* Send all saved url to autofill script
* Handle array of matched urls in content script
* Prompt at most once to override insecure autofill
* Do not send never match URIs to content script
We know these URIs did not cause the autofill match, so we
can safely remove these from the list of potential matches.
* more css changes
* add icon button hover
* Update apps/browser/src/popup/scss/box.scss
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* Update apps/desktop/src/scss/box.scss
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* feedback updates
* restore desktop pseudo rule
* update to include some variable fixes and deletions
* updates per oscar
* feedback updates
more universal variable, adjusted box padding (per Kyle), and aligned footer text
* changes per product design
added border for selects, border around generator, and hover for solarizeddark
* add more helper text space below for visual separation
* group new variable
* login page button fix
Dflinn found an odd margin on the login page
* Revert "Merge branch 'master' into browser-ext-ui-update-test"
This reverts commit b8007102f9, reversing
changes made to 246768cb12.
* fix button height
* revert file changes
* test adjustments
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com>
* community PR reviewed, Update search cancel button to be visible in all themes
* community PR reviewed, Update search cancel button to be visible in all themes 2
* [SG-163] Two step login flow web (#3648)
* two step login flow
* moved code from old branch and reafctored
* fixed review comments
* [SG-164] Two Step Login Flow - Browser (#3793)
* Add new messages
* Remove SSO button from home component
* Change create account button to text
* Add top padding to create account link
* Add email input to HomeComponent
* Add continue button to email input
* Add form to home component
* Retreive email from state service
* Redirect to login after submit
* Add error message for invalid email
* Remove email input from login component
* Remove loggingInTo from under MP input
* Style the MP hint link
* Add self hosted domain to email form
* Made the mp hint link bold
* Add the new login button
* Style app-private-mode-warning in its component
* Bitwarden -> Login text change
* Remove the old login button
* Cancel -> Close text change
* Add avatar to login header
* Login -> LoginWithMasterPassword text change
* Add SSO button to login screen
* Add not you button
* Allow all clients to use the email query param on the login component
* Introduct HomeGuard
* Clear remembered email when clicking Not You
* Make remember email opt-in
* Use formGroup.patchValue instead of directly patching individual controls
* [SG-165] Desktop login flow changes (#3814)
* two step login flow
* moved code from old branch and reafctored
* fixed review comments
* Make toggleValidateEmail in base class public
* Add desktop login messages
* Desktop login flow changes
* Fix known device api error
* Only submit if email has been validated
* Clear remembered email when switching accounts
* Fix merge issue
* Add 'login with another device' button
* Remove 'log in with another device' button for now
* Pin login pag content to top instead of center justified
* Leave email if 'Not you?' is clicked
* Continue when enter is hit on email input
Co-authored-by: gbubemismith <gsmithwalter@gmail.com>
* [SG-750] and [SG-751] Web two step login bug fixes (#3843)
* Continue when enter is hit on email input
* Mark email input as touched on 'continue' so field is validated
* disable login with device on self-hosted (#3895)
* [SG-753] Keep email after hint component is launched in browser (#3883)
* Keep email after hint component is launched in browser
* Use query params instead of state for consistency
* Send email and rememberEmail to home component on navigation (#3897)
* removed avatar and close button from the password screen (#3901)
* [SG-781] Remove extra login page and remove rememberEmail code (#3902)
* Remove browser home guard
* Always remember email for browser
* Remove login landing page button
* [SG-782] Add login service to streamline login form data persistence (#3911)
* Add login service and abstraction
* Inject login service into apps
* Inject and use new service in login component
* Use service in hint component to prefill email
* Add method in LoginService to clear service values
* Add LoginService to two-factor component to clear values
* make login.service variables private
Co-authored-by: Gbubemi Smith <gsmith@bitwarden.com>
Co-authored-by: Addison Beck <addisonbeck1@gmail.com>
Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
Co-authored-by: gbubemismith <gsmithwalter@gmail.com>
* Add item decryption to encryptService
* Create multithreadEncryptService subclass to handle web workers
* Create encryption web worker
* Refactor cipherService to use new interface
* Update dependencies
* feat(browser): implement theming for notification bar
* refactor(browser): split notification bar function
* refactor(browser): use own method for getCurrentTheme
* chore(browser): add close.svg file as an asset
this file is embedded in apps/browser/src/notification/bar.html
* feat(browser): change textContrast color on primary buttons
* feat(browser): use dedicated color variable for close button
* feat(browser): use textColor for close button
* feat(browser): implement styling for select fields
* feat(browser): improve close button styling, add hover effect
* PS-976 - when user has cipher readonly permissions, prevent user from editing cipher fields and make separate api call that only updates Favorite and Folder values
* PS-976 - in the readonly edit cipher view, hide non-operable buttons and display select values as readonly input text
* PS-976 - update failing test
* PS-976 - split cipher saveWithServer call into Create and Update calls
* PS-976 - replace property with function call to get the card expiration month for the readonly view
* MM-976 - when user has readonly permissions hide "delete" button on View Item view, hide generate username/password buttons on Edit Item view
* PS-976 - rename cipherPartialRequest file to align with new naming convention
* Do not autofill if sandboxed
`self.origin` is 'null' if inside a frame with sandboxed csp or iframe tag
* Update apps/browser/src/content/autofill.js
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* Record changes in autofill.js
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* Initial - add folder id to popup item view
* Add folder service to view component
* Move folder info higher in the item view as proper box
* Add folder name handling to component
* Add folder field to browser view
* Add folder field to desktop view
* Make folder field draggable
following the merging of https://github.com/bitwarden/clients/pull/3321 also make the folder field draggable
* Use `<label>` and readonly `<input>`
In anticipation of https://github.com/bitwarden/clients/pull/3485 being merged
* Changes from review
- change input name to `folderName`, match it in the `for` attribute on the `<label>`
- add an `if` check before querying folder names
* Match `name` to `id`
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* Add needed factories for AuthService
WIP: Allow console logs
* Add badge updates
* Init by listener
* Improve tab identification
* Define MV3 background init
* Init services in factories.
Requires conversion of all factories to promises.
We need to initialize in factory since the requester of a service
doesn't necessarily know all dependencies for that service. The only
alternative is to create an out parameter for a
generated init function, which isn't ideal.
* Improve badge setting
* Use `update-badge` in mv2 and mv3
Separates menu and badge updates
* Use update-badge everywhere
* Use BrowserApi where possible
* Update factories
* Merge duplicated methods
* Continue using private mode messager for now
* Add static platform determination.
* Break down methods and extract BrowserApi Concerns
* Prefer strict equals
* Init two-factor service in factory
* Use globalThis types
* Prefer `globalThis`
* Use Window type definition updated with Opera
Co-authored-by: Justin Baur <justindbaur@users.noreply.github.com>
* Distinguish Opera from Safari
Opera includes Gecko, Chrome, Safari, and Opera in its user agent. We need to make sure that
we're not in Opera prior to testing Safari.
* Update import
* Initialize search-service for update badge context
* Build all browser MV3 artifacts
only uploading Chrome, Edge and Opera artifacts for now, as those support manifest V3
Also corrects build artifact to lower case.
* Remove individual dist
Co-authored-by: Justin Baur <justindbaur@users.noreply.github.com>
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* Add generate command
* Add JSDoc
* Minor improvements
* Remove unneeded comment
* Make some properties optional
* Remove main.background.ts changes
* One more
* Lint
* Make all but length optional
* Address PR feedback
* Move generate command code to command
* Address PR feedback
* Use new alarm scheme
* Let feature handle state keys
Moves to a feature folder and creates clipboard-module level state
handler functions.
StateService is being paired down to storage routing, so we are handling storage
specifics in-module.
Co-authored-by: Justin Baur <justindbaur@users.noreply.github.com>
Co-authored-by: Daniel Smith <djsmith85@users.noreply.github.com>
* Missed some changes
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
Co-authored-by: Justin Baur <justindbaur@users.noreply.github.com>
Co-authored-by: Daniel Smith <djsmith85@users.noreply.github.com>
* Add CreationDate to common libs
* Add CreationDate to Browser
* Add CreationDate to CLI
* Add CreationDate to Desktop
* Add CreationDate to Web
* Update tests
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
Copy updated. Transition browser strings to use sentence case for all UI elements, except the following terms:
• Branded Names: Provider(s) + Provider Portal, Send(s) + Send, Directory Connector
• Plan Names: Premium, Families, Teams, Enterprise
* Add windows to platform utils service
Note, this will result in conflicts with several in-flight PRs, but is necessary for following commits.
* Add necessary background service factories
* Simplify autofill command
* Remove noop event service
* Added abstractions for PolicyApiService and PolicyService
* Added implementations for PolicyApiService and PolicyService
* Updated all references to new PolicyApiService and PolicyService
* Deleted old PolicyService abstraction and implementation
* Fixed CLI import path for policy.service
* Fixed main.background.ts policyApiService dependency for policyService
* Ran prettier
* Updated policy-api.service with the correct imports
* [EC-377] Removed methods from StateService that read policies
* [EC-377] Updated policy service getAll method to use observable collection
* [EC-377] Added first unit tests for policy service
* [EC-377] Added more unit tests for Policy Service
* [EC-376] Sorted methods order in PolicyApiService
* [EC-376] Removed unused clearCache method from PolicyService
* [EC-376] Added upsert method to PolicyService
* [EC-376] PolicyApiService putPolicy method now upserts data to PolicyService
* [EC-377] Removed tests for deleted clearCache method
* [EC-377] Added unit test for PolicyService.upsert
* [EC-377] Updated references to state service observables
* [EC-377] Removed getAll method from PolicyService and refactored components to use observable collection
* [EC-377] Updated components to use concatMap instead of async subscribe
* [EC-377] Removed getPolicyForOrganization from policyApiService
* [EC-377] Updated policyAppliesToUser to return observable collection
* [EC-377] Changed policyService.policyAppliesToUser to return observable
* [EC-377] Fixed browser settings.component.ts getting vault timeout
* Updated people.component.ts to get ResetPassword policy through a subscription
* [EC-377] Changed passwordGenerationService.getOptions to return observable
* [EC-377] Fixed CLI generate.command.ts getting enforcePasswordGeneratorPoliciesOnOptions
* [EC-377] Fixed eslint errors on rxjs
* [EC-377] Reverted changes on passwordGeneration.service and vaultTimeout.service
* [EC-377] Removed eslint disable on web/vault/add-edit-component
* [EC-377] Changed AccountData.policies to TemporaryDataEncryption
* [EC-377] Updated import.component to be reactive to policyAppliesToUser$
* [EC-377] Updated importBlockedByPolicy$
* [EC-377] Fixed missing rename
* [EC-377] Updated policyService.masterPasswordPolicyOptions to return observable
* [EC-377] Fixed vaultTimeout imports from merge
* [EC-377] Reverted call to passwordGenerationService.getOptions
* [EC-377] Reverted call to enforcePasswordGeneratorPoliciesOnOptions
* [EC-377] Removed unneeded ngOnDestroy
* Apply suggestions from code review
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* [EC-377] Fixed login.component.ts and register.component.ts
* [EC-377] Updated PolicyService to update vaultTimeout
* [EC-377] Updated PolicyService dependencies
* [EC-377] Renamed policyAppliesToUser to policyAppliesToActiveUser
* [EC-377] VaultTimeoutSettings service now gets the vault timeout directly instead of using observables
* [EC-377] Fixed unit tests by removing unneeded vaultTimeoutSettingsService
* [EC-377] Set getDecryptedPolicies and setDecryptedPolicies as deprecated
* [EC-377] Set PolicyService.getAll as deprecated and updated to use prototype.hasOwnProperty
* [EC-565] Reverted unintended change to vaultTimeoutSettings that was causing a bug to not display the correct vault timeout
* [EC-377] Removed unneeded destroy$ from preferences.component.ts
* [EC-377] Fixed policy.service.ts import of OrganizationService
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
Co-authored-by: mimartin12 <77340197+mimartin12@users.noreply.github.com>
* Fix async subscribe
* Revert "[PS-1066] Browser and Desktop - SSO User does not see Update Master Password screen after Owner does a Admin Password Reset (#3207)"
This reverts commit 0eda418591.
* Make totp countdown `aria-hidden`, add copy of countdown as `sr-only` inside totp button, only make it conditionally "exist" on parent focus
* Make exact same changes to desktop totp
* Tweak copy button accessible name approach
instead of `aria-label`, which overrides the content of the button and, because JAWS has trouble announcing the live region in the desktop app, results in JAWS not announcing ANY countdown at all, this at least announces the current countdown number when the button receives focus in JAWS
* Add `aria-atomic="true"`
avoid JAWS/Firefox only announcing the specific digit that updates, rather than the number as a whole
* Update, run prettier, lint
* Remove orphaned jslibs
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* Update imports
* Implement observables in a few places
* Add tests
* Get all clients working
* Use _destroy
* Address PR feedback
* Address PR feedback
* Address feedback
* passwordless login page redesign
* passwordless login page redesign
* restyled login form to use tailwind
* restyled login form to use tailwind
* moved texts on login device template to locales
* made reactive form changes for clients
* added request model
* made more changes
* added implmentation to auth request api
* fixed refrencing issue
* renamed model property
* Added resend notification functionality
* Added new file
* login with device first draft
* login with device first draft
* login with device first draft
* login with device first draft
* connection to anonymous hub
* connection to anonymous hub
* refactored confirm login response
* removed comment
* cleaned up login
* changed uptyped form builder
* changed uptyped form builder
* [SG-168] Update login strategy with passwordless login credentials.
* [SG-168] Removed logs. Changed inputs for passwordless logic strategy. Removed tokenRequestPasswordless it is using the same as password.
* code cleanup
* code cleanup
* removed login with device from self hosted
* fixed PR comments
* added module for login
* fixed post request bug
* added feature flag
* added feature flag
* added feature flag
Co-authored-by: André Bispo <abispo@bitwarden.com>
* Clean up dangling behaviorSubject
* Handle null in utils
* fix null check
* Await promises, even in async functions
* Add to/fromJSON methods to State and Accounts
This is needed since all storage in manifest v3 is key-value-pair-based
and session storage of most data is actually serialized into an
encrypted string.
* Simplify AccountKeys json parsing
* Fix account key (de)serialization
* Remove unused DecodedToken state
* Correct filename typo
* Simplify keys `toJSON` tests
* Explain AccountKeys `toJSON` return type
* Remove unnecessary `any`s
* Remove unique ArrayBuffer serialization
* Initialize items in MemoryStorageService
* Revert "Fix account key (de)serialization"
This reverts commit b1dffb5c2c, which was breaking serializations
* Move fromJSON to owning object
* Add DeepJsonify type
* Use Records for storage
* Add new Account Settings to serialized data
* Fix failing serialization tests
* Extract complex type conversion to helper methods
* Remove unnecessary decorator
* Return null from json deserializers
* Remove unnecessary decorators
* Remove obsolete test
* Use type-fest `Jsonify` formatting rules for external library
* Update jsonify comment
Co-authored-by: @eliykat
* Remove erroneous comment
* Fix unintended deep-jsonify changes
* Fix prettierignore
* Fix formatting of deep-jsonify.ts
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* fixing the bug ps-1319 by using ellipsis pipe which deafultg 25 character length
* pass 20 as the limit length instead default 25
Co-authored-by: dynwee <onwudiweokeke@gmail.com>
* PS-1111 Added prefix "Vault:" for accessibility to vault selector items
* improved html readability
* PS-1111 Added more screen reader accessibility data to the Vault selector on Desktop and Web clients
* PS-1111 removed duplicated aria-label
* PS-1111 Removed unnecessary aria-label attribute
* PS-1111 Changed browser vault item accessibility title from span to button
* Removed logic for keyboard shortcuts specific to Vivaldi
* Removed shortcut.ts and related parts
* Removed dependency on mousetrap
* Safari: Remove sidebar_action and_execute_sidebar_action from manifest.json
* Rebuilt package-lock.json
* Fixed merge issue from pulling master
* Add structure to display server version on browser
* Add getConfig to State Service interface
* Clean up settings component code
* Switch to ServerConfig, use Observables in the ConfigService, and more
* Fix runtime error
* Sm 90 addison (#3275)
* Use await instead of then
* Rename stateServerConfig -> storedServerConfig
* Move config validation logic to the model
* Use implied check for undefined
* Rename getStateServicerServerConfig -> buildServerConfig
* Rename getApiServiceServerConfig -> pollServerConfig
* Build server config in async
* small fixes and add last seen text
* Move config server to /config folder
* Update with concatMap and other changes
* Config project updates
* Rename fileds to convention and remove unneeded migration
* Update libs/common/src/services/state.service.ts
Update based on Oscar's recommendation
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* Update options for Oscar's rec
* Rename abstractions to abstracitons
* Fix null issues and add options
* Combine classes into one file, per Oscar's rec
* Add null checking
* Fix dependency issue
* Add null checks, await, and fix date issue
* Remove unneeded null check
* In progress commit, unsuitable for for more than dev env, just backing up changes made with Oscar
* Fix temp code to force last seen state
* Add localization and escapes in the browser about section
* Call complete on destroy subject rather than unsubscribe
* use mediumDate and formatDate for the last seen date messaging
* Add ThirdPartyServerName in example
* Add deprecated note per Oscar's comment
* [SM-90] Change to using a modal for browser about (#3417)
* Fix inconsistent constructor null checking
* ServerConfig can be null, fixes this
* Switch to call super first, as required
* remove unneeded null checks
* Remove null checks from server-config.data.ts class
* Update via PR comments and add back needed null check in server conf obj
* Remove type annotation from serverConfig$
* Update self-hosted to be <small> per design decision
* Re-fetch config every hour
* Make third party server version <small> and change wording per Oscar's PR comment
* Add expiresSoon function and re-fetch if the serverConfig will expire soon (older than 18 hours)
* Fix misaligned small third party server message text
Co-authored-by: Addison Beck <addisonbeck1@gmail.com>
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
Allowing whitespace to wrap solves the issue of long link/button text awkwardly breaking out of controls
Widening desktop "pages" prevents some unnecessary wrapping in places like the "Create account" button on the login screen, whose content is slightly wider than it should be (but this is currently masked by the `nowrap`)
Closes https://github.com/bitwarden/clients/issues/2620
* Register Arabic language with native name
* Register Arabic language for web vault
* Register Arabic language for browser
* Register Arabic language for desktop
* Extract into new VaultTimeoutSettingsService
* Ensure new service is instantiated and registered for DI
* Create vaultTimeoutSettingsServiceFactory
* Fix VaultTimeoutServiceFactory
* Remove any and use void instead
* Move vaultTimeoutAbstraction into it's own folder
* Move vaultTimeout service into it's own folder
* Added vaultTimeoutServiceFactory and it's missing dependencies
* Add more factories
Revert main.background factory usage.
We could still do this, but factories must init their services and so need
to be async, which is not compatible with initializing in constructors
* Fix conflicts
* Remove cast to any as Utils.gobal got typed with #3131
* BitwardenFileUploadService: Remove unneeded dependency
* Remove allowSoftLock from vaultTimeoutService
* ImportService: Remove dependency on PlatformUtilsSvc
* Add `role="group"` and accName to URI and custom field groups (browser)
Provides more context when editing fields (to understand what the remove, options, etc buttons are all about)
* Add `aria-describedby` to custom field value fields (browser)
provides further context other than the generic "Value" label
* Add `role="group"` and accName to URI and custom field groups, add `aria-describedby` to custom field value fields (desktop)
* Add `role="group"` and accName to URI and custom field groups, add `aria-describedby` to custom field value fields (web)
* Use `attr.aria-label` instead of `appA11yTitle`
don't need/want the tooltips appearing everywhere
* Register basque language with native name
* Register basque language for web vault
* Register basque language for browser
* Register basque language for desktop
* Create service factories
* Add onInstall hook to service worker
* Add factory helper and common options structure
* Use factories in main.background
* simplify common factory options
* Split factory service cache and options.
Improve factory method base type handling.
* Add dev flag for managed environment.
* Remove appBlurClick throughout the popup code
`appBlurClick` leads to focus being lost/reset for assistive technology users. It should not be necessary in any case - if focus does need to move after an action, explicitly set it somewhere programmatically using `focus()` rather than relying on browser heuristics
* Remove now redundant blur-click directive
* Add extra margin for desktop settings expanded header buttons
* Only change box-header-expandable background on `:focus-visible` not `:focus`
Avoids having the background colour "stick" when clicking with the mouse until you click somewhere else
* Create sessions sync structure
* Add observing to session-syncer
* Do not run syncer logic in decorator tests
* Extract test constants
* Change Observables to BehaviorSubject
* Move sendMessage to static method in BrowserApi
* Implement session sync
* only watch in manifest v3
* Use session sync on folder service
* Add array observable sync
* Bypass cache on update from message
* Create feature and dev flags for browser
* Protect development-only methods with decorator
* Improve todo comments for long-term residency
* Use class properties in init
* Do not reuse mocks
* Use json (de)serialization patterns
* Fix failing session storage in dev environment
* Split up complex EncString constructor
* Default false for decrypted session storage
* Try removing hydrate EncString method
* PR review
* PR test review
* Create base jest.config file
* Fix various tests that were broken
* Add maxWorkers to jest config
* Undo change to testEnvironment
* Enable tsconfig.spec.json