Commit Graph

13754 Commits

Author SHA1 Message Date
ttalty c4b31c9f8f
Tools/pm 3567 import xxe detection (#6918)
* RegEx to prevent external entities from being imported in xml

* Adding the test case

* Changing the regex and updating test case description
2023-12-08 09:50:02 -05:00
renovate[bot] 31112d8033
[deps] Tools: Update @types/zxcvbn to v4.4.4 (#7143)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-08 14:10:40 +01:00
Daniel James Smith d76602343f
Bump electron to v27.1.3 (#7134)
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2023-12-08 13:07:46 +01:00
github-actions[bot] 7289111399
Autosync the updated translations (#7139)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2023-12-08 11:33:21 +00:00
Daniel García db3bbc0aea
[PM-5144] Use sync fs in desktop i18n loading (#7114) 2023-12-08 12:15:46 +01:00
github-actions[bot] c8c52957a0
Autosync the updated translations (#7140)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2023-12-08 12:02:15 +01:00
github-actions[bot] e0229021b0
Autosync the updated translations (#7138)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2023-12-08 11:56:31 +01:00
Cesar Gonzalez dafb251cac
[PM-4923] Form elements that fade into view contain incorrectly cached page details (#6953)
* [PM-4923] Form Elements that Fade into View Contain Incorrectly Cached Page Details

* [PM-4923] Form Elements that Fade into View Contain Incorrectly Cached Page Details

* [PM-4923] Running prettier on implementation
2023-12-07 22:23:42 +00:00
Thomas Avery 51c5e053f7
[SM-909] Migrate service account people tab to new selector (#6534)
* migrate sa -> people tab to new selector

* remove unused code

* Add access token still available warning
2023-12-07 15:33:45 -06:00
Cesar Gonzalez e5b8fd4388
[PM-5148] Removing Browser Autofill Override Setting and Add Message (#7110)
* [PM-5148] Removing Browser Autofill Override Setting and Add Message

* [PM-5148] Removing translation keys

* [PM-5148] Removing translation keys

* [PM-5148] Modifying how we present the link to users to ensure translations can be more effective
2023-12-07 20:39:28 +00:00
Todd Martin 2b3faca86b
Move PasswordStrengthComponent to Tools (#7125)
* Moved password-strength component to Tools

* Move zxcvbn into Tools ownership

zxcvbn is the library currently used to calculate the password-strength

---------

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2023-12-07 14:11:05 -05:00
renovate[bot] f56e8266c2
[deps] SM: Update typescript-eslint monorepo to v6 (#7071)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-07 10:22:30 -06:00
renovate[bot] 77c54c2765
[deps] Tools: Update oidc-client-ts to v2.4.0 (#7131)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-07 12:46:47 +01:00
renovate[bot] 9109c19672
[deps] Tools: Update @types/jsdom to v21.1.6 (#7129)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-07 12:45:31 +01:00
renovate[bot] 2b9635cb9a
[deps] Tools: Update jsdom to v23 (#7130)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-07 12:39:16 +01:00
Justin Baur c3e114e36f
Update Expectations of `update` method (#7119)
* Update Expectations of `update` method

Change `update` to return current state
when `shouldUpdate` returns false.

* Delete Accidental Tests
2023-12-06 14:14:49 -05:00
github-actions[bot] 6ddf87bc72
Bumped desktop version to 2023.12.1 (#7123)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2023-12-06 13:35:32 -05:00
Matt Gibson 09d626bb4b
[PM-4345] Ps/provide migration helpers for key definitions (#7050)
* Provide helpers to build keys from KeyDefinitions

* Move usage comments to the helper class

* `npm run prettier` 🤖

* Prefer setters and getters to key builders

* Add documentation to migration helper methods

* Fix migration helper tests

* Prefer defined types to ad hoc

* `npm run prettier` 🤖
2023-12-06 13:07:27 -05:00
rr-bw ac899bebeb
[PM-194] Browser Account Switcher UI (#6772)
* Handle switch messaging

TODO: handle loading state for account switcher

* Async updates required for state

* Fallback to email for current account avatar

* Await un-awaited promises

* Remove unnecessary Prune

Prune was getting confused in browser and deleting memory in browser on
account switch. This method isn't needed since logout already removes
memory data, which is the condition for pruning

* Fix temp password in browser

* Use direct memory access until data is serializable

Safari uses a different message object extraction than firefox/chrome
and is removing `UInt8Array`s. Until all data passed into StorageService
is guaranteed serializable, we need to use direct access in state
service

* Reload badge and context menu on switch

* Gracefully switch account as they log out.

* Maintain location on account switch

* Remove unused state definitions

* Prefer null for state

undefined can be misinterpreted to indicate a value has not been set.

* Hack: structured clone in memory storage

We are currently getting dead objects on account switch due to updating
the object in the foreground state service. However, the storage service
is owned by the background. This structured clone hack ensures that all
objects stored in memory are owned by the appropriate context

* Null check nullable values

active account can be null, so we should include null safety in the
equality

* Correct background->foreground switch command

* Already providing background memory storage

* Handle connection and clipboard on switch account

* Prefer strict equal

* Ensure structuredClone is available to jsdom

This is a deficiency in jsdom --
https://github.com/jsdom/jsdom/issues/3363 -- structured clone is well
supported.

* Fixup types in faker class

* add avatar and simple navigation to header

* add options buttons

* add app-header to necessary pages

* add back button and adjust avatar sizes

* add helper text when account limit reached

* convert magic number to constant

* add clarifying comment

* adjust homepage header styles

* navigate to previousp page upon avatar click when already on '/account-switcher'

* move account UI to own component

* add i18n

* show correct auth status

* add aria-hidden to icons

* use listbox role

* add screen reader accessibility to account component

* more SR a11y updates to account component

* add hover and focus states to avatar

* refactor hover and focus states for avatar

* add screen reader text for avatar

* add slide-down animation on account switcher close

* remove comment

* setup account component story

* add all stories

* move navigation call to account component

* implement account lock

* add button hover effect

* implement account logout

* implement lockAll accounts functionality

* replace 'any' with custom type

* add account switcher button to /home login page

* use <main> tag (enables scrolling)

* change temp server filler name

* temporarily remove server arg from account story

* don't show avatar on /home if no accounts, and don't show 'lock'/'logout' buttons if no currentAccount

* add translation and a11y to /home avatar

* add correct server url to account component

* add 'server' to AccountOption type

* Enabled account switching client-side feature flag.

* add slide-in transition to /account-switcher page

* change capitalization to reflect figma design

* make screen reader read active account email, address more capitalization

* fix web avatar misalignment

* make avatar color based on user settings and in sync with other clients

* make property private

* change accountOptions to availableAccounts for clarity

* refactor to remove 'else' template ref

* remove empty scss rule

* use tailwind instead of scss

* rename isSelected to isActive

* add 'isButton' to /home page avatar

* move files to services folder

* update import

* Remove duplicate active account button

* Move no account button to current-account component

* Always complete logging out

Fixes PM-4866

* make screenreader read off email, not name

* refactor avatar for button case

* Do not next object updates

StateService's init was calling `updateState` at multiple layers,
once overall and then again for each account updated. Because
we were not maintaining a single state object through the
process, it was ending up in a consistent, but incomplete state.
Fixed by returning the updated state everywhere. This very well
may not be all the bugs associated with this

* Treat null switch account as no active user

* Listen for switchAccountFinish before routing (#6950)

* adjust avatar style when wrapped in a button

* show alt text for favicon setting

* move stories to browser

* Send Finish Message on null

* Dynamically set active user when locking all

This is required because some user lock states are not recoverable after
process reload (those with logout timeout). This waits until reload is
occurring, then sets the next user appropriately

* Move Finished Message to Finally Block

Fix tests

* Drop problematic key migration

Fixes PM-4933. This was an instance of foreground/background collision
when writing state. We have several other fallbacks of clearing
these deprecated keys.

* Prefer location to homebrew router service

* Initialize account disk cache from background

Uses the `isRecoveredSession` bool to re-initialize foreground caches
from a background message. This avoids a lengthy first-read for
foregrounds

* PM-4865 - Browser Acct Switcher - only show lock btn for lockable accounts (#6991)

* Lock of active account first, when locking multiple.

Fixes PM-4996

* Fix linter

* Hide lock now for locked users (#7020)

* Hide lock now for locked users

* Prefer disabling button to removing

* Add tooltip to TDE without unlock method

* Load all auth states on state init (#7027)

This is a temporary fix until the owning services can update state
themselves. It uses the presence of an auto key to surmise unlocked
state on init. This is safe since it's run only once on extension start.

* Ps/pm 5004/add load to account switcher (#7032)

* Add load spinner to account switcher

* Remove ul list icons

* Properly size account switcher in popout

* [PM-5005] Prevent Double Navigation (#7035)

* Delete Overriden Method

* Add Lock Transition

* truncate email and server name

* remove account.stories.ts (will add in separate PR)

* Do not switch user at reload if no user is active

* fix prettier issues

---------

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
Co-authored-by: bnagawiecki <107435978+bnagawiecki@users.noreply.github.com>
2023-12-06 09:22:48 -08:00
Daniel James Smith 00faefa1d1
Update ownership in renovate config (#7118)
* Move tldts into ownership of autofill

This was initially introduced by me, but is largely used for validating urls for autofill.

* Move @types/jsdom and jsdom to tools

This dependency is only using within the importers in the cli (running node)

* Add oidc-client-ts to tools

This dependency got introduced with the Lastpass direct import

---------

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2023-12-06 10:39:29 -06:00
Todd Martin 299a880cba
[PM-5111] Reduce calls to config endpoint (#7069)
* Removed second active account observable and added distinctUntilChanged.

* Updated comment.
2023-12-06 11:21:29 -05:00
github-actions[bot] 0aca876b75
Bumped browser,cli,desktop version to 2023.12.0 (#7116)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2023-12-06 10:42:04 -05:00
Daniel James Smith 6846026961
Fix PhoneNumber value of 1pux LoginFieldTypeEnum (#7113)
According to https://support.1password.com/1pux-format/#item-details it needs to be `TEL` instead of `T`

As far as I know, this has not been an issue, as I haven't been able to create a loginfield of type PhoneNumber within 1Password.

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2023-12-06 09:36:15 -05:00
Daniel James Smith 5582d7644c
Add exception for en/messages.json to not be owned by anyone (#7112) 2023-12-06 07:31:36 -05:00
renovate[bot] cdb01ce8f7
[deps] SM: Update eslint-config-prettier to v9.1.0 (#7108)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-05 16:52:44 -06:00
renovate[bot] 022038e86c
[deps] SM: Update lint-staged to v15 (#7072)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-05 15:57:20 -06:00
renovate[bot] b3c01d4d3e
[deps] SM: Update eslint to v8.55.0 (#7092)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-05 14:54:42 -06:00
Oscar Hinton 2eebf890b5
[PM-4273] Add tests for TotpService (#7058)
Adds tests for the TOTP service in preparation for migrating it to the SDK.
2023-12-05 12:32:49 -05:00
Oscar Hinton 7bbdee9daa
[PM-3565] Enforce higher minimum KDF (#6440)
Changes minimum iterations for PBKDF2 to 600 000. Also converts the constants into ranges to ensure there is only a single place for all checks.
2023-12-05 10:55:12 -05:00
github-actions[bot] 56860482b1
Bumped web version to 2023.12.0 (#7105)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2023-12-05 10:54:08 -05:00
Matt Gibson e045c6b103
Ps/introduce single user state (#7053)
* Specify state provider for currently active user

* Split active and single user States

UserStateProvider is still the mechanism to build each State object.
The SingleUserState is basically a repeat of GlobalState, but with
additional scoping.

* Fixup global state cache

* fix fakers to new interface

* Make userId available in single user state

* Split providers by dependency requirements

This allows usage of the single state provider in contexts that would
otherwise form circular dependencies.

* Offer convenience wrapper classes for common use

* Import for docs

* Bind wrapped methods
2023-12-05 10:20:16 -05:00
Justin Baur 3deb6ea0c8
Only Keep Active User Alive When A View is Open (#7045) 2023-12-05 10:01:41 -05:00
Oscar Hinton 2fd30304d3
Remove tech-leads as default codeowner (#6986) 2023-12-05 15:55:53 +01:00
renovate[bot] 356be4d4dc
[deps] Tools: Update @electron/rebuild to v3.4.1 (#7103)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-05 15:22:01 +01:00
renovate[bot] 67f25eec1f
[deps] Tools: Update tldts to v6.1.0 (#7104)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-05 14:47:34 +01:00
Oscar Hinton 8fa4d1fea4
Pin chromatic workflow to v10.0.0 (#7100) 2023-12-05 13:16:01 +01:00
renovate[bot] 6c1b449248
[deps] Platform: Update @types/node-forge to v1.3.10 (#7095)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-05 12:56:31 +01:00
renovate[bot] a6482eb84b
[deps] Platform: Update angular-cli monorepo to v15.2.10 (#7096)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-05 12:34:54 +01:00
renovate[bot] 2972c6fd96
[deps] Platform: Update @types/node to v18.19.2 (#6739)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-05 12:33:49 +01:00
renovate[bot] 3294e034e1
[deps] Platform: Update jquery to v3.7.1 (#7086)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-05 12:16:12 +01:00
Will Martin 4b7ab41132
[AC-1726] Create restricted access view for collections (#6949) 2023-12-04 16:12:55 -05:00
Jared L e961761ee9
fix(browser): prevent registration-induced crash (#6799)
Fixed a bug where `authenticatorSelection` may be undefined and cause
the extension to crash when attempting to register a new credential.

Co-authored-by: SmithThe4th <gsmith@bitwarden.com>
2023-12-04 14:57:17 -05:00
renovate[bot] e980a778de
[deps] Tools: Update @electron/rebuild to v3.4.0 (#7085)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-04 17:12:17 +01:00
Conner Turnbull c1963f1bc3
Cleaned up feature flag logic now that it's released (#7030) 2023-12-04 08:16:43 -05:00
Jake Fink 641ae844fb
[PM-3797 Part 2] Create Account Recovery Service (#6667)
* create account recovery service

* update legacy migration tests

* declare account recovery service in migrate component

* create account recovery module

* remove changes to core organization module

* use viewContainerRef to allow dependency injection on modal

* fix imports
2023-12-01 17:21:04 -05:00
renovate[bot] c218767db8
[deps] SM: Update eslint-config-prettier to v9 (#7070)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-01 15:54:31 -06:00
renovate[bot] 5f8d092064
[deps] SM: Update eslint to v8.54.0 (#7036)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-01 15:09:22 -06:00
renovate[bot] 611968036c
[deps] SM: Update eslint-plugin-import to v2.29.0 (#7068)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-01 14:42:28 -06:00
renovate[bot] 2243c1fc88
[deps] SM: Update jest-preset-angular to v13.1.4 (#7067)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-01 14:00:36 -06:00
Thomas Rittson 0d035c5a09
[AC-1873] Only assign user in the front-end if using Flexible Collections (#7051)
* Only assign user in the front-end if using Flexible Collections

* Fix prettier
2023-12-01 09:45:52 -06:00