove text headers color (#10997)
* [CL-404] Switch to primary-600 for all focus indicators (#11015)
* [CL-397] Remove primary-500 (#11036)
* [CL-447] Ensure DM Sans displays correctly at all font weights (#11041)
* [CL-448] Scrollbar Styles (#11111)
* CL-252/update toast (#10996)
* [CL-275] Update link styles (#11174)
* [CL-446] Update hover state for unselected chip selects (#11172)
* [CL-454] Improve color a11y for toast and banner interactive elements (#11200)
* [CL-457] Center input text for select and multiselect (#11239)
* [CL-455] Do not use responsive margin for sections in dialogs or extension (#11243)
* [CL-459] Fix chip behavior when opening menu while item is selected (#11227)
* [CL-388] Update vertical nav colors for new palette (#11226)
* scope styled scrollbar to only select elements (#11247)
* edit radio buttons to be block inputs and update spacing (#11291)
* [CL-453] Fix multiselect chip spacing and truncation (#11300)
* [PM-11131] Prevent duplicated sr labels on form field icon buttons (#11383)
* [CL-303] Prevent chip menu from running offscreen (#11348)
* [CL-476] Fix DM Sans font on Windows (#11409)
* implements scrollbar styles for firefox/chrome and safari (#11447)
* [CL-472] Fix search background color in extension (#11466)
* [CL-481] Style updates for bit-item, bit-card, and primary-100 (#11473)
* [CL-478] Remove underline on hover for most components (#11477)
* [CL-477] Remove focus styles for readonly input (#11510)
* [CL-487] Fix vault items virtual scroll height (#11581)
* [PM-8625] Increase popup width (#11686)
* [CL-494] Wrap long words in toggle group (#11659)
* [CL-13820] Add class to remove link underline (#11762)
* [CL-435] Prevent Windows extension from shifting (#11851)
* [CL-503] Add notification color variables (#11802)
* [PM-14043] Update size of toggle group label to fit more content (#11881)
* [CL-498] Set chip menu width minimum to chip select width (#11905)
---------
Co-authored-by: Will Martin <contact@willmartian.com>
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
Co-authored-by: Nick Krantz <125900171+nick-livefront@users.noreply.github.com>
Co-authored-by: Merissa Weinstein <merissa.k.weinstein@gmail.com>
Co-authored-by: Danielle Flinn <43477473+danielleflinn@users.noreply.github.com>
* Create dedicated password-xp csv importer
* Add support for importing unmapped columns as custom fields
* Add support for importing folders and assiging items to them
* On import into an organization, convert folders to collections
* Register importer within importService and make it selectable via the UI
Add instructions on how to export from Password XP
* Mark method as private
* Add docs
* Add comment around folder detection
* Move test data into separate file
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
* Refactor organization user API service to support bulk deletion of users
* Add copy for bulk user delete dialog
* Add bulk user delete dialog component
* Add bulk user delete functionality to members component
* Refactor members component to only display bulk user deletion option if the Account Deprovisioning flag is enabled
* Patch build process
* Revert "Patch build process"
This reverts commit 917c969f00.
---------
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
* totp secret is assigned to cipher object in zohovalut-csv-importer to populate when importing keys from zoho vault fixes#11872closes#11872
* fixed issue#11872
* assigned full totp url to cipher object and also implemented unit tests for zohovault importer
* Add test to when no data is passed to the importer
* Fix import of folders
- Replace "Chambername" with "Folder Name"
- Add tests for importing folders and collections
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: Daniel James Smith <2670567+djsmith85@users.noreply.github.com>
* Create an importer for csv-export from Netwrix Password Secure
* Wire the new importer into the clients
* Add instructions to export from Netwrix Password Secure
* Mark method as private
* Remove line which disables linting
* Add docs to importer
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
