Commit Graph

295 Commits

Author SHA1 Message Date
Jared Snider
76e0ee1b33
Auth/Innovation/PM-4659 - Device Management - Add Last Activity Date (#19784)
* PM-4659 - Refactor DeviceView and add lastActivityDate to DeviceResponse

Adds lastActivityDate (nullable) to DeviceResponse for backwards compatibility
with older server versions. Cleans up DeviceView by removing the response
sub-property escape hatch and declaring all properties directly on the view.

* PM-4659 - Add PM4516_DevicesLastActivityDate feature flag

Adds feature flag and its DefaultFeatureFlagValue entry (defaults to false).

* PM-4659 - Refactor sort utils: rename, restructure, and add sortDevicesWithActivity

Renames resort-devices.helper.ts to utils/device-sort.utils.ts and renames all
functions (resort → sort). Adds sortDevicesWithActivity with the new sort order:
current session → pending requests → most recently active → first login fallback.
Adds full test coverage for all three exported functions.

* PM-4659 - Add recently active display to device management

Adds 'Recently active' column/row to the device management table and item group
views, gated on the PM4516_DevicesLastActivityDate feature flag. Includes a pure
getDeviceLastActivityDateI18nKey utility that maps last activity dates to i18n
keys using calendar-day comparison in the user's local timezone (Math.round for
DST safety). Adds i18n keys for all activity buckets to web and browser locales.

* PM-4659 - DeviceManagement - split into two sections to play around with refactoring the layout.

* PM-4659 - DeviceManagementItemGroupComp - refactor to meet figma better

* PM-4659 - DeviceManagementTable - fix recent activity sort.

* PM-4659 - Device Management Item Group Comp - add missing margin top

* PM-4659 - Add tech debt todo for device sort

* PM-4659 - Guard against future lastActivityDate due to server clock skew

* PM-4659 - DeviceManagment - RecentActivitySort updated to separate func, updated logic per dicussion with product, and wrote tests for the sort.

* PM-4659 - Tiny clean up items

* PM-4659 - Device Sort - recentlyActiveSortFn - update docs

* PM-4659 - Upsert lastActivityDate and recentlyActiveText when pending auth request arrives for known device

* PM-4659 - Reset table sort to default when a pending auth request arrives

* PM-4659 - getDeviceLastActivityDateI18nKey - add more test scenarios

* PM-4659 - Update recentlyActive i18n keys and messages to use explicit rolling-window labels (Past 7/14/30 days)

* PM-4659 - Show isTrusted status for pending auth request devices in showRecentlyActive block
2026-04-16 13:32:44 -04:00
Maciej Zieniuk
d40bbcfd54
[PM-31270] New default argon2id in change kdf component (#20058)
* new Argon2Id defaults for change kdf component

* explicit default kdf construction

* ts strict fix

* require kdf params

* require kdf params in tests
2026-04-15 11:58:57 +02:00
Daniel James Smith
d90ca0b509
[PM-32919] Migrate DeleteAccountDialog to shared code (#19308)
Some checks failed
Scan / Check PR run (push) Has been cancelled
Testing / Run typechecking (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-browser junit:junit-browser.xml name:Browser paths:apps/browser bitwarden_license/bit-browser]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-cli junit:junit-cli.xml name:CLI paths:apps/cli bitwarden_license/bit-cli]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-desktop junit:junit-desktop.xml name:Desktop paths:apps/desktop]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-libs junit:junit-libs.xml name:Libs paths:libs bitwarden_license/bit-common]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-web junit:junit-web.xml name:Web paths:apps/web bitwarden_license/bit-web]) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (macos-14) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (ubuntu-22.04) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (windows-2022) (push) Has been cancelled
Testing / Rust Coverage (push) Has been cancelled
Scan / Checkmarx (push) Has been cancelled
Scan / Sonar (push) Has been cancelled
Testing / Upload to Codecov (push) Has been cancelled
Testing / Run tests (push) Has been cancelled
* Move DeleteAccountDialogComponent from web to libs/auth/angular

Export via libs/auth/angular barrel file
Replace imports from web's SharedModule by direct imports
Update import of UserVerificationFormInputComponent

Add eslint ignore to imports from bitwarden/components

* Use new DeleteAccountDialogComponent on desktop

* Delete desktop specific DeleteAccountComponent and UserVerificationComponent

* Move DeleteAccountDialogComponent from libs/auth/angular to libs/angular/auth

---------

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
2026-04-11 07:27:18 +02:00
Bernd Schoolmann
c9352c01d9
[PM-32864] Remove local masterkey hash (#19277)
* Remove local masterkey hash

* Remove more instances of local master key hash

* remove dependence on service

* Fix failing build

* Fix failing build

* Fix tests

* Fix test

* Fix

* Prettier

* Fix merge conflicts

* Fix cli

* Remove master key from uv service (#19278)

* Revert "Remove master key from uv service (#19278)" (#19697)

This reverts commit 8e53fe6a11.

* Cleanup local master key hash

* Fix test
2026-04-09 10:34:03 -04:00
Jared Snider
9093a35de1
Auth/PM-34242 - Device Management Comp - Fix upsert losing isTrusted state and show trust status on pending auth request devices (#19822)
* PM-34242 - Fix upsert losing isTrusted state and show trust status on pending auth request devices

* PM-34242 - Add back br that actually did things
2026-04-02 14:59:37 -04:00
Jared Snider
9eddb330f0
Auth/PM-34198 - Device Management - fix device icons not rendering - update to use proper new bit-icon api (#19786) 2026-03-26 14:45:42 -04:00
Jared Snider
ebd896f91a
Auth/PM-33261 - Multi-client Password Management (new for desktop & extension) (#19289)
* PM-32413 - Add hasPassword guard for future use.

* PM-32413 - Web - PasswordSettingsComp - add TODO for using new guard.

* PM-32413 - ChangePasswordComp - Add output emitter for when a password has been changed successfully.

* PM-32413 - Add feature flag

* PM-32413 - Desktop - implement change password component in a dialog.

* PM-32413 - Add change password to extension

* PM-32413 - Fix translations

* PM-32413 - Desktop - menu - add clean up todo

* PM-32413 - Feature flags - reset hardcoded true values

* PM-32413 - Add clean up todos

* PM-32413 - Extension Routing module - add hasPassword guard

* PM-32413 - add todo

* PM-32413 - Desktop / Extension - use  InputPasswordFlow.ChangePassword instead of  InputPasswordFlow.ChangePasswordWithOptionalUserKeyRotation

* PM-32413 - Finish last AI review items

* PM-32413 - Per PR feedback, update change-password-dialog title translation to one that we don't plan on removing.

* PM-32413 - Per PR feedback, update menu item id

* PM-32413 - Per local claud review - modify has-password to use UrlTree pattern.

* PM-32413 - ChangePassword comp - add  this.passwordChanged.emit(); in newly flagged code branch
2026-03-23 16:47:50 -04:00
Bernd Schoolmann
5b4e8c10f0
[PM-33345] Bump typescript to 5.9 (#19461)
* Bump typescript to 5.9

* Fix km types

* Fix auth types

* Fix remaining types

* Fix spec files eslint

* Fix eslint

* Prettier

* Make SendHashedPassword Uint8Array<ArrayBuffer>

* Update rul tester

* Fix tests

* Fix tests
2026-03-19 23:13:06 +01:00
rr-bw
411156aeaa
refactor(input-password-flows): [Auth/PM-27086] Use new KM Data Types in InputPasswordComponent flows - Change Password (#18507)
Updates the `ChangePasswordService` (`changePassword()` and `changePasswordForAccountRecovery()`) to use the new KM data types :
- `MasterPasswordAuthenticationData`
- `MasterPasswordUnlockData`

This allows us to move away from the deprecated `makeMasterKey()` method (which takes email as salt) as we seek to eventually separate the email from the salt.

Also moves current password validation into the default and web change password services.

Behind feature flag: `pm-27086-update-authentication-apis-for-input-password`
2026-03-19 10:40:14 -07:00
Daniel James Smith
5707b0064c
[PM-32915] Angular updates to TwoFactorIconComponent (#19306)
* Make TwoFactorIconComponent standalone

* Angular updates to TwoFactorIconComponent

- Migrate TwoFactorProviderType from enum to const (ADR25)
- Migrate Inputs to Signals
- Make provider a required input
- Use new Control Flow syntax
- Use OnPush change detection
- Memoize function for legacy providers (providers with png image)
- Add documentation
- Remove @ts-strict-ignore
- Fix type in TwoFactorSetupDuoComponent as it would default to number because of the migration of TwoFactorProviderType (enum to const). Now it can be overridden with any value of TwoFactorProviderType

* Add type guard for TwoFactorProviderType and fix CLI

* PM-32915 - Update TwoFactorProviderType to mark U2f as deprecated in favor of WebAuthn

* PM-32915 - TwoFactorIconComp - refactor to eliminate legacy providers and just use new, already available duo and yubikey SVG icons.

* PM-32915 - Add TODOs for cleaning up mfaType usages.

* PM-32915 - Remove unncessary ng-container

---------

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
2026-03-11 15:28:01 +00:00
Daniel James Smith
8c7c7ebfb8
Make TwoFactorIconComponent standalone (#19305)
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2026-03-03 18:43:13 -05:00
rr-bw
4c2aec162d
refactor(input-password-flows): [Auth/PM-27086] Use new KM Data Types in InputPasswordComponent flows - TDE Offboarding (#18204)
Updates the `setInitialPasswordTdeOffboarding` path to use new KM data types:
- `MasterPasswordAuthenticationData`
- `MasterPasswordUnlockData`

This allows us to move away from the deprecated `makeMasterKey()` method (which takes email as salt) as we seek to eventually separate the email from the salt.

Behind feature flag: `pm-27086-update-authentication-apis-for-input-password`
2026-02-26 09:51:19 -08:00
Jared Snider
3782e328e1
refactor(Auth-Font-Icons): [Auth/PM-31804] Migrate auth font icons to use bit-icon (#18816)
* PM-31804 - WIP

* PM-31804 - Profile Component - fix missing translation

* PM-31804 - Web - Emergency Access Takeover Dialog Comp - remove screen reader only span as arialabel on spinner should be sufficient

* PM-31804 - Web - EmergencyAccessViewComp - remove redundant span as aria label handles accessibility.

* PM-31804 - Web - EmergencyAccessViewComp - Remove redundant sr only span - replaced w/ aria label

* PM-31804 - Web - EmergencyAccessViewComp - Remove redundant sr only span - replaced w/ aria label

* PM-31804 - EmergencyAccessComp - Replace redundant sr only span with aria label

* PM-31804 - two-factor-setup.component.html - Replace redundant sr only spans with aria labels

* PM-31804 - WebauthnLoginSettingsModule - remove unnecessary IconModule - it's imported via SharedModule

* PM-31804 - web - emergency-access.component.html - Replace redundant sr only span with aria label

* PM-31804 - LoginDecryptionOptionsComponent - Replace redundant sr only span with aria label

* PM-31804 - ChangePasswordComp - Replace redundant sr only span with aria label

* PM-31804 - AccountComponent - add BitwardenIcon type to satisfy template type requirements for name property.

* PM-31804 - Browser Account Security Component - replace nonexistent chevron icon with existing angle right icon.

* PM-31804 - Fix A11y issues with missing aria labels

* PM-31804 - Remove remaining redundant sr only spans since we now have aria labels
2026-02-23 10:42:02 -05:00
rr-bw
4a651fbfb3
refactor(input-password-flows) [Auth/PM-27086] Use new KM Data Types in InputPasswordComponent flows - TDE & Permission User (#18400)
Updates the SetInitialPasswordService TDE + Permission user flow to use the new KM data types:
- `MasterPasswordAuthenticationData`
- `MasterPasswordUnlockData`
This allows us to move away from the deprecated `makeMasterKey()` method (which takes email as salt) as we seek to eventually separate the email from the salt.

The new `setInitialPasswordTdeUserWithPermission()` method essentially takes the existing deprecated `setInitialPassword()` method and:
- Removes logic that is specific to a `JIT_PROVISIONED_MP_ORG_USER` case. This way the method only handles `TDE_ORG_USER_RESET_PASSWORD_PERMISSION_REQUIRES_MP` cases.
- Updates the logic to use `MasterPasswordAuthenticationData` and `MasterPasswordUnlockData`

Behind feature flag: `pm-27086-update-authentication-apis-for-input-password`
2026-02-17 10:44:21 -08:00
Bernd Schoolmann
f7a5ad712f
[PM-29208] Remove individual cryptographic-key states & migrate key service (#18164)
Some checks failed
Chromatic / Check PR run (push) Has been cancelled
Scan / Check PR run (push) Has been cancelled
Testing / Run typechecking (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-browser junit:junit-browser.xml name:Browser paths:apps/browser bitwarden_license/bit-browser]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-cli junit:junit-cli.xml name:CLI paths:apps/cli bitwarden_license/bit-cli]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-desktop junit:junit-desktop.xml name:Desktop paths:apps/desktop]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-libs junit:junit-libs.xml name:Libs paths:libs bitwarden_license/bit-common]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-web junit:junit-web.xml name:Web paths:apps/web bitwarden_license/bit-web]) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (macos-14) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (ubuntu-22.04) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (windows-2022) (push) Has been cancelled
Testing / Rust Coverage (push) Has been cancelled
Chromatic / Chromatic (push) Has been cancelled
Scan / Checkmarx (push) Has been cancelled
Scan / Sonar (push) Has been cancelled
Testing / Upload to Codecov (push) Has been cancelled
Testing / Run tests (push) Has been cancelled
* Remove inividual user key states and migrate to account cryptographic state

* Fix browser

* Fix tests

* Clean up migration

* Remove key-pair creation from login strategy

* Add clearing for the account cryptographic state

* Add migration

* Cleanup

* Fix linting
2026-02-09 12:39:55 +01:00
rr-bw
1f0e0ca098
refactor(input-password-flows): [Auth/PM-27086] JIT MP org user flow - remove masterKey generation from InputPasswordComponent (#18006)
- Updates `InputPasswordComponent` to emit raw data instead of generating cryptographic properties (`newMasterKey`, `newServerMasterKeyHash`, `newLocalMasterKeyHash`).
  - This helps us in moving away from using the deprecated `makeMasterKey()` method in the component (which takes email as salt) as we seek to eventually separate the email from the salt.
- Updates the `JIT_PROVISIONED_MP_ORG_USER` case of the switch to handle the flow when the `PM27086_UpdateAuthenticationApisForInputPassword` flag is on.

Feature Flag: `PM27086_UpdateAuthenticationApisForInputPassword`
2026-01-30 15:11:59 -08:00
Will Martin
5dc49f21d2
[CL-82] rename bit-icon to bit-svg; create new bit-icon component for font icons (#18584)
* rename bit-icon to bit-svg; create new bit-icon for font icons

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* find and replace current usage

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* add custom eslint warning

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* fix incorrect usage

* fix tests

* fix tests

* Update libs/components/src/svg/index.ts

Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>

* Update libs/eslint/components/no-bwi-class-usage.spec.mjs

Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>

* update component api

* update class name

* use icon type in iconButton component

* update type Icon --> BitSvg

* fix bad renames

* fix more renames

* fix bad input

* revert iconButton type

* fix lint

* fix more inputs

* misc fixes

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* fix test

* add eslint ignore

* fix lint

* add comparison story

---------

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
2026-01-28 11:36:27 -05:00
Maciej Zieniuk
1ccacb03a6
[PM-27233] Support v2 encryption for JIT Password signups (#18222)
Some checks failed
Chromatic / Check PR run (push) Has been cancelled
Scan / Check PR run (push) Has been cancelled
Testing / Run tests (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (macos-14) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (ubuntu-22.04) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (windows-2022) (push) Has been cancelled
Testing / Rust Coverage (push) Has been cancelled
Chromatic / Chromatic (push) Has been cancelled
Scan / Checkmarx (push) Has been cancelled
Scan / Sonar (push) Has been cancelled
Testing / Upload to Codecov (push) Has been cancelled
* Support v2 encryption for JIT Password signups

* TDE set master password split

* update sdk-internal dependency

* moved encryption v2 to InitializeJitPasswordUserService

* remove account cryptographic state legacy states from #18164

* legacy state comments

* sdk update

* unit test coverage

* consolidate do SetInitialPasswordService

* replace legacy master key with setLegacyMasterKeyFromUnlockData

* typo

* web and desktop overrides with unit tests

* early return

* compact validation

* simplify super prototype
2026-01-22 13:01:49 +01:00
rr-bw
d6b23670aa
feat(auth-request-answering): [Auth / PM-26209] Use AuthRequestAnsweringService on Desktop (#16906)
Update Desktop to use the AuthRequestAnsweringService, bringing it into feature parity with the Extension.
2026-01-06 13:48:07 -08:00
Dave
0064f18ccd
fix(set-initial-password) [PM-28494]: Newly created master password not accepted on unlock until after re-login on browser extension (#17930)
* fix(set-initial-password-service) [PM-28494]: Update MP data and decryption property sets to accommodate legacy and new paths for service.

* fix(set-initial-password-component) [PM-28494]: Add salt and mp data to credentials object.

* refactor(set-initial-password-service) [PM-28494]: Additional comments.

* test(set-initial-password-service) [PM-28494]: Update tests for added credential members.
2025-12-19 14:56:13 -05:00
Bernd Schoolmann
ea45c5d3c0
[PM-27315] Add account cryptographic state service (#17589)
* Update account init and save signed public key

* Add account cryptographic state service

* Fix build

* Cleanup

* Fix build

* Fix import

* Fix build on browser

* Fix

* Fix DI

* Fix

* Fix

* Fix

* Fix

* Fix

* Fix test

* Fix desktop build

* Fix

* Address nits

* Cleanup setting private key

* Add tests

* Add tests

* Add test coverage

* Relative imports

* Fix web build

* Cleanup setting of private key
2025-12-17 22:04:08 +01:00
Todd Martin
27d82aaf28
feat(accounts): Add creationDate of account to AccountInfo
* Add creationDate of account to AccountInfo

* Added initialization of creationDate.

* Removed extra changes.

* Fixed tests to initialize creation date

* Added helper method to abstract account initialization in tests.

* More test updates.

* Linting

* Additional test fixes.

* Fixed spec reference

* Fixed imports

* Linting.

* Fixed browser test.

* Modified tsconfig to reference spec file.

* Fixed import.

* Removed dependency on os.  This is necessary so that the @bitwarden/common/spec lib package can be referenced in tests without node.

* Revert "Removed dependency on os.  This is necessary so that the @bitwarden/common/spec lib package can be referenced in tests without node."

This reverts commit 669f6557b6.

* Updated stories to hard-code new field.

* Removed changes to tsconfig

* Revert "Removed changes to tsconfig"

This reverts commit b7d916e8dc.
2025-12-12 10:03:31 -05:00
renovate[bot]
7f892cf26a
[deps] Autofill: Update prettier to v3.7.3 (#17853)
* [deps] Autofill: Update prettier to v3.6.2

* fix: [PM-23425] Fix prettier issues related to dependency updte

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

* [deps] Autofill: Update prettier to v3.6.2

* [deps] Autofill: Update prettier to v3.7.3

* [PM-29379] Fix prettier issues found with the updated Prettier 3.7.3

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>

---------

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Ben Brooks <bbrooks@bitwarden.com>
2025-12-10 10:57:36 -06:00
Anders Åberg
28fbddb63f
fix(passkeys): [PM-28324] Add a guard that conditionally forces a popout depending on platform
* Add a guard that conditionally forces a popout depending on platform

* Test the routeguard

* Use mockImplementation instead.

* autoclose popout
2025-12-03 14:40:55 -05:00
Bernd Schoolmann
6e2203d6d4
[PM-18026] Implement forced, automatic KDF upgrades (#15937)
* Implement automatic kdf upgrades

* Fix kdf config not being updated

* Update legacy kdf state on master password unlock sync

* Fix cli build

* Fix

* Deduplicate prompts

* Fix dismiss time

* Fix default kdf setting

* Fix build

* Undo changes

* Fix test

* Fix prettier

* Fix test

* Update libs/angular/src/key-management/encrypted-migration/encrypted-migrations-scheduler.service.ts

Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>

* Update libs/common/src/key-management/master-password/abstractions/master-password.service.abstraction.ts

Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>

* Update libs/angular/src/key-management/encrypted-migration/encrypted-migrations-scheduler.service.ts

Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>

* Only sync when there is at least one migration

* Relative imports

* Add tech debt comment

* Resolve inconsistent prefix

* Clean up

* Update docs

* Use default PBKDF2 iteratinos instead of custom threshold

* Undo type check

* Fix build

* Add comment

* Cleanup

* Cleanup

* Address component feedback

* Use isnullorwhitespace

* Fix tests

* Allow migration only on vault

* Fix tests

* Run prettier

* Fix tests

* Prevent await race condition

* Fix min and default values in kdf migration

* Run sync only when a migration was run

* Update libs/common/src/key-management/encrypted-migrator/default-encrypted-migrator.ts

Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>

* Fix link not being blue

* Fix later button on browser

---------

Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
2025-12-03 19:04:18 +01:00
Dave
cf6569bfea
feat(user-decryption-options) [PM-26413]: Remove ActiveUserState from UserDecryptionOptionsService (#16894)
* feat(user-decryption-options) [PM-26413]: Update UserDecryptionOptionsService and tests to use UserId-only APIs.

* feat(user-decryption-options) [PM-26413]: Update InternalUserDecryptionOptionsService call sites to use UserId-only API.

* feat(user-decryption-options) [PM-26413] Update userDecryptionOptions$ call sites to use the UserId-only API.

* feat(user-decryption-options) [PM-26413]: Update additional call sites.

* feat(user-decryption-options) [PM-26413]: Update dependencies and an additional call site.

* feat(user-verification-service) [PM-26413]: Replace where allowed by unrestricted imports invocation of UserVerificationService.hasMasterPassword (deprecated) with UserDecryptionOptions.hasMasterPasswordById$. Additional work to complete as tech debt tracked in PM-27009.

* feat(user-decryption-options) [PM-26413]: Update for non-null strict adherence.

* feat(user-decryption-options) [PM-26413]: Update type safety and defensive returns.

* chore(user-decryption-options) [PM-26413]: Comment cleanup.

* feat(user-decryption-options) [PM-26413]: Update tests.

* feat(user-decryption-options) [PM-26413]: Standardize null-checking on active account id for new API consumption.

* feat(vault-timeout-settings-service) [PM-26413]: Add test cases to illustrate null active account from AccountService.

* fix(fido2-user-verification-service-spec) [PM-26413]: Update test harness to use FakeAccountService.

* fix(downstream-components) [PM-26413]: Prefer use of the getUserId operator in all authenticated contexts for user id provided to UserDecryptionOptionsService.

---------

Co-authored-by: bnagawiecki <107435978+bnagawiecki@users.noreply.github.com>
2025-11-25 11:23:22 -05:00
Oscar Hinton
4c36a46ef2
Enable directive-class-suffix (#17385) 2025-11-24 18:03:16 +01:00
Thomas Avery
cfe2458935
[PM-24107] Migrate KM's usage of getUserKey from the key service (#17117)
* Remove internal use of getUserKey in the key service

* Move ownership of RotateableKeySet and remove usage of getUserKey

* Add input validation to createKeySet
2025-11-13 10:07:13 -06:00
Vicki League
9bd7b58f6b
[PM-26984] Use medium instead of semibold or bold (#17188) 2025-11-04 15:27:13 -05:00
Jared Snider
a1570fc8b1
feat(AuthRouteConstants): [Auth/PM-27370] Convert auth routes to use constants (#16980)
* PM-22663 WIP on auth route constants

* PM-22663 - Convert desktop & extension to use constants - first pass

* PM-22663 - Further clean up

* PM-22663 - catch more missed routes

* PM-22663 - add barrel files

* PM-22663 - Per PR feedback, add missing as const

* PM-22663 - Per PR feedback and TS docs, use same name for const enum like and derived type. Adjusted filenames to be singular.

* PM-22663 - Per PR feedback update desktop app routing module since auto rename didn't update it for whatever reason.
2025-10-29 19:28:21 -04:00
Oscar Hinton
29dccd6352
Auth - Prefer signal & change detection (#16950)
Some checks failed
Chromatic / Check PR run (push) Has been cancelled
Scan / Check PR run (push) Has been cancelled
Testing / Run tests (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (macos-14) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (ubuntu-22.04) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (windows-2022) (push) Has been cancelled
Testing / Rust Coverage (push) Has been cancelled
Chromatic / Chromatic (push) Has been cancelled
Scan / Checkmarx (push) Has been cancelled
Scan / Sonar (push) Has been cancelled
Testing / Upload to Codecov (push) Has been cancelled
2025-10-22 21:28:47 -04:00
Bernd Schoolmann
a860f218bd
[PM-24128] New Pin service, using PasswordProtectedKeyEnvelope (#15863)
* fix: broken SDK interface

* Fix all compile errors related to uuids

* Update usages of sdk to type-safe SDK type

* Update sdk version

* Update to "toSdk"

* Move pin service to km ownership

* Run format

* Eslint

* Fix tsconfig

* Fix imports and test

* Clean up imports

* Pin tmp

* Initial version of updated pin service

* Add tests

* Rename function

* Clean up logging

* Fix imports

* Fix cli build

* Fix browser desktop

* Fix tests

* Attempt to fix

* Fix build

* Fix tests

* Fix browser build

* Add missing empty line

* Fix linting

* Remove non-required change

* Missing newline

* Re-add comment

* Undo change to file

* Fix missing empty line

* Cleanup

* Cleanup

* Cleanup

* Cleanup

* Switch to replaysubject

* Add comments

* Fix tests

* Run prettier

* Undo change

* Fix browser

* Fix circular dependency on browser

* Add missing clear ephemeral pin

* Address feedback

* Update docs

* Simplify sdk usage in pin service

* Replace with mock sdk

* Update sdk

* Initialize pin service via unlock instead of listening to keyservice

* Cleanup

* Fix test

* Prevent race condition with userkey not being set

* Filter null userkeys

* [PM-24124] Pin State Service (#16641)

* add pin-state.service

* add remaining tests

* improve description for clearEphemeralPinState

* rename getUserKeyWrappedPin$ to userKeyWrappedPin$

* drop temp variable in setPinState

* add new test and remove copied one

* Fix dep cycle

* Fix tests and remaining build issues

* Fix cli build

* Add comments about functions not being public API

---------

Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>
Co-authored-by: Hinton <hinton@users.noreply.github.com>
Co-authored-by: Jake Fink <jfink@bitwarden.com>
2025-10-17 16:30:29 +02:00
Patrick-Pimentel-Bitwarden
94cb1fe07b
feat(auth-tech-debt): [PM-24103] Remove Get User Key to UserKey$ (#16589)
* fix(auth-tech-debt): [PM-24103] Remove Get User Key to UserKey$ - Fixed and updated tests.

* fix(auth-tech-debt): [PM-24103] Remove Get User Key to UserKey$ - Fixed test variable being made more vague.
2025-10-16 14:30:10 -04:00
Anders Åberg
6cbdecef43
PM-13632: Enable sign in with passkeys in the browser extension for chromium browsers (#16385)
* PM-13632: Enable sign in with passkeys in the browser extension

* Refactor component + Icon fix

This commit refactors the login-via-webauthn commit as per @JaredSnider-Bitwarden suggestions. It also fixes an existing issue where Icons are not displayed properly on the web vault.

Remove old one.

Rename the file

Working refactor

Removed the icon from the component

Fixed icons not showing. Changed layout to be 'embedded'

* Add tracking links

* Update app.module.ts

* Remove default Icons on load

* Remove login.module.ts

* Add env changer to the passkey component

* Remove leftover dependencies

* use .isChromium()
2025-10-06 09:25:51 -04:00
Bernd Schoolmann
4b73198ce5
[PM-23230] Implement KDF Change Service (#15748)
* Add new mp service api

* Fix tests

* Add test coverage

* Add newline

* Fix type

* Rename to "unwrapUserKeyFromMasterPasswordUnlockData"

* Fix build

* Fix build on cli

* Fix linting

* Re-sort spec

* Add tests

* Fix test and build issues

* Fix build

* Clean up

* Remove introduced function

* Clean up comments

* Fix abstract class types

* Fix comments

* Cleanup

* Cleanup

* Update libs/common/src/key-management/master-password/types/master-password.types.ts

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Update libs/common/src/key-management/master-password/services/master-password.service.ts

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Update libs/common/src/key-management/master-password/abstractions/master-password.service.abstraction.ts

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Update libs/common/src/key-management/master-password/types/master-password.types.ts

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Update libs/common/src/key-management/master-password/abstractions/master-password.service.abstraction.ts

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Add comments

* Fix build

* Add arg null check

* Cleanup

* Fix build

* Fix build on browser

* Implement KDF change service

* Deprecate encryptUserKeyWithMasterKey

* Update libs/common/src/key-management/master-password/abstractions/master-password.service.abstraction.ts

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Update libs/common/src/key-management/master-password/abstractions/master-password.service.abstraction.ts

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Update libs/common/src/key-management/master-password/abstractions/master-password.service.abstraction.ts

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Add tests for null params

* Fix builds

* Cleanup and deprecate more functions

* Fix formatting

* Prettier

* Clean up

* Update libs/key-management/src/abstractions/key.service.ts

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Make emailToSalt private and expose abstract saltForUser

* Add tests

* Add docs

* Fix build

* Fix tests

* Fix tests

* Address feedback and fix primitive obsession

* Consolidate active account checks in change kdf confirmation component

* Update libs/common/src/key-management/kdf/services/change-kdf-service.spec.ts

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Add defensive parameter checks

* Add tests

* Add comment for follow-up epic

* Move change kdf service, remove abstraction and add api service

* Fix test

* Drop redundant null check

* Address feedback

* Add throw on empty password

* Fix tests

* Mark change kdf service as internal

* Add abstract classes

* Switch to abstraction

* use sdk EncString in MasterPasswordUnlockData

* fix remaining tests

---------

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
Co-authored-by: Jake Fink <jfink@bitwarden.com>
2025-09-23 16:10:54 -04:00
Vicki League
926f587ea2
[CL-581] Update svgs to new designs and make responsive (#16219) 2025-09-10 17:23:53 -04:00
Patrick-Pimentel-Bitwarden
fe692acc07
Auth/pm 14943/auth request extension dialog approve (#16132)
* feat(notification-processing): [PM-19877] System Notification Implementation - Implemented the full feature set for device approval from extension.

* test(notification-processing): [PM-19877] System Notification Implementation - Updated tests.

---------

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
2025-09-05 13:27:16 -04:00
Maciej Zieniuk
3a62e9c2f1
[PM-21772] Show key connector domain for new sso users (#15381)
* Passed in userId on RemovePasswordComponent.

* Added userId on other references to KeyConnectorService methods

* remove password component refactor, test coverage, enabled strict

* explicit user id provided to key connector service

* redirect to / instead when user not logged in or not managing organization

* key connector service explicit user id

* key connector service no longer requires account service

* key connector service missing null type

* cli convert to key connector unit tests

* remove unnecessary SyncService

* error toast not showing on ErrorResponse

* bad import due to merge conflict

* bad import due to merge conflict

* missing loading in remove password component for browser extension

* error handling in remove password component

* organization observable race condition in key-connector

* usesKeyConnector always returns boolean

* unit test coverage

* key connector reactive

* reactive key connector service

* introducing convertAccountRequired$

* cli build fix

* moving message sending side effect to sync

* key connector service unit tests

* fix unit tests

* move key connector components to KM team ownership

* new unit tests in wrong place

* key connector domain shown in remove password component

* type safety improvements

* convert to key connector command localization

* key connector domain in convert to key connector command

* convert to key connector command unit tests with prompt assert

* organization name placement change in the remove password component

* unit test update

* show key connector domain for new sso users

* confirm key connector domain page does not require auth guard

* confirm key connector domain page showing correctly

* key connector url required to be provided when migrating user

* missing locales

* desktop styling

* have to sync and navigate to vault after key connector keys exchange

* logging verbosity

* splitting the web client

* splitting the browser client

* cleanup

* splitting the desktop client

* cleanup

* cleanup

* not necessary if condition

* key connector domain tests fix for sso componrnt and login strategy

* confirm key connector domain base component unit tests coverage

* confirm key connector domain command for cli

* confirm key connector domain command for cli unit tests

* design adjustments

removed repeated text, vertical buttons on desktop, wrong paddings on browser extension

* key connector service unit test coverage

* new linting rules fixes

* accept invitation to organization called twice results in error.

Web vault remembers it's original route destination, which we do not want in case of accepting invitation and Key Connector, since provisioning new user through SSO and Key Connector, the user is already accepted.

* moved required key connector domain confirmation into state

* revert redirect from auth guard

* cleanup

* sso-login.strategy unit test failing

* two-factor-auth.component unit test failing

* two-factor-auth.component unit test coverage

* cli unit test failing

* removal of redundant logs

* removal of un-necessary new lines

* consolidated component

* consolidated component css cleanup

* use KdfConfig type

* consolidate KDF into KdfConfig type in identity token response

* moving KC requiresDomainConfirmation lower in order, after successful auth

* simplification of trySetUserKeyWithMasterKey

* redirect to confirm key connector route when locked but can't unlock yet

---------

Co-authored-by: Todd Martin <tmartin@bitwarden.com>
2025-09-03 21:16:40 +02:00
Maciej Zieniuk
4c960906fa
Account Recovery with Key Connector enabled not working prior to removal of Master Password (#15616) 2025-08-27 16:32:18 +02:00
Vicki League
805b6fe7aa
[CL-573] Move all svg icons to new libs/assets (#16020)
* create libs/assets

* treeshake lib and filter out non-icons from icon story

* update docs

* fix icon colors in browser and desktop

* better name for vault icon

* move illustrations
2025-08-21 11:35:59 -05:00
Dave
0b057f4c68
fix(environment-selector): [PM-21214] Extension and desktop server selector have incorrect styling (#15920)
* refactor(environment-selector): [PM-21214] Lib Environment Selector Styling - Make component standalone.

* refactor(environment-selector): [PM-21214] Lib Environment Selector Styling - Convert template to bit-menu.

* refactor(environment-selector): [PM-21214] Lib Environment Selector Styling - Move component to its own folder.

* fix(environment-selector): [PM-21214] Lib Environment Selector Styling - Fix button role redundancy.

* fix(environment-selector): [PM-21214] Lib Environment Selector Styling - Remove unneeded data-testid attributes.

* fix(environment-selector): [PM-21214] Lib Environment Selector Styling - Arrow glyph should not override link styling.
2025-08-12 13:57:52 -04:00
rr-bw
c5e5417abf
fix(device-management-sorting): [Auth/PM-24046] Device Management Sorting (#15889)
Some checks failed
Chromatic / Check PR run (push) Has been cancelled
Scan / Check PR run (push) Has been cancelled
Testing / Run tests (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (macos-14) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (ubuntu-22.04) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (windows-2022) (push) Has been cancelled
Testing / Rust Coverage (push) Has been cancelled
Chromatic / Chromatic (push) Has been cancelled
Scan / Checkmarx (push) Has been cancelled
Scan / Sonar (push) Has been cancelled
Testing / Upload to Codecov (push) Has been cancelled
This PR makes it so the devices are always sorted in this order (by default):

1. Has Pending Auth Request (if any) comes first
2. Current Device comes second (or first if there are no pending auth requests)
3. First Login Date - the rest of the devices are sorted by first login date (newest to oldest)

This sort order is preserved even after a user approves/denies and auth request - that is, the approved/denied device will re-sort to its correct position according to it's first login date.

Feature Flag: `PM14938_BrowserExtensionLoginApproval`
2025-08-07 13:46:02 -07:00
rr-bw
25ada6f80f
refactor(login-approval-component) [Auth/PM-14940] Update LoginApprovalComponent (#15511)
- Renames the `LoginApprovalComponent` to `LoginApprovalDialogComponent`
- Renames the property `notificationId` to `authRequestId` for clarity
- Updates text content on the component
2025-08-04 09:20:12 -07:00
Bernd Schoolmann
6bd8638ad8
[PM-24126] Move pin service to km ownership (#15821)
* Move pin service to km ownership

* Run format

* Eslint

* Fix tsconfig

* Fix imports and test

* Clean up imports

* Remove unused dependency on PinService

* Fix comments

---------

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2025-08-04 17:01:39 +02:00
Vicki League
f7cc937581
[CL-753] Fix popover spacing in client code (#15839) 2025-08-04 10:19:07 -04:00
Todd Martin
b3db1b79ce
chore(feature flags): [PM-19034] Remove feature flags and old components for Set/Change Password
* Removed flag and components.

* More cleanup

* Removed ChangePasswordComponent.

* Removed old EmergencyAccessTakeover

* Removed service initialization.

* Fixed test failures.

* Fixed tests.

* Test changes.

* Updated comments

* Fixed tests.

* Fixed tests.

* Fixed merge conflict.

* Removed style and routing references.

* Better comments.

* Removed ResetPasswordComponent
2025-07-24 12:46:18 -04:00
Bernd Schoolmann
7a24a538a4
[PM-23072] Remove legacy key support in auth code (#15350)
* Remove legacy key support in auth code

* Fix tests
2025-07-23 22:29:44 +02:00
Jared Snider
e47e1f79d9
fix(ChangePasswordComp): [Auth/PM-23913] Extension popout now closes after a password change (#15681) 2025-07-23 12:58:44 -04:00
rr-bw
9ca265c543
feat(redirectToVaultIfUnlockedGuard): [Auth/PM-20623] RedirectToVaultIfUnlocked Guard (#15236)
Adds a `redirect-to-vault-if-unlocked.guard.ts` that does the following:
- If there is no active user, allow access to the route
- If the user is specifically Unlocked, redirect the user to /vault
- Otherwise, allow access to the route (fallback/default)
2025-07-17 14:24:53 -07:00
Alec Rippberger
00b6b0224e
feat(extension-login-approvals): [Auth/PM-14939] devices list view for browser (#14620)
Creates a new `DeviceManagementComponent` that fetches devices and formats them before handing them off to a view component for display.

View components:

- `DeviceManagementTableComponent` - displays on medium to large screens
- `DeviceManagementItemGroupComponent` - displays on small screens

Feature flag: `PM14938_BrowserExtensionLoginApproval`
2025-07-17 10:43:49 -07:00