@bitwarden/cli 1.19.1 → 1.20.0

package/build/bw.js

@@ -239,7 +239,7 @@ module.exports = require("url");
 /* 25 */
 /***/ (function(module) {
 
-module.exports = JSON.parse("{\"name\":\"@bitwarden/cli\",\"description\":\"A secure and free password manager for all of your devices.\",\"version\":\"1.19.1\",\"keywords\":[\"bitwarden\",\"password\",\"vault\",\"password manager\",\"cli\"],\"author\":\"Bitwarden Inc. <hello@bitwarden.com> (https://bitwarden.com)\",\"homepage\":\"https://bitwarden.com\",\"repository\":{\"type\":\"git\",\"url\":\"https://github.com/bitwarden/cli\"},\"license\":\"GPL-3.0-only\",\"scripts\":{\"sub:init\":\"git submodule update --init --recursive\",\"sub:update\":\"git submodule update --remote\",\"sub:pull\":\"git submodule foreach git pull origin master\",\"clean\":\"rimraf dist/**/*\",\"symlink:win\":\"rmdir /S /Q ./jslib && cmd /c mklink /J .\\\\jslib ..\\\\jslib\",\"symlink:mac\":\"npm run symlink:lin\",\"symlink:lin\":\"rm -rf ./jslib && ln -s ../jslib ./jslib\",\"build\":\"webpack\",\"build:debug\":\"npm run build && node --inspect ./build/bw.js\",\"build:watch\":\"webpack --watch\",\"build:prod\":\"cross-env NODE_ENV=production webpack\",\"build:prod:watch\":\"cross-env NODE_ENV=production webpack --watch\",\"package\":\"npm run package:win && npm run package:mac && npm run package:lin\",\"package:win\":\"pkg . --targets win-x64 --output ./dist/windows/bw.exe --build\",\"package:mac\":\"pkg . --targets macos-x64 --output ./dist/macos/bw\",\"package:lin\":\"pkg . --targets linux-x64 --output ./dist/linux/bw\",\"debug\":\"node --inspect ./build/bw.js\",\"dist\":\"npm run build:prod && npm run clean && npm run package\",\"dist:win\":\"npm run build:prod && npm run clean && npm run package:win\",\"dist:mac\":\"npm run build:prod && npm run clean && npm run package:mac\",\"dist:lin\":\"npm run build:prod && npm run clean && npm run package:lin\",\"publish:npm\":\"npm run build:prod && npm publish --access public\",\"lint\":\"tslint 'src/**/*.ts' 'spec/**/*.ts' || true\",\"lint:fix\":\"tslint 'src/**/*.ts' 'spec/**/*.ts' --fix\"},\"bin\":{\"bw\":\"build/bw.js\"},\"pkg\":{\"assets\":\"./build/**/*\"},\"devDependencies\":{\"@types/inquirer\":\"^7.3.1\",\"@types/jsdom\":\"^16.2.10\",\"@types/lowdb\":\"^1.0.10\",\"@types/lunr\":\"^2.3.3\",\"@types/node\":\"^14.17.1\",\"@types/node-fetch\":\"^2.5.10\",\"@types/node-forge\":\"^0.9.7\",\"@types/papaparse\":\"^5.2.5\",\"@types/tldjs\":\"^2.3.0\",\"@types/zxcvbn\":\"^4.4.1\",\"clean-webpack-plugin\":\"^3.0.0\",\"copy-webpack-plugin\":\"^6.4.0\",\"cross-env\":\"^7.0.3\",\"pkg\":\"^5.1.0\",\"ts-loader\":\"^8.2.0\",\"tsconfig-paths-webpack-plugin\":\"^3.5.1\",\"tslint\":\"^6.1.3\",\"tslint-loader\":\"^3.5.4\",\"typescript\":\"4.1.5\",\"webpack\":\"^4.46.0\",\"webpack-cli\":\"^4.7.0\",\"webpack-node-externals\":\"^3.0.0\"},\"dependencies\":{\"big-integer\":\"1.6.48\",\"browser-hrtime\":\"^1.1.8\",\"chalk\":\"^4.1.1\",\"commander\":\"7.2.0\",\"form-data\":\"4.0.0\",\"https-proxy-agent\":\"5.0.0\",\"inquirer\":\"8.0.0\",\"jsdom\":\"^16.5.3\",\"lowdb\":\"1.0.0\",\"lunr\":\"^2.3.9\",\"node-fetch\":\"^2.6.1\",\"node-forge\":\"0.10.0\",\"open\":\"^8.0.8\",\"papaparse\":\"^5.3.0\",\"rxjs\":\"6.6.7\",\"tldjs\":\"^2.3.1\",\"zxcvbn\":\"^4.4.2\"},\"engines\":{\"node\":\"~14\",\"npm\":\"~7\"}}");
+module.exports = JSON.parse("{\"name\":\"@bitwarden/cli\",\"description\":\"A secure and free password manager for all of your devices.\",\"version\":\"1.20.0\",\"keywords\":[\"bitwarden\",\"password\",\"vault\",\"password manager\",\"cli\"],\"author\":\"Bitwarden Inc. <hello@bitwarden.com> (https://bitwarden.com)\",\"homepage\":\"https://bitwarden.com\",\"repository\":{\"type\":\"git\",\"url\":\"https://github.com/bitwarden/cli\"},\"license\":\"GPL-3.0-only\",\"scripts\":{\"sub:init\":\"git submodule update --init --recursive\",\"sub:update\":\"git submodule update --remote\",\"sub:pull\":\"git submodule foreach git pull origin master\",\"clean\":\"rimraf dist/**/*\",\"symlink:win\":\"rmdir /S /Q ./jslib && cmd /c mklink /J .\\\\jslib ..\\\\jslib\",\"symlink:mac\":\"npm run symlink:lin\",\"symlink:lin\":\"rm -rf ./jslib && ln -s ../jslib ./jslib\",\"build\":\"webpack\",\"build:debug\":\"npm run build && node --inspect ./build/bw.js\",\"build:watch\":\"webpack --watch\",\"build:prod\":\"cross-env NODE_ENV=production webpack\",\"build:prod:watch\":\"cross-env NODE_ENV=production webpack --watch\",\"package\":\"npm run package:win && npm run package:mac && npm run package:lin\",\"package:win\":\"pkg . --targets win-x64 --output ./dist/windows/bw.exe --build\",\"package:mac\":\"pkg . --targets macos-x64 --output ./dist/macos/bw\",\"package:lin\":\"pkg . --targets linux-x64 --output ./dist/linux/bw\",\"debug\":\"node --inspect ./build/bw.js\",\"dist\":\"npm run build:prod && npm run clean && npm run package\",\"dist:win\":\"npm run build:prod && npm run clean && npm run package:win\",\"dist:mac\":\"npm run build:prod && npm run clean && npm run package:mac\",\"dist:lin\":\"npm run build:prod && npm run clean && npm run package:lin\",\"publish:npm\":\"npm run build:prod && npm publish --access public\",\"lint\":\"tslint 'src/**/*.ts' 'spec/**/*.ts'\",\"lint:fix\":\"tslint 'src/**/*.ts' 'spec/**/*.ts' --fix\"},\"bin\":{\"bw\":\"build/bw.js\"},\"pkg\":{\"assets\":\"./build/**/*\"},\"devDependencies\":{\"@types/inquirer\":\"^7.3.1\",\"@types/jsdom\":\"^16.2.10\",\"@types/lowdb\":\"^1.0.10\",\"@types/lunr\":\"^2.3.3\",\"@types/node\":\"^14.17.1\",\"@types/node-fetch\":\"^2.5.10\",\"@types/node-forge\":\"^0.9.7\",\"@types/papaparse\":\"^5.2.5\",\"@types/tldjs\":\"^2.3.0\",\"@types/zxcvbn\":\"^4.4.1\",\"clean-webpack-plugin\":\"^3.0.0\",\"copy-webpack-plugin\":\"^6.4.0\",\"cross-env\":\"^7.0.3\",\"pkg\":\"^5.1.0\",\"ts-loader\":\"^8.2.0\",\"tsconfig-paths-webpack-plugin\":\"^3.5.1\",\"tslint\":\"^6.1.3\",\"tslint-loader\":\"^3.5.4\",\"typescript\":\"4.1.5\",\"webpack\":\"^4.46.0\",\"webpack-cli\":\"^4.7.0\",\"webpack-node-externals\":\"^3.0.0\"},\"dependencies\":{\"big-integer\":\"1.6.48\",\"browser-hrtime\":\"^1.1.8\",\"chalk\":\"^4.1.1\",\"commander\":\"7.2.0\",\"form-data\":\"4.0.0\",\"https-proxy-agent\":\"5.0.0\",\"inquirer\":\"8.0.0\",\"jsdom\":\"^16.5.3\",\"lowdb\":\"1.0.0\",\"lunr\":\"^2.3.9\",\"node-fetch\":\"^2.6.1\",\"node-forge\":\"0.10.0\",\"open\":\"^8.0.8\",\"papaparse\":\"^5.3.0\",\"rxjs\":\"6.6.7\",\"tldjs\":\"^2.3.1\",\"zxcvbn\":\"^4.4.2\"},\"engines\":{\"node\":\"~14\",\"npm\":\"~7\"}}");
 
 /***/ }),
 /* 26 */
@@ -304,6 +304,17 @@ class AuthResult {
     }
 }
 
+// CONCATENATED MODULE: ./jslib/common/src/models/request/account/setKeyConnectorKeyRequest.ts
+class SetKeyConnectorKeyRequest {
+    constructor(key, kdf, kdfIterations, orgIdentifier, keys) {
+        this.key = key;
+        this.kdf = kdf;
+        this.kdfIterations = kdfIterations;
+        this.orgIdentifier = orgIdentifier;
+        this.keys = keys;
+    }
+}
+
 // CONCATENATED MODULE: ./jslib/common/src/models/request/deviceRequest.ts
 class DeviceRequest {
     constructor(appId, platformUtilsService) {
@@ -314,6 +325,13 @@ class DeviceRequest {
     }
 }
 
+// CONCATENATED MODULE: ./jslib/common/src/models/request/keyConnectorUserKeyRequest.ts
+class KeyConnectorUserKeyRequest {
+    constructor(key) {
+        this.key = key;
+    }
+}
+
 // CONCATENATED MODULE: ./jslib/common/src/models/request/keysRequest.ts
 class KeysRequest {
     constructor(publicKey, encryptedPrivateKey) {
@@ -523,7 +541,8 @@ class utils_Utils {
             return null;
         }
         let httpUrl = uriString.startsWith('http://') || uriString.startsWith('https://');
-        if (!httpUrl && uriString.indexOf('://') < 0 && utils_Utils.tldEndingRegex.test(uriString)) {
+        if (!httpUrl && uriString.indexOf('://') < 0 && utils_Utils.tldEndingRegex.test(uriString) &&
+            uriString.indexOf('@') < 0) {
             uriString = 'http://' + uriString;
             httpUrl = true;
         }
@@ -540,7 +559,9 @@ class utils_Utils {
                 const urlDomain = external_tldjs_ != null && external_tldjs_["getDomain"] != null ? external_tldjs_["getDomain"](url.hostname) : null;
                 return urlDomain != null ? urlDomain : url.hostname;
             }
-            catch (e) { }
+            catch (e) {
+                // Invalid domain, try another approach below.
+            }
         }
         try {
             const domain = external_tldjs_ != null && external_tldjs_["getDomain"] != null ? external_tldjs_["getDomain"](uriString) : null;
@@ -655,7 +676,9 @@ class utils_Utils {
                 return anchor;
             }
         }
-        catch (e) { }
+        catch (e) {
+            // Ignore error
+        }
         return null;
     }
 }
@@ -759,6 +782,9 @@ var __awaiter = (undefined && undefined.__awaiter) || function (thisArg, _argume
 
 
 
+
+
+
 const TwoFactorProviders = {
     [TwoFactorProviderType.Authenticator]: {
         type: TwoFactorProviderType.Authenticator,
@@ -810,7 +836,7 @@ const TwoFactorProviders = {
     },
 };
 class auth_service_AuthService {
-    constructor(cryptoService, apiService, userService, tokenService, appIdService, i18nService, platformUtilsService, messagingService, vaultTimeoutService, logService, setCryptoKeys = true) {
+    constructor(cryptoService, apiService, userService, tokenService, appIdService, i18nService, platformUtilsService, messagingService, vaultTimeoutService, logService, cryptoFunctionService, environmentService, keyConnectorService, setCryptoKeys = true) {
         this.cryptoService = cryptoService;
         this.apiService = apiService;
         this.userService = userService;
@@ -821,6 +847,9 @@ class auth_service_AuthService {
         this.messagingService = messagingService;
         this.vaultTimeoutService = vaultTimeoutService;
         this.logService = logService;
+        this.cryptoFunctionService = cryptoFunctionService;
+        this.environmentService = environmentService;
+        this.keyConnectorService = keyConnectorService;
         this.setCryptoKeys = setCryptoKeys;
         this.selectedTwoFactorProviderType = null;
     }
@@ -846,24 +875,24 @@ class auth_service_AuthService {
             const key = yield this.makePreloginKey(masterPassword, email);
             const hashedPassword = yield this.cryptoService.hashPassword(masterPassword, key);
             const localHashedPassword = yield this.cryptoService.hashPassword(masterPassword, key, HashPurpose.LocalAuthorization);
-            return yield this.logInHelper(email, hashedPassword, localHashedPassword, null, null, null, null, null, key, null, null, null, captchaToken);
+            return yield this.logInHelper(email, hashedPassword, localHashedPassword, null, null, null, null, null, key, null, null, null, captchaToken, null);
         });
     }
-    logInSso(code, codeVerifier, redirectUrl) {
+    logInSso(code, codeVerifier, redirectUrl, orgId) {
         return __awaiter(this, void 0, void 0, function* () {
             this.selectedTwoFactorProviderType = null;
-            return yield this.logInHelper(null, null, null, code, codeVerifier, redirectUrl, null, null, null, null, null, null);
+            return yield this.logInHelper(null, null, null, code, codeVerifier, redirectUrl, null, null, null, null, null, null, null, orgId);
         });
     }
     logInApiKey(clientId, clientSecret) {
         return __awaiter(this, void 0, void 0, function* () {
             this.selectedTwoFactorProviderType = null;
-            return yield this.logInHelper(null, null, null, null, null, null, clientId, clientSecret, null, null, null, null);
+            return yield this.logInHelper(null, null, null, null, null, null, clientId, clientSecret, null, null, null, null, null, null);
         });
     }
     logInTwoFactor(twoFactorProvider, twoFactorToken, remember) {
         return __awaiter(this, void 0, void 0, function* () {
-            return yield this.logInHelper(this.email, this.masterPasswordHash, this.localMasterPasswordHash, this.code, this.codeVerifier, this.ssoRedirectUrl, this.clientId, this.clientSecret, this.key, twoFactorProvider, twoFactorToken, remember, this.captchaToken);
+            return yield this.logInHelper(this.email, this.masterPasswordHash, this.localMasterPasswordHash, this.code, this.codeVerifier, this.ssoRedirectUrl, this.clientId, this.clientSecret, this.key, twoFactorProvider, twoFactorToken, remember, this.captchaToken, null);
         });
     }
     logInComplete(email, masterPassword, twoFactorProvider, twoFactorToken, remember, captchaToken) {
@@ -872,19 +901,19 @@ class auth_service_AuthService {
             const key = yield this.makePreloginKey(masterPassword, email);
             const hashedPassword = yield this.cryptoService.hashPassword(masterPassword, key);
             const localHashedPassword = yield this.cryptoService.hashPassword(masterPassword, key, HashPurpose.LocalAuthorization);
-            return yield this.logInHelper(email, hashedPassword, localHashedPassword, null, null, null, null, null, key, twoFactorProvider, twoFactorToken, remember, captchaToken);
+            return yield this.logInHelper(email, hashedPassword, localHashedPassword, null, null, null, null, null, key, twoFactorProvider, twoFactorToken, remember, captchaToken, null);
         });
     }
     logInSsoComplete(code, codeVerifier, redirectUrl, twoFactorProvider, twoFactorToken, remember) {
         return __awaiter(this, void 0, void 0, function* () {
             this.selectedTwoFactorProviderType = null;
-            return yield this.logInHelper(null, null, null, code, codeVerifier, redirectUrl, null, null, null, twoFactorProvider, twoFactorToken, remember);
+            return yield this.logInHelper(null, null, null, code, codeVerifier, redirectUrl, null, null, null, twoFactorProvider, twoFactorToken, remember, null, null);
         });
     }
     logInApiKeyComplete(clientId, clientSecret, twoFactorProvider, twoFactorToken, remember) {
         return __awaiter(this, void 0, void 0, function* () {
             this.selectedTwoFactorProviderType = null;
-            return yield this.logInHelper(null, null, null, null, null, null, clientId, clientSecret, null, twoFactorProvider, twoFactorToken, remember);
+            return yield this.logInHelper(null, null, null, null, null, null, clientId, clientSecret, null, twoFactorProvider, twoFactorToken, remember, null, null);
         });
     }
     logOut(callback) {
@@ -968,7 +997,7 @@ class auth_service_AuthService {
     authingWithPassword() {
         return this.email != null && this.masterPasswordHash != null;
     }
-    logInHelper(email, hashedPassword, localHashedPassword, code, codeVerifier, redirectUrl, clientId, clientSecret, key, twoFactorProvider, twoFactorToken, remember, captchaToken) {
+    logInHelper(email, hashedPassword, localHashedPassword, code, codeVerifier, redirectUrl, clientId, clientSecret, key, twoFactorProvider, twoFactorToken, remember, captchaToken, orgId) {
         return __awaiter(this, void 0, void 0, function* () {
             const storedTwoFactorToken = yield this.tokenService.getTwoFactorToken(email);
             const appId = yield this.appIdService.getAppId();
@@ -1046,6 +1075,13 @@ class auth_service_AuthService {
                 }
                 // Skip this step during SSO new user flow. No key is returned from server.
                 if (code == null || tokenResponse.key != null) {
+                    if (tokenResponse.keyConnectorUrl != null) {
+                        yield this.keyConnectorService.getAndSetKey(tokenResponse.keyConnectorUrl);
+                    }
+                    else if (tokenResponse.apiUseKeyConnector) {
+                        const keyConnectorUrl = this.environmentService.getKeyConnectorUrl();
+                        yield this.keyConnectorService.getAndSetKey(keyConnectorUrl);
+                    }
                     yield this.cryptoService.setEncKey(tokenResponse.key);
                     // User doesn't have a key pair yet (old account), let's generate one for them
                     if (tokenResponse.privateKey == null) {
@@ -1055,12 +1091,29 @@ class auth_service_AuthService {
                             tokenResponse.privateKey = keyPair[1].encryptedString;
                         }
                         catch (e) {
-                            // tslint:disable-next-line
                             this.logService.error(e);
                         }
                     }
                     yield this.cryptoService.setEncPrivateKey(tokenResponse.privateKey);
                 }
+                else if (tokenResponse.keyConnectorUrl != null) {
+                    const password = yield this.cryptoFunctionService.randomBytes(64);
+                    const k = yield this.cryptoService.makeKey(utils_Utils.fromBufferToB64(password), this.tokenService.getEmail(), tokenResponse.kdf, tokenResponse.kdfIterations);
+                    const keyConnectorRequest = new KeyConnectorUserKeyRequest(k.encKeyB64);
+                    yield this.cryptoService.setKey(k);
+                    const encKey = yield this.cryptoService.makeEncKey(k);
+                    yield this.cryptoService.setEncKey(encKey[1].encryptedString);
+                    const [pubKey, privKey] = yield this.cryptoService.makeKeyPair();
+                    try {
+                        yield this.apiService.postUserKeyToKeyConnector(tokenResponse.keyConnectorUrl, keyConnectorRequest);
+                    }
+                    catch (e) {
+                        throw new Error('Unable to reach key connector');
+                    }
+                    const keys = new KeysRequest(pubKey, privKey.encryptedString);
+                    const setPasswordRequest = new SetKeyConnectorKeyRequest(encKey[1].encryptedString, tokenResponse.kdf, tokenResponse.kdfIterations, orgId, keys);
+                    yield this.apiService.postSetKeyConnectorKey(setPasswordRequest);
+                }
             }
             if (this.vaultTimeoutService != null) {
                 this.vaultTimeoutService.biometricLocked = false;
@@ -1526,6 +1579,9 @@ class cliPlatformUtils_service_CliPlatformUtilsService {
     getApplicationVersion() {
         return Promise.resolve(this.packageJson.version);
     }
+    getApplicationVersionSync() {
+        return this.packageJson.version;
+    }
     supportsWebAuthn(win) {
         return false;
     }
@@ -1827,6 +1883,7 @@ var FieldType;
     FieldType[FieldType["Text"] = 0] = "Text";
     FieldType[FieldType["Hidden"] = 1] = "Hidden";
     FieldType[FieldType["Boolean"] = 2] = "Boolean";
+    FieldType[FieldType["Linked"] = 3] = "Linked";
 })(FieldType || (FieldType = {}));
 
 // CONCATENATED MODULE: ./jslib/common/src/enums/uriMatchType.ts
@@ -1879,6 +1936,7 @@ class FieldData {
         this.type = response.type;
         this.name = response.name;
         this.value = response.value;
+        this.linkedId = response.linkedId;
     }
 }
 
@@ -2040,7 +2098,9 @@ class AttachmentView {
                 return parseInt(this.size, null);
             }
         }
-        catch (_a) { }
+        catch (_a) {
+            // Invalid file size.
+        }
         return 0;
     }
 }
@@ -2291,10 +2351,95 @@ class attachment_Attachment extends domainBase_Domain {
     }
 }
 
+// CONCATENATED MODULE: ./jslib/common/src/models/view/itemView.ts
+class ItemView {
+}
+
+// CONCATENATED MODULE: ./jslib/common/src/enums/linkedIdType.ts
+// LoginView
+var LoginLinkedId;
+(function (LoginLinkedId) {
+    LoginLinkedId[LoginLinkedId["Username"] = 100] = "Username";
+    LoginLinkedId[LoginLinkedId["Password"] = 101] = "Password";
+})(LoginLinkedId || (LoginLinkedId = {}));
+// CardView
+var CardLinkedId;
+(function (CardLinkedId) {
+    CardLinkedId[CardLinkedId["CardholderName"] = 300] = "CardholderName";
+    CardLinkedId[CardLinkedId["ExpMonth"] = 301] = "ExpMonth";
+    CardLinkedId[CardLinkedId["ExpYear"] = 302] = "ExpYear";
+    CardLinkedId[CardLinkedId["Code"] = 303] = "Code";
+    CardLinkedId[CardLinkedId["Brand"] = 304] = "Brand";
+    CardLinkedId[CardLinkedId["Number"] = 305] = "Number";
+})(CardLinkedId || (CardLinkedId = {}));
+// IdentityView
+var IdentityLinkedId;
+(function (IdentityLinkedId) {
+    IdentityLinkedId[IdentityLinkedId["Title"] = 400] = "Title";
+    IdentityLinkedId[IdentityLinkedId["MiddleName"] = 401] = "MiddleName";
+    IdentityLinkedId[IdentityLinkedId["Address1"] = 402] = "Address1";
+    IdentityLinkedId[IdentityLinkedId["Address2"] = 403] = "Address2";
+    IdentityLinkedId[IdentityLinkedId["Address3"] = 404] = "Address3";
+    IdentityLinkedId[IdentityLinkedId["City"] = 405] = "City";
+    IdentityLinkedId[IdentityLinkedId["State"] = 406] = "State";
+    IdentityLinkedId[IdentityLinkedId["PostalCode"] = 407] = "PostalCode";
+    IdentityLinkedId[IdentityLinkedId["Country"] = 408] = "Country";
+    IdentityLinkedId[IdentityLinkedId["Company"] = 409] = "Company";
+    IdentityLinkedId[IdentityLinkedId["Email"] = 410] = "Email";
+    IdentityLinkedId[IdentityLinkedId["Phone"] = 411] = "Phone";
+    IdentityLinkedId[IdentityLinkedId["Ssn"] = 412] = "Ssn";
+    IdentityLinkedId[IdentityLinkedId["Username"] = 413] = "Username";
+    IdentityLinkedId[IdentityLinkedId["PassportNumber"] = 414] = "PassportNumber";
+    IdentityLinkedId[IdentityLinkedId["LicenseNumber"] = 415] = "LicenseNumber";
+    IdentityLinkedId[IdentityLinkedId["FirstName"] = 416] = "FirstName";
+    IdentityLinkedId[IdentityLinkedId["LastName"] = 417] = "LastName";
+    IdentityLinkedId[IdentityLinkedId["FullName"] = 418] = "FullName";
+})(IdentityLinkedId || (IdentityLinkedId = {}));
+
+// CONCATENATED MODULE: ./jslib/common/src/misc/linkedFieldOption.decorator.ts
+class LinkedMetadata {
+    constructor(propertyKey, _i18nKey) {
+        this.propertyKey = propertyKey;
+        this._i18nKey = _i18nKey;
+    }
+    get i18nKey() {
+        var _a;
+        return (_a = this._i18nKey) !== null && _a !== void 0 ? _a : this.propertyKey;
+    }
+}
+/**
+ * A decorator used to set metadata used by Linked custom fields. Apply it to a class property or getter to make it
+ *    available as a Linked custom field option.
+ * @param id - A unique value that is saved in the Field model. It is used to look up the decorated class property.
+ * @param i18nKey - The i18n key used to describe the decorated class property in the UI. If it is null, then the name
+ *    of the class property will be used as the i18n key.
+ */
+function linkedFieldOption(id, i18nKey) {
+    return (prototype, propertyKey) => {
+        if (prototype.linkedFieldOptions == null) {
+            prototype.linkedFieldOptions = new Map();
+        }
+        prototype.linkedFieldOptions.set(id, new LinkedMetadata(propertyKey, i18nKey));
+    };
+}
+
 // CONCATENATED MODULE: ./jslib/common/src/models/view/cardView.ts
-class CardView {
+var cardView_decorate = (undefined && undefined.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var cardView_metadata = (undefined && undefined.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+
+
+
+class cardView_CardView extends ItemView {
     // tslint:enable
     constructor(c) {
+        super();
         this.cardholderName = null;
         this.expMonth = null;
         this.expYear = null;
@@ -2303,7 +2448,6 @@ class CardView {
         this._brand = null;
         this._number = null;
         this._subTitle = null;
-        // ctor
     }
     get maskedCode() {
         return this.code != null ? '•'.repeat(this.code.length) : null;
@@ -2354,6 +2498,32 @@ class CardView {
         return year.length === 2 ? '20' + year : year;
     }
 }
+cardView_decorate([
+    linkedFieldOption(CardLinkedId.CardholderName),
+    cardView_metadata("design:type", String)
+], cardView_CardView.prototype, "cardholderName", void 0);
+cardView_decorate([
+    linkedFieldOption(CardLinkedId.ExpMonth, 'expirationMonth'),
+    cardView_metadata("design:type", String)
+], cardView_CardView.prototype, "expMonth", void 0);
+cardView_decorate([
+    linkedFieldOption(CardLinkedId.ExpYear, 'expirationYear'),
+    cardView_metadata("design:type", String)
+], cardView_CardView.prototype, "expYear", void 0);
+cardView_decorate([
+    linkedFieldOption(CardLinkedId.Code, 'securityCode'),
+    cardView_metadata("design:type", String)
+], cardView_CardView.prototype, "code", void 0);
+cardView_decorate([
+    linkedFieldOption(CardLinkedId.Brand),
+    cardView_metadata("design:type", String),
+    cardView_metadata("design:paramtypes", [String])
+], cardView_CardView.prototype, "brand", null);
+cardView_decorate([
+    linkedFieldOption(CardLinkedId.Number),
+    cardView_metadata("design:type", String),
+    cardView_metadata("design:paramtypes", [String])
+], cardView_CardView.prototype, "number", null);
 
 // CONCATENATED MODULE: ./jslib/common/src/models/domain/card.ts
 
@@ -2375,7 +2545,7 @@ class card_Card extends domainBase_Domain {
         }, alreadyEncrypted, []);
     }
     decrypt(orgId, encKey) {
-        return this.decryptObj(new CardView(this), {
+        return this.decryptObj(new cardView_CardView(this), {
             cardholderName: null,
             brand: null,
             number: null,
@@ -2406,10 +2576,23 @@ var CipherRepromptType;
 })(CipherRepromptType || (CipherRepromptType = {}));
 
 // CONCATENATED MODULE: ./jslib/common/src/models/view/identityView.ts
+var identityView_decorate = (undefined && undefined.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var identityView_metadata = (undefined && undefined.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+
 
-class identityView_IdentityView {
+
+
+class identityView_IdentityView extends ItemView {
     // tslint:enable
     constructor(i) {
+        super();
         this.title = null;
         this.middleName = null;
         this.address1 = null;
@@ -2430,7 +2613,6 @@ class identityView_IdentityView {
         this._firstName = null;
         this._lastName = null;
         this._subTitle = null;
-        // ctor
     }
     get firstName() {
         return this._firstName;
@@ -2511,11 +2693,103 @@ class identityView_IdentityView {
         return addressPart2;
     }
 }
+identityView_decorate([
+    linkedFieldOption(IdentityLinkedId.Title),
+    identityView_metadata("design:type", String)
+], identityView_IdentityView.prototype, "title", void 0);
+identityView_decorate([
+    linkedFieldOption(IdentityLinkedId.MiddleName),
+    identityView_metadata("design:type", String)
+], identityView_IdentityView.prototype, "middleName", void 0);
+identityView_decorate([
+    linkedFieldOption(IdentityLinkedId.Address1),
+    identityView_metadata("design:type", String)
+], identityView_IdentityView.prototype, "address1", void 0);
+identityView_decorate([
+    linkedFieldOption(IdentityLinkedId.Address2),
+    identityView_metadata("design:type", String)
+], identityView_IdentityView.prototype, "address2", void 0);
+identityView_decorate([
+    linkedFieldOption(IdentityLinkedId.Address3),
+    identityView_metadata("design:type", String)
+], identityView_IdentityView.prototype, "address3", void 0);
+identityView_decorate([
+    linkedFieldOption(IdentityLinkedId.City, 'cityTown'),
+    identityView_metadata("design:type", String)
+], identityView_IdentityView.prototype, "city", void 0);
+identityView_decorate([
+    linkedFieldOption(IdentityLinkedId.State, 'stateProvince'),
+    identityView_metadata("design:type", String)
+], identityView_IdentityView.prototype, "state", void 0);
+identityView_decorate([
+    linkedFieldOption(IdentityLinkedId.PostalCode, 'zipPostalCode'),
+    identityView_metadata("design:type", String)
+], identityView_IdentityView.prototype, "postalCode", void 0);
+identityView_decorate([
+    linkedFieldOption(IdentityLinkedId.Country),
+    identityView_metadata("design:type", String)
+], identityView_IdentityView.prototype, "country", void 0);
+identityView_decorate([
+    linkedFieldOption(IdentityLinkedId.Company),
+    identityView_metadata("design:type", String)
+], identityView_IdentityView.prototype, "company", void 0);
+identityView_decorate([
+    linkedFieldOption(IdentityLinkedId.Email),
+    identityView_metadata("design:type", String)
+], identityView_IdentityView.prototype, "email", void 0);
+identityView_decorate([
+    linkedFieldOption(IdentityLinkedId.Phone),
+    identityView_metadata("design:type", String)
+], identityView_IdentityView.prototype, "phone", void 0);
+identityView_decorate([
+    linkedFieldOption(IdentityLinkedId.Ssn),
+    identityView_metadata("design:type", String)
+], identityView_IdentityView.prototype, "ssn", void 0);
+identityView_decorate([
+    linkedFieldOption(IdentityLinkedId.Username),
+    identityView_metadata("design:type", String)
+], identityView_IdentityView.prototype, "username", void 0);
+identityView_decorate([
+    linkedFieldOption(IdentityLinkedId.PassportNumber),
+    identityView_metadata("design:type", String)
+], identityView_IdentityView.prototype, "passportNumber", void 0);
+identityView_decorate([
+    linkedFieldOption(IdentityLinkedId.LicenseNumber),
+    identityView_metadata("design:type", String)
+], identityView_IdentityView.prototype, "licenseNumber", void 0);
+identityView_decorate([
+    linkedFieldOption(IdentityLinkedId.FirstName),
+    identityView_metadata("design:type", String),
+    identityView_metadata("design:paramtypes", [String])
+], identityView_IdentityView.prototype, "firstName", null);
+identityView_decorate([
+    linkedFieldOption(IdentityLinkedId.LastName),
+    identityView_metadata("design:type", String),
+    identityView_metadata("design:paramtypes", [String])
+], identityView_IdentityView.prototype, "lastName", null);
+identityView_decorate([
+    linkedFieldOption(IdentityLinkedId.FullName),
+    identityView_metadata("design:type", String),
+    identityView_metadata("design:paramtypes", [])
+], identityView_IdentityView.prototype, "fullName", null);
 
 // CONCATENATED MODULE: ./jslib/common/src/models/view/loginView.ts
+var loginView_decorate = (undefined && undefined.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var loginView_metadata = (undefined && undefined.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+
 
-class loginView_LoginView {
+
+
+class loginView_LoginView extends ItemView {
     constructor(l) {
+        super();
         this.username = null;
         this.password = null;
         this.passwordRevisionDate = null;
@@ -2556,10 +2830,20 @@ class loginView_LoginView {
         return this.uris != null && this.uris.length > 0;
     }
 }
+loginView_decorate([
+    linkedFieldOption(LoginLinkedId.Username),
+    loginView_metadata("design:type", String)
+], loginView_LoginView.prototype, "username", void 0);
+loginView_decorate([
+    linkedFieldOption(LoginLinkedId.Password),
+    loginView_metadata("design:type", String)
+], loginView_LoginView.prototype, "password", void 0);
 
 // CONCATENATED MODULE: ./jslib/common/src/models/view/secureNoteView.ts
-class SecureNoteView {
+
+class secureNoteView_SecureNoteView extends ItemView {
     constructor(n) {
+        super();
         this.type = null;
         if (!n) {
             return;
@@ -2593,8 +2877,8 @@ class cipherView_CipherView {
         this.viewPassword = true;
         this.login = new loginView_LoginView();
         this.identity = new identityView_IdentityView();
-        this.card = new CardView();
-        this.secureNote = new SecureNoteView();
+        this.card = new cardView_CardView();
+        this.secureNote = new secureNoteView_SecureNoteView();
         this.attachments = null;
         this.fields = null;
         this.passwordHistory = null;
@@ -2620,21 +2904,24 @@ class cipherView_CipherView {
         // Old locally stored ciphers might have reprompt == null. If so set it to None.
         this.reprompt = (_a = c.reprompt) !== null && _a !== void 0 ? _a : CipherRepromptType.None;
     }
-    get subTitle() {
+    get item() {
         switch (this.type) {
             case CipherType.Login:
-                return this.login.subTitle;
+                return this.login;
             case CipherType.SecureNote:
-                return this.secureNote.subTitle;
+                return this.secureNote;
             case CipherType.Card:
-                return this.card.subTitle;
+                return this.card;
             case CipherType.Identity:
-                return this.identity.subTitle;
+                return this.identity;
             default:
                 break;
         }
         return null;
     }
+    get subTitle() {
+        return this.item.subTitle;
+    }
     get hasPasswordHistory() {
         return this.passwordHistory && this.passwordHistory.length > 0;
     }
@@ -2666,6 +2953,22 @@ class cipherView_CipherView {
     get isDeleted() {
         return this.deletedDate != null;
     }
+    get linkedFieldOptions() {
+        return this.item.linkedFieldOptions;
+    }
+    linkedFieldValue(id) {
+        var _a;
+        const linkedFieldOption = (_a = this.linkedFieldOptions) === null || _a === void 0 ? void 0 : _a.get(id);
+        if (linkedFieldOption == null) {
+            return null;
+        }
+        const item = this.item;
+        return this.item[linkedFieldOption.propertyKey];
+    }
+    linkedFieldI18nKey(id) {
+        var _a;
+        return (_a = this.linkedFieldOptions.get(id)) === null || _a === void 0 ? void 0 : _a.i18nKey;
+    }
 }
 
 // CONCATENATED MODULE: ./jslib/common/src/models/view/fieldView.ts
@@ -2676,10 +2979,12 @@ class FieldView {
         this.type = null;
         this.newField = false; // Marks if the field is new and hasn't been saved
         this.showValue = false;
+        this.linkedId = null;
         if (!f) {
             return;
         }
         this.type = f.type;
+        this.linkedId = f.linkedId;
     }
     get maskedValue() {
         return this.value != null ? '••••••••' : null;
@@ -2697,6 +3002,7 @@ class field_Field extends domainBase_Domain {
             return;
         }
         this.type = obj.type;
+        this.linkedId = obj.linkedId;
         this.buildDomainModel(this, obj, {
             name: null,
             value: null,
@@ -2714,7 +3020,8 @@ class field_Field extends domainBase_Domain {
             name: null,
             value: null,
             type: null,
-        }, ['type']);
+            linkedId: null,
+        }, ['type', 'linkedId']);
         return f;
     }
 }
@@ -3057,7 +3364,7 @@ class secureNote_SecureNote extends domainBase_Domain {
         this.type = obj.type;
     }
     decrypt(orgId, encKey) {
-        return Promise.resolve(new SecureNoteView(this));
+        return Promise.resolve(new secureNoteView_SecureNoteView(this));
     }
     toSecureNoteData() {
         const n = new SecureNoteData();
@@ -3348,6 +3655,7 @@ class fieldApi_FieldApi extends BaseResponse {
         this.type = this.getResponseProperty('Type');
         this.name = this.getResponseProperty('Name');
         this.value = this.getResponseProperty('Value');
+        this.linkedId = this.getResponseProperty('linkedId');
     }
 }
 
@@ -3526,6 +3834,7 @@ class cipherRequest_CipherRequest {
                 field.type = f.type;
                 field.name = f.name ? f.name.encryptedString : null;
                 field.value = f.value ? f.value.encryptedString : null;
+                field.linkedId = f.linkedId;
                 return field;
             });
         }
@@ -3916,7 +4225,7 @@ const DomainMatchBlacklist = new Map([
     ['google.com', new Set(['script.google.com'])],
 ]);
 class cipher_service_CipherService {
-    constructor(cryptoService, userService, settingsService, apiService, fileUploadService, storageService, i18nService, searchService) {
+    constructor(cryptoService, userService, settingsService, apiService, fileUploadService, storageService, i18nService, searchService, logService) {
         this.cryptoService = cryptoService;
         this.userService = userService;
         this.settingsService = settingsService;
@@ -3925,6 +4234,7 @@ class cipher_service_CipherService {
         this.storageService = storageService;
         this.i18nService = i18nService;
         this.searchService = searchService;
+        this.logService = logService;
         this.sortedCiphersCache = new SortedCiphersCache(this.sortCiphersByLastUsed);
     }
     get decryptedCipherCache() {
@@ -4073,6 +4383,7 @@ class cipher_service_CipherService {
         return cipher_service_awaiter(this, void 0, void 0, function* () {
             const field = new field_Field();
             field.type = fieldModel.type;
+            field.linkedId = fieldModel.linkedId;
             // normalize boolean type field values
             if (fieldModel.type === FieldType.Boolean && fieldModel.value !== 'true') {
                 fieldModel.value = 'false';
@@ -4258,7 +4569,9 @@ class cipher_service_CipherService {
                                         return true;
                                     }
                                 }
-                                catch (_a) { }
+                                catch (e) {
+                                    this.logService.error(e);
+                                }
                                 break;
                             case UriMatchType.Never:
                             default:
@@ -13594,7 +13907,9 @@ class crypto_service_CryptoService {
                     encType = parseInt(headerPieces[0], null);
                     encPieces = headerPieces[1].split('|');
                 }
-                catch (e) { }
+                catch (e) {
+                    this.logService.error(e);
+                }
             }
             switch (encType) {
                 case EncryptionType.Rsa2048_OaepSha256_B64:
@@ -13997,6 +14312,9 @@ class environment_service_EnvironmentService {
         }
         return 'https://events.bitwarden.com';
     }
+    getKeyConnectorUrl() {
+        return this.keyConnectorUrl;
+    }
     setUrlsFromStorage() {
         return environment_service_awaiter(this, void 0, void 0, function* () {
             const urlsObj = yield this.storageService.get(ConstantsService.environmentUrlsKey);
@@ -14008,6 +14326,7 @@ class environment_service_EnvironmentService {
                 notifications: null,
                 events: null,
                 webVault: null,
+                keyConnector: null,
             };
             const envUrls = new EnvironmentUrls();
             if (urls.base) {
@@ -14020,6 +14339,7 @@ class environment_service_EnvironmentService {
             this.iconsUrl = urls.icons;
             this.notificationsUrl = urls.notifications;
             this.eventsUrl = envUrls.events = urls.events;
+            this.keyConnectorUrl = urls.keyConnector;
         });
     }
     setUrls(urls, saveSettings = true) {
@@ -14031,6 +14351,7 @@ class environment_service_EnvironmentService {
             urls.icons = this.formatUrl(urls.icons);
             urls.notifications = this.formatUrl(urls.notifications);
             urls.events = this.formatUrl(urls.events);
+            urls.keyConnector = this.formatUrl(urls.keyConnector);
             if (saveSettings) {
                 yield this.storageService.save(ConstantsService.environmentUrlsKey, {
                     base: urls.base,
@@ -14040,6 +14361,7 @@ class environment_service_EnvironmentService {
                     icons: urls.icons,
                     notifications: urls.notifications,
                     events: urls.events,
+                    keyConnector: urls.keyConnector,
                 });
             }
             this.baseUrl = urls.base;
@@ -14049,6 +14371,7 @@ class environment_service_EnvironmentService {
             this.iconsUrl = urls.icons;
             this.notificationsUrl = urls.notifications;
             this.eventsUrl = urls.events;
+            this.keyConnectorUrl = urls.keyConnector;
             this.urlsSubject.next(urls);
             return urls;
         });
@@ -14062,6 +14385,7 @@ class environment_service_EnvironmentService {
             icons: this.iconsUrl,
             notifications: this.notificationsUrl,
             events: this.eventsUrl,
+            keyConnector: this.keyConnectorUrl,
         };
     }
     formatUrl(url) {
@@ -14089,7 +14413,7 @@ class export_card_Card {
         if (o == null) {
             return;
         }
-        if (o instanceof CardView) {
+        if (o instanceof cardView_CardView) {
             this.cardholderName = o.cardholderName;
             this.brand = o.brand;
             this.number = o.number;
@@ -14116,7 +14440,7 @@ class export_card_Card {
         req.code = '123';
         return req;
     }
-    static toView(req, view = new CardView()) {
+    static toView(req, view = new cardView_CardView()) {
         view.cardholderName = req.cardholderName;
         view.brand = req.brand;
         view.number = req.number;
@@ -14156,6 +14480,7 @@ class export_field_Field {
             this.value = (_b = o.value) === null || _b === void 0 ? void 0 : _b.encryptedString;
         }
         this.type = o.type;
+        this.linkedId = o.linkedId;
     }
     static template() {
         const req = new export_field_Field();
@@ -14168,12 +14493,14 @@ class export_field_Field {
         view.type = req.type;
         view.value = req.value;
         view.name = req.name;
+        view.linkedId = req.linkedId;
         return view;
     }
     static toDomain(req, domain = new field_Field()) {
         domain.type = req.type;
         domain.value = req.value != null ? new encString_EncString(req.value) : null;
         domain.name = req.name != null ? new encString_EncString(req.name) : null;
+        domain.linkedId = req.linkedId;
         return domain;
     }
 }
@@ -14412,7 +14739,7 @@ class export_secureNote_SecureNote {
         req.type = SecureNoteType.Generic;
         return req;
     }
-    static toView(req, view = new SecureNoteView()) {
+    static toView(req, view = new secureNoteView_SecureNoteView()) {
         view.type = req.type;
         return view;
     }
@@ -14631,6 +14958,7 @@ var EventType;
     EventType[EventType["User_FailedLogIn2fa"] = 1006] = "User_FailedLogIn2fa";
     EventType[EventType["User_ClientExportedVault"] = 1007] = "User_ClientExportedVault";
     EventType[EventType["User_UpdatedTempPassword"] = 1008] = "User_UpdatedTempPassword";
+    EventType[EventType["User_MigratedKeyToKeyConnector"] = 1009] = "User_MigratedKeyToKeyConnector";
     EventType[EventType["Cipher_Created"] = 1100] = "Cipher_Created";
     EventType[EventType["Cipher_Updated"] = 1101] = "Cipher_Updated";
     EventType[EventType["Cipher_Deleted"] = 1102] = "Cipher_Deleted";
@@ -14665,10 +14993,15 @@ var EventType;
     EventType[EventType["OrganizationUser_ResetPassword_Withdraw"] = 1507] = "OrganizationUser_ResetPassword_Withdraw";
     EventType[EventType["OrganizationUser_AdminResetPassword"] = 1508] = "OrganizationUser_AdminResetPassword";
     EventType[EventType["OrganizationUser_ResetSsoLink"] = 1509] = "OrganizationUser_ResetSsoLink";
+    EventType[EventType["OrganizationUser_FirstSsoLogin"] = 1510] = "OrganizationUser_FirstSsoLogin";
     EventType[EventType["Organization_Updated"] = 1600] = "Organization_Updated";
     EventType[EventType["Organization_PurgedVault"] = 1601] = "Organization_PurgedVault";
     // Organization_ClientExportedVault = 1602,
     EventType[EventType["Organization_VaultAccessed"] = 1603] = "Organization_VaultAccessed";
+    EventType[EventType["Organization_EnabledSso"] = 1604] = "Organization_EnabledSso";
+    EventType[EventType["Organization_DisabledSso"] = 1605] = "Organization_DisabledSso";
+    EventType[EventType["Organization_EnabledKeyConnector"] = 1606] = "Organization_EnabledKeyConnector";
+    EventType[EventType["Organization_DisabledKeyConnector"] = 1607] = "Organization_DisabledKeyConnector";
     EventType[EventType["Policy_Updated"] = 1700] = "Policy_Updated";
     EventType[EventType["ProviderUser_Invited"] = 1800] = "ProviderUser_Invited";
     EventType[EventType["ProviderUser_Confirmed"] = 1801] = "ProviderUser_Confirmed";
@@ -15275,7 +15608,9 @@ class Version {
             this.month = parts[1];
             this.day = parts[2];
         }
-        catch (_a) { }
+        catch (_a) {
+            // Ignore error
+        }
     }
     /**
      * Compares two Azure Versions against each other
@@ -15998,7 +16333,7 @@ class baseImporter_BaseImporter {
             this.isNullOrWhitespace(cipher.login.password) &&
             (cipher.login.uris == null || cipher.login.uris.length === 0)) {
             cipher.type = CipherType.SecureNote;
-            cipher.secureNote = new SecureNoteView();
+            cipher.secureNote = new secureNoteView_SecureNoteView();
             cipher.secureNote.type = SecureNoteType.Generic;
         }
     }
@@ -16270,7 +16605,7 @@ class bitwardenCsvImporter_BitwardenCsvImporter extends baseImporter_BaseImporte
             switch (valueType) {
                 case 'note':
                     cipher.type = CipherType.SecureNote;
-                    cipher.secureNote = new SecureNoteView();
+                    cipher.secureNote = new secureNoteView_SecureNoteView();
                     cipher.secureNote.type = SecureNoteType.Generic;
                     break;
                 default:
@@ -16801,7 +17136,7 @@ class dashlaneJsonImporter_DashlaneJsonImporter extends baseImporter_BaseImporte
     processCard(results) {
         results.forEach((obj) => {
             const cipher = new cipherView_CipherView();
-            cipher.card = new CardView();
+            cipher.card = new cardView_CardView();
             cipher.type = CipherType.Card;
             cipher.name = this.getValueOrDefault(obj.bank);
             cipher.card.number = this.getValueOrDefault(obj.cardNumber);
@@ -16822,7 +17157,7 @@ class dashlaneJsonImporter_DashlaneJsonImporter extends baseImporter_BaseImporte
     processNote(results, nameProperty, name = null) {
         results.forEach((obj) => {
             const cipher = new cipherView_CipherView();
-            cipher.secureNote = new SecureNoteView();
+            cipher.secureNote = new secureNoteView_SecureNoteView();
             cipher.type = CipherType.SecureNote;
             cipher.secureNote.type = SecureNoteType.Generic;
             if (name != null) {
@@ -16876,7 +17211,7 @@ class encryptrCsvImporter_EncryptrCsvImporter extends baseImporter_BaseImporter
             }
             else if (type === 'Credit Card') {
                 cipher.type = CipherType.Card;
-                cipher.card = new CardView();
+                cipher.card = new cardView_CardView();
                 cipher.card.cardholderName = this.getValueOrDefault(value['Name on card']);
                 cipher.card.number = this.getValueOrDefault(value['Card Number']);
                 cipher.card.brand = this.getCardBrand(cipher.card.number);
@@ -16927,13 +17262,13 @@ class enpassCsvImporter_EnpassCsvImporter extends baseImporter_BaseImporter {
                 !this.containsField(value, 'password') && !this.containsField(value, 'email') &&
                 !this.containsField(value, 'url'))) {
                 cipher.type = CipherType.SecureNote;
-                cipher.secureNote = new SecureNoteView();
+                cipher.secureNote = new secureNoteView_SecureNoteView();
                 cipher.secureNote.type = SecureNoteType.Generic;
             }
             if (this.containsField(value, 'cardholder') && this.containsField(value, 'number') &&
                 this.containsField(value, 'expiry date')) {
                 cipher.type = CipherType.Card;
-                cipher.card = new CardView();
+                cipher.card = new cardView_CardView();
             }
             if (value.length > 2 && (value.length % 2) === 0) {
                 for (let i = 0; i < value.length - 2; i += 2) {
@@ -17086,7 +17421,7 @@ class enpassJsonImporter_EnpassJsonImporter extends baseImporter_BaseImporter {
         cipher.login.uris = this.makeUriArray(urls);
     }
     processCard(cipher, fields) {
-        cipher.card = new CardView();
+        cipher.card = new cardView_CardView();
         cipher.type = CipherType.Card;
         fields.forEach((field) => {
             if (this.isNullOrWhitespace(field.value) || field.type === 'section' || field.type === 'ccType') {
@@ -17215,7 +17550,7 @@ class fsecureFskImporter_FSecureFskImporter extends baseImporter_BaseImporter {
             }
             else if (value.style === 'creditcard') {
                 cipher.type = CipherType.Card;
-                cipher.card = new CardView();
+                cipher.card = new cardView_CardView();
                 cipher.card.cardholderName = this.getValueOrDefault(value.username);
                 cipher.card.number = this.getValueOrDefault(value.creditNumber);
                 cipher.card.brand = this.getCardBrand(cipher.card.number);
@@ -17681,7 +18016,7 @@ class lastpassCsvImporter_LastPassCsvImporter extends baseImporter_BaseImporter
         return cipher;
     }
     parseCard(value) {
-        const card = new CardView();
+        const card = new cardView_CardView();
         card.cardholderName = this.getValueOrDefault(value.ccname);
         card.number = this.getValueOrDefault(value.ccnum);
         card.code = this.getValueOrDefault(value.cccsc);
@@ -17787,7 +18122,7 @@ class lastpassCsvImporter_LastPassCsvImporter extends baseImporter_BaseImporter
             }
         }
         if (!processedNote) {
-            cipher.secureNote = new SecureNoteView();
+            cipher.secureNote = new secureNoteView_SecureNoteView();
             cipher.secureNote.type = SecureNoteType.Generic;
             cipher.notes = this.getValueOrDefault(value.extra);
         }
@@ -17923,7 +18258,7 @@ class msecureCsvImporter_MSecureCsvImporter extends baseImporter_BaseImporter {
             }
             else if (value.length > 3) {
                 cipher.type = CipherType.SecureNote;
-                cipher.secureNote = new SecureNoteView();
+                cipher.secureNote = new secureNoteView_SecureNoteView();
                 cipher.secureNote.type = SecureNoteType.Generic;
                 for (let i = 3; i < value.length; i++) {
                     if (!this.isNullOrWhitespace(value[i])) {
@@ -17974,7 +18309,7 @@ class mykiCsvImporter_MykiCsvImporter extends baseImporter_BaseImporter {
             }
             else if (value.cardNumber !== undefined) {
                 // Cards
-                cipher.card = new CardView();
+                cipher.card = new cardView_CardView();
                 cipher.type = CipherType.Card;
                 cipher.card.cardholderName = this.getValueOrDefault(value.cardName);
                 cipher.card.number = this.getValueOrDefault(value.cardNumber);
@@ -18001,7 +18336,7 @@ class mykiCsvImporter_MykiCsvImporter extends baseImporter_BaseImporter {
             }
             else if (value.content !== undefined) {
                 // Notes
-                cipher.secureNote = new SecureNoteView();
+                cipher.secureNote = new secureNoteView_SecureNoteView();
                 cipher.type = CipherType.SecureNote;
                 cipher.secureNote.type = SecureNoteType.Generic;
                 cipher.name = this.getValueOrDefault(value.title, '--');
@@ -18181,7 +18516,7 @@ class onepassword1PifImporter_OnePassword1PifImporter extends baseImporter_BaseI
             }
             if (!this.isNullOrWhitespace(item.details.ccnum) || !this.isNullOrWhitespace(item.details.cvv)) {
                 cipher.type = CipherType.Card;
-                cipher.card = new CardView();
+                cipher.card = new cardView_CardView();
             }
             else if (!this.isNullOrWhitespace(item.details.firstname) ||
                 !this.isNullOrWhitespace(item.details.address1)) {
@@ -18211,12 +18546,12 @@ class onepassword1PifImporter_OnePassword1PifImporter extends baseImporter_BaseI
         cipher.name = this.getValueOrDefault(item.title);
         if (item.typeName === 'securenotes.SecureNote') {
             cipher.type = CipherType.SecureNote;
-            cipher.secureNote = new SecureNoteView();
+            cipher.secureNote = new secureNoteView_SecureNoteView();
             cipher.secureNote.type = SecureNoteType.Generic;
         }
         else if (item.typeName === 'wallet.financial.CreditCard') {
             cipher.type = CipherType.Card;
-            cipher.card = new CardView();
+            cipher.card = new cardView_CardView();
         }
         else if (item.typeName === 'identities.Identity') {
             cipher.type = CipherType.Identity;
@@ -18655,7 +18990,7 @@ class onepasswordMacCsvImporter_OnePasswordMacCsvImporter extends onepasswordCsv
         switch (onePassType) {
             case 'Credit Card':
                 cipher.type = CipherType.Card;
-                cipher.card = new CardView();
+                cipher.card = new cardView_CardView();
                 IgnoredProperties.push('type');
                 break;
             case 'Identity':
@@ -18689,7 +19024,7 @@ class onepasswordWinCsvImporter_OnePasswordWinCsvImporter extends onepasswordCsv
         if (!this.isNullOrWhitespace(this.getPropByRegexp(value, /\d+: number/i)) &&
             !this.isNullOrWhitespace(this.getPropByRegexp(value, /\d+: expiry date/i))) {
             cipher.type = CipherType.Card;
-            cipher.card = new CardView();
+            cipher.card = new cardView_CardView();
         }
         if (!this.isNullOrWhitespace(this.getPropByRegexp(value, /name \d+: first name/i)) ||
             !this.isNullOrWhitespace(this.getPropByRegexp(value, /name \d+: initial/i)) ||
@@ -18904,7 +19239,9 @@ class passpackCsvImporter_PasspackCsvImporter extends baseImporter_BaseImporter
                         const t = JSON.parse(tagJson);
                         return this.getValueOrDefault(t.tag);
                     }
-                    catch (_a) { }
+                    catch (_a) {
+                        // Ignore error
+                    }
                     return null;
                 }).filter((t) => !this.isNullOrWhitespace(t)) : null;
             if (this.organization && tags != null && tags.length > 0) {
@@ -18950,7 +19287,9 @@ class passpackCsvImporter_PasspackCsvImporter extends baseImporter_BaseImporter
                 try {
                     return JSON.parse(fieldJson);
                 }
-                catch (_a) { }
+                catch (_a) {
+                    // Ignore error
+                }
                 return null;
             }) : null;
             if (fields != null) {
@@ -19056,7 +19395,7 @@ class passwordBossJsonImporter_PasswordBossJsonImporter extends baseImporter_Bas
                 cipher.notes = value.identifiers.notes.split('\\r\\n').join('\n').split('\\n').join('\n');
             }
             if (value.type === 'CreditCard') {
-                cipher.card = new CardView();
+                cipher.card = new cardView_CardView();
                 cipher.type = CipherType.Card;
             }
             for (const property in value.identifiers) {
@@ -19094,7 +19433,9 @@ class passwordBossJsonImporter_PasswordBossJsonImporter extends baseImporter_Bas
                             cipher.card.expYear = expDate.getFullYear().toString();
                             cipher.card.expMonth = (expDate.getMonth() + 1).toString();
                         }
-                        catch (_a) { }
+                        catch (_a) {
+                            // Ignore error
+                        }
                         continue;
                     }
                     else if (property === 'cardType') {
@@ -19306,7 +19647,7 @@ class rememBearCsvImporter_RememBearCsvImporter extends baseImporter_BaseImporte
             }
             else if (value.type === 'CreditCardItem') {
                 cipher.type = CipherType.Card;
-                cipher.card = new CardView();
+                cipher.card = new cardView_CardView();
                 cipher.card.cardholderName = this.getValueOrDefault(value.cardholder);
                 cipher.card.number = this.getValueOrDefault(value.number);
                 cipher.card.brand = this.getCardBrand(cipher.card.number);
@@ -19320,7 +19661,9 @@ class rememBearCsvImporter_RememBearCsvImporter extends baseImporter_BaseImporte
                         }
                     }
                 }
-                catch (_a) { }
+                catch (_a) {
+                    // Ignore error
+                }
                 try {
                     const expYear = this.getValueOrDefault(value.expiryYear);
                     if (expYear != null) {
@@ -19330,7 +19673,9 @@ class rememBearCsvImporter_RememBearCsvImporter extends baseImporter_BaseImporte
                         }
                     }
                 }
-                catch (_b) { }
+                catch (_b) {
+                    // Ignore error
+                }
                 const pin = this.getValueOrDefault(value.pin);
                 if (pin != null) {
                     this.processKvp(cipher, 'PIN', pin);
@@ -19402,6 +19747,32 @@ class roboformCsvImporter_RoboFormCsvImporter extends baseImporter_BaseImporter
     }
 }
 
+// CONCATENATED MODULE: ./jslib/common/src/importers/safariCsvImporter.ts
+
+
+class safariCsvImporter_SafariCsvImporter extends baseImporter_BaseImporter {
+    parse(data) {
+        const result = new ImportResult();
+        const results = this.parseCsv(data, true);
+        if (results == null) {
+            result.success = false;
+            return Promise.resolve(result);
+        }
+        results.forEach(value => {
+            const cipher = this.initLoginCipher();
+            cipher.name = this.getValueOrDefault(value.Title, '--');
+            cipher.login.username = this.getValueOrDefault(value.Username);
+            cipher.login.password = this.getValueOrDefault(value.Password);
+            cipher.login.uris = this.makeUriArray(value.Url);
+            cipher.login.totp = this.getValueOrDefault(value.OTPAuth);
+            this.cleanupCipher(cipher);
+            result.ciphers.push(cipher);
+        });
+        result.success = true;
+        return Promise.resolve(result);
+    }
+}
+
 // CONCATENATED MODULE: ./jslib/common/src/importers/safeInCloudXmlImporter.ts
 
 
@@ -19454,7 +19825,7 @@ class safeInCloudXmlImporter_SafeInCloudXmlImporter extends baseImporter_BaseImp
             const cardType = cardEl.getAttribute('type');
             if (cardType === 'note') {
                 cipher.type = CipherType.SecureNote;
-                cipher.secureNote = new SecureNoteView();
+                cipher.secureNote = new secureNoteView_SecureNoteView();
                 cipher.secureNote.type = SecureNoteType.Generic;
             }
             else {
@@ -19724,7 +20095,7 @@ class truekeyCsvImporter_TrueKeyCsvImporter extends baseImporter_BaseImporter {
             }
             if (value.kind === 'cc') {
                 cipher.type = CipherType.Card;
-                cipher.card = new CardView();
+                cipher.card = new cardView_CardView();
                 cipher.card.cardholderName = this.getValueOrDefault(value.cardholder);
                 cipher.card.number = this.getValueOrDefault(value.number);
                 cipher.card.brand = this.getCardBrand(cipher.card.number);
@@ -19734,12 +20105,14 @@ class truekeyCsvImporter_TrueKeyCsvImporter extends baseImporter_BaseImporter {
                         cipher.card.expYear = expDate.getFullYear().toString();
                         cipher.card.expMonth = (expDate.getMonth() + 1).toString();
                     }
-                    catch (_a) { }
+                    catch (_a) {
+                        // Ignore error
+                    }
                 }
             }
             else if (value.kind !== 'login') {
                 cipher.type = CipherType.SecureNote;
-                cipher.secureNote = new SecureNoteView();
+                cipher.secureNote = new secureNoteView_SecureNoteView();
                 cipher.secureNote.type = SecureNoteType.Generic;
                 if (!this.isNullOrWhitespace(cipher.notes)) {
                     cipher.notes = this.getValueOrDefault(value.document_content, '');
@@ -19944,6 +20317,7 @@ var import_service_awaiter = (undefined && undefined.__awaiter) || function (thi
 
 
 
+
 
 
 class import_service_ImportService {
@@ -19958,12 +20332,13 @@ class import_service_ImportService {
         this.featuredImportOptions = [
             { id: 'bitwardenjson', name: 'Bitwarden (json)' },
             { id: 'bitwardencsv', name: 'Bitwarden (csv)' },
-            { id: 'lastpasscsv', name: 'LastPass (csv)' },
             { id: 'chromecsv', name: 'Chrome (csv)' },
+            { id: 'dashlanejson', name: 'Dashlane (json)' },
             { id: 'firefoxcsv', name: 'Firefox (csv)' },
             { id: 'keepass2xml', name: 'KeePass 2 (xml)' },
+            { id: 'lastpasscsv', name: 'LastPass (csv)' },
+            { id: 'safaricsv', name: 'Safari and macOS (csv)' },
             { id: '1password1pif', name: '1Password (1pif)' },
-            { id: 'dashlanejson', name: 'Dashlane (json)' },
         ];
         this.regularImportOptions = [
             { id: 'keepassxcsv', name: 'KeePassX (csv)' },
@@ -20095,6 +20470,8 @@ class import_service_ImportService {
                 return new upmCsvImporter_UpmCsvImporter();
             case 'saferpasscsv':
                 return new saferpassCsvImport_SaferPassCsvImporter();
+            case 'safaricsv':
+                return new safariCsvImporter_SafariCsvImporter();
             case 'meldiumcsv':
                 return new meldiumCsvImporter_MeldiumCsvImporter();
             case '1password1pif':
@@ -20258,6 +20635,121 @@ class import_service_ImportService {
     }
 }
 
+// CONCATENATED MODULE: ./jslib/common/src/enums/organizationUserType.ts
+var OrganizationUserType;
+(function (OrganizationUserType) {
+    OrganizationUserType[OrganizationUserType["Owner"] = 0] = "Owner";
+    OrganizationUserType[OrganizationUserType["Admin"] = 1] = "Admin";
+    OrganizationUserType[OrganizationUserType["User"] = 2] = "User";
+    OrganizationUserType[OrganizationUserType["Manager"] = 3] = "Manager";
+    OrganizationUserType[OrganizationUserType["Custom"] = 4] = "Custom";
+})(OrganizationUserType || (OrganizationUserType = {}));
+
+// CONCATENATED MODULE: ./jslib/common/src/services/keyConnector.service.ts
+var keyConnector_service_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+
+
+
+
+const keyConnector_service_Keys = {
+    usesKeyConnector: 'usesKeyConnector',
+    convertAccountToKeyConnector: 'convertAccountToKeyConnector',
+};
+class keyConnector_service_KeyConnectorService {
+    constructor(storageService, userService, cryptoService, apiService, tokenService, logService) {
+        this.storageService = storageService;
+        this.userService = userService;
+        this.cryptoService = cryptoService;
+        this.apiService = apiService;
+        this.tokenService = tokenService;
+        this.logService = logService;
+        this.usesKeyConnector = null;
+    }
+    setUsesKeyConnector(usesKeyConnector) {
+        this.usesKeyConnector = usesKeyConnector;
+        return this.storageService.save(keyConnector_service_Keys.usesKeyConnector, usesKeyConnector);
+    }
+    getUsesKeyConnector() {
+        var _a;
+        return keyConnector_service_awaiter(this, void 0, void 0, function* () {
+            return (_a = this.usesKeyConnector) !== null && _a !== void 0 ? _a : (this.usesKeyConnector = yield this.storageService.get(keyConnector_service_Keys.usesKeyConnector));
+        });
+    }
+    userNeedsMigration() {
+        return keyConnector_service_awaiter(this, void 0, void 0, function* () {
+            const loggedInUsingSso = this.tokenService.getIsExternal();
+            const requiredByOrganization = (yield this.getManagingOrganization()) != null;
+            const userIsNotUsingKeyConnector = !(yield this.getUsesKeyConnector());
+            return loggedInUsingSso && requiredByOrganization && userIsNotUsingKeyConnector;
+        });
+    }
+    migrateUser() {
+        return keyConnector_service_awaiter(this, void 0, void 0, function* () {
+            const organization = yield this.getManagingOrganization();
+            const key = yield this.cryptoService.getKey();
+            try {
+                const keyConnectorRequest = new KeyConnectorUserKeyRequest(key.encKeyB64);
+                yield this.apiService.postUserKeyToKeyConnector(organization.keyConnectorUrl, keyConnectorRequest);
+            }
+            catch (e) {
+                throw new Error('Unable to reach key connector');
+            }
+            yield this.apiService.postConvertToKeyConnector();
+        });
+    }
+    getAndSetKey(url) {
+        return keyConnector_service_awaiter(this, void 0, void 0, function* () {
+            try {
+                const userKeyResponse = yield this.apiService.getUserKeyFromKeyConnector(url);
+                const keyArr = utils_Utils.fromB64ToArray(userKeyResponse.key);
+                const k = new symmetricCryptoKey_SymmetricCryptoKey(keyArr);
+                yield this.cryptoService.setKey(k);
+            }
+            catch (e) {
+                this.logService.error(e);
+                throw new Error('Unable to reach key connector');
+            }
+        });
+    }
+    getManagingOrganization() {
+        return keyConnector_service_awaiter(this, void 0, void 0, function* () {
+            const orgs = yield this.userService.getAllOrganizations();
+            return orgs.find(o => o.keyConnectorEnabled &&
+                o.type !== OrganizationUserType.Admin &&
+                o.type !== OrganizationUserType.Owner &&
+                !o.isProviderUser);
+        });
+    }
+    setConvertAccountRequired(status) {
+        return keyConnector_service_awaiter(this, void 0, void 0, function* () {
+            yield this.storageService.save(keyConnector_service_Keys.convertAccountToKeyConnector, status);
+        });
+    }
+    getConvertAccountRequired() {
+        return keyConnector_service_awaiter(this, void 0, void 0, function* () {
+            return yield this.storageService.get(keyConnector_service_Keys.convertAccountToKeyConnector);
+        });
+    }
+    removeConvertAccountRequired() {
+        return keyConnector_service_awaiter(this, void 0, void 0, function* () {
+            yield this.storageService.remove(keyConnector_service_Keys.convertAccountToKeyConnector);
+        });
+    }
+    clear() {
+        return keyConnector_service_awaiter(this, void 0, void 0, function* () {
+            yield this.removeConvertAccountRequired();
+        });
+    }
+}
+
 // CONCATENATED MODULE: ./jslib/common/src/services/noopMessaging.service.ts
 class NoopMessagingService {
     send(subscriber, arg = {}) {
@@ -20887,16 +21379,6 @@ var OrganizationUserStatusType;
     OrganizationUserStatusType[OrganizationUserStatusType["Confirmed"] = 2] = "Confirmed";
 })(OrganizationUserStatusType || (OrganizationUserStatusType = {}));
 
-// CONCATENATED MODULE: ./jslib/common/src/enums/organizationUserType.ts
-var OrganizationUserType;
-(function (OrganizationUserType) {
-    OrganizationUserType[OrganizationUserType["Owner"] = 0] = "Owner";
-    OrganizationUserType[OrganizationUserType["Admin"] = 1] = "Admin";
-    OrganizationUserType[OrganizationUserType["User"] = 2] = "User";
-    OrganizationUserType[OrganizationUserType["Manager"] = 3] = "Manager";
-    OrganizationUserType[OrganizationUserType["Custom"] = 4] = "Custom";
-})(OrganizationUserType || (OrganizationUserType = {}));
-
 // CONCATENATED MODULE: ./jslib/common/src/services/policy.service.ts
 var policy_service_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
@@ -21204,7 +21686,9 @@ class search_service_SearchService {
                 try {
                     searchResults = index.search(query.substr(1).trim());
                 }
-                catch (_a) { }
+                catch (e) {
+                    this.logService.error(e);
+                }
             }
             else {
                 // tslint:disable-next-line
@@ -21495,7 +21979,9 @@ class SendFileView {
                 return parseInt(this.size, null);
             }
         }
-        catch (_a) { }
+        catch (_a) {
+            // Invalid file size.
+        }
         return 0;
     }
 }
@@ -22079,6 +22565,7 @@ class OrganizationData {
         this.use2fa = response.use2fa;
         this.useApi = response.useApi;
         this.useSso = response.useSso;
+        this.useKeyConnector = response.useKeyConnector;
         this.useResetPassword = response.useResetPassword;
         this.selfHost = response.selfHost;
         this.usersGetPremium = response.usersGetPremium;
@@ -22093,6 +22580,11 @@ class OrganizationData {
         this.hasPublicAndPrivateKeys = response.hasPublicAndPrivateKeys;
         this.providerId = response.providerId;
         this.providerName = response.providerName;
+        this.familySponsorshipFriendlyName = response.familySponsorshipFriendlyName;
+        this.familySponsorshipAvailable = response.familySponsorshipAvailable;
+        this.planProductType = response.planProductType;
+        this.keyConnectorEnabled = response.keyConnectorEnabled;
+        this.keyConnectorUrl = response.keyConnectorUrl;
     }
 }
 
@@ -22130,7 +22622,7 @@ const sync_service_Keys = {
     lastSyncPrefix: 'lastSync_',
 };
 class sync_service_SyncService {
-    constructor(userService, apiService, settingsService, folderService, cipherService, cryptoService, collectionService, storageService, messagingService, policyService, sendService, logoutCallback) {
+    constructor(userService, apiService, settingsService, folderService, cipherService, cryptoService, collectionService, storageService, messagingService, policyService, sendService, logService, tokenService, keyConnectorService, logoutCallback) {
         this.userService = userService;
         this.apiService = apiService;
         this.settingsService = settingsService;
@@ -22142,6 +22634,9 @@ class sync_service_SyncService {
         this.messagingService = messagingService;
         this.policyService = policyService;
         this.sendService = sendService;
+        this.logService = logService;
+        this.tokenService = tokenService;
+        this.keyConnectorService = keyConnectorService;
         this.logoutCallback = logoutCallback;
         this.syncInProgress = false;
     }
@@ -22229,7 +22724,9 @@ class sync_service_SyncService {
                         }
                     }
                 }
-                catch (_a) { }
+                catch (e) {
+                    this.logService.error(e);
+                }
             }
             return this.syncCompleted(false);
         });
@@ -22333,7 +22830,9 @@ class sync_service_SyncService {
                         }
                     }
                 }
-                catch (_a) { }
+                catch (e) {
+                    this.logService.error(e);
+                }
             }
             return this.syncCompleted(false);
         });
@@ -22392,6 +22891,7 @@ class sync_service_SyncService {
             yield this.userService.setSecurityStamp(response.securityStamp);
             yield this.userService.setEmailVerified(response.emailVerified);
             yield this.userService.setForcePasswordReset(response.forcePasswordReset);
+            yield this.keyConnectorService.setUsesKeyConnector(response.usesKeyConnector);
             const organizations = {};
             response.organizations.forEach(o => {
                 organizations[o.id] = new OrganizationData(o);
@@ -22406,10 +22906,16 @@ class sync_service_SyncService {
                     organizations[o.id].isProviderUser = true;
                 }
             });
-            return Promise.all([
+            yield Promise.all([
                 this.userService.replaceOrganizations(organizations),
                 this.userService.replaceProviders(providers),
             ]);
+            if (yield this.keyConnectorService.userNeedsMigration()) {
+                this.messagingService.send('convertAccountToKeyConnector');
+            }
+            else {
+                this.keyConnectorService.removeConvertAccountRequired();
+            }
         });
     }
     syncFolders(userId, response) {
@@ -22699,6 +23205,13 @@ class token_service_TokenService {
         }
         return decoded.iss;
     }
+    getIsExternal() {
+        const decoded = this.decodeToken();
+        if (!Array.isArray(decoded.amr)) {
+            throw new Error('No amr found');
+        }
+        return decoded.amr.includes('external');
+    }
     storeTokenValue(key, value) {
         return token_service_awaiter(this, void 0, void 0, function* () {
             if (yield this.skipTokenStorage()) {
@@ -22732,9 +23245,10 @@ var totp_service_awaiter = (undefined && undefined.__awaiter) || function (thisA
 const B32Chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
 const SteamChars = '23456789BCDFGHJKMNPQRTVWXY';
 class totp_service_TotpService {
-    constructor(storageService, cryptoFunctionService) {
+    constructor(storageService, cryptoFunctionService, logService) {
         this.storageService = storageService;
         this.cryptoFunctionService = cryptoFunctionService;
+        this.logService = logService;
     }
     getCode(key) {
         return totp_service_awaiter(this, void 0, void 0, function* () {
@@ -22759,7 +23273,9 @@ class totp_service_TotpService {
                             digits = digitParams;
                         }
                     }
-                    catch (_a) { }
+                    catch (_a) {
+                        this.logService.error('Invalid digits param.');
+                    }
                 }
                 if (params.has('period') && params.get('period') != null) {
                     try {
@@ -22768,7 +23284,9 @@ class totp_service_TotpService {
                             period = periodParam;
                         }
                     }
-                    catch (_b) { }
+                    catch (_b) {
+                        this.logService.error('Invalid period param.');
+                    }
                 }
                 if (params.has('secret') && params.get('secret') != null) {
                     keyB32 = params.get('secret');
@@ -22824,7 +23342,9 @@ class totp_service_TotpService {
                 try {
                     period = parseInt(params.get('period').trim(), null);
                 }
-                catch (_a) { }
+                catch (_a) {
+                    this.logService.error('Invalid period param.');
+                }
             }
         }
         return period;
@@ -22901,6 +23421,7 @@ class organization_Organization {
         this.use2fa = obj.use2fa;
         this.useApi = obj.useApi;
         this.useSso = obj.useSso;
+        this.useKeyConnector = obj.useKeyConnector;
         this.useResetPassword = obj.useResetPassword;
         this.selfHost = obj.selfHost;
         this.usersGetPremium = obj.usersGetPremium;
@@ -22916,6 +23437,11 @@ class organization_Organization {
         this.providerId = obj.providerId;
         this.providerName = obj.providerName;
         this.isProviderUser = obj.isProviderUser;
+        this.familySponsorshipFriendlyName = obj.familySponsorshipFriendlyName;
+        this.familySponsorshipAvailable = obj.familySponsorshipAvailable;
+        this.planProductType = obj.planProductType;
+        this.keyConnectorEnabled = obj.keyConnectorEnabled;
+        this.keyConnectorUrl = obj.keyConnectorUrl;
     }
     get canAccess() {
         if (this.type === OrganizationUserType.Owner) {
@@ -23192,6 +23718,12 @@ class user_service_UserService {
             return false;
         });
     }
+    canManageSponsorships() {
+        return user_service_awaiter(this, void 0, void 0, function* () {
+            const orgs = yield this.getAllOrganizations();
+            return orgs.some(o => o.familySponsorshipAvailable || o.familySponsorshipFriendlyName !== null);
+        });
+    }
     getOrganization(id) {
         return user_service_awaiter(this, void 0, void 0, function* () {
             const userId = yield this.getUserId();
@@ -23271,6 +23803,98 @@ class user_service_UserService {
     }
 }
 
+// CONCATENATED MODULE: ./jslib/common/src/enums/verificationType.ts
+var VerificationType;
+(function (VerificationType) {
+    VerificationType[VerificationType["MasterPassword"] = 0] = "MasterPassword";
+    VerificationType[VerificationType["OTP"] = 1] = "OTP";
+})(VerificationType || (VerificationType = {}));
+
+// CONCATENATED MODULE: ./jslib/common/src/models/request/account/verifyOTPRequest.ts
+class VerifyOTPRequest {
+    constructor(OTP) {
+        this.OTP = OTP;
+    }
+}
+
+// CONCATENATED MODULE: ./jslib/common/src/models/request/secretVerificationRequest.ts
+class SecretVerificationRequest {
+}
+
+// CONCATENATED MODULE: ./jslib/common/src/services/userVerification.service.ts
+var userVerification_service_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+
+
+
+class userVerification_service_UserVerificationService {
+    constructor(cryptoService, i18nService, apiService) {
+        this.cryptoService = cryptoService;
+        this.i18nService = i18nService;
+        this.apiService = apiService;
+    }
+    buildRequest(verification, requestClass, alreadyHashed) {
+        return userVerification_service_awaiter(this, void 0, void 0, function* () {
+            this.validateInput(verification);
+            const request = requestClass != null
+                ? new requestClass()
+                : new SecretVerificationRequest();
+            if (verification.type === VerificationType.OTP) {
+                request.otp = verification.secret;
+            }
+            else {
+                request.masterPasswordHash = alreadyHashed
+                    ? verification.secret
+                    : yield this.cryptoService.hashPassword(verification.secret, null);
+            }
+            return request;
+        });
+    }
+    verifyUser(verification) {
+        return userVerification_service_awaiter(this, void 0, void 0, function* () {
+            this.validateInput(verification);
+            if (verification.type === VerificationType.OTP) {
+                const request = new VerifyOTPRequest(verification.secret);
+                try {
+                    yield this.apiService.postAccountVerifyOTP(request);
+                }
+                catch (e) {
+                    throw new Error(this.i18nService.t('invalidVerificationCode'));
+                }
+            }
+            else {
+                const passwordValid = yield this.cryptoService.compareAndUpdateKeyHash(verification.secret, null);
+                if (!passwordValid) {
+                    throw new Error(this.i18nService.t('invalidMasterPassword'));
+                }
+            }
+            return true;
+        });
+    }
+    requestOTP() {
+        return userVerification_service_awaiter(this, void 0, void 0, function* () {
+            yield this.apiService.postAccountRequestOTP();
+        });
+    }
+    validateInput(verification) {
+        if ((verification === null || verification === void 0 ? void 0 : verification.secret) == null || verification.secret === '') {
+            if (verification.type === VerificationType.OTP) {
+                throw new Error(this.i18nService.t('verificationCodeRequired'));
+            }
+            else {
+                throw new Error(this.i18nService.t('masterPassRequired'));
+            }
+        }
+    }
+}
+
 // CONCATENATED MODULE: ./jslib/common/src/services/vaultTimeout.service.ts
 var vaultTimeout_service_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
@@ -23284,7 +23908,7 @@ var vaultTimeout_service_awaiter = (undefined && undefined.__awaiter) || functio
 
 
 class vaultTimeout_service_VaultTimeoutService {
-    constructor(cipherService, folderService, collectionService, cryptoService, platformUtilsService, storageService, messagingService, searchService, userService, tokenService, policyService, lockedCallback = null, loggedOutCallback = null) {
+    constructor(cipherService, folderService, collectionService, cryptoService, platformUtilsService, storageService, messagingService, searchService, userService, tokenService, policyService, keyConnectorService, lockedCallback = null, loggedOutCallback = null) {
         this.cipherService = cipherService;
         this.folderService = folderService;
         this.collectionService = collectionService;
@@ -23296,6 +23920,7 @@ class vaultTimeout_service_VaultTimeoutService {
         this.userService = userService;
         this.tokenService = tokenService;
         this.policyService = policyService;
+        this.keyConnectorService = keyConnectorService;
         this.lockedCallback = lockedCallback;
         this.loggedOutCallback = loggedOutCallback;
         this.pinProtectedKey = null;
@@ -23363,6 +23988,13 @@ class vaultTimeout_service_VaultTimeoutService {
             if (!authed) {
                 return;
             }
+            if (yield this.keyConnectorService.getUsesKeyConnector()) {
+                const pinSet = yield this.isPinLockSet();
+                const pinLock = (pinSet[0] && this.pinProtectedKey != null) || pinSet[1];
+                if (!pinLock && !(yield this.isBiometricLockSet())) {
+                    yield this.logOut();
+                }
+            }
             this.biometricLocked = true;
             this.everBeenUnlocked = true;
             yield this.cryptoService.clearKey(false);
@@ -23996,6 +24628,8 @@ class identityTokenResponse_IdentityTokenResponse extends BaseResponse {
         this.kdf = this.getResponseProperty('Kdf');
         this.kdfIterations = this.getResponseProperty('KdfIterations');
         this.forcePasswordReset = this.getResponseProperty('ForcePasswordReset');
+        this.apiUseKeyConnector = this.getResponseProperty('ApiUseKeyConnector');
+        this.keyConnectorUrl = this.getResponseProperty('KeyConnectorUrl');
     }
 }
 
@@ -24072,6 +24706,8 @@ class ssoConfigApi_SsoConfigApi extends BaseResponse {
             return;
         }
         this.configType = this.getResponseProperty('ConfigType');
+        this.keyConnectorEnabled = this.getResponseProperty('KeyConnectorEnabled');
+        this.keyConnectorUrl = this.getResponseProperty('KeyConnectorUrl');
         this.authority = this.getResponseProperty('Authority');
         this.clientId = this.getResponseProperty('ClientId');
         this.clientSecret = this.getResponseProperty('ClientSecret');
@@ -24278,6 +24914,7 @@ class subscriptionResponse_BillingSubscriptionItemResponse extends BaseResponse
         this.amount = this.getResponseProperty('Amount');
         this.quantity = this.getResponseProperty('Quantity');
         this.interval = this.getResponseProperty('Interval');
+        this.sponsoredSubscriptionItem = this.getResponseProperty('SponsoredSubscriptionItem');
     }
 }
 class subscriptionResponse_BillingSubscriptionUpcomingInvoiceResponse extends BaseResponse {
@@ -24372,10 +25009,12 @@ class organizationUserResponse_OrganizationUserResponse extends BaseResponse {
 }
 class OrganizationUserUserDetailsResponse extends organizationUserResponse_OrganizationUserResponse {
     constructor(response) {
+        var _a;
         super(response);
         this.name = this.getResponseProperty('Name');
         this.email = this.getResponseProperty('Email');
         this.twoFactorEnabled = this.getResponseProperty('TwoFactorEnabled');
+        this.usesKeyConnector = (_a = this.getResponseProperty('UsesKeyConnector')) !== null && _a !== void 0 ? _a : false;
     }
 }
 class organizationUserResponse_OrganizationUserDetailsResponse extends organizationUserResponse_OrganizationUserResponse {
@@ -24403,6 +25042,7 @@ class organizationUserResponse_OrganizationUserResetPasswordDetailsReponse exten
 
 class profileOrganizationResponse_ProfileOrganizationResponse extends BaseResponse {
     constructor(response) {
+        var _a, _b;
         super(response);
         this.id = this.getResponseProperty('Id');
         this.name = this.getResponseProperty('Name');
@@ -24414,6 +25054,7 @@ class profileOrganizationResponse_ProfileOrganizationResponse extends BaseRespon
         this.use2fa = this.getResponseProperty('Use2fa');
         this.useApi = this.getResponseProperty('UseApi');
         this.useSso = this.getResponseProperty('UseSso');
+        this.useKeyConnector = (_a = this.getResponseProperty('UseKeyConnector')) !== null && _a !== void 0 ? _a : false;
         this.useResetPassword = this.getResponseProperty('UseResetPassword');
         this.selfHost = this.getResponseProperty('SelfHost');
         this.usersGetPremium = this.getResponseProperty('UsersGetPremium');
@@ -24432,43 +25073,20 @@ class profileOrganizationResponse_ProfileOrganizationResponse extends BaseRespon
         this.userId = this.getResponseProperty('UserId');
         this.providerId = this.getResponseProperty('ProviderId');
         this.providerName = this.getResponseProperty('ProviderName');
+        this.familySponsorshipFriendlyName = this.getResponseProperty('FamilySponsorshipFriendlyName');
+        this.familySponsorshipAvailable = this.getResponseProperty('FamilySponsorshipAvailable');
+        this.planProductType = this.getResponseProperty('PlanProductType');
+        this.keyConnectorEnabled = (_b = this.getResponseProperty('KeyConnectorEnabled')) !== null && _b !== void 0 ? _b : false;
+        this.keyConnectorUrl = this.getResponseProperty('KeyConnectorUrl');
     }
 }
 
 // CONCATENATED MODULE: ./jslib/common/src/models/response/profileProviderOrganizationResponse.ts
 
-
-class profileProviderOrganizationResponse_ProfileProviderOrganizationResponse extends BaseResponse {
+class profileProviderOrganizationResponse_ProfileProviderOrganizationResponse extends profileOrganizationResponse_ProfileOrganizationResponse {
     constructor(response) {
         super(response);
-        this.id = this.getResponseProperty('Id');
-        this.name = this.getResponseProperty('Name');
-        this.usePolicies = this.getResponseProperty('UsePolicies');
-        this.useGroups = this.getResponseProperty('UseGroups');
-        this.useDirectory = this.getResponseProperty('UseDirectory');
-        this.useEvents = this.getResponseProperty('UseEvents');
-        this.useTotp = this.getResponseProperty('UseTotp');
-        this.use2fa = this.getResponseProperty('Use2fa');
-        this.useApi = this.getResponseProperty('UseApi');
-        this.useSso = this.getResponseProperty('UseSso');
-        this.useResetPassword = this.getResponseProperty('UseResetPassword');
-        this.selfHost = this.getResponseProperty('SelfHost');
-        this.usersGetPremium = this.getResponseProperty('UsersGetPremium');
-        this.seats = this.getResponseProperty('Seats');
-        this.maxCollections = this.getResponseProperty('MaxCollections');
-        this.maxStorageGb = this.getResponseProperty('MaxStorageGb');
-        this.key = this.getResponseProperty('Key');
-        this.hasPublicAndPrivateKeys = this.getResponseProperty('HasPublicAndPrivateKeys');
-        this.status = this.getResponseProperty('Status');
-        this.type = this.getResponseProperty('Type');
-        this.enabled = this.getResponseProperty('Enabled');
-        this.ssoBound = this.getResponseProperty('SsoBound');
-        this.identifier = this.getResponseProperty('Identifier');
-        this.permissions = new permissionsApi_PermissionsApi(this.getResponseProperty('permissions'));
-        this.resetPasswordEnrolled = this.getResponseProperty('ResetPasswordEnrolled');
-        this.userId = this.getResponseProperty('UserId');
-        this.providerId = this.getResponseProperty('ProviderId');
-        this.providerName = this.getResponseProperty('ProviderName');
+        this.keyConnectorEnabled = false;
     }
 }
 
@@ -24497,7 +25115,7 @@ class profileProviderResponse_ProfileProviderResponse extends BaseResponse {
 
 class profileResponse_ProfileResponse extends BaseResponse {
     constructor(response) {
-        var _a;
+        var _a, _b;
         super(response);
         this.organizations = [];
         this.providers = [];
@@ -24514,6 +25132,7 @@ class profileResponse_ProfileResponse extends BaseResponse {
         this.privateKey = this.getResponseProperty('PrivateKey');
         this.securityStamp = this.getResponseProperty('SecurityStamp');
         this.forcePasswordReset = (_a = this.getResponseProperty('ForcePasswordReset')) !== null && _a !== void 0 ? _a : false;
+        this.usesKeyConnector = (_b = this.getResponseProperty('UsesKeyConnector')) !== null && _b !== void 0 ? _b : false;
         const organizations = this.getResponseProperty('Organizations');
         if (organizations != null) {
             this.organizations = organizations.map((o) => new profileOrganizationResponse_ProfileOrganizationResponse(o));
@@ -24909,6 +25528,15 @@ class userKeyResponse_UserKeyResponse extends BaseResponse {
     }
 }
 
+// CONCATENATED MODULE: ./jslib/common/src/models/response/keyConnectorUserKeyResponse.ts
+
+class keyConnectorUserKeyResponse_KeyConnectorUserKeyResponse extends BaseResponse {
+    constructor(response) {
+        super(response);
+        this.key = this.getResponseProperty('Key');
+    }
+}
+
 // CONCATENATED MODULE: ./jslib/common/src/services/api.service.ts
 var api_service_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
@@ -24972,6 +25600,7 @@ var api_service_awaiter = (undefined && undefined.__awaiter) || function (thisAr
 
 
 
+
 
 
 class api_service_ApiService {
@@ -25095,6 +25724,9 @@ class api_service_ApiService {
     setPassword(request) {
         return this.send('POST', '/accounts/set-password', request, true, false);
     }
+    postSetKeyConnectorKey(request) {
+        return this.send('POST', '/accounts/set-key-connector-key', request, true, false);
+    }
     postSecurityStamp(request) {
         return this.send('POST', '/accounts/security-stamp', request, true, false);
     }
@@ -25191,6 +25823,15 @@ class api_service_ApiService {
     putUpdateTempPassword(request) {
         return this.send('PUT', '/accounts/update-temp-password', request, true, false);
     }
+    postAccountRequestOTP() {
+        return this.send('POST', '/accounts/request-otp', null, true, false);
+    }
+    postAccountVerifyOTP(request) {
+        return this.send('POST', '/accounts/verify-otp', request, true, false);
+    }
+    postConvertToKeyConnector() {
+        return this.send('POST', '/accounts/convert-to-key-connector', null, true, false);
+    }
     // Folder APIs
     getFolder(id) {
         return api_service_awaiter(this, void 0, void 0, function* () {
@@ -26231,6 +26872,60 @@ class api_service_ApiService {
             return r;
         });
     }
+    // Key Connector
+    getUserKeyFromKeyConnector(keyConnectorUrl) {
+        return api_service_awaiter(this, void 0, void 0, function* () {
+            const authHeader = yield this.getActiveBearerToken();
+            const response = yield this.fetch(new Request(keyConnectorUrl + '/user-keys', {
+                cache: 'no-store',
+                method: 'GET',
+                headers: new Headers({
+                    'Accept': 'application/json',
+                    'Authorization': 'Bearer ' + authHeader,
+                }),
+            }));
+            if (response.status !== 200) {
+                const error = yield this.handleError(response, false, true);
+                return Promise.reject(error);
+            }
+            return new keyConnectorUserKeyResponse_KeyConnectorUserKeyResponse(yield response.json());
+        });
+    }
+    postUserKeyToKeyConnector(keyConnectorUrl, request) {
+        return api_service_awaiter(this, void 0, void 0, function* () {
+            const authHeader = yield this.getActiveBearerToken();
+            const response = yield this.fetch(new Request(keyConnectorUrl + '/user-keys', {
+                cache: 'no-store',
+                method: 'POST',
+                headers: new Headers({
+                    'Accept': 'application/json',
+                    'Authorization': 'Bearer ' + authHeader,
+                    'Content-Type': 'application/json; charset=utf-8',
+                }),
+                body: JSON.stringify(request),
+            }));
+            if (response.status !== 200) {
+                const error = yield this.handleError(response, false, true);
+                return Promise.reject(error);
+            }
+        });
+    }
+    getKeyConnectorAlive(keyConnectorUrl) {
+        return api_service_awaiter(this, void 0, void 0, function* () {
+            const response = yield this.fetch(new Request(keyConnectorUrl + '/alive', {
+                cache: 'no-store',
+                method: 'GET',
+                headers: new Headers({
+                    'Accept': 'application/json',
+                    'Content-Type': 'application/json; charset=utf-8',
+                }),
+            }));
+            if (response.status !== 200) {
+                const error = yield this.handleError(response, false, true);
+                return Promise.reject(error);
+            }
+        });
+    }
     // Helpers
     getActiveBearerToken() {
         return api_service_awaiter(this, void 0, void 0, function* () {
@@ -26280,6 +26975,31 @@ class api_service_ApiService {
             }
         });
     }
+    postCreateSponsorship(sponsoredOrgId, request) {
+        return api_service_awaiter(this, void 0, void 0, function* () {
+            return yield this.send('POST', '/organization/sponsorship/' + sponsoredOrgId + '/families-for-enterprise', request, true, false);
+        });
+    }
+    deleteRevokeSponsorship(sponsoringOrganizationId) {
+        return api_service_awaiter(this, void 0, void 0, function* () {
+            return yield this.send('DELETE', '/organization/sponsorship/' + sponsoringOrganizationId, null, true, false);
+        });
+    }
+    deleteRemoveSponsorship(sponsoringOrgId) {
+        return api_service_awaiter(this, void 0, void 0, function* () {
+            return yield this.send('DELETE', '/organization/sponsorship/sponsored/' + sponsoringOrgId, null, true, false);
+        });
+    }
+    postRedeemSponsorship(sponsorshipToken, request) {
+        return api_service_awaiter(this, void 0, void 0, function* () {
+            return yield this.send('POST', '/organization/sponsorship/redeem?sponsorshipToken=' + encodeURIComponent(sponsorshipToken), request, true, false);
+        });
+    }
+    postResendSponsorshipOffer(sponsoringOrgId) {
+        return api_service_awaiter(this, void 0, void 0, function* () {
+            return yield this.send('POST', '/organization/sponsorship/' + sponsoringOrgId + '/families-for-enterprise/resend', null, true, false);
+        });
+    }
     doAuthRefresh() {
         return api_service_awaiter(this, void 0, void 0, function* () {
             const refreshToken = yield this.tokenService.getRefreshToken();
@@ -26344,6 +27064,11 @@ class api_service_ApiService {
     send(method, path, body, authed, hasResponse, apiUrl, alterHeaders) {
         return api_service_awaiter(this, void 0, void 0, function* () {
             apiUrl = utils_Utils.isNullOrWhitespace(apiUrl) ? this.environmentService.getApiUrl() : apiUrl;
+            const requestUrl = apiUrl + path;
+            // Prevent directory traversal from malicious paths
+            if (new URL(requestUrl).href !== requestUrl) {
+                return Promise.reject('Invalid request url path.');
+            }
             const headers = new Headers({
                 'Device-Type': this.deviceType,
             });
@@ -26381,7 +27106,7 @@ class api_service_ApiService {
                 alterHeaders(headers);
             }
             requestInit.headers = headers;
-            const response = yield this.fetch(new Request(apiUrl + path, requestInit));
+            const response = yield this.fetch(new Request(requestUrl, requestInit));
             if (hasResponse && response.status === 200) {
                 const responseJson = yield response.json();
                 return responseJson;
@@ -26826,6 +27551,7 @@ class config_command_ConfigCommand {
                 icons: options.icons || null,
                 notifications: options.notifications || null,
                 events: options.events || null,
+                keyConnector: options.keyConnector || null,
             });
             const res = new MessageResponse('Saved setting `config`.', null);
             return Response.success(res);
@@ -27119,18 +27845,9 @@ var external_http_ = __webpack_require__(23);
 // EXTERNAL MODULE: external "inquirer"
 var external_inquirer_ = __webpack_require__(4);
 
-// CONCATENATED MODULE: ./jslib/common/src/models/request/passwordVerificationRequest.ts
-class PasswordVerificationRequest {
-}
-
 // CONCATENATED MODULE: ./jslib/common/src/models/request/twoFactorEmailRequest.ts
 
-class twoFactorEmailRequest_TwoFactorEmailRequest extends PasswordVerificationRequest {
-    constructor(email, masterPasswordHash) {
-        super();
-        this.masterPasswordHash = masterPasswordHash;
-        this.email = email;
-    }
+class twoFactorEmailRequest_TwoFactorEmailRequest extends SecretVerificationRequest {
 }
 
 // CONCATENATED MODULE: ./jslib/common/src/models/request/organizationUserResetPasswordRequest.ts
@@ -27165,7 +27882,7 @@ var login_command_awaiter = (undefined && undefined.__awaiter) || function (this
 // tslint:disable-next-line
 const login_command_open = __webpack_require__(13);
 class login_command_LoginCommand {
-    constructor(authService, apiService, i18nService, environmentService, passwordGenerationService, cryptoFunctionService, platformUtilsService, userService, cryptoService, policyService, clientId, syncService) {
+    constructor(authService, apiService, i18nService, environmentService, passwordGenerationService, cryptoFunctionService, platformUtilsService, userService, cryptoService, policyService, clientId, syncService, keyConnectorService) {
         this.authService = authService;
         this.apiService = apiService;
         this.i18nService = i18nService;
@@ -27177,6 +27894,7 @@ class login_command_LoginCommand {
         this.cryptoService = cryptoService;
         this.policyService = policyService;
         this.syncService = syncService;
+        this.keyConnectorService = keyConnectorService;
         this.ssoRedirectUri = null;
         this.clientId = clientId;
     }
@@ -27185,6 +27903,7 @@ class login_command_LoginCommand {
             this.canInteract = process.env.BW_NOINTERACTION !== 'true';
             let ssoCodeVerifier = null;
             let ssoCode = null;
+            let orgIdentifier = null;
             let clientId = null;
             let clientSecret = null;
             if (options.apikey != null) {
@@ -27206,7 +27925,9 @@ class login_command_LoginCommand {
                 const codeVerifierHash = yield this.cryptoFunctionService.hash(ssoCodeVerifier, 'sha256');
                 const codeChallenge = utils_Utils.fromBufferToUrlB64(codeVerifierHash);
                 try {
-                    ssoCode = yield this.getSsoCode(codeChallenge, state);
+                    const ssoParams = yield this.openSsoPrompt(codeChallenge, state);
+                    ssoCode = ssoParams.ssoCode;
+                    orgIdentifier = ssoParams.orgIdentifier;
                 }
                 catch (_a) {
                     return Response.badRequest('Something went wrong. Try again.');
@@ -27279,7 +28000,7 @@ class login_command_LoginCommand {
                         response = yield this.authService.logInApiKey(clientId, clientSecret);
                     }
                     else if (ssoCode != null && ssoCodeVerifier != null) {
-                        response = yield this.authService.logInSso(ssoCode, ssoCodeVerifier, this.ssoRedirectUri);
+                        response = yield this.authService.logInSso(ssoCode, ssoCodeVerifier, this.ssoRedirectUri, orgIdentifier);
                     }
                     else {
                         response = yield this.authService.logIn(email, password);
@@ -27346,7 +28067,9 @@ class login_command_LoginCommand {
                         }
                         if (twoFactorToken == null && response.twoFactorProviders.size > 1 &&
                             selectedProvider.type === TwoFactorProviderType.Email) {
-                            const emailReq = new twoFactorEmailRequest_TwoFactorEmailRequest(this.authService.email, this.authService.masterPasswordHash);
+                            const emailReq = new twoFactorEmailRequest_TwoFactorEmailRequest();
+                            emailReq.email = this.authService.email;
+                            emailReq.masterPasswordHash = this.authService.masterPasswordHash;
                             yield this.apiService.postTwoFactorEmail(emailReq);
                         }
                         if (twoFactorToken == null) {
@@ -27372,9 +28095,14 @@ class login_command_LoginCommand {
                     return Response.error('In order to log in with SSO from the CLI, you must first log in' +
                         ' through the web vault to set your master password.');
                 }
+                // Full sync required for the reset password and key connector checks
+                yield this.syncService.fullSync(true);
+                // Handle converting to Key Connector if required
+                if (yield this.keyConnectorService.userNeedsMigration()) {
+                    return yield this.migrateToKeyConnector();
+                }
                 // Handle Updating Temp Password if NOT using an API Key for authentication
                 if (response.forcePasswordReset && (clientId == null && clientSecret == null)) {
-                    yield this.syncService.fullSync(true);
                     return yield this.updateTempPassword();
                 }
                 return yield this.handleSuccessResponse();
@@ -27484,6 +28212,55 @@ class login_command_LoginCommand {
         }
         return userInput;
     }
+    migrateToKeyConnector() {
+        return login_command_awaiter(this, void 0, void 0, function* () {
+            // If no interaction available, alert user to use web vault
+            if (!this.canInteract) {
+                yield this.logout();
+                this.authService.logOut(() => { });
+                return Response.error(new MessageResponse('An organization you are a member of is using Key Connector. ' +
+                    'In order to access the vault, you must opt-in to Key Connector now via the web vault. You have been logged out.', null));
+            }
+            const organization = yield this.keyConnectorService.getManagingOrganization();
+            const answer = yield external_inquirer_["createPromptModule"]({ output: process.stderr })({
+                type: 'list',
+                name: 'convert',
+                message: organization.name + ' is using a self-hosted key server. A master password is no longer required to log in for members of this organization. ',
+                choices: [
+                    {
+                        name: 'Remove master password and log in',
+                        value: 'remove',
+                    },
+                    {
+                        name: 'Leave organization and log in',
+                        value: 'leave',
+                    },
+                    {
+                        name: 'Exit',
+                        value: 'exit',
+                    },
+                ],
+            });
+            if (answer.convert === 'remove') {
+                yield this.keyConnectorService.migrateUser();
+                // Update environment URL - required for api key login
+                const urls = this.environmentService.getUrls();
+                urls.keyConnector = organization.keyConnectorUrl;
+                yield this.environmentService.setUrls(urls, true);
+                return yield this.handleSuccessResponse();
+            }
+            else if (answer.convert === 'leave') {
+                yield this.apiService.postLeaveOrganization(organization.id);
+                yield this.syncService.fullSync(true);
+                return yield this.handleSuccessResponse();
+            }
+            else {
+                yield this.logout();
+                this.authService.logOut(() => { });
+                return Response.error('You have been logged out.');
+            }
+        });
+    }
     apiClientId() {
         return login_command_awaiter(this, void 0, void 0, function* () {
             let clientId = null;
@@ -27534,7 +28311,7 @@ class login_command_LoginCommand {
             };
         });
     }
-    getSsoCode(codeChallenge, state) {
+    openSsoPrompt(codeChallenge, state) {
         return login_command_awaiter(this, void 0, void 0, function* () {
             return new Promise((resolve, reject) => {
                 const callbackServer = external_http_["createServer"]((req, res) => {
@@ -27542,6 +28319,7 @@ class login_command_LoginCommand {
                     const url = new URL(urlString);
                     const code = url.searchParams.get('code');
                     const receivedState = url.searchParams.get('state');
+                    const orgIdentifier = this.getOrgIdentifierFromState(receivedState);
                     res.setHeader('Content-Type', 'text/html');
                     if (code != null && receivedState != null && this.checkState(receivedState, state)) {
                         res.writeHead(200);
@@ -27549,7 +28327,10 @@ class login_command_LoginCommand {
                             '<h1>Successfully authenticated with the Bitwarden CLI</h1>' +
                             '<p>You may now close this tab and return to the terminal.</p>' +
                             '</body></html>');
-                        callbackServer.close(() => resolve(code));
+                        callbackServer.close(() => resolve({
+                            ssoCode: code,
+                            orgIdentifier: orgIdentifier,
+                        }));
                     }
                     else {
                         res.writeHead(400);
@@ -27573,7 +28354,9 @@ class login_command_LoginCommand {
                         foundPort = true;
                         break;
                     }
-                    catch (_a) { }
+                    catch (_a) {
+                        // Ignore error since we run the same command up to 5 times.
+                    }
                 }
                 if (!foundPort) {
                     reject();
@@ -27581,6 +28364,13 @@ class login_command_LoginCommand {
             });
         });
     }
+    getOrgIdentifierFromState(state) {
+        if (state === null || state === undefined) {
+            return null;
+        }
+        const stateSplit = state.split('_identifier=');
+        return stateSplit.length > 1 ? stateSplit[1] : null;
+    }
     checkState(state, checkState) {
         if (state === null || state === undefined) {
             return false;
@@ -27608,8 +28398,8 @@ var commands_login_command_awaiter = (undefined && undefined.__awaiter) || funct
 
 
 class commands_login_command_LoginCommand extends login_command_LoginCommand {
-    constructor(authService, apiService, cryptoFunctionService, syncService, i18nService, environmentService, passwordGenerationService, platformUtilsService, userService, cryptoService, policyService, logoutCallback) {
-        super(authService, apiService, i18nService, environmentService, passwordGenerationService, cryptoFunctionService, platformUtilsService, userService, cryptoService, policyService, 'cli', syncService);
+    constructor(authService, apiService, cryptoFunctionService, syncService, i18nService, environmentService, passwordGenerationService, platformUtilsService, userService, cryptoService, policyService, keyConnectorService, logoutCallback) {
+        super(authService, apiService, i18nService, environmentService, passwordGenerationService, cryptoFunctionService, platformUtilsService, userService, cryptoService, policyService, 'cli', syncService, keyConnectorService);
         this.logoutCallback = logoutCallback;
         this.logout = this.logoutCallback;
         this.validatedParams = () => commands_login_command_awaiter(this, void 0, void 0, function* () {
@@ -27617,8 +28407,8 @@ class commands_login_command_LoginCommand extends login_command_LoginCommand {
             process.env.BW_SESSION = utils_Utils.fromBufferToB64(key);
         });
         this.success = () => commands_login_command_awaiter(this, void 0, void 0, function* () {
-            yield syncService.fullSync(true);
-            if ((this.options.sso != null || this.options.apikey != null) && this.canInteract) {
+            const usesKeyConnector = yield this.keyConnectorService.getUsesKeyConnector();
+            if ((this.options.sso != null || this.options.apikey != null) && this.canInteract && !usesKeyConnector) {
                 const res = new MessageResponse('You are logged in!', '\n' +
                     'To unlock your vault, use the `unlock` command. ex:\n' +
                     '$ bw unlock');
@@ -27814,7 +28604,7 @@ class unlock_command_UnlockCommand {
                 }
                 else {
                     const serverKeyHash = yield this.cryptoService.hashPassword(password, key, HashPurpose.ServerAuthorization);
-                    const request = new PasswordVerificationRequest();
+                    const request = new SecretVerificationRequest();
                     request.masterPasswordHash = serverKeyHash;
                     try {
                         yield this.apiService.postAccountVerifyPassword(request);
@@ -28297,7 +29087,7 @@ class program_Program extends baseProgram_BaseProgram {
                 .action((email, password, options) => program_awaiter(this, void 0, void 0, function* () {
                 if (!options.check) {
                     yield this.exitIfAuthed();
-                    const command = new commands_login_command_LoginCommand(this.main.authService, this.main.apiService, this.main.cryptoFunctionService, this.main.syncService, this.main.i18nService, this.main.environmentService, this.main.passwordGenerationService, this.main.platformUtilsService, this.main.userService, this.main.cryptoService, this.main.policyService, () => program_awaiter(this, void 0, void 0, function* () { return yield this.main.logout(); }));
+                    const command = new commands_login_command_LoginCommand(this.main.authService, this.main.apiService, this.main.cryptoFunctionService, this.main.syncService, this.main.i18nService, this.main.environmentService, this.main.passwordGenerationService, this.main.platformUtilsService, this.main.userService, this.main.cryptoService, this.main.policyService, this.main.keyConnectorService, () => program_awaiter(this, void 0, void 0, function* () { return yield this.main.logout(); }));
                     const response = yield command.run(email, password, options);
                     this.processResponse(response);
                 }
@@ -28326,6 +29116,13 @@ class program_Program extends baseProgram_BaseProgram {
             })
                 .action((cmd) => program_awaiter(this, void 0, void 0, function* () {
                 yield this.exitIfNotAuthed();
+                if (this.main.keyConnectorService.getUsesKeyConnector()) {
+                    const logoutCommand = new logout_command_LogoutCommand(this.main.authService, this.main.i18nService, () => program_awaiter(this, void 0, void 0, function* () { return yield this.main.logout(); }));
+                    yield logoutCommand.run();
+                    this.processResponse(Response.error('You cannot lock your vault because you are using Key Connector. ' +
+                        'To protect your vault, you have been logged out.'), true);
+                    return;
+                }
                 const command = new lock_command_LockCommand(this.main.vaultTimeoutService);
                 const response = yield command.run(cmd);
                 this.processResponse(response);
@@ -28443,6 +29240,7 @@ class program_Program extends baseProgram_BaseProgram {
                 .option('--icons <url>', 'Provides a custom icons service URL that differs from the base URL.')
                 .option('--notifications <url>', 'Provides a custom notifications URL that differs from the base URL.')
                 .option('--events <url>', 'Provides a custom events URL that differs from the base URL.')
+                .option('--key-connector <url>', 'Provides the URL for your Key Connector server.')
                 .on('--help', () => {
                 writeLn('\n  Settings:');
                 writeLn('');
@@ -28544,11 +29342,19 @@ class program_Program extends baseProgram_BaseProgram {
             if (!hasKey) {
                 const canInteract = process.env.BW_NOINTERACTION !== 'true';
                 if (canInteract) {
-                    const command = new unlock_command_UnlockCommand(this.main.cryptoService, this.main.userService, this.main.cryptoFunctionService, this.main.apiService, this.main.logService);
-                    const response = yield command.run(null, null);
-                    if (!response.success) {
+                    const usesKeyConnector = yield this.main.keyConnectorService.getUsesKeyConnector();
+                    if (usesKeyConnector) {
+                        const response = Response.error('Your vault is locked. You must unlock your vault using your session key.\n' +
+                            'If you do not have your session key, you can get a new one by logging out and logging in again.');
                         this.processResponse(response, true);
                     }
+                    else {
+                        const command = new unlock_command_UnlockCommand(this.main.cryptoService, this.main.userService, this.main.cryptoFunctionService, this.main.apiService, this.main.logService);
+                        const response = yield command.run(null, null);
+                        if (!response.success) {
+                            this.processResponse(response, true);
+                        }
+                    }
                 }
                 else {
                     this.processResponse(Response.error('Vault is locked.'), true);
@@ -30767,11 +31573,13 @@ var export_command_awaiter = (undefined && undefined.__awaiter) || function (thi
 
 
 
+
 class export_command_ExportCommand {
-    constructor(cryptoService, exportService, policyService) {
-        this.cryptoService = cryptoService;
+    constructor(exportService, policyService, keyConnectorService, userVerificationService) {
         this.exportService = exportService;
         this.policyService = policyService;
+        this.keyConnectorService = keyConnectorService;
+        this.userVerificationService = userVerificationService;
     }
     run(password, options) {
         return export_command_awaiter(this, void 0, void 0, function* () {
@@ -30780,39 +31588,34 @@ class export_command_ExportCommand {
                 return Response.badRequest('One or more organization policies prevents you from exporting your personal vault.');
             }
             const canInteract = process.env.BW_NOINTERACTION !== 'true';
-            if ((password == null || password === '') && canInteract) {
-                const answer = yield external_inquirer_["createPromptModule"]({ output: process.stderr })({
-                    type: 'password',
-                    name: 'password',
-                    message: 'Master password:',
-                });
-                password = answer.password;
+            if (!canInteract) {
+                return Response.badRequest('User verification is required. Try running this command again in interactive mode.');
             }
-            if (password == null || password === '') {
-                return Response.badRequest('Master password is required.');
+            try {
+                (yield this.keyConnectorService.getUsesKeyConnector())
+                    ? yield this.verifyOTP()
+                    : yield this.verifyMasterPassword(password);
             }
-            if (yield this.cryptoService.compareAndUpdateKeyHash(password, null)) {
-                let format = options.format;
-                if (format !== 'encrypted_json' && format !== 'json') {
-                    format = 'csv';
-                }
-                if (options.organizationid != null && !utils_Utils.isGuid(options.organizationid)) {
-                    return Response.error('`' + options.organizationid + '` is not a GUID.');
-                }
-                let exportContent = null;
-                try {
-                    exportContent = options.organizationid != null ?
-                        yield this.exportService.getOrganizationExport(options.organizationid, format) :
-                        yield this.exportService.getExport(format);
-                }
-                catch (e) {
-                    return Response.error(e);
-                }
-                return yield this.saveFile(exportContent, options, format);
+            catch (e) {
+                return Response.badRequest(e.message);
             }
-            else {
-                return Response.error('Invalid master password.');
+            let format = options.format;
+            if (format !== 'encrypted_json' && format !== 'json') {
+                format = 'csv';
+            }
+            if (options.organizationid != null && !utils_Utils.isGuid(options.organizationid)) {
+                return Response.error('`' + options.organizationid + '` is not a GUID.');
+            }
+            let exportContent = null;
+            try {
+                exportContent = options.organizationid != null ?
+                    yield this.exportService.getOrganizationExport(options.organizationid, format) :
+                    yield this.exportService.getExport(format);
+            }
+            catch (e) {
+                return Response.error(e);
             }
+            return yield this.saveFile(exportContent, options, format);
         });
     }
     saveFile(exportContent, options, format) {
@@ -30838,6 +31641,36 @@ class export_command_ExportCommand {
         }
         return this.exportService.getFileName(prefix, format);
     }
+    verifyMasterPassword(password) {
+        return export_command_awaiter(this, void 0, void 0, function* () {
+            if (password == null || password === '') {
+                const answer = yield external_inquirer_["createPromptModule"]({ output: process.stderr })({
+                    type: 'password',
+                    name: 'password',
+                    message: 'Master password:',
+                });
+                password = answer.password;
+            }
+            yield this.userVerificationService.verifyUser({
+                type: VerificationType.MasterPassword,
+                secret: password,
+            });
+        });
+    }
+    verifyOTP() {
+        return export_command_awaiter(this, void 0, void 0, function* () {
+            yield this.userVerificationService.requestOTP();
+            const answer = yield external_inquirer_["createPromptModule"]({ output: process.stderr })({
+                type: 'password',
+                name: 'otp',
+                message: 'A verification code has been emailed to you.\n Verification code:',
+            });
+            yield this.userVerificationService.verifyUser({
+                type: VerificationType.OTP,
+                secret: answer.otp,
+            });
+        });
+    }
 }
 
 // CONCATENATED MODULE: ./src/commands/import.command.ts
@@ -31651,7 +32484,7 @@ class vault_program_VaultProgram extends program_Program {
         })
             .action((password, options) => vault_program_awaiter(this, void 0, void 0, function* () {
             yield this.exitIfLocked();
-            const command = new export_command_ExportCommand(this.main.cryptoService, this.main.exportService, this.main.policyService);
+            const command = new export_command_ExportCommand(this.main.exportService, this.main.policyService, this.main.keyConnectorService, this.main.userVerificationService);
             const response = yield command.run(password, options);
             this.processResponse(response);
         }));
@@ -31704,6 +32537,8 @@ var bw_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _argum
 
 
 
+
+
 
 
 
@@ -31750,23 +32585,25 @@ class bw_Main {
         this.containerService = new ContainerService(this.cryptoService);
         this.settingsService = new SettingsService(this.userService, this.storageService);
         this.fileUploadService = new fileUpload_service_FileUploadService(this.logService, this.apiService);
-        this.cipherService = new cipher_service_CipherService(this.cryptoService, this.userService, this.settingsService, this.apiService, this.fileUploadService, this.storageService, this.i18nService, null);
+        this.cipherService = new cipher_service_CipherService(this.cryptoService, this.userService, this.settingsService, this.apiService, this.fileUploadService, this.storageService, this.i18nService, null, this.logService);
         this.folderService = new folder_service_FolderService(this.cryptoService, this.userService, this.apiService, this.storageService, this.i18nService, this.cipherService);
         this.collectionService = new collection_service_CollectionService(this.cryptoService, this.userService, this.storageService, this.i18nService);
         this.searchService = new search_service_SearchService(this.cipherService, this.logService, this.i18nService);
         this.policyService = new policy_service_PolicyService(this.userService, this.storageService, this.apiService);
         this.sendService = new send_service_SendService(this.cryptoService, this.userService, this.apiService, this.fileUploadService, this.storageService, this.i18nService, this.cryptoFunctionService);
-        this.vaultTimeoutService = new vaultTimeout_service_VaultTimeoutService(this.cipherService, this.folderService, this.collectionService, this.cryptoService, this.platformUtilsService, this.storageService, this.messagingService, this.searchService, this.userService, this.tokenService, this.policyService, () => bw_awaiter(this, void 0, void 0, function* () { return yield this.cryptoService.clearStoredKey('auto'); }), null);
-        this.syncService = new sync_service_SyncService(this.userService, this.apiService, this.settingsService, this.folderService, this.cipherService, this.cryptoService, this.collectionService, this.storageService, this.messagingService, this.policyService, this.sendService, (expired) => bw_awaiter(this, void 0, void 0, function* () { return yield this.logout(); }));
+        this.keyConnectorService = new keyConnector_service_KeyConnectorService(this.storageService, this.userService, this.cryptoService, this.apiService, this.tokenService, this.logService);
+        this.vaultTimeoutService = new vaultTimeout_service_VaultTimeoutService(this.cipherService, this.folderService, this.collectionService, this.cryptoService, this.platformUtilsService, this.storageService, this.messagingService, this.searchService, this.userService, this.tokenService, this.policyService, this.keyConnectorService, () => bw_awaiter(this, void 0, void 0, function* () { return yield this.cryptoService.clearStoredKey('auto'); }), null);
+        this.syncService = new sync_service_SyncService(this.userService, this.apiService, this.settingsService, this.folderService, this.cipherService, this.cryptoService, this.collectionService, this.storageService, this.messagingService, this.policyService, this.sendService, this.logService, this.tokenService, this.keyConnectorService, (expired) => bw_awaiter(this, void 0, void 0, function* () { return yield this.logout(); }));
         this.passwordGenerationService = new passwordGeneration_service_PasswordGenerationService(this.cryptoService, this.storageService, this.policyService);
-        this.totpService = new totp_service_TotpService(this.storageService, this.cryptoFunctionService);
+        this.totpService = new totp_service_TotpService(this.storageService, this.cryptoFunctionService, this.logService);
         this.importService = new import_service_ImportService(this.cipherService, this.folderService, this.apiService, this.i18nService, this.collectionService, this.platformUtilsService, this.cryptoService);
         this.exportService = new export_service_ExportService(this.folderService, this.cipherService, this.apiService, this.cryptoService);
-        this.authService = new auth_service_AuthService(this.cryptoService, this.apiService, this.userService, this.tokenService, this.appIdService, this.i18nService, this.platformUtilsService, this.messagingService, this.vaultTimeoutService, this.logService, true);
+        this.authService = new auth_service_AuthService(this.cryptoService, this.apiService, this.userService, this.tokenService, this.appIdService, this.i18nService, this.platformUtilsService, this.messagingService, this.vaultTimeoutService, this.logService, this.cryptoFunctionService, this.environmentService, this.keyConnectorService, true);
         this.auditService = new audit_service_AuditService(this.cryptoFunctionService, this.apiService);
         this.program = new program_Program(this);
         this.vaultProgram = new vault_program_VaultProgram(this);
         this.sendProgram = new send_program_SendProgram(this);
+        this.userVerificationService = new userVerification_service_UserVerificationService(this.cryptoService, this.i18nService, this.apiService);
     }
     run() {
         return bw_awaiter(this, void 0, void 0, function* () {