Commit Graph

524 Commits

Author SHA1 Message Date
Matt Gibson
c67715ea29
[PM-28038][PM-28276] Ignore url case for origin matching (#17355)
* ignore url case for origin matching

* Fixup typo

* Inject log services
2025-11-17 07:37:36 -08:00
Daniel Riera
fdb2f8b553
[PM-4903] - If you back out of autofill flow from locked vault screen, credentials autofilled on normal unlock (#17283)
* PM-4903- added a check for auth status and popout tabs, if no popup tab and auth is locked, abandon autofill

* add test

* clear all notifications if unlock popout closed

* add more tests and use tabid for performance optimization
2025-11-14 12:44:32 -05:00
Andreas Coroiu
ed2d8b9549
[PM-18046] Implement session storage (#17346)
* feat: add support for IPC client managed session storage

* feat: update SDK

* fix: using undecorated service in jslib module directly

* feat: add test case for web

* chore: document why we use any type

* fix: `ipc` too short

* typo: omg

* Revert "typo: omg"

This reverts commit 559b05eb5a.

* Revert "fix: `ipc` too short"

This reverts commit 35fc99e10b.

* fix: use camelCase
2025-11-14 08:51:38 +01:00
Will Martin
1be9e19fad
[PM-26944] fix(browser/phishing-detection): fix various issues (#17197) 2025-11-06 12:55:18 -06:00
Bernd Schoolmann
3125f679d3
[PM-25206] Inject service instead of passing as param (#16801)
* Inject service instead of passing as param

* [PM-25206] Move locking logic to LockService (#16802)

* Move locking logic to lock service

* Fix tests

* Fix CLI

* Fix test

* FIx safari build

* Update call to lock service

* Remove locked callback

* Clean up lock service logic

* Add tests

* Fix cli build

* Add extension lock service

* Fix cli build

* Fix build

* Undo ac changes

* Undo ac changes

* Run prettier

* Fix build

* Remove duplicate call

* [PM-25206] Remove VaultTimeoutService lock logic (#16804)

* Move consumers off of vaulttimeoutsettingsservice lock

* Fix build

* Fix build

* Fix build

* Fix firefox build

* Fix test

* Fix ts strict errors

* Fix ts strict error

* Undo AC changes

* Cleanup

* Fix

* Fix missing service
2025-11-05 17:11:34 +01:00
Will Martin
7ac6a67835
[PM-26944] phishing data checksum diffing + daily patches (#16983)
* expose local db file to extension

* fetch from local db as fallback; only fetch new data on changed checksum; fetch from cdn

* check for undefined chrome runtime (for easy Storybook mocking)

* update capital letters lint

* add audit api tests

* add bash script to fetch local db info and split it to meet FF size limits

* add readme

* Rename README.md to readme.md

* remove leftover file

* remove unused methods from audit service

* remove local db logic

* wip

* revert local db build changes

* add tests; sub to updates directly; refactor teardown logic

* fix eslint crashing

* remove temp premium override

* remove unused test

* update timer value

* run prettier

* refetch all domains on app version change

* fix log statement

* harden fetching

* filter empty domains

* fix type issue

* fix typo

* fix type error

* fix cleanup
2025-11-03 08:49:33 -06:00
Andreas Coroiu
48fb8b2bfe
[PM-25250] Prevent configuration and access of self hosted urls over http (#17095)
* feat: ban urls not using https

* feat: add exception for dev env

* feat: block fetching of insecure URLs

* feat: add exception for dev env

* feat: block notifications from using insecure URL

* fix: bug where submission was possible regardless of error

* feat: add exception for dev env

* fix: missing constructor param
2025-10-31 08:12:44 +01:00
Bernd Schoolmann
7e7107f165
[PM-27221] Update legacy kdf state on master password unlock sync (#16966)
* Update legacy kdf state on master password unlock sync

* Fix cli build

* Fix

* Fix build

* Fix cli

* Fix browser
2025-10-23 11:38:10 +02:00
Nick Krantz
7418f67874
[PM-24929] Clear route history cache for add/edit cipher views on tab change (#16755)
* clear route history cache for add/edit cipher views on tab change

* remove duplicate words
2025-10-22 08:36:31 -05:00
Maciej Zieniuk
63cdae92be
[PM-2348] Close popup window before process reload (#16795)
* Close popup window before process reload

* unit test coverage
2025-10-21 19:06:55 +02:00
Bernd Schoolmann
5a307633bb
[PM-26778] Make VaultTimeoutService use LogoutService (#16820)
* Make vaulttimeoutservice use logoutservice

* Fix browser build

* Fix mv3 build

* Fix lint
2025-10-21 10:24:52 -05:00
Bernd Schoolmann
433a2801f6
[PM-25174] Disable type 0 decryption based on feature flag (#16865)
* Disable type 0 decryption based on feature flag

* Add tests

* Move init to encrypt service
2025-10-20 13:15:11 +02:00
Maciej Zieniuk
8f0d509682
[PM-24377] Use PureCrypto for decryptUserKeyWithMasterKey on the master password service (#16522)
* use PureCrypto in master password service decryptUserKeyWithMasterKey

* test for legacy AES256-CBC

* update SDK version to include the `PureCrypto.decrypt_user_key_with_master_key`

* change from integration to unit tests, use fake state provider
2025-10-17 12:28:38 -05:00
Ben Brooks
91a661a025
feat(policies): PM-19311 Enforce URI Match Defaults organization policy (#16430)
* feat(policies): Add URI Match Default Policy enum

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

* feat(policies): Add logic to read and set the default from policy data

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

* In settings, set default, disable select and display hint

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

* Move applyUriMatchPolicy to writeValue function

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

* Remove code to disable individual options because we're disabling the entire select

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

* WiP move resolved defaultUriMatch to Domain Settings Service

* Merge branch 'main' of github.com:bitwarden/clients into pm-19310-uri-match-policy

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

* Merge branch 'main' of github.com:bitwarden/clients into pm-19310-uri-match-policy

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

* Merge branch 'main' of github.com:bitwarden/clients into pm-19310-uri-match-policy

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

* Merge branch 'main' of github.com:bitwarden/clients into pm-19310-uri-match-policy

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

* Merge branch 'main' of github.com:bitwarden/clients into pm-19310-uri-match-policy

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

* Merge branch 'main' of github.com:bitwarden/clients into pm-19310-uri-match-policy

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

* Address local test failures related to null observables

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

* add missing services

* Fix test to use new resolvedDefaultUriMatchStrategy$

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

* Move definition of defaultMatchDetection$ out of constructor

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

* Update cipher form story to use resolvedDefaultUriMatchStrategy

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

* Merge branch 'pm-19310-uri-match-policy' of github.com:bitwarden/clients into pm-19310-uri-match-policy

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

* Fix incomplete storybook mock in cipher form stories

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

* Add I18n key description

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

* Add comment regarding potential memory leak in domain settings service

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

* Add explicit check for null policy data

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

* Add explicit check for undefined policy data

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

* Merge branch 'pm-19310-uri-match-policy' of github.com:bitwarden/clients into pm-19310-uri-match-policy

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

* Add shareReplay to address potential memory leak

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

* Merge branch 'pm-19310-uri-match-policy' of github.com:bitwarden/clients into pm-19310-uri-match-policy

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

* Merge branch 'main' of github.com:bitwarden/clients into pm-19310-uri-match-policy

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

* Remove outdated comment

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

* Improve type safety/validation and null checks in DefaultDomainSettingsService

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

---------

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
Co-authored-by: Jonathan Prusik <jprusik@classynemesis.com>
2025-10-17 07:58:17 -07:00
Bernd Schoolmann
a860f218bd
[PM-24128] New Pin service, using PasswordProtectedKeyEnvelope (#15863)
* fix: broken SDK interface

* Fix all compile errors related to uuids

* Update usages of sdk to type-safe SDK type

* Update sdk version

* Update to "toSdk"

* Move pin service to km ownership

* Run format

* Eslint

* Fix tsconfig

* Fix imports and test

* Clean up imports

* Pin tmp

* Initial version of updated pin service

* Add tests

* Rename function

* Clean up logging

* Fix imports

* Fix cli build

* Fix browser desktop

* Fix tests

* Attempt to fix

* Fix build

* Fix tests

* Fix browser build

* Add missing empty line

* Fix linting

* Remove non-required change

* Missing newline

* Re-add comment

* Undo change to file

* Fix missing empty line

* Cleanup

* Cleanup

* Cleanup

* Cleanup

* Switch to replaysubject

* Add comments

* Fix tests

* Run prettier

* Undo change

* Fix browser

* Fix circular dependency on browser

* Add missing clear ephemeral pin

* Address feedback

* Update docs

* Simplify sdk usage in pin service

* Replace with mock sdk

* Update sdk

* Initialize pin service via unlock instead of listening to keyservice

* Cleanup

* Fix test

* Prevent race condition with userkey not being set

* Filter null userkeys

* [PM-24124] Pin State Service (#16641)

* add pin-state.service

* add remaining tests

* improve description for clearEphemeralPinState

* rename getUserKeyWrappedPin$ to userKeyWrappedPin$

* drop temp variable in setPinState

* add new test and remove copied one

* Fix dep cycle

* Fix tests and remaining build issues

* Fix cli build

* Add comments about functions not being public API

---------

Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>
Co-authored-by: Hinton <hinton@users.noreply.github.com>
Co-authored-by: Jake Fink <jfink@bitwarden.com>
2025-10-17 16:30:29 +02:00
adudek-bw
7015663c38
[PM-25521] Move importer metadata to native code (#16695)
* Add importer metadata to native code

* Impl napi code in ts

* Impl napi code in ts

* Fix clippy

* Fix clippy

* remove ts util tests

* Check for installed browsers

* PR fixes

* test fix

* fix clippy

* fix tests

* Bug fix

* clippy fix

* Correct tests

* fix clippy

* fix clippy

* Correct tests

* Correct tests

* [PM-25521] Wire up loading metadata on desktop (#16813)

* Initial commit

* Fix issues regarding now unused feature flag

* Fixed ts-strict issues

---------

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: adudek-bw <adudek@bitwarden.com>

* Remove logic to skip Brave as that now happens via the native code

* Define default capabilities which can be overwritten by specifc client/platform

* Fix DI issues

* Do not overwrite existing importers, just add new ones or update existing ones

* feat: [PM-25521] return metadata directly (not as JSON) (#16882)

* feat: return metadata directly (not as JSON)

* Fix broken builds

Move getMetaData into chromium_importer
Remove chromium_importer_metadata and any related service
Parse object from native instead of json

* Run cargo fmt

* Fix cargo dependency sort order

* Use exposed type from NAPI instead of redefining it.

* Run cargo fmt

---------

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>

* Only enable chromium loader for installed and supported browsers

---------

Co-authored-by: Daniel James Smith <2670567+djsmith85@users.noreply.github.com>
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
2025-10-17 15:46:10 +02:00
Andreas Coroiu
5281da8fad
[PM-25660] UserKeyDefinition.clearOn doesn't clear data in some cases (#16799)
Some checks failed
Chromatic / Check PR run (push) Has been cancelled
Scan / Check PR run (push) Has been cancelled
Testing / Run tests (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (macos-14) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (ubuntu-22.04) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (windows-2022) (push) Has been cancelled
Testing / Rust Coverage (push) Has been cancelled
Chromatic / Chromatic (push) Has been cancelled
Scan / Checkmarx (push) Has been cancelled
Scan / Sonar (push) Has been cancelled
Testing / Upload to Codecov (push) Has been cancelled
* fix: always try to register clearOn events

`registerEvents` already checks for existing registered events so there is no
need to have a pre-check in `doStorageSave`. It causes issues because the
`newState` and `oldState` parameters come from the custom deserializer which
might never return `null` (e.g. transforming `null` to some default value).
Better to just use the list of registered events as a source of truth.

A performance check shows that most calls would only save a couple of
milliseconds (ranges from 0.8 ms to 18 ms) and the total amount of time
saved from application startup, to unlock, to showing the vault is about 100 ms.
I haven't been able to perceive the change.

* Revert "feat: add folder.clear warning (#16376)"

This reverts commit a2e36c4489.
2025-10-17 09:25:49 +02:00
Patrick-Pimentel-Bitwarden
94cb1fe07b
feat(auth-tech-debt): [PM-24103] Remove Get User Key to UserKey$ (#16589)
* fix(auth-tech-debt): [PM-24103] Remove Get User Key to UserKey$ - Fixed and updated tests.

* fix(auth-tech-debt): [PM-24103] Remove Get User Key to UserKey$ - Fixed test variable being made more vague.
2025-10-16 14:30:10 -04:00
John Harrington
64105e64e9
[PM-24105] Remove usage of getUserKey on keyService (#16626)
• prefer undefined over null
• obtain required UserId once per method, before branching
• guards moved to beginning of methods
* lift UserId retrieval to occur once during import
* remove redundant userId retrieval
2025-10-15 07:03:29 -07:00
Bernd Schoolmann
cc8bd71775
[PM-21033/PM-22863] User Encryption v2 (#14942)
* Add new encrypt service functions

* Undo changes

* Cleanup

* Fix build

* Fix comments

* Switch encrypt service to use SDK functions

* Move remaining functions to PureCrypto

* Tests

* Increase test coverage

* Split up userkey rotation v2 and add tests

* Fix eslint

* Fix type errors

* Fix tests

* Implement signing keys

* Fix sdk init

* Remove key rotation v2 flag

* Fix parsing when user does not have signing keys

* Clear up trusted key naming

* Split up getNewAccountKeys

* Add trim and lowercase

* Replace user.email with masterKeySalt

* Add wasTrustDenied to verifyTrust in key rotation service

* Move testable userkey rotation service code to testable class

* Fix build

* Add comments

* Undo changes

* Fix incorrect behavior on aborting key rotation and fix import

* Fix tests

* Make members of userkey rotation service protected

* Fix type error

* Cleanup and add injectable annotation

* Fix tests

* Update apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Remove v1 rotation request

* Add upgrade to user encryption v2

* Fix types

* Update sdk method calls

* Update request models for new server api for rotation

* Fix build

* Update userkey rotation for new server API

* Update crypto client call for new sdk changes

* Fix rotation with signing keys

* Cargo lock

* Fix userkey rotation service

* Fix types

* Undo changes to feature flag service

* Fix linting

* [PM-22863] Account security state (#15309)

* Add account security state

* Update key rotation

* Rename

* Fix build

* Cleanup

* Further cleanup

* Tests

* Increase test coverage

* Add test

* Increase test coverage

* Fix builds and update sdk

* Fix build

* Fix tests

* Reset changes to encrypt service

* Cleanup

* Add comment

* Cleanup

* Cleanup

* Rename model

* Cleanup

* Fix build

* Clean up

* Fix types

* Cleanup

* Cleanup

* Cleanup

* Add test

* Simplify request model

* Rename and add comments

* Fix tests

* Update responses to use less strict typing

* Fix response parsing for v1 users

* Update libs/common/src/key-management/keys/response/private-keys.response.ts

Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>

* Update libs/common/src/key-management/keys/response/private-keys.response.ts

Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>

* Fix build

* Fix build

* Fix build

* Undo change

* Fix attachments not encrypting for v2 users

---------

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
2025-10-10 23:04:47 +02:00
Oscar Hinton
095729d6fa
[PM-23189] Add client managed token provider (#15408)
* Add client managed token provider

* Change token service to accept user id

* Resolve breaking changes in the SDK

* Fix tests

* Update sdk

* Fix type

* Fix types

* Fix cli

* Fix browser

* Add optional userId to refreshIdentityToken

* Fix merge issues

* Fix tests
2025-10-08 16:47:30 -04:00
Daniel Riera
2ce194c190
[PM-14236] most recently used login is no longer moved to top of the list (#16388)
* PM-14236 add overlay background call to internal autofill

* update overlay background to handel vaultAutofillSuggestionUsed call

* update main and runtime to pass message

* add rough testing to verify calls are being made or not

* remove spacing

* reduce scope and handle update in main background

* clean type, remove cipherId which is no longer used

* when keyboard shortcut is used, update overlay ciphers to freflect new order immediately

* keep separation of concerns, put handleAutofillSuggestionUsed back in overlay, add tests

* reduced approach
2025-10-06 10:48:03 -04:00
Leslie Tilton
33dc57890a
Add premium guard to phishing detection service (#16602) 2025-10-03 09:04:39 -05:00
Andreas Coroiu
2ddf1c34b2
[PM-25488] Badge stays after lock when using pin (#16436)
* wip

* feat: add dynamic states

* feat: re-implement badge service with dynamic state functions

* feat: completely remove old static states

* feat: debounce calls to badge api per tab

* feat: use group-by to avoid re-setting all tabs on 1 tab change

* feat: simplify autofill badge updater

* feat: add hanging function test

* chore: clean up badge service

* feat: simplify private updateBadge

* feat: remove unnecessary Set usage

* fix: tests that broke after setState rename

* chore: clean up badge api
2025-10-03 09:01:49 +02:00
renovate[bot]
e5c5bf63ca
[deps] Platform: Update @types/chrome to v0.1.0 (#15697)
* [deps] Platform: Update @types/chrome to v0.1.0

* Fix typing

* Fix other build errors

* Fix strict compile

* Update pkg and fix remaining type errors

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
2025-09-26 17:02:39 +02:00
rr-bw
3bbc6c564c
feat(SSO): (Auth/[PM-22110] Remove Alternate Login Options when SSO Required (#16340)
If a user is part of an org that has the `RequireSso` policy, when that user successfully logs in we add their email to a local `ssoRequiredCache` on their device. The next time this user goes to the `/login` screen on this device, we will use that cache to determine that for this email we should only show the "Use single sign-on" button and disable the alternate login buttons.

These changes are behind the flag: `PM22110_DisableAlternateLoginMethods`
2025-09-22 08:32:20 -07:00
Alex
8531109081
[PM-25417] DIRT API Service Refactor (ADR-0005) (#16353)
* encode username for uri and add spec

* verify response from getHibpBreach method

* test/validate for BreachAccountResponse type and length instead of mock response

* - extract dirt api method out of global api service
- create new directory structure
- change imports accordingly
- extract breach account response
- put extracted code into new dirt dir

* codeowners and dep injection for new hibp service
2025-09-22 09:06:58 -05:00
Leslie Tilton
7090547cb8
[PM-19814] Phishing Detection Warning Popup UI (#16064)
* Add PhishingDetectionService

* Add a tab listener.

* Get the known phishing domain from the server

* Get the known phishing domain from the server

* Add phishing detection content script.

* Revert "Add phishing detection content script."

This reverts commit ce64d3435a.

* Fix conflicts

* Add build configs.

* Decouple the phishing detection content script logic from the rest of the app.

* move the call to background

* Add communication between the content script and background service.

* Update code to use Log service.

* Resolve conflict

* Add changes for phishing domain report

* Fix initializer order issue.

* Fix domain error.

* Account for no responses.

* Add exit functionality for onclick.

* Wrapped phishing detection feature behind feature flag (#13915)

* push changes for alert

* Removed browser logic for checking feature flag

* move the alert as dialog

* Add functionality to navigate back in history.

* [PM-19814] Add redirect to warning page when a phishing domain is detected.

* [PM-19814] Add the phishing warning page to the Angular popup.

* [PM-19814] Add functionality to display phishing host.

* [PM-19814] Add exit button and learn more link.

* [PM-19814] Add phishing detection feature flag.

* [PM-19814] Move phishing service to phishing directory

* [PM-19814] Add UI to display phishing URL.

* [PM-19814] Disable the URL input and populate it with the phishing URL.

* [PM-19814] Add phishing icon

* [PM-19814] Temporarily remove phishing reporting feature. It can be released separately in another ticket.

* [PM-19814] Clean up

* [PM-19814] Add types to the handlers.

* [PM-19814] Remove logic for handling authentication since the endpoint will be unauthenticated.

* [PM-19814] Fixed as many type issues as possible; added @ts-strict-ignore to the remaining ones.

* [PM-19814] Fix race condition in feature flag check.

* [PM-19814] Update wording for the marketing request.

* [PM-19814] Move phishing detection check from content script to webRequest.onCompleted listener.

* [PM-19814] Use webNavigation.onCompleted for redirect to ensure that the redirect only happens when they land on the page.

* [PM-19814] Remove unused code.

* [PM-19814] Fix merge conflict and update text based on product owner’s request

* [PM-19814] Fix merge conflict

* [PM-19814] Update text

* Resolve the message catalog entries

* Update file for consistent import and exports

* Update imports

* Update another import for BrowserPopupUtils

* Update the rest of the imports for BrowserPopupUtils

* Updates messages

* Rename files

* Current phishing block changes

* Use globalthis for chrome

* Add types file

* Update browser api to include tab navigation and close tab functions

* Update phishing detection to track multiple tabs and not trust info from content script

* Change chrome to browser.

* Fixed phishing detection checking previous url instead of current on navigation. Updated def flag for testing urls.

* Move phishing icon

* Fix chrome specific issues. Add comments to where BrowserApi should be used

* Fix command errors. Typecheck messages. Added guard for phishing detection messages

* Use concat map instead of merge map

* Unformat webfonts.scss file

* Fix lint and import errors

* Move phishing blocker files to dirt folder

* Rename background folder to services

* Add code ownership for phishing blocker

* Update text to use locales on phishing blocker learn more page

* Change navigation from using webapi to browser on updated event for safari support

* Update icon usage

* Fix type issues and add test file

* Fix linting error in test

---------

Co-authored-by: Jimmy Vo <huynhmaivo82@gmail.com>
Co-authored-by: Cy Okeke <cokeke@bitwarden.com>
Co-authored-by: Conner Turnbull <133619638+cturnbull-bitwarden@users.noreply.github.com>
Co-authored-by: Conner Turnbull <cturnbull@bitwarden.com>
Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
Co-authored-by: Tom <144813356+ttalty@users.noreply.github.com>
2025-09-19 10:56:27 -05:00
Daniel James Smith
94764467e8
[PM-25918] Move required userId for export request up to component/command level (#14391)
* Require userId for KdfConfigService

* cleanup KdfConfigService unit tests

* Move required userId for export request up to component/command level

* Fix service creation/dependency injection

* Revert changes to kdf-config.service.spec cause by a bad rebase

* Fix linting issue

* Fix tests caused by bad rebase

* Validate provided userId to equal the current active user

* Create tests for vault-export.service

Deleted old tests which since have been replaced with individual-vault-export.service.spec.ts

---------

Co-authored-by: Thomas Avery <tavery@bitwarden.com>
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2025-09-19 13:39:55 +02:00
Jordan Aasen
4b78da1623
[PM-21794] - remove RemoveCardItemTypePolicy flag (#16450)
* remove restricted item types flag

* fix RestrictedItemTypesService constructor
2025-09-18 09:53:01 -07:00
Daniel James Smith
ba817f0389
[PM-25503] Use org export api on encrypted and unencrypted org exports (#16290)
* Introduce a new vault-export-api.service to replace the existing getOrganizationExport method in apiService

* Use new vault-export-api.service instead of the ApiService to retrieve organizational export data

* Remove unused method from apiService

* Register VaultExportApiService on browser

* Fxi linting issue by executing `npm run prettier`

* Rename abstraction and implementation of VaultExportApiService

* Use undefined instead of null

* Rename file of default impl of vault-export-api-service

* Fix test broken with 1bcdd80eea

* Define type for exportPromises

---------

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2025-09-17 22:22:12 +02:00
Andreas Coroiu
a2e36c4489
feat: add folder.clear warning (#16376) 2025-09-11 16:05:32 +02:00
Patrick-Pimentel-Bitwarden
fe692acc07
Auth/pm 14943/auth request extension dialog approve (#16132)
* feat(notification-processing): [PM-19877] System Notification Implementation - Implemented the full feature set for device approval from extension.

* test(notification-processing): [PM-19877] System Notification Implementation - Updated tests.

---------

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
2025-09-05 13:27:16 -04:00
Justin Baur
bb6fabd292
feat(notifications): Ensure UnsupportedSystemNotificationService is registered in browsers that don't support notifications in Angular contexts (#16296) 2025-09-05 10:34:29 -04:00
Shane Melton
63dfca2bba
[PM-24796] Build the ConfigService before it is used during the construction of the DefaultSdkClientService (#16300) 2025-09-04 14:12:02 -07:00
Daniel James Smith
66f5700a75
[PM-24748][PM-24072] Chromium importer (#16100)
* Add importer dummy lib, add cargo deps for win/mac

* Add Chromium importer source from bitwarden/password-access

* Mod crypto is no more

* Expose some Chromium importer functions via NAPI, replace home with home_dir crate

* Add Chromium importer to the main <-> renderer IPC, export all functions from Rust

* Add password and notes fields to the imported logins

* Fix windows to use homedir instead of home

* Return success/failure results

* Import from account logins and join

* Linux v10 support

* Use mod util on Windows

* Use mod util on macOS

* Refactor to move shared code into chromium.rs

* Fix windows

* Fix Linux as well

* Linux v11 support for Chrome/Gnome, everything is async now

* Support multiple browsers on Linux v11

* Move oo7 to Linux

* Fix Windows

* Fix macOS

* Add support for Brave browser in Linux configuration

* Add support for Opera browser in Linux configuration

* Fix Edge and add Arc on macOS

* Add Opera on macOS

* Add support for Vivaldi browser in macOS configuration

* Add support for Chromium browser in macOS configuration

* Fix Edge on Windows

* Add Opera on Windows

* Add Vivaldi on windows

* Add Chromium to supported browsers on Windows

* stub out UI options for chromium direct import

* call IPC funcs from import-desktop

* add notes to chrome csv importer

* remove (csv) from import tool names and format item names as hostnames

* Add ABE/v20 encryption support

* ABE/v20 architecture description

* Add a build step to produce admin.exe and service.exe

* Add Windows v20/ABE configuration functionality to specify the full path to the admin.exe and service.exe. Use ipc.platform.chromiumImporter.configureWindowsCryptoService to configure the Chromium importer on Windows.

* rename ARCHITECTURE.md to README.md

* aligns with guidance from architecture re: in-repository documentation.
* also fixes a failing lint.

* cargo fmt

* cargo clippy fix

* Declare feature flag for using chromium importer

* Linter fix after executing npm run prettier

* Use feature flag to guard the use of the chromium importer

* Added temporary logging to further debug, why the Angular change detection isn't working as expected

* introduce importer metadata; host metadata from service; includes tests

* fix cli build

* Register autotype module in lib.rs
introduce by a bad merge

* Fix web build

* Fix issue with loaders being undefined and the feature flag turned off

* Add missing Chromium support when selecting chromecsv

* debugging

* remove chromium support from chromecsv metadata

* fix default loader selection

* [PM-24753] cargo lib file (#16090)

* Add new modules

* Fix chromium importer

* Fix compile bugs for toolchain

* remove importer folder

* remove IPC code

* undo setting change

* clippy fixes

* cargo fmt

* clippy fixes

* clippy fixes

* clippy fixes

* clippy fixes

* lint fix

* fix release build

* Add files in CODEOWNERS

* Create tools owned preload.ts

* Move chromium-importer.service under tools-ownership

* Fix typeError
When accessing the Chromium direct import options the file button is hidden, so trying to access it's values will fail

* Fix tools owned preload

* Remove dead code and redundant truncation

* Remove configureWindowsCryptoService function/methods

* Clean up cargo files

* Fix unused async

* Update apps/desktop/desktop_native/bitwarden_chromium_importer/Cargo.toml

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

* Fix napi deps

* fix lints

* format

* fix linux lint

* fix windows lints

* format

* fix missing `?`

* fix a different missing `?`

---------

Co-authored-by: Dmitry Yakimenko <detunized@gmail.com>
Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com>
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by:  Audrey  <ajensen@bitwarden.com>
Co-authored-by:  Audrey  <audrey@audreyality.com>
Co-authored-by: adudek-bw <adudek@bitwarden.com>
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
2025-09-04 11:21:57 +02:00
Shane Melton
b6ef7716da
[PM-24243] Load config service feature flag into SDK client (#15855)
* [PM-24243] Load config service feature flag into SDK client during initialization

* [PM-24243] Bump sdk version

* [PM-24243] Update load_flags to use generic Map instead of strongly typed object

* [PM-24243] Pass entire feature states object into SDK

* [PM-24243] Bump SDK version

* [PM-24243] Fix failing test
2025-09-03 13:56:55 -04:00
Justin Baur
73e8532ecc
feat(tokens): Allow Inactive user authenticated API calls 2025-09-03 10:09:02 -04:00
Nick Krantz
5967cf0539
[PM-14571] At Risk Passwords - Badge Update (#15983)
* add exclamation badge for at risk passwords on tab

* add berry icon for the badge when pending tasks are present

* remove integration wtih autofill for pending task badge

* add ability to override Never match strategy
- This is helpful for non-autofill purposes but cipher matching is still needed. This will default to the domain.

* add at-risk-cipher badge updater service

* Revert "add exclamation badge for at risk passwords on tab"

This reverts commit a9643c03d5.

* remove nullish-coalescing

* ensure that all user related observables use the same user.id

---------

Co-authored-by: Shane Melton <smelton@bitwarden.com>
2025-09-02 15:09:20 -05:00
neuronull
048d8a5f79
Remove UseTreeWalkerApiForPageDetailsCollection feature flag (#16130)
* remove flag and instances of use

* feedback jprusik: additional removals of pageContainsShadowDomElements

* feedback jprusik: remove a stray logic branch
2025-09-02 08:46:30 -06:00
Patrick-Pimentel-Bitwarden
c828b3c4f4
Auth/pm 23620/auth request answering service (#15760)
* feat(notification-processing): [PM-19877] System Notification Implementation - Implemented auth request answering service.

* test(notification-processing): [PM-19877] System Notification Implementation - Added tests.
2025-08-28 13:47:05 -04:00
Todd Martin
ad2dfe1e99
feat(notifications): [PM-19388] Enable push notifications on locked clients
* Add back notifications connection on locked accounts

* Updated tests.

* Make sure web push connection service is started synchronously

* Fixed merge conflicts.

---------

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
2025-08-26 11:41:15 -04:00
Shane Melton
e10d13faa8
[PM-22695] Remove unused vault service (#16134)
* [PM-22695] Remove obsolete browser vault filter service

* [PM-22695] Remove obsolete vault browser state service
2025-08-25 14:50:54 -07:00
Justin Baur
5f7f1d1924
Resolve state <-> state-test-utils circular dependency (#16093)
* Resolve state <-> state-test-utils circular dependency

* Fix type errors
2025-08-25 12:38:28 -04:00
Daniel García
12df7def61
[PM-19479] Client-Managed SDK state definition (#14839)
* [PM-19479] Client-Managed SDK state definition

* Remove test code

* Update based on latest sdk

* Add DB config

* Remove uuid conversion step

* Move mapper into separate file

* Revert to client managed state

* Move mapper to Cipher

* Typo

---------

Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>
2025-08-22 14:21:52 +02:00
Patrick-Pimentel-Bitwarden
719a43d050
Feat PM-19877 System Notification Processing (#15611)
* feat(notification-processing): [PM-19877] System Notification Implementation - Minor changes to popup logic and removed content in login component.

* docs(notification-processing): [PM-19877] System Notification Implementation - Added more docs.

* docs(notification-processing): [PM-19877] System Notification Implementation - Added markdown document.

* fix(notification-processing): [PM-19877] System Notification Implementation - Updated condition for if notification is supported.

* fix(notification-processing): [PM-19877] System Notification Implementation - Updated services module with correct platform utils service.
2025-08-20 12:42:16 -04:00
Justin Baur
939fd402c3
[PM-24677] Slim StateService down so it can be moved to state lib (#16021)
* Slim StateService down so it can be moved to state lib

* Fix accidental import changes

* Add `switchAccount` assertion

* Needs to use mock
2025-08-18 12:37:25 -04:00
Jonathan Prusik
0c166b3f94
remove BlockBrowserInjectionsByDomain feature flag (#16008) 2025-08-18 10:17:05 -04:00
Bernd Schoolmann
a60b7fed9a
[PM-17667] Move key-generation service to KM ownership (#16015)
Some checks failed
Chromatic / Check PR run (push) Has been cancelled
Scan / Check PR run (push) Has been cancelled
Testing / Run tests (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (macos-14) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (ubuntu-22.04) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (windows-2022) (push) Has been cancelled
Testing / Rust Coverage (push) Has been cancelled
Chromatic / Chromatic (push) Has been cancelled
Scan / Checkmarx (push) Has been cancelled
Scan / Sonar (push) Has been cancelled
Testing / Upload to Codecov (push) Has been cancelled
* Move key-generation service

* Update comment

* Add deprecation comments

* Fix firefox build

* Update comment

* Update DI import

* Update module imports
2025-08-15 23:49:49 +02:00
Nick Krantz
7ec916802b
Remove pm-10609-end-user-notifications feature flag (#15958) 2025-08-11 14:25:33 -05:00