Commit Graph

2741 Commits

Author SHA1 Message Date
Nick Krantz
2d702e0eac
[PM-32661] Update Transfer Items Dialog (#19498)
* refactor decline and leave to be a link button rather than a secondary button

* update supporting text for transfer dialog

* add aria-label for learn more link
2026-03-11 16:19:09 -05:00
Daniel Riera
25dda0c78c
[PM-29528]Remove @ts-strict-ignore in autofill.service.ts (#19032)
* [PM-29528]Remove @ts-strict-ignore in autofill.service.ts

* remove redundant explicit checks

* implement a discriminated union to account for forms with no username

* add reducer and move up const for field opid

* Update apps/browser/src/autofill/services/autofill.service.ts

Co-authored-by: Jonathan Prusik <jprusik@users.noreply.github.com>

* revert suggestion

---------

Co-authored-by: Jonathan Prusik <jprusik@users.noreply.github.com>
2026-03-11 10:36:38 -04:00
Daniel Riera
cd2b708982
[PM-29526]Remove ts strict ignore in settings autofill component (#19012)
* remove ts strict

* explicit null check on handleAdvanceMatch

* handle null appropriately in uriMatchOptions

* add explicit null checks

* clean up code

* Update autofill.component.ts
2026-03-11 10:21:32 -04:00
Andreas Coroiu
35d25b7f8e
[PM-24047] Make popout windows respect vault timeout when unfocused (#19019)
* PM-24047: Make popout windows respect vault timeout when unfocused

Replace the heartbeat message-passing mechanism for popup detection
with direct browser API queries (getContexts on MV3, getExtensionViews
on MV2/Safari) that can distinguish focused from unfocused popout
windows. Unfocused popout windows no longer prevent vault timeout.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* PM-24047: Add isAnyViewFocused(), revert isPopupOpen() to simple popup detection

Addresses PR review feedback by separating focus-aware logic from the
isPopupOpen() semantics, which other callers depend on for simple
popup detection:

- BrowserApi.isPopupOpen(): reverted to return views.length > 0 for
  popup-type views only (original behavior)
- BrowserApi.isAnyViewFocused(): new method that checks popup views
  (always focused), sidebar tab views (always focused), and popout
  tab views (focused only if document.hasFocus() is true)
- BrowserPlatformUtilsService.isPopupOpen(): simplified MV3 path
  uses getContexts({ contextTypes: ['POPUP'] })
- BrowserPlatformUtilsService.isAnyViewFocused(): new method with
  MV3 (POPUP/SIDE_PANEL/focused TAB) and MV2/Safari paths
- PlatformUtilsService: adds isAnyViewFocused() to the interface
- Web/Desktop/CLI stubs return false (no popout windows)
- VaultTimeoutService now calls isAnyViewFocused() instead of
  isPopupOpen() so unfocused popouts don't block vault timeout

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Move MV3/MV2 routing into BrowserApi

isPopupOpen() and isAnyViewFocused() now use feature detection for
chrome.runtime.getContexts to select the right API internally,
rather than having the routing in BrowserPlatformUtilsService.
This means BrowserApi is the single owner of view-detection logic,
and the service methods are simple one-line delegations.

Using typeof getContexts === "function" rather than isManifestVersion()
handles Safari naturally: if Safari doesn't support getContexts it
falls back to getExtensionViews, without needing an explicit isSafari()
exclusion.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Scope MV3/MV2 routing refactor to isAnyViewFocused only

isPopupOpen() keeps its existing pattern (MV3/MV2 routing in the
service, simple getExtensionViews in BrowserApi) to avoid touching
unrelated code. Only isAnyViewFocused() has its routing moved into
BrowserApi via feature detection.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Restore isPopupOpen to main branch implementation

isPopupOpen() and its tests are restored exactly to the main branch
version (heartbeat-based approach). Only isAnyViewFocused is new code.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Refactor isPopupOpen() to use getContexts/getViews instead of heartbeat

Replaces the message-passing heartbeat approach with the same
chrome.runtime.getContexts() (MV3) / chrome.extension.getViews() (MV2/Safari)
introspection pattern used by isAnyViewFocused(). This eliminates the need
for a heartbeat listener in the popup and makes both methods consistent.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Simplify isAnyViewFocused() using Array.some()

Collapse the two separate POPUP/SIDE_PANEL checks into a single .some()
call, and replace the synchronous MV2/Safari tab view loop with .some().
The async TAB/popout window check stays as a for loop.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: improve tabs loop readability somewhat

* PM-24047: Fix MV3 popout focus check using wrong uilocation filter

The TAB context filter was checking for `uilocation=sidebar` instead of
`uilocation=popout`. In MV3, sidebars are SIDE_PANEL contexts (already
handled above), so this filter never matched, causing focused popout
windows to be silently ignored and the vault to timeout while a user was
actively viewing one.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Rename isViewOpen to isViewFocused for semantic accuracy

The variable and parameter previously named isViewOpen reflected
the old "is any view open?" semantics. After the refactor to
isAnyViewFocused(), the naming is updated to match the actual
behavior: checking whether a view is focused, not merely open.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-03-11 14:10:32 +01:00
Daniel Riera
628d155498
[PM-29521]Remove ts strict ignore in fido 2 background (#19473)
* [PM-29521]Remove @ts-strict-ignore in fido2.background.ts

* reduce expanded pattern used while testing

* Update apps/browser/src/autofill/fido2/background/fido2.background.ts

Co-authored-by: Jonathan Prusik <jprusik@users.noreply.github.com>

* account for slash or colon on local host

* fix lint format

---------

Co-authored-by: Jonathan Prusik <jprusik@users.noreply.github.com>
2026-03-11 08:10:11 -04:00
bmbitwarden
8108a09701
PM-31202 implmeneted password modal menu (#18829)
* PM-31202 implmeneted password modal menu

* PM-31202 resolved lint issues

* PM-31202 included password generator inside navigation container for browser

* PM-31202 resolved lint issue

* PM-31202 resolved pr comments

---------

Co-authored-by: John Harrington <84741727+harr1424@users.noreply.github.com>
2026-03-10 19:26:49 -04:00
Daniel Riera
a1c0c6fac3
[PM-29529]Remove @ts-strict-ignore in background-notification.background.ts (#18850)
* [PM-29529]Remove @ts-strict-ignore in background-notification.background.ts

* address feedback

* explicit check in container to match notification bg
2026-03-10 14:43:48 -05:00
Thomas Avery
c842f76539
[PM-27297] Remove ConsolidatedSessionTimeoutComponent feature flag (#18616)
* Remove flag

* Remove legacy components

* Update unit tests

* update messages json
2026-03-10 13:09:35 -05:00
Brad
11a5c662de
[PM-29841] Account Security page: fix flickering form values (#19272)
* add loading state until form values are provided
2026-03-10 09:05:32 -07:00
Jeffrey Holland
aefbbd4705
Add debouncing to setupOverlayOnField (#17860)
* Add debouncing to `setupOverlayOnField`

* add teardown of debounce to deleteCachedAutofillElement calls

---------

Co-authored-by: Jonathan Prusik <jprusik@classynemesis.com>
2026-03-10 11:46:17 -04:00
Will Martin
5e90565a79
[CL-1063] add enforce-readonly-angular-properties ESLint rule (#19201)
* Add enforce-readonly-angular-properties ESLint rule
2026-03-09 10:26:42 -07:00
Ben Brooks
c3c067865e
[pm-32250] fix: default to "No Folder" in cipher save prompt (#19342)
* [pm-32250] fix: default to "No Folder" in cipher save prompt
* [pm-32250] add tests for button-row.ts

---------

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
2026-03-09 09:58:34 -07:00
bw-ghapp[bot]
c5e8f7fb44
Autosync the updated translations (#19443)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2026-03-09 02:20:30 -05:00
blackwood
f9dff532a6
Improve/optimize autofill collection for SPAs and nested shadow DOM (#18051)
Some checks failed
Scan / Check PR run (push) Has been cancelled
Testing / Run typechecking (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-browser junit:junit-browser.xml name:Browser paths:apps/browser bitwarden_license/bit-browser]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-cli junit:junit-cli.xml name:CLI paths:apps/cli bitwarden_license/bit-cli]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-desktop junit:junit-desktop.xml name:Desktop paths:apps/desktop]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-libs junit:junit-libs.xml name:Libs paths:libs bitwarden_license/bit-common]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-web junit:junit-web.xml name:Web paths:apps/web bitwarden_license/bit-web]) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (macos-14) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (ubuntu-22.04) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (windows-2022) (push) Has been cancelled
Testing / Rust Coverage (push) Has been cancelled
Scan / Checkmarx (push) Has been cancelled
Scan / Sonar (push) Has been cancelled
Testing / Upload to Codecov (push) Has been cancelled
Testing / Run tests (push) Has been cancelled
2026-03-06 12:03:23 -05:00
Thomas Avery
bb5ed04470
[PM-31630] Fix native messaging state management (#18987)
* Fix native messaging state management

* Add unit tests
2026-03-06 09:59:41 -06:00
Jonathan Prusik
364e9b3054
add credentialless attribute to injected iframes (#19286) 2026-03-06 10:14:56 -05:00
Maciej Zieniuk
d08d8743be
[PM-20372] Clear master password unlock state on Key Connector migration (#18485)
* clear master password unlock state on Key Connector migration

* missing dependency

* missing dependency

* types fix
2026-03-06 15:38:14 +01:00
bw-ghapp[bot]
3d6dec816c
Autosync the updated translations (#19410)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2026-03-06 08:31:44 +00:00
Jason Ng
0e4f9ee65b
[PM-33155] add spec for at-risk-password-callout component in browser (#19381) 2026-03-05 10:01:25 -05:00
Daniel James Smith
b932ae04fd
Remove unused ColorPasswordCountPipe and ColorPasswordPipe (#19345)
With the replacement of the vault cipher view and add-edit views on the desktop client, we no longer require the ColorPasswordCountPipe or the ColorPasswordPipe, as these are now handled by the ColorPasswordComponent from the Bitwarden component library

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2026-03-05 08:56:31 +01:00
Bernd Schoolmann
944b3ffdc2
[PM-31406] fix: TypeScript 5.9 type compatibility fixes for auth-owned code (#19187)
* fix: add TypeScript 5.9 type compatibility fixes for auth-owned code

Add explicit `as BufferSource` casts and `Uint8Array` wrapping to satisfy
stricter type checking in TypeScript 5.9. Non-functional changes.

* Fix type errors

* Fix test

* Fix tests

* Fix typing in auth tests

* Also change unlock service to uint8array<arraybuffer>

* Fix types

* Prettier

* Apply fixes for jest spy type
2026-03-04 19:12:44 -07:00
Andy Pixley
e1078a00fa
[BRE-1530] Updating certificate name from 8bit to Bitwarden (#19380) 2026-03-04 16:16:12 -05:00
Nick Krantz
caa6b85f0e
[PM-33060][PM-33078] Autofill Notification Cleanup (#19349)
* only shown autofill notification when there are autofill ciphers present

* refactor to use @if syntax

* add unit tests

* make autofill icon larger

* formatting

* remove multiple subscriptions on showEmptyAutofillTip$
2026-03-04 15:09:14 -06:00
Daniel James Smith
9ed87a4166
Remove gitter chat badges from READMEs (#19368)
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2026-03-04 16:33:27 +00:00
Vicki League
9b474c5690
[CL-695] Combine display of CL and autofill storybooks (#18404) 2026-03-04 09:45:53 -05:00
Brandon Treston
5ae9a2048b
[PM-33077] Add missing myItems key (#19348)
* add missing myItems key

* fix capitalization
2026-03-04 09:38:57 -05:00
bw-ghapp[bot]
99725a43f2
Autosync the updated translations (#19270)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2026-03-03 09:44:19 +01:00
Jackson Engstrom
52c551c0fe
[PM-24439] Updates download qr code and buttons to fixed size/width (#18690)
* updates download qr code and buttons to fixed size/width

* updates qr code width to 110px

* adds line break between download description and link
2026-03-02 09:14:35 -08:00
Brandon Treston
27e8f94dfa
[PM-32861] Log event from first time dialog (#19284)
* log event from first time dialog

* fix test

* add missing provider for test
2026-03-02 11:35:45 -05:00
✨ Audrey ✨
c2d12821cc
generate sourcemaps for mv3 background.js (#19227) 2026-03-02 10:15:29 -05:00
Bernd Schoolmann
dc772c22f7
[PM-31406] fix: TypeScript 5.9 type compatibility fixes for fido2 & platform-owned code (#19188)
* fix: TypeScript 5.9 type compatibility fixes for platform-owned code

Add explicit `as BufferSource` casts and `Uint8Array` wrapping to satisfy
stricter type checking in TypeScript 5.9. Non-functional changes.

* Fix fido2 issues

* Fix another type error

* Fix another type error
2026-02-27 10:59:52 +01:00
Oscar Hinton
6b326a5fd0
[CL-1051] Generic closeOnNavigation for drawers (#19031)
Exposes closeOnNavigation from cdk config and implements a drawer close solution on navigation. More complex scenarios may still require custom handling.

DialogService is referenced in imported components in some tests meaning we need to use overrideProvider rather than providers.
2026-02-26 17:44:49 +01:00
Jordan Aasen
298b174921
[PM-31192] - [Defect] Deleting item -Scroll does not persist when returning to Vault tab (#19160)
* fix scroll after deletion

* fix tests

* fix comment
2026-02-25 14:23:54 -08:00
Bernd Schoolmann
cf7f9cfc7e
[BEEEP|PM-32521] Remove compare key hash and move to proof of decryption (#19101)
* Remove compare key hash and move to proof of decryption

* Fix cli build

* Fix mv2

* Fix provider

* Prettier
2026-02-25 17:02:04 +01:00
Alex Morask
b964cfc8e4
[PM-32612] Only show subscription menu option when premium user has subscription (#19209)
* fix(billing): only show Subscription menu option when premium user has subscription

* fix(billing): missed state service invocation changes
2026-02-25 08:25:24 -06:00
Nick Krantz
0a1baa7e42
[PM-31060] Product Update Notification (#19027)
* add feature flag

* temp

* add ping animation with filled info icon

* add ping animation to stop after 4 goes around

* add local state for autofill-icon

* add logic to avoid new accounts

* fix closing of popover

* fix strict typings

* remove `creationDate` logic from being considered for autofill notification

* remove "now," from the autofill description

* remove height and width in the svg
2026-02-24 13:42:45 -06:00
John Harrington
1e2ce42437
[PM-30127] [Defect] Automatic pop out is not necessary when editing a file send (#19111)
* relax popout requirement on file type Send edit

* remove popout req for text sends on firefox and safari & adjust test coverage
2026-02-24 07:32:14 -07:00
Thomas Avery
672a6026e3
[PM-27331] Update the sdk service to use accountCryptographicState (#18274)
* Update the sdk service to use accountCryptographicState
2026-02-23 12:23:37 -06:00
Jared Snider
3782e328e1
refactor(Auth-Font-Icons): [Auth/PM-31804] Migrate auth font icons to use bit-icon (#18816)
* PM-31804 - WIP

* PM-31804 - Profile Component - fix missing translation

* PM-31804 - Web - Emergency Access Takeover Dialog Comp - remove screen reader only span as arialabel on spinner should be sufficient

* PM-31804 - Web - EmergencyAccessViewComp - remove redundant span as aria label handles accessibility.

* PM-31804 - Web - EmergencyAccessViewComp - Remove redundant sr only span - replaced w/ aria label

* PM-31804 - Web - EmergencyAccessViewComp - Remove redundant sr only span - replaced w/ aria label

* PM-31804 - EmergencyAccessComp - Replace redundant sr only span with aria label

* PM-31804 - two-factor-setup.component.html - Replace redundant sr only spans with aria labels

* PM-31804 - WebauthnLoginSettingsModule - remove unnecessary IconModule - it's imported via SharedModule

* PM-31804 - web - emergency-access.component.html - Replace redundant sr only span with aria label

* PM-31804 - LoginDecryptionOptionsComponent - Replace redundant sr only span with aria label

* PM-31804 - ChangePasswordComp - Replace redundant sr only span with aria label

* PM-31804 - AccountComponent - add BitwardenIcon type to satisfy template type requirements for name property.

* PM-31804 - Browser Account Security Component - replace nonexistent chevron icon with existing angle right icon.

* PM-31804 - Fix A11y issues with missing aria labels

* PM-31804 - Remove remaining redundant sr only spans since we now have aria labels
2026-02-23 10:42:02 -05:00
bitwarden-devops-bot
e6c4998b7c
Bumped client version(s)
Some checks failed
Chromatic / Check PR run (push) Has been cancelled
Scan / Check PR run (push) Has been cancelled
Testing / Run typechecking (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-browser junit:junit-browser.xml name:Browser paths:apps/browser bitwarden_license/bit-browser]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-cli junit:junit-cli.xml name:CLI paths:apps/cli bitwarden_license/bit-cli]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-desktop junit:junit-desktop.xml name:Desktop paths:apps/desktop]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-libs junit:junit-libs.xml name:Libs paths:libs bitwarden_license/bit-common]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-web junit:junit-web.xml name:Web paths:apps/web bitwarden_license/bit-web]) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (macos-14) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (ubuntu-22.04) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (windows-2022) (push) Has been cancelled
Testing / Rust Coverage (push) Has been cancelled
Chromatic / Chromatic (push) Has been cancelled
Scan / Checkmarx (push) Has been cancelled
Scan / Sonar (push) Has been cancelled
Testing / Upload to Codecov (push) Has been cancelled
Testing / Run tests (push) Has been cancelled
2026-02-23 11:48:40 +00:00
bw-ghapp[bot]
a90d74c32c
Autosync the updated translations (#19130)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2026-02-23 04:35:06 -06:00
Jackson Engstrom
ef7df6b841
[PM-30521] Add Autofill button to View Login screen for extension (#18766)
* adds autofill button for cipher view

* adds tests

* changes autofill function for non login types

* adds top margin to autofill button

* adds more top margin to autofill button

* only shows autofill button when autofill is allowed (not in a popout)

* add button type

* updates _domainMatched to take a tab param, updates how the component is passed through to slot

* fixes tests from rename

* adds comment about autofill tab checking behavior

* removes diff markers
2026-02-20 14:28:54 -08:00
Jonathan Prusik
aa4eac7d40
do not show passkey dialog and notifications at the same time (#18878) 2026-02-20 10:01:04 -05:00
bw-ghapp[bot]
2f6a5133f8
Autosync the updated translations (#19094)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2026-02-20 13:24:40 +01:00
Jordan Aasen
46a2af38a0
[PM-31974] - Vault Welcome dialog (#18960)
* premium upgrade prompt and onboarding dialog

* finalize onboard vault dialog

* vault welcome dialog no ext

* finish welcome dialog prompt

* revert changes to unified upgrade prompt service

* rename component

* rename feature flag

* add welcome dialog service

* fix tests

* fix footer position in welcome dialog

* present dialog in order

* fix tests

* fix padding
2026-02-19 09:29:54 -08:00
Brandon Treston
c8ba23e28d
[PM-26378] Auto confirm events (#19025)
* add notification handler for auto confirm

* add missing state check

* fix test

* isolate angular specific code from shared lib code

* clean up

* use autoconfirm method

* add event logging for auto confirm

* update copy
2026-02-19 09:57:52 -05:00
✨ Audrey ✨
e66a1f37b5
Extract urlOriginsMatch utility and refactor senderIsInternal (#19076)
Adds urlOriginsMatch to @bitwarden/platform, which compares two URLs by
scheme, host, and port. Uses `protocol + "//" + host` rather than
`URL.origin` because non-special schemes (e.g. chrome-extension://)
return the opaque string "null" from .origin, making equality comparison
unreliable. URLs without a host (file:, data:) are explicitly rejected
to prevent hostless schemes from comparing equal.

Refactors senderIsInternal to delegate to urlOriginsMatch and to derive
the extension URL via BrowserApi.getRuntimeURL("") rather than inline
chrome/browser API detection. Adds full test coverage for
senderIsInternal.

The previous string-based comparison used startsWith after stripping
trailing slashes, which was safe in senderIsInternal where inputs are
tightly constrained. As a general utility accepting arbitrary URLs,
startsWith can produce false positives (e.g. "https://example.com"
matching "https://example.com.evil.com"). Structural host comparison
is the correct contract for unrestricted input.
2026-02-19 08:45:24 -05:00
Jackson Engstrom
d1250cf5a4
[PM-26704] Vault List Item Ordering for Extension (#18853)
* shows all/filtered ciphers in allItems instead of the ones that haven't been bubbled up into autofill or favorites

* removes remainingCiphers$ remnants

* updates loading$ observable logic

* updates loading$ test
2026-02-18 14:34:17 -08:00
John Harrington
f8b5e15a44
[PM-31731] [Defect] No error is returned when entering an invalid email + an invalid verification code (#18913)
* share i18n key for both invalid email and invalid otp submission

* claude review
2026-02-18 14:08:57 -08:00
John Harrington
263ec94124
[PM-32161] Remove all emails when email list field is cleared and send is saved (#18959)
* add new validation criteria to prevent authType.Email with an empty emails field

* simplify validation logic
2026-02-18 14:59:34 -07:00