Commit graph

295 commits

Author SHA1 Message Date
Matt Gibson
f79ff3fd63
Encode auth email for unicode email support (#1491) 2021-08-10 11:48:51 -05:00
Matt Gibson
2f2fa8a25b
Feature/use hcaptcha if bot (#1476)
* Add captcha to login models and methods

* Add captcha web auth to login

* Extract captcha to abstract base class

* Add Captcha to register

* Null out captcha token after each successful challenge

* Cancel > close
2021-08-04 14:47:23 -05:00
Georges Varouchas
f44e6ab75f
bugfix in AuthService.LogInSsoAsync (#1474) (#1475)
add missing parameter in call to LogInHelperAsync
2021-07-23 14:36:49 -04:00
Matt Portune
a4db088eda
bugfix for incorrect type and nullable for some org vars (#1465) 2021-07-16 13:57:15 -04:00
Matt Portune
bdf6d764ca
update csv lib and skip link (#1449) 2021-07-02 11:21:36 -04:00
Thomas Rittson
79589b07fc
Use 2 iterations for local password hashing (#1423)
* Add HashPurpose parameter to HashPasswordAsync

* Use 2 iterations for local password hashing

* Force logout if user has old keyHash stored

* Revert "Force logout if user has old keyHash stored"

This reverts commit 497d4928fa.

* Add backwards compatability with existing keyHash
2021-06-15 07:39:34 +10:00
Oscar Hinton
2b8dbde923
Fixes for password reprompt (#1416) 2021-06-10 17:57:18 +02:00
Matt Portune
33791a03ac
track failed unlock attempts in storage (#1421) 2021-06-09 10:03:05 -04:00
Matt Gibson
80a33e98a2
Use type to ensure transmitted data is encrypted (#1422) 2021-06-09 08:45:30 -05:00
Thomas Rittson
fe58dea3e0
Add encKeyValidation string to encrypted exports (#1412) 2021-05-29 06:16:19 +10:00
Kyle Spearrin
569045fcd5
add auth-email header to auth request (#1414) 2021-05-28 14:06:42 -04:00
Oscar Hinton
976eeab6d7
Password reprompt (#1365)
* Make card number hidden

* Add support for password reprompt

* Rename PasswordPrompt to Reprompt

* Protect autofill

* Use Enums.CipherRepromptType

* Fix iOS not building

* Protect iOS autofill

* Update to match jslib

* Fix failing build
2021-05-21 15:13:54 +02:00
Captain Trips
570edb4319
fixes bitwarden/mobile#967 (#1067) 2021-05-17 15:38:21 -04:00
Matt Portune
946831b37e
version bumps (#1399) 2021-05-13 15:21:24 -04:00
Matt Portune
2f6e1ff477
lib updates (#1381)
* lib updates

* included csv and biometric lib
2021-05-13 14:15:26 -04:00
Matt Gibson
a3b4ede8f3
Use CipherByteArray to signify encrypted byte[] (#1366)
* Use CipherByteArray to signify encrypted  byte[]

* Rename CipherString and CipherByteArray to EncString and EncByteArray
2021-04-21 15:27:14 -05:00
Thomas Rittson
3b2b37b3b0
Use UserService to manage emailVerified (#1367) 2021-04-15 14:54:58 +10:00
Matt Gibson
75e27ffbe3
Move renew endpoint to fix overlapping endpoint issue (#1362) 2021-04-12 09:45:17 -05:00
Matt Gibson
ce0b8bc62d
Attachment azure upload blobs (#1345)
* Update Size limits

* Add new Api paths for direct upload of Cipher Attachments

* Add Attachment upload to fileUploadService

* Save with direct upload and fallback to legacy uplaod

CipherID is required for direct upload to request an upload URL

* Inform on when to remove legacy code

* Test Attachment upload
2021-03-30 18:42:43 -05:00
Thomas Rittson
04aeddc5de
Hide email address in Sends (#1340)
* Add HideEmail model properties and locale strings

* Fix UI strings

* Add HideEmail to SendService

* Add HideEmail option to UI

* Tidy up declarations

* Add Bitwarden Send translation warning
2021-03-29 12:01:42 -04:00
Matt Gibson
13ffbe911a
Send azure upload (#1334)
* Add direct upload api endpoints

* Create azure upload service

* Update max file size

* Update send file upload test

* Move internationalization string to correct document

* Allow for one shot blob uploads

* Remove unused helper

* Use FileUploadService

Fallback to legacy method on old server implementations.
2021-03-29 09:45:04 -05:00
Matt Portune
654d71cbbc
use hardcoded kdfiterations for send passwords (#1315) 2021-03-13 12:40:41 -05:00
Matt Gibson
2c13cef17c
Send file model changes (#1293)
* Remove Url from SendFile.
Add file length hit to SendRequest

* Populate SendRequest file length
2021-03-02 10:09:26 -06:00
Matt Portune
3799eb4603
Support for Disable Send policy (#1271)
* add support for disable send policy

* cleanup

* show/hide options support for send search results

* additional failsafes and copy function consolidation

* added missing disabled send icon to android renderer

* async fix and string updates
2021-02-18 16:58:20 -05:00
Matt Portune
a18e59a28a
Send feature for mobile (#1256)
* Send feature for mobile

* added fallback for KdfIterations

* additional property exclusions for tests

* support encryptedFileData as byte array comparison in SendServiceTests

* formatting

* requested changes

* additional changes

* change position of send service registration to match declaration order
2021-02-10 19:50:10 -05:00
Matt Gibson
8d5614cd7b
Port send jslib to mobile (#1219)
* Expand Hkdf crypto functions

* Add tests for hkdf crypto functions

Took the testing infrastructure from bitwarden/server

* Move Hkdf to cryptoFunctionService

* Port changes from bitwarden/jslib#192

* Port changes from bitwarden/jslib#205

* Make Send Expiration Optional implement changes from bitwarden/jslib#242

* Bug fixes found by testing

* Test helpers

* Test conversion between model types

* Test SendService

These are mostly happy-path tests to ensure a reasonably correct
implementation

* Add run tests step to GitHub Actions

* Test send decryption

* Test Request generation from Send

* Constructor dependencies on separate lines

* Remove unused testing infrastructure

* Rename to match class name

* Move fat arrows to previous lines

* Handle exceptions in App layer

* PR review cleanups

* Throw when attempting to save an unkown Send Type

I think it's best to only throw on unknown send types here.
I don't think we want to throw whenever we encounter one since that would
do bad things like lock up Sync if clients get out of date relative to
servers. Instead, keep the client from ruining saved data by complaining
last minute that it doesn't know what it's doing.
2021-01-25 14:27:38 -06:00
Addison Beck
c4823f1c37
null checked all the permissions (#1227) 2021-01-19 17:45:12 -05:00
Matt Portune
56935a7210
restore vault timeout timer for Android (#1220) 2021-01-15 14:04:07 -05:00
Addison Beck
cdc08e7e8a
Implemented Custom role and permissions (#1189)
* Implemented Custom role and permissions

* changed permissions to permissions model

* added a semicolon
2021-01-13 14:31:27 -05:00
Matt Gibson
ca7794e6f2
Update revision date from server on restore (#1211) 2021-01-08 08:53:45 -06:00
Matt Gibson
bd3fdcab26
Do not export items that have been deleted (#1200) 2020-12-29 11:38:12 -06:00
Matt Gibson
e0191c573d
Add encrypted hint json property (#1184) 2020-12-18 16:17:04 -06:00
Matt Portune
ef4b53b337
Workaround for lack of shared DB support (#1182)
* workaround for lack of shared DB support

* dispose db in finally
2020-12-16 16:37:26 -05:00
Matt Portune
acf2e4360f
Use monotonic clock for vault timeout (#1175)
* Use monotonic clock for vault timeout

* free memory

* removed vault timeout timers and added crash logging to iOS clock hack
2020-12-14 15:29:30 -05:00
Matt Gibson
3227daddaf
Enable Encrypted json export of vaults (#1174)
* Enable Encrypted json export of vaults

* Match jslib export of non-org ciphers

* Clean up export

* Update src/App/Pages/Settings/ExportVaultPage.xaml.cs

Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>

Co-authored-by: Matt Gibson <mdgibson@Matts-MBP.lan>
Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
2020-12-14 11:56:13 -06:00
Vincent Salucci
6e40b7f25b
[Policy] Personal Ownership (#1166)
* Initial commit of personal ownership policy

* Updated logic for returning from allowing cipher creation from notification

* fixed small edge case when user in one org // adjusted error message to match all platforms

* Removed test code
2020-12-14 08:46:54 -06:00
Matt Portune
dcfdc7d0ea
make kdfIterations nullable (#1169) 2020-12-08 10:54:58 -05:00
Matt Portune
ffd8f9951f
Fix for missing biometric integrity check in iOS extensions under certain conditions (#1162)
* Fix for biometric check in extension on fresh install

* make sure bio integrity values are written to pref storage

* integrity state migration to pref storage

* remove automatic state saving upon null validation
2020-12-01 15:30:23 -05:00
Matt Gibson
e27370cf32
Include revision date in cipher requests (#1152)
Co-authored-by: Matt Gibson <mdgibson@Matts-MBP.lan>
2020-11-23 14:41:43 -06:00
Matt Portune
c71deb5051
Enhanced autofill settings (#1150)
* enhanced autofill settings

* cleanup
2020-11-17 09:37:57 -05:00
Vincent Salucci
26d5504a2f
Added New policy types (only org & require sso) (#1122) 2020-10-19 11:48:42 -05:00
Vincent Salucci
e72ccaf440
Initial commit for new user provision flow (#1091) 2020-10-13 15:01:14 -05:00
Matt Portune
0b7e07ebab
clear cipher cache when replacing ios autofill identities (#1112)
* clear cipher cache when replacing ios autofill identities

* changed to be service-centric

* support for multiple cache keys

* async suffix

* added cache keys for android
2020-10-13 15:39:36 -04:00
Matt Portune
37e19d9a60
Support for storing multiple biometric integrity states for iOS (#1110)
* support for storing multiple biometric integrity states for iOS

* remove unused var & save new extension bio state upon password validation
2020-10-07 12:18:36 -04:00
Matt Portune
2ddf624f7d
fix for sso login when bio unlock already enabled (#1086) 2020-09-23 09:02:20 -04:00
Kyle Spearrin
db12cd92b7
check authed before checking if token has premium (#1074) 2020-09-18 15:07:32 -04:00
Matt Portune
f1419a75f6
Added SSO flows and functionality (#1047)
* SSO login flow for pre-existing user and no 2FA

* 2FA progress

* 2FA support

* Added SSO flows and functionality

* Handle webauthenticator cancellation gracefully

* updates & bugfixes

* Added state validation to web auth response handling

* SSO auth, account registration, and environment settings support for iOS extensions

* Added SSO prevalidation to auth process

* prevalidation now hitting identity service base url

* additional error handling

* Requested changes

* fixed case
2020-09-03 12:30:40 -04:00
Kyle Spearrin
29e443ed76
base64 url encode/decode heleprs (#1038) 2020-08-14 10:08:50 -04:00
Oscar Hinton
ae28de4159
Invalidate biometric on change (#1026)
* Initial working version for Android

* Add a fallback for when upgrading from older app version.

* Ensure biometric validity is re-checked on focus

* Only setup biometric integrity key if biometric is turned on.

* Fix styling according to comments

* Fallback for Android 5.

* Improve comment

* Add boilerplate for iOS

* Change BiometricService to public

* Untested iOS implementation.

* Convert IBiometricService to async. Fix code style for iOS.

* Base64 NSData.

* Review comments for Android BiometricService.

* Rename methods in BiometricService to append Async

* Ensure we wait for async SetupBiometricAsync.

* Update BiometricService.cs

Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
2020-08-08 21:33:49 -04:00
aaxdev
3b4ef4d238
Feature sync on refresh (#937)
* Added new option: Sync on refresh

* Removed unused field

* Fixed refreshing on disappearing & unnecessary codes removed

* Requested changes

* Calling storage service instead of a dedicated service function (mobile-specific)
2020-08-05 13:19:27 -04:00