* [CL-1046] Add no-bit-dialog-wrapper lint rule
Errors when <bit-dialog> or <bit-simple-dialog> appears inside any
parent HTML element. The dialog selector should be applied as an
attribute on the root element (e.g. <form bit-dialog>) so that the
form receives the dialog's height styling.
* Migrate admin console dialogs to new form pattern
Updates organization member, group, collection, provider, and domain verification dialogs to use <form bit-dialog> pattern following the component library updates.
* Migrate auth settings dialogs to new form pattern
Updates two-factor authentication, WebAuthn, and emergency access dialogs to use <form bit-dialog> pattern following the component library updates.
* Migrate Secrets Manager dialogs to new form pattern
Updates project, service account, access token, and secret dialogs to use <form bit-dialog> pattern following the component library updates.
* Migrate remaining dialogs to new form pattern
Applies the <form bit-dialog> / <form bit-simple-dialog> attribute selector
pattern to the rest of the codebase, satisfying the no-bit-dialog-wrapper
lint rule. 55 templates across auth, admin console, billing, vault,
key management, secrets manager, provider, dirt integrations, importer,
browser, and desktop apps.
* Migrate key rotation dialog to new form pattern
* [PM-37229] Add bwi-passport icon and wire it to the passport cipher type
* Fix icons:build script to compile style.css and avoid duplicate SCSS keys
* [PM-37229] Update passport cipher icon tests to expect bwi-passport
* Refactor password strength component for improved performance and readability
- Introduced ChangeDetectorRef to optimize rendering in response to input changes.
- Consolidated visual update logic into a separate method for clarity.
- Enhanced handling of password strength calculations and visual feedback.
- Ensured real-time updates for password strength in the input-password component.
* Enhance password strength component's ngOnChanges method for better performance
- Updated ngOnChanges to debounce rendering only for email or name changes, avoiding unnecessary renders for password updates.
- Improved clarity of the method by explicitly handling password changes.
* Update tests for PasswordStrengthV2Component to include email change handling
- Modified ngOnChanges test cases to simulate email changes using SimpleChange.
- Ensured that password score emissions are correctly tested when email input is updated.
* improve type safter for invite link, add allowed domains field, wire up local state
* clean up
* fix reactivity
* clean up
* wip
* fix 404 handling, remove redundant signal
* add shareReplay
* update tests
* fix tests
* fix template, state clearing, more guards, clean up
* clean up
* cache org link by ID
* clean up
* clean up
* fix copy
* clean up
* more clean up
* sdk managed state init
* tools user key encryptor using SDK crypto local user data key for encryption
* eslint
* sdk managed state init excluding CLI
* update sdk
* client managed state
* sdk upgrade
* broken browser extension build
* Added delete attachment from sdk to cipher sdk service
* Added to cipher service
* Added feature flag
* Updated dependencies and used delete attachment sdk on upload service
* Added response for the admin delete attachment operation
* Enhance policy service with accepted policies retrieval and update sync response structure
- Added `acceptedPolicies$` method to `PolicyService` for fetching policies from organizations where the user has an Accepted membership status.
- Updated `DefaultPolicyService` to implement the new `acceptedPolicies$` method.
- Modified `DefaultSyncService` to handle a new `policiesNew` property in the sync response, ensuring backward compatibility with existing `policies`.
- Updated `SyncResponse` class to include the new `policiesNew` property and its mapping logic.
* Add DefaultNewPolicyService and integrate into MainBackground and ServiceContainer
- Introduced DefaultNewPolicyService for managing new policy formats.
- Updated MainBackground and ServiceContainer to include newPolicyService.
- Adjusted sync logic in DefaultSyncService to handle new policies.
- Refactored policy service abstractions to accommodate new policy management.
- Added tests for new policy service integration.
* Add unit tests for DefaultNewPolicyService and enhance policy handling in DefaultPolicyService
- Introduced comprehensive tests for DefaultNewPolicyService, covering upsert and replace functionalities.
- Added tests to ensure correct filtering of policies based on organization status in DefaultPolicyService.
- Enhanced policy synchronization logic in DefaultSyncService to handle new policies effectively.
* Refactor NewPolicyService initialization and remove organization dependency
- Updated the instantiation of DefaultNewPolicyService in both MainBackground and ServiceContainer to only require StateProvider.
- Removed organizationService dependency from DefaultNewPolicyService and its related tests, simplifying the service's interface.
- Cleaned up unused code and tests related to organization policies, ensuring the service focuses solely on state management.
* Adds use of InternalNewPolicyService to same places InternalPolicyService syncs
* Refactor server notifications tests to include InternalNewPolicyService mock and update sync service to handle empty policy sources correctly.
* Refactor server notifications tests to import InternalNewPolicyService and InternalPolicyService from their respective paths, improving code clarity and organization.
* Update MainBackground and ServiceContainer to use InternalNewPolicyService, enhancing consistency in policy service implementation across the application.
* Add Collection Encryption Service and integrate into collection handling
- Introduced `CollectionEncryptionService` and its default implementation `DefaultCollectionEncryptionService` for handling collection encryption and decryption.
- Updated `DefaultCollectionService` to utilize the new encryption service based on feature flags.
- Refactored collection-related classes to support SDK-based encryption operations.
- Added necessary imports and updated service providers in Angular module for dependency injection.
- Enhanced collection models to support SDK format conversions for encryption tasks.
* Implement encryption functionality in CollectionEncryptionService
- Added `encrypt` method to `CollectionEncryptionService` for encrypting collection views.
- Updated `DefaultCollectionEncryptionService` to include the new `encrypt` method, ensuring proper handling of SDK encryption.
- Modified `DefaultCollectionService` to utilize the encryption service based on feature flags.
- Enhanced collection and collection view models to support SDK format conversions for encryption tasks.
* refactor(collections): Update collection decryption methods and handle encryption support
- Modified `fromSdkCollectionView` to include `sourceCollection` for preserving `defaultUserCollectionEmail`.
- Updated decryption methods in `DefaultCollectionEncryptionService` to pass the original collection.
- Marked `encrypt` method as unsupported in the SDK, directing users to the legacy key-service path.
- Removed SDK feature flag checks from `DefaultCollectionService`'s `encrypt` method.
* refactor(collections): Update feature flag for collection decryption to PM35153
- Changed references from PM34918CollectionEncryptionService to PM35153CollectionSdkDecryption in both service and test files.
- Adjusted the feature flag checks to align with the new decryption implementation.
* Implement collection encryption using SDK in DefaultCollectionEncryptionService
* Refactor collection decryption in DefaultCollectionEncryptionService to handle errors individually and improve logging
* Add polyfills for Symbol.dispose and Symbol.asyncDispose in test setup; add unit tests for DefaultCollectionEncryptionService and collection SDK mapping
* Refactor error handling in DefaultCollectionEncryptionService to throw errors instead of returning EMPTY, improving error propagation and logging consistency.
* Refactor collection decryption and enhance type mapping
- Updated the `decrypt` method in `default-collection-encryption.service.ts` to utilize `decryptMany` for improved error handling.
- Added exhaustive bidirectional mapping for `CollectionType` and `SdkCollectionType` in `collection.ts`.
- Enhanced tests in `collection-sdk-mapping.spec.ts` to verify roundtrip conversions for `CollectionTypes`.
- Adjusted `Collection` and `CollectionView` classes to use the new type mappings for SDK interactions.
* Refactor DefaultCollectionEncryptionService to use a more concise method for encrypting collections. Update collection-sdk-mapping tests to utilize SdkEncString for better type safety. Simplify NewItemNudgeComponent's logic for showing nudge spotlight based on cipher type, ensuring null checks are handled appropriately.
* Refactor NewItemNudgeComponent to use strict null checks for cipher type comparison, enhancing code clarity and consistency.
* Add bulk auto-confirm functionality for organization users
- Introduced methods to retrieve pending auto-confirm users and to bulk auto-confirm them in the OrganizationUserApiService.
- Added OrganizationUserPendingAutoConfirmResponse model to handle responses for pending auto-confirmation.
- Implemented logic in DefaultAutomaticUserConfirmationService to automatically confirm users who accepted their invitations while the admin was offline.
- Updated feature flags to enable bulk auto-confirmation on login.
These changes enhance the user management experience by streamlining the confirmation process for organization users.
* Enhance MainBackground class by adding authService, accountService, and configService dependencies to the constructor. This update improves service integration for background operations.
* Add bulk auto-confirm functionality on user login
- Implemented the `initBulkAutoConfirmOnLoginSweep` method in `DefaultAutomaticUserConfirmationService` to trigger bulk auto-confirmation for users transitioning from Locked to Unlocked status.
- Enhanced unit tests to verify the behavior of the sweep service under different authentication states.
- Updated the service to utilize `AuthenticationStatus` for improved state management during user confirmation processes.
These changes streamline the user confirmation workflow, ensuring timely processing of pending confirmations upon user login.
* Refactor DefaultAutomaticUserConfirmationService for improved user confirmation handling
- Updated the `initBulkAutoConfirmOnLoginSweep` method to utilize a set for tracking seen user IDs, preventing duplicate processing during user state transitions.
- Enhanced error handling in the bulk auto-confirmation process to gracefully manage transient errors.
- Introduced a new `resolveAutoConfirmOrg` method to streamline organization retrieval logic for user confirmation.
- Updated unit tests to reflect changes in the handling of account information and ensure correct behavior during user confirmation processes.
These modifications enhance the efficiency and reliability of the user confirmation workflow, particularly during login transitions.
* Update BulkAutoConfirmOnLogin feature flag value to reflect new implementation
* Enhance unit tests for DefaultAutomaticUserConfirmationService to validate feature flag behavior. Added checks to ensure subscriptions are not set up when the feature flag is disabled and confirmed correct behavior during user state transitions. Updated the `initBulkAutoConfirmOnLoginSweep` method to be asynchronous for proper feature flag handling.
Updates the `ssoRequiredCache` structure from `string[]` to `SsoRequiredCacheEntry[]`, which stores both the email and the webVaultUrl at the time of a successful SSO login.
This change was necessary because the previous `string[]` structure only stored email strings, but if a user used the same email to create an account on multiple different environments — where one account was required to use SSO and the other was not — then Extension and Desktop would fail to distinguish between these two accounts. Extension/Desktop would simply see that the email is in the cache, and then disable alternate login buttons any time that email was entered, regardless of environment (i.e. regardless of whether the user was truly required to use SSO.)
The new `SsoRequiredCacheEntry[]` format allows us to distinguish between accounts that have the same email, but are created on different environments and therefore might have dissimilar SSO Required policies applied.
* Add devclarity commands
* added doc and skills
* Added cipher type skill
* Refined the cipher type skills a bit
* core models and enum
* Wire BankAccount into cipher container classes
* Add BankAccount icon(incomplete), vault filters, and shared UI components
* Localization keys
* Add BankAccount into web vault UI
* Add BankAccount into browser extension UI
* Add BankAccount into desktop vault UI
* Add BankAccount support to CLI
* copy actions
* Remove .claude/commands files from branch
* Updated to match vault/PM-32687-cipher-type-skill
* update bank account copy options on web
* add copy options for bank account on browser
* update bank account copy fields for both versions of the vault
* update `hasBankAccount` logic to consider all fields
* add PIN and Account Number to protected fields for reprompt service
* update bank account section to have readonly properties
* localize bank account view - account type
* remove duplicate import
* add events for bank account
* migrate form field to use content children to allow for OnPush consumers to update fields
* fix strict typings
* fix failing tests from bank account changes
* display all bank account details for the cli
* add bank icon
* add copy option for iban
* remove bank account from cipher menu
* update bank account implementation based on main
* address local claude feedback
* address the fixme
* local code review changes
* update SDK and fix BankAccount adjacent typings
* make IBAN and SWIFT fields hidden by default
* clean up encrypted string tests
* add IBAN and Swift to protected fields
* fix test
* add BankAccount to cipher-types.md
* remove filtering for cli commands
---------
Co-authored-by: Patrick Honkonen <phonkonen@bitwarden.com>
Co-authored-by: Nick Krantz <nick@livefront.com>
Co-authored-by: Nick Krantz <125900171+nick-livefront@users.noreply.github.com>
* [CL-1033] Migrate billing CTAs to new icon API
Migrates buttons and links in billing components (browser, web, libs) to use the new icon API.
* add back broken loading behavior
* add back variable removed in error
---------
Co-authored-by: Vicki League <vleague@bitwarden.com>
* [PM-34210] Move DeviceManagementComponentService provider to JslibServicesModule
The provider was incorrectly registered only in the web app's core.module.ts.
Moving it to JslibServicesModule makes it available to all clients (web, desktop,
CLI) without each needing to register it explicitly. Browser extension keeps its
own ExtensionDeviceManagementComponentService override which takes DI precedence.
* [PM-34210] Add pm-34210-desktop-add-devices feature flag
Adds the PM34210_DesktopAddDevices flag to gate the new Devices menu item
on the desktop Account menu. Defaults to true locally for development.
* [PM-34210] Add desktop device management dialog, service, and translations
- Adds DeviceManagementDialogComponent as a temporary dialog wrapper around
the shared DeviceManagementComponent, matching the ChangePasswordDialog pattern
- Adds DesktopDeviceManagementComponentService with showHeaderInformation=false
since the dialog provides its own header via bit-dialog
- Registers the desktop service in services.module.ts to override the jslib default
- Adds 13 missing device management i18n keys to the desktop en/messages.json
* [PM-34210] Add Devices item to desktop Account menu
Wires the feature-flagged Devices menu item into the desktop Electron Account
menu, positioned after Change Password. When clicked, sends openDevicesDialog
to the renderer which opens DeviceManagementDialogComponent via DialogService.
* Move device-management dialog on desktop to correct auth owned file.
* PM-34210 - Update all TODOs with proper ticket
* PM-34210 - Feature flag - don't check in true. duh
* PM-34210 - clean up incorrect todo
* PM-34210 - Fix desktop auth request answering service not including auth request id so that the device management page can upsert the device w/ the pending auth request.
* PM-34210 - Per PR feedback clean up dialog component of unused stuff.
* PM-34210 - Add new translations for devices screen to desktop
* PM-34506 - Extract LoginStrategyCacheService as single owner of mid-auth cache state
* PM-34506 - Refactor LoginStrategySessionTimeoutService: inject cache service, add MessageListener, expose abstraction
* PM-34506 - Remove cache state and timer logic from LoginStrategyService, delegate to collaborating services
* PM-34506 - Register LoginStrategyCacheService and LoginStrategySessionTimeoutService in all client DI contexts
* PM-34506 - Components read loginSessionTimeout$ from LoginStrategySessionTimeoutServiceAbstraction
* PM-34506 - Add tests for null cache, and non-API error cache-clear paths in LoginStrategyService
* PM-34506 - Add sessionTimeout test for logInNewDeviceVerification with no cached session
* PM-34506 - Rename abstractions to follow Default prefix convention (no Abstraction suffix)
* PM-34506 - Use fake timers in startSessionTimeout test to eliminate flaky date assertion
* PM-34506 - Move registerTaskHandler into DefaultLoginStrategySessionTimeoutService constructor, remove registerSessionTimeoutTask
* PM-34506 - PR feedback - DefaultLoginStrategySessionTimeoutService - make cache clear more resilient.
* PM-34506 - 2FA Auth Comp - fix tests
* PM-34506 - rename login strategy default service files to include default- prefix
Aligns file names with class names and the established codebase convention where
default implementations are prefixed with `default-` (e.g. default-logout.service.ts).
* PM-34506 - TEMP - Default Login Strategy Session Timeout - adjust to 30 seconds to make QA's life easier.
* PM-34506 - DefaultLoginStrategySessionTimeoutService - revert temp change and set LOGIN_SESSION_TIMEOUT_LENGTH back to 5 min
* Bump jest packages
jest is a transient dependency of ts-jest but because angular-devkit/build-angular drags in an older version of jest, we have to add jest 30.3.0 to our dependencies
* Fix some typescript issues due to stricter types on mockImplementation
* Update guide link in snapshots
* Fix jest-environment paths
* Fix typescript linting errors
* Address typescript errors due stricter mockImplementation
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* [PM-31438] Add save edits dialog to web vault Send page
* Fix Access Intelligence component
* Match design spec, address PR comment
* Fix lint problem
* Lots of lint fixes
* Test fix, add change lost during merge conflict
* Change close methods return type to DialogCloseRef
* Fix Dialog types
* One more type fix
* Address QA findings, fix problems from merge
* A couple of build fixes
* Address AI review comments
* Fix desktop build and lint
* PM-4659 - Refactor DeviceView and add lastActivityDate to DeviceResponse
Adds lastActivityDate (nullable) to DeviceResponse for backwards compatibility
with older server versions. Cleans up DeviceView by removing the response
sub-property escape hatch and declaring all properties directly on the view.
* PM-4659 - Add PM4516_DevicesLastActivityDate feature flag
Adds feature flag and its DefaultFeatureFlagValue entry (defaults to false).
* PM-4659 - Refactor sort utils: rename, restructure, and add sortDevicesWithActivity
Renames resort-devices.helper.ts to utils/device-sort.utils.ts and renames all
functions (resort → sort). Adds sortDevicesWithActivity with the new sort order:
current session → pending requests → most recently active → first login fallback.
Adds full test coverage for all three exported functions.
* PM-4659 - Add recently active display to device management
Adds 'Recently active' column/row to the device management table and item group
views, gated on the PM4516_DevicesLastActivityDate feature flag. Includes a pure
getDeviceLastActivityDateI18nKey utility that maps last activity dates to i18n
keys using calendar-day comparison in the user's local timezone (Math.round for
DST safety). Adds i18n keys for all activity buckets to web and browser locales.
* PM-4659 - DeviceManagement - split into two sections to play around with refactoring the layout.
* PM-4659 - DeviceManagementItemGroupComp - refactor to meet figma better
* PM-4659 - DeviceManagementTable - fix recent activity sort.
* PM-4659 - Device Management Item Group Comp - add missing margin top
* PM-4659 - Add tech debt todo for device sort
* PM-4659 - Guard against future lastActivityDate due to server clock skew
* PM-4659 - DeviceManagment - RecentActivitySort updated to separate func, updated logic per dicussion with product, and wrote tests for the sort.
* PM-4659 - Tiny clean up items
* PM-4659 - Device Sort - recentlyActiveSortFn - update docs
* PM-4659 - Upsert lastActivityDate and recentlyActiveText when pending auth request arrives for known device
* PM-4659 - Reset table sort to default when a pending auth request arrives
* PM-4659 - getDeviceLastActivityDateI18nKey - add more test scenarios
* PM-4659 - Update recentlyActive i18n keys and messages to use explicit rolling-window labels (Past 7/14/30 days)
* PM-4659 - Show isTrusted status for pending auth request devices in showRecentlyActive block
* create the FillAssistTargetingRules feature flag
* create TargetingRulesService
* move TargetingRulesService functionality into DomainSettingsService
* use targeting rules to qualify relevant fields
* add user autofill settings toggle for Fill Assist feature
* add feature flag check to getTargetingRulesForUrl
* add TargetingRulesDataService to update local state from data source
* enable the server to specify an override URI for targeting rules data
* add working data shape
* update data shape
* update logic to match new data shape expectations
* switch from hostname to host to support port inclusions
* add resource cache-buster
* do not update meta timestamp on resource fetch failure
* consolidate email and password update category to account update
* update targeting rules maps consumer logic
* add tests
* add support for host unicode key lookup
* cleanup
* address missing www-prefixed punycode URI case handling
* reduce targeting rules data fetching interval to 6 hours
* add punycode overflow guard and other edges
* cleanup
* add state handling for environment switching
* move constants
* update logic to match provider changes
* codify targeting rules form category requirement
* remove targeting rules totp implementation
* refactor targeting rules storage to key off resource domain
* use constants instead of string literals in cipher to field mapping
* add some basic schema validation
* Move DeleteAccountDialogComponent from web to libs/auth/angular
Export via libs/auth/angular barrel file
Replace imports from web's SharedModule by direct imports
Update import of UserVerificationFormInputComponent
Add eslint ignore to imports from bitwarden/components
* Use new DeleteAccountDialogComponent on desktop
* Delete desktop specific DeleteAccountComponent and UserVerificationComponent
* Move DeleteAccountDialogComponent from libs/auth/angular to libs/angular/auth
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
* Run side-effects in sdk unlock service
* Revert feature flag
* Tests and fix cli
* Set user ever had user key and add comment
* Update sdk
* Prettier
* Cleanup
* Only set biometric unlock when biometric enabled
* Clean up tests
* Fix DI
* Cleanup
* Cleanup
* Prettier
* Add test coverage and rename
* Cleanup tests
* Prettier
* Cleanup
* Refactor: Remove ConfigService dependency from auto-confirm related components
- Eliminated ConfigService from MainBackground, AutoConfirmPolicy, UserLayoutComponent, WebVaultPromptService, and organizationPolicyGuard.
- Updated logic to directly use organization properties instead of feature flags for auto-confirm functionality.
- Adjusted tests in DefaultAutomaticUserConfirmationService to reflect the removal of feature flag checks.
- Cleaned up unused imports related to ConfigService across various files.
* Refactor: Update date handling in tests and remove unused feature flag checks
- Changed date calculation in WebVaultExtensionPromptService tests to use milliseconds for accuracy.
- Removed unused feature flag checks from WebVaultPromptService tests, simplifying the logic and improving clarity.
* Refactor: Update organizationPolicyGuard to include ConfigService in feature callback
- Modified the organizationPolicyGuard to accept ConfigService as an additional parameter in the feature callback.
- Adjusted the SendComponent route to align with the updated guard implementation.
* Fix: Adjust date calculation in WebVaultExtensionPromptService tests for accuracy
- Updated the test to set the exact date to 30 days prior using setDate method for clarity and to avoid potential issues with DST boundaries.
* allow consumers of upload service to input block size
* implement progress bar for cipher attachment uploads
* refactor to use a constant for available block sizes
* rework tests to use AzureUploadBlockSize
* update cipher attachments to ensure 100% is shown for all attachments
* do not allocate real memory in test
* update file uploads to use `XMLHttpRequest` when possible to track progress
* remove unused block size
* update tests + make options optional
* fix unit tests to align with single block approach
* add optional chaining for optional parameter
* remove duplicate import
* catch error from xhr send
* remove redundant try/catch block
* use if/else syntax in attachment template
* add `applyPlatformHeaders` to consolidate header creations between methods.
* add feature flag for file upload changes for progress
* update constructor parameters
* only pass object when feature flag is enabled
