1
0
mirror of https://github.com/bitwarden/browser.git synced 2025-01-24 21:41:33 +01:00
Commit Graph

214 Commits

Author SHA1 Message Date
Thomas Rittson
e47eb5e74f
Fix linting (#700) 2022-03-01 23:11:12 +01:00
Thomas Rittson
c1a37eab13
Fix storage keys in v1 migration (#696) 2022-03-02 07:44:14 +10:00
Thomas Rittson
d81eb7ddae
Improve SSO Config validation (#572)
* Extract SsoConfig enums to own file

* Add ChangeStripSpaces directive

* Move custom validators to jslib

* Add a11y-invalid directive

* Add and implement dirtyValidators

* Create ssoConfigView model and factory methods

* Add interface for select options

* Don't build SsoConfigData if null

Co-authored-by: Oscar Hinton <oscar@oscarhinton.com>
2022-03-02 07:31:00 +10:00
Thomas Rittson
d919346517
Fix autoFillOnPageLoadDefault default value (#697) 2022-03-01 13:13:19 +10:00
Daniel James Smith
a69135ce06
Add missing localeNames (#695) 2022-02-25 18:54:27 +01:00
Addison Beck
65219f5705
[bug] Store collapsedGroupings in accountSettings (#694) 2022-02-25 13:03:13 +01:00
Thomas Rittson
1cbc119ad8
[AuthService refactor] Don't clear state if 2FA is invalid (#690)
* Don't clear state if 2FA is invalid

* Add session timeout to 2FA

* Clear internal authService state if unhandled error
2022-02-23 21:08:43 -06:00
Melanie Kanavakatini
2779cd0966
feat: add hidden char count toggle (#341)
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
2022-02-24 07:18:46 +10:00
Addison Beck
78b5f15042
[feature] Implement scope warning for exports (#688)
* [feature] Add a hasOrganizations() service method

* [feature] Add a component to warn users about export scope
2022-02-23 13:56:46 +10:00
Matt Gibson
1fb3d54014
Feature/password protected export (#689)
* Simplify password protected file format

* no items to import is not an error

* Await inner importer

* Add export format type

* Error if import file is password protected

* Update tests

* Test password protected with normat json importer

* Simplify imports

* Ignore code coverage directory

* Expand importer options  without changing display options

* Import password require import error handling

* Use interface

* Fix curlies

* linter fixes

* Add null of empty util

* Lint fixes

* run prettier

* Move import options to separate enum file

* Fix imports
2022-02-23 13:02:07 +10:00
Oscar Hinton
60878cd4ed
Add eslint (#610) 2022-02-22 15:39:11 +01:00
Kyle Spearrin
fc0638a7d9
fix infite recursion on getEncKey (#687) 2022-02-17 11:36:00 -05:00
Addison Beck
a6092916d8
[bug] Persistantly store collapsedGroupings (#686)
Collapsed groupings have regressed to not maintaining their state through restarting clients.

The state mangement refactor erroniously began saving this field to memory instead of disk, but there were some other issues that changing this brought on that are also fixed in this commit.

Changes:
1. Save collapsedGroupings persistantly in StateService
2. Adjust the type of collapsedGroupings on the Account model from a Set<string> to a string[]
	* This is the way we were storing this value in previous releases, and saving the entire set object breaks.
3. Adjust the StateService getter/setter for collapsedGroupings to expect a string[]
4. Extract a string[] from the GroupingsComponent groupings that is a Set<string> before saving
2022-02-15 12:54:22 -05:00
Oscar Hinton
b65a2da18a
Clears the key after locking (#684) 2022-02-15 15:51:22 +01:00
Robyn MacCallum
5de59c32ab
Save localData to local storage instead of in memory (#683) 2022-02-14 16:32:55 -05:00
Addison Beck
240fc154ab
[bug] Allow for toggling the account cache (#674)
* [bug] Allow for toggling the account cache

* Add missing conditional

* Ran prettier
2022-02-14 11:47:01 -05:00
Thomas Rittson
609baece05
Clear stale everBeenUnlocked value from onDisk storage (#682)
* Add StateVersion.Four to remove old everBeenUnlocked key

* Save new state properly

* Add unit tests

* Fix linting
2022-02-14 08:16:07 -05:00
Addison Beck
bcbb52e6ec
Clear active user if state has no users (#677)
* Clear active user if state has no users

* use the correct userId

* run prettier

* add null check
2022-02-11 15:11:31 -05:00
Addison Beck
3a1b5bf9a0
Use getAccount when scaffolding + pass in the correct userId (#676) 2022-02-11 12:45:48 -05:00
Addison Beck
cdc6cbaeb3
Run addAccount storage scaffolding calls through saveAccount (#675) 2022-02-11 11:12:18 -05:00
Addison Beck
e3b29a40d3
[bug] Also check for a never lock timeout when determining where to pull tokens (#673) 2022-02-11 09:38:00 -05:00
Daniel James Smith
eaf387435f
Clean up the cached account (#672)
* Clean up the cached account

* PR feedback: Avoid duplicate code
2022-02-11 14:06:40 +01:00
Oscar Hinton
fd0410ca4b
Resolve hasKeyStored returning true when no biometric key is stored (#671)
* Resolve hasKeyStored returning true when no biometric key is stored

* Change to use a switch statement which avoids having to fetch the key.

* Use triple equals

* Run prettier
2022-02-11 13:17:51 +01:00
Kyle Spearrin
cda649fa21
Cache state service account blob from disk reads (#668)
* store account state in mem cache

* use const
2022-02-11 00:20:50 -05:00
Addison Beck
b7d9a532cb
[bug] Store everBeenUnlocked in memory (#667) 2022-02-10 23:46:42 -05:00
Thomas Rittson
5fad7c666f
Add StateVersion.Three to fix premium migration (#666)
* Add StateVersion.Three to fix premium migration
2022-02-11 13:40:13 +10:00
Justin Baur
52f77c0277
Fix new device login (#664)
* Store appId in localStorage

* Save to local as well
2022-02-10 21:22:18 -05:00
Robyn MacCallum
99f70bea8d
Individually await saving of orgs and providers (#663) 2022-02-10 18:03:55 -05:00
Robyn MacCallum
47399bb583
Move providers to profile and save to disk (#662)
* Move providers to profile and save to disk

* Move providers back to AccountData
2022-02-10 13:55:36 -05:00
Addison Beck
b7bb16c18a
[bug] Toggle tokens appropriatly based on timeout action (#661) 2022-02-09 23:01:43 +01:00
Addison Beck
c282ef8575
[bug] Fix logout timeout action for inactive accounts (#660)
* [bug] Fix logout timeout action for inactive accounts

* Pass userId in to the logout callback parameter to the vaultTimeoutService. The message handle in desktop already expects this.
* Set lastActive on account login, and null it on account deauthentication. This prevents an issue where newly logged in accounts immediatly time out due to inactivity.

* Add userId to locked callbacks

* Add userId to log out callback
2022-02-09 12:15:20 -05:00
Oscar Hinton
8130fce404
Add headers for client type and client version (#651) 2022-02-08 11:18:10 +01:00
Addison Beck
6c08b40847
[bug] Make activity a top level storage key (#656)
* [bug] Make activity a top level storage key

* [bug] use correct index for migration

* [bug] use correct index for migration part 2
2022-02-07 11:36:53 -05:00
Addison Beck
0760b53296
[bug] Default the state version check function to 1 (#657) 2022-02-07 11:08:07 -05:00
Matt Gibson
7afb748791
Feature/password protected export (#612)
* Add password protected export

* Run prettier

* Test password protected export service

* Create type for known import type strings

* Test import service changes

* Test bitwarden password importer

* Run prettier

* Remove unnecessary class properties

* Run prettier

* Tslint fixes

* Add KdfType to password protected export

* Linter fixes

* run prettier
2022-02-07 09:33:10 -06:00
Thomas Rittson
9caea70ea2
[authService refactor] Fix browser by not using instanceof (#647)
* use authenticationType enum instead of instanceof
2022-02-07 07:33:19 +10:00
Matt Gibson
380a7c7ee5
Use Identity server routes (#649)
* Use Identity server routes

We've moved `prelogin` and `register` endpoints to the Indentity project
Reflecting that change here

* Only update path for dev environment
2022-02-04 08:22:19 -06:00
Thomas Rittson
ec9559520b
Fix bug where no passwords recorded in history (#650) 2022-02-04 07:59:55 +10:00
Daniel James Smith
f6ba252139
Temporarily remove keeper json import for the Feb release (#654) 2022-02-03 22:24:22 +01:00
Addison Beck
067cd1e0e1
[bug] Assign client specific account settings during migration (#653)
* [bug] Assign client specific account settings during migration

* [refactor] Write State type arguements in consistent order

* [style] Ran prettier
2022-02-03 13:32:42 -05:00
Thomas Rittson
aa2bdd00be
[Tech debt] Refactor authService and remove LogInHelper (#588)
* Use different strategy classes for different types of login
* General refactor and cleanup of auth logic
* Create subclasses for different types of login credentials
* Create subclasses for different types of tokenRequests
* Create TwoFactorService, move code out of authService
* refactor base CLI commands to use new interface
2022-02-01 09:51:32 +10:00
Addison Beck
92a65b7b36
[bug] Allow for GlobalState to be extended and modified in clients (#646)
Some clients have unique global setting defaults (and unique global settings)
For example: the web vault defaults to light theme, but most clients with theme support default to system theme.

The current way we handle GlobalState is buried in jslib and not easily extendible in clients.

To fix this, we need to treat GlobalState as a generic in the StateService and StateMigration service and allow for its extension in those methods and anywhere GlobalState is inited.
2022-01-31 14:33:31 -05:00
Addison Beck
e372bf242b
[cleanup] Adjust type to match abstraction (#643) 2022-01-28 08:18:39 -05:00
Addison Beck
6c61f53d8b
[bug] Always save environmentUrls passed to setUrls (#641)
* [bug] Always save environmentUrls passed to setUrls

* [bug] Remove parameter from abstraction as well

* [bug] Correct type in abstraction
2022-01-28 08:15:02 -05:00
Addison Beck
ca5b057b43
[refactor] Use ThemeType enum instead of string (#642) 2022-01-28 11:28:36 +01:00
Addison Beck
83305313f9
[bug] Properly define stored window state (#638) 2022-01-27 10:44:09 -05:00
Daniel James Smith
5353cf03b5
BEEEP: Add importer for Keeper in json format (#608)
* Add testdata, create types for keeperjson import

* Create keeperjson importer and tests

* Register, Create instance of keeperjson importer

* Move keeperCsvImporter to keeperImporters folder

* Fixed import of BaseImporter

* Removed unnecessary check for key

* Move instantiation of importer into beforeEach

* Fixed the second import with a wrong path

* Adjust types based on new test export

* Add test case for empty notes and custom fields

* Implement logic for failed test case

* Removed test expectation
2022-01-26 23:04:55 +01:00
Oscar Hinton
e1d4c4c903
Expose getKeyFromStorage with userId (#633) 2022-01-25 15:45:02 +01:00
Daniel James Smith
af7da0e942
Ensure that initialization and migration only run once (#631) 2022-01-24 20:37:52 +01:00
Addison Beck
e5cc3de46d
[bug] Move enableBrowserIntegration to global state (#630) 2022-01-24 10:47:41 -05:00
Addison Beck
4436e5fb60
[bug] Ensure globals set before migration is run are not lost (#629)
* [bug] Ensure globals set before migration is run are not lost

Some fields, like biometrics, are set before we can run the state migration
For some use cases, like initial install, this can lead to migration clearing those fields when it doesn't find them in storage.
This commit sets up an order of checks for migrating globals that considers fields that may already have been set.

* [style] Ran prettier
2022-01-24 08:22:21 -05:00
Addison Beck
1747f4d9e7
[bug] Set all urls when setting urls from storage (#628) 2022-01-24 07:28:51 -05:00
Addison Beck
074f1ee7b7
[bug] Set envUrls after assigning defaults during scaffolding (#627) 2022-01-21 13:35:14 -05:00
Addison Beck
9b0e5ae456
[bug] Address existing data & defaults when migrating from an unauthenticated state (#626) 2022-01-21 12:41:15 -05:00
Addison Beck
69fe7b8339
[bug] Always set environementUrls from client when scaffolding an account (#624)
There is a use case that overrides locally set environmentUrls: an initial boot of a logged out application.
We override environmentUrls with whatever the tempory settings store has, even if different urls are added before authenticating.
This commit ensures we always use input environmentUrls.
2022-01-21 11:14:34 -05:00
Addison Beck
025a4a5e38
[bug] Index search service when setting decrypted ciphers (#620)
With the move to a central StateService we erroniously cut out search indexing from the process of setting decrypted ciphers to memory.
This commit calls the method responsible for setting decrypted ciphers and indexing when decrypting, instead of setting decrypted ciphers directly.
2022-01-20 16:25:04 -05:00
Addison Beck
cf1e483c7f
[bug] Account for entityId as a userId alternative during state migration (#622)
Some clients, like Directory Connector, use different key for their user identifier: entityId
We currently only check for userId in the migration service, but need to account for both.
2022-01-20 14:00:58 -05:00
Addison Beck
7300db703c
[Bug] Change method scope for internal StateMigrationService methods (#619)
A couple of helper methods were recently added to the StateMigrationService, but they were set to private and can't be used in children.
Some clients, like the Directory Connector, extend the StateMigrationService and need access to these methods.
2022-01-20 10:30:01 -05:00
Addison Beck
54c6a4b3c3
[bug] Correct scope for several data points (#618)
The following data points are currently scoped to an account but are made global with this commit:
* Enable Menu Bar Icon
* Minimize To Menu Bar
* Close To Menu Bar
* Start To Menu Bar

Note: these are all electron specific fields
2022-01-20 09:03:31 -05:00
Addison Beck
57351d29a2
[bug] Migrate state even if there is not a user logged in (#615)
Currently the StateMigrationService depends on a userId key for running migrations, but if there is not an authenticated user saved to storage that userId is not present.
These changes allow for migrating state data even without an active user. For account specific settings like clearClipboard we now temporarily store those values together in disk state until an account is authed that they can be added to. Temp account state is then cleared.

Some notes:
* In order for this to work we need GlobalState.stateVersion to have a default value of StateVersion.One instead of StateVersion.Latest. Defaulting it to latest was causing migrations to not run on some clients (like desktop) that try to access storage before migrations have been run but save a version as if migrations did run.
* I also noticed we aren't clearing old state items from before migrating, and added a case for this to the migrator.
* I extracted a few bits of reused code into private methods in the stateMigration service. Things like get/set from storage, default options, etc.
2022-01-20 08:30:00 -05:00
Thomas Rittson
11e7133aef
Save usesKeyConnector using defaultOnDiskOptions (#617) 2022-01-20 19:32:44 +10:00
Thomas Rittson
9737c829f3
Fix migration to Key Connector in cli commands (#616)
* Move CLI Key Connector check out of base class

* Add missing await

* Move safe operation out of try/catch block

* Move Key Connector migration check to unlock command

* Set convertAccountRequired flag in syncService

* Remove unneeded service
2022-01-20 19:28:48 +10:00
Addison Beck
ccd715d7b8
[Bug] [Account Switching] Improve State Management Performance (#611)
* [bug] Improve state management performance

Large vaults see a clear degrade in performance using the state service, especially when multiple vaults are authed and unlocked at the same time.

Some changes made to address this:
1. Clearing in memory decrypted data for non active accounts. This really should have been something we were doing anyway, but letting go of that memory burden has a noticable performance boost.
2. Not loading a bunch of unecsassary data from disk accounts into memory on application startup. This was being done to initilize in memory accounts, but brought a lot of extra baggage with it like storing encrypted data in memory, even though it is never referenced that way.
3. Breaking the on disk state object up into seperate keys for accounts instead of storing everything together under a "state" key. This ensures there is less information fetched from disk each time we call for an account.

There were some restructuring changes needed to facilitate these items:
1. We need to be able to construct an account in the StateService, but typescript doesn't allow for new() constraints on generics so a factory needs to be created and passed into the StateService for this to work.
2. Since we can't reference an all-knowing "accounts" object for on disk state anymore we have to maintain a list of authenticated accounts, and this has been added.
3. The StateMigration service needed to be updated to break up the accounts object, so current dev and QA state will be broken and need to be reset.

Some other general refactorings that were helpful gettings this working:
1. Added a constant for keys to the StateService and StateMigrationService.
2. Bundling everything needed to deauthenticate a user into a dedicated method.
3. Bundling all the disk storage clear methods (that should be refactored later into client specific state services) into one helper method.
4. Bundling everything needed to dynamically select a new active user into a dedicated method.

* [bug] Set environmentUrls appropriatly on account add

* [bug] Stop tracking activity without an active user

* [bug] Remove lastActive from globalState and globalState migration

* [style] Ran prettier
2022-01-19 10:51:10 -05:00
Thomas Rittson
cc285e5ea7
Always migrate envUrls (#614) 2022-01-18 13:44:39 +10:00
Oscar Hinton
12011bf4da
Add a shared tsconfig file (#609) 2022-01-17 13:21:20 +01:00
Addison Beck
957e010036
[bug] Ensure neverLock vaults can be manually locked (#607)
The client side storage restructuring work incorrectly checks if a vault has ever been unlocked to determine neverLock scenerios, but production does the opposite.
This creates an inability to never manually lock neverLock vaults.
This commit sets that condition back to the way it was.
2022-01-12 11:32:45 -05:00
Robyn MacCallum
172392ff3b
[Account Switching] Fix options dropdowns being empty (#603)
* Fix dropdowns initially being empty

* run prettier

* Remove default nulls for locale and theme
2022-01-12 09:11:25 -05:00
Thomas Rittson
2341b1907a
Fix "no amr found" error in bwdc cli (#589)
* Fix amr error when authing with org api key

* Fix linting

* Return null instead of error if no amr

* Return false instead of null
2022-01-11 13:22:52 +10:00
Addison Beck
4074c2a45f
[Bug] [Account Switching] Ensure EnvironmentUrls Pull From The Correction Location On Account Add (#602)
* [bug] Fully initilize environmentUrls default value

We want the full environmentUrls object to be saved to storage with null values as an indicator of using BW cloud.
Currently the initilization behavior creates an empty object instead. Setting property values returns the correct behavior.

* [bug] Return the correct environmentUrls when scaffloging a new account

To allow for setting environmentUrls before an account is created we save that value as a global setting and then apply it to any newly authed accounts.
There is a bug that will instead save the urls used by the previous logged in account, making account switching with multiple servers cause errors.

This commit resolves this by specifically getting environementUrls from global state when creating a new account
2022-01-10 12:25:38 -05:00
Addison Beck
57d60bdfa6
Misc Account Switching Fixes & Refactors (#600)
* [refactor] Restructure EnvironmentUrls in state

* Patch up (add missing fields) and more extensivly use the EnvironmentUrls class instead of passing around an any
* Add environmentUrls to the AccountSettings model in addition to GlobalState for use in both scopes
* Move EnvironmentUrls initialization to the model level and out of StateSerice
* Adjust the StateMigrationService to account for these changes

* [refactor] Improve order of operations for LockGuardService

We currently jump through a bunch of hoops to verify users can access the Lock page, like checking authentication first.
If a user is not authenticated, they are not locked, so we can improve performance for the happy path of this serivice by checking isLocked first and using isAuthenticated to deviate from the normal flow if needed.

* [bug] Subscribe to State.accounts in EnvironmentService and set urls accordingly

The EnvironmentService has no context for account changes currently and does not update actively used urls based on active account.
This commit addresses this issue by subscribing to State.accounts and resetting the service's urls on account change.

* [bug] Clear AccessToken from State on clean

In order for logout flows to function as expected we need to deauthenticate users when cleaning up state before checking for the next active user
Otherwise the service will continue to think the user being logged out is active

* [refactor] Stop pushing accounts when modifying disk state

There is no reason to push new accounts to subscribers when updating disk state.
Subscribers recieve a copy of in memory state, so changes to disk will not be refelected and have to be fetched seperatly from the service.
Pushing when saving disk state is just creating an unecassary performance burden.

* [refactor] Default to in memory active user if availible, even when accessing disk state

Sometimes we need to pull activeUserId from storage to access a bit of data, like on initial boot, but most of the time this isn't necassary.
Since we pull this userId a lot, checking disk each time is a performance burden. Defaulting to the in memory user ID if avaible helps alleviate this.

* [style] Ran prettier

* [style] Change a let to a const
2022-01-07 09:30:54 -05:00
Robyn MacCallum
c27fc39411
Use correct api Keys (#599) 2022-01-06 11:03:44 -05:00
Addison Beck
e4cd0af2f9
[bug] Add several state value defaults (#593)
* [bug] Add several state value defaults

* [refactor] Implement StateVersion as an enum

* [refactor] Implement StateVersion enum over magic number
2021-12-31 09:14:43 -05:00
Daniel James Smith
d68c1dafaf
Remove usage/detection of NativeScript (#566)
* Remove usage of NativeScript

* npm prettier run

* Removing type from Utils.global
2021-12-22 19:46:25 +01:00
Jake Fink
3d7b427b0e
Use MP policies when registering a new user through SSO (#587)
* use MP policies when registering a new user through SSO

* prettier and linting
2021-12-21 12:02:56 -05:00
Addison Beck
9e26336549
[feat(Account Switching)] Allow for extending application state (#584)
* [feat(Account Switching)] Allow for extending application state

* [bug(Account Switching)] Remove hardcoded dev urls

* [bug(Account Switching)] Init Account when signing in

* [bug(Account Switching)] Check for state migration version in local storage for web

* [bug(Account Switching)] Fix never lock configurations

* [chore] Prettier merge

* [bug] Move environmentUrls to global state

* [chore] Ran prettier

* [bug]change storage location for enityId and type

* [style] Ran prettier

Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-20 08:48:47 -05:00
Jake Fink
59a5300458
move sso properties to globalstate (#583)
* move sso properties to globalstate

* whitespace

* npm prettier changes
2021-12-17 11:24:38 -05:00
Linus Aarnio
a8168d6ee7
Fix for issue #1287 in bitwarden/web (#569)
* Format the fieldvalue as a LocaleDateString instead of epoch when importing a date from 1P

This would be better solved by storing it as a date FieldType instead of Text. But since it is unclear when new field types are added, this solution serves as a fix for now and also guides the solution when new fieldtype exists.

* Remove trailing whitespace

* Add tests for custom fields of 1pif imported identity

* Change representation of 1pif imported dates to UTC string

* Changes after running prettier

Co-authored-by: Daniel James Smith <djsmith@web.de>
2021-12-16 18:46:33 +01:00
Oscar Hinton
193434461d
Apply Prettier (#581) 2021-12-16 13:36:21 +01:00
Addison Beck
512c5c2837
[bug] Correct storage location of organizations (#580) 2021-12-14 22:04:39 -05:00
Daniel James Smith
8644d84e68
FSescure-Importer: Add support for style = global (#578)
* Fescure-Importer: Add support for style = global

* Fix linting
2021-12-14 10:22:09 +01:00
Addison Beck
f90b3456d5
[Account Switching] [Feature] Allow clients to store data for more than one user (#491)
* [refactor] Extract, rename, and expand StorageServiceOptions

* Pulled StorageServiceOptions into its own file
* Renamed StorageServiceOptions to StorageOptions
* Pulled KeySuffixOpptions into its own file
* Converted KeySuffixOptions into an enum from a union type

* [refactor] Expand StateService into a full coverage storage proxy

* Expand StateService to allow it to manage all data points of the application state regardless of memory.
* Expand StateService to allow for storing and managing multiple accounts

* [refactor] Create helper services for managing organization and provider state data

* [refactor] Implement StateService across service layer

* Remove service level variables used for in memory data storage and replaced with calls to StateService
* Remove direct calls to StorageService in favor of using StateService as a proxy

* [feature] Implement account switching capable services across components and processes

* Replace calls to StorageService and deprecated services with calls to a StateService

* [chore] Remove unused services

Several services are no longer in use because of the expanded state service. These have simply been removed.

* [bug] Add loginRedirect to the account model

* [bug] Add awaits to newly async calls in TokenService

* [bug] Add several missing awaits

* [bug] Add state service handlers for AutoConfirmFingerprint

* [bug] Move TwoFactorToken to global state

* Update unauth-guard.service.ts

Add back return true

* [refactor] Slim down the boilerplate needed to manage options on StateService calls

* [bug] Allow the lock message handler to manipulate a specific acount

* [bug] Add missing await to auth guard

* [bug] Adjust state scope of several biometric data points

* [bug] Ensure vault locking logic can operate over non-active accounts

* [style] Fix lint complaints

* [bug] Move disableFavicon to global state

* [refactor] Remove an unecassary parameter from a StorageOptions instance

* [bug] Ensure HtmlStorageService paths are accounted for in StateService

* [feature] Add a server url helper to the account model for the account switcher

* [refactor] Remove some unused getters from the account model

* [bug] Ensure locking and logging out can function over any user

* Fix account getting set to null in getAccountFromDisk

* [bug] Ensure lock component is always working with the latest active account in state

* [chore] Update recent KeyConnector changes to use stateService

* [style] Fix lint complaints

* [chore] Resolve TokenService merge issues from KeyConnector

* [bug] Add missing service arguement

* [bug] Correct several default storage option types

* [bug] Check for the right key in hasEncKey

* [bug] Add enableFullWidth to the account model

* [style] Fix lint complaints

* [review] Revist remember email

* [refactor] Remove RememberEmail from state

* setDisableFavicon to correct storage location

* [bug] Convert vault lock loop returns into continues to not skip secondary accounts

* [review] Sorted state service methods

* [bug] Correct neverDomains type on the account model

* [review] Rename stateService.purge to stateService.clean

* [review] [refactor] Extract lock refresh logic to a load function

* [review] [refactor] Extract some timeout logic to dedicated functions

* [review] [refactor] Move AuthenticationStatus to a dedicated file

* [review] [refactor] Rename Globals to GlobalState

* [style] Fix lint complaints

* [review] Remove unused global state property for decodedToken

* [review] [bug] Adjust state scope for OrganizationInvitation

* [review] [bug] Put back the homepage variable in lock guard

* [review] Un-try-catch the window creation function

* Revert "[review] [bug] Adjust state scope for OrganizationInvitation"

This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497.

* [bug] Change || to && in recent vault timeout refactor

* [bug] Keep up with entire state in storage instead of just accounts and globals

Not having access to the last active user was creating issues across clients when restarting the process.
For example: when refreshing the page on web we no longer maintain an understanding of who is logged in.

To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals.
This allows for more flexible saving, like saving activeUserId as a top level storage item.

* [style] Fix lint complaints

* Revert "[bug] Keep up with entire state in storage instead of just accounts and globals"

This reverts commit e8970725be472386358c1e2f06f53663c4979e0e.

* [bug] Initialize GlobalState by default

* [bug] Only get key hash from storage

* [bug] Remove settings storage location overrides

* [bug] Only save accessToken to storage

* [refactor] Remove unecassary argements from electron crypto state calls

* [bug] Ensure keys and tokens load and save to the right locations for web

* [style] Fix lint complaints

* [bug] Remove keySuffix storage option and split uses into unique methods

The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state.
This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly.

* [bug] Add default vault timeouts to new accounts

* [bug] Save appId as a top level storage item

* [bug] Add missing await to timeout logic

* [bug] Adjust state scope for everBeenUnlocked

* [bug] Clear access tokens when loading account state from disk

* [bug] Adjust theme to be a global state item

* [bug] Adjust null checking for window in state

* [bug] Correct getGlobals not pulling from the stored state item

* [bug] Null check in memory account before claiming it has a userId

* [bug] Scaffold secure storage service when building storage objects on init

* [bug] Adjusted state scope of event collection

* [bug] Adjusted state scope of vault timeout and action

* [bug] Grab account from normal storage if secure storage is requested but does not exist

* [bug] Create a State if one is requested from memory before it exists

* [bug] Ensure all storage locations are cleared on state clean

* [style] Fix lint complaints

* [bug] Remove uneeded clearing of access token

* [bug] Reset tokens when toggling

* [refactor] Split up the Account model

Until this point the account model has been very flat, holding many kinds of data.

In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale,
the Account model has been divided into logical chunks.

* [bug] Correct the serverUrl helpers return

* Fix sends always coming back as empty in browser

* Get settings properly (I think)

* [bug] Fix lint error

* [bug] Add missing await to identity token refresh

This was causing weird behavior in web that was creating a lot of 429s

* [bug] Scaffold memory storage for web

Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in.
Namely, encrypted data that was recently synced had nowhere to save to and was lost.

* [bug] Implement better null handling in a few places for retrieving state

* [bug] Update correct storage locations on account removal

* [bug] Added missing awaits to lock component

* [bug] Reload lock component on account switching vs. account update

* [bug] Store master keys correctly

* [bug] Move some biometrics storage items to global state

* [feature] Add platform helper isMac()

* [refactor] Comment emphasis and call order refresh

* [refactor] Remove unecassary using

* [bug] Relocate authenticationStatus check logic to component

* [bug] Stop not clearing everything on state clean

* [style] Fix lint complaints

* [bug] Correct mismatched uses of encrypted and decrypted pin states

* Add browser specific state classes and methods

* lint fixes

* [bug] Migrate existing persistant data to new schema

* [style] Fix lint complaints

* [bug] Dont clear settings on state clean

* [bug] Maintain the right storage items on logout

* [chore] resolve issues from merge

* [bug] Resolve settings clearing on lock

* [chore] Added a comment

* [review] fromatting for code review

* Revert browser state items

Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com>
Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 11:15:16 -05:00
Daniel James Smith
8fc3cf50d2
Bump node to 16 and npm (#575)
* Bump engines required to node 16 and npm 8

* Bump @types/node to 16
The dep on node 14.18 will get cleaned up once we bump electron

* Modify build.yml to build with node 16 and npm 8

* Update requirements in README.md

* Remove install step for npm 8
npm v8.1.2 is included in node v16

* Rename install step

* Fixed typo
2021-12-13 11:43:10 +01:00
Oscar Hinton
6a179ab2df
Bump angular to 12. (#571) 2021-12-09 15:00:26 +01:00
Oscar Hinton
a6b95b15e3
Add toastr component (#568) 2021-12-07 19:15:56 +01:00
Matt Gibson
d02fcd082e
Add sponsorship pre validate endpoint (#564) 2021-11-24 14:19:03 -06:00
Justin Baur
b4f475251a
Feature/families for enterprise (#549)
* Families for enterprise/account settings (#541)

* Add node tests to pipeline (#525)

* Add support for crypto agent (#520)

* feat: add an importer for Safari (CSV) (#512)

* feat(importers/safariCsvImporter): add the importer for Safari (CSV)

* Revert changes to package-lock.json

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>

* Dynamically set electron user agent (#524)

* Dynamically set electron user agent

* PR review

* linter fixes

* Test agent static version does not change

* Fix formatting

* Add role="alert" to callouts only when enforceAlert is passed (#528)

* Add role="alert" to callouts when enforceAlert is passed

* Remove ElementRef and do a different way

* Rename input variable

* Add PR template (#529)

* Allow managers to create collections (#530)

* Pass in null for sso organziation for now. (#531)

This will bypass cryptoagent

* Add Linked Field as custom field type (#431)

* Basic proof of concept of Linked custom fields

* Linked Fields for all cipher types, use dropdown

* Move linkedFieldOptions to view models

* Move add-edit custom fields to own component

* Fix change handling if cipherType changes

* Use Field.LinkedId to store linked field info

* Refactor accessors in cipherView for type safety

* Use map for linkedFieldOptions

* Refactor: use decorators to record linkable info

* Add ItemView

* Use enums for linked field ids

* Add union type for linkedId enums, add jsdoc comment

* Use parameter properties for linkedFieldOption

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>

* Fix type casting

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>

* Update electron to 14.2.0 (#534)

* Update electron to 14.1.1

* Update electron to 14.2.0 and fix it to this version

* Removed ^ from electron in electron/package-lock.json

* [Linked fields] Reset linkedIds if cipher type changes (#535)

* Reset linkedIds if cipher type changes

* Only reset linkedId if !editmode

* Add call to server

* Fix linting

* Add call to server

* Fix linting

* Run linting

* Add new properties to organization

* Remove organizationUserId from request model

* Added in org sponsorship calls

* Sponsorship redeem existing org flow

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
Co-authored-by: Oscar Hinton <oscar@oscarhinton.com>
Co-authored-by: pan93412 <pan93412@gmail.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>

* Revoke sponsorship uses organization id

* Expect information in billing items on whether the item is sponsored

* Families for enterprise/redeem card (#546)

* Add userservice helper

* Run linter

* Add resend email to api service (#548)

* Remove unneeded imports

* Remove unneeded files

* Add newline

* Reorder import

* Remove accidental newline

* Fix lint issue

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
Co-authored-by: Oscar Hinton <oscar@oscarhinton.com>
Co-authored-by: pan93412 <pan93412@gmail.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2021-11-19 17:24:55 -05:00
Oscar Hinton
a3e00cdc15
Add usesKeyConnector to OrganizationUserUserDetailsResponse (#559) 2021-11-19 15:04:32 +01:00
Oscar Hinton
8b01eea446
[Key Connector] Resolve desktop not prompting to remove password (#558) 2021-11-19 13:35:12 +01:00
Thomas Rittson
10fa164ffc
Add FirstSsoLogin event (#555) 2021-11-19 05:40:30 +10:00
Thomas Rittson
07dde6e321
Add getKeyConnectorAlive to ApiService (#543) 2021-11-18 21:11:55 +10:00
Oscar Hinton
e1b1efeea2
Add useKeyConnector flag (#551) 2021-11-17 11:42:24 +01:00
Thomas Rittson
386903f5a9
[Key Connector] QA fixes for CLI and Desktop (#544)
* Make UserVerificationService compatible with CLI

* Refactor error handling

* Fix i18n key name

* Add apiUseKeyConnector flag to TokenResponse

* Always require keyConnectorUrl to be passed in

* Throw errors in userVerificationService

* Use requestOTP in UserVerificationService

* Remove unused deps

* Fix linting
2021-11-16 07:53:57 +10:00
Thomas Rittson
06c9df97ad
Update Safari importer to be Safari and macOS importer (#550)
* Rename Safari importer to Safari and macOS

* Order featured import options alphabetically
2021-11-15 19:49:19 +10:00
Thomas Rittson
e02e663ce1
[Linked Fields] Fix QA feedback (#542)
* Fix bug overwriting custom field types

* Add linkedId to export model for CLI
2021-11-12 05:59:01 +10:00
Kyle Spearrin
b99103d3f7
validate path for directory traversal (#540)
* validate path for directory traversal

* use previously constructed requestUrl
2021-11-10 15:13:13 -05:00
Kyle Spearrin
1b4a5508bd Revert "clean api url paths from directory traversal (#539)"
This reverts commit ea29f580a5.
2021-11-10 13:37:31 -05:00
Kyle Spearrin
ea29f580a5
clean api url paths from directory traversal (#539) 2021-11-09 15:37:58 -05:00
Kyle Spearrin
c4fb4a35ab
don't allow @ character in uriString prefixing (#538) 2021-11-09 11:16:40 -05:00
Oscar Hinton
8f177e2d3a
Add support for requesting and using otp for verifying some requests (#527)
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
2021-11-09 17:01:22 +01:00
Thomas Rittson
dbda39e10f
Add Linked Field as custom field type (#431)
* Basic proof of concept of Linked custom fields

* Linked Fields for all cipher types, use dropdown

* Move linkedFieldOptions to view models

* Move add-edit custom fields to own component

* Fix change handling if cipherType changes

* Use Field.LinkedId to store linked field info

* Refactor accessors in cipherView for type safety

* Use map for linkedFieldOptions

* Refactor: use decorators to record linkable info

* Add ItemView

* Use enums for linked field ids

* Add union type for linkedId enums, add jsdoc comment

* Use parameter properties for linkedFieldOption

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>

* Fix type casting

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
2021-11-03 08:03:37 +10:00