Commit Graph

1602 Commits

Author SHA1 Message Date
Jake Fink 59a5300458
move sso properties to globalstate (#583)
* move sso properties to globalstate

* whitespace

* npm prettier changes
2021-12-17 11:24:38 -05:00
Linus Aarnio a8168d6ee7
Fix for issue #1287 in bitwarden/web (#569)
* Format the fieldvalue as a LocaleDateString instead of epoch when importing a date from 1P

This would be better solved by storing it as a date FieldType instead of Text. But since it is unclear when new field types are added, this solution serves as a fix for now and also guides the solution when new fieldtype exists.

* Remove trailing whitespace

* Add tests for custom fields of 1pif imported identity

* Change representation of 1pif imported dates to UTC string

* Changes after running prettier

Co-authored-by: Daniel James Smith <djsmith@web.de>
2021-12-16 18:46:33 +01:00
Linus Aarnio e9666458c4
Select an image to display for credit cards based on the brand. (#537)
Co-authored-by: Hinton <oscar@oscarhinton.com>
2021-12-16 18:41:37 +01:00
Daniel James Smith 36b3aea758
Update README.md (#586)
* Update README.md

* Replace header Git diff with Git blame
2021-12-16 14:38:11 +01:00
Oscar Hinton cf1d82ac66
Add .git-blame-ignore-revs and prettier instructions (#585) 2021-12-16 14:10:11 +01:00
Oscar Hinton 193434461d
Apply Prettier (#581) 2021-12-16 13:36:21 +01:00
Oscar Hinton 8b2dfc6cdc
Add Prettier configuration (#574) 2021-12-16 12:45:01 +01:00
Addison Beck 512c5c2837
[bug] Correct storage location of organizations (#580) 2021-12-14 22:04:39 -05:00
Daniel James Smith 3fc7dd7089
Bump electron to 16 (#579)
* Bump electron to 16.0.2

* Bump electron-update to 4.6.1
2021-12-14 19:03:54 +01:00
Daniel James Smith 8644d84e68
FSescure-Importer: Add support for style = global (#578)
* Fescure-Importer: Add support for style = global

* Fix linting
2021-12-14 10:22:09 +01:00
Addison Beck f90b3456d5
[Account Switching] [Feature] Allow clients to store data for more than one user (#491)
* [refactor] Extract, rename, and expand StorageServiceOptions

* Pulled StorageServiceOptions into its own file
* Renamed StorageServiceOptions to StorageOptions
* Pulled KeySuffixOpptions into its own file
* Converted KeySuffixOptions into an enum from a union type

* [refactor] Expand StateService into a full coverage storage proxy

* Expand StateService to allow it to manage all data points of the application state regardless of memory.
* Expand StateService to allow for storing and managing multiple accounts

* [refactor] Create helper services for managing organization and provider state data

* [refactor] Implement StateService across service layer

* Remove service level variables used for in memory data storage and replaced with calls to StateService
* Remove direct calls to StorageService in favor of using StateService as a proxy

* [feature] Implement account switching capable services across components and processes

* Replace calls to StorageService and deprecated services with calls to a StateService

* [chore] Remove unused services

Several services are no longer in use because of the expanded state service. These have simply been removed.

* [bug] Add loginRedirect to the account model

* [bug] Add awaits to newly async calls in TokenService

* [bug] Add several missing awaits

* [bug] Add state service handlers for AutoConfirmFingerprint

* [bug] Move TwoFactorToken to global state

* Update unauth-guard.service.ts

Add back return true

* [refactor] Slim down the boilerplate needed to manage options on StateService calls

* [bug] Allow the lock message handler to manipulate a specific acount

* [bug] Add missing await to auth guard

* [bug] Adjust state scope of several biometric data points

* [bug] Ensure vault locking logic can operate over non-active accounts

* [style] Fix lint complaints

* [bug] Move disableFavicon to global state

* [refactor] Remove an unecassary parameter from a StorageOptions instance

* [bug] Ensure HtmlStorageService paths are accounted for in StateService

* [feature] Add a server url helper to the account model for the account switcher

* [refactor] Remove some unused getters from the account model

* [bug] Ensure locking and logging out can function over any user

* Fix account getting set to null in getAccountFromDisk

* [bug] Ensure lock component is always working with the latest active account in state

* [chore] Update recent KeyConnector changes to use stateService

* [style] Fix lint complaints

* [chore] Resolve TokenService merge issues from KeyConnector

* [bug] Add missing service arguement

* [bug] Correct several default storage option types

* [bug] Check for the right key in hasEncKey

* [bug] Add enableFullWidth to the account model

* [style] Fix lint complaints

* [review] Revist remember email

* [refactor] Remove RememberEmail from state

* setDisableFavicon to correct storage location

* [bug] Convert vault lock loop returns into continues to not skip secondary accounts

* [review] Sorted state service methods

* [bug] Correct neverDomains type on the account model

* [review] Rename stateService.purge to stateService.clean

* [review] [refactor] Extract lock refresh logic to a load function

* [review] [refactor] Extract some timeout logic to dedicated functions

* [review] [refactor] Move AuthenticationStatus to a dedicated file

* [review] [refactor] Rename Globals to GlobalState

* [style] Fix lint complaints

* [review] Remove unused global state property for decodedToken

* [review] [bug] Adjust state scope for OrganizationInvitation

* [review] [bug] Put back the homepage variable in lock guard

* [review] Un-try-catch the window creation function

* Revert "[review] [bug] Adjust state scope for OrganizationInvitation"

This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497.

* [bug] Change || to && in recent vault timeout refactor

* [bug] Keep up with entire state in storage instead of just accounts and globals

Not having access to the last active user was creating issues across clients when restarting the process.
For example: when refreshing the page on web we no longer maintain an understanding of who is logged in.

To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals.
This allows for more flexible saving, like saving activeUserId as a top level storage item.

* [style] Fix lint complaints

* Revert "[bug] Keep up with entire state in storage instead of just accounts and globals"

This reverts commit e8970725be472386358c1e2f06f53663c4979e0e.

* [bug] Initialize GlobalState by default

* [bug] Only get key hash from storage

* [bug] Remove settings storage location overrides

* [bug] Only save accessToken to storage

* [refactor] Remove unecassary argements from electron crypto state calls

* [bug] Ensure keys and tokens load and save to the right locations for web

* [style] Fix lint complaints

* [bug] Remove keySuffix storage option and split uses into unique methods

The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state.
This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly.

* [bug] Add default vault timeouts to new accounts

* [bug] Save appId as a top level storage item

* [bug] Add missing await to timeout logic

* [bug] Adjust state scope for everBeenUnlocked

* [bug] Clear access tokens when loading account state from disk

* [bug] Adjust theme to be a global state item

* [bug] Adjust null checking for window in state

* [bug] Correct getGlobals not pulling from the stored state item

* [bug] Null check in memory account before claiming it has a userId

* [bug] Scaffold secure storage service when building storage objects on init

* [bug] Adjusted state scope of event collection

* [bug] Adjusted state scope of vault timeout and action

* [bug] Grab account from normal storage if secure storage is requested but does not exist

* [bug] Create a State if one is requested from memory before it exists

* [bug] Ensure all storage locations are cleared on state clean

* [style] Fix lint complaints

* [bug] Remove uneeded clearing of access token

* [bug] Reset tokens when toggling

* [refactor] Split up the Account model

Until this point the account model has been very flat, holding many kinds of data.

In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale,
the Account model has been divided into logical chunks.

* [bug] Correct the serverUrl helpers return

* Fix sends always coming back as empty in browser

* Get settings properly (I think)

* [bug] Fix lint error

* [bug] Add missing await to identity token refresh

This was causing weird behavior in web that was creating a lot of 429s

* [bug] Scaffold memory storage for web

Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in.
Namely, encrypted data that was recently synced had nowhere to save to and was lost.

* [bug] Implement better null handling in a few places for retrieving state

* [bug] Update correct storage locations on account removal

* [bug] Added missing awaits to lock component

* [bug] Reload lock component on account switching vs. account update

* [bug] Store master keys correctly

* [bug] Move some biometrics storage items to global state

* [feature] Add platform helper isMac()

* [refactor] Comment emphasis and call order refresh

* [refactor] Remove unecassary using

* [bug] Relocate authenticationStatus check logic to component

* [bug] Stop not clearing everything on state clean

* [style] Fix lint complaints

* [bug] Correct mismatched uses of encrypted and decrypted pin states

* Add browser specific state classes and methods

* lint fixes

* [bug] Migrate existing persistant data to new schema

* [style] Fix lint complaints

* [bug] Dont clear settings on state clean

* [bug] Maintain the right storage items on logout

* [chore] resolve issues from merge

* [bug] Resolve settings clearing on lock

* [chore] Added a comment

* [review] fromatting for code review

* Revert browser state items

Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com>
Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 11:15:16 -05:00
Daniel James Smith 8fc3cf50d2
Bump node to 16 and npm (#575)
* Bump engines required to node 16 and npm 8

* Bump @types/node to 16
The dep on node 14.18 will get cleaned up once we bump electron

* Modify build.yml to build with node 16 and npm 8

* Update requirements in README.md

* Remove install step for npm 8
npm v8.1.2 is included in node v16

* Rename install step

* Fixed typo
2021-12-13 11:43:10 +01:00
Daniel James Smith e9630eeae5
Sync package-lock.json after Angular bump (#573)
* Sync package-lock.json after Angular bump

* Add form-data as dev dependency and bump typescript

* Install rxjs as dev-dep in root package.json
2021-12-10 12:50:24 +01:00
Oscar Hinton 6a179ab2df
Bump angular to 12. (#571) 2021-12-09 15:00:26 +01:00
Oscar Hinton a6b95b15e3
Add toastr component (#568) 2021-12-07 19:15:56 +01:00
Oscar Hinton 5db94cc9d0
BEEEP: Move DI logic to jslib (#565) 2021-12-02 18:40:34 +00:00
Thomas Rittson 78429aa720
Change ngZone from private to protected (#567)
* Change ngZone from private to protected

* Remove unneeded file
2021-11-29 09:52:23 +10:00
Yuan Chao 920ec05fbb
Fix cursor location changing issue on toggle password (#561) 2021-11-29 07:30:32 +10:00
Matt Gibson d02fcd082e
Add sponsorship pre validate endpoint (#564) 2021-11-24 14:19:03 -06:00
Jake Fink 340a79bfe6
reset ownershipOptions on init (#563) 2021-11-24 09:01:38 -05:00
Matt Gibson e1c6e4973a
Fix cli user agent (#562) 2021-11-23 14:50:28 -06:00
Justin Baur b4f475251a
Feature/families for enterprise (#549)
* Families for enterprise/account settings (#541)

* Add node tests to pipeline (#525)

* Add support for crypto agent (#520)

* feat: add an importer for Safari (CSV) (#512)

* feat(importers/safariCsvImporter): add the importer for Safari (CSV)

* Revert changes to package-lock.json

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>

* Dynamically set electron user agent (#524)

* Dynamically set electron user agent

* PR review

* linter fixes

* Test agent static version does not change

* Fix formatting

* Add role="alert" to callouts only when enforceAlert is passed (#528)

* Add role="alert" to callouts when enforceAlert is passed

* Remove ElementRef and do a different way

* Rename input variable

* Add PR template (#529)

* Allow managers to create collections (#530)

* Pass in null for sso organziation for now. (#531)

This will bypass cryptoagent

* Add Linked Field as custom field type (#431)

* Basic proof of concept of Linked custom fields

* Linked Fields for all cipher types, use dropdown

* Move linkedFieldOptions to view models

* Move add-edit custom fields to own component

* Fix change handling if cipherType changes

* Use Field.LinkedId to store linked field info

* Refactor accessors in cipherView for type safety

* Use map for linkedFieldOptions

* Refactor: use decorators to record linkable info

* Add ItemView

* Use enums for linked field ids

* Add union type for linkedId enums, add jsdoc comment

* Use parameter properties for linkedFieldOption

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>

* Fix type casting

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>

* Update electron to 14.2.0 (#534)

* Update electron to 14.1.1

* Update electron to 14.2.0 and fix it to this version

* Removed ^ from electron in electron/package-lock.json

* [Linked fields] Reset linkedIds if cipher type changes (#535)

* Reset linkedIds if cipher type changes

* Only reset linkedId if !editmode

* Add call to server

* Fix linting

* Add call to server

* Fix linting

* Run linting

* Add new properties to organization

* Remove organizationUserId from request model

* Added in org sponsorship calls

* Sponsorship redeem existing org flow

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
Co-authored-by: Oscar Hinton <oscar@oscarhinton.com>
Co-authored-by: pan93412 <pan93412@gmail.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>

* Revoke sponsorship uses organization id

* Expect information in billing items on whether the item is sponsored

* Families for enterprise/redeem card (#546)

* Add userservice helper

* Run linter

* Add resend email to api service (#548)

* Remove unneeded imports

* Remove unneeded files

* Add newline

* Reorder import

* Remove accidental newline

* Fix lint issue

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
Co-authored-by: Oscar Hinton <oscar@oscarhinton.com>
Co-authored-by: pan93412 <pan93412@gmail.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2021-11-19 17:24:55 -05:00
Oscar Hinton f4c66b2c8c
Add support for hiding input on lock screen if using key connector (#560) 2021-11-19 16:48:42 +01:00
Oscar Hinton a3e00cdc15
Add usesKeyConnector to OrganizationUserUserDetailsResponse (#559) 2021-11-19 15:04:32 +01:00
Oscar Hinton 8b01eea446
[Key Connector] Resolve desktop not prompting to remove password (#558) 2021-11-19 13:35:12 +01:00
Thomas Rittson 10fa164ffc
Add FirstSsoLogin event (#555) 2021-11-19 05:40:30 +10:00
Oscar Hinton 9b7aaa272d
Add confirm identity helper text to password in verify component (#554) 2021-11-18 16:24:15 +01:00
Thomas Rittson fc0d624621
[Key Connector] Hide "Master Pass On Restart" prompt when setting pin (#556)
* Disable Master Pass on Restart for Key Connector

* Fix linting
2021-11-18 21:20:55 +10:00
Thomas Rittson 07dde6e321
Add getKeyConnectorAlive to ApiService (#543) 2021-11-18 21:11:55 +10:00
Oscar Hinton ea9a8b979d
Update verify master password component (#553) 2021-11-17 11:57:05 +01:00
Oscar Hinton e1b1efeea2
Add useKeyConnector flag (#551) 2021-11-17 11:42:24 +01:00
Thomas Rittson 720967475b
Update base export component for userVerificationService changes (#552)
* Use new try/catch pattern in export.component

* Set initial value in VerifyMasterPass component
2021-11-16 19:43:37 +10:00
Thomas Rittson 386903f5a9
[Key Connector] QA fixes for CLI and Desktop (#544)
* Make UserVerificationService compatible with CLI

* Refactor error handling

* Fix i18n key name

* Add apiUseKeyConnector flag to TokenResponse

* Always require keyConnectorUrl to be passed in

* Throw errors in userVerificationService

* Use requestOTP in UserVerificationService

* Remove unused deps

* Fix linting
2021-11-16 07:53:57 +10:00
Thomas Rittson 06c9df97ad
Update Safari importer to be Safari and macOS importer (#550)
* Rename Safari importer to Safari and macOS

* Order featured import options alphabetically
2021-11-15 19:49:19 +10:00
Thomas Rittson e02e663ce1
[Linked Fields] Fix QA feedback (#542)
* Fix bug overwriting custom field types

* Add linkedId to export model for CLI
2021-11-12 05:59:01 +10:00
Kyle Spearrin b99103d3f7
validate path for directory traversal (#540)
* validate path for directory traversal

* use previously constructed requestUrl
2021-11-10 15:13:13 -05:00
Kyle Spearrin 1b4a5508bd Revert "clean api url paths from directory traversal (#539)"
This reverts commit ea29f580a5.
2021-11-10 13:37:31 -05:00
Kyle Spearrin ea29f580a5
clean api url paths from directory traversal (#539) 2021-11-09 15:37:58 -05:00
Kyle Spearrin c4fb4a35ab
don't allow @ character in uriString prefixing (#538) 2021-11-09 11:16:40 -05:00
Oscar Hinton 8f177e2d3a
Add support for requesting and using otp for verifying some requests (#527)
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
2021-11-09 17:01:22 +01:00
Thomas Rittson 99ff3feb53
[Linked fields] Fix change detection on cipherType (#536)
* Fix bug that clears linkedId values when editing

* Add null check

* Fix linting
2021-11-09 21:57:33 +10:00
Thomas Rittson 2db9e1ce0d
[Linked fields] Reset linkedIds if cipher type changes (#535)
* Reset linkedIds if cipher type changes

* Only reset linkedId if !editmode
2021-11-04 07:24:45 +10:00
Daniel James Smith e2c72a75f9
Update electron to 14.2.0 (#534)
* Update electron to 14.1.1

* Update electron to 14.2.0 and fix it to this version

* Removed ^ from electron in electron/package-lock.json
2021-11-03 17:18:19 +01:00
Thomas Rittson dbda39e10f
Add Linked Field as custom field type (#431)
* Basic proof of concept of Linked custom fields

* Linked Fields for all cipher types, use dropdown

* Move linkedFieldOptions to view models

* Move add-edit custom fields to own component

* Fix change handling if cipherType changes

* Use Field.LinkedId to store linked field info

* Refactor accessors in cipherView for type safety

* Use map for linkedFieldOptions

* Refactor: use decorators to record linkable info

* Add ItemView

* Use enums for linked field ids

* Add union type for linkedId enums, add jsdoc comment

* Use parameter properties for linkedFieldOption

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>

* Fix type casting

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
2021-11-03 08:03:37 +10:00
Matt Gibson 1bd968a023
Pass in null for sso organziation for now. (#531)
This will bypass cryptoagent
2021-10-28 10:03:03 -05:00
Matt Gibson e90cc40f68
Allow managers to create collections (#530) 2021-10-27 13:06:27 -05:00
Thomas Rittson bf6e9848e7
Add PR template (#529) 2021-10-27 19:00:34 +10:00
Robyn MacCallum 031cbff556
Add role="alert" to callouts only when enforceAlert is passed (#528)
* Add role="alert" to callouts when enforceAlert is passed

* Remove ElementRef and do a different way

* Rename input variable
2021-10-26 11:41:46 -04:00
Matt Gibson 0f9c2205d5
Dynamically set electron user agent (#524)
* Dynamically set electron user agent

* PR review

* linter fixes

* Test agent static version does not change

* Fix formatting
2021-10-26 08:45:32 -05:00
pan93412 257de6517c
feat: add an importer for Safari (CSV) (#512)
* feat(importers/safariCsvImporter): add the importer for Safari (CSV)

* Revert changes to package-lock.json

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
2021-10-26 17:00:03 +10:00