* [AC-1070] Add EnforceOnLogin property to MasterPasswordPolicyOptions
* [AC-1070] Add MasterPasswordPolicy property to Identity responses
* [AC-1070] Add policy service dependency to auth service
* [AC-1070] Introduce logic to evaluate master password after successful login
* [AC-1070] Add optional ForcePasswordResetReason to profile / state service
* [AC-1070] Save ForcePasswordResetReason to state when a weak master password is found during login
- Additionally, save the AdminForcePasswordReset reason if the identity result indicates an admin password reset is in effect.
* [AC-1070] Check for a saved ForcePasswordReset reason on TabsPage load force show the update password page
* [AC-1070] Make InitAsync virtual
Allow the UpdateTempPasswordPage to override the InitAsync method to check for a reset password reason in the state service
* [AC-1070] Modify UpdateTempPassword page appearance
- Load the force password reset reason from the state service
- Make warning text dynamic based on force password reason
- Conditionally show the Current master password field if updating a weak master password
* [AC-1070] Add update password method to Api service
* [AC-1070] Introduce logic to update both temp and regular passwords
- Check the Reason to use the appropriate request/endpoint when submitting.
- Verify the users current password locally using the user verification service.
* [AC-1070] Introduce VerifyMasterPasswordResponse
* [AC-1070] Add logic to evaluate master password on unlock
* [AC-1070] Add support 2FA login flow
Keep track of the reset password reason after a password login requires 2FA. During 2FA submission, check if there is a saved reason, and if so, force the user to update their password.
* [AC-1070] Formatting
* [AC-1070] Remove string key from service resolution
* [AC-1070] Change master password options to method variable to avoid class field
Add null check for password strength result and log an error as this is an unexpected flow
* [AC-1070] Remove usage of i18nService
* [AC-1070] Use AsyncCommand for SubmitCommand
* [AC-1070] Remove type from ShowToast call
* [AC-1070] Simplify UpdatePassword methods to accept string for the new encryption key
* [AC-1070] Use full text for key for the CurrentMasterPassword resource
* [AC-1070] Convert Reason to a private class field
* [AC-1070] Formatting changes
* [AC-1070] Simplify if statements in master password options policy service method
* [AC-1070] Use the saved force password reset reason after 2FA login
* [AC-1070] Use constant for ForceUpdatePassword message command
* [AC-1070] Move shared RequirePasswordChangeOnLogin method into PolicyService
* Revert "[AC-1070] Move shared RequirePasswordChangeOnLogin method into PolicyService"
This reverts commit e4feac130f.
* [AC-1070] Add check for null password strength response
* [AC-1070] Fix broken show password icon
* [AC-1070] Add show password icon for current master password
* [SG-912] Modify the mobile app to retrieve the user's avatar color (#2277)
* work: baseline
* fix: dont use profile for store
* fiix: use userid in key
* fix: lookup on AccountView list create
* fix my own bad advice + tweaks
* Autosync the updated translations (#2279)
* fix my own bad advice + tweaks
* fiix: use userid in key
* [PS-1352] Fix ignore diacritics in search (#2044)
* Fix ignore diacritics in search
This change updates the search function to ignore diacritical marks in search results. Marks are stripped from both the search input and results.
* Removed logs, added null or whitespace validation and improved formatting
* [PS-2145] add rainsee browser series support (#2272)
* fix: lookup on AccountView list create
* Autosync the updated translations (#2279)
* fix my own bad advice + tweaks
* fix: single state grab is cool
* EC-469 Improve ApiException message to have the validation errors and message provided by the ErrorResponse
* EC-469 Updated default message format for ErrorResponse GetFullMessage()
* [SG-816] Get all login requests anfd pick the most recent
* [SG-816] Add check if active user has approve login with device active
* [SG-816] Build fix. Fix response model.
* [SG-816] Move code to sync service
* [SG-471] Passwordless device login screen (#2017)
* [SSG-471] Added UI for the device login request response.
* [SG-471] Added text resources and arguments to Page.
* [SG-471] Added properties to speed up page bindings
* [SG-471] Added mock services. Added Accept/reject command binding, navigation and toast messages.
* [SG-471] fixed code styling with dotnet-format
* [SG-471] Fixed back button placement. PR fixes.
* [SG-471] Added new Origin parameter to the page.
* [SG-471] PR Fixes
* [SG-471] PR fixes
* [SG-471] PR Fix: added FireAndForget.
* [SG-471] Moved fire and forget to run on ui thread task.
* [SG-381] Passwordless - Add setting to Mobile (#2037)
* [SG-381] Added settings option to approve passwordless login request. If user has notifications disabled, prompt to go to settings and enable them.
* [SG-381] Update settings pop up texts.
* [SG-381] Added new method to get notifications state on device settings. Added userId to property saved on device to differentiate value between users.
* [SG-381] Added text for the popup on selection.
* [SG-381] PR Fixes
* [SG-408] Implement passwordless api methods (#2055)
* [SG-408] Update notification model.
* [SG-408] removed duplicated resource
* [SG-408] Added implementation to Api Service of new passwordless methods.
* removed qa endpoints
* [SG-408] Changed auth methods implementation, added method call to viewmodel.
* [SG-408] ran code format
* [SG-408] PR fixes
* [SG-472] Add configuration for new notification type (#2056)
* [SG-472] Added methods to present local notification to the user. Configured new notification type for passwordless logins
* [SG-472] Updated code to new api service changes.
* [SG-472] ran dotnet format
* [SG-472] PR Fixes.
* [SG-472] PR Fixes
* [SG-169] End-to-end testing refactor. (#2073)
* [SG-169] Passwordless demo change requests (#2079)
* [SG-169] End-to-end testing refactor.
* [SG-169] Fixed labels. Changed color of Fingerprint phrase. Waited for app to be in foreground to launch passwordless modal to fix Android issues.
* [SG-169] Anchored buttons to the bottom of the screen.
* [SG-169] Changed device type from enum to string.
* [SG-169] PR fixes
* [SG-169] PR fixes
* [SG-169] Added comment on static variable
* initial commit
- add UsesKeyConnector to UserService
- add models
- begin work on authentication
* finish auth workflow for key connector sso login
- finish api call for get user key
- start api calls for posts to key connector
* Bypass lock page if already unlocked
* Move logic to KeyConnectorService, log out if no pin or biometric is set
* Disable password reprompt when using key connector
* hide password reprompt checkbox when editing or adding cipher
* add PostUserKey and PostSetKeyConnector calls
* add ConvertMasterPasswordPage
* add functionality to RemoveMasterPasswordPage
- rename Convert to Remove
* Hide Change Master Password button if using key connector
* Add OTP verification for export component
* Update src/App/Pages/Vault/AddEditPage.xaml.cs
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* remove toolbar item "close"
* Update src/Core/Models/Request/KeyConnectorUserKeyRequest.cs
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* remove new line in resource string
- format warning as two labels
- set label in code behind for loading simultaneously
* implement GetAndSetKey in KeyConnectorService
- ignore EnvironmentService call
* remove unnecesary orgIdentifier
* move RemoveMasterPasswordPage call to LockPage
* add spacing to export vault page
* log out if no PIN or bio on lock page with key connector
* Delete excessive whitespace
* Delete excessive whitespace
* Change capitalisation of OTP
* add default value to models for backwards compatibility
* remove this keyword
* actually handle exceptions
* move RemoveMasterPasswordPage to TabPage using messaging service
* add minor improvements
* remove 'this.'
Co-authored-by: Hinton <oscar@oscarhinton.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* [Reset Password v1] Update Temp Password
* fixed order of operations for reset temp password flow
* Refactored bool with auth result
* Finished removal of temp password flow from set password
* iOS extension support plus extension bugfixes
Co-authored-by: addison <addisonbeck1@gmail.com>
Co-authored-by: Matt Portune <mportune@bitwarden.com>
* Add captcha to login models and methods
* Add captcha web auth to login
* Extract captcha to abstract base class
* Add Captcha to register
* Null out captcha token after each successful challenge
* Cancel > close
* Make card number hidden
* Add support for password reprompt
* Rename PasswordPrompt to Reprompt
* Protect autofill
* Use Enums.CipherRepromptType
* Fix iOS not building
* Protect iOS autofill
* Update to match jslib
* Fix failing build
* Update Size limits
* Add new Api paths for direct upload of Cipher Attachments
* Add Attachment upload to fileUploadService
* Save with direct upload and fallback to legacy uplaod
CipherID is required for direct upload to request an upload URL
* Inform on when to remove legacy code
* Test Attachment upload
* Add direct upload api endpoints
* Create azure upload service
* Update max file size
* Update send file upload test
* Move internationalization string to correct document
* Allow for one shot blob uploads
* Remove unused helper
* Use FileUploadService
Fallback to legacy method on old server implementations.
* Send feature for mobile
* added fallback for KdfIterations
* additional property exclusions for tests
* support encryptedFileData as byte array comparison in SendServiceTests
* formatting
* requested changes
* additional changes
* change position of send service registration to match declaration order
* Expand Hkdf crypto functions
* Add tests for hkdf crypto functions
Took the testing infrastructure from bitwarden/server
* Move Hkdf to cryptoFunctionService
* Port changes from bitwarden/jslib#192
* Port changes from bitwarden/jslib#205
* Make Send Expiration Optional implement changes from bitwarden/jslib#242
* Bug fixes found by testing
* Test helpers
* Test conversion between model types
* Test SendService
These are mostly happy-path tests to ensure a reasonably correct
implementation
* Add run tests step to GitHub Actions
* Test send decryption
* Test Request generation from Send
* Constructor dependencies on separate lines
* Remove unused testing infrastructure
* Rename to match class name
* Move fat arrows to previous lines
* Handle exceptions in App layer
* PR review cleanups
* Throw when attempting to save an unkown Send Type
I think it's best to only throw on unknown send types here.
I don't think we want to throw whenever we encounter one since that would
do bad things like lock up Sync if clients get out of date relative to
servers. Instead, keep the client from ruining saved data by complaining
last minute that it doesn't know what it's doing.
* Initial commit of personal ownership policy
* Updated logic for returning from allowing cipher creation from notification
* fixed small edge case when user in one org // adjusted error message to match all platforms
* Removed test code
* SSO login flow for pre-existing user and no 2FA
* 2FA progress
* 2FA support
* Added SSO flows and functionality
* Handle webauthenticator cancellation gracefully
* updates & bugfixes
* Added state validation to web auth response handling
* SSO auth, account registration, and environment settings support for iOS extensions
* Added SSO prevalidation to auth process
* prevalidation now hitting identity service base url
* additional error handling
* Requested changes
* fixed case
