* PM-115 Added new cipher key and encryption/decryption mechanisms on cipher
* PM-115 fix format
* PM-115 removed ForceKeyRotation from new cipher encryption model given that another approach will be taken
* [PM-1690] Added minimum server version restriction to cipher key encryption (#2463)
* PM-1690 added minimum server version restriction to cipher key encryption and also change the force key rotation flag
* PM-1690 Updated min server version for new cipher encryption key and fixed configService registration
* PM-1690 removed forcekeyrotation
* PM-115 Temporarily Changed cipher key new encryption config to help testing (this change should be reseted eventually)
* PM-2456 Fix attachment encryption on new cipher item encryption model (#2556)
* PM-2531 Fix new cipher encryption on adding attachments on ciphers with no item level key (#2559)
* PM-115 Changed temporarily cipher key encryption min server version to 2023.6.0 to test
* PM-115 Reseted cipher key encryption minimum server version to 2023.5.0 and disable new cipher key on local cipher creation
* Added Key value to the cipher export model (#2628)
* Update Constants.cs
Updated minimum encryption server version to 2023.9.0 so QA can test its behavior
* PM-115 Fix file format
* PM-115 Changed new encryption off and minimum new encryption server version to 2023.8.0 for testing purposes
* PM-115 Changed CIpher key encryption minimum server version to 2023.9.0
* PM-3737 Remove suffix on client version sent to server (#2779)
* PM-115 QA testing server min version and enable new cipher key encryption
* PM-115 Disable new cipher encryption creation and change minimum server encryption version to 2023.9.1
---------
Co-authored-by: aj-rosado <109146700+aj-rosado@users.noreply.github.com>
* PM-3811 Unified passkeys view and moved both inside Login as an array of FIdo2Key
* PM-3811 Passkeys unification => updated cipher details view an helpers
* PM-3811 Updated passkeys creation date time format
* [PM-3393] Log user out on biometric exceed attempts
* [PM-3393] Move duplicated code to AppHelpers
* [PM-3393] Update copy on new pop up
* [PM-3393] Moved VaultTimeoutService to LazyResolve.
* [PM-3382] Change IVaultTimeoutService for messaging
* [PM-3393] Use default values.
* [PM-3606] Fix 2FA for autofill
* [PM-3606] Fix autofill when user doesn't have a login method available.
* [PM-3606] PR fixes
* [PM-3606] Add logout logic to other extension projects
* [PM-3606] Move code to base class.
* Transform into property instead of field
Co-authored-by: Federico Maccaroni <fedemkr@gmail.com>
* Remove double ";"
Co-authored-by: Federico Maccaroni <fedemkr@gmail.com>
* [PM-3606] Fix iOS extension by changing base class of LockPasswordViewController
---------
Co-authored-by: Federico Maccaroni <fedemkr@gmail.com>
* PM-3071 Removed share on save toggle on Send view and now it's done automatically, same for copy after saving from the Share extension
* PM-3071 Fix alignments on Share extension send view
* [PM-1208] Add Device approval options screen. View model waiting for additional logic to be added.
* [PM-1208] Add device related api endpoint. Add AccoundDecryptOptions model and property to user Account.
* [PM-1208] Add continue button and not you option
* [PM-1379] add DeviceTrustCryptoService with establish trust logic (#2535)
* [PM-1379] add DeviceCryptoService with establish trust logic
* PM-1379 update api location and other minor refactors
* pm-1379 fix encoding
* update trusted device keys api call to Put
* [PM-1379] rename DeviceCryptoService to DeviceTrustCryptoService
- refactors to prevent side effects
* [PM-1379] rearrange methods in DeviceTrustCryptoService
* [PM-1379] rearrange methods in abstraction
* [PM-1379] deconstruct tuples
* [PM-1379] remove extra tasks
* [PM-2583] Answer auth request with mp field as null if doesn't have it. (#2609)
* [PM-2287][PM-2289][PM-2293] Approval Options (#2608)
* [PM-2293] Add AuthRequestType to PasswordlessLoginPage.
* [PM-2293] Add Actions to ApproveWithDevicePage
* [PM-2293] Change screen text based on AuthRequestType
* [PM-2293] Refactor AuthRequestType enum. Add label. Remove unnecessary actions.
* [PM-2293] Change boolean variable expression.
* [PM-2293] Trust device after admin request login.
* code format
* [PM-2287] Add trust device to master password unlock. Change trust device method. Remove email from SSO login page.
* [PM-2293] Fix state variable get set.
* [PM-2287][PM-2289][PM-2293] Rename method
* [PM-1201] Change timeout actions available based on hasMasterPassword (#2610)
* [PM-1201] Change timeout actions available based on hasMasterPassword
* [PM-2731] add user key and master key types
* [PM-2713] add new state for new keys and obsolete old ones
- UserKey
- MasterKey
- UserKeyMasterKey (enc UserKey from User Table)
* [PM-271] add UserKey and MasterKey support to crypto service
* [PM-2713] rename key hash to password hash & begin add methods to crypto service
* [PM-2713] continue organizing crypto service
* [PM-2713] more updates to crypto service
* [PM-2713] add new pin methods to state service
* [PM-2713] fix signature of GetUserKeyPin
* [PM-2713] add make user key method to crypto service
* [PM-2713] refresh pin key when setting user key
* [PM-2713] use new MakeMasterKey method
* [PM-2713] add toggle method to crypto service for keys
* [PM-2713] converting calls to new crypto service api
* [PM-2713] add migration for pin on lock screens
* [PM-2713] more conversions to new crypto service api
* [PM-2713] convert cipher service and others to crypto service api
* [PM-2713] More conversions to crypto api
* [PM-2713] use new crypto service api in auth service
* [PM-2713] remove unused cached values in crypto service
* [PM-2713] set decrypt and set user key in login helper
* fix bad merge
* Update crypto service api call to fix build
* [PM-1208] Fix app resource file
* [PM-1208] Fix merge
* [PM-1208] Fix merge
* [PM-2713] optimize async code in crypto service
* [PM-2713] rename password hash to master key hash
* [PM-2713] fix casting issues and pin
* [PM-2713] remove extra comment
* [PM-2713] remove broken casting
* [PM-2297] Login with trusted device (Flow 2) (#2623)
* [PM-2297] Add DecryptUserKeyWithDeviceKey method
* [PM-2297] Add methods to DeviceTrustCryptoService update decryption options model
* [PM-2297] Update account decryption options model
* [PM-2297] Fix TrustedDeviceOption and DeviceResponse model. Change StateService device key get set to have default user id
* [PM-2297] Update navigation to decryption options
* [PM-2297] Add missing action navigations to iOS extensions
* [PM-2297] Fix trust device bug/typo
* [PM-2297] Fix model bug
* [PM-2297] Fix state var crash
* [PM-2297] Add trust device login logic to auth service
* [PM-2297] Refactor auth service key connector code
* [PM-2297] Remove reconciledOptions for deviceKey in state service
* [PM-2297] Remove unnecessary user id params
* [PM-2289] [PM-2293] TDE Login with device Admin Request (#2642)
* [PM-2713] deconstruct new key pair
* [PM-2713] rename PrivateKey methods to UserPrivateKey on crypto service
* [PM-2713] rename PinLockEnum to PinLockType
* [PM-2713] don't pass user key as param when encrypting
* [PM-2713] rename toggle method, don't reset enc user key
* [PM-2713] pr feedback
* [PM-2713] PR feedback
* [PM-2713] rename get pin lock type method
* [PM-2713] revert feedback for build
* [PM-2713] rename state methods
* [PM-2713] combine makeDataEncKey methods
* [PM-2713] consolidate attachment key creation
- also fix ios files missed during symbol rename
* [PM-2713] replace generic with inherited class
* rename account keys to be more descriptive
* [PM-2713] add auto unlock key to mobile
* [PM-1208] Add TDE flows for new users (#2655)
* [PM-1208] Create new user on SSO. Logout if not password is setup or has pending admin auth request.
* [PM-1208] Fix new user UserKey decryption.
* [PM-1208] Add new user continue to vault logic. Auto enrol user on continue.
* [PM-1208] Trust device only if needed
* [PM-1208] Add logic for New User SSO.
* [PM-1208] Add logic for New User SSO (missing file).
* [PM-2713] set user key on set password page
* [PM-2713] set enc user key during kc onboarding
* fix formatting
* [PM-2713] make method async again
- returning null from a task thats not async throws
* [PM-2713] clear service cache when adding new account
* Fix build after merge
* [PM-3313] Fix Android SSO Login (#2663)
* [PM-3313] Catch exception on AuthPendingRequest
* [PM-3313] Fix lock timeout action if user doesn't have a master password.
* code format
* [PM-3313] Null email in Approval Options screen (#2664)
* [PM-3313] Fix null email in approval options screen
* [PM-3320][PM-3321] Fix labels and UI tweaks (#2666)
* [PM-3320] Fix UI copy and remember me default ON.
* [PM-3321] Fix UI on Log in with device screen.
* [PM-3337] Fix admin request deny error (#2669)
* [PM-3342] Not you button logs user out. (#2672)
* [PM-3319] Check for admin request in Lock page (#2668)
* [PM-3319] Ignore admin auth request when choosing mp as decryption option.
* [PM-2289] Change header title based on auth request type (#2670)
* [PM-2289] Change header title based on auth request type
* [PM-3333] Check for purged admin auth requests (#2671)
* [PM-3333] Check for purged admin auth requests
Co-authored-by: Federico Maccaroni <fedemkr@gmail.com>
---------
Co-authored-by: Federico Maccaroni <fedemkr@gmail.com>
* [PM-3341] Vault Timeout Action not persisted correctly (#2673)
* [PM-3341] Fix timeout action change when navigating
* [PM-3357] Fix copy for Login Initiated (#2674)
* [PM-3362] Fix auth request approval (#2675)
* [PM-3362] Fix auth request approval
* [PM-3362] Add new exception type
* [PM-3102] Update Master password reprompt to be based on MP instead of Key Connector (#2653)
* PM-3102 Added check to see if a user has master password set replacing previous usage of key connector.
* PM-3102 Fix formatting
* [PM-2713] Final merge from Key Migration branch to TDE Feature branch (#2667)
* [PM-2713] add async to key connector service methods
* [PM-2713] rename ephemeral pin key
* add state for biometric key and accept UserKey instead of string for auto key
* Get UserKey from bio state on unlock
* PM-2713 Fix auto-migrating EncKeyEncrypted into MasterKey encrypted UserKey when requesting DecryptUserKeyWithMasterKeyAsync is called
* renaming bio key and fix build
* PM-3194 Fix biometrics button to be shown on upgrade when no UserKey is present yet
* revert removal of key connector service from auth service
* PM-2713 set user key when using KC
* clear enc user key after migration
* use is true for nullable bool
* PR feedback, refactor kc service
---------
Co-authored-by: Federico Maccaroni <fedemkr@gmail.com>
* Fix app fresh install user login with master password. (#2676)
* [PM-3303] Fix biometric login after key migration (#2679)
* [PM-3303] Add condition to biometric unlock
* [PM-3381] Fix TDE login 2FA flow (#2678)
* [PM-3381] Check for vault lock on 2FA screen
* [PM-3381] Move logic to ViewModel
* [PM-3381] Fix null vm error
* [PM-3379] Fix key rotation on trusted device. (#2680)
* [PM-3381] Update login flows (#2683)
* [PM-3381] Update login flows
* [PM-3381] Remove _authingWithSso parameter
* PM-3385 Fix MP reprompt item level when no MP hash is stored like logging in with TDE. Also refactor code to be more maintainable (#2687)
* PM-3386 Fix MP reprompt / OTP decision to be also based on the master key hash. (#2688)
* PM-3450 Fix has master password with mp key hash check (#2689)
* [PM-3394] Fix login with device for passwordless approvals (#2686)
* set activeUserId to null when logging in a new account
- Also stop the user key from being set in inactive accounts
* get token for login with device if approving device doesn't have master key
* add comment
* simplify logic
* check for route instead of using isAuthenticated
- we don't clear the user id when logging in new account
- this means we can't trust the state service, so we have to base our logic off the route in login with device
* use authenticated auth request for tde login with device
* [PM-3394] Add authingWithSso parameter to LoginPasswordlessRequestPage.
* pr feedback
* [PM-3394] Refactor condition
Co-authored-by: Federico Maccaroni <fedemkr@gmail.com>
---------
Co-authored-by: André Bispo <abispo@bitwarden.com>
Co-authored-by: Federico Maccaroni <fedemkr@gmail.com>
* [PM-3462] Handle force password reset on mobile with TDE (#2694)
* [PM-3462] Handle force password reset on mobile with TDE
* [PM-3462] update references to refactored crypto method
- fix kc bug, we were sending private key instead of user key to server
- rename kc service method to be correct
* [PM-3462] Update TwoFactorPage login logic
* [PM-3462] Added pending admin request check to TwoFactorPage
* [PM-3462] Added new exception types for null keys
---------
Co-authored-by: André Bispo <abispo@bitwarden.com>
* [PM-1029] Fix Async suffix in ApiService. Add UserKeyNullExceptions.
* [PM 3513] Fix passwordless 2fa login with device on mobile (#2700)
* [PM-3513] Fix 2FA for normal login with device with users without mp
* move _userKey
---------
Co-authored-by: André Bispo <abispo@bitwarden.com>
* clear encrypted pin on logout (#2699)
---------
Co-authored-by: André Bispo <abispo@bitwarden.com>
Co-authored-by: Jake Fink <jfink@bitwarden.com>
Co-authored-by: Federico Maccaroni <fedemkr@gmail.com>
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* PM-1575 Added new models for Fido2Key
* PM-1575 Added discoverable passkeys and WIP non-discoverable ones
* PM-1575 Fix format
* PM-1575 Added non-discoverable passkeys to login UI
* PM-1575 Added copy application icon to Fido2Key UI
* PM-1575 Updated bwi font with the updated passkey icon
* PM-1575 For now just display Available for two-step login on non-discoverable passkey inside of a cipher login
* PM-1575 Fix non-discoverable passkey visibility
* PM-1575 remove Passkeys as a filter in the vault list
* PM-1575 Display error toast if there is a duplicate passkey when moving a cipher to an org
* Revert "PM-1575 Display error toast if there is a duplicate passkey when moving a cipher to an org"
This reverts commit 78e6353602.
* [PM-2378] Display error toast on duplicate Passkey when moving cipher to an organization (#2594)
* PM-2378 Display error toast if there is a duplicate passkey when moving a cipher to an org
* PM-3097 Fix issue when moving cipher with passkey to an org where the uniqueness should be taken into consideration on different passkeys types and also the Username (#2632)
* PM-3096 Fix non-discoverable passkey to be taken into account when encrypting a cipher which was causing the passkey to be removed when moving to an org (#2637)
* PM-1402 Refactor pass generation service alongside policyservice
* PM-1402 Refactor PasswordGenerationService and PolicyService to have a simpler code and more specific to each class
* PM-1402 Fix format
* PM-1402 Moved policy consts from PolicyService to Policy
* PM-1402 fix crash due to lack of null checking
* PM-1402 fix format
* PM-1402 removed GetValueOrDefault() given that it was not needed and was changing the behavior
* PM-1748 Fix watchOS issue where the TOTP code wasn't being regenerated after always on display. Also, blurred totp code and timer value when entering in Always On Display
* Fixed PR labeler for WatchOS changes
* PM-1748 watchOS made username privacy sensitive for always on display
* Revert "Fixed PR labeler for WatchOS changes"
This reverts commit 3c55f38069.
---------
Co-authored-by: Álison Fernandes <vvolkgang@users.noreply.github.com>
* Change bio integrity validation to work at account-level
* biometric state migration
* fix account bio valid key storage location during migration
* comment clarification
* fix for iOS extensions not using custom avatar color
* [AC-1070] Add EnforceOnLogin property to MasterPasswordPolicyOptions
* [AC-1070] Add MasterPasswordPolicy property to Identity responses
* [AC-1070] Add policy service dependency to auth service
* [AC-1070] Introduce logic to evaluate master password after successful login
* [AC-1070] Add optional ForcePasswordResetReason to profile / state service
* [AC-1070] Save ForcePasswordResetReason to state when a weak master password is found during login
- Additionally, save the AdminForcePasswordReset reason if the identity result indicates an admin password reset is in effect.
* [AC-1070] Check for a saved ForcePasswordReset reason on TabsPage load force show the update password page
* [AC-1070] Make InitAsync virtual
Allow the UpdateTempPasswordPage to override the InitAsync method to check for a reset password reason in the state service
* [AC-1070] Modify UpdateTempPassword page appearance
- Load the force password reset reason from the state service
- Make warning text dynamic based on force password reason
- Conditionally show the Current master password field if updating a weak master password
* [AC-1070] Add update password method to Api service
* [AC-1070] Introduce logic to update both temp and regular passwords
- Check the Reason to use the appropriate request/endpoint when submitting.
- Verify the users current password locally using the user verification service.
* [AC-1070] Introduce VerifyMasterPasswordResponse
* [AC-1070] Add logic to evaluate master password on unlock
* [AC-1070] Add support 2FA login flow
Keep track of the reset password reason after a password login requires 2FA. During 2FA submission, check if there is a saved reason, and if so, force the user to update their password.
* [AC-1070] Formatting
* [AC-1070] Remove string key from service resolution
* [AC-1070] Change master password options to method variable to avoid class field
Add null check for password strength result and log an error as this is an unexpected flow
* [AC-1070] Remove usage of i18nService
* [AC-1070] Use AsyncCommand for SubmitCommand
* [AC-1070] Remove type from ShowToast call
* [AC-1070] Simplify UpdatePassword methods to accept string for the new encryption key
* [AC-1070] Use full text for key for the CurrentMasterPassword resource
* [AC-1070] Convert Reason to a private class field
* [AC-1070] Formatting changes
* [AC-1070] Simplify if statements in master password options policy service method
* [AC-1070] Use the saved force password reset reason after 2FA login
* [AC-1070] Use constant for ForceUpdatePassword message command
* [AC-1070] Move shared RequirePasswordChangeOnLogin method into PolicyService
* Revert "[AC-1070] Move shared RequirePasswordChangeOnLogin method into PolicyService"
This reverts commit e4feac130f.
* [AC-1070] Add check for null password strength response
* [AC-1070] Fix broken show password icon
* [AC-1070] Add show password icon for current master password
* [EC-1045] lock action if policy and show message
* [EC-1045] add text for policy message
* [EC-1045] add consts to policy service
* [EC-1045] missed a const
* [AC-1045] fix build
* [AC-1045] fix bug where UI wasn't updating after sync
* [AC-1045] change FirstOrDefault to First to avoid nulls
* [AC-1045] refactor get vault timeout functions
* [AC-1045] don't filter action options unecessarily
* [AC-1045] refactor build alert logic for readability
* [AC-1045] use policy to filter timeout options instead of current timeout
* [AC-1045] update timeout during sync instead of getter
- remove encrypted from state since it's not encrypted
- if policies return a timeout policy, check and update vault timeout
* [AC-1045] default to custom if we can't find vault timeout option
* [AC-1045] revert Encrypted Policies rename
* Enable firefox relay address on creation
Adding a body (json) to the request and setting enabled to true.
Additionally the description is set to "Generated by Bitwarden." to mimick the behaviour of the other clients
* Add missing encoding and mediaType
* Replace JObject with anonymous type
* PM-1576 Moved registration of AccountsManager to avoid race conditions with the app start. To do so, added ConditionedAwaiterManager so that it handles a task to be awaited or completed depending on the callers.
* PM-1576 Fix format
* PM-1576 Fix throw to preserve StackTrace
* [EC-1045] lock action if policy and show message
* [EC-1045] add text for policy message
* [EC-1045] add consts to policy service
* [EC-1045] missed a const
* [AC-1045] fix build
* Finally stop filling password into username field
The logic in #2331 is unfortunately not very reliable as it'll only detect fields that have one of "email", "phone" or "username" in their id as username fields.
This commit ensures that additonally fields that have TextVariationWebEmailAddress are also detected as username fields.
* Add TextVariationEmailAddress
* Remove
---------
Co-authored-by: aj-rosado <109146700+aj-rosado@users.noreply.github.com>
* EC-770 Started implementing MessagePack for the iPhone -> Watch communication
* EC-770 Removed Pods and installed MessagePack through SPM
* EC-770 Implemented MessagePack + Lzfse compression when syncing iPhone -> Watch
* EC-770 Added MessagePack as submodule and updated the build to checkout the submodule as well. Also added MessagePack files as reference in the watch project
* EC-770 Updated build
Updated build.yml to checkout submodules on iOS
* [EC-980] Added iOS otpauth handler (#2370)
* EC-980 added Bitwarden as otpauth scheme handler
* EC-980 Fix format
* [EC-981] OTP handling - Set to selected cipher (#2404)
* EC-981 Started adding OTP to existing cipher. Reused AutofillCiphersPage for the cipher selection and refactored it so that we have more code reuse
* EC-981 Fix navigation on otp handling
* EC-981 Fix formatting
* EC-981 Added otp cipher selection callout and add close toolbar item when needed
* PM-1131 implemented cipher creation from otp handling flow with otp key filled (#2407)
* PM-1133 Updated empty states for search and cipher selection on otp flow (#2408)
* Use encoded query parameters over path
* Prefer POST for requests with sensitive information
* Send private information in headers over query
* B64 encode email
* Update iOS Distribution cert and provision profiles
* Rename the provision profiles
* Update the App Store provision profile names in plist
* Update Watch provision profile
* Remove testing code in pipeline
* Remove more test code
* EC-1002 BEEEP Added ability to change language in app
* EC-1002 fix format
* EC-1002 Renamed IPreferencesStorageService to ISynchronousStorageService
* EC-1002 Moved get/set Locale to the StateService and added the StorageMediatorService to a new way to interact with the storage. Later the StateService will only interact with this mediator instead of directly with the storage services, with this we have more control inside the mediator and we can have both sync and async methods to interact with storages handled by the mediator
* [PS-1809] Updating the account premium state when syncing the vault
* [PS-1809] Added validation to check if HasPremiumPersonally needs to be updated
* PS-1809 Renamed SetPremiumAsync to SetPersonalPremiumAsync
* [SG-516] Added DuckDuckGo provider
* [SG-516] Add Fastmail as generator provider
* [SG-516] code clean up
* [SG-516] Default to service empty if first time on screen. Order services by alphabetic order.
* [SG-516] Removed unnecessary prop.
* [PS-2278] Fixed inverted eye bug.
* [SG-516] Add icon glyph converter
* [SG-516] Fixed enum default value and ordering
* [SG-912] Modify the mobile app to retrieve the user's avatar color (#2277)
* work: baseline
* fix: dont use profile for store
* fiix: use userid in key
* fix: lookup on AccountView list create
* fix my own bad advice + tweaks
* Autosync the updated translations (#2279)
* fix my own bad advice + tweaks
* fiix: use userid in key
* [PS-1352] Fix ignore diacritics in search (#2044)
* Fix ignore diacritics in search
This change updates the search function to ignore diacritical marks in search results. Marks are stripped from both the search input and results.
* Removed logs, added null or whitespace validation and improved formatting
* [PS-2145] add rainsee browser series support (#2272)
* fix: lookup on AccountView list create
* Autosync the updated translations (#2279)
* fix my own bad advice + tweaks
* fix: single state grab is cool
* EC-469 Improve ApiException message to have the validation errors and message provided by the ErrorResponse
* EC-469 Updated default message format for ErrorResponse GetFullMessage()
* Fix ignore diacritics in search
This change updates the search function to ignore diacritical marks in search results. Marks are stripped from both the search input and results.
* Removed logs, added null or whitespace validation and improved formatting
Co-authored-by: aj-rosado <109146700+aj-rosado@users.noreply.github.com>
Co-authored-by: Andre Rosado <arosado@bitwarden.com>