Commit Graph

466 Commits

Author SHA1 Message Date
Jared Snider
77a0341f2e
Auth/PM-34506 - LoginStrategyService - Refactor cache and timeout out into own services (#20108)
* PM-34506 - Extract LoginStrategyCacheService as single owner of mid-auth cache state

* PM-34506 - Refactor LoginStrategySessionTimeoutService: inject cache service, add MessageListener, expose abstraction

* PM-34506 - Remove cache state and timer logic from LoginStrategyService, delegate to collaborating services

* PM-34506 - Register LoginStrategyCacheService and LoginStrategySessionTimeoutService in all client DI contexts

* PM-34506 - Components read loginSessionTimeout$ from LoginStrategySessionTimeoutServiceAbstraction

* PM-34506 - Add tests for null cache, and non-API error cache-clear paths in LoginStrategyService

* PM-34506 - Add sessionTimeout test for logInNewDeviceVerification with no cached session

* PM-34506 - Rename abstractions to follow Default prefix convention (no Abstraction suffix)

* PM-34506 - Use fake timers in startSessionTimeout test to eliminate flaky date assertion

* PM-34506 - Move registerTaskHandler into DefaultLoginStrategySessionTimeoutService constructor, remove registerSessionTimeoutTask

* PM-34506 - PR feedback - DefaultLoginStrategySessionTimeoutService - make cache clear more resilient.

* PM-34506 - 2FA Auth Comp - fix tests

* PM-34506 - rename login strategy default service files to include default- prefix

Aligns file names with class names and the established codebase convention where
default implementations are prefixed with `default-` (e.g. default-logout.service.ts).

* PM-34506 - TEMP - Default Login Strategy Session Timeout - adjust to 30 seconds to make QA's life easier.

* PM-34506 - DefaultLoginStrategySessionTimeoutService - revert temp change and set LOGIN_SESSION_TIMEOUT_LENGTH back to 5 min
2026-04-17 12:47:12 -04:00
Jordan Aasen
7f0785430d
[PM-34003] - block creation of collections without a name in the CLI (#19724)
* block creation of collections without a name in the CLI

* fix type errors
2026-04-14 15:31:16 -07:00
vlad-trofimov
d27a132995
[PM-33526] honor hidden password permission in bw list items and bw get item (#19537)
* honor hidden password permission in bw list items and bw get item

* move redaction logic into LoginResponse

---------

Co-authored-by: vlad-trofimov <vlad@Vlads-MacBook-Pro.local>
Co-authored-by: SmithThe4th <gsmith@bitwarden.com>
2026-04-14 10:41:20 -04:00
Bernd Schoolmann
8730a27b9e
[PM-30584] Add unlock for key connector with SDK (#19367)
Some checks failed
Scan / Check PR run (push) Has been cancelled
Testing / Run typechecking (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-browser junit:junit-browser.xml name:Browser paths:apps/browser bitwarden_license/bit-browser]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-cli junit:junit-cli.xml name:CLI paths:apps/cli bitwarden_license/bit-cli]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-desktop junit:junit-desktop.xml name:Desktop paths:apps/desktop]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-libs junit:junit-libs.xml name:Libs paths:libs bitwarden_license/bit-common]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-web junit:junit-web.xml name:Web paths:apps/web bitwarden_license/bit-web]) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (macos-14) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (ubuntu-22.04) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (windows-2022) (push) Has been cancelled
Testing / Rust Coverage (push) Has been cancelled
Scan / Checkmarx (push) Has been cancelled
Scan / Sonar (push) Has been cancelled
Testing / Upload to Codecov (push) Has been cancelled
Testing / Run tests (push) Has been cancelled
* Add unlock for key connector with SDK

* Cleanup merge conflicts

* Cleanup

* Eslint error

* Fix tests

* Fix tests

* Eslint fix

* Fix comment

* Prettier

* Remove setting masterkeyencrypteduserkey to state

* Remove unused enlint directive

* Rename feature flag

* Fix order of setting state

* Fix test build

* Fix cli

* Eslint

* Fix build error

* Fix build error

* Undo changes to development.json

* Prevent unflagged changes

* Apply feedback around flag caching

* Apply feedback

* Cleanup
2026-04-14 11:08:02 +09:00
Jonathan Prusik
2c2067388a
[PM-33139] Targeting Rules initial implementation (#19693)
* create the FillAssistTargetingRules feature flag

* create TargetingRulesService

* move TargetingRulesService functionality into DomainSettingsService

* use targeting rules to qualify relevant fields

* add user autofill settings toggle for Fill Assist feature

* add feature flag check to getTargetingRulesForUrl

* add TargetingRulesDataService to update local state from data source

* enable the server to specify an override URI for targeting rules data

* add working data shape

* update data shape

* update logic to match new data shape expectations

* switch from hostname to host to support port inclusions

* add resource cache-buster

* do not update meta timestamp on resource fetch failure

* consolidate email and password update category to account update

* update targeting rules maps consumer logic

* add tests

* add support for host unicode key lookup

* cleanup

* address missing www-prefixed punycode URI case handling

* reduce targeting rules data fetching interval to 6 hours

* add punycode overflow guard and other edges

* cleanup

* add state handling for environment switching

* move constants

* update logic to match provider changes

* codify targeting rules form category requirement

* remove targeting rules totp implementation

* refactor targeting rules storage to key off resource domain

* use constants instead of string literals in cipher to field mapping

* add some basic schema validation
2026-04-13 16:35:20 -05:00
Bernd Schoolmann
a942e21b22
[PM-31119] Run side-effects in sdk unlock service (#20004)
* Run side-effects in sdk unlock service

* Revert feature flag

* Tests and fix cli

* Set user ever had user key and add comment

* Update sdk

* Prettier

* Cleanup

* Only set biometric unlock when biometric enabled

* Clean up tests

* Fix DI

* Cleanup

* Cleanup

* Prettier

* Add test coverage and rename

* Cleanup tests

* Prettier

* Cleanup
2026-04-10 12:08:48 +02:00
Nick Krantz
14cd2ad341
[PM-26713] Refactor Attachment Uploads to use XMLHTTPRequest (#19634)
* allow consumers of upload service to input block size

* implement progress bar for cipher attachment uploads

* refactor to use a constant for available block sizes

* rework tests to use AzureUploadBlockSize

* update cipher attachments to ensure 100% is shown for all attachments

* do not allocate real memory in test

* update file uploads to use `XMLHttpRequest` when possible to track progress

* remove unused block size

* update tests + make options optional

* fix unit tests to align with single block approach

* add optional chaining for optional parameter

* remove duplicate import

* catch error from xhr send

* remove redundant try/catch block

* use if/else syntax in attachment template

* add `applyPlatformHeaders` to consolidate header creations between methods.

* add feature flag for file upload changes for progress

* update constructor parameters

* only pass object when feature flag is enabled
2026-04-09 13:23:33 -05:00
Bernd Schoolmann
c9352c01d9
[PM-32864] Remove local masterkey hash (#19277)
* Remove local masterkey hash

* Remove more instances of local master key hash

* remove dependence on service

* Fix failing build

* Fix failing build

* Fix tests

* Fix test

* Fix

* Prettier

* Fix merge conflicts

* Fix cli

* Remove master key from uv service (#19278)

* Revert "Remove master key from uv service (#19278)" (#19697)

This reverts commit 8e53fe6a11.

* Cleanup local master key hash

* Fix test
2026-04-09 10:34:03 -04:00
Mike Amirault
c755016915
[PM-33993] Fix CLI bug that allowed File Send downloads to save at arbitrary paths (#19890) 2026-04-06 09:57:19 -04:00
rr-bw
4a196a533b
fix(sso-callback-server-host) [Auth/PM-32604] Specify argument in listen method (#19766)
Specifies localhost in the `callbackServer.listen()` method in `LoginCommand` (CLI) and `SSOLocalhostCallbackService` (Desktop)
2026-04-03 10:56:08 -07:00
Bernd Schoolmann
97329383a1
[PM-33173] Use unlock service for password login strategy (#19371)
Some checks failed
Scan / Check PR run (push) Has been cancelled
Testing / Run typechecking (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-browser junit:junit-browser.xml name:Browser paths:apps/browser bitwarden_license/bit-browser]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-cli junit:junit-cli.xml name:CLI paths:apps/cli bitwarden_license/bit-cli]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-desktop junit:junit-desktop.xml name:Desktop paths:apps/desktop]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-libs junit:junit-libs.xml name:Libs paths:libs bitwarden_license/bit-common]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-web junit:junit-web.xml name:Web paths:apps/web bitwarden_license/bit-web]) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (macos-14) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (ubuntu-22.04) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (windows-2022) (push) Has been cancelled
Testing / Rust Coverage (push) Has been cancelled
Scan / Checkmarx (push) Has been cancelled
Scan / Sonar (push) Has been cancelled
Testing / Upload to Codecov (push) Has been cancelled
Testing / Run tests (push) Has been cancelled
* Use unlock service for login

* Fix build

* Apply feedback to move more logic behind feature flag, and use newer unlock service

* Fix types

* Fix type

* Fix test

* Fix dependencies on cli

* Cleanup

* Fix types

* Fix imports

* Fix eslint

* Prettier

* Address feedback

* Eslint

* Move unlockServiceForPasswordLogin to passwordloginstrategydata

* Eslint
2026-04-03 12:42:17 +09:00
Nick Krantz
30ab005da5
[PM-19168] Remove Archive Feature Flag (#19829)
* remove archive feature flag

* fix dependency within services module
2026-03-30 10:23:38 -05:00
Jared Snider
8c35c781a8
Auth/PM-33353 - Password Login - refine prefetching of password prelogin data (#19510)
* PM-33353 - LoginStrategyService tests - add test to capture the bad behavior.

* PM-33353 - Extract Password Prelogin API logic to own service out of API service.

* PM-33353 - Rename prelogin request / response models to have password prefix for clarity

* PM-33353 - Build PasswordPrelogin domain service and domain model + tests

* PM-33353 - PasswordPrelogin - add barrel file

* PM-33353 - PasswordPreloginData - fromResponse - add validateKdfConfigForPrelogin so domain model is always valid.

* PM-33353 - Register PasswordPreloginApiService and PasswordPreloginService.

* PM-33353 - LoginComponent - wire up PasswordPreloginService

* PM-33353 - LoginStrategy updates - (1) Remove all password prelogin code from top level strategy service (2) Inject new PasswordPreloginService for use in the PasswordLoginStrategy.

* PM-33353 - Update Password Prelogin tests to use defaults

* PM-33353 - PasswordPreloginData model tests - update to use mins

* PM-33353 - Fix login strategy tests + get TS strict warnings fixed

* PM-33353 - Remove login component tests

* PM-33353 - Fix CLI

* PM-33353 - Password Login Strategy - add additional tests + fix misc issues + re-organized tests.

* PM-33353 - LoginComp - local AI review feedback - clean up prefetchPasswordPreloginData

* PM-33353 - Remove PM23801_PrefetchPasswordPrelogin feature flag

* PM-33353 - DefaultPasswordPreloginService - getPreloginData$ - fix shareReplay error bug state.

* PM-33353  - login-strategy.state.spec.ts - Remove incorrect todo and fix ts strict issues

* PM-33353 - Per PR feedback, Update PasswordPreloginService to add a cache clear mechanism to just tightly bound the service's memory to the lifetime of the key making process
2026-03-24 17:11:08 -04:00
Thomas Rittson
577bfbb231
Update all event import statements and remove re-exporting files (#19545)
Final import statement update after moving files to DIRT ownership
2026-03-24 16:00:39 -04:00
Dave
dc0d251290
[PM-30826] Remove password change from CLI (#19157)
* feat(cli-login) [PM-30826]: Remove change password methods from cli.

* feat(cli-login) [PM-30826]: Update login command to be strict, remove unused constructor dependencies.

* test(cli-login) [PM-30826]: Add a unit test harness for login command.

* refactor(cli-login) [PM-30826]: Undo strict ignore.

* feat(cli-login) [PM-30826]: Accidental line omission.

* feat(cli-login) [PM-30826]: Update verbiage for password update instructions.

* refactor(cli-login) [PM-30826]: Remove redundant logout calls in login command.

* test(cli-login) [PM-30826]: Update tests to reflect authService.logOut invocation is no longer needed.

* refactor(cli-login) [PM-30826]: Remove unused authService dependency (logout invocation removed).

* test(login-command) [PM-30826]: Update two-factor test with more realistic setup.
2026-03-20 09:07:55 -04:00
Maciej Zieniuk
5eaba22759
login and sync race condition. (#19474)
This happens because state returns hot observables. There is no guarantee for access token to be present when read, even though it was just written with `await firstValueFrom`. Causes sync to think the auth status for the user is logged out, even though that's false
2026-03-18 16:07:52 +01:00
Bernd Schoolmann
e97450abba
chore: bump sdk-internal to 0.2.0-main.608 (#19587)
* chore: bump @bitwarden/sdk-internal to 0.2.0-main.608

* [PM-30584] Move key-connector migration to sdk (#19360)

* Move key-connector migration to sdk

* Remove unused import

* Fix DI

* Fix dependencies on cli

* Fix types

* Fix import order

* fix tests

* Remove unused import

* Rename feature flag
2026-03-17 08:24:44 -05:00
Thomas Rittson
afc45ee0c8
[Tools] Update event-related import statements (#19548)
Some checks failed
Scan / Check PR run (push) Has been cancelled
Testing / Run typechecking (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-browser junit:junit-browser.xml name:Browser paths:apps/browser bitwarden_license/bit-browser]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-cli junit:junit-cli.xml name:CLI paths:apps/cli bitwarden_license/bit-cli]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-desktop junit:junit-desktop.xml name:Desktop paths:apps/desktop]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-libs junit:junit-libs.xml name:Libs paths:libs bitwarden_license/bit-common]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-web junit:junit-web.xml name:Web paths:apps/web bitwarden_license/bit-web]) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (macos-14) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (ubuntu-22.04) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (windows-2022) (push) Has been cancelled
Testing / Rust Coverage (push) Has been cancelled
Scan / Checkmarx (push) Has been cancelled
Scan / Sonar (push) Has been cancelled
Testing / Upload to Codecov (push) Has been cancelled
Testing / Run tests (push) Has been cancelled
Updates import statements in tools-related files to use direct imports
instead of re-exported paths. This prepares for removal of re-exporting
files in a follow-up PR.

Part of PM-33381
2026-03-14 09:11:30 +10:00
Ike
c8c66a8bf1
[PM-32424] Send Access Enumeration protection (#19422)
* feat: remove reference to otp_invalid response since it is not used anymore

* remove usage of otpInvalid in CLI receive command

* fix: remove vestigial error types.

* chore: update sdk

* chore: fix failing test

---------

Co-authored-by: John Harrington <84741727+harr1424@users.noreply.github.com>
2026-03-11 11:37:07 -04:00
Daniel James Smith
5707b0064c
[PM-32915] Angular updates to TwoFactorIconComponent (#19306)
* Make TwoFactorIconComponent standalone

* Angular updates to TwoFactorIconComponent

- Migrate TwoFactorProviderType from enum to const (ADR25)
- Migrate Inputs to Signals
- Make provider a required input
- Use new Control Flow syntax
- Use OnPush change detection
- Memoize function for legacy providers (providers with png image)
- Add documentation
- Remove @ts-strict-ignore
- Fix type in TwoFactorSetupDuoComponent as it would default to number because of the migration of TwoFactorProviderType (enum to const). Now it can be overridden with any value of TwoFactorProviderType

* Add type guard for TwoFactorProviderType and fix CLI

* PM-32915 - Update TwoFactorProviderType to mark U2f as deprecated in favor of WebAuthn

* PM-32915 - TwoFactorIconComp - refactor to eliminate legacy providers and just use new, already available duo and yubikey SVG icons.

* PM-32915 - Add TODOs for cleaning up mfaType usages.

* PM-32915 - Remove unncessary ng-container

---------

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: Jared Snider <jsnider@bitwarden.com>
Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
2026-03-11 15:28:01 +00:00
Andreas Coroiu
35d25b7f8e
[PM-24047] Make popout windows respect vault timeout when unfocused (#19019)
* PM-24047: Make popout windows respect vault timeout when unfocused

Replace the heartbeat message-passing mechanism for popup detection
with direct browser API queries (getContexts on MV3, getExtensionViews
on MV2/Safari) that can distinguish focused from unfocused popout
windows. Unfocused popout windows no longer prevent vault timeout.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* PM-24047: Add isAnyViewFocused(), revert isPopupOpen() to simple popup detection

Addresses PR review feedback by separating focus-aware logic from the
isPopupOpen() semantics, which other callers depend on for simple
popup detection:

- BrowserApi.isPopupOpen(): reverted to return views.length > 0 for
  popup-type views only (original behavior)
- BrowserApi.isAnyViewFocused(): new method that checks popup views
  (always focused), sidebar tab views (always focused), and popout
  tab views (focused only if document.hasFocus() is true)
- BrowserPlatformUtilsService.isPopupOpen(): simplified MV3 path
  uses getContexts({ contextTypes: ['POPUP'] })
- BrowserPlatformUtilsService.isAnyViewFocused(): new method with
  MV3 (POPUP/SIDE_PANEL/focused TAB) and MV2/Safari paths
- PlatformUtilsService: adds isAnyViewFocused() to the interface
- Web/Desktop/CLI stubs return false (no popout windows)
- VaultTimeoutService now calls isAnyViewFocused() instead of
  isPopupOpen() so unfocused popouts don't block vault timeout

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Move MV3/MV2 routing into BrowserApi

isPopupOpen() and isAnyViewFocused() now use feature detection for
chrome.runtime.getContexts to select the right API internally,
rather than having the routing in BrowserPlatformUtilsService.
This means BrowserApi is the single owner of view-detection logic,
and the service methods are simple one-line delegations.

Using typeof getContexts === "function" rather than isManifestVersion()
handles Safari naturally: if Safari doesn't support getContexts it
falls back to getExtensionViews, without needing an explicit isSafari()
exclusion.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Scope MV3/MV2 routing refactor to isAnyViewFocused only

isPopupOpen() keeps its existing pattern (MV3/MV2 routing in the
service, simple getExtensionViews in BrowserApi) to avoid touching
unrelated code. Only isAnyViewFocused() has its routing moved into
BrowserApi via feature detection.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Restore isPopupOpen to main branch implementation

isPopupOpen() and its tests are restored exactly to the main branch
version (heartbeat-based approach). Only isAnyViewFocused is new code.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Refactor isPopupOpen() to use getContexts/getViews instead of heartbeat

Replaces the message-passing heartbeat approach with the same
chrome.runtime.getContexts() (MV3) / chrome.extension.getViews() (MV2/Safari)
introspection pattern used by isAnyViewFocused(). This eliminates the need
for a heartbeat listener in the popup and makes both methods consistent.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Simplify isAnyViewFocused() using Array.some()

Collapse the two separate POPUP/SIDE_PANEL checks into a single .some()
call, and replace the synchronous MV2/Safari tab view loop with .some().
The async TAB/popout window check stays as a for loop.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: improve tabs loop readability somewhat

* PM-24047: Fix MV3 popout focus check using wrong uilocation filter

The TAB context filter was checking for `uilocation=sidebar` instead of
`uilocation=popout`. In MV3, sidebars are SIDE_PANEL contexts (already
handled above), so this filter never matched, causing focused popout
windows to be silently ignored and the vault to timeout while a user was
actively viewing one.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* PM-24047: Rename isViewOpen to isViewFocused for semantic accuracy

The variable and parameter previously named isViewOpen reflected
the old "is any view open?" semantics. After the refactor to
isAnyViewFocused(), the naming is updated to match the actual
behavior: checking whether a view is focused, not merely open.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-03-11 14:10:32 +01:00
Bernd Schoolmann
b8206503b5
[PM-31049] Enable unlock via SDK (#18907)
* Add unlock service

* Move methods

* Prettier

* Fix type errors

* Prettier

* Fix test

* Fix module order

* Attempt to fix tests

* Use unlock service for unlocking

* Featureflag logic

* Add support for setting client managed state

* Add support for biometric unlock

* Add biometric unlock via SDK

* Prettier

* Cleanup CODEOWNERS

* Fix init with client managed state

* Backport biometric unlock and legacy master-key logic

* Add tests for biometrics

* Prettier

* Add biometric unlock to abstract unlock service

* Fix build

* tmp

* Fix tests

* Fix types

* Fix build

* Prettier

* Cleanup

* Fix import order

* Fix tests

* Eslint

* Fix tests

* Prettier

* Load feature flags before crypto init

* Prettier

* Clean up SDK config

* Prettier

* Fix eslint

* Prettier

* Update libs/key-management-ui/src/lock/components/master-password-lock/master-password-lock.component.ts

Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>

---------

Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
2026-03-10 11:47:04 +01:00
Maciej Zieniuk
d08d8743be
[PM-20372] Clear master password unlock state on Key Connector migration (#18485)
* clear master password unlock state on Key Connector migration

* missing dependency

* missing dependency

* types fix
2026-03-06 15:38:14 +01:00
Bernd Schoolmann
944b3ffdc2
[PM-31406] fix: TypeScript 5.9 type compatibility fixes for auth-owned code (#19187)
* fix: add TypeScript 5.9 type compatibility fixes for auth-owned code

Add explicit `as BufferSource` casts and `Uint8Array` wrapping to satisfy
stricter type checking in TypeScript 5.9. Non-functional changes.

* Fix type errors

* Fix test

* Fix tests

* Fix typing in auth tests

* Also change unlock service to uint8array<arraybuffer>

* Fix types

* Prettier

* Apply fixes for jest spy type
2026-03-04 19:12:44 -07:00
Bernd Schoolmann
6b91ff3867
[PM-24102] Remove encstring decrypt function (#17108)
* Remove orgid in vault decryption code

* Remove deprecated encstring usage from dirt code

* tmp

* Remove folder usage without provided key

* Fix folder test

* Fix build

* Fix build

* Fix build

* Fix tests

* Update error message

* Update spec to not use EncString decrypt

* Remove decrypt from encstring

* Make key required

* Remove unused tests

* Mark old encstring properties as deprecated

* Remove unused test code

* Update function signature

* Undo breaking change (throw on decrypt

* Defensively protect against non-error errors

* Fix types

* Fix prettier formatting

* Fix tests
2026-03-03 14:57:05 +01:00
Bernd Schoolmann
cf7f9cfc7e
[BEEEP|PM-32521] Remove compare key hash and move to proof of decryption (#19101)
* Remove compare key hash and move to proof of decryption

* Fix cli build

* Fix mv2

* Fix provider

* Prettier
2026-02-25 17:02:04 +01:00
Alex Morask
b964cfc8e4
[PM-32612] Only show subscription menu option when premium user has subscription (#19209)
* fix(billing): only show Subscription menu option when premium user has subscription

* fix(billing): missed state service invocation changes
2026-02-25 08:25:24 -06:00
Bernd Schoolmann
d20f659bbc
[PM-31406] fix: TypeScript 5.9 type compatibility fixes for vault-owned code (#19191)
* fix: TypeScript 5.9 type compatibility fixes for vault-owned code

Add explicit `as BufferSource` casts and `Uint8Array` wrapping to satisfy
stricter type checking in TypeScript 5.9. Non-functional changes.

* Fix cli build
2026-02-25 10:04:23 +01:00
Andreas Coroiu
69f0e61cda
[PM-32442] Enforce tsc-strict on desktop and CLI apps (#19058)
* fix: ts-strict not applying to desktop

* fix: ts-strict not applying to cli

* fix: desktop ESM module resolution in storybook
2026-02-24 09:20:44 +01:00
Thomas Avery
672a6026e3
[PM-27331] Update the sdk service to use accountCryptographicState (#18274)
* Update the sdk service to use accountCryptographicState
2026-02-23 12:23:37 -06:00
John Harrington
f8b5e15a44
[PM-31731] [Defect] No error is returned when entering an invalid email + an invalid verification code (#18913)
* share i18n key for both invalid email and invalid otp submission

* claude review
2026-02-18 14:08:57 -08:00
John Harrington
ab0739b693
rename flag to emails (#18955) 2026-02-13 10:23:25 -07:00
John Harrington
d7cca1bedf
[PM-23108] CLI Add Email Verification to Send Receive (#18649) 2026-02-11 14:44:49 -07:00
Nick Krantz
4fe29c71ce
allow archiving organization ciphers in the cli (#18793) 2026-02-10 15:31:55 -06:00
Alex Dragovich
e485623ed8
[PM-31685] Removing email hashes (#18744)
* [PM-31685] Removing email hashes

* [PM-31685] fixing tests, which are now passing

* [PM-31685] removing anon access emails field and reusing emails field

* [PM-31685] fixing missed tests

* [PM-31685] fixing missed tests

* [PM-31685] code review changes

* [PM-31685] do not encrypt emails by use of domain functionality

* [PM-31685] test fixes
2026-02-09 12:59:17 -08:00
Bernd Schoolmann
f7a5ad712f
[PM-29208] Remove individual cryptographic-key states & migrate key service (#18164)
Some checks failed
Chromatic / Check PR run (push) Has been cancelled
Scan / Check PR run (push) Has been cancelled
Testing / Run typechecking (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-browser junit:junit-browser.xml name:Browser paths:apps/browser bitwarden_license/bit-browser]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-cli junit:junit-cli.xml name:CLI paths:apps/cli bitwarden_license/bit-cli]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-desktop junit:junit-desktop.xml name:Desktop paths:apps/desktop]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-libs junit:junit-libs.xml name:Libs paths:libs bitwarden_license/bit-common]) (push) Has been cancelled
Testing / Run tests - ${{ matrix.test-group.name }} (map[artifact:jest-coverage-web junit:junit-web.xml name:Web paths:apps/web bitwarden_license/bit-web]) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (macos-14) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (ubuntu-22.04) (push) Has been cancelled
Testing / Run Rust tests on ${{ matrix.os }} (windows-2022) (push) Has been cancelled
Testing / Rust Coverage (push) Has been cancelled
Chromatic / Chromatic (push) Has been cancelled
Scan / Checkmarx (push) Has been cancelled
Scan / Sonar (push) Has been cancelled
Testing / Upload to Codecov (push) Has been cancelled
Testing / Run tests (push) Has been cancelled
* Remove inividual user key states and migrate to account cryptographic state

* Fix browser

* Fix tests

* Clean up migration

* Remove key-pair creation from login strategy

* Add clearing for the account cryptographic state

* Add migration

* Cleanup

* Fix linting
2026-02-09 12:39:55 +01:00
Rui Tomé
c21841a2df
[PM-26485] Add member status validation to CLI confirm command (#18557)
* Add validation for organization user status in CLI Confirm command

- Implemented a new method to validate the status of an organization user before confirmation.
- Added checks for various user states: invited, confirmed, revoked, and accepted.
- Enhanced error handling to provide clearer feedback based on user status.

* Refactor validation logic in ConfirmCommand to remove unnecessary user ID check

- Removed the check for null userId in the validateOrganizationUserStatus method.
- Simplified the validation process for organization user status before confirmation.

* Add unit tests for ConfirmCommand in CLI

- Created a new test suite for the ConfirmCommand to validate its functionality.
- Implemented tests for various scenarios including bad requests, user status validations, and successful confirmations.
- Enhanced error handling tests to ensure proper responses for missing organization keys and API failures.
2026-02-09 11:38:00 +00:00
Nick Krantz
256fe6305f
restore archived item from trash to archive (#18795) 2026-02-06 10:32:41 -06:00
Alex Dragovich
1b812d2274
Revert "Remove feature flag check from password generation (#18003)" (#18794)
This reverts commit 7c6d98b50e.
2026-02-05 13:33:44 -08:00
adudek-bw
7c6d98b50e
Remove feature flag check from password generation (#18003)
* Remove feature flag check from password generation
2026-02-05 09:46:31 -05:00
renovate[bot]
afc46cc50a
[deps] Vault: Update @koa/router to v15 (#18086)
* [deps] Vault: Update @koa/router to v15

* update router imports from `@koa/router`

* remove `@types/koa__router` no longer needed with update to `@koa/router`

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Nick Krantz <125900171+nick-livefront@users.noreply.github.com>
Co-authored-by: Nick Krantz <nick@livefront.com>
2026-02-04 14:40:50 -06:00
John Harrington
0740c037a6
[PM-30922] Client changes to encrypt send access email list (#18486) 2026-01-28 14:31:48 -07:00
Nik Gilmore
06c8c7316d
[PM-30301][PM-30302] Use SDK for Create and Update cipher operations (#18149)
* Migrate create and edit operations to use SDK for ciphers

* WIP: Adds admin call to edit ciphers with SDK

* Add client version to SDK intialization settings

* Remove console.log statements

* Adds originalCipherId and collectionIds to updateCipher

* Update tests for new cipehrService interfaces

* Rename SdkCipherOperations feature flag

* Add call to Admin edit SDK if flag is passed

* Add tests for SDK path

* Revert changes to .npmrc

* Remove outdated comments

* Fix feature flag name

* Fix UUID format in cipher.service.spec.ts

* Update calls to cipherService.updateWithServer and .createWithServer to new interface

* Update CLI and Desktop to use new cipherSErvice interfaces

* Fix tests for new cipherService interface change

* Bump sdk-internal and commercial-sdk-internal versions to 0.2.0-main.439

* Fix linting errors

* Fix typescript errors impacted by this chnage

* Fix caching issue on browser extension when using SDK cipher ops.

* Remove commented code

* Fix bug causing race condition due to not consuming / awaiting observable.

* Add missing 'await' to decrypt call

* Clean up unnecessary else statements and fix function naming

* Add comments for this.clearCache

* Add tests for SDK CipherView conversion functions

* Replace sdkservice with cipher-sdk.service

* Fix import issues in browser

* Fix import issues in cli

* Fix type issues

* Fix type issues

* Fix type issues

* Fix test that fails sporadically due to timing issue
2026-01-26 11:43:35 -08:00
Thomas Avery
bc8c925cd0
[PM-27486] Remove feature flag PM25174_DisableType0Decryption (#18413) 2026-01-23 11:09:59 -06:00
Colton Hurst
3b2286fbb0
Revert "[deps] Platform: Lock file maintenance (#14932)" (#18406)
This reverts commit 5dee97158a.
2026-01-16 16:37:07 +00:00
renovate[bot]
5dee97158a
[deps] Platform: Lock file maintenance (#14932)
* [deps]: Lock file maintenance

* Pin is-generator-function, downgrade open

* Bump zbus to match zbus_macro

* Attempt to fix rust compile issue by matching zbus and zbus_macro

* Update ashpd ...

* Fix lockfile

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Hinton <hinton@users.noreply.github.com>
2026-01-16 15:20:08 +01:00
Leslie Xiong
44bdaf71b3
Desktop/pm 18769/migrate vault filters (#17919)
Migrated vault filters to new v3 vault's navigation

* Decoupled existing vault filtering from vault component by using routed params with routed-vault-filter-bridge
* Converted vault filters to standalone components
* Removed extending filter Base Components from deprecated /libs/angular library and handled logic directly
* Moved shared 'models' and 'services' directories from web-vault into /libs/vault
2026-01-15 16:17:00 +01:00
bmbitwarden
27d43c500f
PM-28183 implemented new sends filter and search design (#17901)
* PM-28183 implemented new sends filter and search design

* PM-28183 resolved table issue fallout from merge conflict

* PM-28183 resolved browser paste url issue

* PM-28183 put new feature behind feature flag

* PM-28183 resolved feature flag

* PM-28183 resolved type-safe approach pr comment

* PM-28183 resolved DesktopSendUIRefresh feature flag is enabled. pr comment

* PM-28183 restored SendUIRefresh

* PM-28183 resolved query parameter subscription pr comment

* PM-28183 resolved pr comment re enum like objects

* PM-28183 resolved remove enum like objects  pr comment

* PM-28183 resolved pr comment re defining filteredSends member variable

* PM-28183 resolved pr comment re Code Duplication in syncCompleted Handler

* PM-28183 resolved pr comment re Floating Promise

* PM-28183 restored feature flag

* PM-28183 resolved pr comment re Dual Binding Pattern

* PM28183 resolved options cell button pr comment

* PM 28183 resolved pr comment re Incorrect CSS Class - Breaking Layout

* PM 28183 resolved pr comment re uery Param Update Causes Redundant Filter Application

* PM-28183 resolved lint issues

* PM 28183 resolved lint issues

* PM-28183 resolved type issue with import

* PM-28183 resolved import in failling test

* chore: rerun web build

* PM-28183 resolved build issues

* PM-28183 resolved build issues

* PM-28183 resolved lint issues
2026-01-12 13:26:50 -05:00
Thomas Avery
0e2748784b
[PM-25385] Remove unlock-with-master-password-unlock-data flag (#18010)
* remove feature flag from lock component

* Add missing windowHidden desktop feature

* Remove the flag from CLI unlock

* Remove the flag from enum file
2026-01-07 11:29:12 -06:00
Vincent Salucci
86764d807a
[PM-22434] Remove CreateDefaultLocation feature flag references and definition (#18057)
* chore: remove ff from vault-popup-list-filters.service, refs PM-22434

* chore: remove ff from confirm.command, refs PM-22434

* chore: remove ff from bulk-confirm-dialog.component, refs PM-22434

* chore: remove ff from member-actions.service and clean up leftover imports, refs PM-22434

* chore: remove ff from policy-edit-dialog.component, refs PM-22434

* chore: remove ff from organization-data-ownership.component, refs PM-22434

* chore: remove ff from vnext-organization-data-ownership.component, refs PM-22434

* chore: remove ff from vault-filter.service, refs PM-22434

* chore: remove ff from vault-filter.service (libs), refs PM-22434

* chore: remove ff from export.component, refs PM-22434

* chore: update observeMyItemsExclusionCriteria method documentation comments, refs PM-22434

* chore: remove ff from item-details-section.component, refs PM-22434

* chore: remove ff definition, refs PM-22434

* fix: remove configService from superclasses, refs PM-22434

* chore: update injection for VaultPopupListFilters service instantiation, refs PM-22434

* chore: update ConfirmCommand instantiation, refs PM-22434

* chore: update import order in member-actions.service, refs PM-22434

* fix: constructor argument update to amend merge conflict, refs PM-22434

* chore: remove unnecessary feature flag related tests for confirm user, refs PM-22434

* fix: remove unused services from member-actions.service.spec, refs PM-22434
2026-01-05 16:25:57 -06:00