* Add fix for bw login with apikey argument fails bug
* Changes after running the prettier
* Revert chnages on the launch.json file
* Changes after running a lint
* Renaming a filename to remove capital letters
* Resolving the error on test run
* Renaming file names due lint errors
* Renaming new files to conform to snake case
* Remove the test for user api login strategy
* Adding the user api login test and file renaming
* Rename file name to organization-api-login.spec.ts
* Fixing the lint error on PR
* Adding the apiLogIn.strategy to whitelist-capital-letters
* Removing all the apiLogIn.strategy in whitelist-capital-letters.
* Fixing PR comment relating OrganizationApiTokenRequest
* Resolve PR comment on OrganizationApiTokenRequest model
* Fixing PR comment of separating organization token model
* fixing the lint error message
* Fixing the lint error
* Reverting the changes on lunch.js
* revert the actual content on launch.json
* Reverting changes relating to organization api login
* Removing the OrganizationIdentityTokenResponse file
* Removing OrganizationIdentityTokenResponse file
Co-authored-by: dynwee <onwudiweokeke@gmail.com>
* [EC-675] Add missing Event capture for viewing item Card Number
* [EC-675] Fix correct event type for viewing item Card Number
* Update apps/web/src/locales/en/messages.json
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* [SG-163] Two step login flow web (#3648)
* two step login flow
* moved code from old branch and reafctored
* fixed review comments
* [SG-164] Two Step Login Flow - Browser (#3793)
* Add new messages
* Remove SSO button from home component
* Change create account button to text
* Add top padding to create account link
* Add email input to HomeComponent
* Add continue button to email input
* Add form to home component
* Retreive email from state service
* Redirect to login after submit
* Add error message for invalid email
* Remove email input from login component
* Remove loggingInTo from under MP input
* Style the MP hint link
* Add self hosted domain to email form
* Made the mp hint link bold
* Add the new login button
* Style app-private-mode-warning in its component
* Bitwarden -> Login text change
* Remove the old login button
* Cancel -> Close text change
* Add avatar to login header
* Login -> LoginWithMasterPassword text change
* Add SSO button to login screen
* Add not you button
* Allow all clients to use the email query param on the login component
* Introduct HomeGuard
* Clear remembered email when clicking Not You
* Make remember email opt-in
* Use formGroup.patchValue instead of directly patching individual controls
* [SG-165] Desktop login flow changes (#3814)
* two step login flow
* moved code from old branch and reafctored
* fixed review comments
* Make toggleValidateEmail in base class public
* Add desktop login messages
* Desktop login flow changes
* Fix known device api error
* Only submit if email has been validated
* Clear remembered email when switching accounts
* Fix merge issue
* Add 'login with another device' button
* Remove 'log in with another device' button for now
* Pin login pag content to top instead of center justified
* Leave email if 'Not you?' is clicked
* Continue when enter is hit on email input
Co-authored-by: gbubemismith <gsmithwalter@gmail.com>
* [SG-750] and [SG-751] Web two step login bug fixes (#3843)
* Continue when enter is hit on email input
* Mark email input as touched on 'continue' so field is validated
* disable login with device on self-hosted (#3895)
* [SG-753] Keep email after hint component is launched in browser (#3883)
* Keep email after hint component is launched in browser
* Use query params instead of state for consistency
* Send email and rememberEmail to home component on navigation (#3897)
* removed avatar and close button from the password screen (#3901)
* [SG-781] Remove extra login page and remove rememberEmail code (#3902)
* Remove browser home guard
* Always remember email for browser
* Remove login landing page button
* [SG-782] Add login service to streamline login form data persistence (#3911)
* Add login service and abstraction
* Inject login service into apps
* Inject and use new service in login component
* Use service in hint component to prefill email
* Add method in LoginService to clear service values
* Add LoginService to two-factor component to clear values
* make login.service variables private
Co-authored-by: Gbubemi Smith <gsmith@bitwarden.com>
Co-authored-by: Addison Beck <addisonbeck1@gmail.com>
Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
Co-authored-by: gbubemismith <gsmithwalter@gmail.com>
* PS-976 - when user has cipher readonly permissions, prevent user from editing cipher fields and make separate api call that only updates Favorite and Folder values
* PS-976 - in the readonly edit cipher view, hide non-operable buttons and display select values as readonly input text
* PS-976 - update failing test
* PS-976 - split cipher saveWithServer call into Create and Update calls
* PS-976 - replace property with function call to get the card expiration month for the readonly view
* MM-976 - when user has readonly permissions hide "delete" button on View Item view, hide generate username/password buttons on Edit Item view
* PS-976 - rename cipherPartialRequest file to align with new naming convention
* Initial - add folder id to popup item view
* Add folder service to view component
* Move folder info higher in the item view as proper box
* Add folder name handling to component
* Add folder field to browser view
* Add folder field to desktop view
* Make folder field draggable
following the merging of https://github.com/bitwarden/clients/pull/3321 also make the folder field draggable
* Use `<label>` and readonly `<input>`
In anticipation of https://github.com/bitwarden/clients/pull/3485 being merged
* Changes from review
- change input name to `folderName`, match it in the `for` attribute on the `<label>`
- add an `if` check before querying folder names
* Match `name` to `id`
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* Added abstractions for PolicyApiService and PolicyService
* Added implementations for PolicyApiService and PolicyService
* Updated all references to new PolicyApiService and PolicyService
* Deleted old PolicyService abstraction and implementation
* Fixed CLI import path for policy.service
* Fixed main.background.ts policyApiService dependency for policyService
* Ran prettier
* Updated policy-api.service with the correct imports
* [EC-377] Removed methods from StateService that read policies
* [EC-377] Updated policy service getAll method to use observable collection
* [EC-377] Added first unit tests for policy service
* [EC-377] Added more unit tests for Policy Service
* [EC-376] Sorted methods order in PolicyApiService
* [EC-376] Removed unused clearCache method from PolicyService
* [EC-376] Added upsert method to PolicyService
* [EC-376] PolicyApiService putPolicy method now upserts data to PolicyService
* [EC-377] Removed tests for deleted clearCache method
* [EC-377] Added unit test for PolicyService.upsert
* [EC-377] Updated references to state service observables
* [EC-377] Removed getAll method from PolicyService and refactored components to use observable collection
* [EC-377] Updated components to use concatMap instead of async subscribe
* [EC-377] Removed getPolicyForOrganization from policyApiService
* [EC-377] Updated policyAppliesToUser to return observable collection
* [EC-377] Changed policyService.policyAppliesToUser to return observable
* [EC-377] Fixed browser settings.component.ts getting vault timeout
* Updated people.component.ts to get ResetPassword policy through a subscription
* [EC-377] Changed passwordGenerationService.getOptions to return observable
* [EC-377] Fixed CLI generate.command.ts getting enforcePasswordGeneratorPoliciesOnOptions
* [EC-377] Fixed eslint errors on rxjs
* [EC-377] Reverted changes on passwordGeneration.service and vaultTimeout.service
* [EC-377] Removed eslint disable on web/vault/add-edit-component
* [EC-377] Changed AccountData.policies to TemporaryDataEncryption
* [EC-377] Updated import.component to be reactive to policyAppliesToUser$
* [EC-377] Updated importBlockedByPolicy$
* [EC-377] Fixed missing rename
* [EC-377] Updated policyService.masterPasswordPolicyOptions to return observable
* [EC-377] Fixed vaultTimeout imports from merge
* [EC-377] Reverted call to passwordGenerationService.getOptions
* [EC-377] Reverted call to enforcePasswordGeneratorPoliciesOnOptions
* [EC-377] Removed unneeded ngOnDestroy
* Apply suggestions from code review
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* [EC-377] Fixed login.component.ts and register.component.ts
* [EC-377] Updated PolicyService to update vaultTimeout
* [EC-377] Updated PolicyService dependencies
* [EC-377] Renamed policyAppliesToUser to policyAppliesToActiveUser
* [EC-377] VaultTimeoutSettings service now gets the vault timeout directly instead of using observables
* [EC-377] Fixed unit tests by removing unneeded vaultTimeoutSettingsService
* [EC-377] Set getDecryptedPolicies and setDecryptedPolicies as deprecated
* [EC-377] Set PolicyService.getAll as deprecated and updated to use prototype.hasOwnProperty
* [EC-565] Reverted unintended change to vaultTimeoutSettings that was causing a bug to not display the correct vault timeout
* [EC-377] Removed unneeded destroy$ from preferences.component.ts
* [EC-377] Fixed policy.service.ts import of OrganizationService
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
Co-authored-by: mimartin12 <77340197+mimartin12@users.noreply.github.com>
* Fix async subscribe
* Revert "[PS-1066] Browser and Desktop - SSO User does not see Update Master Password screen after Owner does a Admin Password Reset (#3207)"
This reverts commit 0eda418591.
* Update imports
* Implement observables in a few places
* Add tests
* Get all clients working
* Use _destroy
* Address PR feedback
* Address PR feedback
* Address feedback
* passwordless login page redesign
* passwordless login page redesign
* restyled login form to use tailwind
* restyled login form to use tailwind
* moved texts on login device template to locales
* made reactive form changes for clients
* added request model
* made more changes
* added implmentation to auth request api
* fixed refrencing issue
* renamed model property
* Added resend notification functionality
* Added new file
* login with device first draft
* login with device first draft
* login with device first draft
* login with device first draft
* connection to anonymous hub
* connection to anonymous hub
* refactored confirm login response
* removed comment
* cleaned up login
* changed uptyped form builder
* changed uptyped form builder
* [SG-168] Update login strategy with passwordless login credentials.
* [SG-168] Removed logs. Changed inputs for passwordless logic strategy. Removed tokenRequestPasswordless it is using the same as password.
* code cleanup
* code cleanup
* removed login with device from self hosted
* fixed PR comments
* added module for login
* fixed post request bug
* added feature flag
* added feature flag
* added feature flag
Co-authored-by: André Bispo <abispo@bitwarden.com>
* Use a captcha bypass during registration
The trial initiation flow has a registration step that automatically
does a login in the background. This has Captcha problems, namely that
it can spawn two captchas in a row - one during registration and one
during login. This is not ideal UX, so we've added a bypass token that
returns from the registration endpoint that can be used to skip the next
captcha.
* [review] Introduce ICaptcheProtectedResponse
* [refactor] Isolate form validation logic
* [refactor] Relocate a few input scrubbing lines
* [refactor] Isolate RegisterRequest object construction logic
* [refactor] Isolate account registration logic
* [refactor] Isolate login logic
* [fix] Check for captchas during login from trial initiation
* [fix] Avoid a duplicated toast if the account was already created
* CL-7 Begin Implementing Avatar
* add figma design to parameters
* rework size property
* Update Figma file to correct component
* remove circle input (avatar will always be a circle)
* adjust sizing and limit inputs
* Setup color input and functionality
* Add border option
* fix bug duplicating classes
* Update size for large avatar
* Remove unnecessary class
* Fix typo
* Remove 'dynamic' input (Avatar will now regenerate on changes by default)
* Use Tailwind class instead of an arbitrary value
* Remove gravatars (deprecated, see SG-434)
* Rename methods to a more accurate name
* Rework classList() getter method
* Remove unnecessary logic and services
* Make properties private, and rename for better clarity
* Move sanitizer logic to the TS code rather than the template
* Rework and move function to a common static class in Utils
* Rename 'data' to 'text' for clarity
* Rework classList implementation
* Remove email since we removed gravatars
* Remove template
* set color based on color, id, or text input
* rework generate method
* add explicit null/undefined check
* remove comment
Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com>
* Extract into new VaultTimeoutSettingsService
* Ensure new service is instantiated and registered for DI
* Create vaultTimeoutSettingsServiceFactory
* Fix VaultTimeoutServiceFactory
* Remove any and use void instead
* Move vaultTimeoutAbstraction into it's own folder
* Move vaultTimeout service into it's own folder
* Added vaultTimeoutServiceFactory and it's missing dependencies
* Rough draft of Export/Import changes w/ password encryption
* fix for encrypted export changes
* Create launch.json
* Updates to export logic modal user secret prompt
* Updates to error handling
* renaming the component for checking the user secret to a name that is more clear about what it accomplishes
* Fixing lint errors
* Adding a comment
* Suggested changes from CR
* Suggested changes from CR
* Making suggested changes
* removing unnecessary properties
* changes suggested
* Fix
* Updating error messages
* Removing unecessary launch.json file commit
* running lint, removing commented code
* removing launch.json
* Updates to remove the userVerificationPromptService
* updates
* Removing unused import, running npm prettier/lint
* Changes to use Form Fields
* Updates
* updates requested by Matt
* Update apps/web/src/app/tools/import-export/export.component.ts
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* Suggested Changes from PR
* Fix after merge from Master
* changes to styling
* Removing unused code and cleanup
* Update libs/angular/src/components/user-verification-prompt.component.ts
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* Update apps/web/src/locales/en/messages.json
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* Changes suggested by Thomas R
* Merging master into branch
* Revert "Merging master into branch"
This reverts commit eb2cdffe49.
* Requested changes and improvements
* merging master into feature branch
* Revert "merging master into feature branch"
This reverts commit e287715251.
* Suggested Changes
* changes
* requested changes
* Requested changes
* removing comments, fixing code
* reducing copied code
* fixing bug
* fixing bug
* changes
* WIP
* Thomas's requested changes
* adding back missing spaces
* change needed after the merge from master into feature branch
* prettier + lint
* Updating the EncryptedExportType Import
* Fixing build errors
Co-authored-by: Thomas Rittson <eliykat@users.noreply.github.com>
* Move FilePasswordPrompt to ImportExportModule
Also remove base class
Also remove duplicate service providers
* Run prettier
* Suggested Changes from Thomas
* only require filePassword and confirmFilePassword if it's type is FileEncrypted
* Update to only enable the field when submitting a file password encrypted file
* Requested changes, moving logic to web
* undoing change to bit button
* Refactor to process file-encrypted imports in main import.component
* Refactor confirm file password check
* Remove UserVerificationPromptService
* Address CodeScene feedback
* Updates to disable the required file password field when needed
* Subscribe to reactive form changes to adjust validators
* style changes requested by suhkleen
* Delete duplicate classes
Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <eliykat@users.noreply.github.com>
* Extract method for unlockWithPin
* Extract method for unlockWithMasterPassword
* Switch condition and use early return
* Moved logic that belongs together closer together
* Make unlockWithPin and unlockWithMP private and move them below the public methods
* Extract to new method handlePinRequiredUnlock
Remove kdf and kdfIteration params
* Extract to new method handleMasterPasswordRequiredUnlock
Remove kdf and kdfIteration params
* Change subscription to rely on observables and not on BehaviourSubject
* Ensure OnDestroy is added to AppComponent
* Fix check for no active accounts to redirect to the login page instead of lock
* Change subscription handling on SearchBarService
* Fix naming convention: Observables should have a $ suffix
* Remove obsolete linter hint
* Fix activeAccountUnlocked getting exposed as Observable but is instantiated as BehaviourSubject
* Add managed_schema
* Add note on login page which server you are logging into.
* Implement it
* Remove caching logic since it seems unecessary
* Add error
* Handle error in hasManagedEnvironment
* Fix compile
* Added abstractions for PolicyApiService and PolicyService
* Added implementations for PolicyApiService and PolicyService
* Updated all references to new PolicyApiService and PolicyService
* Deleted old PolicyService abstraction and implementation
* Fixed CLI import path for policy.service
* Fixed main.background.ts policyApiService dependency for policyService
* Updated policy-api.service with the correct imports
* [EC-376] Sorted methods order in PolicyApiService
* [EC-376] Removed unused clearCache method from PolicyService
* [EC-376] Added upsert method to PolicyService
* [EC-376] PolicyApiService putPolicy method now upserts data to PolicyService
* Removed check for getBiometricLocked
It always returned false even when no biometrics were used.
* Remove the other check for getBiometricsLocked
* Ensure that biometricFingerprintValidation is reset, when biometrics are disabled
* Removed getBiometricsLocked and setBiometricsLocked
With nothing in the codebase reading the state of getBiometricsLocked, I've removed all places where it was set or saved.
* Refactor execution of reload into a separate method
* Conditonally pass the window object to `BrowserApi.reloadExtension`
* Clarify in comment, that the PIN has to be set with ask for Master Password on restart
* Ensure the process reload is executed on logout
* Use accounts instead of lastActive == null to determine a reload on logout
* Moved identical logic from desktop and browser into system.service
* Simplified check for refresh to handle no accounts found, logout, lock with lastActive longer than 5 seconds
* moved password strength to libs
* refactored password strength component
* made changes on desktop and browser to reuse component
* resolved suggestions from PR review
* shared module restructure
* shared module restructure
* [EC-317] feat: add delete account section in settings
* [EC-317] feat: add new delete account modal
* [EC-317] feat: add ability to replace top-most modal
* [EC-317] chore: remove unecessary lint ignore
* [EC-317] fix: so delete account is closed if export vault is opened
* [EC-317] feat: inital delete account design without i18n
* [EC-317] feat: disabled but basic working delete functionality
* [EC-317] feat: implement according to new design
* [EC-317] feat: use translations
* [EC-317] feat: implement working deletion
* [EC-317] feat: add loading state and error messages
* [EC-317] feat: add menu bar item
* [EC-317] feat: update form to support typed reactive forms
* [EC-317] chore: update translation text after design review
* [EC-317] feat: move deletion logic to service
* [EC-317] refactor: update web deletion
* [EC-317] feat: disable submit if secret is empty
* [EC-317] fix: handle errors in components as well
* [EC-317] fix: use abstraction as interface
* [EC-317] refactor: extract deleteAccount from api service
* [EC-317] fix: typo in translations
* [EC-317] chore: rename to accountApiService
* [refactor] Introduce a file download service
* [refactor] Point platformUtilsService.saveFile() callers to fileDownloadService.download() instead
* [refactor] Remove platformUtilsService.saveFile()
* [fix] Force send attachments to always download and never open
* [fix] Remove the window property from FileDownloadRequest
* [fix] Move FileDownloadRequest to /abstractions/fileDownload
* [fix] Simplify FileDownloadRequest to a type
* [fix] Move BrowserApi.saveFile logic into BrowserFileDownloadService
* [fix] Use proper blob types for file downloads
* [fix] forceDownload -> downloadMethod on FileDownloadRequest
* [fix] Remove fileType from FileDownloadRequest
* [fix] Make fileType private
cyprain-okeke
Rui Tomé
Gbubemi Smith
Todd Martin
Oscar Hinton
dgoodman-bw
Patrick H. Lauke
cd-bitwarden
Daniel James Smith
Justin Baur
Addison Beck
Gbubemi Smith
André Filipe da Silva Bispo
rr-bw
Kyle Spearrin
Justin Baur
David S
Justin Baur
Andreas Coroiu
Thomas Rittson
Vitaly Baev
Robyn MacCallum
Matt Gibson