Commit Graph

21090 Commits

Author SHA1 Message Date
Jared
3548a358cf
Refactor VaultTimeoutAction from enum to const object for improved type safety and flexibility (#19499) 2026-03-12 11:43:16 -04:00
Nick Krantz
849bf53eca
verify that enableIndividualItemsTransfer is set for organization ownership policy (#19506) 2026-03-12 08:56:02 -05:00
Bernd Schoolmann
c369fe7463
[PM-32856] Make sync non-blocking on desktop, browser (#19358)
* Make sync non-blocking

* Update comment

* Undo changes to development.json

* Update libs/key-management-ui/src/lock/components/lock.component.ts

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Prettier

---------

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
2026-03-12 04:31:24 -05:00
cd-bitwarden
3e0d41ec2f
fixing sidebar count issue (#18761) 2026-03-11 17:43:46 -04:00
cd-bitwarden
79c52ca29b
[SM-1800] Handle corrupted encrypted project names gracefully - Clients (#18873)
* Handle corrupted encrypted project names gracefully

- Add decryptionError flag to ProjectView, ProjectListView, and SecretProjectView
- Wrap all project name decryption in try-catch blocks across services
- Use DECRYPT_ERROR constant instead of hardcoded strings
- Display corrupted names as clickable warning text in projects list
- Show warning badges for corrupted project names in secrets list
- Add i18n keys for error tooltips
- Add keyboard accessibility (role, tabindex, enter/space handlers)

* fixing tests

* fixing jittery loading
2026-03-11 17:42:36 -04:00
Nick Krantz
2d702e0eac
[PM-32661] Update Transfer Items Dialog (#19498)
* refactor decline and leave to be a link button rather than a secondary button

* update supporting text for transfer dialog

* add aria-label for learn more link
2026-03-11 16:19:09 -05:00
Vijay Oommen
4b25324c44
pm-33009: Add email validation to data breach report (#19403) 2026-03-11 13:09:09 -05:00
Jonathan Prusik
c689f44c06
[PM-28174] Fix actions/create-github-app-token breakage (#19472)
* fix actions/create-github-app-token breakage

* remove renovate version block rule
2026-03-11 13:14:13 -04:00
Daniel James Smith
7224a529e9
Remove NotPremiumDirective from jslib.module (#19287)
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2026-03-11 17:46:12 +01:00
Vicki League
3992832f30
[CL-1074] Fix chromatic workflow when changedFiles is false (#19495) 2026-03-11 16:40:59 +00:00
Daniel James Smith
7507c33744
Remove duplicate entry from tsconfig.base.json (#19309)
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2026-03-11 12:00:51 -04:00
Bryan Cunningham
50108b2477
[CL-1033] Migrate layout CTAs to new icon API (#19488)
Migrates buttons and links in product-switcher layout components to use the new icon API.

Co-authored-by: Will Martin <contact@willmartian.com>
2026-03-11 15:54:04 +00:00
Daniel James Smith
46bb683d7b
[PM-29232] Add cookie acquisition (#19392)
* Add cookie acquisition to ServerCommunicationConfigService

* Fix DI for ServerCommunicationConfigPlatformApiService

* Rename param for acquireCookie from hostname to url

---------

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2026-03-11 16:52:44 +01:00
Alex Morask
e5a6312fee
[PM-33308] Use providedIn: "root" for web-based billing services (#19449)
* refactor(billing): move billing services to providedIn root and remove component-level providers

* refactor(billing): remove missed redundant billing service providers

* refactor(billing): move 4 additional billing services to providedIn root and remove empty modules
2026-03-11 10:38:43 -05:00
Ike
c8c66a8bf1
[PM-32424] Send Access Enumeration protection (#19422)
* feat: remove reference to otp_invalid response since it is not used anymore

* remove usage of otpInvalid in CLI receive command

* fix: remove vestigial error types.

* chore: update sdk

* chore: fix failing test

---------

Co-authored-by: John Harrington <84741727+harr1424@users.noreply.github.com>
2026-03-11 11:37:07 -04:00
Daniel James Smith
5707b0064c
[PM-32915] Angular updates to TwoFactorIconComponent (#19306)
* Make TwoFactorIconComponent standalone

* Angular updates to TwoFactorIconComponent

- Migrate TwoFactorProviderType from enum to const (ADR25)
- Migrate Inputs to Signals
- Make provider a required input
- Use new Control Flow syntax
- Use OnPush change detection
- Memoize function for legacy providers (providers with png image)
- Add documentation
- Remove @ts-strict-ignore
- Fix type in TwoFactorSetupDuoComponent as it would default to number because of the migration of TwoFactorProviderType (enum to const). Now it can be overridden with any value of TwoFactorProviderType

* Add type guard for TwoFactorProviderType and fix CLI

* PM-32915 - Update TwoFactorProviderType to mark U2f as deprecated in favor of WebAuthn

* PM-32915 - TwoFactorIconComp - refactor to eliminate legacy providers and just use new, already available duo and yubikey SVG icons.

* PM-32915 - Add TODOs for cleaning up mfaType usages.

* PM-32915 - Remove unncessary ng-container

---------

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
2026-03-11 15:28:01 +00:00
Daniel Riera
25dda0c78c
[PM-29528]Remove @ts-strict-ignore in autofill.service.ts (#19032)
* [PM-29528]Remove @ts-strict-ignore in autofill.service.ts

* remove redundant explicit checks

* implement a discriminated union to account for forms with no username

* add reducer and move up const for field opid

* Update apps/browser/src/autofill/services/autofill.service.ts

Co-authored-by: Jonathan Prusik <jprusik@users.noreply.github.com>

* revert suggestion

---------

Co-authored-by: Jonathan Prusik <jprusik@users.noreply.github.com>
2026-03-11 10:36:38 -04:00
Daniel Riera
cd2b708982
[PM-29526]Remove ts strict ignore in settings autofill component (#19012)
* remove ts strict

* explicit null check on handleAdvanceMatch

* handle null appropriately in uriMatchOptions

* add explicit null checks

* clean up code

* Update autofill.component.ts
2026-03-11 10:21:32 -04:00
Will Martin
34a4970527
Fix readonly lint errors in SendGeneratorDialogComponent (#19480)
Convert mutable class properties to readonly, using signals for
buttonLabel and generatedValue to satisfy the enforce-readonly-angular-properties rule.
2026-03-11 09:46:54 -04:00
Andreas Coroiu
35d25b7f8e
[PM-24047] Make popout windows respect vault timeout when unfocused (#19019)
* PM-24047: Make popout windows respect vault timeout when unfocused

Replace the heartbeat message-passing mechanism for popup detection
with direct browser API queries (getContexts on MV3, getExtensionViews
on MV2/Safari) that can distinguish focused from unfocused popout
windows. Unfocused popout windows no longer prevent vault timeout.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* PM-24047: Add isAnyViewFocused(), revert isPopupOpen() to simple popup detection

Addresses PR review feedback by separating focus-aware logic from the
isPopupOpen() semantics, which other callers depend on for simple
popup detection:

- BrowserApi.isPopupOpen(): reverted to return views.length > 0 for
  popup-type views only (original behavior)
- BrowserApi.isAnyViewFocused(): new method that checks popup views
  (always focused), sidebar tab views (always focused), and popout
  tab views (focused only if document.hasFocus() is true)
- BrowserPlatformUtilsService.isPopupOpen(): simplified MV3 path
  uses getContexts({ contextTypes: ['POPUP'] })
- BrowserPlatformUtilsService.isAnyViewFocused(): new method with
  MV3 (POPUP/SIDE_PANEL/focused TAB) and MV2/Safari paths
- PlatformUtilsService: adds isAnyViewFocused() to the interface
- Web/Desktop/CLI stubs return false (no popout windows)
- VaultTimeoutService now calls isAnyViewFocused() instead of
  isPopupOpen() so unfocused popouts don't block vault timeout

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Move MV3/MV2 routing into BrowserApi

isPopupOpen() and isAnyViewFocused() now use feature detection for
chrome.runtime.getContexts to select the right API internally,
rather than having the routing in BrowserPlatformUtilsService.
This means BrowserApi is the single owner of view-detection logic,
and the service methods are simple one-line delegations.

Using typeof getContexts === "function" rather than isManifestVersion()
handles Safari naturally: if Safari doesn't support getContexts it
falls back to getExtensionViews, without needing an explicit isSafari()
exclusion.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Scope MV3/MV2 routing refactor to isAnyViewFocused only

isPopupOpen() keeps its existing pattern (MV3/MV2 routing in the
service, simple getExtensionViews in BrowserApi) to avoid touching
unrelated code. Only isAnyViewFocused() has its routing moved into
BrowserApi via feature detection.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Restore isPopupOpen to main branch implementation

isPopupOpen() and its tests are restored exactly to the main branch
version (heartbeat-based approach). Only isAnyViewFocused is new code.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Refactor isPopupOpen() to use getContexts/getViews instead of heartbeat

Replaces the message-passing heartbeat approach with the same
chrome.runtime.getContexts() (MV3) / chrome.extension.getViews() (MV2/Safari)
introspection pattern used by isAnyViewFocused(). This eliminates the need
for a heartbeat listener in the popup and makes both methods consistent.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Simplify isAnyViewFocused() using Array.some()

Collapse the two separate POPUP/SIDE_PANEL checks into a single .some()
call, and replace the synchronous MV2/Safari tab view loop with .some().
The async TAB/popout window check stays as a for loop.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: improve tabs loop readability somewhat

* PM-24047: Fix MV3 popout focus check using wrong uilocation filter

The TAB context filter was checking for `uilocation=sidebar` instead of
`uilocation=popout`. In MV3, sidebars are SIDE_PANEL contexts (already
handled above), so this filter never matched, causing focused popout
windows to be silently ignored and the vault to timeout while a user was
actively viewing one.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Rename isViewOpen to isViewFocused for semantic accuracy

The variable and parameter previously named isViewOpen reflected
the old "is any view open?" semantics. After the refactor to
isAnyViewFocused(), the naming is updated to match the actual
behavior: checking whether a view is focused, not merely open.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-03-11 14:10:32 +01:00
aj-bw
6406a25989
[bre-1311] publish arm64 desktop to snap (#19397)
* add release channel for snap, defaulted to stable, add download for arm64 variant, add upload for arm, make channel a variable we can pass

* temporarily comment out amd publish to resolve duplicate rejection error

* restore branch check, uncomment amd64 line
2026-03-11 09:02:20 -04:00
Daniel Riera
628d155498
[PM-29521]Remove ts strict ignore in fido 2 background (#19473)
* [PM-29521]Remove @ts-strict-ignore in fido2.background.ts

* reduce expanded pattern used while testing

* Update apps/browser/src/autofill/fido2/background/fido2.background.ts

Co-authored-by: Jonathan Prusik <jprusik@users.noreply.github.com>

* account for slash or colon on local host

* fix lint format

---------

Co-authored-by: Jonathan Prusik <jprusik@users.noreply.github.com>
2026-03-11 08:10:11 -04:00
Maciej Zieniuk
0465bb2fb1
[PM-31112] Local user data key state declaration (#19471)
* client managed state

* sdk upgrade

* bad cherry-pick
2026-03-11 11:19:38 +01:00
bmbitwarden
8108a09701
PM-31202 implmeneted password modal menu (#18829)
* PM-31202 implmeneted password modal menu

* PM-31202 resolved lint issues

* PM-31202 included password generator inside navigation container for browser

* PM-31202 resolved lint issue

* PM-31202 resolved pr comments

---------

Co-authored-by: John Harrington <84741727+harr1424@users.noreply.github.com>
2026-03-10 19:26:49 -04:00
Daniel Riera
a1c0c6fac3
[PM-29529]Remove @ts-strict-ignore in background-notification.background.ts (#18850)
* [PM-29529]Remove @ts-strict-ignore in background-notification.background.ts

* address feedback

* explicit check in container to match notification bg
2026-03-10 14:43:48 -05:00
Vicki League
b1ddbb7047
Improve Storybook composition from chromatic workflow (#19468) 2026-03-10 14:47:45 -04:00
Thomas Avery
c842f76539
[PM-27297] Remove ConsolidatedSessionTimeoutComponent feature flag (#18616)
* Remove flag

* Remove legacy components

* Update unit tests

* update messages json
2026-03-10 13:09:35 -05:00
Oscar Hinton
77e837fe80
Remove shared module from desktop (#19414) 2026-03-10 19:09:20 +01:00
Brad
11a5c662de
[PM-29841] Account Security page: fix flickering form values (#19272)
* add loading state until form values are provided
2026-03-10 09:05:32 -07:00
Nick Krantz
aa19c174be
add missing providers for vault test (#19465) 2026-03-10 15:51:50 +00:00
Jeffrey Holland
aefbbd4705
Add debouncing to setupOverlayOnField (#17860)
* Add debouncing to `setupOverlayOnField`

* add teardown of debounce to deleteCachedAutofillElement calls

---------

Co-authored-by: Jonathan Prusik <jprusik@classynemesis.com>
2026-03-10 11:46:17 -04:00
Nick Krantz
cae8799d11
[PM-33196] Web Vault Unit Tests (#19402)
* initial add of vault unit tests

* initial passing web vault test

* add unit tests for add/edit/clone ciphers
2026-03-10 09:35:24 -05:00
Daniel James Smith
bffc14b594
[PM-31198] Remove the hostname from serverCommunicationConfig as the cookieDomain can be used (#19445)
* Remove the hostname from serverCommunicationConfig as the cookieDomain can be used

* Fix types issue

---------

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2026-03-10 09:12:01 -05:00
Thomas Rittson
7943da240c
[PM-28488] Move event logging code to DIRT folders (#19336)
* Add re-exports from old locations to maintain backward compatibility
2026-03-10 14:58:06 +01:00
Will Martin
2c5db121a6
[CL-854] fix: add readonly to web-header component properties (#19459) 2026-03-10 12:16:09 +01:00
Oscar Hinton
b373e9c1ff
[PM-28754] [PM-28755] Cleanup desktop ui milestone 1 & 2 (#19081)
Removes feature flags for milestone 1 and 2 for desktop ui migration.
2026-03-10 12:02:23 +01:00
Bernd Schoolmann
b8206503b5
[PM-31049] Enable unlock via SDK (#18907)
* Add unlock service

* Move methods

* Prettier

* Fix type errors

* Prettier

* Fix test

* Fix module order

* Attempt to fix tests

* Use unlock service for unlocking

* Featureflag logic

* Add support for setting client managed state

* Add support for biometric unlock

* Add biometric unlock via SDK

* Prettier

* Cleanup CODEOWNERS

* Fix init with client managed state

* Backport biometric unlock and legacy master-key logic

* Add tests for biometrics

* Prettier

* Add biometric unlock to abstract unlock service

* Fix build

* tmp

* Fix tests

* Fix types

* Fix build

* Prettier

* Cleanup

* Fix import order

* Fix tests

* Eslint

* Fix tests

* Prettier

* Load feature flags before crypto init

* Prettier

* Clean up SDK config

* Prettier

* Fix eslint

* Prettier

* Update libs/key-management-ui/src/lock/components/master-password-lock/master-password-lock.component.ts

Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>

---------

Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
2026-03-10 11:47:04 +01:00
renovate[bot]
f3b4da0590
[deps] Platform: Update Rust crate sysinfo to v0.38.2 (#18882)
* [deps] Platform: Update Rust crate sysinfo to v0.38.2

* Add Wdk feature

* Use Wdk_System_SystemServices instead

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
2026-03-10 11:43:17 +01:00
Bernd Schoolmann
a412a47be7
Fix left-over ts5.9/ts7 incompatibility (#19388) 2026-03-10 06:26:17 -04:00
Will Martin
cc9a3ff4e4
[CL-854] refactor: update web header to use bit-header component (#17663)
Some checks failed
Scan / Check PR run (push) Has been cancelled
Testing / Run typechecking (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-browser junit:junit-browser.xml name:Browser paths:apps/browser bitwarden_license/bit-browser]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-cli junit:junit-cli.xml name:CLI paths:apps/cli bitwarden_license/bit-cli]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-desktop junit:junit-desktop.xml name:Desktop paths:apps/desktop]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-libs junit:junit-libs.xml name:Libs paths:libs bitwarden_license/bit-common]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-web junit:junit-web.xml name:Web paths:apps/web bitwarden_license/bit-web]) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (macos-14) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (ubuntu-22.04) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (windows-2022) (push) Has been cancelled
Testing / Rust Coverage (push) Has been cancelled
Scan / Checkmarx (push) Has been cancelled
Scan / Sonar (push) Has been cancelled
Testing / Upload to Codecov (push) Has been cancelled
Testing / Run tests (push) Has been cancelled
* feat: add bit-header component to component library

  Add new bit-header component to libs/components with:
  - Header component with left, center, and right content projection
  - Storybook stories for documentation
  - Export from component library index

* refactor: update web header to use bit-header component

  - Refactor web-header to use new bit-header component from libs/components
  - Extract account menu to separate component
  - Update header module to import HeaderComponent

* delete web-header stories

---------

Co-authored-by: Will Martin <wmartin@Wills-MBP.attlocal.net>
2026-03-09 18:12:26 -05:00
Jordan Aasen
fab31619d9
[PM-33201] - fix vault-filter with remove card type policy (#19404)
* fix vault-filter with remove card type policy

* add specs
2026-03-09 12:56:22 -07:00
Jordan Aasen
bc56d3a81e
truncate long item names to two lines (#19122) 2026-03-09 12:46:44 -07:00
Will Martin
5e90565a79
[CL-1063] add enforce-readonly-angular-properties ESLint rule (#19201)
* Add enforce-readonly-angular-properties ESLint rule
2026-03-09 10:26:42 -07:00
Stephon Brown
42d1ed1939
[PM-33061] Tax Id Should Show for Teams and Enterprise Plans When Upgrading (#19347)
* feat(billing): add taxId to upgrade organization request type

* feat(billing): implement tax ID validation for organization upgrades

* feat(billing): conditionally display tax ID field in upgrade form

* test(billing): add tax ID validation tests for organization upgrades

* fix(billing): PR feedback update

* fix(billing): remove tax id requirement for non-US billing

* test(billing): update tests for non-US billing address
2026-03-09 12:14:41 -05:00
Ben Brooks
c3c067865e
[pm-32250] fix: default to "No Folder" in cipher save prompt (#19342)
* [pm-32250] fix: default to "No Folder" in cipher save prompt
* [pm-32250] add tests for button-row.ts

---------

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
2026-03-09 09:58:34 -07:00
Jordan Aasen
1cece8123d
[PM-31704] - fix tab focus with filled search input (#19355)
* fix focus issue with search input

* fix search input focus after clearing
2026-03-09 09:37:34 -07:00
neuronull
918dfd8ac3
[BEEEP] Desktop Native simpler napi errors (#18824) 2026-03-09 10:30:20 -06:00
Jared
d18d55a316
[PM-32820] suspended icon for suspended orgs is not showing up in sidebar (#19296)
* refactor: Adjust icon placement in org-switcher and nav-group components

* Move icons from 'end' to 'start' slot in org-switcher component for better alignment.
* Add conditional rendering for content in the 'start' slot of nav-group component.

* feat: Add warning icon support to navigation components

* Introduce `warningIcon` and `warningIconLabel` inputs in nav-base component for customizable warning icons.
* Update org-switcher and nav-group components to utilize the new warning icon functionality.
* Implement conditional rendering of warning icons in nav-item component for better user feedback.

* Enhance org-switcher component by replacing warning icon logic with a dedicated bit-icon element for better accessibility. Also, import IconModule to support the new icon usage.

* Refactor navigation components to remove deprecated warning icon properties and enhance structure. Updated org-switcher to utilize a dedicated bit-icon for accessibility improvements.

* Enhance org-switcher component by adding a margin utility class for improved layout consistency. Clean up nav-group component by removing deprecated slot logic for better maintainability.
2026-03-09 12:18:23 -04:00
Jared
ecbab67b8b
Enhance MasterPassword policy handling in tests and service (#19350)
* Add tests to verify behavior when organizations do not use policies and when users are exempt as owners.
* Update service logic to correctly handle policy retrieval based on user type and organization settings.
2026-03-09 11:52:23 -04:00
Oscar Hinton
08f6ab58ee
Remove LooseComponentsModule (#19144) 2026-03-09 16:37:14 +01:00