passbolt-browser-extension 4.12.0 → 5.0.0

package/.gitlab-ci/jobs/build.yml

@@ -1,6 +1,6 @@
 build:
   stage: build
-  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/node:18
+  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/node:22
   extends: .rules
   artifacts:
     when: always
@@ -22,7 +22,7 @@ build:
 
 build_mv3:
   stage: build
-  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/node:18
+  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/node:22
   extends: .rules
   artifacts:
     when: always

package/.gitlab-ci/jobs/publish.yml

@@ -39,7 +39,7 @@ publish-edge:
 
 publish-to-npmjs:
   stage: publish
-  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/node:18
+  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/node:22
   rules:
     - if: "$CI_COMMIT_TAG"
   script:

package/.gitlab-ci/jobs/test.yml

@@ -1,6 +1,6 @@
 tester:
   stage: test
-  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/node:18
+  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/node:22
   coverage: /Lines\s* [:] ([\d\.]+)%/
   extends: .rules
   script:
@@ -17,7 +17,7 @@ tester:
 
 linter:
   stage: test
-  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/node:18
+  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/node:22
   extends: .rules
   script:
     - npm ci
@@ -26,7 +26,7 @@ linter:
 audit:
   allow_failure: true
   stage: test
-  image: node:18
+  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/node:22
   extends: .rules
   script:
     - npm audit

package/CHANGELOG.md

@@ -4,8 +4,40 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
 
-## [4.12.0] - 2024-03-10
+## [5.0.0] - 2025-04-09
+### Added
+PB-33425 Allow users to reset resource grid columns to default factory settings through the columns settings dropdown
+PB-35232 Add a resource grid filter to display only private resources
+PB-37332 Rename encrypted description to note and clearly differentiate between the metadata description and the secret note
+PB-37620 Allow users to resize and reorder the users grid
+PB-37638 Add a details sidebar for multiple grid resource selections to allow users to review their selection
+PB-38938 Redirect administrator to a home page instead of the first available settings page
+PB-38940 Organize the administration menu into meaningful sections
+PB-39415 Redesign the application
+PB-39464 Introduce unified and modular resource creation and editing dialogs to support upcoming resource types
+PB-40150 Display a default resource icon in the grid
+
+### Fixed
+PB-28280 Display the complete resource path in sidebar details
+PB-33618 Disable the "select all" dropdown in the users grid until bulk operations are supported
+PB-39994 Display a pending changes banner after modifying administration email notification settings
+PB-39995 Ease identification of generated organization recovery key file name by including the GPG key identifier
+PB-40268 Display a pending changes banner after modifying administration internationalization settings
+PB-40270 Display a pending changes banner after modifying administration email server settings
+PB-40271 Display a pending changes banner after modifying administration RBAC settings
+PB-40272 Display a pending changes banner after modifying administration users directory settings
+PB-40273 Display a pending changes banner after modifying administration SSO settings
+PB-40669 Display loading feedback in the folder navigation tree during folder loading
+PB-40186 WP6-7.5 Validate the object_type property of v5 secrets to mitigate unwanted content decryption attacks
+PB-40576 Reposition the expiry item in resources grid column settings to reflect its lower display priority in the grid
+PB-41275 Display the complete folder path in sidebar details
+
+### Maintenance
+PB-40117 Upgrade browser extensions repositories to node 22
+PB-40687 Upgrade vulnerable library babel and relative
+40688 Upgrade vulnerable library i18next-parser and relative
 
+## [4.12.0] - 2024-03-10
 ### Added
 PB-38932 WP6-3.1 Implement navigation to content types migrate metadata content administration page
 PB-38915 WP6-3.2 Implement findUpgradeContentDetails function on MetadataMigrateContentServiceWorkerService to retrieve content to upgrade details in the content types migrate metadata administration page
@@ -36,7 +68,6 @@ PB-39388 Edition and creation of resources now export object_type in metadata pr
 PB-39084 When selecting multiple resources, the OS is detected and the right shortcut is used
 
 ## [4.11.0] - 2024-01-29
-
 ### Added
 PB-37669: WP5-1.1 Implement save method in ServiceWorker
 PB-37670: WP5-1.2 Implement SaveMetadataSettingsService in the Service Worker to handle saving of metadata types settings
@@ -2043,7 +2074,8 @@ self registration settings option in the left-side bar
 - LU: Logged in user
 
 ## [4.12.0] - 2024-03-10
-[Unreleased]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.12.0...HEAD
+[Unreleased]: https://github.com/passbolt/passbolt_browser_extension/compare/v5.0.0...HEAD
+[5.0.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.12.0...v5.0.0
 [4.12.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.11.0...v4.12.0
 [4.11.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.10.2...v4.11.0
 [4.10.2]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.10.0...v4.10.2

package/Gruntfile.js

@@ -38,7 +38,7 @@ module.exports = function (grunt) {
    * Import package.json file content
    */
   var pkg = grunt.file.readJSON('package.json');
-  var manifestVersion =  pkg.version.replace(/-.*$/,'');
+  var manifestVersion =  pkg.version.replace(/-.*(\.\d*)$/,'$1');
 
   /**
    * Load and enable Tasks
@@ -160,28 +160,24 @@ module.exports = function (grunt) {
           // Avatar
           nonull: true,
           cwd: path.node_modules + 'passbolt-styleguide/src/img/avatar',
-          src: ['user.png', 'group_default.png'],
+          src: ['group_default.png'],
           dest: path.build_web_accessible_resources + 'img/avatar',
           expand: true
         }, {
           // Controls
           nonull: true,
           cwd: path.node_modules + 'passbolt-styleguide/src/img/controls',
-          src: [
-            'check_black.svg', 'check_white.svg', 'dot_black.svg', 'dot_white.svg', 'dot_red.svg',
-            'infinite-bar.gif', 'loading_dark.svg', 'loading_light.svg', 'chevron-right_black.svg',
-            'chevron-right_white.svg', 'chevron-down_black.svg', 'chevron-down_white.svg', 'chevron-down_blue.svg',
-            'success.svg', 'fail.svg', 'warning.svg'
-          ],
+          src: ['check_tick.svg'],
           dest: path.build_web_accessible_resources + 'img/controls',
           expand: true
-        }, {
+        },
+        {
           // Icons / logo
           nonull: true,
           cwd: path.node_modules + 'passbolt-styleguide/src/img/logo',
           src: [
-            'icon-19.png', 'icon-20_white.png', 'icon-48.png', 'icon-48_white.png', 'logo.png', 'logo@2x.png',
-            'logo.svg', 'logo_white.png', 'logo_white@2x.png', 'logo_white.svg',
+            'icon-48.png',
+            'logo.svg', 'logo_white.svg',
             'icon-without-badge.svg',
             'icon-inactive.svg',
             'icon-badge-1.svg',
@@ -199,7 +195,6 @@ module.exports = function (grunt) {
           cwd: path.node_modules + 'passbolt-styleguide/src/img/logo',
           src: [
             'icon-16.png',
-            'icon-19.png',
             'icon-32.png',
             'icon-32-signout.png',
             'icon-32-badge-1.png',
@@ -209,7 +204,6 @@ module.exports = function (grunt) {
             'icon-32-badge-5.png',
             'icon-32-badge-5+.png',
             'icon-48.png',
-            'icon-64.png',
             'icon-128.png'],
           dest: path.build_web_accessible_resources + 'img/icons',
           expand: true
@@ -224,16 +218,9 @@ module.exports = function (grunt) {
           // Third party logos
           nonull: true,
           cwd: path.node_modules + 'passbolt-styleguide/src/img/third_party',
-          src: ['ChromeWebStore.png', 'gnupg_logo.png', 'gnupg_logo_disabled.png', 'appstore.svg', 'playstore.svg'],
+          src: ['appstore.svg', 'playstore.svg'],
           dest: path.build_web_accessible_resources + 'img/third_party',
           expand: true
-        }, {
-          // theme preview images
-          nonull: true,
-          cwd: path.node_modules + 'passbolt-styleguide/src/img/themes',
-          src: ['default.png', 'midgar.png', 'solarized_dark.png', 'solarized_light.png'],
-          dest: path.build_web_accessible_resources + 'img/themes',
-          expand: true
         }, {
           // CSS files default
           cwd: path.node_modules + 'passbolt-styleguide/build/css/themes/default',
@@ -274,7 +261,7 @@ module.exports = function (grunt) {
         }, {
           // Fonts
           cwd: path.node_modules + 'passbolt-styleguide/src/fonts',
-          src: ['opensans-bold.woff', 'opensans-regular.woff', 'passbolt.ttf', 'inconsolata-regular.ttf'],
+          src: ['opensans-variable-font.ttf', 'opensans-italic-variable-font.ttf', 'obfuscation-regular.otf', 'inconsolata-regular.ttf'],
           dest: path.build_web_accessible_resources + 'fonts',
           expand: true
         }, {

package/RELEASE_NOTES.md

@@ -1,39 +1,42 @@
-Song: https://www.youtube.com/watch?v=pBZs_Py-1_0
+Song: https://www.youtube.com/watch?v=yf1f8zNvR1I
 
-Passbolt v4.12.0 introduces the final update in the version 4 series. This release completes the groundwork for version 5 and allows integrators to test the migration directly from the UI ahead of the stable release.
+“Even the longest day has its end” goes the old Irish proverb, and here we are at long last announcing the Passbolt 5.x series. This first release v5.0 ships with a complete redesign of the application’s interface, which had remained largely unchanged since Passbolt’s early days and was limiting the addition of new capabilities. The new version offers a more spacious layout that provides room for meaningful information and addresses long-standing ergonomic issues. If you want to know more, check out what changed in this [Passbolt 5, UI Redesign](https://community.passbolt.com/t/passbolt-5-ui-redesign/12717) community post. 
 
-As always, this version also addresses community-reported issues, including fixes for UI inconsistencies and multi-selection shortcuts that were not working across all environments.
+Passbolt v5.0 lays the groundwork for the v5.x series, which will expand the software’s capabilities to handle more sensitive data types that the community has requested, such as key-value pairs, SSH keys, and certificates. The blog article about the passbolt v5.0 release is coming soon.
 
-As a final update of the v4 series, system administrators are invited to upgrade their version of PHP to meet Passbolt v5’s minimum requirements: PHP 8.2. We posted a guide in our Weblog to help you with the process: [Preparing for Passbolt v5: PHP 8.2 Requirement](https://www.passbolt.com/blog/preparing-for-passbolt-v5-php-8-2-requirement).
+Of course, with each major version come the inevitable breaking changes, which we strive to minimize as much as possible. With this release, the minimum server requirement has changed to PHP 8.2 or greater, so be sure to check out our latest blog article on [how to upgrade to PHP 8.2](https://www.passbolt.com/blog/preparing-for-passbolt-v5-php-8-2-requirement). Additionally this is a perfect moment to back up your server data and prepare for the unexpected. 
 
-Thank you to the community for your feedback and patience—we’re almost there!
+Thank you to the community for all your feedback, testing, and support in making this milestone possible. We hope you’ll enjoy what Passbolt v5.0 has to offer and look forward to hearing from you.
 
 
 ### Added
-PB-38932 WP6-3.1 Implement navigation to content types migrate metadata content administration page
-PB-38915 WP6-3.2 Implement findUpgradeContentDetails function on MetadataMigrateContentServiceWorkerService to retrieve content to upgrade details in the content types migrate metadata administration page
-PB-38916 WP6-3.3 Implements MigrateMetadataSettingsFormEntity to handle form data
-PB-38917 WP6-3.4 As an administrator I can see the migrate metadata settings form
-PB-38918 WP6-3.5 Implements MigrateMetadataResourcesService to migrate metadata resources
-PB-38919 WP6-3.6 Implements PassboltResponseEntities to handle passbolt API response
-PB-38921 WP6-3.7 Implements MigrateMetadataResourcesController to run metadata migration from the styleguide
-PB-38923 WP6-3.8 Implements ConfirmMigrateMetadataDialog to warn admin before actually running the migration
-PB-38925 WP6-3.10 Implements MigrateMetadataSettingsActionBar to trigger migration process
-PB-38996 WP6-4.1 Update ResourceTypeEntity to handle the new 'deleted' field
-PB-38998 WP6-4.3 Implements findAllByDeletedAndNonDeleted on FindResourceTypesService  to retrieve all deleted and non deleted resources-types
-PB-38999 WP6-4.4 Implements FindAllByDeletedAndNonDeletedResourceTypesContoller to find all available and deleted resources-types
-PB-39000 WP6-4.5 Implements ResourceTypesServiceWorkerService to request the service worker for retrieving the resource types
-PB-39001 WP6-4.6 Implements ResourceTypesFormEntity to handle the data from the form component
-PB-39002 WP6-4.7 Implements navigation to allow content types administration page
-PB-39003 WP6-4.8 Implements DisplayContentTypesAllowedContentTypesAdministration component to display the administration form
-PB-39004 WP6-4.9 Implements ResourceTypesApiService undelete method to process the undelete of the given resources type
-PB-39005 WP6-4.10 Implements ResourceTypesService delete method to request the API for deleted the given resource type
-PB-39006 WP6-4.11 Implements UpdateResourceTypesService undelete method to process the update of the given resources types
-PB-39009 WP6-4.14 Implements UpdateAllResourceTypesDeletedStatusController to update all  resource types deleted status
-PB-39010 WP6-4.15 Implements ResourceTypesServiceWorkerService update and delete method to communication with the service worker
-PB-39011 WP5-4.16 Add to DisplayResourceTypes a "Save" button to trigger the update process of the allowed resource types
+PB-33425 Allow users to reset resource grid columns to default factory settings through the columns settings dropdown
+PB-35232 Add a resource grid filter to display only private resources
+PB-37332 Rename encrypted description to note and clearly differentiate between the metadata description and the secret note
+PB-37620 Allow users to resize and reorder the users grid
+PB-37638 Add a details sidebar for multiple grid resource selections to allow users to review their selection
+PB-38938 Redirect administrator to a home page instead of the first available settings page
+PB-38940 Organize the administration menu into meaningful sections
+PB-39415 Redesign the application
+PB-39464 Introduce unified and modular resource creation and editing dialogs to support upcoming resource types
+PB-40150 Display a default resource icon in the grid
 
 ### Fixed
-PB-38763 Using V5 format, exporting resources now set all the fields properly
-PB-39388 Edition and creation of resources now export object_type in metadata properly
-PB-39084 When selecting multiple resources, the OS is detected and the right shortcut is used
+PB-28280 Display the complete resource path in sidebar details
+PB-33618 Disable the "select all" dropdown in the users grid until bulk operations are supported
+PB-39994 Display a pending changes banner after modifying administration email notification settings
+PB-39995 Ease identification of generated organization recovery key file name by including the GPG key identifier
+PB-40268 Display a pending changes banner after modifying administration internationalization settings
+PB-40270 Display a pending changes banner after modifying administration email server settings
+PB-40271 Display a pending changes banner after modifying administration RBAC settings
+PB-40272 Display a pending changes banner after modifying administration users directory settings
+PB-40273 Display a pending changes banner after modifying administration SSO settings
+PB-40669 Display loading feedback in the folder navigation tree during folder loading
+PB-40186 WP6-7.5 Validate the object_type property of v5 secrets to mitigate unwanted content decryption attacks
+PB-40576 Reposition the expiry item in resources grid column settings to reflect its lower display priority in the grid
+PB-41275 Display the complete folder path in sidebar details
+
+### Maintenance
+PB-40117 Upgrade browser extensions repositories to node 22
+PB-40687 Upgrade vulnerable library babel and relative
+PB-40688 Upgrade vulnerable library i18next-parser and relative

package/doc/browser-extension-class-diagram.md

@@ -421,7 +421,16 @@ classDiagram
         }
     }
 
-    namespace Auth-service {
+    namespace AuthNs {
+    %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+    %% Auth controllers
+    %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+
+
+        class GetCsrfTokenController{
+            event "passbolt.auth.get-csrf-token"
+            +exec() Promise
+        }
 
     %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
     %% Auth services

package/jest.config.json

@@ -25,5 +25,8 @@
     "src/**/*.{js,jsx}",
     "!src/**/*.test.js",
     "!src/**/*.test.data.js"
-  ]
+  ],
+  "moduleNameMapper": {
+    "\\.svg$": "<rootDir>/test/mocks/svg.js"
+  }
 }

package/package.json

@@ -1,14 +1,14 @@
 {
   "name": "passbolt-browser-extension",
-  "version": "4.12.0",
+  "version": "5.0.0",
   "license": "AGPL-3.0",
-  "copyright": "Copyright 2024 Passbolt SA",
+  "copyright": "Copyright 2025 Passbolt SA",
   "description": "Passbolt web extension for the open source password manager for teams",
   "homepage": "https://www.passbolt.com",
   "repository": "https://github.com/passbolt/passbolt_browser_extension",
   "engines": {
-    "node": ">=18.18.0",
-    "npm": ">=9.8.1"
+    "node": ">=22.14.0",
+    "npm": ">=10.9.2"
   },
   "dependencies": {
     "await-lock": "^2.1.0",
@@ -21,7 +21,7 @@
     "locutus": "~2.0.9",
     "openpgp": "^5.11.1",
     "papaparse": "^5.2.0",
-    "passbolt-styleguide": "^4.12.0",
+    "passbolt-styleguide": "^5.0.0",
     "react": "17.0.2",
     "react-dom": "17.0.2",
     "secrets-passbolt": "github:passbolt/secrets.js#v2.0.1",
@@ -32,9 +32,13 @@
   "devDependencies": {
     "@babel/core": "^7.23.2",
     "@babel/eslint-parser": "^7.22.9",
+    "@babel/helpers": "^7.26.10",
     "@babel/plugin-transform-runtime": "^7.22.9",
     "@babel/preset-env": "^7.22.9",
     "@babel/preset-react": "^7.22.5",
+    "@babel/runtime": "^7.27.0",
+    "@babel/runtime-corejs3": "^7.26.10",
+    "@svgr/webpack": "^8.1.0",
     "babel-jest": "^29.6.2",
     "babel-loader": "^8.2.3",
     "crx": "^5.0.1",
@@ -47,7 +51,7 @@
     "grunt-contrib-clean": "^2.0.0",
     "grunt-contrib-copy": "^1.0.0",
     "grunt-shell": "^4.0.0",
-    "i18next-parser": "^9.0.1",
+    "i18next-parser": "^9.3.0",
     "jest": "^29.6.2",
     "jest-each": "^29.6.2",
     "jest-environment-jsdom": "^29.6.2",
@@ -62,6 +66,11 @@
     "webpack": "^5.94.0",
     "webpack-cli": "^5.1.4"
   },
+  "overrides": {
+    "web-ext": {
+      "@babel/runtime": "^7.27.0"
+    }
+  },
   "scripts": {
     "build": "npx grunt build",
     "build:background-page": "webpack --config webpack.background-page.config.js",

package/src/all/background_page/controller/InformMenuController/InformMenuController.js

@@ -20,7 +20,7 @@ import ExternalResourceEntity from "../../model/entity/resource/external/externa
 import ResourceInProgressCacheService from "../../service/cache/resourceInProgressCache.service";
 import WorkerService from "../../service/worker/workerService";
 import ResourceTypeModel from "../../model/resourceType/resourceTypeModel";
-import ResourceMetadataEntity from "../../model/entity/resource/metadata/resourceMetadataEntity";
+import ResourceMetadataEntity from "passbolt-styleguide/src/shared/models/entity/resource/metadata/resourceMetadataEntity";
 import GetOrFindResourcesService from "../../service/resource/getOrFindResourcesService";
 
 /**

package/src/all/background_page/controller/accountRecovery/downloadOrganizationGenerateKeyController.js

@@ -0,0 +1,58 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.0.0
+ */
+
+import FileService from "../../service/file/fileService";
+import {OpenpgpAssertion} from "../../utils/openpgp/openpgpAssertions";
+
+class DownloadOrganizationGeneratedKey {
+  /**
+   * Constructor
+   * @param {Worker} worker
+   * @param {string} requestId uuid
+   */
+  constructor(worker, requestId) {
+    this.worker = worker;
+    this.requestId = requestId;
+  }
+
+  /**
+   * Wrapper of exec function to run it with worker.
+   *
+   * @return {Promise<void>}
+   */
+  async _exec() {
+    try {
+      await this.exec.apply(this, arguments);
+      this.worker.port.emit(this.requestId, "SUCCESS");
+    } catch (error) {
+      console.error(error);
+      this.worker.port.emit(this.requestId, "ERROR", error);
+    }
+  }
+
+  /**
+   * Check the user can continue the account recovery process.
+   *
+   * @param {string} armoredPrivateKey
+   * @return {Promise<void>}
+   */
+  async exec(armoredPrivateKey) {
+    const privateKey = await OpenpgpAssertion.readKeyOrFail(armoredPrivateKey);
+    const keyId = privateKey.getKeyID().toHex().slice(8, 16);
+    const date = new Date().toISOString().slice(0, 10);
+    await FileService.saveFile(`organization-recovery-private-key_${date}_${keyId}.asc`, armoredPrivateKey, "text/plain", this.worker.tab.id);
+  }
+}
+
+export default DownloadOrganizationGeneratedKey;

package/src/all/background_page/controller/accountRecovery/downloadOrganizationGenerateKeyController.test.js

@@ -0,0 +1,47 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.0.0
+ */
+import DownloadOrganizationGeneratedKey from "./downloadOrganizationGenerateKeyController";
+import FileService from "../../service/file/fileService";
+import {pgpKeys} from "passbolt-styleguide/test/fixture/pgpKeys/keys";
+
+beforeEach(() => {
+  jest.useFakeTimers(); //avoid shift of a few seconds crashing the tests.
+});
+
+describe("DownloadOrganizationGeneratedKey", () => {
+  describe("::exec", () => {
+    it("Should call for file service to trigger a download with the right information.", async() => {
+      expect.assertions(2);
+      const armoredPrivateKey = pgpKeys.account_recovery_organization.private;
+      const now = new Date().toISOString().slice(0, 10);
+      const keyId = pgpKeys.account_recovery_organization.key_id;
+      const expectedFilename = `organization-recovery-private-key_${now}_${keyId}.asc`;
+
+      const mockedWorker = {tab: {id: "tabID"}};
+      const controller = new DownloadOrganizationGeneratedKey(mockedWorker);
+      jest.spyOn(FileService, "saveFile").mockImplementation(() => {});
+
+      await controller.exec(armoredPrivateKey);
+
+      expect(FileService.saveFile).toHaveBeenCalledTimes(1);
+      expect(FileService.saveFile).toHaveBeenCalledWith(expectedFilename, armoredPrivateKey, "text/plain", mockedWorker.tab.id);
+    });
+
+    it("Should throw an error if the given string is not a valid open pgp key.", async() => {
+      expect.assertions(1);
+      const controller = new DownloadOrganizationGeneratedKey();
+      await expect(() => controller.exec("test")).rejects.toThrowError();
+    });
+  });
+});

package/src/all/background_page/controller/auth/getCsrfTokenController.js

@@ -0,0 +1,53 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.0.0
+ */
+
+class GetCsrfTokenController {
+  /**
+   * Get the csrf token controller constructor
+   *
+   * @param {Worker} worker
+   * @param {string} requestId
+   * @param {ApiClientOptions} apiClientOptions the api client options
+   */
+  constructor(worker, requestId, apiClientOptions) {
+    this.worker = worker;
+    this.requestId = requestId;
+    this.apiClientOptions = apiClientOptions;
+  }
+
+  /**
+   * Wrapper of exec function to run it with worker.
+   *
+   */
+  async _exec(resourceId) {
+    try {
+      const result = await this.exec(resourceId);
+      this.worker.port.emit(this.requestId, "SUCCESS", result);
+    } catch (error) {
+      console.error(error);
+      this.worker.port.emit(this.requestId, 'ERROR', error);
+    }
+  }
+
+  /**
+   * Execute the controller
+   * @returns {Promise<String>}
+   */
+  async exec() {
+    const csrf = this.apiClientOptions.getCsrfToken();
+    return csrf;
+  }
+}
+
+export default GetCsrfTokenController;

package/src/all/background_page/controller/auth/getCsrfTokenController.test.js

@@ -0,0 +1,42 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.0.0
+ */
+
+import {enableFetchMocks} from "jest-fetch-mock";
+import GetCsrfTokenController from "./getCsrfTokenController";
+import {defaultApiClientOptions} from "passbolt-styleguide/src/shared/lib/apiClient/apiClientOptions.test.data";
+beforeEach(() => {
+  enableFetchMocks();
+});
+
+describe("GetCsrfTokenController", () => {
+  let controller, apiClientOptions;
+
+  beforeEach(async() => {
+    apiClientOptions = defaultApiClientOptions();
+    controller = new GetCsrfTokenController(null, null, apiClientOptions);
+  });
+
+
+  describe("::exec", () => {
+    it("Should retrieve CSRF token from apiClientOptions.", async() => {
+      expect.assertions(1);
+
+      const csrfToken = "csrf-token";
+      jest.spyOn(browser.cookies, "get").mockImplementationOnce(() => ({value: csrfToken}));
+      const result = await controller.exec();
+
+      expect(result).toEqual(csrfToken);
+    });
+  });
+});

package/src/all/background_page/controller/export/exportResourcesFileController.test.js

@@ -39,7 +39,7 @@ import FoldersCollection from "../../model/entity/folder/foldersCollection";
 import ExternalResourcesCollection from "../../model/entity/resource/external/externalResourcesCollection";
 import ResourcesCollection from "../../model/entity/resource/resourcesCollection";
 import {defaultTotpDto} from "../../model/entity/totp/totpDto.test.data";
-import TotpEntity from "../../model/entity/totp/totpEntity";
+import ExternalTotpEntity from "../../model/entity/totp/externalTotpEntity";
 import {resourceCollectionV4ToExport} from "../../service/resource/export/exportResourcesService.test.data";
 import {defaultDecryptedSharedMetadataKeysDtos} from "passbolt-styleguide/src/shared/models/entity/metadata/metadataKeysCollection.test.data";
 import MetadataKeysCollection from "passbolt-styleguide/src/shared/models/entity/metadata/metadataKeysCollection";
@@ -129,7 +129,7 @@ describe("ExportResourcesFileController", () => {
         exportResourcesFileEntity.exportFolders = exportFoldersCollection;
         exportResourcesFileEntity.exportResources.items[0].secretClear = "Password 1";
         exportResourcesFileEntity.exportResources.items[0].description = "Description 1";
-        exportResourcesFileEntity.exportResources.items[0].totp = new TotpEntity(defaultTotpDto({secret_key: "THISISASECRET"}));
+        exportResourcesFileEntity.exportResources.items[0].totp = new ExternalTotpEntity(defaultTotpDto({secret_key: "THISISASECRET"}));
         await kdbxExporter.export(exportResourcesFileEntity);
       }
       each([