Commit Graph

2071 Commits

Author SHA1 Message Date
bitwarden-devops-bot
7f0ebed6d0
Bumped client version(s) 2026-03-23 10:44:20 +00:00
bw-ghapp[bot]
e5af8b6553
Autosync the updated translations (#19703)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2026-03-23 02:42:10 -05:00
SmithThe4th
bc1e01993d
Added error message to desktop and browser (#19692) 2026-03-20 19:14:35 +00:00
bw-ghapp[bot]
15eb066fb3
Autosync the updated translations (#19540)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2026-03-20 16:54:33 +01:00
Daniel James Smith
257b32aa7d
[PM-29480] Add dialog to cookie acquisition (#19655)
* feat: add full middleware pipeline support

* Retrieve cookies from storage and attach cookies using Electron session

* Register middleware to act on fetch redirect to acquire cookie for SSO

* Add missing tests

* fix: acquireCookies call

* fix: cookies not getting set

* feat: add vaultUrl to server communication config

* feat: adapt to receiving vaultUrl in acquireCookies

* fix: remove localhost connector override

* Fix requests can't be re-used

* Add small delay to ensure cookies are saved before retrying requests

* Fix vaultUrl being set twice

* Add mock clone method

* Fix sso-cookie.main tests

* Remove old FIXME

* Re-use request and fix test

* Add missing coverage checking that needsBootsrap is called

* In case the hostname can't be extracted, the response is returned

* Only check the responseType instead of also checking statuscodes for redirects

* Bump the sdk-version

* Prepend https:// if necessary before launching the connector url

* Add dialog to cookie acquisition

* Fix tests

* Add handling the user choosing cancel, which will now cancel the cookie acquisition

* Do not retry if needsBootstrap returns false

* Fix tests that hadn't been updated seen https:// was appended

* Move the sso cookie feature fully into desktop

* Move prompt to acquire cookie into ServerCommunicationConfigPlatformApiService and ensures that concurrent calls are dedupes during the callback await and when the dialog is open but no option has been chosen yet

* Fix broken import on sso-cookie.main.spec

* Update test suite, due to moving the dialog into the ServerCommunicationConfigPlatformApiService

* Fix import, that I missed from the move

* feat: move subscription into init function

---------

Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2026-03-20 15:34:50 +00:00
Daniel James Smith
3c4d466f25
[PM-27125] Add cookies to fetch requests (#19588)
* feat: add full middleware pipeline support

* Retrieve cookies from storage and attach cookies using Electron session

* Register middleware to act on fetch redirect to acquire cookie for SSO

* Add missing tests

* fix: acquireCookies call

* fix: cookies not getting set

* feat: add vaultUrl to server communication config

* feat: adapt to receiving vaultUrl in acquireCookies

* fix: remove localhost connector override

* Fix requests can't be re-used

* Add small delay to ensure cookies are saved before retrying requests

* Fix vaultUrl being set twice

* Add mock clone method

* Fix sso-cookie.main tests

* Remove old FIXME

* Re-use request and fix test

* Add missing coverage checking that needsBootsrap is called

* In case the hostname can't be extracted, the response is returned

* Only check the responseType instead of also checking statuscodes for redirects

* Bump the sdk-version

* Prepend https:// if necessary before launching the connector url

* Do not retry if needsBootstrap returns false

---------

Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2026-03-20 10:19:21 +01:00
John Harrington
4c9965a75f
[PM-33232] Update UX implemented in PM-33219 to resolve VULN-458 (#19514)
* send AuthType in request payload and allow empty email field

* re-introduce validation enforcing non-empty email field
2026-03-19 13:36:32 -07:00
rr-bw
411156aeaa
refactor(input-password-flows): [Auth/PM-27086] Use new KM Data Types in InputPasswordComponent flows - Change Password (#18507)
Updates the `ChangePasswordService` (`changePassword()` and `changePasswordForAccountRecovery()`) to use the new KM data types :
- `MasterPasswordAuthenticationData`
- `MasterPasswordUnlockData`

This allows us to move away from the deprecated `makeMasterKey()` method (which takes email as salt) as we seek to eventually separate the email from the salt.

Also moves current password validation into the default and web change password services.

Behind feature flag: `pm-27086-update-authentication-apis-for-input-password`
2026-03-19 10:40:14 -07:00
neuronull
81adf155ee
SSH Agent v2: server framework (#19119)
Adds the basic framework for handling new client connections in the server.

Co-authored-by: Bernd Schoolmann <mail@quexten.com>
2026-03-19 07:48:50 -06:00
Derek Nance
ae17d53772
fix incorrect GNOME Snap tray icon (#19298)
Some checks failed
Scan / Check PR run (push) Has been cancelled
Testing / Run typechecking (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-browser junit:junit-browser.xml name:Browser paths:apps/browser bitwarden_license/bit-browser]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-cli junit:junit-cli.xml name:CLI paths:apps/cli bitwarden_license/bit-cli]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-desktop junit:junit-desktop.xml name:Desktop paths:apps/desktop]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-libs junit:junit-libs.xml name:Libs paths:libs bitwarden_license/bit-common]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-web junit:junit-web.xml name:Web paths:apps/web bitwarden_license/bit-web]) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (macos-14) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (ubuntu-22.04) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (windows-2022) (push) Has been cancelled
Testing / Rust Coverage (push) Has been cancelled
Scan / Checkmarx (push) Has been cancelled
Scan / Sonar (push) Has been cancelled
Testing / Upload to Codecov (push) Has been cancelled
Testing / Run tests (push) Has been cancelled
2026-03-18 17:05:32 -05:00
Tyler
9831e8a27a
BRE-1724 feat(chromium_importer): update certificate sha256 thumbprint (#19641) 2026-03-18 17:13:05 -04:00
Will Martin
cf2ff5d85f
[CL-1088] only apply macOS extra top padding to nav logo in overlay mode (#19418)
* fix(uif): only apply macOS extra top padding to nav logo in overlay mode

The macOS extra top padding was unconditionally applied to the nav logo.
Now it only applies when the side nav is in overlay mode (open but not push mode).
2026-03-17 16:26:15 -04:00
Andreas Coroiu
300b920457
[PM-32248] [PM-32233] [PM-32235] Block links from opening in electron window (#19317)
* feat: block window creation from main web renderer

* feat: redirect safe urls to external browser

* [PM-32235] Block unsafe open external call with arbitrary web vault url argument (#19322)

* feat: add safe shell class with openExternal impl

* feat: add lint rule to avoid directy openExternal usage

* feat: replace all unsafe usages

* feat: allow multiple allow-lists

* feat: update usages

* chore: remove static version of function

* fix: additional usages

* fix: tests

* fix: construct arguments

* fix: lint

* feat: block insecure weburls
2026-03-17 15:42:20 +01:00
neuronull
ebbd9ed0ba
SSH Agent v2: define napi-agent-server interface (#18880)
Building upon the prior SSH agent v2 commits, this PR introduces the high level interfaces between the napi layer, the agent, and the underlying server.

Two traits are defined to act as abstraction layers:

AuthPolicy allows the underlying server to externally request authorization to complete the various ssh operation requests it receives. The implementation of this in the BitwardenSshAgent is effectively the agent's business logic, and has unit tests accordingly.

ApprovalRequester allows the agent to externally request approval for those authorization requests.

These interfaces allow better unit test-ability and integration test-ability, and additionally are context-independent from each other; meaning the ssh agent server doesn't know about vault items, or that there is an electron app at all. Similarly, the agent knows it needs to request approval, but it doesn't have to be from an Electron app.

Co-authored-by: Bernd Schoolmann <mail@quexten.com>
2026-03-17 08:38:40 -06:00
Matt Andreko
eaf410f01f
Add publisherName to Electron build process (#19591)
* PM-33717 - Add publisherName to Electron build
2026-03-17 07:44:56 -04:00
Oscar Hinton
c624aaa237
[PM-28755] Rename send-v2 to send for desktop (#19592)
* Rename send-v2 to send for desktop

* fix test
2026-03-17 09:28:43 +01:00
Leslie Xiong
a0519ee190
Fixed attachment icons positions and SSH key truncating (#19477)
* fixed attachment icons appearing below instead of next to cipher name

* fixed SSH key not truncating with ellipses
2026-03-16 15:14:42 -04:00
renovate[bot]
883841feef
[deps]: Pin Rust crate rkyv to v0.8.14 (#19579)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-16 08:13:53 -06:00
Thomas Rittson
124c04503d
[Vault] Update event-related import statements (#19546)
Updates import statements in vault-related files to use direct imports
instead of re-exported paths. This prepares for removal of re-exporting
files in a follow-up PR.

Part of PM-33381
2026-03-14 09:10:57 +10:00
renovate[bot]
ad1d99c359
[deps]: Update @napi-rs/cli to v3.5.1 (#18433)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-13 11:02:38 -04:00
renovate[bot]
07797b5fc6
[deps]: Update module-alias to v2.3.4 (#19000)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: neuronull <9162534+neuronull@users.noreply.github.com>
2026-03-13 10:44:00 -04:00
Nick Krantz
2d702e0eac
[PM-32661] Update Transfer Items Dialog (#19498)
* refactor decline and leave to be a link button rather than a secondary button

* update supporting text for transfer dialog

* add aria-label for learn more link
2026-03-11 16:19:09 -05:00
Daniel James Smith
46bb683d7b
[PM-29232] Add cookie acquisition (#19392)
* Add cookie acquisition to ServerCommunicationConfigService

* Fix DI for ServerCommunicationConfigPlatformApiService

* Rename param for acquireCookie from hostname to url

---------

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2026-03-11 16:52:44 +01:00
Andreas Coroiu
35d25b7f8e
[PM-24047] Make popout windows respect vault timeout when unfocused (#19019)
* PM-24047: Make popout windows respect vault timeout when unfocused

Replace the heartbeat message-passing mechanism for popup detection
with direct browser API queries (getContexts on MV3, getExtensionViews
on MV2/Safari) that can distinguish focused from unfocused popout
windows. Unfocused popout windows no longer prevent vault timeout.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* PM-24047: Add isAnyViewFocused(), revert isPopupOpen() to simple popup detection

Addresses PR review feedback by separating focus-aware logic from the
isPopupOpen() semantics, which other callers depend on for simple
popup detection:

- BrowserApi.isPopupOpen(): reverted to return views.length > 0 for
  popup-type views only (original behavior)
- BrowserApi.isAnyViewFocused(): new method that checks popup views
  (always focused), sidebar tab views (always focused), and popout
  tab views (focused only if document.hasFocus() is true)
- BrowserPlatformUtilsService.isPopupOpen(): simplified MV3 path
  uses getContexts({ contextTypes: ['POPUP'] })
- BrowserPlatformUtilsService.isAnyViewFocused(): new method with
  MV3 (POPUP/SIDE_PANEL/focused TAB) and MV2/Safari paths
- PlatformUtilsService: adds isAnyViewFocused() to the interface
- Web/Desktop/CLI stubs return false (no popout windows)
- VaultTimeoutService now calls isAnyViewFocused() instead of
  isPopupOpen() so unfocused popouts don't block vault timeout

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Move MV3/MV2 routing into BrowserApi

isPopupOpen() and isAnyViewFocused() now use feature detection for
chrome.runtime.getContexts to select the right API internally,
rather than having the routing in BrowserPlatformUtilsService.
This means BrowserApi is the single owner of view-detection logic,
and the service methods are simple one-line delegations.

Using typeof getContexts === "function" rather than isManifestVersion()
handles Safari naturally: if Safari doesn't support getContexts it
falls back to getExtensionViews, without needing an explicit isSafari()
exclusion.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Scope MV3/MV2 routing refactor to isAnyViewFocused only

isPopupOpen() keeps its existing pattern (MV3/MV2 routing in the
service, simple getExtensionViews in BrowserApi) to avoid touching
unrelated code. Only isAnyViewFocused() has its routing moved into
BrowserApi via feature detection.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Restore isPopupOpen to main branch implementation

isPopupOpen() and its tests are restored exactly to the main branch
version (heartbeat-based approach). Only isAnyViewFocused is new code.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Refactor isPopupOpen() to use getContexts/getViews instead of heartbeat

Replaces the message-passing heartbeat approach with the same
chrome.runtime.getContexts() (MV3) / chrome.extension.getViews() (MV2/Safari)
introspection pattern used by isAnyViewFocused(). This eliminates the need
for a heartbeat listener in the popup and makes both methods consistent.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Simplify isAnyViewFocused() using Array.some()

Collapse the two separate POPUP/SIDE_PANEL checks into a single .some()
call, and replace the synchronous MV2/Safari tab view loop with .some().
The async TAB/popout window check stays as a for loop.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: improve tabs loop readability somewhat

* PM-24047: Fix MV3 popout focus check using wrong uilocation filter

The TAB context filter was checking for `uilocation=sidebar` instead of
`uilocation=popout`. In MV3, sidebars are SIDE_PANEL contexts (already
handled above), so this filter never matched, causing focused popout
windows to be silently ignored and the vault to timeout while a user was
actively viewing one.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Rename isViewOpen to isViewFocused for semantic accuracy

The variable and parameter previously named isViewOpen reflected
the old "is any view open?" semantics. After the refactor to
isAnyViewFocused(), the naming is updated to match the actual
behavior: checking whether a view is focused, not merely open.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-03-11 14:10:32 +01:00
Thomas Avery
c842f76539
[PM-27297] Remove ConsolidatedSessionTimeoutComponent feature flag (#18616)
* Remove flag

* Remove legacy components

* Update unit tests

* update messages json
2026-03-10 13:09:35 -05:00
Oscar Hinton
77e837fe80
Remove shared module from desktop (#19414) 2026-03-10 19:09:20 +01:00
Oscar Hinton
b373e9c1ff
[PM-28754] [PM-28755] Cleanup desktop ui milestone 1 & 2 (#19081)
Removes feature flags for milestone 1 and 2 for desktop ui migration.
2026-03-10 12:02:23 +01:00
renovate[bot]
f3b4da0590
[deps] Platform: Update Rust crate sysinfo to v0.38.2 (#18882)
* [deps] Platform: Update Rust crate sysinfo to v0.38.2

* Add Wdk feature

* Use Wdk_System_SystemServices instead

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
2026-03-10 11:43:17 +01:00
Will Martin
5e90565a79
[CL-1063] add enforce-readonly-angular-properties ESLint rule (#19201)
* Add enforce-readonly-angular-properties ESLint rule
2026-03-09 10:26:42 -07:00
neuronull
918dfd8ac3
[BEEEP] Desktop Native simpler napi errors (#18824) 2026-03-09 10:30:20 -06:00
cyprain-okeke
2a2bce7c82
[PM-31229][Desktop app] Upgrade to Premium card issues (#19337)
* Fix the bug month

* Resolve teh pr comment
2026-03-09 16:07:31 +01:00
Daniel James Smith
d4c5f85bd7
[PM-29149] Add ServerCommunicationConfigService (#18837)
* Add state- and key-definitions for persisting serverCommunicationConfig(s)

* Add implementation of the SDK-defined ServerCommunicationConfigRepository

* Add ServerCommunicationConfigService

* Add state- and key-definitions for persisting serverCommunicationConfig(s)

* Add implementation of the SDK-defined ServerCommunicationConfigRepository

* Add ServerCommunicationConfigService

* Fix instantiation of ServerCommunicationConfigClient due to additional dependency on ServerCommunicationConfigPlatformApi

* Fix broken tests

* Fix ts-strict error

* Call setCommunicationType when ConfigService.serverCommunicationConfig$ emits (#19218)

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>

* Move service instantiation to desktop's service.module

* Deleted unused tests

---------

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2026-03-09 14:06:05 +01:00
bw-ghapp[bot]
d066a06caf
Autosync the updated translations (#19442)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2026-03-09 02:21:05 -05:00
Oscar Hinton
a697417f08
Remove most JslibModule usages from desktop (#19384) 2026-03-06 09:22:29 +01:00
bw-ghapp[bot]
8ad7eb853a
Autosync the updated translations (#19409)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2026-03-06 09:14:41 +01:00
Daniel James Smith
f7a5dd85ad
Remove unused templates from desktop's app.component (#19391)
* Remove unused templates from desktops app.component

* Remove all unused services from ctor

---------

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2026-03-05 16:41:44 +01:00
Github Actions
9672c576dc Bumped Desktop client to 2026.3.0 2026-03-05 14:02:20 +00:00
Daniel James Smith
b932ae04fd
Remove unused ColorPasswordCountPipe and ColorPasswordPipe (#19345)
With the replacement of the vault cipher view and add-edit views on the desktop client, we no longer require the ColorPasswordCountPipe or the ColorPasswordPipe, as these are now handled by the ColorPasswordComponent from the Bitwarden component library

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2026-03-05 08:56:31 +01:00
Bernd Schoolmann
944b3ffdc2
[PM-31406] fix: TypeScript 5.9 type compatibility fixes for auth-owned code (#19187)
* fix: add TypeScript 5.9 type compatibility fixes for auth-owned code

Add explicit `as BufferSource` casts and `Uint8Array` wrapping to satisfy
stricter type checking in TypeScript 5.9. Non-functional changes.

* Fix type errors

* Fix test

* Fix tests

* Fix typing in auth tests

* Also change unlock service to uint8array<arraybuffer>

* Fix types

* Prettier

* Apply fixes for jest spy type
2026-03-04 19:12:44 -07:00
Andy Pixley
e1078a00fa
[BRE-1530] Updating certificate name from 8bit to Bitwarden (#19380) 2026-03-04 16:16:12 -05:00
renovate[bot]
8125954c04
[deps]: Update Rust crate serial_test to v3.4.0 (#19315)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: neuronull <9162534+neuronull@users.noreply.github.com>
2026-03-04 10:25:03 -07:00
Daniel James Smith
9ed87a4166
Remove gitter chat badges from READMEs (#19368)
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2026-03-04 16:33:27 +00:00
neuronull
23da514cce
Desktop Native: Add missing docs lint for _some_ modules in core (#18983)
Adds the clippy lint for docs warning to core to align with our contributing docs guidelines.
2026-03-04 09:21:02 -07:00
Isaiah Inuwa
d0ca8f7b0a
Split NAPI modules [PM-31598] (#19113)
NAPI modules are all in one file. We use nested modules to define types within TypeScript namespaces, and NAPI requires nested modules to be inline due to rust proc-macro limitations.

However, we can still split these into multiple files and repeat the nested module name for the namespace.

This will improve the ability to set code ownership and navigate the data.

This PR splits the NAPI module files without further modification and assigns code ownership to @bitwarden/team-autofill-desktop-dev for the autofill, autotype and sshagent modules. I verified locally that the generated index.d.ts file does not change at all with this PR; all types are generated exactly the same.
2026-03-04 07:27:39 -06:00
Bernd Schoolmann
f28bea4ca4
[PM-31406] Migrate duckduckgo to purpose-built dangerous-crypto-compat function (#19223)
* Introduce dangerous-compat crypto implementations

* Migrate duckduckgo to purpose-built dangerous-crypto-compat function

* Update typescript version
2026-03-04 10:58:01 +01:00
renovate[bot]
5b35973944
[deps]: Update Rust crate rusqlite to v0.38.0 (#18202)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Alex Dragovich <46065570+itsadrago@users.noreply.github.com>
2026-03-03 17:12:10 -08:00
bw-ghapp[bot]
51a878ab8b
Autosync the updated translations (#19269)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2026-03-03 09:42:52 +01:00
neuronull
7b44917b27
SSH Agent v2: In-memory encrypted key store (#18596)
Co-authored-by: Bernd Schoolmann <mail@quexten.com>
2026-03-02 08:33:33 -07:00
Leslie Xiong
cfa4b1c27f
[PM 29776] Move Account Switcher (#18686)
* moved account switcher into page header

* Added 'header-actions' slot for AnonLayout

* removed 'standalone: true'

* cleanup

* more cleanup

* fixed lint error

* use 'app-avatar' in dropdown

* fixed account avatar vertical centering

* revert back to `standalone: false`

* moved new account switcher behind 'desktop-ui-migration-milestone-4' FF

* - added to default FF
- fixed template formatting
- removed type of 'configService'
- renamed to 'account-switcher-v2'

* fixed test

* moved 'account-switcher-v2' into '/auth'

* updated class and style from 'v3' to 'v2'

* removed ts-strict-ignore

* added back `ts-strict-ignore`

* added `aria-label` to `bit-avatar`

* fixed page load issue after clearing local session data

* fixed 'Access denied' toast appearing when milestone4 FF is false

* fixed new account switcher missing from 'locked vaults' and other 'AnonLayouts'

* fixed styles for non-logged in account-switcher button

* fixed duplicate account switcher bug

* lint fix

* updated 'account switcher' anon layout styles/colors

* fixed color from `bg-brand-strong` to `bg-brand`

---------

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
2026-02-28 14:57:57 -05:00
Oscar Hinton
59c0b28816
Deprecated SharedModules (#19260) 2026-02-27 11:45:06 +01:00