* PM1378 - (1) Create state service methods for securely storing a device symmetric key while following existing pattern of DuckDuckGoKey generation (2) Create makeDeviceKey method on crypto service which leverages the new state service methods for storing the device key.
* PM-1378 - Document CSPRNG types w/ comments explaining what they are and when they should be used.
* PM-1378 - TODO to add tests for makeDeviceKey method
* PM-1378 - Create Devices API service for creating and updating device encrypted master keys + move models according to latest code standards ( I think)
* PM-1378 - TODO clean up - DeviceResponse properly moved next to device api service abstraction per ADR 0013
* PM-1378 - CryptoService makeDeviceKey test written
* PM-1378 - Tweak crypto service makeDeviceKey test to leverage a describe for the function to better group related code.
* PM-1378 - Move known devices call out of API service and into new devices-api.service and update all references. All clients building.
* PM-1378 - Comment clean up
* PM-1378 - Refactor out master key naming as that is a reserved specific key generated from the MP key derivation process + use same property on request object as back end.
* PM-1378 - Missed a use of master key
* PM-1378 - More abstraction updates to remove master key.
* PM-1378 - Convert crypto service makeDeviceKey into getDeviceKey method to consolidate service logic based on PR feedback
* PM-1378- Updating makeDeviceKey --> getDeviceKey tests to match updated code
* PM-1378 - Current work on updating establish trusted device logic in light of new encryption mechanisms (introduction of a device asymmetric key pair in order to allow for key rotation while maintaining trusted devices)
* PM-1378 - (1) CryptoService.TrustDevice() naming refactors (2) Lots of test additions and tweaks for trustDevice()
* PM-1378 - Updated TrustedDeviceKeysRequest names to be consistent across the client side board.
* PM-1378 - Move trusted device crypto service methods out of crypto service into new DeviceCryptoService for better single responsibility design
* PM-1378 - (1) Add getDeviceByIdentifier endpoint to devices api as will need it later (2) Update TrustedDeviceKeysRequest and DeviceResponse models to match latest server side generic encrypted key names
* PM-1378 - PR feedback fix - use JSDOC comments and move from abstraction to implementation
* PM-1378 - Per PR feedback, makeDeviceKey should be private - updated tests with workaround.
* PM-1378- Per PR feedback, refactored deviceKey to use partialKey dict so we can associate userId with specific device keys.
* PM-1378 - Replace deviceId with deviceIdentifier per PR feedback
* PM-1378 - Remove unnecessary createTrustedDeviceKey methods
* PM-1378 - Update device crypto service to leverage updateTrustedDeviceKeys + update tests
* PM-1378 - Update trustDevice logic - (1) Use getEncKey to get user symmetric key as it's the correct method and (2) Attempt to retrieve the userSymKey earlier on and short circuit if it is not found.
* PM-1378 - Replace deviceId with deviceIdentifier because they are not the same thing
* PM-1378 - Per PR feedback, (1) on web/browser extension, store device key in local storage under account.keys existing structure (2) on desktop, store deviceKey in secure storage. (3) Exempt account.keys.deviceKey from being cleared on account reset
* PM-1378 - Desktop testing revealed that I forgot to add userId existence and options reconciliation checks back
* PM-1378 - Per discussion with Jake, create DeviceKey custom type which is really just an opaque<SymmetricCryptoKey> so we can more easily differentiate between key types.
* PM-1378 - Update symmetric-crypto-key.ts opaque DeviceKey to properly setup Opaque type.
* PM-1378 - Fix wrong return type for getDeviceKey on DeviceCryptoServiceAbstraction per PR feedback
* [AC-561] Rename DeleteOrganizationComponent to DeleteOrganizationDialogComponent
* [AC-561] Refactor delete organization dialog to use dialog service
- Use new bit-dialog
- Use reactive form and bitSubmit directives
- Add injected dialog params
- Switch to observable pattern
- Use dialog result instead of success event emitter
- Add helper method to open dialog using dialog service
- Update usage in families-for-enterprise-setup.component.ts and account.component.ts
* [AC-561] Create a UserVerification module
Move the user verification components into their own module that can be imported in multiple modules without conflict and allow tree shaking.
* [AC-561] Move delete-organization-dialog into its own folder
* [AC-561] Create delete organization dialog module
* [AC-561] Cleanup delete org dialog import statements
* [AC-561] Remove unused property
* [AC-561] Use organization observable from organizationService
* [AC-561] Use organization object instead of pull out storing the name individually
* [AC-561] Make the delete organization dialog a standalone component
- Remove the delete organization dialog module
- Move the dialog component up a directory
- Remove references to the deleted module
* [AC-561] Fix DialogServiceAbstraction references after merge
* [AC-561] Cleanup dialog loading spinner and cancel button
* [AC-561] Fix broken barrel file after merge
* [PM-169][PM-142][PM-191] Add Environments to Web and Desktop (#5294)
* [PM-1351] Add property to server-config.response. Change config to be able to fetch without being authed.
* [PM-1351] fetch every hour.
* [PM-1351] fetch on vault sync.
* [PM-1351] browser desktop fetch configs on sync complete.
* [PM-1351] Add methods to retrieve feature flags
* [PM-1351] Add enum to use as key to get values feature flag values
* [PM-1351] Remove debug code
* [PM-1351] Get flags when unauthed. Add enums as params. Hourly always fetch.
* [PM-1351] add check for authed user using auth service
* [PM-169] Web: add drop down to select environment
* [PM-169] Fix pop up menu margins. Add DisplayEuEnvironmentFlag.
* [PM-169] Change menu name.
* [PM-169] Add environment selector ts and html. Add declaration and import on login.module
* [PM-169] Add environment selector to desktop.
* [PM-169] Ignore lint error.
* [PM-169] add takeUntil to subscribes
* [PM-191] PR Fixes, code format
* [PM-168] Add Environments to extension login/registration (#5434)
Angular 15 introduced a breaking change that calls setDisabledState() whenever a CVA is added. This was re-enabling all the internal form group rows (even those that should have remained disabled).
* Remove reference cycle between ThemingService and the global window object
* Deregister messageListeners on a safari popup to avoid mem leaks
* Use pagehide event instead of unload
* [PM-1796] The autofill keyboard shortcut does not prompt a user to unlock a locked extension within an incongito browsing session
* [PM-1796] Implementing fixes for how we handle focus redirection when logging a user in and attempting to autofill within the Firefox Workspaces addon
* [PM-1796] Removing the `openerTab` value from the createNewTab method within brwoserApi.ts
* [PM-1796] Removing async declaration from createNewTab
* [PM-1796] Removing unnecessary param from the call to openBitwardenExtrensionTab
* [AC-358] Add selfHostSubscriptionExpiration property to organization-subscription.response.ts
* [AC-358] Update selfHost org subscription template
- Replace "Subscription" with "SubscriptionExpiration"
- Add question mark help link
- Add helper text for grace period
- Add support for graceful fallback in case of missing grace period in subscription response
* Update libs/common/src/billing/models/response/organization-subscription.response.ts
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* [AC-358] Remove unnecessary hypen
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* [AC-358] Introduce SelfHostedOrganizationSubscription view
- Encapsulate expiration/grace period logic in the new view object.
- Remove API response getters from the angular component
- Replace the API response object with the new view
* [AC-358] Clarify name for new expiration without grace period field
* [AC-358] Update constructor parameter name
* [AC-358] Simplify new selfhost subscription view
- Make expiration date properties public
- Remove obsolete expiration date getters
- Update the component to use new properties
- Add helper to component for determining if the subscription should be rendered as expired (red text)
* [AC-358] Rename isExpired to isExpiredAndOutsideGracePeriod to be more explicit
---------
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* [PM-2054] Updated Password Generator History to use Component Library
* [PM-2054] Corrected paddings
* [PM-2054] Added missing type to buttons
* [PM-2054] Removed unused imports and run prettier
* [PM-2054] Swap list by bit-table
* [PM-1389] don't include background page while reloading windows
* [PM-1389] update sidebar action apis
* [PM-1389] simplify return from getSidebarAction
* [PM-1380] fix device type call after browser api change
* [AC-1145] Add TDE feature flag
* [AC-1145] Update sso-config to use new member decryption type and remove keyConnectorEnabled
* [AC-1145] Add new TDE option to SSO config form and update to CL radio buttons
* [AC-1145] Update checkboxes to CL checkboxes
* [AC-1145] Fix messages.json warning
* [AC-1145] Update to new form async actions
* [AC-1145] Modify key connector option display logic to check for TDE feature flag
* [AC-1145] Remove obsolete app-checkbox component
* [AC-1145] Update TDE option description to refer to master password reset policy
* Checking if the user has selected access tokens to revoke, if not error message
* change messaging
* SM-664: Refactor revoke function and make the bwi-minus-circle red
---------
Co-authored-by: Colton Hurst <colton@coltonhurst.com>
* [PM-1176] Hovering over the `Learn More about auto-fill` link in the browser extension does not change the cursor
* [PM-1176] Modifying how the anchor element is formatted by prettier
* [PM-1176] Adding translation methodology to the aria-label "opens in a new window" value
* updated low ksf iterations warning
* Removed test implementation
* Removed unused translation and updated key
* Enabled low kdf on this branch for testing
* Removed duplicate showKdf initialiazation
* [PM-1700] Put KDF warning behind a LaunchDarkly Feature Flag (#5308)
* Added feature flag for low kdf iteration
* Added feature flag implementation to component
* Renamed feature flag to align with what is setup on LaunchDarkly
* Add autofill values for german websites
* Added commonly used fieldnames for German websites
---------
Co-authored-by: Daniel James Smith <djsmith@web.de>
* replicate the recordActivity function everytime a successful login occurs
* rejig the exisiting recordActivity function to use state service for lastActive value
* revert change and just use onblur instead
* Update apps/browser/src/background/main.background.ts
* insted of bluring, pipe up unlocked message to update lastActive
* remove pingpong, use subscribe to update last active
* Update apps/browser/src/popup/app.component.ts
Co-authored-by: Matt Gibson <fungibl@gmail.com>
* add missing imports
---------
Co-authored-by: Matt Gibson <fungibl@gmail.com>
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
* Added button type to each button element related to the vault team
* Removed disable statement comment
* [PM-1399] Resolve eslint errors for button type - admin-console (#5275)
* Added button type to each button element related to the admin console team
* Added button type to each button element related to the billing team
* Removed disable statement comment
* [PM-1399] Resolve eslint errors for button type - tools (#5284)
* Added button type to each button element related to the tools team
* Added button type to each button element related to the tools team
* Added button type to each button element related to the auth team (#5295)
This PR introduces a generic `DialogService` which can be used by all the clients. This allows us to decouple dialogs from the `PlatformUtilsHelper`.
The `DialogService` provides a new method, `openSimpleDialog` which is the new interface for that type of dialogs.
This gives us 3 different implementations:
- Web: DialogService modern dialogs
- Browser: SweetAlert
- Desktop: Native electron based
* [PM-233] "No Items" graphic is overlapping on several screens
* [PM-233] Removing setting search input as readonly/disabled when "Send" functionality is disabled
Upgrade Electron to version 24, node to 18 and npm to 9. Electron changed to using node 18 in 23, with node 18 using npm 9 as default.
There doesn't seem to be any breaking changes except the deprecation of Windows 7, 8.1, and Server 2012. A somewhat undocumented breaking change was that elements in the title bar are now draggable which broke the account switching selector. Resolved by adding a no-drag css rule.
- electronjs.org/blog/electron-22-0
- electronjs.org/blog/electron-23-0
- electronjs.org/blog/electron-24-0
* Add disableFavicon$ to stateService
* Change IconComponent's ChangeDetectionStrategy and use disableFavicon$ observable
* Only get first result from disableFavicon observable
* Move disabledFavicon$ to SettingsService
* Update usage of disableFavicon to use SettingsService
* Remove getting and setting of disabledFavicon on login
* Settings service observable adjustments
* Fix for popup initially having a null value for the disableFavicon setting in settingsService
* Move disabledFavicon$ subscription to ngOnInit
* feat: experiment with observables
* Remove SettingsService from browser app component
* Fix storybook changes
* Update apps/web/src/app/vault/components/vault-items/vault-items.stories.ts
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Fix mock function signature
---------
Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* [PM-1351] Add property to server-config.response. Change config to be able to fetch without being authed.
* [PM-1351] fetch every hour.
* [PM-1351] fetch on vault sync.
* [PM-1351] browser desktop fetch configs on sync complete.
* [PM-1351] Add methods to retrieve feature flags
* [PM-1351] Add enum to use as key to get values feature flag values
* [PM-1351] Remove debug code
* [PM-1351] Get flags when unauthed. Add enums as params. Hourly always fetch.
* [PM-1351] add check for authed user using auth service
* [PM-1351] remove unnecessary timer on account unlock
* [PM-687] refactor observable in base accept component
* [PM-687] add emergency access invitation to global state
* [PM-687] save invite to state and check on login
* [PM-687] move emergency access check above queryParams observable
* Logic for calculating if we should apply height fix for safari
* Revert safari height fix for safari >= 16.1
* Deprecate static isBrowser funcions, using them directly is incorrect
* Changes based on feedback
* Update CSS to use & selector
---------
Co-authored-by: Hinton <hinton@users.noreply.github.com>
Locking all non-active accounts prior to active lead to process reload
issues.
Remove unnecessary routing
Prefer Record keys to deep Account object value
Await promises