* Create and register new libs/exporter
Create package.json
Create tsconfig
Create jest.config
Extend shared and root tsconfig and jest.configs
Register with eslint
* Migrate exportService to libs/exporter
Move exportService (abstraction and impl) into libs/exporter
Refactored exportService to be split into vault-export and event-export
Created barrel-files for both exports
Moved export.service.spec.ts into vault-export
Created an export-helper, which helps build the filename (extract method refactor from ExportService)
* Move components in libs/angular into tools-subfolder
Moved components
Updated imports in jslib-services.module and jslib.module
* Register libs/exporter with browser and fix imports
Move export.component into tools-subfolder
* Register libs/exporter with cli and fix imports
Move export.command into tools-subfolder
* Register libs/exporter with desktop and fix imports
Move export.component into tools-subfolder
* Move export models to libs/exporter
* Update web imports
* Update package-lock.json
* Move export models back as it would create circular dependency
Reponse models in common rely on export models which are in libs/exporter, which relies on common
* Fix up web for event-export
* Update CODEOWNERS
* Add export-models to team-tools-dev
* Simplify domain import
* Moving EventExport into web
* [EC-1070] Introduce flag for enforcing master password policy on login
* [EC-1070] Update master password policy form
Add the ability to toggle enforceOnLogin flag in web
* [EC-1070] Add API method to retrieve all policies for the current user
* [EC-1070] Refactor forcePasswordReset in state service to support more options
- Use an options class to provide a reason and optional organization id
- Use the OnDiskMemory storage location so the option persists between the same auth session
* [AC-1070] Retrieve single master password policy from identity token response
Additionally, store the policy in the login strategy for future use
* [EC-1070] Introduce master password evaluation in the password login strategy
- If a master password policy is returned from the identity result, evaluate the password.
- If the password does not meet the requirements, save the forcePasswordReset options
- Add support for 2FA by storing the results of the password evaluation on the login strategy instance
- Add unit tests to password login strategy
* [AC-1070] Modify admin password reset component to support update master password on login
- Modify the warning message to depend on the reason
- Use the forcePasswordResetOptions in the update temp password component
* [EC-1070] Require current master password when updating weak mp on login
- Inject user verification service to verify the user
- Conditionally show the current master password field only when updating a weak mp. Admin reset does not require the current master password.
* [EC-1070] Implement password policy check during vault unlock
Checking the master password during unlock is the only applicable place to enforce the master password policy check for SSO users.
* [EC-1070] CLI - Add ability to load MP policies on login
Inject policyApi and organization services into the login command
* [EC-1070] CLI - Refactor update temp password logic to support updating weak passwords
- Introduce new shared method for collecting a valid and confirmed master password from the CLI and generating a new encryption key
- Add separate methods for updating temp passwords and weak passwords.
- Utilize those methods during login flow if not using an API key
* [EC-1070] Add route guard to force password reset when required
* [AC-1070] Use master password policy from verify password response in lock component
* [EC-1070] Update labels in update password component
* [AC-1070] Fix policy service tests
* [AC-1070] CLI - Force sync before any password reset flow
Move up the call to sync the vault before attempting to collect a new master password. Ensures the master password policies are available.
* [AC-1070] Remove unused getAllPolicies method from policy api service
* [AC-1070] Fix missing enforceOnLogin copy in policy service
* [AC-1070] Include current master password on desktop/browser update password page templates
* [AC-1070] Check for forced password reset on account switch in Desktop
* [AC-1070] Rename WeakMasterPasswordOnLogin to WeakMasterPassword
* [AC-1070] Update AuthServiceInitOptions
* [AC-1070] Add None force reset password reason
* [AC-1070] Remove redundant ForcePasswordResetOptions class and replace with ForcePasswordResetReason enum
* [AC-1070] Rename ForceResetPasswordReason file
* [AC-1070] Simplify conditional
* [AC-1070] Refactor logic that saves password reset flag
* [AC-1070] Remove redundant constructors
* [AC-1070] Remove unnecessary state service call
* [AC-1070] Update master password policy component
- Use typed reactive form
- Use CL form components
- Remove bootstrap
- Update error component to support min/max
- Use Utils.minimumPasswordLength value for min value form validation
* [AC-1070] Cleanup leftover html comment
* [AC-1070] Remove overridden default values from MasterPasswordPolicyResponse
* [AC-1070] Hide current master password input in browser for admin password reset
* [AC-1070] Remove clientside user verification
* [AC-1070] Update temp password web component to use CL
- Use CL for form inputs in the Web component template
- Remove most of the bootstrap classes in the Web component template
- Use userVerificationService to build the password request
- Remove redundant current master password null check
* [AC-1070] Replace repeated user inputs email parsing helpers
- Update passwordStrength() method to accept an optional email argument that will be parsed into separate user inputs for use with zxcvbn
- Remove all other repeated getUserInput helper methods that parsed user emails and use the new passwordStrength signature
* [AC-1070] Fix broken login command after forcePasswordReset enum refactor
* [AC-1070] Reduce side effects in base login strategy
- Remove masterPasswordPolicy property from base login.strategy.ts
- Include an IdentityResponse in base startLogin() in addition to AuthResult
- Use the new IdentityResponse to parse the master password policy info only in the PasswordLoginStrategy
* [AC-1070] Cleanup password login strategy tests
* [AC-1070] Remove unused field
* [AC-1070] Strongly type postAccountVerifyPassword API service method
- Remove redundant verify master password response
- Use MasterPasswordPolicyResponse instead
* [AC-1070] Use ForceResetPassword.None during account switch check
* [AC-1070] Fix check for forcePasswordReset reason after addition of None
* [AC-1070] Redirect a user home if on the update temp password page without a reason
* [AC-1070] Use bit-select and bit-option
* [AC-1070] Reduce explicit form control definitions for readability
* [AC-1070] Import SelectModule in Shared web module
* [AC-1070] Add check for missing 'at' symbol
* [AC-1070] Remove redundant unpacking and null coalescing
* [AC-1070] Update passwordStrength signature and add jsdocs
* [AC-1070] Remove variable abbreviation
* [AC-1070] Restore Id attributes on form inputs
* [AC-1070] Clarify input value min/max error messages
* [AC-1070] Add input min/max value example to storybook
* [AC-1070] Add missing spinner to update temp password form
* [AC-1070] Add missing ids to form elements
* [AC-1070] Remove duplicate force sync and update comment
* [AC-1070] Switch backticks to quotation marks
---------
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* SG-1026 - Documenting / slight refactoring of notification-bar - WIP
* SG-1026 - More documentation WIP
* SG-1026 - Continued documentation of notification bar + testing theories for specific sites as part of research to identify areas for possible improvement + added types where appropriate.
* SG-1026 - getSubmitButton docs
* SG-1026 - Autofill Service tweak - On account creation (ex: talkshoe.com), even if the pageDetails contained a valid form to watch, the loadPasswordFields method parameter for fillNewPassword being false for inputs with autoCompleteType of "new-password" would cause the account creation form to not be watched (null form data returned to notification bar). Setting this to true will help capture more account creations in the above specified scenario.
* SG-1026 - Additional documentation / comment clean up
* SG-1026 - Remove unused pageDetails array
* SG-1026 - These changes address form detection issues for the password change form on talkshoe.com: (1) Update autofill.service getFormsWithPasswordFields(...) method to group autofill.js found password type fields under a single form in a very specific scenario where the most likely case is that it is a password change form with poorly designed mark up in a SPA (2) Notification bar - when listening to a form, we must use both the loginButtonNames and the changePasswordButton names as we don't know what type of form we are listening to (3) Notification bar - on page change, we must empty out the watched forms array to prevent forms w/ the same opId being added to the array on SPA url change (4) Notification bar - getSubmitButton update - If we cannot find a submit button within a form, try going up one level to the parent element and searching again (+ added save to changePasswordButtonNames). (5) Notification bar - when listening to a form with a submit button, we can attach the formOpId to the button so we can only have DOM traversal in one location and retrieve the form off the button later on in the form submission logic. For now, I'm just adding it as a fallback, but it could be the primary approach with more testing.
* SG-1026 - On first load of the notification-bar content script, we should start observing the DOM immediately so we properly catch rendered forms instead of waiting for a second. This was especially prevelant on refreshing the password change form page on talkshoe.com.
* SG-1026 - Due to the previous, timeout based nature of the calls to collectPageDetailsIfNeeded (now handlePageChange), the mutation observer could get setup late and miss forms loading (ex: refreshing a password change page on talkshoe.com). DOM observation is now setup as fast as possible on page load for SPAs/Non SPAs and on change for SPAs by having the mutation observer itself detect page change and deterministically calling handlePageChange(). However, with these changes, page detail collection still only occurs after a minimum of ~1 second whether or not it was triggered from the mutation observer detecting forms being injected onto the page or the scheduleHandlePageChange running (which has a theoretical maximum time to page detail collection of ~1.999 seconds but this does require the mutation observer to miss the page change in a SPA which shouldn't happen).
* SG-1026 - Identified issue with current form retrieval step in autofill service which prevents multi-step account creation forms from being returned to the notification-bar content script from the notification.background.ts script.
* SG-1026 - Add logic to formSubmitted to try and successfully process multi-step login form (email then password on https://login.live.com/login.srf) with next button that gets swapped out for a true submit button in order to prompt for saving user credentials if not in Bitwarden. This logic works *sometimes* as the submit button page change often stops the submit button event listeners from being able to fire and send the login to the background script. However, that is a separate issue to be solved, and sometimes is better than never. This type of logic might be useful in solving the multi-step account creation form on https://signup.live.com/signup but that will require additional changes to the autofill service which current intercepts forms without passwords and prevents them from reaching the notification-bar.ts content script.
* SG-1026 - Add note explaining the persistence of the content script
* SG-1026 - Update stack overflow link to improve clarity.
---------
Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
* Move URI matching logic into uriView
* Fix url parsing: always assign default protocol, otherwise no protocol with port is parsed incorrectly
* Codescene: refactor domain matching logic
* Fix encrypted export using fixed PBKDF2 iterations
* Replace hardcoded KdfType in importer
* Clean up kdf handling in password-protected export
* Extract BitwardenPasswordProtectedFileFormat
* Rename bitwarden-json-types
* Move StateService import to fix linting issue
* Make linter happy
* Use abstraction instead of implementation
---------
Co-authored-by: Daniel James Smith <djsmith@web.de>
* Split out api methods into sendApiService
* Move SendService and abstraction
* Libs updates
* Web updates
* CLI updates
* Desktop updates
* libs send service fixes
* browser factory additions
* Browser updates
* Fix service injection for CLI SendReceiveCommand
* Deprecate directly calling send state service methods
* SendService observables updates
* Update components to use new observables
* Modify CLI to use state service instead of observables
* Remove unnecessary await on get()
* Move delete() to InternalSendService
* SendService unit tests
* Split fileUploadService by send and cipher
* send and cipher service factory updates
* Add file upload methods to get around circular dependency issues
* Move api methods from sendService to sendApiService
* Update cipherService to use fileApi methods
* libs service injection and component changes
* browser service injection and component changes
* Desktop component changes
* Web component changes
* cipher service test fix
* Fix file capitalization
* CLI service import and command updates
* Remove extra abstract fileUploadService
* WIP: Condense callbacks for file upload
Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
* Send callbacks for file upload
* Fix circular service dependencies
* Fix response return on upload
* Fix function definitions
* Service injection fixes and bug fixes
* Fix folder casing
* Service injection cleanup
* Remove deleted file from capital letters whitelist
* Create new SendApiService for popup
* Move cipherFileUploadService to vault
* Move SendFileUploadService methods into SendApiService
* Rename methods to remove 'WithServer'
* Properly subscribe to sendViews
* Fix Send serialization
* Implement fromJSON on sendFile and sendText
* [PM-1347] Fix send key serialization (#4989)
* Properly serialize key on send fromJSON
* Remove call that nulled out decrypted sends
* Fix null checks in fromJSON methods for models
* lint fixes
---------
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
* [PM-108] Fingerprint is calculated based on pubKey
* [PM-108] Change userId to userEmail. Remove fingerprint from AuthResponse
* [PM-130][PM-107] Remove fingerprint from request and clients UI
* add settingsService.getEquivalentDomains
* check that an iframe URL matches cipher.login.uris before autofilling
* disable autofill on page load if it doesn't match
* show a warning to the user on regular autofill if it doesn't match
---------
Co-authored-by: Todd Martin <106564991+trmartin4@users.noreply.github.com>
Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
* [EC-1046] add activate autofill policy to web
* [EC-1046] add local setting if policy needs to be set
* [AC-1046] activate autofill on page load if flag exists
* [AC-1046] move activation to current tab page
* [AC-1046] add warning to autofill policy
* [AC-1046] add useActivateAutofillPolicy to organization reponse
* [AC-1046] autofill to auto-fill
* Move autofillConstants to autofill folder
* Remove autofillConstants from whitelist capital
* Add vault team as code owners for autofill folder
* Update codeowners for web
* This commit implements the following main changes:
- Query elements by using a TreeWalker instead of `document.querySelector[All]`. The reason for this is that `querySelector[All]` doesn't traverse into elements with ShadowRoot.
- Recursively traverse into elements with `openOrClosedShadowRoot` or `Element.shadowRoot` (depending on browser support) inside TreeWalker loop.
- Use new query logic everywhere inside `autofill.js`. This also means we need to use filter functions to find elements with specific nodeNames and/or attributes instead of CSS selector strings.
- Add two new `instanceof Element` checks to prevent `Failed to execute 'getComputedStyle' on 'Window': parameter 1 is not of type 'Element'." errors`.
This change is fully backward compatible. If `openOrClosedShadowRoot` is not available it will always return undefined and we will never traverse into ShadowRoots just as the behavior was before this change.
* refactor: outsource recursive logic to accumulatingQueryDocAll
We don't want the `els` argument on the `queryDocAll` function because it's never used from outside the function itself. Thus the recursive logic is moved to `accumulatingQueryDocAll`.
Now `queryDocAll` creates an empty array and passes it to `accumulatingQueryDocAll` which recursively walks the document and all ShadowRoots and pushes all found nodes directly to the referenced array.
The decision to use a directly mutated array instead of `Array.concat(els)` or `Array.push(...els)` is for performance reasons. Pushing to the referenced array was 74% faster than using `Array.push` with spread operator and even 90% faster than using `Array.concat`.
Co-authored-by: Chad Miller <64046472+chadm-sq@users.noreply.github.com>
* refactor: extract input field relevance check into own function
Addresses CodeScene analysis violation "Bumpy Road Ahead" where conditional logic is checked for a nesting of 2 or deeper.
* refactor: use proper element attribute handling
- use el.type attribute instead of el.attribute.type on input elements. This makes sure we also get 'text' when type attribute is not explicitly specified
- use el.htmlFor attribute instead of el.attribute.for on label elements
- use `hasAttribute` and `getAttribute` methods instead of `attributes[]` which is discouraged by https://quirksmode.org/dom/core/#attributes
- improve readability of `isRelevantInputField`
---------
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Chad Miller <64046472+chadm-sq@users.noreply.github.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
* Updated messages
* Implement method in platformUtils to get autofill command
* Updates to callout in current tab component
* Add autofill keyboard shortcut to autofill settings
* style updates
* Add routing animation for autofill settings
* Remove extra function
* Remove unnecessary safari logic
* Remove autofill settings transition added in another PR
* Fix callout still present after clicking 'Got it' (#4797)
---------
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
* Remove ctor initialization in session sync
* Fix error message
* Prefer messaging over storage for syncing
We still need to use storage for instances where we open a popup or
worker and need to populate from a cache. However, in MV2, this is only
ever stored in a background service, ensuring that all data is stored in
from a long-lived context (mv2) or serialized to storage (mv3).
* Test new storage scheme
* Feature/SG-680 - Create Domain Verification Comp (#4283)
* domain-base.ts - added link to Architectural docs describing domain base class purpose
* SG-680 - (1) Created Org Domain API and observable based data store service (2) Created required response and request models
* SG-680 - Renaming org domain service abstractions to match existing convention
* SG-680 - (1) Updated getByOrgId method to return array of data to match back end + renamed it as such (2) Updated OrgDomainApiService get methods to update the OrgDomainService observables
* Two-factor-setup comp - change "tabbed-header" class to "page-header" to achieve visual consistency with other settings components.
* SG-680 - Refactor Org Domain API & domain services to conform to ADR 0013 - Avoid layered folder structure for request/response models (i.e., put models near "owner" services)
* SG-680 - Update Organization model to include a canManageDomainVerification check
* SG-680 - Created Domain Verification component and started scaffolding out HTML
* SG-680 - New OrgDomain state and API services need to be registered on jslib-services.module in order to be injectable into components for use (this is what maps abstractions to implementation for dependency injection)
* SG-680 - OrgDomainApiServiceAbstraction should be an abstract class
* SG-680 - Update OrgDomainApiService to use ListResponse and map into OrganizationDomainResponse properly
* SG-680 - Moved domain verification comp into subfolder to add clarity in folder structure
* SG-680 - Good start on Domain Add Edit Dialog
* SG-680 - Domain Add Edit Dialog - (1) Random generation of DNS TXT Record now working (2) DNS TXT Record Copyable (3) Additional translations added (4) Info callout added
* SG-680 - Domain Add Edit Dialog - (1) Added custom validator for domain name (2) Disable verify btn if form invalid
* SG-680 - Updated Domain Name custom validator to pass back error message in format the error.component.ts expected so it can be displayed without an untranslated error prefix of "invalidDomainName"
* Form-button - Added useful note regarding use of the bitFormButton directive and how it requires the use of the bitButton directive as well.
* SG-680 - OrgDomain.service - replace delete with splice as delete doesn't actually alter array. Duh.
* SG-680 - Domain verification progress - (1) Table layout + loading working for the most part (more translations needed (2) Add & edit opening dialog (3) Dialog first draft of save and verify
* SG-680 - DomainAddEditDialog - Unique domain name enforcement implemented
* SG-680 - Domain Name Custom Reactive forms validator refactor - swapped to regex to support proper domain format (which now enforces the requirement of a .com or similar)
* SG-680 - OrgDomainApi svc - must await send of delete call otherwise runs synchronously. Duh.
* SG-680 - Domain verification progress - (1) CopyDnsTxt added to state service (2) Refactored dialog to use async actions (3) Dialog form changes now mark form controls as touched for more responsive error handling
* SG-680 - Domain-add-edit-dialog - Confirmation required now for domain deletion
* SG-680 - Domain verification table options now supports removing domains with confirmation prompt
* Shared module - merge conflict resolution + removing unused imports so I can check this in.
* SG-680 - Adding missing translations
* SG-680 - Comment clean up + todo
* Revert "Shared module - merge conflict resolution + removing unused imports so I can check this in."
This reverts commit 98fe346e67.
* SG-680 - DomainAddEditDialog - Replace bitAction with leveraging bitSubmit so that when users hit enter in a field the form gets submitted.
* SG-680 - Added httpStatusCode enum
* SG-680 - OrgDomainAPI - Verify endpoint now returns domain response model so upsert to sync obs state service
* SG-680 - Domain Verification comp - (1) Display last checked date (2) Verify first attempt in place (3) justify options content per design
* SG-680 - DomainAddEditDialog - Validation and error handling overhaul
* SG-680 - DomainAddEditDialog - (1) Autofocus domain name on new domain creation (2) Removed form.invalid == form disabled logic because of accessibility concerns
* SG-680 - OrgDomainResponse model refactor - back end is sending lower cased props
* SG-680 - OrgDomain service refactor - (1) Use proper abstraction for i18n svc (2) Don't make non-async methods async for no reason
* SG-680 - OrgDomainService - Added test suite
* SG-680 - Renaming httpStatusCode.enum to strip off .enum in attempt to pass eslint issue
* SG-680 - Renaming httpStatusCode enum file again to remove all capitalized letters to pass eslint rules.
* SG-680 - Updating HttpStatusCode import b/c auto import update missed it.
* SG-680 - DomainAddEditDialog - Don't show callout if domain is verified
* SG-680 - DomainVerificationComp - Add error handling to verify to handle case where domain isn't available
* SG-680 - OrgDomainApiSvc - svc should use abstractions in constructor
* SG-680 - OrgDomainApiSvc - added full test suite
* SG-680 - OrgDomainSvc test suite - fixing broken test
* SG-680 - Domain Verification Validation Scenario: show form control error when domain verification fails - (1) Enhanced bitSubmit to optionally allowDisabledFormSubmit (2) Enhanced bitInput to optionally allow showErrorsWhenDisabled + added new docs
* SG-680 - Adjusting location & name of the bitInput docs to be in the top level docs section to match historical consensus and existing pattern.
* SG-680 - Removed TODO for adding tests since I've already added tests.
* SG-680 - DomainAddEditDialog - Handle verify domain conflict exceptions just in case
* SG-680 - Adjusting location of Domain verification settings item in the organization settings menu to match figma.
* SG-680 - Removing unnecessary comment
* SG-680 - Domain Verification component - updated svg to not have alt text so it is treated as decorative by screen readers for accessibility.
* SG-680 - Fixing messages.json missing }
* SG-680 - DomainAddEditDialog - Hardcoding inputs to bit-dialog as component vars are not needed for dynamic anything right now.
* SG-680 - Dialog comment refactor
* SG-680 - OrgDomainSvc - comment and console log removals.
* SG-680 - Updating OrgDomain Service test suites to have better test titles.
* Defect/web org domain claiming bugfixes (#4458)
* SG-949 - OrgDomainVerification - Domain name validator now supports n levels of subdomains as well as top level domains.
* SG-955 - On domain verification error or failure, call to update the individual org domain item to get an updated last checked date on the client.
* SG-953 - In domain verification dialog edit, if verify called and failed, then must manually mark domain name as touched for errors to show up.
* SG-954 - Domain Verification edit dialog - Fixing delete button not having trash icon displayed + added i18n translation for title prop.
* SG-956 - Fixing domain claiming event logs so that they show up on the client (more to do as there are some events missing client & member)
* Form button directive comment update
* SG-977 - Event Log improvements: (1) Add new device type of server (2) Add EventSystemUser mapping to translated value. The end result is that both SCIM and Domain verification logs properly show server as the client and SCIM or Domain verification as the member.
* Add comment to clarify use of SCIM in EVENT_SYSTEM_USER_TO_TRANSLATION dict
* DeviceType.Server must be incremented to 22 b/c server master already has a DeviceType.SDK of 21.
* Add SDK w/ value of 21 to DeviceType to match master server
* Defect/web org domain claiming bugfixes the sequel (#4530)
* Update <bit-table> to latest standard so it works again (swap body from ng-container to ng-template)
* Input directive - showErrorsWhenDisabled case doesn't need to care if input isActive or not.
* SG-949 - Update domain name validator regex to prevent http://, https://, and www.
* SG-771 - Added claimed domain logic to web client (#4603)
* SG-771 / SG-772 / SG-743 - Add claimed domain logic which skips entry of Org SSO Id when an org has a claimed and verified domain to web, browser, and desktop.
* Fix lint errors by adding button types
---------
Co-authored-by: SmithThe4th <gsmith@bitwarden.com>
* [EC-1060] feat: center align table cell content (#4618)
* [EC-1027] feat: remove `tw-text-sm` (#4617)
(cherry picked from commit 807a135418)
* Set checkForBreaches to true (checked) by default.
(cherry picked from commit 28d5961ed3)
* Open WebAuthn Prompt in New Tab (#4696)
- We already did this for Firefox and Safari
* Turn off checking for breaches in web for now (#4698)
* [PS-2455] Catch and log contextmenu errors (#4699)
* Set initRunning to true
initRunning was checked and at the end set to false, but it never got set to true
* Catch and log contextmenu errors
(cherry picked from commit db202f9e9e)
* Fix race condition when setting modal properties (#4701)
(cherry picked from commit 1c18a73a56)
* SG-1047 Fix remember me on web (#4706)
(cherry picked from commit d27ef74fe1)
* PS-2450 EC-1073 Do not decode and normalize query (#4708)
Co-authored-by: Jake Fink <jfink@bitwarden.com>
(cherry picked from commit 13746c1840)
* [Desktop/Browser] - Renew signing certificates (#4739)
(cherry picked from commit 4438ab9e3a)
* Revert to MV2 Autofill Logic (#4705)
* Bumped web version to 2023.2.0 (#4753)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
(cherry picked from commit 4e4de9812e)
* [EC-1074] fix: block interaction during async action (#4732)
The user is able to interact with vault-items while actions like delete are happening. This commit is a temporary fix to disable all interaction surfaces during those async actions.
(cherry picked from commit 957ed50c82)
* Bumped browser version to 2023.2.0
---------
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
Co-authored-by: Todd Martin <tmartin@bitwarden.com>
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Carlos Gonçalves <cgoncalves@bitwarden.com>
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
Co-authored-by: mimartin12 <77340197+mimartin12@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
Co-authored-by: Opeyemi Alao <54288773+Eeebru@users.noreply.github.com>
* Added comments.
* More comments.
* More function comments.
* Changed comment to add missing words.
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* Added better comment on fill query function.
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* More comments.
* Added additional documentation on viewable and visible
* Undid changes to the logic to avoid any chance of breaking anything.
---------
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* Move auth service factories to Auth team
* Move authentication componenets to Auth team
* Move auth guard services to Auth team
* Move Duo content script to Auth team
* Move auth CLI commands to Auth team
* Move Desktop Account components to Auth Team
* Move Desktop guards to Auth team
* Move two-factor provider images to Auth team
* Move web Accounts components to Auth Team
* Move web settings components to Auth Team
* Move web two factor images to Auth Team
* Fix missed import changes for Auth Team
* Fix Linting errors
* Fix missed CLI imports
* Fix missed Desktop imports
* Revert images move
* Fix missed imports in Web
* Move angular lib components to Auth Team
* Move angular auth guards to Auth team
* Move strategy specs to Auth team
* Update .eslintignore for new paths
* Move lib common abstractions to Auth team
* Move services to Auth team
* Move common lib enums to Auth team
* Move webauthn iframe to Auth team
* Move lib common domain models to Auth team
* Move common lib requests to Auth team
* Move response models to Auth team
* Clean up whitelist
* Move bit web components to Auth team
* Move SSO and SCIM files to Auth team
* Revert move SCIM to Auth team
SCIM belongs to Admin Console team
* Move captcha to Auth team
* Move key connector to Auth team
* Move emergency access to auth team
* Delete extra file
* linter fixes
* Move kdf config to auth team
* Fix whitelist
* Fix duo autoformat
* Complete two factor provider request move
* Fix whitelist names
* Fix login capitalization
* Revert hint dependency reordering
* Revert hint dependency reordering
* Revert hint component
This components is being picked up as a move between clients
* Move web hint component to Auth team
* Move new files to auth team
* Fix desktop build
* Fix browser build
This reduces the noise in the app.modules where the angular locales are loaded.
Simplifies extending with new locales as all of them can be found in the same place under the same file-name
This has previously also been done in the web client
* Split folder service back/foreground
Also splits for folderApiService, since that depends on folderService.
TODO: this split will need to be done for any dependents of a split
service.
* Prefer popup-specific services VaultFilterService
* Prefer popup-specific services i18n
* Prefer popup-specific services configService
* StateService is required for browserSync
* Add Policy Api Service
* Remove unused orgService from PolicyApiService
* Fixup missed dependency
* Attach cryptography services in popup context
* Improve session syncer initialization
* Fix storage reseed on logout
The check for the set vault-timeout needs to happen before all cleaning stateService
Remove check inside of reseedStorage as happens outside prior to calling it (logout/settings.component)
* Remove old limitation to only run on certain browsers
Execute on all browsers besides Safari as it does not support chrome.storage.local.get with an empty key
https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/storage/StorageArea/get
* Revert "Remove old limitation to only run on certain browsers"
This reverts commit d7f71aa0b6.
* work: add base logic for password lookup
* work: added browser support for hibp
* work: SG-558 combine weak + leak warning
* fix: language stuff
* fix: form values are neater tho :(
* fix: no cast
The problem was the incorrect identification of the input format. The input with `placeholder="ММ / ГГ"` got a value in `YYYY-MM` format, which is fallback in case when required format was not identified. It happened because `ММ` in the placeholder value had russian characters, but actual constant has english ones.
* Add combine helper
* Helper for running multiple actions with single service cache
* Remove unneeded any
* Send identifier through callback
* Extend Tab Message
* Split out ContextMenu logic
* Add tests for ContextMenu actions
* Context Menu Fixes
* Await call to menu handler
* set onUpdatedRan to false when it's ran
* Switch to using new cache per run
* Fix Generate Password Test
* Remove old file from whitelist
* Remove Useless never from Generic
* Update apps/browser/src/background/main.background.ts
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
* Address PR Feedback
* Specify a Document Url for Context Menu Items
* Update Test
* Use Generate Password Callback
* Remove DocumentUrlPatterns
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
* Force update of badge icon and text on all windows
Affects MV2 and MV3
No longer pass in tab and windowId to setLoggedOut and setLocked
When the vault is locked or the user logs out, all open windows/tabs need to be updated
Iterating over all active tabs like in 2022.10.1 was missing:
488734577f/apps/browser/src/background/main.background.ts (L859-L867)
Create clearBadgeText function to take care of it.
* Only try to retrieve tab in unlocked state
* Remove lock icon when unlocking on all windows
* Only use windowId to retrieve tab when defined
In MV2 the `windowId` isn't passed into updateBage and fails to retrieve the correct tab to update.
This resorted in the badge not showing a match count in another window.
Fixes#4260
Ensure in MV3 that all listener pass on the windowId if present.
* Fix Firefox private mode
Only pass on the windowId if defined and within Firefox
In private mode the main.background bootstrap-method passes in the windowId
Do not refreshBadge when in private mode
Previously 488734577f/apps/browser/src/background/main.background.ts (L575-L586) setIcon would skip in private mode. Calling refreshBadge without this would update the badge on all windows (normal and private ones)
* Make username regenerator button same as password one
it seems that (originally?) it wanted to be disabled at first and then become active again once the generator's async call was finished...but this seems unnecessary. removing all that extraneous stuff that doesn't seem to be actually doing anything makes this work just as well as the password generator button, and doesn't end up losing/resetting focus.
* Remove the `[disabled]` attribute from regenerate buttons
* Use `aria-disabled` instead of `disabled`, make click event conditional
* Make spinner show for `aria-disabled` controls as well
* Use aria-describedby for all help blocks/hints
* Add label to send notes textfield
* Use aria-describedby for all help blocks/hints / browser
* Tweak help block for confirming identity
* Remove aria-describedby for general login form
Seems unnecessary / doesn't need an extra description
* Fix compiler error
* Remove unnecessary aria-describedby
After testing, turns out the addition here was unnecessary, as the help block is already part of the `<label>`
* Fix aria-describedby reference for user verification component
* Remove redundant aria-describedby and generated id for radio buttons
* Fix aria-describedby for send editing in Safari
> When editing a send, the text below the deletion date is not recognized by the screen reader reliably (send-add-edit.component.html / efflux-dates.component.html). There might be an issues depending on which browser is used (deletionDateHelp vs. deletionDateCustomHelp
* Make custom environment container role="group", give it a label and description
> In the Environment Url Settings, the text “For advanced users…….“ is not not recognized by the screen reader. Not sure how to best solve this one, as it's below all individual url inputs. Ideally it gets announced with the baseUrl part or when focusing Custom Environment)
* feat-web: add hidden char count toggle
* Added toggle char count for desktop
* Use Tailwind and Component Library, add i18n
* Hide char count when password is hidden
* Initial proposal
* Update colors per design spec for all clients
Also make variable names consistent across clients
* Remove unused scss
* Add styling
* Set fixed with for password count elements
* Add separate wrapped stories
* Fix alignment of first char when wrapped
* Minor refactors
* Make naming consistent
* Add Figma url
* add barrel files
* Use CL component
* Fix template
* Remove duplicate style
* Use ColorPasswordComponent in web, remove old pipe
Also remove styling and move pipe out of jslib-module given that
it's no longer shared by all Angular clients
* Run prettier
* Remove unused scss vars
* Undo unnecessary changes
* Remove unnecessary changes
* Fix styling
* Fix selector
* Collect show password event
* Fix incorrect background in dark mode
* Fix linting
* Use color password for password history
* Add char count to hidden custom fields in desktop
* Fix char count background in web: take 2
* Update service name
* Add missing label toggleCharacterCount for desktop
Co-authored-by: Daniel James Smith <djsmith@web.de>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
* SG-825 - policy.service - Apply policies of disabled orgs
* SG-825 - OrgFilter - Show org suspended icon when org is disabled and remove personal vault policy enabled
* SG-825 - Org Filter refactor - Enterprise users can now access org options to leave orgs without selecting them (previously, you had to select an org to get the options to show up which was not possible for disabled orgs). Users can now leave disabled orgs.
* SG-825 - fix aria label compile issue
* SG-825 - Browser - Vault filter CSS refactor - (1) Better ellipsis truncation implemented (2) Selected vault and dropdown widths now scale dynamically based on selection and container width
* SG-825 - Desktop - (1) Org suspended warning icon now displayed on disabled orgs even when personal vault removed policy applied (2) Org suspended icon now has same accessibility (title / label) as web & browser.
* Remove default landing on masterpassword page
* Remove rememberEmail state service value that isn't needed
* Remove last occurence of setRememberEmail
* Remove alwaysRememberEmail functionality
* Remove always remember email from browser and add option to
* Add extra spacing around remember email check
* [SG-884] Fix Remember Email functionality for Login with SSO (#4238)
* Add saveEmailSettings method to LoginService
* Add StateService as a dependency to LoginService
* Update login components to utilize new login service method for saving rememberedEmail
* Only sync if synced value changes
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* Catch error if no one is listening
This occurs if the background tries to update any visualizers, but none
are open.
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: Justin Baur <justindbaur@users.noreply.github.com>
* Allow provided deserializer to handle not found
* Debounce synced items
* Remove object-hash
* Revert "Only sync if synced value changes"
This reverts commit 024fe226d9.
* Test debounce
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: Justin Baur <justindbaur@users.noreply.github.com>
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* Move chevron/arrow to start of disclosure widget
in addition, changes the only expand/collapse disclosure widget like this on the web client to use the same `<h3><button>...</button></h3>` structure as on browser extension and desktop app
* Change collapsed/expanded icons
Make them more understandable and consistent with other expand/collapse controls
* Harmonise desktop +/- controls to use arrow/chevron icons as well
also removes the incorrect `A11yTitle` in the generator that currently overrides the visible "Options" text (leading to a failure of WCAG 2.5.3 Label in Name)
* Change the icons for the expand/collapse disclosure widget in SSO component
* Expand icon explanation
plus minor typo cleanup
* Add patch for Send button focus outline
* Await in `has` calls.
* Add disk cache to browser synced items
Note: `Map` doesn't serialize nicely so it's easier to swap over to a
`Record` object for out cache
* Mock and await init promises in tests
* Remove redundant settings checks
* Move event.service to it's own folder
Move abstractions/event.service to abstractions/event/event.service
Move services/event.service to services/event/event.service
Fix all the imports
* Extract event-upload from event.service
Move `uploadEvents` from `EventService` to `EventUploadService`
Create event-upload-service-factory
Fix wiring up all the dependencies
* Remove clearEvents from EventService
clearEvents is only related to uploading events and can be moved into EventUploadService
Change the logout-method to only call EventUploadService.uploadEvents as that also calls clearEvents internally
* Rename EventService to EventCollectionService
Rename libs\common\abstraction\event\event.service.ts to libs\common\abstractions\event\event-collection.service.ts
Rename libs\common\services\event\event.service.ts to libs\common\services\event\event-collection.service.ts
Fix all the imports
Fix up service regristration/instantiation
Reanme \browser\src\background\service_factories\event-service.factory.ts to \browser\src\background\service_factories\event-collection-service.factory.ts
* Move interval to upload events to EventUploadSvc
Move the `init()` from event-collection.service to event-upload.service
Change call-site in web, desktop, browser
* [EC-584] Update ApiService to remove any appendages to ClientVersion
* [EC-584] Extract application version number logic from ApiService to PlatformUtils
* Update libs/electron/src/services/electronPlatformUtils.service.ts
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* [EC-584] Use getApplicationVersion as source for getApplicationVersionNumber
* [EC-584] Remove defaulting to dash on getApplicationVersionNumber and add unit tests
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* Do not use object constructors for names
Minification was selecting different class names for different instances
of services, which was causing them not to sync properly.
This was happening _only_ in production mode for some reason, perhaps
due to minifying post chunking?
* Add tests for additional synced properties
* Register alarms and listen to them
* Wire up alarms and actions
Register actions(commands) which can be executed by an alarm
Create methods in alarm-state to persists actions and execution times
Flesh out AlarmListener to iterate over registered commands and check if they need to execute
Simplify clearClipboard action as it only handles the action instead of also worrying if it should fire.
Enable previously disabled clear-clipboard tests (#3532)
Adjust clear-clipboard tests to new simpler execution
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
* Make linter happy
* Revert accidentally commited with merging master
* Add jsdoc per PR comment
* Fixed types to simplify adding new alarm actions
Create a new alarm action (i.e `clear-clipboard.ts`)
Export a name for the alarm action (`clearClipboardAlarmName`)
`alarm-state.ts`
Import alarm action name
Extend `alarmKeys` and `alarmState`
`on-alarm-listener`
Import alarm action method and alarm action name
Add it to the switch case
* Add comment to clearClipboard action
Add comment to replace clearClipboard impl once clipboardApi's are accessible by service-workers
https://bugs.chromium.org/p/chromium/issues/detail?id=1160302
Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
* Elevate Map <-> Record JSON helpers to Utils
* Build Account from a StateService provided AccountDeserializer
* Allow Manifest V2 usage of session sync
Expands use of SessionSyncer to all Subject types. Correctly handles
replay buffer for each type to ignore the flood of data upon
subscription to each Subject type.
* Create browser-synced Policy Service
* Move BrowserFolderService
* Libs account serialization improvements
* Serialize Browser Accounts
* Separate StateService in background/visualizations
Visualizer state services share storages with background page, which
nicely emulates mv3 synchronization through session/local storage. There
should not be multithreading issues since all of these services are
still running through a single thread, we just now have multiple places
we are reading/writing data from.
Smaller improvements
* Rename browser's state service to BrowserStateService
* Remove unused WithPrototype decorator :celebrate:
* Removed conversion on withPrototypeForArrayMembers. It's reasonable to
think that if the type is maintained, it doesn't need conversion.
Eventually, we should be able to remove the withPrototypeForArrayMembers
decorator as well, but that will require a bit more work on
(de)serialization of the Accounts.data property.
* Make Record <-> Map idempotent
Should we get in a situation where we _think_ an object has been
jsonified, but hasn't been, we need to correctly deal with the object
received to create our target.
* Check all requirements while duck typing
* Name client services after the client
* Use union type to limit initialize options
* Fixup usages of `initializeAs`
* Add OrganizationService to synced services
Co-Authored-By: Daniel James Smith <djsmith85@users.noreply.github.com>
* Add Settings service to synced services
Co-Authored-By: Daniel James Smith <djsmith85@users.noreply.github.com>
* Add missing BrowserStateService
* Fix factories to use browser-specific service overides
* Fix org-service registration in services.module
* Revert "Add missing BrowserStateService"
This reverts commit 81cf384e87.
* Fix session syncer tests
* Fix synced item metadata tests
* Early return null json objects
* Prefer abstract service dependencies
* Prefer minimal browser service overrides
* [SG-632] - Change forwarded providers radio buttons list to dropdown (#4045)
* SG-632 - Changed forwarded providers list of radio buttons to dropdown
* SG-632 - Added role attributes to improve accessibility.
* SG-632 - Added sorting to array and empty option
* SG-632 - Fix styling to match standards.
* rename cipehrs component to vault items component (#4081)
* Update the version hash for the QA Web build artifact to follow SemVer syntax (#4102)
* Remove extra call to toJSON() (#4101)
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: Daniel James Smith <djsmith@web.de>
Co-authored-by: Carlos Gonçalves <carlosmaccam@gmail.com>
Co-authored-by: Jake Fink <jfink@bitwarden.com>
Co-authored-by: Joseph Flinn <58369717+joseph-flinn@users.noreply.github.com>
Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
* SG-632 - Changed forwarded providers list of radio buttons to dropdown
* SG-632 - Added role attributes to improve accessibility.
* SG-632 - Added sorting to array and empty option
* SG-632 - Fix styling to match standards.
* Move OrganizationService to fullSync
* Add Tech Debt Tracking Link
* Remove Commented out code
* Add InternalOrganizationService
* Use InternalOrganization in services that get to update state
* Browser Extension - Send - Expiration / Deletion date calendar icon + datepicker pop up now respect theme better in Chrome / Chromium based browsers and Safari (Firefox datepicker pop up doesn't seem to have an easy mechanism for theming)
* SG-428 - Extension - Iconography for date inputs for Chromium browsers now reflects theme colors properly + hover states; icon not shown on non-Chromium browsers
* Variables.scss - ran prettier locally after tweaking comments to pass eslint checks
* fix for covered dropdown on empty vault
This could be done one of 2-3 ways. I think this might be the least problematic, but could also be done with just changing "position: absolute" to "relative on the ".no-items" class - base.css:461 For some reason, I'm unable to load the spinner to test.
* rename class
* Send all saved url to autofill script
* Handle array of matched urls in content script
* Prompt at most once to override insecure autofill
* Do not send never match URIs to content script
We know these URIs did not cause the autofill match, so we
can safely remove these from the list of potential matches.