@bitwarden/cli 2022.8.0 → 2022.9.0

package/build/bw.js

@@ -20,7 +20,7 @@ module.exports = require("url");
 /***/ 147:
 /***/ ((module) => {
 
-module.exports = JSON.parse('{"name":"@bitwarden/cli","description":"A secure and free password manager for all of your devices.","version":"2022.8.0","keywords":["bitwarden","password","vault","password manager","cli"],"author":"Bitwarden Inc. <hello@bitwarden.com> (https://bitwarden.com)","homepage":"https://bitwarden.com","repository":{"type":"git","url":"https://github.com/bitwarden/cli"},"license":"GPL-3.0-only","scripts":{"clean":"rimraf dist/**/*","build":"webpack","build:debug":"npm run build && node --inspect ./build/bw.js","build:watch":"webpack --watch","build:prod":"cross-env NODE_ENV=production webpack","build:prod:watch":"cross-env NODE_ENV=production webpack --watch","package":"npm run package:win && npm run package:mac && npm run package:lin","package:win":"pkg . --targets win-x64 --output ./dist/windows/bw.exe --build","package:mac":"pkg . --targets macos-x64 --output ./dist/macos/bw","package:lin":"pkg . --targets linux-x64 --output ./dist/linux/bw","debug":"node --inspect ./build/bw.js","dist":"npm run build:prod && npm run clean && npm run package","dist:win":"npm run build:prod && npm run clean && npm run package:win","dist:mac":"npm run build:prod && npm run clean && npm run package:mac","dist:lin":"npm run build:prod && npm run clean && npm run package:lin","publish:npm":"npm run build:prod && npm publish --access public","test":"jest","test:watch":"jest --watch","test:watch:all":"jest --watchAll"},"bin":{"bw":"build/bw.js"},"pkg":{"assets":"./build/**/*"},"dependencies":{"@koa/multer":"^3.0.0","@koa/router":"^10.1.1","big-integer":"^1.6.51","browser-hrtime":"^1.1.8","chalk":"^4.1.1","commander":"7.2.0","form-data":"4.0.0","https-proxy-agent":"5.0.0","inquirer":"8.0.0","jsdom":"^16.7.0","jszip":"^3.10.0","koa":"^2.13.4","koa-bodyparser":"^4.3.0","koa-json":"^2.0.2","lowdb":"1.0.0","lunr":"^2.3.9","multer":"^1.4.5-lts.1","node-fetch":"^2.6.7","node-forge":"1.3.1","open":"^8.4.0","papaparse":"^5.3.2","proper-lockfile":"^4.1.2","rxjs":"^7.5.5","tldjs":"^2.3.1","zxcvbn":"^4.4.2"}}');
+module.exports = JSON.parse('{"name":"@bitwarden/cli","description":"A secure and free password manager for all of your devices.","version":"2022.9.0","keywords":["bitwarden","password","vault","password manager","cli"],"author":"Bitwarden Inc. <hello@bitwarden.com> (https://bitwarden.com)","homepage":"https://bitwarden.com","repository":{"type":"git","url":"https://github.com/bitwarden/cli"},"license":"GPL-3.0-only","scripts":{"clean":"rimraf dist/**/*","build":"webpack","build:debug":"npm run build && node --inspect ./build/bw.js","build:watch":"webpack --watch","build:prod":"cross-env NODE_ENV=production webpack","build:prod:watch":"cross-env NODE_ENV=production webpack --watch","package":"npm run package:win && npm run package:mac && npm run package:lin","package:win":"pkg . --targets win-x64 --output ./dist/windows/bw.exe --build","package:mac":"pkg . --targets macos-x64 --output ./dist/macos/bw","package:lin":"pkg . --targets linux-x64 --output ./dist/linux/bw","debug":"node --inspect ./build/bw.js","dist":"npm run build:prod && npm run clean && npm run package","dist:win":"npm run build:prod && npm run clean && npm run package:win","dist:mac":"npm run build:prod && npm run clean && npm run package:mac","dist:lin":"npm run build:prod && npm run clean && npm run package:lin","publish:npm":"npm run build:prod && npm publish --access public","test":"jest","test:watch":"jest --watch","test:watch:all":"jest --watchAll"},"bin":{"bw":"build/bw.js"},"pkg":{"assets":"./build/**/*"},"dependencies":{"@koa/multer":"^3.0.0","@koa/router":"^10.1.1","big-integer":"^1.6.51","browser-hrtime":"^1.1.8","chalk":"^4.1.1","commander":"7.2.0","form-data":"4.0.0","https-proxy-agent":"5.0.0","inquirer":"8.0.0","jsdom":"^16.7.0","jszip":"^3.10.0","koa":"^2.13.4","koa-bodyparser":"^4.3.0","koa-json":"^2.0.2","lowdb":"1.0.0","lunr":"^2.3.9","multer":"^1.4.5-lts.1","node-fetch":"^2.6.7","node-forge":"1.3.1","open":"^8.4.0","papaparse":"^5.3.2","proper-lockfile":"^4.1.2","rxjs":"^7.5.5","tldjs":"^2.3.1","zxcvbn":"^4.4.2"}}');
 
 /***/ })
 
@@ -237,7 +237,8 @@ var StateVersion;
     StateVersion[StateVersion["Three"] = 3] = "Three";
     StateVersion[StateVersion["Four"] = 4] = "Four";
     StateVersion[StateVersion["Five"] = 5] = "Five";
-    StateVersion[StateVersion["Latest"] = 5] = "Latest";
+    StateVersion[StateVersion["Six"] = 6] = "Six";
+    StateVersion[StateVersion["Latest"] = 6] = "Latest";
 })(StateVersion || (StateVersion = {}));
 
 ;// CONCATENATED MODULE: ../../libs/common/src/enums/themeType.ts
@@ -295,14 +296,23 @@ class Utils {
         Utils.isBrowser = typeof window !== "undefined";
         Utils.isMobileBrowser = Utils.isBrowser && this.isMobile(window);
         Utils.isAppleMobileBrowser = Utils.isBrowser && this.isAppleMobile(window);
-        Utils.global = Utils.isNode && !Utils.isBrowser ? global : window;
+        if (Utils.isNode) {
+            Utils.global = global;
+        }
+        else if (Utils.isBrowser) {
+            Utils.global = window;
+        }
+        else {
+            // If it's not browser or node then it must be a service worker
+            Utils.global = self;
+        }
     }
     static fromB64ToArray(str) {
         if (Utils.isNode) {
             return new Uint8Array(Buffer.from(str, "base64"));
         }
         else {
-            const binaryString = window.atob(str);
+            const binaryString = Utils.global.atob(str);
             const bytes = new Uint8Array(binaryString.length);
             for (let i = 0; i < binaryString.length; i++) {
                 bytes[i] = binaryString.charCodeAt(i);
@@ -355,7 +365,7 @@ class Utils {
             for (let i = 0; i < bytes.byteLength; i++) {
                 binary += String.fromCharCode(bytes[i]);
             }
-            return window.btoa(binary);
+            return Utils.global.btoa(binary);
         }
     }
     static fromBufferToUrlB64(buffer) {
@@ -413,7 +423,7 @@ class Utils {
             return Buffer.from(utfStr, "utf8").toString("base64");
         }
         else {
-            return decodeURIComponent(escape(window.btoa(utfStr)));
+            return decodeURIComponent(escape(Utils.global.btoa(utfStr)));
         }
     }
     static fromUtf8ToUrlB64(utfStr) {
@@ -424,7 +434,7 @@ class Utils {
             return Buffer.from(b64Str, "base64").toString("utf8");
         }
         else {
-            return decodeURIComponent(escape(window.atob(b64Str)));
+            return decodeURIComponent(escape(Utils.global.atob(b64Str)));
         }
     }
     // ref: http://stackoverflow.com/a/2117523/1090359
@@ -596,7 +606,7 @@ class Utils {
             else if (typeof URL === "function") {
                 return new URL(uriString);
             }
-            else if (window != null) {
+            else if (typeof window !== "undefined") {
                 const hasProtocol = uriString.indexOf("://") > -1;
                 if (!hasProtocol && uriString.indexOf(".") > -1) {
                     uriString = "http://" + uriString;
@@ -1116,7 +1126,6 @@ class LogInStrategy {
                 yield this.cryptoService.setEncPrivateKey((_a = response.privateKey) !== null && _a !== void 0 ? _a : (yield this.createKeyPairForOldAccount()));
             }
             yield this.onSuccessfulLogin(response);
-            yield this.stateService.setBiometricLocked(false);
             this.messagingService.send("loggedIn");
             return result;
         });
@@ -1364,17 +1373,15 @@ class ErrorResponse extends BaseResponse {
                 errorModel = response;
             }
         }
-        if (errorModel) {
+        if (status === 429) {
+            this.message = "Rate limit exceeded. Try again later.";
+        }
+        else if (errorModel) {
             this.message = this.getResponseProperty("Message", errorModel);
             this.validationErrors = this.getResponseProperty("ValidationErrors", errorModel);
             this.captchaSiteKey = (_b = (_a = this.validationErrors) === null || _a === void 0 ? void 0 : _a.HCaptcha_SiteKey) === null || _b === void 0 ? void 0 : _b[0];
             this.captchaRequired = !Utils.isNullOrWhitespace(this.captchaSiteKey);
         }
-        else {
-            if (status === 429) {
-                this.message = "Rate limit exceeded. Try again later.";
-            }
-        }
         this.statusCode = status;
     }
     getSingleMessage() {
@@ -1860,7 +1867,79 @@ class CipherData {
     }
 }
 
+;// CONCATENATED MODULE: ../../libs/common/src/enums/encryptionType.ts
+var EncryptionType;
+(function (EncryptionType) {
+    EncryptionType[EncryptionType["AesCbc256_B64"] = 0] = "AesCbc256_B64";
+    EncryptionType[EncryptionType["AesCbc128_HmacSha256_B64"] = 1] = "AesCbc128_HmacSha256_B64";
+    EncryptionType[EncryptionType["AesCbc256_HmacSha256_B64"] = 2] = "AesCbc256_HmacSha256_B64";
+    EncryptionType[EncryptionType["Rsa2048_OaepSha256_B64"] = 3] = "Rsa2048_OaepSha256_B64";
+    EncryptionType[EncryptionType["Rsa2048_OaepSha1_B64"] = 4] = "Rsa2048_OaepSha1_B64";
+    EncryptionType[EncryptionType["Rsa2048_OaepSha256_HmacSha256_B64"] = 5] = "Rsa2048_OaepSha256_HmacSha256_B64";
+    EncryptionType[EncryptionType["Rsa2048_OaepSha1_HmacSha256_B64"] = 6] = "Rsa2048_OaepSha1_HmacSha256_B64";
+})(EncryptionType || (EncryptionType = {}));
+
+;// CONCATENATED MODULE: ../../libs/common/src/models/domain/symmetricCryptoKey.ts
+
+
+class SymmetricCryptoKey {
+    constructor(key, encType) {
+        if (key == null) {
+            throw new Error("Must provide key");
+        }
+        if (encType == null) {
+            if (key.byteLength === 32) {
+                encType = EncryptionType.AesCbc256_B64;
+            }
+            else if (key.byteLength === 64) {
+                encType = EncryptionType.AesCbc256_HmacSha256_B64;
+            }
+            else {
+                throw new Error("Unable to determine encType.");
+            }
+        }
+        this.key = key;
+        this.encType = encType;
+        if (encType === EncryptionType.AesCbc256_B64 && key.byteLength === 32) {
+            this.encKey = key;
+            this.macKey = null;
+        }
+        else if (encType === EncryptionType.AesCbc128_HmacSha256_B64 && key.byteLength === 32) {
+            this.encKey = key.slice(0, 16);
+            this.macKey = key.slice(16, 32);
+        }
+        else if (encType === EncryptionType.AesCbc256_HmacSha256_B64 && key.byteLength === 64) {
+            this.encKey = key.slice(0, 32);
+            this.macKey = key.slice(32, 64);
+        }
+        else {
+            throw new Error("Unsupported encType/key length.");
+        }
+        if (this.key != null) {
+            this.keyB64 = Utils.fromBufferToB64(this.key);
+        }
+        if (this.encKey != null) {
+            this.encKeyB64 = Utils.fromBufferToB64(this.encKey);
+        }
+        if (this.macKey != null) {
+            this.macKeyB64 = Utils.fromBufferToB64(this.macKey);
+        }
+    }
+    toJSON() {
+        // The whole object is constructed from the initial key, so just store the B64 key
+        return { keyB64: this.keyB64 };
+    }
+    static fromJSON(obj) {
+        if (obj == null) {
+            return null;
+        }
+        const arrayBuffer = Utils.fromB64ToArray(obj.keyB64).buffer;
+        return new SymmetricCryptoKey(arrayBuffer);
+    }
+}
+
 ;// CONCATENATED MODULE: ../../libs/common/src/models/view/attachmentView.ts
+
 class AttachmentView {
     constructor(a) {
         this.id = null;
@@ -1888,20 +1967,12 @@ class AttachmentView {
         }
         return 0;
     }
+    static fromJSON(obj) {
+        const key = obj.key == null ? null : SymmetricCryptoKey.fromJSON(obj.key);
+        return Object.assign(new AttachmentView(), obj, { key: key });
+    }
 }
 
-;// CONCATENATED MODULE: ../../libs/common/src/enums/encryptionType.ts
-var EncryptionType;
-(function (EncryptionType) {
-    EncryptionType[EncryptionType["AesCbc256_B64"] = 0] = "AesCbc256_B64";
-    EncryptionType[EncryptionType["AesCbc128_HmacSha256_B64"] = 1] = "AesCbc128_HmacSha256_B64";
-    EncryptionType[EncryptionType["AesCbc256_HmacSha256_B64"] = 2] = "AesCbc256_HmacSha256_B64";
-    EncryptionType[EncryptionType["Rsa2048_OaepSha256_B64"] = 3] = "Rsa2048_OaepSha256_B64";
-    EncryptionType[EncryptionType["Rsa2048_OaepSha1_B64"] = 4] = "Rsa2048_OaepSha1_B64";
-    EncryptionType[EncryptionType["Rsa2048_OaepSha256_HmacSha256_B64"] = 5] = "Rsa2048_OaepSha256_HmacSha256_B64";
-    EncryptionType[EncryptionType["Rsa2048_OaepSha1_HmacSha256_B64"] = 6] = "Rsa2048_OaepSha1_HmacSha256_B64";
-})(EncryptionType || (EncryptionType = {}));
-
 ;// CONCATENATED MODULE: ../../libs/common/src/models/domain/encString.ts
 var encString_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
@@ -1917,47 +1988,76 @@ var encString_awaiter = (undefined && undefined.__awaiter) || function (thisArg,
 class EncString {
     constructor(encryptedStringOrType, data, iv, mac) {
         if (data != null) {
-            // data and header
-            const encType = encryptedStringOrType;
-            if (iv != null) {
-                this.encryptedString = encType + "." + iv + "|" + data;
+            this.initFromData(encryptedStringOrType, data, iv, mac);
+        }
+        else {
+            this.initFromEncryptedString(encryptedStringOrType);
+        }
+    }
+    decrypt(orgId, key = null) {
+        return encString_awaiter(this, void 0, void 0, function* () {
+            if (this.decryptedValue != null) {
+                return this.decryptedValue;
             }
-            else {
-                this.encryptedString = encType + "." + data;
+            let cryptoService;
+            const containerService = Utils.global.bitwardenContainerService;
+            if (containerService) {
+                cryptoService = containerService.getCryptoService();
             }
-            // mac
-            if (mac != null) {
-                this.encryptedString += "|" + mac;
+            else {
+                throw new Error("global bitwardenContainerService not initialized.");
             }
-            this.encryptionType = encType;
-            this.data = data;
-            this.iv = iv;
-            this.mac = mac;
-            return;
-        }
-        this.encryptedString = encryptedStringOrType;
-        if (!this.encryptedString) {
-            return;
-        }
-        const headerPieces = this.encryptedString.split(".");
-        let encPieces = null;
-        if (headerPieces.length === 2) {
             try {
-                this.encryptionType = parseInt(headerPieces[0], null);
-                encPieces = headerPieces[1].split("|");
+                if (key == null) {
+                    key = yield cryptoService.getOrgKey(orgId);
+                }
+                this.decryptedValue = yield cryptoService.decryptToUtf8(this, key);
             }
             catch (e) {
-                return;
+                this.decryptedValue = "[error: cannot decrypt]";
             }
+            return this.decryptedValue;
+        });
+    }
+    get ivBytes() {
+        return this.iv == null ? null : Utils.fromB64ToArray(this.iv).buffer;
+    }
+    get macBytes() {
+        return this.mac == null ? null : Utils.fromB64ToArray(this.mac).buffer;
+    }
+    get dataBytes() {
+        return this.data == null ? null : Utils.fromB64ToArray(this.data).buffer;
+    }
+    toJSON() {
+        return this.encryptedString;
+    }
+    static fromJSON(obj) {
+        return new EncString(obj);
+    }
+    initFromData(encType, data, iv, mac) {
+        if (iv != null) {
+            this.encryptedString = encType + "." + iv + "|" + data;
         }
         else {
-            encPieces = this.encryptedString.split("|");
-            this.encryptionType =
-                encPieces.length === 3
-                    ? EncryptionType.AesCbc128_HmacSha256_B64
-                    : EncryptionType.AesCbc256_B64;
+            this.encryptedString = encType + "." + data;
         }
-        switch (this.encryptionType) {
+        // mac
+        if (mac != null) {
+            this.encryptedString += "|" + mac;
+        }
+        this.encryptionType = encType;
+        this.data = data;
+        this.iv = iv;
+        this.mac = mac;
+    }
+    initFromEncryptedString(encryptedString) {
+        this.encryptedString = encryptedString;
+        if (!this.encryptedString) {
+            return;
+        }
+        const { encType, encPieces } = this.parseEncryptedString(this.encryptedString);
+        this.encryptionType = encType;
+        switch (encType) {
             case EncryptionType.AesCbc128_HmacSha256_B64:
             case EncryptionType.AesCbc256_HmacSha256_B64:
                 if (encPieces.length !== 3) {
@@ -1985,30 +2085,30 @@ class EncString {
                 return;
         }
     }
-    decrypt(orgId, key = null) {
-        return encString_awaiter(this, void 0, void 0, function* () {
-            if (this.decryptedValue != null) {
-                return this.decryptedValue;
-            }
-            let cryptoService;
-            const containerService = Utils.global.bitwardenContainerService;
-            if (containerService) {
-                cryptoService = containerService.getCryptoService();
-            }
-            else {
-                throw new Error("global bitwardenContainerService not initialized.");
-            }
+    parseEncryptedString(encryptedString) {
+        const headerPieces = encryptedString.split(".");
+        let encType;
+        let encPieces = null;
+        if (headerPieces.length === 2) {
             try {
-                if (key == null) {
-                    key = yield cryptoService.getOrgKey(orgId);
-                }
-                this.decryptedValue = yield cryptoService.decryptToUtf8(this, key);
+                encType = parseInt(headerPieces[0], null);
+                encPieces = headerPieces[1].split("|");
             }
             catch (e) {
-                this.decryptedValue = "[error: cannot decrypt]";
+                return;
             }
-            return this.decryptedValue;
-        });
+        }
+        else {
+            encPieces = encryptedString.split("|");
+            encType =
+                encPieces.length === 3
+                    ? EncryptionType.AesCbc128_HmacSha256_B64
+                    : EncryptionType.AesCbc256_B64;
+        }
+        return {
+            encType,
+            encPieces,
+        };
     }
 }
 
@@ -2084,69 +2184,6 @@ class Domain {
     }
 }
 
-;// CONCATENATED MODULE: ../../libs/common/src/models/domain/symmetricCryptoKey.ts
-
-
-class SymmetricCryptoKey {
-    constructor(key, encType) {
-        if (key == null) {
-            throw new Error("Must provide key");
-        }
-        if (encType == null) {
-            if (key.byteLength === 32) {
-                encType = EncryptionType.AesCbc256_B64;
-            }
-            else if (key.byteLength === 64) {
-                encType = EncryptionType.AesCbc256_HmacSha256_B64;
-            }
-            else {
-                throw new Error("Unable to determine encType.");
-            }
-        }
-        this.key = key;
-        this.encType = encType;
-        if (encType === EncryptionType.AesCbc256_B64 && key.byteLength === 32) {
-            this.encKey = key;
-            this.macKey = null;
-        }
-        else if (encType === EncryptionType.AesCbc128_HmacSha256_B64 && key.byteLength === 32) {
-            this.encKey = key.slice(0, 16);
-            this.macKey = key.slice(16, 32);
-        }
-        else if (encType === EncryptionType.AesCbc256_HmacSha256_B64 && key.byteLength === 64) {
-            this.encKey = key.slice(0, 32);
-            this.macKey = key.slice(32, 64);
-        }
-        else {
-            throw new Error("Unsupported encType/key length.");
-        }
-        if (this.key != null) {
-            this.keyB64 = Utils.fromBufferToB64(this.key);
-        }
-        if (this.encKey != null) {
-            this.encKeyB64 = Utils.fromBufferToB64(this.encKey);
-        }
-        if (this.macKey != null) {
-            this.macKeyB64 = Utils.fromBufferToB64(this.macKey);
-        }
-    }
-    static initFromJson(jsonResult) {
-        if (jsonResult == null) {
-            return jsonResult;
-        }
-        if (jsonResult.keyB64 != null) {
-            jsonResult.key = Utils.fromB64ToArray(jsonResult.keyB64).buffer;
-        }
-        if (jsonResult.encKeyB64 != null) {
-            jsonResult.encKey = Utils.fromB64ToArray(jsonResult.encKeyB64).buffer;
-        }
-        if (jsonResult.macKeyB64 != null) {
-            jsonResult.macKey = Utils.fromB64ToArray(jsonResult.macKeyB64).buffer;
-        }
-        return jsonResult;
-    }
-}
-
 ;// CONCATENATED MODULE: ../../libs/common/src/models/domain/attachment.ts
 var attachment_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
@@ -2304,7 +2341,7 @@ var cardView_metadata = (undefined && undefined.__metadata) || function (k, v) {
 
 class CardView extends ItemView {
     constructor() {
-        super();
+        super(...arguments);
         this.cardholderName = null;
         this.expMonth = null;
         this.expYear = null;
@@ -2361,6 +2398,9 @@ class CardView extends ItemView {
     formatYear(year) {
         return year.length === 2 ? "20" + year : year;
     }
+    static fromJSON(obj) {
+        return Object.assign(new CardView(), obj);
+    }
 }
 cardView_decorate([
     linkedFieldOption(CardLinkedId.CardholderName),
@@ -2439,6 +2479,30 @@ var CipherRepromptType;
     CipherRepromptType[CipherRepromptType["Password"] = 1] = "Password";
 })(CipherRepromptType || (CipherRepromptType = {}));
 
+;// CONCATENATED MODULE: ../../libs/common/src/models/view/fieldView.ts
+class FieldView {
+    constructor(f) {
+        this.name = null;
+        this.value = null;
+        this.type = null;
+        this.newField = false; // Marks if the field is new and hasn't been saved
+        this.showValue = false;
+        this.showCount = false;
+        this.linkedId = null;
+        if (!f) {
+            return;
+        }
+        this.type = f.type;
+        this.linkedId = f.linkedId;
+    }
+    get maskedValue() {
+        return this.value != null ? "••••••••" : null;
+    }
+    static fromJSON(obj) {
+        return Object.assign(new FieldView(), obj);
+    }
+}
+
 ;// CONCATENATED MODULE: ../../libs/common/src/models/view/identityView.ts
 var identityView_decorate = (undefined && undefined.__decorate) || function (decorators, target, key, desc) {
     var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
@@ -2557,6 +2621,9 @@ class IdentityView extends ItemView {
         addressPart2 += ", " + postalCode;
         return addressPart2;
     }
+    static fromJSON(obj) {
+        return Object.assign(new IdentityView(), obj);
+    }
 }
 identityView_decorate([
     linkedFieldOption(IdentityLinkedId.Title),
@@ -2638,6 +2705,116 @@ identityView_decorate([
     identityView_metadata("design:paramtypes", [])
 ], IdentityView.prototype, "fullName", null);
 
+;// CONCATENATED MODULE: ../../libs/common/src/models/view/loginUriView.ts
+
+
+const CanLaunchWhitelist = [
+    "https://",
+    "http://",
+    "ssh://",
+    "ftp://",
+    "sftp://",
+    "irc://",
+    "vnc://",
+    // https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-uri
+    "rdp://",
+    "ms-rd:",
+    "chrome://",
+    "iosapp://",
+    "androidapp://",
+];
+class LoginUriView {
+    constructor(u) {
+        this.match = null;
+        this._uri = null;
+        this._domain = null;
+        this._hostname = null;
+        this._host = null;
+        this._canLaunch = null;
+        if (!u) {
+            return;
+        }
+        this.match = u.match;
+    }
+    get uri() {
+        return this._uri;
+    }
+    set uri(value) {
+        this._uri = value;
+        this._domain = null;
+        this._canLaunch = null;
+    }
+    get domain() {
+        if (this._domain == null && this.uri != null) {
+            this._domain = Utils.getDomain(this.uri);
+            if (this._domain === "") {
+                this._domain = null;
+            }
+        }
+        return this._domain;
+    }
+    get hostname() {
+        if (this.match === UriMatchType.RegularExpression) {
+            return null;
+        }
+        if (this._hostname == null && this.uri != null) {
+            this._hostname = Utils.getHostname(this.uri);
+            if (this._hostname === "") {
+                this._hostname = null;
+            }
+        }
+        return this._hostname;
+    }
+    get host() {
+        if (this.match === UriMatchType.RegularExpression) {
+            return null;
+        }
+        if (this._host == null && this.uri != null) {
+            this._host = Utils.getHost(this.uri);
+            if (this._host === "") {
+                this._host = null;
+            }
+        }
+        return this._host;
+    }
+    get hostnameOrUri() {
+        return this.hostname != null ? this.hostname : this.uri;
+    }
+    get hostOrUri() {
+        return this.host != null ? this.host : this.uri;
+    }
+    get isWebsite() {
+        return (this.uri != null &&
+            (this.uri.indexOf("http://") === 0 ||
+                this.uri.indexOf("https://") === 0 ||
+                (this.uri.indexOf("://") < 0 && Utils.tldEndingRegex.test(this.uri))));
+    }
+    get canLaunch() {
+        if (this._canLaunch != null) {
+            return this._canLaunch;
+        }
+        if (this.uri != null && this.match !== UriMatchType.RegularExpression) {
+            const uri = this.launchUri;
+            for (let i = 0; i < CanLaunchWhitelist.length; i++) {
+                if (uri.indexOf(CanLaunchWhitelist[i]) === 0) {
+                    this._canLaunch = true;
+                    return this._canLaunch;
+                }
+            }
+        }
+        this._canLaunch = false;
+        return this._canLaunch;
+    }
+    get launchUri() {
+        return this.uri.indexOf("://") < 0 && Utils.tldEndingRegex.test(this.uri)
+            ? "http://" + this.uri
+            : this.uri;
+    }
+    static fromJSON(obj) {
+        return Object.assign(new LoginUriView(), obj);
+    }
+}
+
 ;// CONCATENATED MODULE: ../../libs/common/src/models/view/loginView.ts
 var loginView_decorate = (undefined && undefined.__decorate) || function (decorators, target, key, desc) {
     var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
@@ -2652,6 +2829,7 @@ var loginView_metadata = (undefined && undefined.__metadata) || function (k, v)
 
 
 
+
 class LoginView extends ItemView {
     constructor(l) {
         super();
@@ -2694,6 +2872,15 @@ class LoginView extends ItemView {
     get hasUris() {
         return this.uris != null && this.uris.length > 0;
     }
+    static fromJSON(obj) {
+        var _a;
+        const passwordRevisionDate = obj.passwordRevisionDate == null ? null : new Date(obj.passwordRevisionDate);
+        const uris = (_a = obj.uris) === null || _a === void 0 ? void 0 : _a.map((uri) => LoginUriView.fromJSON(uri));
+        return Object.assign(new LoginView(), obj, {
+            passwordRevisionDate: passwordRevisionDate,
+            uris: uris,
+        });
+    }
 }
 loginView_decorate([
     linkedFieldOption(LoginLinkedId.Username),
@@ -2704,6 +2891,24 @@ loginView_decorate([
     loginView_metadata("design:type", String)
 ], LoginView.prototype, "password", void 0);
 
+;// CONCATENATED MODULE: ../../libs/common/src/models/view/passwordHistoryView.ts
+class PasswordHistoryView {
+    constructor(ph) {
+        this.password = null;
+        this.lastUsedDate = null;
+        if (!ph) {
+            return;
+        }
+        this.lastUsedDate = ph.lastUsedDate;
+    }
+    static fromJSON(obj) {
+        const lastUsedDate = obj.lastUsedDate == null ? null : new Date(obj.lastUsedDate);
+        return Object.assign(new PasswordHistoryView(), obj, {
+            lastUsedDate: lastUsedDate,
+        });
+    }
+}
+
 ;// CONCATENATED MODULE: ../../libs/common/src/models/view/secureNoteView.ts
 
 class SecureNoteView extends ItemView {
@@ -2718,6 +2923,9 @@ class SecureNoteView extends ItemView {
     get subTitle() {
         return null;
     }
+    static fromJSON(obj) {
+        return Object.assign(new SecureNoteView(), obj);
+    }
 }
 
 ;// CONCATENATED MODULE: ../../libs/common/src/models/view/cipherView.ts
@@ -2727,6 +2935,9 @@ class SecureNoteView extends ItemView {
 
 
 
+
+
+
 class CipherView {
     constructor(c) {
         var _a;
@@ -2834,26 +3045,38 @@ class CipherView {
         var _a;
         return (_a = this.linkedFieldOptions.get(id)) === null || _a === void 0 ? void 0 : _a.i18nKey;
     }
-}
-
-;// CONCATENATED MODULE: ../../libs/common/src/models/view/fieldView.ts
-class FieldView {
-    constructor(f) {
-        this.name = null;
-        this.value = null;
-        this.type = null;
-        this.newField = false; // Marks if the field is new and hasn't been saved
-        this.showValue = false;
-        this.showCount = false;
-        this.linkedId = null;
-        if (!f) {
-            return;
+    static fromJSON(obj) {
+        var _a, _b, _c;
+        const view = new CipherView();
+        const revisionDate = obj.revisionDate == null ? null : new Date(obj.revisionDate);
+        const deletedDate = obj.deletedDate == null ? null : new Date(obj.deletedDate);
+        const attachments = (_a = obj.attachments) === null || _a === void 0 ? void 0 : _a.map((a) => AttachmentView.fromJSON(a));
+        const fields = (_b = obj.fields) === null || _b === void 0 ? void 0 : _b.map((f) => FieldView.fromJSON(f));
+        const passwordHistory = (_c = obj.passwordHistory) === null || _c === void 0 ? void 0 : _c.map((ph) => PasswordHistoryView.fromJSON(ph));
+        Object.assign(view, obj, {
+            revisionDate: revisionDate,
+            deletedDate: deletedDate,
+            attachments: attachments,
+            fields: fields,
+            passwordHistory: passwordHistory,
+        });
+        switch (obj.type) {
+            case CipherType.Card:
+                view.card = CardView.fromJSON(obj.card);
+                break;
+            case CipherType.Identity:
+                view.identity = IdentityView.fromJSON(obj.identity);
+                break;
+            case CipherType.Login:
+                view.login = LoginView.fromJSON(obj.login);
+                break;
+            case CipherType.SecureNote:
+                view.secureNote = SecureNoteView.fromJSON(obj.secureNote);
+                break;
+            default:
+                break;
         }
-        this.type = f.type;
-        this.linkedId = f.linkedId;
-    }
-    get maskedValue() {
-        return this.value != null ? "••••••••" : null;
+        return view;
     }
 }
 
@@ -2971,113 +3194,6 @@ class Identity extends Domain {
     }
 }
 
-;// CONCATENATED MODULE: ../../libs/common/src/models/view/loginUriView.ts
-
-
-const CanLaunchWhitelist = [
-    "https://",
-    "http://",
-    "ssh://",
-    "ftp://",
-    "sftp://",
-    "irc://",
-    "vnc://",
-    // https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-uri
-    "rdp://",
-    "ms-rd:",
-    "chrome://",
-    "iosapp://",
-    "androidapp://",
-];
-class LoginUriView {
-    constructor(u) {
-        this.match = null;
-        this._uri = null;
-        this._domain = null;
-        this._hostname = null;
-        this._host = null;
-        this._canLaunch = null;
-        if (!u) {
-            return;
-        }
-        this.match = u.match;
-    }
-    get uri() {
-        return this._uri;
-    }
-    set uri(value) {
-        this._uri = value;
-        this._domain = null;
-        this._canLaunch = null;
-    }
-    get domain() {
-        if (this._domain == null && this.uri != null) {
-            this._domain = Utils.getDomain(this.uri);
-            if (this._domain === "") {
-                this._domain = null;
-            }
-        }
-        return this._domain;
-    }
-    get hostname() {
-        if (this.match === UriMatchType.RegularExpression) {
-            return null;
-        }
-        if (this._hostname == null && this.uri != null) {
-            this._hostname = Utils.getHostname(this.uri);
-            if (this._hostname === "") {
-                this._hostname = null;
-            }
-        }
-        return this._hostname;
-    }
-    get host() {
-        if (this.match === UriMatchType.RegularExpression) {
-            return null;
-        }
-        if (this._host == null && this.uri != null) {
-            this._host = Utils.getHost(this.uri);
-            if (this._host === "") {
-                this._host = null;
-            }
-        }
-        return this._host;
-    }
-    get hostnameOrUri() {
-        return this.hostname != null ? this.hostname : this.uri;
-    }
-    get hostOrUri() {
-        return this.host != null ? this.host : this.uri;
-    }
-    get isWebsite() {
-        return (this.uri != null &&
-            (this.uri.indexOf("http://") === 0 ||
-                this.uri.indexOf("https://") === 0 ||
-                (this.uri.indexOf("://") < 0 && Utils.tldEndingRegex.test(this.uri))));
-    }
-    get canLaunch() {
-        if (this._canLaunch != null) {
-            return this._canLaunch;
-        }
-        if (this.uri != null && this.match !== UriMatchType.RegularExpression) {
-            const uri = this.launchUri;
-            for (let i = 0; i < CanLaunchWhitelist.length; i++) {
-                if (uri.indexOf(CanLaunchWhitelist[i]) === 0) {
-                    this._canLaunch = true;
-                    return this._canLaunch;
-                }
-            }
-        }
-        this._canLaunch = false;
-        return this._canLaunch;
-    }
-    get launchUri() {
-        return this.uri.indexOf("://") < 0 && Utils.tldEndingRegex.test(this.uri)
-            ? "http://" + this.uri
-            : this.uri;
-    }
-}
-
 ;// CONCATENATED MODULE: ../../libs/common/src/models/domain/loginUri.ts
 
 
@@ -3180,18 +3296,6 @@ class Login extends Domain {
     }
 }
 
-;// CONCATENATED MODULE: ../../libs/common/src/models/view/passwordHistoryView.ts
-class PasswordHistoryView {
-    constructor(ph) {
-        this.password = null;
-        this.lastUsedDate = null;
-        if (!ph) {
-            return;
-        }
-        this.lastUsedDate = ph.lastUsedDate;
-    }
-}
-
 ;// CONCATENATED MODULE: ../../libs/common/src/models/domain/password.ts
 
 
@@ -3441,6 +3545,75 @@ class Cipher extends Domain {
     }
 }
 
+;// CONCATENATED MODULE: ../../libs/common/src/models/domain/encArrayBuffer.ts
+var encArrayBuffer_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+
+
+const ENC_TYPE_LENGTH = 1;
+const IV_LENGTH = 16;
+const MAC_LENGTH = 32;
+const MIN_DATA_LENGTH = 1;
+class EncArrayBuffer {
+    constructor(buffer) {
+        this.buffer = buffer;
+        this.encryptionType = null;
+        this.dataBytes = null;
+        this.ivBytes = null;
+        this.macBytes = null;
+        const encBytes = new Uint8Array(buffer);
+        const encType = encBytes[0];
+        switch (encType) {
+            case EncryptionType.AesCbc128_HmacSha256_B64:
+            case EncryptionType.AesCbc256_HmacSha256_B64: {
+                const minimumLength = ENC_TYPE_LENGTH + IV_LENGTH + MAC_LENGTH + MIN_DATA_LENGTH;
+                if (encBytes.length < minimumLength) {
+                    this.throwDecryptionError();
+                }
+                this.ivBytes = encBytes.slice(ENC_TYPE_LENGTH, ENC_TYPE_LENGTH + IV_LENGTH).buffer;
+                this.macBytes = encBytes.slice(ENC_TYPE_LENGTH + IV_LENGTH, ENC_TYPE_LENGTH + IV_LENGTH + MAC_LENGTH).buffer;
+                this.dataBytes = encBytes.slice(ENC_TYPE_LENGTH + IV_LENGTH + MAC_LENGTH).buffer;
+                break;
+            }
+            case EncryptionType.AesCbc256_B64: {
+                const minimumLength = ENC_TYPE_LENGTH + IV_LENGTH + MIN_DATA_LENGTH;
+                if (encBytes.length < minimumLength) {
+                    this.throwDecryptionError();
+                }
+                this.ivBytes = encBytes.slice(ENC_TYPE_LENGTH, ENC_TYPE_LENGTH + IV_LENGTH).buffer;
+                this.dataBytes = encBytes.slice(ENC_TYPE_LENGTH + IV_LENGTH).buffer;
+                break;
+            }
+            default:
+                this.throwDecryptionError();
+        }
+        this.encryptionType = encType;
+    }
+    throwDecryptionError() {
+        throw new Error("Error parsing encrypted ArrayBuffer: data is corrupted or has an invalid format.");
+    }
+    static fromResponse(response) {
+        return encArrayBuffer_awaiter(this, void 0, void 0, function* () {
+            const buffer = yield response.arrayBuffer();
+            if (buffer == null) {
+                throw new Error("Cannot create EncArrayBuffer from Response - Response is empty");
+            }
+            return new EncArrayBuffer(buffer);
+        });
+    }
+    static fromB64(b64) {
+        const buffer = Utils.fromB64ToArray(b64).buffer;
+        return new EncArrayBuffer(buffer);
+    }
+}
+
 ;// CONCATENATED MODULE: ../../libs/common/src/models/domain/sortedCiphersCache.ts
 const CacheTTL = 3000;
 class SortedCiphersCache {
@@ -3875,6 +4048,7 @@ var cipher_service_awaiter = (undefined && undefined.__awaiter) || function (thi
 
 
 
+
 
 
 const DomainMatchBlacklist = new Map([
@@ -4771,8 +4945,8 @@ class CipherService {
             if (attachmentResponse.status !== 200) {
                 throw Error("Failed to download attachment: " + attachmentResponse.status.toString());
             }
-            const buf = yield attachmentResponse.arrayBuffer();
-            const decBuf = yield this.cryptoService.decryptFromBytes(buf, null);
+            const encBuf = yield EncArrayBuffer.fromResponse(attachmentResponse);
+            const decBuf = yield this.cryptoService.decryptFromBytes(encBuf, null);
             const key = yield this.cryptoService.getOrgKey(organizationId);
             const encFileName = yield this.cryptoService.encrypt(attachmentView.fileName, key);
             const dataEncKey = yield this.cryptoService.makeEncKey(key);
@@ -5236,10 +5410,6 @@ class ContainerService {
     constructor(cryptoService) {
         this.cryptoService = cryptoService;
     }
-    // deprecated, use attachToGlobal instead
-    attachToWindow(win) {
-        this.attachToGlobal(win);
-    }
     attachToGlobal(global) {
         if (!global.bitwardenContainerService) {
             global.bitwardenContainerService = this;
@@ -13042,17 +13212,6 @@ const EEFLongWordList = [
     "zoom",
 ];
 
-;// CONCATENATED MODULE: ../../libs/common/src/models/domain/encArrayBuffer.ts
-class EncArrayBuffer {
-    constructor(buffer) {
-        this.buffer = buffer;
-    }
-}
-
-;// CONCATENATED MODULE: ../../libs/common/src/models/domain/encryptedObject.ts
-class EncryptedObject {
-}
-
 ;// CONCATENATED MODULE: ../../libs/common/src/models/domain/encryptedOrganizationKey.ts
 var encryptedOrganizationKey_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
@@ -13145,8 +13304,6 @@ var crypto_service_awaiter = (undefined && undefined.__awaiter) || function (thi
 
 
 
-
-
 class CryptoService {
     constructor(cryptoFunctionService, encryptService, platformUtilService, logService, stateService) {
         this.cryptoFunctionService = cryptoFunctionService;
@@ -13423,7 +13580,6 @@ class CryptoService {
     clearKey(clearSecretStorage = true, userId) {
         return crypto_service_awaiter(this, void 0, void 0, function* () {
             yield this.stateService.setCryptoMasterKey(null, { userId: userId });
-            yield this.stateService.setLegacyEtmKey(null, { userId: userId });
             if (clearSecretStorage) {
                 yield this.clearSecretKeyStore(userId);
             }
@@ -13574,7 +13730,7 @@ class CryptoService {
     }
     makeEncKey(key) {
         return crypto_service_awaiter(this, void 0, void 0, function* () {
-            const theKey = yield this.getKeyForEncryption(key);
+            const theKey = yield this.getKeyForUserEncryption(key);
             const encKey = yield this.cryptoFunctionService.randomBytes(64);
             return this.buildEncKey(theKey, encKey);
         });
@@ -13588,31 +13744,23 @@ class CryptoService {
         });
     }
     /**
-     * @deprecated June 22 2022: This method has been moved to encryptService.
-     * All callers should use this service to grab the relevant key and use encryptService for encryption instead.
-     * This method will be removed once all existing code has been refactored to use encryptService.
+     * @deprecated July 25 2022: Get the key you need from CryptoService (getKeyForUserEncryption or getOrgKey)
+     * and then call encryptService.encrypt
      */
     encrypt(plainValue, key) {
         return crypto_service_awaiter(this, void 0, void 0, function* () {
-            key = yield this.getKeyForEncryption(key);
+            key = yield this.getKeyForUserEncryption(key);
             return yield this.encryptService.encrypt(plainValue, key);
         });
     }
+    /**
+     * @deprecated July 25 2022: Get the key you need from CryptoService (getKeyForUserEncryption or getOrgKey)
+     * and then call encryptService.encryptToBytes
+     */
     encryptToBytes(plainValue, key) {
         return crypto_service_awaiter(this, void 0, void 0, function* () {
-            const encValue = yield this.aesEncrypt(plainValue, key);
-            let macLen = 0;
-            if (encValue.mac != null) {
-                macLen = encValue.mac.byteLength;
-            }
-            const encBytes = new Uint8Array(1 + encValue.iv.byteLength + macLen + encValue.data.byteLength);
-            encBytes.set([encValue.key.encType]);
-            encBytes.set(new Uint8Array(encValue.iv), 1);
-            if (encValue.mac != null) {
-                encBytes.set(new Uint8Array(encValue.mac), 1 + encValue.iv.byteLength);
-            }
-            encBytes.set(new Uint8Array(encValue.data), 1 + encValue.iv.byteLength + macLen);
-            return new EncArrayBuffer(encBytes.buffer);
+            key = yield this.getKeyForUserEncryption(key);
+            return this.encryptService.encryptToBytes(plainValue, key);
         });
     }
     rsaEncrypt(data, publicKey) {
@@ -13677,58 +13825,37 @@ class CryptoService {
             return this.cryptoFunctionService.rsaDecrypt(data, privateKey, alg);
         });
     }
+    /**
+     * @deprecated July 25 2022: Get the key you need from CryptoService (getKeyForUserEncryption or getOrgKey)
+     * and then call encryptService.decryptToBytes
+     */
     decryptToBytes(encString, key) {
         return crypto_service_awaiter(this, void 0, void 0, function* () {
-            const iv = Utils.fromB64ToArray(encString.iv).buffer;
-            const data = Utils.fromB64ToArray(encString.data).buffer;
-            const mac = encString.mac ? Utils.fromB64ToArray(encString.mac).buffer : null;
-            const decipher = yield this.aesDecryptToBytes(encString.encryptionType, data, iv, mac, key);
-            if (decipher == null) {
-                return null;
-            }
-            return decipher;
+            const keyForEnc = yield this.getKeyForUserEncryption(key);
+            return this.encryptService.decryptToBytes(encString, keyForEnc);
         });
     }
+    /**
+     * @deprecated July 25 2022: Get the key you need from CryptoService (getKeyForUserEncryption or getOrgKey)
+     * and then call encryptService.decryptToUtf8
+     */
     decryptToUtf8(encString, key) {
         return crypto_service_awaiter(this, void 0, void 0, function* () {
-            key = yield this.getKeyForEncryption(key);
-            key = yield this.resolveLegacyKey(encString.encryptionType, key);
+            key = yield this.getKeyForUserEncryption(key);
             return yield this.encryptService.decryptToUtf8(encString, key);
         });
     }
-    decryptFromBytes(encBuf, key) {
+    /**
+     * @deprecated July 25 2022: Get the key you need from CryptoService (getKeyForUserEncryption or getOrgKey)
+     * and then call encryptService.decryptToBytes
+     */
+    decryptFromBytes(encBuffer, key) {
         return crypto_service_awaiter(this, void 0, void 0, function* () {
-            if (encBuf == null) {
-                throw new Error("no encBuf.");
-            }
-            const encBytes = new Uint8Array(encBuf);
-            const encType = encBytes[0];
-            let ctBytes = null;
-            let ivBytes = null;
-            let macBytes = null;
-            switch (encType) {
-                case EncryptionType.AesCbc128_HmacSha256_B64:
-                case EncryptionType.AesCbc256_HmacSha256_B64:
-                    if (encBytes.length <= 49) {
-                        // 1 + 16 + 32 + ctLength
-                        return null;
-                    }
-                    ivBytes = encBytes.slice(1, 17);
-                    macBytes = encBytes.slice(17, 49);
-                    ctBytes = encBytes.slice(49);
-                    break;
-                case EncryptionType.AesCbc256_B64:
-                    if (encBytes.length <= 17) {
-                        // 1 + 16 + ctLength
-                        return null;
-                    }
-                    ivBytes = encBytes.slice(1, 17);
-                    ctBytes = encBytes.slice(17);
-                    break;
-                default:
-                    return null;
+            if (encBuffer == null) {
+                throw new Error("No buffer provided for decryption.");
             }
-            return yield this.aesDecryptToBytes(encType, ctBytes.buffer, ivBytes.buffer, macBytes != null ? macBytes.buffer : null, key);
+            key = yield this.getKeyForUserEncryption(key);
+            return this.encryptService.decryptToBytes(encBuffer, key);
         });
     }
     // EFForg/OpenWireless
@@ -13778,7 +13905,7 @@ class CryptoService {
             return true;
         });
     }
-    // Helpers
+    // ---HELPERS---
     storeKey(key, userId) {
         return crypto_service_awaiter(this, void 0, void 0, function* () {
             if (yield this.shouldStoreKey(KeySuffixOptions.Auto, userId)) {
@@ -13814,53 +13941,7 @@ class CryptoService {
                 : yield this.stateService.getCryptoMasterKeyBiometric({ userId: userId });
         });
     }
-    /**
-     * @deprecated June 22 2022: This method has been moved to encryptService.
-     * All callers should use encryptService instead. This method will be removed once all existing code has been refactored to use encryptService.
-     */
-    aesEncrypt(data, key) {
-        return crypto_service_awaiter(this, void 0, void 0, function* () {
-            const obj = new EncryptedObject();
-            obj.key = yield this.getKeyForEncryption(key);
-            obj.iv = yield this.cryptoFunctionService.randomBytes(16);
-            obj.data = yield this.cryptoFunctionService.aesEncrypt(data, obj.iv, obj.key.encKey);
-            if (obj.key.macKey != null) {
-                const macData = new Uint8Array(obj.iv.byteLength + obj.data.byteLength);
-                macData.set(new Uint8Array(obj.iv), 0);
-                macData.set(new Uint8Array(obj.data), obj.iv.byteLength);
-                obj.mac = yield this.cryptoFunctionService.hmac(macData.buffer, obj.key.macKey, "sha256");
-            }
-            return obj;
-        });
-    }
-    aesDecryptToBytes(encType, data, iv, mac, key) {
-        return crypto_service_awaiter(this, void 0, void 0, function* () {
-            const keyForEnc = yield this.getKeyForEncryption(key);
-            const theKey = yield this.resolveLegacyKey(encType, keyForEnc);
-            if (theKey.macKey != null && mac == null) {
-                return null;
-            }
-            if (theKey.encType !== encType) {
-                return null;
-            }
-            if (theKey.macKey != null && mac != null) {
-                const macData = new Uint8Array(iv.byteLength + data.byteLength);
-                macData.set(new Uint8Array(iv), 0);
-                macData.set(new Uint8Array(data), iv.byteLength);
-                const computedMac = yield this.cryptoFunctionService.hmac(macData.buffer, theKey.macKey, "sha256");
-                if (computedMac === null) {
-                    return null;
-                }
-                const macsMatch = yield this.cryptoFunctionService.compare(mac, computedMac);
-                if (!macsMatch) {
-                    this.logService.error("mac failed.");
-                    return null;
-                }
-            }
-            return yield this.cryptoFunctionService.aesDecrypt(data, iv, theKey.encKey);
-        });
-    }
-    getKeyForEncryption(key) {
+    getKeyForUserEncryption(key) {
         return crypto_service_awaiter(this, void 0, void 0, function* () {
             if (key != null) {
                 return key;
@@ -13869,24 +13950,11 @@ class CryptoService {
             if (encKey != null) {
                 return encKey;
             }
+            // Legacy support: encryption used to be done with the user key (derived from master password).
+            // Users who have not migrated will have a null encKey and must use the user key instead.
             return yield this.getKey();
         });
     }
-    resolveLegacyKey(encType, key) {
-        return crypto_service_awaiter(this, void 0, void 0, function* () {
-            if (encType === EncryptionType.AesCbc128_HmacSha256_B64 &&
-                key.encType === EncryptionType.AesCbc256_B64) {
-                // Old encrypt-then-mac scheme, make a new key
-                let legacyKey = yield this.stateService.getLegacyEtmKey();
-                if (legacyKey == null) {
-                    legacyKey = new SymmetricCryptoKey(key.key, EncryptionType.AesCbc128_HmacSha256_B64);
-                    yield this.stateService.setLegacyEtmKey(legacyKey);
-                }
-                return legacyKey;
-            }
-            return key;
-        });
-    }
     stretchKey(key) {
         return crypto_service_awaiter(this, void 0, void 0, function* () {
             const newKey = new Uint8Array(64);
@@ -13994,6 +14062,10 @@ crypto_service_decorate([
     crypto_service_metadata("design:returntype", Promise)
 ], CryptoService.prototype, "getProviderKeys", null);
 
+;// CONCATENATED MODULE: ../../libs/common/src/models/domain/encryptedObject.ts
+class EncryptedObject {
+}
+
 ;// CONCATENATED MODULE: ../../libs/common/src/services/encrypt.service.ts
 var encrypt_service_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
@@ -14007,6 +14079,9 @@ var encrypt_service_awaiter = (undefined && undefined.__awaiter) || function (th
 
 
 
+
+
+
 class EncryptService {
     constructor(cryptoFunctionService, logService, logMacFailures) {
         this.cryptoFunctionService = cryptoFunctionService;
@@ -14016,7 +14091,7 @@ class EncryptService {
     encrypt(plainValue, key) {
         return encrypt_service_awaiter(this, void 0, void 0, function* () {
             if (key == null) {
-                throw new Error("no encryption key provided.");
+                throw new Error("No encryption key provided.");
             }
             if (plainValue == null) {
                 return Promise.resolve(null);
@@ -14035,9 +14110,33 @@ class EncryptService {
             return new EncString(encObj.key.encType, data, iv, mac);
         });
     }
+    encryptToBytes(plainValue, key) {
+        return encrypt_service_awaiter(this, void 0, void 0, function* () {
+            if (key == null) {
+                throw new Error("No encryption key provided.");
+            }
+            const encValue = yield this.aesEncrypt(plainValue, key);
+            let macLen = 0;
+            if (encValue.mac != null) {
+                macLen = encValue.mac.byteLength;
+            }
+            const encBytes = new Uint8Array(1 + encValue.iv.byteLength + macLen + encValue.data.byteLength);
+            encBytes.set([encValue.key.encType]);
+            encBytes.set(new Uint8Array(encValue.iv), 1);
+            if (encValue.mac != null) {
+                encBytes.set(new Uint8Array(encValue.mac), 1 + encValue.iv.byteLength);
+            }
+            encBytes.set(new Uint8Array(encValue.data), 1 + encValue.iv.byteLength + macLen);
+            return new EncArrayBuffer(encBytes.buffer);
+        });
+    }
     decryptToUtf8(encString, key) {
         return encrypt_service_awaiter(this, void 0, void 0, function* () {
-            if ((key === null || key === void 0 ? void 0 : key.macKey) != null && (encString === null || encString === void 0 ? void 0 : encString.mac) == null) {
+            if (key == null) {
+                throw new Error("No key provided for decryption.");
+            }
+            key = this.resolveLegacyKey(key, encString);
+            if (key.macKey != null && (encString === null || encString === void 0 ? void 0 : encString.mac) == null) {
                 this.logService.error("mac required.");
                 return null;
             }
@@ -14057,6 +14156,39 @@ class EncryptService {
             return this.cryptoFunctionService.aesDecryptFast(fastParams);
         });
     }
+    decryptToBytes(encThing, key) {
+        return encrypt_service_awaiter(this, void 0, void 0, function* () {
+            if (key == null) {
+                throw new Error("No encryption key provided.");
+            }
+            if (encThing == null) {
+                throw new Error("Nothing provided for decryption.");
+            }
+            key = this.resolveLegacyKey(key, encThing);
+            if (key.macKey != null && encThing.macBytes == null) {
+                return null;
+            }
+            if (key.encType !== encThing.encryptionType) {
+                return null;
+            }
+            if (key.macKey != null && encThing.macBytes != null) {
+                const macData = new Uint8Array(encThing.ivBytes.byteLength + encThing.dataBytes.byteLength);
+                macData.set(new Uint8Array(encThing.ivBytes), 0);
+                macData.set(new Uint8Array(encThing.dataBytes), encThing.ivBytes.byteLength);
+                const computedMac = yield this.cryptoFunctionService.hmac(macData.buffer, key.macKey, "sha256");
+                if (computedMac === null) {
+                    return null;
+                }
+                const macsMatch = yield this.cryptoFunctionService.compare(encThing.macBytes, computedMac);
+                if (!macsMatch) {
+                    this.logMacFailed("mac failed.");
+                    return null;
+                }
+            }
+            const result = yield this.cryptoFunctionService.aesDecrypt(encThing.dataBytes, encThing.ivBytes, key.encKey);
+            return result !== null && result !== void 0 ? result : null;
+        });
+    }
     aesEncrypt(data, key) {
         return encrypt_service_awaiter(this, void 0, void 0, function* () {
             const obj = new EncryptedObject();
@@ -14077,6 +14209,17 @@ class EncryptService {
             this.logService.error(msg);
         }
     }
+    /**
+     * Transform into new key for the old encrypt-then-mac scheme if required, otherwise return the current key unchanged
+     * @param encThing The encrypted object (e.g. encString or encArrayBuffer) that you want to decrypt
+     */
+    resolveLegacyKey(key, encThing) {
+        if (encThing.encryptionType === EncryptionType.AesCbc128_HmacSha256_B64 &&
+            key.encType === EncryptionType.AesCbc256_B64) {
+            return new SymmetricCryptoKey(key.key, EncryptionType.AesCbc128_HmacSha256_B64);
+        }
+        return key;
+    }
 }
 
 ;// CONCATENATED MODULE: external "rxjs"
@@ -14099,7 +14242,7 @@ class EnvironmentService {
         this.urlsSubject = new external_rxjs_namespaceObject.Subject();
         this.urls = this.urlsSubject;
         this.scimUrl = null;
-        this.stateService.activeAccount.subscribe(() => environment_service_awaiter(this, void 0, void 0, function* () {
+        this.stateService.activeAccount$.subscribe(() => environment_service_awaiter(this, void 0, void 0, function* () {
             yield this.setUrlsFromStorage();
         }));
     }
@@ -14846,11 +14989,11 @@ var EventType;
     EventType[EventType["OrganizationUser_AdminResetPassword"] = 1508] = "OrganizationUser_AdminResetPassword";
     EventType[EventType["OrganizationUser_ResetSsoLink"] = 1509] = "OrganizationUser_ResetSsoLink";
     EventType[EventType["OrganizationUser_FirstSsoLogin"] = 1510] = "OrganizationUser_FirstSsoLogin";
-    EventType[EventType["OrganizationUser_Deactivated"] = 1511] = "OrganizationUser_Deactivated";
-    EventType[EventType["OrganizationUser_Activated"] = 1512] = "OrganizationUser_Activated";
+    EventType[EventType["OrganizationUser_Revoked"] = 1511] = "OrganizationUser_Revoked";
+    EventType[EventType["OrganizationUser_Restored"] = 1512] = "OrganizationUser_Restored";
     EventType[EventType["Organization_Updated"] = 1600] = "Organization_Updated";
     EventType[EventType["Organization_PurgedVault"] = 1601] = "Organization_PurgedVault";
-    // Organization_ClientExportedVault = 1602,
+    EventType[EventType["Organization_ClientExportedVault"] = 1602] = "Organization_ClientExportedVault";
     EventType[EventType["Organization_VaultAccessed"] = 1603] = "Organization_VaultAccessed";
     EventType[EventType["Organization_EnabledSso"] = 1604] = "Organization_EnabledSso";
     EventType[EventType["Organization_DisabledSso"] = 1605] = "Organization_DisabledSso";
@@ -14897,11 +15040,16 @@ class FolderView {
         this.id = f.id;
         this.revisionDate = f.revisionDate;
     }
+    static fromJSON(obj) {
+        const revisionDate = obj.revisionDate == null ? null : new Date(obj.revisionDate);
+        return Object.assign(new FolderView(), obj, { revisionDate });
+    }
 }
 
 ;// CONCATENATED MODULE: ../../libs/common/src/models/domain/folder.ts
 
 
+
 class Folder extends Domain {
     constructor(obj) {
         super();
@@ -14919,6 +15067,10 @@ class Folder extends Domain {
             name: null,
         }, null);
     }
+    static fromJSON(obj) {
+        const revisionDate = obj.revisionDate == null ? null : new Date(obj.revisionDate);
+        return Object.assign(new Folder(), obj, { name: EncString.fromJSON(obj.name), revisionDate });
+    }
 }
 
 ;// CONCATENATED MODULE: ../../libs/common/src/models/export/folderExport.ts
@@ -15163,31 +15315,33 @@ class ExportService {
             const decCollections = [];
             const decCiphers = [];
             const promises = [];
-            promises.push(this.apiService.getCollections(organizationId).then((collections) => {
-                const collectionPromises = [];
-                if (collections != null && collections.data != null && collections.data.length > 0) {
-                    collections.data.forEach((c) => {
-                        const collection = new Collection(new CollectionData(c));
-                        collectionPromises.push(collection.decrypt().then((decCol) => {
-                            decCollections.push(decCol);
-                        }));
-                    });
-                }
-                return Promise.all(collectionPromises);
-            }));
-            promises.push(this.apiService.getCiphersOrganization(organizationId).then((ciphers) => {
-                const cipherPromises = [];
-                if (ciphers != null && ciphers.data != null && ciphers.data.length > 0) {
-                    ciphers.data
-                        .filter((c) => c.deletedDate === null)
-                        .forEach((c) => {
-                        const cipher = new Cipher(new CipherData(c));
-                        cipherPromises.push(cipher.decrypt().then((decCipher) => {
-                            decCiphers.push(decCipher);
-                        }));
-                    });
+            promises.push(this.apiService.getOrganizationExport(organizationId).then((exportData) => {
+                const exportPromises = [];
+                if (exportData != null) {
+                    if (exportData.collections != null &&
+                        exportData.collections.data != null &&
+                        exportData.collections.data.length > 0) {
+                        exportData.collections.data.forEach((c) => {
+                            const collection = new Collection(new CollectionData(c));
+                            exportPromises.push(collection.decrypt().then((decCol) => {
+                                decCollections.push(decCol);
+                            }));
+                        });
+                    }
+                    if (exportData.ciphers != null &&
+                        exportData.ciphers.data != null &&
+                        exportData.ciphers.data.length > 0) {
+                        exportData.ciphers.data
+                            .filter((c) => c.deletedDate === null)
+                            .forEach((c) => {
+                            const cipher = new Cipher(new CipherData(c));
+                            exportPromises.push(cipher.decrypt().then((decCipher) => {
+                                decCiphers.push(decCipher);
+                            }));
+                        });
+                    }
                 }
-                return Promise.all(cipherPromises);
+                return Promise.all(exportPromises);
             }));
             yield Promise.all(promises);
             if (format === "csv") {
@@ -15772,7 +15926,7 @@ class FolderService {
         this._folderViews = new external_rxjs_namespaceObject.BehaviorSubject([]);
         this.folders$ = this._folders.asObservable();
         this.folderViews$ = this._folderViews.asObservable();
-        this.stateService.activeAccountUnlocked.subscribe((unlocked) => folder_service_awaiter(this, void 0, void 0, function* () {
+        this.stateService.activeAccountUnlocked$.subscribe((unlocked) => folder_service_awaiter(this, void 0, void 0, function* () {
             if (Utils.global.bitwardenContainerService == null) {
                 return;
             }
@@ -15985,11 +16139,8 @@ class ImportResult {
     }
 }
 
-;// CONCATENATED MODULE: external "browser-hrtime"
-const external_browser_hrtime_namespaceObject = require("browser-hrtime");
 ;// CONCATENATED MODULE: ../../libs/common/src/services/consoleLog.service.ts
 
-
 class consoleLog_service_ConsoleLogService {
     constructor(isDev, filter = null) {
         this.isDev = isDev;
@@ -16036,17 +16187,6 @@ class consoleLog_service_ConsoleLogService {
                 break;
         }
     }
-    time(label = "default") {
-        if (!this.timersMap.has(label)) {
-            this.timersMap.set(label, external_browser_hrtime_namespaceObject());
-        }
-    }
-    timeEnd(label = "default") {
-        const elapsed = external_browser_hrtime_namespaceObject(this.timersMap.get(label));
-        this.timersMap.delete(label);
-        this.write(LogLevelType.Info, `${label}: ${elapsed[0] * 1000 + elapsed[1] / 10e6}ms`);
-        return elapsed;
-    }
 }
 
 ;// CONCATENATED MODULE: ../../libs/common/src/importers/baseImporter.ts
@@ -16307,6 +16447,11 @@ class BaseImporter {
         if (cardNum.match(re) != null) {
             return "Visa";
         }
+        // Mir
+        re = new RegExp("^220[0-4]");
+        if (cardNum.match(re) != null) {
+            return "Mir";
+        }
         return null;
     }
     setCardExpiration(cipher, expiration) {
@@ -22013,45 +22158,12 @@ var OrganizationUserStatusType;
     OrganizationUserStatusType[OrganizationUserStatusType["Invited"] = 0] = "Invited";
     OrganizationUserStatusType[OrganizationUserStatusType["Accepted"] = 1] = "Accepted";
     OrganizationUserStatusType[OrganizationUserStatusType["Confirmed"] = 2] = "Confirmed";
-    OrganizationUserStatusType[OrganizationUserStatusType["Deactivated"] = -1] = "Deactivated";
+    OrganizationUserStatusType[OrganizationUserStatusType["Revoked"] = -1] = "Revoked";
 })(OrganizationUserStatusType || (OrganizationUserStatusType = {}));
 
-;// CONCATENATED MODULE: ../../libs/common/src/enums/permissions.ts
-var Permissions;
-(function (Permissions) {
-    Permissions[Permissions["AccessEventLogs"] = 0] = "AccessEventLogs";
-    Permissions[Permissions["AccessImportExport"] = 1] = "AccessImportExport";
-    Permissions[Permissions["AccessReports"] = 2] = "AccessReports";
-    /**
-     * @deprecated Sep 29 2021: This permission has been split out to `createNewCollections`, `editAnyCollection`, and
-     * `deleteAnyCollection`. It exists here for backwards compatibility with Server versions <= 1.43.0
-     */
-    Permissions[Permissions["ManageAllCollections"] = 3] = "ManageAllCollections";
-    /**
-     * @deprecated Sep 29 2021: This permission has been split out to `editAssignedCollections` and
-     * `deleteAssignedCollections`. It exists here for backwards compatibility with Server versions <= 1.43.0
-     */
-    Permissions[Permissions["ManageAssignedCollections"] = 4] = "ManageAssignedCollections";
-    Permissions[Permissions["ManageGroups"] = 5] = "ManageGroups";
-    Permissions[Permissions["ManageOrganization"] = 6] = "ManageOrganization";
-    Permissions[Permissions["ManagePolicies"] = 7] = "ManagePolicies";
-    Permissions[Permissions["ManageProvider"] = 8] = "ManageProvider";
-    Permissions[Permissions["ManageUsers"] = 9] = "ManageUsers";
-    Permissions[Permissions["ManageUsersPassword"] = 10] = "ManageUsersPassword";
-    Permissions[Permissions["CreateNewCollections"] = 11] = "CreateNewCollections";
-    Permissions[Permissions["EditAnyCollection"] = 12] = "EditAnyCollection";
-    Permissions[Permissions["DeleteAnyCollection"] = 13] = "DeleteAnyCollection";
-    Permissions[Permissions["EditAssignedCollections"] = 14] = "EditAssignedCollections";
-    Permissions[Permissions["DeleteAssignedCollections"] = 15] = "DeleteAssignedCollections";
-    Permissions[Permissions["ManageSso"] = 16] = "ManageSso";
-    Permissions[Permissions["ManageBilling"] = 17] = "ManageBilling";
-    Permissions[Permissions["ManageScim"] = 18] = "ManageScim";
-})(Permissions || (Permissions = {}));
-
 ;// CONCATENATED MODULE: ../../libs/common/src/models/domain/organization.ts
 
 
-
 class Organization {
     constructor(obj) {
         if (obj == null) {
@@ -22114,7 +22226,7 @@ class Organization {
         return this.type === OrganizationUserType.Owner || this.isProviderUser;
     }
     get canAccessEventLogs() {
-        return this.isAdmin || this.permissions.accessEventLogs;
+        return (this.isAdmin || this.permissions.accessEventLogs) && this.useEvents;
     }
     get canAccessImportExport() {
         return this.isAdmin || this.permissions.accessImportExport;
@@ -22153,16 +22265,16 @@ class Organization {
         return this.canDeleteAssignedCollections || this.canEditAssignedCollections;
     }
     get canManageGroups() {
-        return this.isAdmin || this.permissions.manageGroups;
+        return (this.isAdmin || this.permissions.manageGroups) && this.useGroups;
     }
     get canManageSso() {
-        return this.isAdmin || this.permissions.manageSso;
+        return (this.isAdmin || this.permissions.manageSso) && this.useSso;
     }
     get canManageScim() {
-        return this.isAdmin || this.permissions.manageScim;
+        return (this.isAdmin || this.permissions.manageScim) && this.useScim;
     }
     get canManagePolicies() {
-        return this.isAdmin || this.permissions.managePolicies;
+        return (this.isAdmin || this.permissions.managePolicies) && this.usePolicies;
     }
     get canManageUsers() {
         return this.isAdmin || this.permissions.manageUsers;
@@ -22173,27 +22285,6 @@ class Organization {
     get isExemptFromPolicies() {
         return this.canManagePolicies;
     }
-    hasAnyPermission(permissions) {
-        const specifiedPermissions = (permissions.includes(Permissions.AccessEventLogs) && this.canAccessEventLogs) ||
-            (permissions.includes(Permissions.AccessImportExport) && this.canAccessImportExport) ||
-            (permissions.includes(Permissions.AccessReports) && this.canAccessReports) ||
-            (permissions.includes(Permissions.CreateNewCollections) && this.canCreateNewCollections) ||
-            (permissions.includes(Permissions.EditAnyCollection) && this.canEditAnyCollection) ||
-            (permissions.includes(Permissions.DeleteAnyCollection) && this.canDeleteAnyCollection) ||
-            (permissions.includes(Permissions.EditAssignedCollections) &&
-                this.canEditAssignedCollections) ||
-            (permissions.includes(Permissions.DeleteAssignedCollections) &&
-                this.canDeleteAssignedCollections) ||
-            (permissions.includes(Permissions.ManageGroups) && this.canManageGroups) ||
-            (permissions.includes(Permissions.ManageOrganization) && this.isOwner) ||
-            (permissions.includes(Permissions.ManagePolicies) && this.canManagePolicies) ||
-            (permissions.includes(Permissions.ManageUsers) && this.canManageUsers) ||
-            (permissions.includes(Permissions.ManageUsersPassword) && this.canManageUsersPassword) ||
-            (permissions.includes(Permissions.ManageSso) && this.canManageSso) ||
-            (permissions.includes(Permissions.ManageScim) && this.canManageScim) ||
-            (permissions.includes(Permissions.ManageBilling) && this.canManageBilling);
-        return specifiedPermissions && (this.enabled || this.isOwner);
-    }
     get canManageBilling() {
         return this.isOwner && (this.isProviderUser || !this.hasProvider);
     }
@@ -22883,7 +22974,7 @@ class ResetPasswordPolicyOptions extends Domain {
     }
 }
 
-;// CONCATENATED MODULE: ../../libs/common/src/services/policy.service.ts
+;// CONCATENATED MODULE: ../../libs/common/src/services/policy/policy.service.ts
 var policy_service_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
     return new (P || (P = Promise))(function (resolve, reject) {
@@ -22901,15 +22992,9 @@ var policy_service_awaiter = (undefined && undefined.__awaiter) || function (thi
 
 
 class PolicyService {
-    constructor(stateService, organizationService, apiService) {
+    constructor(stateService, organizationService) {
         this.stateService = stateService;
         this.organizationService = organizationService;
-        this.apiService = apiService;
-    }
-    clearCache() {
-        return policy_service_awaiter(this, void 0, void 0, function* () {
-            yield this.stateService.setDecryptedPolicies(null);
-        });
     }
     getAll(type, userId) {
         return policy_service_awaiter(this, void 0, void 0, function* () {
@@ -22936,41 +23021,6 @@ class PolicyService {
             }
         });
     }
-    getPolicyForOrganization(policyType, organizationId) {
-        return policy_service_awaiter(this, void 0, void 0, function* () {
-            const org = yield this.organizationService.get(organizationId);
-            if (org === null || org === void 0 ? void 0 : org.isProviderUser) {
-                const orgPolicies = yield this.apiService.getPolicies(organizationId);
-                const policy = orgPolicies.data.find((p) => p.organizationId === organizationId);
-                if (policy == null) {
-                    return null;
-                }
-                return new Policy(new PolicyData(policy));
-            }
-            const policies = yield this.getAll(policyType);
-            return policies.find((p) => p.organizationId === organizationId);
-        });
-    }
-    replace(policies) {
-        return policy_service_awaiter(this, void 0, void 0, function* () {
-            yield this.stateService.setDecryptedPolicies(null);
-            yield this.stateService.setEncryptedPolicies(policies);
-        });
-    }
-    clear(userId) {
-        return policy_service_awaiter(this, void 0, void 0, function* () {
-            yield this.stateService.setDecryptedPolicies(null, { userId: userId });
-            yield this.stateService.setEncryptedPolicies(null, { userId: userId });
-        });
-    }
-    getMasterPasswordPoliciesForInvitedUsers(orgId) {
-        return policy_service_awaiter(this, void 0, void 0, function* () {
-            const userId = yield this.stateService.getUserId();
-            const response = yield this.apiService.getPoliciesByInvitedUser(orgId, userId);
-            const policies = yield this.mapPoliciesFromToken(response);
-            return this.getMasterPasswordPolicyOptions(policies);
-        });
-    }
     getMasterPasswordPolicyOptions(policies) {
         return policy_service_awaiter(this, void 0, void 0, function* () {
             let enforcedOptions = null;
@@ -23077,6 +23127,29 @@ class PolicyService {
                 policySet.has(o.id));
         });
     }
+    upsert(policy) {
+        return policy_service_awaiter(this, void 0, void 0, function* () {
+            let policies = yield this.stateService.getEncryptedPolicies();
+            if (policies == null) {
+                policies = {};
+            }
+            policies[policy.id] = policy;
+            yield this.stateService.setDecryptedPolicies(null);
+            yield this.stateService.setEncryptedPolicies(policies);
+        });
+    }
+    replace(policies) {
+        return policy_service_awaiter(this, void 0, void 0, function* () {
+            yield this.stateService.setDecryptedPolicies(null);
+            yield this.stateService.setEncryptedPolicies(policies);
+        });
+    }
+    clear(userId) {
+        return policy_service_awaiter(this, void 0, void 0, function* () {
+            yield this.stateService.setDecryptedPolicies(null, { userId: userId });
+            yield this.stateService.setEncryptedPolicies(null, { userId: userId });
+        });
+    }
     isExcemptFromPolicies(organization, policyType) {
         if (policyType === PolicyType.MaximumVaultTimeout) {
             return organization.type === OrganizationUserType.Owner;
@@ -23091,7 +23164,7 @@ var ProviderUserStatusType;
     ProviderUserStatusType[ProviderUserStatusType["Invited"] = 0] = "Invited";
     ProviderUserStatusType[ProviderUserStatusType["Accepted"] = 1] = "Accepted";
     ProviderUserStatusType[ProviderUserStatusType["Confirmed"] = 2] = "Confirmed";
-    ProviderUserStatusType[ProviderUserStatusType["Deactivated"] = -1] = "Deactivated";
+    ProviderUserStatusType[ProviderUserStatusType["Revoked"] = -1] = "Revoked";
 })(ProviderUserStatusType || (ProviderUserStatusType = {}));
 
 ;// CONCATENATED MODULE: ../../libs/common/src/enums/providerUserType.ts
@@ -23217,8 +23290,13 @@ class SearchService {
                 this.searchableMinLength = this.defaultSearchableMinLength;
             }
         });
-        //register lunr pipeline function
-        external_lunr_namespaceObject.Pipeline.registerFunction(this.normalizeAccentsPipelineFunction, "normalizeAccents");
+        // Currently have to ensure this is only done a single time. Lunr allows you to register a function
+        // multiple times but they will add a warning message to the console. The way they do that breaks when ran on a service worker.
+        if (!SearchService.registeredPipeline) {
+            SearchService.registeredPipeline = true;
+            //register lunr pipeline function
+            external_lunr_namespaceObject.Pipeline.registerFunction(this.normalizeAccentsPipelineFunction, "normalizeAccents");
+        }
     }
     clearIndex() {
         this.indexedEntityId = null;
@@ -23236,7 +23314,6 @@ class SearchService {
             if (this.indexing) {
                 return;
             }
-            this.logService.time("search indexing");
             this.indexing = true;
             this.indexedEntityId = indexedEntityId;
             this.index = null;
@@ -23274,7 +23351,7 @@ class SearchService {
             ciphers.forEach((c) => builder.add(c));
             this.index = builder.build();
             this.indexing = false;
-            this.logService.timeEnd("search indexing");
+            this.logService.info("Finished search indexing");
         });
     }
     searchCiphers(query, filter = null, ciphers = null) {
@@ -23360,7 +23437,7 @@ class SearchService {
             }
             if (c.login &&
                 c.login.hasUris &&
-                c.login.uris.some((loginUri) => loginUri.uri.toLowerCase().indexOf(query) > -1)) {
+                c.login.uris.some((loginUri) => { var _a; return ((_a = loginUri === null || loginUri === void 0 ? void 0 : loginUri.uri) === null || _a === void 0 ? void 0 : _a.toLowerCase().indexOf(query)) > -1; })) {
                 return true;
             }
             return false;
@@ -23481,6 +23558,7 @@ class SearchService {
         return query === null || query === void 0 ? void 0 : query.normalize("NFD").replace(/[\u0300-\u036f]/g, "");
     }
 }
+SearchService.registeredPipeline = false;
 
 ;// CONCATENATED MODULE: ../../libs/common/src/enums/sendType.ts
 var SendType;
@@ -24290,23 +24368,25 @@ class StateService {
         this.stateFactory = stateFactory;
         this.useAccountCache = useAccountCache;
         this.accounts = new external_rxjs_namespaceObject.BehaviorSubject({});
-        this.activeAccount = new external_rxjs_namespaceObject.BehaviorSubject(null);
-        this.activeAccountUnlocked = new external_rxjs_namespaceObject.BehaviorSubject(false);
+        this.activeAccountSubject = new external_rxjs_namespaceObject.BehaviorSubject(null);
+        this.activeAccount$ = this.activeAccountSubject.asObservable();
+        this.activeAccountUnlockedSubject = new external_rxjs_namespaceObject.BehaviorSubject(false);
+        this.activeAccountUnlocked$ = this.activeAccountUnlockedSubject.asObservable();
         this.hasBeenInited = false;
         this.isRecoveredSession = false;
         this.accountDiskCache = new Map();
         // If the account gets changed, verify the new account is unlocked
-        this.activeAccount.subscribe((userId) => state_service_awaiter(this, void 0, void 0, function* () {
-            if (userId == null && this.activeAccountUnlocked.getValue() == false) {
+        this.activeAccountSubject.subscribe((userId) => state_service_awaiter(this, void 0, void 0, function* () {
+            if (userId == null && this.activeAccountUnlockedSubject.getValue() == false) {
                 return;
             }
             else if (userId == null) {
-                this.activeAccountUnlocked.next(false);
+                this.activeAccountUnlockedSubject.next(false);
             }
             // FIXME: This should be refactored into AuthService or a similar service,
             //  as checking for the existance of the crypto key is a low level
             //  implementation detail.
-            this.activeAccountUnlocked.next((yield this.getCryptoMasterKey()) != null);
+            this.activeAccountUnlockedSubject.next((yield this.getCryptoMasterKey()) != null);
         }));
     }
     init() {
@@ -24348,7 +24428,7 @@ class StateService {
                     state.activeUserId = storedActiveUser;
                 }
                 yield this.pushAccounts();
-                this.activeAccount.next(state.activeUserId);
+                this.activeAccountSubject.next(state.activeUserId);
                 return state;
             }));
         });
@@ -24378,7 +24458,7 @@ class StateService {
             yield this.scaffoldNewAccountStorage(account);
             yield this.setLastActive(new Date().getTime(), { userId: account.profile.userId });
             yield this.setActiveUser(account.profile.userId);
-            this.activeAccount.next(account.profile.userId);
+            this.activeAccountSubject.next(account.profile.userId);
         });
     }
     setActiveUser(userId) {
@@ -24387,7 +24467,7 @@ class StateService {
             yield this.updateState((state) => state_service_awaiter(this, void 0, void 0, function* () {
                 state.activeUserId = userId;
                 yield this.storageService.save(keys.activeUserId, userId);
-                this.activeAccount.next(state.activeUserId);
+                this.activeAccountSubject.next(state.activeUserId);
                 return state;
             }));
             yield this.pushAccounts();
@@ -24529,19 +24609,6 @@ class StateService {
             yield this.saveGlobals(globals, this.reconcileOptions(options, yield this.defaultOnDiskOptions()));
         });
     }
-    getBiometricLocked(options) {
-        var _a, _b, _c;
-        return state_service_awaiter(this, void 0, void 0, function* () {
-            return ((_c = (_b = (_a = (yield this.getAccount(this.reconcileOptions(options, yield this.defaultInMemoryOptions())))) === null || _a === void 0 ? void 0 : _a.settings) === null || _b === void 0 ? void 0 : _b.biometricLocked) !== null && _c !== void 0 ? _c : false);
-        });
-    }
-    setBiometricLocked(value, options) {
-        return state_service_awaiter(this, void 0, void 0, function* () {
-            const account = yield this.getAccount(this.reconcileOptions(options, yield this.defaultInMemoryOptions()));
-            account.settings.biometricLocked = value;
-            yield this.saveAccount(account, this.reconcileOptions(options, yield this.defaultInMemoryOptions()));
-        });
-    }
     getBiometricText(options) {
         var _a;
         return state_service_awaiter(this, void 0, void 0, function* () {
@@ -24670,11 +24737,11 @@ class StateService {
             const account = yield this.getAccount(this.reconcileOptions(options, yield this.defaultInMemoryOptions()));
             account.keys.cryptoMasterKey = value;
             yield this.saveAccount(account, this.reconcileOptions(options, yield this.defaultInMemoryOptions()));
-            if (options.userId == this.activeAccount.getValue()) {
+            if (options.userId == this.activeAccountSubject.getValue()) {
                 const nextValue = value != null;
                 // Avoid emitting if we are already unlocked
-                if (this.activeAccountUnlocked.getValue() != nextValue) {
-                    this.activeAccountUnlocked.next(nextValue);
+                if (this.activeAccountUnlockedSubject.getValue() != nextValue) {
+                    this.activeAccountUnlockedSubject.next(nextValue);
                 }
             }
         });
@@ -25543,19 +25610,6 @@ class StateService {
             yield this.saveAccount(account, this.reconcileOptions(options, yield this.defaultOnDiskMemoryOptions()));
         });
     }
-    getLegacyEtmKey(options) {
-        var _a, _b;
-        return state_service_awaiter(this, void 0, void 0, function* () {
-            return (_b = (_a = (yield this.getAccount(this.reconcileOptions(options, yield this.defaultOnDiskOptions())))) === null || _a === void 0 ? void 0 : _a.keys) === null || _b === void 0 ? void 0 : _b.legacyEtmKey;
-        });
-    }
-    setLegacyEtmKey(value, options) {
-        return state_service_awaiter(this, void 0, void 0, function* () {
-            const account = yield this.getAccount(this.reconcileOptions(options, yield this.defaultOnDiskOptions()));
-            account.keys.legacyEtmKey = value;
-            yield this.saveAccount(account, this.reconcileOptions(options, yield this.defaultOnDiskOptions()));
-        });
-    }
     getLocalData(options) {
         var _a, _b;
         return state_service_awaiter(this, void 0, void 0, function* () {
@@ -26409,13 +26463,13 @@ class StateService {
     }
 }
 state_service_decorate([
-    withPrototype(SymmetricCryptoKey, SymmetricCryptoKey.initFromJson),
+    withPrototype(SymmetricCryptoKey, SymmetricCryptoKey.fromJSON),
     state_service_metadata("design:type", Function),
     state_service_metadata("design:paramtypes", [Object]),
     state_service_metadata("design:returntype", Promise)
 ], StateService.prototype, "getCryptoMasterKey", null);
 state_service_decorate([
-    withPrototypeForArrayMembers(CipherView),
+    withPrototypeForArrayMembers(CipherView, CipherView.fromJSON),
     state_service_metadata("design:type", Function),
     state_service_metadata("design:paramtypes", [Object]),
     state_service_metadata("design:returntype", Promise)
@@ -26427,13 +26481,13 @@ state_service_decorate([
     state_service_metadata("design:returntype", Promise)
 ], StateService.prototype, "getDecryptedCollections", null);
 state_service_decorate([
-    withPrototype(SymmetricCryptoKey, SymmetricCryptoKey.initFromJson),
+    withPrototype(SymmetricCryptoKey, SymmetricCryptoKey.fromJSON),
     state_service_metadata("design:type", Function),
     state_service_metadata("design:paramtypes", [Object]),
     state_service_metadata("design:returntype", Promise)
 ], StateService.prototype, "getDecryptedCryptoSymmetricKey", null);
 state_service_decorate([
-    withPrototypeForMap(SymmetricCryptoKey, SymmetricCryptoKey.initFromJson),
+    withPrototypeForMap(SymmetricCryptoKey, SymmetricCryptoKey.fromJSON),
     state_service_metadata("design:type", Function),
     state_service_metadata("design:paramtypes", [Object]),
     state_service_metadata("design:returntype", Promise)
@@ -26457,7 +26511,7 @@ state_service_decorate([
     state_service_metadata("design:returntype", Promise)
 ], StateService.prototype, "getDecryptedPolicies", null);
 state_service_decorate([
-    withPrototypeForMap(SymmetricCryptoKey, SymmetricCryptoKey.initFromJson),
+    withPrototypeForMap(SymmetricCryptoKey, SymmetricCryptoKey.fromJSON),
     state_service_metadata("design:type", Function),
     state_service_metadata("design:paramtypes", [Object]),
     state_service_metadata("design:returntype", Promise)
@@ -26516,12 +26570,6 @@ state_service_decorate([
     state_service_metadata("design:paramtypes", [Object]),
     state_service_metadata("design:returntype", Promise)
 ], StateService.prototype, "getEventCollection", null);
-state_service_decorate([
-    withPrototype(SymmetricCryptoKey, SymmetricCryptoKey.initFromJson),
-    state_service_metadata("design:type", Function),
-    state_service_metadata("design:paramtypes", [Object]),
-    state_service_metadata("design:returntype", Promise)
-], StateService.prototype, "getLegacyEtmKey", null);
 state_service_decorate([
     withPrototypeForObjectValues(ProviderData),
     state_service_metadata("design:type", Function),
@@ -26984,6 +27032,15 @@ class StateMigrationService {
                         yield this.setCurrentStateVersion(StateVersion.Five);
                         break;
                     }
+                    case StateVersion.Five: {
+                        const authenticatedAccounts = yield this.getAuthenticatedAccounts();
+                        for (const account of authenticatedAccounts) {
+                            const migratedAccount = yield this.migrateAccountFrom5To6(account);
+                            yield this.set(account.profile.userId, migratedAccount);
+                        }
+                        yield this.setCurrentStateVersion(StateVersion.Six);
+                        break;
+                    }
                 }
                 currentStateVersion += 1;
             }
@@ -27054,7 +27111,6 @@ class StateMigrationService {
             const accountSettings = {
                 autoConfirmFingerPrints: (_y = (yield this.get(v1Keys.autoConfirmFingerprints))) !== null && _y !== void 0 ? _y : defaultAccount.settings.autoConfirmFingerPrints,
                 autoFillOnPageLoadDefault: (_z = (yield this.get(v1Keys.autoFillOnPageLoadDefault))) !== null && _z !== void 0 ? _z : defaultAccount.settings.autoFillOnPageLoadDefault,
-                biometricLocked: null,
                 biometricUnlock: (_0 = (yield this.get(v1Keys.biometricUnlock))) !== null && _0 !== void 0 ? _0 : defaultAccount.settings.biometricUnlock,
                 clearClipboard: (_1 = (yield this.get(v1Keys.clearClipboard))) !== null && _1 !== void 0 ? _1 : defaultAccount.settings.clearClipboard,
                 defaultUriMatch: (_2 = (yield this.get(v1Keys.defaultUriMatch))) !== null && _2 !== void 0 ? _2 : defaultAccount.settings.defaultUriMatch,
@@ -27253,6 +27309,13 @@ class StateMigrationService {
             return account;
         });
     }
+    migrateAccountFrom5To6(account) {
+        var _a;
+        return stateMigration_service_awaiter(this, void 0, void 0, function* () {
+            (_a = account.keys) === null || _a === void 0 ? true : delete _a.legacyEtmKey;
+            return account;
+        });
+    }
     get options() {
         return { htmlStorageLocation: HtmlStorageLocation.Local };
     }
@@ -28031,6 +28094,30 @@ class TwoFactorService {
     }
 }
 
+;// CONCATENATED MODULE: ../../libs/common/src/services/userVerification/userVerification-api.service.ts
+var userVerification_api_service_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+class UserVerificationApiService {
+    constructor(apiService) {
+        this.apiService = apiService;
+    }
+    postAccountVerifyOTP(request) {
+        return this.apiService.send("POST", "/accounts/verify-otp", request, true, false);
+    }
+    postAccountRequestOTP() {
+        return userVerification_api_service_awaiter(this, void 0, void 0, function* () {
+            return this.apiService.send("POST", "/accounts/request-otp", null, true, false);
+        });
+    }
+}
+
 ;// CONCATENATED MODULE: ../../libs/common/src/enums/verificationType.ts
 var VerificationType;
 (function (VerificationType) {
@@ -28049,7 +28136,7 @@ class VerifyOTPRequest {
 class SecretVerificationRequest {
 }
 
-;// CONCATENATED MODULE: ../../libs/common/src/services/userVerification.service.ts
+;// CONCATENATED MODULE: ../../libs/common/src/services/userVerification/userVerification.service.ts
 var userVerification_service_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
     return new (P || (P = Promise))(function (resolve, reject) {
@@ -28067,10 +28154,10 @@ var userVerification_service_awaiter = (undefined && undefined.__awaiter) || fun
  * Use it to verify the input collected by UserVerificationComponent.
  */
 class UserVerificationService {
-    constructor(cryptoService, i18nService, apiService) {
+    constructor(cryptoService, i18nService, userVerificationApiService) {
         this.cryptoService = cryptoService;
         this.i18nService = i18nService;
-        this.apiService = apiService;
+        this.userVerificationApiService = userVerificationApiService;
     }
     /**
      * Create a new request model to be used for server-side verification
@@ -28104,7 +28191,7 @@ class UserVerificationService {
             if (verification.type === VerificationType.OTP) {
                 const request = new VerifyOTPRequest(verification.secret);
                 try {
-                    yield this.apiService.postAccountVerifyOTP(request);
+                    yield this.userVerificationApiService.postAccountVerifyOTP(request);
                 }
                 catch (e) {
                     throw new Error(this.i18nService.t("invalidVerificationCode"));
@@ -28121,7 +28208,7 @@ class UserVerificationService {
     }
     requestOTP() {
         return userVerification_service_awaiter(this, void 0, void 0, function* () {
-            yield this.apiService.postAccountRequestOTP();
+            yield this.userVerificationApiService.postAccountRequestOTP();
         });
     }
     validateInput(verification) {
@@ -28209,7 +28296,6 @@ class VaultTimeoutService {
                 yield this.folderService.clearCache();
             }
             yield this.stateService.setEverBeenUnlocked(true, { userId: userId });
-            yield this.stateService.setBiometricLocked(true, { userId: userId });
             yield this.stateService.setCryptoMasterKeyAuto(null, { userId: userId });
             yield this.cryptoService.clearKey(false, userId);
             yield this.cryptoService.clearOrgKeys(true, userId);
@@ -29073,6 +29159,16 @@ class OrganizationConnectionResponse extends BaseResponse {
     }
 }
 
+;// CONCATENATED MODULE: ../../libs/common/src/models/response/organizationExportResponse.ts
+
+class OrganizationExportResponse extends BaseResponse {
+    constructor(response) {
+        super(response);
+        this.collections = this.getResponseProperty("Collections");
+        this.ciphers = this.getResponseProperty("Ciphers");
+    }
+}
+
 ;// CONCATENATED MODULE: ../../libs/common/src/models/response/keysResponse.ts
 
 class KeysResponse extends BaseResponse {
@@ -29528,6 +29624,9 @@ class ProviderOrganizationResponse extends BaseResponse {
         this.settings = this.getResponseProperty("Settings");
         this.creationDate = this.getResponseProperty("CreationDate");
         this.revisionDate = this.getResponseProperty("RevisionDate");
+        this.userCount = this.getResponseProperty("UserCount");
+        this.seats = this.getResponseProperty("Seats");
+        this.plan = this.getResponseProperty("Plan");
     }
 }
 class ProviderOrganizationOrganizationDetailsResponse extends ProviderOrganizationResponse {
@@ -29939,6 +30038,7 @@ var api_service_awaiter = (undefined && undefined.__awaiter) || function (thisAr
 
 
 
+
 
 
 class ApiService {
@@ -30076,9 +30176,6 @@ class ApiService {
     postSecurityStamp(request) {
         return this.send("POST", "/accounts/security-stamp", request, true, false);
     }
-    deleteAccount(request) {
-        return this.send("DELETE", "/accounts", request, true, false);
-    }
     getAccountRevisionDate() {
         return api_service_awaiter(this, void 0, void 0, function* () {
             const r = yield this.send("GET", "/accounts/revision-date", null, true, true);
@@ -30171,12 +30268,6 @@ class ApiService {
     putUpdateTempPassword(request) {
         return this.send("PUT", "/accounts/update-temp-password", request, true, false);
     }
-    postAccountRequestOTP() {
-        return this.send("POST", "/accounts/request-otp", null, true, false);
-    }
-    postAccountVerifyOTP(request) {
-        return this.send("POST", "/accounts/verify-otp", request, true, false);
-    }
     postConvertToKeyConnector() {
         return this.send("POST", "/accounts/convert-to-key-connector", null, true, false);
     }
@@ -30543,45 +30634,6 @@ class ApiService {
     deleteGroupUser(organizationId, id, organizationUserId) {
         return this.send("DELETE", "/organizations/" + organizationId + "/groups/" + id + "/user/" + organizationUserId, null, true, false);
     }
-    // Policy APIs
-    getPolicy(organizationId, type) {
-        return api_service_awaiter(this, void 0, void 0, function* () {
-            const r = yield this.send("GET", "/organizations/" + organizationId + "/policies/" + type, null, true, true);
-            return new PolicyResponse(r);
-        });
-    }
-    getPolicies(organizationId) {
-        return api_service_awaiter(this, void 0, void 0, function* () {
-            const r = yield this.send("GET", "/organizations/" + organizationId + "/policies", null, true, true);
-            return new ListResponse(r, PolicyResponse);
-        });
-    }
-    getPoliciesByToken(organizationId, token, email, organizationUserId) {
-        return api_service_awaiter(this, void 0, void 0, function* () {
-            const r = yield this.send("GET", "/organizations/" +
-                organizationId +
-                "/policies/token?" +
-                "token=" +
-                encodeURIComponent(token) +
-                "&email=" +
-                encodeURIComponent(email) +
-                "&organizationUserId=" +
-                organizationUserId, null, false, true);
-            return new ListResponse(r, PolicyResponse);
-        });
-    }
-    getPoliciesByInvitedUser(organizationId, userId) {
-        return api_service_awaiter(this, void 0, void 0, function* () {
-            const r = yield this.send("GET", "/organizations/" + organizationId + "/policies/invited-user?" + "userId=" + userId, null, false, true);
-            return new ListResponse(r, PolicyResponse);
-        });
-    }
-    putPolicy(organizationId, type, request) {
-        return api_service_awaiter(this, void 0, void 0, function* () {
-            const r = yield this.send("PUT", "/organizations/" + organizationId + "/policies/" + type, request, true, true);
-            return new PolicyResponse(r);
-        });
-    }
     // Organization User APIs
     getOrganizationUser(organizationId, id) {
         return api_service_awaiter(this, void 0, void 0, function* () {
@@ -30664,28 +30716,28 @@ class ApiService {
             return new ListResponse(r, OrganizationUserBulkResponse);
         });
     }
-    deactivateOrganizationUser(organizationId, id) {
-        return this.send("PUT", "/organizations/" + organizationId + "/users/" + id + "/deactivate", null, true, false);
+    revokeOrganizationUser(organizationId, id) {
+        return this.send("PUT", "/organizations/" + organizationId + "/users/" + id + "/revoke", null, true, false);
     }
-    deactivateManyOrganizationUsers(organizationId, request) {
+    revokeManyOrganizationUsers(organizationId, request) {
         return api_service_awaiter(this, void 0, void 0, function* () {
-            const r = yield this.send("PUT", "/organizations/" + organizationId + "/users/deactivate", request, true, true);
+            const r = yield this.send("PUT", "/organizations/" + organizationId + "/users/revoke", request, true, true);
             return new ListResponse(r, OrganizationUserBulkResponse);
         });
     }
-    activateOrganizationUser(organizationId, id) {
-        return this.send("PUT", "/organizations/" + organizationId + "/users/" + id + "/activate", null, true, false);
+    restoreOrganizationUser(organizationId, id) {
+        return this.send("PUT", "/organizations/" + organizationId + "/users/" + id + "/restore", null, true, false);
     }
-    activateManyOrganizationUsers(organizationId, request) {
+    restoreManyOrganizationUsers(organizationId, request) {
         return api_service_awaiter(this, void 0, void 0, function* () {
-            const r = yield this.send("PUT", "/organizations/" + organizationId + "/users/activate", request, true, true);
+            const r = yield this.send("PUT", "/organizations/" + organizationId + "/users/restore", request, true, true);
             return new ListResponse(r, OrganizationUserBulkResponse);
         });
     }
     // Plan APIs
     getPlans() {
         return api_service_awaiter(this, void 0, void 0, function* () {
-            const r = yield this.send("GET", "/plans/", null, true, true);
+            const r = yield this.send("GET", "/plans/", null, false, true);
             return new ListResponse(r, PlanResponse);
         });
     }
@@ -31350,6 +31402,12 @@ class ApiService {
             }
         });
     }
+    getOrganizationExport(organizationId) {
+        return api_service_awaiter(this, void 0, void 0, function* () {
+            const r = yield this.send("GET", "/organizations/" + organizationId + "/export", null, true, true);
+            return new OrganizationExportResponse(r);
+        });
+    }
     // Helpers
     getActiveBearerToken() {
         return api_service_awaiter(this, void 0, void 0, function* () {
@@ -32650,7 +32708,7 @@ class CliUtils {
         return this.flags[flag] == null || this.flags[flag];
     }
     static get flags() {
-        const envFlags = {"serve":true};
+        const envFlags = {};
         if (typeof envFlags === "string") {
             return JSON.parse(envFlags);
         }
@@ -34316,6 +34374,7 @@ var download_command_awaiter = (undefined && undefined.__awaiter) || function (t
 
 
 
+
 class DownloadCommand {
     constructor(cryptoService) {
         this.cryptoService = cryptoService;
@@ -34327,8 +34386,8 @@ class DownloadCommand {
                 return Response.error("A " + response.status + " error occurred while downloading the attachment.");
             }
             try {
-                const buf = yield response.arrayBuffer();
-                const decBuf = yield this.cryptoService.decryptFromBytes(buf, key);
+                const encBuf = yield EncArrayBuffer.fromResponse(response);
+                const decBuf = yield this.cryptoService.decryptFromBytes(encBuf, key);
                 if (process.env.BW_SERVE === "true") {
                     const res = new FileResponse(Buffer.from(decBuf), fileName);
                     return Response.success(res);
@@ -35935,6 +35994,7 @@ var serve_command_awaiter = (undefined && undefined.__awaiter) || function (this
 
 
 
+
 
 
 class ServeCommand {
@@ -35962,13 +36022,27 @@ class ServeCommand {
     }
     run(options) {
         return serve_command_awaiter(this, void 0, void 0, function* () {
+            const protectOrigin = !options.disableOriginProtection;
             const port = options.port || 8087;
             const hostname = options.hostname || "localhost";
+            this.main.logService.info(`Starting server on ${hostname}:${port} with ${protectOrigin ? "origin protection" : "no origin protection"}`);
             const server = new external_koa_namespaceObject();
             const router = new router_namespaceObject();
             process.env.BW_SERVE = "true";
             process.env.BW_NOINTERACTION = "true";
-            server.use(external_koa_bodyparser_namespaceObject()).use(external_koa_json_namespaceObject({ pretty: false, param: "pretty" }));
+            server
+                .use((ctx, next) => serve_command_awaiter(this, void 0, void 0, function* () {
+                if (protectOrigin && ctx.headers.origin != undefined) {
+                    ctx.status = 403;
+                    this.main.logService.warning(`Blocking request from "${Utils.isNullOrEmpty(ctx.headers.origin)
+                        ? "(Origin header value missing)"
+                        : ctx.headers.origin}"`);
+                    return;
+                }
+                yield next();
+            }))
+                .use(external_koa_bodyparser_namespaceObject())
+                .use(external_koa_json_namespaceObject({ pretty: false, param: "pretty" }));
             router.get("/generate", (ctx, next) => serve_command_awaiter(this, void 0, void 0, function* () {
                 const response = yield this.generateCommand.run(ctx.request.query);
                 this.processResponse(ctx.response, response);
@@ -36389,7 +36463,7 @@ class Program extends BaseProgram {
                 writeLn("", true);
             })
                 .action((cmd) => program_awaiter(this, void 0, void 0, function* () {
-                yield this.exitIfLocked();
+                yield this.exitIfNotAuthed();
                 const command = new SyncCommand(this.main.syncService);
                 const response = yield command.run(cmd);
                 this.processResponse(response);
@@ -36540,31 +36614,30 @@ class Program extends BaseProgram {
                 const response = yield command.run();
                 this.processResponse(response);
             }));
-            if (CliUtils.flagEnabled("serve")) {
-                external_commander_namespaceObject.command("serve")
-                    .description("Start a RESTful API webserver.")
-                    .option("--hostname <hostname>", "The hostname to bind your API webserver to.")
-                    .option("--port <port>", "The port to run your API webserver on.")
-                    .on("--help", () => {
-                    writeLn("\n  Notes:");
-                    writeLn("");
-                    writeLn("    Default hostname is `localhost`.");
-                    writeLn("    Use hostname `all` for no hostname binding.");
-                    writeLn("    Default port is `8087`.");
-                    writeLn("");
-                    writeLn("  Examples:");
-                    writeLn("");
-                    writeLn("    bw serve");
-                    writeLn("    bw serve --port 8080");
-                    writeLn("    bw serve --hostname bwapi.mydomain.com --port 80");
-                    writeLn("", true);
-                })
-                    .action((cmd) => program_awaiter(this, void 0, void 0, function* () {
-                    yield this.exitIfNotAuthed();
-                    const command = new ServeCommand(this.main);
-                    yield command.run(cmd);
-                }));
-            }
+            external_commander_namespaceObject.command("serve")
+                .description("Start a RESTful API webserver.")
+                .option("--hostname <hostname>", "The hostname to bind your API webserver to.")
+                .option("--port <port>", "The port to run your API webserver on.")
+                .option("--disable-origin-protection", "If set, allows requests with origin header. Not recommended!")
+                .on("--help", () => {
+                writeLn("\n  Notes:");
+                writeLn("");
+                writeLn("    Default hostname is `localhost`.");
+                writeLn("    Use hostname `all` for no hostname binding.");
+                writeLn("    Default port is `8087`.");
+                writeLn("");
+                writeLn("  Examples:");
+                writeLn("");
+                writeLn("    bw serve");
+                writeLn("    bw serve --port 8080");
+                writeLn("    bw serve --hostname bwapi.mydomain.com --port 80");
+                writeLn("", true);
+            })
+                .action((cmd) => program_awaiter(this, void 0, void 0, function* () {
+                yield this.exitIfNotAuthed();
+                const command = new ServeCommand(this.main);
+                yield command.run(cmd);
+            }));
         });
     }
     processResponse(response, exitImmediately = false) {
@@ -37165,6 +37238,7 @@ class i18n_service_I18nService {
             ["eo", "Esperanto"],
             ["es", "español"],
             ["et", "eesti"],
+            ["eu", "euskara"],
             ["fa", "فارسی"],
             ["fi", "suomi"],
             ["fil", "Wikang Filipino"],
@@ -37538,6 +37612,7 @@ var nodeEnvSecureStorage_service_awaiter = (undefined && undefined.__awaiter) ||
 };
 
 
+
 class NodeEnvSecureStorageService {
     constructor(storageService, logService, cryptoService) {
         this.storageService = storageService;
@@ -37594,7 +37669,8 @@ class NodeEnvSecureStorageService {
                 if (sessionKey == null) {
                     return null;
                 }
-                const decValue = yield this.cryptoService().decryptFromBytes(Utils.fromB64ToArray(encValue).buffer, sessionKey);
+                const encBuf = EncArrayBuffer.fromB64(encValue);
+                const decValue = yield this.cryptoService().decryptFromBytes(encBuf, sessionKey);
                 if (decValue == null) {
                     this.logService.info("Failed to decrypt.");
                     return null;
@@ -38301,6 +38377,7 @@ var bw_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _argum
 
 
 
+
 
 
 // Polyfills
@@ -38361,7 +38438,7 @@ class Main {
         this.searchService = new SearchService(this.cipherService, this.logService, this.i18nService);
         this.providerService = new ProviderService(this.stateService);
         this.organizationService = new OrganizationService(this.stateService);
-        this.policyService = new PolicyService(this.stateService, this.organizationService, this.apiService);
+        this.policyService = new PolicyService(this.stateService, this.organizationService);
         this.sendService = new SendService(this.cryptoService, this.apiService, this.fileUploadService, this.i18nService, this.cryptoFunctionService, this.stateService);
         this.keyConnectorService = new KeyConnectorService(this.stateService, this.cryptoService, this.apiService, this.tokenService, this.logService, this.organizationService, this.cryptoFunctionService, (expired) => bw_awaiter(this, void 0, void 0, function* () { return yield this.logout(); }));
         this.twoFactorService = new TwoFactorService(this.i18nService, this.platformUtilsService);
@@ -38377,7 +38454,8 @@ class Main {
         this.program = new Program(this);
         this.vaultProgram = new VaultProgram(this);
         this.sendProgram = new SendProgram(this);
-        this.userVerificationService = new UserVerificationService(this.cryptoService, this.i18nService, this.apiService);
+        this.userVerificationApiService = new UserVerificationApiService(this.apiService);
+        this.userVerificationService = new UserVerificationService(this.cryptoService, this.i18nService, this.userVerificationApiService);
     }
     run() {
         return bw_awaiter(this, void 0, void 0, function* () {
@@ -38415,7 +38493,7 @@ class Main {
         return bw_awaiter(this, void 0, void 0, function* () {
             yield this.storageService.init();
             yield this.stateService.init();
-            this.containerService.attachToWindow(global);
+            this.containerService.attachToGlobal(global);
             yield this.environmentService.setUrlsFromStorage();
             const locale = yield this.stateService.getLocale();
             yield this.i18nService.init(locale);