* [EC-1070] Introduce flag for enforcing master password policy on login
* [EC-1070] Update master password policy form
Add the ability to toggle enforceOnLogin flag in web
* [EC-1070] Add API method to retrieve all policies for the current user
* [EC-1070] Refactor forcePasswordReset in state service to support more options
- Use an options class to provide a reason and optional organization id
- Use the OnDiskMemory storage location so the option persists between the same auth session
* [AC-1070] Retrieve single master password policy from identity token response
Additionally, store the policy in the login strategy for future use
* [EC-1070] Introduce master password evaluation in the password login strategy
- If a master password policy is returned from the identity result, evaluate the password.
- If the password does not meet the requirements, save the forcePasswordReset options
- Add support for 2FA by storing the results of the password evaluation on the login strategy instance
- Add unit tests to password login strategy
* [AC-1070] Modify admin password reset component to support update master password on login
- Modify the warning message to depend on the reason
- Use the forcePasswordResetOptions in the update temp password component
* [EC-1070] Require current master password when updating weak mp on login
- Inject user verification service to verify the user
- Conditionally show the current master password field only when updating a weak mp. Admin reset does not require the current master password.
* [EC-1070] Implement password policy check during vault unlock
Checking the master password during unlock is the only applicable place to enforce the master password policy check for SSO users.
* [EC-1070] CLI - Add ability to load MP policies on login
Inject policyApi and organization services into the login command
* [EC-1070] CLI - Refactor update temp password logic to support updating weak passwords
- Introduce new shared method for collecting a valid and confirmed master password from the CLI and generating a new encryption key
- Add separate methods for updating temp passwords and weak passwords.
- Utilize those methods during login flow if not using an API key
* [EC-1070] Add route guard to force password reset when required
* [AC-1070] Use master password policy from verify password response in lock component
* [EC-1070] Update labels in update password component
* [AC-1070] Fix policy service tests
* [AC-1070] CLI - Force sync before any password reset flow
Move up the call to sync the vault before attempting to collect a new master password. Ensures the master password policies are available.
* [AC-1070] Remove unused getAllPolicies method from policy api service
* [AC-1070] Fix missing enforceOnLogin copy in policy service
* [AC-1070] Include current master password on desktop/browser update password page templates
* [AC-1070] Check for forced password reset on account switch in Desktop
* [AC-1070] Rename WeakMasterPasswordOnLogin to WeakMasterPassword
* [AC-1070] Update AuthServiceInitOptions
* [AC-1070] Add None force reset password reason
* [AC-1070] Remove redundant ForcePasswordResetOptions class and replace with ForcePasswordResetReason enum
* [AC-1070] Rename ForceResetPasswordReason file
* [AC-1070] Simplify conditional
* [AC-1070] Refactor logic that saves password reset flag
* [AC-1070] Remove redundant constructors
* [AC-1070] Remove unnecessary state service call
* [AC-1070] Update master password policy component
- Use typed reactive form
- Use CL form components
- Remove bootstrap
- Update error component to support min/max
- Use Utils.minimumPasswordLength value for min value form validation
* [AC-1070] Cleanup leftover html comment
* [AC-1070] Remove overridden default values from MasterPasswordPolicyResponse
* [AC-1070] Hide current master password input in browser for admin password reset
* [AC-1070] Remove clientside user verification
* [AC-1070] Update temp password web component to use CL
- Use CL for form inputs in the Web component template
- Remove most of the bootstrap classes in the Web component template
- Use userVerificationService to build the password request
- Remove redundant current master password null check
* [AC-1070] Replace repeated user inputs email parsing helpers
- Update passwordStrength() method to accept an optional email argument that will be parsed into separate user inputs for use with zxcvbn
- Remove all other repeated getUserInput helper methods that parsed user emails and use the new passwordStrength signature
* [AC-1070] Fix broken login command after forcePasswordReset enum refactor
* [AC-1070] Reduce side effects in base login strategy
- Remove masterPasswordPolicy property from base login.strategy.ts
- Include an IdentityResponse in base startLogin() in addition to AuthResult
- Use the new IdentityResponse to parse the master password policy info only in the PasswordLoginStrategy
* [AC-1070] Cleanup password login strategy tests
* [AC-1070] Remove unused field
* [AC-1070] Strongly type postAccountVerifyPassword API service method
- Remove redundant verify master password response
- Use MasterPasswordPolicyResponse instead
* [AC-1070] Use ForceResetPassword.None during account switch check
* [AC-1070] Fix check for forcePasswordReset reason after addition of None
* [AC-1070] Redirect a user home if on the update temp password page without a reason
* [AC-1070] Use bit-select and bit-option
* [AC-1070] Reduce explicit form control definitions for readability
* [AC-1070] Import SelectModule in Shared web module
* [AC-1070] Add check for missing 'at' symbol
* [AC-1070] Remove redundant unpacking and null coalescing
* [AC-1070] Update passwordStrength signature and add jsdocs
* [AC-1070] Remove variable abbreviation
* [AC-1070] Restore Id attributes on form inputs
* [AC-1070] Clarify input value min/max error messages
* [AC-1070] Add input min/max value example to storybook
* [AC-1070] Add missing spinner to update temp password form
* [AC-1070] Add missing ids to form elements
* [AC-1070] Remove duplicate force sync and update comment
* [AC-1070] Switch backticks to quotation marks
---------
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* add settingsService.getEquivalentDomains
* check that an iframe URL matches cipher.login.uris before autofilling
* disable autofill on page load if it doesn't match
* show a warning to the user on regular autofill if it doesn't match
---------
Co-authored-by: Todd Martin <106564991+trmartin4@users.noreply.github.com>
Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
* [EC-1046] add activate autofill policy to web
* [EC-1046] add local setting if policy needs to be set
* [AC-1046] activate autofill on page load if flag exists
* [AC-1046] move activation to current tab page
* [AC-1046] add warning to autofill policy
* [AC-1046] add useActivateAutofillPolicy to organization reponse
* [AC-1046] autofill to auto-fill
* Move auth service factories to Auth team
* Move authentication componenets to Auth team
* Move auth guard services to Auth team
* Move Duo content script to Auth team
* Move auth CLI commands to Auth team
* Move Desktop Account components to Auth Team
* Move Desktop guards to Auth team
* Move two-factor provider images to Auth team
* Move web Accounts components to Auth Team
* Move web settings components to Auth Team
* Move web two factor images to Auth Team
* Fix missed import changes for Auth Team
* Fix Linting errors
* Fix missed CLI imports
* Fix missed Desktop imports
* Revert images move
* Fix missed imports in Web
* Move angular lib components to Auth Team
* Move angular auth guards to Auth team
* Move strategy specs to Auth team
* Update .eslintignore for new paths
* Move lib common abstractions to Auth team
* Move services to Auth team
* Move common lib enums to Auth team
* Move webauthn iframe to Auth team
* Move lib common domain models to Auth team
* Move common lib requests to Auth team
* Move response models to Auth team
* Clean up whitelist
* Move bit web components to Auth team
* Move SSO and SCIM files to Auth team
* Revert move SCIM to Auth team
SCIM belongs to Admin Console team
* Move captcha to Auth team
* Move key connector to Auth team
* Move emergency access to auth team
* Delete extra file
* linter fixes
* Move kdf config to auth team
* Fix whitelist
* Fix duo autoformat
* Complete two factor provider request move
* Fix whitelist names
* Fix login capitalization
* Revert hint dependency reordering
* Revert hint dependency reordering
* Revert hint component
This components is being picked up as a move between clients
* Move web hint component to Auth team
* Move new files to auth team
* Fix desktop build
* Fix browser build
* Await in `has` calls.
* Add disk cache to browser synced items
Note: `Map` doesn't serialize nicely so it's easier to swap over to a
`Record` object for out cache
* Mock and await init promises in tests
* Remove redundant settings checks
* Elevate Map <-> Record JSON helpers to Utils
* Build Account from a StateService provided AccountDeserializer
* Allow Manifest V2 usage of session sync
Expands use of SessionSyncer to all Subject types. Correctly handles
replay buffer for each type to ignore the flood of data upon
subscription to each Subject type.
* Create browser-synced Policy Service
* Move BrowserFolderService
* Libs account serialization improvements
* Serialize Browser Accounts
* Separate StateService in background/visualizations
Visualizer state services share storages with background page, which
nicely emulates mv3 synchronization through session/local storage. There
should not be multithreading issues since all of these services are
still running through a single thread, we just now have multiple places
we are reading/writing data from.
Smaller improvements
* Rename browser's state service to BrowserStateService
* Remove unused WithPrototype decorator :celebrate:
* Removed conversion on withPrototypeForArrayMembers. It's reasonable to
think that if the type is maintained, it doesn't need conversion.
Eventually, we should be able to remove the withPrototypeForArrayMembers
decorator as well, but that will require a bit more work on
(de)serialization of the Accounts.data property.
* Make Record <-> Map idempotent
Should we get in a situation where we _think_ an object has been
jsonified, but hasn't been, we need to correctly deal with the object
received to create our target.
* Check all requirements while duck typing
* Name client services after the client
* Use union type to limit initialize options
* Fixup usages of `initializeAs`
* Add OrganizationService to synced services
Co-Authored-By: Daniel James Smith <djsmith85@users.noreply.github.com>
* Add Settings service to synced services
Co-Authored-By: Daniel James Smith <djsmith85@users.noreply.github.com>
* Add missing BrowserStateService
* Fix factories to use browser-specific service overides
* Fix org-service registration in services.module
* Revert "Add missing BrowserStateService"
This reverts commit 81cf384e87.
* Fix session syncer tests
* Fix synced item metadata tests
* Early return null json objects
* Prefer abstract service dependencies
* Prefer minimal browser service overrides
* [SG-632] - Change forwarded providers radio buttons list to dropdown (#4045)
* SG-632 - Changed forwarded providers list of radio buttons to dropdown
* SG-632 - Added role attributes to improve accessibility.
* SG-632 - Added sorting to array and empty option
* SG-632 - Fix styling to match standards.
* rename cipehrs component to vault items component (#4081)
* Update the version hash for the QA Web build artifact to follow SemVer syntax (#4102)
* Remove extra call to toJSON() (#4101)
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: Daniel James Smith <djsmith@web.de>
Co-authored-by: Carlos Gonçalves <carlosmaccam@gmail.com>
Co-authored-by: Jake Fink <jfink@bitwarden.com>
Co-authored-by: Joseph Flinn <58369717+joseph-flinn@users.noreply.github.com>
Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
* Update imports
* Implement observables in a few places
* Add tests
* Get all clients working
* Use _destroy
* Address PR feedback
* Address PR feedback
* Address feedback
* [SG-523] Base test runner app for native messages (#3269)
* Base test runner app for native messages
* Remove default test script
* Add case for canceled status
* Modify to allow usage of libs crypto services and functions
* Small adjustments
* Handshake request (#3277)
* Handshake request
* Fix capitalization
* Update info text
* lock node-ipc to 9.2.1
* [SG-569] Native Messaging settings bug (#3285)
* Fix bug where updating setting wasn't starting the native messaging listener
* Update test runner error message
* [SG-532] Implement Status command in Native Messaging Service (#3310)
* Status command start
* Refactor ipc test service and add status command
* fixed linter errors
* Move types into a model file
* Cleanup and comments
* Fix auth status condition
* Remove .vscode settings file. Fix this in a separate work item
* Add active field to status response
* Extract native messaging types into their own files
* Remove experimental decorators
* Turn off no console lint rule for the test runner
* Casing fix
* Models import casing fixes
* Remove in progress file (merge error)
* Move models to their own folder and add index.ts
* Remove file that got un-deleted
* Remove file that will be added in separate command
* Fix imports that got borked
* [SG-533] Implement bw-credential-retrieval (#3334)
* Status command start
* Refactor ipc test service and add status command
* fixed linter errors
* Move types into a model file
* Cleanup and comments
* Fix auth status condition
* Remove .vscode settings file. Fix this in a separate work item
* Implement bw-credential-retrieval
* Add active field to status response
* Extract native messaging types into their own files
* Remove experimental decorators
* Turn off no console lint rule for the test runner
* Casing fix
* Models import casing fixes
* Add error handling for passing a bad public key to handshake
* [SG-534] and [SG-535] Implement Credential Create and Update commands (#3342)
* Status command start
* Refactor ipc test service and add status command
* fixed linter errors
* Move types into a model file
* Cleanup and comments
* Fix auth status condition
* Remove .vscode settings file. Fix this in a separate work item
* Implement bw-credential-retrieval
* Add active field to status response
* Add bw-credential-create
* Better response handling in test runner
* Extract native messaging types into their own files
* Remove experimental decorators
* Turn off no console lint rule for the test runner
* Casing fix
* Models import casing fixes
* bw-cipher-create move type into its own file
* Use LogUtils for all logging
* Implement bw-credential-update
* Give naming conventions for types
* Rename file correctly
* Update handleEncyptedMessage with EncString changes
* [SG-626] Fix Desktop app not showing updated credentials from native messages (#3380)
* Add MessagingService to send messages on login create and update
* Add `not-active-user` error to create and update and other refactors
* [SG-536] Implement bw-generate-password (#3370)
* implement bw-generate-password
* Fix merge conflict resolution errors
* Update apps/desktop/native-messaging-test-runner/src/bw-generate-password.ts
Co-authored-by: Addison Beck <addisonbeck1@gmail.com>
* Logging improvements
* Add NativeMessagingVersion enum
* Add version check in NativeMessagingHandler
Co-authored-by: Addison Beck <addisonbeck1@gmail.com>
* Refactor account status checks and check for locked state in generate command (#3461)
* Add feawture flag to show/hide ddg setting (#3506)
* [SG-649] Add confirmation dialog and tweak shared key retrieval (#3451)
* Add confirmation dialog when completing handshake
* Copy updates for dialog
* HandshakeResponse type fixes
* Add longer timeout for handshake command
* [SG-663] RefactorNativeMessagingHandlerService and strengthen typing (#3551)
* NativeMessageHandlerService refactor and additional types
* Return empty array if no uri to retrieve command
* Move commands from test runner into a separate folder
* Fix bug where confirmation dialog messes with styling
* Enable DDG feature
* Fix generated password not saving to history
* Take credentialId as parameter to update
* Add applicationName to handshake payload
* Add warning text to confirmation modal
Co-authored-by: Addison Beck <addisonbeck1@gmail.com>
* Clean up dangling behaviorSubject
* Handle null in utils
* fix null check
* Await promises, even in async functions
* Add to/fromJSON methods to State and Accounts
This is needed since all storage in manifest v3 is key-value-pair-based
and session storage of most data is actually serialized into an
encrypted string.
* Simplify AccountKeys json parsing
* Fix account key (de)serialization
* Remove unused DecodedToken state
* Correct filename typo
* Simplify keys `toJSON` tests
* Explain AccountKeys `toJSON` return type
* Remove unnecessary `any`s
* Remove unique ArrayBuffer serialization
* Initialize items in MemoryStorageService
* Revert "Fix account key (de)serialization"
This reverts commit b1dffb5c2c, which was breaking serializations
* Move fromJSON to owning object
* Add DeepJsonify type
* Use Records for storage
* Add new Account Settings to serialized data
* Fix failing serialization tests
* Extract complex type conversion to helper methods
* Remove unnecessary decorator
* Return null from json deserializers
* Remove unnecessary decorators
* Remove obsolete test
* Use type-fest `Jsonify` formatting rules for external library
* Update jsonify comment
Co-authored-by: @eliykat
* Remove erroneous comment
* Fix unintended deep-jsonify changes
* Fix prettierignore
* Fix formatting of deep-jsonify.ts
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* Add structure to display server version on browser
* Add getConfig to State Service interface
* Clean up settings component code
* Switch to ServerConfig, use Observables in the ConfigService, and more
* Fix runtime error
* Sm 90 addison (#3275)
* Use await instead of then
* Rename stateServerConfig -> storedServerConfig
* Move config validation logic to the model
* Use implied check for undefined
* Rename getStateServicerServerConfig -> buildServerConfig
* Rename getApiServiceServerConfig -> pollServerConfig
* Build server config in async
* small fixes and add last seen text
* Move config server to /config folder
* Update with concatMap and other changes
* Config project updates
* Rename fileds to convention and remove unneeded migration
* Update libs/common/src/services/state.service.ts
Update based on Oscar's recommendation
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* Update options for Oscar's rec
* Rename abstractions to abstracitons
* Fix null issues and add options
* Combine classes into one file, per Oscar's rec
* Add null checking
* Fix dependency issue
* Add null checks, await, and fix date issue
* Remove unneeded null check
* In progress commit, unsuitable for for more than dev env, just backing up changes made with Oscar
* Fix temp code to force last seen state
* Add localization and escapes in the browser about section
* Call complete on destroy subject rather than unsubscribe
* use mediumDate and formatDate for the last seen date messaging
* Add ThirdPartyServerName in example
* Add deprecated note per Oscar's comment
* [SM-90] Change to using a modal for browser about (#3417)
* Fix inconsistent constructor null checking
* ServerConfig can be null, fixes this
* Switch to call super first, as required
* remove unneeded null checks
* Remove null checks from server-config.data.ts class
* Update via PR comments and add back needed null check in server conf obj
* Remove type annotation from serverConfig$
* Update self-hosted to be <small> per design decision
* Re-fetch config every hour
* Make third party server version <small> and change wording per Oscar's PR comment
* Add expiresSoon function and re-fetch if the serverConfig will expire soon (older than 18 hours)
* Fix misaligned small third party server message text
Co-authored-by: Addison Beck <addisonbeck1@gmail.com>
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* [EC-381] Deleted unused method clearCache from Settings Service
* [EC-381] Marked settings methods as obsolete on State service
* [EC-381] Using observables on settings service
* [EC-381] Added unit tests for Settings service
* [EC-381] Checking userId on clear
* [EC-381] Updated references to StateService activeAccountUnlocked$
* [EC-381] Updated getEquivalentDomains to return observable
* [EC-381] Updated settings service to user concatMap on activeAccountUnlocked$
* [EC-381] Renamed getEquivalentDomains to equivalentDomains
* [EC-381] Completing Behaviors on settings.service tests
* [EC-381] Removed unused settingsPrefix from settings service
* [EC-381] Removed equivalentDomains from settings service and added type AccountSettingsSettings
* [EC-381] Updated settings service settings$ to not be nullable
* [EC-381] Settings default to {}
* Work on background service worker.
* Work on shortcuts
* Work on supporting service worker
* Put new background behind version check
* Fix build
* Use new storage service
* create commands from crypto service (#2995)
* Work on service worker autofill
* Got basic autofill working
* Final touches
* Work on tests
* Revert some changes
* Add modifications
* Remove unused ciphers for now
* Cleanup
* Address PR feedback
* Update lock file
* Update noop service
* Add chrome type
* Handle "/" in branch names
Updates web workflow to handle the `/` in branch names when it's a PR.
* Remove any
Co-authored-by: Jake Fink <jfink@bitwarden.com>
Co-authored-by: Micaiah Martin <77340197+mimartin12@users.noreply.github.com>
* Change subscription to rely on observables and not on BehaviourSubject
* Ensure OnDestroy is added to AppComponent
* Fix check for no active accounts to redirect to the login page instead of lock
* Change subscription handling on SearchBarService
* Fix naming convention: Observables should have a $ suffix
* Remove obsolete linter hint
* Fix activeAccountUnlocked getting exposed as Observable but is instantiated as BehaviourSubject
* Removed check for getBiometricLocked
It always returned false even when no biometrics were used.
* Remove the other check for getBiometricsLocked
* Ensure that biometricFingerprintValidation is reset, when biometrics are disabled
* Removed getBiometricsLocked and setBiometricsLocked
With nothing in the codebase reading the state of getBiometricsLocked, I've removed all places where it was set or saved.
* Refactor execution of reload into a separate method
* Conditonally pass the window object to `BrowserApi.reloadExtension`
* Clarify in comment, that the PIN has to be set with ask for Master Password on restart
* Ensure the process reload is executed on logout
* Use accounts instead of lastActive == null to determine a reload on logout
* Moved identical logic from desktop and browser into system.service
* Simplified check for refresh to handle no accounts found, logout, lock with lastActive longer than 5 seconds
* Move resolveLegacyKey to encryptService for utf8 decryption
* Deprecate account.keys.legacyEtmKey
Includes migration to tidy up leftover data
* Use new IEncrypted interface
* Use abstract methods and generics in StorageService
* Prepend `Abstract` to abstract classes
* Create session browser storage service
* Use memory storage service for state memory
* Inject memory storage service
* Maintain filename extensions to help ide formatting
* Preserve state if it's still in memory
* Use jslib's memory storage service
* linter
* Create prototypes on stored objects
* standardize package scripts
* Add type safety to `withPrototype` decorators
* webpack notify manifest version
* Fix desktop
* linter
* Fix script
* Improve prototye application
* do not change prototype if it already matches desired
* fix error with object values prototype application
* Handle null state
* Apply prototypes to browser-specific state
* Add angular language server to recommended extensions
* Improve browser state service tests
* Start testing state Service
* Fix abstract returns
* Move test setup files to not be picked up by default glob matchers
* Add key generation service
* Add low-dependency encrypt service
* Back crypto service with encrypt service.
We'll want to work items that don't require state over to encrypt service
* Add new storage service and tests
* Properly init more stored values
* Fix reload issues when state service is recovering state from session storage
Co-authored-by: Thomas Avery <Thomas-Avery@users.noreply.github.com>
Co-authored-by: Justin Baur <admin@justinbaur.com>
* Simplify encrypt service
* Do not log mac failures for local-backed session storage
* `content` changed to `main` in #2245
* Fix CLI
* Remove loggin
* PR feedback
* Merge remote-tracking branch 'origin/master' into add-memory-storage-to-state-service
* Fix desktop
* Fix decrypt method signature
* Minify if not development
* Key is required
Co-authored-by: Thomas Avery <Thomas-Avery@users.noreply.github.com>
Co-authored-by: Justin Baur <admin@justinbaur.com>
Matt Gibson
Shane Melton
Jake Fink
Vincent Salucci
Daniel James Smith
Oscar Hinton
Thomas Rittson
Will Martin
Robyn MacCallum
Bernd Schoolmann
Brandon Maharaj
Andreas Coroiu
Justin Baur
Colton Hurst
Rui Tomé
Justin Baur
Addison Beck