Commit Graph

21154 Commits

Author SHA1 Message Date
Jonathan Prusik
a883fe5192
[PM-29525] Typefixes in services/autofill-overlay-content.service.ts (#19555)
* fix typing issues

* replace ts-strict-ignore for remaining work
2026-03-18 12:05:09 -04:00
Jonathan Prusik
aaf239a2c5
[PM-33568] Add Claude guidance on injected content script exceptions (#19559)
* add Claude guidance on injected content script exceptions

* update CODEOWNERS

* update CODEOWNERS

* remove high-level Claude guidance

* update CODEOWNERS

* execute PR feedback

* include all autofill content files in the rule
2026-03-18 12:04:29 -04:00
Maciej Zieniuk
5eaba22759
login and sync race condition. (#19474)
This happens because state returns hot observables. There is no guarantee for access token to be present when read, even though it was just written with `await firstValueFrom`. Causes sync to think the auth status for the user is logged out, even though that's false
2026-03-18 16:07:52 +01:00
Max
c60d9edcf5
fix(reports): skip malformed login ciphers and guard splice index in weak password report (#19627)
Co-authored-by: greedy7937 <258126311+greedy7937@users.noreply.github.com>
2026-03-18 15:40:08 +01:00
Leslie Tilton
e4dd535e4f
feat(access-intelligence): expand type guard infrastructure with EnhancedGuard pattern and V2 model validators (#19621) 2026-03-18 09:27:05 -05:00
Alex Morask
c73f1307a3
fix(pricing): display item-level discounts in cart-summary component (#19466) 2026-03-18 08:47:38 -05:00
Mike Amirault
008311fbc8
Improve logging for LastPass direct import (#19615) 2026-03-18 09:25:28 -04:00
Thomas Rittson
1545a9716e
[Autofill] Update event-related import statements (#19547)
Updates import statements in autofill-related files to use direct imports
instead of re-exported paths. This prepares for removal of re-exporting
files in a follow-up PR.

Part of PM-33381
2026-03-18 08:58:17 -04:00
Thomas Rittson
e11c72fe70
[DIRT] Update event-related import statements (#19549)
Updates import statements in DIRT-related files to use direct imports
instead of re-exported paths. This prepares for removal of re-exporting
files in a follow-up PR.

Part of PM-33381
2026-03-18 07:45:46 -05:00
Todd Martin
9744785a31
fix(environment): Handle unordered environment update events on logout
* Introduce check on user environment state

* Add additional check.

* Updated test comments.

* Added comment to explain change.
2026-03-17 22:05:11 -04:00
Justin Baur
5acb7c8503
[PM-19659] Add server-notifications README (#16203)
* Add `server-notifications` README

* Apply suggestions from code review

Co-authored-by: Todd Martin <106564991+trmartin4@users.noreply.github.com>

* Formatting

* Docs update from feedback

* Update libs/common/src/platform/server-notifications/README.md

Co-authored-by: Derek Nance <dnance@bitwarden.com>

* Add and Fix links

---------

Co-authored-by: Todd Martin <106564991+trmartin4@users.noreply.github.com>
Co-authored-by: Derek Nance <dnance@bitwarden.com>
2026-03-17 20:03:28 -04:00
Thomas Avery
51c2ac2f16
[PM-31928] Cleanup backwards compatibility code in extension lock service (#19354)
* Cleanup backwards compatibility code in extension lock service

* Add unit test coverage
2026-03-17 18:02:58 -05:00
Dave
4ff3395754
[PM-29796] Parameter validation with pattern match (#19500)
* feat(accept-organization-component) [PM-29796]: Validate Id expected shape.

* feat(utils) [PM-29796]: Remove invalidUrlParams.

* feat(utils) [PM-29796]: Re-add URL pattern matching detection with updated naming and comments.

* feat(accept-organization) [PM-29796]: Update component handling for id validation.

* feat(utils) [PM-29796]: Improve pattern-matching on utils.

* comment(accept-organization) [PM-29796]: Add comments on handling pattern.

* comment(accept-organization) [PM-29796]: Comments around authedHandler handling.

* refactor(utils) [PM-29796]: One entry per line with trailing comments for Prettier.

* refactor(accept-organization) [PM-29796]: Abstract handleInvalidInvite to its own method.

* docs(utils) [PM-29796]: Add/ungroup comments on declared match patterns.

* test(utils) [PM-29796]: Update tests and comments.

---------

Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
2026-03-17 17:50:35 -04:00
Leslie Tilton
54f690df44
[PM-33797] AIV2: Standardize Models and Services: Models and Feature flag (#19612)
* feat(access-intelligence): add V2 data model family, feature flag, and encryption service abstraction

* fix(access-intelligence): remove premature services export from barrel
2026-03-17 16:50:23 -05:00
Jackson Engstrom
56ef1dd3f4
[PM-32180] Change when premium upgrade happens (#19593)
* adds premium-upsell service

* adds and updates tests

* changes name and type in test file

* fixes strict ts

* Update libs/angular/src/vault/services/premium-upsell.service.spec.ts

fix import

Co-authored-by: Jordan Aasen <166539328+jaasen-livefront@users.noreply.github.com>

* change initial value and fix import order

---------

Co-authored-by: Jordan Aasen <166539328+jaasen-livefront@users.noreply.github.com>
2026-03-17 14:11:04 -07:00
Will Martin
cf2ff5d85f
[CL-1088] only apply macOS extra top padding to nav logo in overlay mode (#19418)
* fix(uif): only apply macOS extra top padding to nav logo in overlay mode

The macOS extra top padding was unconditionally applied to the nav logo.
Now it only applies when the side nav is in overlay mode (open but not push mode).
2026-03-17 16:26:15 -04:00
Jared Snider
3adbfea82c
Auth/PM-33168 - Emergency Access - Add / Edit dialog - fix missing error toasts (#19412)
* PM-33168 - EmergencyAccess - Add / Edit dialog - add missing validation service call to show errors as toasts

* PM-33168 - Per PR feedback, remove catch and let bitSubmit handle logging and showing error.

* PM-32487 - EmergencyAccessAddEditComponent - clean up unused service
2026-03-17 14:38:49 -04:00
Daniel Riera
0071c3221e
WIP (#19423) 2026-03-17 11:56:21 -04:00
Daniel Riera
01ef859e97
[PM-29527]Remove @ts-strict-ignore in fido2.component.ts (#19464) 2026-03-17 10:30:49 -05:00
Todd Martin
73559a57d4
feat(workflow): [PM-32677] Add new workflow to create PR for sdk-internal update
* Add new workflow.

* Workflow lints

* More security fixes.

* Claude feedback.

* Don't make empty commit.

* Update job name.

* Updated node version check.

* Print environments.

* Addressed PR feedback.

* Removed concept of distingushing downgrade.

* Updated to reference specific run_id if triggered by one.

* Addressed Claude feedback.
2026-03-17 11:27:07 -04:00
Andreas Coroiu
300b920457
[PM-32248] [PM-32233] [PM-32235] Block links from opening in electron window (#19317)
* feat: block window creation from main web renderer

* feat: redirect safe urls to external browser

* [PM-32235] Block unsafe open external call with arbitrary web vault url argument (#19322)

* feat: add safe shell class with openExternal impl

* feat: add lint rule to avoid directy openExternal usage

* feat: replace all unsafe usages

* feat: allow multiple allow-lists

* feat: update usages

* chore: remove static version of function

* fix: additional usages

* fix: tests

* fix: construct arguments

* fix: lint

* feat: block insecure weburls
2026-03-17 15:42:20 +01:00
neuronull
ebbd9ed0ba
SSH Agent v2: define napi-agent-server interface (#18880)
Building upon the prior SSH agent v2 commits, this PR introduces the high level interfaces between the napi layer, the agent, and the underlying server.

Two traits are defined to act as abstraction layers:

AuthPolicy allows the underlying server to externally request authorization to complete the various ssh operation requests it receives. The implementation of this in the BitwardenSshAgent is effectively the agent's business logic, and has unit tests accordingly.

ApprovalRequester allows the agent to externally request approval for those authorization requests.

These interfaces allow better unit test-ability and integration test-ability, and additionally are context-independent from each other; meaning the ssh agent server doesn't know about vault items, or that there is an electron app at all. Similarly, the agent knows it needs to request approval, but it doesn't have to be from an Electron app.

Co-authored-by: Bernd Schoolmann <mail@quexten.com>
2026-03-17 08:38:40 -06:00
Bernd Schoolmann
e97450abba
chore: bump sdk-internal to 0.2.0-main.608 (#19587)
* chore: bump @bitwarden/sdk-internal to 0.2.0-main.608

* [PM-30584] Move key-connector migration to sdk (#19360)

* Move key-connector migration to sdk

* Remove unused import

* Fix DI

* Fix dependencies on cli

* Fix types

* Fix import order

* fix tests

* Remove unused import

* Rename feature flag
2026-03-17 08:24:44 -05:00
Daniel James Smith
255a4ae4e5
Let tldts check for invalid characters within URI/hostname (#19415)
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2026-03-17 14:09:31 +01:00
Matt Andreko
eaf410f01f
Add publisherName to Electron build process (#19591)
* PM-33717 - Add publisherName to Electron build
2026-03-17 07:44:56 -04:00
Oscar Hinton
c624aaa237
[PM-28755] Rename send-v2 to send for desktop (#19592)
* Rename send-v2 to send for desktop

* fix test
2026-03-17 09:28:43 +01:00
Leslie Xiong
a0519ee190
Fixed attachment icons positions and SSH key truncating (#19477)
* fixed attachment icons appearing below instead of next to cipher name

* fixed SSH key not truncating with ellipses
2026-03-16 15:14:42 -04:00
Alex
41c547015d
[PM-32843] Fix phishing blocker not blocking HTTPS variants of HTTP URLs (#19265)
* fix(phishing): check alternate protocol when matching URLs against block list

The phishing blocker's IndexedDB lookup only checked the exact URL href.
When the block list contains http:// entries but the browser auto-redirects
to https://, the lookup failed silently. This adds O(1) alternate-protocol
lookups (swapping http:// ↔ https://) with the same trailing-slash
normalization.

[PM-32843]

* test(phishing): add unit tests for alternate-protocol URL matching

Covers HTTP→HTTPS and HTTPS→HTTP matching, trailing slash normalization
with protocol swap, short-circuit when exact match is found, no false
positives, and non-HTTP protocol handling.

[PM-32843]
2026-03-16 11:21:50 -07:00
Vince Grassia
6428997a00
Remove hold label from Renovate config (#19458) 2026-03-16 14:04:05 -04:00
Jordan Aasen
adfee0dc0e
pass null in cipher service (#19538) 2026-03-16 09:37:22 -07:00
Will Martin
c51e95fddd
[CL-1046] Migrate importer file password dialog to new form pattern (#18931)
Updates the import file password prompt to use <form bit-dialog> pattern following the component library updates.
2026-03-16 12:06:04 -04:00
Will Martin
e312750557
[CL-1046] Migrate vault dialogs to new form pattern (#18930)
Updates folder and custom field dialogs to use <form bit-dialog> pattern following the component library updates.
2026-03-16 12:04:47 -04:00
Bryan Cunningham
8df225d21d
[CL-1033] Migrate admin console CTAs to new icon API (#19482)
Migrates buttons and links in admin console components (web + licensed) to use the new icon API.
2026-03-16 11:36:29 -04:00
✨ Audrey ✨
f48647e2f1
[PM-31646] stop label collection from crossing into sibling form-field containers (#19452)
Adds a containsChildFormElement guard to left-label, right-label, and
recursive sibling traversal so that text inside a sibling DOM container
that holds its own input/select/textarea is not absorbed as label text
for the target field.  This prevents Yahoo's country-code dropdown
container ("Enter Country Code") from contaminating the username field's
label-left, which caused a false TOTP classification via the word "code".
2026-03-16 15:23:29 +00:00
✨ Audrey ✨
877598ec9c
[PM-31646] prioritize usernames ahead of ambiguous TOTPs (#19453)
Split isFillableTotpField into isFillableTotpField (TotpFieldNames /
one-time-code autocomplete) and maybeFillableTotpField (AmbiguousTotpFieldNames
only) and reorder the classification switch so that a reliable TOTP signal
still wins unconditionally, but a username match beats a purely ambiguous TOTP
match.  This fixes Yahoo's login-username field being misclassified as TOTP
because 'code' appears in AmbiguousTotpFieldNames.
2026-03-16 10:21:45 -05:00
Daniel Riera
852e5015a7
[PM-33019] Add is trusted check in messenger.ts (#19329)
* PM-33019 Add isTrusted check in messenger.ts

* update tests to accomodate isTrusted

* return comment
2026-03-16 09:56:56 -05:00
renovate[bot]
883841feef
[deps]: Pin Rust crate rkyv to v0.8.14 (#19579)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-16 08:13:53 -06:00
renovate[bot]
6340e42ff1
[deps]: Update docker/setup-docker-action action to v5 (#19584)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-16 11:57:40 +01:00
Thomas Rittson
afc45ee0c8
[Tools] Update event-related import statements (#19548)
Some checks failed
Scan / Check PR run (push) Has been cancelled
Testing / Run typechecking (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-browser junit:junit-browser.xml name:Browser paths:apps/browser bitwarden_license/bit-browser]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-cli junit:junit-cli.xml name:CLI paths:apps/cli bitwarden_license/bit-cli]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-desktop junit:junit-desktop.xml name:Desktop paths:apps/desktop]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-libs junit:junit-libs.xml name:Libs paths:libs bitwarden_license/bit-common]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-web junit:junit-web.xml name:Web paths:apps/web bitwarden_license/bit-web]) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (macos-14) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (ubuntu-22.04) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (windows-2022) (push) Has been cancelled
Testing / Rust Coverage (push) Has been cancelled
Scan / Checkmarx (push) Has been cancelled
Scan / Sonar (push) Has been cancelled
Testing / Upload to Codecov (push) Has been cancelled
Testing / Run tests (push) Has been cancelled
Updates import statements in tools-related files to use direct imports
instead of re-exported paths. This prepares for removal of re-exporting
files in a follow-up PR.

Part of PM-33381
2026-03-14 09:11:30 +10:00
Thomas Rittson
124c04503d
[Vault] Update event-related import statements (#19546)
Updates import statements in vault-related files to use direct imports
instead of re-exported paths. This prepares for removal of re-exporting
files in a follow-up PR.

Part of PM-33381
2026-03-14 09:10:57 +10:00
Nik Gilmore
34fad756de
[PM-33374] Fix getAllDecrypted when using the SDK (#19503)
* Bump SDK version

* Change SDK call to CiphersClient::list() to CiphersClient::get_all()

* Update mocks in tests to use ciphersService.get_all
2026-03-13 14:59:36 -07:00
John Harrington
a0e8c2d209
introduce feature flag pm-31885-send-controls (#19356) 2026-03-13 14:49:17 -07:00
Jason Ng
55d0595184
[PM-29250] remove browser premium spotlight flag. update spec files (#19364) 2026-03-13 14:56:40 -04:00
bmbitwarden
5ddaa031c9
PM-32651 resolved double browser url paste problem (#19523) 2026-03-13 14:49:54 -04:00
renovate[bot]
91a60d813b
[deps] Tools: Update dotnet monorepo to v10 (#16054)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-13 14:26:24 -04:00
Patrick-Pimentel-Bitwarden
d4b4c8a164
fix(register): [PM-27085] Account Register Uses New Data Types (#18470)
* fix(register): [PM-27085] Account Register Uses New Data Types - Initial changes.

* test(register): [PM-27085] Account Register Uses New Data Types - Fixed tests.

* test(register): [PM-27085] Account Register Uses New Data Types - Updated tests.

* feat(register): [PM-27085] Account Register Uses New Data Types - Added feature flag.

* fix(register): [PM-27085] Account Register Uses New Data Types - Removed unnecessary part of the payload.

* fix(register): [PM-27085] Account Register Uses New Data Types - Changed the feature flag to be gated with the other password input changes.

* fix(register): [PM-27085] Account Register Uses New Data Types - Added protection for feature flagged state.

* fix(register): [PM-27085] Account Register Uses New Data Types - Removed unnecessary comment.

* fix(register): [PM-27085] Account Register Uses New Data Types - Addressed feedback.

* fix(register): [PM-27085] Account Register Uses New Data Types - Fixed tests and added comment.

* fix(register): [PM-27085] Account Register Uses New Data Types - Fixed another test.

* fix(register): [PM-27085] Account Register Uses New Data Types - And last test fix.

* fix(register): [PM-27085] Account Register Uses New Data Types - Removed unneeded code.

* fix(register): [PM-27085] Account Register Uses New Data Types - Updated comments and fixed code from feedback.

* fix(register): [PM-27085] Account Register Uses New Data Types - Updated comments again with small styling fix.

* fix(register): [PM-27085] Account Register Uses New Data Types - Switched to snapshot testing and explicit checks for unlock and authentication data for feature flag on. Also addressed pr comments.

* test(register): [PM-27085] Account Register Uses New Data Types - Made explicit checks for critical pieces of data in tests.

* fix(feature-flag): [PM-27085] Account Register Uses New Data Types - Added in feedback from comments. Default registration tests have snapshots now and web registration has more dry code.
2026-03-13 14:04:49 -04:00
Ben Brooks
c2493674d7
[pm-33048] Exclude non-text inputs from multi-step qualification (#19493)
* [pm-33048] Exclude non-text inputs from multi-step qualification
* [pm-33048] Guard against null pageDetailsField.type under ts-strict

---------

Signed-off-by: Ben Brooks <bbrooks@bitwarden.com>
2026-03-13 09:48:39 -07:00
Bernd Schoolmann
363f6445e3
[PM-31115] Support ephemeral pin envelope state in SDK (#19491)
* Support ephemeral pin envelope state in SDK

* Fix tests

* chore: bump @bitwarden/sdk-internal to 0.2.0-main.597

* Eslint

* Prettier
2026-03-13 16:11:47 +01:00
renovate[bot]
ad1d99c359
[deps]: Update @napi-rs/cli to v3.5.1 (#18433)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-13 11:02:38 -04:00
Nick Krantz
bc0a369106
refer to folderViews$ directly to avoid circular dependency (#19376) 2026-03-13 09:44:33 -05:00