1
0
mirror of https://github.com/bitwarden/browser.git synced 2024-11-30 13:03:53 +01:00
Commit Graph

173 Commits

Author SHA1 Message Date
Thomas Rittson
386903f5a9
[Key Connector] QA fixes for CLI and Desktop (#544)
* Make UserVerificationService compatible with CLI

* Refactor error handling

* Fix i18n key name

* Add apiUseKeyConnector flag to TokenResponse

* Always require keyConnectorUrl to be passed in

* Throw errors in userVerificationService

* Use requestOTP in UserVerificationService

* Remove unused deps

* Fix linting
2021-11-16 07:53:57 +10:00
Thomas Rittson
06c9df97ad
Update Safari importer to be Safari and macOS importer (#550)
* Rename Safari importer to Safari and macOS

* Order featured import options alphabetically
2021-11-15 19:49:19 +10:00
Thomas Rittson
e02e663ce1
[Linked Fields] Fix QA feedback (#542)
* Fix bug overwriting custom field types

* Add linkedId to export model for CLI
2021-11-12 05:59:01 +10:00
Kyle Spearrin
b99103d3f7
validate path for directory traversal (#540)
* validate path for directory traversal

* use previously constructed requestUrl
2021-11-10 15:13:13 -05:00
Kyle Spearrin
1b4a5508bd Revert "clean api url paths from directory traversal (#539)"
This reverts commit ea29f580a5.
2021-11-10 13:37:31 -05:00
Kyle Spearrin
ea29f580a5
clean api url paths from directory traversal (#539) 2021-11-09 15:37:58 -05:00
Kyle Spearrin
c4fb4a35ab
don't allow @ character in uriString prefixing (#538) 2021-11-09 11:16:40 -05:00
Oscar Hinton
8f177e2d3a
Add support for requesting and using otp for verifying some requests (#527)
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
2021-11-09 17:01:22 +01:00
Thomas Rittson
dbda39e10f
Add Linked Field as custom field type (#431)
* Basic proof of concept of Linked custom fields

* Linked Fields for all cipher types, use dropdown

* Move linkedFieldOptions to view models

* Move add-edit custom fields to own component

* Fix change handling if cipherType changes

* Use Field.LinkedId to store linked field info

* Refactor accessors in cipherView for type safety

* Use map for linkedFieldOptions

* Refactor: use decorators to record linkable info

* Add ItemView

* Use enums for linked field ids

* Add union type for linkedId enums, add jsdoc comment

* Use parameter properties for linkedFieldOption

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>

* Fix type casting

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
2021-11-03 08:03:37 +10:00
Matt Gibson
e90cc40f68
Allow managers to create collections (#530) 2021-10-27 13:06:27 -05:00
pan93412
257de6517c
feat: add an importer for Safari (CSV) (#512)
* feat(importers/safariCsvImporter): add the importer for Safari (CSV)

* Revert changes to package-lock.json

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
2021-10-26 17:00:03 +10:00
Oscar Hinton
71f8ef601f
Add support for crypto agent (#520) 2021-10-25 18:21:40 +02:00
Matt Gibson
815b436f7c
Fix Typo. Collection create has full view access (#523) 2021-10-20 10:31:25 -05:00
Oscar Hinton
f09fb69882
Remove empty catch blocks, and update tslint rule (#513) 2021-10-19 10:32:14 +02:00
Oscar Hinton
14a60773cc
Add logic for fetching organization policies if the user has access through a provider (#519) 2021-10-14 09:33:46 +02:00
Oscar Hinton
e3ab324d59
Fix OrganizationSsoResponse not behaving correctly in production (#515) 2021-10-12 13:57:08 +02:00
Oscar Hinton
764dc40b36
Change policyAppliesToUser to behave differently for MaximumVaultTimeout (#514) 2021-10-11 18:35:06 +02:00
Oscar Hinton
bfa9a1e1bc
Remove Business Portal, add SSO configuration models (#506) 2021-10-06 19:36:20 +02:00
Matt Gibson
562e1fe459
Feature/split manage collections permission (#504)
* Split manage collections permissions

* Convert camel to pascal case for element id -> name
2021-10-01 07:50:30 -05:00
Thomas Rittson
ce71c0c0bd
Add theme enums and platformUtilsService helper (#497)
* Use enum for themes, add getEffectiveTheme

* Update electron and cli to use theme refactor
2021-09-30 06:37:36 +10:00
Oscar Hinton
206ef610d0
Bump signalr to 5.0.10 (#502) 2021-09-28 15:47:19 +02:00
Vincent Salucci
16e998e664
[Reset Password v1] Refactor ForcePasswordReset into AuthResult (#481) 2021-09-17 10:53:50 -05:00
Matt Gibson
5cec31f871
Organization autoscaling (#487)
* Seat autoscaling api changes

* Update all organization subscription
aspects with one api call

* Remove disable autoscale option

* Remove autoscale request references

* Remove autoscale update
2021-09-17 10:20:48 -05:00
Oscar Hinton
83548a6753
Remove deprecated index.ts (#490)
* Remove deprecated index.ts

* Update tests
2021-09-17 14:57:31 +02:00
Dane Powell
da6fde4b15
Add constants for biometrics auto-prompt option (#483)
* Add constants for biometrics auto-prompt option

* rename constant

Co-authored-by: Michael Cho <mcho@tutanota.com>
2021-09-16 21:00:13 +02:00
Vincent Salucci
da132217da
[SSO Auto Enroll] Auto Enroll status retrieval (#486)
* [SSO Auto Enroll] Auto Enroll status retrieval

* Fixed import order

* Updated object property
2021-09-15 12:54:44 -05:00
Oscar Hinton
ee1ea922a9
Disable Private Vault Export Policy (#482) 2021-09-14 16:32:06 +02:00
Oscar Hinton
32774561f3
Add MaximumVaultTimeout policy type (#480) 2021-09-09 17:05:40 +02:00
Thomas Rittson
5f64d95652
Fixes and cleanup for policyAppliesToUser (#476)
* Fix canManagePolicies logic to include providers

* Move new logic to isOwner (same as server)

* Refactor policyAppliesToUser

* Use const instead of var

* Fix linting
2021-09-09 07:34:27 +10:00
Oscar Hinton
bbe8d3df48
Revert "Vault Timeout Policy (#474)" (#479)
This reverts commit bba2812fdd.
2021-09-08 23:06:42 +02:00
Oscar Hinton
bba2812fdd
Vault Timeout Policy (#474) 2021-09-08 22:02:19 +02:00
Joseph Flinn
5784a6d4fc
Adding a PayPalConfig environment type (#478)
* Adding a PayPalConfig environment type for the web vault

* Adding missing semicolon
2021-09-08 12:34:23 -07:00
Vincent Salucci
ef743ea8ca
[SSO] Set password auto enroll update (#472)
* [SSO/Auto Enroll] Set Password enrolls new user

* Fixed typo

* Linter updates

* Cleanup // Constructor for SetPasswordRequest
2021-09-03 14:49:03 -05:00
Thomas Rittson
6c9485596c
Add event type for ResetSsoLink (#475) 2021-09-03 09:59:22 -04:00
Thomas Rittson
30419a625f
Move policy checks within policyService (#466)
* Move policy logic within policyService

* Remove unneeded import

* Clean up unused code

* Fix linting

* Enforce policies from accepting org invite

* Only exempt owner or admin from policies

* Use canManagePolicies as exemption criteria

* Make orgUser status check more semantic

Co-authored-by: Addison Beck <abeck@bitwarden.com>

Co-authored-by: Addison Beck <abeck@bitwarden.com>
2021-08-31 06:52:57 +10:00
Oscar Hinton
daa4f6f9a6
Dynamic Modals (#417)
* Move backdrop and click handler to modal service since they should not be used in web

* Add support for opening modals using ViewContainerRef
2021-08-26 10:04:29 +02:00
Thomas Rittson
358260596b
Add null check to electronStorageService.Save (#461)
* Add default value for ForcePasswordReset

* Add null check to electronStorageService instead

* Add default value to ForcePasswordReset

* Update electron/src/services/electronStorage.service.ts

* Fix indention issue from GH suggestion

Co-authored-by: Oscar Hinton <oscar@oscarhinton.com>
2021-08-20 16:01:50 +02:00
Oscar Hinton
f1f5d1a7f2
Revert WebAuthn iFrame handler (#462) 2021-08-20 14:46:02 +02:00
Daniel James Smith
309ea8ca9d
Add missing locale entry for AZ language (#459) 2021-08-19 22:43:28 +02:00
Matt Gibson
1f0127966e
Generalize token refreshing to include reauth by api key (#456) 2021-08-13 08:28:03 -05:00
Matt Gibson
0180d0cce5
Provide information to set webauthn allow in html template (#455) 2021-08-12 15:12:31 -05:00
Matt Gibson
c5f236c2e4
Use apikey client secret as captcha validation (#454)
* Use apikey client secret as captcha validation

* Linter fixes
2021-08-12 15:11:26 -05:00
Thomas Rittson
c694591e4c
Use UrlB64 encoding for auth-email header (#450) 2021-08-11 06:33:15 +10:00
Vincent Salucci
c2e434e333
[Reset Password v1] Update Temp Password (#446)
* [Reset Password v1] Update Temp Password

* Updating router to protected for child classes to access
2021-08-10 08:02:53 -04:00
Matt Gibson
027747246c
Add event type for provider accessing client vault (#448) 2021-08-05 07:50:56 -05:00
Matt Gibson
65c998dd0d
Iterate over enum values (#445) 2021-07-30 13:57:42 -05:00
Matt Gibson
fdf0eb989b
Provide owner with Provider client org create requst (#444) 2021-07-30 08:11:12 -05:00
Matt Gibson
db2e2f1977
Correct ProviderOrgCreate return type (#442) 2021-07-29 07:43:38 -05:00
Matt Gibson
ecdd08624f
Feature/cli fail login on captcha request (#439)
* Fail CLI login if captcha is required by the server.

* Linter fixes
2021-07-23 14:27:48 -05:00
Oscar Hinton
e1ce721364
[Provider] Refresh identity token on full sync (#437) 2021-07-23 20:05:34 +02:00
Oscar Hinton
de288913e4
Add helper methods to EnvironmentService for retrieving urls (#435) 2021-07-23 20:03:52 +02:00
Matt Gibson
e9d9cd0182
Feature/use hcaptcha on register if bot (#434)
* Parse captcha required from error messages

CaptchaProtectedAttribute produces an error with captcha information.
We want to parse that data out to make it easily accessible to components

* Don't show error on catpcha

The component should hande this situation.

* Add captchaResponse to captcha protected api endpoints

* Extract captcha logic to abstract base class

* Add captcha to register

* linter fixes

* Make sure to log Captcha required responses

* Match file naming convention

* Separate import into logical groups by folder

* PR review
2021-07-22 12:28:45 -05:00
Matt Gibson
ea0c8267d4
Rename captcha bypass token (#433) 2021-07-21 13:35:15 -05:00
Oscar Hinton
8bf0f75d9e
[Provider] ProviderOrganization events (#432) 2021-07-21 19:40:52 +02:00
Matt Gibson
1006f50ef3
Feature/use hcaptcha if bot (#430)
* Handle hcaptch required identity response

* Refactor iframe component for captcha and webauthn

* Send captcha token to server

* Add captcha callback

* Clear captcha state

* Remove captcha storage

* linter fixes

* Rename iframe components to include IFrame

* Remove callback in favor of extenting submit

* Limit publickey credentials access

* Use captcha bypass token to bypass captcha for twofactor auth flows

* Linter fixes

* Set iframe version in components
2021-07-21 07:55:26 -05:00
Thomas Rittson
00acbce556
Add models to update send.key with account key (#418) 2021-07-19 07:33:19 +10:00
Oscar Hinton
9f0ca7e4d2
[Provider] Add initial support for providers (#399) 2021-07-15 15:07:38 +02:00
Oscar Hinton
75fff66f98
Move regexpEmojiPresentation to Utils class (#426) 2021-07-08 16:40:10 +02:00
Thomas Rittson
119699b82c
Fix fingerprint phrases in bulk confirm modal (#425) 2021-07-07 20:08:52 +10:00
Oscar Hinton
d10d40697c
Set reprompt to None if null (#422) 2021-07-02 20:53:14 +02:00
Thomas Rittson
9ee31ad2fb
Improve URL parsing (#411)
* Check hostname is valid in getDomain

* fix linting

* Update noop implementation

* Fix tests

* Fix tests
2021-06-23 06:00:14 +10:00
Matt Gibson
18bf616e2e
Correct typo (#416) 2021-06-22 07:10:47 -05:00
Matt Gibson
78ae9383fb
Persist API key creds for token refresh. (#414)
* Persist API key creds for token refresh.

* Linter fixes
2021-06-21 17:48:06 -05:00
Matt Gibson
5e24a70a87
Vault should be locked if key is not in memory (#413)
Key is loaded on startup if auto key exists.
2021-06-21 17:47:44 -05:00
Matt Gibson
1f83c3c1ba
Fix separate key storage for non desktop (#409)
* Handle non-desktop, non-split key storage

* Reset vaultTimeoutService on clear.

Fixes issues where unlock was required after login

* Specify electron as desktop client

* Use ElelectronCryptoService to handle desktop-specific tasks

* Linter fixes
2021-06-15 09:55:57 -05:00
Thomas Rittson
d63ee1858d
Add backwards compatability for new local hashing method (#407)
* Add backwards compatability for existing keyHash

* Minor changes for review comments
2021-06-15 07:35:58 +10:00
Matt Gibson
d2ca46b6f5
Add get key from storage for ensuring biometric browser integration (#408) 2021-06-14 14:03:13 -05:00
Thomas Rittson
8797924bd1
Use 2 iterations for local password hashing (#404)
* Use 2 iterations for local password hashing

* fix typo
2021-06-10 07:24:31 +10:00
Matt Gibson
5ba1416679
Authenticate with secure storage service (#402)
* Split secure key into use case

Allows us to push authentication for key access as late as possible.

* Do not reload if biometric locked

* Linter fixes

* Fix key upgrade scenario

* Fix boolean value message parsing

* Handle systems which don't support biometrics

* Do not fail key retrieval on secret upgrade

* Ensure old key is removed regardless of upgrade success

* Log errors
2021-06-09 15:53:54 -05:00
Oscar Hinton
d7682cde3b
Move nodeCryptoFunction to jslib-node (#405)
* Move nodeCryptoFunction to jslib-node

* Fix imports

* Fix tests import
2021-06-09 16:59:45 +02:00
Matt Gibson
ea90aea013
Use encrypted filename filename in Cipher attachment upload blob name (#403)
* Use EncString type to enforce encryption on filename in Cipher attachment upload

* Fix Cipher attachment test
2021-06-08 14:02:08 -05:00
Thomas Rittson
2e16aef6a2
Add Send-Id header for access requests (#400)
* Add Send-Id header to postSendAccess request

* Add Send Id header to file access requests

* fix linting
2021-06-08 11:50:35 +10:00
Oscar Hinton
1016bbfb9e
Split jslib into multiple modules (#363)
* Split jslib into multiple modules
2021-06-03 18:58:57 +02:00