Commit Graph

2476 Commits

Author SHA1 Message Date
Jordan Aasen
43fd99b002
[PM-24722][PM-27695] - add persistent callout in settings for non-premium users (#17246)
Some checks failed
Chromatic / Check PR run (push) Has been cancelled
Scan / Check PR run (push) Has been cancelled
Testing / Run tests (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (macos-14) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (ubuntu-22.04) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (windows-2022) (push) Has been cancelled
Testing / Rust Coverage (push) Has been cancelled
Chromatic / Chromatic (push) Has been cancelled
Scan / Checkmarx (push) Has been cancelled
Scan / Sonar (push) Has been cancelled
Testing / Upload to Codecov (push) Has been cancelled
* add persistent callout in settings for non-premium users

* remove premium v2 component

* add spec

* remove premium-v2.component.html

* fix title

* fix typo

* conditionally render h2

* re-add pemiumv2component. change class prop to observable

* change from bold to semibold

* remove unecessary tw classes. use transform: booleanAttribute

* add spotlight specs

* code cleanup
2025-11-24 13:49:05 -08:00
blackwood
883ff8968e
Allows limited internal message posting when host experience content is controlled (#17313) 2025-11-24 14:08:11 -05:00
Leslie Tilton
5779df2417
Correct phishing blocker file structure (#17477) 2025-11-24 10:46:28 -06:00
Bernd Schoolmann
13940a74ae
Fix biometrics unlock when pin is enabled (#17528) 2025-11-22 11:53:45 +01:00
Daniel Riera
279632d65f
[PM-28516] Inline menu is not working in main (#17524)
* PM-28516 alidate iframe and stylesheet URLs against their own origins to handle
cases where chrome assigns different extension ids in different contexts

* switch to regex to match exisiting match pattern

* updated regex to account for safari
2025-11-21 17:10:03 +00:00
Dave
daf7b7d2ce
fix(two-factor) [PM-21204]: Users without premium cannot disable premium 2FA (#17134)
* refactor(two-factor-service) [PM-21204]: Stub API methods in TwoFactorService (domain).

* refactor(two-factor-service) [PM-21204]: Build out stubs and add documentation.

* refactor(two-factor-service) [PM-21204]: Update TwoFactorApiService call sites to use TwoFactorService.

* refactor(two-fatcor) [PM-21204]: Remove deprecated and unused formPromise methods.

* refactor(two-factor) [PM-21204]: Move 2FA-supporting services into common/auth/two-factor feature namespace.

* refactor(two-factor) [PM-21204]: Update imports for service/init containers.

* feat(two-factor) [PM-21204]: Add a disabling flow for Premium 2FA when enabled on a non-Premium account.

* fix(two-factor-service) [PM-21204]: Fix type-safety of module constants.

* fix(multiple) [PM-21204]: Prettier.

* fix(user-verification-dialog) [PM-21204]: Remove bodyText configuration for this use.

* fix(user-verification-dialog) [PM-21204]: Improve the error message displayed to the user.
2025-11-21 10:35:34 -05:00
bw-ghapp[bot]
8077270ef8
Autosync the updated translations (#17529)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2025-11-21 09:39:50 +01:00
Addison Beck
ba93526965
chore: create eslint rule to catch insecure page script injection (#17437)
* chore: create eslint rule to catch insecure page script injection

* chore: ignore existing lints

* review: tighten rule scope

* review: add tests
2025-11-20 19:45:49 -05:00
Jeffrey Holland
e23b2d0c98
Autofill/pm 25597 plex password generation (#16997)
* Correctly fill generated passwords and current password on plex.tv

* Correctly fill generated passwords and current password on plex.tv

* Leave existing forEach

* Add tests for changes
2025-11-20 16:31:05 +01:00
Nick Krantz
b00987180d
[PM-26688][PM-27710] Delay skeletons from showing + search (#17394)
* add custom operator for loading skeleton delays

* add `isCipherSearching$` observable to search service

* prevent vault skeleton from showing immediately

* add skeleton for search + delay to sends

* update fade-in-out component selector

* add fade-in-out component for generic use

* address memory leak by using defer to encapsulate `skeletonShownAt`

* add missing provider
2025-11-20 08:26:47 -06:00
Jonathan Prusik
7c4db701b9
[PM-27797] Prevent host page manipulation of inline menu popover attribute (#17400)
* turn off inline experience if host page aggressively competes for top of top-layer

* add alert message for top-layer hijack scenarios

* widen the backoff threshold

* refactor backoff logic to include popover attribute mutations

* improve getPageIsOpaque check

* do not attempt inline menu insertion if it has been disabled for security concerns

* fix typo

* cleanup

* add tests
2025-11-19 19:14:05 -05:00
Andy Pixley
d86c918e71
[BRE-1303] Providing method for pinning Chrome extension ID for dev (#17432) 2025-11-19 16:11:51 -05:00
Addison Beck
6d1c474fc5
fix: add world: MAIN to Firefox page script registration (#17466)
* chore: update @types/firefox-webext-browser

* fix: add world: MAIN to Firefox page script registration

* review: add world property to registration type
2025-11-19 20:13:41 +00:00
Addison Beck
e44ab1b411
fix: enable dynamic URLs for Chrome web accessible resources (#17429)
This commit adds use_dynamic_url: true to the extension's web_accessible_resources configuration. When enabled, Chrome generates random session-based GUIDs for extension resource URLs instead of using the predictable static extension ID. This enhances privacy by making extension resource URLs unpredictable and prevents third-party enumeration of installed extensions.

The feature is supported in Chrome 102+ and changes resource URLs from chrome-extension://[static-id]/resource to chrome-extension://[random-guid]/resource, with GUIDs regenerating each browser session while maintaining all existing extension functionality.

Addresses: https://bitwarden.atlassian.net/browse/PM-28344
2025-11-19 14:57:59 -05:00
Github Actions
64bfbf274a Bumped client version(s) 2025-11-19 00:18:10 +00:00
Jonathan Prusik
df03664827
[PM-27915] Add additional global styling collision defenses for pseudo-elements (#17340)
* add additional global styling collision defenses for pseudo-elements

* move internal stylesheet into closed shadow root
2025-11-18 14:49:12 -05:00
Will Martin
b952e6ea44
[PM-28071] add prod test domain for phishing detection (#17450) 2025-11-18 13:08:21 -05:00
bw-ghapp[bot]
bbb42d9b17
Autosync the updated translations (#17461)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2025-11-18 18:36:24 +01:00
Daniel Riera
b1acff7f5c
Pm 27900 add additional hardening in extension frame validation (#17265)
* PM-27900 harden iframe, origin route tightening and test updates

* reduce comments to make more legible

* Removes referrer check in favor of PM-27822 #17313 bitwarden/clients@4206447cfe

* nake token optional since it is later set

* whitelist -> allowlist

* improve notes on unsafe

* improve content handler notes

* order allowlist

* improve jsdoc on ismessagefromextension method

* cover additional test cases

* rename verifytoken and document more clear, update referrer

---------

Co-authored-by: Miles Blackwood <mrobinson@bitwarden.com>
2025-11-18 12:22:13 -05:00
Oscar Hinton
9efc31534b
[PM-28231] Enable component-class-suffix (#17384)
* Enable component-class-suffix

* Rename file
2025-11-18 13:26:38 +01:00
Maximilian Power
8f04f25818
Fix Firefox phishing blocker continue button by awaiting tab navigation promises (#17436) 2025-11-18 09:37:31 +01:00
Jordan Aasen
670f3514ba
[PM-23384] - Browser extension spotlight directing to Premium signup in web (#17343)
* premium upgrade nudge

* add specs

* clean up vault template and specs

* fix date comparison. add more specs for date

* fix spec

* fix specs

* make prop private
2025-11-17 12:36:37 -08:00
Matt Gibson
c67715ea29
[PM-28038][PM-28276] Ignore url case for origin matching (#17355)
* ignore url case for origin matching

* Fixup typo

* Inject log services
2025-11-17 07:37:36 -08:00
Alex Dragovich
a4d773537e
[PM-27465] Fixing cancel button on Send and Vault export (#17138)
Some checks failed
Chromatic / Check PR run (push) Has been cancelled
Scan / Check PR run (push) Has been cancelled
Testing / Run tests (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (macos-14) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (ubuntu-22.04) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (windows-2022) (push) Has been cancelled
Testing / Rust Coverage (push) Has been cancelled
Chromatic / Chromatic (push) Has been cancelled
Scan / Checkmarx (push) Has been cancelled
Scan / Sonar (push) Has been cancelled
Testing / Upload to Codecov (push) Has been cancelled
2025-11-14 16:07:10 -08:00
Jason Ng
8a3f1ee1a4
[PM-26687] send skeleton (#17333)
* adding skeleton to send
2025-11-14 16:16:08 -05:00
Daniel Riera
fdb2f8b553
[PM-4903] - If you back out of autofill flow from locked vault screen, credentials autofilled on normal unlock (#17283)
* PM-4903- added a check for auth status and popout tabs, if no popup tab and auth is locked, abandon autofill

* add test

* clear all notifications if unlock popout closed

* add more tests and use tabid for performance optimization
2025-11-14 12:44:32 -05:00
bw-ghapp[bot]
4fd65965e8
Autosync the updated translations (#17379)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2025-11-14 12:39:05 +01:00
Andreas Coroiu
ed2d8b9549
[PM-18046] Implement session storage (#17346)
* feat: add support for IPC client managed session storage

* feat: update SDK

* fix: using undecorated service in jslib module directly

* feat: add test case for web

* chore: document why we use any type

* fix: `ipc` too short

* typo: omg

* Revert "typo: omg"

This reverts commit 559b05eb5a.

* Revert "fix: `ipc` too short"

This reverts commit 35fc99e10b.

* fix: use camelCase
2025-11-14 08:51:38 +01:00
Mark Youssef
a55d0f02f2
[CL-672] update mobile design of dialog (#14828)
---------

Co-authored-by: Vicki League <vleague@bitwarden.com>
2025-11-13 21:59:03 -05:00
Oscar Hinton
d95d86d05e
[CL-738] Migrate disclosure component (#17206) 2025-11-13 17:02:38 -05:00
Jordan Aasen
18c1d8b2d3
[PM-27661] - Multiple URIs - Add a Collapse Button after clicking View All for Saved Websites (#17352)
* use signals. add toggleable list view.

* use @for. remove redundant if statement

* fix template variable name

* clean up test setup

* Update apps/browser/src/vault/popup/components/vault-v2/autofill-confirmation-dialog/autofill-confirmation-dialog.component.spec.ts

Co-authored-by: Nik Gilmore <ngilmore@bitwarden.com>

---------

Co-authored-by: Nik Gilmore <ngilmore@bitwarden.com>
2025-11-13 10:34:38 -08:00
Daniel Riera
42a79e65cf
[PM-26916] inline menu not autofilling email field for oatsovernight.com (#17182)
* PM-26916 utilize opid on focused fields as first validation in order to avoid erroneously filling other similar fields

* extract logic to helper and take totp and multiple forms into account

* run prettier

* avoid filling with opid if already filled

* clean up comments and avoid early return so all fields are scanned

* add tests
2025-11-13 10:26:32 -05:00
Jeffrey Holland
ea0cdfc37c
Display autofill overlay for zoom.us signin password (#16900) 2025-11-13 11:26:04 +01:00
Nick Krantz
b2682a4139
[PM-27520] Allow for search while vault is loading (#17274)
* allow for search while vault is loading

* fix comment wording

* remove subscription return value - it is not used

* update `distinctUntilChanged` to account for tuple

* use feature flag to determine search pattern

* fix tests & lint issues

* fix lint errors part 2
2025-11-12 15:34:54 -06:00
Maciej Zieniuk
3da3aa5e8c
moving ownership of Auth vault timeout input component to KM (#17180)
(cherry picked from commit 5e595dabf71cdb312ae9e1e3bcc3121b3aebf19f)
2025-11-12 22:15:01 +01:00
Nick Krantz
d71add85e8
[PM-25084] Vault Skeleton loading (#17321)
* add import to overflow styles to override the overflow applied by virtual scrolling

* add position relative so absolute children display in scrolling context rather over the entire page

* add fade in skeleton to vault page

* refactor vault loading state to shared service

* disable search while loading

* add live announcement when vault is loading / loaded

* simplify announcement

* resolve CI issues

* add feature flag for skeletons

* add feature flag observables for loading state

* update component naming
2025-11-12 08:31:25 -06:00
Maciej Zieniuk
021d3e53aa
[PM-26056] Consolidated session timeout component (#16988)
* consolidated session timeout settings component

* rename preferences to appearance

* race condition bug on computed signal

* outdated header for browser

* unnecessary padding

* remove required on action, fix build

* rename localization key

* missing user id

* required

* cleanup task

* eslint fix signals rollback

* takeUntilDestroyed, null checks

* move browser specific logic outside shared component

* explicit input type

* input name

* takeUntilDestroyed, no toast

* unit tests

* cleanup

* cleanup, correct link to deprecation jira

* tech debt todo with jira

* missing web localization key when policy is on

* relative import

* extracting timeout options to component service

* duplicate localization key

* fix failing test

* subsequent timeout action selecting opening without dialog on first dialog cancellation

* default locale can be null

* unit tests failing

* rename, simplifications

* one if else feature flag

* timeout input component rendering before async pipe completion
2025-11-11 08:15:36 -06:00
bw-ghapp[bot]
275c6a93b4
Autosync the updated translations (#17271)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2025-11-10 08:40:12 +01:00
Matt Gibson
40ec682b78
[PM-27888] [PM-27889][PM-27914][PM-27820] Use frame Id as test for internal source. (#17266)
* Use frame Id as test for internal source.

* prefer strong equality

* Fix tests
2025-11-07 11:58:35 -05:00
Jonathan Prusik
0ef4964b2e
[PM-27569] Typing cleanup (#17087)
* typing cleanup

* additional cleanup

* more typing fixes

* revert notification background changes

* fix DOM query service breakage

* do not run a fill_by_opid action if there is a nullish or empty value attribute

* type cleanup

* cleanup per review suggestions

* remove unused flag check

* add non-null assertion signposts

* additional cleanup
2025-11-07 11:34:08 -05:00
Jordan Aasen
4bf90b0fb3
[PM-27754] - [Defect] MP prompt is missing before "Cannot autofill" modal when trying to autofill a login with "Exact" default matching set (#17247)
* add persistent callout in settings for non-premium users

* always call password reprompt in doAutofill

* ensure password reprompt is checked in all instances

* Revert "add persistent callout in settings for non-premium users"

This reverts commit d206832cd3.
2025-11-06 15:55:31 -08:00
Will Martin
1be9e19fad
[PM-26944] fix(browser/phishing-detection): fix various issues (#17197) 2025-11-06 12:55:18 -06:00
Vicki League
c404ee210b
[PM-26984] Use medium instead of semibold or bold (#17191) 2025-11-06 11:27:46 -05:00
Robyn MacCallum
c7da24e627
Pass cipherId in bgHandleReprompt (#17256) 2025-11-06 10:53:17 -05:00
Vicki League
7cbfcd23a8
[PM-26984] Use medium instead of semibold or bold (#17194) 2025-11-06 09:09:17 -06:00
Matt Gibson
57b8f18cdd
PM-27820 (#17245)
Some checks failed
Chromatic / Check PR run (push) Has been cancelled
Scan / Check PR run (push) Has been cancelled
Testing / Run tests (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (macos-14) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (ubuntu-22.04) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (windows-2022) (push) Has been cancelled
Testing / Rust Coverage (push) Has been cancelled
Chromatic / Chromatic (push) Has been cancelled
Scan / Checkmarx (push) Has been cancelled
Scan / Sonar (push) Has been cancelled
Testing / Upload to Codecov (push) Has been cancelled
* limit port to internal communications

* A few more internal-only ports

* fixup tests

disabled tests that are now failing with a race condition.

* Remove autofill team review requirement
2025-11-05 20:22:34 -05:00
Matt Gibson
cbf380e023
Arch/pm 27820 (#17241)
* add storage port validation

* remove unused method

* Prefer property presence over truthyness
2025-11-05 18:09:15 -05:00
SmithThe4th
aabee1b827
Fixed incorrect toast messages on favorite (#17238) 2025-11-05 17:06:52 -05:00
Nick Krantz
8cd39690ed
[PM-27711] Loading Skeleton page (#17224)
* convert popup page component to use inputs

* disable overflow on popup page to allow content to naturally overflow

* migrate popup-page to OnPush

* add vault-loading-skeleton component

* remove internal loading text

* hide entire skeleton from screen readers
2025-11-05 14:05:15 -06:00
Bernd Schoolmann
3125f679d3
[PM-25206] Inject service instead of passing as param (#16801)
* Inject service instead of passing as param

* [PM-25206] Move locking logic to LockService (#16802)

* Move locking logic to lock service

* Fix tests

* Fix CLI

* Fix test

* FIx safari build

* Update call to lock service

* Remove locked callback

* Clean up lock service logic

* Add tests

* Fix cli build

* Add extension lock service

* Fix cli build

* Fix build

* Undo ac changes

* Undo ac changes

* Run prettier

* Fix build

* Remove duplicate call

* [PM-25206] Remove VaultTimeoutService lock logic (#16804)

* Move consumers off of vaulttimeoutsettingsservice lock

* Fix build

* Fix build

* Fix build

* Fix firefox build

* Fix test

* Fix ts strict errors

* Fix ts strict error

* Undo AC changes

* Cleanup

* Fix

* Fix missing service
2025-11-05 17:11:34 +01:00