* PM1378 - (1) Create state service methods for securely storing a device symmetric key while following existing pattern of DuckDuckGoKey generation (2) Create makeDeviceKey method on crypto service which leverages the new state service methods for storing the device key.
* PM-1378 - Document CSPRNG types w/ comments explaining what they are and when they should be used.
* PM-1378 - TODO to add tests for makeDeviceKey method
* PM-1378 - Create Devices API service for creating and updating device encrypted master keys + move models according to latest code standards ( I think)
* PM-1378 - TODO clean up - DeviceResponse properly moved next to device api service abstraction per ADR 0013
* PM-1378 - CryptoService makeDeviceKey test written
* PM-1378 - Tweak crypto service makeDeviceKey test to leverage a describe for the function to better group related code.
* PM-1378 - Move known devices call out of API service and into new devices-api.service and update all references. All clients building.
* PM-1378 - Comment clean up
* PM-1378 - Refactor out master key naming as that is a reserved specific key generated from the MP key derivation process + use same property on request object as back end.
* PM-1378 - Missed a use of master key
* PM-1378 - More abstraction updates to remove master key.
* PM-1378 - Convert crypto service makeDeviceKey into getDeviceKey method to consolidate service logic based on PR feedback
* PM-1378- Updating makeDeviceKey --> getDeviceKey tests to match updated code
* PM-1378 - Current work on updating establish trusted device logic in light of new encryption mechanisms (introduction of a device asymmetric key pair in order to allow for key rotation while maintaining trusted devices)
* PM-1378 - (1) CryptoService.TrustDevice() naming refactors (2) Lots of test additions and tweaks for trustDevice()
* PM-1378 - Updated TrustedDeviceKeysRequest names to be consistent across the client side board.
* PM-1378 - Move trusted device crypto service methods out of crypto service into new DeviceCryptoService for better single responsibility design
* PM-1378 - (1) Add getDeviceByIdentifier endpoint to devices api as will need it later (2) Update TrustedDeviceKeysRequest and DeviceResponse models to match latest server side generic encrypted key names
* PM-1378 - PR feedback fix - use JSDOC comments and move from abstraction to implementation
* PM-1378 - Per PR feedback, makeDeviceKey should be private - updated tests with workaround.
* PM-1378- Per PR feedback, refactored deviceKey to use partialKey dict so we can associate userId with specific device keys.
* PM-1378 - Replace deviceId with deviceIdentifier per PR feedback
* PM-1378 - Remove unnecessary createTrustedDeviceKey methods
* PM-1378 - Update device crypto service to leverage updateTrustedDeviceKeys + update tests
* PM-1378 - Update trustDevice logic - (1) Use getEncKey to get user symmetric key as it's the correct method and (2) Attempt to retrieve the userSymKey earlier on and short circuit if it is not found.
* PM-1378 - Replace deviceId with deviceIdentifier because they are not the same thing
* PM-1378 - Per PR feedback, (1) on web/browser extension, store device key in local storage under account.keys existing structure (2) on desktop, store deviceKey in secure storage. (3) Exempt account.keys.deviceKey from being cleared on account reset
* PM-1378 - Desktop testing revealed that I forgot to add userId existence and options reconciliation checks back
* PM-1378 - Per discussion with Jake, create DeviceKey custom type which is really just an opaque<SymmetricCryptoKey> so we can more easily differentiate between key types.
* PM-1378 - Update symmetric-crypto-key.ts opaque DeviceKey to properly setup Opaque type.
* PM-1378 - Fix wrong return type for getDeviceKey on DeviceCryptoServiceAbstraction per PR feedback
* [PM-169][PM-142][PM-191] Add Environments to Web and Desktop (#5294)
* [PM-1351] Add property to server-config.response. Change config to be able to fetch without being authed.
* [PM-1351] fetch every hour.
* [PM-1351] fetch on vault sync.
* [PM-1351] browser desktop fetch configs on sync complete.
* [PM-1351] Add methods to retrieve feature flags
* [PM-1351] Add enum to use as key to get values feature flag values
* [PM-1351] Remove debug code
* [PM-1351] Get flags when unauthed. Add enums as params. Hourly always fetch.
* [PM-1351] add check for authed user using auth service
* [PM-169] Web: add drop down to select environment
* [PM-169] Fix pop up menu margins. Add DisplayEuEnvironmentFlag.
* [PM-169] Change menu name.
* [PM-169] Add environment selector ts and html. Add declaration and import on login.module
* [PM-169] Add environment selector to desktop.
* [PM-169] Ignore lint error.
* [PM-169] add takeUntil to subscribes
* [PM-191] PR Fixes, code format
* [PM-168] Add Environments to extension login/registration (#5434)
Angular 15 introduced a breaking change that calls setDisabledState() whenever a CVA is added. This was re-enabling all the internal form group rows (even those that should have remained disabled).
* Remove reference cycle between ThemingService and the global window object
* Deregister messageListeners on a safari popup to avoid mem leaks
* Use pagehide event instead of unload
* [PM-2054] Updated Password Generator History to use Component Library
* [PM-2054] Corrected paddings
* [PM-2054] Added missing type to buttons
* [PM-2054] Removed unused imports and run prettier
* [PM-2054] Swap list by bit-table
* PM-1196- First draft of solution for solving SSO login with email 2FA not working; this is a working solution but we need to leverage it to build a better solution with a different server generated token vs a OTP.
* PM-1196 - Swap from OTP to SSO Email 2FA session token. Working now, but going to revisit whether or not email should come down from the server. Need to clean up the commented out items if we decide email stays encrypted in the session token.
* PM-1196 - Email needs to come down from server after SSO in order to flow through to the 2FA comp and be sent to the server
* PM-1196 - For email 2FA, if the email is no longer available due to the auth service 2 min expiration clearing the auth state, then we need to show a message explaining that (same message as when a OTP is submitted after expiration) vs actually sending the request without an email and getting a validation error from the server
* PM-1196 - (1) Make optional properties optional (2) Update tests to pass (3) Add new test for Email 2FA having additional auth result information
* PM-1196 - Remove unnecessary optional chaining operator b/c I go my wires crossed on how it works and the login strategy is not going to be null or undefined...
This PR introduces a generic `DialogService` which can be used by all the clients. This allows us to decouple dialogs from the `PlatformUtilsHelper`.
The `DialogService` provides a new method, `openSimpleDialog` which is the new interface for that type of dialogs.
This gives us 3 different implementations:
- Web: DialogService modern dialogs
- Browser: SweetAlert
- Desktop: Native electron based
* Add disableFavicon$ to stateService
* Change IconComponent's ChangeDetectionStrategy and use disableFavicon$ observable
* Only get first result from disableFavicon observable
* Move disabledFavicon$ to SettingsService
* Update usage of disableFavicon to use SettingsService
* Remove getting and setting of disabledFavicon on login
* Settings service observable adjustments
* Fix for popup initially having a null value for the disableFavicon setting in settingsService
* Move disabledFavicon$ subscription to ngOnInit
* feat: experiment with observables
* Remove SettingsService from browser app component
* Fix storybook changes
* Update apps/web/src/app/vault/components/vault-items/vault-items.stories.ts
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* Fix mock function signature
---------
Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* [PM-1351] Add property to server-config.response. Change config to be able to fetch without being authed.
* [PM-1351] fetch every hour.
* [PM-1351] fetch on vault sync.
* [PM-1351] browser desktop fetch configs on sync complete.
* [PM-1351] Add methods to retrieve feature flags
* [PM-1351] Add enum to use as key to get values feature flag values
* [PM-1351] Remove debug code
* [PM-1351] Get flags when unauthed. Add enums as params. Hourly always fetch.
* [PM-1351] add check for authed user using auth service
* [PM-1351] remove unnecessary timer on account unlock
* [PM-687] refactor observable in base accept component
* [PM-687] add emergency access invitation to global state
* [PM-687] save invite to state and check on login
* [PM-687] move emergency access check above queryParams observable
* [AC-1340] Calling Cipher DeleteAdmin endpoints when user has canEditAnyCollection permission
* [AC-1340] Fixed CLI and Desktop builds
* [AC-1340] Changed CipherService delete methods parameter 'orgAdmin' to 'asAdmin' and to nullable
* [AC-1340] Changed variable names from 'orgAdmin' to 'asAdmin'
* [AC-1340] Reverted change on DeleteCommand
* Create and register new libs/exporter
Create package.json
Create tsconfig
Create jest.config
Extend shared and root tsconfig and jest.configs
Register with eslint
* Migrate exportService to libs/exporter
Move exportService (abstraction and impl) into libs/exporter
Refactored exportService to be split into vault-export and event-export
Created barrel-files for both exports
Moved export.service.spec.ts into vault-export
Created an export-helper, which helps build the filename (extract method refactor from ExportService)
* Move components in libs/angular into tools-subfolder
Moved components
Updated imports in jslib-services.module and jslib.module
* Register libs/exporter with browser and fix imports
Move export.component into tools-subfolder
* Register libs/exporter with cli and fix imports
Move export.command into tools-subfolder
* Register libs/exporter with desktop and fix imports
Move export.component into tools-subfolder
* Move export models to libs/exporter
* Update web imports
* Update package-lock.json
* Move export models back as it would create circular dependency
Reponse models in common rely on export models which are in libs/exporter, which relies on common
* Fix up web for event-export
* Update CODEOWNERS
* Add export-models to team-tools-dev
* Simplify domain import
* Moving EventExport into web
* [EC-1070] Introduce flag for enforcing master password policy on login
* [EC-1070] Update master password policy form
Add the ability to toggle enforceOnLogin flag in web
* [EC-1070] Add API method to retrieve all policies for the current user
* [EC-1070] Refactor forcePasswordReset in state service to support more options
- Use an options class to provide a reason and optional organization id
- Use the OnDiskMemory storage location so the option persists between the same auth session
* [AC-1070] Retrieve single master password policy from identity token response
Additionally, store the policy in the login strategy for future use
* [EC-1070] Introduce master password evaluation in the password login strategy
- If a master password policy is returned from the identity result, evaluate the password.
- If the password does not meet the requirements, save the forcePasswordReset options
- Add support for 2FA by storing the results of the password evaluation on the login strategy instance
- Add unit tests to password login strategy
* [AC-1070] Modify admin password reset component to support update master password on login
- Modify the warning message to depend on the reason
- Use the forcePasswordResetOptions in the update temp password component
* [EC-1070] Require current master password when updating weak mp on login
- Inject user verification service to verify the user
- Conditionally show the current master password field only when updating a weak mp. Admin reset does not require the current master password.
* [EC-1070] Implement password policy check during vault unlock
Checking the master password during unlock is the only applicable place to enforce the master password policy check for SSO users.
* [EC-1070] CLI - Add ability to load MP policies on login
Inject policyApi and organization services into the login command
* [EC-1070] CLI - Refactor update temp password logic to support updating weak passwords
- Introduce new shared method for collecting a valid and confirmed master password from the CLI and generating a new encryption key
- Add separate methods for updating temp passwords and weak passwords.
- Utilize those methods during login flow if not using an API key
* [EC-1070] Add route guard to force password reset when required
* [AC-1070] Use master password policy from verify password response in lock component
* [EC-1070] Update labels in update password component
* [AC-1070] Fix policy service tests
* [AC-1070] CLI - Force sync before any password reset flow
Move up the call to sync the vault before attempting to collect a new master password. Ensures the master password policies are available.
* [AC-1070] Remove unused getAllPolicies method from policy api service
* [AC-1070] Fix missing enforceOnLogin copy in policy service
* [AC-1070] Include current master password on desktop/browser update password page templates
* [AC-1070] Check for forced password reset on account switch in Desktop
* [AC-1070] Rename WeakMasterPasswordOnLogin to WeakMasterPassword
* [AC-1070] Update AuthServiceInitOptions
* [AC-1070] Add None force reset password reason
* [AC-1070] Remove redundant ForcePasswordResetOptions class and replace with ForcePasswordResetReason enum
* [AC-1070] Rename ForceResetPasswordReason file
* [AC-1070] Simplify conditional
* [AC-1070] Refactor logic that saves password reset flag
* [AC-1070] Remove redundant constructors
* [AC-1070] Remove unnecessary state service call
* [AC-1070] Update master password policy component
- Use typed reactive form
- Use CL form components
- Remove bootstrap
- Update error component to support min/max
- Use Utils.minimumPasswordLength value for min value form validation
* [AC-1070] Cleanup leftover html comment
* [AC-1070] Remove overridden default values from MasterPasswordPolicyResponse
* [AC-1070] Hide current master password input in browser for admin password reset
* [AC-1070] Remove clientside user verification
* [AC-1070] Update temp password web component to use CL
- Use CL for form inputs in the Web component template
- Remove most of the bootstrap classes in the Web component template
- Use userVerificationService to build the password request
- Remove redundant current master password null check
* [AC-1070] Replace repeated user inputs email parsing helpers
- Update passwordStrength() method to accept an optional email argument that will be parsed into separate user inputs for use with zxcvbn
- Remove all other repeated getUserInput helper methods that parsed user emails and use the new passwordStrength signature
* [AC-1070] Fix broken login command after forcePasswordReset enum refactor
* [AC-1070] Reduce side effects in base login strategy
- Remove masterPasswordPolicy property from base login.strategy.ts
- Include an IdentityResponse in base startLogin() in addition to AuthResult
- Use the new IdentityResponse to parse the master password policy info only in the PasswordLoginStrategy
* [AC-1070] Cleanup password login strategy tests
* [AC-1070] Remove unused field
* [AC-1070] Strongly type postAccountVerifyPassword API service method
- Remove redundant verify master password response
- Use MasterPasswordPolicyResponse instead
* [AC-1070] Use ForceResetPassword.None during account switch check
* [AC-1070] Fix check for forcePasswordReset reason after addition of None
* [AC-1070] Redirect a user home if on the update temp password page without a reason
* [AC-1070] Use bit-select and bit-option
* [AC-1070] Reduce explicit form control definitions for readability
* [AC-1070] Import SelectModule in Shared web module
* [AC-1070] Add check for missing 'at' symbol
* [AC-1070] Remove redundant unpacking and null coalescing
* [AC-1070] Update passwordStrength signature and add jsdocs
* [AC-1070] Remove variable abbreviation
* [AC-1070] Restore Id attributes on form inputs
* [AC-1070] Clarify input value min/max error messages
* [AC-1070] Add input min/max value example to storybook
* [AC-1070] Add missing spinner to update temp password form
* [AC-1070] Add missing ids to form elements
* [AC-1070] Remove duplicate force sync and update comment
* [AC-1070] Switch backticks to quotation marks
---------
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* Move URI matching logic into uriView
* Fix url parsing: always assign default protocol, otherwise no protocol with port is parsed incorrectly
* Codescene: refactor domain matching logic
* Fix encrypted export using fixed PBKDF2 iterations
* Replace hardcoded KdfType in importer
* Clean up kdf handling in password-protected export
* Extract BitwardenPasswordProtectedFileFormat
* Rename bitwarden-json-types
* Move StateService import to fix linting issue
* Make linter happy
* Use abstraction instead of implementation
---------
Co-authored-by: Daniel James Smith <djsmith@web.de>
* Split out api methods into sendApiService
* Move SendService and abstraction
* Libs updates
* Web updates
* CLI updates
* Desktop updates
* libs send service fixes
* browser factory additions
* Browser updates
* Fix service injection for CLI SendReceiveCommand
* Deprecate directly calling send state service methods
* SendService observables updates
* Update components to use new observables
* Modify CLI to use state service instead of observables
* Remove unnecessary await on get()
* Move delete() to InternalSendService
* SendService unit tests
* Split fileUploadService by send and cipher
* send and cipher service factory updates
* Add file upload methods to get around circular dependency issues
* Move api methods from sendService to sendApiService
* Update cipherService to use fileApi methods
* libs service injection and component changes
* browser service injection and component changes
* Desktop component changes
* Web component changes
* cipher service test fix
* Fix file capitalization
* CLI service import and command updates
* Remove extra abstract fileUploadService
* WIP: Condense callbacks for file upload
Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
* Send callbacks for file upload
* Fix circular service dependencies
* Fix response return on upload
* Fix function definitions
* Service injection fixes and bug fixes
* Fix folder casing
* Service injection cleanup
* Remove deleted file from capital letters whitelist
* Create new SendApiService for popup
* Move cipherFileUploadService to vault
* Move SendFileUploadService methods into SendApiService
* Rename methods to remove 'WithServer'
* Properly subscribe to sendViews
* Fix Send serialization
* Implement fromJSON on sendFile and sendText
* [PM-1347] Fix send key serialization (#4989)
* Properly serialize key on send fromJSON
* Remove call that nulled out decrypted sends
* Fix null checks in fromJSON methods for models
* lint fixes
---------
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
* Added optional chaining to folder view object to handle when the foilder value is null
* Set folder to null during cleanup and added check on the view component to check if the folder is nul before rendering the html
* [PM-108] Fingerprint is calculated based on pubKey
* [PM-108] Change userId to userEmail. Remove fingerprint from AuthResponse
* [PM-130][PM-107] Remove fingerprint from request and clients UI
* [EC-1086] fix: faulty orgId override
When single vault policy was in effect the orgId that the user belongs to was was always set for new ciphers for new ciphers. This was overwriting the client organization's id when a provider was trying to create new items in their clients vault.
* [AC-1086] chore: remove uneccessary assignments