Commit Graph

3636 Commits

Author SHA1 Message Date
Nick Krantz
30ab005da5
[PM-19168] Remove Archive Feature Flag (#19829)
* remove archive feature flag

* fix dependency within services module
2026-03-30 10:23:38 -05:00
Jared McCannon
2c011fcf69
[PM-30614] - Fix double event log in browser ext popup (#19657)
* Moved the task scheduler registration to the init method to ensure we're not re-registering it. Also made a no-op upload service for when the extension is popped out so we don't push events from both threads.
2026-03-30 09:33:54 -05:00
Vicki League
66c203ea3d
[CL-1049] Make fallback autofocus approach for dialogs (#19561)
Co-authored-by: Will Martin <contact@willmartian.com>
2026-03-27 16:02:17 -04:00
Jackson Engstrom
74a8a4dc21
[PM-34131] Editing ciphers with change at risk password banner fails on web (#19785)
* adds try catch in the resource loader to stop error looping

* uses computed signal instead of resource directly

* fixes strict type check
2026-03-27 11:59:13 -07:00
Leslie Xiong
e563c2d185
fixed desktop nav group anchor link color and cipher name styles (#19820) 2026-03-27 13:51:09 -04:00
Jackson Engstrom
9f17ef313e
[PM-34192] Adds null check for startingSelection when setting default collection (#19793) 2026-03-27 08:59:32 -07:00
Addison Beck
02fe70eaeb
refactor(scheduling): extract @bitwarden/scheduling Nx leaf library (#19771) 2026-03-27 11:23:22 +00:00
Jared Snider
9eddb330f0
Auth/PM-34198 - Device Management - fix device icons not rendering - update to use proper new bit-icon api (#19786) 2026-03-26 14:45:42 -04:00
Nick Krantz
ad7864084f
[PM-24476] At Risk Password setting (#19557)
* add setting to toggle the visibility of at-risk password settings

* add comments surrounding why/when notification setting is applicable
2026-03-26 08:58:43 -07:00
Brandon Treston
473929f0d8
remove feature flagged logic (#19718) 2026-03-25 14:09:55 -04:00
Will Martin
c7544e40c2
[CL-980] update icon tile (#19063)
* created tests, matched tw classes to Figma vals

* removed class/css/overkill based unit tests

* updated <bit-icon-tile instance

* remove shape, updated docs & test, fix build err

* corrections to documentation and type issue

* updated large->lg on IconTile usage

Co-authored-by: Isaac Ivins <iivins@livefront.com>
2026-03-25 13:20:24 -04:00
Will Martin
d763590ce6
[CL-1023][CL-1031] Design system refresh: Milestone 1 (#19061)
* [CL-1009] button style updates (#18301)

* add new button styles

* update disabled styles

* updated size stories

* update disabled button story names

* updated button stories

* add more explicit screenshots

* make class list a computed signal

* updated button docs

* allow unstyled button to inherit color

* use unstyled button in callouts until callout updates

* base button directive WIP

* add base button directive

* fix focus and hover styles

* fix lint error

* remove commented code that moved to base directive

* ensure buttonStype defaults correctly

* migrate legacy icon button types

* contrast button wips

* pull in latest and fix disabled with attr

* fix legacy variant

* add back nav contrast button variant

* updated icon button docs

* rename nav contrast variant and fix contrast focus

* fix button sizing

* fix product switcher button classes

* add contrast icon button story

* fix border color

* update to primaryGhost variant

* [CL-1025] icon font refresh (#18727)

* adding new icons

* migrate to new icon names

* updated icon build docs

* resolve conflicts and re-run migration

* add icons deps to uif ownership

* fix incorrect migration

* fix misnamed icon

* create filter icon and fix mapping error

* updated readme and add migration script to package.json

* fix prettier warnings

* remove browser alt from definition list

* add missing icon types

* fix image name migrated in error and update regex to not change these

* ensure icon array is updated automatically

* updated build comment

* remove unnecessary direct execution command

* remove direct run command

* allow legacy icon names to map to new icons

* [CL-1025] Icon font refresh - Temporary migration state with legacy names (#18948)

* Revert icon name migrations, preserve migration tooling

Reverted all icon name changes that were applied by the migration scripts,
while preserving:
- New icon SVG files in libs/assets/src/material-icons/
- Icon font files in libs/angular/src/scss/bwicons/
- Migration scripts in scripts/material-icons/
- NPM scripts and dependencies for icon tooling

This allows running the migration fresh when ready.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* Build icon font with bidirectional legacy/new name mapping

Ran icons:build to generate bidirectional icon mappings:
- SCSS now includes 155 icons (both Figma and legacy BWI names)
- TypeScript icon.ts updated with all 155 names
- All legacy names (e.g., bwi-question-circle, bwi-plus) point to new icon assets
- All new names (e.g., bwi-help, bwi-add) also available
- Codebase can continue using legacy names with new icon designs

This enables the temporary migration state where code uses existing
legacy icon names but displays the new refreshed icon assets.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* Fix: revert bwi-filter back to bwi-grid across codebase

bwi-grid is the correct new icon name and should not be reverted.
The changes from bwi-filter to bwi-grid were manual corrections,
not part of the automated migration.

Updated 16 files to restore bwi-grid icon references.

Addresses feedback from Bryan Cunningham on PR #18948

---------

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>

* remove duplicate key and add back dep ownership change

* fix formatting errors

---------

Co-authored-by: Will Martin <contact@willmartian.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>

* fix button variant

* [CL-1040] updated palette colors (#19401)

* [CL-973] chip component (#18798)

* wip

* WIP

* create chip filter component

* trying to get truncation to work

* fix truncation

* create chip-action component

* fix type errors

* add chip component

* add shared story args

* have chips take label input

* fix test template and imports

* fixing arg types and disabled states

* simplify disabled logic

* fix dimssis button alignment

* update menu focus color

* updated chip docs

* update chip-select usage to chip-filter

* fix full width icon layout

* remove commited code

* export chip component

* remove commented code

* expose full width

* chip component should not go full width

* use bit-icon in filter template

* remove commented code

* updated chip docs

* remove extra truncate class

* fix dupe input definitions

* move import to correct line

* read base chip values directly

* remove standlaone as it's the default

* forward size correctly

* create full width arg type

* let type be infered

* updated jsdoc comments

* use more modern angular syntax

* rename components to use kebab case

* remove redundant docs

* remove inaccurate link docs

* remove enum like types

* remove dead code

* remove unused spec

* remove host bindings

* restructure chips folders

* add max width class

* remove full width docs

* add internal comment

* bind to missing controls

* fixing docs

* replace disabled verbiage with inactive

* remove unnecessary comment

* default to primary

* do not allow end icon in action chip

* take chip action screenshots in both themes

* use selected input for base directive

* fix width error

* coerce to boolean

* fixed end icon reference

* fix code reference to endIcon

* fixing chip filter specs

* fix missing input transform

* fix docs

* fix input and add truncate

* ensure chip content truncates

* updated slot naming

* updated example to use new flow control

* fix typing for option.icon

* fix failing test, fix filter type, and support colored icons in filter options

* fix failing test

* doc updates

* change dismissed event name

* remove standalone

* fix selector

* fix docs

* remove unused fvw data property and fix docs links

* use base as host directive in chip

* fix spec button selectors

* fix duplicate class binding

* fix incorrect variant resolution

* handle undefined size

* fix signal type

* remove duplicate input

* fix failing spec

* updated styles for trailing icon spacing and font size

* padding tweaks for visual design

* make variant a writable model

* use logical text align

* update slot names

* remove dismissible input

* add back missing import

* remove ability to set chip filter to small size

* create size arg type

---------

Co-authored-by: Vicki League <vleague@bitwarden.com>

* [CL-987] Update Nav Group and Nav Item components (#18965)

* updated side nav `nav-group` and `nav-item` components

* - added focus states
- set cursor pointer for nav-item
- updated arrow orientations

* - updated `navItemIndentationPadding`
- reverted `[treeDepth]` for `nav-group`
- removed placeholder arrow

* - removed text style from starting slot container
- fixed routes in story

* created shared container classes var

* fixes from rebase, override `border-radius` for collapse arrow button

* updated `tw-theme`: reverted `--color-bg-hover` and added `--color-bg-sidenav-hover`

* removed end slot `div` styles from rebase, updated `buttonType` in `nav-group` story

* added dark mode `--color-bg-sidenav-hover`

* added `xsmall` size variant to 'Icon Button'

* - updated navs to use 'xsmall' button
- fixed container padding
- removed custom arrow button styles

* fixed type error

* fixed focus-visible state by adding `tw-outline-none` to `nav-item`

* fixed type error

* placed arrow button directly in start slot

* defined `containerClasses` in template

* renamed 'item-active-hover' to 'active-item-hover' for consistency

* missed renaming from `item-active-hover` to `active-item-hover`

* fixed 'hover' and 'active' colors, added colors for arrow hover states

* - separated buttons sizes for 'Button' and 'Icon Button' from `BaseButtonDirective` into respective components
- moved `border-radius` style from Directive into own components

* fixed/simplified focus colors, added sidenav specific focus colors

* updated 'arrow' icon size for nav group, updated 'xsmall' font size

* trigger Claude review

* removed `tw-text-2xl` in nav-group for arrow button

* removed unused `NgClass` import

* more cleanup, removed unused `Ng` imports

* converted `_isActive` to signal and `showActiveStyles` to computed

* removed instances of `variant="tree"`

* renamed color variables from `admin-sidenav` to `sidenav-secondary`

---------

Co-authored-by: Will Martin <contact@willmartian.com>

* fix lint

* [CL-1096] Fix icon button width shrinking in flex containers (#19529)

Add tw-shrink-0 to prevent icon buttons from shrinking below their
fixed size when placed inside flex containers.

* [CL-1101] Fix chip dismiss button hover style and add interaction state stories (#19530)

Use the correct bg-bg-hover token for dismiss button hover background, matching
the Figma spec. The previous hover-contrast token was invisible on light backgrounds.
Add InteractionStates story showing Default, Hover, Focus, and Inactive states
for both large and small sizes.

* [CL-1098] Fix danger icon button color in form field suffix (#19532)

* [CL] Fix danger icon button color in form field suffix

Don't apply tw-text-muted to icon button suffixes — icon buttons manage
their own text color via buttonType, so the muted class was overriding
danger/primary colors (e.g. blue icon on red background in Cipher Form).

* [CL] Fix danger icon button color in form field suffix

Don't apply tw-text-muted to icon button suffixes — icon buttons manage
their own text color via buttonType, so the muted class was overriding
danger/primary colors (e.g. blue icon on red background in Cipher Form).

Also adds a DangerButtonInputGroup story to capture this case.

* [CL-1094] Update icon button default variant to primaryGhost (#19534)

* [CL-1094] Update icon button default variant to primaryGhost

Change buttonType from input to model in BaseButtonDirective, and set
the default to primaryGhost in the icon button constructor.

* [CL-1094] Fix icon button default variant using own input + effect

Using model.set() in the constructor is overridden by Angular's input
initialization lifecycle. Instead, own buttonType as an input directly
on BitIconButtonComponent with primaryGhost as the default, and sync to
the base directive via effect.

* [CL-959] update badge component styles (#19026)

* badge wip

* dynamic truncated badge tooltip

* support legacy variants for now

* add deprecation types and remove hover styles

* updated story docs

* add default icons for badges

* fix incorrect color mapping

* add ability to hide start icon

* take snapshot in both themes

* add icon size styles

* remove tooltip code

* update at risk password to use actual buttons

* more specific badge truncation docs

* remove badge module from imports

* use chip action for link

* fix missing import

* use chip in multi-select inputs

* update org badge to use primary chip

* update premium badge to accent primary action chip

* use chip action for vault item fill

* remove unnecessary icon in badge

* update obsolete notification variant

* replace usage of bitBadge on button in stories

* remove explicit input to hide startIcon

* use berry instead of badge

* fix type error

* fixing imports and badge usage

* use logical text align

* remove dead code and update jsdoc comment

* add back ability to not truncate

* remove default icon for accent-primary

* add missing translation keys to multi select story

* allow null as default icon type

* add element selector and update stories to use it

* conditionally apply truncate class

* conditionally apply title text

* migrate badge to berry

* use correct input for content

* use berry in toggle group stories

* remove unused template reference

* remove unused import of badge

* remove unused custom color code

* remove unused service injection

* [CL-1102] Fix help icon size in bit-label (#19533)

* [CL-1102] Fix help icon size in bit-label

Target bwi icons inside bit-label with [&_.bwi]:tw-text-xl to restore
correct icon sizing after recent icon style changes.

* [CL-1102] Fix text alignment regression in bit-label

Add tw-leading-none to bwi icons to prevent the line-height from
tw-text-xl from disrupting baseline alignment.

* remove bwi-sm from label icon

---------

Co-authored-by: Bryan Cunningham <bryan.cunningham@me.com>

* [CL-964] Update Callout Component (#19424)

* updated callout component

* renamed consumer bit-callout `type` from 'default' to 'subtle'

* updated callout 'end' slot

* migrated spotlight to callout, deleted spotlight

* - updated `title` comment
- updated stories and mdx

* removed `useAlertRole`

* added `CommonModule` import and updated `buttonType` in stories

* updated 'Accessibility' guidelines

* updated 'close' button

* - updated stories for clearer code
- set `(onDismiss)` only for WithCloseButton story

* added boolean switch for `persistent` to story

* fixed tests

* prettier fix

* - updated `bit-callout` instances of `buttonType="unstyled"` to use appropriate `buttonType`
- updated story for correct usage of button styles

* fixed `type` in `vault-list`

* updated to use `bit-icon`

* - fixed vertical centering of icon and text
- updated to 'OnPush' change detection

* fixed error: added 'close' to `mockLayoutI18n`

* updated `bit-callout` jsdoc comment and mdx

* fixed `persistent` callout in `admin-settings`

* removed "interrupt" language

* reverted fix for `bit-callout` `persistent`

* fixed type error

* added `close` translation to stories utilizing `bit-callout`

* converted to JSDoc comments

* updated 'close' button to check if `dismiss` output is bound

* fix: removed `readonly` from `isDismissible`

* converted `isDismissble` to signal

* added translation to `phishing-warning' story

* added bottom margin back in to callout component

* fixed type error,  fixed `icon` values

* revert subscription-card callout icon to default if not defined

* fix: update 'bit-callout' type to 'subtle'

* updated colors in `tw-theme`

* added conditional check to compute vertical alignment class

* updated more colors, slight restructure to match design

* fixed vertical alignment with 'close button', avoid long text crowding/overflowing

* remove default icons on non-semantic variants (#19614)

* remove default icons on non-semantic variants

* add back info icon to info variant

* remove info icon again

* [CL-1095] add expanded state for disclosure button (#19637)

* add brand stronger colors

* add aria-expanded styling for primary ghost button

* make all variants aria-expanded style match hover styles

* update orage-600 color value to fix contrast

* minor spacing update to account for expanded button style

* do not show expanded state on sidenav buttons

* no expanded style on toggle width button

* remove extra letter spacing and update story copy (#19668)

* [CL-1123] fix ghost button inactive styles (#19669)

* fix ghost button inactive styles

* remove type declaration

* [CL-1119] toggle berry update (#19609)

* update toggle groups to use berry

* set berry variant based on selected state

* fix failing spec

* add spec to test berry variant set correctly

* fix import errors caused by bad merge conflict resolution

* remove unnecessary variant delaration

* update kitchen sink stories to use berry

* [CL-1122] BUG FIX: Migrated Icon Buttons with button type 'danger' to 'dangerGhost' (#19677)

* migrated `bitIconButton` with 'danger' `buttonType` to 'dangerGhost'

* reverted icon-button story

* fix button variant from merge

* [CL-1117] BUG FIX: Side nav collapse arrow is placed too far left (#19623)

* - updated spacing for side-nav collapse arrow button
- updated collapsed nav-item button spacing and dimensions
- moved individual nav-item wrapper padding into side-nav component
- added button to 'WithLongText' nav-item story

* added sidenav specific hover style to toggle collapse button

* - set horizontal padding back to 'nav-item'
- updated 'bit-divider' color to 'bg-border-brand'

* updated hover styles for interactive trailing elements

* added '4px' more end padding to trailing buttons

* updated 'bit-divider' colors for secondary and dark theme

* moved button hover styles into 'side-nav' button variant

* updated sidenav-divider color for dark theme

* removed `tw-w-10` on nav-item collapsed

* updated inline padding to `12px` for both collapse and expanded states

* [CL-1117] cleaned up, renamed, and organized sidenav color variables (#19665)

* - unified 'strong' styles and `showActiveStyles` into `[style]`
- updated 'side-nav' button variant's `aria-expanded` and `focus-visible` styles

* - inherit bg and fg from parent `sidenav`
- allow trailing buttons set own fg

* updated nav group story for trailing elements

* updated nav-logo 'focus' to nav focus style

* let toggle width arrow inherit 'aria-expanded' style from 'side-nav' buttontype

* removed danger button variants from nav group story

---------

Co-authored-by: Bryan Cunningham <bcunningham@bitwarden.com>
Co-authored-by: Vicki League <vleague@bitwarden.com>
Co-authored-by: Leslie Xiong <lxiong@livefront.com>
2026-03-25 10:55:06 -05:00
Jared Snider
8c35c781a8
Auth/PM-33353 - Password Login - refine prefetching of password prelogin data (#19510)
* PM-33353 - LoginStrategyService tests - add test to capture the bad behavior.

* PM-33353 - Extract Password Prelogin API logic to own service out of API service.

* PM-33353 - Rename prelogin request / response models to have password prefix for clarity

* PM-33353 - Build PasswordPrelogin domain service and domain model + tests

* PM-33353 - PasswordPrelogin - add barrel file

* PM-33353 - PasswordPreloginData - fromResponse - add validateKdfConfigForPrelogin so domain model is always valid.

* PM-33353 - Register PasswordPreloginApiService and PasswordPreloginService.

* PM-33353 - LoginComponent - wire up PasswordPreloginService

* PM-33353 - LoginStrategy updates - (1) Remove all password prelogin code from top level strategy service (2) Inject new PasswordPreloginService for use in the PasswordLoginStrategy.

* PM-33353 - Update Password Prelogin tests to use defaults

* PM-33353 - PasswordPreloginData model tests - update to use mins

* PM-33353 - Fix login strategy tests + get TS strict warnings fixed

* PM-33353 - Remove login component tests

* PM-33353 - Fix CLI

* PM-33353 - Password Login Strategy - add additional tests + fix misc issues + re-organized tests.

* PM-33353 - LoginComp - local AI review feedback - clean up prefetchPasswordPreloginData

* PM-33353 - Remove PM23801_PrefetchPasswordPrelogin feature flag

* PM-33353 - DefaultPasswordPreloginService - getPreloginData$ - fix shareReplay error bug state.

* PM-33353  - login-strategy.state.spec.ts - Remove incorrect todo and fix ts strict issues

* PM-33353 - Per PR feedback, Update PasswordPreloginService to add a cache clear mechanism to just tightly bound the service's memory to the lifetime of the key making process
2026-03-24 17:11:08 -04:00
Thomas Rittson
577bfbb231
Update all event import statements and remove re-exporting files (#19545)
Final import statement update after moving files to DIRT ownership
2026-03-24 16:00:39 -04:00
Jonathan Prusik
a966e75576
[PM-27368] Injected Autofill experiences should respect the user's "show animations" setting (#19622)
* toggle autofill animation based on user setting

* toggle inline-menu animation based on user setting

* toggle notification animation based on user setting

* review feedback changes

* add tests

* reformat comments
2026-03-24 15:48:17 -04:00
Jordan Aasen
2c0346e52a
[PM-34012] - Replace image in welcome dialog with extension prompt (#19720)
* update web vault extension prompt dialog icon

* remove old image

* add index
2026-03-24 10:46:56 -07:00
Leslie Xiong
57ea72c131
removed tw-hyphens-auto from simple dialog (#19732) 2026-03-24 12:03:07 -04:00
Jared Snider
ebd896f91a
Auth/PM-33261 - Multi-client Password Management (new for desktop & extension) (#19289)
* PM-32413 - Add hasPassword guard for future use.

* PM-32413 - Web - PasswordSettingsComp - add TODO for using new guard.

* PM-32413 - ChangePasswordComp - Add output emitter for when a password has been changed successfully.

* PM-32413 - Add feature flag

* PM-32413 - Desktop - implement change password component in a dialog.

* PM-32413 - Add change password to extension

* PM-32413 - Fix translations

* PM-32413 - Desktop - menu - add clean up todo

* PM-32413 - Feature flags - reset hardcoded true values

* PM-32413 - Add clean up todos

* PM-32413 - Extension Routing module - add hasPassword guard

* PM-32413 - add todo

* PM-32413 - Desktop / Extension - use  InputPasswordFlow.ChangePassword instead of  InputPasswordFlow.ChangePasswordWithOptionalUserKeyRotation

* PM-32413 - Finish last AI review items

* PM-32413 - Per PR feedback, update change-password-dialog title translation to one that we don't plan on removing.

* PM-32413 - Per PR feedback, update menu item id

* PM-32413 - Per local claud review - modify has-password to use UrlTree pattern.

* PM-32413 - ChangePassword comp - add  this.passwordChanged.emit(); in newly flagged code branch
2026-03-23 16:47:50 -04:00
Kyle Denney
87a636c9fc
[PM-30101] subscription discounts in web checkout (#19599)
* [PM-30101] subscription discounts in web checkout

fixing expired code

* fix missing parens

Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>

* fix typechecking

* missing tests

* fix test

* design feedback

only show discount badges in cart summary in checkout flows

* pr feedback

---------

Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
2026-03-23 13:16:33 -05:00
bmbitwarden
8a1e0fa950
PM-31767 resend feature (#19136)
* PM-31767 resend feature

* PM-31767 resolved auto send issue

* PM-31767 resolved type lint issue

* PM-31767 refactored feature to use toast instead

* PM-31787 refactored for recent change requests

* PM-31787 resolved lint issues

* PM-31767 made new translation key for lower case resend code

* PM-31767 resolved receipt redesign requests

* PM-31767 resolved pr comment

* PM-31767 changed text string

* PM-31767 resolve type error
2026-03-23 12:55:36 -04:00
bmbitwarden
099a8fa45e
PM-31418 implemented password generator inside drawer (#19521)
* PM-31418 implemented password generator inside drawer

* PM-31418 resolved pr comment

* PM-31418 resolved layout of save and cancel buttons

* PM-31418 restore password generator menu in browser
2026-03-23 09:16:22 -04:00
Jordan Aasen
d20e33c431
handle and parse errors messages for server errors in the browser (#19667) 2026-03-20 16:42:22 -07:00
Jackson Engstrom
b2717f1717
[PM-29833] The "Change at-risk password" link within the web app doesn't always work. (#18958)
* adds changePasswordUrl as the href target

* passes changePasswordUrl to subcomponent

* updates href logic

* allows changePasswordUrl to be null without error

* changes banner from a link to just text if there is no http(s) uri

* removes change me link under the password field if there is no http(s) uri

* update vulnerable password copy

* changes backend services calls to only when at risk password link needs to be shown
2026-03-20 15:46:56 -07:00
Maciej Zieniuk
1b63466144
prevent the KM state used in SDK from caching and rxjs observable becoming hot observable (#19685) 2026-03-20 23:46:03 +01:00
Alex Dragovich
ecfbd6c66d
[PM-32453] handle different encodings for lastpass private key (#19651)
* [PM-32453] handle different encodings for lastpass private key

* [PM-32453] improved error checking

* [PM-32453] error message changes

* [PM-32453] improving readability and code flow

* [PM-32453] fixing import
2026-03-20 12:14:12 -07:00
Alex Dragovich
885c1f2e22
[PM-33820] fix lastpass no elements error (#19624)
* [PM-33820] fix lastpass di no elements error

* [PM-33820] fixing tests
2026-03-20 10:29:16 -07:00
Nick Krantz
e6ecca1b54
[PM-30284] Autofill confirmation dialog (#19352)
* show full urls for autofill confirmation dialog

* add tooltip for autofill confirmation dialog

* add word-break for tooltips

* update tests

* update functionality to account for startsWith and Regular expression

* fix typings

* fix test types that were breaking build
2026-03-20 11:18:30 -05:00
Daniel James Smith
257b32aa7d
[PM-29480] Add dialog to cookie acquisition (#19655)
* feat: add full middleware pipeline support

* Retrieve cookies from storage and attach cookies using Electron session

* Register middleware to act on fetch redirect to acquire cookie for SSO

* Add missing tests

* fix: acquireCookies call

* fix: cookies not getting set

* feat: add vaultUrl to server communication config

* feat: adapt to receiving vaultUrl in acquireCookies

* fix: remove localhost connector override

* Fix requests can't be re-used

* Add small delay to ensure cookies are saved before retrying requests

* Fix vaultUrl being set twice

* Add mock clone method

* Fix sso-cookie.main tests

* Remove old FIXME

* Re-use request and fix test

* Add missing coverage checking that needsBootsrap is called

* In case the hostname can't be extracted, the response is returned

* Only check the responseType instead of also checking statuscodes for redirects

* Bump the sdk-version

* Prepend https:// if necessary before launching the connector url

* Add dialog to cookie acquisition

* Fix tests

* Add handling the user choosing cancel, which will now cancel the cookie acquisition

* Do not retry if needsBootstrap returns false

* Fix tests that hadn't been updated seen https:// was appended

* Move the sso cookie feature fully into desktop

* Move prompt to acquire cookie into ServerCommunicationConfigPlatformApiService and ensures that concurrent calls are dedupes during the callback await and when the dialog is open but no option has been chosen yet

* Fix broken import on sso-cookie.main.spec

* Update test suite, due to moving the dialog into the ServerCommunicationConfigPlatformApiService

* Fix import, that I missed from the move

* feat: move subscription into init function

---------

Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2026-03-20 15:34:50 +00:00
sven-bitwarden
4058f13e28
[PM-30993] More Descriptive Message on Expired Tokens (#18869)
* Show more descriptive error on expired tokens

* Separate org invitation acceptance from others

* Adjust variable names

* Account for additional invitation-accept error
2026-03-20 08:35:30 -05:00
Daniel James Smith
3c4d466f25
[PM-27125] Add cookies to fetch requests (#19588)
* feat: add full middleware pipeline support

* Retrieve cookies from storage and attach cookies using Electron session

* Register middleware to act on fetch redirect to acquire cookie for SSO

* Add missing tests

* fix: acquireCookies call

* fix: cookies not getting set

* feat: add vaultUrl to server communication config

* feat: adapt to receiving vaultUrl in acquireCookies

* fix: remove localhost connector override

* Fix requests can't be re-used

* Add small delay to ensure cookies are saved before retrying requests

* Fix vaultUrl being set twice

* Add mock clone method

* Fix sso-cookie.main tests

* Remove old FIXME

* Re-use request and fix test

* Add missing coverage checking that needsBootsrap is called

* In case the hostname can't be extracted, the response is returned

* Only check the responseType instead of also checking statuscodes for redirects

* Bump the sdk-version

* Prepend https:// if necessary before launching the connector url

* Do not retry if needsBootstrap returns false

---------

Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2026-03-20 10:19:21 +01:00
Bernd Schoolmann
5b4e8c10f0
[PM-33345] Bump typescript to 5.9 (#19461)
* Bump typescript to 5.9

* Fix km types

* Fix auth types

* Fix remaining types

* Fix spec files eslint

* Fix eslint

* Prettier

* Make SendHashedPassword Uint8Array<ArrayBuffer>

* Update rul tester

* Fix tests

* Fix tests
2026-03-19 23:13:06 +01:00
SmithThe4th
7b1ed66830
Added error message toast (#19672) 2026-03-19 17:12:37 -04:00
Mike Amirault
49e5f0a8c8
[PM-32160] Use shared Send List component in web (#19454)
* [PM-32160] Use shared Send List component in web

* Address AI review comments

* Surface errors on delete and remove password failures
2026-03-19 16:48:58 -04:00
John Harrington
4c9965a75f
[PM-33232] Update UX implemented in PM-33219 to resolve VULN-458 (#19514)
* send AuthType in request payload and allow empty email field

* re-introduce validation enforcing non-empty email field
2026-03-19 13:36:32 -07:00
rr-bw
411156aeaa
refactor(input-password-flows): [Auth/PM-27086] Use new KM Data Types in InputPasswordComponent flows - Change Password (#18507)
Updates the `ChangePasswordService` (`changePassword()` and `changePasswordForAccountRecovery()`) to use the new KM data types :
- `MasterPasswordAuthenticationData`
- `MasterPasswordUnlockData`

This allows us to move away from the deprecated `makeMasterKey()` method (which takes email as salt) as we seek to eventually separate the email from the salt.

Also moves current password validation into the default and web change password services.

Behind feature flag: `pm-27086-update-authentication-apis-for-input-password`
2026-03-19 10:40:14 -07:00
Jordan Aasen
c117c20755
Revert "handle and parse errors messages for server errors in the browser (#19566)" (#19662)
This reverts commit 7318376528.
2026-03-19 10:01:38 -07:00
Maciej Zieniuk
17ddfd2e20
remove pm-28813-data-recovery-tool feature flag (#19635) 2026-03-19 16:45:46 +01:00
Shane Melton
3233f6461f
[PM-33446] Ensure attachments are cleared on clone (#19644)
* [PM-33446] Ensure attachments are cleared on clone operation

* [PM-33446] Add unit test
2026-03-19 07:03:00 -07:00
Nik Gilmore
33d250a964
[PM-30825] Bugfix: Upload multiple attachments in a row to org cipher (#18957)
* Fix bug causing ciphers not to load under certain circumstances.

* Don't set admin flag for non-admin cipher attachment operations

* Use the same flag for getCipherAdmin as for calling Admin API

* Set 'edit' flag on admin
2026-03-18 15:00:23 -07:00
Leslie Tilton
bfb47cc9da
Add TrendWidget Feature Work (#19639)
* [PM-27772] Add TrendWidget component with Chart.js implementation (#19078)

Add reusable TrendWidget component with Chart.js line chart for displaying risk trends over time in Access Intelligence.

- Configurable datetime/linear x-axis scales
- Theme-aware colors from design system (brand-700/400, gray-200/600)
- Full i18n support (10 new translation keys)
- Loading spinner and error state handling
- Proper Chart.js lifecycle management

* [PM-28530] Implement period selector UI component (#19162)

* feat(dirt): define TimePeriod type for risk-over-time period selector

Add const object type for 5 time periods (month, 3mo, 6mo, 12mo, all)
following ADR-0025 no-enum pattern. Includes PeriodOption interface
and PERIOD_OPTIONS config for rendering.

[PM-28530]

* feat(dirt): create PeriodSelectorComponent using bit-menu

Custom trigger button with bit-menu dropdown for risk-over-time
time period selection. No clear button, neutral styling matching
Figma design. Check icon marks current selection.

[PM-28530]

* feat(dirt): add barrel export for period selector

[PM-28530]

* feat(dirt): add i18n strings for period selector options

Add translation keys for time period labels: pastMonth, last3Months,
last6Months, last12Months, and timePeriod placeholder.

[PM-28530]

* feat(dirt): add Storybook stories for PeriodSelectorComponent

Stories for default state, pre-selected 3 months, and disabled state.

[PM-28530]

* test(dirt): add unit tests for PeriodSelectorComponent

Tests cover default state, period options with pre-translated labels,
selection changes, and selected label reactivity.

[PM-28530]

* feat(dirt): integrate PeriodSelector into TrendWidget component

Replace placeholder with dirt-period-selector dropdown. Add TimePeriod
to TrendWidgetTimespan mapping layer to bridge the two type systems.
Remove standalone Storybook story and disabled input per review feedback
— component now lives inside TrendWidget, not standalone.

[PM-28530]

* refactor(dirt): replace model() with signal() + output() for PeriodSelector

Switch from Angular's model() API to the signal() + output() pattern
used throughout the Access Intelligence module. This matches the
existing convention in TrendWidget (selectedTimespan/timespanChanged),
app-table-row-scrollable (checkboxChange/selectAllChange), and
review-applications-view (onToggleSelection/onToggleAll).

Changes:
- Replace model<TimePeriod>() with signal<TimePeriod>() for internal state
- Add explicit selectedPeriodChange output for parent notification
- Manual .emit() in selectPeriod() to match module convention
- Update test to verify output emission via subscribe spy

No functional change — both patterns emit selectedPeriodChange events.
The template binding (selectedPeriodChange)="..." is unchanged.

* refactor(dirt): update labels to match Figma and unify type system

Update period selector labels per Figma design:
- "Last 3 months" → "Past 3 months" (past3Months)
- "Last 6 months" → "Past 6 months" (past6Months)
- "Last 12 months" → "Past year" (pastYear)
- "All" → "All time" (allTime, new key — pre-existing "all" key untouched)

Rename TimePeriod const keys to match labels:
- Last3Months → Past3Months
- Last6Months → Past6Months
- Last12Months → PastYear
- All → AllTime
Wire values unchanged ("month", "3mo", "6mo", "12mo", "all") to
preserve server API compatibility.

Remove TrendWidgetTimespan entirely — TrendWidget now uses TimePeriod
directly for signals, outputs, and data model. Eliminates the temporary
mapping layer (timePeriodMap + onPeriodSelectorChange). Period selector
wires directly to onTimespanChange().

[PM-28530]

* [PM-28533] Add view selector to TrendWidget component (#19163)

Adds the view selector button group to the TrendWidget component. Hooks up to existing signal and emits events when the view mode is changed. In future development, the parent component of TrendWidget will need to handle these events to fetch updated chart data from the API.

View options are:

Applications
Passwords
Members

* Fix TimePeriod type errors in TrendWidget stories (#19239)

Replace invalid "past-month" string literals with TimePeriod.PastMonth
constant to match the TimePeriod type definition. The TimePeriod const
object uses "month" as the value for PastMonth, not "past-month".

* [PM-32056] Add feature flag for access intelligence trend chart (#19164)

* feat(dirt): add feature flag for access intelligence trend chart

Register the `pm-26961-access-intelligence-trend-chart` feature flag
to gate the upcoming TrendChart widget in the Activity tab. Default
is FALSE (disabled). PM-32057 will consume this flag when wiring up
the widget component.

[PM-32056]

* feat(dirt): read trend chart feature flag in activity component

Inject ConfigService into AllActivityComponent and read the
AccessIntelligenceTrendChart flag on init. This prepares the
component for the TrendChart widget to be conditionally rendered.

[PM-32056]

* feat(dirt): add conditional wrapper for trend chart widget

Add an @if block gated by the AccessIntelligenceTrendChart feature
flag in the Activity tab template. The TrendChart widget will be
placed inside this block when wired up.

[PM-32056]

* reset package files to main

* install chartjs using node v22

* add chartjs to dirt team deps (#19244)

* [PM-32055] Download TrendWidget chart to PNG and CSV (#19245)

This PR adds a download button to the TrendWidget component that supports downloading the "Risk over time" chart data as a PNG or in CSV format.

Logic to dynamically add a chart title and x/y axis labels is included. This required creating a service that recreates a copy of the chart with title and axis labels applied, in an off screen canvas element, and then exporting to blob for file download. This logic is owned by the ChartExportService.

* Fix readonly variables. Update chart variable to use signal

* Fix any type in test file

---------

Co-authored-by: Brad <44413459+lastbestdev@users.noreply.github.com>
Co-authored-by: Alex <55413326+AlexRubik@users.noreply.github.com>
Co-authored-by: Brad Deibert <bdeibert@bitwarden.com>
2026-03-18 16:04:04 -05:00
Shane Melton
e6d6deab9b
[PM-33446] Clear the cipher key when performing a clone operation (#19642) 2026-03-18 13:42:55 -07:00
Jordan Aasen
7318376528
handle and parse errors messages for server errors in the browser (#19566) 2026-03-18 10:26:25 -07:00
Addison Beck
662e4c7740
feat(platform): extract vaultUrl from /api/config response (#19469)
* feat(platform): extract vaultUrl from /api/config response

Updates DefaultConfigService to extract the vault URL from the server's
/api/config response and populate it in the ServerCommunicationConfig that
gets passed to the SDK.

The vaultUrl field is extracted from response.environment.vault using
optional chaining to safely handle cases where the environment field may
be undefined. This follows the TypeScript camelCase naming convention and
integrates with the SDK's vault_url parameter added in the previous SDK
commits.

This enables the SDK to receive an explicit vault URL for SSO cookie
acquisition redirects, which fixes two critical issues:
1. Port preservation: Prevents localhost:8000 being stripped to localhost
   in local development environments
2. Multi-subdomain routing: Ensures redirects use vault.bitwarden.com
   instead of api.bitwarden.com when the cookie domain differs from the
   vault hostname

The TypeScript interface definition will be added in the next commit to
complete type safety.

Refs: PM-33352

* fix(platform): add vaultUrl parameter to noop acquireCookies

Updates the NoopServerCommunicationConfigPlatformApiService implementation
to match the SDK's ServerCommunicationConfigPlatformApi trait interface
change from SDK PR #832.

The SDK's acquire_cookies() method now requires both hostname and
vault_url parameters. This commit adds the vaultUrl parameter to the
noop implementation's method signature to maintain TypeScript type
compatibility.

The noop service remains a no-op - it continues to return undefined
but now accepts the additional parameter that the SDK interface expects.
This prevents TypeScript compilation errors when the clients repo updates
to SDK version 0.2.0-main.580 or later.

Refs: PM-33352

* feat: update sdk

* fix: add missing vault_url to tests

* review: guard ssoCookieVendor on vaultUrl

Passing undefined for vaultUrl into the SDK's Rust
SsoCookieVendorConfig struct causes a panic at the WASM
boundary. Extract vaultUrl into a local variable and add a
null guard so that configs missing a vault URL fall back to
{ bootstrap: { type: "direct" } } instead of reaching the
SDK with an incomplete struct.

Update the existing ssoCookieVendor test to assert vaultUrl
in the expected output, and add a new case verifying the
direct fallback when environment is absent.

---------

Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>
2026-03-18 12:54:30 -04:00
Alex Morask
c73f1307a3
fix(pricing): display item-level discounts in cart-summary component (#19466) 2026-03-18 08:47:38 -05:00
Mike Amirault
008311fbc8
Improve logging for LastPass direct import (#19615) 2026-03-18 09:25:28 -04:00
Todd Martin
9744785a31
fix(environment): Handle unordered environment update events on logout
* Introduce check on user environment state

* Add additional check.

* Updated test comments.

* Added comment to explain change.
2026-03-17 22:05:11 -04:00
Justin Baur
5acb7c8503
[PM-19659] Add server-notifications README (#16203)
* Add `server-notifications` README

* Apply suggestions from code review

Co-authored-by: Todd Martin <106564991+trmartin4@users.noreply.github.com>

* Formatting

* Docs update from feedback

* Update libs/common/src/platform/server-notifications/README.md

Co-authored-by: Derek Nance <dnance@bitwarden.com>

* Add and Fix links

---------

Co-authored-by: Todd Martin <106564991+trmartin4@users.noreply.github.com>
Co-authored-by: Derek Nance <dnance@bitwarden.com>
2026-03-17 20:03:28 -04:00
Dave
4ff3395754
[PM-29796] Parameter validation with pattern match (#19500)
* feat(accept-organization-component) [PM-29796]: Validate Id expected shape.

* feat(utils) [PM-29796]: Remove invalidUrlParams.

* feat(utils) [PM-29796]: Re-add URL pattern matching detection with updated naming and comments.

* feat(accept-organization) [PM-29796]: Update component handling for id validation.

* feat(utils) [PM-29796]: Improve pattern-matching on utils.

* comment(accept-organization) [PM-29796]: Add comments on handling pattern.

* comment(accept-organization) [PM-29796]: Comments around authedHandler handling.

* refactor(utils) [PM-29796]: One entry per line with trailing comments for Prettier.

* refactor(accept-organization) [PM-29796]: Abstract handleInvalidInvite to its own method.

* docs(utils) [PM-29796]: Add/ungroup comments on declared match patterns.

* test(utils) [PM-29796]: Update tests and comments.

---------

Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
2026-03-17 17:50:35 -04:00
Leslie Tilton
54f690df44
[PM-33797] AIV2: Standardize Models and Services: Models and Feature flag (#19612)
* feat(access-intelligence): add V2 data model family, feature flag, and encryption service abstraction

* fix(access-intelligence): remove premature services export from barrel
2026-03-17 16:50:23 -05:00
Jackson Engstrom
56ef1dd3f4
[PM-32180] Change when premium upgrade happens (#19593)
* adds premium-upsell service

* adds and updates tests

* changes name and type in test file

* fixes strict ts

* Update libs/angular/src/vault/services/premium-upsell.service.spec.ts

fix import

Co-authored-by: Jordan Aasen <166539328+jaasen-livefront@users.noreply.github.com>

* change initial value and fix import order

---------

Co-authored-by: Jordan Aasen <166539328+jaasen-livefront@users.noreply.github.com>
2026-03-17 14:11:04 -07:00