* move pinKeyEncryptedUserKey
* move pinKeyEncryptedUserKeyEphemeral
* remove comments, move docs
* cleanup
* use UserKeyDefinition
* refactor methods
* add migration
* fix browser dependency
* add tests for migration
* rename to pinService
* move state to PinService
* add PinService dep to CryptoService
* move protectedPin to state provider
* update service deps
* renaming
* move decryptUserKeyWithPin to pinService
* update service injection
* move more methods our of crypto service
* remove CryptoService dep from PinService and update service injection
* remove cryptoService reference
* add method to FakeMasterPasswordService
* fix circular dependency
* fix desktop service injection
* update browser dependencies
* add protectedPin to migrations
* move storePinKey to pinService
* update and clarify documentation
* more jsdoc updates
* update import paths
* refactor isPinLockSet method
* update state definitions
* initialize service before injecting into other services
* initialize service before injecting into other services (bw.ts)
* update clearOn and do additional cleanup
* clarify docs and naming
* assign abstract & private methods, add clarity to decryptAndMigrateOldPinKeyEncryptedMasterKey() method
* derived state (attempt)
* fix typos
* use accountService to get active user email
* use constant userId
* add derived state
* add get and clear for oldPinKeyEncryptedMasterKey
* require userId
* move pinProtected
* add clear methods
* remove pinProtected from account.ts and replace methods
* add methods to create and store pinKeyEncryptedUserKey
* add pinProtected/oldPinKeyEncrypterMasterKey to migration
* update migration tests
* update migration rollback tests
* update to systemService and decryptAndMigrate... method
* remove old test
* increase length of state definition name to meet test requirements
* rename 'TRANSIENT' to 'EPHEMERAL' for consistency
* fix tests for login strategies, vault-export, and fake MP service
* more updates to login-strategy tests
* write new tests for core pinKeyEncrypterUserKey methods and isPinSet
* write new tests for pinProtected and oldPinKeyEncryptedMasterKey methods
* minor test reformatting
* update test for decryptUserKeyWithPin()
* fix bug with oldPinKeyEncryptedMasterKey
* fix tests for vault-timeout-settings.service
* fix bitwarden-password-protected-importer test
* fix login strategy tests and auth-request.service test
* update pinService tests
* fix crypto service tests
* add jsdoc
* fix test file import
* update jsdocs for decryptAndMigrateOldPinKeyEncryptedMasterKey()
* update error messages and jsdocs
* add null checks, move userId retrievals
* update migration tests
* update stateService calls to require userId
* update test for decryptUserKeyWithPin()
* update oldPinKeyEncryptedMasterKey migration tests
* more test updates
* fix factory import
* update tests for isPinSet() and createProtectedPin()
* add test for makePinKey()
* add test for createPinKeyEncryptedUserKey()
* add tests for getPinLockType()
* consolidate userId verification tests
* add tests for storePinKeyEncryptedUserKey()
* fix service dep
* get email based on userId
* use MasterPasswordService instead of internal
* rename protectedPin to userKeyEncryptedPin
* rename to pinKeyEncryptedUserKeyPersistent
* update method params
* fix CryptoService tests
* jsdoc update
* use EncString for userKeyEncryptedPin
* remove comment
* use cryptoFunctionService.compareFast()
* update tests
* cleanup, remove comments
* resolve merge conflict
* fix DI of MasterPasswordService
* more DI fixes
* suppress welcome window on install when extension is in dev mode
* use platformUtilsService.isDev instead of process.env.ENV
* use devFlags.skipWelcomeOnInstall instead of platformUtilsService.isDev
* update old dev_flags casing in base configs
* Ensure AuthStatus Changes Before Exiting
* Do Not Display Account Without Name Or Email
* Fix Environment Selectors
* Add AccountService.clean to Web
* [PM-7810] Handle Multithread Decryption through Offscreen API
* [PM-7810] Handle Multithread Decryption through Offscreen API
* Use a service to track when to open and close offscreen document
There some strangeness around maintaining the offscreen document for more callbacks, that need not have the same reasons and justifications as the original.
We'd need to test, but perhaps the intent is something closer to maintaining a work queue ourselves and creating the offscreen page for only a single reason as it comes in, then waiting for that page to close before opening another.
* [PM-7810] Handle Multithread Decryption through Offscreen API
* [PM-7810] Handle Multithread Decryption through Offscreen API
* [PM-7810] Handle Multithread Decryption through Offscreen API
* [PM-7810] Handle Multithread Decryption through Offscreen API
* [PM-7810] Implementing jest tests for OffscreenDocument and BrowserMultithreadEncryptServiceImplementation
* [PM-7810] Separating out the process by which we get decrypted items from the web worker to ensure we do not do duplicate effort
* [PM-7810] Separating out the process by which we get decrypted items from the web worker to ensure we do not do duplicate effort
* Prefer builtin promise flattening
* [PM-7810] Introducing a fallback to the MultithreadEncryptServiceImplementation to ensure we can fallback to single thread decryption if necessary
* [PM-7810] Updating documentation
* [PM-7810] Fixing implementation to leverage the new OffscreenDocumentService
---------
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
* do no run fido2 content scripts on browser settings or extension background pages
* remove unneeded overlay visibility setting state guard
* only filter content script and page script and update test
* handle content script host permission errors
* add activeTab to mv3 permissions
* allow other browser inject errors to throw
* Use a service to track when to open and close offscreen document
There some strangeness around maintaining the offscreen document for more callbacks, that need not have the same reasons and justifications as the original.
We'd need to test, but perhaps the intent is something closer to maintaining a work queue ourselves and creating the offscreen page for only a single reason as it comes in, then waiting for that page to close before opening another.
* Prefer builtin promise flattening
* Await anything and everything
---------
Co-authored-by: Cesar Gonzalez <cesar.a.gonzalezcs@gmail.com>
* Remove getbgService for crypto service
* Remove special authentication for state service
* Use synced memory storage
popup contexts use foreground, background contexts use background. Simple
* Remove private mode warnings
* Match console method signatures in logService abstraction
* Add a few usages of improved signature
* Remove reality check test
* Improve electron logging
* Use account service to track accounts and active account
* Remove state service active account Observables.
* Add email verified to account service
* Do not store account info on logged out accounts
* Add account activity tracking to account service
* Use last account activity from account service
* migrate or replicate account service data
* Add `AccountActivityService` that handles storing account last active data
* Move active and next active user to account service
* Remove authenticated accounts from state object
* Fold account activity into account service
* Fix builds
* Fix desktop app switch
* Fix logging out non active user
* Expand helper to handle new authenticated accounts location
* Prefer view observable to tons of async pipes
* Fix `npm run test:types`
* Correct user activity sorting test
* Be more precise about log out messaging
* Fix dev compare errors
All stored values are serializable, the next step wasn't necessary and was erroring on some types that lack `toString`.
* If the account in unlocked on load of lock component, navigate away from lock screen
* Handle no users case for auth service statuses
* Specify account to switch to
* Filter active account out of inactive accounts
* Prefer constructor init
* Improve comparator
* Use helper methods internally
* Fixup component tests
* Clarify name
* Ensure accounts object has only valid userIds
* Capitalize const values
* Prefer descriptive, single-responsibility guards
* Update libs/common/src/state-migrations/migrate.ts
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* Fix merge
* Add user Id validation
activity for undefined was being set, which was resulting in requests for the auth status of `"undefined"` (string) userId, due to key enumeration. These changes stop that at both locations, as well as account add for good measure.
---------
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* PM-7811 - Refactor UserKeyInitService to UserAutoUnlockKeyService - remove active account listening logic as it introduced race conditions with user key memory retrieval happening before the user auto unlock key was set into memory.
* PM-7811 - CLI - (1) Fix deps (2) On CLI init (pre command execution), if there is an active account, then set the user key in memory from the user auto unlock key.
* PM-7811 - Browser Extension / desktop - (1) Update deps (2) Sets user key in memory if the auto unlock key is set on account switch and background init (must act on all accounts so that account switcher displays unlock status properly).
* PM-7811 - Web - (1) Update deps (2) Sets user key in memory if the auto unlock key is set on init
* PM-7811 - Fix account switcher service changes not being necessary.
* remove 2fa from main.background
* remove login strategy service from main.background
* move 2fa and login strategy service to popup, init in browser
* add state providers to 2fa service
- add deserializer helpers
* use key definitions for global state
* fix calls to 2fa service
* remove extra await
* add delay to wait for active account emission in popup
* add and fix tests
* fix cli
* really fix cli
* remove timeout and wait for active account
* verify expected user is active account
* fix tests
* address feedback
* Implement a lazy value class
This will be used as a source for composing key-protected storage from a single key source.
* Simplify local-backed-session-storage
The new implementation stores each value to a unique location, prefixed with `session_` to help indicate the purpose.
I've also removed the complexity around session keys, favoring passing in a pre-defined value that is determined lazily once for the service worker. This is more in line with how I expect a key-protected storage would work.
* Remove decrypted session flag
This has been nothing but an annoyance. If it's ever added back, it needs to have some way to determine if the session key matches the one it was written with
* Remove unnecessary string interpolation
* Remove sync Lazy
This is better done as a separate class.
* Handle async through type
* prefer two factory calls to incorrect value on races.
* Fix type
* Remove log
* Update libs/common/src/platform/misc/lazy.ts
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
---------
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* Introduce browser large object storage location.
This location is encrypted and serialized to disk in order to allow for storage of uncountable things like vault items that take a significant amount of time to prepare, but are not guaranteed to fit within session storage.
however, limit the need to write to disk is a big benefit, so _most_ things are written to storage.session instead, where things specifically flagged as large will be moved to disk-backed memory
* Store derived values in large object store for browser
* Fix AbstractMemoryStorageService implementation
* PM-6689 - Add security stamp to Token state
* PM-6689 - Remove Security Stamp from account and state service
* PM-6689 - Add security stamp get and set to token service + abstraction + tests
* PM-6689 - Add migration for security stamp, test it, and register it with migrator
* PM-6689 - Update sync service + deps to use token service.
* PM-6689 - Cleanup missed usages of account tokens which has been removed.
* PM-6689 - Per PR feedback, remove unnecessary data migration as the security stamp is only in memory and doesn't need to be migrated.
* [PM-7581] Validate cache state from external contexts within LocalBackedSessionStorage
* [PM-7581] Continuing with exploring refining the LocalBackedSessionStorage
* [PM-7558] Fix Vault Load Times
* [PM-7558] Committing before reworking LocalBackedSessionStorage to function without extending the MemoryStorageService
* [PM-7558] Working through refinement of LocalBackedSessionStorage
* [PM-7558] Reverting some changes
* [PM-7558] Refining implementation and removing unnecessary params from localBackedSessionStorage
* [PM-7558] Fixing logic for getting the local session state
* [PM-7558] Adding a method to avoid calling bypass cache when a key is known to be a null value
* [PM-7558] Fixing tests in a temporary manner
* [PM-7558] Removing unnecessary chagnes that affect mv2
* [PM-7558] Removing unnecessary chagnes that affect mv2
* [PM-7558] Adding partition for LocalBackedSessionStorageService
* [PM-7558] Wrapping duplicate cache save early return within isDev call
* [PM-7558] Wrapping duplicate cache save early return within isDev call
* [PM-7558] Wrapping duplicate cache save early return within isDev call
* PM-7235 - AuthSvc - Refactor getAuthStatus to simply use the cryptoService.hasUserKey check to determine the user's auth status.
* PM-7235 - CryptoSvc - getUserKey - remove setUserKey side effect if auto key is stored. Will move to app init
* PM-7235 - For each client init service, add setUserKeyInMemoryIfAutoUserKeySet logic
* PM-7235 - CryptoSvc tests - remove uncessary test.
* PM-7235 - Create UserKeyInitService and inject into all init services with new listening logic to support acct switching.
* PM-7235 - UserKeyInitSvc - minor refactor of setUserKeyInMemoryIfAutoUserKeySet
* PM-7235 - Add test suite for UserKeyInitService
* PM-7235 - Remove everBeenUnlocked as it is no longer needed
* PM-7235 - Fix tests
* PM-7235 - UserKeyInitSvc - per PR feedback, add error handling to protect observable stream from being cancelled in case of an error
* PM-7235 - Fix tests
* Update libs/common/src/platform/services/user-key-init.service.ts
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
* Update libs/common/src/platform/services/user-key-init.service.ts
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
* PM-7235 - AuthSvc - Per PR review, for getAuthStatus, only check user key existence in memory.
* PM-7235 - remove not useful test per PR feedback.
* PM-7235 - Per PR feedback, update cryptoService.hasUserKey to only check memory for the user key.
* PM-7235 - Per PR feedback, move user key init service listener to main.background instead of init service
* PM-7235 - UserKeyInitSvc tests - fix tests to plass
---------
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
* [PM-5876] Adjust LP Fileless Importer to Suppress Download with DOM Append in Manifest v3
* [PM-5876] Incorporating jest tests for affected logic
* [PM-5876] Fixing jest test that leverages rxjs
* [PM-5876] Updating documentation within BrowserApi.executeScriptInTab
* [PM-5876] Implementing jest tests for the new LP suppress download content scripts
* [PM-5876] Adding a change to webpack to ensure we do not package the mv2 side script for `lp-suppress-import-download.mv2.ts` if building the extension for mv3
* [PM-5876] Implementing changes based on feedback during code review
* [PM-5876] Implementing changes based on feedback during code review
* [PM-5876] Implementing changes based on feedback during code review
* [PM-5876] Implementing changes based on feedback during code review
* [PM-5876] Implementing a configuration to feed the script injection of the Fileless Importer CSV download supression script
* [PM-5744] Adjust injection of `page-script.ts` within FIDO 2 implementation to ensure mv3 compatibility
* [PM-5744] Adjusting structure of manifest.json to clean up implementation and ensure consistency between mv2 and mv3
* [PM-5744] Reverting inclusion of the ConsoleLogService
* [PM-4791] Injected content scripts prevent proper XML file display and disrupt XML responses
* [PM-5744] Adjust FIDO2 content script injection methodology to be compatible with manifest v3
* [PM-5744] Adjusting references to Fido2Service to mirror change of name to Fido2Background
* [PM-5744] Migrating runtime background messages that are associated with Fido2 into Fido2Background
* [PM-5744] Fixing named reference within Fido2Background
* [PM-5744] Migrating all Fido2 messages from the runtime.background.ts script to the fido2.background.ts script
* [PM-5744] Removing unnecessary dependency from runtime background
* [PM-5744] Removing unnecessary dependency from runtime background
* [PM-5744] Reworking how we handle init of Fido2Background
* [PM-5744] Reworking page-script.ts to ensure that it can destory its global values on unload
* [PM-5744] Reworking page-script.ts to ensure that it can destory its global values on unload
* [PM-5744] Implementing separated injection methodology between manifest v2 and v3
* [PM-4791] Adjsuting reference for Fido2 script injection to ensure it only triggers on https protocol types
* [PM-5744] Removing unnecessary message and handling reload of content scripts based on updates on observable
* [PM-5744] Refactoring content-script implementation for fido2
* [PM-5744] Refactoring content-script implementation for fido2
* [PM-5744] Reworking implementation to avoid having multiple contenType checks within the FIDO2 content scripts
* [PM-5744] Re-implementing the messageWithResponse within runtime.background.ts
* [PM-5744] Reverting change to autofill.service.ts
* [PM-5744] Removing return value from runtime.background.ts process message call
* [PM-5744] Reworking how we handle injection of the fido2 page and content script elements
* [PM-5744] Adjusting how we override the navigator.credentials request/reponse structure
* [PM-5744] Working through jest tests for the fido2Background implementation
* [PM-5744] Finalizing jest tests for the Fido2Background implementation
* [PM-5744] Stubbing out jest tests for content-script and page-script
* [PM-5744] Implementing a methodology that allows us to dynamically set and unset content scripts
* [PM-5744] Applying cleanup to page-script.ts to lighten the footprint of the script
* [PM-5744] Further simplifying page-script implementation
* [PM-5744] Reworking Fido2Utils to remove references to the base Utils methods to allow the page-script.ts file to render at a lower file size
* [PM-5744] Reworking Fido2Utils to remove references to the base Utils methods to allow the page-script.ts file to render at a lower file size
* [PM-5744] Implementing the `RegisterContentScriptPolyfill` as a separately compiled file as opposed to an import
* [PM-5744] Implementing methodology to ensure that the RegisterContentScript polyfill is not built in cases where it is not needed
* [PM-5744] Implementing methodology to ensure that the RegisterContentScript polyfill is not built in cases where it is not needed
* [PM-5744] Reverting package-lock.json
* [PM-5744] Implementing a methodology to ensure we can instantiate the RegisterContentScript polyfill in a siloed manner
* [PM-5744] Migrating chrome extension api calls to the BrowserApi class
* [PM-5744] Implementing typing information within the RegisterContentScriptsPolyfill
* [PM-5744] Removing any eslint-disable references within the RegisterContentScriptsPolyfill
* [PM-5744] Refactoring polyfill implementation
* [PM-5744] Refactoring polyfill implementation
* [PM-5744] Fixing an issue where Safari was not resolving the await chrome proxy
* [PM-5744] Fixing jest tests for the page-script append method
* [PM-5744] Fixing an issue found where collection of page details can trigger a context invalidated message when the extension is refreshed
* [PM-5744] Implementing jest tests for the added BrowserApi methods
* [PM-5744] Refactoring Fido2Background implementation
* [PM-5744] Refactoring Fido2Background implementation
* [PM-5744] Adding enums to the implementation for the Fido2 Content Scripts and working through jest tests for the BrowserApi and Fido2Background classes
* [PM-5744] Adding comments to the FIDO2 content-script.ts file
* [PM-5744] Adding jest tests for the Fido2 content-script.ts
* [PM-5744] Adding jest tests for the Fido2 content-script.ts
* [PM-5744] Adding jest tests for the Fido2 page-script.ts
* [PM-5744] Working through an attempt to jest test the page-script.ts file
* [PM-5744] Finalizing jest tests for the page-script.ts implementation
* [PM-5744] Applying stricter type information for the passed params within fido2-testing-utils.ts
* [PM-5744] Adjusting documentation
* [PM-5744] Adjusting implementation of jest tests to use mock proxies
* [PM-5744] Adjusting jest tests to simply implementation
* [PM-5744] Adjust jest tests based on code review feedback
* [PM-5744] Adjust jest tests based on code review feedback
* [PM-5744] Adjust jest tests based on code review feedback
* [PM-5744] Adjusting jest tests to based on feedback
* [PM-5744] Adjusting jest tests to based on feedback
* [PM-5744] Adjusting jest tests to based on feedback
* [PM-5744] Adjusting conditional within page-script.ts
* [PM-5744] Removing unnecessary global reference to the messager
* [PM-5744] Updating jest tests
* [PM-5744] Updating jest tests
* [PM-5744] Updating jest tests
* [PM-5744] Updating jest tests
* [PM-5744] Updating how we export the Fido2Background class
* [PM-5744] Adding duplciate jest tests to fido2-utils.ts to ensure we maintain functionality for utils methods pulled from platform utils
* [PM-5189] Addressing code review feedback
* [PM-5744] Applying code review feedback, reworking obserable subscription within fido2 background
* [PM-5744] Reworking jest tests to avoid mocking `firstValueFrom`
* [PM-5744] Reworking jest tests to avoid usage of private methods
* [PM-5744] Reworking jest tests to avoid usage of private methods
* [PM-5744] Implementing jest tests for the ScriptInjectorService and updating references within the Browser Extension to use the new service
* [PM-5744] Converting ScriptInjectorService to a dependnecy instead of a static class
* [PM-5744] Reworking typing for the ScriptInjectorService
* [PM-5744] Adjusting implementation based on feedback provided during code review
* [PM-5744] Adjusting implementation based on feedback provided during code review
* [PM-5744] Adjusting implementation based on feedback provided during code review
* [PM-5744] Adjusting implementation based on feedback provided during code review
* [PM-5744] Adjusting how the ScriptInjectorService accepts the config to simplify the data structure
* [PM-5744] Updating jest tests to cover edge cases within ScriptInjectorService
* [PM-5744] Updating jest tests to reference the ScriptInjectorService directly rather than the underlying ExecuteScript api call
* [PM-5744] Updating jest tests to reflect provided feedback during code review
* [PM-5744] Updating jest tests to reflect provided feedback during code review
* [PM-5744] Updating documentation based on code review feedback
* [PM-5744] Updating how we extend the abstract ScriptInjectorService
* [PM-5744] Updating reference to the frame property on the ScriptInjectionConfig
* Re-register native messaging host integrations on startup
* Check for errors when generating the manifests
* Add log to component
* Switch to Promise.all
* Add injectable service
* remove active account unlocked from state service
* Remove status from account service `AccountInfo`
* Fixup lingering usages of status
Fixup missed factories
* Fixup account info usage
* fixup CLI build
* Fixup current account type
* Add helper for all auth statuses to auth service
* Fix tests
* Uncomment mistakenly commented code
* Rework logged out account exclusion tests
* Correct test description
* Avoid getters returning observables
* fixup type
* fixed issue with clearing search index state
* Decrease snap description character length to reach 128 limit (#8687)
* clear user index before account is totally cleaned up
* [AC-2436] Fix flashing unassigned items banner (#8689)
* Fix flashing banner for users who shouldn't see it
* Emit the right value the first time
* simplify further
* restore comment
* added logout clear on option
* removed redundant clear index from logout
---------
Co-authored-by: Joseph Flinn <58369717+joseph-flinn@users.noreply.github.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* refactored injector of services on the browser service module
* refactored the search and popup serach service to use state provider
* renamed back to default
* removed token service that was readded during merge conflict
* Updated search service construction on the cli
* updated to use user key definition
* Reafctored all components that refernce issearchable
* removed commented variable
* added uncommited code to remove dependencies not needed anymore
* added uncommited code to remove dependencies not needed anymore
* Enable clearing and retrieving all values from local storage
I didn't add these methods to the base abstract class because we don't currently have a use case for them. If we develop one, we can just lift it up.
* Use new browser local storage methods for reseed task
* Remove the now dangerous methods enabling usage of `chrome.storage`
Any direct reference to chrome storage needs to handle serialization tags, which is best dealt with through the classes implementing `AbstractChromeStorageService`
* create mp and kdf service
* update mp service interface to not rely on active user
* rename observable methods
* update crypto service with new MP service
* add master password service to login strategies
- make fake service for easier testing
- fix crypto service tests
* update auth service and finish strategies
* auth request refactors
* more service refactors and constructor updates
* setMasterKey refactors
* remove master key methods from crypto service
* remove master key and hash from state service
* missed fixes
* create migrations and fix references
* fix master key imports
* default force set password reason to none
* add password reset reason observable factory to service
* remove kdf changes and migrate only disk data
* update migration number
* fix sync service deps
* use disk for force set password state
* fix desktop migration
* fix sso test
* fix tests
* fix more tests
* fix even more tests
* fix even more tests
* fix cli
* remove kdf service abstraction
* add missing deps for browser
* fix merge conflicts
* clear reset password reason on lock or logout
* fix tests
* fix other tests
* add jsdocs to abstraction
* use state provider in crypto service
* inverse master password service factory
* add clearOn to master password service
* add parameter validation to master password service
* add component level userId
* add missed userId
* migrate key hash
* fix login strategy service
* delete crypto master key from account
* migrate master key encrypted user key
* rename key hash to master key hash
* use mp service for getMasterKeyEncryptedUserKey
* fix tests
* fix user key decryption logic
* add clear methods to mp service
* fix circular dep and encryption issue
* fix test
* remove extra account service call
* use EncString in state provider
* fix tests
* return to using encrypted string for serialization
* Replacing state service with state provider
* Documentation indicating the differences between the 2 states used.
* Creating key definition, updating comments, and modifying test cases
* Adding the key definitions tests
* Documenting the observables
* Fixing the test issue with the awaitAsync import
* Removing browser state service stuff for merge fix
* no need to redefine interface members
* Renaming to DefaultBrowserStateService