* add user asymmetric key api service
* Add user asymmetric key regen service
* add feature flag
* Add LoginSuccessHandlerService
* add loginSuccessHandlerService to BaseLoginViaWebAuthnComponent
* Only run loginSuccessHandlerService if webAuthn is used for vault decryption.
* Updates for TS strict
* bump SDK version
* swap to combineLatest
* Update abstractions
Intercepts browser back button press on the login screen to properly
transition back to email entry portion instead of unexpected navigation.
Resolves PM-15987
This PR fixes a bug in the LockComponent refresh that affected the setup/save and use passkey flows. The user was wrongly directly to the /vault after unlock instead of to /fido2 (the passkey screen).
Feature Flag: ExtensionRefresh ON
Consolidates existing SSO components into a single unified component in
libs/auth, matching the new design system. This implementation:
- Creates a new shared SsoComponent with extracted business logic
- Adds feature flag support for unauth-ui-refresh
- Updates page styling including new icons and typography
- Preserves web client claimed domain logic
- Maintains backwards compatibility with legacy views
PM-8114
---------
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
* Use typescript-strict-plugin to iteratively turn on strict
* Add strict testing to pipeline
Can be executed locally through either `npm run test:types` for full type checking including spec files, or `npx tsc-strict` for only tsconfig.json included files.
* turn on strict for scripts directory
* Use plugin for all tsconfigs in monorepo
vscode is capable of executing tsc with plugins, but uses the most relevant tsconfig to do so. If the plugin is not a part of that config, it is skipped and developers get no feedback of strict compile time issues. These updates remedy that at the cost of slightly more complex removal of the plugin when the time comes.
* remove plugin from configs that extend one that already has it
* Update workspace settings to honor strict plugin
* Apply strict-plugin to native message test runner
* Update vscode workspace to use root tsc version
* `./node_modules/.bin/update-strict-comments` 🤖
This is a one-time operation. All future files should adhere to strict type checking.
* Add fixme to `ts-strict-ignore` comments
* `update-strict-comments` 🤖
repeated for new merge files
Add timeout state management for two-factor authentication flows in web, desktop,
and browser extension clients. Includes:
- New timeout screen component with 5-minute session limit
- Updated UI elements and styling
- Comprehensive test coverage
Refs: PM-13659
This PR ensures that, on the Chrome browser extension, biometrics gets auto-prompted when the user selects "Ask for biometrics on launch" by resetting the `isInitialLockScreen` to `true` on active account change.
Feature flag: `ExtensionRefresh` ON.
* PM-15115 - Captcha being deprecated so remove from new UI refreshed login component + start putting deprecated comments on some things.
* PM-15115 - Add Jira ticket to TODOs per best practice
* Stub out dialog
* Genericize LoginApprovalComponent
* update ipc mocks
* Remove changes to account component
* Remove changes to account component
* Remove debug
* Remove test component
* Remove added translations
* Fix failing test
* Run lint and prettier
* Rename LoginApprovalServiceAbstraction to LoginApprovalComponentServiceAbstraction
* Add back missing "isVisible" check before calling loginRequest
* Rename classes to contain "Component" in the name
* Add missing space between "login attempt" and fingerprint phrase
* Require email
Creates a refreshed and consolidated `LoginDecryptionOptionsComponent` for use on all visual clients, which will be used when the `UnauthenticatedExtensionUIRefresh` feature flag is on.
Creates a refreshed and consolidated LoginViaAuthRequestComponent for use on all visual clients, which will be used when the UnauthenticatedExtensionUIRefresh feature flag is on.
* Add server settings model and service.
* Inject ServerSettingsService into the login-secondary-content component.
* Fix merge conflict
* Add server settings to old views
* Remove server settings from desktop/mobile
* Cleanup unused code
* Remove changes to default config
* Conditionally show/hide HR element
* Add tests
* PM-5237 - Move ServerSettingsService to jslib-services.module so it is the same across all clients and to solve NullInjectorErrors on desktop & browser extension
* Remove change to v1 components
* Rename ServerSettingsService to DefaultServerSettingsService
* Remove unnecessary map call
* Remove server interface in favor of using ServerSettings class
* Add back HR element
---------
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
* Move key rotation to km ownership
* Fix build
* Move userkey rotation data provider abstraction to km ownership
* Move userkey rotation data provider abstraction to km ownership
* Fix linting
* Fix CODEOWNERS for key-management web
* Remove incorrect export
* Fix import error
* PM-8111 - LoginComponent Refactor - I broke the browser SSO flow - fixing it as clientId doesn't persist unless it is in state qParam.
* PM-8111 - Fix DefaultLoginComponentService tests
* PM-12613 - AcceptProviderComp - Add support for new registration with email verification flow.
* PM-12613 - AcceptProviderComp - Reduce required params for finish registration to minimum
* PM-12613 - RegistrationFinish - Add passthrough logic for provider invite token
* PM-12613 - Update DefaultRegistrationFinishService finishRegistration tests to assert that all web only inputs are undefined on the outgoing request model
* PM-12613 - DefaultRegistrationFinishService - finishRegistration - Add missed mapping of optional properties into buildRegisterRequest
* PM-12613 - WebRegistrationFinishService - Add tests for additional token flows.
* setup new LoginComponent files in libs/auth
* update pageTitle
* handle loading email settings
* setup web-login.service.ts
* implement web onInit
* fill out webOnInit
* refactor getOrgPolicies call
* update import
* add validateEmail logic
* handle registerRoute
* add showPasswordless flag
* handle captcha
* handle startAuthRequestLogin()
* add handleMigrateEncryptionKey to default and web service
* handle submit routing (web)
* fix typo
* incorporate loginEmailService changes
* minor updates to comments for clarity
* create a defaultOnInit()
* update defaultOnInit()
* handle master password input focus
* handle post-login routing on Browser/Desktop
* handle browser/desktop syncService
* handle browser ngOnInit
* handle browser routing and basic browser template
* setup desktop router
* add template for desktop first UI state: email entry
* rename 'response' to 'authResult'
* refactor handleMigrateEncryptionKey()
* refactor captcha methods and add return types
* refactor submit logic
* refactor submit logic further to use if statements with returns instead of if...else if...else
* remove toast error on invalid form for Browser/Desktop
* refactor to handleAuthResult() method
* refactor webOnInit
* add comment to revisit ngOnInit logic
* refactor handlCaptchaRequired()
* create a LoginSecondaryContentComponent for AnonLayout use
* minor formatting for consistency
* add clarifying comment to handleAuthResult()
* minor refactor to use destructuring
* setup desktopOnInit()
* add continue() method
* handle desktop ngOnDestroy()
* add clarifying comment regarding secondary content
* fill out desktop template and submit()
* add descriptive comment to top of HTML file
* refactor to use a uiState enum for UI states
* handle oss-routing swap
* handle registerRoute$ in secondary content
* web template modifications
* change email validation to only run on submit (or when clicking continue button)
* add dynamic anon-layout wrapper data
* remove static element ref
* desktop HTML template updates
* remove 'showPassword' property b/c now handled by bitPasswordInputToggle
* Extension: setup EmailEntry state UI
* Extension: setup MasterPasswordEntry state UI
* ensure full sync happens on all clients before navigation
* update icon stroke color
* change old components to V1
* remove 'V2' from new component
* update captcha iframe on all clients
* add browser redirect from /home to /login with FF on
* add todo comment regarding browser template
* add launchSsoBrowser to extension template
* move extension launchSsoBrowserWindow() to extension service
* cleanup & comments
* add launchSsoBrowserWindow() to default service
* setup launchSsoBrowserWindow() for Desktop
* refactor to use toastService
* remove unnecessary service injection
* rename LoginService to LoginComponentService to avoid confusion with the LoginStrategyService
* add jsdocs to LoginComponentService
* rename loginService prop to loginComponentService
* Add vault icon to anon layout.
* Prevent email address validation on blur.
* Fix comment typo.
* Prefill email field when "create account" is clicked.
* Use factory function to provide LoginEmailService.
* Add test for RegisterFormComponent.
* Remove back button todo.
* Consolidate clearing loginEmailService values and routing
* Remove unnecessary navigation.
* Fix client navigation after login.
* Consolidate login templates.
* Break up LoginComponent into client-specific services.
* Rename login.component to login-v1.component
* Rename login.component to login-v1.component
* Revert "Rename login.component to login-v1.component"
This reverts commit 9a277d6ca5.
* Revert "Rename login.component to login-v1.component"
This reverts commit 588a7af906.
* Rename login.component to login-v1.component except browser.
* Comment out debug code.
* Remove debug code.
* Rename login.component to login-v1.component for browser.
* Add login-with-passkey route to desktop.
* Set feature flag to false.
* Fix linting errors.
* Populate email on registration start form.
* Implement email population on all clients add add safeProviders.
* Remove comment re. passing email to registration.
* Add unauthUiRefreshRedirect utility function.
* Add transparent border.
* Merge main and add satisfies RouteDataProperties
* PM-8111 - Extension - AppRoutingModule - Home route now redirects conditionally based on unauthenticated ui refresh feature flag.
* PM-8111 - New Login Comp + Login Comp Svc - (1) Refactor naming and returns of getShowPasswordlessFlag to isLoginViaAuthRequestSupported (2) Replace showPasswordless with better composed variable names.
* PM-8111 - TODO cleanup
* PM-8111 - (1) Cleanup DefaultLoginComponentService (2) Sso Connector now checks client id property instead of reading it from state
* PM-8111 - Two TODO cleanups
* Remove specific client services.
* Add isLoginWithPasskeySupported function to reduce client type checking in template.
* Add styles missing from Browser to Create Account link.
* Confirmed inline form errors working and removing todo comments.
* Convert refactoring todo-rr-bw to standard todos.
* Add login component services tests.
* Cleanup formatting and remove unused provider.
* Add comment to explain call to setLoginEmail.
* Rearrange imports to fix lint error.
* Adjust styles for password hint link.
* Address PR feedback: use strict comparison.
* Ensure Login with Passkey button is shown by setting clientType.
* Update "continue" button from "submit" to "button" type.
* Ensure Passkey login available for web and desktop.
* Validate email on enter keypress.
* Use click event to trigger goToHint.
* Restructure handAuthResult to ensure we redirect to vault.
* Add await to saveEmailSettings function.
* Directly set clientType in individual login component services.
* Get clientType via service.
* Add back button.
* Remove hardcoded colors from Vault Icon
* Removing register component changes.
* Removing register component changes.
* Ensure isLoginWithPasskeySupported is only returns true for web client.
* Remove Web/Desktop comment from html template
* Update Storybook with initialLoginEmail
* Fix translation error
* Add test for unauthUiRefreshRedirect.
* Rename goAfterLogIn to evaluatePassword and borrow logic from lock component.
* Add DefaultLoginComponent tests.
* Integrate changes to translations.
* Simplify ngOnInit: remove webOnInit and move getLoginWithDevice to defaultOnInit
I couldn't find any usages of qParams.org or qParams.sponsorshipToken on QA (signing up for family membership, creating organization, manually modifying query params), so I think these are safe to remove.
* Fix translations.
* Clean up and flush out register form tests.
* Update variable name.
* Remove unused enforcedPasswordPolicyOptions property.
* Run prettier.
* Add back safeProviders for LoginEmailService
* Remove duplicate import.
* Update v1 web login title.
* Adjust overlay position of EnvironmentSelectorComponent for new layout.
Since the switcher is located at the bottom of the screen we need to position it up above the trigger button so that it is not cut off.
* Add new wave icon
* Only send email in query parameters if set.
* Remove test/debug code.
* Replace loggedEmail with this.emailFormControl.value.
* Move getLoginWithDevice call to loadEmailSettings.
* Replace loggedEmail with this.emailFormControl.value.
* Add todo comment re. inline errors.
* Remove unused setPreviousUrl function.
* Remove height / width from vault icon svg.
* Use continue method unanimously
* WIP remove validated email& display extension back button
* Simplify getting query params
* Rework ExtensionAnonLayoutWrapperDataService to use BehaviorSubject
* Simplify validateEmail method
* Hide back button on init
* Revert "Hide back button on init"
This reverts commit e8de5e2bfc.
* Revert "Simplify validateEmail method"
This reverts commit c9141a1cb5.
* Revert "Rework ExtensionAnonLayoutWrapperDataService to use BehaviorSubject"
This reverts commit 8889ed3d3c.
* simplify validateEmail method
* Add primary / accent colors to wave icon
* Remove debug code
* PM-8111 - Tweak ShowBackButton to work
* PM-8111 - LoginCompService - finish removal of setPreviousUrl from implementations.
* PM-8111 - (1) Remove overriden default logo in anon layout (2) Update routing modules to have proper default login logo (3) LoginComp - update toggleLoginUiState to include logic to swap the icon back and forth as user navigates.
* PM-8111 - LoginComp - on UI state change from MP entry to email entry, remove subtitle (this isn't supported yet, but it will be)
* PM-8111 - LoginComp - Simplify toggleLoginUiState
* PM-8111 - LoginComponent - Add known device logic into UI state change handler
* PM-8111 - LoginComp - (1) Refactor name of getLoginWithDevice to be more accurate as getKnownDevice (2) Refactor calls to getKnownDevice to only occur if loginViaAuthRequestSupported
* PM-8111 - LoginComp - add getKnownDevice docs
* PM-8111 - LoginComponent - tweak docs
* PM-8111 - LoginComp - Continue() - remove toast as the validation on submit logic currently shows validation errors - toast is extra and not needed.
* Add isLoginViaAuthRequestSupported for DesktopLoginComponentService
* Remove validating email on init
* PM-8111 - ExtensionLoginComponentService - add tests for showBackButton
* PM-8111 - style tweaks
* PM-8111 - Extension - Refactor Overlay position to include extension default const to avoid repetition.
* PM-8111 - Desktop AppRouting Module - remove login with passkey route as it isn't supported on desktop.
* PM-8111 - Desktop - add default overlay position const
* PM-8111 - DesktopLoginCompSvc - tests were not actually testing super method calls + finish testing launchSsoBrowserWindow
* PM-8111 - Desktop Main.ts - remove dev test code
* PM-8111 - WebLoginCompSvcTests - add success test cases for getOrgPolicies
* PM-8111 - Remove duplicate translation keys
* PM-8111 - DefaultLoginComponentSvcTests - add missing test
* PM-8111 - DefaultLoginComponentServiceTests - add describes
* PM-8111 - LoginSecondaryContentComponent - Add missing bitLink
* Update to test both browser and desktop
* Remove registration form test
* Remove aliasing CryptoFunctionService and PlatformUtilsService as abstractions
* Remove aliasing PlatformUtilsService and CryptoFunctionService as abstractions
---------
Co-authored-by: Alec Rippberger <alec@livefront.com>
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
Co-authored-by: Alec Rippberger <127791530+alec-livefront@users.noreply.github.com>
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
* PM-8112 - Update classes of existing registration icons
* PM-8112 - Add new icons
* PM-8112 - Export icons from libs/auth
* PM-8112 - RegistrationStart - Add new user icon as page icon
* PM-8112 - Replace RegistrationCheckEmailIcon with new icon so it displays properly
* PM-8112 - RegistrationFinish - Add new icon across clients
* PM-8112 - Registration start comp - update page icon and page title on state change to match figma
* PM-8112 - RegistrationFinish - adding most of framework for changing page title & subtitle when an org invite is in state.
* PM-8112 - Add joinOrganizationName to all clients translations
* PM-8112 - RegistrationFinish - Remove default page title & subtitle and let onInit logic figure out what to set based on flows.
* PM-8112 - RegistrationStart - Fix setAnonLayoutWrapperData calls
* PM-8112 - RegistrationFinish - simplify qParams init logic to make handling loading and page title and subtitle setting easier.
* PM-8112 - Registration Link expired - move icon to page icon out of main content
* PM-8112 - RegistrationFinish - Refactor init logic further into distinct flows.
* PM-8112 - Fix icons
* PM-8112 - Extension AppRoutingModule - move sign up start & finish routes under extension anon layout
* PM-8112 - Fix storybook
* PM-8112 - Clean up unused prop
* PM-8112 - RegistrationLockAltIcon tweaks
* PM-8112 - Update icons to have proper styling
* PM-8112 - RegistrationUserAddIcon - remove unnecessary svg class
* PM-8112 - Fix icons
* PM-13318 - AnonLayoutWrapperData refactor to support all possible string scenarios (untranslated string, translated string, and translated string with placeholders)
* PM-13318 - Fix accidental check in
* PM-13318 - Revert the correct change.
* PM-13318 - Fix test failures
* Add "back" functionality for Desktop.
* Return user to email field when logo is clicked in Web.
* Update function name.
* Move hideLogo to anchor wrapper.
* Use "/" route for logo back link.
* PM-9449 - Init stub of new lock comp
* PM-9449 - (1) Add new lock screen title to all clients (2) Add to temp web routing module config
* PM-9449 - LockV2Comp - Building now with web HTML
* PM-9449 - Libs/Auth LockComp - bring in all desktop ts code; WIP, need to stand up LockCompService to facilitate ipc communication.
* PM-9449 - Create LockComponentService for facilitating client logic; potentially will decompose later.
* PM-9449 - Add extension lock comp service.
* PM-9449 - Libs/auth LockComp - bring in browser extension logic
* PM-9449 - Libs/auth LockComp html start
* PM-9449 - Libs/Auth LockComp - (1) Remove unused dep (2) Update setEmailAsPageSubtitle to work.
* PM-9449 - Add getBiometricsError to lock comp service for extension.
* PM-9449 - LockComp - (1) Save off client type as public comp var (2) Rename biometricLock as biometricLockSet
* PM-9449 - Work on lock comp service getAvailableUnlockOptions
* PM-9449 - WIP libs/auth LockComp
* PM-9449 - (1) Remove default lock comp svc (2) Add web lock comp svc.
* PM-9449 - UnlockOptions - replace incorrect type
* PM-9449 - DesktopLockComponentService -get most of observable based getAvailableUnlockOptions$ logic in place.
* PM-9449 - LockCompSvc - getAvailableUnlockOptions in place for all clients.
* PM-9449 - Add getBiometricsUnlockBtnText to LockCompSvc and put TODO for wiring it up later
* PM-9449 - Lock Comp - Replace all manual bools with unlock options.
* PM-9449 - Desktop Lock Comp Svc - adjust spacing
* PM-9449 - LockCompSvc - remove biometricsEnabled method
* PM-9449 - LockComp - Clean up commented out code
* PM-9449 - LockComp - webVaultHostname --> envHostName
* PM-9449 - Fix lock comp svc deps
* PM-9449 - LockComp - HTML progress
* PM-9449 - LockComp cleanup
* PM-9449 - Web Routing Module - wire up lock vs lockv2 using extension swap
* PM-9449 - Wire up loading state
* PM-9449 - LockComp - start wiring up listenForActiveUnlockOptionChanges logic with reactivity
* PM-9449 - Update desktop & extension lock comp service to use new biometrics service vs platform utils for biometrics information.
* PM-9449 - LockV2 - Swap platform util usage with toast svc
* PM-9449 - LockV2Comp - Bring over user id logic from PM-8933
* PM-9449 - LockV2Comp - Adjust everything to use activeAccount.id.
* PM-9449 - LockV2Comp - Progress on wiring up unlock option reactive stream.
* PM-9449 - LockComp ts - some refactoring and minor progress.
* PM-9449 - LockComp HTML - refactoring based on new idea to keep unlock options as separate as possible.
* PM-9449 - Add PIN translation to web
* PM-9449 - (1) Lock HTML refactor to make as independent verticals as possible (2) Refactor Lock ts (3) LockSvc - replace type with enum.
* PM-9449 - LockV2Comp - remove hardcoded await.
* PM-9449 - LockComp HTML - add todo
* PM-9449 - Web - Routing module - cleanup commented out stuff
* PM-9449 - LockV2Comp - Wire up biometrics + mild refactor.
* PM-9449 - Desktop - Wire up lockV2 redirection
* PM-9449 - LockV2 - Desktop - don't focus until unlock opts defined.
* PM-9449 - Fix accidental check in
* PM-9449 - LockV2 - loading state depends on unlock opts
* PM-9449 - LockV2 comp - remove unnecessary hr
* PM-9449 - Migrate "yourVaultIsLockedV2" translation to desktop & browser.
* PM-9449 - LockV2 - Layout tweaks for biometrics
* PM-9449 - LockV2 - Biometric btn text
* PM-9449 - LockV2 - Wire up biometrics loading / disable state + remove unnecessary conditions around biometricsUnlockBtnText
* PM-9449 - DesktopLockSvc - Per discussion with Bernd, remove interval polling and just check once for biometric support and availability.
* PM-9449 - AuthGuard - Add todo to remove promptBiometric
* PM-9449 - LockV2 - Refactor primary and desktop init logic + misc clean up
* PM-9449 - LockV2 - Reorder init methods
* PM-9449 - LockV2 - Per discussion with Product, deprecate windows biometric settings update warning
* PM-9449 - Add TODO per discussion with Justin and remove TODO
* PM-9449 - LockV2 - Restore hide password on desktop window hidden functionality.
* PM-9449 - Clean up accomplished todo
* PM-9449 - LockV2 - Refactor func name.
* PM-9449 - LockV2 Comp - (1) TODO cleanup (2) Add browser logic to handleBiometricsUnlockEnabled
* PM-9449 - LockCompSvc changes - (1) Observability for isFido2Session (2) Adjust errors and returns per discussion with Justin
* PM-9449 - Per product, no longer need to support special fido2 case on extension.
* PM-9449 - LockCompSvc - add getPreviousUrl support
* PM-9449 - LockV2 - Continued ts cleanup
* PM-9449 - LockV2Comp - clean up unused props
* PM-9449 - LockV2Comp - Rename response to masterPasswordVerificationResponse
* PM-9449 - LockV2 - Remove unused formPromise prop
* PM-9449 - Add missing translations + update desktop to showReadonlyHostName
* PM-9449 - LockV2 - cleanup TODO
* PM-9449 - LockV2 - more cleanup
* PM-9449 - Desktop Routing Module - only allow LockV2 access if extension refresh flag is enabled.
* PM-9449 - Extension - AppRoutingModule - Add extension redirect + new lockV2 route.
* PM-9449 - Extension - AppRoutingModule - Add lockV2 to the ExtensionAnonLayoutWrapperComponent intead of the regular one.
* PM-9449 - Extension - CurrentAccountComp - add null checks as anon layout components don't have a state today. This prevents the account switcher from working on the new lockV2 comp.
* PM-9449 - Extension AppRoutingModule - LockV2 should use ExtensionAnonLayoutWrapperData
* PM-9449 - LockComp - BiometricUnlock - cancelling is a valid action.
* PM-9449 - LockV2 - Biometric autoprompt cleanup
* PM-9449 - LockV2 - (1) Add TODO for KM team (2) Fix submit logic.
* PM-9449 - Tweak TODO to add task #
* PM-9449 - Test WebLockComponentService
* PM-9449 - ExtensionLockComponentService tested
* PM-9449 - Tweak extension lock comp svc test
* PM-9449 - DesktopLockComponentService tested
* PM-9449 - Add task # to TODO
* PM-9449 - Update apps/browser/src/services/extension-lock-component.service.ts per PR feedback
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* PM-9449 - Per PR feedback, replace from with defer for better reactive execution of promise based functions.
* PM-9449 - Per PR feedback replace enum with type.
* PM-9449 - Fix imports and tests due to key management file moves.
* PM-9449 - Another test file import fix
---------
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* Move Lock All To Happen in Background
- Make it done serially
- Have the promise only resolve once it's complete
* Unlock Active Account Last
* Add Tests
* Update Comment
* setup component, services, and web HTML
* make Web and Browser functional
* make desktop functional
* update template to solidify common client HTML
* simplify template and class
* update browser routing
* move canActivate to correct location
* simplify post submit routing
* update routing to use unauthUiRefreshSwap()
* constrain AnonLayout title/subtitle width, reduce height on destkop to account for header
* reduce height on browser to account for header (otherwise have to scroll to see EnvSelector
* resolve email issue when clicking 'cancel' on extension popout
* update routing for web
* persist email to popout
* update web router and anon-layout min-h based on client
* change anchor link to button
* remove unnecessary formatting changes
* add new icon
* remove unnecessary call to loginEmailService