Commit Graph

21120 Commits

Author SHA1 Message Date
✨ Audrey ✨
877598ec9c
[PM-31646] prioritize usernames ahead of ambiguous TOTPs (#19453)
Split isFillableTotpField into isFillableTotpField (TotpFieldNames /
one-time-code autocomplete) and maybeFillableTotpField (AmbiguousTotpFieldNames
only) and reorder the classification switch so that a reliable TOTP signal
still wins unconditionally, but a username match beats a purely ambiguous TOTP
match.  This fixes Yahoo's login-username field being misclassified as TOTP
because 'code' appears in AmbiguousTotpFieldNames.
2026-03-16 10:21:45 -05:00
Daniel Riera
852e5015a7
[PM-33019] Add is trusted check in messenger.ts (#19329)
* PM-33019 Add isTrusted check in messenger.ts

* update tests to accomodate isTrusted

* return comment
2026-03-16 09:56:56 -05:00
renovate[bot]
883841feef
[deps]: Pin Rust crate rkyv to v0.8.14 (#19579)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-16 08:13:53 -06:00
renovate[bot]
6340e42ff1
[deps]: Update docker/setup-docker-action action to v5 (#19584)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-16 11:57:40 +01:00
Thomas Rittson
afc45ee0c8
[Tools] Update event-related import statements (#19548)
Some checks failed
Scan / Check PR run (push) Has been cancelled
Testing / Run typechecking (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-browser junit:junit-browser.xml name:Browser paths:apps/browser bitwarden_license/bit-browser]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-cli junit:junit-cli.xml name:CLI paths:apps/cli bitwarden_license/bit-cli]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-desktop junit:junit-desktop.xml name:Desktop paths:apps/desktop]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-libs junit:junit-libs.xml name:Libs paths:libs bitwarden_license/bit-common]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-web junit:junit-web.xml name:Web paths:apps/web bitwarden_license/bit-web]) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (macos-14) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (ubuntu-22.04) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (windows-2022) (push) Has been cancelled
Testing / Rust Coverage (push) Has been cancelled
Scan / Checkmarx (push) Has been cancelled
Scan / Sonar (push) Has been cancelled
Testing / Upload to Codecov (push) Has been cancelled
Testing / Run tests (push) Has been cancelled
Updates import statements in tools-related files to use direct imports
instead of re-exported paths. This prepares for removal of re-exporting
files in a follow-up PR.

Part of PM-33381
2026-03-14 09:11:30 +10:00
Thomas Rittson
124c04503d
[Vault] Update event-related import statements (#19546)
Updates import statements in vault-related files to use direct imports
instead of re-exported paths. This prepares for removal of re-exporting
files in a follow-up PR.

Part of PM-33381
2026-03-14 09:10:57 +10:00
Nik Gilmore
34fad756de
[PM-33374] Fix getAllDecrypted when using the SDK (#19503)
* Bump SDK version

* Change SDK call to CiphersClient::list() to CiphersClient::get_all()

* Update mocks in tests to use ciphersService.get_all
2026-03-13 14:59:36 -07:00
John Harrington
a0e8c2d209
introduce feature flag pm-31885-send-controls (#19356) 2026-03-13 14:49:17 -07:00
Jason Ng
55d0595184
[PM-29250] remove browser premium spotlight flag. update spec files (#19364) 2026-03-13 14:56:40 -04:00
bmbitwarden
5ddaa031c9
PM-32651 resolved double browser url paste problem (#19523) 2026-03-13 14:49:54 -04:00
renovate[bot]
91a60d813b
[deps] Tools: Update dotnet monorepo to v10 (#16054)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-13 14:26:24 -04:00
Patrick-Pimentel-Bitwarden
d4b4c8a164
fix(register): [PM-27085] Account Register Uses New Data Types (#18470)
* fix(register): [PM-27085] Account Register Uses New Data Types - Initial changes.

* test(register): [PM-27085] Account Register Uses New Data Types - Fixed tests.

* test(register): [PM-27085] Account Register Uses New Data Types - Updated tests.

* feat(register): [PM-27085] Account Register Uses New Data Types - Added feature flag.

* fix(register): [PM-27085] Account Register Uses New Data Types - Removed unnecessary part of the payload.

* fix(register): [PM-27085] Account Register Uses New Data Types - Changed the feature flag to be gated with the other password input changes.

* fix(register): [PM-27085] Account Register Uses New Data Types - Added protection for feature flagged state.

* fix(register): [PM-27085] Account Register Uses New Data Types - Removed unnecessary comment.

* fix(register): [PM-27085] Account Register Uses New Data Types - Addressed feedback.

* fix(register): [PM-27085] Account Register Uses New Data Types - Fixed tests and added comment.

* fix(register): [PM-27085] Account Register Uses New Data Types - Fixed another test.

* fix(register): [PM-27085] Account Register Uses New Data Types - And last test fix.

* fix(register): [PM-27085] Account Register Uses New Data Types - Removed unneeded code.

* fix(register): [PM-27085] Account Register Uses New Data Types - Updated comments and fixed code from feedback.

* fix(register): [PM-27085] Account Register Uses New Data Types - Updated comments again with small styling fix.

* fix(register): [PM-27085] Account Register Uses New Data Types - Switched to snapshot testing and explicit checks for unlock and authentication data for feature flag on. Also addressed pr comments.

* test(register): [PM-27085] Account Register Uses New Data Types - Made explicit checks for critical pieces of data in tests.

* fix(feature-flag): [PM-27085] Account Register Uses New Data Types - Added in feedback from comments. Default registration tests have snapshots now and web registration has more dry code.
2026-03-13 14:04:49 -04:00
Ben Brooks
c2493674d7
[pm-33048] Exclude non-text inputs from multi-step qualification (#19493)
* [pm-33048] Exclude non-text inputs from multi-step qualification
* [pm-33048] Guard against null pageDetailsField.type under ts-strict

---------

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
2026-03-13 09:48:39 -07:00
Bernd Schoolmann
363f6445e3
[PM-31115] Support ephemeral pin envelope state in SDK (#19491)
* Support ephemeral pin envelope state in SDK

* Fix tests

* chore: bump @bitwarden/sdk-internal to 0.2.0-main.597

* Eslint

* Prettier
2026-03-13 16:11:47 +01:00
renovate[bot]
ad1d99c359
[deps]: Update @napi-rs/cli to v3.5.1 (#18433)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-13 11:02:38 -04:00
Nick Krantz
bc0a369106
refer to folderViews$ directly to avoid circular dependency (#19376) 2026-03-13 09:44:33 -05:00
renovate[bot]
07797b5fc6
[deps]: Update module-alias to v2.3.4 (#19000)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: neuronull <9162534+neuronull@users.noreply.github.com>
2026-03-13 10:44:00 -04:00
renovate[bot]
aac0f0a6c1
[deps]: Update Minor github-actions updates (#18999)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-13 09:26:37 -04:00
Bryan Cunningham
047be29451
[CL-1033] Migrate remaining CTAs to new icon API (#19490)
Some checks failed
Scan / Check PR run (push) Has been cancelled
Testing / Run typechecking (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-browser junit:junit-browser.xml name:Browser paths:apps/browser bitwarden_license/bit-browser]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-cli junit:junit-cli.xml name:CLI paths:apps/cli bitwarden_license/bit-cli]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-desktop junit:junit-desktop.xml name:Desktop paths:apps/desktop]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-libs junit:junit-libs.xml name:Libs paths:libs bitwarden_license/bit-common]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-web junit:junit-web.xml name:Web paths:apps/web bitwarden_license/bit-web]) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (macos-14) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (ubuntu-22.04) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (windows-2022) (push) Has been cancelled
Testing / Rust Coverage (push) Has been cancelled
Scan / Checkmarx (push) Has been cancelled
Scan / Sonar (push) Has been cancelled
Testing / Upload to Codecov (push) Has been cancelled
Testing / Run tests (push) Has been cancelled
* [CL-1033] Migrate remaining CTAs to new icon API

Migrates buttons and links in settings and secrets manager components to use the new icon API.

* Revert unrelated .vscode/settings.json change

Removes angular.enable-strict-mode-prompt setting that was accidentally included from the source branch.

* Apply suggestion from @claude[bot]

Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>

---------

Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
2026-03-13 00:42:58 -04:00
Alex
8b4b6825f5
[PM-31791] Fix Access Intelligence tab/banner overlap on smaller screens (#18899)
* Fix Access Intelligence tab/banner overlap on smaller screens

* Fix tab header overflow by using min-height instead of fixed height

* Fix Run Report button position to stay near Data last updated text
2026-03-12 20:19:33 -07:00
renovate[bot]
0f113e22a1
[deps] Platform: Update babel-loader to v10 (#14513)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-12 16:56:11 -04:00
renovate[bot]
3e06a9e1aa
[deps] Platform: Update nx monorepo to v22 (#17302)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-12 16:52:40 -04:00
Bryan Cunningham
ae3d7ba7f1
add empty selector to hide span (#19531) 2026-03-12 15:37:21 -05:00
Jared
75dbc54513
Enhance policies table layout with flexbox for improved UI consistency (#19528) 2026-03-12 13:41:19 -04:00
Jordan Aasen
f5300ab54c
[PM-29439] - Product Tour – Coachmarks (#19476)
* add coachmark

* add coachmark tour

* fixes to coachmarks

* updates to coachmarks

* add tests

* add specs

* cleanup

* merge main

* add comment
2026-03-12 09:58:54 -07:00
Bryan Cunningham
748ef081a6
[CL] fix i18n error and make spinner small (#19527) 2026-03-12 11:57:56 -05:00
Daniel Riera
4cc607612a
PM-33023 Utilize currentlyInSandboxedIframe() method within fido2 to give parity to password autofill (#19335) 2026-03-12 12:53:46 -04:00
Patrick-Pimentel-Bitwarden
ec17680fa1
fix(emergency-access): [PM-29585] Prevent New EA Invitations or Acceptance (#19502)
fix(emergency-access): [PM-29585] Prevent New EA Invitations or Acceptance - Added toast for failure to show error to user. (#19502)
2026-03-12 11:39:08 -05:00
Jared
44ef7c1f54
[PM-31475] Remove decline event log for org data ownership policy (#19450)
* feat(event): add support for self-revocation event type and corresponding localization messages

* fix(tests): update transfer rejection logging test to ensure no event is logged when a user rejects a transfer

* feat(event-logs): add OrganizationUser_SelfRevoked event type and logging
2026-03-12 12:33:37 -04:00
Vijay Oommen
5888f7db13
[PM-29314] Member access report - show all members, include empty collections they can access (#19448) 2026-03-12 10:50:00 -05:00
Jared
3548a358cf
Refactor VaultTimeoutAction from enum to const object for improved type safety and flexibility (#19499) 2026-03-12 11:43:16 -04:00
Nick Krantz
849bf53eca
verify that enableIndividualItemsTransfer is set for organization ownership policy (#19506) 2026-03-12 08:56:02 -05:00
Bernd Schoolmann
c369fe7463
[PM-32856] Make sync non-blocking on desktop, browser (#19358)
* Make sync non-blocking

* Update comment

* Undo changes to development.json

* Update libs/key-management-ui/src/lock/components/lock.component.ts

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>

* Prettier

---------

Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
2026-03-12 04:31:24 -05:00
cd-bitwarden
3e0d41ec2f
fixing sidebar count issue (#18761) 2026-03-11 17:43:46 -04:00
cd-bitwarden
79c52ca29b
[SM-1800] Handle corrupted encrypted project names gracefully - Clients (#18873)
* Handle corrupted encrypted project names gracefully

- Add decryptionError flag to ProjectView, ProjectListView, and SecretProjectView
- Wrap all project name decryption in try-catch blocks across services
- Use DECRYPT_ERROR constant instead of hardcoded strings
- Display corrupted names as clickable warning text in projects list
- Show warning badges for corrupted project names in secrets list
- Add i18n keys for error tooltips
- Add keyboard accessibility (role, tabindex, enter/space handlers)

* fixing tests

* fixing jittery loading
2026-03-11 17:42:36 -04:00
Nick Krantz
2d702e0eac
[PM-32661] Update Transfer Items Dialog (#19498)
* refactor decline and leave to be a link button rather than a secondary button

* update supporting text for transfer dialog

* add aria-label for learn more link
2026-03-11 16:19:09 -05:00
Vijay Oommen
4b25324c44
pm-33009: Add email validation to data breach report (#19403) 2026-03-11 13:09:09 -05:00
Jonathan Prusik
c689f44c06
[PM-28174] Fix actions/create-github-app-token breakage (#19472)
* fix actions/create-github-app-token breakage

* remove renovate version block rule
2026-03-11 13:14:13 -04:00
Daniel James Smith
7224a529e9
Remove NotPremiumDirective from jslib.module (#19287)
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2026-03-11 17:46:12 +01:00
Vicki League
3992832f30
[CL-1074] Fix chromatic workflow when changedFiles is false (#19495) 2026-03-11 16:40:59 +00:00
Daniel James Smith
7507c33744
Remove duplicate entry from tsconfig.base.json (#19309)
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2026-03-11 12:00:51 -04:00
Bryan Cunningham
50108b2477
[CL-1033] Migrate layout CTAs to new icon API (#19488)
Migrates buttons and links in product-switcher layout components to use the new icon API.

Co-authored-by: Will Martin <contact@willmartian.com>
2026-03-11 15:54:04 +00:00
Daniel James Smith
46bb683d7b
[PM-29232] Add cookie acquisition (#19392)
* Add cookie acquisition to ServerCommunicationConfigService

* Fix DI for ServerCommunicationConfigPlatformApiService

* Rename param for acquireCookie from hostname to url

---------

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2026-03-11 16:52:44 +01:00
Alex Morask
e5a6312fee
[PM-33308] Use providedIn: "root" for web-based billing services (#19449)
* refactor(billing): move billing services to providedIn root and remove component-level providers

* refactor(billing): remove missed redundant billing service providers

* refactor(billing): move 4 additional billing services to providedIn root and remove empty modules
2026-03-11 10:38:43 -05:00
Ike
c8c66a8bf1
[PM-32424] Send Access Enumeration protection (#19422)
* feat: remove reference to otp_invalid response since it is not used anymore

* remove usage of otpInvalid in CLI receive command

* fix: remove vestigial error types.

* chore: update sdk

* chore: fix failing test

---------

Co-authored-by: John Harrington <84741727+harr1424@users.noreply.github.com>
2026-03-11 11:37:07 -04:00
Daniel James Smith
5707b0064c
[PM-32915] Angular updates to TwoFactorIconComponent (#19306)
* Make TwoFactorIconComponent standalone

* Angular updates to TwoFactorIconComponent

- Migrate TwoFactorProviderType from enum to const (ADR25)
- Migrate Inputs to Signals
- Make provider a required input
- Use new Control Flow syntax
- Use OnPush change detection
- Memoize function for legacy providers (providers with png image)
- Add documentation
- Remove @ts-strict-ignore
- Fix type in TwoFactorSetupDuoComponent as it would default to number because of the migration of TwoFactorProviderType (enum to const). Now it can be overridden with any value of TwoFactorProviderType

* Add type guard for TwoFactorProviderType and fix CLI

* PM-32915 - Update TwoFactorProviderType to mark U2f as deprecated in favor of WebAuthn

* PM-32915 - TwoFactorIconComp - refactor to eliminate legacy providers and just use new, already available duo and yubikey SVG icons.

* PM-32915 - Add TODOs for cleaning up mfaType usages.

* PM-32915 - Remove unncessary ng-container

---------

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
2026-03-11 15:28:01 +00:00
Daniel Riera
25dda0c78c
[PM-29528]Remove @ts-strict-ignore in autofill.service.ts (#19032)
* [PM-29528]Remove @ts-strict-ignore in autofill.service.ts

* remove redundant explicit checks

* implement a discriminated union to account for forms with no username

* add reducer and move up const for field opid

* Update apps/browser/src/autofill/services/autofill.service.ts

Co-authored-by: Jonathan Prusik <jprusik@users.noreply.github.com>

* revert suggestion

---------

Co-authored-by: Jonathan Prusik <jprusik@users.noreply.github.com>
2026-03-11 10:36:38 -04:00
Daniel Riera
cd2b708982
[PM-29526]Remove ts strict ignore in settings autofill component (#19012)
* remove ts strict

* explicit null check on handleAdvanceMatch

* handle null appropriately in uriMatchOptions

* add explicit null checks

* clean up code

* Update autofill.component.ts
2026-03-11 10:21:32 -04:00
Will Martin
34a4970527
Fix readonly lint errors in SendGeneratorDialogComponent (#19480)
Convert mutable class properties to readonly, using signals for
buttonLabel and generatedValue to satisfy the enforce-readonly-angular-properties rule.
2026-03-11 09:46:54 -04:00
Andreas Coroiu
35d25b7f8e
[PM-24047] Make popout windows respect vault timeout when unfocused (#19019)
* PM-24047: Make popout windows respect vault timeout when unfocused

Replace the heartbeat message-passing mechanism for popup detection
with direct browser API queries (getContexts on MV3, getExtensionViews
on MV2/Safari) that can distinguish focused from unfocused popout
windows. Unfocused popout windows no longer prevent vault timeout.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* PM-24047: Add isAnyViewFocused(), revert isPopupOpen() to simple popup detection

Addresses PR review feedback by separating focus-aware logic from the
isPopupOpen() semantics, which other callers depend on for simple
popup detection:

- BrowserApi.isPopupOpen(): reverted to return views.length > 0 for
  popup-type views only (original behavior)
- BrowserApi.isAnyViewFocused(): new method that checks popup views
  (always focused), sidebar tab views (always focused), and popout
  tab views (focused only if document.hasFocus() is true)
- BrowserPlatformUtilsService.isPopupOpen(): simplified MV3 path
  uses getContexts({ contextTypes: ['POPUP'] })
- BrowserPlatformUtilsService.isAnyViewFocused(): new method with
  MV3 (POPUP/SIDE_PANEL/focused TAB) and MV2/Safari paths
- PlatformUtilsService: adds isAnyViewFocused() to the interface
- Web/Desktop/CLI stubs return false (no popout windows)
- VaultTimeoutService now calls isAnyViewFocused() instead of
  isPopupOpen() so unfocused popouts don't block vault timeout

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Move MV3/MV2 routing into BrowserApi

isPopupOpen() and isAnyViewFocused() now use feature detection for
chrome.runtime.getContexts to select the right API internally,
rather than having the routing in BrowserPlatformUtilsService.
This means BrowserApi is the single owner of view-detection logic,
and the service methods are simple one-line delegations.

Using typeof getContexts === "function" rather than isManifestVersion()
handles Safari naturally: if Safari doesn't support getContexts it
falls back to getExtensionViews, without needing an explicit isSafari()
exclusion.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Scope MV3/MV2 routing refactor to isAnyViewFocused only

isPopupOpen() keeps its existing pattern (MV3/MV2 routing in the
service, simple getExtensionViews in BrowserApi) to avoid touching
unrelated code. Only isAnyViewFocused() has its routing moved into
BrowserApi via feature detection.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Restore isPopupOpen to main branch implementation

isPopupOpen() and its tests are restored exactly to the main branch
version (heartbeat-based approach). Only isAnyViewFocused is new code.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Refactor isPopupOpen() to use getContexts/getViews instead of heartbeat

Replaces the message-passing heartbeat approach with the same
chrome.runtime.getContexts() (MV3) / chrome.extension.getViews() (MV2/Safari)
introspection pattern used by isAnyViewFocused(). This eliminates the need
for a heartbeat listener in the popup and makes both methods consistent.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Simplify isAnyViewFocused() using Array.some()

Collapse the two separate POPUP/SIDE_PANEL checks into a single .some()
call, and replace the synchronous MV2/Safari tab view loop with .some().
The async TAB/popout window check stays as a for loop.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: improve tabs loop readability somewhat

* PM-24047: Fix MV3 popout focus check using wrong uilocation filter

The TAB context filter was checking for `uilocation=sidebar` instead of
`uilocation=popout`. In MV3, sidebars are SIDE_PANEL contexts (already
handled above), so this filter never matched, causing focused popout
windows to be silently ignored and the vault to timeout while a user was
actively viewing one.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Rename isViewOpen to isViewFocused for semantic accuracy

The variable and parameter previously named isViewOpen reflected
the old "is any view open?" semantics. After the refactor to
isAnyViewFocused(), the naming is updated to match the actual
behavior: checking whether a view is focused, not merely open.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-03-11 14:10:32 +01:00