* PM-24047: Make popout windows respect vault timeout when unfocused
Replace the heartbeat message-passing mechanism for popup detection
with direct browser API queries (getContexts on MV3, getExtensionViews
on MV2/Safari) that can distinguish focused from unfocused popout
windows. Unfocused popout windows no longer prevent vault timeout.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* PM-24047: Add isAnyViewFocused(), revert isPopupOpen() to simple popup detection
Addresses PR review feedback by separating focus-aware logic from the
isPopupOpen() semantics, which other callers depend on for simple
popup detection:
- BrowserApi.isPopupOpen(): reverted to return views.length > 0 for
popup-type views only (original behavior)
- BrowserApi.isAnyViewFocused(): new method that checks popup views
(always focused), sidebar tab views (always focused), and popout
tab views (focused only if document.hasFocus() is true)
- BrowserPlatformUtilsService.isPopupOpen(): simplified MV3 path
uses getContexts({ contextTypes: ['POPUP'] })
- BrowserPlatformUtilsService.isAnyViewFocused(): new method with
MV3 (POPUP/SIDE_PANEL/focused TAB) and MV2/Safari paths
- PlatformUtilsService: adds isAnyViewFocused() to the interface
- Web/Desktop/CLI stubs return false (no popout windows)
- VaultTimeoutService now calls isAnyViewFocused() instead of
isPopupOpen() so unfocused popouts don't block vault timeout
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* PM-24047: Move MV3/MV2 routing into BrowserApi
isPopupOpen() and isAnyViewFocused() now use feature detection for
chrome.runtime.getContexts to select the right API internally,
rather than having the routing in BrowserPlatformUtilsService.
This means BrowserApi is the single owner of view-detection logic,
and the service methods are simple one-line delegations.
Using typeof getContexts === "function" rather than isManifestVersion()
handles Safari naturally: if Safari doesn't support getContexts it
falls back to getExtensionViews, without needing an explicit isSafari()
exclusion.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* PM-24047: Scope MV3/MV2 routing refactor to isAnyViewFocused only
isPopupOpen() keeps its existing pattern (MV3/MV2 routing in the
service, simple getExtensionViews in BrowserApi) to avoid touching
unrelated code. Only isAnyViewFocused() has its routing moved into
BrowserApi via feature detection.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* PM-24047: Restore isPopupOpen to main branch implementation
isPopupOpen() and its tests are restored exactly to the main branch
version (heartbeat-based approach). Only isAnyViewFocused is new code.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* PM-24047: Refactor isPopupOpen() to use getContexts/getViews instead of heartbeat
Replaces the message-passing heartbeat approach with the same
chrome.runtime.getContexts() (MV3) / chrome.extension.getViews() (MV2/Safari)
introspection pattern used by isAnyViewFocused(). This eliminates the need
for a heartbeat listener in the popup and makes both methods consistent.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* PM-24047: Simplify isAnyViewFocused() using Array.some()
Collapse the two separate POPUP/SIDE_PANEL checks into a single .some()
call, and replace the synchronous MV2/Safari tab view loop with .some().
The async TAB/popout window check stays as a for loop.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* PM-24047: improve tabs loop readability somewhat
* PM-24047: Fix MV3 popout focus check using wrong uilocation filter
The TAB context filter was checking for `uilocation=sidebar` instead of
`uilocation=popout`. In MV3, sidebars are SIDE_PANEL contexts (already
handled above), so this filter never matched, causing focused popout
windows to be silently ignored and the vault to timeout while a user was
actively viewing one.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* PM-24047: Rename isViewOpen to isViewFocused for semantic accuracy
The variable and parameter previously named isViewOpen reflected
the old "is any view open?" semantics. After the refactor to
isAnyViewFocused(), the naming is updated to match the actual
behavior: checking whether a view is focused, not merely open.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
* feat: add bit-header component to component library
Add new bit-header component to libs/components with:
- Header component with left, center, and right content projection
- Storybook stories for documentation
- Export from component library index
* refactor: update web header to use bit-header component
- Refactor web-header to use new bit-header component from libs/components
- Extract account menu to separate component
- Update header module to import HeaderComponent
* delete web-header stories
---------
Co-authored-by: Will Martin <wmartin@Wills-MBP.attlocal.net>
* feat(billing): add taxId to upgrade organization request type
* feat(billing): implement tax ID validation for organization upgrades
* feat(billing): conditionally display tax ID field in upgrade form
* test(billing): add tax ID validation tests for organization upgrades
* fix(billing): PR feedback update
* fix(billing): remove tax id requirement for non-US billing
* test(billing): update tests for non-US billing address
* refactor: Adjust icon placement in org-switcher and nav-group components
* Move icons from 'end' to 'start' slot in org-switcher component for better alignment.
* Add conditional rendering for content in the 'start' slot of nav-group component.
* feat: Add warning icon support to navigation components
* Introduce `warningIcon` and `warningIconLabel` inputs in nav-base component for customizable warning icons.
* Update org-switcher and nav-group components to utilize the new warning icon functionality.
* Implement conditional rendering of warning icons in nav-item component for better user feedback.
* Enhance org-switcher component by replacing warning icon logic with a dedicated bit-icon element for better accessibility. Also, import IconModule to support the new icon usage.
* Refactor navigation components to remove deprecated warning icon properties and enhance structure. Updated org-switcher to utilize a dedicated bit-icon for accessibility improvements.
* Enhance org-switcher component by adding a margin utility class for improved layout consistency. Clean up nav-group component by removing deprecated slot logic for better maintainability.
With the replacement of the vault cipher view and add-edit views on the desktop client, we no longer require the ColorPasswordCountPipe or the ColorPasswordPipe, as these are now handled by the ColorPasswordComponent from the Bitwarden component library
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
* fix: add TypeScript 5.9 type compatibility fixes for auth-owned code
Add explicit `as BufferSource` casts and `Uint8Array` wrapping to satisfy
stricter type checking in TypeScript 5.9. Non-functional changes.
* Fix type errors
* Fix test
* Fix tests
* Fix typing in auth tests
* Also change unlock service to uint8array<arraybuffer>
* Fix types
* Prettier
* Apply fixes for jest spy type
* feat: implement individual items transfer option in data ownership policy
Added a new checkbox for enabling individual items transfer in the organization data ownership policy. When enabled, users will be prompted to move their individual vault items to the organization. Updated the form control logic to handle the new feature and added relevant translations in the messages.json file.
* feat: enhance data loading for individual items transfer in policy edit
Implemented a new loadData method to initialize the form with the enableIndividualItemsTransfer value from the policy response. This ensures the form reflects the current state of the data ownership policy when editing.
* Add unit test for if data is sent as a null attribute
* Rid of extra modal since checkbox replaces it
* Update buildRequestData method to include enableIndividualItemsTransfer property in OrganizationDataOwnershipPolicyData
* removed feature flag for default user collection being created for restored users.
* leaving the url as we'll need it in case we have to revert a release
* fix: TypeScript 5.9 type compatibility fixes for tools-owned code
Add explicit `as BufferSource` casts and `Uint8Array` wrapping to satisfy
stricter type checking in TypeScript 5.9. Non-functional changes.
* Fix type errors
* migrated vault cipher list
* added back `rounded` prop to `bit-layout`
* moved account switcher to right corner
* moved username below cipher item name
* fixed spacing to align with send pages
* removed commented out
* fixed options buttons overflowing if has launch
* fixed "options" label disappearing when width is insufficient
* reverted search component, added search directly to vault-list
* placed new vault cipher list work behind 'desktop-ui-migration-milestone-3' feature flag
* reverted scss changes
* added back search bar when FF not enabled
* fixed owner column responsiveness (set to table width instead of screen)
* fixed 'owner' column responsiveness
* hide 'owner' column at 'md' breakpoint
* Remove duplicate badge component and org name pipe
* Convert to standalone
* Added back translations
* used correct 'tw' variants for 'px'
* extended existing `item-footer` component
* removed unused `showGroups()` from `vault-cipher-row`
* removed 'addAccess' from `vault-list.component`
* removed more unused, separated 'cipher collections' from 'filter collections'
* converted `vault-wrapper` to use signal
* updated original 'vault.component' to reflect main
* fixed `templateUrl`, merge fix
* changed to `getFeatureFlag$`
* fixes for `item-footer` and `vault-collection-row`
* fixed lint error
* - replaced using global css with tailwind
- added functionality and ui for empty states
- moved search and vault header from 'vault-list' to 'vault component'
* fixed accessing `this.userCanArchive$`
* converted more to tailwind in vault component
* removed unused 'selection' from `vault-list`
* Fix flashing vault list
* Move app-header title to routing module
* Remove broken half-migrated new form
* removed unnecessary `this.organizations$` block
* removed `firstSetup$`, cleaned up unused, separated 'delete' and 'restore' handling for footer and cipher menu
* used desktop 'launch' functionality
* moved 'bit-no-items' into `vault-list`
* removed unused locales
* aligned `handleDelete` and `handleRestore` with original desktop functionality
* Fix linting and tests
* Move no-items out of table similar to send.
* Re-add newline end of messges.json
* Remove events
* Hide copy buttons if there is nothing to copy. Simplify
* fix
* Get rid of unused copyField
* Use dropdown button in vault list instead
* Fix linting
* removed unused imports
* updated `vault-orig` to current in main
* fixed `vault-orig` templateUrl
* fixed import order, removed unused `combineLatest` block
* fixed `onVaultItemsEvent` "delete"
* removed duplicate rendering of logo
* preserve cipher view after 'cancel'
* filter from `allCiphers`
* moved `enforceOrganizationDataOwnership` call inside "syncCompleted" block
* converted `showAddCipherBtn` to observable
* removed unused
* added `submitButtonText` to `app-vault-item-footer`
* removed filtering restricted item types
* fixed `cancelCipher` pass in and set `cipherId`
* updated `submitButtonText`
* updated `vault-orig` to current `vault` in main
---------
Co-authored-by: Hinton <hinton@users.noreply.github.com>
Exposes closeOnNavigation from cdk config and implements a drawer close solution on navigation. More complex scenarios may still require custom handling.
DialogService is referenced in imported components in some tests meaning we need to use overrideProvider rather than providers.
* bypass cipher edit permissions for individual vault
* replace bypassCipherEditPermission with form configuration mode
* allow partial edit to view cipher form
* remove old comment
* fix: add support for overriding commercial SDK
* fix: only download commercial when needed
* fix: only download OSS SDK for OSS builds and commercial SDK for commercial builds
Previously, the OSS sdk-internal was downloaded and linked for all
build types including commercial, which is wasteful. Now each build
type only downloads the SDK artifact it needs.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* revert: changes to build-desktop.yml
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* update responsive behavior of three panel layout; give sidenav extra top padding on electron; add stories that show mix of drawer and sidenav states
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* PM-31804 - WIP
* PM-31804 - Profile Component - fix missing translation
* PM-31804 - Web - Emergency Access Takeover Dialog Comp - remove screen reader only span as arialabel on spinner should be sufficient
* PM-31804 - Web - EmergencyAccessViewComp - remove redundant span as aria label handles accessibility.
* PM-31804 - Web - EmergencyAccessViewComp - Remove redundant sr only span - replaced w/ aria label
* PM-31804 - Web - EmergencyAccessViewComp - Remove redundant sr only span - replaced w/ aria label
* PM-31804 - EmergencyAccessComp - Replace redundant sr only span with aria label
* PM-31804 - two-factor-setup.component.html - Replace redundant sr only spans with aria labels
* PM-31804 - WebauthnLoginSettingsModule - remove unnecessary IconModule - it's imported via SharedModule
* PM-31804 - web - emergency-access.component.html - Replace redundant sr only span with aria label
* PM-31804 - LoginDecryptionOptionsComponent - Replace redundant sr only span with aria label
* PM-31804 - ChangePasswordComp - Replace redundant sr only span with aria label
* PM-31804 - AccountComponent - add BitwardenIcon type to satisfy template type requirements for name property.
* PM-31804 - Browser Account Security Component - replace nonexistent chevron icon with existing angle right icon.
* PM-31804 - Fix A11y issues with missing aria labels
* PM-31804 - Remove remaining redundant sr only spans since we now have aria labels
* Added v2 version of member access reports that aggregate data client side instead of using endpoint that times out. Added feature flag.
* Remove feature flag
* Added avatar color to the member access report
* Update icon usage
* Add story book for member access report
* Add icon module to member access report component
* Fix test case
* Update member access report service to match export of v1 version. Update test cases
* Fix billing error in member access report
* Add timeout to fetch organization ciphers
* Handle group naming
* Add cached permission text
* Add memberAccessReportLoadError message
* Fix member cipher mapping to deduplicate data in memory
* Update log
* Update storybook with deterministic data and test type
* Fix avatar color default
* Fix types
* Address timeout cleanup