* PM-4903- added a check for auth status and popout tabs, if no popup tab and auth is locked, abandon autofill
* add test
* clear all notifications if unlock popout closed
* add more tests and use tabid for performance optimization
* feat: add support for IPC client managed session storage
* feat: update SDK
* fix: using undecorated service in jslib module directly
* feat: add test case for web
* chore: document why we use any type
* fix: `ipc` too short
* typo: omg
* Revert "typo: omg"
This reverts commit 559b05eb5a.
* Revert "fix: `ipc` too short"
This reverts commit 35fc99e10b.
* fix: use camelCase
* expose local db file to extension
* fetch from local db as fallback; only fetch new data on changed checksum; fetch from cdn
* check for undefined chrome runtime (for easy Storybook mocking)
* update capital letters lint
* add audit api tests
* add bash script to fetch local db info and split it to meet FF size limits
* add readme
* Rename README.md to readme.md
* remove leftover file
* remove unused methods from audit service
* remove local db logic
* wip
* revert local db build changes
* add tests; sub to updates directly; refactor teardown logic
* fix eslint crashing
* remove temp premium override
* remove unused test
* update timer value
* run prettier
* refetch all domains on app version change
* fix log statement
* harden fetching
* filter empty domains
* fix type issue
* fix typo
* fix type error
* fix cleanup
* feat: ban urls not using https
* feat: add exception for dev env
* feat: block fetching of insecure URLs
* feat: add exception for dev env
* feat: block notifications from using insecure URL
* fix: bug where submission was possible regardless of error
* feat: add exception for dev env
* fix: missing constructor param
* use PureCrypto in master password service decryptUserKeyWithMasterKey
* test for legacy AES256-CBC
* update SDK version to include the `PureCrypto.decrypt_user_key_with_master_key`
* change from integration to unit tests, use fake state provider
* feat(policies): Add URI Match Default Policy enum
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* feat(policies): Add logic to read and set the default from policy data
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* In settings, set default, disable select and display hint
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Move applyUriMatchPolicy to writeValue function
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Remove code to disable individual options because we're disabling the entire select
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* WiP move resolved defaultUriMatch to Domain Settings Service
* Merge branch 'main' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'main' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'main' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'main' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'main' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'main' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Address local test failures related to null observables
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* add missing services
* Fix test to use new resolvedDefaultUriMatchStrategy$
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Move definition of defaultMatchDetection$ out of constructor
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Update cipher form story to use resolvedDefaultUriMatchStrategy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'pm-19310-uri-match-policy' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Fix incomplete storybook mock in cipher form stories
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Add I18n key description
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Add comment regarding potential memory leak in domain settings service
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Add explicit check for null policy data
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Add explicit check for undefined policy data
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'pm-19310-uri-match-policy' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Add shareReplay to address potential memory leak
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'pm-19310-uri-match-policy' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Merge branch 'main' of github.com:bitwarden/clients into pm-19310-uri-match-policy
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Remove outdated comment
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
* Improve type safety/validation and null checks in DefaultDomainSettingsService
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
---------
Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
Co-authored-by: Jonathan Prusik <jprusik@classynemesis.com>
* Add importer metadata to native code
* Impl napi code in ts
* Impl napi code in ts
* Fix clippy
* Fix clippy
* remove ts util tests
* Check for installed browsers
* PR fixes
* test fix
* fix clippy
* fix tests
* Bug fix
* clippy fix
* Correct tests
* fix clippy
* fix clippy
* Correct tests
* Correct tests
* [PM-25521] Wire up loading metadata on desktop (#16813)
* Initial commit
* Fix issues regarding now unused feature flag
* Fixed ts-strict issues
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: adudek-bw <adudek@bitwarden.com>
* Remove logic to skip Brave as that now happens via the native code
* Define default capabilities which can be overwritten by specifc client/platform
* Fix DI issues
* Do not overwrite existing importers, just add new ones or update existing ones
* feat: [PM-25521] return metadata directly (not as JSON) (#16882)
* feat: return metadata directly (not as JSON)
* Fix broken builds
Move getMetaData into chromium_importer
Remove chromium_importer_metadata and any related service
Parse object from native instead of json
* Run cargo fmt
* Fix cargo dependency sort order
* Use exposed type from NAPI instead of redefining it.
* Run cargo fmt
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* Only enable chromium loader for installed and supported browsers
---------
Co-authored-by: Daniel James Smith <2670567+djsmith85@users.noreply.github.com>
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
* fix: always try to register clearOn events
`registerEvents` already checks for existing registered events so there is no
need to have a pre-check in `doStorageSave`. It causes issues because the
`newState` and `oldState` parameters come from the custom deserializer which
might never return `null` (e.g. transforming `null` to some default value).
Better to just use the list of registered events as a source of truth.
A performance check shows that most calls would only save a couple of
milliseconds (ranges from 0.8 ms to 18 ms) and the total amount of time
saved from application startup, to unlock, to showing the vault is about 100 ms.
I haven't been able to perceive the change.
* Revert "feat: add folder.clear warning (#16376)"
This reverts commit a2e36c4489.
* fix(auth-tech-debt): [PM-24103] Remove Get User Key to UserKey$ - Fixed and updated tests.
* fix(auth-tech-debt): [PM-24103] Remove Get User Key to UserKey$ - Fixed test variable being made more vague.
• prefer undefined over null
• obtain required UserId once per method, before branching
• guards moved to beginning of methods
* lift UserId retrieval to occur once during import
* remove redundant userId retrieval
* PM-14236 add overlay background call to internal autofill
* update overlay background to handel vaultAutofillSuggestionUsed call
* update main and runtime to pass message
* add rough testing to verify calls are being made or not
* remove spacing
* reduce scope and handle update in main background
* clean type, remove cipherId which is no longer used
* when keyboard shortcut is used, update overlay ciphers to freflect new order immediately
* keep separation of concerns, put handleAutofillSuggestionUsed back in overlay, add tests
* reduced approach
* wip
* feat: add dynamic states
* feat: re-implement badge service with dynamic state functions
* feat: completely remove old static states
* feat: debounce calls to badge api per tab
* feat: use group-by to avoid re-setting all tabs on 1 tab change
* feat: simplify autofill badge updater
* feat: add hanging function test
* chore: clean up badge service
* feat: simplify private updateBadge
* feat: remove unnecessary Set usage
* fix: tests that broke after setState rename
* chore: clean up badge api
If a user is part of an org that has the `RequireSso` policy, when that user successfully logs in we add their email to a local `ssoRequiredCache` on their device. The next time this user goes to the `/login` screen on this device, we will use that cache to determine that for this email we should only show the "Use single sign-on" button and disable the alternate login buttons.
These changes are behind the flag: `PM22110_DisableAlternateLoginMethods`
* encode username for uri and add spec
* verify response from getHibpBreach method
* test/validate for BreachAccountResponse type and length instead of mock response
* - extract dirt api method out of global api service
- create new directory structure
- change imports accordingly
- extract breach account response
- put extracted code into new dirt dir
* codeowners and dep injection for new hibp service
* Add PhishingDetectionService
* Add a tab listener.
* Get the known phishing domain from the server
* Get the known phishing domain from the server
* Add phishing detection content script.
* Revert "Add phishing detection content script."
This reverts commit ce64d3435a.
* Fix conflicts
* Add build configs.
* Decouple the phishing detection content script logic from the rest of the app.
* move the call to background
* Add communication between the content script and background service.
* Update code to use Log service.
* Resolve conflict
* Add changes for phishing domain report
* Fix initializer order issue.
* Fix domain error.
* Account for no responses.
* Add exit functionality for onclick.
* Wrapped phishing detection feature behind feature flag (#13915)
* push changes for alert
* Removed browser logic for checking feature flag
* move the alert as dialog
* Add functionality to navigate back in history.
* [PM-19814] Add redirect to warning page when a phishing domain is detected.
* [PM-19814] Add the phishing warning page to the Angular popup.
* [PM-19814] Add functionality to display phishing host.
* [PM-19814] Add exit button and learn more link.
* [PM-19814] Add phishing detection feature flag.
* [PM-19814] Move phishing service to phishing directory
* [PM-19814] Add UI to display phishing URL.
* [PM-19814] Disable the URL input and populate it with the phishing URL.
* [PM-19814] Add phishing icon
* [PM-19814] Temporarily remove phishing reporting feature. It can be released separately in another ticket.
* [PM-19814] Clean up
* [PM-19814] Add types to the handlers.
* [PM-19814] Remove logic for handling authentication since the endpoint will be unauthenticated.
* [PM-19814] Fixed as many type issues as possible; added @ts-strict-ignore to the remaining ones.
* [PM-19814] Fix race condition in feature flag check.
* [PM-19814] Update wording for the marketing request.
* [PM-19814] Move phishing detection check from content script to webRequest.onCompleted listener.
* [PM-19814] Use webNavigation.onCompleted for redirect to ensure that the redirect only happens when they land on the page.
* [PM-19814] Remove unused code.
* [PM-19814] Fix merge conflict and update text based on product owner’s request
* [PM-19814] Fix merge conflict
* [PM-19814] Update text
* Resolve the message catalog entries
* Update file for consistent import and exports
* Update imports
* Update another import for BrowserPopupUtils
* Update the rest of the imports for BrowserPopupUtils
* Updates messages
* Rename files
* Current phishing block changes
* Use globalthis for chrome
* Add types file
* Update browser api to include tab navigation and close tab functions
* Update phishing detection to track multiple tabs and not trust info from content script
* Change chrome to browser.
* Fixed phishing detection checking previous url instead of current on navigation. Updated def flag for testing urls.
* Move phishing icon
* Fix chrome specific issues. Add comments to where BrowserApi should be used
* Fix command errors. Typecheck messages. Added guard for phishing detection messages
* Use concat map instead of merge map
* Unformat webfonts.scss file
* Fix lint and import errors
* Move phishing blocker files to dirt folder
* Rename background folder to services
* Add code ownership for phishing blocker
* Update text to use locales on phishing blocker learn more page
* Change navigation from using webapi to browser on updated event for safari support
* Update icon usage
* Fix type issues and add test file
* Fix linting error in test
---------
Co-authored-by: Jimmy Vo <huynhmaivo82@gmail.com>
Co-authored-by: Cy Okeke <cokeke@bitwarden.com>
Co-authored-by: Conner Turnbull <133619638+cturnbull-bitwarden@users.noreply.github.com>
Co-authored-by: Conner Turnbull <cturnbull@bitwarden.com>
Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
Co-authored-by: Tom <144813356+ttalty@users.noreply.github.com>
* Require userId for KdfConfigService
* cleanup KdfConfigService unit tests
* Move required userId for export request up to component/command level
* Fix service creation/dependency injection
* Revert changes to kdf-config.service.spec cause by a bad rebase
* Fix linting issue
* Fix tests caused by bad rebase
* Validate provided userId to equal the current active user
* Create tests for vault-export.service
Deleted old tests which since have been replaced with individual-vault-export.service.spec.ts
---------
Co-authored-by: Thomas Avery <tavery@bitwarden.com>
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* Introduce a new vault-export-api.service to replace the existing getOrganizationExport method in apiService
* Use new vault-export-api.service instead of the ApiService to retrieve organizational export data
* Remove unused method from apiService
* Register VaultExportApiService on browser
* Fxi linting issue by executing `npm run prettier`
* Rename abstraction and implementation of VaultExportApiService
* Use undefined instead of null
* Rename file of default impl of vault-export-api-service
* Fix test broken with 1bcdd80eea
* Define type for exportPromises
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* feat(notification-processing): [PM-19877] System Notification Implementation - Implemented the full feature set for device approval from extension.
* test(notification-processing): [PM-19877] System Notification Implementation - Updated tests.
---------
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* Add importer dummy lib, add cargo deps for win/mac
* Add Chromium importer source from bitwarden/password-access
* Mod crypto is no more
* Expose some Chromium importer functions via NAPI, replace home with home_dir crate
* Add Chromium importer to the main <-> renderer IPC, export all functions from Rust
* Add password and notes fields to the imported logins
* Fix windows to use homedir instead of home
* Return success/failure results
* Import from account logins and join
* Linux v10 support
* Use mod util on Windows
* Use mod util on macOS
* Refactor to move shared code into chromium.rs
* Fix windows
* Fix Linux as well
* Linux v11 support for Chrome/Gnome, everything is async now
* Support multiple browsers on Linux v11
* Move oo7 to Linux
* Fix Windows
* Fix macOS
* Add support for Brave browser in Linux configuration
* Add support for Opera browser in Linux configuration
* Fix Edge and add Arc on macOS
* Add Opera on macOS
* Add support for Vivaldi browser in macOS configuration
* Add support for Chromium browser in macOS configuration
* Fix Edge on Windows
* Add Opera on Windows
* Add Vivaldi on windows
* Add Chromium to supported browsers on Windows
* stub out UI options for chromium direct import
* call IPC funcs from import-desktop
* add notes to chrome csv importer
* remove (csv) from import tool names and format item names as hostnames
* Add ABE/v20 encryption support
* ABE/v20 architecture description
* Add a build step to produce admin.exe and service.exe
* Add Windows v20/ABE configuration functionality to specify the full path to the admin.exe and service.exe. Use ipc.platform.chromiumImporter.configureWindowsCryptoService to configure the Chromium importer on Windows.
* rename ARCHITECTURE.md to README.md
* aligns with guidance from architecture re: in-repository documentation.
* also fixes a failing lint.
* cargo fmt
* cargo clippy fix
* Declare feature flag for using chromium importer
* Linter fix after executing npm run prettier
* Use feature flag to guard the use of the chromium importer
* Added temporary logging to further debug, why the Angular change detection isn't working as expected
* introduce importer metadata; host metadata from service; includes tests
* fix cli build
* Register autotype module in lib.rs
introduce by a bad merge
* Fix web build
* Fix issue with loaders being undefined and the feature flag turned off
* Add missing Chromium support when selecting chromecsv
* debugging
* remove chromium support from chromecsv metadata
* fix default loader selection
* [PM-24753] cargo lib file (#16090)
* Add new modules
* Fix chromium importer
* Fix compile bugs for toolchain
* remove importer folder
* remove IPC code
* undo setting change
* clippy fixes
* cargo fmt
* clippy fixes
* clippy fixes
* clippy fixes
* clippy fixes
* lint fix
* fix release build
* Add files in CODEOWNERS
* Create tools owned preload.ts
* Move chromium-importer.service under tools-ownership
* Fix typeError
When accessing the Chromium direct import options the file button is hidden, so trying to access it's values will fail
* Fix tools owned preload
* Remove dead code and redundant truncation
* Remove configureWindowsCryptoService function/methods
* Clean up cargo files
* Fix unused async
* Update apps/desktop/desktop_native/bitwarden_chromium_importer/Cargo.toml
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* Fix napi deps
* fix lints
* format
* fix linux lint
* fix windows lints
* format
* fix missing `?`
* fix a different missing `?`
---------
Co-authored-by: Dmitry Yakimenko <detunized@gmail.com>
Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com>
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: ✨ Audrey ✨ <ajensen@bitwarden.com>
Co-authored-by: ✨ Audrey ✨ <audrey@audreyality.com>
Co-authored-by: adudek-bw <adudek@bitwarden.com>
Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
* [PM-24243] Load config service feature flag into SDK client during initialization
* [PM-24243] Bump sdk version
* [PM-24243] Update load_flags to use generic Map instead of strongly typed object
* [PM-24243] Pass entire feature states object into SDK
* [PM-24243] Bump SDK version
* [PM-24243] Fix failing test
* add exclamation badge for at risk passwords on tab
* add berry icon for the badge when pending tasks are present
* remove integration wtih autofill for pending task badge
* add ability to override Never match strategy
- This is helpful for non-autofill purposes but cipher matching is still needed. This will default to the domain.
* add at-risk-cipher badge updater service
* Revert "add exclamation badge for at risk passwords on tab"
This reverts commit a9643c03d5.
* remove nullish-coalescing
* ensure that all user related observables use the same user.id
---------
Co-authored-by: Shane Melton <smelton@bitwarden.com>
* remove flag and instances of use
* feedback jprusik: additional removals of pageContainsShadowDomElements
* feedback jprusik: remove a stray logic branch
* Add back notifications connection on locked accounts
* Updated tests.
* Make sure web push connection service is started synchronously
* Fixed merge conflicts.
---------
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
* [PM-19479] Client-Managed SDK state definition
* Remove test code
* Update based on latest sdk
* Add DB config
* Remove uuid conversion step
* Move mapper into separate file
* Revert to client managed state
* Move mapper to Cipher
* Typo
---------
Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>
* feat(notification-processing): [PM-19877] System Notification Implementation - Minor changes to popup logic and removed content in login component.
* docs(notification-processing): [PM-19877] System Notification Implementation - Added more docs.
* docs(notification-processing): [PM-19877] System Notification Implementation - Added markdown document.
* fix(notification-processing): [PM-19877] System Notification Implementation - Updated condition for if notification is supported.
* fix(notification-processing): [PM-19877] System Notification Implementation - Updated services module with correct platform utils service.