1
0
mirror of https://github.com/bitwarden/browser.git synced 2024-11-22 11:45:59 +01:00
Commit Graph

953 Commits

Author SHA1 Message Date
Jonathan Prusik
929b5ebec3
[PM-5568] Implement Badge Settings state provider (#8112)
* create badge settings state provider

* replace state service get/set disableBadgeCounter with badge settings service equivalent

* migrate disableBadgeCounter account setting to badge settings state provider

* cleanup and address PR suggestions
2024-02-27 21:03:12 +00:00
✨ Audrey ✨
36116bddda
[PM-5614] introduce SecretState wrapper (#7823)
Matt provided a ton of help on getting the state interactions right. Both he 
and Justin collaborated with me to write the core of of the secret classifier.

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
2024-02-27 11:40:32 -05:00
Jake Fink
5a1f09a568
[PM-5499] Use public key for approving auth requests (#8110)
* change key check to public key check

* use public key for encryption

* fix tests
2024-02-27 11:28:50 -05:00
Thomas Rittson
0a5c9d3525
[AC-2008] [AC-2122] [Pt 1] Transition PolicyService to use StateProvider (#7959)
* Delete unnecessary StateDefinition

* Add StateProvider to PolicyService

* Add new getters using StateProvider (not exposed or used yet)
2024-02-27 08:51:10 +10:00
Alex Morask
f53af7c466
[AC-1863] Send initiationPath on organization or user signup (#7747)
* Sent initiation path for organization and user signups

* Rename organizationQueryParameter > organizationTypeQueryParameter

* Jared's feedback

* Split PM & SM initiation path
2024-02-26 14:20:11 -05:00
Justin Baur
632598d804
[PM-6404] Add UserKeyDefinition (#8052)
* Add `UserKeyDefinition`

* Fix Deserialization Helpers

* Fix KeyDefinition

* Move `ClearEvent`

* Address PR Feedback

* Feedback
2024-02-26 11:28:40 -05:00
Jake Fink
1435203e12
[PM-5499] Create Auth Request Service (#8056)
* create auth request service

* copy methods from auth crypto service

* register new auth request service

* remove refs to auth request crypto service

* remove auth request crypto service

* remove passwordless login method from login strategy service

* add docs to auth request service
2024-02-26 10:07:08 -05:00
Justin Baur
d02651583f
Extend Cleanup Delay (#8076) 2024-02-26 14:20:15 +00:00
aj-rosado
d0aea28f0a
Checking if hideEmail control is enabled before trying to deactivate it on Sends (#8041) 2024-02-26 11:59:50 +00:00
Jonathan Prusik
44bda82bc4
revert to old secrets masking behaviour in browser cipher edit view (#8018) 2024-02-23 17:40:27 -05:00
Jonathan Prusik
34a8d9af86
[PM-6383] Migrate clearClipboard account setting to autofill settings service (#8022)
* migrate clearClipboard account setting to autofill settings state provider

* replace state service get/set clearClipboard with autofill settings service equivalents

* PR suggestions cleanup
2024-02-23 13:52:13 -05:00
Cesar Gonzalez
38e40a0471
[PM-5697] Capture all form data from page when selecting "New item" within the inline menu even if popout is already open (#7773)
* [PM-5679] Capture all form data from page when selecting "New item" even if popout is already open

* [PM-5679] Capture all form data from page when selecting "New item" even if popout is already open

* [PM-5697] Fixing floating promise within the handleExtensionMessage method
2024-02-23 18:27:25 +00:00
Robyn MacCallum
8ab4eecc8a
[SM-1065] SmOnboarding state provider (#8037)
* Create state definition

* Create SmOnboardingTaskService

* Replace usage of stateService value with state new state provider

* Migrate old state values to state provider

* Fix injection of SmOnboardingTasksService

* Remove smOnboardingTasks from state

* Fix state provider imports

* Fix migration after merge from main

* Move null handling to SMOnboardingTasksService
2024-02-23 13:16:42 -05:00
Shane Melton
dee0b20554
[AC-2195] Fixes for FC V1 for Custom Users (#8034)
* [AC-2195] Update canEditAnyCipher permission to make an exception for Custom users with editAnyCollection permission

* [AC-2195] Update V1 FC flag check to include check for an organization's FC status

* [AC-2195] Remove redundant collection management setting check that was hiding the restricted access message for custom users with deleteAnyCollection

* [AC-2195] Ensure users with canEditAnyCollections can edit all collections
2024-02-23 10:01:25 -08:00
Oscar Hinton
38d8fbdb5a
Vertical Vault Navigation (#6957)
* WIP admin console layout

* Update icons

* Migrate more things

* Migrate the last pages

* Move header to web

* Fix story not working

* Convert header component to standalone

* Migrate org layout to standalone

* Enable org switcher

* Add AC to product switcher

* Migrate provider portal to vertical nav

* Migrate PM

* Prettier fixes

* Change AC and PP to use secondary variant layout & update logos

* Remove full width setting

* Remove commented code

* Add header to report pages

* Add provider portal banner

* Fix banner for billing pages

* Move vault title to header

* Prevent scrollbar jumping

* Move send button to header

* Replace search input with bit-search

* Remove unused files and css

* Add banner

* Tweak storage option

* Fix duplicate nav item after merge

* Migrate banner state to state provider framework

* [AC-2078] Fix device approvals header

* [PM-5861] Hide AC from product switcher for users that do not have access

* [PM-5860] Fix Vault and Send page headers

* [AC-2075] Fix missing link on reporting nav group

* [AC-2079] Hide Payment Method and Billing History pages for self-hosted instances

* [AC-2090] Hide reports/event log nav items for users that do not have permission

* [AC-2092] Fix missing provider portal option in product switcher on page load

* Add null check for organization in org layout component

* [AC-2094] Fix missing page header for new client orgs page

* [AC-2093] Update New client button styling

* Fix failing test after merge

* [PM-2087] Use disk-local for web layout banner

* [PM-6041] Update banner copy to read "web app"

* [PM-6094] Update banner link to marketing URL

* [PM-6114] add CL container component to VVR pages (#7802)

* create bit-container component

* add container to all page components

* Fix linting errors after merge with main

* Fix product switcher stories

* Fix web-header stories

* mock org state properly in product switcher stories (#7956)

* refactor: move web layout migration banner logic into a service (#7958)

* make CL codeowner of web header files

* move migration banner logic to service; update stories

* [PM-5862] Ensure a sync has run before hiding navigation links

* Remove leftover banner global state

* Re-add dropped selfHosted ngIf

* Add rel noreferrer

* Remove comment

---------

Co-authored-by: Shane Melton <smelton@bitwarden.com>
Co-authored-by: Will Martin <contact@willmartian.com>
2024-02-23 09:22:45 -08:00
Will Martin
43d1174a06
[CL-169] add bit-section component (#8062) 2024-02-23 10:51:17 -05:00
Matt Gibson
9775e77079
[PM-5537] Migrate Biometric Prompts (#7771)
* Fix nextMock arguments

* Add state for biometric prompts

* Use biometric state for prompts

* Migrate biometric prompt data

* wire up biometric state to logouts

* Add migrator to migrate list

* Remove usages of prompt automatically

Explicitly list non-nulled state as intentional

* `npm run prettier` 🤖

* Fix web lock component
2024-02-23 09:21:18 -05:00
Jake Fink
19a373d87e
[PM-6211] Create key generation service (#7939)
* create key generation service

* replace old key generation service and add references

* use key generation service in key connector service

* use key generation service in send service

* user key generation service in access service

* use key generation service in device trust service

* fix tests

* fix browser

* add createKeyFromMaterial and tests

* create ephemeral key

* fix tests

* rename method and add returns docs

* ignore material in destructure

* modify test

* specify material as key material

* pull out magic strings to properties

* make salt optional and generate if not provided

* fix test

* fix parameters

* update docs to include link to HKDF rfc
2024-02-23 08:48:15 -05:00
Oscar Hinton
a553704f28
Add support for removing values in migration helper (#8057) 2024-02-22 16:21:39 -06:00
Matt Gibson
56bffb04bb
Ps/pm 5533/migrate decrypted user key (#7970)
* Move user key memory state to state providers

Note: state service observable change is because these updates are no longer internal to the class, but reporter directly to account service through crypto service on update of a user key

* remove decrypted user key state

Note, we're going to move the encrypted cryptoSymmetric key (and associated master key encrypted user keys)  as part of the master key service creation. Crypto service will no longer be responsible for the encrypted forms of user key.

* Deprecate notices belong on abstraction

* Allow for single-direction status updates

This is necessary since we don't want to have to guarantee that the update to logged out occurs after the update to locked.

* Remove deprecated subject

It turns out the set for cryptoMasterKey was also unused 🎉
2024-02-22 15:07:26 -05:00
aj-rosado
f9539ef68b
Calling processFolder method when adding ciphers on PsonoJsonImporter (#7984) 2024-02-22 17:51:44 +00:00
Cesar Gonzalez
7629652a47
[PM-5887] Refactor WebCryptoFunction to Remove Usage of the window Object in the Background Script (#7749) 2024-02-21 15:51:02 +00:00
Jason Ng
0576bd9f2c
PM-5955 Multiple Badges Overlap With Permissions Column (#7843)
* update badge components so multiple badges to do not overlap with permissions column in collections
2024-02-20 12:08:39 -05:00
Kai
e823c27c8d
Only GetGlobals when we actually need them (#7855)
Since we only need it as a backup if accountVaultTimeoutAction is
null/undefined, there should be no need to call this function every time.

While the overhead may seem trivial at first glance, it can add up to a
massive increase in runtime when the function is called repeatedly in
quick succession (e.g. when running `bw list items` where it is executed
once for every item).

In my concrete case this change leads to a 20x speedup.
2024-02-20 15:51:32 +01:00
Will Martin
d4968bb225
[CL-166] add title and subtitle inputs to bit-dialog (#7597) 2024-02-19 11:03:24 -05:00
Will Martin
cbcd5d9747
[CL-192][CL-193] fix virtual scroll (#7986)
* [CL-192] use sticky sidebar instead of static; remove main screen height

* [CL-193] patch cdk dialog scroll block
2024-02-19 08:52:42 -05:00
Alex Morask
1f8e6ea6f8
Use split endpoint names for FF 'AC-1607_present-user-offboarding-survey' (#7983) 2024-02-16 13:38:10 -05:00
SmithThe4th
5b652092cd
[PM-5272] Migrate CollapsedGroupings to State Provider (#7954) 2024-02-16 12:53:24 -05:00
Andreas Coroiu
b0dd64bab4
[PM-4756] [PM-4755] Add BE and BS flags, and credProps (#7947)
* [PM-4756] feat: set BE and BS flags

* [PM-4755] feat: add support for credProps.rk

* [PM-4755] feat: add extension support to page-script object mapping
2024-02-16 10:55:51 +01:00
Oscar Hinton
02dde0c0d3
[PM-6328] Checkmarx - Resolve warnings (#7941) 2024-02-15 16:25:53 -05:00
Matt Gibson
c8c1ed42ba
[PM-5537] Remove Unecessary Biometric State (#7762)
* Create state for biometric client key halves

* Move enc string util to central utils

* Provide biometric state through service

* Use biometric state to track client key half

* Create migration for client key half

* Ensure client key half is removed on logout

* Remove account data for client key half

* Remove unnecessary key definition likes

* Remove moved state from account

* Fix null-conditional operator failure

* Simplify migration

* Remove lame test

* Fix test type

* Add migrator

* Remove state that is never read.

* Remove unnecessary biometric state

We don't need to determine platform in desktop background, it can be done in the UI at any time.

* Fix merge

* Use platform utils to identify OS desktop type
2024-02-15 15:29:29 -05:00
Todd Martin
7c37ce117c
[PM-6241] Remove unused entityId and entityType state (#7899)
* Removed unused entityId and entityType state

* Removed from interface.

* Removed unused state from AccountProfile.
2024-02-14 23:06:56 +00:00
Jake Fink
6562875a23
[PM-6302, PM-6303] Add duo state and connector message on browser/desktop (#7957)
* pass state for clients

* use redirect connector to set cookie with translations

* simplify duo redirect url validation
2024-02-14 18:00:38 -05:00
Jason Ng
3edf098aaf
PM-5274 Migrate Collection Service State (#7732)
* update collection service to use new state provider framework, remove stateservice from collection service, update collections state provider with migrate file and unit test
2024-02-14 17:03:03 -05:00
Matt Gibson
d8b74b78da
[PM-5533] Migrate Asymmetric User Keys to State Providers (#7665) 2024-02-14 15:04:08 -05:00
Matt Gibson
7a6d7b3a68
Include missing migration (#7840)
This migration missing from #7825 does not suggest missing data since no client has been released in the interim.
2024-02-14 14:25:08 -05:00
Justin Baur
1ff7bdd014
[PM-6172] Run localStorage migrations for web (#7900)
* Create MigrationRunner

- Create MigrationRunner Service for running migrations in StateService
- Create web override so that migrations also run against `localStorage`

* Fix Web StateService

* Fix WebMigrationRunner

* Fix CLI

* Fix ElectronStateService

* Update Comment

* More Common Scenarios
2024-02-14 08:52:13 -05:00
Shane Melton
2a9d396a01
[PM-5757] Update local collection data when a collection is updated (#7940)
* [PM-5757] Update local data when a collection is updated

* [PM-5757] Use defer() for collections re-evaluate the promise on refresh$
2024-02-13 13:04:13 -08:00
Matt Gibson
f0ae318f57
Link derived state fake to parent observable. (#7922) 2024-02-13 15:26:56 -05:00
Daniel James Smith
9980c3feb9
[PM-5459] Move libs/exporter to libs/tools/ (#7380)
* Move libs/exporter into libs/tools/*

Migrating all files from libs/exporter over to libs/tools/export/vault-export/vault-export-core
Rename package to vault-export-core
Fix all file paths

* Update libs and tsconfig imports

* Fix client imports

* Fix eslint, jest and package-lock.json

* Update CODEOWNERS

* Add README.md to whitelist-capital-letters

* Fix vault-export-service tests not running

* Update libs/tools/export/vault-export/README.md

Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com>

* Fix types imports

* Export types from vault-export-core

* Fixed content of README

---------

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com>
2024-02-13 14:22:37 -05:00
Thomas Rittson
c8b04729cb
Add NotificationType.SyncOrganizations (#7924) 2024-02-13 18:15:52 +00:00
Todd Martin
bdc951194e
[PM-5800] Remove passwordless-login feature flag (#7626)
* Removed passwordless-login feature flag

* Removed conditional on login component.

* Added back reference accidentally deleted.

* Fixed initialization of the service in tests.

* Removed unused private variable.

* Updated DI to remove configService

* Undid changes to workspace file.

* Undid all changes to workspace file

* Undid merge changes to collection dialog

* Linting
2024-02-13 11:15:16 -05:00
Addison Beck
a9297af2d3
Add a key definition for providers (#7915) 2024-02-13 12:27:52 +00:00
Jonathan Prusik
c65e92f769
[PM-5560] Implement Autofill Settings state provider (#7767)
* Begin migration of autofill settings

Co-authored-by: Cesar Gonzalez <cagonzalezcs@users.noreply.github.com>
Co-authored-by: Thomas Avery <Thomas-Avery@users.noreply.github.com>
Co-authored-by: Jonathan Prusik <jprusik@users.noreply.github.com>
Co-authored-by: Colton Hurst <coltonhurst@users.noreply.github.com>

* add browser dependency for AutofillSettingsService

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>

* update autofill settings service

* replace usages of stateService get/set autofillOnPageLoad with autofillSettingsService

* replace usages of stateService get/set autofillOnPageLoadDefault with autofillSettingsService

* replace usages of stateService get/set autoCopyTotp with autofillSettingsService

* replace usages of stateService get/set autoFillOnPageLoadCalloutIsDismissed with autofillSettingsService

* replace usages of stateService get/set activateAutoFillOnPageLoadFromPolicy with autofillSettingsService

* replace usages of get/set autoFillOverlayVisibility with autofillSettingsService

* inlineMenuVisibility should use global state

* add the AutofillSettingsService to background scripts

* fix typing

* replace additional usages of get/set autoFillOverlayVisibility and disableAutoTotpCopy with autofillSettingsService equivalents

* replace additional usages of get/set autofillOnPageLoadDefault with autofillSettingsService equivalent

* replace additional usages of get/set activateAutoFillOnPageLoadFromPolicy with autofillSettingsService equivalent

* remove additional deprecated and unused state service calls

* improve naming conventions and consistency

* fix missing mock for policy service test

* replace missing overlay background tests

* cleanup

* fix double inversion

* fix reference to wrong setter

* move handleActivateAutofillPolicy out of BrowserPolicyService

* create state migration script

* resolve linting issues

* remove migrated setting properties

* add AutofillSettingsSErvice to jslib-services

* handle conditional content script loading via autofillOnPageLoad check

* add deprecated note to getFromLocalStorage

* add jsdoc decorators to new autofill service methods

* handle undefined globalState

* move autofill settings out of BrowserPolicyService

* Move autofill settings code out of policyService

* fix tests

* fix typo in state definition

---------

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
Co-authored-by: Cesar Gonzalez <cagonzalezcs@users.noreply.github.com>
Co-authored-by: Thomas Avery <Thomas-Avery@users.noreply.github.com>
Co-authored-by: Colton Hurst <coltonhurst@users.noreply.github.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
2024-02-12 17:11:04 -05:00
Jason Ng
fd8c26601a
PM-3231 Vault Onboarding Part 1 (#6905)
* Onboarding Component moved to web for sharing. Vault Onboarding Component created for new users. Still behind feature flag.
2024-02-12 11:43:43 -05:00
Jake Fink
f786c8ce93
clear ever had user key for logged out user instead of active (#7911) 2024-02-12 11:12:35 -05:00
Oscar Hinton
6b12968721
[PM-5820] Upgrade angular to 16 (#7638)
Upgrade Angular and related dependencies to v16.
2024-02-12 17:00:41 +01:00
✨ Audrey ✨
eafe3dec67
[PM-5973] add catchall generation strategy (#7898) 2024-02-12 10:27:47 -05:00
✨ Audrey ✨
c41dce8c63
[PM-5972] add subaddress generator strategy (#7897) 2024-02-12 09:20:55 -05:00
aj-rosado
7d47f1496c
[PM-6072] Add get$ method on SendService (#7839)
* Added missing get$ method on SendService

* Added distinctUntilChanged to the get$ method and added more tests

* Added more validations and tests to get$

* Added some more test cases to get$

* Refactored test cases from get$
2024-02-09 18:27:50 +00:00
Alex Morask
b239e3736f
[AC-1607] Add offboarding survey to subscription pages (#7809)
* Add offboarding survey to subscription pages

* Cleaning up unused code

* Removing unused eslint suppression

* Product updates

* Jared's feedback
2024-02-09 12:08:46 -05:00
✨ Audrey ✨
64381cbae0
check credential type explicitly when loading evaluator (#7791) 2024-02-09 11:33:52 -05:00
Joseph Yu
bb031f6779
[PM-2311] Allow empty passphrase separator (#5473)
* Change passphrase generator's default wordSeparator to the empty string ''
* Create DefaultPassphraseGenerationOptions
* Use DefaultPassphraseGenerationOptions.wordSeparator in passphrase generation
* Add `empty` separator option to passphrase generator CLI and an example
* Change DefaultPassphraseGenerationOptions numWords to 3
* Use `DefaultPassphraseGenerationOptions.numWords` in CLI passphrase gen
2024-02-09 11:07:53 -05:00
Shane Melton
5c6245aaae
[AC-1124] Restrict admins from accessing items in the Collections tab (#7537)
* [AC-1124] Add getManyFromApiForOrganization to cipher.service.ts

* [AC-1124] Use getManyFromApiForOrganization when a user does not have access to all ciphers

* [AC-1124] Vault changes
- Show new collection access restricted view
- Include unassigned ciphers for restricted admins
- Restrict collections when creating/cloning/editing ciphers

* [AC-1124] Update edit cipher on page navigation to check if user can access the cipher

* [AC-1124] Hide ciphers from restricted collections

* [AC-1124] Ensure providers are not shown collection access restricted view

* [AC-1124] Modify add-edit component to call the correct endpoint when a restricted admin attempts to add-edit a cipher

* [AC-1124] Fix bug after merge with main

* [AC-1124] Use private this._organization

* [AC-1124] Fix broken builds
2024-02-08 14:07:42 -08:00
Will Martin
64b1772bfd
exclude CL popover story from Chromatic (#7862) 2024-02-08 21:01:35 +01:00
Matt Gibson
4c051f8d7f
ActiveUserState Update should return the userId of the impacted user. (#7869)
This allows us to ensure that linked updates all go to the same user without risking active account changes in the middle of an operation.
2024-02-08 14:54:15 -05:00
Matt Gibson
b0edcb81af
Ps/run-foreground-derived-state-in-zone (#7861)
* Sync derived state through memory storage

* Run foreground derived state in NgZone

* fix tests
2024-02-08 14:04:38 -05:00
Jake Fink
304c492f24
[PM-5364] Create SSO Login Service and add state ownership (#7485)
* create sso service

* rename sso service to sso-login service

* rename service

* add references to sso login service and update state calls

* fix browser

* fix desktop

* return promises

* remove sso state from account and global objects

* more descriptive org sso identifier method names

* fix sso tests

* fix tests
2024-02-08 12:44:35 -05:00
Matt Gibson
2525a3707f
Prefer get methods to return single user states unless specified active (#7834)
* Prefer get methods to return single user states unless specified active

* Improve comment
2024-02-08 12:02:48 -05:00
Daniel García
4be25e3df3
[PM-3756] Disable node integration and enable context isolation in desktop (#6975)
* Disable node integration and enable context isolation

* Review comments

* Log in renderer through IPC

* Missed imports

* Mock electron API

* resourcesPath is undefined in the preload, but process.windowsStore works correctly

* Replace fromBufferToUtf8 conditional implementation for the `buffer` package

The current non-node implementation is different than the node implementation,
as the non-node would break when the contents can't be parsed as a URI component.
Replacing the impl by the `buffer` package makes the result match in both environments.

* Fix lint

* Add some more tests

* Remove buffer from devDependencies
2024-02-08 18:00:19 +01:00
Will Martin
070d8556cf
[CL-179][PM-6011] open parent bit-nav-groups when bit-nav-item becomes active (#7801)
* add routing to nav-group stories

* open parent nav group when active
2024-02-08 10:35:13 -05:00
Matt Gibson
3371760779
Add derive option to clear state after cleanup (#7852)
Co-authored-by: Thomas Rittson <eliykat@users.noreply.github.com>
2024-02-07 20:33:28 -05:00
✨ Audrey ✨
6d79231476
[PM-5610] add eff long word list generator (#7748) 2024-02-07 13:24:32 -05:00
Addison Beck
82cb52a938
Properly set up StateProvider dependency for OrganizationService (#7841) 2024-02-07 10:28:14 -06:00
Matt Gibson
2ca34b46db
[PM-5537] Persist require password on startup through logout (#7825)
* Persist require password on startup through logout

* Test new methods
2024-02-07 10:39:54 -05:00
SmithThe4th
923cac0a96
enable passkeys option should be set by default (#7835) 2024-02-07 09:27:22 -05:00
Addison Beck
b3135403e8
Wire up key definitions for OrganizationService (#7781)
* Wire up key definitions for OrganizationService

[`AC-2009`: Transition OrganizationService to use StateProvider](
https://bitwarden.atlassian.net/browse/AC-2009)

In order to support the new `StateProvider` APIs for managing
application state this commit modifies `OrganizationService` in the following
ways:

1. Adding a `KeyDefinition` object to `OrganizationService` to store the
   `organization` record in `StateProvider`.
1. Injecting `StateProvider` and wiring up `OrganizationService` to read
   from the `organizations` key definition for the active user account.
1. Expanding the capabilities of `OrganizationData` to be able to read
   itself from a JSON string. Previously this was handled directly by
   `StateService`.
1. Updating tests to include requirements for testing against
   `StateProvider`.
1. Marking the existing `StateService`-backed `organizations`
   `Observable` and `BehaviorSubject` as deprecated.

This is largely unimplemented code with no intended visible effects to
the system. Implementing getting & updating the `organizations` value
from `StateProvider` will the next step in this work.

* Rework null check on OrganizationData

* Remove deprecation signals for the time being

* Move key definition inline with its service

* Create date objects when deserialzing json from state
2024-02-06 18:48:34 -06:00
SmithThe4th
e9865c1cec
[PM-5275] Migrate state in Fido2ClientService to State Providers (#7745)
* added state definition and key definition

* created vault settings service

* created enable passkeys migrations

* created enable passkeys migrations

* renamed the state definition

* created vault settings service

* updated enable passkey key definition

* updated references with vault settings service

* renamed files to avoid conflict

* removed set and get enable passkeys from state service

* removed comment

* fixed comments

* added readonly keyword

* removed service registartion from service module

* removed readonly keyword from abstract class

* swicted to used optional chaining

* renamed files

* added disk-local argument for web
2024-02-06 15:15:22 -05:00
Shane Melton
78008a9e1e
[PM-5277] Migrate Sync Service to State Provider (#7680)
* [PM-5277] Introduce lastSync state via State Providers

* [PM-5277] Add migrator and tests

* [PM-5277] Use memory for web storage location

* [PM-5277] Remove lastSync methods from state service

* [PM-5277] Remove lastSync from AccountProfile

* [PM-5277] Use string instead of Date to fix serialization for chrome.storage API in Browser

* [PM-5277] Only set account if lastSync was deleted during migration

* [PM-5277] Fix spec file
2024-02-06 12:00:41 -08:00
SmithThe4th
7e00ece092
[PM-5276] Migrate FolderService to state providers (#7682)
* added state definitionand key definition for folder service

* added data migrations

* created folder to house key definitions

* deleted browser-folder-service and added state provider to the browser

* exposed decrypt function so it can be used by the key definition, updated folder service to use state provider

* removed memory since derived state is now used

* updated test cases

* updated test cases

* updated migrations after merge conflict fix

* added state provider to the folder service constructor

* renamed migration file

* updated comments

* updated comments

* removed service registartion from browser service module and removed unused set and get encrypted folders from state service

* renamed files

* added storage location overides and removed extra methods
2024-02-06 14:51:02 -05:00
Justin Baur
f64092cc90
[PM-6032] Run migrations in main process (#7795)
* Run Migrations in Desktop Main Process

* Add `waitForMigrations` method

* Add `InitOptions`

* Fix Destructuring
2024-02-06 12:01:12 -05:00
Matt Gibson
166269520c
Allow common get and set operations from state providers (#7824)
* Allow common get and set operations from state providers

* Use finnish endings for observables
2024-02-06 11:35:22 -05:00
Todd Martin
78bd44b276
Modified to use the correct header. (#7817) 2024-02-05 15:03:03 -05:00
Jake Fink
816bcf4f39
[PM-5255] Create login strategy service (#7750)
* refactor login strategies into own service

* create login service factory

* replaces instances of authService with loginStrategyService

* replace more instances of authService

* move logout back to auth service

* add browser dependencies

* fix desktop dependencies

* fix cli dependencies

* fix lint and test files

* fix anonymous hub deps

* fix webauthn-login service deps

* add loginstrategyservice to bg

* move login strategy service and models to auth folder

* revert changes to tsconfig

* use alias for imports

* fix path

---------

Co-authored-by: rr-bw <102181210+rr-bw@users.noreply.github.com>
2024-02-05 14:26:41 -05:00
Jared Snider
c91ceb2014
Auth/PM-5368 & PM-4613 - Web & Browser - Add support for new 2FA Duo Frameless Redirect flow (#7670)
* [PM-5368] Open Duo auth url. Add BroadcastChannel listener for duo result.

* [PM-5368] Remove debug line. Use PlatformUtilService to launch Uri.

* PM-5368 - Some progress on getting new frameless duo implementation in place

* PM-5368 - Base2FAComp - Save off duoFramelessUrl for use later on as user must be given the option to remember the device before launching the duo frameless flow in the new tab.

* PM-5368 - Web - 2FA Comp - (1) Only show larger width when showing backwards compatible duo (2) Stack buttons per new design (3) selectedProviderType === providerType.OrganizationDuo is correct check for when org requires DUO

* PM-5368 - Web - 2FA Comp - translate duo stuff

* PM-4613 - Browser 2FA - Get most of DUO frameless in place. WIP. Must figure out how to transfer state from popup to popout + add popout logic to auth-popout-windows.ts. Converted existing useAnotherTwoStepMethod button to use new comp lib bitButton per design.

* PM-4613 - Browser 2FA Comp - (1) HTML - add margin around duo frameless text to match figma (2) Get popout extension logic working properly - now closes existing popup

* PM-4613 - TODO figure out communication between web and browser as broadcast channel will not work.

* PM-5368 - Base comp + web changes - (1)  Base component now has a setupDuoResultListener method for child classes to override (2) Web overrides setupDuoResultListener and cleans up broadcast channel once a duo result comes through.

* PM-4613 - Browser - (1) Add window message handling to content-message-handler content script to pass along the duo result message to the browser extension (2) 2FA comp - override setupDuoResultListener and use browserMessagingApi to listen to duoResult and submit when it comes through.

* PM-5368 - Web - 2FA comp - only clean up duo result channel on ngDestroy so that user can re-submit if an error occurs.

* PM-5368 and PM-4613 - (1) Update base 2FA comp to only initialize duo result listener once as init is called any time the user changes 2FA option if multiple are present (duo org and duo personal) (2) Each client now will only create a listener once even if it is called more than once (3) On web, only try to clean up the duoResultChannel if it was created to avoid erroring on other 2FA methods.

* PM-5368 - Base 2FA comp - add TODO to remove duo SDK handling once we remove the duo-redirect flag

* PM-5368 - Per PR feedback, avoid repetition of duo provider check by using a new public property for isDuoProvider

* PM-4613 -  Per PR feedback: (1) Deconstruct code out of data (2) Add test for duoResult.

---------

Co-authored-by: André Bispo <abispo@bitwarden.com>
2024-02-05 13:23:50 -05:00
Matt Gibson
414ee2563f
[PM-5537] Biometric State Service (#7761)
* Create state for biometric client key halves

* Move enc string util to central utils

* Provide biometric state through service

* Use biometric state to track client key half

* Create migration for client key half

* Ensure client key half is removed on logout

* Remove account data for client key half

* Remove unnecessary key definition likes

* Remove moved state from account

* Fix null-conditional operator failure

* Simplify migration

* Remove lame test

* Fix test type

* Add migrator

* Prefer userKey when legacy not needed

* Fix tests
2024-02-05 13:02:28 -05:00
Todd Martin
250e7c87e8
[PM-6012] Added device identifier header when updating trust on key rotation (#7807) 2024-02-05 11:35:33 -05:00
Will Martin
cb8849c355
Add eslint rule no-floating-promises (#7789)
* add eslint rule no-floating-promises

* add eslint-disable comment to offending lines
2024-02-02 15:13:37 -05:00
✨ Audrey ✨
e8d0d56c5f
[PM-5608] introduce passphrase generator strategy (#7690) 2024-02-02 10:49:38 -05:00
Will Martin
4e4e39e9f7
[CL-178] contain overflow in bit-layout main content (#7783) 2024-02-02 10:36:12 -05:00
Justin Baur
5e710b45b0
Add Missing await (#7788) 2024-02-02 09:06:03 -05:00
Addison Beck
d39fa8ee86
Add state definitions for Admin Console services (#7776) 2024-02-01 16:06:25 -06:00
Will Martin
d0212bd1b0
[CL-173] hide nav-group active styles when expanded (#7695)
* hide nav-group active styles when open

* update org-switcher to show child nav-item active styles
2024-02-01 16:23:05 -05:00
Will Martin
b054211fe6
[CL-175] remove position fixed from sidebar (#7760)
Removes fixed position from `bit-layout`'s sidebar. This prevents the sidebar from taking up too much space on smaller viewports.
2024-02-01 15:36:58 -05:00
Jake Fink
7d3c6dbed7
[PM-5995] Clear everhaduserkey on logout (#7759)
* clear everhaduserkey on logout

* change to null
2024-02-01 09:36:29 -05:00
Colton Hurst
01781848f3
SM-904: Remove SecretsManagerBeta (Phase 2) (#6891)
* SM-904: Remove SecretsManagerBeta

* SM-904: Remove additional places sm beta is used

* SM-904: Remove unused SM Beta messages
2024-01-31 17:09:35 -05:00
Matt Gibson
3a9dead640
[PM-5533] migrate provider keys (#7649)
* Provide RSA encryption in encrypt service

* Define state for provider keys

* Require cryptoService

This is temporary until cryptoService has an observable active user private key. We don't want promise-based values in derive functions

* Update crypto service provider keys to observables

* Remove provider keys from state service

* Migrate provider keys out of state account object

* Correct Provider key state types

* Prefix migration with current version number
2024-01-29 16:53:01 -05:00
Todd Martin
c199f02d44
[PM-5638] Bump minimum server version for vault item encryption (#7705)
* PM-5638 Bumped up msv for IVIE

* Updated version to 2024.2.0 for next release.

---------

Co-authored-by: Carlos Gonçalves <cgoncalves@bitwarden.com>
2024-01-29 16:17:16 -05:00
Will Martin
d33b9ec58d
[CL-156][CL-176] update bit-nav-item styles (#7712)
* remove secondary-300 color redefinition

* add nav-item hover styles

* use inset focus-visible ring
2024-01-29 15:58:33 -05:00
Matt Gibson
1da6733e71
JSON stringify memory items (#7731)
* JSON stringify memory items

stringification is required so they can be reliably sent through messaging

* Simplify null handling
2024-01-29 19:42:58 +00:00
Alex Morask
8468dbab5b
[AC-1842] Secrets Manager Trial Page (#7475)
* Got trial page working without the form set up

* Set up the form to create SM subscription

* Add free SM trial page and sign up

* Conner's changes

* fixed imports

* Set isFromSecretsManagerTrial

* Fixed OrgKey location

* Add isFromSecretsManager prop to free org create

* Add LTO callout

* Switch LTO to background box

* Defect: AC-2081

* Fixed typo "Secrets Manger" to "Secrets Manager"

* Removed discount price logic for storage and secrets manager prices since they don't apply

---------

Co-authored-by: Conner Turnbull <133619638+cturnbull-bitwarden@users.noreply.github.com>
Co-authored-by: Conner Turnbull <cturnbull@bitwarden.com>
2024-01-29 10:45:48 -05:00
aj-rosado
305fd39871
[AC-1782] Flexible collections import behavior in Password Manager and Admin Console (#6888)
* Added logic to only return organisations where user has import permissions and collections that he manages on Import

* Changed the UnassignedCollections validation logic

* Added validation to check if the user is coming from AdminConsole on the import component

* Added import collection service abstraction to allow get admin collections

* Corrected feature flag reads on import component

* Refactor import component methods ngOnInit and performImport to improve codescene
Using FeatureFlag Observable

* Modified validation to allow import if user has organizations to import into

* Using the new organization flexiblecollections property on import

* Created collection-admin-import.service to return all the org collections to the import on Admin Console

* Small changes on import flexible collections

* Fix linting issues

* changed canAccessImport rules and deprecated canAccessImportExport

* Validating if user canAccessImportExport instead of admin before calling the handleOrganizationImportInit.

* AC-2095 - Corrected getAllAdminCollections from ImportCollectionAdminService to properly get all the collections on AdminConsole

* Reverting AC-2095

---------

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2024-01-29 15:11:19 +00:00
aj-rosado
d5de9cbeb2
[AC-1492] Split export service (#7462)
* Split export service into vault and org export service

* Changed CLI logic to use split export logic

* correct unit tests

* Created individual export service, export service making the calls for org and ind vault

* Improved code readability

* Merged PasswordProtectedExport with Export methods to simplify calls

* Some small refactor

* [AC-1492] Managed collections export (#7556)

* Added managed collections export method
Added logic to show orgs on export that the user can export from

* Merge branch 'tools/AC-1492/split-export-services' into tools/AC-1492/export-flexible-collections

# Conflicts:
#	apps/web/src/app/admin-console/organizations/tools/vault-export/org-vault-export.component.ts
#	apps/web/src/app/tools/vault-export/export.component.ts

* Change export to use new organization.flexiblecollection flag

* Little refactor changing parameter names and reduzing the size of export.component.ts ngOnInit

* Removed unused service from export constructor and removed unnecessary default value from org export service parameter

* Simplified organizations selection for vault export to only verify if it has flexiblecollections

* removed unecessary services from ExportComponent constructor on popup

* Fixed possible race condition on managed export
2024-01-29 09:38:16 +00:00
Will Martin
053053624f
[CL-174] add title to bit-nav-item (#7703)
* add title to bit-nav-item
2024-01-26 11:55:00 -05:00
Oscar Hinton
c0e157610e
Fix DefaultActiveUserState test always failing locally (#7701)
The test always fails locally due to first setting a local time, and then fetching it through UTC which may have different timezones.
2024-01-26 14:34:42 +01:00
Jared Snider
2c1d215b71
Auth/PM-5242 - Create new User Verification dialog and form input components which support PIN and biometrics verification (#7536)
* PM-5242 - First working draft of copying out web CL implementation of user verification form and dialog components into standalone libs/auth components which could be used in any client.

* PM-5242 - Rename UserVerificationFormComponent to UserVerificationFormInputComponent b/c it doesn't actually have a form and is meant to slot into a form as an input.

* PM-5242 - Update libs/auth angular index to take renamed component into account

* PM-5242 - Clean up UserVerificationDialogComponent as have much cleaner design approach now (maintain existing func while simply adding new requirements for client side validation for passkeys)

* PM-5242 - UserVerificationFormInput component - WIP draft of new client and server split of user verification logic

* PM-5242 - UserVerificationFormInput - WIP - Lots of progress on client side verification layout - more to do

* PM-5242 - UserVerificationFormInputComponent - Add hasMultipleVerificationMethods property so we can only show alternate methods if user has them.

* PM-5242 - UserVerificationFormInputComponent - rename hasMultipleVerificationMethods to hasMultipleClientVerificationOptions

* PM-5242 - Add new user verification biometrics fingerprint icon with proper secondary fill so it displays properly on all themes.

* PM-5242 - Create enum for tracking client user verification states

* PM-5242 - UserVerificationFormInputComponent - WIP - (1) Got biometrics layout working except for error state (2) Emitting active client verification option and biometrics result to dialog (3) Properly identifying if biometrics is enabled in a platform agnostic way (4) Translations TODO

* PM-5242 - UserVerificationDialogComponent - (1) Wire up new inputs and outputs for UserVerificationFormInput (2) Don't show submit button when clientside biometrics verification active

* PM-5242 - UserVerificationFormInputComponent - wired up biometrics failure and retry handling + re-arranged comp properties to put inputs & outputs at the top

* PM-5242 - UserVerificationFormInput component - Add logic to prevent currently active client verification method from being shown an option

* PM-5242 - UserVerificationFormInput - adjust margins

* PM-5242 - User verification dialog and form input comps - replace Verification with VerificationWithSecret type where applicable

* PM-5242 - UserVerificationFormComp - Default to server for backwards compatibility and to avoid requiring the input at all

* PM-5242 - UserVerificationFormInputComp - (1) Rename processChanges to processSecretChanges (2) Short circuit processSecretChanges when biometrics is active (3) Add new function for determining type of verification that has a secret.

* PM-5242 - UserVerificationDialog - Support custom, optional callout in dialog body.

* PM-5242 - UserVerificationDialogComp - support custom confirm button text and type.

* PM-5242 - UserVerificationDialog - Add user verification dialog result type to allow for handling all possible verification scenarios

* PM-5242 - UserVerificationFormInputComp - tweak comment

* PM-5242 - UserVerificationFormInput comp html - add placeholder text for no client verifications found scenario

* PM-5242 - UserVerificationDialogComponent - (1) Add confirm & cancel to dialog result (2) Add cancel method vs using bitDialogClose for specificity (3) Adjust naming of output property to properly specify that it is scoped to client verification (4) Adjust layout of dialog html to handle when no client side verification methods are found.

* PM-5242 - UserVerificationFormInput - Clean up test code

* PM-5242 - UserVerificationFormInput - For server verification, we don't need to check if the user has a local master key hash as we will generate a hash to send to the server for comparison.

* PM-5242 - UserVerificationFormInput html - Remove now unnecessary dev warning as I've provided a default

* PM-5242 - UserVerification Dialog & Form Input - add translations on all clients for all visible text.

* PM-5242 - UserVerificationFormInput html - remove no active client verification handling from form input comp as it is instead emitted upwards to parent dialog component to be handled there.

* PM-5242 - UserVerificationDialogComp - (1) Make UserVerificationDialogResult.noAvailableClientVerificationMethods optional because it isn't needed in cancel flows (thanks Will) (2) Modify static open to intercept closed observable event in order to always return a UserVerificationDialogResult as BitDialog returns empty string when the user clicks the x

* PM-5242 - UserVerificationDialogComp - Simplify dialog param names to remove redundant dialog

* PM-5242 - UserVerificationDialogParams - update comments to match new names

* PM-5242 - UserVerificationDialog Storybook - WIP first draft

* PM-5242 - UserVerificationDialogStoryComponent - WIP - try out having imports the same as the standalone component

* PM-5242 - UserVerificationDialogStoryComponent - more WIP - building now - some stuff displaying

* PM-5242 - UserVerificationDialogStoryComponent - some progress on providers setup

* PM-5242 - Not going to use storybook for user verification dialog

* PM-5242 - UserVerificationDialogComp - move types into own file + add docs

* PM-5242 - Update auth index to export user-verification-dialog.types

* PM-5242 - UserVerificationFormInput & UserVerificationService - Extract out getAvailableVerificationOptions logic into service

* PM-5242 -UserVerificationDialogComponent - Update close logic to handle escape key undefined scenario

* PM-5242 - UserVerificationFormInput - add getInvalidSecretErrorMessage for properly determining invalid secret translation

* PM-5242 - UserVerificationDialogComp - Refactor submit logic to handle different return methodologies in existing MP and OTP user verification service code vs new PIN flow (e.g., throwing an error instead of returning false)

* PM-5242 - PinCryptoService - change error logs to warnings per discussion with Justin

* PM-5242 - UserVerificationFormInput - Biometrics flow on desktop - remove accidentally added period in couldNotCompleteBiometrics translation key.

* PM-5242 - UserVerificationFormInput HTML - Re-arrange order of other client verification options to match design

* PM-5242 - UserVerificationFormInputComponent - Reset inputs as untouched on change of client verification method.

* PM-5242 - UserVerificationDialogComponent - Remove TODO as existing secret change logic turns invalidSecret false when biometrics is swapped to.

* PM-5242 - UserVerificationFormInputComponent - getInvalidSecretErrorMessage - fix PIN error message not being returned.

* PM-5242 - UserVerificationDialogComponent - Add documentation and examples to open method.

* PM-5242 - UserVerificationDialogComponent - tweak open docs

* PM-5242 - Remove accidental period from translation keys on browser & web

* PM-5242 - UserVerificationFormInputComponent - OTP flow needed button module to work

* PM-5242 - UserVerificationDialogParams - Add docs explaining that noAvailableClientVerificationMethods is only for desktop & browser.

* PM-5242 - User-verification-form-input - Adjust layout to meet new design requirements - (1) On load, send OTP without user clicking a button (2) Allow resending of the codes (3) show a code sent message for 3 seconds

* PM-5242 - Browser User Verification - Instantiate PinCryptoService and UserVerification service AFTER instantiating vaultTimeoutSettingsService so that it isn't undefined at run time.

* PM-5242 - JslibServices Module - UserVerificationService - add missing PlatformUtilsServiceAbstraction dependency.

* PM-5242 - Desktop Native Messaging Service - Wrap biometric getUserKeyFromStorage call in try catch because it throws an error if the user cancels the biometrics prompt and doesn't send a response to the browser extension when using the biometrics unlock bridge to the desktop app and OS.

* PM-5242 - Browser Extension - NativeMessagingBackground - if the desktop biometricUnlock command is executed with a canceled (not adjusting misspelling to keep side effects at a min) response, don't bother continuing.

* PM-5242 - BrowserCryptoService - When retrieving the user key via desktop biometrics, return null for user key if the user fails or cancels the biometrics prompt. Otherwise, if there is a user key in memory after unlock, biometrics user verification will always just return the user key from state regardless of if the user has successfully passed the biometrics prompt or not.

* PM-5242 - BrowserCryptoService - extra comments

* PM-5242 - Clean up translations - (1) Remove unused defaultUserVerificationDialogConfirmBtnText (2) Refactor name of defaultUserVerificationDialogTitle to just be verificationRequired which matches existing naming conventions.

* PM-5242 - CLI - fix order of service instantiations to ensure that vaultTimeoutSettingsService isn't undefined for PinCryptoService and UserVerificationService

* PM-5242 - Rename UserVerificationDialogParams to UserVerificationDialogOptions to match existing naming conventions of other CL comps.

* PM-5242 - UserVerificationDialogComponent - dialogParams renamed to dialogOptions

* PM-5242 - UserVerificationService Abstraction - Per PR feedback, use keyof for verificationType

* PM-5242 - UserVerificationBiometricsIcon - Per PR feedback, use https://jakearchibald.github.io/svgomg/ to optimize SVG by 50%.

* PM-5242 - Per PR feedback, clarify UserVerificationDialogOptions.clientSideOnlyVerification comment.

* PM-5242 - UserVerificationTypes - Add comments clarifying all text passed to the UserVerificationDialog are translation keys

* PM-5242 - UserVerificationDialogComp - fix extra new line per PR feedback

* PM-5242 - UserVerificationDialogTypes - per PR feedback and discussion with Will M., export ButtonType from CL so we (and consumers of the dialog) can properly import it via standard CL import.

* PM-5242 - BrowserCryptoService - Adjust comments per PR feedback.

* PM-5242 - UserVerificationDialogComponent - make ActiveClientVerificationOption readonly as it only for component html

* PM-5242 - UserVerificationDialogComp html - finish comment

* PM-5242 - BrowserCryptoService - add returns js doc per PR feedback.

* PM-5242 - UserVerificationDialogComponent - per PR feedback, add unexpected error toast.

* PM-5242  - UserVerificationService - getAvailableVerificationOptions - update params to use keyof like abstraction

* PM-5242 - Mark all existing client specific implemetations of user verification as deprecated.
2024-01-25 14:03:27 -05:00
Justin Baur
45c0c09b71
[PM-5829] Add disk-local option for web (#7669)
* Add `disk-local` option for web

* Fix `web` DI

* Update libs/common/src/platform/state/state-definition.ts

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>

* Rely On Default Implementation for Most of Cache Key

---------

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
2024-01-25 12:48:51 -05:00
✨ Audrey ✨
6b97c0e716
[PM-5840] add duck duck go forwarder (#7674) 2024-01-25 10:24:22 -05:00
✨ Audrey ✨
af4cafa2b9
[PM-5841] add fastmail forwarder (#7676) 2024-01-25 10:23:56 -05:00
✨ Audrey ✨
67f1fc4f95
[PM-5842] add firefox relay forwarder (#7677) 2024-01-25 10:22:55 -05:00
✨ Audrey ✨
f6da6d637c
[PM-5843] add forward email forwarder (#7678) 2024-01-25 10:22:26 -05:00
✨ Audrey ✨
2c69810460
[PM-5844] add simple login forwarder (#7679) 2024-01-25 10:21:51 -05:00
Thomas Rittson
bcb232cc80
[AC-2026] Add flexible collections opt-in UI (#7443) 2024-01-25 16:56:31 +10:00
✨ Audrey ✨
8555dcc613
fix const lint (#7673) 2024-01-24 22:34:59 +00:00
✨ Audrey ✨
df2329f059
[PM-5781] Anon addy forwarder (#7654) 2024-01-24 17:23:39 -05:00
Justin Baur
c1d5351075
[PM-5535] Migrate Environment Service to StateProvider (#7621)
* Migrate EnvironmentService

* Move Migration Test Helper

* Claim StateDefinition

* Add State Migration

* Update StateServices

* Update EnvironmentService Abstraction

* Update DI

* Update Browser Instantiation

* Fix BrowserEnvironmentService

* Update Desktop & CLI Instantiation

* Update Usage

* Create isStringRecord helper

* Fix Old Tests

* Use Existing AccountService

* Don't Rely on Parameter Mutation

* Fix Conflicts
2024-01-24 14:21:50 -05:00
Bernd Schoolmann
842fa5153b
Replace promise.all with for loop for performance reasons (#7582) 2024-01-24 13:42:37 -05:00
Jonathan Prusik
dc9a5079ba
handle access on cipher properties when cipher is undefined (new cipher creation) (#7666) 2024-01-24 12:40:32 -05:00
Matt Gibson
af0d2f515d
Vault/pm-4185/checksum uris (#6485)
* Validate checksum on decrypt of URI

* Add uri checksum to domain during encryption

* Move hash to stateless encrypt service

* Add checksum field to all the other models necessary for syncing with server

* Remove old test in favor of `describe` block

* PM-4185 Added a boolean to control checksum validation

* PM-4185 Fi unit tests

* [PM-4810][PM-4825][PM-4880] Fix encrypted import and add null check (#6935)

* PM-4810 Bumped up version

* PM-4880 Add null check

* PM-4825 Fix encrypted export

* PM-5462 Fix item saving with blank URI (#7640)

* PM-4185 Add back uriChecksum setting

---------

Co-authored-by: Carlos Gonçalves <cgoncalves@bitwarden.com>
Co-authored-by: Matt Bishop <mbishop@bitwarden.com>
Co-authored-by: gbubemismith <gsmithwalter@gmail.com>
Co-authored-by: bnagawiecki <107435978+bnagawiecki@users.noreply.github.com>
2024-01-24 17:22:58 +00:00
Shane Melton
622791307a
[AC-1890] Update the collection PUT/POST response models to include collection permission details (#7512) 2024-01-24 08:26:43 -08:00
aj-rosado
512f6ef892
Added capability on psono importer to add sub-folders (#7602) 2024-01-24 12:55:43 +00:00
Matt Gibson
e23bcb50e8
[PM-5533] Migrate Org Keys to state providers (#7521)
* Move org keys to state providers

* Create state for org keys and derive decrypted for use

* Make state readonly

* Remove org keys from state service

* Migrate user keys state

* Review feedback

* Correct test name

* Refix key types

* `npm run prettier` 🤖
2024-01-23 13:01:49 -08:00
✨ Audrey ✨
dbf836b573
[PM-5606] Add reactive generator service (#7446) 2024-01-23 14:22:52 -05:00
Kyle Spearrin
e359aef979
fixes (#7145) 2024-01-23 18:21:59 +00:00
Alex Morask
014281cb93
[AC-1758] Show banner when organization requires a payment method (#7088)
* Add billing banner states to account settings

* Add billing banner service

* Add add-payment-method-banners.component

* Use add-payment-method-banners.component in layouts

* Clear banner on payment method addition

* Ran prettier after CI update

* Finalize banners styling/translations

* Will's (non-Tailwind) feedback

* Review feedback

* Review feedback

* Review feedback

* Replace StateService with StateProvider in BillingBannerService

* Remove StateService methods
2024-01-23 12:47:52 -05:00
✨ Audrey ✨
d5738b7483
[PM-5780] New username generation settings types (#7613)
Split from  #6924
2024-01-23 09:52:20 -05:00
Cesar Gonzalez
0127db44a0
[PM-5551] Removing Autofill v2 and AutofillOverlay Feature Flags (#7642)
* [PM-5551] Removing Autofillv2 and AutofillOverlay Feature Flags

* [PM-5551] Fully removing references to autofill v1
2024-01-22 17:11:07 +00:00
Tom
ec7c3878c9
Tools/pm 4440 replace lastpass sso dialog (#7608)
* Initial implementation of simple dialog

* Updating buttons and dialog type

* Set the cancel text normally

* Removing the lastpass sso dialog component
2024-01-22 16:05:31 +00:00
Oscar Hinton
7bb4ea842f
[PM-3919] Remove deprecated Angular functionality from ModalService (#6285)
Remove deprecated Angular functionality from ModalService so we can upgrade Angular.
2024-01-22 09:36:42 +00:00
Jake Fink
07af08b893
[PM-2772] add flag to deter process reload if cancel is clicked on biometrics (#7350)
* add flag to deter process reload if cancel is clicked on biometrics

* rename flag

* store biometrics cancelled to disk instead of integrating with process reload

* allow auto-prompt when opening app
2024-01-19 10:08:55 -05:00
Kyle Spearrin
06c7c3fd18
[PM-5149] UI for unique SP entity id on organization sso configs (#7117)
* add ui for making sp entity id unique

* pretty

* updates
2024-01-18 21:54:31 +00:00
Justin Baur
06028c35bc
Fully Test EnvironmentService (#7589)
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
2024-01-18 13:06:54 -05:00
Justin Baur
57609737f1
Fix SingleUserStateProvider (#7593)
* Fix SingleUserStateProvider

- Fix cache key to be unique per instance per user

* Add Specific State Provider Tests

* Add Missing await
2024-01-18 13:02:30 -05:00
Oscar Hinton
5810b0c7a2
[PM-5300] Use deep linking for premium (#6432)
Resolves the get premium links not working in the browser extension. Replaces them with the deep links instead.
2024-01-18 17:43:34 +01:00
Jonathan Prusik
8e9a104bd0
[deps] Autofill: Update prettier to v3.2.2 (#7565)
* [deps] Autofill: Update prettier to v3.2.2

* prettier fixes

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-01-17 16:02:44 -05:00
Thomas Rittson
ee4aa31444
[AC-2027] Update Flexible Collections logic to use organization property (#7445)
* Remove unused feature flag

* Replace feature flag ref with org flag

* Remove deprecated feature flag to discourage use

* Add check to org.canCreateNewCollections

* Adjust init logic of components to avoid race conditions

* Make canCreateNewCollections logic more explicit

* Resolve merge conflicts with vault changes

* Update comments

* Remove uses of old feature flag

* Remove last of old feature flag

* Clean up feature flag

* Fix linting

* Fix linting
2024-01-17 12:33:39 +00:00
Matt Gibson
160a636fa0
Move key types to central location (#7531) 2024-01-17 07:27:44 -05:00
Jared Snider
756c02cec2
Auth/PM-4596 - Extract PIN and Biometrics unlock method logic into re-useable services for user verification (#7107)
* PM-4596 - PinCryptoService first draft

* PM-4596 - PinCryptoService - Refactor pinKeyEncryptedKey retrievals out into own method getPinKeyEncryptedKeys

* PM-4596 - npm ci + npm run prettier to fix lint issues

* PM-4596 - PinCryptoService - Add kdf types

* PM-4596 - PinCryptoService - Refactor pin validation into own helper method.

* PM-4596 - Rename pin-crypto.service.ts to pin-crypto.service.implementation.ts

* PM-4596 - PinCryptoService - add additional logging for error states.

* PM-4596 - JslibServicesModule - register new PinCryptoService and PinCryptoServiceAbstraction

* PM-4596 - PinCryptoService - modify decryptUserKeyWithPin signature to not require email to match MP verification process in user verification service.

* PM-4596 - Lock components - use new PinCryptoService.decryptUserKeyWithPin(...) to get user key + refactor base comp unlock with pin method to improve

* PM-4596 - Lock component - if too many invalid attempts, added toast explaining that we were logging the user out due to excess PIN entry attempts

* PM-4596 - UserVerificationService - (1) Refactor verifyUser(...) to use switch + separate methods for a cleaner parent method + better extensibility for PIN & biometrics which are TBD (2) Add PIN support to validateInput(...)

* PM-4596 - UserVerificationService - add PIN and biometrics functions to verifyUser(...)

* PM-4596 - PinCryptoService Spec - start test file - instantiates properly

* PM-4596 - PinCryptoService tests - WIP

* PM-4596 - PinCryptoService tests - WIP - got success cases working

* PM-4596 - pin-crypto.service.implementation.spec.ts renamed to pin-crypto.service.spec.ts

* PM-4596 - PinCryptoService.getPinKeyEncryptedKeys(...) - add comment + var name change for clarity

* PM-4596 - PinCryptoService tests - test invalid, null return scenarios

* PM-4596 - CLI - bw.ts - update UserVerificationService instantiation to include new pinCryptoService

* PM-4596 - PinCryptoService - import VaultTimeoutSettingsServiceAbstraction instead of implementation for factory creation to get browser building

* PM-4596 - (1) Create pinCryptoServiceFactory for browser background (2) Add it to the existing userVerificationServiceFactory

* PM-4596 - Browser - Main.background.ts - Add pinCryptoService and add to userVerificationService dependencies

* PM-4596 - UserVerificationService - per PR feedback simplify returns of verifyUserByPIN(...) and verifyUserByBiometrics(...)

* PM-4596 - Messages.json on desktop & browser - per PR feedback, adjust tooManyInvalidPinEntryAttemptsLoggingOut translation text to remove "you"

* PM-4596 - VerificationType enum - fix line copy mistake and give BIOMETRICS own, unique value.

* PM-4596 - VerificationType - rename BIOMETRICS to Biometrics to match existing MasterPassword value case.

* PM-4596  - Update verification type to consider whether or not a secret exists as we have added a new verification which doesn't have a type. Add new server and client side verification types.  Update all relevant code to pass compilation checks.

* PM-4596 - More verification type tweaking

* PM-4596 - Verification - verificationHasSecret - tweak logic to be more dynamic and flexible for future verification types

* PM-4596 - UpdateTempPasswordComp - use new MasterPasswordVerification

* PM-4596 - Desktop - DeleteAcctComp - use VerificationWithSecret to solve compile error w/ accessing secret

* PM-4596 - Per discussions with Andreas & Will, move new Pin Crypto services into libs/auth + added @bitwarden/auth path to CLI tsconfig + added new, required index.ts files for exporting service abstractions & implementations

* PM-4596 - Fixed missed import fixes for lock components across clients for pin crypto service after moving into @bitwarden/auth

* PM-4596 - More PinCryptoService import fixes to get browser & desktop building

* PM-4596 - Update desktop lock comp tests to pass by providing new pin crypto service.

* PM-4596 - User verification service -update todo

* PM-4596 - PinCryptoService - per PR feedback, fix auto import wrong paths.

* PM-4596 - PinCryptoService tests - fix imports per PR feedback

* PM-4596 - UserVerificationSvc - rename method to validateSecretInput per PR feedback

* Fix imports

* PM-4596 - PinCryptoService - Refactor naming for clarity and move test cases into describes per PR feedback

* reorg libs/auth; expose only libs/auth/core to cli app

* PM-4596 - UserVerification - Resolve import issue with importing from libs/auth. Can't use @bitwarden/auth for whatever reason.

* PM-4596 - Fix desktop build by fixing import

* PM-4596 - Provide PinCryptoService to UserVerificationService

* PM-4596 - PinCryptoServiceFactory - you cannot import services from @bitwarden/auth in the background b/c it brings along the libs/auth/components and introduces angular into the background context which doesn't have access to angular which causes random test failures. So, we must separate out the core services just like the CLI to only bring along the angular agnostic services from core.

* PM-4596 - Refactor libs/auth to have angular / common + update all imports per discussion with Matt & Will. Introduced circular dep between PinCryptoService + VaultTimeoutSettingsService + UserVerificationService

* PM-4596 - VaultTimeoutSettingsService - Refactor UserVerificationService out of the service and update all service instantiations and tests. The use of the UserVerificationService.hasMasterPassword method no longer needs to be used for backwards compatibility. This resolves the circular dependency between the PinCryptoService, the UserVerificationService, and the VaultTimeoutSettingsService. We will likely refactor the hasMasterPassword method out of the UserVerificationService in the future.

* PM-4596 - Update CL tsconfig.libs.json to add new auth/common and auth/angular paths for jslib-services.module imports of pin crypto service to work and for test code coverage to run successfully.

* PM-4596 - Address PR feedback

* PM-4596 - Update root tsconfig (only used by storybook) to add new libs/auth paths to fix chromatic build pipeline.

* PM-4596 - Actually update tsconfig with proper routes to fix storybook

* PM-4596 - UserVerificationService - verifyUserByBiometrics - add error handling logic to convert failed or cancelled biometrics verification to a usable boolean

* PM-4596 - Add missing await

* PM-4596 - (1) Add log service and log to user verification service biometric flow to ensure errors are at least revealed to the console (2) Fix factory missing PinCryptoServiceInitOptions

* PM-4596 - Use the correct log service abstraction

* PM-4596 - Remove unused types per PR review

---------

Co-authored-by: William Martin <contact@willmartian.com>
2024-01-16 14:52:06 -05:00
Jonathan Prusik
eae845d900
[PM-4260] [BEEEP] Mask TOTP seeds in cipher edit view - similar to how the password is hidden (#6649)
* PoC disallow changing masked values in edit mode and mask TOTP with password

* toggle totp seed visibility independently from password visibility in edit mode

* cleanup

* add fallback value for when a cipher returns a null value for maskedPassword

* toggle masks off for maskable login properties with no value on load

* do not show mask toggle for password or totp if no value is present
2024-01-12 22:35:30 -05:00
Oscar Hinton
93e9937e5c
Add some test cases to the password strength service (#7483)
Co-authored-by: Daniel James Smith <2670567+djsmith85@users.noreply.github.com>
2024-01-12 07:25:33 +01:00
Rui Tomé
48643e45ea
[AC-1893] Removed logic to downgrade Manager roles and remove Edit/Delete any collection permissions for Flexible Collections (#7365) 2024-01-12 07:54:11 +10:00
Justin Baur
0874df8b84
Global State Rewrite (#7515)
* Global State Rewrite

* Apply suggestions from code review

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>

* Prettier

---------

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
2024-01-11 16:32:56 -05:00
Matt Bishop
6baad76088
[PM-5548] Eliminate in-app purchase logic (#7433)
* Eliminate in-app purchase logic

* Remove more in-app logic found, for payment and subscription management

---------

Co-authored-by: Lotus Scott <148992878+lscottbw@users.noreply.github.com>
2024-01-11 15:24:43 -05:00
aj-rosado
99022e2baa
Added dashed line as separator and label for common formats on format selector for import (#7432) 2024-01-11 16:24:40 +00:00
Oscar Hinton
280cb7e2c0
[CL-161] Update bit-search support autofocus (#7272)
appAutofocus currently doesn't work on the bit-search component. This PR resolves this issue by introducing a FocusableElement interface components can implement, which is respected by the autofocus directive.
2024-01-11 16:52:22 +01:00
Matt Gibson
f8d72f0231
[PM-5465] Fix null checks in login view uris (#7421)
* Prefer empty lists to null

* Defensively null check public properties
2024-01-11 14:55:16 +00:00
Thomas Rittson
1f57244d1a
Add organization.flexibleCollections to models (#7442) 2024-01-11 13:52:18 +10:00
Tom
a572e4119e
[PM-4535] Import into org vault with remove individual vault policy set (#7343)
* Refactored import ngOnInit. Set the default org if import allowed. Verified org id exists on import

* moving handlePolicies to the end of ngOnInit
2024-01-10 16:12:24 -05:00
Todd Martin
7bd8b00fbf
[PM-2260] Remove TDE feature flag and all conditional logic based on it (#7352) 2024-01-10 12:33:11 -05:00
Matt Gibson
46a3834f46
Add state for everHadUserKey (#7208)
* Migrate ever had user key

* Add DI for state providers

* Add state for everHadUserKey

* Use ever had user key migrator

Co-authored-by: SmithThe4th <gsmithwalter@gmail.com>
Co-authored-by: Carlos Gonçalves <LRNcardozoWDF@users.noreply.github.com>
Co-authored-by: Jason Ng <Jcory.ng@gmail.com>

* Fix test from merge

* Prefer stored observables to getters

getters create a new observable every time they're called, whereas one set in the constructor is created only once.

* Fix another merge issue

* Fix cli background build

---------

Co-authored-by: SmithThe4th <gsmithwalter@gmail.com>
Co-authored-by: Carlos Gonçalves <LRNcardozoWDF@users.noreply.github.com>
Co-authored-by: Jason Ng <Jcory.ng@gmail.com>
2024-01-10 11:51:45 -05:00
Matt Gibson
211d7a2626
Ps/improve state provider fakers (#7494)
* Expand state provider fakes

- default null initial value for fake states
- Easier mocking of key definitions through just the use of key names
  - allows for not exporting KeyDefinition as long as the key doesn't collide
- mock of fake state provider to verify `get` calls
- `nextMock` for use of the fn mock matchers on emissions of `state$`
- `FakeAccountService` which allows for easy initialization and working with account switching

* Small bug fix for cache key collision on key definitions unique by only storage location

* Fix initial value for test
2024-01-10 10:36:19 -05:00
Todd Martin
c9a2f07e04
Remove Fido2VaultCredentials feature flag (#7463)
* Removed Fido2 client credentials feature flag

* Removed test for feature flag.
2024-01-09 12:56:58 -05:00
Ike
6f22f05eee
Update sso prevalidate path (#7479)
* Update sso prevalidate path

* fixed formatting
2024-01-08 11:24:45 -08:00
Mathijs van Veluw
06adde65e7
[PM-4906] Allow bitmenu to overflow and scroll when needed (#6941)
add `tw-overflow-y-auto` to bit-menu which will automatically add a scrollbar when needed
2024-01-05 10:41:30 -05:00
Matt Gibson
92f593df08
Remove unnecessary complex types (#7451)
#7290 introduced these types, but during development we switched over to specifying dependencies in type parameters instead of an object. This change meant we no longer needed these `Type` or `ShapeToInstance` types, greatly simplifying the types related to derived state.
2024-01-04 16:50:55 -05:00
Justin Baur
5e11cb212d
Combined State (#7383)
* Introduce Combined State

* Cleanup Test

* Update Fakes

* Address PR Feedback

* Update libs/common/src/platform/state/implementations/default-active-user-state.ts

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>

* Prettier

* Get rid of ReplaySubject reference

---------

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
2024-01-04 16:30:20 -05:00
Matt Gibson
06affa9654
Rework derived state (#7290)
* Remove derived state from state classes

* Create provider for derived state

Derived state is automatically stored to memory storage, but can be derived from any observable.

* Fixup state provider method definitions

* Test `DefaultDerivedState`

* remove implementation notes

* Write docs for derived state

* fixup derived state provider types

* Implement buffered delayUntil operator

* Move state types to a common module

* Move mock ports to centra location

* Alias DerivedStateDependency type

* Add dependencies to browser

* Prefer internal rxjs operators for ref counting

* WIP

* Ensure complete on subjects

* Foreground/background messaging for browser

Defers work for browser to the background

* Test foreground port behaviors

* Inject foreground and background derived state services

* remove unnecessary class field

* Adhere to required options

* Add dderived state to CLI

* Prefer type definition in type parameters to options

* Prefer instance method

* Implements factory methods for common uses

* Remove nothing test

* Remove share subject reference

Share manages connector subjects internally and will reuse them until
refcount is 0 and the cleanup time has passed. Saving our own reference
just risks memory leaks without real testability benefits.

* Fix interaction state
2024-01-04 14:47:49 -05:00
Jason Ng
eebd10dfd0
linting failures from community pr update (#7434) 2024-01-03 15:36:48 -05:00
Bernd Schoolmann
1b4717a78f
[PM-3343] Capture TOTP QR codes from websites in the browser extension (#5985)
* Implement totp capture for browser extensions
2024-01-03 13:20:17 -05:00
Jared Snider
1fdc6629e3
Auth/PM-3859 - Desktop - Create lock mechanism to prevent app menu redraw on sync complete when user logging out (#6920)
* PM-3859 - Desktop App Comp - Build lock mechanism for update app menu which doesn't try to update the menu for users who are being logged out which was causing errors (primary scenario was triggered by logging in on desktop with a TDE user w/out a MP, triggering a sync, then hitting the command to lock the vault right after which would trigger a log out while the sync was still in process.  Then, while the log out was in process, the sync would try and trigger an update to the app menu but it would error as some of the user's state had already been cleaned up)

* PM-3859 - App comp - remove use of promise.all to prevent any race conditions from causing intermittent logout errors with state being cleared and then values trying to be set on the cleared state (I observed setMasterKey get called after state account.keys was cleared - received error when attempting to set value on undefined).

* PM-3859 - Desktop Vault Items Component - on log out, if you were on the vault screen, the loss of focus on the vault search text box would trigger a search 200 ms after log out had been triggered.  This would eventually attempt to set an undefined master key (VaultItemsComponent.doSearch() --> cipherService.getAllDecrypted() --> cryptoService.getUserKeyWithLegacySupport() --> cryptoService.getMasterKey() --> cryptoService.setMasterKey()).  However, at this point, the account had been cleared as part of the log out process and an error would be thrown in the state service for trying to set account.keys.masterKey to undefined when the account and account.keys were undefined. These changes prevent the search from firing until the value changes and also prevents setMasterKey from being called if it is undefined.
2024-01-02 22:22:17 +00:00