Commit Graph

122 Commits

Author SHA1 Message Date
Thomas Rittson 06c9df97ad
Update Safari importer to be Safari and macOS importer (#550)
* Rename Safari importer to Safari and macOS

* Order featured import options alphabetically
2021-11-15 19:49:19 +10:00
Thomas Rittson e02e663ce1
[Linked Fields] Fix QA feedback (#542)
* Fix bug overwriting custom field types

* Add linkedId to export model for CLI
2021-11-12 05:59:01 +10:00
Kyle Spearrin b99103d3f7
validate path for directory traversal (#540)
* validate path for directory traversal

* use previously constructed requestUrl
2021-11-10 15:13:13 -05:00
Kyle Spearrin 1b4a5508bd Revert "clean api url paths from directory traversal (#539)"
This reverts commit ea29f580a5.
2021-11-10 13:37:31 -05:00
Kyle Spearrin ea29f580a5
clean api url paths from directory traversal (#539) 2021-11-09 15:37:58 -05:00
Kyle Spearrin c4fb4a35ab
don't allow @ character in uriString prefixing (#538) 2021-11-09 11:16:40 -05:00
Oscar Hinton 8f177e2d3a
Add support for requesting and using otp for verifying some requests (#527)
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
2021-11-09 17:01:22 +01:00
Thomas Rittson dbda39e10f
Add Linked Field as custom field type (#431)
* Basic proof of concept of Linked custom fields

* Linked Fields for all cipher types, use dropdown

* Move linkedFieldOptions to view models

* Move add-edit custom fields to own component

* Fix change handling if cipherType changes

* Use Field.LinkedId to store linked field info

* Refactor accessors in cipherView for type safety

* Use map for linkedFieldOptions

* Refactor: use decorators to record linkable info

* Add ItemView

* Use enums for linked field ids

* Add union type for linkedId enums, add jsdoc comment

* Use parameter properties for linkedFieldOption

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>

* Fix type casting

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
2021-11-03 08:03:37 +10:00
Matt Gibson e90cc40f68
Allow managers to create collections (#530) 2021-10-27 13:06:27 -05:00
pan93412 257de6517c
feat: add an importer for Safari (CSV) (#512)
* feat(importers/safariCsvImporter): add the importer for Safari (CSV)

* Revert changes to package-lock.json

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
2021-10-26 17:00:03 +10:00
Oscar Hinton 71f8ef601f
Add support for crypto agent (#520) 2021-10-25 18:21:40 +02:00
Matt Gibson 815b436f7c
Fix Typo. Collection create has full view access (#523) 2021-10-20 10:31:25 -05:00
Oscar Hinton f09fb69882
Remove empty catch blocks, and update tslint rule (#513) 2021-10-19 10:32:14 +02:00
Oscar Hinton 14a60773cc
Add logic for fetching organization policies if the user has access through a provider (#519) 2021-10-14 09:33:46 +02:00
Oscar Hinton e3ab324d59
Fix OrganizationSsoResponse not behaving correctly in production (#515) 2021-10-12 13:57:08 +02:00
Oscar Hinton 764dc40b36
Change policyAppliesToUser to behave differently for MaximumVaultTimeout (#514) 2021-10-11 18:35:06 +02:00
Oscar Hinton bfa9a1e1bc
Remove Business Portal, add SSO configuration models (#506) 2021-10-06 19:36:20 +02:00
Matt Gibson 562e1fe459
Feature/split manage collections permission (#504)
* Split manage collections permissions

* Convert camel to pascal case for element id -> name
2021-10-01 07:50:30 -05:00
Thomas Rittson ce71c0c0bd
Add theme enums and platformUtilsService helper (#497)
* Use enum for themes, add getEffectiveTheme

* Update electron and cli to use theme refactor
2021-09-30 06:37:36 +10:00
Oscar Hinton 206ef610d0
Bump signalr to 5.0.10 (#502) 2021-09-28 15:47:19 +02:00
Vincent Salucci 16e998e664
[Reset Password v1] Refactor ForcePasswordReset into AuthResult (#481) 2021-09-17 10:53:50 -05:00
Matt Gibson 5cec31f871
Organization autoscaling (#487)
* Seat autoscaling api changes

* Update all organization subscription
aspects with one api call

* Remove disable autoscale option

* Remove autoscale request references

* Remove autoscale update
2021-09-17 10:20:48 -05:00
Oscar Hinton 83548a6753
Remove deprecated index.ts (#490)
* Remove deprecated index.ts

* Update tests
2021-09-17 14:57:31 +02:00
Dane Powell da6fde4b15
Add constants for biometrics auto-prompt option (#483)
* Add constants for biometrics auto-prompt option

* rename constant

Co-authored-by: Michael Cho <mcho@tutanota.com>
2021-09-16 21:00:13 +02:00
Vincent Salucci da132217da
[SSO Auto Enroll] Auto Enroll status retrieval (#486)
* [SSO Auto Enroll] Auto Enroll status retrieval

* Fixed import order

* Updated object property
2021-09-15 12:54:44 -05:00
Oscar Hinton ee1ea922a9
Disable Private Vault Export Policy (#482) 2021-09-14 16:32:06 +02:00
Oscar Hinton 32774561f3
Add MaximumVaultTimeout policy type (#480) 2021-09-09 17:05:40 +02:00
Thomas Rittson 5f64d95652
Fixes and cleanup for policyAppliesToUser (#476)
* Fix canManagePolicies logic to include providers

* Move new logic to isOwner (same as server)

* Refactor policyAppliesToUser

* Use const instead of var

* Fix linting
2021-09-09 07:34:27 +10:00
Oscar Hinton bbe8d3df48
Revert "Vault Timeout Policy (#474)" (#479)
This reverts commit bba2812fdd.
2021-09-08 23:06:42 +02:00
Oscar Hinton bba2812fdd
Vault Timeout Policy (#474) 2021-09-08 22:02:19 +02:00
Joseph Flinn 5784a6d4fc
Adding a PayPalConfig environment type (#478)
* Adding a PayPalConfig environment type for the web vault

* Adding missing semicolon
2021-09-08 12:34:23 -07:00
Vincent Salucci ef743ea8ca
[SSO] Set password auto enroll update (#472)
* [SSO/Auto Enroll] Set Password enrolls new user

* Fixed typo

* Linter updates

* Cleanup // Constructor for SetPasswordRequest
2021-09-03 14:49:03 -05:00
Thomas Rittson 6c9485596c
Add event type for ResetSsoLink (#475) 2021-09-03 09:59:22 -04:00
Thomas Rittson 30419a625f
Move policy checks within policyService (#466)
* Move policy logic within policyService

* Remove unneeded import

* Clean up unused code

* Fix linting

* Enforce policies from accepting org invite

* Only exempt owner or admin from policies

* Use canManagePolicies as exemption criteria

* Make orgUser status check more semantic

Co-authored-by: Addison Beck <abeck@bitwarden.com>

Co-authored-by: Addison Beck <abeck@bitwarden.com>
2021-08-31 06:52:57 +10:00
Oscar Hinton daa4f6f9a6
Dynamic Modals (#417)
* Move backdrop and click handler to modal service since they should not be used in web

* Add support for opening modals using ViewContainerRef
2021-08-26 10:04:29 +02:00
Thomas Rittson 358260596b
Add null check to electronStorageService.Save (#461)
* Add default value for ForcePasswordReset

* Add null check to electronStorageService instead

* Add default value to ForcePasswordReset

* Update electron/src/services/electronStorage.service.ts

* Fix indention issue from GH suggestion

Co-authored-by: Oscar Hinton <oscar@oscarhinton.com>
2021-08-20 16:01:50 +02:00
Oscar Hinton f1f5d1a7f2
Revert WebAuthn iFrame handler (#462) 2021-08-20 14:46:02 +02:00
Daniel James Smith 309ea8ca9d
Add missing locale entry for AZ language (#459) 2021-08-19 22:43:28 +02:00
Matt Gibson 1f0127966e
Generalize token refreshing to include reauth by api key (#456) 2021-08-13 08:28:03 -05:00
Matt Gibson 0180d0cce5
Provide information to set webauthn allow in html template (#455) 2021-08-12 15:12:31 -05:00
Matt Gibson c5f236c2e4
Use apikey client secret as captcha validation (#454)
* Use apikey client secret as captcha validation

* Linter fixes
2021-08-12 15:11:26 -05:00
Thomas Rittson c694591e4c
Use UrlB64 encoding for auth-email header (#450) 2021-08-11 06:33:15 +10:00
Vincent Salucci c2e434e333
[Reset Password v1] Update Temp Password (#446)
* [Reset Password v1] Update Temp Password

* Updating router to protected for child classes to access
2021-08-10 08:02:53 -04:00
Matt Gibson 027747246c
Add event type for provider accessing client vault (#448) 2021-08-05 07:50:56 -05:00
Matt Gibson 65c998dd0d
Iterate over enum values (#445) 2021-07-30 13:57:42 -05:00
Matt Gibson fdf0eb989b
Provide owner with Provider client org create requst (#444) 2021-07-30 08:11:12 -05:00
Matt Gibson db2e2f1977
Correct ProviderOrgCreate return type (#442) 2021-07-29 07:43:38 -05:00
Matt Gibson ecdd08624f
Feature/cli fail login on captcha request (#439)
* Fail CLI login if captcha is required by the server.

* Linter fixes
2021-07-23 14:27:48 -05:00
Oscar Hinton e1ce721364
[Provider] Refresh identity token on full sync (#437) 2021-07-23 20:05:34 +02:00
Oscar Hinton de288913e4
Add helper methods to EnvironmentService for retrieving urls (#435) 2021-07-23 20:03:52 +02:00
Matt Gibson e9d9cd0182
Feature/use hcaptcha on register if bot (#434)
* Parse captcha required from error messages

CaptchaProtectedAttribute produces an error with captcha information.
We want to parse that data out to make it easily accessible to components

* Don't show error on catpcha

The component should hande this situation.

* Add captchaResponse to captcha protected api endpoints

* Extract captcha logic to abstract base class

* Add captcha to register

* linter fixes

* Make sure to log Captcha required responses

* Match file naming convention

* Separate import into logical groups by folder

* PR review
2021-07-22 12:28:45 -05:00
Matt Gibson ea0c8267d4
Rename captcha bypass token (#433) 2021-07-21 13:35:15 -05:00
Oscar Hinton 8bf0f75d9e
[Provider] ProviderOrganization events (#432) 2021-07-21 19:40:52 +02:00
Matt Gibson 1006f50ef3
Feature/use hcaptcha if bot (#430)
* Handle hcaptch required identity response

* Refactor iframe component for captcha and webauthn

* Send captcha token to server

* Add captcha callback

* Clear captcha state

* Remove captcha storage

* linter fixes

* Rename iframe components to include IFrame

* Remove callback in favor of extenting submit

* Limit publickey credentials access

* Use captcha bypass token to bypass captcha for twofactor auth flows

* Linter fixes

* Set iframe version in components
2021-07-21 07:55:26 -05:00
Thomas Rittson 00acbce556
Add models to update send.key with account key (#418) 2021-07-19 07:33:19 +10:00
Oscar Hinton 9f0ca7e4d2
[Provider] Add initial support for providers (#399) 2021-07-15 15:07:38 +02:00
Oscar Hinton 75fff66f98
Move regexpEmojiPresentation to Utils class (#426) 2021-07-08 16:40:10 +02:00
Thomas Rittson 119699b82c
Fix fingerprint phrases in bulk confirm modal (#425) 2021-07-07 20:08:52 +10:00
Oscar Hinton d10d40697c
Set reprompt to None if null (#422) 2021-07-02 20:53:14 +02:00
Thomas Rittson 9ee31ad2fb
Improve URL parsing (#411)
* Check hostname is valid in getDomain

* fix linting

* Update noop implementation

* Fix tests

* Fix tests
2021-06-23 06:00:14 +10:00
Matt Gibson 18bf616e2e
Correct typo (#416) 2021-06-22 07:10:47 -05:00
Matt Gibson 78ae9383fb
Persist API key creds for token refresh. (#414)
* Persist API key creds for token refresh.

* Linter fixes
2021-06-21 17:48:06 -05:00
Matt Gibson 5e24a70a87
Vault should be locked if key is not in memory (#413)
Key is loaded on startup if auto key exists.
2021-06-21 17:47:44 -05:00
Matt Gibson 1f83c3c1ba
Fix separate key storage for non desktop (#409)
* Handle non-desktop, non-split key storage

* Reset vaultTimeoutService on clear.

Fixes issues where unlock was required after login

* Specify electron as desktop client

* Use ElelectronCryptoService to handle desktop-specific tasks

* Linter fixes
2021-06-15 09:55:57 -05:00
Thomas Rittson d63ee1858d
Add backwards compatability for new local hashing method (#407)
* Add backwards compatability for existing keyHash

* Minor changes for review comments
2021-06-15 07:35:58 +10:00
Matt Gibson d2ca46b6f5
Add get key from storage for ensuring biometric browser integration (#408) 2021-06-14 14:03:13 -05:00
Thomas Rittson 8797924bd1
Use 2 iterations for local password hashing (#404)
* Use 2 iterations for local password hashing

* fix typo
2021-06-10 07:24:31 +10:00
Matt Gibson 5ba1416679
Authenticate with secure storage service (#402)
* Split secure key into use case

Allows us to push authentication for key access as late as possible.

* Do not reload if biometric locked

* Linter fixes

* Fix key upgrade scenario

* Fix boolean value message parsing

* Handle systems which don't support biometrics

* Do not fail key retrieval on secret upgrade

* Ensure old key is removed regardless of upgrade success

* Log errors
2021-06-09 15:53:54 -05:00
Oscar Hinton d7682cde3b
Move nodeCryptoFunction to jslib-node (#405)
* Move nodeCryptoFunction to jslib-node

* Fix imports

* Fix tests import
2021-06-09 16:59:45 +02:00
Matt Gibson ea90aea013
Use encrypted filename filename in Cipher attachment upload blob name (#403)
* Use EncString type to enforce encryption on filename in Cipher attachment upload

* Fix Cipher attachment test
2021-06-08 14:02:08 -05:00
Thomas Rittson 2e16aef6a2
Add Send-Id header for access requests (#400)
* Add Send-Id header to postSendAccess request

* Add Send Id header to file access requests

* fix linting
2021-06-08 11:50:35 +10:00
Oscar Hinton 1016bbfb9e
Split jslib into multiple modules (#363)
* Split jslib into multiple modules
2021-06-03 18:58:57 +02:00