passbolt-browser-extension 4.9.2-alpha.0 → 4.9.2

package/CHANGELOG.md

@@ -3,6 +3,51 @@ All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
+## [4.9.2] - 2024-08-26
+### Fixed
+- PB-33861: Resources with personal field set to null should be considered as personal resources
+- PB-34314: Fix shadow-dom autofill fields
+- PB-34236: Fix Retrieving folder activities displaying no data
+
+### Maintenance
+- PB-34313: Add resources type retrieval requirements documentation
+- PB-34259: E2EE WP1 - Transform dtos from v4 to v5
+- PB-34260: E2EE WP1 - Display resource sidebar information section in v5
+- PB-34261: E2EE WP1 - Display resource sidebar activity section in v5
+- PB-34262: E2EE WP1 - Display resource sidebar description section in v5
+- PB-34263: E2EE WP1 - Display copy username to clipboard from more menu using v5
+- PB-34264: E2EE WP1 - Display resource grid using v5
+- PB-34265: E2EE WP1 - Display resource grid contextual menu using v5
+- PB-34266: E2EE WP1 - Display quickaccess resource view page in v5
+- PB-34267: E2EE WP1 - Display quickaccess home page in v5
+- PB-34268: E2EE WP1 - Display inform menu in v5
+- PB-34269: E2EE WP1 - Autofill resources from Quickaccess in v5 format
+- PB-34270: E2EE WP1 - Make resource entity compatible with v4 and v5
+- PB-34271: E2EE WP1 - Display inform and toolbar suggested resources badge CTA in v5
+- PB-34272: E2EE WP1 - Search resource in webapp using v5
+- PB-34287: E2EE WP1 - Create password resource from webapp in v5 format
+- PB-34288: E2EE WP1 - Create standalone TOTP resource in v5 format
+- PB-34289: E2EE WP1 - Edit password resource in v5 format
+- PB-34290: E2EE WP1 - Edit standalone TOTP resource in v5 format
+- PB-34291: E2EE WP1 - Edit resource description from sidebar in v5 format
+- PB-34292: E2EE WP1 - Delete resource(s) in v5 format
+- PB-34293: E2EE WP1 - Share resource(s) in v5 format
+- PB-34294: E2EE WP1 - Import resource(s) in v5 format
+- PB-34295: E2EE WP1 - Export resource(s) in v5 format
+- PB-34296: E2EE WP1 - Move resource(s) in v5 format
+- PB-34297: E2EE WP1 - Create password resource from quickaccess in v5 format
+- PB-34298: E2EE WP1 - Auto-save password resource from quickaccess in v5 format
+- PB-34299: E2EE WP1 - Make resource entity compatible only with v5
+- PB-34311: E2EE WP1 - Make resource V4 and V5 compatible in both ways
+- PB-34315: E2EE WP1 - Transform DTO to V4 for API and adapt resource validation to v5
+- PB-34391: E2EE WP1 - Enforce resource type id should be required and not null
+- PB-34392: E2EE WP1 - Validate Metadata.uris as array of string, and maxLength
+
+### Security
+- PB-34237: Upgrade vulnerable library i18next-parser
+- PB-34305: Upgrade lockfile-lint library on passbolt_api package-lock.json
+- PB-34422: Remove grunt-browserify dev dependency from browser extension
+
 ## [4.9.1] - 2024-07-23
 ### Fixed
 - PB-34134 As a signed-in user I should search resources even if the data integrity is corrupted
@@ -1719,7 +1764,8 @@ self registration settings option in the left-side bar
 - AP: User with plugin installed
 - LU: Logged in user
 
-[Unreleased]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.9.1...HEAD
+[Unreleased]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.9.2...HEAD
+[4.9.2]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.9.1...4.9.2
 [4.9.1]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.9.0...4.9.1
 [4.9.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.8.2...4.9.0
 [4.8.2]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.8.1...4.8.2

package/RELEASE_NOTES.md

@@ -1,9 +1,51 @@
-Song: https://www.youtube.com/watch?v=lz2REwKVmnk
+Song: https://www.youtube.com/watch?v=VmtU-bLyReU
 
-Passbolt v4.9.1 is a maintenance update that addresses issues related to the search resources.
+This release addresses several bugs reported by the community. Additionally, it includes numerous maintenance updates as part of our ongoing efforts to ensure a smooth transition and support for the upcoming v5.
 
-We extend our gratitude to the community for their feedback and assistance in testing this release. We hope these updates enhance your experience with Passbolt and we look forward to hearing from you.
+Thank you to the community for reporting these issues.
 
-## [4.9.1] - 2024-07-23
+
+## [4.9.2] - 2024-08-26
 ### Fixed
-- PB-34134 As a signed-in user I should search resources even if the data integrity is corrupted
+- PB-33861: Resources with personal field set to null should be considered as personal resources
+- PB-34314: Fix shadow-dom autofill fields
+- PB-34236: Fix Retrieving folder activities displaying no data
+
+### Maintenance
+- PB-34313: Add resources type retrieval requirements documentation
+- PB-34259: E2EE WP1 - Transform dtos from v4 to v5
+- PB-34260: E2EE WP1 - Display resource sidebar information section in v5
+- PB-34261: E2EE WP1 - Display resource sidebar activity section in v5
+- PB-34262: E2EE WP1 - Display resource sidebar description section in v5
+- PB-34263: E2EE WP1 - Display copy username to clipboard from more menu using v5
+- PB-34264: E2EE WP1 - Display resource grid using v5
+- PB-34265: E2EE WP1 - Display resource grid contextual menu using v5
+- PB-34266: E2EE WP1 - Display quickaccess resource view page in v5
+- PB-34267: E2EE WP1 - Display quickaccess home page in v5
+- PB-34268: E2EE WP1 - Display inform menu in v5
+- PB-34269: E2EE WP1 - Autofill resources from Quickaccess in v5 format
+- PB-34270: E2EE WP1 - Make resource entity compatible with v4 and v5
+- PB-34271: E2EE WP1 - Display inform and toolbar suggested resources badge CTA in v5
+- PB-34272: E2EE WP1 - Search resource in webapp using v5
+- PB-34287: E2EE WP1 - Create password resource from webapp in v5 format
+- PB-34288: E2EE WP1 - Create standalone TOTP resource in v5 format
+- PB-34289: E2EE WP1 - Edit password resource in v5 format
+- PB-34290: E2EE WP1 - Edit standalone TOTP resource in v5 format
+- PB-34291: E2EE WP1 - Edit resource description from sidebar in v5 format
+- PB-34292: E2EE WP1 - Delete resource(s) in v5 format
+- PB-34293: E2EE WP1 - Share resource(s) in v5 format
+- PB-34294: E2EE WP1 - Import resource(s) in v5 format
+- PB-34295: E2EE WP1 - Export resource(s) in v5 format
+- PB-34296: E2EE WP1 - Move resource(s) in v5 format
+- PB-34297: E2EE WP1 - Create password resource from quickaccess in v5 format
+- PB-34298: E2EE WP1 - Auto-save password resource from quickaccess in v5 format
+- PB-34299: E2EE WP1 - Make resource entity compatible only with v5
+- PB-34311: E2EE WP1 - Make resource V4 and V5 compatible in both ways
+- PB-34315: E2EE WP1 - Transform DTO to V4 for API and adapt resource validation to v5
+- PB-34391: E2EE WP1 - Enforce resource type id should be required and not null
+- PB-34392: E2EE WP1 - Validate Metadata.uris as array of string, and maxLength
+
+### Security
+- PB-34237: Upgrade vulnerable library i18next-parser
+- PB-34305: Upgrade lockfile-lint library on passbolt_api package-lock.json
+- PB-34422: Remove grunt-browserify dev dependency from browser extension

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "passbolt-browser-extension",
-  "version": "4.9.2-alpha.0",
+  "version": "4.9.2",
   "license": "AGPL-3.0",
   "copyright": "Copyright 2022 Passbolt SA",
   "description": "Passbolt web extension for the open source password manager for teams",
@@ -21,7 +21,7 @@
     "locutus": "~2.0.9",
     "openpgp": "^5.11.1",
     "papaparse": "^5.2.0",
-    "passbolt-styleguide": "^4.9.4",
+    "passbolt-styleguide": "^4.9.5",
     "react": "17.0.2",
     "react-dom": "17.0.2",
     "secrets-passbolt": "github:passbolt/secrets.js#v2.0.1",

package/src/all/background_page/controller/autofill/AutofillController.js

@@ -70,7 +70,7 @@ class AutofillController {
       const secretSchema = await this.resourceTypeModel.getSecretSchemaById(resource.resourceTypeId);
       const privateKey = await GetDecryptedUserPrivateKeyService.getKey(passphrase);
       const plaintextSecret = await DecryptAndParseResourceSecretService.decryptAndParse(resource.secret, secretSchema, privateKey);
-      const username = resource.metadata?.username;
+      const username = resource.metadata?.username || "";
       const password = plaintextSecret?.password;
       this.fillCredential(webIntegrationWorker, {username, password});
     } finally {

package/src/all/background_page/controller/autofill/AutofillController.test.js

@@ -105,6 +105,7 @@ describe("AutofillController", () => {
       expect(portWrapper.request).toHaveBeenCalledWith('passbolt.quickaccess.fill-form', resource.username, secret.password, tab.url);
       expect(portWrapper.emit).not.toHaveBeenCalledWith('passbolt.in-form-menu.close');
     });
+    
 
     it("Should not autofill from a worker that is not inform menu or quickaccess.", async() => {
       expect.assertions(10);
@@ -144,6 +145,47 @@ describe("AutofillController", () => {
       expect(portWrapper.request).not.toHaveBeenCalledWith('passbolt.quickaccess.fill-form', resource.username, secret.password, tab.url);
       expect(portWrapper.emit).not.toHaveBeenCalledWith('passbolt.in-form-menu.close');
     });
+
+    it("Should map username with empty string if not exist.", async() => {
+      expect.assertions(10);
+
+      // initialisation
+      const requestId = uuidv4();
+      const worker = readWorker();
+      const controller = new AutofillController(worker, requestId, defaultApiClientOptions(), account);
+      const resource = defaultResourceDto({
+        username: null
+      });
+      const secret = {password: "secret"};
+      const port = mockPort({name: worker.id, tabId: worker.tabId, frameId: worker.frameId});
+      const portWrapper = new Port(port);
+      const tab = {url: "https://url.com"};
+      // mocked function
+      jest.spyOn(WorkerService, "get").mockImplementationOnce(() => ({port: portWrapper, tab: tab}));
+      jest.spyOn(controller.getPassphraseService, "requestPassphraseFromQuickAccess");
+      jest.spyOn(controller.getPassphraseService, "getPassphrase").mockImplementationOnce(() => pgpKeys.ada.passphrase);
+      jest.spyOn(controller.resourceModel, "findForDecrypt").mockImplementationOnce(() => resource);
+      jest.spyOn(controller.resourceTypeModel, "getSecretSchemaById").mockImplementationOnce(jest.fn());
+      jest.spyOn(GetDecryptedUserPrivateKeyService, "getKey").mockImplementationOnce(() => pgpKeys.ada.private_decrypted);
+      jest.spyOn(DecryptAndParseResourceSecretService, "decryptAndParse").mockImplementationOnce(() => secret);
+      jest.spyOn(portWrapper, "emit");
+      jest.spyOn(portWrapper, "request");
+
+      // process
+      await controller.exec(resource.id, worker.tabId);
+
+      // expectations
+      expect(controller.getPassphraseService.requestPassphraseFromQuickAccess).not.toHaveBeenCalled();
+      expect(controller.getPassphraseService.getPassphrase).toHaveBeenCalledTimes(1);
+      expect(controller.getPassphraseService.getPassphrase).toHaveBeenCalledWith(worker);
+      expect(controller.resourceModel.findForDecrypt).toHaveBeenCalledTimes(1);
+      expect(controller.resourceModel.findForDecrypt).toHaveBeenCalledWith(resource.id);
+      expect(controller.resourceTypeModel.getSecretSchemaById).toHaveBeenCalledTimes(1);
+      expect(controller.resourceTypeModel.getSecretSchemaById).toHaveBeenCalledWith(resource.resourceTypeId);
+      expect(portWrapper.emit).not.toHaveBeenCalledWith('passbolt.web-integration.fill-credentials', {username: "", password: secret.password});
+      expect(portWrapper.request).not.toHaveBeenCalledWith('passbolt.quickaccess.fill-form', "", secret.password, tab.url);
+      expect(portWrapper.emit).not.toHaveBeenCalledWith('passbolt.in-form-menu.close');
+    });
   });
 });
 

package/src/all/locales/fr-FR/common.json

@@ -20,8 +20,8 @@
   "Encrypting": "Chiffrement",
   "Encrypting {{counter}}/{{total}}": "Chiffrement {{counter}}/{{total}}",
   "Encrypting secret": "Chiffrement du secret",
-  "Expiry date will be updated on {{count}} resource._one": "Expiry date will be updated on {{count}} resource.",
-  "Expiry date will be updated on {{count}} resource._other": "Expiry date will be updated on {{count}} resources.",
+  "Expiry date will be updated on {{count}} resource._one": "La date d'expiration sera mise à jour sur {{count}} ressource.",
+  "Expiry date will be updated on {{count}} resource._other": "La date d'expiration sera mise à jour sur {{count}} ressources.",
   "Exporting ...": "Exportation ...",
   "Fetching parent permissions": "Récupération des permissions parentes",
   "Folder {{name}} can not be moved.": "Le dossier {{name}} ne peut pas être déplacé.",
@@ -34,7 +34,7 @@
   "Initialize": "Initialisation",
   "Initializing": "Initialisation en cours",
   "Initializing ...": "Initialisation en cours ...",
-  "Mark as expired ...": "Mark as expired ...",
+  "Mark as expired ...": "Marquer comme expiré ...",
   "MFA authentication is required.": "L'authentification MFA est requise.",
   "Moving {{name}}": "Déplace {{name}}",
   "Moving {{total}} resources": "Déplacement de {{total}} ressources",
@@ -68,7 +68,7 @@
   "The keys should be an array of valid openpgp private keys.": "Les clés doivent être un tableau de clés privées OpenPGP valides.",
   "The keys should be an array of valid openpgp public keys.": "Les clés doivent être un tableau de clés publiques OpenPGP valides.",
   "The keys should be an array.": "Les clés doivent être un tableau.",
-  "The message should be a valid openpgp clear text message.": "The message should be a valid openpgp clear text message.",
+  "The message should be a valid openpgp clear text message.": "Le message doit être un message OpenPGP en clair valide.",
   "The message should be a valid openpgp message.": "Le message doit être un message OpenPGP valide.",
   "The message should be of type string.": "Le message doit être de type string.",
   "The private key should be a valid openpgp key.": "La clé privée doit être une clé OpenPGP valide.",
@@ -91,5 +91,5 @@
   "Updating password": "Mise à jour du mot de passe",
   "Updating resource": "Mise à jour de la ressource",
   "Updating users' key...": "Mise à jour de la clé d'utilisateurs...",
-  "You have already started the process on another tab.": "You have already started the process on another tab."
+  "You have already started the process on another tab.": "Vous avez déjà commencé le processus dans un autre onglet."
 }

package/src/all/locales/pl-PL/common.json

@@ -20,8 +20,8 @@
   "Encrypting": "Szyfrowanie",
   "Encrypting {{counter}}/{{total}}": "Szyfrowanie {{counter}}/{{total}}",
   "Encrypting secret": "Szyfrowanie sekretu",
-  "Expiry date will be updated on {{count}} resource._one": "Expiry date will be updated on {{count}} resource.",
-  "Expiry date will be updated on {{count}} resource._other": "Expiry date will be updated on {{count}} resources.",
+  "Expiry date will be updated on {{count}} resource._one": "Data wygaśnięcia zostanie zaktualizowana w {{count}} zasobie.",
+  "Expiry date will be updated on {{count}} resource._other": "Data wygaśnięcia zostanie zaktualizowana w {{count}} zasobach.",
   "Exporting ...": "Eksportowanie ...",
   "Fetching parent permissions": "Pobieranie uprawnień nadrzędnych",
   "Folder {{name}} can not be moved.": "Nie można przenieść folderu {{name}}.",