Commit Graph

78 Commits

Author SHA1 Message Date
Jake Fink 052b3be2eb
[PM-7972] Account switching integration with "remember email" functionality (#9750)
* add account switching logic to login email service

* enforce boolean and fix desktop account switcher order
2024-07-03 09:53:40 -04:00
Addison Beck 71e8fdb73d
Add the ability for custom validation logic to be injected into `UserVerificationDialogComponent` (#8770)
* Introduce `verificationType`

* Update template to use `verificationType`

* Implement a path for `verificationType = 'custom'`

* Delete `clientSideOnlyVerification`

* Update `EnrollMasterPasswordResetComponent` to include a server-side hash check

* Better describe the custom scenerio through comments

* Add an example of the custom verficiation scenerio

* Move execution of verification function into try/catch

* Migrate existing uses of `clientSideOnlyVerification`

* Use generic type option instead of casting

* Change "given" to "determined" in a comment
2024-07-01 11:52:39 -04:00
Daniel James Smith a613d9c268
[PM-8397] Make vault timeout input standalone (#9366)
* Move vault-timeout-input to @bitwarden/auth/angular

Move vault-timeout-input.component.ts to @bitwarden/auth/angular/vault-timeout-input
Expose via barrel file
Fix imports on clients

* Add dependencies to package.json

Not necessary right now, but good practice for once we move to building each package independently

* Make VaultTimeoutInputComponent a standalone component

* Update selector to present team ownership

* Use new standalone on web

Move vault-timeout-input.component.html to @bitwarden/auth/angular/vault-timeout-input/
Delete old vault-timeout-input.component on web
Register new component on loose-components-module
Update used selector in preferences.component

* Remove unneeded export of VaultTimeoutInputComponent

---------

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2024-06-28 17:41:17 +02:00
rr-bw 31e5337ecf
change orgId input to masterPasswordPolicyOptions (#9833) 2024-06-26 10:06:50 -07:00
Jake Fink d7bf0fe536
[PM-8868] only deserialize org invite if not nullish (#9644)
* only deserialize org invite if not nullish

* add null check to OrganizationInvite init methods

* PR feedback
2024-06-25 15:00:27 -04:00
rr-bw 9ec01422df
[PM-5085] Add additional InputPasswordComponent story and docs (#9752)
* split stories: 1 default, 1 with policy

* add storybook docs
2024-06-25 09:04:49 -07:00
Jake Fink 1fdfd695e1
reference correct default kdf config (#9822)
* reference correct default kdf config

* update change kdf references
2024-06-25 08:57:59 -04:00
Jake Fink b306554675
[PM-6789] finish key rotation distribution and fix legacy user (#9498)
* finish key rotation distribution and fix legacy user

* add ticket to TODO

* PR feedback: docs and renaming

* fix webauthn tests

* add test for send service

* add await to test
2024-06-20 11:36:24 -04:00
rr-bw 2a0e21b4bb
[PM-5085] Create InputPasswordComponent (#9630)
* setup for InputPasswordComponent and basic story

* add all input fields

* add translated error messages

* update validation

* add password-callout

* update hint text

* use PolicyService in component

* setup SetPasswordComponent

* remove div

* add default button text

* add mocks for InputPassword storybook

* simplify ngOnInit

* change param and use PolicyApiService

* check for breaches and validate against policy

* user toastService

* use useValue for mocks

* hash before emitting

* validation cleanup and use PreloadedEnglishI18nModule

* add ngOnDestroy

* create validateFormInputsDoNotMatch fn

* update validateFormInputsComparison and add deprecation jsdocs

* rename validator fn

* fix bugs in validation fn

* cleanup and re-introduce services/logic

* toggle password inputs together

* update hint help text

* remove SetPassword test

* remove master key creation / hashing

* add translations to browser/desktop

* mock basic password-strength functionality

* add check for controls

* hash before emitting

* type the EventEmitter

* use DEFAULT_KDF_CONFIG

* emit master key

* clarify comment

* update password mininum help text to match org policy requirement
2024-06-17 14:56:24 -07:00
Bernd Schoolmann 1970abf723
[PM-4370] Implement PRF key rotation (#9517)
* Add prf key rotation

* Fix tests

* Re-add comment

* Remove encrypted private key from webauthnlogincredentialresponse

* Refactor to use rotateablekeyset

* Move key rotation logic to webauthn-login-admin service

* Fix type error

* Add parameter validation

* Add documentation

* Add input validation

* Add tests
2024-06-17 20:47:06 +02:00
Todd Martin fe1c432e03
Auth/pm 8882/Add TDE Logging (#9673)
* Added logging behind feature flag.

* Added default for new flag.

* Additional logging changes.

* Consolidated log messages.

* Removed unneccessary log.

* Fixed test error.

* Fixed linting.

* Fixed constructor on test.

* Updated to remove flag

* Moved service.

* Added logging to redirect guard.
2024-06-17 12:37:05 -04:00
rr-bw e38a39f7c6
adjust w (#9657) 2024-06-14 12:50:05 -07:00
Jared Snider 215bbc2f8e
Auth/PM-7324 - Registration with Email Verification - Registration Start Component Implementation (#9573)
* PM-7324 - Register new registration start comp at signup route on web

* PM-7324 - Add registerSendVerificationEmail logic in API service layer.

* PM-7324 - Update registration start comp to actually send information to API and trigger email.

* PM-7324 - progress on opt in for marketing emails redesign.

* PM-7324 - Add feature flag and feature flag guard to sign up route.

* PM-7324 - RegistrationEnvSelector - emit initial value

* PM-7324 - Registration Start comp - wire up setReceiveMarketingEmailsByRegion logic.

* PM-7324 - Registration start html - use proper link for email pref management.

* PM-7324 - Translate text

* PM-7324 - Design pass

* PM-7324 - design pass v2

* PM-7324 - Update Tailwind config to add availability of anon layout to desktop and browser extension

* PM-7324 - Desktop - AppRoutingModule - Add new signup route protected by the email verification feature flag.

* PM-7324 - BrowserExtension - AppRoutingModule - Add signup route protected by feature flag

* PM-7324 - Feature flag all register page navigations to redirect users to the new signup page.

* PM-7324 - Update AnonLayoutWrapperComponent constructor logic to avoid passing undefined values into I18nService.t method

* PM-7324 - Accept org invite web comp - adjust register url and qParams

* PM-7324 - Add AnonLayoutWrapperData to desktop & browser since we don't need titleId.

* PM-7324 - Revert anon layout wrapper comp changes as they were made separately and merged to main.

* PM-7234 - Fix registration start component so the login route works for the browser extension.

* PM-7324 - Registration start story now building again + fix storybook warning around BrowserAnimationsModule

* PM-7324 - Registration Start - add missing tw-text-main to fix dark mode rendering.

* PM-7324 - Update storybook docs

* PM-7324 - Get stub of registration finish component so that the verify email has something to land on.

* PM-7324 - Registration start - receive marketing materials should never be required.

* PM-7324 - Add finish signup route + required translations to desktop & browser.

* PM-7324 - AnonLayoutWrapperComponent - Resolve issues where navigating to a sibling anonymous route wouldn't update the AnonLayoutWrapperData.

* PM-7324 - Remove unnecessary array

* PM-7324  - Per PR feedback, improve setReceiveMarketingEmailsByRegion

* PM-7324 - Per PR feedback, inject login routes via route data

* PM-7324 - Document methods in account api service

* PM-7324 - PR feedback - jsdoc tweaks
2024-06-14 11:40:56 -04:00
Bernd Schoolmann 84e9778669
[PM-4139] Remove approve device logins setting and enable it by default (#9495)
* Remove login with device setting and enable it by default

* Remove unused i18n message
2024-06-13 18:05:05 +00:00
rr-bw 9b0250d4fd
Check undefined data properties before i18n (#9590)
* remove duplicate route

* check for undefined before translation
2024-06-11 12:06:02 -07:00
Jake Fink 917c5fff5b
remove extra unused method (#9500) 2024-06-05 16:05:12 -04:00
rr-bw 90ca4345b3
Larger min-w to anonlayout content container (#9502)
* add larger min-w to content container

* increase min-w
2024-06-04 14:45:10 -07:00
rr-bw edecec56de
add min-w to anon-layout (#9489) 2024-06-03 13:56:56 -07:00
Jared Snider 9d35a8895e
Auth/PM-8367 - Email Verification - Integrate Registration Self Hosted Env Selector + new Self Hosted Env Settings Dialog into Registration Start (#9361)
* PM-8367 - WIP - initial comp creation

* PM-8367 - Majority of new registration self hosted env config dialog working

* PM-8367 - RegistrationEnvSelectorComponent - add method handleSelfHostedEnvConfigDialogResult and add toast for happy path.

* PM-8367 - Add validation TODO

* PM-8367 - RegistrationSelfHostedEnvConfigDialogComponent - Add validator

* PM-8367 - RegEnvSelector - Only show self hosted if the client is browser or desktop since we will be using the selector on web as well.

* PM-8367 - Registration start comp - add env selector

* PM-8367 - Registration start - add proper import for standalone comps.

* PM-8367 - Registration Start - get storybook fixed with registration env selector

* PM-8367 - Add self hosted server to web translations only for storybook

* PM-8367 - Add more storybook examples and update docs (WIP - need to test self hosted selection)

* PM-8367 - Registration Start - update stories

* PM-8367 - Env Selector now emits selected region so that parent comps can listen to it if needed.

* PM-8367 - Registration Start - wire up handler for selectedRegionChange so that the parent comp can successfully track isSelfHost and hide / show the terms / privacy policy checkbox

* PM-8367 - TODO cleanup

* PM-8367 - Registration start docs - stage gate is two words.

* PM-8367 - Per working session with Will, move top level provided services to app level instead of module level to solve dialog null injector errors.

* PM-8367 - Storybook working for self hosted env dialog

* PM-8367 - Add dialog scroll feature to bitDialog and implement in self hosted env dialog.

* PM-8367 - Revert bit dialog changes and scroll implementation.

* PM-8367 - Tweak registration start docs

* PM-8367 - Remove unused changeDetectorRef

* PM-8367 - Add docs per PR feedback
2024-06-03 13:05:27 -04:00
Jared Snider f691854387
Auth - PM-7392 & PM-7436 - Token Service - Desktop - Add disk fallback for secure storage failures (#8913)
* PM-7392 - EncryptSvc - add new method for detecting if a simple string is an enc string.

* PM-7392 - TokenSvc - add checks when setting and retrieving the access token to improve handling around the access token encryption.

* PM-7392 - (1) Clean up token svc (2) export access token key type for use in tests.

* PM-7392 - Get token svc tests passing; WIP more tests to come for new scenarios.

* PM-7392 - Access token secure storage to disk fallback WIP but mostly functional besides weird logout behavior.

* PM-7392 - Clean up unnecessary comment

* PM-7392 - TokenSvc - refresh token disk storage fallback

* PM-7392 - Fix token service tests in prep for adding tests for new scenarios.

* PM-7392 - TokenSvc tests - Test new setRefreshToken scenarios

* PM-7392 - TokenSvc - getRefreshToken should return null or a value - not undefined.

* PM-7392 - Fix test name.

* PM-7392 - TokenSvc tests - clean up test names that reference removed refresh token migrated flag.

* PM-7392 - getRefreshToken tests done.

* PM-7392 - Fix error quote

* PM-7392 - TokenSvc tests - setAccessToken new scenarios tested.

* PM-7392 - TokenSvc - getAccessToken - if secure storage errors add error to log.

* PM-7392 - TokenSvc tests - getAccessToken - all new scenarios tested

* PM-7392 - EncryptSvc - test new stringIsEncString method

* PM-7392 - Main.ts - fix circ dep issue.

* PM-7392 - Main.ts - remove comment.

* PM-7392 - Don't re-invent the wheel and simply use existing isSerializedEncString static method.

* PM-7392 - Enc String - (1) Add handling for Nan in parseEncryptedString (2) Added null handling to isSerializedEncString. (3) Plan to remove encrypt service implementation

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>

* PM-7392 - Remove encrypt service method

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>

* PM-7392 - Actually fix circ dep issues with Justin. Ty!

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>

* PM-7392 - TokenSvc - update to use EncString instead of EncryptSvc + fix tests.

* PM-7392 - TokenSvc - (1) Remove test code (2) Refactor decryptAccessToken method to accept access token key and error on failure to pass required decryption key to method.

* PM-7392 - Per PR feedback and discussion, do not log the user out if hte refresh token cannot be found. This will allow users to continue to use the app until their access token expires and we will error on trying to refresh it. The app will then still work on a fresh login for 55 min.

* PM-7392 - API service - update doAuthRefresh error to clarify which token cannot be refreshed.

* PM-7392 - Fix SetRefreshToken case where a null input would incorrectly trigger a fallback to disk.

* PM-7392 - If the access token cannot be refreshed due to a missing refresh token or API keys, then surface an error to the user and log it so it isn't a silent failure + we get a log.

* PM-7392  - Fix CLI build errors

* PM-7392 - Per PR feedback, add missing tests (thank you Jake for writing these!)

Co-authored-by: Jake Fink <jfink@bitwarden.com>

* PM-7392 - Per PR feedback, update incorrect comment from 3 releases to 3 months.

* PM-7392 - Per PR feedback, remove links.

* PM-7392 - Per PR feedback, move tests to existing describe.

* PM-7392 - Per PR feedback, adjust all test names to match naming convention.

* PM-7392 - ApiService - refreshIdentityToken - log error before swallowing it so we have a record of it.

* PM-7392 - Fix copy for errorRefreshingAccessToken

* PM-7392 - Per PR feedback, move error handling toast responsibility to client specific app component logic reached via messaging.

* PM-7392 - Swap logout reason from enum to type.

* PM-7392 - ApiService - Stop using messaging to trigger toast to let user know about refresh access token errors; replace with client specific callback logic.

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>

* PM-7392 - Per PR feedback, adjust enc string changes and tests.

* PM-7392 - Rename file to be type from enum

* PM-7392 - ToastService - we need to await the activeToast.onHidden observable so return the activeToast from the showToast.

* PM-7392 - Desktop AppComp - cleanup messaging

* PM-7392 - Move Logout reason custom type to auth/common

* PM-7392 - WIP - Enhancing logout callback to consider the logout reason + move show toast logic into logout callback

* PM-7392 - Logout callback should simply pass along the LogoutReason instead of handling it - let each client's message listener handle it.

* PM-7392 - More replacements of expired with logoutReason

* PM-7392 - More expired to logoutReason replacements

* PM-7392 - Build new handlers for displaying the logout reason for desktop & web.

* PM-7392 - Revert ToastService changes

* PM-7392 - TokenSvc - Replace messageSender with logout callback per PR feedback.

* PM-7392 - Desktop App comp - replace toast usage with simple dialog to guarantee users will see the reason for them being logged out.

* PM-7392 - Web app comp - fix issue

* PM-7392 - Desktop App comp - don't show cancel btn on simple dialogs.

* PM-7392 - Desktop App comp - Don't open n simple dialogs.

* PM-7392 - Fix browser build

* PM-7392 - Remove logout reason from CLI as each logout call handles messaging on its own.

* PM-7392 - Previously, if a security stamp was invalid, the session was marked as expired. Restore that functionality.

* PM-7392 - Update sync service logoutCallback to include optional user id.

* PM-7392 - Clean up web app comp

* PM-7392 - Web - app comp - only handle actually possible web logout scenarios.

* PM-7392 - Browser Popup app comp - restore done logging out message functionality + add new default logout message

* PM-7392 - Add optional user id to logout callbacks.

* PM-7392 - Main.background.ts - add clarifying comment.

* PM-7392 - Per feedback, use danger simple dialog type for error.

* PM-7392 - Browser Popup - add comment clarifying expectation of seeing toasts.

* PM-7392 - Consolidate invalidSecurityStamp error handling

* PM-7392 - Per PR feedback, REFRESH_ACCESS_TOKEN_ERROR_CALLBACK can be completely sync. + Refactor to method in main.background.

* PM-7392 - Per PR feedback, use a named callback for refreshAccessTokenErrorCallback in CLI

* PM-7392 - Add TODO

* PM-7392 - Re-apply bw.ts changes to new service-container.

* PM-7392 - TokenSvc - tweak error message.

* PM-7392 - Fix test

* PM-7392 - Clean up merge conflict where I duplicated dependencies.

* PM-7392 - Per discussion with product, change default logout toast to be info

* PM-7392 - After merge, add new logout reason to sync service.

* PM-7392 - Remove default logout message per discussion with product since it isn't really visible on desktop or browser.

* PM-7392 - address PR feedback.

---------

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by: Jake Fink <jfink@bitwarden.com>
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
2024-06-03 12:36:45 -04:00
Jared Snider 01648e2cc3
Auth/PM-8358 - User Verification dialog & form input fix for empty submit displaying wrong error (#9363)
* PM-8358 - UserVerificatonFormInput - fix incorrect init logic. We needed to execute the processSecretChanges logic to convert null into { type: 0, secret: null }  (VerificationWithSecret) for all non-biometric verification flows. .

* PM-8358 - UserVerificationService - verifyUser(...) - throw error if called with null. It should only happen if a dev makes a mistake in theory.
2024-06-03 10:15:11 -04:00
rr-bw 828e26f93c
[PM-8368] AnonLayout Footer Updates (#9397)
* add hostname to footer via env service

* add logic for showing/hiding environment

* add docs

* add web env-selector

* refactor to use one slot for env-selector

* add storybook docs

* add env hostname to stories

* remove sample route
2024-05-29 13:31:04 -07:00
Jared Snider 89d7e96b25
Auth/PM-5086 - Email Verification - Registration Start + Environment Selector components (#9342)
* PM-5086 - WIP start on registration start component

* PM-5086 - more WIP progress on registration start comp

* PM-5086 - Setup secondary component

* PM-5086 - (1) Validation working (2) States implemented (3) 2nd state for check email mostly completed except for correct icon

* PM-5086 - Registration Start - check email state - update icon to be correct from figma.

* PM-5086 - Refactor self hosted conditional + actually hide the checkbox if it is self hosted.

* PM-5086 - WIP good progress on getting browser & desktop creating account on logic working.

* PM-5086 - Accessibility pass + WIP on region selector

* PM-5086 - Accessibility pass with Danielle

* PM-5086 - Migrate env selector logic to own component.

* PM-5086 - Update AnonLayoutWrapperComp import

* PM-5086 - Remove unncessary focus.

* PM-5086 - WIP first draft of registration env selector; name might change to differentiate it from existing env selector.

* PM-5086 - Rename env selector to be more clear and use registration-env-selector instead.

* PM-5086 - (1) Export registration env selector (2) Change comp name not just file name.

* PM-5086 - Create new registration page stub

* PM-5086 - Fix build issue where select module was missing from new registration env selector.

* PM-5086 - Registration --> registration start.

* PM-5086 - Add missing translation from registration-start-secondary-component to desktop & browser.

* PM-5086 - Add missing translations

* PM-5086 - Registration Env Selector - forms require form groups. duh.

* PM-5086 - Registration Env Selector - working now.

* PM-5086 - Registration Start desktop mostly working with env selector issues.

* PM-5086 - Registration start - get self hosted env dialog to close on close click. Backdrop click doesn't work but escape does still.

* PM-5086 - TODO: figure out if there is a better way to get the dialog to close.

* PM-5086 - Registration start - get goBack working to properly re-show env selector

* PM-5086 - Self Hosted Env Comp - re-emit current env on close so that select based env selectors can reset

* PM-5086 - RegistrationEnvSelector - Refactor init logic to also listen for env updates so that the user's choices on the self hosted settings dialog get communicated to this comp

* PM-5086 - Registration Start Desktop - Don't allow users to close dialog via escape as we need them to either close or save to get the env service to set the env correctly.

* PM-5086 - Browser Registration Start Page stub

* PM-5086 - Registration Start comp - storybook added

* PM-5086 - Remove links to start-registration as we aren't ready to implement that yet.

* PM-5086 - Revert environment comp changes.

* PM-5086 - Delete registration start pages.

* PM-5086 - Test removing PreloadedEnglishI18nModule to see if it fixes test failures

* PM-5086 - Try to resolve issues w/ importing PreloadedEnglishI18nModule into RegistrationStartComponent storybook stories file.

* PM-5086 - Allow translations to be imported for all libs.

* PM-5086 - Remove comment from JSON

* PM-5086 - TODO cleanup

* PM-5086 - Per PR feedback, fix display issues by using correct classes.

* PM-5086 - Fix SVG per PR feedback

* PM-5086 - Remove unnecessary methods

* PM-5086 - RegistrationEnvSelectorComponent - per PR feedback, properly type null in form group
2024-05-24 15:43:29 -04:00
Jake Fink 56c4be4f1a
consolidate login strategy deps (#8859) 2024-05-21 09:34:03 -04:00
rr-bw ac47cca944
make data properties optional (#9276) 2024-05-20 13:06:22 -07:00
rr-bw 6fd81fa4d0
[PM-8236] Move AnonLayoutWrapperComponent to Libs (#9272)
* move to libs/auth

* add tw-max-w-md to anonlayout
2024-05-20 11:12:01 -07:00
rr-bw 3eeafc098a
Update AnonLayout BG Colors (#9180)
* update bg color

* add tw breakpoint for primary content bg
2024-05-14 13:28:41 -07:00
rr-bw 8e4073f1ca
fix migration test (#9163) 2024-05-13 14:18:54 -07:00
Jared Snider 473c5311fa
Auth/PM-5501 - VaultTimeoutSettingsService State Provider Migration (#8604)
* PM-5501 - VaultTimeoutSettingsSvc - refactor var names in getVaultTimeoutAction

* PM-5501 - Add state definitions and key definitions + test deserialization of key defs.

* PM-5501 - Add state provider dep to VaultTimeoutSettingsSvc

* PM-5501 - Refactor getVaultTimeout

* PM-5501 - VaultTimeoutSettingsService - Build getMaxVaultTimeoutPolicyByUserId helper

* PM-5501 - (1) Update state definitions (2) convert KeyDefs to UserKeyDefs (2) Remove everBeenUnlocked as we won't need it

* PM-5501 - VaultTimeoutSettingsSvc - POC for getVaultTimeoutActionByUserId$ method + new private determineVaultTimeoutAction helper.

* PM-5501 - VaultTimeoutSettingsSvc - build set and observable get methods for vault timeout settings

* PM-5501 - Update web references to use new vault timeout setting service methods

* PM-5501 - VaultTimeoutSettingsSvc - write up abstraction js docs

* PM-5501 - VaultTimeoutSettingsSvc abstraction - finish tweaks

* PM-5501 - VaultTimeoutSettingsSvc - add catchError blocks to observables to protect outer observables and prevent cancellation in case of error.

* PM-5501 - Remove vault timeout settings from state service implementation.

* PM-5501 - VaultTimeoutSettingsServiceStateProviderMigrator first draft

* PM-5501 - WIP - replace some state service calls with calls to vault timeout settings svc.

* PM-5501 - Replace state service calls in login strategies to get vault timeout settings data with VaultTimeoutSettingsService calls.

* PM-5501 - Fix login strategy tests

* PM-5501 - Update login strategy tests to pass

* PM-5501 - CryptoSvc - share VaultTimeout user key def to allow crypto svc access to the vault timeout without creating a circular dep.

* PM-5501 - Fix dependency injections.

* PM-5501 - ApiSvc - replace state svc with vault timeout settings svc.

* PM-5501 - VaultTimeoutSettingsServiceStateProviderMigrator more cleanup

* PM-5501 - Test VaultTimeoutSettingsServiceStateProviderMigrator

* PM-5501 - VaultTimeoutSettingsSvc tests updated

* PM-5501 - Update all setVaultTimeoutOptions references

* PM-5501 - VaultTimeoutSettingsSvc - Update setVaultTimeoutOptions to remove unnecessary logic and clean up clearTokens condition.

* PM-5501 - Fix vault timeout service tests

* PM-5501 - Update VaultTimeoutSettings state tests to pass

* PM-5501 - Desktop - system svc - fix build by replacing use of removed method.

* PM-5501 - Fix CLI by properly configuring super class deps in NodeApiService

* PM-5501 - Actually finish getitng deps fixed to get CLI to build

* PM-5501 - VaultTimeoutSettingsSvc.determineVaultTimeoutAction - pass userId to getAvailableVaultTimeoutActions to prevent hang waiting for an active user.

* PM-5501 - VaultTimeoutSettingSvc test - enhance getVaultTimeoutActionByUserId$ to also test PIN scenarios as an unlock method

* PM-5501 - bump migration version

* PM-5501 - Refactor migration to ensure the migration persists null vault timeout values.

* PM-5501 - Bump migration version

* PM-5501 - Fix web build issues introduced by merging main.

* PM-5501 - Bump migration version

* PM-5501 - PreferencesComponent - revert dep change from InternalPolicyService to standard PolicyService abstraction

* PM-5501 - Address all PR feedback from Jake

Co-authored-by: Jake Fink <jfink@bitwarden.com>

* PM-5501 - VaultTimeoutSettingsSvc tests - add tests for setVaultTimeoutOptions

* PM-5501 - VaultTimeoutSettingsSvc - setVaultTimeoutOptions - Update tests to use platform's desired syntax.

* PM-5501 - Fix tests

* PM-5501 - Create new VaultTimeout type

* PM-5501 - Create new DEFAULT_VAULT_TIMEOUT to allow each client to inject their default timeout into the VaultTimeoutSettingService

* PM-5501 - Migrate client default vault timeout to new injection token

* PM-5501 - Update VaultTimeoutSettingsSvc to use VaultTimeout type and apply default vault timeout if it is null.

* PM-5501 - Update vaultTimeout: number to be vaultTimeout: VaultTimeout everywhere I could find it.

* PM-5501 - More changes based on changing vaultTimeout from number to VaultTimeout type.

* PM-5501 - VaultTimeoutSvc - Update shouldLock logic which previously checked for null (never) or any negative values (any strings except never) with a simple string type check.

* PM-5501 - More cleanup of vaultTimeout type change - replacing null checks with "never" checks

* PM-5501 - VaultTimeoutSettingsSvc - refactor determineVaultTimeout to properly treat string and numeric vault timeouts.

* PM-5501 - Update vault timeout settings service tests to reflect new VaultTimeout type.

* PM-5501 - VaultTimeoutSettingsService - add more test cases for getVaultTimeoutByUserId

* PM-5501 - (1) Remove "immediately" as 0 is numerically meaningful and can be used with Math.min (2) Add VaultTimeoutOption interface for use in all places we show the user a list of vault timeout options.

* PM-5501 - VaultTimeoutSettingSvc - update tests to use 0 as immediately.

* PM-5501 - VaultTimeoutInputComp - Add new types and update applyVaultTimeoutPolicy logic appropriately.

* PM-5501 - Add new types to all preferences and setting components across clients.

* PM-5501 - Fix bug on web where navigating to the preferences page throws an error b/c the validatorChange function isn't defined.

* PM-5501 - WIP on updating vault timeout setting migration and rollback + testing it.

* PM-5501 - Update VaultTimeoutSettingsSvc state provider migration and tests to map existing possible values into new VaultTImeout type.

* PM-5501 - Fix vault timeout settings state tests by changing number to new VaultTimeout type.

* PM-5501 - Fix crypto svc auto key refresh test to use "never" instead of null.

* PM-5501 - Add clarifying comment to vaulttimeout type

* PM-5501 - Desktop app comp - replace systemTimeoutOptions with vault timeout type.

* PM-5501 - Update vault timeout service tests to use VaultTimeout type.

* PM-5501 - VaultTimeoutSettingsSvc - (1) Fix bug where vault timeout action didn't have a default like it did before (2) Fix bug in userHasMasterPassword where it would incorrectly return the active user stream for a given user id as a fallback. There is no guarantee the given user would match the active user so the paths are mutually exclusive.

* PM-5501 - Login Strategy fix - Move retrieval of vault timeout settings and setting of the tokens until after account init and user decryption options set as those opts are needed to properly determine the user's available vault timeout actions.

* PM-5501 - Fix vault timeout settings svc tests

* PM-5501 - VaultTimeoutSettingSvc - move default logic to determine methods + refactor default vault timeout action to properly default to lock in scenarios the user has lock available.

* Update libs/angular/src/components/settings/vault-timeout-input.component.ts

Co-authored-by: Cesar Gonzalez <cesar.a.gonzalezcs@gmail.com>

* PM-5501 - Per PR feedback, cleanup commented out vault timeout options

* PM-5501 - Fix vault timeout input comp lint issues

* PM-5501 - Per PR feedback from Cesar, update VaultTimeout type to use const so we can avoid any magic string usage. Awesome.

Co-authored-by: Cesar Gonzalez <cesar.a.gonzalezcs@gmail.com>

* PM-5501 - CLI - use "never" as default vault timeout instead of null.

* PM-5501 - Fix broken tests

* PM-5501 - Bump migration version

* PM-5501 - Fix build errors after merging main.

* PM-5501 - Update mockMigrationHelper to pass along client type so tests will respect it.

* PM-5501 - Update VaultTimeoutSettingsServiceStateProviderMigrator and tests to use new CLI client type to convert undefined values to never so that CLI users don't lose their session upon running this migration.

* PM-5501 - Bump migration version

* PM-5501 - Fix migration tests to use new authenticated user format

* PM-5501 Update rollback tests

* PM-5501 - Adjust migration based on feedback.

* PM-5501 - Per Jake's find, fix missed -2

Co-authored-by: Jake Fink <jfink@bitwarden.com>

* PM-5501 - Add user id to needsStorageReseed.

Co-authored-by: Jake Fink <jfink@bitwarden.com>

* PM-5501 - Per PR feedback, setVaultTimeoutOptions shouldn't accept null for vault timeout anymore.

* PM-5501 - Per PR feedback, add null checks for set methods for setting vault timeout or vault timeout action.

* PM-5501 - Per PR feedback, add more context as to why we need vault timeout settings to persist after logout.

* PM-5501 - Per PR feedback, fix userHasMasterPassword

* PM-5501 - VaultTimeoutSettingsService - fix userHasMasterPassword check by checking for null decryption options.

* PM-5501 - Remove state service from vault timeout settings service (WOOO)

* PM-5501 - Bump migration version

* PM-5501 - Account Security comp - refactor to consider ease of debugging.

* PM-5501 - (1) Add checks for null vault timeout and vault timeout actions (2) Add tests for new scenarios.

* PM-5501 - VaultTimeoutSettingsSvc - setVaultTimeoutOptions - fix bug where nullish check would throw incorrectly if immediately (0) was picked as the timeout.

* PM-5501 - Per PR feedback, clean up remaining token service methods which accept null for timeout and add tests. .

* PM-5501 - Fix nit

---------

Co-authored-by: Jake Fink <jfink@bitwarden.com>
Co-authored-by: Cesar Gonzalez <cesar.a.gonzalezcs@gmail.com>
2024-05-13 15:56:04 -04:00
rr-bw 7bb8caed42
center secondary content (#9079) 2024-05-08 11:58:21 -07:00
rr-bw a42de41587
[PM-5363] PinService State Providers (#8244)
* move pinKeyEncryptedUserKey

* move pinKeyEncryptedUserKeyEphemeral

* remove comments, move docs

* cleanup

* use UserKeyDefinition

* refactor methods

* add migration

* fix browser dependency

* add tests for migration

* rename to pinService

* move state to PinService

* add PinService dep to CryptoService

* move protectedPin to state provider

* update service deps

* renaming

* move decryptUserKeyWithPin to pinService

* update service injection

* move more methods our of crypto service

* remove CryptoService dep from PinService and update service injection

* remove cryptoService reference

* add method to FakeMasterPasswordService

* fix circular dependency

* fix desktop service injection

* update browser dependencies

* add protectedPin to migrations

* move storePinKey to pinService

* update and clarify documentation

* more jsdoc updates

* update import paths

* refactor isPinLockSet method

* update state definitions

* initialize service before injecting into other services

* initialize service before injecting into other services (bw.ts)

* update clearOn and do additional cleanup

* clarify docs and naming

* assign abstract & private methods, add clarity to decryptAndMigrateOldPinKeyEncryptedMasterKey() method

* derived state (attempt)

* fix typos

* use accountService to get active user email

* use constant userId

* add derived state

* add get and clear for oldPinKeyEncryptedMasterKey

* require userId

* move pinProtected

* add clear methods

* remove pinProtected from account.ts and replace methods

* add methods to create and store pinKeyEncryptedUserKey

* add pinProtected/oldPinKeyEncrypterMasterKey to migration

* update migration tests

* update migration rollback tests

* update to systemService and decryptAndMigrate... method

* remove old test

* increase length of state definition name to meet test requirements

* rename 'TRANSIENT' to 'EPHEMERAL' for consistency

* fix tests for login strategies, vault-export, and fake MP service

* more updates to login-strategy tests

* write new tests for core pinKeyEncrypterUserKey methods and isPinSet

* write new tests for pinProtected and oldPinKeyEncryptedMasterKey methods

* minor test reformatting

* update test for decryptUserKeyWithPin()

* fix bug with oldPinKeyEncryptedMasterKey

* fix tests for vault-timeout-settings.service

* fix bitwarden-password-protected-importer test

* fix login strategy tests and auth-request.service test

* update pinService tests

* fix crypto service tests

* add jsdoc

* fix test file import

* update jsdocs for decryptAndMigrateOldPinKeyEncryptedMasterKey()

* update error messages and jsdocs

* add null checks, move userId retrievals

* update migration tests

* update stateService calls to require userId

* update test for decryptUserKeyWithPin()

* update oldPinKeyEncryptedMasterKey migration tests

* more test updates

* fix factory import

* update tests for isPinSet() and createProtectedPin()

* add test for makePinKey()

* add test for createPinKeyEncryptedUserKey()

* add tests for getPinLockType()

* consolidate userId verification tests

* add tests for storePinKeyEncryptedUserKey()

* fix service dep

* get email based on userId

* use MasterPasswordService instead of internal

* rename protectedPin to userKeyEncryptedPin

* rename to pinKeyEncryptedUserKeyPersistent

* update method params

* fix CryptoService tests

* jsdoc update

* use EncString for userKeyEncryptedPin

* remove comment

* use cryptoFunctionService.compareFast()

* update tests

* cleanup, remove comments

* resolve merge conflict

* fix DI of MasterPasswordService

* more DI fixes
2024-05-08 11:34:47 -07:00
rr-bw 0fb352d8ed
[PM-7343] AnonLayoutComponent Implementation Groundwork (#8585)
* test implementation

* move files

* adjust import and sample router comments

* add storybook docs to anon-layout

* rename to AnonLayoutWrapperComponent

* update storybook docs

* remove references to CL and replace with 'Auth-owned'

* move AnonLayoutWrapperComponent to libs

* add pageTitle input

* add subTitle input

* translate page title/subtitle, and refactor how icon is added

* update tailwind.config and component styles

* adjust spacing between primary and secondary content

* move switch statement to wrapper

* move icon to router file

* update storybook documentation

* fix storybook text color in normal code blocks

* remove sample route

* move wrapper component back to web

* remove sample route

* update storybook docs
2024-05-06 18:34:40 -07:00
Jake Fink 09ff12fc02
[PM-7919] Add more tde logging (#9035)
* adds additional logging to TDE service

* remove base catch swallowing errors

* add dependency to cli

* fix comment
2024-05-06 11:15:33 -04:00
Justin Baur 869fa29da6
Encourage The Use of UserId in CryptoService (#9033) 2024-05-04 02:04:56 -04:00
Jake Fink 69ed6ce1f5
[PM-6727] Part 1: pass userId in login strategies (#9030)
* add validation to initAccount

* pass userId to setMasterKey

* fix key connector tests
2024-05-03 11:54:29 -04:00
Matt Gibson c70a5aa024
[PM-6688] Use AccountService as account source (#8893)
* Use account service to track accounts and active account

* Remove state service active account Observables.

* Add email verified to account service

* Do not store account info on logged out accounts

* Add account activity tracking to account service

* Use last account activity from account service

* migrate or replicate account service data

* Add `AccountActivityService` that handles storing account last active data

* Move active and next active user to account service

* Remove authenticated accounts from state object

* Fold account activity into account service

* Fix builds

* Fix desktop app switch

* Fix logging out non active user

* Expand helper to handle new authenticated accounts location

* Prefer view observable to tons of async pipes

* Fix `npm run test:types`

* Correct user activity sorting test

* Be more precise about log out messaging

* Fix dev compare errors

All stored values are serializable, the next step wasn't necessary and was erroring on some types that lack `toString`.

* If the account in unlocked on load of lock component, navigate away from lock screen

* Handle no users case for auth service statuses

* Specify account to switch to

* Filter active account out of inactive accounts

* Prefer constructor init

* Improve comparator

* Use helper methods internally

* Fixup component tests

* Clarify name

* Ensure accounts object has only valid userIds

* Capitalize const values

* Prefer descriptive, single-responsibility guards

* Update libs/common/src/state-migrations/migrate.ts

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>

* Fix merge

* Add user Id validation

activity for undefined was being set, which was resulting in requests for the auth status of `"undefined"` (string) userId, due to key enumeration. These changes stop that at both locations, as well as account add for good measure.

---------

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
2024-04-30 09:13:02 -04:00
Jared Snider 7f5efcc18c
PM-7745 - SSO Login Strategy - trySetUserKeyWithDeviceKey should use the user id from the IdTokenResponse and not StateService as I suspect it's not working as expected. Thinking there might be a race condition where the user id is null or maybe incorrect. (#8927) 2024-04-26 10:18:05 -04:00
Jake Fink 8afe915be1
[PM-7564] Move 2fa and login strategy service to popup and add state providers to 2fa service (#8820)
* remove 2fa from main.background

* remove login strategy service from main.background

* move 2fa and login strategy service to popup, init in browser

* add state providers to 2fa service
- add deserializer helpers

* use key definitions for global state

* fix calls to 2fa service

* remove extra await

* add delay to wait for active account emission in popup

* add and fix tests

* fix cli

* really fix cli

* remove timeout and wait for active account

* verify expected user is active account

* fix tests

* address feedback
2024-04-25 16:45:23 -04:00
Ike 1e4158fd87
[PM-5735] Create kdf Service (#8715)
* key connector migration initial

* migrator complete

* fix dependencies

* finalized tests

* fix deps and sync main

* clean up definition file

* fixing tests

* fixed tests

* fixing CLI, Browser, Desktop builds

* fixed factory options

* reverting exports

* implemented UserKeyDefinition clearOn

* Initial Kdf Service Changes

* rename and account setting kdfconfig

* fixing tests and renaming migration

* fixed DI ordering for browser

* rename and fix DI

* Clean up Migrations

* fixing migrations

* begin data structure changes for kdf config

* Make KDF more type safe; co-author: jlf0dev

* fixing tests

* Fixed CLI login and comments

* set now accepts userId and test updates

---------

Co-authored-by: Jake Fink <jfink@bitwarden.com>
2024-04-25 11:26:01 -07:00
Jared Snider 5dc83cd34c
PM-6787 - Rename DeviceTrustCryptoService to DeviceTrustService (#8819) 2024-04-24 12:54:54 -04:00
Jared Snider a12c140792
Revert "Revert "Auth/PM-6689 - Migrate Security Stamp to Token Service and St…" (#8889)
This reverts commit 100b43dd8f.
2024-04-24 12:37:19 -04:00
Jared Snider 100b43dd8f
Revert "Auth/PM-6689 - Migrate Security Stamp to Token Service and State Prov…" (#8860)
This reverts commit 91f1d9fb86.
2024-04-22 12:06:43 -04:00
Jared Snider 91f1d9fb86
Auth/PM-6689 - Migrate Security Stamp to Token Service and State Provider (#8792)
* PM-6689 - Add security stamp to Token state

* PM-6689 - Remove Security Stamp from account and state service

* PM-6689 - Add security stamp get and set to token service + abstraction + tests

* PM-6689 - Add migration for security stamp, test it, and register it with migrator

* PM-6689 - Update sync service + deps to use token service.

* PM-6689 - Cleanup missed usages of account tokens which has been removed.

* PM-6689 - Per PR feedback, remove unnecessary data migration as the security stamp is only in memory and doesn't need to be migrated.
2024-04-19 16:44:24 -04:00
Jared Snider 51a6b34cc2
Auth/PM-7467- Fix Refresh token issues (#8757)
* PM-7467 - Login Strategy bug - VaultTimeoutSettings will be undefined before the account is activated unless you pass in user ids to retrieve the data. This resulted in refresh tokens always being set into secure storage regardless of a user's vault timeout settings (logout should translate to memory)

* PM-7467 - TokenSvc - Fix bug in getRefreshToken which would retrieve the user's refresh token from secure storage even if the user had changed their vault timeout setting to log out which moved the refresh token into memory. Includes a migration to remove the no longer required REFRESH_TOKEN_MIGRATED_TO_SECURE_STORAGE state provider flag.

* PM-7467 - Per PR feedback, use IRREVERSIBLE for rollback.

Co-authored-by: Jake Fink <jfink@bitwarden.com>

* PM-7467 - fix tests

* PM-7467 - Fix migrator based on PR feedback.

* PM-7467 - Bump migration version

---------

Co-authored-by: Jake Fink <jfink@bitwarden.com>
2024-04-16 14:05:47 -04:00
Jake Fink 576431d29e
[PM-5499] auth request service migrations (#8597)
* move auth request storage to service

* create migrations for auth requests

* fix tests

* fix browser

* fix login strategy

* update migration

* use correct test descriptions in migration
2024-04-15 12:34:30 -04:00
Matt Gibson 8d698d9d84
[PM-7169][PM-5267] Remove auth status from account info (#8539)
* remove active account unlocked from state service

* Remove status from account service `AccountInfo`

* Fixup lingering usages of status

Fixup missed factories

* Fixup account info usage

* fixup CLI build

* Fixup current account type

* Add helper for all auth statuses to auth service

* Fix tests

* Uncomment mistakenly commented code

* Rework logged out account exclusion tests

* Correct test description

* Avoid getters returning observables

* fixup type
2024-04-12 09:25:45 +02:00
Jake Fink 9d10825dbd
[PM-5362] Add MP Service (attempt #2) (#8619)
* create mp and kdf service

* update mp service interface to not rely on active user

* rename observable methods

* update crypto service with new MP service

* add master password service to login strategies
- make fake service for easier testing
- fix crypto service tests

* update auth service and finish strategies

* auth request refactors

* more service refactors and constructor updates

* setMasterKey refactors

* remove master key methods from crypto service

* remove master key and hash from state service

* missed fixes

* create migrations and fix references

* fix master key imports

* default force set password reason to none

* add password reset reason observable factory to service

* remove kdf changes and migrate only disk data

* update migration number

* fix sync service deps

* use disk for force set password state

* fix desktop migration

* fix sso test

* fix tests

* fix more tests

* fix even more tests

* fix even more tests

* fix cli

* remove kdf service abstraction

* add missing deps for browser

* fix merge conflicts

* clear reset password reason on lock or logout

* fix tests

* fix other tests

* add jsdocs to abstraction

* use state provider in crypto service

* inverse master password service factory

* add clearOn to master password service

* add parameter validation to master password service

* add component level userId

* add missed userId

* migrate key hash

* fix login strategy service

* delete crypto master key from account

* migrate master key encrypted user key

* rename key hash to master key hash

* use mp service for getMasterKeyEncryptedUserKey

* fix tests

* fix user key decryption logic

* add clear methods to mp service

* fix circular dep and encryption issue

* fix test

* remove extra account service call

* use EncString in state provider

* fix tests

* return to using encrypted string for serialization
2024-04-09 20:50:20 -04:00
Victoria League 09169cac71
[CL-254] Rename 500 colors to 600 to prep for UI redesign (#8623)
* [CL-254] Rename 500 colors to 600 to prep for UI redesign

---------

Co-authored-by: Will Martin <contact@willmartian.com>
2024-04-05 10:58:32 -04:00
Jake Fink 775c8a1bbe
Revert "[PM-5362]Create MP Service for state provider migration (#7623)" (#8617)
This reverts commit b1abfb0a5c.
2024-04-04 16:17:09 +00:00
Jake Fink b1abfb0a5c
[PM-5362]Create MP Service for state provider migration (#7623)
* create mp and kdf service

* update mp service interface to not rely on active user

* rename observable methods

* update crypto service with new MP service

* add master password service to login strategies
- make fake service for easier testing
- fix crypto service tests

* update auth service and finish strategies

* auth request refactors

* more service refactors and constructor updates

* setMasterKey refactors

* remove master key methods from crypto service

* remove master key and hash from state service

* missed fixes

* create migrations and fix references

* fix master key imports

* default force set password reason to none

* add password reset reason observable factory to service

* remove kdf changes and migrate only disk data

* update migration number

* fix sync service deps

* use disk for force set password state

* fix desktop migration

* fix sso test

* fix tests

* fix more tests

* fix even more tests

* fix even more tests

* fix cli

* remove kdf service abstraction

* add missing deps for browser

* fix merge conflicts

* clear reset password reason on lock or logout

* fix tests

* fix other tests

* add jsdocs to abstraction

* use state provider in crypto service

* inverse master password service factory

* add clearOn to master password service

* add parameter validation to master password service

* add component level userId

* add missed userId

* migrate key hash

* fix login strategy service

* delete crypto master key from account

* migrate master key encrypted user key

* rename key hash to master key hash

* use mp service for getMasterKeyEncryptedUserKey

* fix tests
2024-04-04 14:22:41 +00:00