* [PM-7883] Cleanup/refactor collection-dialog.component
- Add new limitNestedCollections option
- Remove redundant calls to collectionService and collectionAdminService
- Adjust deleted parent logic to account for users that cannot ViewAllCollections
* [PM-7883] Ensure collection management setting is considered when limiting nested collections in the org vault
* initial commit
* Make changes for provider billing details
* replace the hardcoded values with real data
* Apply discount on the displayed amount
* Fix the design issues base on the new design changes
* Fix the design space issue
* Remove unnecessary If statements
* Revert the change
* Remove unnecessary If statements
* Refactoring the discount calculation for easy understanding
* Fix the subscription page issue for existing providers
* Merge branch 'main' into ac-2570-existing-providers-see-new-cb-experience-on-admin-console-org-billing-subscription-page
* Fix pr comment on error if the user isn't a provider user
* Resolve the pr comment on error for non provider user
* Remove unused property
* PM-5501 - VaultTimeoutSettingsSvc - refactor var names in getVaultTimeoutAction
* PM-5501 - Add state definitions and key definitions + test deserialization of key defs.
* PM-5501 - Add state provider dep to VaultTimeoutSettingsSvc
* PM-5501 - Refactor getVaultTimeout
* PM-5501 - VaultTimeoutSettingsService - Build getMaxVaultTimeoutPolicyByUserId helper
* PM-5501 - (1) Update state definitions (2) convert KeyDefs to UserKeyDefs (2) Remove everBeenUnlocked as we won't need it
* PM-5501 - VaultTimeoutSettingsSvc - POC for getVaultTimeoutActionByUserId$ method + new private determineVaultTimeoutAction helper.
* PM-5501 - VaultTimeoutSettingsSvc - build set and observable get methods for vault timeout settings
* PM-5501 - Update web references to use new vault timeout setting service methods
* PM-5501 - VaultTimeoutSettingsSvc - write up abstraction js docs
* PM-5501 - VaultTimeoutSettingsSvc abstraction - finish tweaks
* PM-5501 - VaultTimeoutSettingsSvc - add catchError blocks to observables to protect outer observables and prevent cancellation in case of error.
* PM-5501 - Remove vault timeout settings from state service implementation.
* PM-5501 - VaultTimeoutSettingsServiceStateProviderMigrator first draft
* PM-5501 - WIP - replace some state service calls with calls to vault timeout settings svc.
* PM-5501 - Replace state service calls in login strategies to get vault timeout settings data with VaultTimeoutSettingsService calls.
* PM-5501 - Fix login strategy tests
* PM-5501 - Update login strategy tests to pass
* PM-5501 - CryptoSvc - share VaultTimeout user key def to allow crypto svc access to the vault timeout without creating a circular dep.
* PM-5501 - Fix dependency injections.
* PM-5501 - ApiSvc - replace state svc with vault timeout settings svc.
* PM-5501 - VaultTimeoutSettingsServiceStateProviderMigrator more cleanup
* PM-5501 - Test VaultTimeoutSettingsServiceStateProviderMigrator
* PM-5501 - VaultTimeoutSettingsSvc tests updated
* PM-5501 - Update all setVaultTimeoutOptions references
* PM-5501 - VaultTimeoutSettingsSvc - Update setVaultTimeoutOptions to remove unnecessary logic and clean up clearTokens condition.
* PM-5501 - Fix vault timeout service tests
* PM-5501 - Update VaultTimeoutSettings state tests to pass
* PM-5501 - Desktop - system svc - fix build by replacing use of removed method.
* PM-5501 - Fix CLI by properly configuring super class deps in NodeApiService
* PM-5501 - Actually finish getitng deps fixed to get CLI to build
* PM-5501 - VaultTimeoutSettingsSvc.determineVaultTimeoutAction - pass userId to getAvailableVaultTimeoutActions to prevent hang waiting for an active user.
* PM-5501 - VaultTimeoutSettingSvc test - enhance getVaultTimeoutActionByUserId$ to also test PIN scenarios as an unlock method
* PM-5501 - bump migration version
* PM-5501 - Refactor migration to ensure the migration persists null vault timeout values.
* PM-5501 - Bump migration version
* PM-5501 - Fix web build issues introduced by merging main.
* PM-5501 - Bump migration version
* PM-5501 - PreferencesComponent - revert dep change from InternalPolicyService to standard PolicyService abstraction
* PM-5501 - Address all PR feedback from Jake
Co-authored-by: Jake Fink <jfink@bitwarden.com>
* PM-5501 - VaultTimeoutSettingsSvc tests - add tests for setVaultTimeoutOptions
* PM-5501 - VaultTimeoutSettingsSvc - setVaultTimeoutOptions - Update tests to use platform's desired syntax.
* PM-5501 - Fix tests
* PM-5501 - Create new VaultTimeout type
* PM-5501 - Create new DEFAULT_VAULT_TIMEOUT to allow each client to inject their default timeout into the VaultTimeoutSettingService
* PM-5501 - Migrate client default vault timeout to new injection token
* PM-5501 - Update VaultTimeoutSettingsSvc to use VaultTimeout type and apply default vault timeout if it is null.
* PM-5501 - Update vaultTimeout: number to be vaultTimeout: VaultTimeout everywhere I could find it.
* PM-5501 - More changes based on changing vaultTimeout from number to VaultTimeout type.
* PM-5501 - VaultTimeoutSvc - Update shouldLock logic which previously checked for null (never) or any negative values (any strings except never) with a simple string type check.
* PM-5501 - More cleanup of vaultTimeout type change - replacing null checks with "never" checks
* PM-5501 - VaultTimeoutSettingsSvc - refactor determineVaultTimeout to properly treat string and numeric vault timeouts.
* PM-5501 - Update vault timeout settings service tests to reflect new VaultTimeout type.
* PM-5501 - VaultTimeoutSettingsService - add more test cases for getVaultTimeoutByUserId
* PM-5501 - (1) Remove "immediately" as 0 is numerically meaningful and can be used with Math.min (2) Add VaultTimeoutOption interface for use in all places we show the user a list of vault timeout options.
* PM-5501 - VaultTimeoutSettingSvc - update tests to use 0 as immediately.
* PM-5501 - VaultTimeoutInputComp - Add new types and update applyVaultTimeoutPolicy logic appropriately.
* PM-5501 - Add new types to all preferences and setting components across clients.
* PM-5501 - Fix bug on web where navigating to the preferences page throws an error b/c the validatorChange function isn't defined.
* PM-5501 - WIP on updating vault timeout setting migration and rollback + testing it.
* PM-5501 - Update VaultTimeoutSettingsSvc state provider migration and tests to map existing possible values into new VaultTImeout type.
* PM-5501 - Fix vault timeout settings state tests by changing number to new VaultTimeout type.
* PM-5501 - Fix crypto svc auto key refresh test to use "never" instead of null.
* PM-5501 - Add clarifying comment to vaulttimeout type
* PM-5501 - Desktop app comp - replace systemTimeoutOptions with vault timeout type.
* PM-5501 - Update vault timeout service tests to use VaultTimeout type.
* PM-5501 - VaultTimeoutSettingsSvc - (1) Fix bug where vault timeout action didn't have a default like it did before (2) Fix bug in userHasMasterPassword where it would incorrectly return the active user stream for a given user id as a fallback. There is no guarantee the given user would match the active user so the paths are mutually exclusive.
* PM-5501 - Login Strategy fix - Move retrieval of vault timeout settings and setting of the tokens until after account init and user decryption options set as those opts are needed to properly determine the user's available vault timeout actions.
* PM-5501 - Fix vault timeout settings svc tests
* PM-5501 - VaultTimeoutSettingSvc - move default logic to determine methods + refactor default vault timeout action to properly default to lock in scenarios the user has lock available.
* Update libs/angular/src/components/settings/vault-timeout-input.component.ts
Co-authored-by: Cesar Gonzalez <cesar.a.gonzalezcs@gmail.com>
* PM-5501 - Per PR feedback, cleanup commented out vault timeout options
* PM-5501 - Fix vault timeout input comp lint issues
* PM-5501 - Per PR feedback from Cesar, update VaultTimeout type to use const so we can avoid any magic string usage. Awesome.
Co-authored-by: Cesar Gonzalez <cesar.a.gonzalezcs@gmail.com>
* PM-5501 - CLI - use "never" as default vault timeout instead of null.
* PM-5501 - Fix broken tests
* PM-5501 - Bump migration version
* PM-5501 - Fix build errors after merging main.
* PM-5501 - Update mockMigrationHelper to pass along client type so tests will respect it.
* PM-5501 - Update VaultTimeoutSettingsServiceStateProviderMigrator and tests to use new CLI client type to convert undefined values to never so that CLI users don't lose their session upon running this migration.
* PM-5501 - Bump migration version
* PM-5501 - Fix migration tests to use new authenticated user format
* PM-5501 Update rollback tests
* PM-5501 - Adjust migration based on feedback.
* PM-5501 - Per Jake's find, fix missed -2
Co-authored-by: Jake Fink <jfink@bitwarden.com>
* PM-5501 - Add user id to needsStorageReseed.
Co-authored-by: Jake Fink <jfink@bitwarden.com>
* PM-5501 - Per PR feedback, setVaultTimeoutOptions shouldn't accept null for vault timeout anymore.
* PM-5501 - Per PR feedback, add null checks for set methods for setting vault timeout or vault timeout action.
* PM-5501 - Per PR feedback, add more context as to why we need vault timeout settings to persist after logout.
* PM-5501 - Per PR feedback, fix userHasMasterPassword
* PM-5501 - VaultTimeoutSettingsService - fix userHasMasterPassword check by checking for null decryption options.
* PM-5501 - Remove state service from vault timeout settings service (WOOO)
* PM-5501 - Bump migration version
* PM-5501 - Account Security comp - refactor to consider ease of debugging.
* PM-5501 - (1) Add checks for null vault timeout and vault timeout actions (2) Add tests for new scenarios.
* PM-5501 - VaultTimeoutSettingsSvc - setVaultTimeoutOptions - fix bug where nullish check would throw incorrectly if immediately (0) was picked as the timeout.
* PM-5501 - Per PR feedback, clean up remaining token service methods which accept null for timeout and add tests. .
* PM-5501 - Fix nit
---------
Co-authored-by: Jake Fink <jfink@bitwarden.com>
Co-authored-by: Cesar Gonzalez <cesar.a.gonzalezcs@gmail.com>
* [AC-2484] Fix bug where Custom Users with "Delete any collection" permission incorrectly see "Can Edit" permission for Unassigned Collection
* [AC-2484] Undo change on permission tooltip permission check
* [AC-2484] Fix permission text for unassigned collection
* move pinKeyEncryptedUserKey
* move pinKeyEncryptedUserKeyEphemeral
* remove comments, move docs
* cleanup
* use UserKeyDefinition
* refactor methods
* add migration
* fix browser dependency
* add tests for migration
* rename to pinService
* move state to PinService
* add PinService dep to CryptoService
* move protectedPin to state provider
* update service deps
* renaming
* move decryptUserKeyWithPin to pinService
* update service injection
* move more methods our of crypto service
* remove CryptoService dep from PinService and update service injection
* remove cryptoService reference
* add method to FakeMasterPasswordService
* fix circular dependency
* fix desktop service injection
* update browser dependencies
* add protectedPin to migrations
* move storePinKey to pinService
* update and clarify documentation
* more jsdoc updates
* update import paths
* refactor isPinLockSet method
* update state definitions
* initialize service before injecting into other services
* initialize service before injecting into other services (bw.ts)
* update clearOn and do additional cleanup
* clarify docs and naming
* assign abstract & private methods, add clarity to decryptAndMigrateOldPinKeyEncryptedMasterKey() method
* derived state (attempt)
* fix typos
* use accountService to get active user email
* use constant userId
* add derived state
* add get and clear for oldPinKeyEncryptedMasterKey
* require userId
* move pinProtected
* add clear methods
* remove pinProtected from account.ts and replace methods
* add methods to create and store pinKeyEncryptedUserKey
* add pinProtected/oldPinKeyEncrypterMasterKey to migration
* update migration tests
* update migration rollback tests
* update to systemService and decryptAndMigrate... method
* remove old test
* increase length of state definition name to meet test requirements
* rename 'TRANSIENT' to 'EPHEMERAL' for consistency
* fix tests for login strategies, vault-export, and fake MP service
* more updates to login-strategy tests
* write new tests for core pinKeyEncrypterUserKey methods and isPinSet
* write new tests for pinProtected and oldPinKeyEncryptedMasterKey methods
* minor test reformatting
* update test for decryptUserKeyWithPin()
* fix bug with oldPinKeyEncryptedMasterKey
* fix tests for vault-timeout-settings.service
* fix bitwarden-password-protected-importer test
* fix login strategy tests and auth-request.service test
* update pinService tests
* fix crypto service tests
* add jsdoc
* fix test file import
* update jsdocs for decryptAndMigrateOldPinKeyEncryptedMasterKey()
* update error messages and jsdocs
* add null checks, move userId retrievals
* update migration tests
* update stateService calls to require userId
* update test for decryptUserKeyWithPin()
* update oldPinKeyEncryptedMasterKey migration tests
* more test updates
* fix factory import
* update tests for isPinSet() and createProtectedPin()
* add test for makePinKey()
* add test for createPinKeyEncryptedUserKey()
* add tests for getPinLockType()
* consolidate userId verification tests
* add tests for storePinKeyEncryptedUserKey()
* fix service dep
* get email based on userId
* use MasterPasswordService instead of internal
* rename protectedPin to userKeyEncryptedPin
* rename to pinKeyEncryptedUserKeyPersistent
* update method params
* fix CryptoService tests
* jsdoc update
* use EncString for userKeyEncryptedPin
* remove comment
* use cryptoFunctionService.compareFast()
* update tests
* cleanup, remove comments
* resolve merge conflict
* fix DI of MasterPasswordService
* more DI fixes
* [AC-1707] Add feature flag
* [AC-1707] Prevent loading ciphers for provider users in the org vault when the feature flag is enabled
* [AC-1707] Ensure new canEditAllCiphers logic only applies to organizations that have FC enabled
* [AC-1707] Update editAllCiphers helper to check for restrictProviderAccess feature flag
* [AC-1707] Remove un-used vaultFilterComponent reference
* [AC-1707] Hide vault filter for providers
* [AC-1707] Add search to vault header for provider users
* [AC-1707] Hide New Item button for Providers when restrict provider access feature flag is enabled
* [AC-1707] Remove leftover debug statement
* [AC-1707] Update canEditAllCiphers references to consider the restrictProviderAccessFlag
* [AC-1707] Fix collections component changes from main
* [AC-1707] Fix some feature flag issues from merge with main
* [AC-1707] Avoid 'readonly' collection dialog for providers
* [AC-1707] Fix broken Browser component
* [AC-1707] Fix broken Desktop component
* [AC-1707] Add restrict provider flag to add access badge logic
* [AC-2555] Fix missing feature flags in CollectionsComponent
* [AC-2555] Do not filter collections when opening the cipher collections dialog in the org vault
* Ensure AuthStatus Changes Before Exiting
* Do Not Display Account Without Name Or Email
* Fix Environment Selectors
* Add AccountService.clean to Web
* Update Emergency Access To Get Their Own Key
* Migrate Organization Keys To Get Their Own Key
* Remove Optional Parameters
* Update Abstraction Parameter Name to Match Implementation
* Add @throws Doc
* Update Group modal -> Collections tab to respect collection management settings,
e.g. only allow admins to assign access to collections they can manage
* Update collectionAdminView getters for custom permissions
* [AC-1623] Remove cloneableOrganizationCiphers property
and update canClone to reflect new clone permission logic
* [AC-1623] Remove allowOwnershipAssignment override in orgVault as the same restrictions apply to both vaults
* [AC-1623] Ensure ownershipOptions are restricted for non-admins when cloning an org cipher item
* Use account service to track accounts and active account
* Remove state service active account Observables.
* Add email verified to account service
* Do not store account info on logged out accounts
* Add account activity tracking to account service
* Use last account activity from account service
* migrate or replicate account service data
* Add `AccountActivityService` that handles storing account last active data
* Move active and next active user to account service
* Remove authenticated accounts from state object
* Fold account activity into account service
* Fix builds
* Fix desktop app switch
* Fix logging out non active user
* Expand helper to handle new authenticated accounts location
* Prefer view observable to tons of async pipes
* Fix `npm run test:types`
* Correct user activity sorting test
* Be more precise about log out messaging
* Fix dev compare errors
All stored values are serializable, the next step wasn't necessary and was erroring on some types that lack `toString`.
* If the account in unlocked on load of lock component, navigate away from lock screen
* Handle no users case for auth service statuses
* Specify account to switch to
* Filter active account out of inactive accounts
* Prefer constructor init
* Improve comparator
* Use helper methods internally
* Fixup component tests
* Clarify name
* Ensure accounts object has only valid userIds
* Capitalize const values
* Prefer descriptive, single-responsibility guards
* Update libs/common/src/state-migrations/migrate.ts
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* Fix merge
* Add user Id validation
activity for undefined was being set, which was resulting in requests for the auth status of `"undefined"` (string) userId, due to key enumeration. These changes stop that at both locations, as well as account add for good measure.
---------
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* PM-7811 - Refactor UserKeyInitService to UserAutoUnlockKeyService - remove active account listening logic as it introduced race conditions with user key memory retrieval happening before the user auto unlock key was set into memory.
* PM-7811 - CLI - (1) Fix deps (2) On CLI init (pre command execution), if there is an active account, then set the user key in memory from the user auto unlock key.
* PM-7811 - Browser Extension / desktop - (1) Update deps (2) Sets user key in memory if the auto unlock key is set on account switch and background init (must act on all accounts so that account switcher displays unlock status properly).
* PM-7811 - Web - (1) Update deps (2) Sets user key in memory if the auto unlock key is set on init
* PM-7811 - Fix account switcher service changes not being necessary.