clients

Commit Graph

Author	SHA1	Message	Date
Addison Beck	253a4e573c	fix: add world: MAIN to Firefox page script registration (#17466 ) * chore: update @types/firefox-webext-browser * fix: add world: MAIN to Firefox page script registration * review: add world property to registration type	4 weeks ago
Addison Beck	5d5819a3fd	fix: enable dynamic URLs for Chrome web accessible resources (#17429 ) This commit adds use_dynamic_url: true to the extension's web_accessible_resources configuration. When enabled, Chrome generates random session-based GUIDs for extension resource URLs instead of using the predictable static extension ID. This enhances privacy by making extension resource URLs unpredictable and prevents third-party enumeration of installed extensions. The feature is supported in Chrome 102+ and changes resource URLs from chrome-extension://[static-id]/resource to chrome-extension://[random-guid]/resource, with GUIDs regenerating each browser session while maintaining all existing extension functionality. Addresses: https://bitwarden.atlassian.net/browse/PM-28344	4 weeks ago
Github Actions	e080ab2a43	Bumped client version(s) (cherry picked from commit `64bfbf274a`)	4 weeks ago
Matt Gibson	19b992c382	[PM-27888] [PM-27889][PM-27914][PM-27820] Use frame Id as test for internal source. (#17266 ) * Use frame Id as test for internal source. * prefer strong equality * Fix tests (cherry picked from commit `40ec682b78`)	1 month ago
Matt Gibson	d664d314a3	PM-27820 (#17245 ) * limit port to internal communications * A few more internal-only ports * fixup tests disabled tests that are now failing with a race condition. * Remove autofill team review requirement (cherry picked from commit `57b8f18cdd`) (cherry picked from commit `551d80dfa0`)	1 month ago
Matt Gibson	00c27dc8c8	Arch/pm 27820 (#17241 ) * add storage port validation * remove unused method * Prefer property presence over truthyness (cherry picked from commit `cbf380e023`) (cherry picked from commit `33149f79cb`)	1 month ago
John Harrington	4463ae2d9f	PM-27883-Defect-Windows-Edge-browser-importer-is-not-enabled (#17260 ) * remove edge from unsupported browser list * Clarify comment for CSV import handling Updated comment to clarify supported browsers for CSV imports. (cherry picked from commit `5e094c6066`)	1 month ago
Will Martin	6dfc8af46d	[PM-26944] fix(browser/phishing-detection): fix various issues (#17197 ) (cherry picked from commit `1be9e19fad`)	1 month ago
Robyn MacCallum	0bec4cd493	Pass cipherId in bgHandleReprompt (#17256 )	1 month ago
Bryan Cunningham	cafd24c38d	remove spacing from checkboxes. Add media query for smaller screens (#17233 )	1 month ago
Bryan Cunningham	8ad955102f	use regular gap instead of column gap to fix spacing (#17228 )	1 month ago
Dave	943a186f4f	fix(desktop-app-component) [PM-27467]: Remove early call of updateAppMenu on logout; await broadcastService handling of loggedOut to update app menu to prevent evaluation of activeUserState. (#17219 ) (cherry picked from commit `e6c2786dcc`)	1 month ago
John Harrington	fcfc0ff85d	checkpoint on simplified fix before swapping to signals (cherry picked from commit `551519b7a1`) revert to earlier working commit and add commit to rc	1 month ago
Will Martin	a1580f8aea	[PM-26944] phishing data checksum diffing + daily patches (#16983 ) * expose local db file to extension * fetch from local db as fallback; only fetch new data on changed checksum; fetch from cdn * check for undefined chrome runtime (for easy Storybook mocking) * update capital letters lint * add audit api tests * add bash script to fetch local db info and split it to meet FF size limits * add readme * Rename README.md to readme.md * remove leftover file * remove unused methods from audit service * remove local db logic * wip * revert local db build changes * add tests; sub to updates directly; refactor teardown logic * fix eslint crashing * remove temp premium override * remove unused test * update timer value * run prettier * refetch all domains on app version change * fix log statement * harden fetching * filter empty domains * fix type issue * fix typo * fix type error * fix cleanup (cherry picked from commit `7ac6a67835`)	1 month ago
Github Actions	b4420d770e	Bumped client version(s)	1 month ago
Todd Martin	cd56d01894	chore(deps): Platform: Update electron to v37 * [deps] Platform: Update electron to v37 * Updated electron-builder.json * Updated electron-builder latest 37 minor. --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2 months ago
Jordan Aasen	b102ee4bdf	[PM-26653] - fix uri match strategy logic (#17142 ) * fix uri match strategy logic * fix variable name * update logic and specs * add test case	2 months ago
Bernd Schoolmann	e68a471655	[PM-26340] Enable linux biometrics v2 (#16661 )	2 months ago
Ben Brooks	b5a7379ea9	feat(policies): PM-25570 Admin Console UI for URI Match Default Policy (#16752 ) Admin Console UI for URI Match Default Policy --------- Signed-off-by: Ben Brooks <bbrooks@bitwarden.com> Co-authored-by: Jonathan Prusik <jprusik@users.noreply.github.com>	2 months ago
Alex	4d1c00a5bc	[PM-26941] all caught up state for review card (#17164 ) * add "All caught up!" state for application review card - Display success state when all applications have been reviewed and no new applications need review - Add iconColorClass input to activity-card component to support conditional icon colors (green checkmark for success state) - Add i18n keys: allCaughtUp and noNewApplicationsToReviewAtThisTime - Check if all apps have review dates via enrichedReportData$ to determine when to show the caught up state * fix "Potential Race Condition with State Initialization" from claude issue and replace getter	2 months ago
Brandon Treston	2da0b48c3d	[PM-27688] fix events page not loading (#17166 ) * remove unneeded rxjs filter * add check for canManage * add null check * fix provider ID, clean up	2 months ago
Brandon Treston	98622a3f73	remove unneeded rxjs filter (#17165 )	2 months ago
Leslie Tilton	23cb3e092c	[PM-27694] Handle empty report response (#17162 ) * Consolidate loading state and handle null report from api response * Fix jumping of page when ciphers are still loading * Fix type errors * Fix loading state	2 months ago
Jason Ng	4908d73804	[PM-27500] update cipher.service to align with sdk types (#17147 )	2 months ago
bw-ghapp[bot]	b7759abb20	Autosync the updated translations (#17145 ) Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>	2 months ago
Shane Melton	dbe70bd51c	[PM-24467] Introduce cipher risk service (#17009 ) * [PM-24467] Introduce CipherRiskService * [PM-24467] Introduce computeCipherRiskForUser() method * [PM-24467] Refactor buildPasswordReuseMap to use user SDK client * [PM-24467] Use switchMap instead of map * [PM-24467] Cleanup redundant tests * [PM-24467] Update SDK models * [PM-24467] Update @bitwarden/sdk-internal version * [PM-24467] Update @bitwarden/commercial-sdk-internal version	2 months ago
bw-ghapp[bot]	1476dce396	Autosync the updated translations (#17146 ) Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>	2 months ago
Oscar Hinton	8c185c9d2b	[PM-27645] Check signature of helper exe (#17155 )	2 months ago
Oscar Hinton	443b85a356	[PM-27641] Enable signature validation (#17150 ) Enables the currently disabled signature validation. This is a blocker for release.	2 months ago
Leslie Tilton	6024e1d05f	[PM-26968] Save risk insights summary and metrics (#17132 ) * Update type guards * Add metric data types. Update places saving a risk insights report summary to save metrics * Fix types and test error * Fix critical report members * Update test case for null username in type-guard * Fix report application mapped data check	2 months ago
Jason Ng	98849a5a65	[PM-27214] Update SDK to version 365 (#17130 ) * update sdk version	2 months ago
Oscar Hinton	4c1eba2086	[PM-27583] Add icon to chromium import helper (#17126 ) Adds an icon to the windows binary. --------- Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>	2 months ago
bw-ghapp[bot]	9d2b2d1894	Autosync the updated translations (#17144 ) Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>	2 months ago
Andreas Coroiu	8aebfbeace	[PM-25932] Shorten socket paths (#17093 ) * feat: shorten socket paths * fix: No such file or directory error * feat: remove tmp folder from path * fix: No such file or directory autofill error	2 months ago
Andreas Coroiu	1264abfb19	[PM-25569] Expose commercial sdk service to web clients (#16899 ) * feat: enable commercial SDK usage on web * feat: enable commercial SDK usage in cli * feat: enable commercial SDK usage in browser * feat: add lint to restrict commercial sdk imports	2 months ago
Andreas Coroiu	48fb8b2bfe	[PM-25250] Prevent configuration and access of self hosted urls over http (#17095 ) * feat: ban urls not using https * feat: add exception for dev env * feat: block fetching of insecure URLs * feat: add exception for dev env * feat: block notifications from using insecure URL * fix: bug where submission was possible regardless of error * feat: add exception for dev env * fix: missing constructor param	2 months ago
Daniel James Smith	2dd314e992	[PM-27083] Prevent collection nesting on import into a MyItems-collection (#16937 ) * Prevent collection nesting on import into a my items collection My Items collections do not support nested collections. The import source hierarchy needs to be flattened into the My Items collection * Introduce new types for folder and collection relationship Makes it easier to identify which position is for the cipherIndex and which is for the folder-/collection-index * Fix assignment of ciphers to My items collection * Remove unneeded type cast or assertions * Add clarifying comment --------- Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>	2 months ago
Nick Krantz	326cd40628	cipher.id now defaults to an empty string rather than null/undefined - use bang to transform into a boolean (#17137 )	2 months ago
Jordan Aasen	4a71503875	[PM-27642] - fix mp reprompt issue (#17131 ) * fix mp reprompt issue * fix logic. add more specs * update vault popup autofill spec * update jsdoc	2 months ago
Shane Melton	0d543c7059	[PM-27055] Use undefined instead of null for folder/organization filtering (#17120 )	2 months ago
Alex	fdfcee4bc5	[26908] improve empty state design (#16832 ) * max init * add mp4 and organize code better * fix lint errors * move empty state logic into risk insights component * replace getter logic * sub for org name * checkForVaultItems fix - need to use cipherservice instead of report results from data service * fix all critical issues mentioned by claude bot * resolve empty state logic bug and memory leaks - Handle zero-results case in empty state logic - Add takeUntil cleanup to _setupUserId subscription - Guard console.warn with isDevMode() check * use tuple arrays for benefits to prevent XSS risk Replace pipe-separated strings with typed tuple arrays [string, string][] for benefits data in empty state component. This eliminates potential XSS risk from string splitting, provides compile-time type safety, and improves performance by removing runtime string parsing on every change detection. * fix(dirt): hide empty states during report generation and fix memory leak Add isGeneratingReport$ to combineLatest, update empty state conditions to check !isGenerating, simplify run report logic, and fix memory leak in route.queryParams subscription. Addresses Claude bot feedback on PR #16832 * refactor(dirt): use signals and OnPush in empty state card component Convert @Input() to readonly input signals and add OnPush change detection strategy. Update template to call signals as functions. Fixes ESLint compliance issues. * refactor(dirt): remove unused shouldShowRunReportState variable The shouldShowRunReportState variable was calculated but never used. The template already uses @else for the run report state, making this variable redundant. * refactor(dirt): consolidate duplicate if statements in empty state logic Merge 5 separate if/else blocks checking shouldShowImportDataState into single consolidated block. Move constant benefits assignment outside conditional. Improves readability and reduces duplication. * remove unnecessary getOrganizationName wrapper method * remove duplicate runReport method Remove runReport arrow function and use generateReport consistently. Both methods called dataService.triggerReport(), but generateReport includes an organizationId check for defensive programming.	2 months ago
Alex	2b009778e8	[PM-27284] new applications card real data (#17088 ) * feat(dirt): add newApplications$ observable to orchestrator Add reactive observable that filters applicationData for unreviewed apps (reviewedDate === null). Observable automatically updates when report state changes through the pipeline. - Add newApplications$ observable with distinctUntilChanged - Filters rawReportData$.data.applicationData - Uses shareReplay for multi-subscriber efficiency Related to PM-27284 * feat(dirt): add saveApplicationReviewStatus$ to orchestrator Implement method to save application review status and critical flags. Updates all applications where reviewedDate === null to set current date, and marks selected applications as critical. - Add saveApplicationReviewStatus$() method - Add _updateReviewStatusAndCriticalFlags() helper - Uses existing encryption and API update patterns - Single API call for both review status and critical flags - Follows same pattern as saveCriticalApplications$() Related to PM-27284 * feat(dirt): expose newApplications$ in data service Expose orchestrator's newApplications$ observable and save method through RiskInsightsDataService facade. Maintains clean separation between orchestrator (business logic) and components (UI). - Expose newApplications$ observable - Expose saveApplicationReviewStatus() delegation method - Maintains facade pattern consistency Related to PM-27284 * feat(dirt): make AllActivitiesService reactive to new applications Update AllActivitiesService to subscribe to orchestrator's newApplications$ observable instead of receiving data through summary updates. - Subscribe to dataService.newApplications$ in constructor - Add setNewApplications() helper method - Remove newApplications update from setAllAppsReportSummary() - New applications now update reactively when review status changes Related to PM-27284 * feat(dirt): connect dialog to review status save method Update NewApplicationsDialogComponent to call the data service's saveApplicationReviewStatus method when marking applications as critical. - Inject RiskInsightsDataService - Replace placeholder onMarkAsCritical() with real implementation - Handle success/error cases with appropriate toast notifications - Close dialog on successful save - Show different messages based on whether apps were marked critical Related to PM-27284 * feat(dirt): add i18n strings for application review Add internationalization strings for the new applications review dialog success and error messages. - applicationReviewSaved: Success toast title - applicationsMarkedAsCritical: Success message when apps marked critical - newApplicationsReviewed: Success message when apps reviewed only - errorSavingReviewStatus: Error toast title - pleaseTryAgain: Error toast message Related to PM-27284 * fix(dirt): add subscription cleanup to AllActivitiesService Critical fix for production code quality and memory leak prevention. Adds takeUntil pattern to all subscriptions to comply with ADR-0003 (Observable Data Services) requirements. Subscription Cleanup (ADR-0003 Compliance): - Add takeUntil pattern to AllActivitiesService subscriptions - Add _destroy$ Subject and destroy() method - Prevents memory leaks by properly unsubscribing from observables - Follows Observable Data Services ADR requirements Changes: - Import Subject and takeUntil from rxjs - Add private _destroy$ Subject for cleanup coordination - Apply takeUntil(this._destroy$) to all 3 subscriptions: - enrichedReportData$ subscription - criticalReportResults$ subscription - newApplications$ subscription - Add destroy() method for proper resource cleanup This ensures proper resource cleanup and follows Bitwarden's architectural decision records for observable management. Related to PM-27284 * fix(dirt): replace manual takeUntil with takeUntilDestroyed in AllActivitiesService Fixes critical memory leak by replacing manual subscription cleanup with Angular's automatic DestroyRef-based cleanup pattern. Changes: - Replace `takeUntil(this._destroy$)` with `takeUntilDestroyed()` for all 3 subscriptions - Remove unused `_destroy$` Subject and manual `destroy()` method - Update imports to use `@angular/core/rxjs-interop` Why: - Manual `destroy()` method was never called anywhere in codebase - Subscriptions accumulated without cleanup, causing memory leaks - `takeUntilDestroyed()` uses Angular's DestroyRef for automatic cleanup - Aligns with ADR-0003 and .claude/CLAUDE.md requirements Impact: - Automatic subscription cleanup when service context is destroyed - Prevents memory leaks during hot module reloads and route changes - Reduces code complexity (no manual lifecycle management needed) Related to PM-27284 * refactor(dirt): remove newApplications from OrganizationReportSummary Removes redundant newApplications field from summary type and uses derived newApplications$ observable from orchestrator instead. Changes: - Remove newApplications from OrganizationReportSummary type definition - Remove dummy data array from RiskInsightsReportService.getApplicationsSummary() - Remove newApplications subscription from AllActivitiesService - Update AllActivityComponent to subscribe directly to dataService.newApplications$ Why: - Eliminates data redundancy (stored vs derived) - newApplications$ already computes from applicationData.reviewedDate === null - Single source of truth: applicationData is the source - Simplifies encrypted payload (less data in summary) - Better separation: stored data (counts) vs computed data (lists) Impact: - No functional changes - UI continues to display new applications correctly - Cleaner architecture with computed observable pattern * cleanup * fix(dirt): improve dialog type safety and error logging Addresses critical PR review issues in NewApplicationsDialogComponent: Type Safety: - Replace unsafe type casting `(this as any).dialogRef` with proper DialogRef injection - Inject DialogRef<boolean \| undefined> using Angular's inject() function - Ensures type safety and prevents runtime errors from missing dialogRef Error Handling: - Add LogService to dialog component - Log errors with "[NewApplicationsDialog]" for debugging - Maintain user-facing error toast while adding server-side logging Impact: - Eliminates TypeScript safety bypasses - Improves production debugging capabilities - Follows Angular dependency injection best practices * fixing mock data and test cases for new apps * refactor(dirt): remove newApplications validation from OrganizationReportSummary type guard Removes redundant newApplications field validation from the OrganizationReportSummary type guard and related test cases. Changes: - Remove "newApplications" from allowed keys in isOrganizationReportSummary() - Remove newApplications array validation logic - Remove newApplications validation from validateOrganizationReportSummary() - Remove 2 test cases for newApplications validation - Remove newApplications field from 8 test data objects Rationale: The newApplications field was removed from OrganizationReportSummary type definition because it's derived data that can be calculated from applicationData (filtering where reviewedDate === null). The data is now accessed via the reactive newApplications$ observable instead of being stored redundantly in the summary object. Impact: - No functional changes - UI continues to display new applications via observable - Type guard now correctly validates the actual OrganizationReportSummary structure - Eliminates data redundancy and maintains single source of truth - All 43 tests passing --------- Co-authored-by: Tom <ttalty@bitwarden.com>	2 months ago
Jordan Aasen	1e5c0ac41f	add reprompt. fix logic (#17122 )	2 months ago
rr-bw	d8e5a524d4	style(sso-login): (Auth) [PM-26535] Make SSO Button Primary if `ssoRequired` (#16757 ) When SSO is required: - Make the SSO button primary - Add a tooltip to the disabled buttons When SSO is not required: - SSO button remains secondary - No tooltip on the buttons Feature Flags enabled: pm-22110-disable-alternate-login-methods	2 months ago
renovate[bot]	619354827e	[deps] UI Foundation: Update ngx-toastr to v19.1.0 (#16631 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Bryan Cunningham <bcunningham@bitwarden.com>	2 months ago
Jared Snider	062f5f9bd7	refactor(SsoComponentRename): [Auth/PM-26745] Rename SSO management component to SsoManageComponent (#16893 ) * PM-26745 - SsoComponent renamed to SsoManageComponent * PM-26745 - SsoManageComponent - attempt to make strict ts. * PM-26745 - Make SSO manage meet strict TS requirements	2 months ago
Dmitry Yakimenko	dcf8c1d83b	[PM-25855][PM-24948][PM-24947] Chromium import functionality with application bound encryption on Windows (#16429 ) Adds application bound encryption in order to support chrome imports on windows. --------- Co-authored-by: Daniel James Smith <2670567+djsmith85@users.noreply.github.com> Co-authored-by: adudek-bw <adudek@bitwarden.com> Co-authored-by: Hinton <hinton@users.noreply.github.com> Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>	2 months ago
cyprain-okeke	e41680df41	[PM 26691] [Fix: Remove dollar amount from total section when redeeming free families for enterprise (#16887 ) * Resolve the dollar amount issue * Resolve the non addition of storage amount * Resolve the estimate tax amount * Fix the improper tax calculation * resolv ethe duplicate code * Added changes to apply the discount only for acceptingSponsorship = true	2 months ago
Vijay Oommen	55a6e25c0d	[PM-27291] Preserve critical apps after run-report is selected (#17114 )	2 months ago
Jared Snider	a1570fc8b1	feat(AuthRouteConstants): [Auth/PM-27370] Convert auth routes to use constants (#16980 ) * PM-22663 WIP on auth route constants * PM-22663 - Convert desktop & extension to use constants - first pass * PM-22663 - Further clean up * PM-22663 - catch more missed routes * PM-22663 - add barrel files * PM-22663 - Per PR feedback, add missing as const * PM-22663 - Per PR feedback and TS docs, use same name for const enum like and derived type. Adjusted filenames to be singular. * PM-22663 - Per PR feedback update desktop app routing module since auto rename didn't update it for whatever reason.	2 months ago

1 2 3 4 5 ...

19749 Commits (253a4e573c51d06d32303c21fcd1b7d2ea89d2f2) All Branches Search

19749 Commits (253a4e573c51d06d32303c21fcd1b7d2ea89d2f2)

All Branches