* PM-33353 - LoginStrategyService tests - add test to capture the bad behavior.
* PM-33353 - Extract Password Prelogin API logic to own service out of API service.
* PM-33353 - Rename prelogin request / response models to have password prefix for clarity
* PM-33353 - Build PasswordPrelogin domain service and domain model + tests
* PM-33353 - PasswordPrelogin - add barrel file
* PM-33353 - PasswordPreloginData - fromResponse - add validateKdfConfigForPrelogin so domain model is always valid.
* PM-33353 - Register PasswordPreloginApiService and PasswordPreloginService.
* PM-33353 - LoginComponent - wire up PasswordPreloginService
* PM-33353 - LoginStrategy updates - (1) Remove all password prelogin code from top level strategy service (2) Inject new PasswordPreloginService for use in the PasswordLoginStrategy.
* PM-33353 - Update Password Prelogin tests to use defaults
* PM-33353 - PasswordPreloginData model tests - update to use mins
* PM-33353 - Fix login strategy tests + get TS strict warnings fixed
* PM-33353 - Remove login component tests
* PM-33353 - Fix CLI
* PM-33353 - Password Login Strategy - add additional tests + fix misc issues + re-organized tests.
* PM-33353 - LoginComp - local AI review feedback - clean up prefetchPasswordPreloginData
* PM-33353 - Remove PM23801_PrefetchPasswordPrelogin feature flag
* PM-33353 - DefaultPasswordPreloginService - getPreloginData$ - fix shareReplay error bug state.
* PM-33353 - login-strategy.state.spec.ts - Remove incorrect todo and fix ts strict issues
* PM-33353 - Per PR feedback, Update PasswordPreloginService to add a cache clear mechanism to just tightly bound the service's memory to the lifetime of the key making process
This happens because state returns hot observables. There is no guarantee for access token to be present when read, even though it was just written with `await firstValueFrom`. Causes sync to think the auth status for the user is logged out, even though that's false
Updates import statements in tools-related files to use direct imports
instead of re-exported paths. This prepares for removal of re-exporting
files in a follow-up PR.
Part of PM-33381
* feat: remove reference to otp_invalid response since it is not used anymore
* remove usage of otpInvalid in CLI receive command
* fix: remove vestigial error types.
* chore: update sdk
* chore: fix failing test
---------
Co-authored-by: John Harrington <84741727+harr1424@users.noreply.github.com>
* Make TwoFactorIconComponent standalone
* Angular updates to TwoFactorIconComponent
- Migrate TwoFactorProviderType from enum to const (ADR25)
- Migrate Inputs to Signals
- Make provider a required input
- Use new Control Flow syntax
- Use OnPush change detection
- Memoize function for legacy providers (providers with png image)
- Add documentation
- Remove @ts-strict-ignore
- Fix type in TwoFactorSetupDuoComponent as it would default to number because of the migration of TwoFactorProviderType (enum to const). Now it can be overridden with any value of TwoFactorProviderType
* Add type guard for TwoFactorProviderType and fix CLI
* PM-32915 - Update TwoFactorProviderType to mark U2f as deprecated in favor of WebAuthn
* PM-32915 - TwoFactorIconComp - refactor to eliminate legacy providers and just use new, already available duo and yubikey SVG icons.
* PM-32915 - Add TODOs for cleaning up mfaType usages.
* PM-32915 - Remove unncessary ng-container
---------
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
* PM-24047: Make popout windows respect vault timeout when unfocused
Replace the heartbeat message-passing mechanism for popup detection
with direct browser API queries (getContexts on MV3, getExtensionViews
on MV2/Safari) that can distinguish focused from unfocused popout
windows. Unfocused popout windows no longer prevent vault timeout.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* PM-24047: Add isAnyViewFocused(), revert isPopupOpen() to simple popup detection
Addresses PR review feedback by separating focus-aware logic from the
isPopupOpen() semantics, which other callers depend on for simple
popup detection:
- BrowserApi.isPopupOpen(): reverted to return views.length > 0 for
popup-type views only (original behavior)
- BrowserApi.isAnyViewFocused(): new method that checks popup views
(always focused), sidebar tab views (always focused), and popout
tab views (focused only if document.hasFocus() is true)
- BrowserPlatformUtilsService.isPopupOpen(): simplified MV3 path
uses getContexts({ contextTypes: ['POPUP'] })
- BrowserPlatformUtilsService.isAnyViewFocused(): new method with
MV3 (POPUP/SIDE_PANEL/focused TAB) and MV2/Safari paths
- PlatformUtilsService: adds isAnyViewFocused() to the interface
- Web/Desktop/CLI stubs return false (no popout windows)
- VaultTimeoutService now calls isAnyViewFocused() instead of
isPopupOpen() so unfocused popouts don't block vault timeout
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* PM-24047: Move MV3/MV2 routing into BrowserApi
isPopupOpen() and isAnyViewFocused() now use feature detection for
chrome.runtime.getContexts to select the right API internally,
rather than having the routing in BrowserPlatformUtilsService.
This means BrowserApi is the single owner of view-detection logic,
and the service methods are simple one-line delegations.
Using typeof getContexts === "function" rather than isManifestVersion()
handles Safari naturally: if Safari doesn't support getContexts it
falls back to getExtensionViews, without needing an explicit isSafari()
exclusion.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* PM-24047: Scope MV3/MV2 routing refactor to isAnyViewFocused only
isPopupOpen() keeps its existing pattern (MV3/MV2 routing in the
service, simple getExtensionViews in BrowserApi) to avoid touching
unrelated code. Only isAnyViewFocused() has its routing moved into
BrowserApi via feature detection.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* PM-24047: Restore isPopupOpen to main branch implementation
isPopupOpen() and its tests are restored exactly to the main branch
version (heartbeat-based approach). Only isAnyViewFocused is new code.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* PM-24047: Refactor isPopupOpen() to use getContexts/getViews instead of heartbeat
Replaces the message-passing heartbeat approach with the same
chrome.runtime.getContexts() (MV3) / chrome.extension.getViews() (MV2/Safari)
introspection pattern used by isAnyViewFocused(). This eliminates the need
for a heartbeat listener in the popup and makes both methods consistent.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* PM-24047: Simplify isAnyViewFocused() using Array.some()
Collapse the two separate POPUP/SIDE_PANEL checks into a single .some()
call, and replace the synchronous MV2/Safari tab view loop with .some().
The async TAB/popout window check stays as a for loop.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* PM-24047: improve tabs loop readability somewhat
* PM-24047: Fix MV3 popout focus check using wrong uilocation filter
The TAB context filter was checking for `uilocation=sidebar` instead of
`uilocation=popout`. In MV3, sidebars are SIDE_PANEL contexts (already
handled above), so this filter never matched, causing focused popout
windows to be silently ignored and the vault to timeout while a user was
actively viewing one.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* PM-24047: Rename isViewOpen to isViewFocused for semantic accuracy
The variable and parameter previously named isViewOpen reflected
the old "is any view open?" semantics. After the refactor to
isAnyViewFocused(), the naming is updated to match the actual
behavior: checking whether a view is focused, not merely open.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: add TypeScript 5.9 type compatibility fixes for auth-owned code
Add explicit `as BufferSource` casts and `Uint8Array` wrapping to satisfy
stricter type checking in TypeScript 5.9. Non-functional changes.
* Fix type errors
* Fix test
* Fix tests
* Fix typing in auth tests
* Also change unlock service to uint8array<arraybuffer>
* Fix types
* Prettier
* Apply fixes for jest spy type
* [PM-31685] Removing email hashes
* [PM-31685] fixing tests, which are now passing
* [PM-31685] removing anon access emails field and reusing emails field
* [PM-31685] fixing missed tests
* [PM-31685] fixing missed tests
* [PM-31685] code review changes
* [PM-31685] do not encrypt emails by use of domain functionality
* [PM-31685] test fixes
* Remove inividual user key states and migrate to account cryptographic state
* Fix browser
* Fix tests
* Clean up migration
* Remove key-pair creation from login strategy
* Add clearing for the account cryptographic state
* Add migration
* Cleanup
* Fix linting
* Add validation for organization user status in CLI Confirm command
- Implemented a new method to validate the status of an organization user before confirmation.
- Added checks for various user states: invited, confirmed, revoked, and accepted.
- Enhanced error handling to provide clearer feedback based on user status.
* Refactor validation logic in ConfirmCommand to remove unnecessary user ID check
- Removed the check for null userId in the validateOrganizationUserStatus method.
- Simplified the validation process for organization user status before confirmation.
* Add unit tests for ConfirmCommand in CLI
- Created a new test suite for the ConfirmCommand to validate its functionality.
- Implemented tests for various scenarios including bad requests, user status validations, and successful confirmations.
- Enhanced error handling tests to ensure proper responses for missing organization keys and API failures.
* [deps] Vault: Update @koa/router to v15
* update router imports from `@koa/router`
* remove `@types/koa__router` no longer needed with update to `@koa/router`
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Nick Krantz <125900171+nick-livefront@users.noreply.github.com>
Co-authored-by: Nick Krantz <nick@livefront.com>
* Migrate create and edit operations to use SDK for ciphers
* WIP: Adds admin call to edit ciphers with SDK
* Add client version to SDK intialization settings
* Remove console.log statements
* Adds originalCipherId and collectionIds to updateCipher
* Update tests for new cipehrService interfaces
* Rename SdkCipherOperations feature flag
* Add call to Admin edit SDK if flag is passed
* Add tests for SDK path
* Revert changes to .npmrc
* Remove outdated comments
* Fix feature flag name
* Fix UUID format in cipher.service.spec.ts
* Update calls to cipherService.updateWithServer and .createWithServer to new interface
* Update CLI and Desktop to use new cipherSErvice interfaces
* Fix tests for new cipherService interface change
* Bump sdk-internal and commercial-sdk-internal versions to 0.2.0-main.439
* Fix linting errors
* Fix typescript errors impacted by this chnage
* Fix caching issue on browser extension when using SDK cipher ops.
* Remove commented code
* Fix bug causing race condition due to not consuming / awaiting observable.
* Add missing 'await' to decrypt call
* Clean up unnecessary else statements and fix function naming
* Add comments for this.clearCache
* Add tests for SDK CipherView conversion functions
* Replace sdkservice with cipher-sdk.service
* Fix import issues in browser
* Fix import issues in cli
* Fix type issues
* Fix type issues
* Fix type issues
* Fix test that fails sporadically due to timing issue
Migrated vault filters to new v3 vault's navigation
* Decoupled existing vault filtering from vault component by using routed params with routed-vault-filter-bridge
* Converted vault filters to standalone components
* Removed extending filter Base Components from deprecated /libs/angular library and handled logic directly
* Moved shared 'models' and 'services' directories from web-vault into /libs/vault
* remove feature flag from lock component
* Add missing windowHidden desktop feature
* Remove the flag from CLI unlock
* Remove the flag from enum file