* [PM-1796] The autofill keyboard shortcut does not prompt a user to unlock a locked extension within an incongito browsing session
* [PM-1796] Implementing fixes for how we handle focus redirection when logging a user in and attempting to autofill within the Firefox Workspaces addon
* [PM-1796] Removing the `openerTab` value from the createNewTab method within brwoserApi.ts
* [PM-1796] Removing async declaration from createNewTab
* [PM-1796] Removing unnecessary param from the call to openBitwardenExtrensionTab
* [PM-2147] [BEEEP] Open login form used to unlock extension in a separate window instead of a tab
* [PM-2147] [BEEEP] Open login form used to unlock extension in a separate window instead of a tab
* [PM-2147] [BEEEP] Modifying the position where the window opens and starting cleanup of comments within implementation
* [PM-2147] [BEEEP] Cleaning up comments within implementation
* [PM-2147] [BEEEP] Removing unnecessary method
* [PM-2147] [BEEEP] Removing package-lock changes
* [PM-2147] [BEEEP] Cleaning up implementation
* [PM-2147] [BEEEP] Reverting addition to the whitelist-capital-letters filter and updating named file
* [PM-2147] [BEEEP] Reverting addition to the whitelist-capital-letters filter and updating named file
* [PM-2147] [BEEEP] Adjusting implementation of notifications bar to trigger presentation on lock only when not adding a new vault item
* [PM-2147] [BEEEP] Adjusting implementation of how we open a login prompt window to ensure we are showing the address bar to the user
* [PM-2147] [BEEEP] Modifying the method closeBitwardenLoginPromptWindow to not check for a popup type window
* [PM-2147] [BEEEP] Fixing bug where notification bar does not close when unlocking vault
* [PM-2147] [BEEEP] Adjusting placement of method BrowserApi.getWindow to have it present closer to getTab
* [PM-2147] [BEEEP] Implementing a sepearate service BrowserPopoutService that will maintain the most recently created popouts and selectively remove those when re-opening the login prompt
* [PM-2147] [BEEEP] Modifying position of BrowserPopoutWindowService
* [PM-2147] [BEEEP] Modifying position of BrowserPopoutWindowService
* [PM-2147] [BEEEP] Modifying how we handle identifying a single use popout
* update desktop domains
* update web domains
* remove old translations from desktop
* update translations on browser
* change 'Region' to 'Server' on web
* change labels
* remove 'region' translation
* adjust alignmend so 'Self-hosted' label lines up with others
* adjust width and layout of trial-initiation header to accomodate longer text
* [PM-169][PM-142][PM-191] Add Environments to Web and Desktop (#5294)
* [PM-1351] Add property to server-config.response. Change config to be able to fetch without being authed.
* [PM-1351] fetch every hour.
* [PM-1351] fetch on vault sync.
* [PM-1351] browser desktop fetch configs on sync complete.
* [PM-1351] Add methods to retrieve feature flags
* [PM-1351] Add enum to use as key to get values feature flag values
* [PM-1351] Remove debug code
* [PM-1351] Get flags when unauthed. Add enums as params. Hourly always fetch.
* [PM-1351] add check for authed user using auth service
* [PM-169] Web: add drop down to select environment
* [PM-169] Fix pop up menu margins. Add DisplayEuEnvironmentFlag.
* [PM-169] Change menu name.
* [PM-169] Add environment selector ts and html. Add declaration and import on login.module
* [PM-169] Add environment selector to desktop.
* [PM-169] Ignore lint error.
* [PM-169] add takeUntil to subscribes
* [PM-191] PR Fixes, code format
* [PM-168] Add Environments to extension login/registration (#5434)
* [PM-1176] Hovering over the `Learn More about auto-fill` link in the browser extension does not change the cursor
* [PM-1176] Modifying how the anchor element is formatted by prettier
* [PM-1176] Adding translation methodology to the aria-label "opens in a new window" value
* [EC-1070] Introduce flag for enforcing master password policy on login
* [EC-1070] Update master password policy form
Add the ability to toggle enforceOnLogin flag in web
* [EC-1070] Add API method to retrieve all policies for the current user
* [EC-1070] Refactor forcePasswordReset in state service to support more options
- Use an options class to provide a reason and optional organization id
- Use the OnDiskMemory storage location so the option persists between the same auth session
* [AC-1070] Retrieve single master password policy from identity token response
Additionally, store the policy in the login strategy for future use
* [EC-1070] Introduce master password evaluation in the password login strategy
- If a master password policy is returned from the identity result, evaluate the password.
- If the password does not meet the requirements, save the forcePasswordReset options
- Add support for 2FA by storing the results of the password evaluation on the login strategy instance
- Add unit tests to password login strategy
* [AC-1070] Modify admin password reset component to support update master password on login
- Modify the warning message to depend on the reason
- Use the forcePasswordResetOptions in the update temp password component
* [EC-1070] Require current master password when updating weak mp on login
- Inject user verification service to verify the user
- Conditionally show the current master password field only when updating a weak mp. Admin reset does not require the current master password.
* [EC-1070] Implement password policy check during vault unlock
Checking the master password during unlock is the only applicable place to enforce the master password policy check for SSO users.
* [EC-1070] CLI - Add ability to load MP policies on login
Inject policyApi and organization services into the login command
* [EC-1070] CLI - Refactor update temp password logic to support updating weak passwords
- Introduce new shared method for collecting a valid and confirmed master password from the CLI and generating a new encryption key
- Add separate methods for updating temp passwords and weak passwords.
- Utilize those methods during login flow if not using an API key
* [EC-1070] Add route guard to force password reset when required
* [AC-1070] Use master password policy from verify password response in lock component
* [EC-1070] Update labels in update password component
* [AC-1070] Fix policy service tests
* [AC-1070] CLI - Force sync before any password reset flow
Move up the call to sync the vault before attempting to collect a new master password. Ensures the master password policies are available.
* [AC-1070] Remove unused getAllPolicies method from policy api service
* [AC-1070] Fix missing enforceOnLogin copy in policy service
* [AC-1070] Include current master password on desktop/browser update password page templates
* [AC-1070] Check for forced password reset on account switch in Desktop
* [AC-1070] Rename WeakMasterPasswordOnLogin to WeakMasterPassword
* [AC-1070] Update AuthServiceInitOptions
* [AC-1070] Add None force reset password reason
* [AC-1070] Remove redundant ForcePasswordResetOptions class and replace with ForcePasswordResetReason enum
* [AC-1070] Rename ForceResetPasswordReason file
* [AC-1070] Simplify conditional
* [AC-1070] Refactor logic that saves password reset flag
* [AC-1070] Remove redundant constructors
* [AC-1070] Remove unnecessary state service call
* [AC-1070] Update master password policy component
- Use typed reactive form
- Use CL form components
- Remove bootstrap
- Update error component to support min/max
- Use Utils.minimumPasswordLength value for min value form validation
* [AC-1070] Cleanup leftover html comment
* [AC-1070] Remove overridden default values from MasterPasswordPolicyResponse
* [AC-1070] Hide current master password input in browser for admin password reset
* [AC-1070] Remove clientside user verification
* [AC-1070] Update temp password web component to use CL
- Use CL for form inputs in the Web component template
- Remove most of the bootstrap classes in the Web component template
- Use userVerificationService to build the password request
- Remove redundant current master password null check
* [AC-1070] Replace repeated user inputs email parsing helpers
- Update passwordStrength() method to accept an optional email argument that will be parsed into separate user inputs for use with zxcvbn
- Remove all other repeated getUserInput helper methods that parsed user emails and use the new passwordStrength signature
* [AC-1070] Fix broken login command after forcePasswordReset enum refactor
* [AC-1070] Reduce side effects in base login strategy
- Remove masterPasswordPolicy property from base login.strategy.ts
- Include an IdentityResponse in base startLogin() in addition to AuthResult
- Use the new IdentityResponse to parse the master password policy info only in the PasswordLoginStrategy
* [AC-1070] Cleanup password login strategy tests
* [AC-1070] Remove unused field
* [AC-1070] Strongly type postAccountVerifyPassword API service method
- Remove redundant verify master password response
- Use MasterPasswordPolicyResponse instead
* [AC-1070] Use ForceResetPassword.None during account switch check
* [AC-1070] Fix check for forcePasswordReset reason after addition of None
* [AC-1070] Redirect a user home if on the update temp password page without a reason
* [AC-1070] Use bit-select and bit-option
* [AC-1070] Reduce explicit form control definitions for readability
* [AC-1070] Import SelectModule in Shared web module
* [AC-1070] Add check for missing 'at' symbol
* [AC-1070] Remove redundant unpacking and null coalescing
* [AC-1070] Update passwordStrength signature and add jsdocs
* [AC-1070] Remove variable abbreviation
* [AC-1070] Restore Id attributes on form inputs
* [AC-1070] Clarify input value min/max error messages
* [AC-1070] Add input min/max value example to storybook
* [AC-1070] Add missing spinner to update temp password form
* [AC-1070] Add missing ids to form elements
* [AC-1070] Remove duplicate force sync and update comment
* [AC-1070] Switch backticks to quotation marks
---------
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* [EC-1046] add activate autofill policy to web
* [EC-1046] add local setting if policy needs to be set
* [AC-1046] activate autofill on page load if flag exists
* [AC-1046] move activation to current tab page
* [AC-1046] add warning to autofill policy
* [AC-1046] add useActivateAutofillPolicy to organization reponse
* [AC-1046] autofill to auto-fill
* Updated messages
* Implement method in platformUtils to get autofill command
* Updates to callout in current tab component
* Add autofill keyboard shortcut to autofill settings
* style updates
* Add routing animation for autofill settings
* Remove extra function
* Remove unnecessary safari logic
* Remove autofill settings transition added in another PR
* Fix callout still present after clicking 'Got it' (#4797)
---------
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
* work: add base logic for password lookup
* work: added browser support for hibp
* work: SG-558 combine weak + leak warning
* fix: language stuff
* fix: form values are neater tho :(
* fix: no cast
* [SG-163] Two step login flow web (#3648)
* two step login flow
* moved code from old branch and reafctored
* fixed review comments
* [SG-164] Two Step Login Flow - Browser (#3793)
* Add new messages
* Remove SSO button from home component
* Change create account button to text
* Add top padding to create account link
* Add email input to HomeComponent
* Add continue button to email input
* Add form to home component
* Retreive email from state service
* Redirect to login after submit
* Add error message for invalid email
* Remove email input from login component
* Remove loggingInTo from under MP input
* Style the MP hint link
* Add self hosted domain to email form
* Made the mp hint link bold
* Add the new login button
* Style app-private-mode-warning in its component
* Bitwarden -> Login text change
* Remove the old login button
* Cancel -> Close text change
* Add avatar to login header
* Login -> LoginWithMasterPassword text change
* Add SSO button to login screen
* Add not you button
* Allow all clients to use the email query param on the login component
* Introduct HomeGuard
* Clear remembered email when clicking Not You
* Make remember email opt-in
* Use formGroup.patchValue instead of directly patching individual controls
* [SG-165] Desktop login flow changes (#3814)
* two step login flow
* moved code from old branch and reafctored
* fixed review comments
* Make toggleValidateEmail in base class public
* Add desktop login messages
* Desktop login flow changes
* Fix known device api error
* Only submit if email has been validated
* Clear remembered email when switching accounts
* Fix merge issue
* Add 'login with another device' button
* Remove 'log in with another device' button for now
* Pin login pag content to top instead of center justified
* Leave email if 'Not you?' is clicked
* Continue when enter is hit on email input
Co-authored-by: gbubemismith <gsmithwalter@gmail.com>
* [SG-750] and [SG-751] Web two step login bug fixes (#3843)
* Continue when enter is hit on email input
* Mark email input as touched on 'continue' so field is validated
* disable login with device on self-hosted (#3895)
* [SG-753] Keep email after hint component is launched in browser (#3883)
* Keep email after hint component is launched in browser
* Use query params instead of state for consistency
* Send email and rememberEmail to home component on navigation (#3897)
* removed avatar and close button from the password screen (#3901)
* [SG-781] Remove extra login page and remove rememberEmail code (#3902)
* Remove browser home guard
* Always remember email for browser
* Remove login landing page button
* [SG-782] Add login service to streamline login form data persistence (#3911)
* Add login service and abstraction
* Inject login service into apps
* Inject and use new service in login component
* Use service in hint component to prefill email
* Add method in LoginService to clear service values
* Add LoginService to two-factor component to clear values
* make login.service variables private
Co-authored-by: Gbubemi Smith <gsmith@bitwarden.com>
Co-authored-by: Addison Beck <addisonbeck1@gmail.com>
Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
Co-authored-by: gbubemismith <gsmithwalter@gmail.com>
* Add CreationDate to common libs
* Add CreationDate to Browser
* Add CreationDate to CLI
* Add CreationDate to Desktop
* Add CreationDate to Web
* Update tests
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
Copy updated. Transition browser strings to use sentence case for all UI elements, except the following terms:
• Branded Names: Provider(s) + Provider Portal, Send(s) + Send, Directory Connector
• Plan Names: Premium, Families, Teams, Enterprise
* Add structure to display server version on browser
* Add getConfig to State Service interface
* Clean up settings component code
* Switch to ServerConfig, use Observables in the ConfigService, and more
* Fix runtime error
* Sm 90 addison (#3275)
* Use await instead of then
* Rename stateServerConfig -> storedServerConfig
* Move config validation logic to the model
* Use implied check for undefined
* Rename getStateServicerServerConfig -> buildServerConfig
* Rename getApiServiceServerConfig -> pollServerConfig
* Build server config in async
* small fixes and add last seen text
* Move config server to /config folder
* Update with concatMap and other changes
* Config project updates
* Rename fileds to convention and remove unneeded migration
* Update libs/common/src/services/state.service.ts
Update based on Oscar's recommendation
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* Update options for Oscar's rec
* Rename abstractions to abstracitons
* Fix null issues and add options
* Combine classes into one file, per Oscar's rec
* Add null checking
* Fix dependency issue
* Add null checks, await, and fix date issue
* Remove unneeded null check
* In progress commit, unsuitable for for more than dev env, just backing up changes made with Oscar
* Fix temp code to force last seen state
* Add localization and escapes in the browser about section
* Call complete on destroy subject rather than unsubscribe
* use mediumDate and formatDate for the last seen date messaging
* Add ThirdPartyServerName in example
* Add deprecated note per Oscar's comment
* [SM-90] Change to using a modal for browser about (#3417)
* Fix inconsistent constructor null checking
* ServerConfig can be null, fixes this
* Switch to call super first, as required
* remove unneeded null checks
* Remove null checks from server-config.data.ts class
* Update via PR comments and add back needed null check in server conf obj
* Remove type annotation from serverConfig$
* Update self-hosted to be <small> per design decision
* Re-fetch config every hour
* Make third party server version <small> and change wording per Oscar's PR comment
* Add expiresSoon function and re-fetch if the serverConfig will expire soon (older than 18 hours)
* Fix misaligned small third party server message text
Co-authored-by: Addison Beck <addisonbeck1@gmail.com>
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* [SG-416] Changed UI for TOTP codes on free plan and added link to get Premium. On browser, changed back action of premium.component in order to reuse on cipher details.
* [SSG-416] PR Fix
* [SSG-416] fix formatting
* [SSG-416] Updated desktop free plan OTP UI
* [SSG-416] noticed a bad div tag making file changes erratic
* [SG-416] fixed label
* [SSG-416] Fix formatting
* [SSG-416] Changed bootstrap classes to tailwind
* [SSG-416] Added premium and upgrade badge back. Muted placeholder totp code colors and button.
* [SSG-416] Change learn more to upgrade label on get premium modal. Fixed navigation for premium.
* [SSG-416] Removed unused image file.
* [SG-416] Changed browser "Premium subscription required" text to be all hyperlink.
* [SG-416] Fixed missing resource on browser
* [SG-416] Code format with lint
* Add managed_schema
* Add note on login page which server you are logging into.
* Implement it
* Remove caching logic since it seems unecessary
* Add error
* Handle error in hasManagedEnvironment
* Fix compile
* regression bug fix on custom timeout switch for the browser
* regression bug fix on custom timeout switch for the browser
* locale key fix
* suggestion fixes
* feat(browser): Update auto biometrics copy
* refactor(common): remove TotpService.isAutoCopyEnabled and use state directly
The TotpService was just taking the value from StateService and forwarding it, making it depend on state service.
All services that depended on the TotpService.isAutoCopyEnable flag also depended on StateService.
This therefore simplifies things by using StateService directly.
* feat(browser): update auto totp copy
* feat(browser): update add login notification copy
* feat(browser): update change password notification copy
* feat(browser): update context menu copy
* feat(browser): update show cards current tab copy
* feat(browser): update show identities current tab copy
* feat(browser): update enable favicon copy
* feat(browser): update badge counter copy
* feat(browser): update auto-fill copy
* feat(desktop): update auto biometrics prompt copy
* feat(desktop): update favicon copy
* feat(desktop): adjust copy
* feat(web): update favicons copy
* feat(web): adjust copy
* feat(web): update preference settings to sentence case
* feat(browser): update settings and options page to sentence case
* feat(desktop): update settings to sentence case
* feat(web): update copy
* feat(desktop): update copy
* Initial org filter work
* update jslib
* Move filter to below cipher length check
* don't show vault filter in personal or org folder
* Use family icon for families org
* jslib and auth guard updates
* lint fixes
* rename GroupingsComponent to VaultFilterComponent
* fix no folder showing all items
* Add checks for PersonalOwnership policy
* update css class names
* lint fixes
* cleanup
* Some final cleanup
* import order lint fix
* remove unused import
* Use smaller icon for chevron
* Update src/popup/vault/organization-filter.component.ts
Co-authored-by: Addison Beck <addisonbeck1@gmail.com>
* Update src/popup/vault/organization-filter.component.ts
Co-authored-by: Addison Beck <addisonbeck1@gmail.com>
* fix lint error
* remove extra localizations
* rename orgFilter -> vaultSelect
* Rename orgFilterService to VaultSelectService
* lint fixes
* combine vault select service with vault filter service
* Use base vault filter service methods
* Use VaultFilter model and other small fixes
* lint fixes
* Final restructuring pass
* Update jslib and remove extra function
* Remove extra imports
* remove space
* Remove vaultFilterService from background services
* Update jslib to latest on feature branch
* merge fix
* update jslib
* [feat] Implement EUVR for desktop
Should contain only https://github.com/bitwarden/desktop/pull/1487, with merge resolutions and style fixes
* [fix] Delete unused GroupingsComponentTemplate
* [dep] Update jslib
Co-authored-by: Addison Beck <addisonbeck1@gmail.com>
DigitallyRefined
Cesar Gonzalez
rr-bw
sdimarzo
ike-kottlowski
Jared Snider
André Bispo
Jonathan Prusik
Shane Melton
Jake Fink
Daniel James Smith
Robyn MacCallum
Brandon Maharaj
Todd Martin
David Frankel
Danielle Flinn
Colton Hurst
Kyle Spearrin
Oscar Hinton
Vitaly Baev
Brandon Maharaj
Gbubemi Smith
Andreas Coroiu
Thomas Rittson
Oscar Hinton