npm - @bitwarden/cli - Versions diffs - 2023.10.0 → 2023.12.0 - Mend

@bitwarden/cli 2023.10.0 → 2023.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/build/bw.js CHANGED Viewed

@@ -20,7 +20,7 @@ module.exports = require("url");
 /***/ 147:
 /***/ ((module) => {
-module.exports = JSON.parse('{"name":"@bitwarden/cli","description":"A secure and free password manager for all of your devices.","version":"2023.10.0","keywords":["bitwarden","password","vault","password manager","cli"],"author":"Bitwarden Inc. <hello@bitwarden.com> (https://bitwarden.com)","homepage":"https://bitwarden.com","repository":{"type":"git","url":"https://github.com/bitwarden/clients"},"license":"GPL-3.0-only","scripts":{"clean":"rimraf dist","build":"webpack","build:debug":"npm run build && node --inspect ./build/bw.js","build:watch":"webpack --watch","build:prod":"cross-env NODE_ENV=production webpack","build:prod:watch":"cross-env NODE_ENV=production webpack --watch","package":"npm run package:win && npm run package:mac && npm run package:lin","package:win":"pkg . --targets win-x64 --output ./dist/windows/bw.exe","package:mac":"pkg . --targets macos-x64 --output ./dist/macos/bw","package:lin":"pkg . --targets linux-x64 --output ./dist/linux/bw","debug":"node --inspect ./build/bw.js","dist":"npm run build:prod && npm run clean && npm run package","dist:win":"npm run build:prod && npm run clean && npm run package:win","dist:mac":"npm run build:prod && npm run clean && npm run package:mac","dist:lin":"npm run build:prod && npm run clean && npm run package:lin","publish:npm":"npm run build:prod && npm publish --access public","test":"jest","test:watch":"jest --watch","test:watch:all":"jest --watchAll"},"bin":{"bw":"build/bw.js"},"pkg":{"assets":["./build/**/*","../../node_modules/argon2/**/*"]},"dependencies":{"@koa/multer":"3.0.2","@koa/router":"12.0.0","argon2":"0.31.0","big-integer":"1.6.51","browser-hrtime":"1.1.8","chalk":"4.1.2","commander":"7.2.0","form-data":"4.0.0","https-proxy-agent":"5.0.1","inquirer":"8.2.6","jsdom":"22.1.0","jszip":"3.10.1","koa":"2.14.2","koa-bodyparser":"4.4.1","koa-json":"2.0.2","lowdb":"1.0.0","lunr":"2.3.9","multer":"1.4.5-lts.1","node-fetch":"2.6.12","node-forge":"1.3.1","open":"8.4.2","papaparse":"5.4.1","proper-lockfile":"4.1.2","rxjs":"7.8.1","tldts":"6.0.14","zxcvbn":"4.4.2"}}');
+module.exports = JSON.parse('{"name":"@bitwarden/cli","description":"A secure and free password manager for all of your devices.","version":"2023.12.0","keywords":["bitwarden","password","vault","password manager","cli"],"author":"Bitwarden Inc. <hello@bitwarden.com> (https://bitwarden.com)","homepage":"https://bitwarden.com","repository":{"type":"git","url":"https://github.com/bitwarden/clients"},"license":"GPL-3.0-only","scripts":{"clean":"rimraf dist","build":"webpack","build:debug":"npm run build && node --inspect ./build/bw.js","build:watch":"webpack --watch","build:prod":"cross-env NODE_ENV=production webpack","build:prod:watch":"cross-env NODE_ENV=production webpack --watch","package":"npm run package:win && npm run package:mac && npm run package:lin","package:win":"pkg . --targets win-x64 --output ./dist/windows/bw.exe","package:mac":"pkg . --targets macos-x64 --output ./dist/macos/bw","package:lin":"pkg . --targets linux-x64 --output ./dist/linux/bw","debug":"node --inspect ./build/bw.js","dist":"npm run build:prod && npm run clean && npm run package","dist:win":"npm run build:prod && npm run clean && npm run package:win","dist:mac":"npm run build:prod && npm run clean && npm run package:mac","dist:lin":"npm run build:prod && npm run clean && npm run package:lin","publish:npm":"npm run build:prod && npm publish --access public","test":"jest","test:watch":"jest --watch","test:watch:all":"jest --watchAll"},"bin":{"bw":"build/bw.js"},"pkg":{"assets":["./build/**/*","../../node_modules/argon2/**/*"]},"dependencies":{"@koa/multer":"3.0.2","@koa/router":"12.0.0","argon2":"0.31.0","big-integer":"1.6.51","browser-hrtime":"1.1.8","chalk":"4.1.2","commander":"7.2.0","form-data":"4.0.0","https-proxy-agent":"5.0.1","inquirer":"8.2.6","jsdom":"22.1.0","jszip":"3.10.1","koa":"2.14.2","koa-bodyparser":"4.4.1","koa-json":"2.0.2","lowdb":"1.0.0","lunr":"2.3.9","multer":"1.4.5-lts.1","node-fetch":"2.6.12","node-forge":"1.3.1","open":"8.4.2","papaparse":"5.4.1","proper-lockfile":"4.1.2","rxjs":"7.8.1","tldts":"6.0.14","zxcvbn":"4.4.2"}}');
 /***/ })
@@ -373,7 +373,7 @@ class PlanResponse extends BaseResponse {
         this.hasResetPassword = this.getResponseProperty("HasResetPassword");
         this.usersGetPremium = this.getResponseProperty("UsersGetPremium");
         this.upgradeSortOrder = this.getResponseProperty("UpgradeSortOrder");
-        this.displaySortOrder = this.getResponseProperty("SortOrder");
+        this.displaySortOrder = this.getResponseProperty("DisplaySortOrder");
         this.legacyYear = this.getResponseProperty("LegacyYear");
         this.disabled = this.getResponseProperty("Disabled");
         const passwordManager = this.getResponseProperty("PasswordManager");
@@ -462,6 +462,7 @@ class OrganizationResponse extends BaseResponse {
         this.smServiceAccounts = this.getResponseProperty("SmServiceAccounts");
         this.maxAutoscaleSmSeats = this.getResponseProperty("MaxAutoscaleSmSeats");
         this.maxAutoscaleSmServiceAccounts = this.getResponseProperty("MaxAutoscaleSmServiceAccounts");
+        this.limitCollectionCreationDeletion = this.getResponseProperty("LimitCollectionCreationDeletion");
     }
 }
@@ -478,13 +479,11 @@ class SubscriptionResponse extends BaseResponse {
         this.usingInAppPurchase = this.getResponseProperty("UsingInAppPurchase");
         const subscription = this.getResponseProperty("Subscription");
         const upcomingInvoice = this.getResponseProperty("UpcomingInvoice");
-        const discount = this.getResponseProperty("Discount");
         this.subscription = subscription == null ? null : new BillingSubscriptionResponse(subscription);
         this.upcomingInvoice =
             upcomingInvoice == null
                 ? null
                 : new BillingSubscriptionUpcomingInvoiceResponse(upcomingInvoice);
-        this.discount = discount == null ? null : new BillingCustomerDiscount(discount);
     }
 }
 class BillingSubscriptionResponse extends BaseResponse {
@@ -523,17 +522,11 @@ class BillingSubscriptionUpcomingInvoiceResponse extends BaseResponse {
         this.amount = this.getResponseProperty("Amount");
     }
 }
-class BillingCustomerDiscount extends BaseResponse {
-    constructor(response) {
-        super(response);
-        this.id = this.getResponseProperty("Id");
-        this.active = this.getResponseProperty("Active");
-    }
-}
 ;// CONCATENATED MODULE: ../../libs/common/src/billing/models/response/organization-subscription.response.ts
 class OrganizationSubscriptionResponse extends OrganizationResponse {
     constructor(response) {
         super(response);
@@ -546,13 +539,26 @@ class OrganizationSubscriptionResponse extends OrganizationResponse {
             upcomingInvoice == null
                 ? null
                 : new BillingSubscriptionUpcomingInvoiceResponse(upcomingInvoice);
-        const discount = this.getResponseProperty("Discount");
-        this.discount = discount == null ? null : new BillingCustomerDiscount(discount);
+        const customerDiscount = this.getResponseProperty("CustomerDiscount");
+        this.customerDiscount =
+            customerDiscount == null ? null : new BillingCustomerDiscount(customerDiscount);
         this.expiration = this.getResponseProperty("Expiration");
         this.expirationWithoutGracePeriod = this.getResponseProperty("ExpirationWithoutGracePeriod");
         this.secretsManagerBeta = this.getResponseProperty("SecretsManagerBeta");
     }
 }
+class BillingCustomerDiscount extends BaseResponse {
+    constructor(response) {
+        super(response);
+        this.discountPrice = (price) => {
+            const discount = this !== null && this.active ? price * (this.percentOff / 100) : 0;
+            return price - discount;
+        };
+        this.id = this.getResponseProperty("Id");
+        this.active = this.getResponseProperty("Active");
+        this.percentOff = this.getResponseProperty("PercentOff");
+    }
+}
 ;// CONCATENATED MODULE: ../../libs/common/src/admin-console/models/api/permissions.api.ts
@@ -637,6 +643,7 @@ class ProfileOrganizationResponse extends BaseResponse {
         }
         this.familySponsorshipToDelete = this.getResponseProperty("FamilySponsorshipToDelete");
         this.accessSecretsManager = this.getResponseProperty("AccessSecretsManager");
+        this.limitCollectionCreationDeletion = this.getResponseProperty("LimitCollectionCreationDeletion");
     }
 }
@@ -1006,6 +1013,14 @@ class OrganizationApiService {
             return new ProfileOrganizationResponse(r);
         });
     }
+    updateCollectionManagement(id, request) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const r = yield this.apiService.send("PUT", "/organizations/" + id + "/collection-management", request, true, true);
+            const data = new OrganizationResponse(r);
+            yield this.syncService.fullSync(true);
+            return data;
+        });
+    }
 }
 ;// CONCATENATED MODULE: external "rxjs"
@@ -1143,6 +1158,36 @@ class utils_Utils {
                 .join("");
         }
     }
+    /**
+     * Converts a hex string to an ArrayBuffer.
+     * Note: this doesn't need any Node specific code as parseInt() / ArrayBuffer / Uint8Array
+     * work the same in Node and the browser.
+     * @param {string} hexString - A string of hexadecimal characters.
+     * @returns {ArrayBuffer} The ArrayBuffer representation of the hex string.
+     */
+    static hexStringToArrayBuffer(hexString) {
+        // Check if the hexString has an even length, as each hex digit represents half a byte (4 bits),
+        // and it takes two hex digits to represent a full byte (8 bits).
+        if (hexString.length % 2 !== 0) {
+            throw "HexString has to be an even length";
+        }
+        // Create an ArrayBuffer with a length that is half the length of the hex string,
+        // because each pair of hex digits will become a single byte.
+        const arrayBuffer = new ArrayBuffer(hexString.length / 2);
+        // Create a Uint8Array view on top of the ArrayBuffer (each position represents a byte)
+        // as ArrayBuffers cannot be edited directly.
+        const uint8Array = new Uint8Array(arrayBuffer);
+        // Loop through the bytes
+        for (let i = 0; i < uint8Array.length; i++) {
+            // Extract two hex characters (1 byte)
+            const hexByte = hexString.substr(i * 2, 2);
+            // Convert hexByte into a decimal value from base 16. (ex: ff --> 255)
+            const byteValue = parseInt(hexByte, 16);
+            // Place the byte value into the uint8Array
+            uint8Array[i] = byteValue;
+        }
+        return arrayBuffer;
+    }
     static fromUrlB64ToB64(urlB64Str) {
         let output = urlB64Str.replace(/-/g, "+").replace(/_/g, "/");
         switch (output.length % 4) {
@@ -1243,7 +1288,10 @@ class utils_Utils {
             return null;
         }
         try {
-            const parseResult = (0,external_tldts_namespaceObject.parse)(uriString, { validHosts: this.validHosts });
+            const parseResult = (0,external_tldts_namespaceObject.parse)(uriString, {
+                validHosts: this.validHosts,
+                allowPrivateDomains: true,
+            });
             if (parseResult != null && parseResult.hostname != null) {
                 if (parseResult.hostname === "localhost" || parseResult.isIp) {
                     return parseResult.hostname;
@@ -1590,6 +1638,9 @@ var DeviceType;
     DeviceType[DeviceType["SafariExtension"] = 20] = "SafariExtension";
     DeviceType[DeviceType["SDK"] = 21] = "SDK";
     DeviceType[DeviceType["Server"] = 22] = "Server";
+    DeviceType[DeviceType["WindowsCLI"] = 23] = "WindowsCLI";
+    DeviceType[DeviceType["MacOsCLI"] = 24] = "MacOsCLI";
+    DeviceType[DeviceType["LinuxCLI"] = 25] = "LinuxCLI";
 })(DeviceType || (DeviceType = {}));
 const MobileDeviceTypes = new Set([
     DeviceType.Android,
@@ -1601,6 +1652,9 @@ const DesktopDeviceTypes = new Set([
     DeviceType.MacOsDesktop,
     DeviceType.LinuxDesktop,
     DeviceType.UWP,
+    DeviceType.WindowsCLI,
+    DeviceType.MacOsCLI,
+    DeviceType.LinuxCLI,
 ]);
 ;// CONCATENATED MODULE: ../../libs/common/src/enums/encrypted-export-type.enum.ts
@@ -2217,6 +2271,7 @@ var ProductType;
     ProductType[ProductType["Families"] = 1] = "Families";
     ProductType[ProductType["Teams"] = 2] = "Teams";
     ProductType[ProductType["Enterprise"] = 3] = "Enterprise";
+    ProductType[ProductType["TeamsStarter"] = 4] = "TeamsStarter";
 })(ProductType || (ProductType = {}));
 ;// CONCATENATED MODULE: ../../libs/common/src/enums/provider-type.enum.ts
@@ -2428,6 +2483,7 @@ class Organization {
         this.familySponsorshipValidUntil = obj.familySponsorshipValidUntil;
         this.familySponsorshipToDelete = obj.familySponsorshipToDelete;
         this.accessSecretsManager = obj.accessSecretsManager;
+        this.limitCollectionCreationDeletion = obj.limitCollectionCreationDeletion;
     }
     get canAccess() {
         if (this.isOwner) {
@@ -2463,7 +2519,9 @@ class Organization {
         return this.isAdmin || this.permissions.accessReports;
     }
     get canCreateNewCollections() {
-        return this.isManager || this.permissions.createNewCollections;
+        return (!this.limitCollectionCreationDeletion ||
+            this.isManager ||
+            this.permissions.createNewCollections);
     }
     get canEditAnyCollection() {
         return this.isAdmin || this.permissions.editAnyCollection;
@@ -2533,6 +2591,9 @@ class Organization {
     get hasProvider() {
         return this.providerId != null || this.providerName != null;
     }
+    get hasReseller() {
+        return this.hasProvider && this.providerType === ProviderType.Reseller;
+    }
     get canAccessSecretsManager() {
         return this.useSecretsManager && this.accessSecretsManager;
     }
@@ -2657,6 +2718,300 @@ class organization_service_OrganizationService {
     }
 }
+;// CONCATENATED MODULE: ../../libs/common/src/admin-console/models/response/selection-read-only.response.ts
+class SelectionReadOnlyResponse extends BaseResponse {
+    constructor(response) {
+        super(response);
+        this.id = this.getResponseProperty("Id");
+        this.readOnly = this.getResponseProperty("ReadOnly");
+        this.hidePasswords = this.getResponseProperty("HidePasswords");
+        this.manage = this.getResponseProperty("Manage");
+    }
+}
+;// CONCATENATED MODULE: ../../libs/common/src/admin-console/abstractions/organization-user/responses/organization-user.response.ts
+class OrganizationUserResponse extends BaseResponse {
+    constructor(response) {
+        super(response);
+        this.collections = [];
+        this.groups = [];
+        this.id = this.getResponseProperty("Id");
+        this.userId = this.getResponseProperty("UserId");
+        this.type = this.getResponseProperty("Type");
+        this.status = this.getResponseProperty("Status");
+        this.permissions = new PermissionsApi(this.getResponseProperty("Permissions"));
+        this.externalId = this.getResponseProperty("ExternalId");
+        this.accessAll = this.getResponseProperty("AccessAll");
+        this.accessSecretsManager = this.getResponseProperty("AccessSecretsManager");
+        this.resetPasswordEnrolled = this.getResponseProperty("ResetPasswordEnrolled");
+        this.hasMasterPassword = this.getResponseProperty("HasMasterPassword");
+        const collections = this.getResponseProperty("Collections");
+        if (collections != null) {
+            this.collections = collections.map((c) => new SelectionReadOnlyResponse(c));
+        }
+        const groups = this.getResponseProperty("Groups");
+        if (groups != null) {
+            this.groups = groups;
+        }
+    }
+}
+class OrganizationUserUserDetailsResponse extends OrganizationUserResponse {
+    constructor(response) {
+        var _a;
+        super(response);
+        this.name = this.getResponseProperty("Name");
+        this.email = this.getResponseProperty("Email");
+        this.avatarColor = this.getResponseProperty("AvatarColor");
+        this.twoFactorEnabled = this.getResponseProperty("TwoFactorEnabled");
+        this.usesKeyConnector = (_a = this.getResponseProperty("UsesKeyConnector")) !== null && _a !== void 0 ? _a : false;
+    }
+}
+class OrganizationUserDetailsResponse extends OrganizationUserResponse {
+    constructor(response) {
+        super(response);
+    }
+}
+class OrganizationUserResetPasswordDetailsResponse extends BaseResponse {
+    constructor(response) {
+        super(response);
+        this.kdf = this.getResponseProperty("Kdf");
+        this.kdfIterations = this.getResponseProperty("KdfIterations");
+        this.kdfMemory = this.getResponseProperty("KdfMemory");
+        this.kdfParallelism = this.getResponseProperty("KdfParallelism");
+        this.resetPasswordKey = this.getResponseProperty("ResetPasswordKey");
+        this.encryptedPrivateKey = this.getResponseProperty("EncryptedPrivateKey");
+    }
+}
+;// CONCATENATED MODULE: ../../libs/common/src/admin-console/abstractions/organization-user/responses/organization-user-bulk.response.ts
+class OrganizationUserBulkResponse extends BaseResponse {
+    constructor(response) {
+        super(response);
+        this.id = this.getResponseProperty("Id");
+        this.error = this.getResponseProperty("Error");
+    }
+}
+;// CONCATENATED MODULE: ../../libs/common/src/admin-console/abstractions/organization-user/responses/organization-user-bulk-public-key.response.ts
+class OrganizationUserBulkPublicKeyResponse extends BaseResponse {
+    constructor(response) {
+        super(response);
+        this.id = this.getResponseProperty("Id");
+        this.userId = this.getResponseProperty("UserId");
+        this.key = this.getResponseProperty("Key");
+    }
+}
+;// CONCATENATED MODULE: ../../libs/common/src/admin-console/services/organization-user/requests/organization-user-bulk.request.ts
+class OrganizationUserBulkRequest {
+    constructor(ids) {
+        this.ids = ids == null ? [] : ids;
+    }
+}
+;// CONCATENATED MODULE: ../../libs/common/src/admin-console/services/organization-user/organization-user.service.implementation.ts
+var organization_user_service_implementation_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+class OrganizationUserServiceImplementation {
+    constructor(apiService) {
+        this.apiService = apiService;
+    }
+    getOrganizationUser(organizationId, id, options) {
+        return organization_user_service_implementation_awaiter(this, void 0, void 0, function* () {
+            const params = new URLSearchParams();
+            if (options === null || options === void 0 ? void 0 : options.includeGroups) {
+                params.set("includeGroups", "true");
+            }
+            const r = yield this.apiService.send("GET", `/organizations/${organizationId}/users/${id}?${params.toString()}`, null, true, true);
+            return new OrganizationUserDetailsResponse(r);
+        });
+    }
+    getOrganizationUserGroups(organizationId, id) {
+        return organization_user_service_implementation_awaiter(this, void 0, void 0, function* () {
+            const r = yield this.apiService.send("GET", "/organizations/" + organizationId + "/users/" + id + "/groups", null, true, true);
+            return r;
+        });
+    }
+    getAllUsers(organizationId, options) {
+        return organization_user_service_implementation_awaiter(this, void 0, void 0, function* () {
+            const params = new URLSearchParams();
+            if (options === null || options === void 0 ? void 0 : options.includeCollections) {
+                params.set("includeCollections", "true");
+            }
+            if (options === null || options === void 0 ? void 0 : options.includeGroups) {
+                params.set("includeGroups", "true");
+            }
+            const r = yield this.apiService.send("GET", `/organizations/${organizationId}/users?${params.toString()}`, null, true, true);
+            return new ListResponse(r, OrganizationUserUserDetailsResponse);
+        });
+    }
+    getOrganizationUserResetPasswordDetails(organizationId, id) {
+        return organization_user_service_implementation_awaiter(this, void 0, void 0, function* () {
+            const r = yield this.apiService.send("GET", "/organizations/" + organizationId + "/users/" + id + "/reset-password-details", null, true, true);
+            return new OrganizationUserResetPasswordDetailsResponse(r);
+        });
+    }
+    postOrganizationUserInvite(organizationId, request) {
+        return this.apiService.send("POST", "/organizations/" + organizationId + "/users/invite", request, true, false);
+    }
+    postOrganizationUserReinvite(organizationId, id) {
+        return this.apiService.send("POST", "/organizations/" + organizationId + "/users/" + id + "/reinvite", null, true, false);
+    }
+    postManyOrganizationUserReinvite(organizationId, ids) {
+        return organization_user_service_implementation_awaiter(this, void 0, void 0, function* () {
+            const r = yield this.apiService.send("POST", "/organizations/" + organizationId + "/users/reinvite", new OrganizationUserBulkRequest(ids), true, true);
+            return new ListResponse(r, OrganizationUserBulkResponse);
+        });
+    }
+    postOrganizationUserAcceptInit(organizationId, id, request) {
+        return this.apiService.send("POST", "/organizations/" + organizationId + "/users/" + id + "/accept-init", request, true, false);
+    }
+    postOrganizationUserAccept(organizationId, id, request) {
+        return this.apiService.send("POST", "/organizations/" + organizationId + "/users/" + id + "/accept", request, true, false);
+    }
+    postOrganizationUserConfirm(organizationId, id, request) {
+        return this.apiService.send("POST", "/organizations/" + organizationId + "/users/" + id + "/confirm", request, true, false);
+    }
+    postOrganizationUsersPublicKey(organizationId, ids) {
+        return organization_user_service_implementation_awaiter(this, void 0, void 0, function* () {
+            const r = yield this.apiService.send("POST", "/organizations/" + organizationId + "/users/public-keys", new OrganizationUserBulkRequest(ids), true, true);
+            return new ListResponse(r, OrganizationUserBulkPublicKeyResponse);
+        });
+    }
+    postOrganizationUserBulkConfirm(organizationId, request) {
+        return organization_user_service_implementation_awaiter(this, void 0, void 0, function* () {
+            const r = yield this.apiService.send("POST", "/organizations/" + organizationId + "/users/confirm", request, true, true);
+            return new ListResponse(r, OrganizationUserBulkResponse);
+        });
+    }
+    putOrganizationUserBulkEnableSecretsManager(organizationId, ids) {
+        return organization_user_service_implementation_awaiter(this, void 0, void 0, function* () {
+            yield this.apiService.send("PUT", "/organizations/" + organizationId + "/users/enable-secrets-manager", new OrganizationUserBulkRequest(ids), true, false);
+        });
+    }
+    putOrganizationUser(organizationId, id, request) {
+        return this.apiService.send("PUT", "/organizations/" + organizationId + "/users/" + id, request, true, false);
+    }
+    putOrganizationUserGroups(organizationId, id, request) {
+        return this.apiService.send("PUT", "/organizations/" + organizationId + "/users/" + id + "/groups", request, true, false);
+    }
+    putOrganizationUserResetPasswordEnrollment(organizationId, userId, request) {
+        return this.apiService.send("PUT", "/organizations/" + organizationId + "/users/" + userId + "/reset-password-enrollment", request, true, false);
+    }
+    putOrganizationUserResetPassword(organizationId, id, request) {
+        return this.apiService.send("PUT", "/organizations/" + organizationId + "/users/" + id + "/reset-password", request, true, false);
+    }
+    deleteOrganizationUser(organizationId, id) {
+        return this.apiService.send("DELETE", "/organizations/" + organizationId + "/users/" + id, null, true, false);
+    }
+    deleteManyOrganizationUsers(organizationId, ids) {
+        return organization_user_service_implementation_awaiter(this, void 0, void 0, function* () {
+            const r = yield this.apiService.send("DELETE", "/organizations/" + organizationId + "/users", new OrganizationUserBulkRequest(ids), true, true);
+            return new ListResponse(r, OrganizationUserBulkResponse);
+        });
+    }
+    revokeOrganizationUser(organizationId, id) {
+        return this.apiService.send("PUT", "/organizations/" + organizationId + "/users/" + id + "/revoke", null, true, false);
+    }
+    revokeManyOrganizationUsers(organizationId, ids) {
+        return organization_user_service_implementation_awaiter(this, void 0, void 0, function* () {
+            const r = yield this.apiService.send("PUT", "/organizations/" + organizationId + "/users/revoke", new OrganizationUserBulkRequest(ids), true, true);
+            return new ListResponse(r, OrganizationUserBulkResponse);
+        });
+    }
+    restoreOrganizationUser(organizationId, id) {
+        return this.apiService.send("PUT", "/organizations/" + organizationId + "/users/" + id + "/restore", null, true, false);
+    }
+    restoreManyOrganizationUsers(organizationId, ids) {
+        return organization_user_service_implementation_awaiter(this, void 0, void 0, function* () {
+            const r = yield this.apiService.send("PUT", "/organizations/" + organizationId + "/users/restore", new OrganizationUserBulkRequest(ids), true, true);
+            return new ListResponse(r, OrganizationUserBulkResponse);
+        });
+    }
+}
+;// CONCATENATED MODULE: ../../libs/common/src/models/response/error.response.ts
+class ErrorResponse extends BaseResponse {
+    constructor(response, status, identityResponse) {
+        var _a, _b;
+        super(response);
+        let errorModel = null;
+        if (response != null) {
+            const responseErrorModel = this.getResponseProperty("ErrorModel");
+            if (responseErrorModel && identityResponse) {
+                errorModel = responseErrorModel;
+            }
+            else {
+                errorModel = response;
+            }
+        }
+        if (status === 429) {
+            this.message = "Rate limit exceeded. Try again later.";
+        }
+        else if (errorModel) {
+            this.message = this.getResponseProperty("Message", errorModel);
+            this.validationErrors = this.getResponseProperty("ValidationErrors", errorModel);
+            this.captchaSiteKey = (_b = (_a = this.validationErrors) === null || _a === void 0 ? void 0 : _a.HCaptcha_SiteKey) === null || _b === void 0 ? void 0 : _b[0];
+            this.captchaRequired = !utils_Utils.isNullOrWhitespace(this.captchaSiteKey);
+        }
+        this.statusCode = status;
+    }
+    getSingleMessage() {
+        if (this.validationErrors == null) {
+            return this.message;
+        }
+        for (const key in this.validationErrors) {
+            // eslint-disable-next-line
+            if (!this.validationErrors.hasOwnProperty(key)) {
+                continue;
+            }
+            if (this.validationErrors[key].length) {
+                return this.validationErrors[key][0];
+            }
+        }
+        return this.message;
+    }
+    getAllMessages() {
+        const messages = [];
+        if (this.validationErrors == null) {
+            return messages;
+        }
+        for (const key in this.validationErrors) {
+            // eslint-disable-next-line
+            if (!this.validationErrors.hasOwnProperty(key)) {
+                continue;
+            }
+            this.validationErrors[key].forEach((item) => {
+                let prefix = "";
+                if (key.indexOf("[") > -1 && key.indexOf("]") > -1) {
+                    const lastSep = key.lastIndexOf(".");
+                    prefix = key.substr(0, lastSep > -1 ? lastSep : key.length) + ": ";
+                }
+                messages.push(prefix + item);
+            });
+        }
+        return messages;
+    }
+}
 ;// CONCATENATED MODULE: ../../libs/common/src/admin-console/models/data/policy.data.ts
 class PolicyData {
     constructor(response) {
@@ -2696,6 +3051,8 @@ var policy_api_service_awaiter = (undefined && undefined.__awaiter) || function
 class PolicyApiService {
     constructor(policyService, apiService, stateService) {
         this.policyService = policyService;
@@ -2728,18 +3085,30 @@ class PolicyApiService {
             return new ListResponse(r, PolicyResponse);
         });
     }
-    getPoliciesByInvitedUser(organizationId, userId) {
+    getMasterPasswordPolicyResponseForOrgUser(organizationId) {
         return policy_api_service_awaiter(this, void 0, void 0, function* () {
-            const r = yield this.apiService.send("GET", "/organizations/" + organizationId + "/policies/invited-user?" + "userId=" + userId, null, false, true);
-            return new ListResponse(r, PolicyResponse);
+            const response = yield this.apiService.send("GET", "/organizations/" + organizationId + "/policies/master-password", null, true, true);
+            return new PolicyResponse(response);
         });
     }
-    getMasterPasswordPoliciesForInvitedUsers(orgId) {
+    getMasterPasswordPolicyOptsForOrgUser(orgId) {
         return policy_api_service_awaiter(this, void 0, void 0, function* () {
-            const userId = yield this.stateService.getUserId();
-            const response = yield this.getPoliciesByInvitedUser(orgId, userId);
-            const policies = yield this.policyService.mapPoliciesFromToken(response);
-            return yield (0,external_rxjs_namespaceObject.firstValueFrom)(this.policyService.masterPasswordPolicyOptions$(policies));
+            try {
+                const masterPasswordPolicyResponse = yield this.getMasterPasswordPolicyResponseForOrgUser(orgId);
+                const masterPasswordPolicy = this.policyService.mapPolicyFromResponse(masterPasswordPolicyResponse);
+                if (!masterPasswordPolicy) {
+                    return null;
+                }
+                return yield (0,external_rxjs_namespaceObject.firstValueFrom)(this.policyService.masterPasswordPolicyOptions$([masterPasswordPolicy]));
+            }
+            catch (error) {
+                // If policy not found, return null
+                if (error instanceof ErrorResponse && error.statusCode === HttpStatusCode.NotFound) {
+                    return null;
+                }
+                // otherwise rethrow error
+                throw error;
+            }
         });
     }
     putPolicy(organizationId, type, request) {
@@ -3065,11 +3434,6 @@ class PolicyService {
         })))
             .subscribe();
     }
-    /**
-     * Returns the first policy found that applies to the active user
-     * @param policyType Policy type to search for
-     * @param policyFilter Additional filter to apply to the policy
-     */
     get$(policyType, policyFilter) {
         return this.policies$.pipe((0,external_rxjs_namespaceObject.concatMap)((policies) => policy_service_awaiter(this, void 0, void 0, function* () {
             const userId = yield this.stateService.getUserId();
@@ -3079,9 +3443,6 @@ class PolicyService {
             }
         })));
     }
-    /**
-     * @deprecated Do not call this, use the policies$ observable collection
-     */
     getAll(type, userId) {
         return policy_service_awaiter(this, void 0, void 0, function* () {
             let response = [];
@@ -3191,12 +3552,15 @@ class PolicyService {
         resetPasswordPolicyOptions.autoEnrollEnabled = (_b = (_a = policy === null || policy === void 0 ? void 0 : policy.data) === null || _a === void 0 ? void 0 : _a.autoEnrollEnabled) !== null && _b !== void 0 ? _b : false;
         return [resetPasswordPolicyOptions, (_c = policy === null || policy === void 0 ? void 0 : policy.enabled) !== null && _c !== void 0 ? _c : false];
     }
+    mapPolicyFromResponse(policyResponse) {
+        const policyData = new PolicyData(policyResponse);
+        return new Policy(policyData);
+    }
     mapPoliciesFromToken(policiesResponse) {
-        if (policiesResponse == null || policiesResponse.data == null) {
+        if ((policiesResponse === null || policiesResponse === void 0 ? void 0 : policiesResponse.data) == null) {
             return null;
         }
-        const policiesData = policiesResponse.data.map((p) => new PolicyData(p));
-        return policiesData.map((p) => new Policy(p));
+        return policiesResponse.data.map((response) => this.mapPolicyFromResponse(response));
     }
     policyAppliesToUser(policyType, policyFilter, userId) {
         return policy_service_awaiter(this, void 0, void 0, function* () {
@@ -3337,6 +3701,165 @@ class ProviderService {
     }
 }
+;// CONCATENATED MODULE: ../../libs/common/src/auth/abstractions/account.service.ts
+function accountInfoEqual(a, b) {
+    return a.status == b.status && a.email == b.email && a.name == b.name;
+}
+class AccountService {
+}
+class InternalAccountService extends (/* unused pure expression or super */ null && (AccountService)) {
+}
+;// CONCATENATED MODULE: ../../libs/common/src/platform/state/key-definition.ts
+/**
+ * KeyDefinitions describe the precise location to store data for a given piece of state.
+ * The StateDefinition is used to describe the domain of the state, and the KeyDefinition
+ * sub-divides that domain into specific keys.
+ */
+class KeyDefinition {
+    /**
+     * Creates a new instance of a KeyDefinition
+     * @param stateDefinition The state definition for which this key belongs to.
+     * @param key The name of the key, this should be unique per domain.
+     * @param options A set of options to customize the behavior of {@link KeyDefinition}. All options are required.
+     * @param options.deserializer A function to use to safely convert your type from json to your expected type.
+     *   Your data may be serialized/deserialized at any time and this needs callback needs to be able to faithfully re-initialize
+     *   from the JSON object representation of your type.
+     */
+    constructor(stateDefinition, key, options) {
+        this.stateDefinition = stateDefinition;
+        this.key = key;
+        this.options = options;
+        if (options.deserializer == null) {
+            throw new Error(`'deserializer' is a required property on key ${stateDefinition.name} > ${key}`);
+        }
+    }
+    /**
+     * Gets the deserializer configured for this {@link KeyDefinition}
+     */
+    get deserializer() {
+        return this.options.deserializer;
+    }
+    /**
+     * Creates a {@link KeyDefinition} for state that is an array.
+     * @param stateDefinition The state definition to be added to the KeyDefinition
+     * @param key The key to be added to the KeyDefinition
+     * @param options The options to customize the final {@link KeyDefinition}.
+     * @returns A {@link KeyDefinition} initialized for arrays, the options run
+     * the deserializer on the provided options for each element of an array
+     * **unless that array is null, in which case it will return an empty list.**
+     *
+     * @example
+     * ```typescript
+     * const MY_KEY = KeyDefinition.array<MyArrayElement>(MY_STATE, "key", {
+     *   deserializer: (myJsonElement) => convertToElement(myJsonElement),
+     * });
+     * ```
+     */
+    static array(stateDefinition, key,
+    // We have them provide options for the element of the array, depending on future options we add, this could get a little weird.
+    options // The array helper forces  an initialValue of an empty array
+    ) {
+        return new KeyDefinition(stateDefinition, key, Object.assign(Object.assign({}, options), { deserializer: (jsonValue) => {
+                if (jsonValue == null) {
+                    return null;
+                }
+                return jsonValue.map((v) => options.deserializer(v));
+            } }));
+    }
+    /**
+     * Creates a {@link KeyDefinition} for state that is a record.
+     * @param stateDefinition The state definition to be added to the KeyDefinition
+     * @param key The key to be added to the KeyDefinition
+     * @param options The options to customize the final {@link KeyDefinition}.
+     * @returns A {@link KeyDefinition} that contains a serializer that will run the provided deserializer for each
+     * value in a record and returns every key as a string **unless that record is null, in which case it will return an record.**
+     *
+     * @example
+     * ```typescript
+     * const MY_KEY = KeyDefinition.record<MyRecordValue>(MY_STATE, "key", {
+     *   deserializer: (myJsonValue) => convertToValue(myJsonValue),
+     * });
+     * ```
+     */
+    static record(stateDefinition, key,
+    // We have them provide options for the value of the record, depending on future options we add, this could get a little weird.
+    options // The array helper forces an initialValue of an empty record
+    ) {
+        return new KeyDefinition(stateDefinition, key, Object.assign(Object.assign({}, options), { deserializer: (jsonValue) => {
+                if (jsonValue == null) {
+                    return null;
+                }
+                const output = {};
+                for (const key in jsonValue) {
+                    output[key] = options.deserializer(jsonValue[key]);
+                }
+                return output;
+            } }));
+    }
+    /**
+     * Create a string that should be unique across the entire application.
+     * @returns A string that can be used to cache instances created via this key.
+     */
+    buildCacheKey() {
+        return `${this.stateDefinition.storageLocation}_${this.stateDefinition.name}_${this.key}`;
+    }
+}
+/**
+ * Creates a {@link StorageKey} that points to the data at the given key definition for the specified user.
+ * @param userId The userId of the user you want the key to be for.
+ * @param keyDefinition The key definition of which data the key should point to.
+ * @returns A key that is ready to be used in a storage service to get data.
+ */
+function userKeyBuilder(userId, keyDefinition) {
+    if (!Utils.isGuid(userId)) {
+        throw new Error("You cannot build a user key without a valid UserId");
+    }
+    return `user_${userId}_${keyDefinition.stateDefinition.name}_${keyDefinition.key}`;
+}
+/**
+ * Creates a {@link StorageKey}
+ * @param keyDefinition The key definition of which data the key should point to.
+ * @returns A key that is ready to be used in a storage service to get data.
+ */
+function globalKeyBuilder(keyDefinition) {
+    return `global_${keyDefinition.stateDefinition.name}_${keyDefinition.key}`;
+}
+;// CONCATENATED MODULE: ../../libs/common/src/platform/state/state-definition.ts
+/**
+ * Defines the base location and instruction of where this state is expected to be located.
+ */
+class StateDefinition {
+    /**
+     * Creates a new instance of {@link StateDefinition}, the creation of which is owned by the platform team.
+     * @param name The name of the state, this needs to be unique from all other {@link StateDefinition}'s.
+     * @param storageLocation The location of where this state should be stored.
+     */
+    constructor(name, storageLocation) {
+        this.name = name;
+        this.storageLocation = storageLocation;
+    }
+}
+;// CONCATENATED MODULE: ../../libs/common/src/platform/state/key-definitions.ts
+const ACCOUNT_MEMORY = new StateDefinition("account", "memory");
+const ACCOUNT_ACCOUNTS = new KeyDefinition(ACCOUNT_MEMORY, "accounts", {
+    deserializer: (obj) => AccountsDeserializer(obj),
+});
+const ACCOUNT_ACTIVE_ACCOUNT_ID = new KeyDefinition(ACCOUNT_MEMORY, "activeAccountId", {
+    deserializer: (id) => id,
+});
+;// CONCATENATED MODULE: ../../libs/common/src/platform/state/index.ts
 ;// CONCATENATED MODULE: ../../libs/common/src/auth/enums/authentication-status.ts
 var AuthenticationStatus;
 (function (AuthenticationStatus) {
@@ -3357,31 +3880,43 @@ var account_service_awaiter = (undefined && undefined.__awaiter) || function (th
 };
+function AccountsDeserializer(accounts) {
+    if (accounts == null) {
+        return {};
+    }
+    return accounts;
+}
 class AccountServiceImplementation {
-    constructor(messagingService, logService) {
+    constructor(messagingService, logService, globalStateProvider) {
         this.messagingService = messagingService;
         this.logService = logService;
-        this.accounts = new external_rxjs_namespaceObject.BehaviorSubject({});
-        this.activeAccountId = new external_rxjs_namespaceObject.BehaviorSubject(undefined);
+        this.globalStateProvider = globalStateProvider;
         this.lock = new external_rxjs_namespaceObject.Subject();
         this.logout = new external_rxjs_namespaceObject.Subject();
-        this.accounts$ = this.accounts.asObservable();
-        this.activeAccount$ = this.activeAccountId.pipe((0,external_rxjs_namespaceObject.combineLatestWith)(this.accounts$), (0,external_rxjs_namespaceObject.map)(([id, accounts]) => (id ? Object.assign({ id }, accounts[id]) : undefined)), (0,external_rxjs_namespaceObject.distinctUntilChanged)(), (0,external_rxjs_namespaceObject.shareReplay)({ bufferSize: 1, refCount: false }));
         this.accountLock$ = this.lock.asObservable();
         this.accountLogout$ = this.logout.asObservable();
+        this.accountsState = this.globalStateProvider.get(ACCOUNT_ACCOUNTS);
+        this.activeAccountIdState = this.globalStateProvider.get(ACCOUNT_ACTIVE_ACCOUNT_ID);
+        this.accounts$ = this.accountsState.state$.pipe((0,external_rxjs_namespaceObject.map)((accounts) => (accounts == null ? {} : accounts)));
+        this.activeAccount$ = this.activeAccountIdState.state$.pipe((0,external_rxjs_namespaceObject.combineLatestWith)(this.accounts$), (0,external_rxjs_namespaceObject.map)(([id, accounts]) => (id ? Object.assign({ id }, accounts[id]) : undefined)), (0,external_rxjs_namespaceObject.distinctUntilChanged)(), (0,external_rxjs_namespaceObject.shareReplay)({ bufferSize: 1, refCount: false }));
     }
     addAccount(userId, accountData) {
-        this.accounts.value[userId] = accountData;
-        this.accounts.next(this.accounts.value);
+        this.accountsState.update((accounts) => {
+            accounts || (accounts = {});
+            accounts[userId] = accountData;
+            return accounts;
+        });
     }
     setAccountName(userId, name) {
-        this.setAccountInfo(userId, Object.assign(Object.assign({}, this.accounts.value[userId]), { name }));
+        this.setAccountInfo(userId, { name });
     }
     setAccountEmail(userId, email) {
-        this.setAccountInfo(userId, Object.assign(Object.assign({}, this.accounts.value[userId]), { email }));
+        this.setAccountInfo(userId, { email });
     }
     setAccountStatus(userId, status) {
-        this.setAccountInfo(userId, Object.assign(Object.assign({}, this.accounts.value[userId]), { status }));
+        this.setAccountInfo(userId, { status });
         if (status === AuthenticationStatus.LoggedOut) {
             this.logout.next(userId);
         }
@@ -3390,15 +3925,18 @@ class AccountServiceImplementation {
         }
     }
     switchAccount(userId) {
-        if (userId == null) {
-            // indicates no account is active
-            this.activeAccountId.next(undefined);
-            return;
-        }
-        if (this.accounts.value[userId] == null) {
-            throw new Error("Account does not exist");
-        }
-        this.activeAccountId.next(userId);
+        this.activeAccountIdState.update((_, accounts) => {
+            if (userId == null) {
+                // indicates no account is active
+                return undefined;
+            }
+            if ((accounts === null || accounts === void 0 ? void 0 : accounts[userId]) == null) {
+                throw new Error("Account does not exist");
+            }
+            return userId;
+        }, {
+            combineLatestWith: this.accounts$,
+        });
     }
     // TODO: update to use our own account status settings. Requires inverting direction of state service accounts flow
     delete() {
@@ -3413,17 +3951,23 @@ class AccountServiceImplementation {
             }
         });
     }
-    setAccountInfo(userId, accountInfo) {
-        if (this.accounts.value[userId] == null) {
-            throw new Error("Account does not exist");
+    setAccountInfo(userId, update) {
+        function newAccountInfo(oldAccountInfo) {
+            return Object.assign(Object.assign({}, oldAccountInfo), update);
         }
-        // Avoid unnecessary updates
-        // TODO: Faster comparison, maybe include a hash on the objects?
-        if (JSON.stringify(this.accounts.value[userId]) === JSON.stringify(accountInfo)) {
-            return;
-        }
-        this.accounts.value[userId] = accountInfo;
-        this.accounts.next(this.accounts.value);
+        this.accountsState.update((accounts) => {
+            accounts[userId] = newAccountInfo(accounts[userId]);
+            return accounts;
+        }, {
+            // Avoid unnecessary updates
+            // TODO: Faster comparison, maybe include a hash on the objects?
+            shouldUpdate: (accounts) => {
+                if ((accounts === null || accounts === void 0 ? void 0 : accounts[userId]) == null) {
+                    throw new Error("Account does not exist");
+                }
+                return !accountInfoEqual(accounts[userId], newAccountInfo(accounts[userId]));
+            },
+        });
     }
 }
@@ -3550,105 +4094,16 @@ class PreloginRequest {
     }
 }
-;// CONCATENATED MODULE: ../../libs/common/src/models/response/error.response.ts
-class ErrorResponse extends BaseResponse {
-    constructor(response, status, identityResponse) {
-        var _a, _b;
-        super(response);
-        let errorModel = null;
-        if (response != null) {
-            const responseErrorModel = this.getResponseProperty("ErrorModel");
-            if (responseErrorModel && identityResponse) {
-                errorModel = responseErrorModel;
-            }
-            else {
-                errorModel = response;
-            }
-        }
-        if (status === 429) {
-            this.message = "Rate limit exceeded. Try again later.";
-        }
-        else if (errorModel) {
-            this.message = this.getResponseProperty("Message", errorModel);
-            this.validationErrors = this.getResponseProperty("ValidationErrors", errorModel);
-            this.captchaSiteKey = (_b = (_a = this.validationErrors) === null || _a === void 0 ? void 0 : _a.HCaptcha_SiteKey) === null || _b === void 0 ? void 0 : _b[0];
-            this.captchaRequired = !utils_Utils.isNullOrWhitespace(this.captchaSiteKey);
-        }
-        this.statusCode = status;
-    }
-    getSingleMessage() {
-        if (this.validationErrors == null) {
-            return this.message;
-        }
-        for (const key in this.validationErrors) {
-            // eslint-disable-next-line
-            if (!this.validationErrors.hasOwnProperty(key)) {
-                continue;
-            }
-            if (this.validationErrors[key].length) {
-                return this.validationErrors[key][0];
-            }
-        }
-        return this.message;
-    }
-    getAllMessages() {
-        const messages = [];
-        if (this.validationErrors == null) {
-            return messages;
-        }
-        for (const key in this.validationErrors) {
-            // eslint-disable-next-line
-            if (!this.validationErrors.hasOwnProperty(key)) {
-                continue;
-            }
-            this.validationErrors[key].forEach((item) => {
-                let prefix = "";
-                if (key.indexOf("[") > -1 && key.indexOf("]") > -1) {
-                    const lastSep = key.lastIndexOf(".");
-                    prefix = key.substr(0, lastSep > -1 ? lastSep : key.length) + ": ";
-                }
-                messages.push(prefix + item);
-            });
-        }
-        return messages;
-    }
-}
 ;// CONCATENATED MODULE: ../../libs/common/src/auth/enums/authentication-type.ts
 var authentication_type_AuthenticationType;
 (function (AuthenticationType) {
     AuthenticationType[AuthenticationType["Password"] = 0] = "Password";
     AuthenticationType[AuthenticationType["Sso"] = 1] = "Sso";
     AuthenticationType[AuthenticationType["UserApi"] = 2] = "UserApi";
-    AuthenticationType[AuthenticationType["Passwordless"] = 3] = "Passwordless";
+    AuthenticationType[AuthenticationType["AuthRequest"] = 3] = "AuthRequest";
+    AuthenticationType[AuthenticationType["WebAuthn"] = 4] = "WebAuthn";
 })(authentication_type_AuthenticationType || (authentication_type_AuthenticationType = {}));
-;// CONCATENATED MODULE: ../../libs/common/src/auth/models/domain/force-reset-password-reason.ts
-/*
- * This enum is used to determine if a user should be forced to reset their password
- * on login (server flag) or unlock via MP (client evaluation).
- */
-var ForceResetPasswordReason;
-(function (ForceResetPasswordReason) {
-    /**
-     * A password reset should not be forced.
-     */
-    ForceResetPasswordReason[ForceResetPasswordReason["None"] = 0] = "None";
-    /**
-     * Occurs when an organization admin forces a user to reset their password.
-     * Communicated via server flag.
-     */
-    ForceResetPasswordReason[ForceResetPasswordReason["AdminForcePasswordReset"] = 1] = "AdminForcePasswordReset";
-    /**
-     * Occurs when a user logs in / unlocks their vault with a master password that does not meet an organization's
-     * master password policy that is enforced on login/unlock.
-     * Only set client side b/c server can't evaluate MP.
-     */
-    ForceResetPasswordReason[ForceResetPasswordReason["WeakMasterPassword"] = 2] = "WeakMasterPassword";
-})(ForceResetPasswordReason || (ForceResetPasswordReason = {}));
 ;// CONCATENATED MODULE: ../../libs/common/src/auth/models/request/identity-token/token.request.ts
 class TokenRequest {
     constructor(twoFactor, device) {
@@ -3662,8 +4117,8 @@ class TokenRequest {
     setTwoFactor(twoFactor) {
         this.twoFactor = twoFactor;
     }
-    setPasswordlessAccessCode(accessCode) {
-        this.passwordlessAuthRequest = accessCode;
+    setAuthRequestAccessCode(accessCode) {
+        this.authRequest = accessCode;
     }
     toIdentityToken(clientId) {
         const obj = {
@@ -3678,8 +4133,8 @@ class TokenRequest {
             // obj.devicePushToken = this.device.pushToken;
         }
         //passswordless login
-        if (this.passwordlessAuthRequest) {
-            obj.authRequest = this.passwordlessAuthRequest;
+        if (this.authRequest) {
+            obj.authRequest = this.authRequest;
         }
         if (this.twoFactor) {
             if (this.twoFactor.token && this.twoFactor.provider != null) {
@@ -3718,15 +4173,6 @@ class PasswordTokenRequest extends TokenRequest {
     }
 }
-;// CONCATENATED MODULE: ../../libs/common/src/auth/models/response/identity-captcha.response.ts
-class IdentityCaptchaResponse extends BaseResponse {
-    constructor(response) {
-        super(response);
-        this.siteKey = this.getResponseProperty("HCaptcha_SiteKey");
-    }
-}
 ;// CONCATENATED MODULE: ../../libs/common/src/models/request/keys.request.ts
 class KeysRequest {
     constructor(publicKey, encryptedPrivateKey) {
@@ -3910,8 +4356,11 @@ class AccountKeys {
         this.cryptoSymmetricKey = new EncryptionPair();
     }
     toJSON() {
+        // If you pass undefined into fromBufferToByteString, you will get an empty string back
+        // which will cause all sorts of headaches down the line when you try to getPublicKey
+        // and expect a Uint8Array and get an empty string instead.
         return utils_Utils.merge(this, {
-            publicKey: utils_Utils.fromBufferToByteString(this.publicKey),
+            publicKey: this.publicKey ? utils_Utils.fromBufferToByteString(this.publicKey) : undefined,
         });
     }
     static fromJSON(obj) {
@@ -4101,6 +4550,35 @@ var TwoFactorProviderType;
     TwoFactorProviderType[TwoFactorProviderType["WebAuthn"] = 7] = "WebAuthn";
 })(TwoFactorProviderType || (TwoFactorProviderType = {}));
+;// CONCATENATED MODULE: ../../libs/common/src/auth/models/domain/force-set-password-reason.ts
+/*
+ * This enum is used to determine if a user should be forced to initially set or reset their password
+ * on login (server flag) or unlock via MP (client evaluation).
+ */
+var ForceSetPasswordReason;
+(function (ForceSetPasswordReason) {
+    /**
+     * A password reset should not be forced.
+     */
+    ForceSetPasswordReason[ForceSetPasswordReason["None"] = 0] = "None";
+    /**
+     * Occurs when an organization admin forces a user to reset their password.
+     * Communicated via server flag.
+     */
+    ForceSetPasswordReason[ForceSetPasswordReason["AdminForcePasswordReset"] = 1] = "AdminForcePasswordReset";
+    /**
+     * Occurs when a user logs in / unlocks their vault with a master password that does not meet an organization's
+     * master password policy that is enforced on login/unlock.
+     * Only set client side b/c server can't evaluate MP.
+     */
+    ForceSetPasswordReason[ForceSetPasswordReason["WeakMasterPassword"] = 2] = "WeakMasterPassword";
+    /**
+     * Occurs when a TDE user without a password obtains the password reset permission.
+     * Set post login & decryption client side and by server in sync (to catch logged in users).
+     */
+    ForceSetPasswordReason[ForceSetPasswordReason["TdeUserWithoutPasswordHasPasswordResetPermission"] = 3] = "TdeUserWithoutPasswordHasPasswordResetPermission";
+})(ForceSetPasswordReason || (ForceSetPasswordReason = {}));
 ;// CONCATENATED MODULE: ../../libs/common/src/auth/models/domain/auth-result.ts
@@ -4114,7 +4592,7 @@ class AuthResult {
          * not have a master password and is not using Key Connector.
          * */
         this.resetMasterPassword = false;
-        this.forcePasswordReset = ForceResetPasswordReason.None;
+        this.forcePasswordReset = ForceSetPasswordReason.None;
         this.twoFactorProviders = null;
     }
     get requiresCaptcha() {
@@ -4144,6 +4622,15 @@ class TokenTwoFactorRequest {
     }
 }
+;// CONCATENATED MODULE: ../../libs/common/src/auth/models/response/identity-captcha.response.ts
+class IdentityCaptchaResponse extends BaseResponse {
+    constructor(response) {
+        super(response);
+        this.siteKey = this.getResponseProperty("HCaptcha_SiteKey");
+    }
+}
 ;// CONCATENATED MODULE: ../../libs/common/src/auth/models/response/master-password-policy.response.ts
 class MasterPasswordPolicyResponse extends BaseResponse {
@@ -4186,10 +4673,26 @@ class TrustedDeviceUserDecryptionOptionResponse extends BaseResponse {
     }
 }
+;// CONCATENATED MODULE: ../../libs/common/src/auth/models/response/user-decryption-options/webauthn-prf-decryption-option.response.ts
+class WebAuthnPrfDecryptionOptionResponse extends BaseResponse {
+    constructor(response) {
+        super(response);
+        if (response.EncryptedPrivateKey) {
+            this.encryptedPrivateKey = new EncString(this.getResponseProperty("EncryptedPrivateKey"));
+        }
+        if (response.EncryptedUserKey) {
+            this.encryptedUserKey = new EncString(this.getResponseProperty("EncryptedUserKey"));
+        }
+    }
+}
 ;// CONCATENATED MODULE: ../../libs/common/src/auth/models/response/user-decryption-options/user-decryption-options.response.ts
 class UserDecryptionOptionsResponse extends BaseResponse {
     constructor(response) {
         super(response);
@@ -4200,6 +4703,9 @@ class UserDecryptionOptionsResponse extends BaseResponse {
         if (response.KeyConnectorOption) {
             this.keyConnectorOption = new KeyConnectorUserDecryptionOptionResponse(this.getResponseProperty("KeyConnectorOption"));
         }
+        if (response.WebAuthnPrfOption) {
+            this.webAuthnPrfOption = new WebAuthnPrfDecryptionOptionResponse(this.getResponseProperty("WebAuthnPrfOption"));
+        }
     }
 }
@@ -4277,7 +4783,7 @@ var login_strategy_awaiter = (undefined && undefined.__awaiter) || function (thi
-class LogInStrategy {
+class LoginStrategy {
     constructor(cryptoService, apiService, tokenService, appIdService, platformUtilsService, messagingService, logService, stateService, twoFactorService) {
         this.cryptoService = cryptoService;
         this.apiService = apiService;
@@ -4381,7 +4887,7 @@ class LogInStrategy {
             result.resetMasterPassword = response.resetMasterPassword;
             // Convert boolean to enum
             if (response.forcePasswordReset) {
-                result.forcePasswordReset = ForceResetPasswordReason.AdminForcePasswordReset;
+                result.forcePasswordReset = ForceSetPasswordReason.AdminForcePasswordReset;
             }
             // Must come before setting keys, user key needs email to update additional keys
             yield this.saveAccountInformation(response);
@@ -4433,6 +4939,93 @@ class LogInStrategy {
     }
 }
+;// CONCATENATED MODULE: ../../libs/common/src/auth/login-strategies/auth-request-login.strategy.ts
+var auth_request_login_strategy_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+class AuthRequestLoginStrategy extends LoginStrategy {
+    get email() {
+        return this.tokenRequest.email;
+    }
+    get accessCode() {
+        return this.authRequestCredentials.accessCode;
+    }
+    get authRequestId() {
+        return this.authRequestCredentials.authRequestId;
+    }
+    constructor(cryptoService, apiService, tokenService, appIdService, platformUtilsService, messagingService, logService, stateService, twoFactorService, deviceTrustCryptoService) {
+        super(cryptoService, apiService, tokenService, appIdService, platformUtilsService, messagingService, logService, stateService, twoFactorService);
+        this.deviceTrustCryptoService = deviceTrustCryptoService;
+    }
+    logIn(credentials) {
+        return auth_request_login_strategy_awaiter(this, void 0, void 0, function* () {
+            // NOTE: To avoid DeadObject references on Firefox, do not set the credentials object directly
+            // Use deep copy in future if objects are added that were created in popup
+            this.authRequestCredentials = Object.assign({}, credentials);
+            this.tokenRequest = new PasswordTokenRequest(credentials.email, credentials.accessCode, null, yield this.buildTwoFactor(credentials.twoFactor), yield this.buildDeviceRequest());
+            this.tokenRequest.setAuthRequestAccessCode(credentials.authRequestId);
+            const [authResult] = yield this.startLogIn();
+            return authResult;
+        });
+    }
+    logInTwoFactor(twoFactor, captchaResponse) {
+        const _super = Object.create(null, {
+            logInTwoFactor: { get: () => super.logInTwoFactor }
+        });
+        return auth_request_login_strategy_awaiter(this, void 0, void 0, function* () {
+            this.tokenRequest.captchaResponse = captchaResponse !== null && captchaResponse !== void 0 ? captchaResponse : this.captchaBypassToken;
+            return _super.logInTwoFactor.call(this, twoFactor);
+        });
+    }
+    setMasterKey(response) {
+        return auth_request_login_strategy_awaiter(this, void 0, void 0, function* () {
+            if (this.authRequestCredentials.decryptedMasterKey &&
+                this.authRequestCredentials.decryptedMasterKeyHash) {
+                yield this.cryptoService.setMasterKey(this.authRequestCredentials.decryptedMasterKey);
+                yield this.cryptoService.setMasterKeyHash(this.authRequestCredentials.decryptedMasterKeyHash);
+            }
+        });
+    }
+    setUserKey(response) {
+        return auth_request_login_strategy_awaiter(this, void 0, void 0, function* () {
+            // User now may or may not have a master password
+            // but set the master key encrypted user key if it exists regardless
+            yield this.cryptoService.setMasterKeyEncryptedUserKey(response.key);
+            if (this.authRequestCredentials.decryptedUserKey) {
+                yield this.cryptoService.setUserKey(this.authRequestCredentials.decryptedUserKey);
+            }
+            else {
+                yield this.trySetUserKeyWithMasterKey();
+                // Establish trust if required after setting user key
+                yield this.deviceTrustCryptoService.trustDeviceIfRequired();
+            }
+        });
+    }
+    trySetUserKeyWithMasterKey() {
+        return auth_request_login_strategy_awaiter(this, void 0, void 0, function* () {
+            const masterKey = yield this.cryptoService.getMasterKey();
+            if (masterKey) {
+                const userKey = yield this.cryptoService.decryptUserKeyWithMasterKey(masterKey);
+                yield this.cryptoService.setUserKey(userKey);
+            }
+        });
+    }
+    setPrivateKey(response) {
+        var _a;
+        return auth_request_login_strategy_awaiter(this, void 0, void 0, function* () {
+            yield this.cryptoService.setPrivateKey((_a = response.privateKey) !== null && _a !== void 0 ? _a : (yield this.createKeyPairForOldAccount()));
+        });
+    }
+}
 ;// CONCATENATED MODULE: ../../libs/common/src/auth/login-strategies/password-login.strategy.ts
 var password_login_strategy_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
@@ -4449,7 +5042,7 @@ var password_login_strategy_awaiter = (undefined && undefined.__awaiter) || func
-class PasswordLogInStrategy extends LogInStrategy {
+class PasswordLoginStrategy extends LoginStrategy {
     get email() {
         return this.tokenRequest.email;
     }
@@ -4466,7 +5059,7 @@ class PasswordLogInStrategy extends LogInStrategy {
          * Options to track if the user needs to update their password due to a password that does not meet an organization's
          * master password policy.
          */
-        this.forcePasswordResetReason = ForceResetPasswordReason.None;
+        this.forcePasswordResetReason = ForceSetPasswordReason.None;
     }
     logInTwoFactor(twoFactor, captchaResponse) {
         const _super = Object.create(null, {
@@ -4478,8 +5071,8 @@ class PasswordLogInStrategy extends LogInStrategy {
             // 2FA was successful, save the force update password options with the state service if defined
             if (!result.requiresTwoFactor &&
                 !result.requiresCaptcha &&
-                this.forcePasswordResetReason != ForceResetPasswordReason.None) {
-                yield this.stateService.setForcePasswordResetReason(this.forcePasswordResetReason);
+                this.forcePasswordResetReason != ForceSetPasswordReason.None) {
+                yield this.stateService.setForceSetPasswordReason(this.forcePasswordResetReason);
                 result.forcePasswordReset = this.forcePasswordResetReason;
             }
             return result;
@@ -4502,12 +5095,12 @@ class PasswordLogInStrategy extends LogInStrategy {
                 if (!meetsRequirements) {
                     if (authResult.requiresCaptcha || authResult.requiresTwoFactor) {
                         // Save the flag to this strategy for later use as the master password is about to pass out of scope
-                        this.forcePasswordResetReason = ForceResetPasswordReason.WeakMasterPassword;
+                        this.forcePasswordResetReason = ForceSetPasswordReason.WeakMasterPassword;
                     }
                     else {
                         // Authentication was successful, save the force update password options with the state service
-                        yield this.stateService.setForcePasswordResetReason(ForceResetPasswordReason.WeakMasterPassword);
-                        authResult.forcePasswordReset = ForceResetPasswordReason.WeakMasterPassword;
+                        yield this.stateService.setForceSetPasswordReason(ForceSetPasswordReason.WeakMasterPassword);
+                        authResult.forcePasswordReset = ForceSetPasswordReason.WeakMasterPassword;
                     }
                 }
             }
@@ -4556,91 +5149,6 @@ class PasswordLogInStrategy extends LogInStrategy {
     }
 }
-;// CONCATENATED MODULE: ../../libs/common/src/auth/login-strategies/passwordless-login.strategy.ts
-var passwordless_login_strategy_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-class PasswordlessLogInStrategy extends LogInStrategy {
-    get email() {
-        return this.tokenRequest.email;
-    }
-    get accessCode() {
-        return this.passwordlessCredentials.accessCode;
-    }
-    get authRequestId() {
-        return this.passwordlessCredentials.authRequestId;
-    }
-    constructor(cryptoService, apiService, tokenService, appIdService, platformUtilsService, messagingService, logService, stateService, twoFactorService, deviceTrustCryptoService) {
-        super(cryptoService, apiService, tokenService, appIdService, platformUtilsService, messagingService, logService, stateService, twoFactorService);
-        this.deviceTrustCryptoService = deviceTrustCryptoService;
-    }
-    logIn(credentials) {
-        return passwordless_login_strategy_awaiter(this, void 0, void 0, function* () {
-            this.passwordlessCredentials = credentials;
-            this.tokenRequest = new PasswordTokenRequest(credentials.email, credentials.accessCode, null, yield this.buildTwoFactor(credentials.twoFactor), yield this.buildDeviceRequest());
-            this.tokenRequest.setPasswordlessAccessCode(credentials.authRequestId);
-            const [authResult] = yield this.startLogIn();
-            return authResult;
-        });
-    }
-    logInTwoFactor(twoFactor, captchaResponse) {
-        const _super = Object.create(null, {
-            logInTwoFactor: { get: () => super.logInTwoFactor }
-        });
-        return passwordless_login_strategy_awaiter(this, void 0, void 0, function* () {
-            this.tokenRequest.captchaResponse = captchaResponse !== null && captchaResponse !== void 0 ? captchaResponse : this.captchaBypassToken;
-            return _super.logInTwoFactor.call(this, twoFactor);
-        });
-    }
-    setMasterKey(response) {
-        return passwordless_login_strategy_awaiter(this, void 0, void 0, function* () {
-            if (this.passwordlessCredentials.decryptedMasterKey &&
-                this.passwordlessCredentials.decryptedMasterKeyHash) {
-                yield this.cryptoService.setMasterKey(this.passwordlessCredentials.decryptedMasterKey);
-                yield this.cryptoService.setMasterKeyHash(this.passwordlessCredentials.decryptedMasterKeyHash);
-            }
-        });
-    }
-    setUserKey(response) {
-        return passwordless_login_strategy_awaiter(this, void 0, void 0, function* () {
-            // User now may or may not have a master password
-            // but set the master key encrypted user key if it exists regardless
-            yield this.cryptoService.setMasterKeyEncryptedUserKey(response.key);
-            if (this.passwordlessCredentials.decryptedUserKey) {
-                yield this.cryptoService.setUserKey(this.passwordlessCredentials.decryptedUserKey);
-            }
-            else {
-                yield this.trySetUserKeyWithMasterKey();
-                // Establish trust if required after setting user key
-                yield this.deviceTrustCryptoService.trustDeviceIfRequired();
-            }
-        });
-    }
-    trySetUserKeyWithMasterKey() {
-        return passwordless_login_strategy_awaiter(this, void 0, void 0, function* () {
-            const masterKey = yield this.cryptoService.getMasterKey();
-            if (masterKey) {
-                const userKey = yield this.cryptoService.decryptUserKeyWithMasterKey(masterKey);
-                yield this.cryptoService.setUserKey(userKey);
-            }
-        });
-    }
-    setPrivateKey(response) {
-        var _a;
-        return passwordless_login_strategy_awaiter(this, void 0, void 0, function* () {
-            yield this.cryptoService.setPrivateKey((_a = response.privateKey) !== null && _a !== void 0 ? _a : (yield this.createKeyPairForOldAccount()));
-        });
-    }
-}
 ;// CONCATENATED MODULE: ../../libs/common/src/auth/models/request/identity-token/sso-token.request.ts
 class SsoTokenRequest extends TokenRequest {
@@ -4676,7 +5184,7 @@ var sso_login_strategy_awaiter = (undefined && undefined.__awaiter) || function
-class SsoLogInStrategy extends LogInStrategy {
+class SsoLoginStrategy extends LoginStrategy {
     constructor(cryptoService, apiService, tokenService, appIdService, platformUtilsService, messagingService, logService, stateService, twoFactorService, keyConnectorService, deviceTrustCryptoService, authReqCryptoService, i18nService) {
         super(cryptoService, apiService, tokenService, appIdService, platformUtilsService, messagingService, logService, stateService, twoFactorService);
         this.keyConnectorService = keyConnectorService;
@@ -4692,8 +5200,8 @@ class SsoLogInStrategy extends LogInStrategy {
             this.email = ssoAuthResult.email;
             this.ssoEmail2FaSessionToken = ssoAuthResult.ssoEmail2FaSessionToken;
             // Auth guard currently handles redirects for this.
-            if (ssoAuthResult.forcePasswordReset == ForceResetPasswordReason.AdminForcePasswordReset) {
-                yield this.stateService.setForcePasswordResetReason(ssoAuthResult.forcePasswordReset);
+            if (ssoAuthResult.forcePasswordReset == ForceSetPasswordReason.AdminForcePasswordReset) {
+                yield this.stateService.setForceSetPasswordReason(ssoAuthResult.forcePasswordReset);
             }
             return ssoAuthResult;
         });
@@ -4892,7 +5400,7 @@ var user_api_login_strategy_awaiter = (undefined && undefined.__awaiter) || func
 };
-class UserApiLogInStrategy extends LogInStrategy {
+class UserApiLoginStrategy extends LoginStrategy {
     constructor(cryptoService, apiService, tokenService, appIdService, platformUtilsService, messagingService, logService, stateService, twoFactorService, environmentService, keyConnectorService) {
         super(cryptoService, apiService, tokenService, appIdService, platformUtilsService, messagingService, logService, stateService, twoFactorService);
         this.environmentService = environmentService;
@@ -4943,6 +5451,86 @@ class UserApiLogInStrategy extends LogInStrategy {
     }
 }
+;// CONCATENATED MODULE: ../../libs/common/src/auth/models/request/identity-token/webauthn-login-token.request.ts
+class WebAuthnLoginTokenRequest extends TokenRequest {
+    constructor(token, deviceResponse, device) {
+        super(undefined, device);
+        this.token = token;
+        this.deviceResponse = deviceResponse;
+    }
+    toIdentityToken(clientId) {
+        const obj = super.toIdentityToken(clientId);
+        obj.grant_type = "webauthn";
+        obj.token = this.token;
+        // must be a string b/c sending as form encoded data
+        obj.deviceResponse = JSON.stringify(this.deviceResponse);
+        return obj;
+    }
+}
+;// CONCATENATED MODULE: ../../libs/common/src/auth/login-strategies/webauthn-login.strategy.ts
+var webauthn_login_strategy_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+class WebAuthnLoginStrategy extends LoginStrategy {
+    setMasterKey() {
+        return webauthn_login_strategy_awaiter(this, void 0, void 0, function* () {
+            return Promise.resolve();
+        });
+    }
+    setUserKey(idTokenResponse) {
+        var _a;
+        return webauthn_login_strategy_awaiter(this, void 0, void 0, function* () {
+            const userDecryptionOptions = idTokenResponse === null || idTokenResponse === void 0 ? void 0 : idTokenResponse.userDecryptionOptions;
+            if (userDecryptionOptions === null || userDecryptionOptions === void 0 ? void 0 : userDecryptionOptions.webAuthnPrfOption) {
+                const webAuthnPrfOption = (_a = idTokenResponse.userDecryptionOptions) === null || _a === void 0 ? void 0 : _a.webAuthnPrfOption;
+                // confirm we still have the prf key
+                if (!this.credentials.prfKey) {
+                    return;
+                }
+                // decrypt prf encrypted private key
+                const privateKey = yield this.cryptoService.decryptToBytes(webAuthnPrfOption.encryptedPrivateKey, this.credentials.prfKey);
+                // decrypt user key with private key
+                const userKey = yield this.cryptoService.rsaDecrypt(webAuthnPrfOption.encryptedUserKey.encryptedString, privateKey);
+                if (userKey) {
+                    yield this.cryptoService.setUserKey(new SymmetricCryptoKey(userKey));
+                }
+            }
+        });
+    }
+    setPrivateKey(response) {
+        var _a;
+        return webauthn_login_strategy_awaiter(this, void 0, void 0, function* () {
+            yield this.cryptoService.setPrivateKey((_a = response.privateKey) !== null && _a !== void 0 ? _a : (yield this.createKeyPairForOldAccount()));
+        });
+    }
+    logInTwoFactor() {
+        return webauthn_login_strategy_awaiter(this, void 0, void 0, function* () {
+            throw new Error("2FA not supported yet for WebAuthn Login.");
+        });
+    }
+    logIn(credentials) {
+        return webauthn_login_strategy_awaiter(this, void 0, void 0, function* () {
+            // NOTE: To avoid DeadObject references on Firefox, do not set the credentials object directly
+            // Use deep copy in future if objects are added that were created in popup
+            this.credentials = Object.assign({}, credentials);
+            this.tokenRequest = new WebAuthnLoginTokenRequest(credentials.token, credentials.deviceResponse, yield this.buildDeviceRequest());
+            const [authResult] = yield this.startLogIn();
+            return authResult;
+        });
+    }
+}
 ;// CONCATENATED MODULE: ../../libs/common/src/auth/models/request/passwordless-auth.request.ts
 class PasswordlessAuthRequest {
     constructor(key, masterPasswordHash, deviceIdentifier, requestApproved) {
@@ -4976,33 +5564,34 @@ var auth_service_awaiter = (undefined && undefined.__awaiter) || function (thisA
 const sessionTimeoutLength = 2 * 60 * 1000; // 2 minutes
 class AuthService {
     get email() {
-        if (this.logInStrategy instanceof PasswordLogInStrategy ||
-            this.logInStrategy instanceof PasswordlessLogInStrategy ||
-            this.logInStrategy instanceof SsoLogInStrategy) {
+        if (this.logInStrategy instanceof PasswordLoginStrategy ||
+            this.logInStrategy instanceof AuthRequestLoginStrategy ||
+            this.logInStrategy instanceof SsoLoginStrategy) {
             return this.logInStrategy.email;
         }
         return null;
     }
     get masterPasswordHash() {
-        return this.logInStrategy instanceof PasswordLogInStrategy
+        return this.logInStrategy instanceof PasswordLoginStrategy
             ? this.logInStrategy.masterPasswordHash
             : null;
     }
     get accessCode() {
-        return this.logInStrategy instanceof PasswordlessLogInStrategy
+        return this.logInStrategy instanceof AuthRequestLoginStrategy
             ? this.logInStrategy.accessCode
             : null;
     }
     get authRequestId() {
-        return this.logInStrategy instanceof PasswordlessLogInStrategy
+        return this.logInStrategy instanceof AuthRequestLoginStrategy
             ? this.logInStrategy.authRequestId
             : null;
     }
     get ssoEmail2FaSessionToken() {
-        return this.logInStrategy instanceof SsoLogInStrategy
+        return this.logInStrategy instanceof SsoLoginStrategy
             ? this.logInStrategy.ssoEmail2FaSessionToken
             : null;
     }
@@ -5032,18 +5621,23 @@ class AuthService {
             let strategy;
             switch (credentials.type) {
                 case authentication_type_AuthenticationType.Password:
-                    strategy = new PasswordLogInStrategy(this.cryptoService, this.apiService, this.tokenService, this.appIdService, this.platformUtilsService, this.messagingService, this.logService, this.stateService, this.twoFactorService, this.passwordStrengthService, this.policyService, this);
+                    strategy = new PasswordLoginStrategy(this.cryptoService, this.apiService, this.tokenService, this.appIdService, this.platformUtilsService, this.messagingService, this.logService, this.stateService, this.twoFactorService, this.passwordStrengthService, this.policyService, this);
                     break;
                 case authentication_type_AuthenticationType.Sso:
-                    strategy = new SsoLogInStrategy(this.cryptoService, this.apiService, this.tokenService, this.appIdService, this.platformUtilsService, this.messagingService, this.logService, this.stateService, this.twoFactorService, this.keyConnectorService, this.deviceTrustCryptoService, this.authReqCryptoService, this.i18nService);
+                    strategy = new SsoLoginStrategy(this.cryptoService, this.apiService, this.tokenService, this.appIdService, this.platformUtilsService, this.messagingService, this.logService, this.stateService, this.twoFactorService, this.keyConnectorService, this.deviceTrustCryptoService, this.authReqCryptoService, this.i18nService);
                     break;
                 case authentication_type_AuthenticationType.UserApi:
-                    strategy = new UserApiLogInStrategy(this.cryptoService, this.apiService, this.tokenService, this.appIdService, this.platformUtilsService, this.messagingService, this.logService, this.stateService, this.twoFactorService, this.environmentService, this.keyConnectorService);
+                    strategy = new UserApiLoginStrategy(this.cryptoService, this.apiService, this.tokenService, this.appIdService, this.platformUtilsService, this.messagingService, this.logService, this.stateService, this.twoFactorService, this.environmentService, this.keyConnectorService);
                     break;
-                case authentication_type_AuthenticationType.Passwordless:
-                    strategy = new PasswordlessLogInStrategy(this.cryptoService, this.apiService, this.tokenService, this.appIdService, this.platformUtilsService, this.messagingService, this.logService, this.stateService, this.twoFactorService, this.deviceTrustCryptoService);
+                case authentication_type_AuthenticationType.AuthRequest:
+                    strategy = new AuthRequestLoginStrategy(this.cryptoService, this.apiService, this.tokenService, this.appIdService, this.platformUtilsService, this.messagingService, this.logService, this.stateService, this.twoFactorService, this.deviceTrustCryptoService);
+                    break;
+                case authentication_type_AuthenticationType.WebAuthn:
+                    strategy = new WebAuthnLoginStrategy(this.cryptoService, this.apiService, this.tokenService, this.appIdService, this.platformUtilsService, this.messagingService, this.logService, this.stateService, this.twoFactorService);
                     break;
             }
+            // Note: Do not set the credentials object directly on the strategy. They are
+            // created in the popup and can cause DeadObject references on Firefox.
             const result = yield strategy.logIn(credentials);
             if (result === null || result === void 0 ? void 0 : result.requiresTwoFactor) {
                 this.saveState(strategy);
@@ -5078,16 +5672,16 @@ class AuthService {
         this.messagingService.send("loggedOut");
     }
     authingWithUserApiKey() {
-        return this.logInStrategy instanceof UserApiLogInStrategy;
+        return this.logInStrategy instanceof UserApiLoginStrategy;
     }
     authingWithSso() {
-        return this.logInStrategy instanceof SsoLogInStrategy;
+        return this.logInStrategy instanceof SsoLoginStrategy;
     }
     authingWithPassword() {
-        return this.logInStrategy instanceof PasswordLogInStrategy;
+        return this.logInStrategy instanceof PasswordLoginStrategy;
     }
     authingWithPasswordless() {
-        return this.logInStrategy instanceof PasswordlessLogInStrategy;
+        return this.logInStrategy instanceof AuthRequestLoginStrategy;
     }
     getAuthStatus(userId) {
         return auth_service_awaiter(this, void 0, void 0, function* () {
@@ -15485,6 +16079,7 @@ var environment_service_awaiter = (undefined && undefined.__awaiter) || function
 class environment_service_EnvironmentService {
     constructor(stateService) {
         this.stateService = stateService;
@@ -15710,6 +16305,27 @@ class environment_service_EnvironmentService {
             this.notificationsUrl == null &&
             this.eventsUrl == null);
     }
+    getHost(userId) {
+        return environment_service_awaiter(this, void 0, void 0, function* () {
+            const region = yield this.getRegion(userId ? userId : null);
+            switch (region) {
+                case Region.US:
+                    return RegionDomain.US;
+                case Region.EU:
+                    return RegionDomain.EU;
+                default: {
+                    // Environment is self-hosted
+                    const envUrls = yield this.stateService.getEnvironmentUrls(userId ? { userId: userId } : null);
+                    return utils_Utils.getHost(envUrls.webVault || envUrls.base);
+                }
+            }
+        });
+    }
+    getRegion(userId) {
+        return environment_service_awaiter(this, void 0, void 0, function* () {
+            return this.stateService.getRegion(userId ? { userId: userId } : null);
+        });
+    }
     setRegion(region) {
         return environment_service_awaiter(this, void 0, void 0, function* () {
             this.selectedRegion = region;
@@ -16068,10 +16684,18 @@ var memory_storage_service_awaiter = (undefined && undefined.__awaiter) || funct
     });
 };
 class MemoryStorageService extends AbstractMemoryStorageService {
     constructor() {
         super(...arguments);
         this.store = new Map();
+        this.updatesSubject = new external_rxjs_namespaceObject.Subject();
+    }
+    get valuesRequireDeserialization() {
+        return false;
+    }
+    get updates$() {
+        return this.updatesSubject.asObservable();
     }
     get(key) {
         if (this.store.has(key)) {
@@ -16090,10 +16714,12 @@ class MemoryStorageService extends AbstractMemoryStorageService {
             return this.remove(key);
         }
         this.store.set(key, obj);
+        this.updatesSubject.next({ key, updateType: "save" });
         return Promise.resolve();
     }
     remove(key) {
         this.store.delete(key);
+        this.updatesSubject.next({ key, updateType: "remove" });
         return Promise.resolve();
     }
     getBypassCache(key) {
@@ -16108,6 +16734,27 @@ class NoopMessagingService {
     }
 }
+;// CONCATENATED MODULE: ../browser/src/autofill/utils/autofill-overlay.enum.ts
+const AutofillOverlayElement = {
+    Button: "autofill-overlay-button",
+    List: "autofill-overlay-list",
+};
+const AutofillOverlayPort = {
+    Button: "autofill-overlay-button-port",
+    List: "autofill-overlay-list-port",
+};
+const RedirectFocusDirection = {
+    Current: "current",
+    Previous: "previous",
+    Next: "next",
+};
+const AutofillOverlayVisibility = {
+    Off: 0,
+    OnButtonClick: 1,
+    OnFieldFocus: 2,
+};
 ;// CONCATENATED MODULE: ../../libs/common/src/admin-console/models/data/provider.data.ts
 class ProviderData {
     constructor(response) {
@@ -16198,7 +16845,7 @@ class MigrationBuilder {
             helper.info(`Migrator ${migrator.constructor.name} (to version ${migrator.toVersion}) should migrate: ${shouldMigrate} - ${direction}`);
             if (shouldMigrate) {
                 const method = direction === "up" ? migrator.migrate : migrator.rollback;
-                yield method(helper);
+                yield method.bind(migrator)(helper);
                 helper.info(`Migrator ${migrator.constructor.name} (to version ${migrator.toVersion}) migrated - ${direction}`);
                 yield migrator.updateVersion(helper, direction);
                 helper.info(`Migrator ${migrator.constructor.name} (to version ${migrator.toVersion}) updated version - ${direction}`);
@@ -16597,6 +17244,70 @@ class MoveStateVersionMigrator extends Migrator {
     }
 }
+;// CONCATENATED MODULE: ../../libs/common/src/state-migrations/migrations/9-move-browser-settings-to-global.ts
+var _9_move_browser_settings_to_global_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+class MoveBrowserSettingsToGlobal extends Migrator {
+    // Will first check if any of the accounts have a value from the given accountSelector
+    // if they do have a value it will set that value into global state but if multiple
+    // users have differing values it will prefer the false setting,
+    // if all users have true then it will take true.
+    tryAddSetting(accounts, accountSelector, globalSetter) {
+        const hasValue = accounts.some(({ account }) => {
+            return accountSelector(account) !== undefined;
+        });
+        if (hasValue) {
+            const value = !accounts.some(({ account }) => {
+                var _a;
+                return ((_a = accountSelector(account)) !== null && _a !== void 0 ? _a : false) === false;
+            });
+            globalSetter(value);
+        }
+    }
+    migrate(helper) {
+        return _9_move_browser_settings_to_global_awaiter(this, void 0, void 0, function* () {
+            const global = yield helper.get("global");
+            const accounts = yield helper.getAccounts();
+            const globalNeverDomainsValue = accounts.reduce((accumulator, { account }) => {
+                var _a, _b;
+                const normalizedNeverDomains = (_b = (_a = account.settings) === null || _a === void 0 ? void 0 : _a.neverDomains) !== null && _b !== void 0 ? _b : {};
+                for (const [id, value] of Object.entries(normalizedNeverDomains)) {
+                    accumulator !== null && accumulator !== void 0 ? accumulator : (accumulator = {});
+                    accumulator[id] = value;
+                }
+                return accumulator;
+            }, undefined);
+            const targetGlobalState = {};
+            if (globalNeverDomainsValue != null) {
+                targetGlobalState.neverDomains = globalNeverDomainsValue;
+            }
+            this.tryAddSetting(accounts, (a) => { var _a; return (_a = a.settings) === null || _a === void 0 ? void 0 : _a.disableAddLoginNotification; }, (v) => (targetGlobalState.disableAddLoginNotification = v));
+            this.tryAddSetting(accounts, (a) => { var _a; return (_a = a.settings) === null || _a === void 0 ? void 0 : _a.disableChangedPasswordNotification; }, (v) => (targetGlobalState.disableChangedPasswordNotification = v));
+            this.tryAddSetting(accounts, (a) => { var _a; return (_a = a.settings) === null || _a === void 0 ? void 0 : _a.disableContextMenuItem; }, (v) => (targetGlobalState.disableContextMenuItem = v));
+            yield helper.set("global", Object.assign(Object.assign({}, global), targetGlobalState));
+            yield Promise.all(accounts.map(({ userId, account }) => _9_move_browser_settings_to_global_awaiter(this, void 0, void 0, function* () {
+                var _a, _b, _c, _d;
+                (_a = account.settings) === null || _a === void 0 ? true : delete _a.disableAddLoginNotification;
+                (_b = account.settings) === null || _b === void 0 ? true : delete _b.disableChangedPasswordNotification;
+                (_c = account.settings) === null || _c === void 0 ? true : delete _c.disableContextMenuItem;
+                (_d = account.settings) === null || _d === void 0 ? true : delete _d.neverDomains;
+                yield helper.set(userId, account);
+            })));
+        });
+    }
+    rollback(helper) {
+        throw new Error("Method not implemented.");
+    }
+}
 ;// CONCATENATED MODULE: ../../libs/common/src/state-migrations/migrations/min-version.ts
 var min_version_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
@@ -16653,8 +17364,9 @@ var migrate_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _
 const MIN_VERSION = 2;
-const CURRENT_VERSION = 8;
+const CURRENT_VERSION = 9;
 function migrate(storageService, logService) {
     return migrate_awaiter(this, void 0, void 0, function* () {
         const migrationHelper = new MigrationHelper(yield currentVersion(storageService, logService), storageService, logService);
@@ -16670,7 +17382,8 @@ function migrate(storageService, logService) {
             .with(AddKeyTypeToOrgKeysMigrator, 4, 5)
             .with(RemoveLegacyEtmKeyMigrator, 5, 6)
             .with(MoveBiometricAutoPromptToAccount, 6, 7)
-            .with(MoveStateVersionMigrator, 7, CURRENT_VERSION)
+            .with(MoveStateVersionMigrator, 7, 8)
+            .with(MoveBrowserSettingsToGlobal, 8, CURRENT_VERSION)
             .migrate(migrationHelper);
     });
 }
@@ -17518,6 +18231,7 @@ class Fido2CredentialData {
         this.keyValue = data.keyValue;
         this.rpId = data.rpId;
         this.userHandle = data.userHandle;
+        this.userName = data.userName;
         this.counter = data.counter;
         this.rpName = data.rpName;
         this.userDisplayName = data.userDisplayName;
@@ -17648,6 +18362,7 @@ class CollectionData {
         this.name = response.name;
         this.externalId = response.externalId;
         this.readOnly = response.readOnly;
+        this.manage = response.manage;
         this.hidePasswords = response.hidePasswords;
     }
 }
@@ -18135,8 +18850,7 @@ class Fido2CredentialView extends ItemView {
     }
 }
-;// CONCATENATED MODULE: ../../libs/common/src/vault/models/view/login-uri.view.ts
+;// CONCATENATED MODULE: ../../libs/common/src/platform/misc/safe-urls.ts
 const CanLaunchWhitelist = [
     "https://",
@@ -18153,6 +18867,24 @@ const CanLaunchWhitelist = [
     "iosapp://",
     "androidapp://",
 ];
+class SafeUrls {
+    static canLaunch(uri) {
+        if (utils_Utils.isNullOrWhitespace(uri)) {
+            return false;
+        }
+        for (let i = 0; i < CanLaunchWhitelist.length; i++) {
+            if (uri.indexOf(CanLaunchWhitelist[i]) === 0) {
+                return true;
+            }
+        }
+        return false;
+    }
+}
+;// CONCATENATED MODULE: ../../libs/common/src/vault/models/view/login-uri.view.ts
 class LoginUriView {
     constructor(u) {
         this.match = null;
@@ -18224,15 +18956,11 @@ class LoginUriView {
             return this._canLaunch;
         }
         if (this.uri != null && this.match !== UriMatchType.RegularExpression) {
-            const uri = this.launchUri;
-            for (let i = 0; i < CanLaunchWhitelist.length; i++) {
-                if (uri.indexOf(CanLaunchWhitelist[i]) === 0) {
-                    this._canLaunch = true;
-                    return this._canLaunch;
-                }
-            }
+            this._canLaunch = SafeUrls.canLaunch(this.launchUri);
+        }
+        else {
+            this._canLaunch = false;
         }
-        this._canLaunch = false;
         return this._canLaunch;
     }
     get launchUri() {
@@ -18489,7 +19217,8 @@ class CipherView {
         return null;
     }
     get subTitle() {
-        return this.item.subTitle;
+        var _a;
+        return (_a = this.item) === null || _a === void 0 ? void 0 : _a.subTitle;
     }
     get hasPasswordHistory() {
         return this.passwordHistory && this.passwordHistory.length > 0;
@@ -18523,7 +19252,8 @@ class CipherView {
         return this.deletedDate != null;
     }
     get linkedFieldOptions() {
-        return this.item.linkedFieldOptions;
+        var _a;
+        return (_a = this.item) === null || _a === void 0 ? void 0 : _a.linkedFieldOptions;
     }
     linkedFieldValue(id) {
         var _a;
@@ -18589,7 +19319,8 @@ class Collection extends Domain {
             externalId: null,
             readOnly: null,
             hidePasswords: null,
-        }, ["id", "organizationId", "externalId", "readOnly", "hidePasswords"]);
+            manage: null,
+        }, ["id", "organizationId", "externalId", "readOnly", "hidePasswords", "manage"]);
     }
     decrypt() {
         return this.decryptObj(new CollectionView(this), {
@@ -18610,6 +19341,7 @@ class CollectionView {
         // readOnly applies to the items within a collection
         this.readOnly = null;
         this.hidePasswords = null;
+        this.manage = null;
         if (!c) {
             return;
         }
@@ -18619,6 +19351,7 @@ class CollectionView {
         if (c instanceof Collection) {
             this.readOnly = c.readOnly;
             this.hidePasswords = c.hidePasswords;
+            this.manage = c.manage;
         }
     }
     // For editing collection details, not the items within it.
@@ -18629,11 +19362,16 @@ class CollectionView {
         return (org === null || org === void 0 ? void 0 : org.canEditAnyCollection) || (org === null || org === void 0 ? void 0 : org.canEditAssignedCollections);
     }
     // For deleting a collection, not the items within it.
-    canDelete(org) {
+    canDelete(org, flexibleCollectionsEnabled) {
         if (org.id !== this.organizationId) {
             throw new Error("Id of the organization provided does not match the org id of the collection.");
         }
-        return (org === null || org === void 0 ? void 0 : org.canDeleteAnyCollection) || (org === null || org === void 0 ? void 0 : org.canDeleteAssignedCollections);
+        if (flexibleCollectionsEnabled) {
+            return (org === null || org === void 0 ? void 0 : org.canDeleteAnyCollection) || (!(org === null || org === void 0 ? void 0 : org.limitCollectionCreationDeletion) && this.manage);
+        }
+        else {
+            return (org === null || org === void 0 ? void 0 : org.canDeleteAnyCollection) || (org === null || org === void 0 ? void 0 : org.canDeleteAssignedCollections);
+        }
     }
 }
@@ -18710,6 +19448,7 @@ var state_service_awaiter = (undefined && undefined.__awaiter) || function (this
 const keys = {
@@ -19552,16 +20291,16 @@ class StateService {
         });
     }
     getDisableAddLoginNotification(options) {
-        var _a, _b, _c;
+        var _a, _b;
         return state_service_awaiter(this, void 0, void 0, function* () {
-            return ((_c = (_b = (_a = (yield this.getAccount(this.reconcileOptions(options, yield this.defaultOnDiskOptions())))) === null || _a === void 0 ? void 0 : _a.settings) === null || _b === void 0 ? void 0 : _b.disableAddLoginNotification) !== null && _c !== void 0 ? _c : false);
+            return ((_b = (_a = (yield this.getGlobals(this.reconcileOptions(options, yield this.defaultOnDiskOptions())))) === null || _a === void 0 ? void 0 : _a.disableAddLoginNotification) !== null && _b !== void 0 ? _b : false);
         });
     }
     setDisableAddLoginNotification(value, options) {
         return state_service_awaiter(this, void 0, void 0, function* () {
-            const account = yield this.getAccount(this.reconcileOptions(options, yield this.defaultOnDiskOptions()));
-            account.settings.disableAddLoginNotification = value;
-            yield this.saveAccount(account, this.reconcileOptions(options, yield this.defaultOnDiskOptions()));
+            const globals = yield this.getGlobals(this.reconcileOptions(options, yield this.defaultOnDiskOptions()));
+            globals.disableAddLoginNotification = value;
+            yield this.saveGlobals(globals, this.reconcileOptions(options, yield this.defaultOnDiskOptions()));
         });
     }
     getDisableAutoBiometricsPrompt(options) {
@@ -19604,29 +20343,42 @@ class StateService {
         });
     }
     getDisableChangedPasswordNotification(options) {
-        var _a, _b, _c;
+        var _a, _b;
         return state_service_awaiter(this, void 0, void 0, function* () {
-            return ((_c = (_b = (_a = (yield this.getAccount(this.reconcileOptions(options, yield this.defaultOnDiskOptions())))) === null || _a === void 0 ? void 0 : _a.settings) === null || _b === void 0 ? void 0 : _b.disableChangedPasswordNotification) !== null && _c !== void 0 ? _c : false);
+            return ((_b = (_a = (yield this.getGlobals(this.reconcileOptions(options, yield this.defaultOnDiskOptions())))) === null || _a === void 0 ? void 0 : _a.disableChangedPasswordNotification) !== null && _b !== void 0 ? _b : false);
         });
     }
     setDisableChangedPasswordNotification(value, options) {
         return state_service_awaiter(this, void 0, void 0, function* () {
-            const account = yield this.getAccount(this.reconcileOptions(options, yield this.defaultOnDiskOptions()));
-            account.settings.disableChangedPasswordNotification = value;
-            yield this.saveAccount(account, this.reconcileOptions(options, yield this.defaultOnDiskOptions()));
+            const globals = yield this.getGlobals(this.reconcileOptions(options, yield this.defaultOnDiskOptions()));
+            globals.disableChangedPasswordNotification = value;
+            yield this.saveGlobals(globals, this.reconcileOptions(options, yield this.defaultOnDiskOptions()));
+        });
+    }
+    getEnablePasskeys(options) {
+        var _a, _b;
+        return state_service_awaiter(this, void 0, void 0, function* () {
+            return ((_b = (_a = (yield this.getGlobals(this.reconcileOptions(options, yield this.defaultOnDiskOptions())))) === null || _a === void 0 ? void 0 : _a.enablePasskeys) !== null && _b !== void 0 ? _b : true);
+        });
+    }
+    setEnablePasskeys(value, options) {
+        return state_service_awaiter(this, void 0, void 0, function* () {
+            const globals = yield this.getGlobals(this.reconcileOptions(options, yield this.defaultOnDiskOptions()));
+            globals.enablePasskeys = value;
+            yield this.saveGlobals(globals, this.reconcileOptions(options, yield this.defaultOnDiskOptions()));
         });
     }
     getDisableContextMenuItem(options) {
-        var _a, _b, _c;
+        var _a, _b;
         return state_service_awaiter(this, void 0, void 0, function* () {
-            return ((_c = (_b = (_a = (yield this.getAccount(this.reconcileOptions(options, yield this.defaultOnDiskOptions())))) === null || _a === void 0 ? void 0 : _a.settings) === null || _b === void 0 ? void 0 : _b.disableContextMenuItem) !== null && _c !== void 0 ? _c : false);
+            return ((_b = (_a = (yield this.getGlobals(this.reconcileOptions(options, yield this.defaultOnDiskOptions())))) === null || _a === void 0 ? void 0 : _a.disableContextMenuItem) !== null && _b !== void 0 ? _b : false);
         });
     }
     setDisableContextMenuItem(value, options) {
         return state_service_awaiter(this, void 0, void 0, function* () {
-            const account = yield this.getAccount(this.reconcileOptions(options, yield this.defaultOnDiskOptions()));
-            account.settings.disableContextMenuItem = value;
-            yield this.saveAccount(account, this.reconcileOptions(options, yield this.defaultOnDiskOptions()));
+            const globals = yield this.getGlobals(this.reconcileOptions(options, yield this.defaultOnDiskOptions()));
+            globals.disableContextMenuItem = value;
+            yield this.saveGlobals(globals, this.reconcileOptions(options, yield this.defaultOnDiskOptions()));
         });
     }
     getDisableFavicon(options) {
@@ -19854,6 +20606,19 @@ class StateService {
             yield this.saveGlobals(globals, this.reconcileOptions(options, yield this.defaultOnDiskOptions()));
         });
     }
+    getAutoFillOverlayVisibility(options) {
+        var _a, _b;
+        return state_service_awaiter(this, void 0, void 0, function* () {
+            return ((_b = (_a = (yield this.getGlobals(this.reconcileOptions(options, yield this.defaultOnDiskLocalOptions())))) === null || _a === void 0 ? void 0 : _a.autoFillOverlayVisibility) !== null && _b !== void 0 ? _b : AutofillOverlayVisibility.OnFieldFocus);
+        });
+    }
+    setAutoFillOverlayVisibility(value, options) {
+        return state_service_awaiter(this, void 0, void 0, function* () {
+            const globals = yield this.getGlobals(this.reconcileOptions(options, yield this.defaultOnDiskLocalOptions()));
+            globals.autoFillOverlayVisibility = value;
+            yield this.saveGlobals(globals, this.reconcileOptions(options, yield this.defaultOnDiskLocalOptions()));
+        });
+    }
     getEnableAutoFillOnPageLoad(options) {
         var _a, _b, _c;
         return state_service_awaiter(this, void 0, void 0, function* () {
@@ -20238,16 +21003,16 @@ class StateService {
             yield this.saveAccount(account, this.reconcileOptions(options, yield this.defaultInMemoryOptions()));
         });
     }
-    getForcePasswordResetReason(options) {
+    getForceSetPasswordReason(options) {
         var _a, _b, _c;
         return state_service_awaiter(this, void 0, void 0, function* () {
-            return ((_c = (_b = (_a = (yield this.getAccount(this.reconcileOptions(options, yield this.defaultOnDiskMemoryOptions())))) === null || _a === void 0 ? void 0 : _a.profile) === null || _b === void 0 ? void 0 : _b.forcePasswordResetReason) !== null && _c !== void 0 ? _c : ForceResetPasswordReason.None);
+            return ((_c = (_b = (_a = (yield this.getAccount(this.reconcileOptions(options, yield this.defaultOnDiskMemoryOptions())))) === null || _a === void 0 ? void 0 : _a.profile) === null || _b === void 0 ? void 0 : _b.forceSetPasswordReason) !== null && _c !== void 0 ? _c : ForceSetPasswordReason.None);
         });
     }
-    setForcePasswordResetReason(value, options) {
+    setForceSetPasswordReason(value, options) {
         return state_service_awaiter(this, void 0, void 0, function* () {
             const account = yield this.getAccount(this.reconcileOptions(options, yield this.defaultOnDiskMemoryOptions()));
-            account.profile.forcePasswordResetReason = value;
+            account.profile.forceSetPasswordReason = value;
             yield this.saveAccount(account, this.reconcileOptions(options, yield this.defaultOnDiskMemoryOptions()));
         });
     }
@@ -20401,16 +21166,16 @@ class StateService {
         });
     }
     getNeverDomains(options) {
-        var _a, _b;
+        var _a;
         return state_service_awaiter(this, void 0, void 0, function* () {
-            return (_b = (_a = (yield this.getAccount(this.reconcileOptions(options, yield this.defaultOnDiskOptions())))) === null || _a === void 0 ? void 0 : _a.settings) === null || _b === void 0 ? void 0 : _b.neverDomains;
+            return (_a = (yield this.getGlobals(this.reconcileOptions(options, yield this.defaultOnDiskOptions())))) === null || _a === void 0 ? void 0 : _a.neverDomains;
         });
     }
     setNeverDomains(value, options) {
         return state_service_awaiter(this, void 0, void 0, function* () {
-            const account = yield this.getAccount(this.reconcileOptions(options, yield this.defaultOnDiskOptions()));
-            account.settings.neverDomains = value;
-            yield this.saveAccount(account, this.reconcileOptions(options, yield this.defaultOnDiskOptions()));
+            const globals = yield this.getGlobals(this.reconcileOptions(options, yield this.defaultOnDiskOptions()));
+            globals.neverDomains = value;
+            yield this.saveGlobals(globals, this.reconcileOptions(options, yield this.defaultOnDiskOptions()));
         });
     }
     getNoAutoPromptBiometricsText(options) {
@@ -20452,19 +21217,6 @@ class StateService {
             yield this.saveGlobals(globals, this.reconcileOptions(options, yield this.defaultInMemoryOptions()));
         });
     }
-    getEmergencyAccessInvitation(options) {
-        var _a;
-        return state_service_awaiter(this, void 0, void 0, function* () {
-            return (_a = (yield this.getGlobals(this.reconcileOptions(options, yield this.defaultOnDiskOptions())))) === null || _a === void 0 ? void 0 : _a.emergencyAccessInvitation;
-        });
-    }
-    setEmergencyAccessInvitation(value, options) {
-        return state_service_awaiter(this, void 0, void 0, function* () {
-            const globals = yield this.getGlobals(this.reconcileOptions(options, yield this.defaultOnDiskOptions()));
-            globals.emergencyAccessInvitation = value;
-            yield this.saveGlobals(globals, this.reconcileOptions(options, yield this.defaultOnDiskOptions()));
-        });
-    }
     /**
      * @deprecated Do not call this directly, use OrganizationService
      */
@@ -20824,6 +21576,19 @@ class StateService {
             return yield this.saveAccount(account, this.reconcileOptions(options, yield this.defaultOnDiskLocalOptions()));
         });
     }
+    getDeepLinkRedirectUrl(options) {
+        var _a;
+        return state_service_awaiter(this, void 0, void 0, function* () {
+            return (_a = (yield this.getGlobals(this.reconcileOptions(options, yield this.defaultOnDiskOptions())))) === null || _a === void 0 ? void 0 : _a.deepLinkRedirectUrl;
+        });
+    }
+    setDeepLinkRedirectUrl(url, options) {
+        return state_service_awaiter(this, void 0, void 0, function* () {
+            const globals = yield this.getGlobals(this.reconcileOptions(options, yield this.defaultOnDiskOptions()));
+            globals.deepLinkRedirectUrl = url;
+            yield this.saveGlobals(globals, this.reconcileOptions(options, yield this.defaultOnDiskOptions()));
+        });
+    }
     getGlobals(options) {
         return state_service_awaiter(this, void 0, void 0, function* () {
             let globals;
@@ -21437,6 +22202,139 @@ function withPrototypeForObjectValues(valuesConstructor, valuesConverter = (i) =
     };
 }
+;// CONCATENATED MODULE: ../../libs/common/src/platform/state/state-update-options.ts
+const DEFAULT_OPTIONS = {
+    shouldUpdate: () => true,
+    combineLatestWith: null,
+    msTimeout: 1000,
+};
+function populateOptionsWithDefault(options) {
+    return Object.assign(Object.assign({}, DEFAULT_OPTIONS), options);
+}
+;// CONCATENATED MODULE: ../../libs/common/src/platform/state/implementations/util.ts
+var util_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+function getStoredValue(key, storage, deserializer) {
+    return util_awaiter(this, void 0, void 0, function* () {
+        if (storage.valuesRequireDeserialization) {
+            const jsonValue = yield storage.get(key);
+            const value = deserializer(jsonValue);
+            return value;
+        }
+        else {
+            const value = yield storage.get(key);
+            return value !== null && value !== void 0 ? value : null;
+        }
+    });
+}
+;// CONCATENATED MODULE: ../../libs/common/src/platform/state/implementations/default-global-state.ts
+var default_global_state_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+const FAKE_DEFAULT = Symbol("fakeDefault");
+class DefaultGlobalState {
+    constructor(keyDefinition, chosenLocation) {
+        this.keyDefinition = keyDefinition;
+        this.chosenLocation = chosenLocation;
+        this.stateSubject = new external_rxjs_namespaceObject.BehaviorSubject(FAKE_DEFAULT);
+        this.storageKey = globalKeyBuilder(this.keyDefinition);
+        const storageUpdates$ = this.chosenLocation.updates$.pipe((0,external_rxjs_namespaceObject.filter)((update) => update.key === this.storageKey), (0,external_rxjs_namespaceObject.switchMap)((update) => default_global_state_awaiter(this, void 0, void 0, function* () {
+            if (update.updateType === "remove") {
+                return null;
+            }
+            return yield getStoredValue(this.storageKey, this.chosenLocation, this.keyDefinition.deserializer);
+        })), (0,external_rxjs_namespaceObject.shareReplay)({ bufferSize: 1, refCount: false }));
+        this.state$ = (0,external_rxjs_namespaceObject.defer)(() => {
+            const storageUpdateSubscription = storageUpdates$.subscribe((value) => {
+                this.stateSubject.next(value);
+            });
+            this.getFromState().then((s) => {
+                this.stateSubject.next(s);
+            });
+            return this.stateSubject.pipe((0,external_rxjs_namespaceObject.tap)({
+                complete: () => {
+                    storageUpdateSubscription.unsubscribe();
+                },
+            }));
+        }).pipe((0,external_rxjs_namespaceObject.shareReplay)({ refCount: false, bufferSize: 1 }), (0,external_rxjs_namespaceObject.filter)((i) => i != FAKE_DEFAULT));
+    }
+    update(configureState, options = {}) {
+        return default_global_state_awaiter(this, void 0, void 0, function* () {
+            options = populateOptionsWithDefault(options);
+            const currentState = yield this.getGuaranteedState();
+            const combinedDependencies = options.combineLatestWith != null
+                ? yield (0,external_rxjs_namespaceObject.firstValueFrom)(options.combineLatestWith.pipe((0,external_rxjs_namespaceObject.timeout)(options.msTimeout)))
+                : null;
+            if (!options.shouldUpdate(currentState, combinedDependencies)) {
+                return;
+            }
+            const newState = configureState(currentState, combinedDependencies);
+            yield this.chosenLocation.save(this.storageKey, newState);
+            return newState;
+        });
+    }
+    getGuaranteedState() {
+        return default_global_state_awaiter(this, void 0, void 0, function* () {
+            const currentValue = this.stateSubject.getValue();
+            return currentValue === FAKE_DEFAULT ? yield this.getFromState() : currentValue;
+        });
+    }
+    getFromState() {
+        return default_global_state_awaiter(this, void 0, void 0, function* () {
+            return yield getStoredValue(this.storageKey, this.chosenLocation, this.keyDefinition.deserializer);
+        });
+    }
+}
+;// CONCATENATED MODULE: ../../libs/common/src/platform/state/implementations/default-global-state.provider.ts
+class DefaultGlobalStateProvider {
+    constructor(memoryStorage, diskStorage) {
+        this.memoryStorage = memoryStorage;
+        this.diskStorage = diskStorage;
+        this.globalStateCache = {};
+    }
+    get(keyDefinition) {
+        const cacheKey = keyDefinition.buildCacheKey();
+        const existingGlobalState = this.globalStateCache[cacheKey];
+        if (existingGlobalState != null) {
+            // The cast into the actual generic is safe because of rules around key definitions
+            // being unique.
+            return existingGlobalState;
+        }
+        const newGlobalState = new DefaultGlobalState(keyDefinition, this.getLocation(keyDefinition.stateDefinition.storageLocation));
+        this.globalStateCache[cacheKey] = newGlobalState;
+        return newGlobalState;
+    }
+    getLocation(location) {
+        switch (location) {
+            case "disk":
+                return this.diskStorage;
+            case "memory":
+                return this.memoryStorage;
+        }
+    }
+}
 ;// CONCATENATED MODULE: ../../libs/common/src/platform/misc/throttle.ts
 /**
  * Use as a Decorator on async functions, it will limit how many times the function can be
@@ -21565,104 +22463,73 @@ audit_service_decorate([
     audit_service_metadata("design:returntype", Promise)
 ], AuditService.prototype, "passwordLeaked", null);
-;// CONCATENATED MODULE: ../../libs/common/src/admin-console/models/response/selection-read-only.response.ts
-class SelectionReadOnlyResponse extends BaseResponse {
-    constructor(response) {
-        super(response);
-        this.id = this.getResponseProperty("Id");
-        this.readOnly = this.getResponseProperty("ReadOnly");
-        this.hidePasswords = this.getResponseProperty("HidePasswords");
-    }
-}
-;// CONCATENATED MODULE: ../../libs/common/src/abstractions/organization-user/responses/organization-user.response.ts
-class OrganizationUserResponse extends BaseResponse {
-    constructor(response) {
-        super(response);
-        this.collections = [];
-        this.groups = [];
-        this.id = this.getResponseProperty("Id");
-        this.userId = this.getResponseProperty("UserId");
-        this.type = this.getResponseProperty("Type");
-        this.status = this.getResponseProperty("Status");
-        this.permissions = new PermissionsApi(this.getResponseProperty("Permissions"));
-        this.externalId = this.getResponseProperty("ExternalId");
-        this.accessAll = this.getResponseProperty("AccessAll");
-        this.accessSecretsManager = this.getResponseProperty("AccessSecretsManager");
-        this.resetPasswordEnrolled = this.getResponseProperty("ResetPasswordEnrolled");
-        this.hasMasterPassword = this.getResponseProperty("HasMasterPassword");
-        const collections = this.getResponseProperty("Collections");
-        if (collections != null) {
-            this.collections = collections.map((c) => new SelectionReadOnlyResponse(c));
-        }
-        const groups = this.getResponseProperty("Groups");
-        if (groups != null) {
-            this.groups = groups;
-        }
-    }
-}
-class OrganizationUserUserDetailsResponse extends OrganizationUserResponse {
-    constructor(response) {
-        var _a;
-        super(response);
-        this.name = this.getResponseProperty("Name");
-        this.email = this.getResponseProperty("Email");
-        this.avatarColor = this.getResponseProperty("AvatarColor");
-        this.twoFactorEnabled = this.getResponseProperty("TwoFactorEnabled");
-        this.usesKeyConnector = (_a = this.getResponseProperty("UsesKeyConnector")) !== null && _a !== void 0 ? _a : false;
-    }
-}
-class OrganizationUserDetailsResponse extends OrganizationUserResponse {
-    constructor(response) {
-        super(response);
-    }
-}
-class OrganizationUserResetPasswordDetailsResponse extends BaseResponse {
-    constructor(response) {
-        super(response);
-        this.kdf = this.getResponseProperty("Kdf");
-        this.kdfIterations = this.getResponseProperty("KdfIterations");
-        this.kdfMemory = this.getResponseProperty("KdfMemory");
-        this.kdfParallelism = this.getResponseProperty("KdfParallelism");
-        this.resetPasswordKey = this.getResponseProperty("ResetPasswordKey");
-        this.encryptedPrivateKey = this.getResponseProperty("EncryptedPrivateKey");
-    }
-}
-;// CONCATENATED MODULE: ../../libs/common/src/abstractions/organization-user/responses/organization-user-bulk.response.ts
+;// CONCATENATED MODULE: ../../libs/common/src/services/event/event-collection.service.ts
+var event_collection_service_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
-class OrganizationUserBulkResponse extends BaseResponse {
-    constructor(response) {
-        super(response);
-        this.id = this.getResponseProperty("Id");
-        this.error = this.getResponseProperty("Error");
+class EventCollectionService {
+    constructor(cipherService, stateService, organizationService, eventUploadService) {
+        this.cipherService = cipherService;
+        this.stateService = stateService;
+        this.organizationService = organizationService;
+        this.eventUploadService = eventUploadService;
     }
-}
-;// CONCATENATED MODULE: ../../libs/common/src/abstractions/organization-user/responses/organization-user-bulk-public-key.response.ts
-class OrganizationUserBulkPublicKeyResponse extends BaseResponse {
-    constructor(response) {
-        super(response);
-        this.id = this.getResponseProperty("Id");
-        this.userId = this.getResponseProperty("UserId");
-        this.key = this.getResponseProperty("Key");
+    collect(eventType, cipherId = null, uploadImmediately = false, organizationId = null) {
+        return event_collection_service_awaiter(this, void 0, void 0, function* () {
+            const authed = yield this.stateService.getIsAuthenticated();
+            if (!authed) {
+                return;
+            }
+            const organizations = yield this.organizationService.getAll();
+            if (organizations == null) {
+                return;
+            }
+            const orgIds = new Set(organizations.filter((o) => o.useEvents).map((o) => o.id));
+            if (orgIds.size === 0) {
+                return;
+            }
+            if (cipherId != null) {
+                const cipher = yield this.cipherService.get(cipherId);
+                if (cipher == null || cipher.organizationId == null || !orgIds.has(cipher.organizationId)) {
+                    return;
+                }
+            }
+            if (organizationId != null) {
+                if (!orgIds.has(organizationId)) {
+                    return;
+                }
+            }
+            let eventCollection = yield this.stateService.getEventCollection();
+            if (eventCollection == null) {
+                eventCollection = [];
+            }
+            const event = new EventData();
+            event.type = eventType;
+            event.cipherId = cipherId;
+            event.date = new Date().toISOString();
+            event.organizationId = organizationId;
+            eventCollection.push(event);
+            yield this.stateService.setEventCollection(eventCollection);
+            if (uploadImmediately) {
+                yield this.eventUploadService.uploadEvents();
+            }
+        });
     }
 }
-;// CONCATENATED MODULE: ../../libs/common/src/services/organization-user/requests/organization-user-bulk.request.ts
-class OrganizationUserBulkRequest {
-    constructor(ids) {
-        this.ids = ids == null ? [] : ids;
-    }
+;// CONCATENATED MODULE: ../../libs/common/src/models/request/event.request.ts
+class EventRequest {
 }
-;// CONCATENATED MODULE: ../../libs/common/src/services/organization-user/organization-user.service.implementation.ts
-var organization_user_service_implementation_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
+;// CONCATENATED MODULE: ../../libs/common/src/services/event/event-upload.service.ts
+var event_upload_service_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
     return new (P || (P = Promise))(function (resolve, reject) {
         function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
@@ -21672,122 +22539,53 @@ var organization_user_service_implementation_awaiter = (undefined && undefined._
     });
 };
-class OrganizationUserServiceImplementation {
-    constructor(apiService) {
+class EventUploadService {
+    constructor(apiService, stateService, logService) {
         this.apiService = apiService;
+        this.stateService = stateService;
+        this.logService = logService;
+        this.inited = false;
     }
-    getOrganizationUser(organizationId, id, options) {
-        return organization_user_service_implementation_awaiter(this, void 0, void 0, function* () {
-            const params = new URLSearchParams();
-            if (options === null || options === void 0 ? void 0 : options.includeGroups) {
-                params.set("includeGroups", "true");
-            }
-            const r = yield this.apiService.send("GET", `/organizations/${organizationId}/users/${id}?${params.toString()}`, null, true, true);
-            return new OrganizationUserDetailsResponse(r);
-        });
-    }
-    getOrganizationUserGroups(organizationId, id) {
-        return organization_user_service_implementation_awaiter(this, void 0, void 0, function* () {
-            const r = yield this.apiService.send("GET", "/organizations/" + organizationId + "/users/" + id + "/groups", null, true, true);
-            return r;
-        });
+    init(checkOnInterval) {
+        if (this.inited) {
+            return;
+        }
+        this.inited = true;
+        if (checkOnInterval) {
+            this.uploadEvents();
+            setInterval(() => this.uploadEvents(), 60 * 1000); // check every 60 seconds
+        }
     }
-    getAllUsers(organizationId, options) {
-        return organization_user_service_implementation_awaiter(this, void 0, void 0, function* () {
-            const params = new URLSearchParams();
-            if (options === null || options === void 0 ? void 0 : options.includeCollections) {
-                params.set("includeCollections", "true");
+    uploadEvents(userId) {
+        return event_upload_service_awaiter(this, void 0, void 0, function* () {
+            const authed = yield this.stateService.getIsAuthenticated({ userId: userId });
+            if (!authed) {
+                return;
             }
-            if (options === null || options === void 0 ? void 0 : options.includeGroups) {
-                params.set("includeGroups", "true");
+            const eventCollection = yield this.stateService.getEventCollection({ userId: userId });
+            if (eventCollection == null || eventCollection.length === 0) {
+                return;
+            }
+            const request = eventCollection.map((e) => {
+                const req = new EventRequest();
+                req.type = e.type;
+                req.cipherId = e.cipherId;
+                req.date = e.date;
+                req.organizationId = e.organizationId;
+                return req;
+            });
+            try {
+                yield this.apiService.postEventsCollect(request);
+                this.clearEvents(userId);
+            }
+            catch (e) {
+                this.logService.error(e);
             }
-            const r = yield this.apiService.send("GET", `/organizations/${organizationId}/users?${params.toString()}`, null, true, true);
-            return new ListResponse(r, OrganizationUserUserDetailsResponse);
-        });
-    }
-    getOrganizationUserResetPasswordDetails(organizationId, id) {
-        return organization_user_service_implementation_awaiter(this, void 0, void 0, function* () {
-            const r = yield this.apiService.send("GET", "/organizations/" + organizationId + "/users/" + id + "/reset-password-details", null, true, true);
-            return new OrganizationUserResetPasswordDetailsResponse(r);
-        });
-    }
-    postOrganizationUserInvite(organizationId, request) {
-        return this.apiService.send("POST", "/organizations/" + organizationId + "/users/invite", request, true, false);
-    }
-    postOrganizationUserReinvite(organizationId, id) {
-        return this.apiService.send("POST", "/organizations/" + organizationId + "/users/" + id + "/reinvite", null, true, false);
-    }
-    postManyOrganizationUserReinvite(organizationId, ids) {
-        return organization_user_service_implementation_awaiter(this, void 0, void 0, function* () {
-            const r = yield this.apiService.send("POST", "/organizations/" + organizationId + "/users/reinvite", new OrganizationUserBulkRequest(ids), true, true);
-            return new ListResponse(r, OrganizationUserBulkResponse);
-        });
-    }
-    postOrganizationUserAcceptInit(organizationId, id, request) {
-        return this.apiService.send("POST", "/organizations/" + organizationId + "/users/" + id + "/accept-init", request, true, false);
-    }
-    postOrganizationUserAccept(organizationId, id, request) {
-        return this.apiService.send("POST", "/organizations/" + organizationId + "/users/" + id + "/accept", request, true, false);
-    }
-    postOrganizationUserConfirm(organizationId, id, request) {
-        return this.apiService.send("POST", "/organizations/" + organizationId + "/users/" + id + "/confirm", request, true, false);
-    }
-    postOrganizationUsersPublicKey(organizationId, ids) {
-        return organization_user_service_implementation_awaiter(this, void 0, void 0, function* () {
-            const r = yield this.apiService.send("POST", "/organizations/" + organizationId + "/users/public-keys", new OrganizationUserBulkRequest(ids), true, true);
-            return new ListResponse(r, OrganizationUserBulkPublicKeyResponse);
-        });
-    }
-    postOrganizationUserBulkConfirm(organizationId, request) {
-        return organization_user_service_implementation_awaiter(this, void 0, void 0, function* () {
-            const r = yield this.apiService.send("POST", "/organizations/" + organizationId + "/users/confirm", request, true, true);
-            return new ListResponse(r, OrganizationUserBulkResponse);
-        });
-    }
-    putOrganizationUserBulkEnableSecretsManager(organizationId, ids) {
-        return organization_user_service_implementation_awaiter(this, void 0, void 0, function* () {
-            yield this.apiService.send("PUT", "/organizations/" + organizationId + "/users/enable-secrets-manager", new OrganizationUserBulkRequest(ids), true, false);
-        });
-    }
-    putOrganizationUser(organizationId, id, request) {
-        return this.apiService.send("PUT", "/organizations/" + organizationId + "/users/" + id, request, true, false);
-    }
-    putOrganizationUserGroups(organizationId, id, request) {
-        return this.apiService.send("PUT", "/organizations/" + organizationId + "/users/" + id + "/groups", request, true, false);
-    }
-    putOrganizationUserResetPasswordEnrollment(organizationId, userId, request) {
-        return this.apiService.send("PUT", "/organizations/" + organizationId + "/users/" + userId + "/reset-password-enrollment", request, true, false);
-    }
-    putOrganizationUserResetPassword(organizationId, id, request) {
-        return this.apiService.send("PUT", "/organizations/" + organizationId + "/users/" + id + "/reset-password", request, true, false);
-    }
-    deleteOrganizationUser(organizationId, id) {
-        return this.apiService.send("DELETE", "/organizations/" + organizationId + "/users/" + id, null, true, false);
-    }
-    deleteManyOrganizationUsers(organizationId, ids) {
-        return organization_user_service_implementation_awaiter(this, void 0, void 0, function* () {
-            const r = yield this.apiService.send("DELETE", "/organizations/" + organizationId + "/users", new OrganizationUserBulkRequest(ids), true, true);
-            return new ListResponse(r, OrganizationUserBulkResponse);
-        });
-    }
-    revokeOrganizationUser(organizationId, id) {
-        return this.apiService.send("PUT", "/organizations/" + organizationId + "/users/" + id + "/revoke", null, true, false);
-    }
-    revokeManyOrganizationUsers(organizationId, ids) {
-        return organization_user_service_implementation_awaiter(this, void 0, void 0, function* () {
-            const r = yield this.apiService.send("PUT", "/organizations/" + organizationId + "/users/revoke", new OrganizationUserBulkRequest(ids), true, true);
-            return new ListResponse(r, OrganizationUserBulkResponse);
         });
     }
-    restoreOrganizationUser(organizationId, id) {
-        return this.apiService.send("PUT", "/organizations/" + organizationId + "/users/" + id + "/restore", null, true, false);
-    }
-    restoreManyOrganizationUsers(organizationId, ids) {
-        return organization_user_service_implementation_awaiter(this, void 0, void 0, function* () {
-            const r = yield this.apiService.send("PUT", "/organizations/" + organizationId + "/users/restore", new OrganizationUserBulkRequest(ids), true, true);
-            return new ListResponse(r, OrganizationUserBulkResponse);
+    clearEvents(userId) {
+        return event_upload_service_awaiter(this, void 0, void 0, function* () {
+            yield this.stateService.setEventCollection(null, { userId: userId });
         });
     }
 }
@@ -22162,6 +22960,16 @@ class SettingsService {
     getDisableFavicon() {
         return this._disableFavicon.getValue();
     }
+    setAutoFillOverlayVisibility(value) {
+        return settings_service_awaiter(this, void 0, void 0, function* () {
+            return yield this.stateService.setAutoFillOverlayVisibility(value);
+        });
+    }
+    getAutoFillOverlayVisibility() {
+        return settings_service_awaiter(this, void 0, void 0, function* () {
+            return yield this.stateService.getAutoFillOverlayVisibility();
+        });
+    }
     clear(userId) {
         return settings_service_awaiter(this, void 0, void 0, function* () {
             if (userId == null || userId == (yield this.stateService.getUserId())) {
@@ -22357,13 +23165,13 @@ class VaultTimeoutSettingsService {
     }
     setVaultTimeoutOptions(timeout, action) {
         return vault_timeout_settings_service_awaiter(this, void 0, void 0, function* () {
-            yield this.stateService.setVaultTimeout(timeout);
             // We swap these tokens from being on disk for lock actions, and in memory for logout actions
             // Get them here to set them to their new location after changing the timeout action and clearing if needed
             const token = yield this.tokenService.getToken();
             const refreshToken = yield this.tokenService.getRefreshToken();
             const clientId = yield this.tokenService.getClientId();
             const clientSecret = yield this.tokenService.getClientSecret();
+            yield this.stateService.setVaultTimeout(timeout);
             const currentAction = yield this.stateService.getVaultTimeoutAction();
             if ((timeout != null || timeout === 0) &&
                 action === VaultTimeoutAction.LogOut &&
@@ -23475,7 +24283,7 @@ function devFlagEnabled(flag) {
         return false;
     }
     const devFlags = getFlags(process.env.DEV_FLAGS);
-    return devFlags[flag] == null || !!devFlags[flag];
+    return (devFlags === null || devFlags === void 0 ? void 0 : devFlags[flag]) == null ? false : !!devFlags[flag];
 }
 /**
  * Gets the value of a dev flag from environment.
@@ -23844,6 +24652,7 @@ class Fido2Credential extends Domain {
             keyValue: null,
             rpId: null,
             userHandle: null,
+            userName: null,
             counter: null,
             rpName: null,
             userDisplayName: null,
@@ -23861,6 +24670,7 @@ class Fido2Credential extends Domain {
                 keyValue: null,
                 rpId: null,
                 userHandle: null,
+                userName: null,
                 rpName: null,
                 userDisplayName: null,
                 discoverable: null,
@@ -23889,6 +24699,7 @@ class Fido2Credential extends Domain {
             keyValue: null,
             rpId: null,
             userHandle: null,
+            userName: null,
             counter: null,
             rpName: null,
             userDisplayName: null,
@@ -23907,6 +24718,7 @@ class Fido2Credential extends Domain {
         const keyValue = EncString.fromJSON(obj.keyValue);
         const rpId = EncString.fromJSON(obj.rpId);
         const userHandle = EncString.fromJSON(obj.userHandle);
+        const userName = EncString.fromJSON(obj.userName);
         const counter = EncString.fromJSON(obj.counter);
         const rpName = EncString.fromJSON(obj.rpName);
         const userDisplayName = EncString.fromJSON(obj.userDisplayName);
@@ -23920,6 +24732,7 @@ class Fido2Credential extends Domain {
             keyValue,
             rpId,
             userHandle,
+            userName,
             counter,
             rpName,
             userDisplayName,
@@ -24581,6 +25394,7 @@ class Fido2CredentialApi extends BaseResponse {
         this.keyValue = this.getResponseProperty("keyValue");
         this.rpId = this.getResponseProperty("RpId");
         this.userHandle = this.getResponseProperty("UserHandle");
+        this.userName = this.getResponseProperty("UserName");
         this.counter = this.getResponseProperty("Counter");
         this.rpName = this.getResponseProperty("RpName");
         this.userDisplayName = this.getResponseProperty("UserDisplayName");
@@ -24689,6 +25503,7 @@ class CipherRequest {
                         keyApi.rpName = key.rpName != null ? key.rpName.encryptedString : null;
                         keyApi.counter = key.counter != null ? key.counter.encryptedString : null;
                         keyApi.userHandle = key.userHandle != null ? key.userHandle.encryptedString : null;
+                        keyApi.userName = key.userName != null ? key.userName.encryptedString : null;
                         keyApi.userDisplayName =
                             key.userDisplayName != null ? key.userDisplayName.encryptedString : null;
                         keyApi.discoverable =
@@ -25103,6 +25918,10 @@ class CipherService {
             const ciphers = yield this.getAll();
             const orgKeys = yield this.cryptoService.getOrgKeys();
             const userKey = yield this.cryptoService.getUserKeyWithLegacySupport();
+            if ((orgKeys === null || orgKeys === void 0 ? void 0 : orgKeys.size) === 0 && userKey == null) {
+                // return early if there are no keys to decrypt with
+                return;
+            }
             // Group ciphers by orgId or under 'null' for the user's ciphers
             const grouped = ciphers.reduce((agg, c) => {
                 var _a;
@@ -25846,6 +26665,7 @@ class CipherService {
                                 rpId: null,
                                 rpName: null,
                                 userHandle: null,
+                                userName: null,
                                 userDisplayName: null,
                                 origin: null,
                             }, key);
@@ -26758,6 +27578,7 @@ class OrganizationData {
         this.familySponsorshipValidUntil = response.familySponsorshipValidUntil;
         this.familySponsorshipToDelete = response.familySponsorshipToDelete;
         this.accessSecretsManager = response.accessSecretsManager;
+        this.limitCollectionCreationDeletion = response.limitCollectionCreationDeletion;
         this.isMember = options.isMember;
         this.isProviderUser = options.isProviderUser;
     }
@@ -26791,6 +27612,7 @@ var sync_service_awaiter = (undefined && undefined.__awaiter) || function (thisA
 class SyncService {
     constructor(apiService, settingsService, folderService, cipherService, cryptoService, collectionService, messagingService, policyService, sendService, logService, keyConnectorService, stateService, providerService, folderApiService, organizationService, sendApiService, logoutCallback) {
         this.apiService = apiService;
@@ -27060,10 +27882,7 @@ class SyncService {
             yield this.stateService.setHasPremiumPersonally(response.premiumPersonally);
             yield this.stateService.setHasPremiumFromOrganization(response.premiumFromOrganization);
             yield this.keyConnectorService.setUsesKeyConnector(response.usesKeyConnector);
-            // The `forcePasswordReset` flag indicates an admin has reset the user's password and must be updated
-            if (response.forcePasswordReset) {
-                yield this.stateService.setForcePasswordResetReason(ForceResetPasswordReason.AdminForcePasswordReset);
-            }
+            yield this.setForceSetPasswordReasonIfNeeded(response);
             yield this.syncProfileOrganizations(response);
             const providers = {};
             response.providers.forEach((p) => {
@@ -27079,6 +27898,35 @@ class SyncService {
             }
         });
     }
+    setForceSetPasswordReasonIfNeeded(profileResponse) {
+        return sync_service_awaiter(this, void 0, void 0, function* () {
+            // The `forcePasswordReset` flag indicates an admin has reset the user's password and must be updated
+            if (profileResponse.forcePasswordReset) {
+                yield this.stateService.setForceSetPasswordReason(ForceSetPasswordReason.AdminForcePasswordReset);
+            }
+            const acctDecryptionOpts = yield this.stateService.getAccountDecryptionOptions();
+            // Even though TDE users should only be in a single org (per single org policy), check
+            // through all orgs for the manageResetPassword permission. If they have it in any org,
+            // they should be forced to set a password.
+            let hasManageResetPasswordPermission = false;
+            for (const org of profileResponse.organizations) {
+                const isAdmin = org.type === OrganizationUserType.Admin;
+                const isOwner = org.type === OrganizationUserType.Owner;
+                // Note: apparently permissions only come down populated for custom roles.
+                if (isAdmin || isOwner || (org.permissions && org.permissions.manageResetPassword)) {
+                    hasManageResetPasswordPermission = true;
+                    break;
+                }
+            }
+            if (acctDecryptionOpts.trustedDeviceOption !== undefined &&
+                !acctDecryptionOpts.hasMasterPassword &&
+                hasManageResetPasswordPermission) {
+                // TDE user w/out MP went from having no password reset permission to having it.
+                // Must set the force password reset reason so the auth guard will redirect to the set password page.
+                yield this.stateService.setForceSetPasswordReason(ForceSetPasswordReason.TdeUserWithoutPasswordHasPasswordResetPermission);
+            }
+        });
+    }
     syncProfileOrganizations(response) {
         return sync_service_awaiter(this, void 0, void 0, function* () {
             const organizations = {};
@@ -27420,6 +28268,7 @@ class Fido2CredentialExport {
         req.keyValue = "keyValue";
         req.rpId = "rpId";
         req.userHandle = "userHandle";
+        req.userName = "userName";
         req.counter = "counter";
         req.rpName = "rpName";
         req.userDisplayName = "userDisplayName";
@@ -27441,6 +28290,7 @@ class Fido2CredentialExport {
         view.keyValue = req.keyValue;
         view.rpId = req.rpId;
         view.userHandle = req.userHandle;
+        view.userName = req.userName;
         view.counter = parseInt(req.counter);
         view.rpName = req.rpName;
         view.userDisplayName = req.userDisplayName;
@@ -27462,6 +28312,7 @@ class Fido2CredentialExport {
         domain.keyValue = req.keyValue != null ? new EncString(req.keyValue) : null;
         domain.rpId = req.rpId != null ? new EncString(req.rpId) : null;
         domain.userHandle = req.userHandle != null ? new EncString(req.userHandle) : null;
+        domain.userName = req.userName != null ? new EncString(req.userName) : null;
         domain.counter = req.counter != null ? new EncString(req.counter) : null;
         domain.rpName = req.rpName != null ? new EncString(req.rpName) : null;
         domain.userDisplayName =
@@ -27476,7 +28327,7 @@ class Fido2CredentialExport {
      * @param o - The credential storing the data being exported. When not provided, an empty export is created instead.
      */
     constructor(o) {
-        var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l;
+        var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m;
         if (o == null) {
             return;
         }
@@ -27488,6 +28339,7 @@ class Fido2CredentialExport {
             this.keyValue = o.keyValue;
             this.rpId = o.rpId;
             this.userHandle = o.userHandle;
+            this.userName = o.userName;
             this.counter = String(o.counter);
             this.rpName = o.rpName;
             this.userDisplayName = o.userDisplayName;
@@ -27501,10 +28353,11 @@ class Fido2CredentialExport {
             this.keyValue = (_e = o.keyValue) === null || _e === void 0 ? void 0 : _e.encryptedString;
             this.rpId = (_f = o.rpId) === null || _f === void 0 ? void 0 : _f.encryptedString;
             this.userHandle = (_g = o.userHandle) === null || _g === void 0 ? void 0 : _g.encryptedString;
-            this.counter = (_h = o.counter) === null || _h === void 0 ? void 0 : _h.encryptedString;
-            this.rpName = (_j = o.rpName) === null || _j === void 0 ? void 0 : _j.encryptedString;
-            this.userDisplayName = (_k = o.userDisplayName) === null || _k === void 0 ? void 0 : _k.encryptedString;
-            this.discoverable = (_l = o.discoverable) === null || _l === void 0 ? void 0 : _l.encryptedString;
+            this.userName = (_h = o.userName) === null || _h === void 0 ? void 0 : _h.encryptedString;
+            this.counter = (_j = o.counter) === null || _j === void 0 ? void 0 : _j.encryptedString;
+            this.rpName = (_k = o.rpName) === null || _k === void 0 ? void 0 : _k.encryptedString;
+            this.userDisplayName = (_l = o.userDisplayName) === null || _l === void 0 ? void 0 : _l.encryptedString;
+            this.discoverable = (_m = o.discoverable) === null || _m === void 0 ? void 0 : _m.encryptedString;
         }
         this.creationDate = o.creationDate;
     }
@@ -33406,17 +34259,15 @@ class ProtonPassJsonImporter extends base_importer_BaseImporter {
                 }
                 this.processFolder(result, vault.name);
                 const cipher = this.initLoginCipher();
-                cipher.name = item.data.metadata.name;
-                cipher.notes = item.data.metadata.note;
+                cipher.name = this.getValueOrDefault(item.data.metadata.name, "--");
+                cipher.notes = this.getValueOrDefault(item.data.metadata.note);
                 switch (item.data.type) {
                     case "login": {
                         const loginContent = item.data.content;
                         cipher.login.uris = this.makeUriArray(loginContent.urls);
-                        cipher.login.username = loginContent.username;
-                        cipher.login.password = loginContent.password;
-                        if (loginContent.totpUri != "") {
-                            cipher.login.totp = new URL(loginContent.totpUri).searchParams.get("secret");
-                        }
+                        cipher.login.username = this.getValueOrDefault(loginContent.username);
+                        cipher.login.password = this.getValueOrDefault(loginContent.password);
+                        cipher.login.totp = this.getValueOrDefault(loginContent.totpUri);
                         for (const extraField of item.data.extraFields) {
                             this.processKvp(cipher, extraField.fieldName, extraField.type == "totp" ? extraField.data.totpUri : extraField.data.content, extraField.type == "text" ? FieldType.Text : FieldType.Hidden);
                         }
@@ -33431,10 +34282,10 @@ class ProtonPassJsonImporter extends base_importer_BaseImporter {
                         const creditCardContent = item.data.content;
                         cipher.type = CipherType.Card;
                         cipher.card = new CardView();
-                        cipher.card.cardholderName = creditCardContent.cardholderName;
-                        cipher.card.number = creditCardContent.number;
+                        cipher.card.cardholderName = this.getValueOrDefault(creditCardContent.cardholderName);
+                        cipher.card.number = this.getValueOrDefault(creditCardContent.number);
                         cipher.card.brand = CardView.getCardBrandByPatterns(creditCardContent.number);
-                        cipher.card.code = creditCardContent.verificationNumber;
+                        cipher.card.code = this.getValueOrDefault(creditCardContent.verificationNumber);
                         if (!this.isNullOrWhitespace(creditCardContent.expirationDate)) {
                             cipher.card.expMonth = creditCardContent.expirationDate.substring(0, 2);
                             cipher.card.expMonth = cipher.card.expMonth.replace(/^0+/, "");
@@ -33984,11 +34835,13 @@ class SecureSafeCsvImporter extends base_importer_BaseImporter {
             result.success = false;
             return Promise.resolve(result);
         }
+        // The url field can be in different case formats.
+        const urlField = Object.keys(results[0]).find((k) => /url/i.test(k));
         results.forEach((value) => {
             const cipher = this.initLoginCipher();
             cipher.name = this.getValueOrDefault(value.Title);
             cipher.notes = this.getValueOrDefault(value.Comment);
-            cipher.login.uris = this.makeUriArray(value.Url);
+            cipher.login.uris = this.makeUriArray(value[urlField]);
             cipher.login.password = this.getValueOrDefault(value.Password);
             cipher.login.username = this.getValueOrDefault(value.Username);
             this.cleanupCipher(cipher);
@@ -34479,7 +35332,7 @@ class ImportService {
     getImportOptions() {
         return this.featuredImportOptions.concat(this.regularImportOptions);
     }
-    import(importer, fileContents, organizationId = null, selectedImportTarget = null, isUserAdmin) {
+    import(importer, fileContents, organizationId = null, selectedImportTarget = null, canAccessImportExport) {
         return import_service_awaiter(this, void 0, void 0, function* () {
             let importResult;
             try {
@@ -34509,7 +35362,9 @@ class ImportService {
                     throw new Error(this.i18nService.t("importFormatError"));
                 }
             }
-            if (organizationId && utils_Utils.isNullOrWhitespace(selectedImportTarget) && !isUserAdmin) {
+            if (organizationId &&
+                utils_Utils.isNullOrWhitespace(selectedImportTarget) &&
+                !canAccessImportExport) {
                 const hasUnassignedCollections = importResult.ciphers.some((c) => !Array.isArray(c.collectionIds) || c.collectionIds.length == 0);
                 if (hasUnassignedCollections) {
                     throw new Error(this.i18nService.t("importUnassignedItemsError"));
@@ -35266,14 +36121,14 @@ class CliPlatformUtilsService {
         if (!this.deviceCache) {
             switch (process.platform) {
                 case "win32":
-                    this.deviceCache = DeviceType.WindowsDesktop;
+                    this.deviceCache = DeviceType.WindowsCLI;
                     break;
                 case "darwin":
-                    this.deviceCache = DeviceType.MacOsDesktop;
+                    this.deviceCache = DeviceType.MacOsCLI;
                     break;
                 case "linux":
                 default:
-                    this.deviceCache = DeviceType.LinuxDesktop;
+                    this.deviceCache = DeviceType.LinuxCLI;
                     break;
             }
         }
@@ -35281,7 +36136,7 @@ class CliPlatformUtilsService {
     }
     getDeviceString() {
         const device = DeviceType[this.getDevice()].toLowerCase();
-        return device.replace("desktop", "");
+        return device.replace("cli", "");
     }
     getClientType() {
         return this.clientType;
@@ -35661,6 +36516,7 @@ var lowdb_storage_service_awaiter = (undefined && undefined.__awaiter) || functi
 const retries = {
     retries: 50,
     minTimeout: 100,
@@ -35674,7 +36530,9 @@ class LowdbStorageService {
         this.allowCache = allowCache;
         this.requireLock = requireLock;
         this.ready = false;
+        this.updatesSubject = new external_rxjs_namespaceObject.Subject();
         this.defaults = defaults;
+        this.updates$ = this.updatesSubject.asObservable();
     }
     init() {
         return lowdb_storage_service_awaiter(this, void 0, void 0, function* () {
@@ -35737,6 +36595,9 @@ class LowdbStorageService {
             this.ready = true;
         });
     }
+    get valuesRequireDeserialization() {
+        return true;
+    }
     get(key) {
         return lowdb_storage_service_awaiter(this, void 0, void 0, function* () {
             yield this.waitForReady();
@@ -35760,6 +36621,7 @@ class LowdbStorageService {
             return this.lockDbFile(() => {
                 this.readForNoCache();
                 this.db.set(key, obj).write();
+                this.updatesSubject.next({ key, updateType: "save" });
                 this.logService.debug(`Successfully wrote ${key} to db`);
                 return;
             });
@@ -35771,6 +36633,7 @@ class LowdbStorageService {
             return this.lockDbFile(() => {
                 this.readForNoCache();
                 this.db.unset(key).write();
+                this.updatesSubject.next({ key, updateType: "remove" });
                 this.logService.debug(`Successfully removed ${key} from db`);
                 return;
             });
@@ -35940,6 +36803,7 @@ class CollectionDetailsResponse extends CollectionResponse {
     constructor(response) {
         super(response);
         this.readOnly = this.getResponseProperty("ReadOnly") || false;
+        this.manage = this.getResponseProperty("Manage") || false;
         this.hidePasswords = this.getResponseProperty("HidePasswords") || false;
     }
 }
@@ -36096,59 +36960,6 @@ class DeviceVerificationResponse extends BaseResponse {
     }
 }
-;// CONCATENATED MODULE: ../../libs/common/src/auth/models/response/emergency-access.response.ts
-class EmergencyAccessGranteeDetailsResponse extends BaseResponse {
-    constructor(response) {
-        super(response);
-        this.id = this.getResponseProperty("Id");
-        this.granteeId = this.getResponseProperty("GranteeId");
-        this.name = this.getResponseProperty("Name");
-        this.email = this.getResponseProperty("Email");
-        this.type = this.getResponseProperty("Type");
-        this.status = this.getResponseProperty("Status");
-        this.waitTimeDays = this.getResponseProperty("WaitTimeDays");
-        this.creationDate = this.getResponseProperty("CreationDate");
-        this.avatarColor = this.getResponseProperty("AvatarColor");
-    }
-}
-class EmergencyAccessGrantorDetailsResponse extends BaseResponse {
-    constructor(response) {
-        super(response);
-        this.id = this.getResponseProperty("Id");
-        this.grantorId = this.getResponseProperty("GrantorId");
-        this.name = this.getResponseProperty("Name");
-        this.email = this.getResponseProperty("Email");
-        this.type = this.getResponseProperty("Type");
-        this.status = this.getResponseProperty("Status");
-        this.waitTimeDays = this.getResponseProperty("WaitTimeDays");
-        this.creationDate = this.getResponseProperty("CreationDate");
-        this.avatarColor = this.getResponseProperty("AvatarColor");
-    }
-}
-class EmergencyAccessTakeoverResponse extends BaseResponse {
-    constructor(response) {
-        super(response);
-        this.keyEncrypted = this.getResponseProperty("KeyEncrypted");
-        this.kdf = this.getResponseProperty("Kdf");
-        this.kdfIterations = this.getResponseProperty("KdfIterations");
-        this.kdfMemory = this.getResponseProperty("KdfMemory");
-        this.kdfParallelism = this.getResponseProperty("KdfParallelism");
-    }
-}
-class EmergencyAccessViewResponse extends BaseResponse {
-    constructor(response) {
-        super(response);
-        this.ciphers = [];
-        this.keyEncrypted = this.getResponseProperty("KeyEncrypted");
-        const ciphers = this.getResponseProperty("Ciphers");
-        if (ciphers != null) {
-            this.ciphers = ciphers.map((c) => new CipherResponse(c));
-        }
-    }
-}
 ;// CONCATENATED MODULE: ../../libs/common/src/auth/models/response/key-connector-user-key.response.ts
 class KeyConnectorUserKeyResponse extends BaseResponse {
@@ -36340,6 +37151,13 @@ class TaxRateResponse extends BaseResponse {
     }
 }
+;// CONCATENATED MODULE: ../../libs/common/src/models/request/collection-bulk-delete.request.ts
+class CollectionBulkDeleteRequest {
+    constructor(ids) {
+        this.ids = ids == null ? [] : ids;
+    }
+}
 ;// CONCATENATED MODULE: ../../libs/common/src/models/response/breach-account.response.ts
 class BreachAccountResponse extends BaseResponse {
@@ -36552,7 +37370,6 @@ var api_service_awaiter = (undefined && undefined.__awaiter) || function (thisAr
 /**
@@ -36584,7 +37401,10 @@ class ApiService {
         this.isDesktopClient =
             this.device === DeviceType.WindowsDesktop ||
                 this.device === DeviceType.MacOsDesktop ||
-                this.device === DeviceType.LinuxDesktop;
+                this.device === DeviceType.LinuxDesktop ||
+                this.device === DeviceType.WindowsCLI ||
+                this.device === DeviceType.MacOsCLI ||
+                this.device === DeviceType.LinuxCLI;
     }
     // Auth APIs
     postIdentityToken(request) {
@@ -37097,8 +37917,8 @@ class ApiService {
     deleteCollection(organizationId, id) {
         return this.send("DELETE", "/organizations/" + organizationId + "/collections/" + id, null, true, false);
     }
-    deleteManyCollections(request) {
-        return this.send("DELETE", "/organizations/" + request.organizationId + "/collections", request, true, false);
+    deleteManyCollections(organizationId, collectionIds) {
+        return this.send("DELETE", "/organizations/" + organizationId + "/collections", new CollectionBulkDeleteRequest(collectionIds), true, false);
     }
     deleteCollectionUser(organizationId, id, organizationUserId) {
         return this.send("DELETE", "/organizations/" + organizationId + "/collections/" + id + "/user/" + organizationUserId, null, true, false);
@@ -37305,75 +38125,6 @@ class ApiService {
             return new DeviceVerificationResponse(r);
         });
     }
-    // Emergency Access APIs
-    getEmergencyAccessTrusted() {
-        return api_service_awaiter(this, void 0, void 0, function* () {
-            const r = yield this.send("GET", "/emergency-access/trusted", null, true, true);
-            return new ListResponse(r, EmergencyAccessGranteeDetailsResponse);
-        });
-    }
-    getEmergencyAccessGranted() {
-        return api_service_awaiter(this, void 0, void 0, function* () {
-            const r = yield this.send("GET", "/emergency-access/granted", null, true, true);
-            return new ListResponse(r, EmergencyAccessGrantorDetailsResponse);
-        });
-    }
-    getEmergencyAccess(id) {
-        return api_service_awaiter(this, void 0, void 0, function* () {
-            const r = yield this.send("GET", "/emergency-access/" + id, null, true, true);
-            return new EmergencyAccessGranteeDetailsResponse(r);
-        });
-    }
-    getEmergencyGrantorPolicies(id) {
-        return api_service_awaiter(this, void 0, void 0, function* () {
-            const r = yield this.send("GET", "/emergency-access/" + id + "/policies", null, true, true);
-            return new ListResponse(r, PolicyResponse);
-        });
-    }
-    putEmergencyAccess(id, request) {
-        return this.send("PUT", "/emergency-access/" + id, request, true, false);
-    }
-    deleteEmergencyAccess(id) {
-        return this.send("DELETE", "/emergency-access/" + id, null, true, false);
-    }
-    postEmergencyAccessInvite(request) {
-        return this.send("POST", "/emergency-access/invite", request, true, false);
-    }
-    postEmergencyAccessReinvite(id) {
-        return this.send("POST", "/emergency-access/" + id + "/reinvite", null, true, false);
-    }
-    postEmergencyAccessAccept(id, request) {
-        return this.send("POST", "/emergency-access/" + id + "/accept", request, true, false);
-    }
-    postEmergencyAccessConfirm(id, request) {
-        return this.send("POST", "/emergency-access/" + id + "/confirm", request, true, false);
-    }
-    postEmergencyAccessInitiate(id) {
-        return this.send("POST", "/emergency-access/" + id + "/initiate", null, true, false);
-    }
-    postEmergencyAccessApprove(id) {
-        return this.send("POST", "/emergency-access/" + id + "/approve", null, true, false);
-    }
-    postEmergencyAccessReject(id) {
-        return this.send("POST", "/emergency-access/" + id + "/reject", null, true, false);
-    }
-    postEmergencyAccessTakeover(id) {
-        return api_service_awaiter(this, void 0, void 0, function* () {
-            const r = yield this.send("POST", "/emergency-access/" + id + "/takeover", null, true, true);
-            return new EmergencyAccessTakeoverResponse(r);
-        });
-    }
-    postEmergencyAccessPassword(id, request) {
-        return api_service_awaiter(this, void 0, void 0, function* () {
-            yield this.send("POST", "/emergency-access/" + id + "/password", request, true, true);
-        });
-    }
-    postEmergencyAccessView(id) {
-        return api_service_awaiter(this, void 0, void 0, function* () {
-            const r = yield this.send("POST", "/emergency-access/" + id + "/view", null, true, true);
-            return new EmergencyAccessViewResponse(r);
-        });
-    }
     // Organization APIs
     getCloudCommunicationsEnabled() {
         return api_service_awaiter(this, void 0, void 0, function* () {
@@ -37958,12 +38709,19 @@ var node_env_secure_storage_service_awaiter = (undefined && undefined.__awaiter)
 class NodeEnvSecureStorageService {
     constructor(storageService, logService, cryptoService) {
         this.storageService = storageService;
         this.logService = logService;
         this.cryptoService = cryptoService;
     }
+    get valuesRequireDeserialization() {
+        return true;
+    }
+    get updates$() {
+        return (0,external_rxjs_namespaceObject.throwError)(() => new Error("Secure storage implementations cannot have their updates subscribed to."));
+    }
     get(key) {
         return node_env_secure_storage_service_awaiter(this, void 0, void 0, function* () {
             const value = yield this.storageService.get(this.makeProtectedStorageKey(key));
@@ -37992,7 +38750,10 @@ class NodeEnvSecureStorageService {
         });
     }
     remove(key) {
-        return this.storageService.remove(this.makeProtectedStorageKey(key));
+        return node_env_secure_storage_service_awaiter(this, void 0, void 0, function* () {
+            yield this.storageService.remove(this.makeProtectedStorageKey(key));
+            return;
+        });
     }
     encrypt(plainValue) {
         return node_env_secure_storage_service_awaiter(this, void 0, void 0, function* () {
@@ -38133,9 +38894,9 @@ class LockCommand {
 const external_http_namespaceObject = require("http");
 ;// CONCATENATED MODULE: external "inquirer"
 const external_inquirer_namespaceObject = require("inquirer");
-;// CONCATENATED MODULE: ../../libs/common/src/auth/models/domain/log-in-credentials.ts
+;// CONCATENATED MODULE: ../../libs/common/src/auth/models/domain/login-credentials.ts
-class PasswordLogInCredentials {
+class PasswordLoginCredentials {
     constructor(email, masterPassword, captchaToken, twoFactor) {
         this.email = email;
         this.masterPassword = masterPassword;
@@ -38144,7 +38905,7 @@ class PasswordLogInCredentials {
         this.type = authentication_type_AuthenticationType.Password;
     }
 }
-class SsoLogInCredentials {
+class SsoLoginCredentials {
     constructor(code, codeVerifier, redirectUrl, orgId, twoFactor) {
         this.code = code;
         this.codeVerifier = codeVerifier;
@@ -38154,14 +38915,14 @@ class SsoLogInCredentials {
         this.type = authentication_type_AuthenticationType.Sso;
     }
 }
-class UserApiLogInCredentials {
+class UserApiLoginCredentials {
     constructor(clientId, clientSecret) {
         this.clientId = clientId;
         this.clientSecret = clientSecret;
         this.type = authentication_type_AuthenticationType.UserApi;
     }
 }
-class PasswordlessLogInCredentials {
+class AuthRequestLoginCredentials {
     constructor(email, accessCode, authRequestId, decryptedUserKey, decryptedMasterKey, decryptedMasterKeyHash, twoFactor) {
         this.email = email;
         this.accessCode = accessCode;
@@ -38170,7 +38931,15 @@ class PasswordlessLogInCredentials {
         this.decryptedMasterKey = decryptedMasterKey;
         this.decryptedMasterKeyHash = decryptedMasterKeyHash;
         this.twoFactor = twoFactor;
-        this.type = AuthenticationType.Passwordless;
+        this.type = AuthenticationType.AuthRequest;
+    }
+}
+class WebAuthnLoginCredentials {
+    constructor(token, deviceResponse, prfKey) {
+        this.token = token;
+        this.deviceResponse = deviceResponse;
+        this.prfKey = prfKey;
+        this.type = AuthenticationType.WebAuthn;
     }
 }
@@ -38184,7 +38953,7 @@ class PasswordRequest extends SecretVerificationRequest {
 class TwoFactorEmailRequest extends SecretVerificationRequest {
 }
-;// CONCATENATED MODULE: ../../libs/common/src/abstractions/organization-user/requests/organization-user-reset-password.request.ts
+;// CONCATENATED MODULE: ../../libs/common/src/admin-console/abstractions/organization-user/requests/organization-user-reset-password.request.ts
 class OrganizationUserResetPasswordRequest {
 }
@@ -38344,7 +39113,7 @@ class LoginCommand {
                         return Response.error("Invalid API Key; Organization API Key currently not supported");
                     }
                     try {
-                        response = yield this.authService.logIn(new UserApiLogInCredentials(clientId, clientSecret));
+                        response = yield this.authService.logIn(new UserApiLoginCredentials(clientId, clientSecret));
                     }
                     catch (e) {
                         // handle API key login failures
@@ -38359,16 +39128,16 @@ class LoginCommand {
                     }
                 }
                 else if (ssoCode != null && ssoCodeVerifier != null) {
-                    response = yield this.authService.logIn(new SsoLogInCredentials(ssoCode, ssoCodeVerifier, this.ssoRedirectUri, orgIdentifier, twoFactor));
+                    response = yield this.authService.logIn(new SsoLoginCredentials(ssoCode, ssoCodeVerifier, this.ssoRedirectUri, orgIdentifier, twoFactor));
                 }
                 else {
-                    response = yield this.authService.logIn(new PasswordLogInCredentials(email, password, null, twoFactor));
+                    response = yield this.authService.logIn(new PasswordLoginCredentials(email, password, null, twoFactor));
                 }
                 if (response.requiresEncryptionKeyMigration) {
                     return Response.error("Encryption key migration required. Please login through the web vault to update your encryption key.");
                 }
                 if (response.captchaSiteKey) {
-                    const credentials = new PasswordLogInCredentials(email, password);
+                    const credentials = new PasswordLoginCredentials(email, password);
                     const handledResponse = yield this.handleCaptchaRequired(twoFactor, credentials);
                     // Error Response
                     if (handledResponse instanceof Response) {
@@ -38463,13 +39232,13 @@ class LoginCommand {
                 // Run full sync before handling success response or password reset flows (to get Master Password Policies)
                 yield this.syncService.fullSync(true);
                 // Handle updating passwords if NOT using an API Key for authentication
-                if (response.forcePasswordReset != ForceResetPasswordReason.None &&
+                if (response.forcePasswordReset != ForceSetPasswordReason.None &&
                     clientId == null &&
                     clientSecret == null) {
-                    if (response.forcePasswordReset === ForceResetPasswordReason.AdminForcePasswordReset) {
+                    if (response.forcePasswordReset === ForceSetPasswordReason.AdminForcePasswordReset) {
                         return yield this.updateTempPassword();
                     }
-                    else if (response.forcePasswordReset === ForceResetPasswordReason.WeakMasterPassword) {
+                    else if (response.forcePasswordReset === ForceSetPasswordReason.WeakMasterPassword) {
                         return yield this.updateWeakPassword(password);
                     }
                 }
@@ -39504,7 +40273,7 @@ const external_koa_namespaceObject = require("koa");
 const external_koa_bodyparser_namespaceObject = require("koa-bodyparser");
 ;// CONCATENATED MODULE: external "koa-json"
 const external_koa_json_namespaceObject = require("koa-json");
-;// CONCATENATED MODULE: ../../libs/common/src/abstractions/organization-user/requests/organization-user-confirm.request.ts
+;// CONCATENATED MODULE: ../../libs/common/src/admin-console/abstractions/organization-user/requests/organization-user-confirm.request.ts
 class OrganizationUserConfirmRequest {
 }
@@ -40678,10 +41447,11 @@ class SendRemovePasswordCommand {
 ;// CONCATENATED MODULE: ../../libs/common/src/admin-console/models/request/selection-read-only.request.ts
 class SelectionReadOnlyRequest {
-    constructor(id, readOnly, hidePasswords) {
+    constructor(id, readOnly, hidePasswords, manage) {
         this.id = id;
         this.readOnly = readOnly;
         this.hidePasswords = hidePasswords;
+        this.manage = manage;
     }
 }
@@ -40885,7 +41655,7 @@ class CreateCommand {
                 }
                 const groups = req.groups == null
                     ? null
-                    : req.groups.map((g) => new SelectionReadOnlyRequest(g.id, g.readOnly, g.hidePasswords));
+                    : req.groups.map((g) => new SelectionReadOnlyRequest(g.id, g.readOnly, g.hidePasswords, g.manage));
                 const request = new CollectionRequest();
                 request.name = (yield this.cryptoService.encrypt(req.name, orgKey)).encryptedString;
                 request.externalId = req.externalId;
@@ -41249,7 +42019,7 @@ class EditCommand {
                 }
                 const groups = req.groups == null
                     ? null
-                    : req.groups.map((g) => new SelectionReadOnlyRequest(g.id, g.readOnly, g.hidePasswords));
+                    : req.groups.map((g) => new SelectionReadOnlyRequest(g.id, g.readOnly, g.hidePasswords, g.manage));
                 const request = new CollectionRequest();
                 request.name = (yield this.cryptoService.encrypt(req.name, orgKey)).encryptedString;
                 request.externalId = req.externalId;
@@ -41275,12 +42045,13 @@ class commands_edit_command_Options {
 ;// CONCATENATED MODULE: ./src/admin-console/models/selection-read-only.ts
 class SelectionReadOnly {
     static template() {
-        return new SelectionReadOnly("00000000-0000-0000-0000-000000000000", false, false);
+        return new SelectionReadOnly("00000000-0000-0000-0000-000000000000", false, false, false);
     }
-    constructor(id, readOnly, hidePasswords) {
+    constructor(id, readOnly, hidePasswords, manage) {
         this.id = id;
         this.readOnly = readOnly;
         this.hidePasswords = hidePasswords || false;
+        this.manage = manage;
     }
 }
@@ -41354,10 +42125,11 @@ var commands_get_command_awaiter = (undefined && undefined.__awaiter) || functio
 class GetCommand extends DownloadCommand {
-    constructor(cipherService, folderService, collectionService, totpService, auditService, cryptoService, stateService, searchService, apiService, organizationService) {
+    constructor(cipherService, folderService, collectionService, totpService, auditService, cryptoService, stateService, searchService, apiService, organizationService, eventCollectionService) {
         super(cryptoService);
         this.cipherService = cipherService;
         this.folderService = folderService;
@@ -41368,6 +42140,7 @@ class GetCommand extends DownloadCommand {
         this.searchService = searchService;
         this.apiService = apiService;
         this.organizationService = organizationService;
+        this.eventCollectionService = eventCollectionService;
     }
     run(object, id, cmdOptions) {
         return commands_get_command_awaiter(this, void 0, void 0, function* () {
@@ -41448,6 +42221,7 @@ class GetCommand extends DownloadCommand {
                     return Response.multipleResults(decCipher.map((c) => c.id));
                 }
             }
+            this.eventCollectionService.collect(EventType.Cipher_ClientViewed, id, true, decCipher.organizationId);
             const res = new cipher_response_CipherResponse(decCipher);
             return Response.success(res);
         });
@@ -41693,7 +42467,7 @@ class GetCommand extends DownloadCommand {
                 decCollection.name = yield this.cryptoService.decryptToUtf8(new EncString(response.name), orgKey);
                 const groups = response.groups == null
                     ? null
-                    : response.groups.map((g) => new SelectionReadOnly(g.id, g.readOnly, g.hidePasswords));
+                    : response.groups.map((g) => new SelectionReadOnly(g.id, g.readOnly, g.hidePasswords, g.manage));
                 const res = new OrganizationCollectionResponse(decCollection, groups);
                 return Response.success(res);
             }
@@ -41835,8 +42609,9 @@ var commands_list_command_awaiter = (undefined && undefined.__awaiter) || functi
 class ListCommand {
-    constructor(cipherService, folderService, collectionService, organizationService, searchService, organizationUserService, apiService) {
+    constructor(cipherService, folderService, collectionService, organizationService, searchService, organizationUserService, apiService, eventCollectionService) {
         this.cipherService = cipherService;
         this.folderService = folderService;
         this.collectionService = collectionService;
@@ -41844,6 +42619,7 @@ class ListCommand {
         this.searchService = searchService;
         this.organizationUserService = organizationUserService;
         this.apiService = apiService;
+        this.eventCollectionService = eventCollectionService;
     }
     run(object, cmdOptions) {
         return commands_list_command_awaiter(this, void 0, void 0, function* () {
@@ -41926,6 +42702,11 @@ class ListCommand {
             if (options.search != null && options.search.trim() !== "") {
                 ciphers = this.searchService.searchCiphersBasic(ciphers, options.search, options.trash);
             }
+            ciphers.forEach((c, index) => {
+                // Set upload immediately on the last item in the ciphers collection to avoid the event collection
+                // service from uploading each time.
+                this.eventCollectionService.collect(EventType.Cipher_ClientViewed, c.id, index === ciphers.length - 1, c.organizationId);
+            });
             const res = new list_response_ListResponse(ciphers.map((o) => new cipher_response_CipherResponse(o)));
             return Response.success(res);
         });
@@ -42189,8 +42970,8 @@ var serve_command_awaiter = (undefined && undefined.__awaiter) || function (this
 class ServeCommand {
     constructor(main) {
         this.main = main;
-        this.getCommand = new GetCommand(this.main.cipherService, this.main.folderService, this.main.collectionService, this.main.totpService, this.main.auditService, this.main.cryptoService, this.main.stateService, this.main.searchService, this.main.apiService, this.main.organizationService);
-        this.listCommand = new ListCommand(this.main.cipherService, this.main.folderService, this.main.collectionService, this.main.organizationService, this.main.searchService, this.main.organizationUserService, this.main.apiService);
+        this.getCommand = new GetCommand(this.main.cipherService, this.main.folderService, this.main.collectionService, this.main.totpService, this.main.auditService, this.main.cryptoService, this.main.stateService, this.main.searchService, this.main.apiService, this.main.organizationService, this.main.eventCollectionService);
+        this.listCommand = new ListCommand(this.main.cipherService, this.main.folderService, this.main.collectionService, this.main.organizationService, this.main.searchService, this.main.organizationUserService, this.main.apiService, this.main.eventCollectionService);
         this.createCommand = new CreateCommand(this.main.cipherService, this.main.folderService, this.main.stateService, this.main.cryptoService, this.main.apiService, this.main.folderApiService);
         this.editCommand = new EditCommand(this.main.cipherService, this.main.folderService, this.main.cryptoService, this.main.apiService, this.main.folderApiService);
         this.generateCommand = new GenerateCommand(this.main.passwordGenerationService, this.main.stateService);
@@ -43168,7 +43949,7 @@ class SendProgram extends Program {
             object: "Valid objects are: send.text, send.file",
         })
             .action((object) => send_program_awaiter(this, void 0, void 0, function* () {
-            const cmd = new GetCommand(this.main.cipherService, this.main.folderService, this.main.collectionService, this.main.totpService, this.main.auditService, this.main.cryptoService, this.main.stateService, this.main.searchService, this.main.apiService, this.main.organizationService);
+            const cmd = new GetCommand(this.main.cipherService, this.main.folderService, this.main.collectionService, this.main.totpService, this.main.auditService, this.main.cryptoService, this.main.stateService, this.main.searchService, this.main.apiService, this.main.organizationService, this.main.eventCollectionService);
             const response = yield cmd.run("template", object, null);
             this.processResponse(response);
         }));
@@ -43330,10 +44111,12 @@ var export_command_awaiter = (undefined && undefined.__awaiter) || function (thi
 class ExportCommand {
-    constructor(exportService, policyService) {
+    constructor(exportService, policyService, eventCollectionService) {
         this.exportService = exportService;
         this.policyService = policyService;
+        this.eventCollectionService = eventCollectionService;
     }
     run(options) {
         var _a;
@@ -43355,6 +44138,10 @@ class ExportCommand {
                     format === "encrypted_json"
                         ? yield this.getProtectedExport(options.password, options.organizationid)
                         : yield this.getUnprotectedExport(format, options.organizationid);
+                const eventType = options.organizationid
+                    ? EventType.Organization_ClientExportedVault
+                    : EventType.User_ClientExportedVault;
+                this.eventCollectionService.collect(eventType, null, true, options.organizationid);
             }
             catch (e) {
                 return Response.error(e);
@@ -43638,7 +44425,7 @@ class VaultProgram extends Program {
                 return;
             }
             yield this.exitIfLocked();
-            const command = new ListCommand(this.main.cipherService, this.main.folderService, this.main.collectionService, this.main.organizationService, this.main.searchService, this.main.organizationUserService, this.main.apiService);
+            const command = new ListCommand(this.main.cipherService, this.main.folderService, this.main.collectionService, this.main.organizationService, this.main.searchService, this.main.organizationUserService, this.main.apiService, this.main.eventCollectionService);
             const response = yield command.run(object, cmd);
             this.processResponse(response);
         }));
@@ -43693,7 +44480,7 @@ class VaultProgram extends Program {
                 return;
             }
             yield this.exitIfLocked();
-            const command = new GetCommand(this.main.cipherService, this.main.folderService, this.main.collectionService, this.main.totpService, this.main.auditService, this.main.cryptoService, this.main.stateService, this.main.searchService, this.main.apiService, this.main.organizationService);
+            const command = new GetCommand(this.main.cipherService, this.main.folderService, this.main.collectionService, this.main.totpService, this.main.auditService, this.main.cryptoService, this.main.stateService, this.main.searchService, this.main.apiService, this.main.organizationService, this.main.eventCollectionService);
             const response = yield command.run(object, id, cmd);
             this.processResponse(response);
         }));
@@ -43922,7 +44709,7 @@ class VaultProgram extends Program {
         })
             .action((options) => vault_program_awaiter(this, void 0, void 0, function* () {
             yield this.exitIfLocked();
-            const command = new ExportCommand(this.main.exportService, this.main.policyService);
+            const command = new ExportCommand(this.main.exportService, this.main.policyService, this.main.eventCollectionService);
             const response = yield command.run(options);
             this.processResponse(response);
         }));
@@ -43974,6 +44761,10 @@ var bw_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _argum
+// eslint-disable-next-line import/no-restricted-paths -- We need the implementation to inject, but generally this should not be accessed
@@ -44038,12 +44829,13 @@ class Main {
         this.storageService = new LowdbStorageService(this.logService, null, p, false, true);
         this.secureStorageService = new NodeEnvSecureStorageService(this.storageService, this.logService, () => this.cryptoService);
         this.memoryStorageService = new MemoryStorageService();
-        this.accountService = new AccountServiceImplementation(null, this.logService);
+        this.globalStateProvider = new DefaultGlobalStateProvider(this.memoryStorageService, this.storageService);
+        this.messagingService = new NoopMessagingService();
+        this.accountService = new AccountServiceImplementation(this.messagingService, this.logService, this.globalStateProvider);
         this.stateService = new StateService(this.storageService, this.secureStorageService, this.memoryStorageService, this.logService, new StateFactory(GlobalState, Account), this.accountService);
         this.cryptoService = new CryptoService(this.cryptoFunctionService, this.encryptService, this.platformUtilsService, this.logService, this.stateService);
         this.appIdService = new AppIdService(this.storageService);
         this.tokenService = new TokenService(this.stateService);
-        this.messagingService = new NoopMessagingService();
         this.environmentService = new environment_service_EnvironmentService(this.stateService);
         const customUserAgent = "Bitwarden_CLI/" +
             this.platformUtilsService.getApplicationVersionSync() +
@@ -44094,6 +44886,8 @@ class Main {
         this.vaultProgram = new VaultProgram(this);
         this.sendProgram = new SendProgram(this);
         this.userVerificationApiService = new UserVerificationApiService(this.apiService);
+        this.eventUploadService = new EventUploadService(this.apiService, this.stateService, this.logService);
+        this.eventCollectionService = new EventCollectionService(this.cipherService, this.stateService, this.organizationService, this.eventUploadService);
     }
     run() {
         return bw_awaiter(this, void 0, void 0, function* () {