passbolt-browser-extension 4.9.1 → 4.9.2-rc.0

package/CHANGELOG.md

@@ -3,6 +3,51 @@ All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
+## [4.9.2] - 2024-08-26
+### Fixed
+- PB-33861: Resources with personal field set to null should be considered as personal resources
+- PB-34314: Fix shadow-dom autofill fields
+- PB-34236: Fix Retrieving folder activities displaying no data
+
+### Maintenance
+- PB-34313: Add resources type retrieval requirements documentation
+- PB-34259: E2EE WP1 - Transform dtos from v4 to v5
+- PB-34260: E2EE WP1 - Display resource sidebar information section in v5
+- PB-34261: E2EE WP1 - Display resource sidebar activity section in v5
+- PB-34262: E2EE WP1 - Display resource sidebar description section in v5
+- PB-34263: E2EE WP1 - Display copy username to clipboard from more menu using v5
+- PB-34264: E2EE WP1 - Display resource grid using v5
+- PB-34265: E2EE WP1 - Display resource grid contextual menu using v5
+- PB-34266: E2EE WP1 - Display quickaccess resource view page in v5
+- PB-34267: E2EE WP1 - Display quickaccess home page in v5
+- PB-34268: E2EE WP1 - Display inform menu in v5
+- PB-34269: E2EE WP1 - Autofill resources from Quickaccess in v5 format
+- PB-34270: E2EE WP1 - Make resource entity compatible with v4 and v5
+- PB-34271: E2EE WP1 - Display inform and toolbar suggested resources badge CTA in v5
+- PB-34272: E2EE WP1 - Search resource in webapp using v5
+- PB-34287: E2EE WP1 - Create password resource from webapp in v5 format
+- PB-34288: E2EE WP1 - Create standalone TOTP resource in v5 format
+- PB-34289: E2EE WP1 - Edit password resource in v5 format
+- PB-34290: E2EE WP1 - Edit standalone TOTP resource in v5 format
+- PB-34291: E2EE WP1 - Edit resource description from sidebar in v5 format
+- PB-34292: E2EE WP1 - Delete resource(s) in v5 format
+- PB-34293: E2EE WP1 - Share resource(s) in v5 format
+- PB-34294: E2EE WP1 - Import resource(s) in v5 format
+- PB-34295: E2EE WP1 - Export resource(s) in v5 format
+- PB-34296: E2EE WP1 - Move resource(s) in v5 format
+- PB-34297: E2EE WP1 - Create password resource from quickaccess in v5 format
+- PB-34298: E2EE WP1 - Auto-save password resource from quickaccess in v5 format
+- PB-34299: E2EE WP1 - Make resource entity compatible only with v5
+- PB-34311: E2EE WP1 - Make resource V4 and V5 compatible in both ways
+- PB-34315: E2EE WP1 - Transform DTO to V4 for API and adapt resource validation to v5
+- PB-34391: E2EE WP1 - Enforce resource type id should be required and not null
+- PB-34392: E2EE WP1 - Validate Metadata.uris as array of string, and maxLength
+
+### Security
+- PB-34237: Upgrade vulnerable library i18next-parser
+- PB-34305: Upgrade lockfile-lint library on passbolt_api package-lock.json
+- PB-34422: Remove grunt-browserify dev dependency from browser extension
+
 ## [4.9.1] - 2024-07-23
 ### Fixed
 - PB-34134 As a signed-in user I should search resources even if the data integrity is corrupted
@@ -1719,7 +1764,8 @@ self registration settings option in the left-side bar
 - AP: User with plugin installed
 - LU: Logged in user
 
-[Unreleased]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.9.1...HEAD
+[Unreleased]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.9.2...HEAD
+[4.9.2]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.9.1...4.9.2
 [4.9.1]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.9.0...4.9.1
 [4.9.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.8.2...4.9.0
 [4.8.2]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.8.1...4.8.2

package/RELEASE_NOTES.md

@@ -1,9 +1,51 @@
-Song: https://www.youtube.com/watch?v=lz2REwKVmnk
+Song: https://www.youtube.com/watch?v=VmtU-bLyReU
 
-Passbolt v4.9.1 is a maintenance update that addresses issues related to the search resources.
+This release candidate addresses several bugs reported by the community. Additionally, it includes numerous maintenance updates as part of our ongoing efforts to ensure a smooth transition and support for the upcoming v5.
 
-We extend our gratitude to the community for their feedback and assistance in testing this release. We hope these updates enhance your experience with Passbolt and we look forward to hearing from you.
+Thank you to the community for reporting these issues.
 
-## [4.9.1] - 2024-07-23
+
+## [4.9.2] - 2024-08-26
 ### Fixed
-- PB-34134 As a signed-in user I should search resources even if the data integrity is corrupted
+- PB-33861: Resources with personal field set to null should be considered as personal resources
+- PB-34314: Fix shadow-dom autofill fields
+- PB-34236: Fix Retrieving folder activities displaying no data
+
+### Maintenance
+- PB-34313: Add resources type retrieval requirements documentation
+- PB-34259: E2EE WP1 - Transform dtos from v4 to v5
+- PB-34260: E2EE WP1 - Display resource sidebar information section in v5
+- PB-34261: E2EE WP1 - Display resource sidebar activity section in v5
+- PB-34262: E2EE WP1 - Display resource sidebar description section in v5
+- PB-34263: E2EE WP1 - Display copy username to clipboard from more menu using v5
+- PB-34264: E2EE WP1 - Display resource grid using v5
+- PB-34265: E2EE WP1 - Display resource grid contextual menu using v5
+- PB-34266: E2EE WP1 - Display quickaccess resource view page in v5
+- PB-34267: E2EE WP1 - Display quickaccess home page in v5
+- PB-34268: E2EE WP1 - Display inform menu in v5
+- PB-34269: E2EE WP1 - Autofill resources from Quickaccess in v5 format
+- PB-34270: E2EE WP1 - Make resource entity compatible with v4 and v5
+- PB-34271: E2EE WP1 - Display inform and toolbar suggested resources badge CTA in v5
+- PB-34272: E2EE WP1 - Search resource in webapp using v5
+- PB-34287: E2EE WP1 - Create password resource from webapp in v5 format
+- PB-34288: E2EE WP1 - Create standalone TOTP resource in v5 format
+- PB-34289: E2EE WP1 - Edit password resource in v5 format
+- PB-34290: E2EE WP1 - Edit standalone TOTP resource in v5 format
+- PB-34291: E2EE WP1 - Edit resource description from sidebar in v5 format
+- PB-34292: E2EE WP1 - Delete resource(s) in v5 format
+- PB-34293: E2EE WP1 - Share resource(s) in v5 format
+- PB-34294: E2EE WP1 - Import resource(s) in v5 format
+- PB-34295: E2EE WP1 - Export resource(s) in v5 format
+- PB-34296: E2EE WP1 - Move resource(s) in v5 format
+- PB-34297: E2EE WP1 - Create password resource from quickaccess in v5 format
+- PB-34298: E2EE WP1 - Auto-save password resource from quickaccess in v5 format
+- PB-34299: E2EE WP1 - Make resource entity compatible only with v5
+- PB-34311: E2EE WP1 - Make resource V4 and V5 compatible in both ways
+- PB-34315: E2EE WP1 - Transform DTO to V4 for API and adapt resource validation to v5
+- PB-34391: E2EE WP1 - Enforce resource type id should be required and not null
+- PB-34392: E2EE WP1 - Validate Metadata.uris as array of string, and maxLength
+
+### Security
+- PB-34237: Upgrade vulnerable library i18next-parser
+- PB-34305: Upgrade lockfile-lint library on passbolt_api package-lock.json
+- PB-34422: Remove grunt-browserify dev dependency from browser extension

package/doc/resource-types-retrieval-requirements.md

@@ -0,0 +1,17 @@
+```mermaid
+graph
+    A[Request API]
+    B[Marshall resource metadata]
+    C[Create ResourceEntity]
+    D[Failure]
+    E[Decrypt metadata]
+    C1{ }
+    C2{ }
+    A --> |is v4 resource type?| C1
+    C1 --> |no, is v6 resource type?| C2
+    C1 --> |yes| B
+    B --> C
+    C2 --> |no| D
+    C2 --> |yes| E
+    E --> C
+```

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "passbolt-browser-extension",
-  "version": "4.9.1",
+  "version": "4.9.2-rc.0",
   "license": "AGPL-3.0",
   "copyright": "Copyright 2022 Passbolt SA",
   "description": "Passbolt web extension for the open source password manager for teams",
@@ -21,7 +21,7 @@
     "locutus": "~2.0.9",
     "openpgp": "^5.11.1",
     "papaparse": "^5.2.0",
-    "passbolt-styleguide": "^4.9.3",
+    "passbolt-styleguide": "^4.9.5",
     "react": "17.0.2",
     "react-dom": "17.0.2",
     "secrets-passbolt": "github:passbolt/secrets.js#v2.0.1",
@@ -44,11 +44,10 @@
     "eslint-plugin-no-unsanitized": "^4.0.1",
     "eslint-plugin-react": "^7.33.1",
     "grunt": "^1.0.3",
-    "grunt-browserify": "^6.0.0",
     "grunt-contrib-clean": "^2.0.0",
     "grunt-contrib-copy": "^1.0.0",
     "grunt-shell": "^4.0.0",
-    "i18next-parser": "^8.12.0",
+    "i18next-parser": "^9.0.1",
     "jest": "^29.6.2",
     "jest-each": "^29.6.2",
     "jest-environment-jsdom": "^29.6.2",
@@ -56,7 +55,7 @@
     "jest-fetch-mock": "^3.0.3",
     "jest-junit": "^16.0.0",
     "jest-webextension-mock": "^3.8.9",
-    "lockfile-lint": "^4.12.1",
+    "lockfile-lint": "^4.14.0",
     "text-encoding-utf-8": "^1.0.2",
     "uuid": "^8.3.2",
     "web-ext": "^8.0.0",
@@ -70,9 +69,6 @@
       "glob-parent": "5.1.2"
     },
     "firefox-profile": "4.3.2",
-    "crypto-browserify": {
-      "browserify-sign": "4.2.2"
-    },
     "ws": "8.17.1"
   },
   "scripts": {

package/src/all/background_page/controller/InformMenuController/InformMenuController.js

@@ -16,11 +16,11 @@ import ResourceModel from "../../model/resource/resourceModel";
 import {QuickAccessService} from "../../service/ui/quickAccess.service";
 import GetPassphraseService from "../../service/passphrase/getPassphraseService";
 import BrowserTabService from "../../service/ui/browserTab.service";
-import ResourceEntity from "../../model/entity/resource/resourceEntity";
 import ExternalResourceEntity from "../../model/entity/resource/external/externalResourceEntity";
 import ResourceInProgressCacheService from "../../service/cache/resourceInProgressCache.service";
 import WorkerService from "../../service/worker/workerService";
 import ResourceTypeModel from "../../model/resourceType/resourceTypeModel";
+import ResourceMetadataEntity from "../../model/entity/resource/metadata/resourceMetadataEntity";
 
 /**
  * Controller related to the in-form call-to-action
@@ -89,7 +89,7 @@ class InformMenuController {
     // Retrieve resource name and uri from tab.
     const tab = await BrowserTabService.getCurrent();
     const name = tab.title;
-    const uri = tab.url.substr(0, ResourceEntity.URI_MAX_LENGTH);
+    const uri = tab.url.substr(0, ResourceMetadataEntity.URI_MAX_LENGTH);
 
     // Store the resource to save in cache.
     const resourceDto = {name: name, username: username, uri: uri, secret_clear: secret_clear};

package/src/all/background_page/controller/autofill/AutofillController.js

@@ -70,7 +70,7 @@ class AutofillController {
       const secretSchema = await this.resourceTypeModel.getSecretSchemaById(resource.resourceTypeId);
       const privateKey = await GetDecryptedUserPrivateKeyService.getKey(passphrase);
       const plaintextSecret = await DecryptAndParseResourceSecretService.decryptAndParse(resource.secret, secretSchema, privateKey);
-      const {username} = resource;
+      const username = resource.metadata?.username || "";
       const password = plaintextSecret?.password;
       this.fillCredential(webIntegrationWorker, {username, password});
     } finally {

package/src/all/background_page/controller/autofill/AutofillController.test.js

@@ -105,6 +105,7 @@ describe("AutofillController", () => {
       expect(portWrapper.request).toHaveBeenCalledWith('passbolt.quickaccess.fill-form', resource.username, secret.password, tab.url);
       expect(portWrapper.emit).not.toHaveBeenCalledWith('passbolt.in-form-menu.close');
     });
+    
 
     it("Should not autofill from a worker that is not inform menu or quickaccess.", async() => {
       expect.assertions(10);
@@ -144,6 +145,47 @@ describe("AutofillController", () => {
       expect(portWrapper.request).not.toHaveBeenCalledWith('passbolt.quickaccess.fill-form', resource.username, secret.password, tab.url);
       expect(portWrapper.emit).not.toHaveBeenCalledWith('passbolt.in-form-menu.close');
     });
+
+    it("Should map username with empty string if not exist.", async() => {
+      expect.assertions(10);
+
+      // initialisation
+      const requestId = uuidv4();
+      const worker = readWorker();
+      const controller = new AutofillController(worker, requestId, defaultApiClientOptions(), account);
+      const resource = defaultResourceDto({
+        username: null
+      });
+      const secret = {password: "secret"};
+      const port = mockPort({name: worker.id, tabId: worker.tabId, frameId: worker.frameId});
+      const portWrapper = new Port(port);
+      const tab = {url: "https://url.com"};
+      // mocked function
+      jest.spyOn(WorkerService, "get").mockImplementationOnce(() => ({port: portWrapper, tab: tab}));
+      jest.spyOn(controller.getPassphraseService, "requestPassphraseFromQuickAccess");
+      jest.spyOn(controller.getPassphraseService, "getPassphrase").mockImplementationOnce(() => pgpKeys.ada.passphrase);
+      jest.spyOn(controller.resourceModel, "findForDecrypt").mockImplementationOnce(() => resource);
+      jest.spyOn(controller.resourceTypeModel, "getSecretSchemaById").mockImplementationOnce(jest.fn());
+      jest.spyOn(GetDecryptedUserPrivateKeyService, "getKey").mockImplementationOnce(() => pgpKeys.ada.private_decrypted);
+      jest.spyOn(DecryptAndParseResourceSecretService, "decryptAndParse").mockImplementationOnce(() => secret);
+      jest.spyOn(portWrapper, "emit");
+      jest.spyOn(portWrapper, "request");
+
+      // process
+      await controller.exec(resource.id, worker.tabId);
+
+      // expectations
+      expect(controller.getPassphraseService.requestPassphraseFromQuickAccess).not.toHaveBeenCalled();
+      expect(controller.getPassphraseService.getPassphrase).toHaveBeenCalledTimes(1);
+      expect(controller.getPassphraseService.getPassphrase).toHaveBeenCalledWith(worker);
+      expect(controller.resourceModel.findForDecrypt).toHaveBeenCalledTimes(1);
+      expect(controller.resourceModel.findForDecrypt).toHaveBeenCalledWith(resource.id);
+      expect(controller.resourceTypeModel.getSecretSchemaById).toHaveBeenCalledTimes(1);
+      expect(controller.resourceTypeModel.getSecretSchemaById).toHaveBeenCalledWith(resource.resourceTypeId);
+      expect(portWrapper.emit).not.toHaveBeenCalledWith('passbolt.web-integration.fill-credentials', {username: "", password: secret.password});
+      expect(portWrapper.request).not.toHaveBeenCalledWith('passbolt.quickaccess.fill-form', "", secret.password, tab.url);
+      expect(portWrapper.emit).not.toHaveBeenCalledWith('passbolt.in-form-menu.close');
+    });
   });
 });
 

package/src/all/background_page/controller/import/importResourcesFileController.js

@@ -248,7 +248,7 @@ class ImportResourcesFileController {
    */
   async bulkImportResources(importEntity) {
     let importedCount = 0;
-    const resourcesCollection = new ResourcesCollection(importEntity.importResources.toJSON());
+    const resourcesCollection = new ResourcesCollection(importEntity.importResources.toResourceCollectionImportDto());
     const successCallback = (resourceEntity, index) => this.handleImportResourceSuccess(importEntity, ++importedCount, resourceEntity, importEntity.importResources.items[index]);
     const errorCallback = (error, index) => this.handleImportResourceError(importEntity, ++importedCount, error, importEntity.importResources.items[index]);
     await this.resourceModel.bulkCreate(resourcesCollection, {successCallback: successCallback, errorCallback: errorCallback});

package/src/all/background_page/controller/move/moveResourcesController.js

@@ -76,6 +76,7 @@ class MoveResourcesController {
       await this.progressService.close();
       this.cleanup();
     } catch (error) {
+      console.error(error);
       await this.progressService.close();
       this.cleanup();
       throw error;
@@ -144,7 +145,7 @@ class MoveResourcesController {
         parent = this.resourcesParentFolders.getById(resource.folderParentId);
       }
       if (!ResourceEntity.canResourceMove(resource, parent, this.destinationFolder)) {
-        console.warn(`Resource ${resource.name} can not be moved, skipping.`);
+        console.warn(`Resource ${resource.metadata.name} can not be moved, skipping.`);
         resourceIdsToRemove.push(resource.id);
       }
     }
@@ -166,7 +167,7 @@ class MoveResourcesController {
   async calculateChanges() {
     this.changes = new PermissionChangesCollection([]);
     for (const resource of this.resources) {
-      await this.progressService.finishStep(i18n.t('Calculating changes for {{name}}', {name: resource.name}));
+      await this.progressService.finishStep(i18n.t('Calculating changes for {{name}}', {name: resource.metadata.name}));
       /*
        * A user who can update a resource can move it
        * But to change the rights they need to be owner
@@ -201,10 +202,10 @@ class MoveResourcesController {
     const resourceIdsToRemove = [];
     for (const resource of this.resources) {
       if (resource.folderParentId !== this.destinationFolderId) {
-        await this.progressService.finishStep(i18n.t('Moving {{name}}', {name: resource.name}));
+        await this.progressService.finishStep(i18n.t('Moving {{name}}', {name: resource.metadata.name}));
         await this.resourceModel.move(resource, this.destinationFolderId);
       } else {
-        Log.write({level: 'debug', message: `Resource ${resource.name} is already in the folder, skipping.`});
+        Log.write({level: 'debug', message: `Resource ${resource.metadata.name} is already in the folder, skipping.`});
         resourceIdsToRemove.push(resource.id);
       }
     }

package/src/all/background_page/controller/resource/resourceCreateController.js

@@ -11,19 +11,11 @@
  * @link          https://www.passbolt.com Passbolt(tm)
  * @since         2.9.0
  */
-import {OpenpgpAssertion} from "../../utils/openpgp/openpgpAssertions";
-import Keyring from "../../model/keyring";
-import EncryptMessageService from "../../service/crypto/encryptMessageService";
-import User from "../../model/user";
-import ResourceModel from "../../model/resource/resourceModel";
-import GetPassphraseService from "../../service/passphrase/getPassphraseService";
-import GetDecryptedUserPrivateKeyService from "../../service/account/getDecryptedUserPrivateKeyService";
-import FolderModel from "../../model/folder/folderModel";
-import ResourceEntity from "../../model/entity/resource/resourceEntity";
+
 import i18n from "../../sdk/i18n";
-import ResourceSecretsCollection from "../../model/entity/secret/resource/resourceSecretsCollection";
+import GetPassphraseService from "../../service/passphrase/getPassphraseService";
 import ProgressService from "../../service/progress/progressService";
-import ShareModel from "../../model/share/shareModel";
+import ResourceCreateService from "../../service/resource/create/resourceCreateService";
 
 class ResourceCreateController {
   /**
@@ -37,102 +29,42 @@ class ResourceCreateController {
   constructor(worker, requestId, apiClientOptions, account) {
     this.worker = worker;
     this.requestId = requestId;
-    this.resourceModel = new ResourceModel(apiClientOptions, account);
-    this.folderModel = new FolderModel(apiClientOptions);
-    this.shareModel = new ShareModel(apiClientOptions);
-    this.keyring = new Keyring();
     this.progressService = new ProgressService(this.worker, i18n.t('Creating password'));
+    this.resourceCreateService = new ResourceCreateService(account, apiClientOptions, this.progressService);
     this.getPassphraseService = new GetPassphraseService(account);
   }
 
   /**
-   * Create a resource.
-   *
+   * Controller executor.
    * @param {object} resourceDto The resource data
    * @param {string|object} plaintextDto The secret to encrypt
-   * @return {Promise<ResourceEntity>} resourceEntity
+   * @returns {Promise<void>}
    */
-  async main(resourceDto, plaintextDto) {
-    let privateKey;
-
-    /*
-     * set default goals, we give arbitrarily "more" goals if a parent permission folder is set
-     * as we don't know how many 'share' operations are needed yet
-     */
-    let resource = new ResourceEntity(resourceDto);
-    const goals = resource.folderParentId ? 10 : 2;
-
-    // Get the passphrase if needed and decrypt secret key
+  async _exec(resourceDto, plaintextDto) {
     try {
-      const passphrase = await this.getPassphraseService.getPassphrase(this.worker);
-      privateKey = await GetDecryptedUserPrivateKeyService.getKey(passphrase);
-    } catch (error) {
-      console.error(error);
-      throw error;
-    }
-
-    try {
-      this.progressService.start(goals, i18n.t('Initializing'));
-      const plaintext = await this.resourceModel.serializePlaintextDto(resource.resourceTypeId, plaintextDto);
-
-      // Encrypt and sign
-      await this.progressService.finishStep(i18n.t('Encrypting secret'), true);
-      const userId = User.getInstance().get().id;
-      const userPublicArmoredKey = this.keyring.findPublic(userId).armoredKey;
-      const userPublicKey = await OpenpgpAssertion.readKeyOrFail(userPublicArmoredKey);
-      const secret = await EncryptMessageService.encrypt(plaintext, userPublicKey, [privateKey]);
-      resource.secrets = new ResourceSecretsCollection([{data: secret}]);
-
-      // Save
-      await this.progressService.finishStep(i18n.t('Creating password'), true);
-      resource = await this.resourceModel.create(resource);
-
-      // Share if needed
-      if (resource.folderParentId) {
-        await this.handleCreateInFolder(resource, privateKey);
-      }
+      const resource = await this.exec(resourceDto, plaintextDto);
+      this.worker.port.emit(this.requestId, 'SUCCESS', resource);
     } catch (error) {
       console.error(error);
-      await this.progressService.close();
-      throw error;
+      this.worker.port.emit(this.requestId, 'ERROR', error);
     }
-
-    await this.progressService.finishStep(i18n.t('Done!'), true);
-    await this.progressService.close();
-
-    return resource;
   }
 
   /**
-   * Handle post create operations if resource is created in folder
-   * This includes sharing the resource to match the parent folder permissions
-   *
-   * @param {ResourceEntity} resourceEntity
-   * @param {openpgp.PrivateKey} privateKey The user decrypted private key
+   * @param {object} resourceDto The resource data
+   * @param {string|object} plaintextDto The secret to encrypt
    * @returns {Promise<void>}
    */
-  async handleCreateInFolder(resourceEntity, privateKey) {
-    // Calculate changes if any
-    await this.progressService.finishStep(i18n.t('Calculate permissions'), true);
-    const destinationFolder = await this.folderModel.findForShare(resourceEntity.folderParentId);
-    const changes = await this.resourceModel.calculatePermissionsChangesForCreate(resourceEntity, destinationFolder);
-
-    // Apply changes
-    if (changes.length) {
-      const goals = (changes.length * 3) + 2 + this.progressService.progress; // closer to reality...
-      this.progressService.updateGoals(goals);
-
-      // Sync keyring
-      await this.progressService.finishStep(i18n.t('Synchronizing keys'), true);
-      await this.keyring.sync();
-
-      // Share
-      await this.progressService.finishStep(i18n.t('Start sharing'), true);
-      const resourcesToShare = [resourceEntity.toDto({secrets: true})];
-      await this.shareModel.bulkShareResources(resourcesToShare, changes.toDto(), privateKey, async message =>
-        await this.progressService.finishStep(message)
-      );
-      await this.resourceModel.updateLocalStorage();
+  async exec(resourceDto, plaintextDto) {
+    try {
+      const goals = resourceDto.folder_parent_id ? 10 : 2;
+      const passphrase = await this.getPassphraseService.getPassphrase(this.worker);
+      this.progressService.start(goals, i18n.t('Initializing'));
+      const resourceCreated =  await this.resourceCreateService.exec(resourceDto, plaintextDto, passphrase);
+      await this.progressService.finishStep(i18n.t('Done!'), true);
+      return resourceCreated;
+    } finally {
+      await this.progressService.close();
     }
   }
 }

package/src/all/background_page/controller/resource/resourceCreateController.test.js

@@ -0,0 +1,120 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         4.10.0
+ */
+
+import {defaultApiClientOptions} from "passbolt-styleguide/src/shared/lib/apiClient/apiClientOptions.test.data";
+import ResourceCreateController from "./resourceCreateController";
+import AccountEntity from "../../model/entity/account/accountEntity";
+import {defaultAccountDto} from "../../model/entity/account/accountEntity.test.data";
+import {defaultResourceDto, defaultResourceV4Dto} from "passbolt-styleguide/src/shared/models/entity/resource/resourceEntity.test.data";
+import {pgpKeys} from "passbolt-styleguide/test/fixture/pgpKeys/keys";
+import {enableFetchMocks} from "jest-fetch-mock";
+import {mockApiResponse} from "../../../../../test/mocks/mockApiResponse";
+import {v4 as uuidv4} from "uuid";
+import EncryptMessageService from "../../service/crypto/encryptMessageService";
+
+jest.mock("../../service/passphrase/getPassphraseService");
+jest.mock("../../service/progress/progressService");
+
+beforeEach(() => {
+  enableFetchMocks();
+});
+
+describe("ResourceCreateController", () => {
+  let controller, worker;
+  const secret = "secret";
+
+  beforeEach(() => {
+    worker = {
+      port: {
+        emit: jest.fn()
+      }
+    };
+    const account = new AccountEntity(defaultAccountDto());
+    const apiClientOptions = defaultApiClientOptions();
+    controller = new ResourceCreateController(worker, null, apiClientOptions, account);
+    controller.getPassphraseService.getPassphrase.mockResolvedValue(pgpKeys.ada.passphrase);
+    fetch.doMockOnce(() => mockApiResponse(defaultResourceV4Dto()));
+  });
+  describe("AccountRecoveryLoginController::_exec", () => {
+    it("Should call the resourceCreateService and emit a success message", async() => {
+      expect.assertions(3);
+
+      const resourceDTO = defaultResourceDto();
+      jest.spyOn(controller.resourceCreateService, "exec").mockImplementationOnce(() => resourceDTO);
+      await controller._exec(resourceDTO, secret);
+
+      expect(controller.resourceCreateService.exec).toHaveBeenCalledTimes(1);
+      expect(controller.resourceCreateService.exec).toHaveBeenCalledWith(resourceDTO, secret, pgpKeys.ada.passphrase);
+      expect(controller.worker.port.emit).toHaveBeenCalledWith(null, 'SUCCESS', resourceDTO);
+    });
+
+    it("Should call the resourceCreateService and emit an error message", async() => {
+      expect.assertions(1);
+
+      const error = new Error();
+      jest.spyOn(controller.resourceCreateService, "exec").mockImplementationOnce(() => { throw error; });
+      await controller._exec(defaultResourceDto(), null);
+
+      expect(controller.worker.port.emit).toHaveBeenCalledWith(null, 'ERROR', error);
+    });
+  });
+  describe("AccountRecoveryLoginController::exec", () => {
+    it("Should call progress service without folder goals", async() => {
+      expect.assertions(2);
+
+      await controller.exec(defaultResourceDto(), secret);
+      expect(controller.progressService.start).toHaveBeenCalledTimes(1);
+      expect(controller.progressService.start).toHaveBeenCalledWith(2, 'Initializing');
+    });
+
+    it("Should call progress service with folder goals", async() => {
+      expect.assertions(2);
+      const resource = defaultResourceDto({
+        folder_parent_id: uuidv4()
+      });
+      await controller.exec(resource, secret);
+      expect(controller.progressService.start).toHaveBeenCalledTimes(1);
+      expect(controller.progressService.start).toHaveBeenCalledWith(10, 'Initializing');
+    });
+
+    it("Should throw an error if the user passphrase cannot be retrieved", async() => {
+      expect.assertions(1);
+
+      controller.getPassphraseService.getPassphrase.mockImplementation(() => { throw new Error("Cannot retrieve key"); });
+      const promise = controller.exec(defaultResourceDto(), secret);
+      await expect(promise).rejects.toThrowError("Cannot retrieve key");
+    });
+
+    it("Should close progressService when creation succeed", async() => {
+      expect.assertions(2);
+
+      await controller.exec(defaultResourceDto(), secret);
+      expect(controller.progressService.close).toHaveBeenCalledTimes(1);
+      expect(controller.progressService.close).toHaveBeenCalled();
+    });
+
+    it("Should close progressService when creation failed", async() => {
+      expect.assertions(2);
+
+      jest.spyOn(EncryptMessageService, "encrypt").mockImplementation(() => Promise.reject("Cannot encrypt message"));
+
+      try {
+        await controller.exec(defaultResourceDto(), secret);
+      } catch {
+        expect(controller.progressService.close).toHaveBeenCalledTimes(1);
+        expect(controller.progressService.close).toHaveBeenCalled();
+      }
+    });
+  });
+});

package/src/all/background_page/controller/share/shareFoldersController.js

@@ -204,7 +204,7 @@ class ShareFoldersController {
 
     // Share resources
     if (this.resourcesChanges.length) {
-      const resourcesDto = this.resources.toDto({secrets: true});
+      const resourcesDto = this.resources.toDto({secrets: true, metadata: true});
       const changesDto = this.resourcesChanges.toDto();
       await this.progressService.finishStep(i18n.t('Synchronizing keys'), true);
       await this.keyring.sync();

package/src/all/background_page/event/resourceEvents.js

@@ -91,14 +91,8 @@ const listen = function(worker, apiClientOptions, account) {
    * @param plaintextDto {string|object} The plaintext data to encrypt
    */
   worker.port.on('passbolt.resources.create', async(requestId, resourceDto, plaintextDto) => {
-    try {
-      const controller = new ResourceCreateController(worker, requestId, apiClientOptions, account);
-      const savedResource = await controller.main(resourceDto, plaintextDto);
-      worker.port.emit(requestId, 'SUCCESS', savedResource);
-    } catch (error) {
-      console.error(error);
-      worker.port.emit(requestId, 'ERROR', error);
-    }
+    const controller = new ResourceCreateController(worker, requestId, apiClientOptions, account);
+    await controller._exec(resourceDto, plaintextDto);
   });
 
   /*

package/src/all/background_page/model/entity/export/exportResourcesFileEntity.js

@@ -87,10 +87,18 @@ class ExportResourcesFileEntity extends Entity {
         "resources_ids": {
           "type": "array",
           "nullable": true,
+          "items": {
+            "type": "string",
+            "format": "uuid"
+          }
         },
         "folders_ids": {
           "type": "array",
           "nullable": true,
+          "items": {
+            "type": "string",
+            "format": "uuid"
+          }
         },
         "export_resources": ExternalResourcesCollection.getSchema(),
         "export_folders": ExternalFoldersCollection.getSchema(),