1
0
mirror of https://github.com/bitwarden/browser.git synced 2024-11-29 12:55:21 +01:00
Commit Graph

1574 Commits

Author SHA1 Message Date
Ike
7051f255ed
[PM-4168] Enable encryption for registered passkeys (#7074)
* Added enable encryption

* various updates and tests added.

* fixing linter errors

* updated spec file
2023-12-13 07:02:35 -08:00
Justin Baur
180d3a99e3
Timeout Vault of Inactive Users on System Lock (#7194) 2023-12-13 09:11:42 -05:00
✨ Audrey ✨
df406a9862
[PM-252] fix inconsistent generator configuration behavior (#6755)
* decompose password generator policy enforcement
* integrate new logic with UI
* improve UX of minimum password length
* improve password generator policy options documentation
* initialize min length to default minimum length boundary
* reset form value on input to prevent UI desync from model

---------

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2023-12-12 19:17:20 -05:00
Todd Martin
bfa76885ac
[PM-4107] Only call config on successful sync (#7149) 2023-12-12 18:14:34 -05:00
rr-bw
bb096724b2
update account switcher styling for all themes (#7182) 2023-12-12 10:59:03 -08:00
SmithThe4th
f0cdcccf81
[PM-4012] Vault Timing out on Chrome and Edge breaks passkeys until page is reloaded (#6845)
* changed content script injection strategy

* added persistent connection and reinjection of the content script

* cleanup resources on disconnect

* cleanup resources on disconnect

* concluded messanger event listeners cleanup and added unit tests

* Switched to use browser api add listener instead of navtive apis

* renamed cleanup to destroy and added reconnect and disconnect command functions

* refactored to use foreach and check for only https urls

* refactored the content script to only load the page script if it currently doesn't extist of the page, and if it does sends a reconnect command to the page-script to replace the native webauthn methods

* updated unit test

* removed memoized logic

* moved the send disconect command to the messenger

* updated unit test

* test messenger handler

* [PM-4012] fix: add `senderId` to messenger

* destroy pending requets

* cleaned up page script and terminated pending request

* fixed cannot read properties of undefined

* rearranged functions, renamed misspelled words, and created test

* mocked EventTarget as there are issues on jest for listeners getting the events

* Return fall back error instead

* Update apps/browser/src/vault/fido2/content/content-script.ts

Co-authored-by: Cesar Gonzalez <cesar.a.gonzalezcs@gmail.com>

* Update apps/browser/src/vault/fido2/content/messaging/messenger.ts

Co-authored-by: Cesar Gonzalez <cesar.a.gonzalezcs@gmail.com>

* removed whitespace

---------

Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>
Co-authored-by: Cesar Gonzalez <cesar.a.gonzalezcs@gmail.com>
2023-12-12 13:49:24 -05:00
Will Martin
02ba26e53c
[AC-1786] deprecate manager role (#6931)
* add deprecation message

* hide manager option

* deprecate manager enum
2023-12-12 09:43:47 -05:00
Will Martin
79dbe051c8
[AC-1747] deprecate access control indicator (#6796)
---------

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2023-12-11 22:40:11 -05:00
Cesar Gonzalez
4d05b008f0
[PM-5035] Fix autofill overlay clickjacking vulnerability that can be triggered by a malicious extension (#7001)
* [PM-5035] Fix autofill overlay clickjacking vulnerability that can be triggered by a malicious extension

* [PM-5035] Modifying method structure

* [PM-5035] Refactoring method structure

* [PM-5035] Refactoring method structure

* [PM-5035] Applying prettier to implementation
2023-12-11 15:44:15 -06:00
Matt Gibson
33fd7094ca
Do not early return from logout (#7147)
The subsequent path helps to trigger process reload when the active user
logs out and the new active is locked.
2023-12-11 15:19:56 -05:00
Matt Gibson
b4dbace7a6
Do not drop optional parameters in overrides (#7176) 2023-12-11 13:44:23 -05:00
Oscar Hinton
a40643d9d6
Move SM header into web (#6976) 2023-12-11 18:22:37 +01:00
Andreas Coroiu
29841605fb
[PM-4766] Disable fido2 integration on bw vault page (#6861)
* [PM-4766] feat: disable fido2 integration on bw vault page

* [PM-4766] fix: lint
2023-12-11 17:05:48 +01:00
Alex Morask
4f9120576d
[AC-1797] Prevent billing email/business name update for resellers (#7042)
* Prevent billing email/business name updates for reseller

* Enable business name based on CS feedback

* Fixed prettier issue
2023-12-11 10:26:43 -05:00
renovate[bot]
ea9cc85f7f
Update cargo minor (#6121)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Hinton <hinton@users.noreply.github.com>
2023-12-11 15:23:48 +01:00
Oscar Hinton
cf0c6e8896
[PM-4349] Migrate hasPremium and debounceNavigation to be functional (#6591)
Class based router guards are deprecated as of Angular 15.2, per angular.io/guide/deprecations#router-class-and-injection-token-guards. To simplify future angular upgrades we need to resolve these deprecations.

This PR migrates the HasPremium and DebounceNavigationService guards to use the new functional pattern.
2023-12-11 14:22:34 +00:00
Cesar Gonzalez
7db844baf2
[PM-5048] Query params are not persisting in extension popout window (#7019)
* [PM-5048] Query params are not persisting in extension popout window

* [PM-5048] Reverting how we identify whether the user is popping out the current tab;

* [PM-5048] Adding jest test to validate skipping parsing of the extension path

* [PM-5048] Adding jest test to validate skipping parsing of the extension path

* [PM-5048] Reworking implementation to ensure that popout window query params remain persistent

* [PM-5048] Reworking implementation to ensure that appended query params do not remain persistent, but popout window query params do remain persistent. Fixing issues within vault item popouts and adding jest tests to verify those fixes

* [PM-5048] Modifying how query params are set within vault popout windows

* [PM-5048] Running prettier
2023-12-08 22:26:29 +00:00
Rui Tomé
483a197e4d
[AC-1139] Flexible collections: deprecate Manage/Edit/Delete Assigned Collections custom permissions (#6906)
* [AC-1139] Add new layout for MemberDialogComponent when FC feature flag is enabled

* [AC-1139] Deprecated Organization canEditAssignedCollections, canDeleteAssignedCollections, canViewAssignedCollections

* [AC-1139] Checking if FC feature flag is enabled when using canDeleteAssignedCollections or canViewAssignedCollections

* [AC-1139] Added missing parameter to customRedirect

* [AC-1139] Fixed canEdit permission

* [AC-1139] Fixed CanDelete logic

* [AC-1139] Changed canAccessVaultTab function to receive configService

* Override deprecated values on sync

* [AC-1139] Reverted change that introduced ConfigService as a parameter to canAccessVaultTab

* [AC-1139] Fixed circular dependency

* [AC-1139] Moved overriding of deprecated values to syncService

* Revert "[AC-1139] Fixed circular dependency"

This reverts commit 6484420976.

* Revert "Override deprecated values on sync"

This reverts commit f0c25a6996.

* [AC-1139] Added back the deprecation of methods canEditAssignedCollections, canDeleteAssignedCollections, canViewAssignedCollections

* [AC-1139] Reverted change on syncService

* [AC-1139] Override deprecated values on sync

* [AC-1139] Fix canDelete logic in
collection-dialog.component.ts and
bulk-delete-dialog.component.ts

* [AC-1139] Moved override logic from syncService to organizationService

* [AC-1139] Add ability to have titlecase titles on nested-checkbox.component checkboxes; use on member-dialog.component

* Revert "[AC-1139] Add ability to have titlecase titles on nested-checkbox.component checkboxes; use on member-dialog.component"

This reverts commit 9ede0fc5ac.

* [AC-1139] Fix bulk delete functionality

* [AC-1139] Refactor canEdit and canDelete to use ternary operator

* [AC-1139] Fix canDelete condition in VaultComponent

---------

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2023-12-08 18:07:52 +00:00
Daniel James Smith
d76602343f
Bump electron to v27.1.3 (#7134)
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2023-12-08 13:07:46 +01:00
github-actions[bot]
7289111399
Autosync the updated translations (#7139)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2023-12-08 11:33:21 +00:00
Daniel García
db3bbc0aea
[PM-5144] Use sync fs in desktop i18n loading (#7114) 2023-12-08 12:15:46 +01:00
github-actions[bot]
c8c52957a0
Autosync the updated translations (#7140)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2023-12-08 12:02:15 +01:00
github-actions[bot]
e0229021b0
Autosync the updated translations (#7138)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2023-12-08 11:56:31 +01:00
Cesar Gonzalez
dafb251cac
[PM-4923] Form elements that fade into view contain incorrectly cached page details (#6953)
* [PM-4923] Form Elements that Fade into View Contain Incorrectly Cached Page Details

* [PM-4923] Form Elements that Fade into View Contain Incorrectly Cached Page Details

* [PM-4923] Running prettier on implementation
2023-12-07 22:23:42 +00:00
Thomas Avery
51c5e053f7
[SM-909] Migrate service account people tab to new selector (#6534)
* migrate sa -> people tab to new selector

* remove unused code

* Add access token still available warning
2023-12-07 15:33:45 -06:00
Cesar Gonzalez
e5b8fd4388
[PM-5148] Removing Browser Autofill Override Setting and Add Message (#7110)
* [PM-5148] Removing Browser Autofill Override Setting and Add Message

* [PM-5148] Removing translation keys

* [PM-5148] Removing translation keys

* [PM-5148] Modifying how we present the link to users to ensure translations can be more effective
2023-12-07 20:39:28 +00:00
Todd Martin
2b3faca86b
Move PasswordStrengthComponent to Tools (#7125)
* Moved password-strength component to Tools

* Move zxcvbn into Tools ownership

zxcvbn is the library currently used to calculate the password-strength

---------

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2023-12-07 14:11:05 -05:00
renovate[bot]
2b9635cb9a
[deps] Tools: Update jsdom to v23 (#7130)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-07 12:39:16 +01:00
github-actions[bot]
6ddf87bc72
Bumped desktop version to 2023.12.1 (#7123)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2023-12-06 13:35:32 -05:00
rr-bw
ac899bebeb
[PM-194] Browser Account Switcher UI (#6772)
* Handle switch messaging

TODO: handle loading state for account switcher

* Async updates required for state

* Fallback to email for current account avatar

* Await un-awaited promises

* Remove unnecessary Prune

Prune was getting confused in browser and deleting memory in browser on
account switch. This method isn't needed since logout already removes
memory data, which is the condition for pruning

* Fix temp password in browser

* Use direct memory access until data is serializable

Safari uses a different message object extraction than firefox/chrome
and is removing `UInt8Array`s. Until all data passed into StorageService
is guaranteed serializable, we need to use direct access in state
service

* Reload badge and context menu on switch

* Gracefully switch account as they log out.

* Maintain location on account switch

* Remove unused state definitions

* Prefer null for state

undefined can be misinterpreted to indicate a value has not been set.

* Hack: structured clone in memory storage

We are currently getting dead objects on account switch due to updating
the object in the foreground state service. However, the storage service
is owned by the background. This structured clone hack ensures that all
objects stored in memory are owned by the appropriate context

* Null check nullable values

active account can be null, so we should include null safety in the
equality

* Correct background->foreground switch command

* Already providing background memory storage

* Handle connection and clipboard on switch account

* Prefer strict equal

* Ensure structuredClone is available to jsdom

This is a deficiency in jsdom --
https://github.com/jsdom/jsdom/issues/3363 -- structured clone is well
supported.

* Fixup types in faker class

* add avatar and simple navigation to header

* add options buttons

* add app-header to necessary pages

* add back button and adjust avatar sizes

* add helper text when account limit reached

* convert magic number to constant

* add clarifying comment

* adjust homepage header styles

* navigate to previousp page upon avatar click when already on '/account-switcher'

* move account UI to own component

* add i18n

* show correct auth status

* add aria-hidden to icons

* use listbox role

* add screen reader accessibility to account component

* more SR a11y updates to account component

* add hover and focus states to avatar

* refactor hover and focus states for avatar

* add screen reader text for avatar

* add slide-down animation on account switcher close

* remove comment

* setup account component story

* add all stories

* move navigation call to account component

* implement account lock

* add button hover effect

* implement account logout

* implement lockAll accounts functionality

* replace 'any' with custom type

* add account switcher button to /home login page

* use <main> tag (enables scrolling)

* change temp server filler name

* temporarily remove server arg from account story

* don't show avatar on /home if no accounts, and don't show 'lock'/'logout' buttons if no currentAccount

* add translation and a11y to /home avatar

* add correct server url to account component

* add 'server' to AccountOption type

* Enabled account switching client-side feature flag.

* add slide-in transition to /account-switcher page

* change capitalization to reflect figma design

* make screen reader read active account email, address more capitalization

* fix web avatar misalignment

* make avatar color based on user settings and in sync with other clients

* make property private

* change accountOptions to availableAccounts for clarity

* refactor to remove 'else' template ref

* remove empty scss rule

* use tailwind instead of scss

* rename isSelected to isActive

* add 'isButton' to /home page avatar

* move files to services folder

* update import

* Remove duplicate active account button

* Move no account button to current-account component

* Always complete logging out

Fixes PM-4866

* make screenreader read off email, not name

* refactor avatar for button case

* Do not next object updates

StateService's init was calling `updateState` at multiple layers,
once overall and then again for each account updated. Because
we were not maintaining a single state object through the
process, it was ending up in a consistent, but incomplete state.
Fixed by returning the updated state everywhere. This very well
may not be all the bugs associated with this

* Treat null switch account as no active user

* Listen for switchAccountFinish before routing (#6950)

* adjust avatar style when wrapped in a button

* show alt text for favicon setting

* move stories to browser

* Send Finish Message on null

* Dynamically set active user when locking all

This is required because some user lock states are not recoverable after
process reload (those with logout timeout). This waits until reload is
occurring, then sets the next user appropriately

* Move Finished Message to Finally Block

Fix tests

* Drop problematic key migration

Fixes PM-4933. This was an instance of foreground/background collision
when writing state. We have several other fallbacks of clearing
these deprecated keys.

* Prefer location to homebrew router service

* Initialize account disk cache from background

Uses the `isRecoveredSession` bool to re-initialize foreground caches
from a background message. This avoids a lengthy first-read for
foregrounds

* PM-4865 - Browser Acct Switcher - only show lock btn for lockable accounts (#6991)

* Lock of active account first, when locking multiple.

Fixes PM-4996

* Fix linter

* Hide lock now for locked users (#7020)

* Hide lock now for locked users

* Prefer disabling button to removing

* Add tooltip to TDE without unlock method

* Load all auth states on state init (#7027)

This is a temporary fix until the owning services can update state
themselves. It uses the presence of an auto key to surmise unlocked
state on init. This is safe since it's run only once on extension start.

* Ps/pm 5004/add load to account switcher (#7032)

* Add load spinner to account switcher

* Remove ul list icons

* Properly size account switcher in popout

* [PM-5005] Prevent Double Navigation (#7035)

* Delete Overriden Method

* Add Lock Transition

* truncate email and server name

* remove account.stories.ts (will add in separate PR)

* Do not switch user at reload if no user is active

* fix prettier issues

---------

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
Co-authored-by: bnagawiecki <107435978+bnagawiecki@users.noreply.github.com>
2023-12-06 09:22:48 -08:00
github-actions[bot]
0aca876b75
Bumped browser,cli,desktop version to 2023.12.0 (#7116)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2023-12-06 10:42:04 -05:00
Oscar Hinton
7bbdee9daa
[PM-3565] Enforce higher minimum KDF (#6440)
Changes minimum iterations for PBKDF2 to 600 000. Also converts the constants into ranges to ensure there is only a single place for all checks.
2023-12-05 10:55:12 -05:00
github-actions[bot]
56860482b1
Bumped web version to 2023.12.0 (#7105)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2023-12-05 10:54:08 -05:00
renovate[bot]
67f25eec1f
[deps] Tools: Update tldts to v6.1.0 (#7104)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-05 14:47:34 +01:00
renovate[bot]
2972c6fd96
[deps] Platform: Update @types/node to v18.19.2 (#6739)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-05 12:33:49 +01:00
Will Martin
4b7ab41132
[AC-1726] Create restricted access view for collections (#6949) 2023-12-04 16:12:55 -05:00
Jared L
e961761ee9
fix(browser): prevent registration-induced crash (#6799)
Fixed a bug where `authenticatorSelection` may be undefined and cause
the extension to crash when attempting to register a new credential.

Co-authored-by: SmithThe4th <gsmith@bitwarden.com>
2023-12-04 14:57:17 -05:00
Conner Turnbull
c1963f1bc3
Cleaned up feature flag logic now that it's released (#7030) 2023-12-04 08:16:43 -05:00
Jake Fink
641ae844fb
[PM-3797 Part 2] Create Account Recovery Service (#6667)
* create account recovery service

* update legacy migration tests

* declare account recovery service in migrate component

* create account recovery module

* remove changes to core organization module

* use viewContainerRef to allow dependency injection on modal

* fix imports
2023-12-01 17:21:04 -05:00
Thomas Rittson
0d035c5a09
[AC-1873] Only assign user in the front-end if using Flexible Collections (#7051)
* Only assign user in the front-end if using Flexible Collections

* Fix prettier
2023-12-01 09:45:52 -06:00
github-actions[bot]
8a19328af2
Autosync the updated translations (#7054)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2023-12-01 12:18:23 +01:00
github-actions[bot]
67ffe67816
Autosync the updated translations (#7055)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2023-12-01 12:09:12 +01:00
Jake Fink
8a0fa574c7
move web settings to auth (#7022) 2023-11-30 17:15:06 -05:00
Cesar Gonzalez
0b9a2775f0
[PM-5043] Update ownership of code to autofill team (#7017)
* [PM-5043] Update owernship of code belonging to autofill team

* [PM-5043] Updating location of webRequest.background.ts file to belong to autofill team

* [PM-5043] Updating location of autofill component settings within the popup
2023-11-30 19:59:33 +00:00
Daniel James Smith
1c43f77d51
Make linter happy (#7043)
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2023-11-30 16:20:23 +00:00
Daniel James Smith
a79b4e182f
Fix hide text toggle on send access (#7028)
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2023-11-30 16:07:25 +00:00
renovate[bot]
28de9439be
[deps] Autofill: Update prettier to v3 (#7014)
* [deps] Autofill: Update prettier to v3

* prettier formatting updates

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Jonathan Prusik <jprusik@classynemesis.com>
2023-11-29 16:15:20 -05:00
Jonathan Prusik
4ff5f38e89
replace del with rimraf (#7024) 2023-11-29 13:53:48 -05:00
Jonathan Prusik
c945f08a5d
update gulp-zip and gulp-filter to latest versions (#7026) 2023-11-29 13:44:22 -05:00
Matt Gibson
7a7fe08a32
Ps/pm 2910/handle switch messaging (#6823)
* Handle switch messaging

TODO: handle loading state for account switcher

* Async updates required for state

* Fallback to email for current account avatar

* Await un-awaited promises

* Remove unnecessary Prune

Prune was getting confused in browser and deleting memory in browser on
account switch. This method isn't needed since logout already removes
memory data, which is the condition for pruning

* Fix temp password in browser

* Use direct memory access until data is serializable

Safari uses a different message object extraction than firefox/chrome
and is removing `UInt8Array`s. Until all data passed into StorageService
is guaranteed serializable, we need to use direct access in state
service

* Reload badge and context menu on switch

* Gracefully switch account as they log out.

* Maintain location on account switch

* Remove unused state definitions

* Prefer null for state

undefined can be misinterpreted to indicate a value has not been set.

* Hack: structured clone in memory storage

We are currently getting dead objects on account switch due to updating
the object in the foreground state service. However, the storage service
is owned by the background. This structured clone hack ensures that all
objects stored in memory are owned by the appropriate context

* Null check nullable values

active account can be null, so we should include null safety in the
equality

* Correct background->foreground switch command

* Already providing background memory storage

* Handle connection and clipboard on switch account

* Prefer strict equal

* Ensure structuredClone is available to jsdom

This is a deficiency in jsdom --
https://github.com/jsdom/jsdom/issues/3363 -- structured clone is well
supported.

* Fixup types in faker class
2023-11-29 09:59:50 -05:00